Accused of spamming BECAUSE I have a Spamcop account?

[geodosch]

I have my domain hosted by a commercial provider (BlueHost). Today they shut down my Web and Email services, and sent me a notification that my account was being deactivated due to "Terms of Service Violations". I immediately called their support desk, and what I was told floored me:

They said I had many forward accounts that were pointing to Spamcop, and that Spamcop had reported me for forwarding spam. I couldn't believe it! I explained that that was email to me which I was forwarding it to my Spamcop account, which I was paying for, so that the spam could be filtered. She said that apparently when they look at the spam, my domain server was one of the hops along the way to Spamcop, and therefore Spamcop was blacklisting BlueHost, because of the spam they were receiving from me.

This is completely unbelievable. I pay Spamcop to process my forwarded email. And now they're reporting ME to my hosting service as a spammer because the spam passed through my account? The whole concept is absurd beyond words.

So the only way I could prevent BlueHost from pulling the plug on my account was to immediately delete any forwarders that pointed to Spamcop. I was told if I did that, they would reinstate my account.

So, I guess my long relationship with Spamcop is done. First, I see no point in using Spamcop if I can no longer forward email accounts to them. I certainly have no intention of using my spamcop email address as the only address I give people. But more importantly, I have a hard time giving my money to a service that turns around and reports me as being a spammer for attempting to use my paid service in the way I assumed it was intended to be used: forwarding my emails, which are mostly spam, to them.

[Farelf]

...I certainly have no intention of using my spamcop email address as the only address I give people. But more importantly, I have a hard time giving my money to a service that turns around and reports me as being a spammer for attempting to use my paid service in the way I assumed it was intended to be used: forwarding my emails, which are mostly spam, to them.

Unbelievable, really. Suggest you contact Don with your SC reporting account details to see if he can get to the bottom of it - service[at]admin.spamcop.net The possibility of reporting your own ISP (when it is not the source, merely the legitimate relay to you) is usually completely overcome by completing the mailhosting process.

If the ISP is mistaken in the interpretation of the reasons for their IP addresses being listed or if your mailhosting has gone awry, he may be able to intercede with them. If there are real spamsources within their network they should be welcoming the 'heads-up'. If (instead) your mailhosting has gone wrong, Don will be concerned to fix it (and there could be others on that network with shared mailhosting problems). If you haven't set up mailhosting then mailhosting should fix it (and again, Don's words on your behalf, if he is able to do that, might square things away with your ISP).

Let us know how you get on, if you would.

[geodosch]

When this occurred yesterday evening, I had very little time to react. Usually in a situation like this, I like to take some time to think it through: what could have caused it, and based on that what are the best actions to take. However, my hosting service had already pulled the plug on my domain. When I was speaking to the woman in their abuse department I explained why all those forwarders were pointed to Spamcop (there were almost 200 of them). She was helpful and polite, but it was also obvious that she was none too happy that they had been threatened with being blacklisted. So after a long conversation, it became apparent that the only way she was going to reinstate my account was if I pointed those forwarders somewhere else.

My course of action was to point all of the Spamcop forwarders to my Gmail account. They have a very robust spam filter, and my biggest concern was the knowledge that I get several hundred spams per day to those addresses, in addition to the few dozen legitimate emails. Once I have some time to regroup, I may use the hosting company's Spamassassin service (which is free with my account), or I may stick with Gmail if that works well. Gmail has IMAP access, which I haven't used before, but which certainly has its advantages.

I received a PM from Don offering to help. But I think I'm going to stop using my Spamcop account, for a few reasons. First, at the moment my hosting company is satisfied because I've redirected my forwarders. Even if Don were to work something out with them, if there were to be another false alarm in the future, they may not be so easy to appease. I'm very happy with this hosting company (I've been through several), and I don't want to have to find another one.

Another reason is that I don't think Spamcop is as effective as it once was, due to the changing landscape of spamming. It used to be that most spam came from nefarious ISPs, hijacked servers or spammers who set-up their own servers. That was a relatively small number of sources which Spamcop could identify via the reports, and blacklist them, effectively shutting them down. Now, the majority of spam is originating from millions of infected computers. This makes the blacklisting method nearly useless. It's very much like the difference between the Cold War and today: back then we had a large, visible enemy. We knew where they were, what they could do, and could watch them. Now we're dealing with a large number of small operatives, and they are embedded with the general population. And just like dropping a bomb on an Afgahni village kills a lot of innocent people along with the bad guys, blacklisting an ISP because they have a user with an infected computer casts too wide a net, hurting every other user using that ISP. Granted, the ISPs need to do a better job of addressing their infected users. But if they don't then all of their users suffer.

