Jump to content

Won't use spamcop much longer


pwellens

Recommended Posts

Over the last few months, Spamcop has started blocking IP addresses too aggressively. As an example Australia's Largest ISP (I am in Australia) has had most of its emails servers blocked by Spamcop (bigpond.com),

144.135.24.*, 144.135.25.*, 144.140.70.* 144.140.71.*

Yes they have an awful lot of mail servers.

These mail servers also host mailservers for many Australian Businesses.

As a result approx 1 in 20 legitimate emails from Australian Companies are blocked by Spamcop.

Upon checking other Major ISP's in Australia most had been blocked for some period of time. Today I noticed one of Australias largest IT Companies Express Data has been blocked. 148.182.200.69

Spamcop was the most comprehensive blocklist I have ever used. But with an ever increasing amount of false positives I will have no choice but to stop using this once great blocklist.

The blocklist unfortunately appears to disadvantage mail servers at ISP's or large companies that do send out a lot of legitimate email that people are marking as spam. I have enabled whitelists for all the Major ISP's to help this problem.

But I am adding 10 Australian mail servers a day that are blocked by Spamcop that are legitimate and wrongly identified. The value of Spamcop as a blocklist is fast becoming nil. Please review your listing techniques as you have now become way too aggressive and your reputation is suffering badly.

Link to comment
Share on other sites

ever increasing amount of false positives I will have no choice but to stop using this once great blocklist.

Can you offer up the evidence of "false positives" ...???

The blocklist unfortunately appears to disadvantage mail servers at ISP's or large companies that do send out a lot of legitimate email that people are marking as spam

Actually, this makes little sense ... as a "large" server that sends out "a lot of legitimate e-mail" .. it's more difficult to get one of these servers listed, based on the mathmatical model that (last I recall) needed to get to a 2% tipping point (amongst the other specific items in that formula)

And you remarks just beg the question .. if these e-mails are legitimate, why are people deciding that it's spam?

Link to comment
Share on other sites

Spamcop itself has not changed its aggressivity level. If what you say is true that people mis-report legitimate mail as spam you better come up with some evidence to back up that assertion.

We have all heard this rethoric before. I see a lot of spam comming from large ISPs in US, like AT and T, Verizon and Comcast. As I see the evidence and reports it is really the large ISPs that are the problem and that not deal effectively with their spamflow. I suspect the same may be the case in Australia.

PS. Seems Wazoo was reading my mind when I was typing this...

Link to comment
Share on other sites

...In addition to the very good answers, above, I'll add that you are mistaken in your assertion that mail servers

are blocked by Spamcop.
Only e-mail providers can block e-mail and many have chosen to use SpamCop's blocklist to do this. That is their absolute right as they own the resources that are used to deliver e-mail to their customers. If you have an issue with overagressive use of a blocklist, IMHO you are complaining to the wrong people.
Link to comment
Share on other sites

You are correct, SpamCop reporters are way too aggresive, but that's just

the nature of a SpamCop reporter - and you sure won't get them to change.

Get the ISP that is using the SpamCop DNSbl to stop using it, and encourage

others to have their ISP stop using it. SpamCop DNSbl is a serious problem.

Link to comment
Share on other sites

You are correct, SpamCop reporters are way too aggresive, but that's just

the nature of a SpamCop reporter - and you sure won't get them to change.

Get the ISP that is using the SpamCop DNSbl to stop using it, and encourage

others to have their ISP stop using it. SpamCop DNSbl is a serious problem.

...A couple of modest propopsed corrections to yourbuddy's otherwise helpful and useful post:

  • Change all instances of "using" to "using the SpamCop BL to block e-mail and instead use it to direct e-mail to a 'held' or 'check to see if this is spam' folder."
  • Last sentence: change "is a serious problem" to "in some (probably fairly rare) cases, could result in failure to receive valid e-mail."

Note, though, that it is ultimately the call of the e-mail providers what e-mail to accept and what to refuse, since they own the resource.

...Another point I'll add: if you or anyone else has or knows about evidence that a SpamCop reporter has reported non-spam, please provide that evidence via e-mail to deputies <at> spamcop.net. As I understand it, abusing reporters will be warned and repeated abusing reporters will be fined and/ or removed.

