For the past couple of weeks or so, I have noticed that there is much more spam is making it into my spamcop email account than there used to be. Almost all of it is advertising GeoCities URLs. When I report this spam, the URLs don't get seem to get parsed for some reason, since there is almost never an email generated to Yahoo/GeoCities abuse. There is only mail sent to the admins of the network where the spam originated.

I don't understand why so much of this is getting through. There doesn't appear to be anything particularly unusual or complicated about the emails. They're for commonly-spamvertised products like pharmaceuticals and penis-enlargement crap, and contain spammy keywords.

Here's an example: Tracking URL for recent spam

Is there any way to cut down on this? I use IMAP, and not the webmail interface, so it's my understanding that using the filter mechanism in Horde won't help.

You are correct, the Horde webmail filters will not help. The IP address for the message shown is currently listed, but possibly was not when you received the message. There are currently lots of reports against it right now, however. It is also listed at several large bl's:
dnsbl.sorbs.net
bl.spamcop.net
cbl.abuseat.org
pbl.spamhaus.org

What bl's do you have spamcop checking?

I'm wondering if you have all the available blacklists turned "on" in your SC email config? The reason I'm wondering is that the source IP of your sample message is listed in all of the following BLs right now:

cbl.abuseat.org
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
dnsbl.sorbs.net
dul.dnsbl.sorbs.net
no-more-funn.moensted.dk
sbl-xbl.spamhaus.org
spamcop
xbl.spamhaus.org

The SCBL listing happened about 3 hours ago, but apparently after you received the message. The CBL listing happened at:

2008-02-18 15:00 GMT (+/- 30 minutes)

which is only 10 minutes before the SC email system accepted the message on your behalf. The IP is also listed in the SpamHaus PBL, but IIRC, the SC implementation of PBL blocking is a bit lacking, in that it *should* have caught this one for you, but I've previously reported in this forum about the problems with the PBL implementation.

The parser probably should have offered to send a report on the URL, however, unless there's something specific about that host that I'm not aware of.

(on edit) Looks like Steven beat me to the punch on this one (we were both composing our messages simultaneously). Steven, there are problems with the SC email implementation of several of those BLs...you and I have discussed this, and this poster's problem is further proof that I'm probably correct...hope you come around eventually. :-) And if we had SORBS back....another thing I've asked for....it probably would have been caught.

DT

I only had SpamCop's BL selected -- I set up this account years ago and have never really changed anything. I will look through and see which others I might want to enable. Thanks for the tip.

In a recent discussion in the newsgroups a couple of senior commentators between them proposed a DNSbl set of:

bl.spamcop.net
cbl.abuseat.org
zen.spamhaus.org (alternatively just pbl.spamhaus.org)
dul.dnsbl.sorbs.net
list.dsbl.org

And recently, in grc.spam, poster ObiWan reported good results with:
ix.dnsbl.manitu.net (from heise.de)
The point of that one being, like SC, it is what is lightly called "zero maintenance" meaning delisting is automatic - after 72 hours spam-free (and yes, the "zero maintenance" description would give both Heise and SC staff a wry chuckle). A quick sampling of listings in SC's HoS shows surprisingly little overlap between the two bls. I was sorta expecting the same "usual suspects" but with greater persistence in the manitu.net one but the fairly low initial coincidence means a lot more data (IP addresses) would need to be sampled over a longer time interval to test that (not having access to report history myself).

Anyway, could be worth a try, another array of spamtraps in play and "faultless" delisting.