SpamCopWiki: CopyOfOldSpamCopNewsPage

SpamCop News page - Archived copy

Preservation of some ancient data, fun read from those good old days, when the developer still talked directly to the users ...

Spam Cop News Jan 17, 2005

2-day-old spam no longer accepted
SpamCop and the ISPs who receive reports from it need fresh spam. Previously, SpamCop would accept spam up to 72 hours old. However, this old spam was essentially useless. SpamCop now requires that spam being reported be less than 48 hours old.

Furthermore, we recommend that users not bother reporting spam that is more than 24 hours old. Usually, sources of spam over 24 hours old have already been dealt with one way or another. As always, the fresher your spam, the better. Oct 21, 2004

New look and feel
Welcome to the new look of SpamCop. Modern web standards have been used to create a clean look and feel as well as a fast, scaleable, compatible web interface. The latest versions of opera, mozilla (firefox) and Microsoft IE should work perfectly with the new design. Older browsers may cause some cosmetic problems, but the site should still work OK. Please report any problems in the forum as always. Sep 22, 2004

Mirrors still needed
We are still looking for a few good mirrors - we're asking for root access to a *nix based system hosted on your network, using about 1Mbit of bandwidth. These systems will be used to provide free, public access to the SpamCop blacklist. If you would like to help,
Contact Us∞

IronPort Settles Litigation with Optinrealbig.com
Press release (255K pdf)∞. Due to the terms of the settlement, SpamCop cannot comment on the settlement beyond what is included in the press release.

SpamCop has established the SpamCop Legal Defense Fund. All donations will be kept in a separate account and will be used solely for the defense of any legal actions brought against SpamCop or its parent company, IronPort Systems, Inc. While SpamCop cannot comment on any pending or threatened litigation, your donations are greatly appreciated.

Donate∞ Sep 7, 2004

New security system
Free users will be encouraged to establish a password with SpamCop to better secure their accounts and provide for more advanced features and preferences. After some time, the existing (old) URL authentication scheme will be disabled and all users will be forced to establish a password. Free users and paying users will use the same authentication methods henceforth; therefor the distinction between the two classes of users will be less important, and references to these two user types will be removed from the website. Unpaid accounts will still be subject to nag screens and ads on the website. Cookie-based or HTTP authentication methods will still be supported for all users. July 9, 2004

New Look (updated)
You probably couldn't help noticing our new look. We hope it is easier to use and more readable. We will be refining it as always. It should be entirely compatible with HTML 4.0. If anyone sees problems in any browser, please report them in the forum as usual. Only the latest versions of IE, Mozilla and Opera were tested for perfect looks, but the site should function with any browser. Update: A "Site Style" pull-down and various alternate styles have been added. Included is the "clean" style which approximates the previous site design. 2nd Update: Various fixes for older browsers have been added (special page for netscape 4.x aka IE5.x). May 20, 2004

One Billion spam reports
On Friday, report number one billion was sent to abuse@cogeco.ca. Bucking the odds, this report was sent by a live user (rather than a spamtrap). The user involved has been awarded 1 year of free SpamCop email - congratulations. Happy one billionth report, SpamCop! May 5, 2004

Mailhost Beta - update
We have been testing the mailhosts system for several weeks now, and it is looking more and more reliable. Users are encouraged to adopt it as soon as they feel comfortable doing so. To get started, just click on the "mailhosts" menu item. You will still have a chance to back out if you encounter problems. Using this system helps prevent spammer forgeries from fooling SpamCop into blaming the wrong site. Some improvements will still be forthcoming, but for most users, the system is ready. Apr 26, 2004

System Downtime
Our new linux fileserver has been crashing randomly - we think due to an immature SCSI driver. This has caused a couple of system outages over the past week. Thankfully, these outages have been short due to the late night diligence of the IronPort IT staff - thanks Mike and Tom! Today we plan to upgrade the kernel (to 2.6.6-rc2) in the hopes of preventing this in the future. But doing so will require another short period of downtime sometime today. The site should be down for only a few minutes (5-10 if all goes well). Please be patient if the site is unavailable. Apr 19, 2004

Mailhosts Glitch
For approximately the past day (Thursday, Friday), mailhosts test emails have been ignored due to a problem with the processing code. A new version is now online which should work better. This new version also provides instant gratification in the form of a web-submission system. Sorry for the inconvenience, please try again.

Stats back!
SpamCop has long been lacking a list of the top targets of spam reports. This report has finally returned to the statistics menu. Two of the largest us-based, broadband ISPs are leading the pack: Comcast and Road Runner. View the hall of shame∞ Apr 15, 2004

System slow - 2nd update
A relatively trivial problem has been linked to the morning slowness. We feel confident that the problem is now solved.

Help improve SpamCop
Take our two minute survey to tell us about you and what we should do to improve the usefulness of the service. Take the survey∞ (Hosted off-site at surveymonkey.com) Feb 28, 2004

SpamCop seeks blacklist mirror volunteers (particularly non-US)
SpamCop provides free access to its blacklist via DNS. The servers and bandwidth hosting this free resource are donated. We are in need of capacity increases to keep up with the growing demand. If we choose you to host a mirror, you will receive free high speed access to the updated list ( valued at $1,000/yr)∞. All inquiries welcome and we are particularly interested in adding mirrors outside the US. You must have at least 1Mbit/sec of bandwidth (sustained) to offer as well as a linux or freebsd server (average PIII is sufficient) hosted on your network. Reliable networks and power configurations are preferred. If you are interested, please email mirrors@admin.spamcop.net∞ with a brief description of your network and the server. You must provide us with root access to the server - we will configure and maintain it and the software needed to provide the SpamCop blacklist service. Cable modem or xDSL connections are not sufficient. Dec 16, 2003

Downtime
Yesterday afternoon and this morning (Dec 11), one of SpamCop's servers started spawning processes out of control. Before I could log in and fix it, this caused some serious problems (errors and general slowness). Also today, we moved the main SpamCop database from Seattle to San Bruno, CA (IronPort's headquarters). This caused some additional downtime, but was generally very successful, with only a little more than the anticipated amount of downtime.

Now, we have resolved the problems and finished the hardest part of the migration, so things should be back to normal. Please report any problems you find in the forum, as usual. Dec 11, 2003

Downtime, unscheduled and scheduled
Yesterday afternoon and this morning (Dec 11), one of SpamCop's servers did something unexpected and bad. I'm still trying to figure out why, but the system load was as high as 100 when I finally got into it this morning. The problems should be easing now, but there is probably a big backlog as a result of the problems, so things might remain a bit slow. I will keep an eye on it today.

Also, today we plan to move our operations to IronPort's headquarters in San Bruno, CA - from Seattle. We are attempting to do this in a "nice" way, so there will be limited downtime. Perhaps 10 minutes or so. During the downtime, there will (or at least should be) a placeholder site with news. Please bear with us during this transfer, we are here working on this until the problems are resolved. Dec 11, 2003

Problems with "human friendly name" feature
I've been making some improvements to the integration between SpamCop's reporting system and the email system. In so doing, I introduced a "feature" which users have been rather unhappy with - using the full-name preference from the email system for sending spam reports. As I have learned the hard way, users often want to use an alias or a different name for spam reports. I removed the "feature" and wiped out email user's display names (sorry, I couldn't restore them to the originals). This "feature" is now history, and it should be safe for users to set a permanent display name without worry that it will be over-written. This issue only affects flat-rate email users.

Appologies for the error and inconvenience!

Cookies are delicious
I have implemented a cookie-authentication method. This means you no longer have to use "http-auth" for logging in (you may still use it if you prefer). Update your bookmarks to http://www.spamcop.net/∞ (click on "log in")

Advantages of cookie-based authentication:

Easier log-out for people with multiple accounts

No separate hostname for members

Advantages of http-based authentication:

Works better with some browsers

Never stores login data on your computer's disk (some old browser have bugs which keep cookie-login data even after you log out, bad for shared or compromised systems)

Use which ever method you prefer. As with any new feature, there may be some bugs in the cookie login method, please report them in the forum if you find any. Once the bugs are worked out, we may make cookies the only method for authentication. Any major objections to that should be voiced now. Nov 26, 2003

SpamCop Purchased (a message from the founder, Julian Haight)

After careful consideration and negotiation, earlier this year, I decided to sell SpamCop to IronPort Systems∞, producers of fast mail servers and the spam-tracking system, Senderbase∞. I am pleased with the terms of the deal, in no small part because I feel the people at IronPort are going to support my goals, helping me protect and nurture SpamCop. We all agree that SpamCop is valuable and needs proper care and feeding. I plan to continue as the driving force behind the "product direction." IronPort is freeing me from other tasks so that I can focus on what's important. Users should not expect any radical changes - that's worth saying twice - nothing will be changing as a result of this move!