It's probably because of those reasons that I've been forced to use the option of only passing whitelisted users in Spamcop. That means I'm really not making use of any of the Spamcop features other than reporting spam. So I'm basically paying for a service that's allowing me to report the spam, but is no longer giving me a direct benefit, since I can set up whitelisting accounts by other means, which won't cost me anything.

I also have been increasingly unhappy with the lack of any kind of updates to the service. I posted years ago that the whitelist management was far too basic and incredibly tedious to manage, and I know several others have also asked for enhancements there. But it's still the same crappy interface that was always there. They released a new Webmail a couple of years ago, which did not work on my Treo with the Blazer browser (the previous version, which looked pretty much the same, worked flawlessly on my Treo). That was never addressed. They did come out with a mobile version, but incredibly it had no spam reporting capabilities. That list goes on. One of my beefs with most Web sites is that they are continually tinkering with the sites, adding new 'features', until they become overly cluttered and gimmicky. I figure it's because they need to give their developers something to do. Spamcop, OTOH, put out the system, then continue to collect their fees, but don't put any of that revenue back into improving the system. They really should have, instead of just paying their operating expenses and pocketing the rest.

Lastly, I've been reporting spam to Spamcop for more years than I care to remember, and it's become somewhat of an obsession. I wanted to report each one as quickly as possible, since the sooner they got identified, the quicker they'd be shut down. In fact, my average reporting time is less than 1 hour (I'm curious just how much under an hour it is, but Spamcop doesn't say.) But when I take a step back, I realize that it's probably become an OCD behavior for me, so it's probably a healthy thing for me to stop. And, as I explained above, I don't know how truly effective it is anyway.

What a long, strange trip it's been.

[dbiel]

First, thank you for your post and especially for your reply post. I have to admit that I do personally agree with much of what you said.

I set up my SpamCop email account years ago to try to reduce all of the spam filling my Earthlink in-box and it was very effective at that time. Today Earthlink has upgraded their spam filters to an extent that they catch nearly all of the spam hitting my accounts. At the same time, false positives seem to be non existent. I use the phrase "seem to be" as I stopped checking the spam folder about two years ago and have not had any mail go missing. Today 95% of the spam that does get into my in-box is mail that is addressed to my SpamCop account, not to my Earthlink accounts. I am actually thinking about doing a reverse test, forwarding my SpamCop mail to a separate Earthlink account as see how Earthlink handles the spam SpamCop lets by. Yes, I could reduce the amount of spam getting through by increasing the SpamAssassin setting, but that also increases the number of false positives. The problem with the SpamCop use of SpamAssassin is that the user can not adjust any of the filter settings, the only setting that is adjustable by SpamCop users is the number of hits. It is a real shame that SpamCop has not kept up with the times or addressed any of the requests for improvement posted in these forums. It seems that they just do not care.

My work email account is virtually spam free with MessageLabs spam Manager catching virtually all spam address to my account. I must admit that it appears to be very few, 39 during the period of May 2nd to May 9th which included the typical types of spam:

Sex enhancement

Viagra and other meds

diploma mill

replica watches

Thanks again for your reply post.

[Farelf]

Thanks for the update.

...I received a PM from Don offering to help. But I think I'm going to stop using my Spamcop account, for a few reasons. First, at the moment my hosting company is satisfied because I've redirected my forwarders. Even if Don were to work something out with them, if there were to be another false alarm in the future, they may not be so easy to appease. I'm very happy with this hosting company (I've been through several), and I don't want to have to find another one. ...

It's good that Don stepped in. With the volume and frequency of your reporting (over 200 'forwarders'! Less than an hour average reporting time!) that was to be hoped. If your ISP is mistaken about the effect of SC reporting through their network that remains a disappointing aspect, regardless of whatever happens next. If they are mistaken (and can't blame you), I guess they will realize soon enough and I wonder what they do then?

...Another reason is that I don't think Spamcop is as effective as it once was, due to the changing landscape of spamming. It used to be that most spam came from nefarious ISPs, hijacked servers or spammers who set-up their own servers. That was a relatively small number of sources which Spamcop could identify via the reports, and blacklist them, effectively shutting them down. Now, the majority of spam is originating from millions of infected computers. This makes the blacklisting method nearly useless. It's very much like the difference between the Cold War and today: back then we had a large, visible enemy. We knew where they were, what they could do, and could watch them. Now we're dealing with a large number of small operatives, and they are embedded with the general population. And just like dropping a bomb on an Afgahni village kills a lot of innocent people along with the bad guys, blacklisting an ISP because they have a user with an infected computer casts too wide a net, hurting every other user using that ISP. Granted, the ISPs need to do a better job of addressing their infected users. But if they don't then all of their users suffer. ...

