NOTE: The opinions expressed on this page are those of the author and not of SpamCop.
Greetings! I've been a SpamCop user for nearly a decade (and about 100,000 spams, by a rough count). I've also been actively pursing the study of spam for at least this long, and have posted a lot of possibly useful info for your perusal at my personal website http://www.rickconner.net/spamweb/∞.
To me, SpamCop is a way to add my voice to those of many others who wish to see the spam problem brought to heel. SpamCop is one of the few truly adult ways to deal with the spam problem; it simply collects and verifies information about spam deliveries, reports this information to the proper channels, and makes it available to others (via the SpamCop Blocking List) for their own voluntary spam-blocking purposes. Despite what some critics (mainly spammers, I suspect) would have you believe, SpamCop
does not block mail for anyone (except for SpamCop or SCBL users who opt for such blocking);
does not (cannot, really) magically close down websites or mailing operations halfway around the world;
does not attack providers through spurious internet traffic, denial of service, or similar means; and,
does not burden innocent users for the sake of its own customers (unlike, for example, challenge/response spam filters).
I've found it very interesting to read some of the other posts in this category, and I hope my own contribution will also be of help. I don't think that I do anything particularly tricky within SpamCop, but on the other hand, having used SpamCop for such a long time, I know where a lot of potentially useful nuggets are buried; since finding some of these features is not as easy as it might be, the info I present here may be useful to you.
Therefore, this page will be a bit detailed; I hope it will not be too confusing, but as I said, I want to include some items that are not well documented elsewhere. Feel free just to skim for what you find useful.
On this page, I will cover:
How I forward my mail from my personal addresses into SpamCop for filtering.
How I pick up the (non-spam) mail that SpamCop releases for delivery.
What I do with my addresses that are not forwarded to SpamCop so that I can report the occasional spam through SpamCop "by hand."
What I do in checking my spam queue and reporting spams using SpamCop VER.
A bit about changing your baseline SpamCop filtering setup to lower your false-negative ("spam leakage") rate.
A bit about reporting spam websites that SpamCop can't or won't trace.
Some interesting features of SpamCop that not all users may know about.
Mail forwarding setup: Getting my mail in and out of SpamCop
As a subscriber to the "SpamCop E-Mail System for Individuals∞" (aka "the paid service"), I have been assigned an e-mail address in the spamcop.net domain. Any mail that is sent to (or forwarded to) this address will be automatically passed through SpamCop's filters. Any of this mail that SpamCop suspects to be spam is held for me to report at my leisure. The rest of the mail (presumably purged of spam) is released for delivery or pickup.
This kind of use requires (1) that I have a means to feed my incoming mail into SpamCop, and (2) that I also have a way to pick up the non-spam e-mail that SpamCop releases for delivery. First I will describe how I get the mail INTO SpamCop, then how I get the cleaned mail back OUT OF SpamCop and onto my computer.
Getting my mail INTO SpamCop (via SMTP forwarding)
I forward all mail received at two of my personal addresses to my SpamCop address for filtering. Generally you do not have to do much within SpamCop to set up this forwarding, except that you do need to put these addresses through the dreaded Mailhosts Configuration∞ process, which I will describe in more detail a bit later.
Outside of SpamCop, however, you do have to instruct your ISP to forward the mail to your SpamCop address. How you do this depends upon your provider's setup:
I have an account at a Major Retail ISP That Shall Remain Nameless; it is a very old address and is the source of most of my incoming spam. To forward mail from this account to SpamCop, I went to the ISP's website, logged in securely to reach my account setup page, and then used a mail forwarding tool found there. This is probably the route that most SpamCop users would follow to forward mail from their own personal accounts.
I have also recently begun filtering a very old Unix shell account that I've had for awhile; I set up the forwarding from this account by logging into the shell and setting up the customary Unix .forward file. That is, I created a file named .forward (note the leading dot) on my home directory and typed my SpamCop address verbatim into this file. When it has mail to deliver to me, the ISP's mail delivery server reads this file and then automatically forwards all incoming mail to the SpamCop address instead of my local mail spool file.
FYI: The .forward file is a very old and established procedure on Unix systems. You can actually make it do many more tricks than simply forwarding to a single address. Here's a link to feep.net∞ with more information on the setup and use of .forward files.)
