How can I automate the reporting of SPAM a little?

[F. Jones]

Let's answer that with ... if you can generate an acceptable format for e-mail submission, yes, you can submit it all.

Well, what I'm asking is...is simply relaying the message directly to my special spamcop address an acceptable format, or is that only going to get my server listed as the relayer?

That is, I can just add my spamcop address to that account's .forward file, since it's all spam anyway?

First of all, if you submit each spam separatly, you're going to get a confirmation for each and every spam.  So, you're next going to automate the killing off of that e-mail.  Then you've got to perfomr the act of checking the reports for the targetted links ... this is a step that some chose to also automate and got hammered.

Right...but, the alternative is that I do both steps manually. This way, even if I slack off on the weekends or something, at least I only need to do 50% of the work.

Again, I'm not sure that the Forwarding: is really the issue, it's the verification of the results that's going to be the headache.

I dunno...I think clicking the link is slightly less annoying than manually forwarding the messages. And either way, I'm cutting out one of the 2 required steps.

SpamCop isn't a tool designed to "stop" your spam, it's a tool to better report the spam, as compared to trying to run down the header data yourself.

I'm mostly concerned with BL aspect of SpamCop. I know that once I've received the mail, the likelihood that I'll be protecting my own server in the future from that particular IP is pretty slim, but I'm trying to find a use for my existing spamtraps.

However, use of a SpamCop Filtered E-Mail account or applying the various BLs to your incoming server can better manage/control the spam that you see.

Actually, the SpamCop BL is too aggressive for use on my production system, but I'd still like to contribute to the service so that others may benefit from it.

I mean, I could run something like Spamikaze on my server and create my own BL that I'd know for sure was safe, but I don't think it'd be particularly helpful to me and we don't have the resources to open it up to outside use.

[StevenUnderwood]

That is, I can just add my spamcop address to that account's .forward file, since it's all spam anyway?

No. The parser expects to see the headers for the submission and as the body of the submission, the headers and body of the spam seperated by a blank line.

That way, it only uses the body of the submission to parse.

[WB8TYW]

Totally automated spamcop reporting and confirmation from non-spamcop maintained spam traps is problematic.

It is against Spamcop.net TOS to report clueless bounces, worms, and worm-poop, all of which a spam trap will receive on a regular basis.

Many of the people showing up here with their real mail server hitting only spam-traps because it had something like a virus scanner that auto-responded to viruses.

Viruses seem to be very good at harvesting spam-trap addresses and forging them for the from: address.

If you want to do something automatic, first triage your spamtraps to eliminate any spam from sbl-xbl.spamhaus.org, and the block lists dnsbl.org and njabl.org.

If the I.P. address that your mail server accepted the spam from is not listed anywhere, then you can set up a procedure to submit it.

njabl.org has a system where you can sign up as a trusted host, so that every I.P. address you lookup on their DNSbl that is has not been tested will be queued for a test.

You can also get the testing kit from dsbl.org and use it to nominate hosts to the DSBL based on spamtrap hits from I.P. addresses that are not currently listed on it.

If you know for sure that the I.P. address is an open proxy or an open relay, it is easy to get set up to submit it to MAIL-ABUSE.ORG, instructions are on their web site. Unfortunately they want you to determine if it is an open proxy or an open relay and submit it to two different addresses.

These services are more conservative in their listings than spamcop.net, but once a spam source is listed with them, many people will stop seeing spam from it.

-John

Personal Opinion Only

[F. Jones]

The parser expects to see the headers for the submission and as the body of the submission, the headers and body of the spam seperated by a blank line.

Ah, OK, thank you.

It is against Spamcop.net TOS to report clueless bounces, worms, and worm-poop, all of which a spam trap will receive on a regular basis.

Makes sense.

Viruses seem to be very good at harvesting spam-trap addresses and forging them for the from: address.

Yet another reason people shouldn't send out worm complaints...

njabl.org has a system where you can sign up as a trusted host, so that every I.P. address you lookup on their DNSbl that is has not been tested will be queued for a test.

Thanks, I'll look into that.

You can also get the testing kit from dsbl.org and use it to nominate hosts to the DSBL based on spamtrap hits from I.P. addresses that are not currently listed on it.

I'm doing that now, but the system is pretty primitive and it seems to be impossible to tell whether or not what you're doing is having any effect.

Thanks for the ideas.

I'm also submitting my spam to blitzed.org's OPM, which at least has some accounting so I can tell I'm being helpful.