Tommy Dodd Posted June 1, 2011 Share Posted June 1, 2011 Admin action: extracted from http://forum.spamcop.net/forums/index.php?showtopic=11809 and made a new Topic in the Lounge area, as it seems to be more of a philosphy discussion. The good news is that Yahoo have (according to Senderbase) 5,507 email servers. Of these only a few will be on the block-list at any one time so it's not a case of "hanging around for (at least) 24 hours every time someone uses Yahoo to send spam" 99 times out of a hundred (or more) your mail will be sent through one of the servers that is not on then blocklist. You were just unlucky this time. The wisdom of using a free, spammy, mailserver for important business mail is a whole other question. . . . and where would I find such a mailserver as a small business person? With respect, spam Cop is today blocking PAID Yahoo business servers based not on their IP address, but on their URL, which means that a whole range of IPs are caught in a false positive. This happens about twice a year or so. I would not object so strenuously to this if it meant my emails got tagged, but some (thankfully few) ISPs rely on SpamCop so completely that they black hole emails from servers on the list and neither sender or recipient even know it's happened. With power comes responsibility, and I believe that this practice of black listing a URL that handles hundreds of thousands of messages through a legitimate ISP should be stopped and that spam Cop should advise users to employ their black list as one or several filtering criteria, before black holing a message. If I use some smaller mom and pop ISP, is that an advisable thing for important business emails? (Don't answer; I've done it and it's not.) If I use any name brand ISP, I will have this problem, because if my ISP runs 5,000 servers and they work really really hard, they are still going to source spam from time to time, and this should be forgiveable for companies that genuinely attempt to control spam. I suggest creating a "white list" of IPs run by such responsible companies -- and yes they are going to include all the big players that the cyber-hippies hate. I submit that these false positive situations are causing more harm than the fleecing of suckers in pharmaceutical scams or DHL delivery notices. Let's get the balance right. Link to comment Share on other sites More sharing options...
Wazoo Posted June 1, 2011 Share Posted June 1, 2011 With respect, spam Cop is today blocking PAID Yahoo business servers based not on their IP address, but on their URL, which means that a whole range of IPs are caught in a false positive. What is the SpamCop Blocking List (SCBL)? There was an experiment years ago of trying to deal with ranges of IP Addresses, but it didn't fly. I believe that this practice of black listing a URL that handles hundreds of thousands of messages through a legitimate ISP should be stopped See the same referenced link above. It's the matter of the ratio of spam/good e-mail involved that triggers a listing/de-listing of an IP Address. and that spam Cop should advise users to employ their black list as one or several filtering criteria Once again, see the referenced link. It is in fact recommended not to use the SpamCopDNSBL in a blocking fashion. Wjitelisting of desired traffic is also suggested, If I use any name brand ISP, I will have this problem, because if my ISP runs 5,000 servers and they work really really hard, they are still going to source spam from time to time, and this should be forgiveable for companies that genuinely attempt to control spam. Sourcing "some" spam isn't the issue, it's the sourcing of "a lot" of spam that's causing the problem, compoinded by "not" handling the situation timely and well. And once again, it's not a typical situation that "all 5,000 servers" would show up on the SpamCopDNBL, only those involved in sourcing a flood of spam would make it inot this list. I submit that these false positive situations are causing more harm than the fleecing of suckers in pharmaceutical scams or DHL delivery notices. Let's get the balance right. I submit that you did zero research before deciding to Register here and make your first Post, citing bad information and false assumptions. Link to comment Share on other sites More sharing options...
turetzsr Posted June 1, 2011 Share Posted June 1, 2011 . . . and where would I find such a mailserver as a small business person?...Hmm, well, where do you find any service that you need? If nothing else, pretty much everyone who has access to the internet has access to search engines such as Yahoo and Google.With respect, spam Cop is today blocking PAID Yahoo business servers based not on their IP address, but on their URL, which means that a whole range of IPs are caught in a false positive....Do you have evidence of this? If so, please submit it at your earliest convenience to the SpamCop Deputies (deputies[at]admin.spamcop.net) because this is contrary to SpamCop's published policy (see SpamCop FAQ [to which there is a link near the top left of every SpamCop Forum page] labeled "What is on the list?")!<snip> I would not object so strenuously to this if it meant my emails got tagged, but some (thankfully few) ISPs rely on SpamCop so completely that they black hole emails from servers on the list and neither sender or recipient even know it's happened. With power comes responsibility, and I believe that this practice of black listing a URL that handles hundreds of thousands of messages through a legitimate ISP should be stopped and that spam Cop should advise users to employ their black list as one or several filtering criteria, before black holing a message. ...You will be pleased to know that SpamCop does something very much like that: see SpamCop FAQ entry labeled "Introduction - What is this thing? How does it work?" and "What is the SpamCop Blocking List (SCBL)?"<snip> If I use any name brand ISP, I will have this problem, because if my ISP runs 5,000 servers and they work really really hard, they are still going to source spam from time to time, and this should be forgiveable for companies that genuinely attempt to control spam. ...You will be pleased to know that SpamCop is "forgiving" of large-volume e-mail providers who only occasionally are sources of spam: see SpamCop FAQ (to which there is a link near the top left of every SpamCop Forum page) labeled "What is on the list? <snip> I submit that these false positive situations are causing more harm than the fleecing of suckers in pharmaceutical scams or DHL delivery notices. Let's get the balance right. ...And many (probably most) of us who are victims of spam (almost everyone who receives e-mail) feel otherwise. And everyone who pay for the resources consumed by the spam should, as well, IMHO. Link to comment Share on other sites More sharing options...
