Jump to content

kmolloy

SpamCop Staff
  • Content Count

    72
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kmolloy

  • Rank
    Member
  1. Sorry for the late notice, but we need to do a quick database upgrade today, 6/30, at 11 am PDT. This will require placing the website into maintenance mode for one hour. Thanks for your patience!
  2. kmolloy

    abuse[at]netatlantic.com

    Yes, I know. I've been out sick, so I'm behind. Working on it.
  3. As Don said, MC shouldn't get reports and we'll fix that. But I also know some people over at Mailchimp and I am confident that they don't want their customers sending nastygrams. If you're willing to send me a copy of the mail you received with full headers, I'll make sure the abuse guy at MC sees it. (you can forward it to deputies[at]spamcop.net).
  4. kmolloy

    abuse[at]netatlantic.com

    No, we disabled reports for NetAtlantic because they're an non-COI sending ESP, and therefore our policy says they cannot receive reports.
  5. kmolloy

    A question about reports and ESPs

    There are basically only a few reasons we don't send reports: 1) We know the entity listwashes. 2) Reports are bouncing. 3) The responsible party told us they didn't want reports. 4) It's a non-COI ESP. We'll re-enable reports if whatever is causing bounces is fixed, or if the recipient organization has a change of heart and decides they would like reports. We do not send reports to non-COI ESPs because of the risk of listwashing. Rather than make a case-by-case judgment, we decided to just apply a policy.
  6. kmolloy

    A question about reports and ESPs

    An ESP is an Email Service Provider. An example that's been in the news lately is Epsilon. ESPs manage marketing mail for companies but send from their own networks.
  7. Hi, everyone. I was hoping that you guys might be able to help me with something. I'm corresponding with someone from an ESP who says that Spamcop reporters contact him and ask why that ESP "refuses" Spamcop reports. They don't refuse them; we decline to send them because our policy is to only send reports to ESPs that send only confirmed opt-in (COI) email. I pointed out that the language on the site says "reports are disabled for abuse[at]example.com", which I think is pretty neutral language. It doesn't say "abuse[at]example.com refuses Spamcop reports." He asserts that there must be some language or messaging somewhere that causes reporters to believe that this ESP actively refuses reports. This is possible, but I don't see it. So, just out of curiosity: Did you know that Spamcop doesn't send reports to ESPs that don't meet our COI policy? Did you know why we don't or that such a policy was in place? Do you think that ESPs in general refuse reports? If you do, why do you think that? When you see "reports are disabled for [address]," what does that make you think about that network? Thanks for answering! I'm definitely interested in your responses.
  8. kmolloy

    Spamcop frustration

    In general, if you find that an IP belonging to your webhost or ISP is listed, the correct course of action is to contact your ISP. IPs are listed because they send spam, and we can't make the spam stop; only your ISP can do this. We likely won't be able to help you.
  9. Epsilon isn't a remailer, they're an email service provider. ESPs are useful in the sense that the people who run them have a clue about how to send technically correct mail, handle bounces properly and send mail in vast quantities without crashing the recipient servers. Some even do a good job riding herd on their customers and make sure they don't abuse. However, some do not. Epsilon isn't the first company to be breached recently, either; there's been a rash of these since last fall. It appears in at least some of the cases these have been "inside" jobs, where an employee or other person with authorized access to the database has stolen it. Rumor has it Epsilon is one of them.
  10. kmolloy

    Should we report...

    CAN-spam compliance means that the email is not legally actionable. It doesn't mean it's not spam. Report away!
  11. The reports we send to Yahoo meet their ARF reporting standard.
  12. kmolloy

    Is SpamCop still relevant?

    Just so you're aware, the CERT link you provided is no longer maintained, and if you read it, it describes phishing. The Wikipedia link cites no sources. Neither are authoritative documents, IMHO. Occam's razor tells me that the problem is local to you--probably in your MUA. I read mail to deputies[at] daily, and no one else is reporting the same issues you are, and I don't see issues here in the newsgroup. I also don't see malformed mail such as you're reporting in our traps, either. If you describe the path your mail takes to get to you and then the steps you take to report it, we can help you find where things are going pear-shaped.
  13. No, our policy is to not send reports to ESPs unless all their lists are COI. We do this to prevent listwashing and because while there are ESPs that do not do 100% opt in and would handle reports responsibly, we have to be fair and COI is the best bright line we can come up with.
  14. kmolloy

    ipv6

    I am pleased to say that I have managed to be annoying enough that IPv6 for Spamcop is a top priority and work should start late Spring/early Summer.
  15. kmolloy

    Is SpamCop still relevant?

    I've been a professional antispammer for 12 years now, and Sean is full of it. The only way you're not going to have Received: headers for at least the final hop is if: 1) your MUA is broken and either cannot show them to you or is refusing to show them to you; 2) there's a huge bug in your MTA code, or 3) the message isn't transmitted via SMTP. It is possible to forge the content of a Received: header, but you cannot eliminate it entirely so long as the mail is transmitted using RFC822 SMTP. Also, "spoofing" technically refers to a very difficult kind of man-in-the-middle attack. I would not trust the technical expertise of someone who refers to forging as spoofing.
×