Jump to content
Sign in to follow this  
ohmniscient

Spamcop bugs

Recommended Posts

Hi fellows,

Your system is really great! However, I've been testing it for about a month and I got the following bugs that may be useful to correct.

1. Sometimes, spamcop analysis tells that the spammer IP is a forgery, and determines the real spammer IP as the ip of my e-mail server (a relay), because my job e-mail redirects to my personal e-mail. Therefore, I need to edit the headers to have the job done.

Why doesn't the system ask us if the IP is from an e-mail redirector or which is the real ip? I also would like to have an option to save the ip from my e-mail server redirector to avoid have it being considered the spammer IP. I know that I don't need to report my e-mail server, but I lose the opportunity to report the original spammer IP.

2. Many spams show several URLs redirections, example:

#http://fa21.derryclinic.ru/?yzyyli=295869680b36b32]http://fa21.derryclinic.ru/?yzyyli=295869680b36b32

#http://503f.derryclinic.ru/?ufojyo=c20290d790d6d]http://503f.derryclinic.ru/?ufojyo=c20290d790d6d

#http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc]http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc

#http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7]http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7

#http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa]http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa

#http://82.derryclinic.ru/?rimodyy=543a8d568e91992]http://82.derryclinic.ru/?rimodyy=543a8d568e91992

#http://06.derryclinic.ru/?afyug=0ef43e9749169]http://06.derryclinic.ru/?afyug=0ef43e974916

#http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180]http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180

The problem is: spamcop cannot analyze either one, because it tells: "too many links!". This doesn't make sense, because if I leave only 5 URLs, the system analyze them and report them. So why, don't you analyze the first five (or more) URLs? In this example, as in many other cases, the URLs have the same IP! So, 1 URL being analyzed would be better than nothing.

Thanks in advance,

Ohm

Edited by ohmniscient

Share this post


Link to post
Share on other sites
spamcop analysis tells that the spammer IP is a forgery, and determines the real spammer IP as the ip of my e-mail server (a relay), because my job e-mail redirects to my personal e-mail.
It sounds like you need to register your email providers with our Mailhosts system.

You can do that by running our Mailhost configuration utility so that SpamCop can create a list of the services that handle your email so that our system will know what servers to trust when you report your spam. You'll need to configure a host for *all* the providers you receive mail through.

That would include any webmail hosts, such as Yahoo, HotMail, or gMail, and forwarding services like Bigfoot or Sneakemail, and any other services that provide you an email address, such as alumni associations or professional associations.

You can accomplish that by logging into your SpamCop account at http://www.spamcop.net and using the Mailhosts tab to tell SpamCop about *all* of your service providers, forwarding services, and webmail hosts.

You only need to register one email address for each network/host/service that provides you an email address. SpamCop doesn't care about email addresses or domains. It only wants to know about the hosts/services that supply you with email services.

Registering your email providers is pretty much the same as reporting spam, except that you return our test emails to a different address, or copy/paste them into a different form. The instructions are contained in every test email we send.

The Mailhost system is an effective defense against reporting errors because when SpamCop knows about all of your email providers, it can more accurately pinpoint the true source of the spam. Registering your hosts completely changes the way SpamCop looks at your spam.

- Don D'Minion - SpamCop Admin - service[at]admin.spamcop.net

.

Share this post


Link to post
Share on other sites

Hi, ohm, welcome!

<snip>

Hi fellows,

Your system is really great!

...Yes, most of us fellow users agree! In case you (or others reading your kind message) were thinking that this Forum is frequented by SpamCop staff, though, I just need to emphasize that it is actually populated mostly by fellow users such as yourself and others with a general interest in fighting spam. Only Don, who replied above, and one or two other rare participants who have the "spamcop.net" "badge" over the text "Group: SpamCop Staff" are actually SpamCop staff.
<snip>

2. Many spams show several URLs redirections, example:

<snip>

The problem is: spamcop cannot analyze either one, because it tells: "too many links!". This doesn't make sense

<snip>

...That would be true if catching such URLs were considered by the SpamCop developers and management to be an important function for it to perform but that actually isn't the case. See SpamCop FAQ (link near top left of pretty much every SpamCop Forum page) entry labeled "SpamCop reporting of spamvertized sites - some philosophy." For tools whose main function is reporting such links, I'd recommend that you search (there are two search tools near the top of pretty much every SpamCop Forum page, one using Google and one built-in to the Forum software) for "Complainterator" and "Knujon."
<snip>

I need to edit the headers to have the job done.

<snip>

if I leave only 5 URLs, the system analyze them and report them.

<snip>

...If you do that, be sure you do not report them using SpamCop!!! See one or both SpamCop Forum entries labeled "Material changes to spam" and "Material changes to spam - Updated!" and also "What if I break the rule(s)?"

