Seems like more spam now Options

[Bob]

Steven:

I didn't mean to ascribe any super-natural connections to you moderators. You may be only one of us, but your tenure and exposure to various issues over time, valid and invalid, lend credibility to your opinions. As I said to Jeff, if you believe the issue and suggestion have merit, your support would be helpful.

Bob

[StevenUnderwood]

As I said to Jeff, if you believe the issue and suggestion have merit, your support would be helpful.

Jeff has made MANY reccomendations on new features, some on his own, some agreeing with an existing request. I have as well, but not as many, and very few of mine actually make it to the top of the to do list. I don't know how Jeff's numbers compare.

I really feel there should be additional staff added to the codebase "team" to handle some of these things but realize that is not likely to happen.

[Jeff G.]

Fewer of my suggestions have come to fruition (on a percentage basis). I'd like to think that the "Personal IP Whitelist" idea I suggested in my "New Whitelists" posts starting with http://news.spamcop.net/pipermail/spamcop-...ber/011976.html and continuing with http://forum.spamcop.net/forums/index.php?showtopic=143 and http://forum.spamcop.net/forums/index.php?showtopic=3260 grew into Mailhosts.

[Jeff G.]

Due to freak timing accidents, the following was multiply posted and multiply deleted:
Jeff & Steven:

I appreciate the effort you guys and others put in on the Forums. I agree with Steven that more horsepower on the codebase crew would help bring more worthwhile ideas to fruition, but I suppose all we can do on that front is to continue to ask. Still, I don't feel that voicing your support for worthwhile suggestions should be overlooked. Your perspectives are valuable and your opinions are noted -- by us and by "them". There is strength in numbers and the credibility of your involvement can make a difference.

Bob

[Bob]

Jeff & Steven:

I'm not sure what happened above, but this is what was intended:

I appreciate the effort you guys and others put in on the Forums. I agree with Steven that more horsepower on the codebase crew would help bring more worthwhile ideas to fruition, but I suppose all we can do on that front is to continue to ask. Still, I don't feel that voicing your support for worthwhile suggestions should be overlooked. Your perspectives are valuable and your opinions are noted -- by us and by "them". There is strength in numbers and the credibility of your involvement can make a difference.

Bob

[Farelf]

SpamCop could help all of us by munging the display names, thereby making the reporting process more efficient and removing the transparency of the display name to the spammer.  Can we get a little help from the "powers that be"?

I'm with you there Bob, but as mole I shouldn't really have a beef. "Don't call me Shirley," just an irritation factor for me. I think it all (arbitrary display names) started as a way for spammers to differentiate their spew from viruses which used to be fairly easily identifiable by the lack of anything in front of the address. I've seen code in broken spam like "%RND(female_name)" (little devils practicing their "human engineering" on the back of research indicating men expect, against all evidence, to be less harmed by women than by other men). But, as you say, it can be used for tracking. The trouble is, there are so many other ways. The first thorough canvassing of that I can recall was here back last year. There seems to be the effective (non) response of "if it can't all be fixed, why fix any of it?" Which is a "convenient" rationalization, to put it kindly. So - please go to it SpamCop, this is a relatively easy one, one more tick on the checklist, improve the munging (or "mungling" as that Dutch guy used to say) by "x"ing the handle/display name.

This post has been edited by Farelf: May 31 2005, 09:17 PM

[PGTips91]

Hi All,

I have been reporting as 'mole' for a few months now. Having read the posts above I realised for the first time that 'no reports have been sent'. This is a clarification for me and I second the suggestion that the nature of mole reporting be clarified up front, especially for newbies like me.

A suggestion as to features desired, why not have a list of suggestions posted that people can vote for and rank them in order of votes? This would empower the 'serfs' and ensure that the 'lords' are focused on what is actually wanted by users of the service. Differing levels of voting power can be allocated relative to the influence of the position/status held. [BTW I borrowed this from the Linspire CNR Warehouse, where it has recently been implemented.]

Recently I have been looking closer into the parsing of SPAM and the reasons for certain Spamvertised sites not being reported. What I am seeing is that some Spammers are getting quite clever at using throw-away URLs that simply point to a web site that does not move [as much]. They can use expendable open relays to send from and now they are adding expendable reply-to addresses. This means that they can keep their main site less vulnerable to reporting and shutting down.

