I hate Spamcop and SPAM

[Ihatespamcopandspam]

Both spam and Spamcop cause the same amount of problems and headaches for people. Spamcop is fine for blocking a single Spammers IP or server address, but when some idiot decides to block an entire ISP's server address range just because of one idiot sending spam, that is just fu**ing stupid.

From now on, if you are going to report an IP address as sending spam, don't be a lazy ass and just report the IP address to Spamcop. Try donig a little checking first to make sure it does not belong to an ISP for sending email for thousands of domains. Common sense would tell you that you need to report it to that particular ISP, but I guess that would be asking too much.

Therefore, the idiots that randomly report IP's because they got a single spam from it need to stop because you are causing as many problems, if not more, than the actual spam.

[turetzsr]

...Thank you for your rant. Now, please go away and do not darken our doorsteps any longer with your ignorance. <g> <-- Don't take that seriously -- you are welcome to post your opinions about SpamCop in the Lounge forum, even negative ones. Just don't expect a warm welcome! <wink>

...Wazoo - please consider moving this to the Lounge. ty

[DavidT]

Your post is based on mistaken information. SpamCop doesn't block any IPs or servers at all. The blocking is done by individual ISPs who decide to give the "death penalty" to anything coming from IPs listed in the SCBL. This is a bit like getting mad at a meteorologist for forecasting rain when an event you wanted to attend gets cancelled. You shouldn't get mad at the meteorologist, you should get mad at the people who cancel the event.

Another mistake in your post...when SpamCop users submit reports, not only does the originating IP address get submitted for possible inclusion in the SCBL, but reports are also sent to the responsible party for that range of IP addresses.

I work with websites that are on shared hosts, and unfortunately, the ISP has those boxes configured so that all outgoing SMTP traffic originates from a single IP address. Therefore, if a "formmail scri_pt" gets compromised on the machine and lots of spam spews out of that IP, I fully expect that our entire server will be blocked until the host ISP does something abut it.

(and this isn't the correct forum to complain in....this is the SpamCop Email forum, which is for support of SpamCop email accounts...not for complaining about the SCBL)

dt

[Ihatespamcopandspam]

Sorry about the posting in te wrong forum did not see the other one and its is not completely clear what belongs in what areas.

Actually, as far as it blocking certain IP addresses, you may be right about it being the ISP resposibility, but the only problem with that theory is that I work for an ISP here in Tamp called Sage Networks. So, why would we blacklist our own IP?

http://www.spamcop.net/bl.shtml?66.118.156.121

I spend more time trying to remove people off of spamcop and others like it, than actually blocking spam. Don't get me wrong, spam sucks,but blocking an IP is not the way to do it. As an example, I can easily write a program to use thousands of proxies used by millions of people to access the internet, to send some spam, randomly changing between my list of proxies. So, now some idiot is going to go and report each IP address and none of them will be able to send email or use the net any longer because every ISP that subscribes to Spamcop will now be blocking requests to those IPs.

So a better solution would be for each company or individual to ru hteir own filtering/blocking software as opposed to blocking an entire IP.

[Ihatespamcopandspam]

...Thank you for your rant.  Now, please go away and do not darken our doorsteps any longer with your ignorance. <g>  <-- Don't take that seriously -- you are welcome to post your opinions about SpamCop in the Lounge forum, even negative ones.  Just don't expect a warm welcome! <wink>

...Wazoo - please consider moving this to the Lounge.  ty

14658[/snapback]

Oh yeah and one other thing. I would have posted in the spamcop lounge, but seeing as it says not to talk about spamcop, I thought it would not belong there either.

Spamcop lounge

This forum is for discussion of pretty much anything except SpamCop and spam fighting.

[StevenUnderwood]

So a better solution would be for each company or individual to ru hteir own filtering/blocking software as opposed to blocking an entire IP.

1. By that time, you have already paid to download the bits, adding cost (about 75% in my companies case) to the cost of having email.

The only non-forgable information that a server has before downloading the whole message is the IP address of the machine connecting to it.

2. Add if the end user drops it automatically, there is no reliable way to tell the sender that their message was not delivered.

With blocklists, the receiving server rejects it and the sending server (who should know where they got the message from) delivers the non-delivery message.

I have tried all the other major spam reduction techniques out there and none have come close to the reliability and cost reduction of block lists.

[turetzsr]

Oh yeah and one other thing.  I would have posted in the spamcop lounge, but seeing as it says not to talk about spamcop, I thought it would not belong there either.

Spamcop lounge

This forum is for discussion of pretty much anything except SpamCop and spam fighting.

14663[/snapback]

...You couldn't be expected to know this without doing more than a fair amount of searching but this is exactly the subject of numerous discussions in these fora. The verbiage you quote was put there by an administrator who set up this system and has since pretty much abandoned us (at least in terms of fixing little mistakes like that) and the people (person) who now operates these fora does not have the privileges necessary to change the wording. By general agreement of us participants, the Lounge is used for anything that doesn't fit into any of the other fora.

