I have been using spamcop for about 30 days now and it seems like I have more spam now than I did before I started using spamcop. I get about 500 spam emails a day. I do the quick report and trash option. Is there something that I am doing wrong? Is there more steps that I need to take so that spamcop can be more effective?

Here's what normally happens .. spam is an issue .. you somehow find out about the SpamCop tool .. you sign up for an account (in your case, it sound like you went for a paid account) with the belief that your spam days would be over ...

It doesn't work like that. SpamCop itself is not advertised like that. SpamCop is a tool, to be used in the belief and hopes that when the ISPs that are providing resource to the spammers realize what's happening, those ISPs will take action and stop the spew from leaving their systems. As you've noticed, not all ISPs give a hoot, some of them happy at receiving triple the amount of a normal customer's bill from some of these spammers. Other spmmers work the backside of trojanized zombied machines of the clueless owner, so even if that compromised computer is taken down, there are thousands of others in just as bad of shape.

So, now you're 30 days into your use of SpamCop, and that you expected spam to stop, but hasn't, has now got you looking even closer at the flow of spam coming into your account. You're seeing the same increase that everyone else is seeing.

That you're talking about 500 spams a day, and then Quick Reporting and Trashing suggests that you might be setting your self up for a surprise one day.

Now, after all that, is the account you signed up for the "Filtered E-Mail" account? If so, might you want to move over into the E-Mail Forum and bring up your filtering questions?

i started using SC about 2 weeks ago, as a free member and reporting as a mole, using the web based submission system. Today, i have got as much spam in one day as i used to get in one whole week or more. What have i done wrong??

I dont quite understand the response from Wazoo. No, i dont expect that my spam load will decrease immediately or even in the near future just because i am reporting spam to SC. I expect to do my little part in helping to stamp out spam, if that is ever possible. But i did NOT expect the number of spams i recieve to increase so dramatically, and for no other reason (that i can think of) than having reported them to SC. Do i have to go through 500 spams a day, for 30 days and more. just to "setting your self up for a surprise one day", and what is the surprise?

i am not being sarcastic (and if so, then i apologise), but being a newbie, i would like to know what i am getting myself into. Can anyone please tell me.

There have been a number of posts from people who think that reporting through spamcop increased the amount of spam you get.

There is no real evidence that it does since people who have been receiving spam for a long time have found that it increases and decreases for no discernible reason. OTOH, it is possible that spammers are able to confirm that reporters have "live" addresses and add the email address to more lists. To what purpose no one can explain since it would seem that spammers would want to take reporters /off/ their lists (that's called listwashing). Some suggest that they do listwash and then sell the confirmed address to competitors.

There is a risk to Quick Reporting since the parser occasionally hiccups. You might read the pinned FAQ in the mail forum.

Quality not quantity is better in spam reporting. What many people suggest is to report only as many spam as you are comfortable doing (and trash the rest). Some only report those that make it through filters; some report the last 5 (or 10 or 25) that have arrived; some only report porn or eBay books or casino spam.

Miss Betsy

khaaliq - 500 spam a day! Commiserations my friend, more knowledgeable folk than I can give you further advice if you continue the thread.

rjb 001a, you're more in my league, I am also a mole of recent vintage and variable spam beseigement. Firstly, mole reports do not go to the "offending" IPs, there is little or no way the reports as such can bring down the spammers on you. Refer to the FAQ on (the new) "mole reporting" - I think the relevant part is 'SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" (all too often, the spammer, or a spam-friendly host).'
You say you submit via the spamcop web page - so do I. Just make sure you go off-line when you open your spam to view and copy it. There is some suggestion that opening to any live external links (graphics, etc), even previews, might register "the other end" and confirm your presence. I didn't bother going off-line initially (after all only 1/3 - 1/2 had live links) and found my spam volume increased, quite quickly. I've stopped doing that, view off-line, submit on-line, bit of a drag *but* now the volume is going down again (slowly). Maybe coincidence but I'm sticking with it.

i hope you all can take my following comments as constructive criticism, as that is my intention. (i have yet to figure out how to use the quote function, i dont post to forums, etc, so i will just cut and paste to what i am replying to).

MissBetsy: i wish you were right in your assumptions when you said "There have been a number of posts from people who think that reporting through spamcop increased the amount of spam you get"

For at least the past 6 months, i have been keeping a mental track of all the spams i recieve in all (5) of my email accounts, they average about 10 to 15 in total per week and never more than 10 a day, which is no big deal, and perhaps i should have just let it be. I even know when i can expect more spam, ie wednesdays, ie they are probably from the same lowlives. Today (which is monday), i got 25, and as far as i can tell, the only difference is that i have sent in about 30 to 40 reports to SC since March 1, 2004. Is this quantity over quality?

i do not know what i have to do in order provide real evidence of the dramatic increase in my spam load. Perhaps newbies should be told to have documented evidence of their level of spam before and after sending in reports to SC? I dont have them now, as i deleted the last 25 spams without reporting, in fear of getting another 50 tomorrow.

