Jump to content
Sign in to follow this  
spiralocean

Are we making a difference

Recommended Posts

I'm wondering if SpamCop has any success stories from it's users? Are we making a difference? Do administrators who receive SpamCop's reports shut down spammer accounts? I know that a spammer just gets another account, but if administrators are ignoring the spam reports, then there really isn't any reason to send them?

My spam continues to increase and so I am wondering if submitting reports is just getting me on more spam lists. Would it be better to just be a mole, and report spam for the spamcop blacklist?

Share this post


Link to post
Share on other sites
I'm wondering if SpamCop has any success stories from it's users?  Are we making a difference?  Do administrators who receive SpamCop's reports shut down spammer accounts?  I know that a spammer just gets another account, but if administrators are ignoring the spam reports, then there really isn't any reason to send them?

My spam continues to increase and so I am wondering if submitting reports is just getting me on more spam lists.  Would it be better to just be a mole, and report spam for the spamcop blacklist?

Some admins pay attention to SC spam reports, some don't.

In either case reporting the spam will feed the SCBL which is used to keep the spams from reaching their intended victim's inboxes. I'd say that that makes a difference.

Reporting the spams will also cause some spammers to lose their hosting accounts. I'd say that turning a spamvertised link into a 404-compliant non-web page is making a difference.

Share this post


Link to post
Share on other sites

There is an option to report as a mole. Which means that you still report spam to the blacklist, but you don't send any reports to the admins.

This is my question, is reporting to the admins doing any good? No one can really know the answer to this, but it would be motivating to hear about some spammers successfully stopped. Or some admin who loves spamcop?

The other issue is that I have heard from Spamcop that some admins simply forward your report to the spammer. And it is possible for a spammer to trace your report back to you, even if it is munged. And it is possible for a spammer to then add your email address to other spammers lists and suddenly by reporting spam you have increased the amount of spam you receive.

So... is it worth getting more spam by sending reports to admins instead of sending reports to just the blacklist?

To be... or not to be...

Share this post


Link to post
Share on other sites
There is an option to report as a mole.  Which means that you still report spam to the blacklist, but you don't send any reports to the admins.

This is my question, is reporting to the admins doing any good?  No one can really know the answer to this, but it would be motivating to hear about some spammers successfully stopped.  Or some admin who loves spamcop?

The other issue is that I have heard from Spamcop that some admins simply forward your report to the spammer.  And it is possible for a spammer to trace your report back to you, even if it is munged.  And it is possible for a spammer to then add your email address to other spammers lists and suddenly by reporting spam you have increased the amount of spam you receive.

So... is it worth getting more spam by sending reports to admins instead of sending reports to just the blacklist?

To be... or not to be...

Generally speaking reporting as a mole is less effective than regular reporting. Mole reports don't get sent to the spammer's web hosts so they don't contribute to getting the spammer's web site shut down.

I know that my reports are sometimes effective because I've seen web sites shut down long before most recipients would have had a chance to respond to the spam, and other times I've seen web sites shut down before a lot of recipients would have a chance to respond to the spam. I consider this effective, but I'll admit it doesn't happen often enough.

While spammers can use spam reports to identify who is reporting them, resulting in address verification and/or retaliation, most spammers are too lazy and disorganized to go to the trouble of doing so. This is work, work that doesn't result in increased financial income and the time spent doing this is time not spent spewing their garbage. So one could argue that there is an overall benefit in this too.

Share this post


Link to post
Share on other sites
I'm wondering if SpamCop has any success stories from it's users?  Are we making a difference?  Do administrators who receive SpamCop's reports shut down spammer accounts?  I know that a spammer just gets another account, but if administrators are ignoring the spam reports, then there really isn't any reason to send them?

<snip>

...Well, I can tell you that I receive an occasional e-mail back from an admin that thanks me for the report and telling me that action will be/ has been taken. I have no way to verify that but I'm willing to believe it absent evidence to the contrary.

...Others in these fora have suggested that thanks to a SpamCop report they have been able to identify a spammer or an unsecured machine through which spam is being sent and therefore shut it down.

Share this post


Link to post
Share on other sites

Yes we make a difference -- how big? I have no idea.