Link to comment
Share on other sites

I guess my proof is go to Senderbase and check out the blocks.

http://www.senderbase.org/search?searchString=bigpond.com

...Afraid I don't see how this information supports an assertion that SpamCop.net's BL identifies false positives. Can you tell me where it shows that?

Yes I agree Bigpond should be doing more. But they are the AT&T of Australia.

and control 60% of all Internet traffic into and out of Australia.

...When I receive a spam, I don't care whether it came from a large or small provider, from Australia or the U.S. All I know is that my time has been wasted and every internet user has suffered because of stolen bandwidth. So I report it. If enough others do the same, the IP address through which it came gets added to the blocklist. Hopefully, you and the thousands of other legitimate users of that offending service provider put pressure on the provider to stop the spew and/ or stop using that provider.

Link to comment
Share on other sites

Hopefully, you and the thousands of other legitimate users of that offending service provider put pressure on the provider to stop the spew and/ or stop using that provider.

It would be nice if the cause and effect relationship would always flow in such a smooth linear fation...Unfortunately, people like buddy and their buddies often go against the natural flow...

Not that chriticism has not its place and can be often constructive...

But I digress, the bottom line is that internet is still in its infancy if you compare it with other means of communication. It is people that participate in its changes rather than those that chose to be passive users who will most likely shape the direction in which it will evolve ...

Link to comment
Share on other sites

It is me that is using spamcop as a block list for my mail servers.

I am trying to be constructive in saying that I cannot use a block list that identifies so many valid mail servers as spammers.

This is a real pity as up until the last few months Spamcop was the best blocklist that I had found.

It would appear in the last 2 months Radio Stations, Newspapers, Govt Departments, Top 100 Australian Companies have all been blocked and any of the tens of thousands of Companies having their Mail Hosted by Bigpond are being blacklisted by Spamcop. I do not know the exact reasons why.

All I know is that it is happenning and if it continues the value of using spamcop as a blocklist is greatly diminished.

This would in my view be a great tragedy.

Link to comment
Share on other sites

It is me that is using spamcop as a block list for my mail servers.

I am trying to be constructive in saying that I cannot use a block list that identifies so many valid mail servers as spammers.

This is a real pity as up until the last few months Spamcop was the best blocklist that I had found.

It would appear in the last 2 months Radio Stations, Newspapers, Govt Departments, Top 100 Australian Companies have all been blocked and any of the tens of thousands of Companies having their Mail Hosted by Bigpond are being blacklisted by Spamcop. I do not know the exact reasons why.

All I know is that it is happenning and if it continues the value of using spamcop as a blocklist is greatly diminished.

This would in my view be a great tragedy.

...Then I would humbly suggest that you are using it in a manner inconsistent with your objectives. Rather than use it to completely block e-mail, perhaps you could use it, instead, to direct e-mail to a special folder for each user. Your users could then look through that folder at their convenience and let you know when they see a false positive and you could whitelist those. You could age off e-mails that reach a certain age so that the special folders don't become too large.

...Although I don't know what BL(s) it uses, what I've described above seems to be the way one of my e-mail providers, Yahoo!Mail, handles what it believes might be incoming spam.

...If my suggestion is inconsistent with other objectives, then it is perfectly reasonable for you, as the e-mail service provider, to choose some other strategy for blocking e-mails that might be spam rather than to continue to use SpamCop.net's blocklist. I don't share your feeling that it would be a great tragedy should you choose to stop using it.

Link to comment
Share on other sites

My feeling, listening to many of the complaints in these forums, is that viruses and the spamtraps are causing many of these listings. Usually, it is because a server is bouncing virus messages to the From field which is forged with the spamtrap address.

I would like to see a comparison of the number of valid spam messages vs. number of virus and virus bounce messages for the spamtrap addresses.

Perhaps it is time to either retire some of the spamtraps that are receiving virus messages or eliminate them all together.

Another possibility, which I have expressed in the past as well, is that non-US servers always seem to get listed easier than their US counterparts and I suspect that it is because the mail sent number is smaller becuase most of the samplers that are used are US based systems. Again. I have no inside information to back these assumptions up.

The first issue would explain the recent changes you have seen.

I do not, however, consider a large ISP being listed as a false positive. If there are no (or few) actual spam reports causing the listing, it could be false positive. If there are many spam reports, it is true positive.

Link to comment
Share on other sites

Spamcop.net explicitly states that their list is agressive and the use of it to reject e-mail can result in real e-mails being rejected.

