Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by jseymour

  1. I wonder when that page was written? It's been that way for a long time and I'm wondering if it's time to change the key tenent regarding bounces: ugh. In the modern email world, I think it's quite a stretch to say bounces are a "good thing".
  2. jseymour

    Too many links message

    I don't think limiting the parser to the first 7 (or 10 or 20) URL's is the right solution. The spammers will simply adapt by placing 7 (or 10 or 20) bogus URL's at the top of their messages. And the risk of reporting innocent bystanders is quite high. The better solution is to adapt the parser (as best as we can) so that it intelligently discards the bogus URL's. Obviously, it can't be perfect, but discarding empty links would be a great start! (For the time being, I define empty links as "<a href=...></a>").
  3. jseymour

    Malicious Reporting of a message..

    Unless you read the FAQ entry on how to whitelist Yahoo Group messages: http://www.spamcop.net/fom-serve/cache/306.html Not verifying that a message is spam before reporting it is a violation of Spamcop rules and can get your reporting privileges suspended. I don't mean to dismiss your concern - it is valid. There will always be careless reporters and mailing list messages are certainly problematic. But I'm not convinced the problem is as big as you think...
  4. jseymour

    www.spamcop.net doesn't load in Mozilla

    Can you give us some specifics? What error(s) does you get? I use Mozilla 1.6 on a daily basis and while I have found a couple of sites that use IE-specific features, Spamcop is not one of them!
  5. If your POP3 client also supports IMAP, you can set it up to access your Held Mail folder directly. Then, when a spam slips through, you just drag it back to the Held Mail folder and report it as usual. In the Windows world, Outlook Express and Mozilla can do this quite easily.
  6. jseymour

    Too many links message

    The rule about modifying spam says you are to make no "material changes" to the spam. Here are the specifics: http://mailsc.spamcop.net/fom-serve/cache/283.html I have on a couple of recent occasions changed empty links (in the form <a href=...></a>) to comments. In such cases, I add a comment block at the top of the body that indicates what I've done. Until Spamcop corrects the empty link bug, I consider this to be an acceptable compromise. Hopefully, the powers that be will not disagree...
  7. jseymour

    Malicious Reporting of a message..

    Here's my read on what's happened. I could easily be wrong. A person deemed one of the messages from the Yahoo group as spam. He reported it through Spamcop and a single report was sent to your ISP. Based on that one report, your ISP pulled the plug on your net access. I see two responses: 1) Determine whether the person who submitted the message signed up to receive them. If so, he/she is violating Spamcop rules and will be reprimanded. 2) Complain loudly to your ISP! They should understand the concept of false positives. No ISP should have a zero tolerance policy with regards to Spamcop reports. Since there is a human element to these reports, there will always be false positives.
  8. Drifting slightly off topic here... Can you tell me whether Exchange 2003 rejects messages to undefined addresses during the SMTP session or by building a non-delivery report and sending it to the "sender"? Older versions of Exchange could NOT reject during the SMTP dialog. They would accept all messages, then generate an NDR back to the (possibly forged) sender. I'm curious if Microsoft has fixed this, yet...
  9. jseymour

    LART'ing spammers...

    I would call this "fighting abuse with abuse" and consider it an unacceptable breach of ethics. In addition to stooping to the spammers' level, you also run the risk of attacking an innocent bystander's site and/or violating your ISP's terms of service.
  10. jseymour

    Too many links, links ignored

    Spamcop operates on the principle that reports provide pressure to eliminate spammy behavior. I agree that the empty links are a relatively small number, but it seems to be a growing number! In order to keep up the pressure, Spamcop needs to adapt to these changes. And, just because the spammers will adapt to this change does not mean it should not be made! I advocate detecting and discarding links of the form <a href="..."></a> - which really should be an easy change. (But I'm no expert on the inner workings of the parser).
  11. Actually, you can run them by clicking the little "funnel" picture, but its usually only available if you have it set to not run filters at login The point I was trying to make is: The webmail filters do me no good since I don't use webmail. I have my Spamcop mail forwarded to me and use IMAP to access the Held mail (when needed). The only time I log in to webmail is when I want to change my blocklist options. But this is drifting off topic, so I'll shut up now...
  12. I have the same problem. Now that I'm using mail hosts, I can't take a copy of a spam received by somebody else and use the parser to analyze the headers. In such cases, I don't want to send reports - I just want to find the origin and decode any embedded url's. I would love to see a "parse-only" submission box somewhere. P.S.: The mailhosts feature is working brilliantly otherwise. I wouldn't go back to the old system for a minute! This one limitation is my only complaint...
  13. Ah, sorry. I didn't read your original post carefully enough. I'm afraid the only way to do what you want is to run your own mail servers. Spamcop doesn't provide any such feature. The closest it comes is with filters in webmail - but they're nearly useless (to me, at least) since they only run when you log in.
  14. I wouldn't necessarily blame your mail provider. As I understand RFC 2822, tab characters are allowed after the colon in header lines. It's not common, but any software that parses header fields should be able to handle it.
  15. jseymour