I have discussed selling SpamCop with various people at various times, but other offers have always fallen short. Ironically, I found IronPort's offer interesting first because it made sense from their point of view: I could understand easily what was in it for them, and their interest in SpamCop did not conflict with my own. They are basing their product's spam-filtering feature, in part, on the data provided by SpamCop. It's clear that they have a vested interest in the quality of that data.

Those who are familliar with SpamCop know that I never have enough time to do all the things I'd like to do. I have been a one man show for far too long, and SpamCop has often suffered as a result. I don't think I'll ever have enough time. But the support I have already received from IronPort is helping immeasurably. For example, one of the first things I did was to hire Ellen. For those who don't know, I have always relied upon unpaid volunteers to help with the hundreds of emails we get every day. Don was my first paid employee, and Ellen is now the second. IronPort employees have also contributed, helping me with such things as system administration, accounting, and legal issues. In addition, IronPort has accepted the considerable cost of professional denial-of-service protection, both for SpamCop's site and their own systems.

Although the purchase is officially being announced today, November 21, it was inked in June. It was not announced sooner for a variety of reasons, chief among them fortification of our electronic defenses.

I want to take the opportunity to thank everyone who has supported me in the past, financially, with your time and with servers, bandwidth, free advice, etc. I welcome IronPort as the newest and most significant benefactor of our efforts to STOP SPAM!

I will be making myself available in the main spamcop news group ( NNTP∞ | Email∞ | Archive∞ | WebTV ) to talk about this decision and to address any questions or concerns. Please do not flame those who post criticism. Allow me to address my critics in a civil and respectful environment. Oct 30, 2003

Severe DNS problems
Update: Joker has fixed the problems, but it may take 48 hours or so to actually show up for everyone. Happy Halloween!
Spamcop's domain registrar has caused a serious problem by removing our primary DNS records. Please look here∞ and here∞ for more information and status updates. Sep 15, 2003

Update: SpamCop changes cause conflict with some email software
I have made some changes to the method SpamCop uses when finding links in email bodies. This new method is generally more accurate, but it also requires accuracy from your email software. Unfortunately, two of the most popular email applications (Eudora and Outlook) are practically (or totally) incapable of producing accurate copies of some email.

Now, there is an experimental alternative for users of non-compliant email software. Note the "outlook/eudora workaround" link near the spam submission form. By selecting this link, SpamCop will accept mail in broken html format in two parts instead of all in one. There is also a bug reporting form available to help iron out problems with the way this works.

However, users are still urged to find a better email application for use with SpamCop. Mozilla∞ is a full-featured email system which works on Windows, Mac and *nix. It provides complete spam source for SpamCop, via cut and paste or email. It can be installed side-by-side with your existing email software (be sure to use 'leave on server' if POPing mail). Aug 14, 2003

Attention AdSubtract users: Network Error problems
Please see the new FAQ∞ for updated information on problems between SpamCop and AdSubtract's software. July 25, 2003

SpamCop under denial of service attack
Just more evidence that SpamCop is a thorn in the spammer's side. We are currently handling the load, but please bear with us if things change. July 16, 2003

Service update: Crackers bringing us down
At midnight pacific time, the ongoing Denial of Service attack picked up a lot of steam, swamping the routers upstream of SpamCop with about 500Mbits of traffic. We are doing what we can, but defending against this sort of thing is not always possible. June 21, 2003

Service update Jun 20
Later today, I will be taking down the site briefly to upgrade the RAM in the database server (and move it's existing memory to the new webserver). This will upgrade the database server from 1GB to 6 and the webserver from 1GB to 2.

Probably unrelated to the ongoing denial of service attack, SpamCop's core webserver has become rather unreliable. Another faster server has been brought online to take it's place. Service should be back to normal.

Much longer than expected database maintenence
What started as some minor maintenance on SpamCop's database gradually deteriorated into a major database overhaul resulting in a 24-hour outage. With a new version of the MySQL software, and new, faster hardware, this downtime should be worth it. A trivial benchmark test runs for 3 minutes, 16 seconds on the old system, and takes just 1 minute, 8 seconds on the new. Email sent during the downtime will be processed ASAP. June 10, 2003

Cyveillance helps SpamCop reports copyright infringement
You may have noticed that copies of all spam reports are now being sent to "Cyveillance spam collection"∞. Although I believe Cyveillance will benefit the cause of stopping spam, some users have voiced mistrust. In response, I have created a new option for paying members, so that 3rd party reports, such as the cyveillance ones, can be disabled by default (all users still have the option to select or deselect any reports on a case-by-case basis). June 4, 2003

Email address spamvertisement reporting discontinued
Due to several factors, most importantly the high false-positive rate, SpamCop will no longer offer to report email addresses found in the body of spam messages. Users are still welcome to report these issues manually - SpamCop will still give the correct abuse reporting address if given an email address seperate from a spam message. But reports (and blame for false reports) must now rest solely on the user. Do not report email addresses unless you are sure they are 1) owned by the spammer and 2) working.

Help defend against spammer lawsuits
SpamCon (with an "N") is collecting money to help defend fellow anti-spam organization Spamhaus from attack by a florida-based lawyer representing un-named "bulk emailers". May 21, 2003

Service Announcement
Over the weekend, the newsgroups were offline for a few hours when the server housing them locked up (see email news above for more details). Today, the usual monday-morning crush is affecting replies to spam submitted by email. Rest assured the backlog will be processed and replies will be sent. Please do not resubmit spam; this will only make the problem worse. Hopefully, more hardware will be online by next week to resolve this problem more permanently. May 12, 2003

Service update: Slowness
SpamCop grows ever more popular. No matter how many users I can support, I always seem to have more traffic than my servers can comfortably handle. SpamCop is now handling about 5000 spam submissions per minute (Correction - about 15,000 per hour), both from users and spam-traps. In addition to the existing database server, three "farm" web/email servers and one multi-use server, I will be adding two new farm servers∞ and a new, faster database server∞. I will also be upgrading the database software. Some of these changes may result in short periods of downtime or 'hiccups'. Please bear with me as I make these upgrades, and thank you for the financial support which makes them possible! Mar 20, 2003

Help with Friendfinders lawsuit
Mark Ferguson is currently involved in a no-holds-barred lawsuit with alleged-spammer Friendfinders, Inc. If you have received spam from friendfinders, please visit his site∞ to see what you can do to help. This case has the potential to change the interpretation of California's anti-spam law∞. Feb 27, 2003

SpamCop reporting changes
SpamCop's header-parsing system is being re-built to avoid some new spammer forgeries and provide more accurate source tracking. However, as things change, there have also been some problems. Please be careful reporting spam during this time. Be sure SpamCop does not identify your own mail server as the source before you file reports.

SpamCop will not trust mail relays (authorized or open) which have not previously been submitted to relay/proxy testers through SpamCop. Only users who forward mail from one account to another even have a chance of falling afoul of this new requirement. More information∞.. Feb 10, 2003

Service announcement: Sunday, Feb 9 9pm EST
SpamCop's colocation facility is moving to a different space in the same building, so servers will be down briefly while they are moved. Downtime should be very brief (15 minutes or so). Only reporting service will be affected. Email accounts will remain online. Jan 26, 2003

SpamCop email service in transit
SpamCop's email system was having trouble because of a new internet worm∞ which is eating bandwidth. We figured this was as good a time as any to move the system to it's new, more worm-resistant quarters. Reporting held mail has been disabled until the move is complete. Service should be restored soon (Sunday morning at the latest). Jan 10, 2003

Service Update
SpamCop will experience a hopefully-short outage in the afternoon on Friday, Jan 10 in order to upgrade the database server software. Dec 17, 2002

Old Authorization codes disabled
Some older authorization codes have been disabled in favor of more secure codes which do not include your email address. Affected users will be required to register for a new code. Thanks for your patience and understanding.