[Example:

CODE

Parsing input: [url=http://rmohiq.pridebook.info/?marbuexwntvyudsffdzpoggebec]http://rmohiq.pridebook.info/?marbuexwntvyudsffdzpoggebec[/url]
Host rmohiq.pridebook.info (checking ip) IP not found; rmohiq.pridebook.info discarded as fake.

]
This actually takes my browser to MyCanadianPharmacy which I have seen from many similar URLs to the above.

One question I have is, if mole reporting does not send any reports, are they being made use of for any other purpose than adding to black-lists?

Another question I have is, if the parser is having difficulty finding the ultimate 'target' that the Spammers want people to go to [I have read some discussion on this and it seemed to be related to time-outs and the SpamCop server being overloaded], would it not be possible for the user's computer to supply the information? After all I have never yet failed to get to the 'desired' URL when putting it into the address field in my browser. It is not a question of obfusticating the URL, rather it is the use of forwarding URLs with built in time delays that only stop the parsing machine but never a browser.

Looking deeper into the habits of Spammers, I think that I see a pattern of them grouping together with 'suppliers' who are willing to provide the necessary services, such as DNS, Domain names, etc, that keeps them in business after they have been 'shut down'. After a few days delay they are back in business with a newly registered domain name and DNS server.

Another suggestion would be that SpamCop go after these providers or their up-stream providers as this would increase the difficulties for the actual Spammers exponentially.

I hope this can be clarified by more experienced people. I am rather out of my depth here but hope my ideas can help.

Paul

This post has been edited by PGTips91: Oct 28 2005, 03:38 PM

[dbiel]

A user can always send individual private reports, but at this time, I do not believe that SpamCop has any interest in going after the forwarded links.
SpamCop does what it does for its on reasons and until such time as management feels inclined to make changes to its current methods, we users will simply have to learn to live with its limiltations.

[StevenUnderwood]

One question I have is, if mole reporting does not send any reports, are they being made use of for any other purpose than adding to black-lists?

From the Link in the FAQ: What is Mole Reporting?

SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" (all too often, the spammer, or a spam-friendly host).

and

SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals.

Another question I have is, if the parser is having difficulty finding the ultimate 'target' that the Spammers want people to go to [I have read some discussion on this and it seemed to be related to time-outs and the SpamCop server being overloaded], would it not be possible for the user's computer to supply the information? After all I have never yet failed to get to the 'desired' URL when putting it into the address field in my browser. It is not a question of obfusticating the URL, rather it is the use of forwarding URLs with built in time delays that only stop the parsing machine but never a browser.

Security concerns would be one problem (you would need to allow spamcop to make a dns lookup from your machine) as well as timing issues (for your information, a web browser will wait a relatively long time retrying an address before throwing up an error).

It would be an interesting thought to use the distributed computing model for it, however. This would reduce the computer overhead and allow longer timeouts for things, though the immediacy might be affected. Imagine having your own "spamcop reporter" on your machine which checks it's version against the master for updates, and parses your messages and sends them out. One trouble would be getting any replies to your reports anonymously.

[Jeff G.]

I second the suggestion that the nature of mole reporting be clarified up front, especially for newbies like me.

SpamCop.net - Sign up for SpamCop reporting states "Register as a "mole"? [_] What's this?", which links to What is "mole" reporting?, which states the following:

As spam defenses and spammers become more sophisticated, many smart spammers have developed very sophisticated defenses against being detected. One of the spammer's strategies is to quickly and effectively remove anyone from their mailing lists who files a spam complaint (until they want to get revenge, and then the use these "remove lists" differently). This is generally (although not always) good for the person filing the complaint, but it is bad for spam defense in general, since these activists are the only ones identifying the problem. By removing the "trouble makers", spammers too often slip "under the radar" and appear to be legitimate senders, even though the majority (or entirety) of the victims don't want the mail (they are just the ones who don't bother to make waves).

In the past, SpamCop has attempted to clean outgoing complaints of any identifying information (codes which spammers use to figure out who is reporting them). However, it has become plain that the only way to really sanitize the reports is to not send them at all. So that is exactly what we're going to do. SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" (all too often, the spammer, or a spam-friendly host).

Some users may wish to file reports, and get themselves removed from any spammer's list who is sophisticated enough to remove them (and take the risk of retaliation). Others may wish to take advantage of this new SpamCop feature and become a "mole." SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly consciencious ISPs will still find some value in these aggregate numbers, while the less ethical won't be able to "work the system."