MissBetsy said "There is a risk to Quick Reporting since the parser occasionally hiccups. You might read the pinned FAQ in the mail forum" - i read it, but i dont know what Quick reporting is, and that post does not make much sense to me anyways. First of all, as i mentioned in my first post, i am using the free service as a mole (just trying to figure out what SC is all about), and secondly, is mole reporting the same as Quick reporting, and if so, why the 2 different names for it? Thirdly, if i understand correctly, the mail service is a paid service, so do i have to subscribe to the paid service if i dont want a dramatic increase in my spam load?

Farelf may have a good suggestion, ie go offline before reporting spam to SC, and i am willing to give it one more try. if this is the case, then perhaps it should be pinned or highlighted for us stupid newbies. I had been using MailWasherPro to 'view full header" which then displays, on another window, the header and message body, which i then copy and paste onto the web reporting page (i read on another thread here, that this is ok)

maybe it is just easier to delete my spam infected emails accounts .....

I am glad that you posted your questions.

Mole reporting should not increase your spam at all since no reports go to anyone. If you use regular reporting, there may be ways that the spammer can identify your address as "live."

I would not recommend opening spam at all. I always use the "Message Source" window in OE if, for some reason, I want to view the spam. Although I don't use Mailwasher, I think that is the same procedure they use. If you have to open the spam to report, then offline is the only way to do it.

The first questioner said that he was using quick reporting. If you don't, then don't worry about it.

The statistics say that spam is increasing every day. That means that individuals will experience an increase also. As you have noticed, spammers tend to have a cycle they follow. If they sell their list, then you will have additional spam.

If you are not interested in reporting spam, the best thing to do is to change your email address to one that has numbers in the middle, as yours does, so that it is not as easy for the dictionary spammers to find. Then be careful where you use it. There are services (like Sneakemail.com) that will give you random addresses to use when you buy something on the internet. If they start to spam, then you can delete that address.

That's all I have time for now.

Miss Betsy

...Speaking for myself, I don't take what you've written as criticism at all, but as a request for discussion.


...It's not just an assumption of hers -- I've seen them, too! Unfortunately, when I tried searching for them, I did not have any hits. That's my fault, I'm sure, for not using the right keywords in the search....


...You seem to have misunderstood Miss Betsy's reference. She wasn't talking about the number of spams you receive, she was referring to how many spam reports you send through SpamCop. It was a caution about the Quick Reporting feature of SpamCop e-mail, which it turns out is not relevant to you. I suspect she was adding that point for the benefit of anyone who might have signed up for the e-mail option and, indeed, may not even have been directing that towards you specifically.


...You don't have to provide any evidence of an increase in your spam load -- we're pretty much all seeing an increase in our spam loads, so we quite believe you! The fact that the number of spams you receive increased after you started using SpamCop may be a post hoc propter hoc fallacy. SpamCop reporting is not intended to be a tool to reduce the amount of spam any one person receives on any given day.

khaaliq, I'm sure if you chime back in with your further queries/response someone can give you further advice because where you're at is insufferable and good guys suffer more than enough from *unavoidable* causes already. Wazoo, in particular but not exclusively, has been a great help to me (and many others).

Back to rjb 001a.

Miss Betsy is absolutely right - don't open the things if you don't have to. Sorry, I wasn't thinking - I *have* to open mine, I use Netscape (4.79). My alternative is to use inline email forwarding, which doesn't work well with NS Messenger's handling of HTML (also, some of the emails "evaporate" before spamcop processing). The point being, one of the bugs in spamcop's interaction with early Netscape is the retention of .tmp files for each submission, which allows the easy and accurate tracking of the "spam experience" (does that make it a feature instead of bug?;-) So, if it is any reassurance, below is my record since I last purged my tmp files.

Serial-----Date------Count----Wk Mov---DAY
----------------------------------Av
1----------27 Feb----23--------23---------Fri
2----------28 Feb----30--------26.5------Sat
3----------29 Feb----43--------32--------Sun
4----------01 Mar----48--------36--------Mon
5----------02 Mar----53--------39.4------Tue
6----------03 Mar----38--------39.1667--Wed
7----------04 Mar----45--------40--------Thu
8----------05 Mar----33--------41.4286--Fri
9----------06 Mar----23--------40.4286--Sat
10---------07 Mar----27--------38.1429--Sun
11---------08 Mar----15-------- 33.429---Mon

The "weekly moving average" doesn't become a full weekly average until day 7 (and daily counts are too volatile to be of much use) but clearly the trend is improving, albeit over a short time-base. My time-zone is GMT+8:00 which will have an impact on the dates, particularly relative to the Americas. The numbers were around 15-20 a day, tops, before I started spam reporting on 20 December, they quickly ramped up after I started exclusively pasting to the web page (roughly mid January). I stopped opening the things on-line around the beginning of February (about as sharp as a bowling ball, that's me) and now, just maybe, the trend is starting down for real. Too early to tell but at least you can see we're not facing unremitting escalation. Note - we're talking mole reporting here, none of the reports go to hosting IPs which could introduce other factors.

So, if you can, hang in there. Every contribution helps, I'm sure.

