Should I just forget reporting spam? Spamcop bouncing submissions

[Irish Steve]

I've been reporting spam and the like for a while, but in recent weeks, I'm getting increasing numbers of items that are being bounced by the Spamcop service, so they don't get reported. Some are being bounced because the system thinks there's a virus in them, some are just bounced,probably because they've got malware in them after the main message body, but I can't be sure, the bounce message is not exactly helpful.

The latest this morning had been cleaned before sending, (there was a virus in the Zip attachment) but the header had a ***VIRUS*** warning in it, the attachment had been removed.

So, should I just forget it, and just do what the majority of users do, and just delete the junk, and forget about Spamcop, or has something changed, and I've missed the specifics, so the reports I'm sending in are now not acceptable

I have my own domain, hosted on a shared service, with a number of active mail accounts, and a "bucket" facility that catches anything that's sent to the domain. I'm using Thunderbird, and normally, just forward the mails to the reporting address that I've got.

spam reporting is an overhead, which I don't mind doing if it's making a difference, but if I'm just wasting my time, (and a bounce by Spamcop IS a waste of my time), I for sure do have better things to do with my time and energy.

It's possible that I don't have the correct set up for the account, but the tutorials I've found are as clear as mud on the way to set up that information.

So, I come back to the basic question, should I just forget trying to stop spam, and just let my antivirus deal with the dangerous stuff, and just delete the rest of it, or is there an easy way to get Spamcop to work the way I think it's supposed to?

Thanks

Steve

[petzl]

I've been reporting spam and the like for a while, but in recent weeks, I'm getting increasing numbers of items that are being bounced by the Spamcop service, so they don't get reported. Some are being bounced because the system thinks there's a virus in them, some are just bounced,probably because they've got malware in them after the main message body, but I can't be sure, the bounce message is not exactly helpful.

The latest this morning had been cleaned before sending, (there was a virus in the Zip attachment) but the header had a ***VIRUS*** warning in it, the attachment had been removed.

So, should I just forget it, and just do what the majority of users do, and just delete the junk, and forget about Spamcop, or has something changed, and I've missed the specifics, so the reports I'm sending in are now not acceptable

I have my own domain, hosted on a shared service, with a number of active mail accounts, and a "bucket" facility that catches anything that's sent to the domain. I'm using Thunderbird, and normally, just forward the mails to the reporting address that I've got.

spam reporting is an overhead, which I don't mind doing if it's making a difference, but if I'm just wasting my time, (and a bounce by Spamcop IS a waste of my time), I for sure do have better things to do with my time and energy.

It's possible that I don't have the correct set up for the account, but the tutorials I've found are as clear as mud on the way to set up that information.

So, I come back to the basic question, should I just forget trying to stop spam, and just let my antivirus deal with the dangerous stuff, and just delete the rest of it, or is there an easy way to get Spamcop to work the way I think it's supposed to?

Thanks

Steve

need a reference to bounce (IP address) copy of bounce notice

[turetzsr]

Hi, Steve,

...In addition to Petzl request, it might be helpful for us to know a bit more about your situation. Do you use "SpamCop e-mail?" Is the bounce coming from SpamCop or is it coming from somewhere else, such as your e-mail provider (the answer to Petzl's question may help answer that question)? If SpamCop is bouncing your submissions, that would be seriously self-defeating, since then no one would be able to submit spam via e-mail! Also possibly useful to us, although less so, would be for you to submit via the Online form (http://www.spamcop.net) one of the spam which bounced and posting here the Tracking URL.

[Sven Golly]

It's probably NOT SpamCop bouncing but rather your own ISP. My mailhost recently made a change to their SMTP service where they run everything through a third party spam/virus service (SpamExperts). I have seen them reject even simple phishing reports sent as attachments to SpamCop.

It makes reporting to SpamCop a real challenge -- but I also see why the ISP wants to do it -- they don't want to be on the wrong side of a RBL.

Not sure what the solution is.

--SG

[Irish Steve]

OK, a quick update,

I don't use the spamcop mail service as such, I collect mail direct from my ISP using POP3 into Thunderbird, and I then forward the spam using the specific mail address that I was sent by Spamcop to report spam etc.