As far as I know, there is no limitation on the number of individual addresses you can forward to a single SpamCop address, so if you have (say) five different e-mail addresses, you can forward all of them to SpamCop.
This forwarding setup has worked very reliably over the years (SMTP is a pretty darn reliable protocol), and I am not aware of having lost any incoming mail to the bit-bucket, even during periods when SpamCop has suffered transient technical problems or planned downtime.
Here are a couple of issues and tips related to the forwarding process:
Originally, the Major Unnamed ISP did not forward mail properly; it sent the mail to my SpamCop address just fine, but failed to delete it from my mail queue. It was necessary for me to log in to this account periodically and delete all the mail so that I did not exceed my storage limits and thereby have my mail service suspended. More recently, the ISP has fixed this problem and now forwards the mail properly, deleting it after transfer to SpamCop. My old shell account has always forwarded and deleted the mail properly, as you would expect it to do (unless you try to put something really strange or fancy into the .forward file).
I asked both ISPs to turn off any of their own spam filtering or tagging on these accounts; the reason for this is that the ISPs frequently alter the e-mail using the results of their filtering (e.g., putting "SPAM" tags on the subject line, or sticking filtering info in the headers), and I did not want this added (or deleted) info to interfere with SpamCop's work. For large ISPs, this may require another trip to your mail account setup page; in other cases, you may be able to contact your ISP's postmaster or administrator to have this done.
Letting SpamCop pick up your mail instead (using POP3)
Many freemail providers (e.g., Yahoo) may not allow you to set up mail forwarding; or, you may not be sold on the idea of mail forwarding for some reason of your own. Fear not, you can still have your incoming mail automatically submitted to SpamCop by asking SpamCop to pick it up from your service using POP3. What makes POP3 pickup (or "POPping") of your mail different from forwarding is that SpamCop makes periodic requests to your service for any new mail, rather than relying upon the service to send the mail to them. It's as though the folks at SpamCop drive to Domino's to pick up the pizza, rather than making Domino's deliver the pizza to them.
To set up POP3 pickup of your mail, you log in to the SpamCop webmail interface∞, then go to the "Options | SpamCop tools | Configure external POP servers" page (look carefully, sometimes the location of these links may change). You can then enter the name of your ISP's mail-pickup or POP3 host (obtained from your ISP's administrators), and your username and password for the account (i.e., the info you use to log in in order to read your mail); you can also select whether you want the mail to be deleted after pickup (probably a good idea in most cases, to keep your account from plugging up with duplicated mail) and whether to use SSL (encryption) during the mail transfer (this provides some degree of privacy, but may not work with all ISPs). Be sure to press the "Modify" button to save your new settings; they will take effect immediately after you do so.
Using POP pickup may incur several minutes' time lag (since SpamCop will get the mail only when it gets around to picking it up, rather than receiving it immediately as is the case when you forward the mail). I don't use this feature, so I can't tell you much more about it.
NOTE: This will only work for you if your mail provider supports mail pickup via POP3. Many corporate mail systems (e.g., Microsoft Exchange such as my employer uses) may not support POP3 pickup from the public internet for a variety of reasons.
Getting my mail OUT OF SpamCop(more SMTP forwarding)
After SpamCop filters your incoming mail, you can retrieve the non-spam mail in any of at least three ways:
Use a mail program (Outlook Express, Thunderbird, Apple Mail, et. al.) to retrieve it directly from SpamCop's mail server (i.e., using POP).
Use SpamCop's (very nice) webmail interface∞ to read your mail (or you can use some other third-party webmail interface of your choice like mail2web.com).
Have SpamCop forward the mail automatically to some other e-mail address of your choice (i.e., using SMTP), whence you can pick it up with your mail program (or webmail service).
I use the latter technique; I have SpamCop forward the mail to a double-dog secret e-mail address that I have set up elsewhere. I then use a standard mail program (Apple Mail) to pick up the laundered messages from this secret address. I don't POP SpamCop directly, and don't use the SpamCop webmail interface very much unless I need to change SpamCop settings or have a technical problem.