Database caused trouble again
Updated 12/11: New database server has been performing perfectly. The fault with the old hardware has, in the end, been isolated to a bad RAM chip. I still don't like Tyan motherboards.
Wed, Dec 04 was another dark day for SpamCop's main database system. The recovery process included both another round of new hardware and a lengthy database backup/restore process. User's email was never affected, however spam reporting was down for the entire day. The Tyan Thunder dual-Athelon mainboard which was running the database server has been replaced with an Intel dual-Xeon server board with two 2.4Ghz, 512K Xeon processors. This board features Intel's latest Hyperthreading∞ technology. Hopefully the new Intel board will prove to be reliable. It should at least be faster (not that speed has been a problem lately). Appologies for the inconvenience. Nov 23, 2002

Service update: SpamCop under attack
Starting around 9pm EST Nov 15th, SpamCop came under a denial of service attack. This lasted on-and-off until 11am the next day. Service has returned to normal, but of course the attack may resume at any time (now or in the future). These attacks only serve to reassure us that our efforts are effective at stopping spammers. Keep sending your spam, and we will do our best to keep SpamCop online!

An extra thank-you to all the people at my ISP, Accretive Technology Group∞ for their efforts at this critical time. Nov 16, 2002

Firewall problems documented:
Some users have noticed network errors submitting spam to SpamCop. A new FAQ∞ documents the problem and suggests two solutions. Oct 27, 2002

Database problems
As some of you have noticed, SpamCop's database has again been acting up. After pulling a late night Saturday when an initial crash struck, I have been discovering latant problems caused by this crash and fixing them as they crop up. Most of these problems were not actually caused by the crash, but by my own bleary-eyed attempts to fix things post-crash.

One of the worst side-effects of the recovery process is that some user's data has been lost and/or scrambled with other user's records. This damage has now been fixed by restoring all prefs from a backup made after the crash. The only remaining problem (that I'm aware of currently) is that users who have reported spam over the past 3 days may not see the reported spam in their logs. Other users may see phantom spam in their logs which they were not responsible for reporting.

None of these problems in any way affect user's email or preferences related to the email system. Flat-rate email users and free users who activated spam reporting during this time will need to re-activate their reporting accounts.

Appologies for the problems and downtime. I wish I could promise this would be the last database issue, but I am still hunting bugs and hopeing for a better release of mysql (I am using a beta version). Aug 26, 2002

SpamCop hosted by Accretive
SpamCop has been moved to a new colocation facility, Accretive Technology Group∞. The old facility, New York Internet∞ has (almost) always served me well, and I want to make clear that I'm moving only so that I can have physical access to my servers (since I live in Seattle, not New York). My recent problems with a new database server have made it clear that I need to have quick access to the hardware. NYI has always provided great service - the speedup in SpamCop's operation is due to coincidal changes in software and hardware, not internet connectivity. I will continue to run NYI banners until the transition is finalized. My new contract with Accretive includes no banner-hosting provisions, so the banner space on SpamCop is for rent. Please see the new advertising FAQ∞ for more information.

Service update:Email delays
Emailed spam submissions and other reporting-related email has been delayed. Some mail may have bounced, other mail is not being processed in a timely manner. Users may notice that their submissions are going un-answered. Please avoid re-submitting spam if you do not get an immediate reply. Your original submissions will be processed in time.

This problem should be going away gradually. A new mailserver has been added. As DNS records update to recognize the new server, submissions should be handled more quickly. The new server appears to be keeping up - there is no backlog. The old mail server will eventually work through it's backlog. Aug 01, 2002

Service announcement: SpamCop down .. from 8:30 am to 8:30 pm, Saturday, Jul 20. NYI points to a DoS attack from Qwest IP space. Hopefully we'll now be able to get that spam reported and blocked! Email users may notice more-than-normal amounts of unfiltered spam as a result of this outage, but these problems should resolve themselves.

New server and slow service update
The new database server is still not online - I'm reconsidering how to roll it out. However, I have made some software changes which should take some of the pressure off in the short term.

Spam Reporting Slowness (updated)

The database server is on-site, but it seems to have developed some "infant mortality" hardware issues - either due to defective parts, or damage in shipping. Jul 01, 2002

As I'm sure you are all aware, SpamCop is again becoming unbearably slow. As always, this is particularly true on Monday mornings and mornings in general. After doing some database maintenance, things are getting a bit better. However, the real good news is that I am in the process of setting up a new database server - currently the main bottleneck. The hardware is almost ready, but not on-site, and not configured completely.

For the curious, the server specs are:

2U enclosure, 450W power supply
Dual AMD Athelon 1900MP processors (Tyan S2462 MB)
4 120GB WD1200BB IDE hard disks (RAID 5)
64-bit-pci 3-ware 7410 RAID controller
2GB RAM
Slackware v8.0 Linux, 2.4.18 kernel
MySQL 3.something-latest

Once this new server is online (by the end of the month, if not sooner), I hope and trust things will get better. How much better remains to be seen. I am also constantly evaluating new ways to improve performance through software. One major area for improvement is to allow no-wait spam reporting. I've long been considering ways to implement this type of thing in a safe and sane way and I hope to have some sort of no-wait option available soon.

My sincere THANKS to all the paying members who have made these upgrades possible.

POP users forced to reconfigure
Some legacy accounts have been configured to receive report replies to SpamCop's pop server. These accounts have now been reset and users affected will see a message stateing their account is not active. Some problems with the email-settings pages have been fixed, and this message should now lead to a working email-confirmation system.

Small change to ISP replies
When you file a spam report, the recipient will often reply. In the past, you had three options for how to handle such replies. One of these options has been defunct for some time, and is now going away permanently: "hold replies". Since SpamCop email and reporting are seperate systems now, you will have only two options: either you can receive only human replies or receive all replies, human and otherwise. Users who currently have their options set to hold human replies should not be surprised to find these replies arriving at their inbox.

Preferences screens have also been expanded and corrected. You can change or check your preferences by clicking "preferences".

Flat-rate SpamCop email accounts available:
Sign up today!∞
SpamCop's next-generation email service has been out for some time, and is near ".1" quality. Flat-rate email accounts now available for only $3/month. Anyone who uses their @spamcop.net email address should read carefully in order to understand these changes:
General information about new email system∞
Specific information regarding what will change∞

SpamCop account changes
"Legacy" email accounts are no longer available - all new email accounts are the above flat-rate, $3/month accounts. Reporting-only accounts are available for those who don't need filtered email. Existing email users will not experience any significant changes yet. Eventually, legacy accounts which are not converted will become reporting-only accounts (email sent to those accounts will bounce, POP client/server service will be discontinued). Existing email users are urged to convert ASAP. A warning email will be sent at least one week before legacy email service is discontinued.

To summarize:

There are now two account types: reporting only and email with reporting.
Current account-holders may chose to convert their accounts to new, flat-rate accounts.
New subscribers must chose between a flat-rate email and reporting account and a metered reporting-only account.

Virus filtersFeb 14, 2002
All SpamCop email accounts now have InterScan VirusWall∞ filtering. Currently, this system produces annoying messages whenever it filters a virus, subject "InterScan NT Alert". Jeff will be working to make the filters more graceful. These alerts are not spam, nor are they a hoax. They indicate that you have been protected from a potentially harmful virus.

Flat-rate users' system improvements: Flat rate users now have equal access to the members spam-reporting server. This won't prevent all delays/slowness, but it should be more "fair" at least. Now all flat-rate users can release mail from the held-mail menu.

Fixed bugs in email spam-submission system:
New flat-rate users and some other users who have had problems submitting spam for reporting via email should have more success now. See above for your personalized spam-reporting address. Note the address is CaSe-SenSiTive. Submissions are no longer accepted except to personalized addresses.

SERVICE UPDATE: Email filtering problems Jan 29, 2002
Update: Email filters are working again. Held email is being recovered. All held mail that can be recoved soon will be. Some users have noticed a discrepancy in their held-mail counter. This discrepancy reflects the held mail that is not accessible. Once any lost messages have expired from the held-message database, this discrepancy will disappear.

Update: Database recovery still not successful. Database server crashes again, email data still in limbo. Repair efforts continue to retrieve held email. In the meantime, I have moved that data out of the way and started with a clean slate. Filters resume operation. Old email will be reimported if/when it is recovered. Watch this space for details.

Due to problems with linux bugs and files larger than 2GB, there has been significant data loss in SpamCop's database. The spam-reports table which holds headers was completely corrupted. Some mail processed over the past 24 hours has been lost! This should only affect held messages (mostly spam). Currently, the filters are offline to avoid further data loss (all mail is being delivered, including spam). I expect to bring the filters back online as soon as database repairs are complete - hopefully within the next 24 hours.