If I could try to boil down that last response to a single word, how about "sensitivity"? Years ago, when I only got one or two spams a month, it wasn't that big of a deal. However when it got to several, then 100's a day, it became a big deal. The suggestion I was going for is that you are now more sensitized to seing more spam showing up, especially after finding and starting a tool that is supposed to "fight" spam. Where it might have been "just another 100 spams I've got to delete" a few months back, now it's "damn it, another spam" .... sensitivity levels have changed ...

The "don't open spam" is a definite issue. Outlook Express 6, SP1 added in a feature to "Read as Plain Text Only" .. I can't recall which version of Outlook added this setting, Eudora had the option to "not" use IE for rendering HTML e-mails, several other e-mail apps just don't attempt at playing with HTML at all .. so using these settings / agents prevents the "open and reading" of e-mail from allowing outgoing calls to various sites that are looking for those calls to track the "success" of the spams. And as all those types of call will include your IP address, plus any tracking data including in the URL, possibly even your e-mail address, it's not that hard for spammer to determine which of the spam targets actually "read" the spam, so they now have a "verified good" address to add to their list, ready for sale to the next wannbe spammer that's looking for a "good" list, which of course adds to your incoming spam load. Note, none of this activity has anything to do with SpamCop <g>

The usual problem in the "I started using SpamCOp and now spam is through the roof" is that generally, folks start getting so much spam, they finally decide to try to do something about it. The catch is, the timing is such is that only start fighting after their e-mail address have started the sell/share/swap cycle amongst some spammers, or they've been added to the "make-a-million$$$" CD's that start being sold to the new wannabe spammers ... so it's usually just the timing (and sensitivity levels <g>) that causes the "noticed increase" in spam.

Another factor in not "sending back" to the spammers is to close your preview pane in Outlook Express. Some web bugs work in just the preview pane.

Miss Betsy

Yep, that was about the only solution back before the "Read as Plain text" setting .. and that setting works so "good" ... I sent off an e-mail to one company advising them of their "blank" e-mail I'd just received. Turns out it was over 35k of hTML crap touting their latest upgrade to a product I do use ... Checked their subscription page and noted that they hadn't added an HTML selection box .. so let them know of the business they may never have if they continue to send out their hype without a snippet of plain text, at a minimum.

Yesterday, I'd received one from another software outfit, there was enough plain text to see what it was about (another great deal on upgrading to their latest) .. but the amazing thing, there were absolutly no links showing in the plaint-text portion of the spew ... but looking at the HTML crud, links galor (and I might add, tracking codes on all of them) Yep, I'd kicked off a bit of a note to them about this screw-up.

Dropped off Mom's notebook after a bit of cleanup, she snagged over 20 e-mails as soon as she hooked up, but only 4 of them had any "usable" text ... the rest were the FW: FW: FW: FW: send to everybody on your list type things from several of her AOL-using neices ... Stepped her through looking at the source once again, and she didn't find one that was worth the effort <g> ... Watched her send off a half-dozen "Stop this crap" e-mails. I left while she was still in the happy-to-be-back-online mood <g>

I was interested to read the advice on not opening spams for reporting.

A couple of months ago I read about the web services which record hits
to web pages and suggest (to their spammer customers) sending email
which looks like plain text but with a single white pixel image with the link
in order to track who opened the email. A really good example is
www.didtheyreadit.com
I therefore stopped opening all emails which I thought were SPAM.
This did seem to help. (I also blocked all outgoing messages to
didtheyreadit.com but of course that's only one of many.).

However I still wanted to report those SPAMs, but I use Eudora and IMP
(the latter is a form of webmail). Both require opening of the email in
order to get the full headers and content. I cannot go offline with IMP
(and indeed I hadn't thought of that for Eudora). Luckily, both dump the
spam into a spam mailbox.

For Eudora I go to the personal folder within the Eudora folder on my
local computer, and open JUNK.MBX in Windows WordPad. This gives
the full headers and complete message for each email so it is very
easy to cut and paste each one into the SPAMCOP reporting window.
And of course there is no danger of live links in WordPad.

For IMP webmail I FTP the SPAM mailbox onto my local computer, and
open it in Windows WordPad. Again everything is there without fuss.

Don't use Windows Notepad because it does not retain the hard-returns,
making it hard to see where one message ends and the next begins.
WordPad works fine and is faster than a regular word processor.

Presumably other systems (OS and email) have analagous folders to
open without fear of live links to spammer's address-reporting websites.

I hope this will be useful to someone.

Yet another answer to the same question is Norton Internet Security (or something like it). == in the beginning I use XP pro for an OS, Netscape 7.2 for mail and the web, and norton for virus, privacy and SW firewall.

So norton checks all incoming mail. The antivirus strips out all virus (so far) and flags the message, their antispam white/black list and rules identify spam adding [Norton AntiSpam] to the subject. With corrections the learning program is about 94% correct in identifying spam.

I have Netscape set up to NOT display any remote images to avoide that tell of who read the spam. The Norton privacy feature blocks any output with my addy or domain name in it. {one trick i've seen is what looks like a HTML format download, but it includes "q=x[at]x.com" or something simular to clean up there list of addresses.

