Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by mshalperin

  1. mshalperin

    Forwarding and FAQ update

    No, the filtered spam is deleted, not forwarded to your new email address. There will no longer be a "held" folder on spamcop.net.
  2. mshalperin

    CESmail System changes

    Which is why when a service is cancelled, prorated refunds are offered. The that there was no mention of any in the announcement indicates that refunds are not currently being considered. Refunds may not be possible if CESmail is bankrupt or assets seized, but do you really think they had no idea if plans to terminate service Saturday afternoon (when they were still accepting payments)?
  3. mshalperin

    CESmail System changes

    Hardly infinite, and none particularly charitable. It's really irrelevant whether Cisco or CESmail initiated the termination. The "take-the-money" quip was in response to others' speculating whether there would be refunds when they were accepting payments up to the day of the announcement, and made no mention of refunds. The fact remains that the Cisco "forwarding service" is dangerous unless there is access to the culled spam or the ability to disable filtering.
  4. mshalperin

    CESmail System changes

    The exquisitely uninformative wording as well as the Saturday night massacre timing of this announcement suggest that either it was a poorly thought out last minute decision or a take-the-money-and-run scam.
  5. mshalperin

    CESmail System changes

    It remains unclear what happens to the emails trapped by Cisco Reputation system. Are they forwarded in a separate folder? If not, and they are just deleted, that creates a major risk of losing legitimate mail.
  6. I occaisonally get this error message: Finding links in message body Header data found in body, aborting link detection All of these were submitted using VER, without any modification. Is this due to corruption of the header or a tactic to block Spamcop parsing of links? http://www.spamcop.net/sc?id=z778653289zb3...0fd5cb64fcbacdz
  7. I entered my Knujon registered user forwarding address in the Personal Copy forwarding (Bcc) box in Spamcop preferences. After reporting a few spam, Spamcop disabled forwarding to this address citing: ******<at>coldrain.net bounces (8 sent : 8 bounces) ******<at>coldrain.net does not wish to receive mail. Bcc prohibited. Knujon technical support checked the address and found it to be working and I'm able to directly forward spam to it from my computer without bounces . Previously, I used "nonregistered<at> coldrain.net" as the forwarding address and hundreds of reports were sent from SpamCop without problems. I'm not clear how long the registered address stays disabled - does it get retested? How do I get it "enabled"?
  8. I got one of these today too: http://www.spamcop.net/sc?id=z1259829433z4...324ac6c48885ecz
  9. mshalperin

