Jump to content
Sign in to follow this  
TomBeckman

[Resolved] Impact of SpamCop blacklisting

Recommended Posts

Our company uses a well-known email broadcast company. We are on a mail server shared by many customers which is frequently blacklisted by SpamCop due to spamming activity by some of these other customers. I track the blacklistings with mxtoobox.com

We're talking to the email broadcast company about putting us on one of their servers with better-behaved customers, or giving us our own IP address, which they want to charge a lot for.

I'd like to get input on the impact of a mail server being blacklisted by SpamCop. I know that SoamCop is a significant blacklist owned by IronPort/Cisco that's used by a lot of ISP's, security appliances, and antispyware programs that do spam filtering.

Any ideas on the percentage on emails that get blocked when a SpamCop blacklisting is active?

Thanks.

Tom

Share this post


Link to post
Share on other sites
<snip>

Any ideas on the percentage on emails that get blocked when a SpamCop blacklisting is active?

<snip>

Hi, Tom,

...My guess would be that there is no way to determine this but perhaps someone else here can come up with a solution, or at least something that can provide a good guess.

Share this post


Link to post
Share on other sites

Our company uses a well-known email broadcast company. We are on a mail server shared by many customers which is frequently blacklisted by SpamCop due to spamming activity by some of these other customers. I track the blacklistings with mxtoobox.com

We're talking to the email broadcast company about putting us on one of their servers with better-behaved customers, or giving us our own IP address, which they want to charge a lot for.

I'd like to get input on the impact of a mail server being blacklisted by SpamCop. I know that SoamCop is a significant blacklist owned by IronPort/Cisco that's used by a lot of ISP's, security appliances, and antispyware programs that do spam filtering.

Any ideas on the percentage on emails that get blocked when a SpamCop blacklisting is active?

Thanks.

Tom

Very hard to get on the SCBL.

Why get on it?

The best practice to keep off it is learn about "Double Opt-in"

If you are getting listed on the SCBL it's a warning for you getting on other blocklists. Major email providers don't display their list, once on Hotmails forget about getting off it.

Most companies servers filter spam and use a scoring method. SpamAssasin for instance looks at the SCBL and adds it to it's spam score if listed.

Share this post


Link to post
Share on other sites

"petzl" All vary interesting information but only tangentially addresses the OP question. I'm sure he would love to get those who share the IP with his company to adhere to "best practice" not sure he has much control over that though.

Share this post


Link to post
Share on other sites

"petzl" All vary interesting information but only tangentially addresses the OP question. I'm sure he would love to get those who share the IP with his company to adhere to "best practice" not sure he has much control over that though.

Fair enough

Getting listed because of others using a shared IP consideration would be to switch to Gmail to handle Email

Plenty of advice on how to do it even for free if a small company

Share this post


Link to post
Share on other sites
...

Any ideas on the percentage on emails that get blocked when a SpamCop blacklisting is active?

Hi Tom,

I doubt if anyone knows how much spam there is, far less how much of it (and of legitimate messages) is blocked by whatever means. Between outward and inward filtering (with and without non-delivery notification) and greylisting, most of it is invisible to the endpoint user/consumer though it surely constitutes the greater part of all messaging - and I'm thinking even networks would have only a hazy idea concerning even their own (larger) networks. SenderBase/IronPort makes a brave try to look at most of the internet - http://www.senderbase.org/home/detail_spam_volume and SpamCop records part/as much as is feasible of its activity-based observations, starting at http://www.spamcop.net/w3m?action=map (and "drill down" from there, ultimately to individual IP addresses via SenderBase).

Different BLs do different things - the SCbl acts as a timely warning when spam activity from an IP address is seen (reports to abuse addresses) and lists that IP address in the SCbl when that activity becomes "significant" - and ceases listing soon after it stops (http://www.spamcop.net/fom-serve/cache/297.html). Most mail/network admins will use a variety of DNSBLs all together - or their own "proprietary" ones, if they're big enough - to walk the tightrope in keeping (most) UCE/scams/broadcast nuisances/exploits out and allowing (most) legitimate messages through, most of the time. Of course, logically speaking, they can never get that completely right. Which is why many DNSBLs (including SC) recommend their usage as "marking" suspected spam for diverting and reviewing rather than blocking and deleting it unseen. The sheer volume (and cost) is why many/most admins ignore that sage advice.