This lets me look at the email or the sourse (<Ctrl> U) to make sure it is not something I want before I report it to SC and others. Yes, I want to be sure I report only "real" canned meat. Of course depending on your driving habits, mileage may vary <g>.

All of the above information, or is it below this, is helpful to many I am sure. However, I for one cannot download my email as it is a yahoo account. I have turned off HTML code and graphics, so kickback reports should be stopped when I click the message.

I have noticed an increase in quantity after I began reporting spam to SpamCop. No, I am not a paid member as I'm unemployed and have a hard time finding money for my online account and food. I do have a free account, and I do report as mole.

One thing I have noticed and I wonder about. I usually check out the message before I send it to SpamCop. Check sending IP address, check links in message, check site it directs a person to, the owner, and who/where it is hosted. On several messages I report the information in the form says that this or that company refuses SpamCop reports, that they do not accept SpamCop reports. For one of these I have found that it is because they are not sending to an address that is looked at. For example, if you look up an IP number, it tells you the company name, usually including at least one email address. I know for one particular hosting company that both addresses listed in their IANA data rejects all mail, at least if you are not sending from an account with them which I cannot confirm since I do not have an account with them. After jumping through hoops on the hosting site's web pages I found another address which SpamCop does not attempt to use.

Using the online form does not transfer the html graphic elements into the message, or at least not that I have seen. That is where the links are located, so that means nothing would be reported about those sites. That is why I send them via forward from my email address. I sometimes include the links from the html code in them as well, as several did not show the addresses I located in the code.

So my question about this is as follows; how do I advise SpamCop of an alternate address for a particular hosting site that does not bounce *everything* back no matter the sender? Also, every report I send to SpamCop says that there is no previous reports about this site, or this host, or this web page having activity, even when I've sent 5 reports concerning the exact same host and site per day for several days, so where do those staticstics originate from if not from reports such as I send or do you have to be a paying member to have them count?

Sorry, getting long winded in my frustration. Not just with the quantity of spam but with the lack of assistance from many state attorney general's, the FTC, finding work, etc. Thanks to all.


Frlnce

You can post documentation of your findings right here, or in the spamcop.routing newsgroup.As a mole, you are not sending reports, you are just adding to counters, and your additions don't get listed in the statistics as reports. Perhaps the info on mole mode is not specific enough on this issue?

I continue to believe there is another option employed by high-volume and more sophisticated spammers that hasn't been addressed in this thread. I made a new feature request in April to raise the issue ( Reporting Service- Munging Why Not Munge Display Name and Address?: http://forum.spamcop.net/forums/index.php?showtopic=3850) but got no traction out of it.

In filing reports, SpamCop munges the address but not always the display name; i.e.:

"display name" <name @ isp.com> or display name <name @ isp.com>

are usually reported as:

"display name" <x> or display name <x>

When unscrupulous ISP's forward SpamCop reports directly to the spammer, the display name can be matched to either a mailing list containing the address or to the address itself. In other words, the display name can be used to validate the address associated with it and cause the address to be retained on the spammers "core" list. Enhancing SpamCop munging to deal with both the display name and the address would elinimate this potential.

I munge display names and return addresses where they contain my real name or a pseudonym that I have repeatedly received. It is a pain and takes more time to report, but I believe it has had a significant impact in my case. Spam volume has decreased from 100's per day to generally 20 or less, with most of the remainder coming from a few repetitive sources.

SpamCop could help all of us by munging the display names, thereby making the reporting process more efficient and removing the transparency of the display name to the spammer. Can we get a little help from the "powers that be"?

Bob, I would have joined you in your request, but as I don't munge my SpamCop Reports any more, I didn't feel it was my place.

Jeff:

If you believe the issue & request has merit, support from you and other moderators would be helpful in getting some change off the ground. We "minions" out here have a more difficult time penetrating the inner sanctum!

It seems the enhancement would be a relatively minor undertaking. Giving some "bang" to those of us who report to the benefit of all would pay dividends all around. I hope you and your colleagues will reconsider and help to get this thing into motion.

Bob

You seem to think that the moderators get preferred treatment in some way. That is not the case as I have seen it. We are simply normal users, like you, who have been around for a while and asked to help police these forums, nothing more.

Steven:

I didn't mean to ascribe any super-natural connections to you moderators. You may be only one of us, but your tenure and exposure to various issues over time, valid and invalid, lend credibility to your opinions. As I said to Jeff, if you believe the issue and suggestion have merit, your support would be helpful.

Bob

Jeff has made MANY reccomendations on new features, some on his own, some agreeing with an existing request. I have as well, but not as many, and very few of mine actually make it to the top of the to do list. I don't know how Jeff's numbers compare.

I really feel there should be additional staff added to the codebase "team" to handle some of these things but realize that is not likely to happen.

Fewer of my suggestions have come to fruition (on a percentage basis). I'd like to think that the "Personal IP Whitelist" idea I suggested in my "New Whitelists" posts starting with http://news.spamcop.net/pipermail/spamcop-...ber/011976.html and continuing with http://forum.spamcop.net/forums/index.php?showtopic=143 and http://forum.spamcop.net/forums/index.php?showtopic=3260 grew into Mailhosts.