Farelf Posted June 2, 2011 Share Posted June 2, 2011 <snip> I submit that these false positive situations are causing more harm than the fleecing of suckers in pharmaceutical scams or DHL delivery notices. Let's get the balance right. ...And many (probably most) of us who are victims of spam (almost everyone who receives e-mail) feel otherwise. And everyone who pay for the resources consumed by the spam should, as well, IMHO.Agree - as posted elsewhere... An earlier study undertaken by the scientists showed that a single commercial spam e-mail campaign generated three messages for every person on the planet. That same study revealed that to sell $100 worth of Viagra, a spam provider needed to send 12.5 million messages. ... - indicative, the study may not be picking up the full magnitude (there are uncertainties in measurement). We all pay for that profligacy - not enough ISPs are effective in stopping the spew at source. Even when these messages are not delivered or are not read we still pay. Yahoo is (presently) not trying hard enough. They used to try harder. See also http://forum.spamcop.net/forums/index.php?showtopic=11850 Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 I know I am not going to convince contributors that have between them posted over 7,000 messages on this forum. I understand that you think you are doing God's work, and that's fine. But for just one minute try to see this from my perspective. If those 12.5 million emails you cite adds a few milliseconds to the time it takes my messages to get through, frankly, I can live with that. If I pay a few cents more per year for bandwidth than I should because spammers are clogging up the system, I will get over that too – rather not – yes it is unjust – and maybe all those pennies multiplied by all the Internet users would accomplish some great good in a perfect world – but those are the breaks in this world. However, what I do mind is that I am trying to run a business that provides people with jobs (we do not ask our workers to volunteer their time, unlike Cisco apparently), and about twice a year I have several days of interrupted service that is caused by spam Cop's blacklisting. So, stated plainly, when it comes to my business spam is not the problem, spam Cop is. Have I reported this to the spam Cop's “Deputies?†Yeah, and I got back a form letter that you can also find on the Internet claiming that the “amount of spam being sent through Yahoo has grown exponentially.†Which, if you know the literal meaning of “exponentially,†is obviously self serving hyperbole. If spam Cop has a legitimate complaint about the way Yahoo secures their servers, them let me suggest that they get their parent company to contact one of the head techs at Yahoo. They must be constantly supplying them with hardware and will have the phone number. Schedule a meeting and explain to them specifically what they could do to improve, and maybe even offer their volunteer force to help if necessary. I realise that this sort of approach does not have the chic appeal of being an activist giant-slayer, but this is how things actually get done. Anyway, by its own admission spam Cop's current approach does not seem to be working with Yahoo. In fact, and believe me posters here are not going to like this, if you take a dispassionate look at what spam Cop is doing, it is no different in its effect than a group of hackers deciding that some company (in this case Yahoo) has violated a moral principle that they have taken upon themselves to enforce and then launching a DoS attack. So, what am I going to do? Well, there has been junk mail since Benjamin Franklin was the Postmaster General and fraud since the dawn of civilization, so I will let you carry on that battle if you wish. I'm not going to Google looking for an alternative ISP as one poster helpfully responded to my rhetorical question, because however romantic it may be to use some New Age independent provider, I can't afford to have their servers trip offline when they are out of town for a wedding (again). Apparently I can't use a brand name provider either because with their large number of users they will always be sourcing some spam and occasionally get black listed by the techno police. So, I'll get a second-hand box, install Linux sendmail, run my own mail server, and flit around the Internet on a dynamic IP address so I don't have these headaches. Will I be any better at securing my server than Yahoo? Doubt it. So in all likelihood there will just be another open relay out there. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 I submit that you did zero research before deciding to Register here and make your first Post, citing bad information and false assumptions. You are absolutely entitled to assert this. I am not in the same position with my first post as an Admin with over 13,000, and I do not wish to imply that I am stating the result of research. I am just sharing my direct experience in the spirit of fora. I do believe I represent a lot of users, some who are unable to trace their experiences to spam Cop, and so find this forum. This contention may not be supported by research either, but come on your own link claims that "most SCBL users find that the amount of unwanted email successfully filtered makes the risks and additional efforts worthwhile." Is that the result of an independent consumer research? Based on how many respondents? Did they self select (well, yes, they're "users" after all)? Anyway, when I start research from the link you