A tale of 2 senders... and why invaluement's upcoming SED list is taking so long to release! OK, so invaluement's URI list focuses on domains (and rare IPs) that are at the base of the clickable links inside the body of spams. In contrast, our upcoming SED list is going to list domains that are found at the end of the following items: 1. MAIL-FROM header (the main focus) 2. Return-Path 3. "d=" part of DKIM header 4. sending IP's PTR record. SED has been in development for years - and is finally close to being released. It has taken at least a whole year longer than anticipated for the horrible reasons that are the topic of this post. Why? First, take a look at the 2 screenshots in this post. A LEGIT EMAIL: Crown Aesthetics ("C.A.") is a legit ad that this legit business is sending ONLY to their actual customers, so, NOT spam! A CRIMINAL PHISHING SPAM: ...that's trying to trick the end user into sending payments to the criminal's account. (so, NOT the real Sherwin Inc, who isn't a spammer - and using a misspelled domain) Here's the interesting part. The legit C.A. msg is sent from an ESP, they're using a newly registered domain name, NOT their main domain, just for these emails, so this new domain has ZERO "good reputation". This practice where marketers or ESPs encourage their clients to use DIFFERENT domains for their non-spam ads or for communications with customers - is a growing and disturbing trend. It harms spam filter's and DNSBL's methods of telling the difference between spammers and legit senders. Meanwhile, this criminal spammer likewise used a newly registered zero-reputation domain, and is sending from Google Workspace. So both domains are newly registered, both have almost zero good reputation, and both are sent from systems that also send much legit emails, and so these can't be blocked based on the sending-IP without collateral damage. They also both don't contain any kind of spammer's URL in the body of the email. And the criminal spam likewise doesn't have much bad content for a spam filter to grab onto. Invaluement competitor DNSBLs OFTEN miss criminal domains like "sherwininnc[.]com" because they're TOO focused on domains that hit their spamtraps. But like many sneaky spammers, this criminal is likely only sending to real users. And invaluement's URI list is missing this because this domain wasn't used in a link in the body of the email. When invaluement-SED is finally released, it's going to hit on many spams like this that are missed by other DNSBLs. But getting it to do that without false positives is far harder than it should be - exactly because these legit systems (ESPs, large hosters): (1) allow TOO MANY spammers to use their systems AND (2) often encourage legit senders to use newly-registered domains, NOT their actual domain! This blurs the lines between legit email and spam, and harms filtering. Thankfully, our SED list will be up to the task of sorting this out - but it wasn't easy!

RT @chrismartenson: Dear Chuck, Please report back to us on your efforts to protect Edward Snowden and Julian Assange who did exactly what…

@wahyuu_scream97 Did you mean to reply to my post with a copy of the first paragraph of my post? Why? Are you a bot? Or was that a mistake?

RT @alx: Secretary of the Treasury functions as the CFO of the U.S. government.  If the CFO is denied access to spending information, how…

I'm not sure who needs to hear this - but it's 100% perfectly safe to eat eggs from a hen who had previously contracted ANY of about 99.9% of ALL viruses - but then made a full recovery. And if we preemptively kill those chickens who would have made a full recovery, then this eliminates the ability for that flock of chickens - to achieve long-term natural immunity. And then the future replacement generations of chickens on that farm DO NOT have this long-term immunity protection that they would have had. BONUS: During the course of a virus outbreak, certain added antiviral supplements and vitamins combined with a temporary upgrade in the chicken's food quality - THAT can limit the number of chickens killed by the virus. Then let the virus "run it's course" - far fewer chickens will die in comparison to the FDA's very extreme killing sprees - and then we won't run out of food, or at least not have extreme egg price increases - which greatly harms the ability for poor people and lower-middle-class people to feed their families! This policy of killing millions of chickens - is based on junk science. And there are also reports that the FDA and CDC were purposely exaggerating the data - in order to justify this - as if someone had a nefarious agenda here. Those doing that - belong in prison. PS - It's actually ALSO safe to eat eggs from an infected hen, as long as the eggs are fully cooked. And they also have methods of making sure that a currently-infected hen doesn't get its eggs harvested during the time of the infection. So that makes these mass chicken killings even LESS necessary.