Some of the spam also has a virus payload, usually in a zip file, which gets stripped out before I submit, but I'm getting bounce messages from the Spamcop ISP (it's not mine, as far as I can see), which is extremely frustrating, as the virus has been removed at that stage, but of course, because my Anti Virus has flagged it, the subject contains ***VIRUS*** as part of the header. So, it's spam with a virus, but I can't report it, which is pretty self defeating

Some of the bounces are as a result of (I think) an attempted attack by buffer over run, I don't have the exact message handy at the moment, I've been deleting them through sheer frustration) so I'm assuming that these are trying to execute code beyond the end of message.

I am collecting multiple addresses from my own domain, and I also have other addresses, but they are pretty much spam free, partly because they are my emergency accounts, and not in general use, whereas things like info[at] forum[at] and the like are used for general interaction with the web.

It's very possible that I don't have the information for decoding set up correctly, that whole area is as clear as mud to me, but until very recently, it's not been an issue, I've been reporting spam to the system for a good while with no problems, and the reports come back to me, and I then send them off.

The last month or so, I've been getting increasing numbers of rejections, and they're not from my ISP.

So, all I can do is try and find out if it's worth continuing to report spam, or if it's reached the stage where fighting spam is a lost cause, and I might as well just get used to throwing a certain percentage of mail away without reading it.

The next bounce I get, I will keep, and see if anyone can make sense of the information in it.

Best regards

Steve

[SpamCopAdmin]

SpamCop doesn't bounce email that is sent to a "submit" address. Never, ever. It might send an error email telling you the submission didn't work, but never a bounce.

If you will send me a copy of one of the bounces you're getting, maybe I can explain.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[SpamCopAdmin]

Using Thunderbird's "Forward as Attachment" function is the best way to send the spam to your "submit" address.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[lisati]

I'm wondering if there's been a change in your server or hosting provider's setup that would require you to re-do your mailhosts setup.

[Lking]

Using Thunderbird's "Forward as Attachment" function is the best way to send the spam to your "submit" address.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

When you get this problem resolved, you might try the HabuL add-on for Thunderbird. It help automate the reporting process, and then deletes the reported email(s). I find it handy for reporting large numbers of spam to several activities.

[Irish Steve]

SpamCop doesn't bounce email that is sent to a "submit" address. Never, ever. It might send an error email telling you the submission didn't work, but never a bounce.

If you will send me a copy of one of the bounces you're getting, maybe I can explain.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Don,

Tried that. and the mail to your address was bounced, the message I got back, mildly sanitised. follows

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

address hidden but correct according to above

SMTP error from remote mail server after end of data:

host productio-tcloadba-tkyjfaz4ap1l-328615543.us-west-2.elb.amazonaws.com [54.245.235.51]:

550 5.7.1 [CS] Message blocked. To fix this, visit http://fp.outboundfiltering.com/?str=0001....4,cld=1,fgs=264

[lisati]

Don,

Tried that. and the mail to your address was bounced, the message I got back, mildly sanitised. follows

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

address hidden but correct according to above

SMTP error from remote mail server after end of data:

host productio-tcloadba-tkyjfaz4ap1l-328615543.us-west-2.elb.amazonaws.com [54.245.235.51]:

550 5.7.1 [CS] Message blocked. To fix this, visit http://fp.outboundfiltering.com/?str=0001....4,cld=1,fgs=264

That reads to me as if some kind of filter, possibly outsourced, is operating on one of your provider's outgoing servers kicked in before the message got anywhere near Spamcop.

[Irish Steve]

That reads to me as if some kind of filter, possibly outsourced, is operating on one of your provider's outgoing servers kicked in before the message got anywhere near Spamcop.

that could be interesting, being as the mail that was being sent to Spamcop was not detected as spam, and did not have any virus payload, so was not as such an "offending" mail, other than the fact that it was spam.

I can check with the ISP, I'd be surprised if they are using an external service for mail, given the size of the organisation, they are not small, so I'd expect any monitoring to be in house.

Thanks

Steve

[turetzsr]

that could be interesting

<snip>

...But not at all surprising -- this used to be a frequent condition for us Yahoo!Mail users!

[lisati]

...But not at all surprising -- this used to be a frequent condition for us Yahoo!Mail users!