It is recommended that users pick one mode or the other and use that exclusively. Otherwise, you are likely to get the worst of both worlds. For existing users who wish to become a "mole", either consult your preferences (for paying users) or re-register (for free users).

What is confusing about that? Thanks!

[PGTips91]

From the Link in the FAQ: What is Mole Reporting?andSecurity concerns would be one problem (you would need to allow spamcop to make a dns lookup from your machine) as well as timing issues (for your information, a web browser will wait a relatively long time retrying an address before throwing up an error). 

It would be an interesting thought to use the distributed computing model for it, however.  This would reduce the computer overhead and allow longer timeouts for things, though the immediacy might be affected.  Imagine having your own "spamcop reporter" on your machine which checks it's version against the master for updates, and parses your messages and sends them out. One trouble would be getting any replies to your reports anonymously.

Yes, my thought is that experienced users could have some code to run on their computer that would interface with SpamCop and report back the data that is being missed by their parser due to load and timing issues. This would help more than just refreshing the query multiple times as well as taking some load off the server.

I am not sufficiently up with distributed computing to know how practical this might be but it may be worth looking into if someone does have the expertise.

Paul

[Wazoo]

I have been reporting as 'mole' for a few months now. Having read the posts above I realised for the first time that 'no reports have been sent'. This is a clarification for me and I second the suggestion that the nature of mole reporting be clarified up front, especially for newbies like me.

And to pile on all the Mole stuff posted thus far, please see an item in the Announcments section ... Mole Reporting is Back .. as seen thus far, it's not the data has been forcefully hidden away ....

A suggestion as to features desired, why not have a list of suggestions posted that people can vote for and rank them in order of votes?

Take a look at Screen sizes / resolutions .. over 600 views, 24 votes, yet this is something for this very application ...

Recently I have been looking closer into the parsing of SPAM and the reasons for certain Spamvertised sites not being reported. What I am seeing is that some Spammers are getting quite clever at using throw-away URLs that simply point to a web site that does not move [as much]. They can use  expendable open relays to send from and now they are adding expendable reply-to addresses. This means that they can keep their main site less vulnerable to reporting and shutting down.

Not sure why you call this "new" ... perhaps "you" recently discovered/noticed this, but ...

This actually takes my browser to MyCanadianPharmacy which I have seen from many similar URLs to the above.

Take a look at a walk-through I built up for someone else at http://forum.spamcop.net/forums/index.php?showtopic=5200

Another question I have is, if the parser is having difficulty finding the ultimate 'target' that the Spammers want people to go to [I have read some discussion on this and it seemed to be related to time-outs and the SpamCop server being overloaded],

Have you also read through SpamCop reporting of spamvertized sites - some philosophy ?

would it not be possible for the user's computer to supply the information? After all I have never yet failed to get to the 'desired' URL when putting it into the address field in my browser. It is not a question of obfusticating the URL, rather it is the use of forwarding URLs with built in time delays that only stop the parsing machine but never a browser.

You are mixing symptoms, facts, and results in a bad way. The parser does not follow "forwards" (see the analysis of a browser interaction with one of these referenced above ... the "does not resolve" is not based on a meta-tag delay/refresh/forward codebit ... "your" browser does not have to handle the queries caused by 100's of spam submittals a minute and do all the additional parsing, tracking, recording, sorting, display, e-mail creation, etc., etc., ec., that the Parsing & Reporting system is being tasked to do .. so there are time limits placed on certain functions ...

Looking deeper into the habits of Spammers, I think that I see a pattern of them grouping together with 'suppliers' who are willing to provide the necessary services, such as DNS, Domain names, etc, that keeps them in business after they have been 'shut down'. After a few days delay they are back in business with a newly registered domain name and DNS server.

Again, you may find this "new" ... but ....

Another suggestion would be that SpamCop go after these providers or their up-stream providers as this would increase the difficulties for the actual Spammers exponentially.

There was once an experimental phase of expanding the SpamCopDNSBL listing beyond "just the IP spewing the spam" .. rather like a SPEWS escalation ... the collateral damage from this type of expanded SpamCopDNSBL listing brought that to a halt, not fitting into the actual intent of a SpamCopDNSBL listing ... You want expanded IP blocks, upstreams, etc. .. there are other BLs that do this.