cite, I read: "This description . . . may be out of date." "SpamCop reporting tool cannot determine if email reported by users is or is not spam." "The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible." And then the link to "Why was I blocked?" which includes as the first explanation: "[Y]ou share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." So, my IP may only be responding to spam then? [spamtraps being defined somewhat amusingly (I needed something to cheer me up) as "non-existent" emails "set up" by spam Cop.] If you think this research is making me feel better, you'd be mistaken. The link also admits "SpamCop users can and do make mistakes." Well, fair enough, but elsewhere in the forum people have stated flatly that Yahoo doesn't try hard enough. Maybe spam coppers need to try harder too, and not fall into the trap of becoming a self congratulatory organisation. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 Admin action: extracted this from another Topic and merged into this Discussion. Interrupts the timing and flow of dialog, but .... What is the SpamCop Blocking List (SCBL)? I submit that you did zero research before deciding to Register here and make your first Post, citing bad information and false assumptions. You are absolutely entitled to assert this. I am not in the same position with my first post as an Admin with over 13,000, and I do not wish to imply that I am stating the result of research. I am just sharing my direct experience in the spirit of fora. I do believe I represent a lot of users, some who are unable to trace their experiences to spam Cop, and so find this forum. This contention may not be supported by research either, but come on your own link claims that "most SCBL users find that the amount of unwanted email successfully filtered makes the risks and additional efforts worthwhile." Is that the result of an independent consumer research? Based on how many respondents? Did they self select (well, yes, they're "users" after all)? Anyway, when I start research from the link you cite, I read: "This description . . . may be out of date." "SpamCop reporting tool cannot determine if email reported by users is or is not spam." "The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible." And then the link to "Why was I blocked?" which includes as the first explanation: "[Y]ou share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." So, my IP may only be responding to spam then? [spamtraps being defined somewhat amusingly (I needed something to cheer me up) as "non-existent" emails "set up" by spam Cop.] If you think this research is making me feel better, you'd be mistaken. The link also admits "SpamCop users can and do make mistakes." Well, fair enough, but elsewhere in the forum people have stated flatly that Yahoo doesn't try hard enough. Maybe spam coppers need to try harder too, and not fall into the trap of becoming a self congratulatory organisation. Link to comment Share on other sites More sharing options...
Farelf Posted June 2, 2011 Share Posted June 2, 2011 ...In fact, and believe me posters here are not going to like this, if you take a dispassionate look at what spam Cop is doing, it is no different in its effect than a group of hackers deciding that some company (in this case Yahoo) has violated a moral principle that they have taken upon themselves to enforce and then launching a DoS attack. So, what am I going to do? Well, there has been junk mail since Benjamin Franklin was the Postmaster General and fraud since the dawn of civilization, so I will let you carry on that battle if you wish. I'm not going to Google looking for an alternative ISP as one poster helpfully responded to my rhetorical question, because however romantic it may be to use some New Age independent provider, I can't afford to have their servers trip offline when they are out of town for a wedding (again). Apparently I can't use a brand name provider either because with their large number of users they will always be sourcing some spam and occasionally get black listed by the techno police. So, I'll get a second-hand box, install Linux sendmail, run my own mail server, and flit around the Internet on a dynamic IP address so I don't have these headaches. Will I be any better at securing my server than Yahoo? Doubt it. So in all likelihood there will just be another open relay out there. You're getting carried away by your own rhetoric there Tommy. The difference between SC and hackers is SC doesn't block anything - it is the service providers (the receivers) trying to reduce some of the +90% noise for their customers who do the blocking - using whatever tools they prefer. And of course when they use the SCbl to block/refuse messages they're exceeding the recommended usage of that particular tool. Send to the internet from dynamic addresses? You'd be on some blocklists then before you even start - for instance the IP address you're posting from will already be on at least half a dozen of them (not SC though - actual, current evidence is required for that). Get some professional advice on how to optimise the message delivery to suit your business plan. Otherwise you're just tilting at windmills. I wish I had your tranquillity when it comes to spammers . Nah, I don't - I despise spammers as parasites and, in extreme cases, the wreckers of the lives of the unlucky, the innocent, the gullible and the lame. Also the greedy, but I'm not fretting on their behalf. Link to comment Share on other sites More sharing options...
