SPAM surge after reporting

[lbcliff]

I have been getting 1800 or so SPAMs per day. When I found SpamCop on Sunday, I thought I'd found a ray of hope. It looked like a legitimate reporting service & I even signed up for a paid membership to support the cause. On Sunday, I reported about 30 abusers. I thought, perhaps if I was lucky, I'd see a slight reduction in the flood. This morning, instead of the usual 1800, I got over 3000. This is a bit too much of a coincidence. Now, I'm afraid to report any other offenders.

It occurred to me that my e-mail address is in the header & that reporting to a disreputable administrator could actually make things worse.

And no, I didn't just fall off the spam turnip truck. I have never responded to a spam, clicked on a link in one, asked to be taken off a list or opened an attachment. I do have a web site & understand that because my e-mail address is on it, I am vulnerable to spiders. About a month ago, the spam count shot from about 300 per day to 1800 per day & most of them are multiples of the same (6-12 copies sent at the same time).

If you can offer any insight on this, it would be much appreciated. I have been trying to find a legitimate consultant that I can pay to help me stop this. I can't run my business.

Linda Clifford

[Ariel]

Sounds like you need Spamcop's filtering system (or a similar service), not the reporting system...

[StevenUnderwood]

1. If you are now opening spam where before you would simply delete it, the web bugs in the message could be sending information back to the spammer that the message was opened.

2. You state you have the paid reporting account. In preferences, check the "spam Munging" section to see if you are possibly sending your address out in the reports. You can also check the reports before sending them by hitting the "Preview reports" button next to the "Submit reports" button. You could also have your email address in the "Display Name" section.

Personally, I turned off spam munging soon after getting the account and have not seen an overall increase in the number of spmams I receive (~100-200 per day). I do get different types of spam than I used to. I feel some spammers have removed my name (listwashed) from their lists and others have added me to additional lists, so it has balanced out.

Some other things that happen to new reporters (though you seem to have a handle on the numbers coming in) is that deleting the messages becomes so automatic that they don't realize how many messages they are actually receiving until they start to report them all and notice it seems alot more even though the numbers are the same. Or they were recently added to one of the Million address CD's which started to increase their spam volume, which pushed them over the edge wanting to do something. In other words the volume would have increased either way.

[moonbroth]

If you can offer any insight on this, it would be much appreciated. I have been trying to find a legitimate consultant that I can pay to help me stop this. I can't run my business.

Another poster said it above: what you want is the SpamCop Email System. Here's how it works (non-techy explanation).

You need to have an Internet Service Provider (ISP) that allows you to forward incoming email (very common) and to set up more than one email address for your account (also very common). AOL won't help, unfortunately.

You ask SpamCop to pick up all of the emails sent to your current email address, hold onto everything it thinks is spam, and forward the rest (the good messages) to a new, secret email address you'll have set up with your ISP. (Make this one tough to guess, and never use it anywhere: SpamCop can't help if you let the secret out). Then you configure whatever email program you use to pick up messages sent to the new account only (but to send messages from the old one: keeping that secret!). Problem solved.

SpamCop can send you email messages telling you what it's holding back ("Held Email"), at whatever frequency suits you, and you can then log on to the SpamCop website to review, release, delete, report, etc. at your leisure.

The mail system has some great filters and functions (auto-whitelisting when a message from one of your correspondents is mistakenly identified as spam; running SpamAssassin checks on all incoming email; offering a selection of blocking lists to employ). It makes it very easy to report spam anonymously (i.e. without opening all the messages, clicking on the links, etc.), or just feed your spammers into the SpamCop Blocking List (and save every other SpamCop user from receiving their crap).

More details here. The price is $30 a year. It's the only thing that keeps my email address usable! Any questions, please reply here and I'll do what I can to answer them.

Cheers, Nick

[starion]

Okay, I can be more scientific about this issue. I have recently started sending in the spam reports again, trying to be a help to the problem by reporting (I thought). I am set up as a mole (which I now read doesn't help the blockage of spam).

Keeping in mind, from what I read on the spamcop site, the mole reporting doesn't actually send reports...

Started reporting again on 6/23/04. In the previous 5 days on my main email account, I averaged about 70 junk mails a day.

Since starting reporting again, I have averaged 150 emails per day.

Now, my question would be, if the mole setting is not supposed to send a report, why did I see an increase in junk mail that corresponds directly with the start of reporting? Is something "leaking" out that shouldn't?