NOTE WELL: You MUST NOT forward your mail FROM your SpamCop address BACK TO any of the addresses that you've already forwarded (either directly or indirectly) to your SpamCop address. If you do, you will set up a nasty mail loop, wherein each mail message may be repeatedly shuttled between your original address and your SpamCop address. In other words, if you forward mail from me@you.foo to SpamCop, you cannot then forward SpamCop's released messages back to me@you.foo for pickup. SpamCop may not be able to detect this problem for you, since it doesn't know a priori what addresses you are forwarding to it.
Help! The spammers have my secret address!
After many years of good service, my own secret drop address was compromised and began to receive spam directly (i.e., not filtered by SpamCop). This was probably inevitable, and most likely resulted from a lucky guess by a directory-harvesting spammer. It was a simple matter, however, to set up another secret address (a less-guessable one) and then have SpamCop forward to this new address instead (I did this via the SpamCop webmail interface∞, using the "Options | SpamCop tools | Select Your E-mail Forwarding" page). I have hung on to the old address as a sort of spam trap.
If this should someday happen to you, don't be very worried about it. There is nothing particularly special about your secret address, except for the fact that you happen to be forwarding mail to it from elsewhere (i.e., from SpamCop). It isn't even really a secret address unless you choose to maintain it as such (I have disabled the sending of mail from my drop address in my computer's mail program to prevent me from accidentally publicizing it). The chances are slim to none that the spammer knows you are using this address as a secret drop; he just happened to find it or guess it, and the net result is only that you've received a few more unfiltered spams. Simply change your secret address to a new one, shut down the old one (to force rejection of any further spam), and carry on.
Oh, no! The spammers are sending spam to my spamcop.net address!
Your spamcop.net address is just as susceptible to be discovered and spammed as any other e-mail address would be. There's no secret force-field that protects such addresses from spam deliveries, and they can become available to spammers via the same mechanisms by which the spammers learn of other e-mail addresses.
While many SpamCop users (including me) prefer to keep their addresses secret (i.e., they do not use them for sending mail and do not give them out for direct receipt of mail), many others do actively publish and use their spamcop.net addresses; such use does expose these addresses to harvesting by spammers.
Some spammers may even be lucky enough to capture spamcop.net addresses via directory harvest attacks.
In short, there is very little that is magical about a spamcop.net address that would make it less likely to get spammed. It seems as though it would be foolish for a spammer to deliberately send messages to people (i.e., SpamCop users) who are just going to turn right around and report them, but no doubt some spammers take a perverse sort of pride in reaching such users (and many others may simply not know nor care about whom they are contacting).
If you find that you are receiving spam sent directly to your spamcop.net address (i.e., it was not forwarded from some other address you use), you may wish to abandon your current address and change to a new one. I did this myself recently, and would offer the following advice to those also contemplating the move:
You should not be charged any extra for the change, and it should not cause an interruption or loss of service in your account.
Changing your address will change your login to the SpamCop service (i.e., the first part of your new address becomes your new user ID).
You may have to re-establish all your personalized SpamCop settings.
If you do change your address, you should make the new address as random and unguessable as you can (i.e., avoid recognizable names or words) in order to minimize the chances that it would be picked up in a directory harvest attack.
If you wish to make the change, you can contact "support at spamcop dot net." It is certainly OK to stick with your old address, even if it is getting spammed. All that will happen is that you may get a bit more spam than you otherwise would have. You can rest assured that SpamCop will catch all this extra spam and allow you to report it or delete it.
Enabling my other (unfiltered) e-mail addresses for SpamCop reporting
In addition to the addresses I've forwarded to SpamCop, I have several others that I have deliberately not forwarded.
I don't want to forward my work e-mail address, as this would get rather complicated for me to deal with (besides which, my employer has seen fit to set up some pretty effective filtering of its own).
I also have a couple of other addresses related to my websites; these are as yet lightly spammed, so I'm leaving them unfiltered for the present.
However, I have submitted all of these addresses to the Mailhosts Configuration process∞, so that I can manually report any spams I receive by pasting them into the big box on the standard SpamCop web form.