[PGTips91]

You are mixing symptoms, facts, and results in a bad way.  The parser does not follow "forwards" (see the analysis of a browser interaction with one of these referenced above ... the "does not resolve" is not based on a meta-tag delay/refresh/forward codebit ... "your" browser does not have to handle the queries caused by 100's of spam submittals a minute and do all th additional parsing, tracking, recording, sorting, display, e-mail creation, etc., etc., etc., that the Parsing & Reporting system is being tasked to do .. so there time limits placed on certain functions ...

Again, you may find this "new" ... but ....

There was once an experimental phase of expanding the SpamCopDNSBL listing beyond "just the IP spewing the spam" .. rather like a SPEWS escalation ... the collateral damage from this type of expanded SpamCopDNSBL listing brought that to a halt, not fitting into the actual intent of a SpamCopDNSBL listing ... You want expanded IP blocks, upstreams, etc. .. there are other BLs that do this.

Well, I have just processed two new Spam emails, both of which link to a new web site.

Submitted: Wed Nov 9 07:44:12 2005 +1300:
General health

* 1550725889 ( 200.121.122.208 ) To: mole[at]devnull.spamcop.net

Submitted: Wed Nov 9 07:44:05 2005 +1300:
Women's health

* 1550722803 ( 24.226.233.3 ) To: mole[at]devnull.spamcop.net


On poking around on the 'new' web site I find that it is a reincarnation of MyCanadianPharmacy, complete with a bogus Verisign certificate: --

MyCanadianPharmacy is a Soltrus Secure Site

Security remains the primary concern of online consumers. The VeriSign Secure Site Program, brought to you by Soltrus, allows you to learn more about Web sites you visit before you submit any confidential information. Please verify that the information below is consistent with the site you are visiting.

Name:    Intenational Legal RX Medications
Status:    Valid
Validity Period:    13-SEP-05 - 13-SEP-06
Server ID Information:    Country = US
State = UT
Locality = Layton
Organization = Technical Consultants and Experts Group Inc
Organizational Unit = TCE Group
Organizational Unit = Terms of use at Verisign © 04
Organizational Unit = Authenticated by Verisign
Organizational Unit = Member, VeriSign Trust Network
Common Name = Intenational Legal RX Medications


If the information is correct, you may submit sensitive data (e.g., credit card numbers) to this site with the assurance that:

    * This site has a VeriSign Secure Server ID, authenticated by Soltrus.
    * Soltrus has verified the organizational name and that TECHNICAL CONSULTANTS AND EXPERTS GROUP INC has the proof of right to use it.
    * This site legitimately runs under the auspices of TECHNICAL CONSULTANTS AND EXPERTS GROUP INC.
    * All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.

To ensure that this is a legitimate Soltrus Secure Site, make sure that:

  1. The original URL of the site you are visiting comes from MyCanadianPharmacy
  2. The status of the Server ID is Valid.

I tried putting just the URL of the Spamvertised site into the parser, several times, but with the same result each time -

CODE

SpamCop failed to identify this site: —
Resolving link obfuscation
  http://iocdqm.polartop.net/legalrx/?rkpbwvxwntvyrqucruzpodihhoo
  Host iocdqm.polartop.net (checking ip) IP not found; iocdqm.polartop.net discarded as fake.
Tracking link: http://iocdqm.polartop.net/legalrx/?rkpbwvxwntvyrqucruzpodihhoo
No recent reports, no history available
Cannot resolve http://iocdqm.polartop.net/legalrx/?rkpbwvxwntvyrqucruzpodihhoo

I accept that SpamCop regards this as secondary to blocking the source of the Spam, but that seems to be a rather feeble way of combating Spam. There is an unlimited supply of compromised computers that can be used to send out Spam and shutting them down will be an unending task.

Paul

[Jeff G.]

The DNS for iocdqm.polartop.net currently scores an F (failing grade) per http://www.dnsstuff.com/tools/dnstime.ch?n...rtop.net&type=A - no wonder SpamCop's Parser has trouble with it.

[Wazoo]

I accept that SpamCop regards this as secondary to blocking the source of the Spam, but that seems to be a rather feeble way of combating Spam. There is an unlimited supply of compromised computers that can be used to send out Spam and shutting them down will be an unending task.

I'm not quote sure I'm following why this is in a Topic titled "Seems like more spam now" ... Hoever, please provide a Tracking URL un the future ... Report ID numbers are only usable by yourself and the Deputies ....