I know exactly what you mean. I have several Yahoo email addresses, and my ISP uses Yahoo as their provider. Sometimes when I've looked at headers of email sent and received via Yahoo, there has been evidence in the Received headers of what could be multiple servers at Yahoo's end being involved.

[Irish Steve]

That reads to me as if some kind of filter, possibly outsourced, is operating on one of your provider's outgoing servers kicked in before the message got anywhere near Spamcop.

An update that is going to be interesting to see where this goes, both from the spam reporting aspect, and from the ISP aspect. In some respects, I should perhaps retitle this thread as "the Spammers have won", as that's for sure what it looks like to me right now, my ISP has decided that they are going to pretend that spam is not an issue for their users any more, and doesn't need to be reported.

I've been exchanging messages with the support people at my ISP, and it's been an "interesting" discussion, which has been effectively terminated by the latest message, which I know has come from one of the more senior support managers,

Hello Steve

We don't allow spam to be sent from our networks and it is stopped by our outgoing mail filters. There is no workaround for this, as sending spam (even to report to spamcop, etc) is not permitted on our network.

It is now standard practice on most large hosting providers to scan outgoing mail, and we will not over-ride on our shared network platform this as it causes significant problems with blacklisting, etc. The system we use is highly efficient, and will not block any normal emails from being sent to non RBL listed email addresses.

I am unable to provide any more specifics on the system we have implemented bar to say that it is an industry standard used by major hosting providers worldwide.

I'm not best pleased, in that they seem to be taking the attitude that they are "in control", and that a user reporting spam is not an acceptable option any more. I'm not happy with that attitude, in that if their filters are not working as they should, and spam (or worse) is getting through, there's now no way to get it reported and dealt with.

I suspect that some of this is down to the use of shared servers, and they are having problems with complaints about blacklisting, so if they pretend that there's no spam, and block it from being sent, then the problem has gone away. Nice theory, but I suspect that once the spam community discovers an ISP that blocks spam reports, it won't be long before they are concentrating their efforts on that ISP, on the basis that their potential return is higher.

Looks like I might end up having to move my hosting to a more enlightened provider, but that's not something I want to do unless I have to.

Ah well, maybe I won't be reporting spam for a while, or I will have to start using an alternative way to report it, unless I can use another provider that's not quite so anal about users reporting shortcomings. Problem I suspect will be finding a provider that is still prepared to allow users to report what's really happening. I don't want to have to get into using the web interface to report spam, that's going to be tedious in comparison to just forwarding the offending item to a designated address, which was easy.

At least there is an answer to why the spam reporting is not working any more.

Thanks for the help, I suspect that this is a battle that I'm not going to win any time soon.

Best regards to all

Steve

[Farelf]

Steve - sounds like what has been happening for years with my provider - except mine steadfastly denied it for years and lower-level support staff even blocked access to higher-level support (a 'plausible deniability' thing I suppose), contrary to their own escalation policy - but that's beside the point.

Ironically (as it were) mine uses IronPort for filtering (yes, same 'stable' as SC, that is Cisco, and it IS 'the industry standard', self-professed but I believe correctly so). There is always some hysteresis between incoming and outgoing spam (lets more in than blocks out) which would have to be the characteristic of a(n) heuristic context filter, no points for 'deduction' there and has been agonised over many time in these pages.

To be fair - control of outgoing messaging IS the solution to spam control - but only if (practically) everyone does it. Some parts of the world regard spam as normal business practice, other parts see it as a weapon to fight the capitalist economies. Those are never going to come to the party. And of course the prime spammer response to any reduced rate of delivery is to ramp up volume to compensate - and they can produce unbelievable volumes these days.

Having said that, my own spam receipts have effectively stopped during the course of the years - despite my provider supposedly (no reason to doubt it, really) allowing the rare facility to turn off inwards filtering at the account level (but never outwards). But I weep for the planet - the overwhelming majority of messaging is spam and never sees the light of day, just consumes phenomenal resource before being dropped somewhere along the delivery chain. Obviously relative efficiency favours elimination as close as possible to the source but the unreasoning blindness to the bigger picture and unwillingness/inability to accommodate other solutions to address reality is infuriating.

Doesn't help you, but your provider is, at least, truthful (a rarity in the commercial world) though possibly naive if thinking details of their supposed initiative can be any sort of 'state secret'.

Steve (too)