The Mailhosts Configuration process was instituted some years back when e-mail headers began to get really strange (due both to spammers' forgeries and to ISPs' spam countermeasures). The reason for using the Mailhosts Configuration process with your e-mail addresses is that it allows SpamCop to see what normal (non-spam) mail received at these addresses will look like and how it is typically routed. Using this info, SpamCop will then be able to more accurately determine the sources of spam sent to these addresses. To be sure, the Mailhosts Configuration process is not the most user-friendly feature of SpamCop, but it makes reporting spams from these addresses go much more smoothly. If you don't do this, SpamCop may refuse to deal with your spam, or may misattribute it to innocent parties (like your employer, your school, your ISP, etc.), making your reports useless (or worse).
Logging in and reporting spams
I generally check my spam queue at least once or twice a day by logging in to my SpamCop account in the usual fashion (http://mailsc.spamcop.net/∞) to use the (ahem) Very Easy Reporting interface. Invariably, there are spams waiting there, so I rack 'em up (by clicking all the boxes next to those that are really spam) and report them.
When my spam load is moderate, I like to use the VER's "Queue for reporting (and move to trash)" option so that I can get a look at each spam (sounds geeky, but I like to see what these guys get up to). For the same reason, I have enabled "Show technical details during reporting", which is accessible from the Report Handling Options of the Preferences tab on the main SpamCop page (or at http://mailsc.spamcop.net/mcgi?action=showadvanced∞ if you are logged in). (Also see the technical details page in this Wiki.)
If the spam load is heavy, or if I am pressed for time, I will instead use the VER's "Quick Reporting" option, which sends immediate reports (for mail source only) on all selected spams, and then deletes them from the queue. SpamCop will send a report to my spamcop.net address each time I do this, explaining what it did in each case.
Dangers of Quick Reporting
I should add that Quick Reporting is a bit risky, because if you just "select-all" and hit the button, you may wind up reporting a "false positive" (an honest message trapped by SpamCop and suspected as spam). Besides being unfair to the senders of those messages, this kind of thing can get you into hot water with SpamCop if you make a habit of it. You can also dilute SpamCop's effectiveness in this way, giving credence to those who think that SpamCop users are indiscriminate internet cranks and bullies. Usually, you can avoid wrongful reporting if you just examine the held-spam list and click only those messages that are obvious spam (check the subject lines and from-addresses). If necessary, you can hit the "Preview" link for any of the held items to get a closer look at the message. In all cases however, it is your responsibility as a SpamCop user to make sure you report only messages that are spam.
Check those boxes BEFORE you check them
After processing your spam message, VER will present you with a list of report recipients. Generally, the list is in two parts: first come the reports related to the IP source and relay addresses through which the spam was sent. Then, if one or more website links were found in the spam (and if SpamCop was able to trace them to a provider), you will get reports to the hosting services for these websites. You may also get "third party" reports that SpamCop digs up.
Here's a "sanitized" sample of what you might see (the links go nowhere):
Each of the lines with a checkbox represents an offer by SpamCop to send a report on your behalf. You can accept the offer in each case by checking the box (or leaving it checked), or you can decline the offer by unchecking the box. You are the boss here.
Why doesn't SpamCop just shut up and send all the reports? Because they are your reports, and the decision whether or not to send them (and the responsibility associated with sending them) is entirely yours. Despite what SpamCop offers to do, you should NEVER send any reports that you feel are misdirected or that may compromise your security. It is up to you to do your "due diligence" and decide which of these reports you want to send (in some cases, you might decide not to send any, and just hit the "cancel" button).
Probably the reports related to websites are the ones that deserve your closest scrutiny, since these are more likely to be misdirected or troublesome than the reports based on mail sources or relays:
Some spams (like 419 come-ons) are sent from webmail accounts, and these providers often put links to themselves (as advertising) at the foot of each outgoing message. These links have nothing to do with the spam, and no reports should be sent on them (don't worry, the webmail provider should show up in the source/relay IP report links, and so will get the word).
Stock spammers used to like to include links to stock information and trading sites, or the websites of the businesses whose stocks they were touting. None of these sites should be presumed to have had anything to do with the spam, and should not be reported. The same rule applies generally to any "third party" websites found in spam (i.e., websites that are not used by the spammer to lead directly or indirectly to his "sales" page).
A couple of years ago, spammers used to put a lot of extraneous links in their messages (often hiding them through HTML trickery) with the apparent intention of either tricking spam reporters into filing bogus reports, or stopping SpamCop (or other tools) from reporting the links (since SpamCop won't process more than a certain number of URLs per spam). I once received one of these spams with 83 links, of which only two were visible and intended for use by the spammer. This practice seems to have faded out for the moment, but could certainly come back someday.