Users on the new email system have not experienced any significant problems with account conversion, and they have not been affected by this latest crash. So this seems like a perfect time to open the new system to all users. There are still a few features missing (most noteably, users who do not store mail on the SpamCop mail server cannot release held mail easilly). However, the system is proving to be fast and stable - and the missing features will be restored.

Filter updates Jan 02 2002
Problems with real-time updates over the weekend and on Monday caused a larger than normal batch of spam to slip past the filters. This problem has now been rectified.

Many users are still not happy with the amount of spam slipping past the filters, and I'm working to make this better. I thank everyone who submitted samples. Feel free to continue sending them, but for now I think I have enough data to indicate where problems lie.

I have another filter rule in the works which (if it does not cause too many false positives) - will eliminate most of the type of spam that has slipped through the new filters.

Spam email reporting changes Jan 02 2002
spamcop@spamcop.net will be going away soon. It is being replaced by per-user reporting addresses. So each user will report spam to a customized reporting address which uniquely identifies them. Forwarded spam will generate a reply to the original registered account, not the account from which the mail was sent. Users who use the cut and paste method do not need to make any changes.

Check the top of this page for your personal spam-forwarding address.

Update: New filters fixed Nov 08 2001
I hear you! "The new filters suck", "Give me my money back", etc.. I know. I'm working on the system, the feedback has been very helpful. I found a major bug Monday which was causing filters to pass spam, it is now fixed.

I also have a few more tricks up my sleeve to help tighten things down. I hope you'll stay through these growing pains, but you are always welcome to a refund of any unused portion if you would rather terminate your account - just post in the forum as always..

If you get spam that has been passed by SpamCop since Monday, please forward it (with complete headers of course) to badfilter@admin.spamcop.net∞ I will be using these cases to find new ways to block spam without blocking legitimate mail. Please *do not* send important email to this address, as it may be deleted unread.

In addition to the beta test of the entirely new system, the SpamCop filters already in use will change effective immediately. These new rules are more accurate but less strict. This means fewer held messages with the possibility of a spam slipping through here or there. This change will give all users a taste of things to come.

Users who prefer less spam at the expense of more held mail should change their filter options to "Block all":

(This setting is controlled through your filter preferences normally)

Free SpamCop offline Friday Oct 30th 2001
I found member's email being delayed as a result of database activity. Barring free users from the site provides a temporary solution. Stay tuned for news on the permanent fix!

Blocked Senders reset ~ Sep 27th 2001
While rebuilding the database, I decided to purge old entries from users blocked-senders list. Only older, single (not domain-wide) entries have been removed.

Email filter downtime
Email filtering software crashed unexpectedly around 10PM EST, Sep 25. The system is currently working to deliver the backlog of stored email. No mail will be lost, but it may take some time to deliver it. New mail will be delivered concurrently with backlog, so new mail should go through relatively quickly.

I've been working on a new filtering system, and this problem was caused by errors in that new system.

My appologies to those affected by this problem.

More carnage
Someone at NYI kicked a power cord at 5:35pm PDT Sep 27th. Main DB server went down cold. Repairs take a very long time. Thinking about ways to reduce dependancy on mysql for large chunks of data, the main cause of long rebuild times. Everything is more or less back to normal as of midnight, 7.5 hours later. Appologies for the downtime.

SirCam Update / New Filtering Feature Sep 26 2001
SirCam continues to mutate, and I am always more interested in fixing a general problem than patching a transient one. So I have created a new feature which will allow greater control without the guesswork of blocking specific viruses.

This feature is attachment filtering. Filter users may now elect to avoid all costs associated with attachments by deleting them from inbound email. Users who don't want attachements of any kind (including SirCam) should activate this feature. In a few days, I'll see who has enabled this feature and credit only those accounts retroactively for large emails received in the past.

(This setting is contolled through your filter preferences normally)

Old SirCam news
Many members have been troubled by a large virus, sircam, eating their fuel. This virus has been blocked, mail from infected senders is being rejected as the senders are identified. These viruses will no longer show up in your held mail, nor will they use fuel.

I have decided to refund fuel for users who have been stung by this virus through no fault of their own. In total, I've given back over 1.5 GBytes of fuel! However, affected users are being asked (nay required) to foot the bill for up to 1MB each. This cost is real; although I don't want to wipe anyone out, I think it's fair that some fuel is spent on this problem. Telling which charges were caused by the virus is not an exact science, so some users may benefit erroniously from this fix. C'est la vie.. Billing records begining on July 20th have been taken into account.
More information on sircam virus∞

Upgrade and downtime Sep 26 2001
8/1/01 1:20pm: SpamCop's webservers have been upgraded from 128MB RAM each to 1GB. This should provide much better response and fewer "too busy" errors on monday mornings. Webservers experienced a short downtime during this upgrade and email delivery was delayed.

SpamCop open source
SpamCop's reporting engine (not the member email-management system) is now freely available under the GNU Public License.

Spamcop news server offlineJun 27 2001
The spamcop news server will be offline until tomorrow (Tuesday) morning (or thereabouts). Please hang in there, service will be restored ASAP. SpamCop itseslf should still be working normally.

Filter Bug FixesJun 22 2001
Some users have reported problems with their "held mail" counter falling out of sync with the report itself. This problem should now be fixed. In the process, I have done some cleanup and rearanging of the release/delete mail system. Please look for bugs and report them in the forum as usual! Jun 01 2001

Email delivery offline overnight
I turned off my monitoring script to do some testing, forgot to turn it on again and the filtering process died unexpectedly. Instead of being paged immediatly, I noticed the problem when I checked my mail this morning and found none. The backlogged 27,000 messages are being delivered now.
Update: Delivering the backlog is taking longer than expected, but I am now processing it concurrently with new incoming email. So new email will be delivered quickly while older email will be delivered on a delay. May 25 2001

Report history erased
I typed the wrong thing - erased all report history. I'm going to try to resurect it, but don't know if it's possible. Ack! Sorry!

SpamCon: San Francisco, 24-25 May
SpamCon 2001 is the first vendor-neutral spam conference for those most affected by its effects: Internet system administrators and email service companies. May 16 / 2001

Downtime - 5/9 8:15am - 2:00pm PST
I'm still not sure what caused all the problems (slowness continued long after downtime), but things seem to be returning to normal now. Sorry for the inconvenience.

Thanks to Tampa Bay Connect
Who provide hardware and hosting for the SpamCop news server. Check out their innovative SmartMail services! May 04 / 2001

Report History back online
Report history is rewritten and back online. Not as feature-rich as the previous version, but it taxes the server much less. More enhancements will be available eventually. Apr 04 / 2001

Overloaded server
Update: More SpamCop work is being moved onto three new FreeBSD servers (shagrat, shelob and saruman). Although only partially complete, things should already be faster for both paying and free users. Missing features and problem fixes will be online as I get time to work on them. Please be patient through this transition.

12midnight Mar 22 (23rd)

POP mail mangling fixed - changes to Email Log
The release mail function has changed slightly. When you select 'release', held mail is no longer delivered in 'real time': released messages may remain in your held mail log briefly. They will be delivered and marked as such ASAP. This new behavior fixes a bug which was causing corrupted mail for some high volume pop server users.

Short Downtime - 7:00 pm PST 2/27/01
Latest linux kernel (2.4.2) is now online. This may speed things up on Monday mornings.

Authorize senders fails - bug fixed 2/20/00
Authorizing senders through the email log was not having the correct effect. Senders authorized using the email log during the last week will need to be re-authorized. Sorry!

I never reproduced the bug personally, but as I understand it from others' descriptions, these blank mails were in addition to actual email. No actual mail was lost, you just got extra junk in addition.

Free users can't report spam - bug fixed. 2/18/00
Just when you think it's safe to step away from the bug reports. You create a new bug. Or at least that's how it works for me. Sorry free users!

SpamCop is upgraded and running normally - where normally is defined as slightly less than total chaos. I'm glad to have the upgrade done, and I'll be posting more information on new features and a schedule for bringing back some of the peripheral data (report history for members, statistics). Please be patient. I'm sure there are bugs, and I'll be fixing them ASAP. This upgrade is mainly a back-end change. That's why the report history is gone, but why you don't see too many changes in the user interface. These changes will facilitate many more enhancements over the coming months.

Problems: Some email which was held as spam may be only partially saved. In some cases, you'll only see the headers in your email log. In other cases, the end of the mail will be chopped. This problem is now fixed.

New version of MySQL 2/14/01
SpamCop's database is powered by MySQL∞. It is newly upgraded to version 3.23.33.

