Is second reporting step necessary for the bl?

[stuckmojo]

I use the DNS blacklist on my server, and i've recently started reporting the spams I receive in hopes of reducing the volume even more. However, I get so much spam that it's really quite tedious to go and do the second step of visiting the forms to submit complaints for all of them.

So, my question is: will the IPs involved in the spam I forward be considered for addition to the bl.spamcop.net blacklist if I don't bother to take the second step and submit the complaints?

[Wazoo]

Nope ... until the report is actually "sent" it's just a page of data in limbo. Some suggestions to help prevent burn out and frustration ... select a "favorite" spam type to go after and religiously report, only report the most recent 20 spams, etc. pick your target, get it accomplished, delete the rest with the thought that you surely aren't the only one receiving the spew, and hopefully others are handling the reporting. If you have extra time or are feeling a bit spiteful, snag a few and report them ....

[starion]

Out of curiosity and ignorance, why is the second step even required? Can't the spamcop system just take the report and run with it?

Or could that be something for paid only subscribers? Or is there some legal reason this can't be done?

Jeff J.

[Wazoo]

The agreement made with the use of the SpamCop reporting tool set is that "you" are responsible for where and what actually gets reported. The parsing and reporting tools are just that .. simple tools ... What goes wrong in the "not worth my time to look at the results, just click on everything" is usually seen in the problem queries about such things as "I've blocked myself" or "my ISP closed down my site because I've been accused of spamming" .. both items caused by ignoring that something wasn't right in the parse and this user's (e-mail server/hosting) IP was in the list of targets for the complaints.

[starion]

Yes, I guess that would make sense if we were talking about an individual making spam reports. But we are an ISP, and when we choose messages to report as spam, we ARE sure we want to report them, or we wouldn't bother manually selecting them to report in the first place...

Jeff J.

[StevenUnderwood]

Yes, I guess that would make sense if we were talking about an individual making spam reports.  But we are an ISP, and when we choose messages to report as spam, we ARE sure we want to report them, or we wouldn't bother manually selecting them to report in the first place...

Jeff J.

The problem starts after the spam is submitted, when it is parsed. Sometimes the parser will stop too soon and want to report the reporters ISP. In your case it would be your IP's and your IP would be added to the DNSBL. Sometimes the parser goes too far and the forged headers point back to the reporters ISP. Again, this could be your servers IP and get added to the blocklist.

The same parser is used whether you are an individual making reports or an ISP making reports. That parser is the failure point the confirmation is checking on.

[starion]

Okay, so what it boils down to is that the parser (your software) is buggy, and can't do a simple check to ignore a submission if it sees that it is making a report on the IP that submitted it?

We have sent hundreds of reports, and have never had our servers IP's blocked. From our perspective, your parser seems to have been working fine.

I really like the concept behind what you all are doing, but it seems to me that unless you make it simpler for ISP's to report, we really don't have the time to help out to that extent.

It would be like you personally taking the time to review every report submitted by spamcop users. You wouldn't do it, because of the sheer volume involved. It's the same way for ISP's.

Jeff J.

[Wazoo]

so what it boils down to is that the parser (your software) is buggy

Though one can't rule out bugs and screw-ups, the "strange" issues come up most of the time due to problems with mis-configured servers in the mix, and the failure (or timeouts) involved with external data sources during the parse .. APNIC down, ARIN chocking, etc. ....to get just a bit more specific, as the parser is doing its "chaining test" there may be some reason that a DNS lookup fails, so the parser tool will "fall back" to the "last seen valid" Received line. This is where the gotcha comes in. It's not that the parser "failed" .. it's just that it wasn't fed "good" data ....

do a simple check to ignore a submission if it sees that it is making a report on the IP that submitted it

This is one of the "features" of the "Mail-Host Beta" thing (soon to become mandatory, according to some postings) Have you looked at / configured for this yet?

From our perspective, your parser seems to have been working fine.

And thus is always the surprised look that comes after being nailed by one of these glitches. Again, the mail-host thing may eventually come out resolving a lot of this, but noting once again, the parsing and reporting tool is just that, and Lord knows that somewhere in this world, someone has once again just smashed his/her thumb with a hammer <g>

[starion]

Yes, I have been reviewing the material for the "Mail-Host" solution. Don't know if that will fit our situation yet.

Jeff J.

[StevenUnderwood]

It's the same way for ISP's.

IMO, spamcop is not really designed for ISP's to be submitting messages anyway. Are the messages addressed to you or your users? If the users, how do you know that the user did not sign up for that list?

The unsolicited part of the spam definition kind of requires a decision by the box owner to comply with.

[starion]

Because we have a system where our users can send us the things they consider spam. Besides, it's a good bet that the spam I'm receiving personally is being received by our users as well.

Jeff J.

[StevenUnderwood]

We have always been told by the deputies that we are not to report the spam messages that come to us in a bounce and one of the reasons given is that the same was not sent to us, so it is not our spam to report.

I don't know if you have any special deal with spamcop, but normally, you could report the spam that is directed to your mailbox, but not that which was directed to someone elses mailbox.

If someone forwards you a message of something they signed up for and the list administrator calls spamcop on it for false report, it is YOUR account that will be terminated.

If I were you, I would email deputies<at>spamcop.net and get a ruling on this type of reporting. Perhaps there is already a specific type of ISP reporting account that would bypass the confirmation and also link the report to the actual person who is reporting the spam (your customer).

Good luck

[dbiel]

Also consider applying to be allowed to use quick reporting. It gets around the problem of confirming each individual message, but the trade off is that the reporting is much more limited.

see http://forum.spamcop.net/forums/index.php?showtopic=1937 for more information on reporting types