Jump to content

netmammal

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About netmammal

  • Rank
    Newbie
  1. After reading about the OpenSSL Heartbleed security discovery, I started checking all of my important email vendors and web hosting, credit union etc. They all seem to have reacted quickly, and patched their systems, and posted info on what they have done. Not Spamcop though. There is no post anywhere indicating that Spamcop is either safe, or that they are working on it. Why? In an effort to figure out if Spamcop's servers still had the unfixed SSL code, I found SSL Lab's Server Test, and discovered that this test rates mail.Spamcop.net an "F" for the security of SSL. Why is Spamcop so bad, and why should I not be concerned?
  2. netmammal

    Greylisting improvement - Timed disable

    Thanks for the tip, and yes, in fact I have done that. It helps that I have finally disabled the option for asking me whether I want to deal with the last month's sent folder (gosh knows why I ever had that turned on anyway, since I have always assumed you can not send using smtp through Spamcop, and so never sent through spamcop.) That said, it looks there is an undocumented/poorly advertised way using smtp or imap and cesmail.net. I may switch, since I sometimes run in to trouble trying to send through my ISP. -Dave
  3. Refer to the previous topic for my reasoning behind wanting to disable/re-enable greylisting option frequently/quickly. I had to laugh, because I ran into the 30 second forum flood prevention thing, went downstairs for a cup of tea or something, and completely forgot about creating this topic. Yes, I know I've got the attention span of a dog in a forest full of squirrels... but it just shows why I so desperately want to change the way greylisting is done here... I suggest a second method for disabling greylisting be provided. If this were combined with the temporary disable method described previously, that would be even better. For folks like me who POP their mail off Spamcop, the process of getting in to disable greylisting is a bit cumbersome. I've got to log in to Spamcop webmail (which means I've got to log in to my password manager in my case, since I don't make a point of typing the spamcop password in myself.) Drill down in to the correct page in the options to change the setting, then submit the change. Complete the registration in email and on web, then go back and re-enable greylisting. I would love it if Spamcop would let me change the Greylisting setting for my account using either a single single Spamcop URL, with no password required, or allowed me to send a special email to a special spamcop address. Not to restrict you, but I suspect one of the ways this might be done would be to have spamcop generate a special hash code associated ONLY with my account. Once in hand, I would either book mark a URL like http://spamcop.net/greylist/MY-HASH-CODE, or I would send a canned email to an address like greylisting[at]spamcop.net with the hash code in the subject, or an email to MY-HASH-CODE[at]spamcop.net. The hash would be in a sparsely populated number space that a bad guy would not have much luck carpet-bombing, but it would uniquely identify my account. I'm not sure which of these methods would be easier to implement. The URL one somehow seems more elegant. Thanks for your consideration! -Dave PS, If I had to pick between this suggestion and the last, the first one would get my vote. I CAN and have bookmarked the preferences page, and inserted the password into my browser's password gizmo. It still requires a login, but its not THAT big a deal. On the other hand, I don't see my attention span getting any better! :-)
  4. I love the Greylisting feature, but I wish there was a way to fire/forget disabling it. Why disable it you may ask? Because my spamcop email address is almost always the one I use when I register on-line for anything, be it a web forum, or to buy something. These days, almost all registration procedures require a mail-based REQ/ACK handshake before you can continue and buy the product, post or search the forum etc. I will often go in and disable greylisting before I submit the registration request, so I don't have to wait for the REQ to get resent (it really does seem like it always 12 hours, I don't care what you guys say is typical.) So why don't I just burn up a gmail address for this purpose: ...Short answer: 'cause thats why I pay you guys money! :-) Plus Google is the new Microsoft. I love to hate those guys. I believe most of my spam is due to unscrupulous web sites like those I register with who sell my email address and this is the kind of use of an email address which is most likely to to be needed a decade down the road, and most annoying to have to change if I change email addresses. Looking in my password manager, I am registered at over 300 web sites. I have had my Spamcop email address for such a long period that I expect it to be the only email address I will maintain for the rest of my life. (Where you in business in 1995? It was certainly before most non-techies even had email let alone knew what the word spam meant.) Anyway, after the registration process is complete I often forget to renable greylisting after the desired email has arrived, and only think to re-enable the darn thing days later when I figure out the bloom in my spam bucket was caused by my forgetfulness. Now for folks who use the webmail interface, going in to change the greylisitng option probably does not seem that tough. You get the REQ, right-click on the provided link to open the web page in a new tab, then pop in to the options, and renable greylisting. But I POP my mail off of Spamcop. If it were not for this, I suspect the only time I would log in to spamcop on the web would be to pay my yearly bill (do I even need to log in to do that? probably not, huh?) (Sorry, I no longer regularly report spam...) I think there are number of different things you might do to make this easier for impatient forgetful people like me (isn't it for people like me that computers were invented? :-) 1. Create another setting for greylisting, which disables greylisting temporarily. Not knowing the issues you would have to deal with, I can think of two general ways to think about implementing this: A. PRECISE/STRICT METHOD: Through a strict one to four hour timer (you pick the time-out) which would turn my greylisting back on precisely when the timeout period ended. B. LAZY/SLOPPY METHOD: Somewhere in Spamcop every time a new email for me came in, it would check my greylist timeout, and if current time was after that, the greylisting would be re-enabled. This is a "lazy"-reset, as it might be hours (days?) until the next email came in which caused my greylist setting to be re-examined, and re-set. Method B might allow through one spam massage before greylisting was re-enabled. I can put up with that. If you decide that this request is not worth implementing because it would not get used a lot, I would like you to instrument the greylisting option, and log how many times it gets used per day/week etc. That will determine how many folks like me there are who are constantly flipping that switch off and on again. I will say that the whole greylisting thing would be the reason I would start using a gmail address for new registrations, and since that usage is basically one of the only reasons I keep a spamcop email account around, in the long run this is a major annoyance with using Spamcop. Spamcop's filtering is not good enough for me when it has greylisting turned off. For all I am getting to loathe Google, their spam filters are top-notch, they don't do greylisting, and they don't charge money! I plan to create a second posting with a different greylisting request, which I suspect is less likely to be implemented, but I believe dove-tails nicely with this feature. Thanks, -Dave
  5. I have spamcop set up to e-mail me the held mail report several times a week. The listing is now too long for me to comb through the whole thing anymore, but I still fear that I will miss false-positives. Could I suggest that held mail report be sorted based on the spam score assigned to a particular E-mail, with the lowest scoring held E-mails being listed first? I suspect most false positives will be near the top that way. If this report is already done this way, thanks in advance, but let me know anyway, I often delete before reading now. Thanks! -Dave
×