Downtime: 10:29am - 1:00pm EST, Sep 11th 2000
"Power problems" at nyi.net caused an hour of downtime, followed by more downtime recovering databases afterwards. Uptime was 60 days previous to this.

New news server: Please update your newsreader.
Please update your newsreader software to use the new SpamCop news server (news2.spamcop.net∞). Posting has been disabled on the original system, so your posts will not show up unless you use the new system.

A new, majordomo-based email mirror will soon be available for those without "real" NNTP access. Watch this space for details.

Downtime: From 15/Apr/2000:08:43:14 -0700 to 15/Apr/2000:11:25:03 -0700.
The site was "up", but it's network connection was down. No email should be lost or bounced. Some mail will be delayed. Sorry for the inconvenience.

3/29/2000 SpamCop causing duplicate emails
.. again. The morning of March 13th brought a shadow of the duplicate email problem. Some messages were sent twice. The underlying problem was different and has been fixed.

Recently (Friday, March 3rd), I introduced a bug which caused the SpamCop filters to deliver multiple copies of email to many users. The bug has been fixed and I have also credited everyone with an extra 50K of fuel to make up for any lost fuel. This will be a net positive for most everyone. If you think you lost more fuel, please feel free to contact me∞.

Small changes 26-Feb-2000: Several bugs have been fixed recently. Abuse.net checking is back online. A problem with the email interface has been fixed. There is a new FAQ entry∞ for Eudora users who are having trouble with the new, strict HTML email validation rules. More information in the forum as always.

Email processing offline: Back online now (22 Feb 2000)
Just as I decided to go away for the long weekend, the email processor decided to quit. The filters were offline for a little over 24 hours, for which I am both sorry and embarrassed. However, no email was lost - just delayed - and SpamCop is now back to it's normal turnaround time.

2/11/2000:

Extra reporting address for members: Send reports to anyone by default
To make up for taking away the uce@ftc.gov option, I have added an advanced preference for sending copies of your spam to any one or more email addresses. You can include uce@ftc.gov or any other address you want to get copies of your spam.

Removed FTC, added default Spam Recycling Center options on reporting page.
Members no longer get an FTC option by default, but they may of course add any email address to their reports that they want. Members and free users now have the ability to send reports to the Spam Recycling Center∞. This option is selected by default, but it is still optional. You should familiarize yourself with the goals and methods of the SRC if you are concerned about how this data is used before you choose to send your spam.

Improved Held Mail log: New features save time
Members now have a new, improved log for reviewing and releasing held email. You can filter your mail log by several additional criteria. You can also release and/or delete multiple messages at once. 1/17/2000:

More filter tightening
I just added another blocking rule. Previously, only the original source of email was compared against the ORBS relay database. Now, every server which handles email is checked against ORBS. This should help the filters stop a lot of spam with few civilian casualties.

Dump AOL, get mindspring: AOL users, free yourselves from tyranny!
I couldn't resist posting this. Please, help punish AOL for their spam-friendly policies. AOL is not only to blame for huge quantities of outgoing spam, they also spam their own customers incessantly. Help send them a message. Mindspring is running a special offer to help you switch away from AOL painlessly.

HTML email sterilization: Preserve your security and privacy
Members; SpamCop filters now include an optional HTML email sterilization feature to counter HTML email threats including involuntary return-receipts and scripting problems. This feature is still BETA, but it's fairly simple and seems stable enough. Click above to read more and activate this feature. Please report any problems in the forum. 12/20/1999:

More algorithm updates: A slight tightening move
For those using the filters, you may remember a week or so ago, I changed how the filters worked. While I am mainly pleased with the new system, I found that spam was slipping through too often. I am now concentrating on correcting this. I have added back a check for the IP address's past spam history as well as the ISP's history. I hope this will help keep persistent spam sources blocked when contact information changes. - ISPs are identified by unique contact address and thus can lose their history when they change configuration.

I am also improving my own tracking tools so that I can gather better statistics on both erroneously held legitimate email as well as erroneously passed spam. 12/16/1999:

Address-finding algorithm changes (mainly affects members)
SpamCop is now using a more conservative method for finding responsible party email addresses. This is a kinder, gentler and surprisingly more effective way of getting spam complaints addressed. While there are frequently changes to spamcop which result in different handling of certain issues, this change is important because it effectively divides the internet into a much larger number of sub-networks.

What this means to you: Over the next few days, some spam may slip through the filters as we re-populate the database for known spam sources who have new reporting information. Over the long term, I hope this new system will allow more accurate identification of common spammers, and less filtering of innocent networks. Time will tell, and your feedback is always welcome in the forum. You can also get more technical details by reading the current forum posts.

sometime:

Web archive: Forum messages available from the web
The navigation is rather clumsy, but may be an alternative for people who are not able to use NNTP. Only the main group and the geeks group are archived on the web site currently. Index files are updated nightly. 10/4/1999:

New Version: Version 1.2
Ran through a final checklist of tests, and put the new version on-line. I will be monitoring the system and the forum closely for bug reports. Check out the changes document to see what's new.
Update: As the new system imports emails from your email list, it re-numbers them. The URLs embedded in email passed before the switchover will not work.

Email interface is back! No more cutting and pasting!
BETA! Please post any problems or feature requests in the forum. You can now forward your spam to spamcop@spamcop.net. This works for members and free users.

The best way to use it is to attach each spam as a mime attachment. Some other formats are supported also.
You will get an auto-response with a special link for each spam.
You must click these URLs and report the spam (or not) within one hour.
This basically requires an email client that does a good job of preserving long lines and URLs. So far, I have tested it with Netscape Communicator 4.51. HTML capable email clients should work fine.
If you do not take action within one hour, the spam will be discarded and no spam report will be filed.
If there is nothing recognizeable as email in your email, you will not get an auto-reply at all *unless* you use the subject line "reply anyway" - then you will get an email "spamcop processed zero.."

POP3 support
SpamCop now has POP3 support for members. If you want to use the spamcop filters but have not been able to because you cannot forward your mail, this *may* solve the problem (not for AOL users, apparently).

Privacy Bug
Last night (6/2/1999 ~11pm PDT), I introduced a new version of SpamCop which required all the free users to verify their return address. I also re-wrote a few other things. Something I broke in the process was this:

Complaints sent by members during the period this was live went out with their *secret* email address as the "from" on the complaint email. This was a big mistake on my part, and I appologize. The problem is now fixed, and I hope that this will not result in compromised secrets. From my own experience, I have never seen any adverse mailings in response to spam reports, so I don't feel there will be any fall-out from this. Again, I am sorry for the mistake. I fixed it as soon as I found out about it this morning.

6/2/199 (this is out of date now - emails are authenticated only)

Wiki Edit note: the following/remaining entries drop some indented bullet <LI>tags seen in the original

No more cookies If you don't subscribe, and you want SpamCop to fill in your correct address when you return, please use this handy form, then bookmark the resulting page. This bookmark will recall your email address.

There have been security/cacheing problems with the cookie system.

5/20/1999

New FAQ entries:
When do my credits get used?∞
How can I effectively manage the SpamCop filters?∞
When using the filters, how do I manage the blocked mail?∞
What is all the information I see in my filter log?∞
4/28/1999

Bug Fixed
I have declared this long-standing bug fixed. I have given everybody 50 credits to make up for any possible rip-off you may have experienced. This should be more than anyone actually did get ripped off, but I could be wrong. If you feel you have lost more than 50 credits due to the recent bug, please let me know. For those of you who didn't lose that many, just think of this as my way of saying thanks for hanging in there!

4/24/1999
Bug Hunt In Progress (closed as of 4/24)
Is it fixed? Have you been bitten in the last 24 hours? If you are sure you have, please let me know! Remember to include your username so I can investigate.

Members! You may notice your credits going away when you have not used them. This is a BUG, and I am aware of it. However it is so rare that it's very hard to track down. I am working on it, and I hope to have a solution soon. Once I'm sure the problem is resolved, I will be turning back the clock on everyone's credits, so don't worry about that part of it. I am also sure this does not present a security risk. Thank you for your patience during this transition, and enjoy the new features in version 1.1.

4/21/1999
v1.1.1 Fixed bug which left recip's addr. unconcealed. Added version to X-Mailer header in complaint. Nasty bug is gone (or at least dealt-with) - I think.

