How can I automate the reporting of SPAM a little?

[iconnor]

I have started to use the email submission (as I am testing a way to forward the email with headers from Lotus Domino 6.x).

The email gets sent in, and processed for reporting. However, it seems the only way is to go through each one and report them individually. Is there a way to report them in batch. I have already decided they are spam before submitting and get more than 20 a day in some cases. I like that I can report held mail in a batch mode - is it possible with submitted email?

Also, does this make much of a difference to the spam filtering (am I helping)? These emails are ones that have slipped through the spamcop system as I filter all of them with my spamcop account before forwarding. I want to help improve the system so that I highlight which ones slipped through - is reporting like this the best option?

Thanks for any advice.

[turetzsr]

Hi, iconnor!

...Someone more knowledgeable about reporting from Domino can advise you better than I. However, for most of us, it is possible to submit multiple spams as attachments -- SpamCop than parses them and returns an e-mail that contains so-called "tracking URLs" from which you can then complete the reporting.

...Yes, you can be pretty well assured that your reporting is helping. It contributes to the statistics that get spammy IPs on the SpamCop blocklist and keeps them there if they continue to be spam sources! <g>

[StevenUnderwood]

If you get that working, I would be interested in testing it on v5 as that is what I use at work.

Confirming the reports is not supposed to be for cnfirming any particular message is spam, though it can catch a few mistakes that way. The confirmtion is suposed to be where you check where the parser is going to send the reports from you to be sure they are correct (or at least not your own ISP becuase of a misparse. Mailhosts should minimize this error.

In v5 and before, I need to export each message to a seperate text file. I then attach as many as I have at the time (usually about 10) in an email to my submit address.

You could also try to have your quick reporting address enabled by replacing the submit.* with quick.* and following the directions. This will add the source IP to the bl and send the source reports but ignores any links in the message. You will get a confirmation email with the parses that you should agin check that they went to the correct place.

[iconnor]

You could also try to have your quick reporting address enabled by replacing the submit.* with quick.* and following the directions.

I will try this and see how it goes.

Also, this is really only v6x (maybe v7x) code and I am not sure it will work on v5x. If I get it working, I will certainly push to get it published as a sandbox or LDD today article.

Thanks.

[Ariel]

I'm surprised that no one has pointed out that "spam" is a foul/yummy (depending on your taste/lack of taste) canned meat product, while "spam" is unsolicited commercial email.

[Wazoo]

I'm surprised that no one has pointed out that "spam" is a foul/yummy (depending on your taste/lack of taste) canned meat product, while "spam" is unsolicited commercial email.

I'm a bit confused .... the only copy of "spam" I see in this Topic is your reference, which I still haven't figured out what you're referencing.

[Spambo]

I'm a bit confused .... the only copy of "spam" I see in this Topic is your reference, which I still haven't figured out what you're referencing.

Look at topic title.

[Wazoo]

Ok, you got me. Part of the cost of reading everything, whether it pertains to me or not .. focus more on Read/Unread than the actual titles ... thanks for pointing out the obvious (to some <g>)

[turetzsr]

I'm surprised that no one has pointed out that "spam" is a foul/yummy (depending on your taste/lack of taste) canned meat product, while "spam" is unsolicited commercial email.

...Ah, yes -- thanks, Ariel!

...iconnor: please see spam and the Internet, especially the third paragraph.

[iconnor]

You could also try to have your quick reporting address enabled by replacing the submit.* with quick.* and following the directions.

I tried the quick.* email but it still wanting me to click the report button as the submit.* does.

Do I need to get permission or something to use the quick reporting? It does not seem to work for me.

thanks for any advice....

[turetzsr]

You could also try to have your quick reporting address enabled by replacing the submit.* with quick.* and following the directions.

I tried the quick.* email but it still wanting me to click the report button as the submit.* does.

Do I need to get permission or something to use the quick reporting? It does not seem to work for me.

thanks for any advice....

Hi, iconnor,

...Since I don't use it (see next paragraph) I don't know if this will help you but you may want to have a look at Jeff G.'s Guide to SpamCop Quick Reporting.

...Quick Reporting automates submitting spam for final reporting and in the process also makes it easy to submit reports that should not be submitted. The most frequent such erroneous reports seem to be reporting one's own ISP or e-mail provider. There are many very good reasons for avoiding such mistakes (not the least of which is avoiding embarrassing oneself).