Due to freak timing accidents, the following was multiply posted and multiply deleted:
Jeff & Steven:

I appreciate the effort you guys and others put in on the Forums. I agree with Steven that more horsepower on the codebase crew would help bring more worthwhile ideas to fruition, but I suppose all we can do on that front is to continue to ask. Still, I don't feel that voicing your support for worthwhile suggestions should be overlooked. Your perspectives are valuable and your opinions are noted -- by us and by "them". There is strength in numbers and the credibility of your involvement can make a difference.

Bob

Jeff & Steven:

I'm not sure what happened above, but this is what was intended:

I appreciate the effort you guys and others put in on the Forums. I agree with Steven that more horsepower on the codebase crew would help bring more worthwhile ideas to fruition, but I suppose all we can do on that front is to continue to ask. Still, I don't feel that voicing your support for worthwhile suggestions should be overlooked. Your perspectives are valuable and your opinions are noted -- by us and by "them". There is strength in numbers and the credibility of your involvement can make a difference.

Bob

I'm with you there Bob, but as mole I shouldn't really have a beef. "Don't call me Shirley," just an irritation factor for me. I think it all (arbitrary display names) started as a way for spammers to differentiate their spew from viruses which used to be fairly easily identifiable by the lack of anything in front of the address. I've seen code in broken spam like "%RND(female_name)" (little devils practicing their "human engineering" on the back of research indicating men expect, against all evidence, to be less harmed by women than by other men). But, as you say, it can be used for tracking. The trouble is, there are so many other ways. The first thorough canvassing of that I can recall was here back last year. There seems to be the effective (non) response of "if it can't all be fixed, why fix any of it?" Which is a "convenient" rationalization, to put it kindly. So - please go to it SpamCop, this is a relatively easy one, one more tick on the checklist, improve the munging (or "mungling" as that Dutch guy used to say) by "x"ing the handle/display name.

Hi All,

I have been reporting as 'mole' for a few months now. Having read the posts above I realised for the first time that 'no reports have been sent'. This is a clarification for me and I second the suggestion that the nature of mole reporting be clarified up front, especially for newbies like me.

A suggestion as to features desired, why not have a list of suggestions posted that people can vote for and rank them in order of votes? This would empower the 'serfs' and ensure that the 'lords' are focused on what is actually wanted by users of the service. Differing levels of voting power can be allocated relative to the influence of the position/status held. [BTW I borrowed this from the Linspire CNR Warehouse, where it has recently been implemented.]

Recently I have been looking closer into the parsing of SPAM and the reasons for certain Spamvertised sites not being reported. What I am seeing is that some Spammers are getting quite clever at using throw-away URLs that simply point to a web site that does not move [as much]. They can use expendable open relays to send from and now they are adding expendable reply-to addresses. This means that they can keep their main site less vulnerable to reporting and shutting down.

[Example:]
This actually takes my browser to MyCanadianPharmacy which I have seen from many similar URLs to the above.

One question I have is, if mole reporting does not send any reports, are they being made use of for any other purpose than adding to black-lists?

Another question I have is, if the parser is having difficulty finding the ultimate 'target' that the Spammers want people to go to [I have read some discussion on this and it seemed to be related to time-outs and the SpamCop server being overloaded], would it not be possible for the user's computer to supply the information? After all I have never yet failed to get to the 'desired' URL when putting it into the address field in my browser. It is not a question of obfusticating the URL, rather it is the use of forwarding URLs with built in time delays that only stop the parsing machine but never a browser.

Looking deeper into the habits of Spammers, I think that I see a pattern of them grouping together with 'suppliers' who are willing to provide the necessary services, such as DNS, Domain names, etc, that keeps them in business after they have been 'shut down'. After a few days delay they are back in business with a newly registered domain name and DNS server.

Another suggestion would be that SpamCop go after these providers or their up-stream providers as this would increase the difficulties for the actual Spammers exponentially.

I hope this can be clarified by more experienced people. I am rather out of my depth here but hope my ideas can help.

Paul

A user can always send individual private reports, but at this time, I do not believe that SpamCop has any interest in going after the forwarded links.
SpamCop does what it does for its on reasons and until such time as management feels inclined to make changes to its current methods, we users will simply have to learn to live with its limiltations.

From the Link in the FAQ: What is Mole Reporting?andSecurity concerns would be one problem (you would need to allow spamcop to make a dns lookup from your machine) as well as timing issues (for your information, a web browser will wait a relatively long time retrying an address before throwing up an error).

It would be an interesting thought to use the distributed computing model for it, however. This would reduce the computer overhead and allow longer timeouts for things, though the immediacy might be affected. Imagine having your own "spamcop reporter" on your machine which checks it's version against the master for updates, and parses your messages and sends them out. One trouble would be getting any replies to your reports anonymously.

SpamCop.net - Sign up for SpamCop reporting states "Register as a "mole"? [_] What's this?", which links to What is "mole" reporting?, which states the following:What is confusing about that? Thanks!