Wazoo Posted June 2, 2011 Share Posted June 2, 2011 But for just one minute try to see this from my perspective. If those 12.5 million emails you cite adds a few milliseconds to the time it takes my messages to get through, frankly, I can live with that. Various FAQ/Wiki entries have been geberated to try to "handle things from your perspective." On the other hand, the interest from this side of the screen has very little to do with how long it takes you to send your e-mail, .. rather it's the odds that I'd actually ever see 'your' e-mail when my InBox is being flooded with my portion of the suggested 12.5 million other e-mails. However, what I do mind is that I am trying to run a business that provides people with jobs (we do not ask our workers to volunteer their time, unlike Cisco apparently), and about twice a year I have several days of interrupted service that is caused by spam Cop's blacklisting. So, stated plainly, when it comes to my business spam is not the problem, spam Cop is. Although frustrating, I'm not sure that the problem is near as big as you are trying to make it sound. You attempt to send an e-mail. Factor in the odds that it gets assigned to an output server that happens to be listed at just that right time. (Example: 25 of the suggested 5,000+ Yahoo output servers listed. See http://www.senderbase.org/senderbase_queri...tring=yahoo.com as a starting point.) Factor in the odds that the Receiving system is configured to be using the SpamCopDNSBL in a blocking fashion. (No way to guess at the actual numbers, so let's just toss out numbers like maybe 2 or 3 out of 10 receiving systems are using BL filtering that might include the SpamCopDNSBL at all, maybe only one of them using it in the recommended fashion, that of a calculated, measured, tagging mode.) The odds are very much in favour of your e-mail arriving at the recipient's InBox. And noting of course, that the SpamCopDNSBL is dynamic, in that when the spam spew stops, the listing gets removed in a timely fashion. So an e-mail you tryied to send might get blocked by some recipient's e-mail Host .. if one wants to believe that Yahoo does their job, that Yahoo output server would be de-listed in a matter of hours, allowing the next attempt of the same recipient e-mail address making the trip unhindered. (Once again noting the chances of your outgoing actually using the same output server to begin with.) Anyway, by its own admission spam Cop's current approach does not seem to be working with Yahoo. On the other hand, Yahoo is not treated any defferently than any other ISP/Host. User-reported notifications are sent out. It's up to them to resolve the issues with the spew emanating from one of their servers. Picking one at random (actually one of the first ones showing as listed after wading through over a thousand servers not listed,) here's an example where the appearances are that they have done something to 'adjust' the spew from one server; http://www.senderbase.org/senderbase_queri...=67.195.135.100 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ....... 4.7 .. -54% Last month ... 5.0 with the attendent SpamcoDNSBL listing showing; http://spamcop.net/w3m?action=checkblock&a...=67.195.135.100 67.195.135.100 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours. In fact, and believe me posters here are not going to like this, if you take a dispassionate look at what spam Cop is doing, it is no different in its effect than a group of hackers deciding that some company (in this case Yahoo) has violated a moral principle that they have taken upon themselves to enforce and then launching a DoS attack. Again, with real specifics in hand, one can see that you painting things with an overbroad brush. One server of many listed at any one time, managing to try to attempt delivery to one of many systems with a SpamCopDNSBL filter in place configured to block that incoming e-mail due to its spam-spewing source again, that listing to disappear when the spam-spew stops. Hardly an atack on a specific company for no good reason. So, I'll get a second-hand box, install Linux sendmail, run my own mail server, and flit around the Internet on a dynamic IP address so I don't have these headaches. Running your own server is certainly an option. However, there are already tails here of folks running into issues with a dynamic IP Address .... the problem of receiving one that's already been tainted by a previous user/spammer. And that's ignoring the fact that most folks block e-mail from a dynamic IP Address these days as a standard mode. Link to comment Share on other sites More sharing options...
Wazoo Posted June 2, 2011 Share Posted June 2, 2011 I do believe I represent a lot of users, some who are unable to trace their experiences to spam Cop, and so find this forum. This contention may not be supported by research either, but come on your own link claims that "most SCBL users find that the amount of unwanted email successfully filtered makes the risks and additional efforts worthwhile." Is that the result of an independent consumer research? Based on how many respondents? Did they self select (well, yes, they're "users" after all)? I certainly agree with the issue of this Forum not necessarily being that easy to find. That factor is controlled by other folks. The 'success' would seem to be defined in all sorts of places. The inclusion of BL look-up functions in various e-mail clients and tools which include the SpamCopDNSBL as a standard entry. That there are sufficient enough folks using it to cause folks like yourself to make that point known (usually because of its use in the non-recommended fashion, I maight add.) Anyway, when I start research from the link you cite, I read: "This description . . . may be out of date." "SpamCop reporting tool cannot determine if email reported by users is or is not spam." "The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible." And then the link to "Why was I blocked?" which includes as the first explanation: "[Y]ou share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." Just noting that the references provided here were generated by us users for the most part, being updated and expanded from the 'original sources' that haven't been updated in years. SpamCop.net was started by a single person, IronPort added a team of software engineers, Cisco added in another level of oversite when they got involved. None of those folks like to talk to us lowly (volunteer) users. So, my IP may only be responding to spam then? [spamtraps being defined somewhat amusingly (I needed something to cheer me up) as "non-existent" emails "set up" by spam Cop.] Not sure of your starting point here. SpamTraps don't generate responses. The issue is spam sent from "your IP" (assuming you meant the Yahoo output server in question) to an e-mail address set-up strictly for the use of spammers/scrapers to 'find' new addresses to add to their output lists. If you think this research is making me feel better, you'd be mistaken. The link also admits "SpamCop users can and do make mistakes." Well, fair enough, but elsewhere in the forum people have stated flatly that Yahoo doesn't try hard enough. Maybe spam coppers need to try harder too, and not fall into the trap of becoming a self congratulatory organisation. I can only point to the page What is SpamCop.net? and note that the analogy still holds. Noting that stories of folks running into bad information being supplied by credit-reporting agencies are also numerous, scary, and legion. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 Thank you Wazoo and Forelf for what I feel were thoughtful and cogent responses to my observations, and I appreciate that your product is being used incorrectly by the ISP in question. But it is a fact, that the SMTP IP address that I (Yahoo Business) used was not on the BL at the time of the bounce (1 Jun 2011 14:14:20 GMT). The only way I got SC's query engine to flag up was by putting in the URL (nm14.bullet.mail.sp2.yahoo.com), which then referenced a different IP address. So, evidently, if the header lists a URL that resolves to an IP on your list, at least in some installations, this triggers a blocked message. So this is a broader brush (to borrow your phrase) than I believe is intended or advertised. As a result I got several successive bounces from the same receiving ISP - who no doubt uses the list in a way that it is not intended. But where we really disagree, I think, is in the approach. Sure with the 500 user free mail providers in dodgy jurisdictions you may have to resort to these blacklisting tactics, because you can't address all of them every day of the year personally, but with an ISP that is among the largest in the world and govern by a sensible legal system, a direct approach would be the most effective and sensible tactic, no matter what you may think of the way they do business. Black listing Yahoo, really is doing harm to the wrong people. (IM(H)O) Link to comment Share on other sites More sharing options...
