Jump to content
Sign in to follow this  
underestimated

Is SpamCop missing some ISP's in reporting?

Recommended Posts

I am kind of new to spam reporting (and SpamCop), but I have a basic idea about reading and understanding headers.

Question: Should I just let the SpamCop Web Reporting take care of everything or should I manually report to other ISP's I believe SpamCop might be missing?

More questions:

Are there some ISP's SC will not report to? Is there a specific forum to provide feedback for additional reporting info?

Thanks in advance.

Share this post


Link to post
Share on other sites

I'm not sure I want to go near a "sure, do it all" type answer, as I'm not sure what you're including in the thoughts behind your query. How about this, you parse your next spam, come back here and post the Tracking URL, and some specific questions about what you're thinking about reporting that the SpamCop parser didn't find. Some things are not reported for a reason, others aren't reported based on the statistics and history of an item, other reports are simply sent to a black-hole for certain reasons .... but as you started with "I'm new" ... let's talk about something tangible to start out with.

Share this post


Link to post
Share on other sites

Thanks for your respnse. You really have answered my questions, even though non-specific. I believe I understand the reporting somewhat better now as I have just gone through another batch of 15-20 pieces of spam.

It just bothers me a little when I see some reports just going to devnull.spamcop.net and nowhere else. I understand it's worthless to report to spammer hosts & pro-spammer sites, but can't we just report up the traceroute chain for some action?

I didn't bring a Tracking URL with me to use as an example, but a generic domain I'm sure you're familiar with seeing is wholesale(somethin' or other - heh). I know they have some reporting addresses, but use different domains (sounds kind of fishy, huh?).

If I see something that really strikes me as a "more" reportable example, I'll come back and post the tracker. I guess what I would really like to see is a list of non-reportable service providers (due to being pro-spam or actual spamming hosts).

Thanks again Wazoo! :D

Share this post


Link to post
Share on other sites

On the reporting screen there should be a checkbox for viewing the technical details, or something like that. It will give you a better idea of who, why, and why not.

Share this post


Link to post
Share on other sites
On the reporting screen there should be a checkbox for viewing the technical details, or something like that.

Thanks, been there. ;) I have been compairing various parsing & reporting tools for effectiveness. SC is clearly the most "hands free" while allowing the reportee a good number of options to choose from.

It will give you a better idea of who, why, and why not.

True-it gives a good idea of who and why, but not always why not. The "why nots" shown are really obvious (i.e. my anti-virus stamp on all incoming email, forged/fake data, some open relays).

I would still like to see some kind of listing of actual non-reportable domains with a note as to why reports are not sent (if that is possible). Hehe! This forum category would be a good place for a "sticky" post of domains & why SC does not report to them (i.e. spamming hosts/ pro-spam ISP's/biased against SC/bad experience with SC... etc.) This one itsy-bitsy teeny-tiny request would be a really nice tool for all SC users.

This info I'm looking for might already exist somewhere out there and I just don't know how to find it (if so, can you please show me?). If not, don't you think this would really be helpful info to know up front?

Thanks again! :D

Share this post


Link to post
Share on other sites

I think that if spamcop sends it to dev/null really means it is being added to the blocklist without reports being sent - that means that this report address is not responsive. Not responsive means they don't care, want the money, or are just plain incompetent. The exception are those who have compromised machines and open proxies, but again it takes a while for some to respond. Search for Comcast and you will see what I mean.

The various upstream additions made by those who take the time to trace spammer locations and suggest alternatives (usually for spamvertized domains) is harder to understand by just looking. If you lurk in the spamcop.routing newsgroup (NTTP), you might have a better idea of why.

One alternative is to send 'manual' reports to those abuse addresses that are being sent to dev/null. It seems to me a lot of work for little return, though. Sometimes, however, some abuse addresses do pay attention to 'manual' reports while they ignore spamcop reports.

The bottom line is that those ISPs who are responsive rarely get reports any more because they have preventative measures in place against spammers using their system. If they do, they react promptly so that you see "ISP has resolved" Basically when you report, you are ensuring a place on the blocklist.

Also, you can find most of those addresses that go to dev/null in spamhaus or spews. I doubt very much if your request will hit the top of the 'to do' list because those who are interested will use moenstad (look in the Why Am I Blocked FAQ for the proper link) or know just by looking what IP ranges are spammer infested. Others use spamcop because they don't want to spend the time researching - they want spamcop to do it for them.

HTH

Miss Betsy

Share this post


Link to post
Share on other sites

perhaps there could be another RBL that keeps track of those addresses for which spamcop reports are ignored.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×