[StevenUnderwood]

When I registered, there was wording on the confirmation email about how to get quick reporting enabled. This was a while back now, so things may have changed.

[iconnor]

When I registered, there was wording on the confirmation email about how to get quick reporting enabled.  This was a while back now, so things may have changed.

I signed up over 4 years ago - I am not sure even if there was a quick submission then. So, I have emailed support and will see what they say.

[StevenUnderwood]

No, the submit confirmation after you send to quick.*.

It said something like quick submission has been disabled and your messages have been submitted for full reporting. If you want to enable quick reporting, contact ...

[Wazoo]

Actually, support is JT's e-mail side of the house, I believe you need to hit service <at> admin.spamcop.net to get Don's approval .. which I believe is based on your history of reporting. I'll agree. I don't think it was in place 4 years ago, but it seems like it was only last year it was basically turned off for free/fuel types, then opened back up for "approved" requestors. No way can I come up with an accurate timeline ... old, retired, etc. <g>

[StevenUnderwood]

Your timeline sounds about right.

Good work old man

[SpamCopAdmin]

hit service <at> admin.spamcop.net to get Don's approval .. which I believe is based on your history of reporting.  I'll agree. I don't think it was in place 4 years ago, but it seems like it was only last year it was basically turned off for free/fuel types, then opened back up for "approved" requestors.

"Quick" submission via email was turned off for all users a while back because of people on autopilot reporting too much legitimate email and their own service providers.

For users who have already configured their Mailhosts, I'll enable it on request after a review of their reporting history to make sure they're not reporting bounces, virus traffic, ISP replies, mail from SpamCop, etc.

Users who didn't save the access link they need to configure their Mailhosts can create it by using the Secret code from their "submit" address.

Example:

submit.YourSecretCode[at]spam.spamcop.net

http://www.spamcop.net/?code=YourSecretCode

- Don -

[F. Jones]

I have some dedicated spamtrap accounts.

Is it possible to simply forward all mail sent to those account directly to a SpamCop e-mail address?

They don't need any analysis on my part, because the accounts were designed to be spamtraps from the beginning.

[Wazoo]

I have some dedicated spamtrap accounts.

Is it possible to simply forward all mail sent to those account directly to a SpamCop e-mail address?

There's a number of folks that have done this in the past. Some even had no issues for quite a while.

They don't need any analysis on my part, because the accounts were designed to be spamtraps from the beginning.

And this is exactly where the issues pop up. Something goes wrong, ISP changes configuration/servers, SpamCop parse goes bad due to issues with something (usually one of the outside resources goes down), or just the hand of fate flipping a bad card ... the "automatic, don't need no review" goes against the agreement that you will verify all data and reports, and it's also necessary to make sure that things are "right" before the Send Button is smacked.

[F. Jones]

That makes sense. I don't want a million random yahoos around the Internet mindlessly populating the database.

But how about those that you scan for open relays? Even if legit mails sneak thru, there's still one more pass that needs to be made before the IPs are considered poisonous, right?

Or is there not significant relay testing?

(Forgive me, I've looked at about a dozen services today and they're all sort of jumbling together.)

If SpamCop has no use for this mail, any suggestions for other RBLs that might be interested in my processed pork products?

[Wazoo]

Or is there not significant relay testing

open relays and proxies are some of those "outside" services I'd mentioned. SpamCop doesn't do this type of testing.

If SpamCop has no use for this mail

I didn't mean to imply that the data would be useless, it was the "automatic" part that brought concern and warnings into the picture. There are simply way too many instances of the "I blocked myself" stories.

any suggestions for other RBLs

killer of a question, as there are so many BLs out there. Most build their database with internally generated ata, based on whatever qualifications the BL owner has chosen. So the catch is that, yes, one would have to visit them and see if they take nominations or not. To see the range of BL types, contents, and ranges, try heading over to http://moensted.dk/spam/ .... it's a wild world out there .. as you can see, the dozen you mention doesn't quite put a good scratch on things <g>

[F. Jones]

open relays and proxies are some of those "outside" services I'd mentioned.  SpamCop doesn't do this type of testing.