Wazoo Posted June 2, 2011 Share Posted June 2, 2011 But where we really disagree, I think, is in the approach. Sure with the 500 user free mail providers in dodgy jurisdictions you may have to resort to these blacklisting tactics, because you can't address all of them every day of the year personally, but with an ISP that is among the largest in the world and govern by a sensible legal system, a direct approach would be the most effective and sensible tactic, no matter what you may think of the way they do business. Black listing Yahoo, really is doing harm to the wrong people. (IM(H)O) Will take a shot at a response on the first part of your Post later. Just wanted to point out that another user had started another Topic referencing a blog elsewhere with someone having the same complaints and issues, Although a pain, it is worthwhile (IMHO) to read through the comments. Please see http://forum.spamcop.net/forums/index.php?showtopic=11861 Link to comment Share on other sites More sharing options...
SpamCop 98 Posted June 2, 2011 Share Posted June 2, 2011 The only way I got SC's query engine to flag up was by putting in the URL (nm14.bullet.mail.sp2.yahoo.com), which then referenced a different IP address. Could you elaborate on this? From here, nm14.bullet.mail.sp2.yahoo.com has one IP# and that IP#, 98.139.91.84, resolves to nm14.bullet.mail.sp2.yahoo.com. ...but with an ISP that is among the largest in the world and govern by a sensible legal system, a direct approach would be the most effective and sensible tactic, no matter what you may think of the way they do business. Black listing Yahoo, really is doing harm to the wrong people. (IM(H)O) If by "direct approach" you mean the "sensible legal system," spam is a global problem. In other words, we can pass all the laws we wish in the US and it will not stop spamming. It doesn't matter how large a free mail provider is either. Nobody gets a free pass. The type of spam emanating from the Yahoo! Mail servers is being fed to said servers by the millions/hour. If you cannot stop that kind of abuse, you really have no business running a network with more than 5,000 mail servers, do you? Props to you, Tommy, for sticking with us this far to understand how SpamCop really works and how services use it. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 Not sure of your starting point here. SpamTraps don't generate responses. The issue is spam sent from "your IP" (assuming you meant the Yahoo output server in question) to an e-mail address set-up strictly for the use of spammers/scrapers to 'find' new addresses to add to their output lists. To explain this point, by the way, the FAQ and related links suggest that an IP address could be blacklisted because a spammer, spoofing a SpamTrap address, might get a holiday auto response sent back from a innocent party unlucky enough to receive the spam message. Because this auto response is picked up by the SpamTrap account, the innocent party is treated as a spammer and gets a black mark on the IP address. Enough auto responses and the receiving IP is BLed. I think this is an ill founded policy. The solution someone gave here is don't use auto responders. Well, I can't control whether someone using a Yahoo Business account uses one of these or not, and some people even use these to send out anti-spam verifying emails to unknown senders with all the weird letters. So in that case it becomes anti-spam measures triggering anti spam measures. Link to comment Share on other sites More sharing options...
SpamCop 98 Posted June 2, 2011 Share Posted June 2, 2011 To explain this point, by the way, the FAQ and related links suggest that an IP address could be blacklisted because a spammer, spoofing a SpamTrap address, might get a holiday auto response sent back from a innocent party unlucky enough to receive the spam message. The common wisdom here is that spamtrap addresses kept secret and are near-impossible to identify. So spoofing them is not an option. The solution someone gave here is don't use auto responders. Well, I can't control whether someone using a Yahoo Business account uses one of these or not, and some people even use these to send out anti-spam verifying emails to unknown senders with all the weird letters. So in that case it becomes anti-spam measures triggering anti spam measures. Once upon a time you could not report autoresponders as spam. But then this started happening: a spammer forges your email address in the FROM field of his outbound spam. The spam has a virus. As a result, YOU start receiving thousands of notices from mail servers that your message (which really isn't yours) contains a virus and was refused, to the point that your mail server is now gasping for air. Needless to say, most responsible mail services don't send virus notices to the "sender" anymore. I have to say, having reported millions of spam items over well more than a decade, that I cannot recall ever reporting an auto responder. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 Could you elaborate on this? From here, nm14.bullet.mail.sp2.yahoo.com has one IP# and that IP#, 98.139.91.84, resolves to nm14.bullet.mail.sp2.yahoo.com. Yes. I studied the headers and the actual SMTP routers were at 98.139.212.151 , 98.139.212.228 , 98.139.91.66 , and 98.139.91.36, none of which were BLed at the time, however, the last one in the chain may have been 98.139.91.84 and it only takes one. This one is off the list now . . . . but the principle is still the same. That is, I don't think that black listing is the way for an instrumentality of Cisco to be dealing with a large organisation like Yahoo, because of the unnecessary collateral damage it creates for the users and for some who may be using a sub hosting and not even know they are a Yahoo customer. That is unless Cisco thinks it will sell more servers, then the approach is entirely understandable. Link to comment Share on other sites More sharing options...