So it is quite possible that it is too aggressive for the original poster's use.

Have you considered using it to generate 4xx codes which would cause any real mail to be rejected by it to be tried again after the server was delisted?

Real mail servers tend to get their spam stopped and delisted before the retries will be exceeded.

The other thing to use the spamcop.net list is for the suspicion of spam to trigger additional checks to see if it is really spam. This would be checking the rDNS value, and to see if it is any other agressive lists, or to do a URL I.P. lookup.

On the one mail server that I can see some statistics for, with spamcop after the other DNSbls and local blocks, the bl.spamcop.net only catches about 10% of the spam that the rest do.

Putting a content filter on all e-mails tends to have every mail server wide one that I have seen have false positives. Having the content filter triggered only by an I.P. in an aggressive DNSbl, or a bad rDNS would improve the accuracy of a content based spam filter with out significantly increasing the bandwidth usage of the mail server.

This would still be using the conservative DNSbls to keep identified spam sources out of the mail server.

-John

Personal Opinion Only

Link to comment
Share on other sites

It is me that is using spamcop as a block list for my mail servers.

I am trying to be constructive in saying that I cannot use a block list that identifies so many valid mail servers as spammers.

I don't quite understand what you mean by 'valid mail servers' I would think that all mail servers would be valid.

In the beginning of the spam problem, there were a lot of mail servers that were caught by the spamcop list. However, as the spam problem grew and more blocklists were used (private ones as well as public ones like spamcop), mailing lists and ISP's did a lot to combat spam by adopting confirmed subscription and having TOS and AUP's. It worked so well that there, IIUC, there are few ISP's that allow spammers to operate. Most spam seems to come through open proxies and compromised machines.

And some ISP's don't seem to know how to cope with that. If the large ISP's think that they can save money by not doing anything to fix their problems because no one will block them because they have so many legitimate users, then the spam problem will continue.

I don't know why Austraila should not have their major ISP's blocked if spam is coming from them any more than China or Brazil.

It is up to you, of course, how you decide to filter out spam - and how much spam you will tolerate - or your customers.

Miss Betsy

Link to comment
Share on other sites

Then I would humbly suggest that you are using it in a manner inconsistent with your objectives. Rather than use it to completely block e-mail, perhaps you could use it, instead, to direct e-mail to a special folder for each user.

This is exactly what one of my ISP does, identifies spam with a combination of filters and transfers in en masse to a spamfolder so I don't have to sort it out of my INBOX but I can still report it as spam, simply dragging the content to the appropriate place after checking the content and whitelisting any false positives.

I suppose more ISPs will eventually resort to such strategies. The bigger ISPs and Academic/Government servers move slower for some reason. They are also increasingly the main source of spam.

I am sure that the recent increase in spam worms and viruses is a result of a general increase in awarness of spam and attempts to stop it.

Link to comment
Share on other sites

This is exactly what one of my ISP does, identifies spam with a combination of filters and transfers in en masse to a spamfolder so I don't have to sort it out of my INBOX but I can still report it as spam, simply dragging the content to the appropriate place after checking the content and whitelisting any false positives.

And doing that with positively identified spam sources greatly increases the operational cost of the mail server. Just the bandwidth charges for that can be significant.

For a company it could make the difference between keeping an employee or laying them off.

See the pinned topic in the lounge on the cost of spam.

-John

Personal Opinion Only

Link to comment
Share on other sites

I don't know why Austraila should not have their major ISP's blocked if spam is coming from them any more than China or Brazil.

Exactly so, but while we all see plenty of spam and/or spamvertized websites coming out of/leading into Brazil and China I have yet to see any from Telstra BigPond (has anyone?). Yet dozens of their servers are "known to SpamCop" and a goodly number are listed at any one time. I have been deeply suspicious of this for some time (and have been quietly grumbling about it in these forums accorgingly), especially now that some very hefty penalties can be levied on Australian spammers vice the spam Act (how does AUD 1.1 million a day sound?). If Telstra BigPond weren't such a vast bumbling bureaucracy I fancy they might have been around requesting proof long before this. Feels to me like this issue is always being swept under the carpet - but then I suppose it takes representation by the actual ISP to start any serious investigation.

Yet still it turns ...

