A spam filtering project

Philip Prindeville | 3 Apr 18:59

WTF is Plaxo.com?

I periodically get automated emails from people I mostly don't know
or know only remotely asking me to update some contact information
for them...  and it's always from Plaxo.  Looking at the headers, the
origin looks legit.

This seems to be a service that maintains contact information for
its users.  However, I don't wish to participate.

Does anyone know much about this service, including any issues
they might have had with privacy, or if there are any known spoofs
or exploits that masquerade as Plaxo?

Thanks,

-Philip

Michele Neylon:: Blacknight.ie | 3 Apr 20:58

Picon

Re: WTF is Plaxo.com?

*

Philip Prindeville wrote:
> I periodically get automated emails from people I mostly don't know
> or know only remotely asking me to update some contact information
> for them...  and it's always from Plaxo.  Looking at the headers, the
> origin looks legit.
> 
> This seems to be a service that maintains contact information for
> its users.  However, I don't wish to participate.
> 
> Does anyone know much about this service, including any issues
> they might have had with privacy, or if there are any known spoofs
> or exploits that masquerade as Plaxo?
> 
> Thanks,
> 
> -Philip

Plaxo is legit.
Plaxo is also extremely annoying, but so is a lot of tv :)

--

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

Gene Heskett | 3 Apr 20:09

Picon

Re: WTF is Plaxo.com?

*

On Monday 03 April 2006 12:59, Philip Prindeville wrote:
>I periodically get automated emails from people I mostly don't know
>or know only remotely asking me to update some contact information
>for them...  and it's always from Plaxo.  Looking at the headers, the
>origin looks legit.
>
>This seems to be a service that maintains contact information for
>its users.  However, I don't wish to participate.
>
>Does anyone know much about this service, including any issues
>they might have had with privacy, or if there are any known spoofs
>or exploits that masquerade as Plaxo?
>
>Thanks,
>
>-Philip

My guess is that its a phishing attempt, ignore, sort to /dev/null, 
whatever.

--

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. 
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

Matt Kettler | 3 Apr 19:40

Re: WTF is Plaxo.com?

*

Philip Prindeville wrote:
> I periodically get automated emails from people I mostly don't know
> or know only remotely asking me to update some contact information
> for them...  and it's always from Plaxo.  Looking at the headers, the
> origin looks legit.
> 
> This seems to be a service that maintains contact information for
> its users.  However, I don't wish to participate.
> 
> Does anyone know much about this service, including any issues
> they might have had with privacy, or if there are any known spoofs
> or exploits that masquerade as Plaxo?

http://socialsoftware.weblogsinc.com/2004/03/23/why-do-really-smart-people-hate-plaxo-so-much-or-tim-koogle/
http://socialsoftware.weblogsinc.com/2004/03/24/plaxo-not-evil/

http://www.theinquirer.net/?article=14545

Based on the above it looks like a "social network for morons" service.

It doesn't seem to have many privacy problems in and of itself, except for when
someone you know gives them your email you get bombarded with update requests.

The problem being that anyone who knows your email address can do this, then
harvest any information you willingly submit and share back. For example, a spam
marketer could submit your address in the hopes you'll blindly share-back and
add the information you provide to his/her database.

Fortunately, this involves YOU willingly submitting the extra information. So,
unless you stupidly give out a ton of information, it's annoying but mostly
harmless (nod to D. Adams).

If you find it too annoying they have a permanent opt-out list which is linked
in the update notices. Since this doesn't involve giving them anything but your
email address, which they already have, the risks are low. Yes, you're
confirming the address is valid to them, but Plaxo itself seems legit and
relatively privacy concerned and aware. Its users on the other hand may not be.

http://www.plaxo.com/privacy/policy/

Philip Prindeville | 3 Apr 19:52

Re: WTF is Plaxo.com?

*

Matt Kettler wrote:

>
>http://socialsoftware.weblogsinc.com/2004/03/23/why-do-really-smart-people-hate-plaxo-so-much-or-tim-koogle/
>http://socialsoftware.weblogsinc.com/2004/03/24/plaxo-not-evil/
>
>
>http://www.theinquirer.net/?article=14545
>
>
>Based on the above it looks like a "social network for morons" service.
>
>It doesn't seem to have many privacy problems in and of itself, except for when
>someone you know gives them your email you get bombarded with update requests.
>
>The problem being that anyone who knows your email address can do this, then
>harvest any information you willingly submit and share back. For example, a spam
>marketer could submit your address in the hopes you'll blindly share-back and
>add the information you provide to his/her database.
>
>Fortunately, this involves YOU willingly submitting the extra information. So,
>unless you stupidly give out a ton of information, it's annoying but mostly
>harmless (nod to D. Adams).
>
>If you find it too annoying they have a permanent opt-out list which is linked
>in the update notices. Since this doesn't involve giving them anything but your
>email address, which they already have, the risks are low. Yes, you're
>confirming the address is valid to them, but Plaxo itself seems legit and
>relatively privacy concerned and aware. Its users on the other hand may not be.
>
>http://www.plaxo.com/privacy/policy/
>  
>

Would it be worth adding a rule that has a low value that people can then
increment as they see fit (like setting the score to 6.0)?

-Philip

mouss | 3 Apr 21:57

Picon

Re: WTF is Plaxo.com?

*

Philip Prindeville wrote:
> 
> Would it be worth adding a rule that has a low value that people can then
> increment as they see fit (like setting the score to 6.0)?

That's not more spam than when you get confirmation for ML subscription. 
anybody can put your address on a mailman web interface, on a google 
form, on a yahoo form, on a sourceforge form, ... etc, and in all these 
cases you'll get a confirmation message.

when you get a message from plaxo, it's like getting it from the guy who 
put your address there.

Matt Kettler | 3 Apr 20:30

Re: WTF is Plaxo.com?

*

Philip Prindeville wrote:

>>
> 
> Would it be worth adding a rule that has a low value that people can then
> increment as they see fit (like setting the score to 6.0)?

Locally? sure.. In a downloadable add-on? maybe. In the SA distro? No. The main
SA distro has no place containing  policy rules that aren't strictly spam related.

SA's current definition of spam is Unsolicited Bulk Email:

http://wiki.apache.org/spamassassin/Spam

While these messages may be unsolicited, and there are lots of them, they are
single recipient in nature, and are specific to one recipient, not bulk-sent to
blind masses.

For example, spamhaus further elaborates on the definition of UBE:

http://www.spamhaus.org/definition.html

And this email doesn't meet technical criteria 1, because the context of a
particular recipient is relevant.

(Note: the SA project should expand its "Official" definition of spam to be more
detailed than it currently is. Currently it defines spam, but does not define UBE)

Federico Voges | 3 Apr 19:31

Picon

Re: WTF is Plaxo.com?

*

Philip Prindeville wrote:

>I periodically get automated emails from people I mostly don't know
>or know only remotely asking me to update some contact information
>for them...  and it's always from Plaxo.  Looking at the headers, the
>origin looks legit.
>
>This seems to be a service that maintains contact information for
>its users.  However, I don't wish to participate.
>
>Does anyone know much about this service, including any issues
>they might have had with privacy, or if there are any known spoofs
>or exploits that masquerade as Plaxo?
>
>Thanks,
>
>-Philip
>
>  
>
Plaxo is legit. I have an account although I don't really use it.

I'm not aware of any spoofs or privacies issues related to plaxo.

Cheers,
Fed.

Return

Return to gmane.mail.spam.spamassassin.general.

Advertisement

Search Archive

Language

Change language

Options

Current view: All messages / Showing whole messages / Hiding cited text.
Change to Threads only, shortened messages, or show cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane