I've been receiving more and more spam in my @spamcop.net email account lately... Just last night I received over 114 spam messages. This is nuts. Can anyone explain why these are not getting blocked.

hi OverSeer!

If you think through your question carefully you'll realise that you really haven't provided much information to help anyone offer anything other than generic answers. You'll need to tell us about how you've configured your SpamCop Email account (which block lists you've selected, whether you use grey-listing, what your SpamAssassin levels are). You'll need to tell us how mailo reaches your Sc account (Does it receive Email forwarded from another Email address and if so, is that a so called catch-all Email address).

In fact there are so many considerations that nobody can much more than guess at reasons without more information.

If you've reported these items then send a few tracking links and that may give some extra clues.

FWIW I got my typical half dozen spams to report when I last checked in. But that is a meaningless figure unless you also know how I have configured my account. (I use grey-listing, have spam Assassin set at 4 and have used SpamCop Blacklist, Spamhaus Blacklist, China (the country), Nigeria, Argentina, Brazil, Spamhaus XBL.)

Andrew

Check the headers of the spam and it will tell you why each message got though... often, a sudden increase means that you recently whitelisted your own address.

I too am seeing a significant number of what should be spam mail get into my inbox. My spam detection rates have plummeted in the past week from approximately 99.999999% (ie, one or two escapees making it to my inbox every week) to dozens that get through daily..

I estimate my current detection rate is between 66% and 75%.

I am just using the spamcop.net bl list, and have a SpamAssassin threshold of 5. All of these escapee messages have SpamAssassin scores under 5.

Here are some sample reports:

http://www.spamcop.net/sc?id=z2787948062zd...3eb290fbf5e15bz
http://www.spamcop.net/sc?id=z2787949137z9...9bfda269c47c1fz
http://www.spamcop.net/sc?id=z2787949407z4...2cd121d6e42842z
http://www.spamcop.net/sc?id=z2787948557z2...ee943f63f1804bz

In the last 12 hours, I've had 38 messages get through that should have been caught, out of 53 total messages.

This may be the future of spam that Overseer and I are experiencing. And it doesn't look good.

AndrewB

All of the samples you linked to *should* have been caught in your Held folder, in that they were all blocked due to SCBL listings, and yet you seem to be saying that they made it to your inbox? Please clarify. BTW, I lowered my SA threshhold from 5 to 4 years ago, as 5 seemed to allow too many false negatives.

I'd agree with those who are suggesting you check your personal whitelist and make sure your address is NOT there. The only other time you posted here (about a year and a half ago), you had your own address whitelisted:

http://forum.spamcop.net/forums/index.php?showtopic=8753

We advised you to change that back then, but you never responded to any of us. Also, one of the reasons that you're receiving spam at your SC address is that it's posted publicly in various forums around the web, where spambots can harvest it (just did a Google search and saw about 25 hits). I generally advise people to keep their email address *off* of websites if at all possible.

DT

Hi, AndrewB,
...You didn't mention if you checked the idea posted by StevenUnderwood, above.

While possible, there should also be a header that indicates that action was taken that is missing from these messages. I have submitted a problem ticket to try and get someone to look at this.

But wait....are we sure that the sample messages Andrew linked to got whitelisted? I just checked my own mailbox and the whitelisting status header is working just fine.

DT

Correct - the 4 reports I linked to above are samples of messages that made it to my inbox. I have more, but they are all similar in nature - one to three SpamAssassin rules triggered, scores < 5, and very short messages, some in HTML, with a link to another site.

My personal address is NOT on my whitelist or greylist - not an issue for me.

As you can see in the reports that I offered URLs to, SteveUnderwood's comments don't directly apply to me. The reports do not indicate why it got through, other than the low SpamAssissin score. Unless I'm missing something.


AndrewB

...Okay, thanks. You can either wait to hear whether StevenUnderwood's trouble report gets a reply or you could ask the SpamCop Deputies yourself by writing to deputies[at]admin.spamcop.net.

I've neither whitelisted my own address nor have I changed anything since I've started my service many many years ago... Yet, within the past few weeks, I've been inundated with more and more spam.

Also, be that as it may, just because my email address happens to be out there at some sites, shouldn't the purpose of my @spamcop.net address be that it BLOCKS spam. It used to work just fine, as I mentioned up until about 2 weeks ago...

And the reason I never responded about removing my name as a whitelist was because after I did it, there wasn't an issue so no need to respond. That was some time ago and my maturity in such matters has changed. I tend to leave responses, either positive or negative, now-a-days.

Thank you as that helps other users know the solution offered works.

In a reply today from Trevor: I'll have JT look into this and the SCBL issue you just reported.

That doesn't make sense, Andrew, because each of them had a "Disposition" line indicating that the message was indeed blocked due to the source IP address being on the SCBL. Therefore, the next assumption is that in the Filtering Blacklists section of your Spamcop Options, the "SpamCop Blacklist" option is not currently selected. That would explain why those messages are not being held.

Please log into the webmail and look into this possibility in the "options."

DT

Ooof! You are right! Darn. I'm deluged with a lot of spam with the similar subject lines. I'll post some of the ones that got through after a more careful review process. Here are a few that got into my Inbox that I processed today:

http://www.spamcop.net/sc?id=z2788952117zc...f98e706c3b1c7fz
http://www.spamcop.net/sc?id=z2788925558zb...66ac99f0a51535z
http://www.spamcop.net/sc?id=z2788856046z6...18859a131c9605z
http://www.spamcop.net/sc?id=z2788818021z1...4c8c5cf27c60c7z
http://www.spamcop.net/sc?id=z2788817982z1...aa00f276586b9cz
http://www.spamcop.net/sc?id=z2788573740za...bef0941aeae624z
http://www.spamcop.net/sc?id=z2788573749z5...d69c0d64bd06e2z
http://www.spamcop.net/sc?id=z2788573762z5...b205f803ddea85z


Sorry about the wild goose chase. There is now a real goose behind these

And I did double check my SpamCop tools settings. Things are as I expect: SpamAssassin at 5, and the SpamCop blacklist is the only one checked.


AndrewB

What am I right about? That the previous examples were actually from your Held folder, perhaps? The new examples are all ones that were not on the SCBL, and therefore don't have a "Disposition" header line. BTW...I'd recommend using more than just the SCBL in your Blacklists options.

DT

Yes, they were from properly held email, but the new examples were not and escaped into my inbox.

So what are the recommended blacklists to configure? And why isn't SpamCop's the best?


AndrewB

...There is some guidance in SpamCop Forum thread "How We Use SpamCop, Detailed Examples."
...Which BL is "best" is kind of in the "eye of the beholder" -- whichever works best for you is best. I think DT's suggestion was not meant to imply that SpamCop BL is not "best" but rather that more than one is better than just the one. Right, DT?

I'm often frustrated by what's *not* on the SCBL, in that even though a dozen of us have submitted live samples from a given source, the source isn't listed. Most of the SCBL listings seem to come from spamtrap hits...at least that's how it seems to me. So I'm not saying what's good, bad, or better....they're just different.

As for the BLs, I'd suggest selecting ALL of them, unless you have a specific need for communications from one of the countries in the country-specific lists (sorry, Nigeria, but I'm not going to do what it takes to block you). If you do, you can always whitelist specific senders.

Using all of the BLs, in addition to a lowered SA threshhold, can keep more spam from reaching your inbox.

DT

Well, I don't know if something else has changed somewhere but I definitely have less spam since my OP this morning (only one made it into my Inbox)... Regardless I did take the suggestion of selecting all the BLs and lowering my ranking to 5... Thanks for all the help guys!!

Ok, thanks for your advice. I too have enabled all of the blacklists. And after 1.5 hours of inactivity, I have not had any escapee spam mail into my inbox.

I'll see how this goes overnight though - that's when the bulk usually appears. Or at least it feels that way when I see my held mail in the morning.


Andrew

Unless you have a great desire to see all the spam in your held folder, I'd recommend grey-listing in addition.

Andrew

Oh, yes, any of you who have people send directly to your SC address should strongly consider turning on the greylisting. It's done in the "Manage your email forwarding, password, mail report, and greylist settings" option category.

I don't use it because I never give out my spamcop address. I have mail forwarded from other addresses, and use the "popgate" function to collect mail from several other sources (although popping from Yahoo has been broken for quite some time).

DT

Although one day's results can't always claim success, I had about 80 spam mails properly held overnight, and one got through. That's acceptable for me at this time.

The cbl.abuseat.org blacklist seems to properly detect what SpamAssassin and SpamCop's blacklist miss, based upon my cursory glance of the disposition result in the Held Email webpage.


AndrewB

Very good. Don't forget about the greylisting option, however, because if these are messages being sent directly to your SC email address, greylisting will probably nuke most of the junk before you ever see it.

DT

I as well only had 2 messages get through the filters to my Inbox. Thanks for the help!

...but I'd consider that two too many! If spammers are actually sending directly to your SC address, turn on your "greylisting" and most of your spam will probably disappear.

DT

I'm also seeing a large increase in the quantity of spam reaching my inbox. Up to around a month ago 90+% of spam was held, now it's down to less than 40%. The overall volume of spam I'm receiving seems to be about the same at 10-20/day.

Here's a couple of examples (all the others are similar):

http://www.spamcop.net/sc?id=z2812121131zd...4d9f587c0d8fe3z
http://www.spamcop.net/sc?id=z2811840289z4...ede35e886dbf06z

They don't appear to be triggering much (if any) in the way of SpamAssassin rules, perhaps some tweaking's in order? I have pretty aggressive filter settings - all blocklists selected and SpamAssassin threshold set to 3 which had worked well up until recently.

I don't have spamcop email service, but I have noticed that a lot of times people mention 'greylisting' as an answer to spam that sneaks in.

Miss Betsy

I'm already using greylisting, both on my spamcop email account and my personal domain e-mail - prior to this I was seeing several hundred per day. Spamcop was correctly holding 90+% of them but reporting that volume was a bit of a chore, even using quick reporting, so I started to greylist a couple of years ago. It's only pretty recently that the filers seem to be leaking a significant percentage of spam, possibly due to a new set of source IPs that aren't yet on any of the blocklists combined with techniques that aren't being picked up by SpamAssassin.

This line in your TrackingURL indicates "Easily" is a host of yours.

SpamCop received mail from Easily ( 212.53.64.116 )

If you have messages forwarded from other hosts of yours, greylisting will not help in that situation because that is a valid email server which will retry until the message is delivered. Greylisting will only help in messages sent directly to the spamcop server.

Correct, note that I also mentioned that greylisting is enabled for my personal domain (hosted by easily, where the greylisting is enabled). Close to 100% of my e-mail comes via that route - the only reason I enabled greylisting on the spamcop account was that the only mail received directly to that address was spam - I've never given the address out or used it on-line.

I have not seen a large percentage of spam being seen on the spamcop list since spammers started using botnets for more than a year now. Because each host only sends a small amount of spam, not enough messages are seen to list them. Other lists are still very useful. I use every blocklist available as well as the greylisting option and the only spam I get in my inbox is forwarded through my ISP.

Hi,

I have been also facing a big increase in unheld spam since a couple of months. I have checked the answers here and tried changing some parameters in my filtering options, but it doesn't seem to work. I checked all black lists available, reduced SpamAssassin level to 4, yet the following mail just went through:

===
Return-Path: <comedic[at]mobogogo.com>
Delivered-To: <x>
Received: (qmail 2197 invoked from network); 2 May 2009 09:37:46 -0000
X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8
X-spam-Level:
X-spam-Status: hits=0.0 tests=none version=3.2.4
Received: from unknown (192.168.1.88)
by filter8.cesmail.net with QMQP; 2 May 2009 09:37:46 -0000
Received: from smtp2.net4all-dns.com (HELO smtp2.clm.net4all.ch) (80.80.228.43)
by mxin1.cesmail.net with SMTP; 2 May 2009 09:37:21 -0000
Received: from mail5.clm.net4all.ch (unknown [10.3.0.5])
by smtp2.clm.net4all.ch (Postfix) with ESMTP id 878B413EF8
for <x>; Sat, 2 May 2009 11:37:45 +0200 (CEST)
Received: by mail5.clm.net4all.ch (Postfix, from userid 8539)
id 5133A6065573; Sat, 2 May 2009 09:37:45 +0000 (UTC)
Delivered-To: <x>
Received: from avas2.clm.net4all.ch (avas2.clm.net4all.ch [10.4.0.2])
by mail5.clm.net4all.ch (Postfix) with ESMTP id 44798606556C
for <x>; Sat, 2 May 2009 09:37:45 +0000 (UTC)
X-Greylist: Passed host: 79.2.166.4
Received: from bwiqfta.telecomitalia.it (host4-166-dynamic.2-79-r.retail.telecomitalia.it [79.2.166.4])
by avas2.clm.net4all.ch (Postfix) with SMTP id 8E317B0002
for <x>; Sat, 2 May 2009 11:37:44 +0200 (CEST)
Message-ID: <89l1________________________________________.com>
Date: Sat, 02 May 2009 09:37:43 -0100
From: Barness <comedic[at]mobogogo.com>
MIME-Version: 1.0
To: <x>
Subject: Top 5 Hot Sexy Tips to Spice Up Your Love Life Beefore It's Too Late
Content-Type: multipart/mixed;
boundary="------------069F5ECA0E5F"
X-Net4all-MailScanner-Information: Please contact the ISP for more information
X-Net4all-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-Net4all-MailScanner-SpamCheck:
X-Net4all-MailScanner-From: comedic[at]mobogogo.com
X-SpamCop-Checked: 80.80.228.43 79.2.166.4
X-Antivirus: AVG for E-mail 8.5.323 [270.12.13/2091]
===

I am forwarding all my mails from my official address swarsystems.com, hosted on net4all.ch servers, then POPing mails from these spamcop accounts.

When I first joined SpamCop, it was working pretty well, without any specific configuration, which is what I wanted, because I'm neither qualified in that domain, nor have time to try it. So your help on this matter would be very much appreciated.

I am also no longer reporting any emails as spam, because I was told that it was blacklisting the net4all.ch server from which the mail was transferred. Is there any solution to avoid that?

Thanks again.

Mariano

[edit] spam munged <x> for public display

You will certainly benefit from changes to your filtering rules. I am sorry I cannot help with that - hopefully others with some experience with similar mail processing to yours will advise you.Yes indeed. That is exactly the problem the mailhosting system was designed to eliminate. You get to it from your member's page (when logged in) from the "Mailhosts" tab - http://members.spamcop.net

As it happens, the example you gave would be parsed perfectly without mailhosting: http://www.spamcop.net/sc?id=z2850198697zb...9a2a688a7228fcz - but you cannot rely on that always being the case. Setting up mailhosts is definitely recommended.

Yes, setting up mailhosts is a good idea.

I don't know much about the filtering, but I have seen that many people with spamcop email accounts swear by greylisting to keep spam from their inboxes.

Miss Betsy

Thanks for the info, but this is still very complex. Can anyone post a simple step by step procedure to do that? I have gone through the different documentation and it's very confusing.

Say I have 2 addresses (a and forwarded to one spamcop account ©. What should I enter in the configuration?

Also I understand this as a way to avoid reporting my forwarding server as spammer, but how would this solve the problem listed above of spam going through?

Thanks for any additional help. As I said before, I ordered 4 spamcop accounts because it seemed easy to set up for basic spam filtering. I understand that it's a complex subject and that you may have lots of possibilities for improvement, but there should be a default config that does a good job, without having to lose time in understanding the whole subject.

Any further help much appreciated!

Mariano

You will find surely it easier than you think. Yours sounds like the configuration 2 described in http://www.spamcop.net/fom-serve/cache/397.html - but it might be even easier because you register hosts, not addresses - so if a and b are (say) you[at]swar and u2[at]swar then you only register swar (and then spamcop, maybe, I'm not sure there because I don't use that system). There is a 'step-by-step' example at http://forum.spamcop.net/forums/index.php?...amp;#entry21169 Give it a try and if you get into difficulty post here or contact SC admin (service[at]admin.spamcop.net) for further assistance.Reporting has nothing to do (directly) about spam reaching your inbox. Someone needs to talk with you about filtering. I think you might need to add some RBLs to your SC account settings (and the SpamAssassin options). It needs someone who uses that system to walk through that with you. Filtering is mentioned many places, including http://forum.spamcop.net/scwik/SCEmailFiltersandBLs Miss Betsy also mentions 'greylisting'. That would be effective against spam sent direct to the SC account.

Thanks for your help and time. I have managed to add my forwarding emails in the mailhosts tab, though it was only taking one from the same server. I assume all email addresses from that server will be included in that, right?

Regarding the filtering, what I don't understand is that I had set SpamAssassin to be active (was already before) and set the threshold to 4 instead of 5, so it should be more sensitive to spam. But the email mentioned below went just through. I have also all possible BL checked.

In a hurry, but I'll see if I can help a little:

1. In the headers you provided, I see "X-Net4all-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details." Since you seem to be using the services of "Net4all," I think you might want to look into the scanning service mentioned in the headers...you don't seem to be using it. I allow my original server to do some scanning before it forwards to my SC address, and that helps cut down on "false negatives."

2. Why is the SA score so low? Hard to say...the SA system at SC doesn't really "learn" -- it only picks up on any new rules as the local admins have time to configure them (I think...although there might be some automation to the acquisition of new rules). So, stuff gets through with very low scores sometimes.

3. Why didn't your blacklist settings catch this? Hmmm...the source IP *does* seem to be on the SpamHaus PBL, and if you have that one selected, then it's due to the forwarding from the original host. The SC blacklists system isn't connected with the MailHosts system, so it's not smart enough to deal with this situation. I've complained about that here before and gotten nowhere.

4. Also in the headers is "X-Greylist: Passed host: 79.2.166.4" which is curious, in that that's the IP used by the spammer. I don't use SC greylisting, so I'm not sure if that header line came from SpamCop or not, but others will be able to shed more light on that.

DT

Thanks, David. It's refreshing to see how people in this forum are willing to share their time to help others.

1) I have asked my Internet E-Mail service provider to remove any spam filtering on purpose. Because I don't want to have to check held email on 2 separate locations.

2) I'm wondering why, indeed, because a mail that starts with "Top 5 Hot Sexy Tips" should not be too difficult to catalog;-) Is SpamAssassin working fine for you lately? Couldn't that be the reason for a surge in such unheld spam?

3) good question

4) I have not used grey lists as yet, because I'm not ready to wait for an hour for some emails. If I can do without that, then I prefer.

Cheers!

Mariano

That's logical, but I'm willing to put up with it in order to reduce the amount of spam leaking to my inbox (which is now only a few per week). On my first server (using Exim on a WHM/cPanel setup), I've got an ACL configuration that makes a lot of incoming spam simply disappear, so although I have some of it show up in a "junkbox" (to which I maintain an IMAP connection), it gets rid of some things that the SC blacklist config won't do, since people are not sending directly to my SC address. If you're getting more than a few false positives a day, you might consider seeing if you can opt for only specific types of scanning/tests at your host.


Yes -- it seems to be scoring things fairly appropriately. I occasionally have to add new senders to my whitelist if their message scores above my threshhold.

DT

I have also been experiencing a significant increase in spam email, to my Spamcop account. On the plus side, Spamcop is, and has been in the several years I've had a paid account, catching 99% of spam and sending it to Held Mail. On the down side, I am now receiving approximately 180 spam emails a day. It is a pain and time consuming to go through Held Mail, just to ensure a legitimate email didn't get tagged as spam. Does anyone have any idea why the amount of spam has increased lately? I can't believe I'm longing for the days of receiving, "only", 40-50 spam emails a day!

Thanks,

Chuck

Do you find many false positives? If you do, then possibly your filters are set too high? Lowering them might allow more spam to your inbox, but it would be easier to pick out a few spam from your inbox than finding one or two legitimate email in your Held mail, I would think.

Also, do you get many 'new' emails? Whitelisting your regular correspondents would keep them out of the Held mail. When you give out your email address, get theirs so that you can whitelist it. Of course, if you have many people who would get your email address without your knowledge (if you are selling something,for instance), then you won't be able to do that.

If you are forwarding from other accounts, see about using their filtering. I don't know a lot about spam filters, but it looks to me as though most of them use the blocklist that lists the botnets because it doesn't matter if those emails are dropped, none of them are coming from real mail servers and are not ever real email.

It all depends on why you are looking in Held mail for false positives. If you want to be sure that they are really spam that you are reporting, do as many as you feel comfortable with and delete the rest. Better to do a little than not do any.

Maybe someone who uses the email system will come up with better solutions.

Miss Betsy

Actually, Spamcop is doing what's it's supposed to do, and very effectively. The problem is outside of Spamcop's control. My Spamcop account has been given out to many different entitites--friends, family, businesses, lists, job sites, etc. Unfortunately, some of these entities, probably the majority being business related, are less than honest folks, and sell email addresses. Then you end up getting crap emails touting Viagra pills, porn, fake high end watches, get rich quick schemes, etc. I use an application called Nyms, which are specific, disposable email addresses tied to my Spamcop account (which the person being given my email doesn't know). The concept is, if I create this new account, and start getting spam, I can easily check the source and see that it came from a specific email address, which is directly tied to a specific entity/web site. If I want to stop receiving from them, I simply delete the email account. Unfortunately, with me receiving approximately 180 emails a day going into Held Mail, it would be a very time intensive effort to check every received email in there to look for the offending spammer. The only solution I see is to cancel my specific Spamcop account name and start using another. The problem is, so many people have that email address that legitimate folks wouldn't be able to reach me unless I remembered who they were and provided them another email address.

Thanks,

Chuck

If you are not getting false positives in Held mail, then your problem is with wanting to check on the Nyms address to find out who 'sold' or otherwise let your email address out to spammers (sometimes they just get a virus or trojan who harvests the email addresses it finds). Also, once an address is on a spammer list, it starts to get on more spammer lists.

I would think that it would be easier to just check as many as you are comfortable with and cancel those (or whatever you do - perhaps contact them and say that your email addressed was compromised by them?). It doesn't really matter whether you do that or not - once the email address is out there, you will get spam to it.

As long as your real email is not getting caught in Held mail, then you only have to do whatever is easiest to do. Maybe some days you will have more time and you can check more addresses and report more spam. Other days, you may just delete the whole lot.

As long as you are getting your real mail in your inbox without a lot spam cluttering it up, then you are fine. There are enough reporters for you to take a day off now and then. And, while knowing which address is known to the spammers is good if you can delete it, it doesn't really make a big difference if you skip a couple of days and simply report or delete it all.

At least to me, it seems a better solution than create a new address. Though someone once said that it doesn't take long to get people to know your new address if you keep the old one to catch those you have forgotten about. If you kept the old one, you could use it for merchants and businesses - particularly the ones that are doubtful. If you change your address to one that is not easily guessed by the dictionary spammers (like c1s5p), then your new address would not get spam.

If I had to organize my emails again, I would have one for family and friends who do not send me FW FW's; one for family and friends who send FW FW's, but occasionally send a real email; one for my bank and insurance; one for merchants that I regularly do business with; one for any other online merchant I buy from maybe once a year or if I make an online inquiry and one for organizations with newsletters. Of course, I think you can sort them into folders which does the same thing - I am just haven't had the time to do it.

Miss Betsy

Thanks for the information and suggestions. I just went through my daily dose of held mail (ONLY 120 because it's Sunday), and I could not find any attributable to any of my NYMS disposable email addresses. These are all going to Spamcop. Some are going to my Spamcop email address specifically, but a good many others seem to be using a wildcard of sorts to send to a mass number of undisclosed Spamcop email addressees. The good part is that Spamcop filters are catching them. The bad part is that the Spamcop filters are catching them and I still end up with an unacceptably high number of daily emails going into Held Mail.

Thanks,

Chuck

There are no 'unacceptably' high numbers of spam in Held mail! spam should be reported or deleted!

For reporting, more is better except if it is a problem in reporting. If you have Mailhosts configured, then you only have to do a random check to make sure that your ISP hasn't changed a server on you so that you have to redo Mailhosts.

Some people have many more emails in Held mail. The purpose of filtering is to get it out of your inbox. Those who use email services with good filtering don't see the increase because it is deleted before it gets to them except those who 'tag' spam as the spamcop email service does and they only see it in their in Held or Junk mail.

Some other method of spam control will have to be devised to stop the spam from coming. I personally think that all email should be blocked at the server level. If people can't use email because they, or their email service, do not control spam leaving their networks, then customers will eventually learn how to run a mail server or move to services that are responsible. I don't think it should be based on volume. Occasionally, a responsible server admin will have a breakdown, but it shouldn't last long.

Filtering works well, but the only effect it seems to have had is to drive the spammers to send more spam in the hopes some of it will reach a target. The only place to stop spam from coming is at the sending end. The reason spamcop reports are useful because they still do alert responsible server admins to a problem.

It is increasing all the time for everyone so if you want to not receive spam, you will have to change your email address and be extremely careful who you give it to and that still does not guarantee a spam free inbox forever as spammers get more desperate to evade filters and acquire new addresses.

Miss Betsy

PS I am editing out the quote in your post since it takes up disk space and is not necessary to understand your reply.

Add me as one that is also receiving a lot of spam in my Spamcop inbox in the last month. I've changed my filter level to 2 now to try and stop it but it hasn't help even a little, but now I get a lot of good email going into the Held Mail folder. BTW, all my mail comes through my Yahoo account.

It's not looking to good that I'll be extending my spamcop account as this is what I have it for.

Don't you have spam filtering turned on in your yahoo account? Do you not have it turned on because you are afraid that yahoo will drop your real email?

I don't get much spam (or real email) at my yahoo account, but both yahoo and hotmail seem to have extremely rigorous filtering systems. On one hotmail account that used to receive dozens every day, I get less than two or three per week now. There may be a spurt, as a spammer figures out how to get around hotmail filters, but then it slacks off again.

There are ways to tweak filtering - whitelisting those real emails that go to held mail would help. There have been several discussions in the Email section of the forum about how to tweak spamcop filters. (I am not a spamcop email account user).

Miss Betsy