(CLICK THE MAP TO GET THE FULL VIEW) NOTE: This building pictured happens to be 200 ft tall, so that's for a visual reference. It's not like the helicopter had just been negligently going all around Washington DC above the 200 ft limit, forgetting about this strict 200 ft limit for all helicopters in that area, that EVERY helicopter pilot in that area is very aware of. No, that's actually NOT what happened! Instead, it had previously been holding steady at the max altitude of 200 ft, and then, during the final 45 seconds before the collision, it literally climbed somewhere between 150 and 200 feet HIGHER just before impact, reaching somewhere between 350 and 400 ft, in order to reach the height of the airplane, and the collision would have been avoided if they had simply stayed below the strict 200 feet limit. It's like it went out of its way to climb up to meet the airplane at that significantly higher altitude, which was almost double the allowed altitude. In other words, if someone had been videoing it nearby on the ground, at a diagonal angle, it would have APPEARED as if the helicopter was climbing higher in order to sort of "go out of its way" in order to cause the collision. At the very least, that's what it would have LOOKED like. But that's all just a coincidence right. Only a crazy conspiracy theorist would consider that this MIGHT be malice or nefarious activity, instead of mere negligence, right? For reference, it started at the height of this building, then it climbed nearly that much more - to nearly DOUBLE the height of this building - during the last 45 seconds - in order to reach the plane's higher altitude.

@Kathysadr1967 My daughter currently lives in Northern Virginia and often flies to and from that airport, and, coincidentally, I lived in Fairfax County in my youth, from 1979 until 1984. So I have some connections and roots in that area, too.

I don't see any problem here, because I think it could have been BOTH. But either way, there should have been at least one very experienced and highly trained pilot on board... who would have been very aware of the dangers of the airplanes and wouldn't have gone above the strict 200 ft limit that applies to ALL helicopters flying in that area. So there's still some very disturbing things about this, even if the particular issue you brought up is innocence.

The plane circled at the bottom is flight 5432 exactly at the point of collision. The plane circled at the top left is that other plane exactly at the time of the collision. By the time the collision happened, this other plane (circled at the top left) was 2.1 miles away. During the several seconds before impact it was probably at least 1 mile away. That's so far away, it's not even concerning nor a distraction by that time. This excuse that the helicopter thought that the tower was talking about that other plane... that excuse falls apart, at least for the last several seconds before impact.

There are conflicting reports where some say 3 crew members and others say 4. But I think the most official reports say 3. Two male crew members have been identified. They are withholding the identity of the third female member. This is not to be confused with bodies recovered. They think that they have recovered one of the three crew member's bodies but it is still in the process of being positively identified. It's also unclear which of the three was officially piloting the helicopter at the time of the crash. More info here:

RT @JillianMichaels: How crazy is this… The supposed letter signed by “over 17000” doctors denouncing @RobertKennedyJr is actually fake. T…

While these are 2 different people, one fictional, and the other real life... I think of these as essentially the SAME person!

@mjfree FEMA has a $20B dollar annual disaster relief budget, that is separate from their $30B dollar operations budget. Nobody can find even 10% of that disaster relief budget going towards things that actually helped the displaced residents of Western NC. Where's the rest of that $20B?

At first it sounds like this is making too much out of not that much... after all, this is ONLY 3% of their total uniformed personnel. But here's the thing... this is the 3% who would have most likely been the ones who would have spoken up and demanded improvements and pointed out deficiencies, even if it put their jobs at risk. By comparison, the other 97% were more likely to "go along to get along", not wanting to put their jobs at risk by "rocking the boat". In fact it's often the case that just a few key whistleblowers willing to speak out... even if it put their jobs at risk... those are OFTEN the ones who cause critical changes and fix critical deficiencies. So not firing these people... might have made a massive difference!

@JoelKatz Joel, I'm the CEO of an anti-spam company. Our data is used by many large/famous email companies, including 2 Fortune-100 tech companies. I'd love to examine some of these, to make sure that we're blocking these scammers! If desired, send me a DM to continue this conversation.