Actually, they find out the colour is from the Gold! Now we have a reason to privatize Mars Missions

Lots of good people belong to WISPA, and you should get as much expertise behind you as possible. These guys have went through the process, and can keep you from making the mistakes they already did. Great organization, and a good email list for help.

However, I would think that there is something else wrong afoot.. Some of the biggest verified opt-in lists never seem to appear on any reputation list, why would this be happening to this person. I think more data is needed. Possibly, they aren't following Best Practices for email operators, eg some other funky thing like improperly configured emails, DNS, 'rwhois' or no URL associated with the domain they are using..

This was/is a big issue at every conference, where of course the focus is always placed on 'policing' agencies wanting to know who operates an IP Address, however the concept is a lot greater than that. And of course, there is a perception that even at the highest levels (the Board) there is a lot of pressure by hosting companies who want to accomodate the customers who wish anonymity. The fact is that an IP Address or domain is/are Public lookup , and if you want to have an IP address/domain that is available to the public, you should post some public identity. This is used for a lot more than simply policing. Eg, various reputation services, auditing systems, and legitimate network operators who need to be able to identify the operator. Already, there are policies in place in theory to require this information; we already have tools and policies to do this, the problem that we hear is enforcement, and a mandate to take action during enforcement. There is a lot of finger pointing on this issue even amongst ARIN/ICANN officials and board members. And far too many times we see abusive behavior from 'Privacy Protected' holders of Public information. Now, it can be that the line on how much information about the holder should be publicized, but the operator/organization information at least MUST be provided, and the upstream providers should have a way to validate this information. And this has to be bigger than just ICANN/ARIN. We talk to operators who blatantly state that they do not collect information, and do NOT monitor activity on their networks, because they are concerned that if they 'know' about what is going on, they can be held responsible. Some protection must be given upstream providers, registrars etc, but on the basis they are diligent on getting information of the holders of public resources they assign.

Actually, it isn't just a few thousand, there are /17's used primarily for spamming.. And I don't think anyone is against the idea of IPv6 in general, but we do have to point out that so many people don't even know how to deal with IPv4 space correctly. IPv6 is great for 'clients' however there is lots of justification to keep server to server communications using IPv4. Just take a loot at the complexity and size of dealing with things like IPTables or RBL's needed to hold lists of attackers.. IPv6 opens up the potential attackers by the same number of scale as compared to IPv4. Thats why this time around a lot of technologies will have to be rethought before they can be effectively used in an IPv6 environment.

Oh, this looks fun.. Now we can expect another round of phishing emails for LinkedIn. "These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link." Yep, click on this link from yoru trusted service, honest it is them.. and not a link to a page that asks your for your information so we can match it to the information we have on hand.. oh, and don't worry.. clicking on this will not install a virus/trojan that will get all the rest of your passwords...

Oh, you can still rent DVD's? Not in this neighbourhood since Rogers and Blockbuster all closed their doors. :)

I guess I should have logged in first, rather than posting as anonymous..

Have you read the new proposed 'anti-spam' legislation planned for Canada? Basically it opens a whole that a truck can drive through for email marketers, while making normal B2B emailings risky for the small independant business person.

Hehe.. SpamRats.com, over 100 Million detected already.. But the part comes when IPv6 rolls down the Pipe!

What ever happened to being responsible for what leaves your network? Recipients, and even email operators often simply give up reporting abuse, as traditionally the success of reporting to abuse departments has been very low. And isn't this a little like closing the barn door after the cow is gone? A simple stolen credit card, and 24 hours head start, boy are we in trouble with that kind of power. And the idea of 'opt-in' or 'permission' based according to current anti spam legislation is so loose, and untraceable that it is laughable. Pity the legitimate users who wish to use EC2 for email, won't take before the only way for users to protect themselves will be to block the source. The email marketers are shooting themselves in the foot, and this sets the stage for some nice legal action. The idea of the sanctity of a users mailbox will have to prevail, and hopefully it will happen before people resort to radical solutions like 'blacklist unknown senders' or stop using email for communication. Just like you have the right to decide who can enter your home, you can decide who can send to your email box, but when it reaches abusive levels from a single source, this has always resulted in drastic measures. At least we hope they force a header 'X-EC2-BULK-EMAIL' ;)

The best one was a client (anonymous) that migrated to one of our platforms, and we found out that the support staff had been setting everyone's password to 'password' and telling them to change it.. ummmm.. I don't think *anyone* changed it, all the accounts seem compromised.

The 'trusted' part is probably the root (excuse the pun) of the idea in the first place. Just because it is non-profit, doesn't mean it is immune from outside forces, sometimes political, in all senses of the word. There are many that question some of the decisions that are made, for all kinds of reasons, and the questions become doubt, which breed mistrust.. and so on. Even it's handling on who gets the ever shrinking IPv4 space is highly controversial.

Agressive or not, agree with them or not, MessageLabs has definitely suffered from a major outbreak over the last few weeks. However, so have several other well known Spam Filtering technologies..