4/18/1999
New Version 1.1:
This new version has some changes. SpamCop now picks out web sites mentioned in the spam and offers to send complaints to their masters. Also, the complaint email is hidden . This saves bandwidth, and it is a feature which is here to stay. However, I have also added a separate ability to preview the complaint to make up for this. Currently, this preview only shows you the form-letter without the full information filled in. I will be improving this feature to show you a real WYSIWYG preview. This beta is just the beginning of several other much-requested features. As always, if you have comments or questions, please put them in the forum. Also, if you want information on the latest changes, the forum is the place to look.
4/17/1999
New version online
This new version (1.1) will send email to web-hosts and email source ISPs all in one shot. This has been a feature requested over and over for a long time, and I finally got around to building it. This is a beta, so don't expect it to be perfect, and PLEASE report any problems by posting a message in the forum. Please don't ask for features. I know what's missing. I just want to test what's there now. Thanks, and enjoy!

3/20/1999

Several recent changes to the NTTP parsing routines make news-group spam reporting much more reliable.

2/26/1999

Still confused about how the filters work? I've created a nice flowchart∞ to help describe the system.
New feature to support the filtering system (for members who use filtering). Now you can import your entire address book to the white list. If you want to ensure that your regular coorespondants' email is not detained, you should use this feature now∞.

2/22/1999

Take a tour of the new subscription system. Just log in with the username "demo" and password "demo".

2/21/1999

"Subscribe Now" document updated. Originally, I made it seem that subscription REQUIRED the use of a spamcop.net email address. This is not true. You can use the new email address if and when you want. Subscribers can still report spam the same as ever, no matter where it was received.

2/20/1999

Notable bug-fix. For those of you having trouble with SpamCop and Netscape 3.0, read my post on the subject.

2/19/1999
Finally, It's here! Subscription system is now online. Get your own, filtered email processing account. I have been using the system for some time with great success. Spam is blocked, legitimate email gets through OK. Easy reporting shows you what email has been blocked, and gives you a choice between releasing it or reporting it.

Subscribe Today!∞

2/12/1999
Please be patient! Subscription system will be online soon.
2/9/1999

∞
Snazzy little "netscape now" logo. Get 'em while they're hot! Look for some other cool pix with the new site design. All courtesy of friend and artist, Jason Little. Here's how to use the logo on your web page:

<a href="http://spamcop.net/">
<img src="http://spamcop.net/images/spamcop.gif" width=90 height=30 border=0></a>

Of course, you are also free to copy the image to your server.

2/2/1999

Well, it turns out I have to open a seperate, "business" bank account or mastercard & visa won't give me the time of day. I can't wait for these obsolete dinosaurs to go belly up! What crap. Anyway, more delays. Let's hear it for e-cash! If the europeans can do it, why can't we? 'cause then the CC companies wouldn't get their 2.5%, that's why.

1/29/1999

How would you like your own SpamCop-filtered email address? Check out my post∞ for all the details.
Hit-counter broke 100,000 today. How long until 1 million?

1/25/1999

I have the subscription page all set up & working with a user database and CyberCash. Now, I just have to wait for Nova - big surprise. I'm getting some real artwork done for the commercial flavor of spamcop. Now we'll get to see what this SpamCop guy actually looks like!
Unimportant news - bugfixes and the like will no longer be seen in this space. I'm going to start posting these things to the forum instead, so if you care about that stuff, check the forum for new posts.
Well, I finally got around to fixing some of the problems with the new email interface. If you tried it today and it didn't work AND you were using it correctly (including all the headers), you may get a duplicate response. I used the failures from today to fix the problems, and I re-processed some of them. There were ALOT of failures that didn't include the full headers. I deleted these. You have to include the full headers.

1/23/1999

Fixed HostTracker to ignore port numbers in URL.
Changed spamcop's URL from /spamcop.shtml to /spamcop/ . Update your bookmarks if you care. If you don't you'll suffer a re-direct every time you hit the page. I don't know why I should care about redirects - Micro$oft will redirect you 2-3 times per page-hit and they don't seem to care.

1/22/1999

Fixed HostTracker to look for an email address's Mail eXchanger instead of just assuming that the SLD (Second Level Domain) will have a host associated with it.

1/21/1999

Fixed another problem with the new spamcop-fooling fake AOL headers - when this spam was submited by someone AT AOL, spamcop was picking the fake headers over the real ones - that's now fixed.
Thanks to everyone for all the input on $$ issue. It has helped me see that most of you probably don't want to pay, but that a certain amount of you would pay something.

The debate rages on in the forum, but I have pretty much decided to release the source code as I go commercial. I think this will satisfy the poor do-it-yourselfers and the rich "just do it" type users, while paying me for my time and reducing the bandwidth (or at least paying for it). Check out my post "Re: NO! (OPEN SOURCE)" in the forum for details. I won't promise to follow the GNU license to the letter, but it'll be close. I will probably charge for commercial use. It would really sting to release my source and find Microsoft using it on hotmail for free - they should pay big bucks (as many of you have pointed out).

1/20/1999

Free service will end. Please read my post in the forum "How much would you pay?" (no longer there) and give me feedback.
Concealed recipient addresses when a spam header is loaded from a tracking url.
Another spamcop-defeating spam arrived in my inbox today, and I patched around it. It was almost as if the spammer (who shall remain nameless) was sending it to me first so that I COULD patch it! Anyway, this 'exploit' took advantage of my AOL-handling code which takes headers from the END of the email in preference to headers at the begining. Now I check to make sure the headers at the end are the ONLY set of headers before I trust 'em.

1/19/1999

Added a feature to search the spam's body for email addresses and web-site urls, linking this to the host-tracking feature so you can easilly send complaints to the admins of related hosts. Of course, spamcop will not phrase the email for you, since I really have no evidence of wrong-doing. For example, the spam I used to test this feature has a link in it to www.senate.gov. I would feel pretty foolish complaining to them about some spamming incident.

1/18/1999

Added a host-tracking feature, which lets you skip the whole header anylysis and go straight to finding an admin for a specific hostname. (like www.spamhaus.com). However, I will not create a complaint for you in this case. I have no evidence, so I don't want to make any accusations.
FAQ updated: Added back the bbs functionality as the SpamCop Forum∞. I will be responding to email ONLY through the forum from now on. I want everyone to benefit from the exchanges I have with users. Lurkers and newbies will benefit from seeing what others are saying.
The new email interface seems to be holding up fine. Not as many people trying it out as I had expected, and those who are seem to be having trouble getting the full headers included. This is the story of my life, it seems. I guess this is not such an easy thing to do from many email programs. Get Netscape and it works like a charm. Multiple reports at once, I tell ya! Those of you who have tried it, please let me know if the system isn't working right.
Fixed a few new bugs reported by users & admins. Abuse.net lookup was failing for some reason, and there were some flaws in my one mammoth conditional which parses the received lines itself. This is a single conditional which spans 44 lines of code. To give you a taste, here is part of it:

	((($rline =~ m/
	    from(?:\s?[-\_\.a-zA-Z0-9]{4,75}\s?\s?[\[\(]{1,3}
		 (?:IDENT:)?
		 (?:HELO\s?)?
		 (?:\w{3,75}\@)?
		 (?:peer\scrosschecked\sas:)?
		 ([-\_\.a-zA-Z0-9]{1,75})
		 )? # determined name (optional)
	    /oxms) &&
	  ($newname = $1)) ||
	 # just set it to null and give a warning - no biggie
	 (($newname = '') || message("no auth from"))) &&

Pretty, ain't it? The code is finally getting to a point where I'm not actively ashamed of it, but I'm not releasing the full code either, so don't ask.

1/17/1999

It's here! SpamCop now has a beta email interface. Simply forward your spam to: spam@julianhaight.com∞. Of course, you still have to make sure you have all the headers. The best way to do this is to setup your mailer to forward messages as MIME attachments. This works great for my email system - netscape 4.5. Using this system, you can open a new message to SpamCop and just drag each spam to the attachments section. You can send multiple spams in one report, and spamcop will reply with an aggregate report of action taken. The output resembles the HTML output you know and <cough> love. However, one drawback is you don't get a chance to second-guess spamcop before the complaint is sent, so if there are problems parsing the email it's possible your sysadmin will get the complaint instead of the perp's isp. If this is your first time using SpamCop, it's a good idea to use the web interface a couple of times before you go for the email interface.
For some time, I have been concerned that spamcop would defeat a legitimate email sender's right to send anonymously. I've even considered implementing a companion product that would send email anonymously from my server (but prevent spamming). I have just become aware of a service which does just this. I haven't given it a thorough test yet, but I assume this program will defeat spamcop - or any other software's ability to track email. Check it out: Anonymizer Email (secure)∞ (insecure)∞
Major overhauls continue. If you have problems, use the old version. I'm doing some early work on the email interface. There will probably be a free beta testing period for that, but then I will require $$ for use. The web version will remain free.
Saw the first spam which looked like it was made specifically to fool (crash) spamcop - this is a received line with a huge row of xxxxs. Here's where the internet nature of spamcop really shines. I can fix something like this and not worry about getting a 'patch/new version' out to all the users. I can see that some spammers are aware of spamcop and trying specifically to defeat it. Haha. *I* know how to fool spamcop 100%, but so far I haven't seen anyone using this method. I leave it as an excercise for the student...