As Jeff G. already stated, the DNS for this site sucks ... and this stuff was just hashed over a few posts back in this very Topic ... However, the following data is provided if you want to get involved in "sgutting the spamvertised web-site down" ...

whois -h whois.PublicDomainRegistry.com polartop.net ...
Registration Service Provided By: TRI RUBLYA J.S.C.
Contact: +7.8123760140

Domain Name: POLARTOP.NET

Registrant:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Creation Date: 01-Nov-2005
Expiration Date: 01-Nov-2006

Domain servers in listed order:
ns1.healzymen.info
ns2.yourbestmedz.info
ns2.healzymen.info
ns1.yourbestmedz.info

Administrative Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Technical Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Billing Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Status:ACTIVE

You should note the shiny "creation" date ..

11/08/05 13:53:32 Slow traceroute polartop.net
Trace polartop.net (211.172.244.173) ...
61.33.1.162 RTT: 199ms TTL:224 (No rDNS)
211.233.88.156 RTT: 212ms TTL:224 (No rDNS)
211.233.95.2 RTT: 220ms TTL:224 (No rDNS)
211.234.120.138 RTT: 210ms TTL:224 (No rDNS)
211.172.244.173 RTT: 210ms TTL: 49 (polartop.net ok)

11/08/05 14:05:05 whois 211.172.244.173[at]whois.nic.or.kr
Please contact following ISP for further information

[ ISP Organization Information ]
Org Name : Korea Internet Data Center Inc.KIDC, 261-1, Nonhyun-dong, Kangnam-gu
Service Name : KIDC
Org Address : KIDC, 261-1, Nonhyun-dong, Kangnam-gu

[ ISP IP Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2086-2924
E-Mail : support[at]kidc.net

[ ISP IP Tech Contact Information ]
Name : IP manager
Phone : +82-2-2086-2924
E-mail : ip[at]kidc.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2086-2918
E-mail : security[at]kidc.net

As far as the "forwarding" aspects, apparently there's some .htaccess or possibly some .PHP coding going on with this site (and various sub-domains) as though I can GET the web-page connection data, there is no actual 'content' being returned in my testing ...

Not my spam, only playing with snippets of some data as provided ... yet also noting that even if the sites were resolved by the parser in your case .. so what? Mole reports don't go anywhere directly anyway ...????

[dbiel]

I accept that SpamCop regards this as secondary to blocking the source of the Spam, but that seems to be a rather feeble way of combating Spam. There is an unlimited supply of compromised computers that can be used to send out Spam and shutting them down will be an unending task.

Unending task? Yes; but it is the task that SpamCop has chosen to take on.
SpamCop is not the cureall for spam, it is but one small part of the battle.
SpamCop provides a specific and limited service and encourages the use of other blocking/tagging lists, filtering methods, and other practices that all work together to help fight the spam war.
SpamCop's email service makes use of several outside BL's as well as an very flexible filtering system plus the use of white and black lists.
The parser is a very good tool, but it is far from perfect. The cost in programming time and hardware to try to make it a perfect tool by far outweights the benefits of doing so.

[PGTips91]

Unending task? Yes; but it is the task that SpamCop has chosen to take on.
SpamCop is not the cureall for spam, it is but one small part of the battle.
SpamCop provides a specific and limited service and encourages the use of other blocking/tagging lists, filtering methods, and other practices that all work together to help fight the spam war.
SpamCop's email service makes use of several outside BL's as well as an very flexible filtering system plus the use of white and black lists.
The parser is a very good tool, but it is far from perfect.  The cost in programming time and hardware to try to make it a perfect tool by far outweights the benefits of doing so.

I have just reported another Spam and Spamvetised site that the parser could not identify. Tracking URL:
http://www.spamcop.net/sc?id=z827425775ze1...cd7ca748ae42cez

However a DNS search did succeed

CODE

DNS Lookup: htqrbk.houseportal.biz A record
Generated by www.DNSstuff.com

How I am searching:
Searching for htqrbk.houseportal.biz A record at f.root-servers.net [192.5.5.241]: Got referral to A.GTLD.biz. [took 61 ms]
Searching for htqrbk.houseportal.biz A record at A.GTLD.biz. [209.173.53.162]: Got referral to NS1.GREATHEALZNOW.INFO. [took 23 ms]
Searching for htqrbk.houseportal.biz A record at NS1.GREATHEALZNOW.INFO. [220.80.107.193]: Reports htqrbk.houseportal.biz. [took 560 ms]

