{“The other day I mentioned how the more dastardly variety of spammer had taken advantage of the “,” system for identifying legitimate email. Habeas’ CEO, Des Cahill, was kind enough to get in touch and bring me up to date on what Habeas is doing about this intrusion. I thought his comments worth sharing here.
Mr. Cahill writes:
Some background first:
Habeas maintains relationships with ISPs and Anti-Spam filters who recognize Habeas “best practices” certification of a mailer as an indication that the mailer’s email is in fact legitimate non-spam email. Habeas senders email *must be* either confirmed opt-in email (Chris puts his email address at foobar.com to get emailed, foobar.com sends a confirming email, Chris clicks a URL to confirm it was indeed he who signed up) or transactional in nature (Chris Breen’s orbitz travel itinerary) or individual mail (Des’ mail to Chris). ISPs who support Habeas use our headers and our whitelist in combination, therefore they are not subject to this spoofing attack.
Unfortunately, the original Habeas ruleset in SpamAssassin was implemented in the earlier, innocent times of one and a half years ago when spammers used generally static IP addresses. Therefore the combination of header with a Habeas blacklist (we call it the HIL, Habeas infringer’s list) was effective – you find a spammer spoofing the header, you add his IP address to the HIL, nullifying their ability to get through SpamAssassin (or SpamSieve) and then you sue them. But the spammers move to dynamic IP addresses via infected broadband PCs (once again proving the superiority of the Mac platform! 😉 has forced a change in tactics, specifically a change in how Habeas is implemented in SA.
Here’s what we’re doing:
a. Legal action.
A full legal and technical investigation of the matter has been underway since January 12, 2004 (the day after this all begain) and legal action is expected to begin shortly. The support from the email community to date has been phenomenal and has been instrumental in our investigation. Any examples of the spam should be emailed, with full header and body, to report@habeas.com. Any additional information regarding this matter may be reported to habeas at support@habeas.com.
b. Implementation of whitelist reference in SpamAssassin.
Spam Assassin 3.0, scheduled for release in 6-8 weeks I believe will incorporate an improved Habeas ruleset that will automatically refer to the Habeas Whitelist (aka the HUL or Habeas Users List) in addition to the Warrant Mark. Use of this version of SpamAssassin should defeat these Habeas Warrant Mark spoofing attacks.
c. Enhancements to SpamAssassin 2.6x.
Habeas is working with the SA community to implement a software patch that will augment the Habeas ruleset of SpamAssassin 2.6x with the SA 3.0 functionality for Habeas mentioned in b. above. Details on the ruleset will be released shortly as soon as we complete testing.
Des Cahill”,” CEO”,” Habeas, Inc.”}