1/15/1999

Thanks in part to the new overhaul, I was able to add a new feature on the spur of the moment. There are no longer any REAL annonymous complaints. All email received regarding spam is now cataloged by tracking number, in effect giving each user a drop-box for each spam reported. Use the tracking URL to read replies to your complaint with no fear of anyone finding out your REAL address. Use anon mode without those pesky warnings.

1/14/1999

Just finished a major overhaul of the code. This should be invisible to users, but I've called it BETA, and I've given users the ability to use the old version instead if they have problems. Please be extra careful to make sure that it targets the right place before you send a complaint. If you have problems with THIS VERSION which don't show up on the OLD VERSION, I would be very interested to hear about it. I'm not so interested in problems that occur in both versions, and I'm certainly not concerned with problems that happen only with the OLD version.

This overhaul was a long time in coming. Forget Object Oriented Programming, spamcop wasn't even Function Oriented until today! This may be a bit of an exaggeration, but not really. All the modifications I had been doing were just making the code into one, giant, long procedure. The new style will facilitate many of the improvements I have planned for the future:

Email interface (just forward your spam to spamcop).
Inline website/email link persecutor (click here to complain to the administrator of this site).
Arbitrary IP/host tracker (without email ability).

In other news, I noticed that somebody registered the domain name "spamcop.com". Don't be confused by imitations! You know where to get the real deal.

Fixed up the ripe.net search routine.

1/13/1999

Email to anything@nic.dtag.de is prohibited now too. In this case, try ripe.net instead.

1/6/1999
Privacy Issues Day

<+privacy>Implemented a feature to conceal the recipients email address in copied headers.
<-privacy>Got a disturbing email from a system administrator who says that ANONYMOUS COMPLAINTS WILL BE IGNORED. Check out the faq∞ for more information on this. I adding a warning message to this effect.

1/4/1999

Made generic parsing of IPs more restrictive again to avoid other random numbers.

1/1/1999

Happy new year!
Added a new FAQ entry describing one way to use the new URL tracking feature.
Added a major new feature, which will be helpful for confused ISPs and useful for me whilst responding to your questions and problems. Every spam's header is logged and tracked by a unique ID. When you submit a spam you are given a unique URL to recall that parsing session. This URL is also included in the complaint email so that the complainee can see why we targeted them. If you contact me regarding a specific problem with spamcop you MUST include this URL or the full headers of the spam.
Moved the cgi itself from /fastperl/spamkiller to /fastperl/spamcop. Nobody should notice this change, but it makes the above tracking URL look nicer.

12/28/1998

Fixed parsing of strangely indented hotmail text.
Fixed new generic parsing to avoid other random numbers in the header like smtp version numbers.

12/26/1998

Implemented timing of script. Number of seconds to process the spam and find the abuse address are logged and reported.

12/24/1998

Introduced new, generic parsing routine. I will be phasing out the type 1-6 parsing routines in favor of this new one.
Refined off-limits fix from yesterday.

12/23/1998

Fixed checking of abuse address against a list of off-limits domains. These include internic.net, ripe.net, arin.net etc.
Added support for checking whois.arin.net as a source of admin email addresses.

12/17/1998

Got a reply from eni.net that our #1 bad guy (209.101.230.*) has been eliminated! If they had been reading their mail in November we could have shut them down a long time ago.
Made another not-so-nice phone call to the tech support guy at bellsouth.net. Still nothing good to report there.

12/16/1998

Fixed parsing of wierd-o msn.com Received line:

Received: from msn.com - 207.68.152.48 by email.msn.com with Microsoft SMTPSVC;

Wed, 16 Dec 1998 01:30:49 -0800

12/15/1998

Personally called the ISPs responsible for our top-ranking evil IP addresses. eni.net (aka hlc.net) promised to take action. The response from bellsouth.net was less helpful, but I'm still waiting for a response to my email.
Fixed up some of the parsing to be more permisive of messed-up headers, fixed a bug in the new header-de-mangling routine to keep it from adding extra blank lines into the header.

12/14/1998

Since the dawn of time, I have seen people pasting headers into SpamCop which have all the right information except the new-line characters. While this is really a problem at the user's end (AOL), I have implemented an algorithm which detects and compensates it. However, the algorithm is pretty fuzzy (it's possible it could just make things worse). If you see the message "Inserting new-lines in mangled header", you should figure out what's wrong and fix it on your end - theoretically.

12/10/1998

No longer automatically assume second-level domain when defaulting to postmaster@. Example: postmaster@uninet.net.mx rather than postmaster@net.mx.

12/9/1998

Made SpamCop more discriminate about the complaint addresses it will use. Robert Z. noticed a problem where leapfrog@com was used as the complaint address.

12/8/1998

Default complaint address is now postmaster@domain, not abuse@domain, the way abuse.net recommends. Updated the FAQ to reflect new policy on bounced complaints. Please do not send me bounces.

12/7/1998

Decreased timeout and retry values for nslookup and dig. Queries against uncooperative servers will now take MUCH less time to fail (6 seconds). Hopefully, good servers will still respond in time.

12/6/1998

If you leave the email address field blank, SpamCop will now use nobody@julianhaight.com as the 'From' on your complaint - an invalid address. A paragraph will be pre-pended to the complaint message:

*** WARNING:
The return address of this email is not valid.  The user sending this mail 
wishes to remain anonymous.  Replies will bounce!

If you feel you have received this email in error, you may contact the author
of the software which generated (and anonymized) the email:
Julian Haight julian@julianhaight.com .

This is a change from previous behavior where a valid account was used as the return address. I did this because I was getting so much worthless crap at the spambait address and I never had time to read it anyway.

Major cleanup of my usage of abuse.net. I no longer bounce complaints through abuse.net (mailto:domain.com@abuse.net). Instead I do a database lookup on abuse.net to see if they have a name on file (whois domain.com@whois.abuse.net). If they don't have a definitive address, I go with my own guesses (SOA + abuse@domain.com). If they have an address, I use that address ONLY. So, I find abuse addresses in this order:

Hard-coded exceptions (all hotmail mail gets CCed to abuse@hotmail.com)
My own internal table (hostmaster@uu.net = abuse-mail@uu.net).
Abuse.net (uu.net = fraud@uu.net)
My best-guess addresses (SOA-hostmaster@domain.com, abuse@domain.com).

I hope this will reduce the amount of email sent while still targeting the correct party. It also reduces the amount of crap I receive back from abuse.net, a real benefit for me.

12/5/1998

After much procrastination and debate, I have switched to using PSI net's recommended method for reporting spam - namely, I now use the spam's subject as the the complaint subject. This aids PSI in 'fingerprinting' the spam. Hopefully it won't confuse other ISPs.

12/3/1998

Well, spamcop is getting more and more popular. I'm feeling a bit swamped with email. I've updated some of the text and links on the site, and I've added a much-needed FAQ. Some highlights:
- I don't want to hear about email that bounces.
- How to get those dang headers.

11/24/1998

Disabled the mail-queue page. No one seemed particularly interested, and I wanted to protect the privacy of other users on the system.
Fixed the hostmaster/ip statistics compilation module. It only records ACTUAL complaints, not just successful parses.
Reset the complaint statistic database too. For the record, the top domains before I reset were:
1. uu.net (249 complaints)
2. att.net (95 complaints)
3. bellsouth.net (89 complaints)
4. compuserve.net (74 complaints)
5. psi.com (68 complaints)
6. cwix.net (67 complaints)
7. aol.net (46 complaints)
8. tv-asahi.co.jp (34 complaints)
Fixed the parsing of type 4 headers to be a bit more general.

11/19/1998

Added IP tracking to statistics page.
Major change in the parsing sytem: automatically 'trusts' the first recieved line. This should speed up parsing and prevent some problems for people who are inside badly-configured networks.
Fixed a bug where NNTP parsing could accuse an invalid IP - 127.0.0.1 for example.