Wazoo Posted June 2, 2011 Share Posted June 2, 2011 But it is a fact, that the SMTP IP address that I (Yahoo Business) used was not on the BL at the time of the bounce (1 Jun 2011 14:14:20 GMT). The only way I got SC's query engine to flag up was by putting in the URL (nm14.bullet.mail.sp2.yahoo.com), which then referenced a different IP address. So, evidently, if the header lists a URL that resolves to an IP on your list, at least in some installations, this triggers a blocked message. So this is a broader brush (to borrow your phrase) than I believe is intended or advertised. As a result I got several successive bounces from the same receiving ISP - who no doubt uses the list in a way that it is not intended. The lack of IP Addresses makes this hard to work with. (Edit: noting that the time lag of me making this Post allowed for more Posts to show up 'before' this Post was actually made.) However, agreeing with SpamCop 98's data, this does appear to be another "Yahoo fixed the problem" IP Addresses. http://www.senderbase.org/senderbase_queri...ng=98.139.91.84 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ...... 4.9 .. -44% Last month ... 5.1 Please see SenderBase's "Magnitude" Explained ... noting that in the old days, there was basically a 2% tipping point involved, much modified since then with all sorts of 'scaling' factors .... just note the amount of spam "from that specific IP Address" that's involved with determiinng the listed/de-listed situation. On one hand, the "listed/de-listed" data is cached and supplied via the use of localized Akanai linked systems, so there is the chance of seeing some data that may not immediately match the actual SpamCopDNSBL listings. Noting that these propogation delays would exist in both the listed and de-listed modes. On yet another hand, the misconfiguration of a BL look-up in an e-mail tool has been seen before .... citing several BLs to be used, but somehow linking "all" failed results to the single entry blaming SpamCop.net for the end result. A lot of times, this is apparant in the error message which usually lacks the link to do the specific IP Address status look-up, implying the lack of a complete/correct configuration of the filtering mode. In general, the use of a BL usually involves looking at the "connecting IP Address" .. as compared to the allegation of "finding an IP Address somewhere in the header" ... the issue of being a quick yes/no decision as compared to a resource/machine intensive 'full' header analysis. Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 2, 2011 Author Share Posted June 2, 2011 The common wisdom here is that spamtrap addresses kept secret and are near-impossible to identify. So spoofing them is not an option. This post http://forum.spamcop.net/forums/index.php?showtopic=972 Why am I Blocked FAQ states that "If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." This is pretty clear to me. Spamtraps can receive spam or, if they are on a spammer's list, also be spoofed and trigger this auto responder false alarm on some poor person receiving that spam when their address kicks out a holiday message. No one has to report it or anything. This is not right, in my opinion. I know way more about this rubbish than I ever wanted to. Link to comment Share on other sites More sharing options...
SpamCop 98 Posted June 2, 2011 Share Posted June 2, 2011 Yes. I studied the headers and the actual SMTP routers were at 98.139.212.151 , 98.139.212.228 , 98.139.91.66 , and 98.139.91.36, none of which were BLed at the time, however, the last one in the chain may have been 98.139.91.84 and it only takes one. SpamCop will only use the IP# of the server that sent the spam item, it discards all IP#s of the servers that handled the item before it. This one is off the list now . . . . but the principle is still the same. That is, I don't think that black listing is the way for an instrumentality of Cisco to be dealing with a large organisation like Yahoo, because of the unnecessary collateral damage it creates for the users and for some who may be using a sub hosting and not even know they are a Yahoo customer. That is unless Cisco thinks it will sell more servers, then the approach is entirely understandable. Here's the deal: SpamCop has sent thousands of notices to the registered abuse address for each IP# fingered, advising them of the problem. Yahoo's spam-to-legitimate email ratio started getting them on the SCBL on a fairly frequent basis starting about March. So it is not like Yahoo hasn't been notified of the problem or that it is all brand new. I can say with some certainty that SC staff have probably bent over backwards trying to notify Yahoo of the problem, I would be surprised if there haven't been phone calls involved. As to selling more Cisco routers, that's really immaterial. They might sell more IronPort machines, but I believe Barracuda is the market leader in this arena. This post http://forum.spamcop.net/forums/index.php?showtopic=972 Why am I Blocked FAQ states that "If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." ...true, it happens. But had you quoted the rest of the sentence you would know the real reason for getting added to the blocklist: "...is using auto-responses that are replying to spam with forged spamtrap email addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'bounces' created after accepting the email." The server ACCEPTED the email and then sent a response based only on the FROM address. This is a practice sure to get servers in trouble: you have got to deal with accepting or rejecting the email during the SMTP session. Other types of notices in this category include "over quota" or "no such address" autoresponses. I know way more about this rubbish than I ever wanted to. Indeed we all do, except perhaps Larry Chaffin. Link to comment Share on other sites More sharing options...