Well, that's perfectly true as far as it goes but I wouldn't see it exactly the same way. The 'terrorists' have virtually monopolized the e-mail bandwidth and many ISPs are more than content to appease them (after all, the legitimate user - the 'villager' - pays and pays and ...). It's only on those occasions when the scrabble to add capacity doesn't quite keep up with the provision of some (vestige of) usable service to the paying user that the cracks in the foundations are glimpsed.

Continually improving/diversifying communications-information processing technology and service throttling help keep things going in the face of growing user numbers, ever more bandwidth-demanding applications and services - and incessant and increasing spam levels. Sure, more and more spam is being quietly dropped somewhere along the chain of transmission - but it seems that just leads to more being sent to compensate.

Sooner, rather than later, someone has to take responsibility for tracking down the infected machines and destroying the command and control networks. Or we can wait until 'tomorrow'. SC is relatively gentle, relatively precise in its 'bombing' and, more importantly (concering the "Why bomb at all?" question that begs answer), I wonder what would happen if there were no blocklists at all to alert and 'incentivate' ISPs/MSPs towards the discovery process?

... I also have been increasingly unhappy with the lack of any kind of updates to the service. Spamcop, ... continue to collect their fees, but don't put any of that revenue back into improving the system. They really should have, instead of just paying their operating expenses and pocketing the rest. ...

The business model of the e-mail side always was fairly unique, I suppose. Different priorities turning on the integration with the reporting system (itself providing a difference from the purely spamtrap-based RBLs), an anti-spam 'solution' ahead of others and always much more of a 'service' than a 'profit center' I suspect. Now there are more/other anti-spam solutions and a struggle for relevance in a new era. Just musing, not going along with the implication of excessive profit-taking but that's just my take on things.

...Lastly, I've been reporting spam to Spamcop for more years than I care to remember, and it's become somewhat of an obsession. ... What a long, strange trip it's been.

Obsessiveness is bad. If you're calling it a day now I think few would argue you've not done more than your fair share already. But, if it's come to that, I hope you will feel free to report a few from time to time, just for 'old times sake'. Any that leak through your filters (just make sure your mailhosts are right).

[Wazoo]

I have my domain hosted by a commercial provider (BlueHost). Today they shut down my Web and Email services, and sent me a notification that my account was being deactivated due to "Terms of Service Violations". I immediately called their support desk, and what I was told floored me:

They said I had many forward accounts that were pointing to Spamcop, and that Spamcop had reported me for forwarding spam. I couldn't believe it! I explained that that was email to me which I was forwarding it to my Spamcop account, which I was paying for, so that the spam could be filtered. She said that apparently when they look at the spam, my domain server was one of the hops along the way to Spamcop, and therefore Spamcop was blacklisting BlueHost, because of the spam they were receiving from me.

This is completely unbelievable.

I'm having to agree with your last staement, based on flaws with the story details offered. First of all, there isn't anything in any part of the SpamCop.net system that "automatically" reports anything to anyone. So just the fact of having e-mail forwarded to your SpamCop.net e-mail account offers no correlation to te "reported me for forwarding spam" scenario. In general, the only way for that action to have occured is that you were managing to "report yourself" in some fashion.

The easiest guess has been suggested already, either you did not run through the MailHost Configuration of your Reporting Account or there was a change at your ISP (typically servers being added or re-located) and you did not notice those changes, and were then allowing Reports to go back against your own ISP. Taking Don up on his offer of assistance may have isolated the actuals of the situation, but as fas as this Discussion goes, I don't believe that there's enough specific data available.

As far as generalities, there is the small note that there are different "sections" of the SpamCop.net system, and those "sections" are owned and managed by different folks, different companies, etc. Simply "pocketing the money" should also be contrasted against the continual upgrades and additions to hardware to keep up with the demand of supporting the growing customer base, the increase of bandwidth consumption caused by the same, etc. I don't think it's too much to point out that $30/year is pretty small as compared to other "for pay" e-mail systems, some of which derive ton-loads of other money by forcing one to wade through all of the additional advertising load included on the 'hosted' e-mail web-site.

[DavidT]

I agree with Wazoo -- the scenario described by the OP sounds like problems with accidental self-reporting due to lack of Mailhosts setup (or problems with Mailhosts setup). I'm hoping the OP will follow up with Don and let Don confirm or deny that as the cause.

DT