Yes, my thought is that experienced users could have some code to run on their computer that would interface with SpamCop and report back the data that is being missed by their parser due to load and timing issues. This would help more than just refreshing the query multiple times as well as taking some load off the server.

I am not sufficiently up with distributed computing to know how practical this might be but it may be worth looking into if someone does have the expertise.

Paul

And to pile on all the Mole stuff posted thus far, please see an item in the Announcments section ... Mole Reporting is Back .. as seen thus far, it's not the data has been forcefully hidden away ....

Take a look at Screen sizes / resolutions .. over 600 views, 24 votes, yet this is something for this very application ...

Not sure why you call this "new" ... perhaps "you" recently discovered/noticed this, but ...

Take a look at a walk-through I built up for someone else at http://forum.spamcop.net/forums/index.php?showtopic=5200

Have you also read through SpamCop reporting of spamvertized sites - some philosophy ?

You are mixing symptoms, facts, and results in a bad way. The parser does not follow "forwards" (see the analysis of a browser interaction with one of these referenced above ... the "does not resolve" is not based on a meta-tag delay/refresh/forward codebit ... "your" browser does not have to handle the queries caused by 100's of spam submittals a minute and do all the additional parsing, tracking, recording, sorting, display, e-mail creation, etc., etc., ec., that the Parsing & Reporting system is being tasked to do .. so there are time limits placed on certain functions ...

Again, you may find this "new" ... but ....

There was once an experimental phase of expanding the SpamCopDNSBL listing beyond "just the IP spewing the spam" .. rather like a SPEWS escalation ... the collateral damage from this type of expanded SpamCopDNSBL listing brought that to a halt, not fitting into the actual intent of a SpamCopDNSBL listing ... You want expanded IP blocks, upstreams, etc. .. there are other BLs that do this.

Well, I have just processed two new Spam emails, both of which link to a new web site.

Submitted: Wed Nov 9 07:44:12 2005 +1300:
General health

* 1550725889 ( 200.121.122.208 ) To: mole[at]devnull.spamcop.net

Submitted: Wed Nov 9 07:44:05 2005 +1300:
Women's health

* 1550722803 ( 24.226.233.3 ) To: mole[at]devnull.spamcop.net


On poking around on the 'new' web site I find that it is a reincarnation of MyCanadianPharmacy, complete with a bogus Verisign certificate: --



I tried putting just the URL of the Spamvertised site into the parser, several times, but with the same result each time -



I accept that SpamCop regards this as secondary to blocking the source of the Spam, but that seems to be a rather feeble way of combating Spam. There is an unlimited supply of compromised computers that can be used to send out Spam and shutting them down will be an unending task.

Paul

The DNS for iocdqm.polartop.net currently scores an F (failing grade) per http://www.dnsstuff.com/tools/dnstime.ch?n...rtop.net&type=A - no wonder SpamCop's Parser has trouble with it.

I'm not quote sure I'm following why this is in a Topic titled "Seems like more spam now" ... Hoever, please provide a Tracking URL un the future ... Report ID numbers are only usable by yourself and the Deputies ....

As Jeff G. already stated, the DNS for this site sucks ... and this stuff was just hashed over a few posts back in this very Topic ... However, the following data is provided if you want to get involved in "sgutting the spamvertised web-site down" ...

whois -h whois.PublicDomainRegistry.com polartop.net ...
Registration Service Provided By: TRI RUBLYA J.S.C.
Contact: +7.8123760140

Domain Name: POLARTOP.NET

Registrant:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Creation Date: 01-Nov-2005
Expiration Date: 01-Nov-2006

Domain servers in listed order:
ns1.healzymen.info
ns2.yourbestmedz.info
ns2.healzymen.info
ns1.yourbestmedz.info

Administrative Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Technical Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Billing Contact:
Pero Strbe
Pero Strbe (nfhbdyrt[at]yahoo.com)
Stjepana Radica 1
Metkovic
Medjimurakazupanija,20350
HR
Tel. +385.20681031

Status:ACTIVE

You should note the shiny "creation" date ..

11/08/05 13:53:32 Slow traceroute polartop.net
Trace polartop.net (211.172.244.173) ...
61.33.1.162 RTT: 199ms TTL:224 (No rDNS)
211.233.88.156 RTT: 212ms TTL:224 (No rDNS)
211.233.95.2 RTT: 220ms TTL:224 (No rDNS)
211.234.120.138 RTT: 210ms TTL:224 (No rDNS)
211.172.244.173 RTT: 210ms TTL: 49 (polartop.net ok)

11/08/05 14:05:05 whois 211.172.244.173[at]whois.nic.or.kr
Please contact following ISP for further information

[ ISP Organization Information ]
Org Name : Korea Internet Data Center Inc.KIDC, 261-1, Nonhyun-dong, Kangnam-gu
Service Name : KIDC
Org Address : KIDC, 261-1, Nonhyun-dong, Kangnam-gu

[ ISP IP Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2086-2924
E-Mail : support[at]kidc.net

[ ISP IP Tech Contact Information ]
Name : IP manager
Phone : +82-2-2086-2924
E-mail : ip[at]kidc.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2086-2918
E-mail : security[at]kidc.net

As far as the "forwarding" aspects, apparently there's some .htaccess or possibly some .PHP coding going on with this site (and various sub-domains) as though I can GET the web-page connection data, there is no actual 'content' being returned in my testing ...