Its really sad that the US federal law is so lousy and crushed the (short lived) new and beautiful California law against spam. Bu, I hope that (under the federal law) at some point reports from SpamCop users are used in court against spammers. It's nice that we are (at least sometimes) shutting down spammers at the source, but we really need to make it so spam doesn't pay.

I'd still like to see us to heading down a path such as the one suggested by Lawrence Lessig in his article September 16, 2002, A Bounty on Spammers (pdf)

at http://www.lessig.org/content/columns/ which describes his plan. He even risked his career on his convictions...

from: http://www.philly.com/mld/inquirer/news/ed...ial/5778539.htm

"... last week, U.S. Rep. Zoe Lofgren (D., Calif.) introduced a bill that, if properly implemented by the Federal Trade Commission, would actually work [to eliminate most spam]. I am so confident she is right that I've offered to resign my job if her proposal does not significantly reduce the burden of spam." -- Lawrence Lessig

Share this post


Link to post
Share on other sites

It's a "definition of terms" concern first, then answers can be contemplated.

First - what is "spam" (if you can't agree on a definition, you can't act on it).

Second - is the object to "contol" spam or "eliminate" spam (big difference).

Share this post


Link to post
Share on other sites
It's a "definition of terms" concern first, then answers can be contemplated.

First - what is "spam" (if you can't agree on a definition, you can't act on it).

Second - is the object to "contol" spam or "eliminate" spam (big difference).

While not specifically arguing your first point that there should be a specific definition, it has not stopped laws in the past re: pornograpy (I can't define it, but I know it when I see it). Personally, my definition would be any commercial message that I did not consent to receive.

To your second point, my objective is to eliminate spam.

Share this post


Link to post
Share on other sites
It's a "definition of terms" concern first, then answers can be contemplated.

First - what is "spam" (if you can't agree on a definition, you can't act on it).

Second - is the object to "contol" spam or "eliminate" spam (big difference).

While not specifically arguing your first point that there should be a specific definition, it has not stopped laws in the past re: pornograpy (I can't define it, but I know it when I see it). Personally, my definition would be any commercial message that I did not consent to receive.

To your second point, my objective is to eliminate spam.

If "spam" is "what you don't want to receive", how will the "sender"

(of non-bulk email) know that? Do you want to see "ADV" in the Subject

of all "unsolicited" email? If so, how do you enforce this outside the USA?

Will this apply to government and politial email? Or will they be exempt?

Share this post


Link to post
Share on other sites
...how will the "sender" (of non-bulk email) know that? Do you want to see "ADV" in the Subject of all "unsolicited" email?

No. I don't want unsolicited email to be sent in the first place. If I don't specifically ask to receive it, don't send it. It seems pretty simple to me. I don't know why you don't grasp this concept.

I will contact any vendors I want to deal with and provide my email address to them if I wish to be contacted via email. Do not send me "first contact" email messages or you end up on my list of "do not use these" companies. It is a policy that was in place at my place of business before I started 7 years ago. I now use the same concept for my personal business as well.

Share this post


Link to post
Share on other sites
No.  I don't want unsolicited email to be sent in the first place.  If I don't specifically ask to receive it, don't send it.  It seems pretty simple to me.  I don't know why you don't grasp this concept.

Steven ...

I "grasp the concept" quite well (discussion please, not insults).

So how do you propose the have no one send you email "unless you ask

for it" - a central registry, a crystal ball - and how is this to be enforced.

I don't want "spam", but I like "unsolicited" email from possible clients.

Most possible clients like to be advised of valuable business services.

If you want discussion (continue), if insults (I will no longer respond).

Edited by yourbuddy

Share this post


Link to post
Share on other sites
...how will the "sender" (of non-bulk email) know that? Do you want to see "ADV" in the Subject of all "unsolicited" email?

No. I don't want unsolicited email to be sent in the first place. If I don't specifically ask to receive it, don't send it. It seems pretty simple to me. I don't know why you don't grasp this concept.

Having "ADV" mandated in "unsolicited email" is the main proposal

of the FTC Regulations (endorsed by Lawrence Lessig, as noted in

zacharia's prior posting) - along with some "financial punishment".

Of course, this can't be enforced (legally) outside of the USA.

