Seems like more spam now Options

[PGTips91]

And again, I find it interesting that you appear to be set for mole reporting meaning effectively no reports will be sent anyway.

Hi Steven,

Well, I started sending Spam to SpamCop at the end of July this year. When deciding how best to do this, while not exposing myself any more than necessary, I chose to take the 'mole' status. However at the time I had no way of knowing all the ins and outs of this, or of SpamCop's focus on blacklisting sending sites. In fact I am still learning.

I would have imagined that SpamCop would take the mole reports, aggregate them and then take whatever action deemed appropriate with this information. The risk of back-lash from Spam Gangs, rogue ISPs etc would be better known by them than the uninitiated user and their resources to deal with then also greater. I would be surprised to learn that my efforts have been entirely in vain with respect to Spamvertised sites. But if this is the case, and can be verified, then I will divert my efforts at reporting such elsewhere where the information will be acted on in some useful way.

Where is this policy on the part of SpamCop enunciated?

Paul

[StevenUnderwood]

Where is this policy on the part of SpamCop enunciated?

THe last publicly available information is in the SpamCop FAQ:What is "mole" reporting?...

SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" (all too often, the spammer, or a spam-friendly host)

...

Your reporting is not "in vain" but since spamcop's database is populated ONLY with the source of the spam, my reading of mole reporting means nothing is done with the spamvertized sites found, making complaining about not finding the spamvertized site information pointless for you. However, it is a problem and in the altruistic sense you are helping other (non-mole) users of the service.

[Wazoo]

Where is this policy on the part of SpamCop enunciated?

Are you following any of the links previously provided? Just which of the FAQ listings have you looked at yet? I'm having a hard time coming up with why you seem not to be able to find any of this data, with three different versions of the SpamCop FAQ existing in public, and all three have links to "What is Mole eporting?" ....???? .... and I previously made note of an existing item in the Announcements Forum that includes dialog between myself and the SpamCop Admin ...

[Miss Betsy]

I would be surprised to learn that my efforts have been entirely in vain with respect to Spamvertised sites. But if this is the case, and can be verified, then I will divert my efforts at reporting such elsewhere where the information will be acted on in some useful way.

I think that someone has already said that SpamCop concentrates on the source IP addresses.

AFAIK there is no other place to report where the information will be acted on in some useful way unless you learn how to report manually.

Miss Betsy

[PGTips91]

I think that someone has already said that SpamCop concentrates on the source IP addresses. 

AFAIK there is no other place to report where the information will be acted on in some useful way unless you learn how to report manually.

Miss Betsy

Hello Miss Betsy and thank you for your previous comments which I have not been able to reply to. I appreciate your more mild and positive responses.

Taking the hint from yours and earlier postings I went in search of alternative places to report Spam.

A simple Google search brought up : --
'Reporting Spam' in Google search.
Results 1 - 30 of about 12,200,000 for reporting spam. (0.31 seconds)

Some sites where various types of Spam may be reported, derived from the search, are: --

* FTC Consumer Complaint Form
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

This goes on to state: --

"If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM[at]UCE.GOV without using the complaint form. "

* Spam Reporting Addresses
http://banspam.javawoman.com/report3.html#piracy1

This URL has a lot of specific email addresses to which Spam may additionally be reported.

Moderator Edit: Large snapshot from Marjolein's site snipped here. Time to once more state that her web-site is also found within the Forum version of the SpamCop FAQ. linked to at the top of this page.

One site that interested me is SpamX.com, offering a 30 day free trial of the SpamX software.
[$30.00 for one-time licence]

Anti Spam for any OS -
Block & Report junk email -
Mac, Windows, Linux, UNIX, Solaris

Note, this program not only filters Spam, but will send reports to the right parties, as determined by parsing the headers. It does not use black-lists or lists of user-made 'rules' but relies on parsing the header to determine whether it is Spam or not [claiming a 99% success rate].

It is cross-platform, based on Java.

Check Spam is the main interface for all spam received.
Check Spam allows viewing the Source of the email with all headers without going through the special gyrations required by normal mail clients we might be familiar with, allows viewing mail in Normal mode which includes viewing HTML mail, allows parsing the mail to determine the ultimate source of the spam, allows previewing and sending of reports to the top level ISPs for the source and website links and email links in the spam body as well as any other addresses included in the Additional Addresses list and provides for maintenance of the saved spam folders.

So basically this program enables both filtering Spam, at the ISP before downloading to your email client, processes the spam in a secure environment, parses the headers and prepares reports to the sending ISP as well as third party email and web addresses spamvertised - all that SpamCop does and more.

http://www.spamx.com/

Moderator Edit: snipped Meta tags. Can be seen if above link is followed. Further "advertising" for the same product was snipped, also available by following the above link.

I hope this information is helpful for others who feel, as I do, that reporting the target sites that provide the payoff for Spammers is equally if not more important than black-listing their sending sites.

Paul

This post has been edited by Wazoo: Nov 20 2005, 10:56 AM

[petzl]

When deciding how best to do this, while not exposing myself any more than necessary, I chose to take the 'mole' status.

using spamcop to report spam (free version) you are best use a free throwaway email account like
hard_2_guess_99[ AT ] hotmail com

mole status does not much. except, help statistics (bit unclear myself on latest rendition)

Better still is to get a SpamCop email account Whitelisting NZ would allow a major majority of your colleagues through but not spam (which SpamCop filters should stop)

[PGTips91]

And again, I find it interesting that you appear to be set for mole reporting meaning effectively no reports will be sent anyway.

I have back-tracked through the SpamCop site to see what it actually says and have to disagree with most of what has been said to me here in the forum.

The page "SpamCop FAQ: What is "mole" reporting?" states: --

Some users may wish to file reports, and get themselves removed from any spammer's list who is sophisticated enough to remove them (and take the risk of retaliation). Others may wish to take advantage of this new SpamCop feature and become a "mole." SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly conscientious ISPs will still find some value in these aggregate numbers, while the less ethical won't be able to "work the system."

To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics. That should be just as effective, as the preamble states and just as ineffective as sending detailed reports to Korea or China.

One would hope that the information is being passed on to other organisations who would be interested in validated information on Spam and Spammers and their Spamvertised sites.

And, by the way, it was only several clicks deep into the site that much of the information in question became available and was clear only because I have used the site, this forum and thought and discussed it quite a lot. In my opinion, the information needs to be made available up front and in order much more than it is.

Paul

[dbiel]

To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics.

I am sorry to disagree with your interpretation and suggest that you take a closer look at the displayed results after you click on Submit Reports.
All reports that have been sent are listed.
As a mole reporter I believe that the only reports listed will look like the following taken from one of the URL that you posted.

Reports regarding this spam have already been sent:
Re: 201.124.182.2 (Silent report about source of mail)
  Reportid: 1557114663 To: mole[at]devnull.spamcop.net

This indicated that only one report was sent. But note to where it was sent: mole[at]devnull.spamcop.net devnull is the unix trash directory.
SpamCop maintains a summary list of all "reports" generated which is grouped by report type.
So lets take a look at what is on file for 201.124.182.2 which you reported.

201.124.182.2
Listed in bl.spamcop.net
Most recent spam reported about 4.7 days ago

The following also provides some information http://www.spamcop.net/w3m?action=blcheck&ip=201.124.182.2
Summary reports are just that, summary.
They list know many times reports have been submitted (includes mole reports)
These summary reports are made available to ISP's that request them. They must be requested.
So to restate.
Mole reports are not actually sent to anyone other than the unix trash can.
The do increment the report counter in the summary report.
And they may possibly also be used to increase the time that a IP is listed. (Note: that there is much confusion about this last point and it would be nice to get it clarified with an official statement. But I do not hold out too much hope for that.)

[petzl]

And they may possibly also be used to increase the time that a IP is listed. (Note: that there is much confusion about this last point and it would be nice to get it clarified with an official statement. But I do not hold out too much hope for that.)

I believe there is a "part" score added to SCBL for mole reporting, as is the count used by SpamCop's Spam Traps
A larger score/count is used by a "normal" SpamCop report meaning a Normal and or unmunged report will list a spamming IP quicker

[Miss Betsy]

To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics.

IIUC, the statistics are published on the spamcop website for the use of ISPs, but no reports are sent to anyone. It is easy to see why you would assume that possibly reports of statistics were sent.

One would hope that the information is being passed on to other organisations who would be interested in validated information on Spam and Spammers and their Spamvertised sites.

I think it is 'offered' but not sent. IOW, an interested person would have to seek it out.

And, by the way, it was only several clicks deep into the site that much of the information in question became available and was clear only because I have used the site, this forum and thought and discussed it quite a lot. In my opinion, the information needs to be made available up front and in order much more than it is.

Yes, much of the information about how spamcop works is only available to those who have spent some time ferreting out information. I, too, think it is a mistake. However, the TPTB are single minded - the primary purpose of spamcop is to identify the source of spam, provide a way for ISPs to prevent spam from entering their systems while there is spam spewing, and to provide reports to responsible admins that something has gone wrong so they can fix it. Everything else is 'extra' and, is added and maintained as long as it takes minimal effort - including documentation.

The volunteers in this forum (and others in the newsgroups) try to make it easier for others to use and understand. Your viewpoint would be welcome to examine the Forum (version of the SpamCop) FAQ (nobody has any influence on changes in the official FAQ) and make concrete suggestions in the FAQ Under Construction forum.

Having signed up long before there were 'mole' reporters, I can't make any comment on what was presented when you chose that option that would make it clearer that no reports are sent. As a matter of fact, I believe that it has gone back and forth several times on whether reports are sent so possibly when you signed up, reports were being sent. I haven't been able to keep fully informed and perhaps Wazoo can give you a correct version.

Miss Betsy

Moderator Edit: added a bit so as not to confuse someone trying to follow the link to the Forum FAQ and wondering what was missing.

This post has been edited by Wazoo: Nov 20 2005, 11:04 AM

[StevenUnderwood]

I have back-tracked through the SpamCop site to see what it actually says and have to disagree with most of what has been said to me here in the forum.

I provided a link to this AND posted another excerpt from that page in Linear Post #42 I have modified that post to placew the quote in a quote box.

[Jeff G.]

I think it is 'offered' but not sent.  IOW, an interested person would have to seek it out.

These appear to be the "email alerts", "Periodic Summary Reports", and/or "Aggregate Reports" I referred to as being available to ISPs in FAQ Entry: SpamCop Account Types.

Having signed up long before there were 'mole' reporters, I can't make any comment on what was presented when you chose that option that would make it clearer that no reports are sent.  As a matter of fact, I believe that it has gone back and forth several times on whether reports are sent so possibly when you signed up, reports were being sent.

Having followed them from the beginning, I don't think normal Reports were ever sent by 'mole' Reporters.

[Wazoo]

The page "SpamCop FAQ: What is "mole" reporting?" states: --
To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics.

just the statistics = SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly consciencious ISPs will still find some value in these aggregate numbers, = no reports, only statistics made available ....

One would hope that the information is being passed on to other organisations who would be interested in validated information on Spam and Spammers and their Spamvertised sites.

Data is "made available" ....

And, by the way, it was only several clicks deep into the site that much of the information in question became available

Several clicks deep suggests;
browser was sent to www.spamcop.net
Help link was tapped
SpamCop FAQ was pulled up on screen
SpamCop Parsing and Reporting Service link was selected and clicked on
What is "mole" reporting? link was clicked on, data read

In contrast, one could go to the Forum version, single-page access point, linked to at the top of this page in a couple of different fashions (one opens a new window, the other 'takes one to the page' and in the Pinned pointers at the top of each Forum entry screen - Pinned: Original SpamCop FAQ Plus - Read before Posting
Follow one of those links, and you have a single page to scroll through ... and one of the first things seen there is a "jump-to" list to even possible shorten up the scroll-down process .... under the section SpamCop Parsing and Reporting Service the link n question is "buried" as seen in this snippet;

How do I submit spam via email?
What is Mole Reporting?
What is Quick Reporting?
How can I unsend a Report?

and was clear only because I have used the site, this forum and thought and discussed it quite a lot. In my opinion, the information needs to be made available up front and in order much more than it is.