Not my spam, only playing with snippets of some data as provided ... yet also noting that even if the sites were resolved by the parser in your case .. so what? Mole reports don't go anywhere directly anyway ...????

Unending task? Yes; but it is the task that SpamCop has chosen to take on.
SpamCop is not the cureall for spam, it is but one small part of the battle.
SpamCop provides a specific and limited service and encourages the use of other blocking/tagging lists, filtering methods, and other practices that all work together to help fight the spam war.
SpamCop's email service makes use of several outside BL's as well as an very flexible filtering system plus the use of white and black lists.
The parser is a very good tool, but it is far from perfect. The cost in programming time and hardware to try to make it a perfect tool by far outweights the benefits of doing so.

I have just reported another Spam and Spamvetised site that the parser could not identify. Tracking URL:
http://www.spamcop.net/sc?id=z827425775ze1...cd7ca748ae42cez

However a DNS search did succeed

I now understand the position that SpamCop takes on these Spamvertised sites but it would be good to see the information being at least reported and handed on to others who can take action at that level.

By the way, I have seen a couple of interesting sites that move the play forward.

http://www.internetperils.com/index.php

and
http://bestprac.org/

I would be interested in others' thoughts about the above, particularly, as it echoes my own thoughts almost 100%

also
http://www.antiphishing.org/
for help in reporting Phishing sites.

Paul

And again, I find it interesting that you appear to be set for mole reporting meaning effectively no reports will be sent anyway.

I guess there are a lot of things we might want the SpamCop reporting system to handle but the developers focussed on doing the primary task of identifying the sending source of UCE and it does this exceedingly well.

I'm glad they've kept the focus and not been diverted into extra functions which are secondary to the primary objective.

Andrew

And to build on Steven's reply, your posts and your actions are in total disagreement. The tracking URL listed indicates the following It is hard to follow the train of thought here. Being a mole means that no report would be sent, even if the site was found.
Note: that even though you see "Report sent to:" notice the destination @devnull.spamcop.net or said in other words "sent to the trash can - report can not be delivered"
There are several reasons why reports will be sent to the trash "@devnull.spamcop.net" instead of being delivered; some of which are:
1) you are reporting as a mole - no reports are ever sent
2) the receipient has been bouncing reports, or has requested that SpamCop stop sending reports.
3) the address appears to be invalid and has been redirected to the trash.

Note: this post has been edit in respose to comments by Farelf, a proactive mole reported who stated: note: text in red added to maintain original context. Faralf, thank you for your input.

Hi Steven,

Well, I started sending Spam to SpamCop at the end of July this year. When deciding how best to do this, while not exposing myself any more than necessary, I chose to take the 'mole' status. However at the time I had no way of knowing all the ins and outs of this, or of SpamCop's focus on blacklisting sending sites. In fact I am still learning.

I would have imagined that SpamCop would take the mole reports, aggregate them and then take whatever action deemed appropriate with this information. The risk of back-lash from Spam Gangs, rogue ISPs etc would be better known by them than the uninitiated user and their resources to deal with then also greater. I would be surprised to learn that my efforts have been entirely in vain with respect to Spamvertised sites. But if this is the case, and can be verified, then I will divert my efforts at reporting such elsewhere where the information will be acted on in some useful way.

Where is this policy on the part of SpamCop enunciated?

Paul

THe last publicly available information is in the SpamCop FAQ:What is "mole" reporting?... ...

Your reporting is not "in vain" but since spamcop's database is populated ONLY with the source of the spam, my reading of mole reporting means nothing is done with the spamvertized sites found, making complaining about not finding the spamvertized site information pointless for you. However, it is a problem and in the altruistic sense you are helping other (non-mole) users of the service.

Are you following any of the links previously provided? Just which of the FAQ listings have you looked at yet? I'm having a hard time coming up with why you seem not to be able to find any of this data, with three different versions of the SpamCop FAQ existing in public, and all three have links to "What is Mole eporting?" ....???? .... and I previously made note of an existing item in the Announcements Forum that includes dialog between myself and the SpamCop Admin ...

I think that someone has already said that SpamCop concentrates on the source IP addresses.

AFAIK there is no other place to report where the information will be acted on in some useful way unless you learn how to report manually.

Miss Betsy

Hello Miss Betsy and thank you for your previous comments which I have not been able to reply to. I appreciate your more mild and positive responses.

Taking the hint from yours and earlier postings I went in search of alternative places to report Spam.

A simple Google search brought up : --
'Reporting Spam' in Google search.
Results 1 - 30 of about 12,200,000 for reporting spam. (0.31 seconds)

Some sites where various types of Spam may be reported, derived from the search, are: --

* FTC Consumer Complaint Form
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

This goes on to state: --

"If you have a specific complaint about unsolicited commercial e-mail (spam), use the form below. You can forward spam directly to the Commission at SPAM[at]UCE.GOV without using the complaint form. "

* Spam Reporting Addresses
http://banspam.javawoman.com/report3.html#piracy1

This URL has a lot of specific email addresses to which Spam may additionally be reported.

