Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by ewv

  1. The errors are still occurring.
  2. I hadn't subscribed in a long time, but this is what I just found posted at 9:22 EST::
  3. Don't they monitor the functioning of their own system? There has been no public recognition that they even know there has been a fatal problem for over 16 hours. Is there anything on the newsgroups?
  4. spam submissions have been failing for almost 10 hours now. Isn't anyone there monitoring what is happening?
  5. This is the Postfix error I reported to Don last night. No response yet. <quick.*********[at]spam.spamcop.net>: host vmx1.spamcop.net[] said: 554 #5.3.0 Server Error (in reply to end of DATA command) It started yesterday.
  6. This bug in the parser even with common domains like xx.geocities.com is still there and seems to be getting worse. Entering a geocities subdomain into a separate window results in an immediate response while a full spam submitted still results in inconsistent failures. I have seen the same spam, including geocities spam, on different refreshes result in: - no links found - links found and simply dropped with no error message - the first link properly identified with the rest dropped Normally, geocities links in spam are simply dropped, with even dozens of refreshes failing to resolve them. In the past, refreshes worked more often. At least one spammer is exploiting this with repeated use of geocities links. Some now include several such links. The inconsistent behavior and poor error messages detracts from the credibility of all url parsing -- one never knows if all the links have been found, if "no links found" is believable, or if the reporting addresses are complete. This bug has been well known for a very long time. It and the fact that it has evidently been ignored are extremely frustrating and annoying, it has caused much wasted time, and spam reporting is being delayed or dropped because of it.
  7. ewv

    New Spam Trick?

    Does that mean you don't think that spam should be reported? This isn't a game; they are criminals. The laws against them are inadequate, so for now all we can do is report their activities to black list their sources or get their ISP's to shut them down
  8. ewv

    New Spam Trick?

    Treat the aliases invented by the spammers as spamtraps. Explicitly alias them into a new account explicitly set up for spam reporting. For the aliases you are sure would only be used by spammers, set up a procmail scri_pt on the server to automatically QuickReport them to spamcop. You can archive them on the server, but you don't have to even see them in your mail client. Then let them spam themselves into oblivion. You can elaborate on this in different ways with white lists, automatic forwarding of subcategories to spamcop for confirmed reporting, etc.
  9. I encountered the same problem this afternoon. One particular spam that had been forwarded to spamcop hung in the parser repeatedly, ending with the same sigalarm error message. When I pasted it into the spamcop window, however, the parser did not delay or hang, but gave the message that the spammer url could not be resolved. I pasted the domain name alone into spamcop and also did a traceroute on it, confirming that it was in fact unresolvable. I forwarded the spamcop id to Don.
  10. ewv

    Exact duplicate spam

    ewv: wazoo: spam is reported using the preferences parameters of the browser login, not the account under which it is forwarded to spamcop, so there is a conflation in the identify of the reporter.
  11. ewv

    Exact duplicate spam

    StevenUnderwood wrote at post #5: What defines a unique "reporter"? The spamcop account under which the spam is forwarded or the spamcop login under which the report is confirmed or something else?
  12. Why is reporting of this spammer's web sites being blocked? This spammer is repeatedly spewing out repetitive spam with ever changing URL's for its website. The spam web page links have the same .cn reporting addresses, but with some variation in IP addresses. (Its spam generates the "too many links" error because the parser does not weed out other URLs in a repeating pattern; they are easily found manually.) Recent example: http://www.spamcop.net/sc?id=z528258817z83...2b021a9f6b44afz Tracking for one of the two obvious spam domains: But: The domain iepurchase.com, from the same spammer and which generated reporting addresses earlier today, now results in the same failure. --------- [This post had been intended for the spamcop help forum.]
  13. ewv

    Why is reporting blocked?