Link to comment
Share on other sites

I have been deeply suspicious of this for some time (and have been quietly grumbling about it in these forums accorgingly)...

If any of these suspicions are warrantied and some evidence can be brought forth, I am sure spamcop would do something about it... And if some mis-reporting is done deliberately it may be so to discredit spamcop.. I think the latter is more likely, so rather than blaming spamcop based on suspicions, the parties interested in correcting the problem should put such evidence together..

Link to comment
Share on other sites

[snip]I have yet to see any from Telstra BigPond (has anyone?)[snip]

How recently are you asking about?

Telstra/BigPond has a long and undignified history of spam support. I can't say that I've seen any spam out of their IPs lately but then I've gone out of my way to make sure that email from their IP space can't reach my inbox.

Link to comment
Share on other sites

I get a steady trickle of 419s from bigpond mailservers

Thanks for that (guessing that 419s are "ordinary" messages?) - was really starting to wonder if it was all an illusion. Must find out what the reporting detail is for enforcement of the spam Act and see if it can be added to The Banspam lists

Getting back to the original poster - clearly SpamCop is way too aggressive to use for blocking of Australian traffic. Telstra BigPond IPs are never in the Hall of Shame top 200 and never will be but they are always in the SCBL. If you need to handle everyday email in Australia, you really have no option but to stop using it for blocking. I don't see that is any reflection on SpamCop though, just doing what it always has but with more reporters meaning just about any significant spam activity is going to be picked up (and maybe a bit more besides, depending on the definition of "spam", as was mulled over on another forum)

Link to comment
Share on other sites

I get a steady trickle of 419s from bigpond mailservers

Thanks for that (guessing that 419s are "ordinary" messages?) [snip]

419's are far from "ordinary" messages, they are one of most vicious of scams perpetrated through email. People have literally lost their lives due to the scam but more often the victim's entire life savings are wiped out. Once their savings are gone many victims begin borrowing money from friends/relatives, still expecting that their savings as well as the borrowed money will be returned a thousand-fold in the near future. Some victims even resort to embezzlement trying to make it rich.

You know the scam.

URGENT AND CONFIDENTIAL

I AM [NAME], SON OF THE LATE PRESIDENT OF [sOME AFRICAN COUNTRY] AND BEFORE HE DIED MY FATHER DEPOSITED AN AMOUNT OF TWENTY FIVE MILLION DOLLARS . . . .

Link to comment
Share on other sites

<snip>

419's are far from "ordinary" messages<snip>

Nom d'un chien, thanks for the education Spambo. Yes we all know & well loathe the type. Oddly enough these are *possibly* not actionable under the Australian spam Act - but, if so, only because they are crimes (fraud), so there would be criminal charges and offences under other (telecommunications) Acts involved.

Link to comment
Share on other sites

Getting back to the original poster - clearly SpamCop is way too aggressive to use for blocking of Australian traffic. Telstra BigPond IPs are never in the Hall of Shame top 200 and never will be but they are always in the SCBL. If you need to handle everyday email in Australia, you really have no option but to stop using it for blocking.

One of the major problems that I have with blocklists is that most of them do not notify the ordinary end user why their email was not delivered.

One of the good things about spamcop is that it does notify the *sender* - not only the originating ISP, but also the ordinary end users (or at least is designed to be used that way).

And the *sender* is the only person who can control spammers. Of course, the administrator of the IP address is the one ultimately responsible. But ordinary, non-spamming users also have an influence by whom they choose to be their email service provider.

And IMHO, the ordinary sender of email should have a choice among blocklists or content filters used by their ISP. I am very much against anyone other than myself deciding what comes into my inbox. I may choose an ISP based on how competently he filters spam, but I want to know, in general terms, how he does that. Now many consumers may not care, but the ones who do, do make enough noise to get policies changed. And if the end user (consumer) understands that hir email service can be disrupted by incompetent or negligent behavior on the part of their provider, then they can also make choices.

Some people may opt for content filters (like yourbuddy), but if bandwidth is really a factor, those email accounts may be more expensive than those that opt for blocklists.

Miss Betsy

Link to comment
Share on other sites

The "sender" and "sender's ISP" cannot control or influence (minor

perhaps) the "recipient" or "recipient's ISP (who is using the DNSbl).

While they have "no obligation to receive email", they may well be

using a DNSbl that is "too aggressive", or may not use it correctly.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...