As a small ISP with about 100 email accounts hosted, we block over 1000 emails a day using the SpamCop DNSBL. I would certainly be willing to do what I could to help report spam, but not at the cost of creating more.

Jeff J.

[OldNick]

Did you go to spamcop.com, or spamcop.net to report your spam?

You are now at spamcop.net. Spamcop.com os a mot unpopular alternative.

[starion]

No, all reports are going to spamcop.net. I have paid for fuel.

Jeff J.

[Wazoo]

I'm going to re-organize a bit of your post.

About a month ago, the spam count shot from about 300 per day to 1800 per day .... This morning, instead of the usual 1800, I got over 3000.

One could suggest that there might be other forces at work, say your address was on a list that just changed hands and thus you are on more lists today than yesterday. Only pointing out that you admit that SpamCop wasn't part of the mix in the first ramp up.

When I found SpamCop on Sunday, I thought I'd found a ray of hope. It looked like a legitimate reporting service

I'm not sure if there are some underlying thoughts there. Yes, it's legitimate, yes, it's a reporting tool. But should point out that the advertising doesn't read that use of the SpamCop reporting tool will "stop" your spam. Even the paid account type of a Filtered E-mail account only offers to help "manage" your spam. Your expectations may have been placed too high and looking for the wrong results?? The main focus of the Reporting Tool set is to make it easier to more accurately target complaints about the source of the spew and then hope that the corresponding ISP takes some action to then handle that spew problem. At issue there of course is that not all ISPs are white hat.

I even signed up for a paid membership to support the cause.

It may not matter, but you didn't identify what type of account you signed up for. And this does imply that you did jump over the opportunity to "test drive" the system before jumping in all the way <g> Refunds are available if that is a desired action.

On Sunday, I reported about 30 abusers. I thought, perhaps if I was lucky, I'd see a slight reduction in the flood. This morning, instead of the usual 1800, I got over 3000. This is a bit too much of a coincidence. Now, I'm afraid to report any other offenders.

Seeing a reduction that fast would be considered a minor miracle <g> That you picked up such a rapid increase also seems a bit fantastic. As noted in the first re-organized paragragh, you could possibly have just timed things at the rise of a new crest of incoming spam due to your being "discovered" by yet another spammer or two.

It occurred to me that my e-mail address is in the header & that reporting to a disreputable administrator could actually make things worse.

This is (partially) true. Usually, your e-mail address in the header and other places (if recognized) are munged at sending time of the report (though one can opt for no munging at all) .. and, yes, some of the reporting addresses may not be above an accusation or two. But to peg 30 SpamCop complaints for a two-fold increase in your spam over the period of 24 hours is even stretching that possibilty a bit much .. not discounting it, just that the numbers seem a bit too impressive.

And no, I didn't just fall off the spam turnip truck. I have never responded to a spam, clicked on a link in one, asked to be taken off a list or opened an attachment. I do have a web site & understand that because my e-mail address is on it, I am vulnerable to spiders.

But, one might also have to ask what methodology may have been in use to do the reporting. Depending on your applications, configurations of those apps, and the actual mechanical motions and processes made during the reporting action, you may have triggered much more "feedback" than just the targetted report being sent.

For instance, one could assume that prior to your finding SpamCop, you used to simply select 100+ messages by simply marking their Subject Lines and deleting them with a single click. Now that you were going to report them, you are now "opening" each spam to gather it up for the reporting process. With an HTML-enabled application involved, this would have caused all the web-bugs, tracking links, and other nefarious embedded crud to have been activated, thus signalling to those connection points that this piece of spam had reached someone that was willing to open and read it, thus making your address much more "valuable" ...

If you can offer any insight on this, it would be much appreciated. I have been trying to find a legitimate consultant that I can pay to help me stop this. I can't run my business.

Although there are probably many folks out there willing to take your money, I'm not sure that you might be lucky enough to find someone actually practiced enough in these "black arts" to easily and quickly help with a solution. Depending on your "web" service/hosting package, you might be able to install software there to manage your e-mail ... you may be able to install some other software on your own system to help "manage" your incoming .. or, as already suggested, perhaps dropping the (assumed) Reporting Only account and switching over to a Filtered E-Mail account .... $30 for the Filtered E-Mail account would certainly be cheaper than any consultant worth a hoot <g>

if the mole setting is not supposed to send a report, why did I see an increase in junk mail that corresponds directly with the start of reporting

Please see the above. Yes, the current status of mole-reporting has all results going to dev/null .. which is an infamous black-hole. So the only possible link to SpamCop for your increase would deal with the above mentioned issues of just how youi might be handling your spam in the reporting process.