    The reporting addresses of the type cited are working again. Whatever was meant by the phrase "your spam construction", I had long ago submitted at least one example of the link pattern in the example I cited, as well as other patterns, per http://forum.spamcop.net/forums/index.php?showtopic=1549. I routinely see a couple of recurring patterns (with variations?) for which the parser does not find the links. (The example I cited still doesn't work.) I don't know if the samples have been lost or how often to report them because there is never any acknowledgement or feedback, it's hard to tell if there is some subtle difference, and the instructions say not to submit examples using different instances of the same problem-spam. I assume that spammers not only read the forums but also (especially those using a bogus/multiple link strategy) try out their schemes on the parser in advance of spewing. This isn't exactly a secret operation. At least what they don't know is what else I am doing to track them down and report them. (Also, thanks for moving the post to the intended forum.)
  14. It is possible to get spammer domain registration email addresses removed: is a notorious spam host
  15. The response from the big companies has been inconsistent, partially dependent on what email addresses (including non-US addresses) are used for reporting the spammer address. The response you mention is common.
  16. I got a response from Don saying that Julian thinks he's fixed it.
  17. I've reported to Don that I'm now occassionally getting duplicate notifications for the same spam with different report urls and different message IDs. I forwarded an example. Otherwise it seems to have caught up except for a few spam-forwards yesterday that probably got lost. I used the paste method to report them.
  18. There are also missing notifications of forwarded mail for those not using a spamcop email account.
  19. ewv

    Useless reporting...

    Sometimes there are long delays in the notifications for forwarded spam. You can use the paste method to make sure the spam is reported in a timely matter, but the forwarded version may or may not come in later. If it doesn't, you risk missing reporting it; it it does you use twice the fuel and have to process it again to cancel it -- and there is no way of knowing which it will be.
  20. ewv

    Exact duplicate spam

    If an ISP sends you multiple copies of spam they should get full credit for it. You have to deal with all of it and are under no obligation to spend even more of your time sorting through it. If the ISP doesn't like it, they should realize they should expend more effort on controlling their own spam problem and what they are doing to you.
  21. Often the parser will claim no links were found but if you simply reload the page to reprocess it, it will find them. It's still a nuisance, and you often don't know if only some links are missed. A lot of things work in html for one or more kinds of browser but which are not part of one of the many standards. If a link is live and works in some email html display it should be reported. If it is not live but displays a functioning spam domain it should still be reported. Reporting spammers to domain registrars has mixed results. Sometimes they pay attention but often don't bother. One type of spam domain that can occasionally be removed that way is a .us top level domain name with a foreign registrant address. Sometimes even a resistrant's foreign email is phony, and that is grounds enough for canning the domain name. You can also sometimes get the spammer's domain registration address removed by his ISP, then go after the domain, but it is often difficult or impossible to get the ISP to pay attention to the complaint; they filter out and trash all complaints without their IP address in the headers because they don't want to bother with forged From addresses. Likewise for functioning spammer addresses in the body of the spam. It's of course impossible to get anyone to pay attention to your explanation because they don't even look at your attempts to communicate with them. It's the email equivalent of telephone menu maze operators trained to be a barrier between customers and anyone with responsibility on anything they don't want to bother with ("let me transfer you" -- infinite hold -- dead line -- start over in menu maze, etc.). There should be a way to blacklist ISPs who ignore such complaints.
  22. ewv

    'Do Not Spam' List Will Not Work - FTC

    The report is at http://www.ftc.gov/reports/dneregistry/report.pdf It recognizes that a do not spam list would only authenticate addresses for spammers and recommends a second level domain name authentication system for verifying and tracking the source of email. It recommends that this be done privately in the market, but urges Federal imposition if it is not.
  23. ewv

    Spammers using my email address

    Not to the US Congress from the UK! Are the IP addresses for the spam origination in the US or in the UK? US ISPs, but not individuals, have the right to sue spammers over forgery. Getting them to do it is another matter. The UK has its own laws. But first you need to identify where the spam is coming from (which will be more than one IP address) and, if possible, identify the spammer if you can.