Some spam website links may contain codes that identify your e-mail address. If you report these, it is likely that the spammer could determine that the report came from you. This may expose you to more spam, or to retaliation, although I have not myself knowingly encountered any such behavior.
Avoid "self-reporting"
Another problem that may come up when you use VER is that SpamCop will trace the source of your spam to your own provider, and will try to send spam reports to them, rather than to the actual source of the spam (of course, in some cases, your provider may actually be the source of the spam, but this is rarely the case with me). If you elect to send these reports, you will be committing an act known in SpamCop circles as "self-reporting," which can get you in trouble with SpamCop if you persist in the practice.
The probable causes of self-reporting are:
You did not put your e-mail address(es) through the Mailhosts Configuration process∞, so SpamCop is unable to accurately parse the headers of your mail.
You did use Mailhosts Configuration sometime in the past, but your ISP has since changed its mail handling procedures, resulting in a whole new set of SMTP-header puzzles for SpamCop. ISPs (particularly the big retail outfits) won't inform either you or SpamCop of these changes, so you may discover them only when your spams suddenly start getting incorrectly parsed by SpamCop.
In either case, what you want to do is to (re)submit your addresses to the Mailhosts Configuration process. This should stop the self-reporting problem. It may be a good idea to "prohpylactically" resubmit all your addresses occasionally (e.g., when you renew your SpamCop subscription), although this might be a bit anal for some.
Vote Report early and often!!
Reporting your spam as quickly as possible after you receive it helps make SpamCop a more effective countermeasure to spam:
It gives administrators of offending addresses quicker notice and lets them stop the abuse - if they will - before it goes on too long.
It also ensures that the SpamCop Blocking List (SCBL)∞, which is very much a time-sensitive tool, stays current with ongoing spam activity; this helps SCBL trap subsequent spam from the same addresses directed to you or to other SpamCop (or SCBL) users.
SpamCop provides a couple of "goads" to encourage you to report your spam promptly:
It calculates the average time between when it received the spam and when you reported it. This is given when you log in to your SpamCop account as the average reporting time∞. Six hours or less is rewarded with "Great!".
If your spam is no more than about one hour old, the parser will lick its lips and tell you (in red letters) "Yum! This spam is fresh!"
Note that SpamCop will refuse to process spams that have languished in your queue for more than 48 hours (as well as any spams you paste in the box that have a receipt date more than 48 hours in the past). Such elderly spam is of little use to the SCBL.
Improving SpamCop's performance by changing your filter settings
If you find that SpamCop is a bit too "leaky" for your needs, allowing too many spams to pass through undetected (which the experts call "false negatives"), you can tune your SpamCop settings by adding more spam-detection filters. You do this by logging on to the webmail interface∞, then selecting "Options | SpamCop Tools | Select Your E-mail Filtering Blacklists." You simply make whatever settings you like on this page, then press Submit to put them into immediate effect.
A word about adding filters: the idea is to make SpamCop act as much as possible like an ideal filter, holding all spam messages (and ONLY spam messages) and releasing all other mail for delivery. If you make your filtering more aggressive, you will catch more spam, but you may also cause more non-spam messages to be blocked and held as spam (which the experts call "false positives"). I find that SpamCop is generally extremely accurate out of the box (i.e. just using SCBL), and have only twiddled the filtering a couple of times over the years.
SpamCop offers three ways to beef up your filtering: using extra DNS block lists, using SpamAssassin, and (somewhat pointlessly perhaps) using personal whitelist/blacklist filtering.
DNS Block Lists (DNSBLs)
SpamCop normally distinguishes spam from normal mail by isolating the source IP address of the message, plus the addresses of any intermediate mail relays that handled the message, and looking these up in so-called DNS Zone Blacklists (also known as DNS Block Lists or DNSBLs). By default, SpamCop uses its own very effective block list, known by the catchy name of the SpamCop Blocking List (SCBL)∞.
DNSBLs are important components of corporate or ISP-level spam filtering setups, and millions of ordinary e-mail users benefit from these each day even though these users may have no idea what a DNSBL is.
