invaluement

Here's an idea... completely eliminate FEMA and their 31 BILLION DOLLAR annual budget - that went God knows where - then establish a system where the residents and businesses located in counties that are declared disaster zones... get ZERO income tax and ZERO payroll taxes and ZERO business taxes... for up to their 1st $1M in earnings per year, for either one year, or for two years for the more strongly impacted areas, applicable to only those who ALREADY live there, and for their direct relatives who move there - but nobody else, to prevent "carpetbagging"! This could be funded by the 31 billion saved by eliminating FEMA. Certainly, the impacted areas would be much better off than what they're getting from FEMA now. Then just let the private organizations handle the actual rescue missions, since they're already doing 95% of that anyways. The tax cuts would then cause an economic boom in that area that would cause an amazing rebuilding to occur. (So even the citizens in those locations who were fortunate and didn't get impacted at all... They would still also get this tax cut... which would then leave that money in this community... where they would spend much of it and that would then ALSO fuel the economic boom!) Within 5 years, these places will have transformed into something far better than what they would eventually be under our current system. It wouldn't even be close. PS - make that 3 years of no taxes - for individuals and businesses whose main structure (house or building) was either destroyed or declared totalled or at least required repair costs that are more than 50% of the value of the structure. (I live and work in one of the counties that FEMA declared as a disaster zone for Hurricane Helene. So I've obviously been following this closely!)

Paynet.One What is wrong with you? Seriously! You sent my users virus spams - that have a DKIM pointing to your domain name - that passes DKIM. And sending from the ONLY ip (148.251.13.146) that is explicitly in your SFP record, and which is an IP that has FCrDNS for your main domain name. (mail.paynet.one resolves to 148.251.13.146, and 148.251.13.146 resolves to mail.paynet.one) Just wow! Here is one of these spams - it was BCC'd to one of my users a few days ago - one of several. To prevent my server from getting marked as a bad hosting website - due to hosting malware - I put this in a zip file that is password-protected with the word "password" - that way - users can get to this, but bots checking sites for malware can't as easily. But beware - it tries to launch a virus upon opening the malicious html attachment. https://lnkd.in/exmj2Xzt If you want your IPs and domains to stay off of our invaluement anti-spam list - very solid answers will be required. What have you done to prevent this from happening again?

I wish Facebook would stop sharing photos from posts - by themselves - out of the context of the original post. Why not just share the post? And doing this is actually DANGEROUS and could cause great harm to people. Here's how: Sometimes the photo by itself conveys or implies a message that's totally NOT what the original post did. This can lead to horrible misunderstandings. For example, a pro-lifer's pro-life post might include a photo of a pro-abortionist holding a pro-abortion sign, that's one of a few photos in that post. Then, when this photo is shared by itself, out of context, it can make that Facebook account look like it's pro-abortion. That's just one of many such examples. At times, this can be horrific and could cause many bad and never-resolved misunderstandings. For example, in that pro-life example, what if the poster was the director of a pro-life organization, but then got fired for promoting abortion? (And that firing could still happen even after the misunderstanding had been explained - they may say - "we can't overcome the LOOK of this without firing you!") (reverse that - and make that a pro-abortionist's post - with everything the opposite - and this is equally a problem!) EVEN WORSE - This could even cause someone to get hurt or murdered. For example, suppose I was a news reporter who worked in downtown Atlanta, and was doing a story on the racism and violence of neo-nazi skinheads. But then one of my photos in that post was of a person holding a sign that encouraged discrimination towards black people - what if that photo got shared by Facebook out of context - when the story itself was actually critical of the racist neo-nazi skinheads? Someone seeing that photo out of context might then think that I was encouraging discrimination against black people. So, in that situation, I might become the victim of a violent crime if I visited certain parts of Atlanta later that day. That an extreme example, but it's definitely possible. (While my own situations weren't nearly this bad - I've had horrible misunderstanding situations happen at least 3 times this year so far - as a DIRECT result of Facebook sharing photos within my posts - outside of the posts and therefore outside of context.) Facebook needs to just stop doing this. It's dangerous!