turetzsr Posted June 2, 2011 Share Posted June 2, 2011 <snip> However, what I do mind is that I am trying to run a business that provides people with jobs (we do not ask our workers to volunteer their time, unlike Cisco apparently), and about twice a year I have several days of interrupted service that is caused by spam Cop's blacklisting. So, stated plainly, when it comes to my business spam is not the problem, spam Cop is. <snip> ...Very few Cisco employees participate in these fora. They can be identified with a "spamcop.net" icon beneath their names.Have I reported this to the spam Cop's “Deputies?†Yeah, and I got back a form letter that you can also find on the Internet claiming that the “amount of spam being sent through Yahoo has grown exponentially.†Which, if you know the literal meaning of “exponentially,†is obviously self serving hyperbole. <snip> ...Are you saying that you reported your evidence that "spam Cop is today blocking PAID Yahoo business servers based not on their IP address, but on their URL, which means that a whole range of IPs are caught in a false positive?" If so, I'm very surprised that you only received a form letter but I suppose it's possible. You may wish to try again, this time making it clear that you are reporting a potential violation of SpamCop policy by SpamCop, itself! ...As to your characterizations of the use of the word "exponentially" as "obviously self serving hyperbole," I am inclined to believe SpamCop staff as they have the data to support such a claim. If spam Cop has a legitimate complaint about the way Yahoo secures their servers, them let me suggest that they get their parent company to contact one of the head techs at Yahoo. <snip> ...And why should SpamCop staff feel obligated to do that? Yahoo is clearly well aware of the issue and it is their customers, not SpamCop's, who are being inconvenienced. Besides, SpamCop is unlikely to have the leverage with Yahoo that Yahoo's own paying customers have. IMHO, it's up to you and your fellow Yahoo customers to perform this function. Your leverage is that there are plenty of other e-mail providers who will be happy to take the money you currently spend with Yahoo. This post http://forum.spamcop.net/forums/index.php?showtopic=972 Why am I Blocked FAQ states that "If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." This is pretty clear to me. Spamtraps can receive spam or, if they are on a spammer's list, also be spoofed and trigger this auto responder false alarm on some poor person receiving that spam when their address kicks out a holiday message. No one has to report it or anything. This is not right, in my opinion. I know way more about this rubbish than I ever wanted to. The common wisdom here is that spamtrap addresses kept secret and are near-impossible to identify. So spoofing them is not an option.This post http://forum.spamcop.net/forums/index.php?showtopic=972 Why am I Blocked FAQ states that "If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: is using auto-responses that are replying to spam with forged spamtrap email." This is pretty clear to me. Spamtraps can receive spam or, if they are on a spammer's list, also be spoofed and trigger this auto responder false alarm on some poor person receiving that spam when their address kicks out a holiday message. <snip> ...Is this reply in response to SpamCop 98's quoted point? If so, I believe you misunderstand. I believe that SpamCop 98 was saying that the SpamTrap e-mail address can not be copied from another e-mail, it can only be found by scraping a web page where the SpamTrap e-mail address is hidden, present only to find such scrapers which feed spam distribution lists. Link to comment Share on other sites More sharing options...
Wazoo Posted June 2, 2011 Share Posted June 2, 2011 This is pretty clear to me. Spamtraps can receive spam or, if they are on a spammer's list, also be spoofed and trigger this auto responder false alarm on some poor person receiving that spam when their address kicks out a holiday message. No one has to report it or anything. Spatraps being "secret" is a bit of an odd description in reality. 'Secret' in that they are typically not in plain sight, but public in that they are exposed qute clearly of one wants to look or uses the needed tools. A for example item found as the background linkage to a displayed icon on a web-page; onclick="return !confirm('WARNING - do not send email or you will be blacklisted');" href="mailto:some-extremely-garbaged-up-string[at]some.specified.sub-domain.of.a.com"> </a> Point being, not seen when looking at the web-page, but readily available to a scraping tool that looks for grabbing the data surrounding any [at] character saeen in the code for the displayed page Yes, it is known that a spammer or three over the years has in fact used this data to source a spam-spew effort that in fact did result in an innocent (?) being placed into the SpamCopDNSBL, in the hopes of generating yet another SpamCop.net hater. However, once again looking at the math involved, this is really a lot of work, which most "high-speed marketing" type folks are not willing to spend their time on .. easier to simply spew out those thousands of e-mails to any and all addresses on their "certified opted-in address lists" so they can get their money for that job and start the next run for the next product/client. Link to comment Share on other sites More sharing options...