Some discussion of multiple DNSBL use and some analysis of blocking rates (mostly from limited/localised endpoints) might illustrate that previous paragraph:

http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists

http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html

http://www.intra2net.com/en/support/antispam/

http://dnsbl.inps.de/analyse.cgi?lang=en

Not a lot of help I'm afraid, but all I've got, offhand.

Steve S

Share this post


Link to post
Share on other sites

Due to the extreme variability of any given collection of email recipients, it's impossible to give a very specific guess as to how your email broadcast deliverability would be affected by sending from a system that's *only* listed on the SCBL (as opposed to being on multiple blacklists), but I do have a lot of experience with this, given that for the last year, many of the servers used by Constant Contact to broadcast email campaigns have been repeatedly listed, mostly due to "spamtrap hits." I help several organizations (all nonprofit) administer email broadcasting via Constant Contact (at least four accounts at present) and when one of our broadcasts happens to go out from a currently-listed IP, we know that the ESPs of a number of our recipients will outright block the messages, but typically less than 2%.

What we can't know, however, is how many other recipients might never see the messages due to filtering methods *other* than outright blocking during the delivery attempt. Messages might wind up in junk folders, and most people never bother to look there. At my nonprofits, we'd really prefer not to have *any* of our messages blocked or filtered, so I've been working behind the scenes with Constant Contact on this issue for a long time, and they've managed to improve the situation a little, but as I write this, the following two CC servers are on the SCBL:

ccm180.constantcontact.com

ccm183.constantcontact.com

which means that the deliverability of any broadcasts currently being handled by those servers are being negatively affected. My unscientific guess is that assuming a fairly diverse makeup of a given recipient population, less than 5% won't see your messages when they're being sent from a server that's *only* on the SCBL. Oddly enough, in the case of Constant Contact, their servers never seem to appear on ANY other BLs--just SpamCop's, which I find very curious indeed, and that (and other experiences over the years) has raised my skepticism about the "purity" of the spamtrap addresses. I also see a LOT of what is obviously false reporting when I look up the blocked CC servers, in which many SpamCop reporters obviously report their entire junk folders, including stuff that they've subscribed to (someone will likely come along and argue these points--that's fine...they're welcome to their opinions).

I looked at some of the info at the links provided by Steve, and at the one at SDSC.edu, when looking at the most recent of the periodic reports of BL lookups on the IPs:

http://www.sdsc.edu/~jeff/spam/2012/bc-20121103.html

you'll see that the SCBL ranks WAY behind a lot of the other BLs statistically. In my experience, a lot of systems have stopped trusting SCBL hits in their filtering systems over the years. YMMV.

DT

Share this post


Link to post
Share on other sites

Thanks for all of the input. I had the talk with our email marketing company and presented all of the data that I collected about their mail servers. They're said that going to police spammers more effectively, and they know that I'm watching.

I did ask about the impact of blacklisting. They said that a SpamHaus blacklisting has the biggest impact. Deliverability can drop from 95% to 35%. A SpamCop blacklisting can reduce deliverability from 95% to 75%.

This morning I remembered another resource I used a while ago: http://www.senderscore.org which provides free mail server reputation statistics which give a good basic overview. They also have a more advanced paid service, but the free information give a lot of deliverability information.

According to senderbase.org, some of the vendor's servers have a very good reputation, and are running campaign from very large organizations. Some servers have a very low reputation. Apparently those servers are for customers with "issues."

By reading the comments here, collecting data from mxtoolbox.com blacklist monitors I set up, spamcop.net statistics, senderbase.org's list of the vendor's servers and senderscore.org's reputation scores, I had the information needed to get their attention.

Thanks for everybody's input.

Tom

Share this post


Link to post
Share on other sites

...Thanks for taking the time to drop by with the good news, Tom! Marking this "topic" as "Resolved."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×