This excerpt from Keith Kouzmanoff's post is a great point - see screenshot! And, coincidentally, I find myself periodically on the phone with somebody asking about a listing at my anti-spam data service (invaluement), where I have caught them red-handed sending spam to spam trap addresses where they obviously purchased a third party list. They often admit that they purchased that list (or otherwise borrowed or rented a list), where the end user has no reasonable way to recognize them. Sadly, it's OFTEN a situation where they were coached by many ESPs and digital marketers into thinking that sending unsolicited email advertisements is okay as long as they follow the U.S. CAN-SPAM act. (WRONG ANSWER! THAT MIGHT BE LEGAL BUT IT DOESN'T MAKE IT NOT SPAM!) It's actually scandalous how often this happens, and occasionally it's from an ESP that masquerades itself as a responsible non-spam organization! So then I often spend about 20+ minutes on the phone explaining to them how to do this better, yet still making great use of the data they purchased, yet without actually spamming at all. So what do I tell them? So first I'm assuming that they purchased a high quality list that is well targeted to their target audience. So assuming that is true, I first give them recommendations for how to do paid digital ads to certain recommended ad networks that allow third party contact uploads (keeping in mind that both Facebook and the Google ad network do NOT allow this!). Then I recommend that the landing page be pixeled by the Google and Facebook ad networks so that then they can do (allowed!) retargeting ads on those two ad networks... to those who land on that page. Next, I recommend to them that they provide a low-cost and/or free lead magnet to entice the user into filling out the form, absolutely making sure that the form is CAPTCHA-protected to keep bots away (since bots often forge email addresses!). And then the final step is to make sure the confirmed opt-in email is enticing, and NOT merely "a chore". So instead of "click here to confirm your subscription", it would instead say, "click here to download your FREE <LeadMagnet>", whatever that lead magnet is... a PDF or an ebook or a video, etc... but making sure it's something that gives value. That then establishes a business relationship, where they can follow up with emails (but NOT too many!) that are properly branded so that the recipient recognizes them, and then they can continue following up with these most interested customers via email, yet WITHOUT actually spamming. I'm in these conversations at least several times a month, giving this information to such senders, for free. BOOM!

Email industry thought leaders - whose careers are/were 90+% in the ESP niche - and they've NEVER actually managed (or were employed by) a DNSBL that was actually highly effective and successful - but they LOVE to gab at conferences and discussion forms - about how they are world-leading experts on DNSBLs. That's getting a little ridiculous! Don't get me wrong - I'm NOT saying they don't know anything or are dumb about DNSBLs. They do know MUCH. It's just that the contrast between their lack of real-world experience working at actual highly effective and successful DNSBLs, and meanwhile the way present themselves as world-leading experts on DNSBLs - when they are really NOT - and so then they occasionally end up sounding a little sophomoric to those who are actually leading experts on DNSBLs and who actually run highly successful and effective DNSBLs. There! I said it! This has been on my mind for probably about a decade! This statement is long overdue. PS - "highly effective and successful" is also a key word here. A couple of them have dabbled in running low-quality "hobbyist" DNSBLs.

So, as mentioned in the poll, the spam is excessive and the collateral damage is minimal or nonexistent. So, in that case, I think there's an argument that the collateral damage is very justified, their SPF record ENABLED the spammers, and therefore the owners of the domain are partly responsible for the DNSBL listing. But is this too harsh on the owners of such domains? (Of course, keeping in mind that NOT every DNSBL is very good at determining when such collateral damage is either zero or minimal. So for the sake of this poll, assume that the DNSBL is very good at that, even if no DNSBL is perfect at that!)

OPERATION ENDGAME UPDATE | Following on from the earlier announcement 📢 Spamhaus is now sending notification emails 📩 to ISPs and hosting companies associated with the breached email accounts. Here's what to do if you receive one: 👉 Go to this remediation webpage: https://lnkd.in/dYrKfbJu 👉 Enter the access code included in the email. 👉 Download the list of breached email accounts. 👉 Verify each email account, and where necessary, contact the owner and ask them to reset their password (there's a ready-made email template for you to use on the remediation webpage 😀) Thank you to everyone who is part of this effort. #Trustandsafety #OperationENDGAME #Takedown