[turetzsr]

<snip> blocking an IP is not the way to do it.  As an example, I can easily write a program to use thousands of proxies used by millions of people to access the internet, to send some spam, randomly changing between my list of proxies.  So, now some idiot is going to go and report each IP address and none of them will be able to send email or use the net any longer because every ISP that subscribes to Spamcop will now be blocking requests to those IPs.

<snip>

14661[/snapback]

...I'm not an expert on that subject but it seems to me that if you are able to do what you suggest then SpamCop reporting would represent a great service to those ISPs because it would be exposing a serious security hole in their setup. If they get listed on SpamCop's blocklist and, as a result of the e-mail reports to them from SpamCop, lock you out from sending spam, they get delisted within 48 hours -- usually less, and almost immediately if they communicate the situation to the SpamCop deputies. Besides which, although users of the SpamCop blocklist often use it to entirely block e-mail from IP addresses on the list, more responsible users (such as SpamCop's e-mail service) use it to filter e-mail from such sources -- delivering it to a separate folder so that it may be perused by the end user and discarded if it really is spam or actually used if it is not.

[DavidT]

Sorry about the posting in te wrong forum did not see the other one and its is not completely clear what belongs in what areas.

I think it belongs in the Help forum, but I see it's been moved to the Lounge.

...I work for an ISP here in Tamp called Sage Networks.

Shouldn't that be "Sago Networks"?

So, why would we blacklist our own IP?

Who said that you did?

I spend more time trying to remove people off of spamcop and others like it, than actually blocking spam. 

Hmmm...Florida....there are a LOT of spammers (and scammers in general) in Florida...you probably are already aware of that well-earned reputation?

Don't get me wrong, spam sucks,but blocking an IP is not the way to do it. 

Again...SpamCop doesn't block any IPs...period. SpamCop maintains a BL that can be queried by ISPs, who can choose to do anything they want with that information. Contact the ISPs who are actually blocking connections.

As an example, I can easily write a program to use thousands of proxies used by millions of people to access the internet, to send some spam, randomly changing between my list of proxies.  So, now some idiot is going to go and report each IP address and none of them will be able to send email or use the net any longer because every ISP that subscribes to Spamcop will now be blocking requests to those IPs.

No, they'll be blocking traffic from those IPs....not to them...that's a big difference. And yes, I'd be glad NOT to receive anything from a compromised system. This is happening with worms right now, that infect broadband-connected computers and then churn out additional infections, or spam, whatever...

BTW, I ran that IP address through the OpenRBL....you might want to take a look there yourself....it's far from a "clean" source, and "sagonet" appears to have quite a bit of spam-related history, even if you're finally cleaning things up....sorry, but that's what a quick peek in the abuse newsgroups reveals.

dt

[Ihatespamcopandspam]

I think it belongs in the Help forum, but I see it's been moved to the Lounge.

Shouldn't that be "Sago Networks"?

Who said that you did?

Hmmm...Florida....there are a LOT of spammers (and scammers in general) in Florida...you probably are already aware of that well-earned reputation?

Again...SpamCop doesn't block any IPs...period. SpamCop maintains a BL that can be queried by ISPs, who can choose to do anything they want with that information. Contact the ISPs who are actually blocking connections.

No, they'll be blocking traffic from those IPs....not to them...that's a big difference. And yes, I'd be glad NOT to receive anything from a compromised system. This is happening with worms right now, that infect broadband-connected computers and then churn out additional infections, or spam, whatever...

BTW, I ran that IP address through the OpenRBL....you might want to take a look there yourself....it's far from a "clean" source, and "sagonet" appears to have quite a bit of spam-related history, even if you're finally cleaning things up....sorry, but that's what a quick peek in the abuse newsgroups reveals.

dt

14668[/snapback]

Yeah, it is Sago Networks, sorry bout that. Typing too fast! We have had a ton of issues with a few hosting customers who in turn host hundreds of websites. Spamcop probably provides a great service in gerneral, but I think I spend more time dealing with that as opposed to the spam itself.

There really just needs to be one blacklist that everyone updates, like how DNS works. Then it would not be such a pain in butt having to look at 50 different blacklists.

[Ihatespamcopandspam]

If someone is that hardup for bandwidth, that some email is even using 1% of their bandwidth, then they are paying way too much for it. For about the price of a T1 you can get a 100mbit connection,

Take a look at www.cogentco.com

Chad

[dbiel]

You might what to take a bit of time and read up on SpamCop.

Take a look at the following series of posts SpamCop is damaging my business, SpamCop is Blocking my legitimate e-mail

Key parts:

spamcop can not physically block any messages except those directed to it's users. The person blocking your messages is the adminitrator of the mail server you are trying to contact.

And SpamCop does not automaticly block any messages to its own users, but simply provides the service to its users to use varrious blocking lists as each user desires to do so.

Also note SpamCop's official policy regarding use of it list http://www.spamcop.net/bl.shtml

It is designed to be used as a filtering list, not a blocking list

Key quote:

This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered

To repeat DavidT remark

This is a bit like getting mad at a meteorologist for forecasting rain when an event you wanted to attend gets cancelled. You shouldn't get mad at the meteorologist, you should get mad at the people who cancel the event.