Moderator Edit: Large snapshot from Marjolein's site snipped here. Time to once more state that her web-site is also found within the Forum version of the SpamCop FAQ. linked to at the top of this page.

One site that interested me is SpamX.com, offering a 30 day free trial of the SpamX software.
[$30.00 for one-time licence]

Anti Spam for any OS -
Block & Report junk email -
Mac, Windows, Linux, UNIX, Solaris

Note, this program not only filters Spam, but will send reports to the right parties, as determined by parsing the headers. It does not use black-lists or lists of user-made 'rules' but relies on parsing the header to determine whether it is Spam or not [claiming a 99% success rate].

It is cross-platform, based on Java.


So basically this program enables both filtering Spam, at the ISP before downloading to your email client, processes the spam in a secure environment, parses the headers and prepares reports to the sending ISP as well as third party email and web addresses spamvertised - all that SpamCop does and more.

http://www.spamx.com/

Moderator Edit: snipped Meta tags. Can be seen if above link is followed. Further "advertising" for the same product was snipped, also available by following the above link.

I hope this information is helpful for others who feel, as I do, that reporting the target sites that provide the payoff for Spammers is equally if not more important than black-listing their sending sites.

Paul

using spamcop to report spam (free version) you are best use a free throwaway email account like
hard_2_guess_99[ AT ] hotmail com

mole status does not much. except, help statistics (bit unclear myself on latest rendition)

Better still is to get a SpamCop email account Whitelisting NZ would allow a major majority of your colleagues through but not spam (which SpamCop filters should stop)

I have back-tracked through the SpamCop site to see what it actually says and have to disagree with most of what has been said to me here in the forum.

The page "SpamCop FAQ: What is "mole" reporting?" states: --


To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics. That should be just as effective, as the preamble states and just as ineffective as sending detailed reports to Korea or China.

One would hope that the information is being passed on to other organisations who would be interested in validated information on Spam and Spammers and their Spamvertised sites.

And, by the way, it was only several clicks deep into the site that much of the information in question became available and was clear only because I have used the site, this forum and thought and discussed it quite a lot. In my opinion, the information needs to be made available up front and in order much more than it is.

Paul

I am sorry to disagree with your interpretation and suggest that you take a closer look at the displayed results after you click on Submit Reports.
All reports that have been sent are listed.
As a mole reporter I believe that the only reports listed will look like the following taken from one of the URL that you posted.
This indicated that only one report was sent. But note to where it was sent: mole[at]devnull.spamcop.net devnull is the unix trash directory.
SpamCop maintains a summary list of all "reports" generated which is grouped by report type.
So lets take a look at what is on file for 201.124.182.2 which you reported.The following also provides some information http://www.spamcop.net/w3m?action=blcheck&ip=201.124.182.2
Summary reports are just that, summary.
They list know many times reports have been submitted (includes mole reports)
These summary reports are made available to ISP's that request them. They must be requested.
So to restate.
Mole reports are not actually sent to anyone other than the unix trash can.
The do increment the report counter in the summary report.
And they may possibly also be used to increase the time that a IP is listed. (Note: that there is much confusion about this last point and it would be nice to get it clarified with an official statement. But I do not hold out too much hope for that.)

I believe there is a "part" score added to SCBL for mole reporting, as is the count used by SpamCop's Spam Traps
A larger score/count is used by a "normal" SpamCop report meaning a Normal and or unmunged report will list a spamming IP quicker

IIUC, the statistics are published on the spamcop website for the use of ISPs, but no reports are sent to anyone. It is easy to see why you would assume that possibly reports of statistics were sent.


I think it is 'offered' but not sent. IOW, an interested person would have to seek it out.


Yes, much of the information about how spamcop works is only available to those who have spent some time ferreting out information. I, too, think it is a mistake. However, the TPTB are single minded - the primary purpose of spamcop is to identify the source of spam, provide a way for ISPs to prevent spam from entering their systems while there is spam spewing, and to provide reports to responsible admins that something has gone wrong so they can fix it. Everything else is 'extra' and, is added and maintained as long as it takes minimal effort - including documentation.

The volunteers in this forum (and others in the newsgroups) try to make it easier for others to use and understand. Your viewpoint would be welcome to examine the Forum (version of the SpamCop) FAQ (nobody has any influence on changes in the official FAQ) and make concrete suggestions in the FAQ Under Construction forum.

Having signed up long before there were 'mole' reporters, I can't make any comment on what was presented when you chose that option that would make it clearer that no reports are sent. As a matter of fact, I believe that it has gone back and forth several times on whether reports are sent so possibly when you signed up, reports were being sent. I haven't been able to keep fully informed and perhaps Wazoo can give you a correct version.

Miss Betsy

Moderator Edit: added a bit so as not to confuse someone trying to follow the link to the Forum FAQ and wondering what was missing.