OK, so what is a DNSBL?: A DNSBL is basically a host that can be queried using the exact same DNS procedures (e.g., nslookup or dig) that one would use to resolve a host name or address. However, instead of returning an actual IP address (as a normal name server would), the DNSBL instead returns a code number that tells the inquiring server whether or not the address supplied by the inquiring server should be trusted. What these code numbers are, what they mean, and how they are determined, varies from one DNSBL to another. Because most server-side mail-handling programs (like Sendmail) already have the tools for DNS lookups, it is very easy to integrate DNSBLs into their mail processing.
If you want to wear one or more belts with your suspenders (or your braces, if you're elsewhere in the English-speaking world), you can tell SpamCop to use one or more additional DNSBLs to filter your mail. Each of these DNSBLs you select gets to "vote" on each incoming message; if the message is "busted" by any of the DNSBLs, the message is held in your spam queue to await your inspection and reporting. The net result is that using multiple DNSBLs will increase the likelihood that a spam message will be blocked (it will also raise your risk of blocking a non-spam message).
Let's now look at how you can add more DNSBLs to your battery of SpamCop filters. Near the bottom of the filtering page is a list of about a dozen DNSBLs that you can select by checking the appropriate boxes (refer to the list of blocking lists and filters elsewhere on this Wiki). Each of these DNSBLs has a particular specialty. For example, several of these are designed merely to indicate whether an address is assigned to a particular country (e.g., big spam sources like South Korea, China, Argentina, or Brazil). Other DNSBLs can identify open relay mail hosts (which used to be important vectors of spam), addresses known to have been used in criminal or cracking activities, and the like. SpamCop's SCBL can identify IP addresses that have recently been used to send spam to SpamCop users or to secret "spamtrap" addresses maintained by SpamCop.
In my own case, I have added the South Korea, Chinese, Nigerian, and Argentine DNSBLs to my filtering, along with the Spamhaus Block List (SBL).
You can read about each of these DNSBLs by visiting the websites offered in the list on the filter selection page.
NOTE: If you select a DNSBL that blocks an entire country (e.g., korea.services.net), then any mail from this country will likely be blocked and treated as spam even if it isn't spam. You may not want to use such block lists if you have (or expect to have) correspondents from these parts of the world.
SpamAssassin
Another useful weapon in the SpamCop arsenal is Apache's SpamAssassin∞. Unlike DNSBLs, SpamAssassin examines all parts of the message (not just source or relay IP addresses) to look for known spam "fingerprints" from a huge list configured and maintained by SpamCop administrators. These fingerprints can come from the header or the body or the overall structure of the mail packet, and can include pretty sophisticated textual or Bayesian analysis (e.g., they can spot words and phrases commonly found in 419 swindles, male enhancement ads, etc.). Wherever any of these incriminating fingerprints are found, an arbitrary numeric score is assigned. At the end of the analysis, the total score for the message is computed; the higher the score, the more likely a message is to be spam (at least, according to SpamAssassin).
To add SpamAssassin to your filter suite, you simply check the box (above the DNSBL list) and select a limit score. The recommended default score is 5 (that is, messages that score greater than 5 will be considered spam and will be held by SpamCop). You can adjust this score upward (to trap less spam) or downward (to trap more spam) as you desire.
I added SpamAssassin filtering at the default score (5) some time back, and found that it picked up quite a few spams that otherwise would have made it past standard DNSBL filtering.
Whitelist / blacklist filtering
As a paid SpamCop user, I have occasionally found it necessary to "whitelist" some mailings that were incorrectly held as spam. These included mainly messages from ISP administrators, non-spam commercial messages, and malformed messages from non-spam mailing lists. SpamCop will (supposedly) release all messages coming from your whitelisted addresses, regardless of what the filters detect about them. Frankly, I haven't found it necessary to whitelist anyone in quite some time, so accurate is SpamCop at telling spam from non-spam. In fact, I had forgotten that I actually had a whitelist until I checked it (via the webmail interface∞, at "Options | SpamCop Tools | Manage your personal whitelist.").
SpamCop provides an option on the filter page that lets you hold (as possible spam) all mail except for messages from your whitelisted correspondents. Personally, I don't use this feature, and I wouldn't recommend it for the typical e-mail user (who would wind up having to check his spam queue very carefully for messages he wants to release), but it is there if you think it would work for you.