11/18/1998

Fixed a bug in the type 2 received line parsing which caused spamcop to mistake a FOR clause for a FROM IP address. Thanks, Luc for pointing this out.

11/15/1998

Mail sent by spamcop is now traceable back to the originating IP. Before today, complaints were effectively annonymized (except for my logs). Now I create a received line for the complaint request in the same format that HotMail uses when they send mail. This identifies the user's true location to anyone that cares. This will prevent the possiblity of abuse through spamcop.
On the same note, I generalized the parsing of hotmail-style received lines to allow any server (including my own), not just hotmail's. A spamcop complaint fed into spamcop will result in an accurate target of the user involved, not a target on my server.
Added another well-known abuse address: hostmaster@bellsouth.net = abuse@bellsouth.net also: root@rhea.saturn.bbn.com = abuse@bbnplanet.com
Now continues parsing received lines until the end of header. Previously, I wold quit if I found a Date field. Just saw a couple of legit headers that have Recieved lines after the Date.
Added a feature to count the number of complaints sent to each net-admin address. Check out Complaint Totals∞.
Well, the banner ads are back. I'm getting enough hits now that I think I might actually make a buck or two this way. Ironically, the first ad I got from my ad-provider is one promoting the spamming of "friends and family". HA!

11/10/1998

Added another "Received" format - type 7 (AltaVista Mail) (from [IP](HELO PNAME) by SERVER ...; DATE). Thanks Hank for bringing this one to my attention.

11/8/1998

Fixed the null-email field cookie-setting algorythm so that you don't actually wind up with "spambait@julianhaight.com" in your email field. It should remain blank now if that's how you set it.
Later, I fixed a bug that I introduced fixing the null-email bug which failed to print the HTTP and HTML header on the final step. Thanks to Keith and David for pointing it out.

11/6/1998

Added another "Received" format - type 6 (by SERVER from NAME [IP] ..; DATE). Saw this one come in from an anonymous user tagged as SLmail 3.0.2423.

11/5/1998

Fixed a bug in the NEW USENET PARSING. It was always expecting an IP in the NNTP-Posting-Host field. Of course, you can also have an FQN. See, I told you it was beta.

11/4/1998

FINALLY! SpamCop now supports usenet (news group) spam, otherwise known as Velveta. Parsing of the NNTP-Posting-Host field is supported. This feature is considered BETA, so use it at your own risk, and please let me know of any problems.

11/1/1998

Made sure that the headers will always be the first thing quoted from the offending email, even if they are pasted into spamcop last (like from an AOL mail client).
Added a warning message to discourage spam-repellant. Please leave field blank instead.

10/31/1998: (mod 11/6/1998)

By default, spamcop no longer CCs you the complaint as it is sent. You may still request a CC by entering "cc:" before your email address, like this:

DO NOT put anyone's address in this field EXCEPT YOUR OWN. This is where the email is FROM, not just a CC field.

You may also leave this field blank. Spamcop will send complaints FROM spambait@julianhaight.com - a valid email account on this server. I will peruse the responses from time to time, but don't expect real personal service. This is simply a better alternative to using a fake address.

10/24/1998:

Hardcoded abuse addresses for often-failing dns-admin@dialsprint.net (abuse@sprint.net) and root@bigguy.gte.net (abuse@gte.net).

10/23/1998:

NEW! Mail Queue (now defunct) This is a list of all the email waiting to be delivered. See what happens to your complaint after you fire it off.

10/22/1998:

Fixed IP lookups through arin database. (IP@whois.arin.net)

10/6/1998:

Added support for IPs under kr TLD. (IP@whois.krnic.net).

10/4/1998:

FAQ report: Here's a pretty common email: Q: Subject: bad address in your database.
FYI: Here is the header from a returned message that bounced back to me, after using SpamCop to send a spam notice...

A: Don't worry about this stuff. I don't maintain a 'database' per se. I try 3 places to send complaints. sometimes one (or even two) of the three will bounce. It's not really a 'problem'; however, I'm thinking about adding a feature where you can disable sending to either address on a case-by-case basis. the abuse@ address is probably the most likely to fail, becuase it's just an agreed-upon 'standard' complaint-line. I don't know for sure that it exists at the domain I'm sending to. The other address - "SOA" - is supposed to be correct, however it is sometimes woefully out of date, or simply missing altogether. You will usually get through on one or the other and if that dosn't work, the third - @abuse.net will hopefully find the right person. Perhaps I should maintain a database of these places, but that means I'd have to keep it up to date, which is more time than I want to spend. For now, see the next item - I only plan to update this DB with the biggest ISP's - not every mom-and-pop. You just have to put up with the bounces, or lie about your address so you never get any mail from spam-cop sources.

Added a long-overdue feature so that spam cop 'knows' about the main ISP's abuse addresses (currently uu.net, psi.com, sprint.net, netcom.com). When one of these ISPs is to blame, we send email only to the official email abuse address and forgo the usual abuse@, SOA address and @abuse.net addresses. This should cut down on a lot of bounces.

If you want to recommend an abuse address for this list, be sure to include the address that spamcop comes up with 'naturally' as well as the new official abuse address.

10/1/1998:

Fixed a problem that I introduced recently - I'd give up too soon, when I hit the "Message-Id:" field. Now I put it back to looking only for the "Date:" field.

9/29/1998:

Something I did earlier must have screwed up the netscape header parsing - at least to the point where I couldn't find the Subject line (for the archive). Fixed that bug thanks to a tip from a user.

9/28/1998:

Expanded domains which are off-limits to complaints - added nic.uk, co.uk, ripe.net, apnic.net, arin.net to the already existing internic.net.

9/23/1998:

More minor improvements to the reverse-DNS lookups

9/22/1998:
When getting domain name, try an nslookup before resorting to DIG.
Added another backup method for finding a domain for an ip - "whois IP@whois.arin.net". Right now this method is a last-ditch, but I may make it the preferred method.

9/18/1998:

Ditched the banner ads - I made $4 in a month and pay $200 in the same time. Feel free to send money.
Made spamcop slightly more permisive in parsing type 1 headers, also let it use non-reverse DNS matching to verify the Received chain.

9/15/1998:

Fixed a problem that was causing Spam Cop to notify administrators in domains that are mearly providing secondary DNS for spam IPs. When I can't find an SOA for an IP now, I use the first ANY record to determine the domain, then get the SOA for that domain.

9/13/1998:

Added support for a 'type 5' received line. Looks like this: Received: from 128.0.0.4 (actually host-209-214-13-81.pbi.applesouth.net) by george (PP) with SMTP; Sun, 13 Sep 1998 06:21:07 +0100

9/9/1998:

Added explicit support for hotmail. We now notify abuse@hotmail.com so that the hotmail account will get yanked as well as the ISP used to connect to hotmail. This should surprise some spammers!
Fixed a bug that falsely notified ISI.EDU of spam that wasn't their fault. (Sorry, it won't happen again.)

9/8/1998:

Added an explict message for people who don't give me the full headers.
Small change to the hostmaster-finding algorythm so that it fails gracefully to a default "postmaster@" instead of refusing to continue.

9/7/1998:

Removed much of the logging. I am receiving about a megabyte of spam a day through spam cop. I can no longer personally check on the accuracy of spam cop's determinations, so I will no longer be keeping full headers on the spam that spam cop parses correctly. I am still logging and investigateing spam that spam cop is unable to parse correctly. I am now counting on you, the user, to notify me if you see something that dosn't look right.

9/6/1998:

Spam library∞ - all the spam recorded so far.
Spam Killer is now Spam Cop so as not to conflict with previously-existing spamkiller∞
AOL message-then-header format will autodetect
Removed a feature which prevented sending mail to your own domain's administrator - members of large domains (aol, uunet) will often get spam from other users in their domain.

9/1/1998:

In addition to the SOA contact, Spam Cop now automatically emails the 'standard' abuse address, abuse@.

dawn/of/time:

Netscape Bizaro format headers will autodetect
Added a page of feedback I've gotten from system admins and users

Source page: http://www.spamcop.net/spamnews.shtml∞

Content editing for Wiki formatting may have changed some display functions (buttons using FORM data, specifically) but no words were changed, added or deleted (possible alternate 'views of buttons' excepted)

CategorySpamCop

SpamCopWiki : CopyOfOldSpamCopNewsPage

SpamCop News page - Archived copy