As I'm in the process of trying to populate the Knowledgebase/ view of this same FAQ (this link bit seen at http://forum.spamcop.net/forums/index.php?act=faq&article=29 ) you have the opportunity to open up a new bit of discussion in the FAQ Development Forum and suggest your "better" wording.

I believe there is a "part" score added to SCBL for mole reporting, as is the count used by SpamCop's Spam Traps 
A larger score/count is used by a "normal" SpamCop report meaning a Normal and or unmunged report will list a spamming IP quicker

The last data released "publicly" can be found in the Announcements Forum, Mole Reporting is Back, Kind of (?)

These appear to be the "email alerts", "Periodic Summary Reports", and/or "Aggregate Reports" I referred to as being available to ISPs in FAQ Entry: SpamCop Account Types.Having followed them from the beginning, I don't think normal Reports were ever sent by 'mole' Reporters.

I agree .. Mole reports have never been "sent" anywhere. The only thing "changed" has to do with what happens with the data they represent, and once again, I can only point to the "last data released publicly" found in the Announcements Forum Mole Reporting is Back, Kind of (?).

[PGTips91]

just the statistics = SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly conscientious ISPs will still find some value in these aggregate numbers, = no reports, only statistics made available ....

Data is "made available" ....

Mole reports have never been "sent" anywhere.  The only thing "changed" has to do with what happens with the data they represent, and once again, I can only point to the "last data released publicly" found in the Announcements Forum Mole Reporting is Back, Kind of (?).

However, it seems from the 'SURBL - Spam URI Realtime Blocklists' site [http://www.surbl.org/], that Spamvertised sites from SpamCop are passed on to them and end up in their blocklist. That is a lot more than just being available if the ISP is interested.

I noticed this in passing and didn't note the actual page, however, see for example the 'Usage' page: --

The SpamCop-URI-derived SURBL can be found in sc.surbl.org. It includes both domain name an reversed-numeric addresses of SpamCop-reported spam sites in the standard formats: spamdomain.com.sc.surbl.org for name-based references, and 4.3.2.1.sc.surbl.org for numbered references. Matching references return an Address (A) Resource Record of 127.0.0.2 and a Text (TXT) Resource Record currently reading: "Message body contains SpamCop spamvertised domain." In other words, it looks like a typical RBL.

From their Introduction page : --

Spammers have found ways to get around conventional RBLs by stealing services from multiple open relays or hijacking computers using viruses or trojan horse programs. Because of this theft of services and forced entry into unsuspecting victim computers, spammers are able to exploit multiple new mail sources, sometimes for only a few minutes at a time, faster than RBLs can identify and block mail from those addresses. This is a significant weakness in conventional RBLs, and spammers have devised various ways to exploit it.

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

Paul

[Miss Betsy]

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

The problem of trojaned machines is easily solved if ISPs would cut connectivity immediately. And, the scbl is particularly good in this area, because the spam that people get is reported and the ISP gets a report. If they are responsible ISPs, they investigate and find out that there is outgoing traffic that shouldn't be.

Most server admins do not depend on one bl to stop spam - they use a mixture of methods. That does not diminish the value of bls.

And it points out what I have been saying - that no matter what methods one devises to keep spammers (particularly the scammers) OUT, there will always be ways to get around those barriers. What needs to be done is to make the *sending* end responsible by education and monetary pressure - something that does work with some people - not people like Langa who think because they would have to make an effort, it is not a good idea.

If the *sending* end cooperated and the receiving end used bls, then pretty soon spam would be controlled.

Miss Betsy

[StevenUnderwood]

However, it seems from the 'SURBL - Spam URI Realtime Blocklists' site [http://www.surbl.org/], that Spamvertised sites from SpamCop are passed on to them and end up in their blocklist. That is a lot more than just being available if the ISP is interested.