There is also a blacklist (available at the "Options | SpamCop Tools | Manage your personal blacklist." page) to which you can add particular addresses when you want mail from these addresses to be blocked. This will, I assume, cause all mail from these blacklisted addresses to be held by SpamCop, regardless of what the filters say about it.
NOTE: Don't confuse "blacklist" with "block list" here, they are very different animals. A "blacklist" is something you create yourself using e-mail addresses (e.g., annoyance@foo.fum), while a "block list" is run by an outside party (like SpamCop or the Spamhaus Project) and works mainly with the IP addresses (e.g., 12.34.56.78) of mail-sending hosts and other machines.
Blacklisting would be most useful when you want to block and hold non-spam mail from someone you don't want to hear from. Of course, you shouldn't report such mail through SpamCop unless it really is spam (and not just twit mail), but you can use the info that SpamCop uncovers (i.e. mail source address & contact info) in your own separate abuse reports outside of SpamCop.
Blacklisting isn't very effective against spam, since spammers use random (forged) from-addresses and tend to change them on every run, so there's no point to blacklisting the from-addresses they use.
I don't use blacklisting, and currently have no addresses in my blacklist. Again, however, the feature is there if you think you need it.
Extra work for reporting spam websites
Most spams (with some notable exceptions, like stock spam and 419 frauds) contain website links that the spammer intends for you to use to order his <sarcasm>great products</sarcasm>. These sites are reportable to their hosting providers if they are directly associated with the spam.
In theory, SpamCop will detect these links and prepare the appropriate reports for you to file if you wish. However, SpamCop doesn't always follow through on spam websites. I find that by a count of actual spams, SpamCop actually provides website report links for only a minority of the web-enabled spams I receive. There are many reasons for this (mainly technical, having to do with server loads), and there probably isn't much that SpamCop users can do at this point to change matters.
For some time now, when SpamCop fails to trace websites, I have been digging up this information and including it as User Notification Reports right along with the other (IP source) reports sent by SpamCop. I hope sometime soon to have a detailed description of how I do this, to be linked from this page. In the mean time, you can read more about this at my website at http://www.rickconner.net/spamweb/∞.
Other possibly interesting SpamCop nuggets
Here are some miscellaneous (and often obscure) features of SpamCop reporting that may be of interest.
Hiding your identity in reports (or not)
By default, SpamCop will deface your e-mail addresses (and possibly other e-mail addresses as well) in the data that are given to report recipients. This is one of the very few cases in which SpamCop departs from its strict policy of not changing or disfiguring the contents of an alleged spam message. This defacing is known as munging (from the old hackerish expression meaning "mash until no good"). Munging protects your address from retaliation or harvesting should one of the report recipients be the spammer (or, more likely, if the report recipient should turn over the report without modification to his spamming customer).
Many ISPs, however (including some very large retail providers), will refuse to accept munged reports from SpamCop, preferring (for whatever reasons) that the evidence not be touched in any way. If you attempt to file a report via SpamCop to such a provider, you'll get an alert from SpamCop asking whether you want to "un-munge" the data to be sent to this provider. If you trust the provider, you can permit this; otherwise, SpamCop won't send a report to this recipient (and will instead send it to a devnull address∞ for statistical purposes, and to keep SCBL entries alive).
If you decide that you trust everyone (!?) and don't want to be nagged about this by SpamCop, you can tell SpamCop never to munge your address by logging on to http://mailsc.spamcop.net/∞, then going to the Report Handling Options link from the Preferences tab, and checking "Leave spam copies intact" in the "Spam munging" section. You do this at your own risk.
Of course, this kind of simple e-mail address munging does not necessarily provide total protection to you. In reality, it is very easy for a spammer to "tag" his mailings with your address using serial numbers or long, funny strings; none of these taggings can reliably be detected as such by SpamCop, so munging the plain-text addresses is arguably not completely effective at hiding your identity (especially if the spammer is forwarded copies of the SpamCop by a negligent provider). However, I suppose a little protection is better than none at all, so it is prudent to allow the munging.
