singlehop.com

[stetro]

But not all BLs are evaded - and yes, continued reporting for the SCbl is NOT ineffectual, it feeds the statistics and the statistics are the objective measure of the "spam to ham" ratio otherwise they might appear always as white as the driven snow. Same goes for reports to uce.gov - most unlikely to have specific, immediate effect but feed a growing body of evidence which might be used to good effect, sometime. The alternative - "All that is necessary for the triumph of evil is that good men do nothing," and all of that.

http://multirbl.valli.org/dnsbl-lookup/ is a useful place to check the BL status for multiple listings on public DNSBLs.

I'm disagree with you, I've been reporting those spammers since a month, and nothing happens, 3 or 4 emails daily, I guess because they are using a whole segment and running their own hosting company, they work around the complains. And also, I've seen spamcop only reporting to ISP, not taking actions....

:s I have to block those spammers ip range segments.

[petzl]

I'm disagree with you, I've been reporting those spammers since a month, and nothing happens, 3 or 4 emails daily, I guess because they are using a whole segment and running their own hosting company, they work around the complains. And also, I've seen spamcop only reporting to ISP, not taking actions....

:s I have to block those spammers ip range segments.

Organise a "your side friendly/support attack group" and use social media smart arse companies hate being exposed trousers down

[Farelf]

I'm disagree with you, I've been reporting those spammers since a month, and nothing happens, 3 or 4 emails daily, I guess because they are using a whole segment and running their own hosting company, they work around the complains. And also, I've seen spamcop only reporting to ISP, not taking actions....

Are you sure you understand how SpamCop works? SC does not "take actions" except to send advisories with data to ISPs who haven't declined them and who haven't been shown to abuse the process AND to enter IPs into the SCbl when the tipping point is reached, which relies on the statistic/up-tick registered when reporters submit spam against the IP address (and the count is time-limited and reducingly-weighted). IP addresses, once listed, remain so for a maximum of 24 hours after reports cease. No submissions or insufficient submissions, NO SCbl result.

As you say, maybe "your" spammers "snowshoe" through IP ranges to avoid accruing sufficient hits to be listed (somehow avoiding spamtraps as they do so) - or maybe others are simply blocking spam without reporting it (as you seem to be saying you are doing for the persistent IP addresses/ranges). It takes reports from multiple reporters within a limited time-span to make the tipping point for SCbl listing, which is only as long-lived as is the abuse of the particular IP address. SpamCop reporting is not primarily about shutting down all spammers. It takes multiple and different anti-spam approaches, techniques and organizations to achieve that - and spammers "evolve" their techniques to meet the challenge or limit the damage.

Sadly none of all that effort has yet been successful, we still get spammed. But there's no imagining what the result would be if nobody did anything to keep them in check. With more and more ESPs and individuals blocking and silently dropping spam without delivery, spammers may push their volumes to new heights to compensate. Or they may become more selective/targeted. They will never stop while there's usable bandwidth to be had by whatever means. SpamCop does its (fairly-well unique) bit in the scheme of things, it is a co-operative, relying in part on reporters to report. It is at its least effective against distributed spam sources (snowshoeing, botnet senders, etc.) but it is only totally ineffectual if nobody reports. Which has the same effect as the perfect snowshoe job.

It doesn't matter - just report what you are able/comfortable with reporting and that's all any of us can do. But no, unfortunately, that seldom stops any spammer in his tracks or, if it does, there are always others to take his place. As petzl suggests there are other, more direct, actions you might take instead of waiting for some other agency (or old age) to deal with those using singlehop.net and there are other blocklists (with totally different listing criteria) you might support. Spamhaus CSS is one of the few that actually attempts to address showshoeing.

We all, to some extent, fight on multiple fronts these days - including battling our own ESPs, some of whom seem to believe that sweeping it under the carpet (unilateral blocking on goodness knows what basis) somehow makes it all better. But that's another movie.

[ccage]

An interesting caveat to SingleHop is that I was watching my Juniper firewall's most recent threats. These threats are supposed to be coming from my users going out to websites that we have blocked so the IP's should all be our internal IP's. When an oddball IP popped up I looked it up (69.175.124.40) and it belongs to SingleHop. It appears that they commandeered one of our machines to broadcast to 23.4.52.231 which is another problem called Akamai Technologies. Point here is to watch your firewall traffic, not just your email. I created a blacklist to drop all packets from them, either way. I used to have to have complaints daily about the speed of our Internet, even though we have a t1. Since adding the IP's that have been causing these problems, my complaints have stopped.