Possible procedure to ease ISP handling of Spamcop reports

[AlphaCentauri]

I notice that some of the worst sources of spam, like the free hosting products from Microsoft and Google, don't accept Spamcop reports.

That ticks me off, obviously. It would be one thing if they were doing a such a stellar job of removing abusive accounts that the spammers stopped registering new ones. But their response is more than slow enough to allow the spammers to get all the traffic they're likely to get from a spam run.

On the other hand, since Spamcop sends one report for each spam report it receives, and since there are likely to be multiple problem user accounts active at any one time, each receiving a barrage of Spamcop reports, I can see the abuse staff might find it too much trouble to sort through to find the unique ones.

Assuming Spamcop can get the ISP's that currently refuse Spamcop reports to negotiate at all, what if there were two private reporting addresses for an ISP to receive Spamcop reports, in a three step process:

1. New reports.

When Spamcop receives spam from a source of spam or advertising a URL, they are sent to private address #1.

2. In progress.

After the ISP responds to Spamcop's first reports to acknowledge receipt and say the problem is being addressed, all subsequent Spamcop reports go to private address #2. Any subsequent reports to address #1 are going to be new issues and easy for the ISP to recognize.

3. Resolved.

-In the case of a source of spam, this should mean no further spam is being sent from that IP. Spamcop would continue to do as it does now and notify the spam reporter that the ISP has indicated that the spam will cease. Any spam sent after the issue is supposedly resolved goes back to address #1.

-In the case of a spamvertised URL, the ISP would post a parked page at that URL that is constant for all Spamcop shutdowns. It might have information for the visitors clicking through, telling them about the type of risk they were taking, linking to sites like the Spamwiki with information about scams and how they operate, but it would be a fixed source code. Spamcop checks, finds that precise page at the URL, then stops reporting the spamvertised URL, even if spammer continue to mail for it.

The main catch would be if/when the domain registrars shut down the whole domain. (That's obviously the ultimate goal to prevent the spammer from just moving his domain and all its traffic to a new ISP.) If the registrars set a domain to clientHold, fine, Spamcop can confirm that. But if they leave a domain alive but assume control over it themselves and post their own parked page (many benefit from pay per click ads on those pages), the ISP doesn't have any say in that. There would need to be an alternate procedure to confirm the URL is no longer hosted by that ISP.

That problem wouldn't apply to Google and Microsoft of course.

[Miss Betsy]

I think that some ISPs have already negotiated such an agreement to send to a particular mailbox just for spamcop reports. As you said, if the ISP doesn't care, then there is not much that can be done.

For the spamvertised URLs, since that is not a spamcop priority, I think it might be better to try to get someone else interested in posting an informational page when a domain is shut down or even parked - there could be a link on that page to information. Education is the key and you might be able to persuade someone to do that - either a white hat registrar or a legitimate advertiser.

Miss Betsy