Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About ewv

  • Rank
  1. The errors are still occurring.
  2. I hadn't subscribed in a long time, but this is what I just found posted at 9:22 EST::
  3. Don't they monitor the functioning of their own system? There has been no public recognition that they even know there has been a fatal problem for over 16 hours. Is there anything on the newsgroups?
  4. spam submissions have been failing for almost 10 hours now. Isn't anyone there monitoring what is happening?
  5. This is the Postfix error I reported to Don last night. No response yet. <quick.*********[at]spam.spamcop.net>: host vmx1.spamcop.net[] said: 554 #5.3.0 Server Error (in reply to end of DATA command) It started yesterday.
  6. This bug in the parser even with common domains like xx.geocities.com is still there and seems to be getting worse. Entering a geocities subdomain into a separate window results in an immediate response while a full spam submitted still results in inconsistent failures. I have seen the same spam, including geocities spam, on different refreshes result in: - no links found - links found and simply dropped with no error message - the first link properly identified with the rest dropped Normally, geocities links in spam are simply dropped, with even dozens of refreshes failing to resolve them. In the past, refreshes worked more often. At least one spammer is exploiting this with repeated use of geocities links. Some now include several such links. The inconsistent behavior and poor error messages detracts from the credibility of all url parsing -- one never knows if all the links have been found, if "no links found" is believable, or if the reporting addresses are complete. This bug has been well known for a very long time. It and the fact that it has evidently been ignored are extremely frustrating and annoying, it has caused much wasted time, and spam reporting is being delayed or dropped because of it.
  7. ewv

    New Spam Trick?

    Does that mean you don't think that spam should be reported? This isn't a game; they are criminals. The laws against them are inadequate, so for now all we can do is report their activities to black list their sources or get their ISP's to shut them down
  8. ewv

    New Spam Trick?

    Treat the aliases invented by the spammers as spamtraps. Explicitly alias them into a new account explicitly set up for spam reporting. For the aliases you are sure would only be used by spammers, set up a procmail scri_pt on the server to automatically QuickReport them to spamcop. You can archive them on the server, but you don't have to even see them in your mail client. Then let them spam themselves into oblivion. You can elaborate on this in different ways with white lists, automatic forwarding of subcategories to spamcop for confirmed reporting, etc.
  9. I encountered the same problem this afternoon. One particular spam that had been forwarded to spamcop hung in the parser repeatedly, ending with the same sigalarm error message. When I pasted it into the spamcop window, however, the parser did not delay or hang, but gave the message that the spammer url could not be resolved. I pasted the domain name alone into spamcop and also did a traceroute on it, confirming that it was in fact unresolvable. I forwarded the spamcop id to Don.
  10. ewv

    Exact duplicate spam

    ewv: wazoo: spam is reported using the preferences parameters of the browser login, not the account under which it is forwarded to spamcop, so there is a conflation in the identify of the reporter.
  11. ewv

    Exact duplicate spam

    StevenUnderwood wrote at post #5: What defines a unique "reporter"? The spamcop account under which the spam is forwarded or the spamcop login under which the report is confirmed or something else?
  12. ewv

    Why is reporting blocked?

    The reporting addresses of the type cited are working again. Whatever was meant by the phrase "your spam construction", I had long ago submitted at least one example of the link pattern in the example I cited, as well as other patterns, per http://forum.spamcop.net/forums/index.php?showtopic=1549. I routinely see a couple of recurring patterns (with variations?) for which the parser does not find the links. (The example I cited still doesn't work.) I don't know if the samples have been lost or how often to report them because there is never any acknowledgement or feedback, it's hard to tell if there is some subtle difference, and the instructions say not to submit examples using different instances of the same problem-spam. I assume that spammers not only read the forums but also (especially those using a bogus/multiple link strategy) try out their schemes on the parser in advance of spewing. This isn't exactly a secret operation. At least what they don't know is what else I am doing to track them down and report them. (Also, thanks for moving the post to the intended forum.)
  13. Why is reporting of this spammer's web sites being blocked? This spammer is repeatedly spewing out repetitive spam with ever changing URL's for its website. The spam web page links have the same .cn reporting addresses, but with some variation in IP addresses. (Its spam generates the "too many links" error because the parser does not weed out other URLs in a repeating pattern; they are easily found manually.) Recent example: http://www.spamcop.net/sc?id=z528258817z83...2b021a9f6b44afz Tracking for one of the two obvious spam domains: But: The domain iepurchase.com, from the same spammer and which generated reporting addresses earlier today, now results in the same failure. --------- [This post had been intended for the spamcop help forum.]