    I hate to be a cynic, but if the original poster doesn't know how to handle a ZIP file, he's going to have a hell of a time installing SpamAssassin! Some software is user-friendly. But SA is most definitely expert-friendly!
  16. The age old problem... I saw the original and didn't respond because I figured somebody else would say something... From within webmail, go to Options \ Spamcop Tools \ Select your email filtering blacklists. The only ones available on a country-basis are South Korea, China, Nigeria, Argentina, and Brazil. No help for Taiwan or Comcast, but the other blocklists shown on that screen will get you a long ways...
  17. jseymour

    Reject with comment

    You forgot the last step: Get my mail server unblocked from the various blocklists because of all the unsolicited mail I'll be sending to forged addresses.
  18. jseymour

    Make SpamCop Fighting into a game

    Heh. I'm a fourth level spam fighter and a 1st level anti-spam advocate. With my next level, I hope to gain the Bayesian Filtering skill. It'll go well with my +1 Ring of Comprehend Nonsense. sorry... D&D habits are hard to break...
  19. jseymour

    SpamCop has became worst than spam :-(

    None of this explains why you must run your own Direct-to-MX mail server. Assuming your ISP's mail server is not also listed, all you need to do to get past the blocklist is to relay all outgoing messages through your ISP's mail server. All decent mail servers (and a few crummy ones) can do this quite easily.
  20. jseymour


    As I understand it, Spamcop will "widen the net" if an ISP is unresponsive and start sending reports to the upstream provider(s). But I could be mistaken...
  21. jseymour

    Exchange 2000 non-delivery report and spam

    that's actually a pretty scary comment there ... boat loads of other Topics here, much content over in the newsgroups about ndrs being sent back to those innocents that have had their e-mail addresses forged into the e-mails as the alleged "From:" ... as you're complaining about not being able to see the full headers, there's no way you're getting the envelope contents either, so you're setting yourself up for a nasty situation if you do what you're describing. The problem the original poster has is that (unless I am mistaken), Exchange 5.x and 2000 cannot reject messages during the SMTP dialog. Every message is accepted before the determination is made as to whether it has a valid recipient. If not, a NDR is (optionally) generated. I don't know about the latest version (Exchange 2003?), but the only options with the older versions is to send an NDR or drop the message in the bit bucket. P.S.: I like the "sent back to the spammer" comment. It exemplifies the oh-so-common and oh-so-wrong attitude that the sender can be accurately determined...
  22. People with a Spamcop email account can use IMAP or POP to fetch their mail. IMAP has the significant advantage that you can manipulate the "Held Mail" folder directly. I use it primarily to drag the false negatives back if they squeak through the filters, but you could just as easily use it as your main way of reading the mail. I think that you will still have to do this via webmail or VER.
  23. jseymour

    Mail Deliver Subsystem

    Which is a fancy way of saying: Change your mail server to send messages out using the domain name "majure.com", not "saturn.majure.com". The former has an MX record, the latter does not.
  24. jseymour

    reporting spam

    commentator, You seem to have posted your secret submit address to a public forum. You might want to edit that out of your posting and ask Spamcop to get you a new one. With that address in the public, people can submit false spams in your name...
  25. jseymour

    Stopping spam on Exchange Server

    I took a different approach to securing my Exchange server. I put a Linux box in front of it! In the olden days (of NT4), Windows networking passwords could be up to 14 characters long, but were internally hashed in groups of 7 character. Thus, if you had an 8-character password, the last character would be by itself in the hash - and would be trivial to determine. I'm not sure if this weakness went away with W2K or XP or if it's still around, but I still recommend longer passwords...