This information is not "passed on" to them. They simply parse the available information from the spamcop webpage and use it for their own purpose. I think they (SURBL) did send notice to spamcop they were doing this, but I don't think they ever got a reply of any kind.

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

Spammers have been trying to get around blocklists as long as blocklists have been around. In my experience, they are not very successful in doing so getting around the combination the SpamCop email service provides. I generally get less than one spam slipping by spamcop's filters a day. I am also not sure of your <can't think of word here> that mole report information is put into that publically available web site of reported spamvertized sites which is available here: http://www.spamcop.net/w3m?action=inprogress;type=www

[PGTips91]

This information is not "passed on" to them.  They simply parse the available information from the spamcop webpage and use it for their own purpose. I think they (SURBL) did send notice to spamcop they were doing this, but I don't think they ever got a reply of any kind.

Well, at least the effort of ensuring the Spamvertised sites are reported seems worthwhile if blocklists are based on this information rather than it just being filed for information of responsible ISPs! I can't for the life of me see much good coming from that course of action by SpamCop.

Spammers have been trying to get around blocklists as long as blocklists have been around.  In my experience, they are not very successful in doing so getting around the combination the SpamCop email service provides.  I generally get less than one spam slipping by spamcop's filters a day.

The idea that I have been promoting would turn it around and make the Spammers try and get onto a 'White list', which they could do only by agreeing to certain conditions that would expose them to commercial penalties if broken. This would have much more effect than the current system of blocklists, which are forever playing catch-up with the SpamBots and do let enough through to keep it economic for the Spammers. Also, it costs everyone else but the Spammers to maintain the system while they get to send billions of emails at our expense.

I am also not sure of your <can't think of word here> that mole report information is put into that publically available web site of reported spamvertized sites which is available here: http://www.spamcop.net/w3m?action=inprogress;type=www

There is not good communication going on about this whole issue on the SpamCop web site. It is part of a wider problem of lack of accountability that exists here, too.

Paul

[StevenUnderwood]

The idea that I have been promoting would turn it around and make the Spammers try and get onto a 'White list', which they could do only by agreeing to certain conditions that would expose them to commercial penalties if broken.

So you want to put the 99% of all IP's which are good onto a whitelist? How would you start this whitelist? Are you going to charge for it? There are systems already in place (BondedSender, for instance) already trying to use this model. If you think you have a better idea, go for it. If it is good and you promote it, it will catch on. I just don't know how you would acurately maintain a list of 4 billion IP addresses.

[PGTips91]

So you want to put the 99% of all IP's which are good onto a whitelist?  How would you start this whitelist?  Are you going to charge for it?  There are systems already in place (BondedSender, for instance) already trying to use this model. If you think you have a better idea, go for it.  If it is good and you promote it, it will catch on.  I just don't know how you would accurately maintain a list of 4 billion IP addresses.

Hi Steven,

Thank you for your contributions to this thread.

Maybe I should not have used the word "whitelist" as that would presuppose that someone would have to maintain a separate list, which would never be up to date, just like blacklists can never be up to date. Rather the concept is to include the information in the DNS system. The responsibility to supply the information would rest with all those ISPs and without their cooperation they would be excluded from the secure email network.

I know that there are systems, based on the current insecure email system, that try to do some of what I am proposing. The difference in what I propose is that there be a completely separate secure email system, with proper commercial/legal protections to ensure compliance by participating individuals or entities. Entry to the network would be by commercially binding agreement with some overseeing entity or entities with penalties for breeches of the agreement [read sending spam, hosting spammers, allowing open relays, etc].

From my limited research I think that this is a novel approach. If I am wrong and there are already proposals to do something like this I'd be glad to hear about it.

Paul

[Wazoo]

From my limited research I think that this is a novel approach. If I am wrong and there are already proposals to do something like this I'd be glad to hear about it.

The "limited research" is part of the "lack of responses/interest" you alleged in one of your recen postings. Here's a "blast from the past" that pretty much covers most of the ground you're trying to cover in your "new" approach ..... start with the X.400 protocols/standards, see also the X.500 .....