False Positive: most returnpath domains about hosts HOT 14 CLOSED

Some additional context:

The domains appear on this list (which is not the aggressive list): https://raw.githubusercontent.com/lightswitch05/hosts/master/ads-and-tracking-extended.txt

The original commit to add the domains appears to be: 82a47a6

from hosts.

Hello Chris @veqryn,

The extended list is programmatically expanded. Looking at my base list, it seems pixel.app.returnpath.net was the domain that caught my attention. As far as I can tell, returnpath does tracking and ads, so I added the root domain to the list as well so that it can be expanded. Beyond domain expansion, uBlock origin will block any subdomains of a blocked root.

Anyways, that is why the list has so many 'false' positives. This method catches a lot of innocuous domains, like the ones you listed, but it isn't really any different then a simple wildcard block. Are blocking these innocuous domains breaking legitimate services? Can you give me an example so that I can verify the broken behavior?

from hosts.

Understood.
pixel.app.returnpath.net and the other pixel related domains do email pixel tracking, as you know.

The blocking of the non-pixel domains is breaking legitimate services like the customer dashboard. You could try visiting https://monitor.returnpath.net/ to verify that it is broken. It should normally look like a login page or portal.
I would also consider the innocuous domains to be legitimate, such as the blog, or the careers page, the main website, etc.

from hosts.

@veqryn I understand that the returnpath websites are blocked, but it doesn't sound like any 3rd parties are breaking due to the blocks.

analytics.google.com is blocked by many lists, but it is also the domain that would be used to login to view analytics for your website. I don't think any google analytics users would expect the domain to be unblocked so that they can check their tracking stats. I think this is very similar - if you are using this list to block ads and tracking, you shouldn't be surprised to find that you cannot login to check the tracking stats that you are forcing on other people. We can leave the ticket open if you like, but at this time I'm not convinced the wildcard block is breaking legitimate services.

from hosts.

Right, but if you are blocking analytics.google.com, why aren't you blocking all Google owned domains?

I just checked, and actually you are not blocking analytics.google.com at all, which seems contradictory.

If you are blocking pixel.app.returnpath.net, you should block google's analytics as well.
And if you are blocking regular returnpath domains, like the customer portal and the blog, then you should be blocking all google-owned domains as well.

from hosts.

The base list description is "List of domains I've found to not be on other lists.", analytics.google.com has great coverage already in other lists. I personally don't use google and I wish I could block it, but unfortunately it breaks a ton of legitimate 3rd party services. If you find broken 3rd party services, please let me know

from hosts.

Can you define legitmate 3rd party services for me then?

from hosts.

not ads or tracking

from hosts.

Ok, perhaps I got hung up on the "3rd party" part of that.

Return Path doesn't do ads.
As far as tracking goes, the only thing would be the email pixel tracking.

Their "legitimate services" would include email security (ie: dkim signing, dmarc, etc), email certification (black listing and white listing of email senders, shutting down of spammers, getting people to follow email related best practices, etc), feed-back loops (unsubscribing of users who click 'this is spam', etc).
This is all accessible through the portal.

from hosts.

@veqryn can you give me an example opt-out/unsubscribe link?

from hosts.

I'm not entirely sure what you mean.
Do you mean the little unsubscribe link that appears at the bottom of emails?

from hosts.

Yes, I definitely would not want that to be blocked if possible

from hosts.

Ah ok.

Here are a couple that I could find:
https://email.returnpath.com/c0510hhU0pgxxxxxxxxxxxx
https://monitor1.returnpath.net/account/?t=my_account&v=edit_alerts

So generally speaking, unsubscribe links in emails either go directly to the website of company that the email is for, or they go to the Email Service Provider who is sending their emails out (ie: Sendgrid, Salesforce, etc). Feedback loops work a bit differently, as those go first through your Mailbox Provider.

from hosts.

Looking into feedback loops, they seem very invasive. There is no visibility to the user about how your actions are being tracked and reported. As far as I can tell no mailbox provider that participates in these feedback loops supply a way to opt-out of them. It seems common practice to include unique customer identifiers headers - which removes any attempts at anonymizing the data.

I see no reason to make it easier for people to view the results of their feedback loops while at the same time avoiding tracking and advertisements themselves. Seems very hypocritical to me. Users of this list should either whitelist returnpath domains on their own, or embrace ads and tracking since they seem to be doing the same to others.

from hosts.