Share this post


Link to post
Share on other sites
So how do you propose the have no one send you email "unless you ask

for it" - a central registry, a crystal ball

I propose companies not to buy lists of "targeted people". I propose each company to maintain a list of people who have inquired about a specific product or concept. I propose that if I want to receive messages from a company, I will go to their web site and request those messages for specific topics. If I am purchasing something from a company on-line, I want there to be a clear checkmark to receive messages (not a checkmark which needs to be undone to not receive messages). Each company will keep their own list for each product they sell and send messages only to those people who have requested to receive information about that product.

My company has several mailing lists on our Investor Relations pages. One for news items, one for SEC filings, etc. We also have specific email addresses for customers to inquire about each of our products or our company. We are soliciting emails from possible customers with those email addresses. We are not soliciting emails to be sold something, not do we send emails to try to sell our product. We use phone calls and personal meetings for that. Our company, however, supplies to OEM's and so has a limited audience.

how is this to be enforced.

Pretty much like it is now, block lists for those who do not follow the rules. As Istated elsewhere, I don't think any law will have an effect.

I don't want "spam", but I like "unsolicited" email from possible clients.

Most possible clients like to be advised of valuable business services.

To your definition, unsolicited does not mean spam. To mine, it does.

My company has several mailing lists on our Investor Relations pages. One for news items, one for SEC filings, etc. We also have specific email addresses for customers to inquire about each of our products or our company. We are soliciting emails from possible customers with those email addresses and the web pages that they are placed on. We are not soliciting emails to be sold something, we do not send emails to try to sell our product. We use phone calls and personal meetings for that. Our company, however, supplies raw materials to OEM's and so has a limited audience.

Having "ADV" mandated in "unsolicited email" is the main proposal

of the FTC Regulations

If that is the law as passed, again, I will accept that it is not spam as defined by law, but I would not be happy about it and would work to get it changed. I will also filter out at the earliest possible location all messages which have that moniker and the sender will never know their message did not get through unless it is mandated by the law that I accept that type of message on my personal and/or company property. With a blocklist properly installed, they would know the message did not go through and they would know why.

Of course, this can't be enforced (legally) outside of the USA.

One of the reasons that laws will not work against spam.

There is a saying that I feels fits this whole situation: You can't legislate morality.

For this argument I would replace morality with etiquette or netiquette. While I don't think legitimate advertisers are immoral, I do think they are rude to assume I want something they are selling.

It is a fine line, but I think it is quite easy not to send any messages to someone who did not ask for it in the first place.

Share this post


Link to post
Share on other sites

Getting back to the OP, I made the following comment in another thread just a few minutes ago:

I, too, will knock on wood, and say that over the past few months I have received (guess) less than 2 spams a day. In the past couple of weeks that has risen to over 5/day because somehow I got on the list of the "defective spammer". But now that Spamcop reporting handles these spams, I expect the number to decline again.

I've had my Spamcop address for over two years, and I use it as my primary e-mail address. When I had an Earthlink address, it seemed to get many more spams per day. Personally, I think a lot of spammers purge Spamcop addresses from their lists.

If that's true, then Spamcop certainly is succeeding. It's being enough of a thorn in the side of spammers that they're trying to minimize their exposure to Spamcop.

Which lead me to guess that sickofthefrigginspam is forwarding (or POPing) mail to Spamcop from somewhere else.

It would be interesting to run a survey to see who uses their Spamcop address as their primary, and who is forwarding from elsewhere, and what the different spam experiences are. My hypothesis is that Spamcop addresses do not get anywhere near so much spam as non-Spamcop addresses.

Share this post


Link to post
Share on other sites

I exclusivly report all spam that is caught from the "Report Held Email" section of the website with the quick reporting and trash feature in the drop down menu. It does a 99% job of catching all spam, and the occassional gets through that I report at the website in the "Report spam" area. I never forward it, as that usually never works.

I use the spamcop.net address exclusively, and some how, they got my ISP email address, which I NEVER use.

It's getting worse & worse every day. went from 10 or so to 20, then to 50, and now I hit the all time high of over 100 from the time I went to bed, until 6pm tonight. This is beyond frustrating, as i am spending much time each week now just reporting and deleting.

There is so much spam, I am seriously considering changing both the ISP and the spamcop addresses. I would love to chop a spammer into little tiny pieces and feed him to a cat or dog. They send me the same friggin spams over & over & over.

Any suggestions?

Share this post


Link to post
Share on other sites

Yes, here are my suggestions ...