Sending reports to "third parties" suggested by SpamCop
Occasionally, SpamCop will offer to send copies of your reports to outside parties who are said to be "interested" in such reports. These may include small downstream providers, or users running services on a DSL or cable-modem. In other words, the outside parties are usually people who may have at least indirect responsibility for the administration of the addresses used to send spam or host spam websites, and they have indicated to SpamCop that they wish to see reports on these addresses.
Like the other reports that SpamCop generates, you can always choose to send (or not send) these simply by checking (or unchecking) the appropriate box. You do have a further option, however, of telling SpamCop to check these third-party boxes automatically, or else to leave them unchecked by default. There is some history associated with this feature (which you can read further about in the SpamCop forums∞ if you are interested):
Some time back, SpamCop began insisting on sending copies of all spam reports to a certain outside company (which I won't name here), ostensibly to allow that company to investigate (on behalf of its own clients) spam-based offers for pirated or counterfeit goods. This company didn't have anything to do with the spams, but simply wanted to collect them for its own investigative purposes.
This caused an immediate uproar among some SpamCop users, since this company apparently did not have a snowy-white reputation. You could have unchecked the box to stop these reports from going out in your name, but this wasn't satisfactory to some SpamCop users, and so SpamCop set things up so that such "third-party" reports could be disabled (unchecked) by default.
The original "third party" that started all this ruckus is no longer included in SpamCop reports (so that most of the controversy around third-party reports has dissipated), but the option to set (or unset) the checkboxes for third party reports is still available. Simply log on to http://mailsc.spamcop.net/∞, then go to the Report Handling Options link from the Preferences tab, and check "Do not send by default" (or the alternative) in the "3rd party report" section.
Just in case you are still confused by this, the question is simply whether or not you want SpamCop to check these boxes for you automatically, as opposed to leaving them unchecked. As always, you still have a choice in the matter and you can override whatever SpamCop does here by default. If you're generally not interested in sending to third parties, you should set this option to "Do not send by default," then you can later check the boxes yourself for reports you want to send.
Sending copies of reports to your own "third parties" (e.g., KnujOn)
You may wish to send copies of your reports to third parties of your own choice. For example, many SpamCop users forward copies of their reports to the KnujOn service∞, which specializes in tracking down and reporting spam websites and spam domains, and accepts submissions of spam from the general public (either anonymously, or through a paid account).
To add your own recipients, simply log in to the SpamCop website, select "Preferences" and then "Mail Handling Options." Locate the section for "Public standard report recipients" and enter the e-mail address of your third party into the field, then click on "Save Preferences" at the bottom of the page.
Note that this new address will now appear as one of the suggested recipients for your future reports, and will be checked by default. If you don't want to send a particular report to this address (e.g., you may not want to send a report to KnujOn if it doesn't involve a spam domain or website), simply uncheck the box next to the address before sending your reports.
Getting feedback from recipients of your reports (or their robot servants)
SpamCop provides "disposable" e-mail addresses that report recipients can use to contact you directly about your reports. These people can simply address a reply to this "alphabet-soup" address, and it will be (safely and securely) forwarded to your SpamCop address for you to pick up and read.
In practice, I have received no more than a handful of such direct replies over many years of reporting. In nearly all cases, these were from admins at ISPs, informing me that the spam problem was or would be taken care of (hooray!). In one instance, the reply was from the apparent spammer; he wrote to inform me that his messages were not spam, but were "public service announcements" (!).
Whether you want to do anything with such replies is up to you. If the writer is simply telling you that the problem is being resolved, you do not need to reply. If the writer is pointing out errors in the report, or requesting additional information, you can do some research and decide whether you need to change the way you make your SpamCop reports, or you can follow up with the writer in a personal reply.
If the message appears to be from the spammer (e.g., says the message isn't spam, or else asks you to "unsubscribe" yourself), it is almost certainly best ignored.
When you send reports to most ISP abuse desks (either directly or via SpamCop), you will often get "robot" replies (e.g., "...we value your message tremendously and will take action as soon as we get around to it yadda yadda..."). Since these messages are pretty much always devoid of any useful information, you probably don't want to waste time reading them. Simply log on to http://mailsc.spamcop.net/∞, then go to the Report Handling Options link from the Preferences tab, and make sure that "Forward replies from only sentient people" is checked under the "Report reply handling" section. This way, you will be spared all of the robot replies.
There are no comments on this page. [Add comment]