Is Shaw in the Spam-sending Business?   by Eugene Reimer, 2006-Sep16

Today I'm not all that happy with Shaw as my email provider.  I've received 5 exactly identical spams, a stock-promoting email with subject "okay now lets get down to it".  The last two arrived many hours after I'd reported the earlier ones to Shaw's spam-reporting service.  This is the second time I've noticed such an occurrence - getting more of EXACTLY the same thing hours after I'd reported it as spam!

The previous time I grumbled about it to abuse@shaw.ca since it was a phishing attempt being sent from a shawmail-user, and also to their customer-support email-id since it demonstrated several serious flaws in their spam-filtering.  But having received no response, and seeing no hint that Shaw is mending their ways, what do I do now?  I have been faithfully forwarding all spam and only spam to reportspam@shaw.ca, ever since they introduced their spam-filtering, but this appears to be a completely pointless exercise:-(

Date: Sat, 02 Sep 2006 00:13:27 -0500
From: Eugene Reimer 
To:  internet.help@sjrb.ca,  abuse@shaw.ca
Subject: Spam and Phishing

Earlier today, at 14:35, I reported a spam-email to reportspam@shaw.ca.  
Then at approximately 23:13 I received another spam-email EXACTLY 
IDENTICAL to the one reported earlier.  I am annoyed!  Is there any 
point in reporting spam-emails to reportspam@shaw.ca ??

Please note that these are not only spams, but are also blatant 
phishing attempts (pretending to be from PayPal), and the most 
simple-minded of phishing-detection methods would have so diagnosed 
them.  

Note that these spammers/phishers are sending directly to "shawmail".


Shaw is Non-Compliant

Back in April, I wrote to them twice about a different email- and spam-related matter.  Basically anyone with an xxx@shaw.ca email-address is more likely to have emails he/she sends be diagnosed as spam, because shaw.ca is on a "blacklist" for not living up to certain minimal standards of proper conduct as an email provider.  Their sin: the fact that emails sent to abuse@shaw.ca or postmaster@shaw.ca are never read by a human, at least not one with the brain turned on.  I have received no response to either of those emails, sent on 2006-04-10 and 2006-04-20.  These guys are shameless unrepentant sinners!!

Date: Thu, 20 Apr 2006 22:54:16 -0500
From: Eugene Reimer 
To:  internet.help@sjrb.ca
Subject: Shaw.ca is blacklisted

A friend reported that email from me was being mis-diagnosed as spam by 
their spam-detection software, and she sent me a copy that contained the 
Spam-Assassin report.  One preventable item that caused several points 
in their scoring system is Shaw being non-compliant WRT receiving email 
at abuse@shaw.ca and at postmaster@shaw.ca.  I hope that you can and 
will correct this?

The site that has Shaw blacklisted for such non-compliance is:
    http://www.rfc-ignorant.org/tools/lookup.php?domain=shaw.ca

I asked about this ten days ago.  Can you please let me know whether 
Shaw intends doing anything about this?


Shaw Non-Compliant And a Source of Spam

2006-Sep19: Another incident where an email I sent was mis-diagnosed as spam:  I sent a solicited email to CharityVillage.com;  their spam-filtering service ZeroSpam.ca was kind enough to inform me that it was turfing my email;  furthermore, Mylo Riley of CharityVillage was good enough to provide the somewhat more detailed report explaining ZeroSpam's reasons for this diagnosis, as shown here:

BAYES_40
    Some suspects words (like FREE in caps).
    DNS_FROM_RFC_ABUSE
    Envelope sender in abuse.rfc-ignorant.org
    DNS_FROM_RFC_POST
    Envelope sender in postmaster.rfc-ignorant.org
    FORGED_RCVD_HELO
    Contains a forged HELO (pd8mo1no.prod.shaw.ca does not exist)
    RCVD_IN_BL_SPAMCOP_NET
    Received via a relay in bl.spamcop.net (their server 64.59.134.9 is blacklisted by spamcom).

Please note that Shaw.ca is now guilty of several additional infractions, besides the "RFC ignorance" which I'd been aware of previously.  Their using a non-existent hostname is likely just sloppiness, at least I don't see how it could profit them.  The SpamCop blacklisting is because Shaw is the source of spam!  You can query the SpamCop IP-based blacklist; for example, to check the IP-address 64.59.134.9, see www.spamcop.net/w3m?action=blcheck&ip=64.59.134.9


Conclusions

Shaw is effectively without a "complaints department".  You can complain by email, but such emails appear to be discarded without any human seeing them. 

Shaw has excellent spam-filtering technology - but it appears that it can be bought.  Hmm, taking money from those Phishing fraud-artists would be a crime, wouldn't it? 

Because of all their infractions, including being the source of a lot of spam, Shaw is on so many blacklists, that anyone using them for the sending of email runs much too high a risk of his/her emails being regarded as spam.

In Winnipeg, our only alternative for high-speed internet-connectivity is the local phone-company, and we already know they behave like a phone-company, have a worse record than Shaw when it comes to outages, and have somewhat inferior spam-filtering.  They do however have a better record in the area of RFC-compliance WRT emails to abuse or postmaster.  And who knows whether their spam-filtering can be bought off? 

The answer (in Winnipeg or other Shaw-city):  buy your internet-connectivity from Shaw, but use some other email-provider.  But where does one go for email?  Using a free email-provider seems likely to put one into the same sort of dubious company, as there will be many spammers using those services;  and I'd be reluctant to pay for something that's supposed to be included in my contract with Shaw.  Aha, both Google-mail and Yahoo-mail have recently started using Domain-Key-Signatures, and so using one of them may be the answer I seek.  Comments are invited, at ereimer@shaw.ca, for the time being:-)


2010-06-29:
Reporting spam to Shaw remains pointless.  Today I received a 4th copy of the "BMO - Online Alert for Mosaik MasterCard" phishing email, after I'd thrice reported it as spam, the first two times more than two-weeks ago!  Incidentally the fraudster's URL is the only thing that changes slightly from one copy to the next, being http://smurl.name/r4c8 http://smurl.name/e4w6 http://smurl.name/63mz http://smurl.name/63mz in my 4 examples.  They were sent via elcomsoft.com 62.140.228.35 (in Moscow Russia), two originating from 78.94.147.251 (in Koeln Germany), and two from 89.245.35.149 (in Dortmund Germany).  All of them being the sort that's detected by the simplest of scam-detecting methods makes it all the more suspicious that Shaw fails to detect them as spam, never mind as scams.  Even the scam-detector that's built-into Thunderbird-v2 detects them as scams.  (I've upgraded my Thunderbird emailer since the earlier parts of this rant.)  Furthermore, these scamming spams are only a subtle variant of one I've received, and have reported as spam to Shaw, no fewer than TWENTY-TWO times!  (Over the past 26-months.)

2010-06-30:
Yet another copy of the "BMO - Online Alert for Mosaik MasterCard" phishing email received today, this one from 95.223.180.239 (in Koeln Germany), and for the first time I'm not sending it to reportspam@shaw.ca since there's obviously no point in doing so.  I've forwarded the recent examples with a brief note to abuse@unitymedia.de and abuse@versatel.de, although I'm less than optimistic about that doing any good, since versatel.de rivals Shaw in RFC-ignorance and unitymedia.de looks little better.