Answer:

Domain    Type    Class    TTL    Answer
htqrbk.houseportal.biz.    A    IN    600    222.122.52.103
houseportal.biz.    NS    IN    600    ns2.houseportal.biz.
houseportal.biz.    NS    IN    600    ns1.houseportal.biz.
ns1.houseportal.biz.    A    IN    600    222.122.52.103
ns2.houseportal.biz.    A    IN    600    222.122.52.103

I now understand the position that SpamCop takes on these Spamvertised sites but it would be good to see the information being at least reported and handed on to others who can take action at that level.

By the way, I have seen a couple of interesting sites that move the play forward.

http://www.internetperils.com/index.php

InternetPerils, Inc. provides quantification and visualization products to help insurers, financial institutions, banks, telecommunications providers, government, and enterprises manage their Internet business risks.

and
http://bestprac.org/

Stop Spam : Best Practice in Email Spam Prevention and Eradication.

BestPrac.Org is a globally focused anti spam organization, founded in January 2001. The purpose of BestPrac.Org is to stop spam worldwide. In recent years, there has been a proliferation of client-side spam blockers and anti spam filters. However, there are even greater technically feasible ways to stop spam than just spam filtering. Most spam filters don't stop spam from being sent, nor in most cases from even being received. Spam is merely filtered out of view after the damage of stolen bandwidth and unauthorised use of network and private computer resources has already been done. Such client side spam blockers and anti spam filters have become counter-productive in the fight to stop spam.

BestPrac.Org has believed since its inception that the anti spam fight must be addressed at source - particularly at the email server level. All internet users will benefit from greater spam protection as all parties including ISPs, corporations, hosting services and the everyday user adopt BestPrac.Org's Best Practices in email server and network security technology and industry ethics that will identify and block spam at the email server source, or at the earliest possible point along network routes.

BestPrac.Org's Principles of Best Practice are essential guides for all people who are involved in any way in either sending or receiving email, whether for private purposes or responsible opt in bulk email, or for those involved in ethical email marketing for business or enterprise.

I would be interested in others' thoughts about the above, particularly, as it echoes my own thoughts almost 100%

also
http://www.antiphishing.org/
for help in reporting Phishing sites.

Paul

[StevenUnderwood]

I have just reported another Spam and Spamvetised site that the parser could not identify. Tracking URL:
http://www.spamcop.net/sc?id=z827425775ze1...cd7ca748ae42cez

And again, I find it interesting that you appear to be set for mole reporting meaning effectively no reports will be sent anyway.

[agsteele]

I now understand the position that SpamCop takes on these Spamvertised sites but it would be good to see the information being at least reported and handed on to others who can take action at that level.

I guess there are a lot of things we might want the SpamCop reporting system to handle but the developers focussed on doing the primary task of identifying the sending source of UCE and it does this exceedingly well.

I'm glad they've kept the focus and not been diverted into extra functions which are secondary to the primary objective.

Andrew

[dbiel]

And to build on Steven's reply, your posts and your actions are in total disagreement. The tracking URL listed indicates the following

Reports regarding this spam have already been sent:
Re: 201.124.182.2 (Silent report about source of mail)
  Reportid: 1557114663 To: mole[at]devnull.spamcop.net

If reported today, reports would be sent to:
Re: 201.124.182.2 (Administrator of network where email originates)

I now understand the position that SpamCop takes on these Spamvertised sites but it would be good to see the information being at least reported and handed on to others who can take action at that level.

It is hard to follow the train of thought here. Being a mole means that no report would be sent, even if the site was found.
Note: that even though you see "Report sent to:" notice the destination @devnull.spamcop.net or said in other words "sent to the trash can - report can not be delivered"
There are several reasons why reports will be sent to the trash "@devnull.spamcop.net" instead of being delivered; some of which are:
1) you are reporting as a mole - no reports are ever sent
2) the receipient has been bouncing reports, or has requested that SpamCop stop sending reports.
3) the address appears to be invalid and has been redirected to the trash.

Note: this post has been edit in respose to comments by Farelf, a proactive mole reported who stated:

I think it is a mistake to imagine we (mole reporters) don't send our own (manual) reports from time to time concerning both originating IPs and spamvertized URLs

note: text in red added to maintain original context. Faralf, thank you for your input.