Share this post


Link to post
Share on other sites

OK, Don answered #1, Steve got to #2 before I finished up my research. Although I commend you on building the list of sites and data on the anti-malware, anti-phishing, etc. reporting/analysis sites .... I have a hard time working with the 'Group' designation as compared to a single-member / zero-Post Forum hosted on a 'free' web-site host. If you are looking for help, supporters, etc., there are much better ways than trying to do this by sneaking in what is seen as Signature-spam/Search-engine stuffing on your very first Post here. Signature data removed at this point.

I never did see how this ties into a SpamCop E-mail System or Account issue. Moving this Topic over to the Reporting Help Forum section.

Share this post


Link to post
Share on other sites

On your second point, to expand on Steve's points regarding the infamous "too many links". The parser usually gives up at a certain number of URLs and your suggestion that it self-limit to the first five (or some number) is sensible and you might like to make that a requested change in New Feature Request however, note:

  • the parser has been progressively improved over the years in terms of its ability to resolve links and in terms of the number it will handle and what you now see is probably as far as it is going to go because
    • SpamCop's primary objective is the e-mail source of the sender
    • there are simply too many variables and tricks and issues to stay in front of the spammers as a secondary objective using an automated system - see SpamCop reporting of spamvertized URLs, Viewpoint(s)

    [*]there is no evidence SC developers are actually influenced by items in New Feature Requests

    [*]there are more specialized tools to deal with spamsites - such as Complainterator for Windows, Complainterator for Linx and KnujOn (EXTERNAL link)

    [*]nevertheless you can use the SC parser to find reporting (of hosts) for Manual Reports

    • just paste the URL (alone) into the submission webform (member's page) to get a result like http://www.spamcop.net/sc?track=319.derryclinic.ru - a (North) Vietnamese host
    • please be careful with spambodies - don't open the spam, use your browser's "View source" or equivalent

Share this post


Link to post
Share on other sites
OK, Don answered #1, Steve got to #2 before I finished up my research. Although I commend you on building the list of sites and data on the anti-malware, anti-phishing, etc. reporting/analysis sites .... I have a hard time working with the 'Group' designation as compared to a single-member / zero-Post Forum hosted on a 'free' web-site host. If you are looking for help, supporters, etc., there are much better ways than trying to do this by sneaking in what is seen as Signature-spam/Search-engine stuffing on your very first Post here. Signature data removed at this point.

Wow... You're probably in a bad day. I've never seen such attack for a such a veteran in forums. Violating the ethics completely, exposing for everybody what is definitely not related to the post. If you didn't like my signature, you could remove it and call me in a private message. Why not to be polite?

1. My questions were very meaningful, this is why it has nothing to do with "sneaking".

2. I'm a med-student, internet is a hobby, I'm not going to have a hard time with forums, never. What I do is to help people. I don't intend to be one of you, neither to have a spamcop system or something like that...

Anyway, see my contribution in the anti-malwarebytes forum:

http://forums.malwarebytes.org/index.php?showforum=51

or in the malwaredomainlist forum:

http://www.malwaredomainlist.com/forums/index.php?board=16.0

This tells a little bit about my experience regarding politeness in forums

3. I'm very happy that I got very good responses from the other guys. I'm gonna follow your instructions!

thank you!

Share this post


Link to post
Share on other sites
Wow... You're probably in a bad day. I've never seen such attack for a such a veteran in forums. Violating the ethics completely, exposing for everybody what is definitely not related to the post. If you didn't like my signature, you could remove it and call me in a private message. Why not to be polite?

Not defending the Forum Owner/Admin here. (I know that he's thick skinned. I believe that he's seen it all before. He can take care of himself and doesn't need my help ;) )

OP, Wazoo was in a GREAT mood yesterday, and then you showed up!

My own view of the available evidence is that OP got busted big time and doesn't like it much.

There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it.

"just my two (worthless) spam bytes"

---

Marty

SpamCop user for many years

Edited by Marty

Share this post


Link to post
Share on other sites
Not defending the Forum Owner/Admin here. (I know that he's thick skinned. I believe that he's seen it all before. He can take care of himself and doesn't need my help ;) )

<snip>

...Nevertheless, I think your contribution to be helpful, as it shows that not everyone thinks his posts merit condemnation. :) <g>
<snip>

There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it.

<snip>

...There are probably several; the most recent one being Errors Encountered linear posts 4-8, 10-20.

Share this post


Link to post
Share on other sites
There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it.

Here's my guess as to the Post in question;

SpamCop Discussion > Discussions & Observations > Going to make your first post here?

Alleged, Implied, Perceived Rude Responses ..????

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×