A tale of 2 senders... and why invaluement's upcoming SED list is taking so long to release! OK, so invaluement's URI list focuses on domains (and rare IPs) that are at the base of the clickable links inside the body of spams. In contrast, our upcoming SED list is going to list domains that are found at the end of the following items: 1. MAIL-FROM header (the main focus) 2. Return-Path 3. "d=" part of DKIM header 4. sending IP's PTR record. SED has been in development for years - and is finally close to being released. It has taken at least a whole year longer than anticipated for the horrible reasons that are the topic of this post. Why? First, take a look at the 2 screenshots in this post. A LEGIT EMAIL: Crown Aesthetics ("C.A.") is a legit ad that this legit business is sending ONLY to their actual customers, so, NOT spam! A CRIMINAL PHISHING SPAM: ...that's trying to trick the end user into sending payments to the criminal's account. (so, NOT the real Sherwin Inc, who isn't a spammer - and using a misspelled domain) Here's the interesting part. The legit C.A. msg is sent from an ESP, they're using a newly registered domain name, NOT their main domain, just for these emails, so this new domain has ZERO "good reputation". This practice where marketers or ESPs encourage their clients to use DIFFERENT domains for their non-spam ads or for communications with customers - is a growing and disturbing trend. It harms spam filter's and DNSBL's methods of telling the difference between spammers and legit senders. Meanwhile, this criminal spammer likewise used a newly registered zero-reputation domain, and is sending from Google Workspace. So both domains are newly registered, both have almost zero good reputation, and both are sent from systems that also send much legit emails, and so these can't be blocked based on the sending-IP without collateral damage. They also both don't contain any kind of spammer's URL in the body of the email. And the criminal spam likewise doesn't have much bad content for a spam filter to grab onto. Invaluement competitor DNSBLs OFTEN miss criminal domains like "sherwininnc[.]com" because they're TOO focused on domains that hit their spamtraps. But like many sneaky spammers, this criminal is likely only sending to real users. And invaluement's URI list is missing this because this domain wasn't used in a link in the body of the email. When invaluement-SED is finally released, it's going to hit on many spams like this that are missed by other DNSBLs. But getting it to do that without false positives is far harder than it should be - exactly because these legit systems (ESPs, large hosters): (1) allow TOO MANY spammers to use their systems AND (2) often encourage legit senders to use newly-registered domains, NOT their actual domain! This blurs the lines between legit email and spam, and harms filtering. Thankfully, our SED list will be up to the task of sorting this out - but it wasn't easy!

Dear Green Dot Corporation, This is a criminal who is trying to trick businesses into directing their employees' paychecks into this criminal's bank account: Green Dot Bank Routing# 124-303-120 Account#  999-558-090-872 Please investigate and take action accordingly. If you don't do anything, I hope someone eventually successfully sues you for enabling a criminal to steal various employees' hard-earned paychecks. (You can't claim ignorance as a defense from this point forward!) Also, this criminal is hosting this domain at Google Workspace ...and will likely continue to be hosting their email there for a long time, since it seems that BigTech doesn't mind hosting for criminals. If I were hosting this at my server, and kept hosting it, I get the feeling I'd probably eventually get in huge trouble for that, possibly even prison time. But BigTech can seemingly host for criminals like this endlessly and without repercussions. onemedic[.]net Also, while it's hard to be 100% certain, all indicators strongly point to this being the criminal's actual domain, and NOT being an innocent domain owned by a non-criminal company, where a user's account got compromised. I've added this domain to my invaluement-SED and invaluement-URI anti-spam lists, fwiw.

What a horrible phish - that my spam filter blocked - but there are 2 shocking things about it: (1) it's MORE difficult than it should be to block because the link is going to the following page: https://cloudflare-ipfs[.]com/ipfs/bafybeic6zi5cmxpaqpzjo4seafkvdcxijxevmvdrqhzjjn2yddcpp5tdny/2akpa[.]html#rob@invaluement[.]com (remove brackets to restore the link) ...so this is apparently some kind of massively abused shared hosting domain at Cloudflare (which is also ironic and disappointing considering this service: Cloudflare Area 1 Security) And I have thousands of spams like this one - in my users' spam folders - all sent in the past several days - all with cloudflare-ipfs[.]com links. So it appears that Cloudflare has lost control, and is allowing this to become a rat's nest of spammers. (I say "shocking" but is Google Drive any better? Not having standards for what one hosts or sends - has certainly gotten out of control in recent years. I know this might sound radical to some - but having standards for what one hosts or sends - that actually used to be sort of an industry standard not that many years ago!) (2) The other shocking thing? Remove those brackets I added - and go to that link - at your own risk, of course - and you'll see that the criminal phishing spammer copied the invaluement website (or a screenshot of it) - to make their phishing page look very authentic. What an interesting and disturbing tactic - which seems very similar to spear phishing. Creepy! PS - always funny when they send these to "rob AT invaluement.com" :)