Use Spamhaus sbl and xbl at server level (if you can do that), and

use POPFile at the PC level. That's what we do, and it works great.

SpamCop would (obviously) be a popular suggestion here.

Reporting spam will (if successful) close down an IP address for a

while (hurt innocent users of the ISP), and the spammer moves on.

Statistics indicate spam is increasing (not decreasing).

Share this post


Link to post
Share on other sites
I exclusivly report all spam that is caught from the "Report Held Email" section of the website with the quick reporting and trash feature in the drop down menu.

<snip>

I use the spamcop.net address exclusively, and some how, they got my ISP email address, which I NEVER use.

<snip>

There is so much spam, I am seriously considering changing both the ISP and the spamcop addresses.

<snip>

Any suggestions?

Yep. Even though you said you "use the spamcop.net address exclusively", it sounds like most of your spam is coming from your ISP address.

So get rid of it and keep the Spamcop address. Why change it? Within a few months, you'll be back on the spammer lists, anyway. But I'm convinced you will be on far fewer with a Spamcop address.

Share this post


Link to post
Share on other sites
I exclusivly report all spam that is caught from the "Report Held Email" section of the website with the quick reporting and trash feature in the drop down menu.

<snip>

I use the spamcop.net address exclusively, and some how, they got my ISP email address, which I NEVER use.

<snip>

There is so much spam, I am seriously considering changing both the ISP and the spamcop addresses.

<snip>

Any suggestions?

Yep. Even though you said you "use the spamcop.net address exclusively", it sounds like most of your spam is coming from your ISP address.

So get rid of it and keep the Spamcop address. Why change it? Within a few months, you'll be back on the spammer lists, anyway. But I'm convinced you will be on far fewer with a Spamcop address.

Perhaps ... but you may/will also be missing legitimate email.

Share this post


Link to post
Share on other sites
Perhaps ... but you may/will also be missing legitimate email.

Uh, what legitimate email will we be missing? (Serious question)

Share this post


Link to post
Share on other sites
Uh, what legitimate email will we be missing? (Serious question)

None? :rolleyes:

The legitimate email that will be missing, will be from clients of ISP's

that have had the ISP IP address blacklisted by SpamCop. Just one spammer

(using the ISP server or a compromised PC that has an account with that ISP)

can get the whole ISP blacklisted. Go to Spamhaus.org and see all the major

ISP's listed (many of them having compromised by "known spam gangs).

SpamCop is more "aggressive" and "error prone" than Spamhaus.

Edited by yourbuddy

Share this post


Link to post
Share on other sites

Here is "the word" from the SpamCop website:

SpamCop Blocklist Details & Description

This blocking list is somewhat experimental. This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered. Many end-users and administrators have decided that risking the loss of legitimate email is worth the benefit of blocking most spam. As a result, this list is now used widely and it's reputation for blocking spam while reducing the risk of erronious blocking is growing.

However, it should be noted that SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations.

The description of the algorithm used for deciding whether to block a host may be out of date, and is subject to change without notice.

There is no warranty associated with using this system. It is provided as is.

Share this post


Link to post
Share on other sites

yourbuddy:

One part you did not highlight:

Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations.

The discussion here is about using the spamcop.net address exclusively as opposed to your ISP's address. Tag only is basically what the spamcop email system does. It tags spam and redirects it to a special folder for the user to investigate. The only reason for a person using the spamcop email system to lose legitimate messages is that they don't check their Held spam folder, same as if it were filtered on their local machine.

If you use forwarding to another account you can also enable tag only as an option and the held mail folder is not used.

Please do not let your bias against the DNSBL interfere with how other people use the email system which is setup to use the bl correctly so that messages are not lost.

Share this post


Link to post
Share on other sites
Tag only is basically what the spamcop email system does.  It tags spam and redirects it to a special folder for the user to investigate.

Precisely my point. Although I would guess that less than 1% of what ends up in my held-mail (spam) folder is legitimate.

So I never miss legitimate e-mails.

Share this post


Link to post
Share on other sites

Hi Steven ...

There is no "bias" on my part, just facts as they are at the time.

If ISP's used "tag only" that would be much better, but a lot do not (as you know).

If SpamCop uses "tag only" for their accounts, then they follow their own advice.

There are two conversations - "regular ISP email" and "SpamCop accounts".

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×