[hank]

I just started reporting after a long period of no reporting and two weeks offline.

spam immediately doubled, within 24 hours, and specifically spam bounces back from people who had been sent spam forging my userid (at Spamcop) and other userids -- only those that had been involved in the spam reports.

THis is real, folks, and the spammers are targeting people who report through Spamcop both by forging our names and by adding more spam.

Spamcop got its profile raised recently, it should be no surprise the spammers are targeting any customer they can identify for any nastiness they can cause. It's how they do business, by attacking those who try to limit the trouble they cause.

I suggest some formal traps be set up to test this out and work out the patterns if possible.

Yes, I'm munging, but we know that fails.

[lbcliff]

Thank you all for your replies. It seems I opened up a bit of a can of worms. At least I know I'm not alone in this experience. I found some info in the SpamCop e-mail filtering for businesses that said they could custom design a solution, so I am hoping that will help. I guess I can give up stopping the flood & have to focus on diverting it before it gets to me. It's sad, frustrating & infuriating.

Linda

[Wazoo]

Not that it's a new can of worms <g> .. It's just that there are so many things that could be involved, that it's hard to point at any single thing and say "that's it" .... If there was but an ounce of decency in these spammer's cold little hearts, they wouldn't be spending all the time and resources trying to outwit all the filters, blocks, and tools that people keep tossing up trying to stop their garbage ... at best, all one can really hope for at present is that "we" are halping to make things more difficult for them, and eventually, the cost of doing such "business" will be more than the alleged profits involved. Wouldn't it be nice to figure out how to stop the gullible idiots that keep buying into the advertised spew to begin with, such that "profit from spamming" would only be a myth?

[dbiel]

A possible related item that I have not seen mentioned elsewhere is the use of cookies.

You would be surprised at how many spam messages (as well as non-spam) will write a cookie on your computer without you ever knowing it even if you never fully opened the message.

I have changed my browser to prompt before accepting cookies.

I use Outlook express with the preview mode active.

Just clicking on the message, which opens the preview, will cause the email to write a cookie. JC Penny is one that uses this approach and I can not figure out why.

But when spammers use it, you can be in for big trouble.

I would strongly recommend that the browser setting should NOT be set to "always accept cookies", it is just too dangerous.

If the prompt becomes too much of a problem when surfing, temporarily change the cookie setting, but be sure you trust the web sites you are surfing.

[Wazoo]

Just clicking on the message, which opens the preview, will cause the email to write a cookie. JC Penny is one that uses this approach and I can not figure out why.

You still have it set to allow rendering of the HTML. You also didn't mention that you have OE configured to run in the Restricted Zone ... and then gone into IE to actually turn off all the neat stuff in the Restricted Zone ...

The only way to dis-allow your cookie writing and such without the above changes, is to go off-line before actually "reading" the stuff ... and actually, "reading" the stuff is something that really shouldn't be done <g> (Side-stepping the use of various software firewalls and cookie-managers, as there is just too much confusion between apps and configuration issues)

[r2d2d3d4d5]

It's not too hard to imagine that some spam reports make their way back to the spammers. All they would have to do is insert some kind of personal information in the spam and they would know who you are.

I use my Firewall to block access to Outlook 2k on everything but ports 25/110 and to my ISP's mail servers. Sygate PF allows me to do this on a per session basis so that I can look at some of the pics when I really want to.

[turetzsr]

<snip>

And no, I didn't just fall off the spam turnip truck. I have never responded to a spam, clicked on a link in one, asked to be taken off a list or opened an attachment. I do have a web site & understand that because my e-mail address is on it, I am vulnerable to spiders.

But, one might also have to ask what methodology may have been in use to do the reporting. Depending on your applications, configurations of those apps, and the actual mechanical motions and processes made during the reporting action, you may have triggered much more "feedback" than just the targetted report being sent.

For instance, one could assume that prior to your finding SpamCop, you used to simply select 100+ messages by simply marking their Subject Lines and deleting them with a single click. Now that you were going to report them, you are now "opening" each spam to gather it up for the reporting process. With an HTML-enabled application involved, this would have caused all the web-bugs, tracking links, and other nefarious embedded crud to have been activated, thus signalling to those connection points that this piece of spam had reached someone that was willing to open and read it, thus making your address much more "valuable" ...

<snip>

...You forgot to mention automated replies.

[berryproud]

I would change my email address if I were you....and start over....sounds like you have been permenantly compromised.

Good Luck