    user damaging spammer provider

    It's likely that there were reports of these sites from other users. The KnuJon reports only shows the number reported by you.
  10. I heard from Don who found a lookup problem with my Cold Rain address which led to bounces, though it's unclear why this happened only with mail sent from Spamcop. Also, coldrain.net has no MX record. He reset the bounce counter to allow Spamcop to sent mail again to that address. I've forwarded about 30 spam reports since then over the course of the day and there hasn't been any indication of bounces or the address being deactivated again, so it appears to be working now. Cold Rain Tech./KnuJon couldn't find any problem at their end, so I'll pass it off as a glitch that resolved itself...
  11. That's how I'm doing it now since SpamCop won't forward to my KnuJon address. I use SpamCop email service and do my Spamcop reporting via VER. I also import SpamCop mail via IMAP to my email client (Entourage) and and forward the spam to KnuJon as attatchemnts. This works well, though adds another step. I don't know if KnuJon has any use for SpamCop parsing/reporting results.
  12. I'm not sure why they switched to the personal copies route as this sends copies of every report generated by a spam (source, 3rd parties, each spamvertized site, etc.) whereas the public standard sends only 1 report per spam. It does free up space in the public standard slot to use for sending reports to other agencies. I forward all spam to KnuJon and let them sort it. Many have gif spamvertized sites that I don't have time to manually parse. Many others, such as stock bump and dump and fake diplomas, don't have spamvertized sites and KnuJon is interested them.
  13. I tried it there too and it was disabled as well. The "Personal Copies" box is now the preferred way per Knujon instructions.
  14. OK, I see what you mean. I've never posted my email addresses (in any format) in any public forum. If my addresses are in the "public domain", they were either stolen or sold from supposedly private listings. I always refuse permission to distribute them to "affiliated" 3rd parties. Anytime I publicly post a reference email address (not mine) on a public site, I write it with "<at>" instead of "[at]" to avoid automated harvesting.
  15. The webmail site spam filtering setup instructions state the following about SpamAssassin: I understand from a prior discussion here that SpamAssassin is now employed before rather than after the bl's, with the effect that the BL's now block the few spams that escape SpamAssasin. From what I know about it, SpamAssassin can internally access various BL's, in addition to its heuristic content analysis. My question is how is it set up fot the SC webmail site? Are the non-Spamcop BL's accessed through SpamAssassin or independenly after it is applied? If SpamAssassin is using the BL's - does it indicate this besides the assigned score? Thanks.
  16. I'm not sure what you mean by "posting in bot readable format". The addresses you found were only given to ( apparently) legitimate businesses, forums, etc,, that I deal with and always given as confidential. For the last 6 months I have submitted SpamCop reports un-munged without any dramatic change in spam volume or sources. I have other addresses that I've kept private which haven't been spammed so far. My spam volume is still manageable, so I've left the "public" addresses active partly as my personal spam traps.
  17. Maybe, but last month when SpamAssassin was broken on some servers, I still didn't see anything picked off by the SCBL. A lot more were caught by various other BLs, but not SCBL. I don't know in what order they are applied - possibly the SCBL is last. All I can say is at that time I got large amounts of spam in my inbox and what did get held wasn't by the SCBL.
  18. Maybe that's it. I have all available BLs activated (reset all of them to be sure) and SpamAssassin threshold set to 2. i used to get at least some filtered by SCBL... Recently I've been getting more with geocities as the spamvertized site sent from probable bots, which often makes to to the inbox and is never filtered by any BL. Most of it is drug, phony loan, penny stock, Nigerian, porn, etc., with spamvertized sites form China, Korea Pacific Rim, Russia, Brazil, etc. spewed from botnets.
  19. For the last 3 or more months and >5000 filtered spams, I've seen absolutely zero spam filtered the SC BL in my Held folder. SPamAssassin filters 90-95%, but the remaining are caught by the other BLs. Even during the period last month when SpamAssassin was malfunctioning and far greater percentage was filtered by the BLs none was caught by the SpamCop BL. Has there been a change in the implementation of the SC BL in the SC webmail service? At this point, it would make no difference at all if I disabled the SC BL, leaving the others functioning.
  20. Recently I've been seeing multiple gif type spam in my inbox because it is "whitelisted", though the "From" address isn't on my whitelist. The header shows my cessmail address as the Return-Path which apparently gets it auto-whitelisted as if I sent the message to myself. I don't know enough about the header to understand how "return-path" gets to be different from the "From" entry, but this seems to be a very simple way to force whitelisting on this system http://www.spamcop.net/sc?id=z1153258077z9...ea1e8461a09da1z
  21. Thanks, I did find my address in my whitelist and deleted it - don't remember ever putting it there. In these cases the spammer is specifically inserting the "To" address into the return-path. I'm not seeing bounce-backs where my address is being used for a whole batch of spam and it seems to me it is a tactic to invoke whitelisting. Is there a distinction between "return-path" and "from"? - Is there any legitimate reason for there being different values for these?
  22. mshalperin

    Strange webmail logon message

    Whenever I login to the webmail site I get the following message: "Last login: Sun 18 Jul 2004 05:33:20 PM EDT from 1800specialoffers.com" What's with the 1800specialoffers.com??? My ISP is RoadRunner.
  23. mshalperin

    Strange webmail logon message

    At the time it appeared to me that I didn't get the "logged on from 1800Specialoffers.com" message if I turned off an addware blocking feature of PopupDummy. On your advice I contacted the PopupDummy author who could see no connection. With more investigation, the association with PopupDummy settings was spurious - just random. There is no connection between 1800Specialoffers.com and PopupDummy or any other vendor.
  24. mshalperin

    Strange webmail logon message

    I originally started this thread in July 2004 because I would get a message from the SpamCop Webmail site that I had logged on from "1800Specialoffers.com." I got the same feedback from other sites as well. It turned out to be due to my assigned static IP address having this as its reverse DNS listing (but no forward DNS listing for 1800Specialoffers.com). Presumably, this entity once used this IP address and didn't get cleared out of the reverse DNS. DNSstuff.com had that IP address listed as on one or more spam BL's under that name as well. I got a new IP address and this issue was resolved.
  25. http://www.spamcop.net/sc?id=z846331382z4e...0d260be8a38ce2z Every time I get a spam with geocities.com as a spamvertized website, I have to reload the page many time before the parsing "takes". This is usualy at least 10 times and I've gone as far as 27 (in an obsessive moment) before it processed (Yahoo.com). OTOH, the single line parser gets it on the first try each time I've tried. I'd rather it appeared as a parsed spamvertzed site than a user notification. Why would the primary parser have such a difficult time with this frequently seen site?