Ah, OK, I apologize for my ignorance. After looking thru all this stuff for a couple of days, my mind is spinning.

I didn't mean to imply that the data would be useless, it was the "automatic" part that brought concern and warnings into the picture.  There are simply way too many instances of the "I blocked myself" stories.

Well, if the manual override is necessary for each individual mail (which makes sense) is it possible to at least have all the original suspected spam messages simply bounced straight thru the traps, as opposed to manually forwarding each particular message?

I'm not sure I understand how the time bottleneck is dealt with. If a human has to approve each submission, aren't the spammers long gone (assuming the human has to sleep occasionally)? Or is that simply not how the world works? Do you have a ballpark idea for how long the average spammer abuses a particular hapless DSL user?

So the catch is that, yes, one would have to visit them and see if they take nominations or not.

Yeah, I've kinda been doing this on my own for a few days. It looks like only a handful of those services are acceptable on a production server. I was just wondering if I was missing any obvious, well-respected services that take automatic submissions (although maybe the thing that makes a service well-respected is the lack of automatic submissions!).

For what it's worth, I know the blitzed guys accept submissions, but they double-check them all, so it's not as if legit IPs can get added to the database accidentally or maliciously. Well, within reason, you know.

[Wazoo]

I didn't mean to imply that the data would be useless, it was the "automatic" part that brought concern and warnings into the picture.  There are simply way too many instances of the "I blocked myself" stories.

Well, if the manual override is necessary for each individual mail (which makes sense) is it possible to at least have all the original suspected spam messages simply bounced straight thru the traps, as opposed to manually forwarding each particular message?

There is no "manual override" .. per se .. You submit your spam, the parser generates a list of target, you then verify and agree or not to this list. It's only after you 'hit Send' that the reports are sent and data is added to the database.

I'm not sure I understand how the time bottleneck is dealt with.  If a human has to approve each submission, aren't the spammers long gone (assuming the human has to sleep occasionally)?  Or is that simply not how the world works?  Do you have a ballpark idea for how long the average spammer abuses a particular hapless DSL user?

Rough question .. depends on the spammer, the connection, the ISP involved, even the spammer's tool set. One spammer will just touch a compromised system in order to keep it under the radar, while another spammer may burn the system to the ground as long as it's available.

I was just wondering if I was missing any obvious, well-respected services that take automatic submissions (although maybe the thing that makes a service well-respected is the lack of automatic submissions!).

I think you've noted the important fact. Those that run them have their own rules and qualifications, most are for their own servers, and that there are such things as spammer fueds is not an unknown condition <g>

[F. Jones]

There is no "manual override" .. per se .. You submit your spam, the parser generates a list of target, you then verify and agree or not to this list.  It's only after you 'hit Send' that the reports are sent and data is added to the database.

Hmm. Well, I guess what I'm asking is...can I simply bounce all my spamtrap's mail directly to my special spamcop address, or is that going to get my own server listed as a spammer (if I am stupid enough to hit the button on my own server)?

It seems to me that manually forwarding 100 or so messages a day is something I won't be able to keep up with.

[Wazoo]

Hmm.  Well, I guess what I'm asking is...can I simply bounce all my spamtrap's mail directly to my special spamcop address,

Let's answer that with ... if you can generate an acceptable format for e-mail submission, yes, you can submit it all.

or is that going to get my own server listed as a spammer (if I am stupid enough to hit the button on my own server)?

This is where the "automated" scenario comes into play. First of all, if you submit each spam separatly, you're going to get a confirmation for each and every spam. So, you're next going to automate the killing off of that e-mail. Then you've got to perfomr the act of checking the reports for the targetted links ... this is a step that some chose to also automate and got hammered.

It seems to me that manually forwarding 100 or so messages a day is something I won't be able to keep up with.

Again, I'm not sure that the Forwarding: is really the issue, it's the verification of the results that's going to be the headache. Many folks have burned themselves out trying to keep up with the incoming spew. Usually recommended is to focus on a topic (porn, mortgage, stock tips, etc.) or just grab the last 10 or 20 to report, kill off the rest.

SpamCop isn't a tool designed to "stop" your spam, it's a tool to better report the spam, as compared to trying to run down the header data yourself. However, use of a SpamCop Filtered E-Mail account or applying the various BLs to your incoming server can better manage/control the spam that you see.