rconner Posted June 2, 2011 Share Posted June 2, 2011 Superficially, I guess DNSBLs like SpamCop can look pretty sinister if you ignore some key facts and distort some others. The very term "block list" is a huge misnomer, "advisory service" would be more accurate. On the other hand, once it emerges, it is much harder to argue with the libertarian position in favor of DNSBLs, what our dear Miss Besty used to phrase as "my server, my rules." Those who are paying for the upkeep of the mail server ought to be allowed to decide who and who won't use it. The DNSBLs help them make that decision on a rational basis. And, because SBL is both fact-based and timely, it is probably a far better bet than some DNSBLs that seem to operate on whims. -- rick Link to comment Share on other sites More sharing options...
petzl Posted June 3, 2011 Share Posted June 3, 2011 This is pretty clear to me. Spamtraps can receive spam or, if they are on a spammer's list, also be spoofed and trigger this auto responder false alarm on some poor person receiving that spam when their address kicks out a holiday message. No one has to report it or anything. This is not right, in my opinion (1) SpamCop spamtraps are hidden unguessable and can only be got by "spiders" (2) No report is sent or IP address blocked on evidence from spamtrap addresses alone. These have to be confirmed by people personally reporting spam from identical IP address within 24 hours (3) If spam stops IP is released/de-listed in 24 hours maximum (4) For SpamCop to block a Yahoo email server means it (Yahoo) is sending masses amounts of spam, exceeding the ratio SpamCop allocates by a formula used by SpamCop to list them (5) Importantly EVERY spam is individually reported by a SpamCop member, which is then reported to the abuse address listed IMO Yahoo's solution to being blocked seems to be to "rotate" servers. Many of these servers handle email from spam friendly countries like Brazil http://br.yahoo.com/ which presently has the IP 72.30.2.43 this server is based in CALIFORNIA, SUNNYVALE. The only ones who can tell you why Yahoos servers are blocked is Yahoo. They have a serious security problem which needs resolving. I find Gmail so far offer a far superior service because they do seem to react to and stop spam. Yahoo ignoring the problem won't do anyone any good. Gmail, Microsoft for instance do not publish any list, nor send rejection notices. So you don't mind because you don't know your important email didn't arrive Link to comment Share on other sites More sharing options...
Tommy Dodd Posted June 6, 2011 Author Share Posted June 6, 2011 ....And why should SpamCop staff feel obligated to do that? Yahoo is clearly well aware of the issue and it is their customers, not SpamCop's, who are being inconvenienced. Besides, SpamCop is unlikely to have the leverage with Yahoo that Yahoo's own paying customers have. Intoxicating alcohol is delivered by the US Post Office. This has risen exponentially, that is to say it has doubled every 30 years over the past 90 years, based on data I've got somewhere around here. There are innumerable cases of people's lives being ruined by alcohol consumption. This is a terrible problem in our economy and it costs millions of dollars. It is intolerable that the US Post Office should be contributing to this scourge on society. So, I and a group of like-minded individuals have decided to register change of address cards to randomly divert mail addressed to anyone living in the same zip code as a liquor retailer. It is now up to them to petition the Post Office to put an end to these booze deliveries, because they are more likely than me to get attention. Now you get it? This is just not the way to do things. Of course the analogy isn't perfect, but it is in as far as spam Cop's crusade is causing my business to suffer, because of something I do not see as a problem worth fixing. Most users of spam Cop are unwitting "customers", because some systems person has deemed it to be a sensible thing to put on their server. So, the idea that spam Cop is serving grateful clientèle is a self serving depiction. I am no doubt a "customer" on at least one server I use. God knows, maybe even Yahoo uses the database to flag spam. It's spam Cop's (and evidently your) hot issue, so fix it without involving me, either by contacting Yahoo directly or through public awareness or whatever. For my part, I am happy to just delete zip attachments, ignore replica watch sales . . . and have the occasional beer, whatever anyone else may think about it. Link to comment Share on other sites More sharing options...
rconner Posted June 6, 2011 Share Posted June 6, 2011 ow you get it? This is just not the way to do things. Of course the analogy isn't perfect, but it is in as far as spam Cop's crusade is causing my business to suffer, because of something I do not see as a problem worth fixing. No. The liquor distributor is in a legitimate business and pursuing it legitimately. Spammers by and large are not. The liquor distributor presumably has paid the post office properly for its services. Spammers by and large steal their services. The post office has a mechanism (the office of the Postal Inspector) allowing the public to report abusive practices, and will investigate and enforce the clear policies (and laws) they have against such abuse. Many internet providers do not appear to have such policies, and some do not even publish effective means for public reporting of abuse. People who file false change-of-address cards for strangers are probably comitting a crime. For SpamCop simply to publish a list of IP addreses from which spam has originated is nowhere near a crime or even a tortious offense, as the courts have repeatedly shown. -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.