Just a note, this got moved while I was writting it, so other entries are ahead of it.

[DavidT]

We have had a ton of issues with a few hosting customers who internet host hundreds of websites.

Then by all means, become a totally "White Hat" ISP by dealing agressively with any spam-related activity related to your network, including any sites that are "spamvertised" (once you've received adequate proof of their complicity). It's hard to get back in the good graces of the spam-fighting community, but it's possible.

There really just needs to be one blacklist that everyone updates, like how DNS works.  Then it would not be such a pain in butt having to look at 50 different blacklists.

That's why there are some collective RBL sites, such as "openrbl.org" -- it was even worse before. Right now, it's still a bit like the old "frontier days" of the "wild west" in which there's not enough police action coming from any centralized authority, so it's up to a loose network of "vigilantes" to take action.

dt

[eaolson]

Both spam and Spamcop cause the same amount of problems and headaches for people.  Spamcop is fine for blocking a single Spammers IP or server address, but when some idiot decides to block an entire ISP's  server address range just because of one idiot sending spam, that is just fu**ing stupid.

Has the BL changed to list entire IP blocks or is it still listing just spam-sending IPs?

I think you may be thinking of SPEWS. By the way, you also have a major problem there: http://spews.org/html/S333.html

From now on, if you are going to report an IP address as sending spam, don't be a lazy ass and just report the IP address to Spamcop.  Try donig a little checking first to make sure it does not belong to an ISP for sending email for thousands of domains. 

So you're saying that an ISP that uses one mail server for many domains should get a free pass on the spam issue? What finer granularity other than individual IPs is there?

[StevenUnderwood]

If someone is that hardup for bandwidth, that some email is even using 1% of their bandwidth, then they are paying way too much for it.  For about the price of a T1 you can get a 100mbit connection,

Take a look at www.cogentco.com

14671[/snapback]

Again, you know not of which you speak...

We run a T1 and email traffic takes up about 5% of that. And as with many business plans, you pay by the amount of data transferred over the line.

So by weeding out the ~75% (yesterday, it was exactly 65.3%) of spam that comes to our domain accounts I have saved my company a heafty amount on internet costs.

In our business, we do not reject anything, instead we use an outside vendor (postini) to accept our email, categorize it and hold the questionable content. Our users can then go to a web site and forward any missing messages and delete the rest, all without incurring the download charge for most of it. Of those trapped, less than 1% gets forwarded.

[Wazoo]

There still seems to be much confusion floating around .. for instance, the remark "issues with a few hosting customers who in turn host hundreds of websites" ... In general, the SpamCopDNSbl doesn't handle "websites" .. targeted against the IP of the spew source, usually the e-mail server involved. One could stretch the envelope a bit and go with that these "hosted sites" are an issue, but the reality would still boil down to that all these sites are using the same e-mail server. Perhaps one would come up with a plan, such as setting up more e-mail servers, and splitting up the customer base a bit amongst them, perhaps placing "new" accounts on a system to insure that they don't spoil the well for your older, trusted clients?

There are many lists out there, but if you do a bit of research, you'll find that they target different things, have different decision points, and handle removal in different ways. SpamCop is seen as pretty benevolent, removing a single IP as soon as it meets a threshold setting in a mathematical formula .. as compared to SPEWS which continues to expand the range surrounding a "bad" IP based on inaction by the ISP .. removal is only after "all" the spew stops and the SPEWS coordinators are convinced that the issue has been "really" resolved. It still boils down to a particular ISP making the decision on just which lists to use, how they are implemented / configured, and what types and levels they are prepared to accept.

[Merlyn]

Both spam and Spamcop cause the same amount of problems and headaches for people.  Spamcop is fine for blocking a single Spammers IP or server address, but when some idiot decides to block an entire ISP's  server address range just because of one idiot sending spam, that is just fu**ing stupid.

From now on, if you are going to report an IP address as sending spam, don't be a lazy ass and just report the IP address to Spamcop.  Try donig a little checking first to make sure it does not belong to an ISP for sending email for thousands of domains.  Common sense would tell you that you need to report it to that particular ISP, but I guess that would be asking too much.

Therefore, the idiots that randomly report IP's because they got a single spam from it need to stop because you are causing as many problems, if not more, than the actual spam.

14656[/snapback]

Spamcop does not block anything.

Spamcop only lists "SINGLE" IP addresses not ranges.

If it is Cogent, they host some of the worst spammers on the internet.

See: http://www.spamhaus.org/sbl/listings.lasso?isp=cogentco.com

Glad to see your money is paying for their spam.

The only idiot around here is you

[turetzsr]

<snip>

If it is Cogent, they host some of the worst spammers on the internet.

<snip>

14690[/snapback]

...Spambo, IIUC Cogent is not the OP's provider. See full quote:

If someone is that hardup for bandwidth, that some email is even using 1% of their bandwidth, then they are paying way too much for it.  For about the price of a T1 you can get a 100mbit connection,

Take a look at www.cogentco.com

14671[/snapback]

The only idiot around here is you

...IMHO, the OP is not (necessarily) an idiot -- (s)he just appears to be frustrated and came here to blow off steam before understanding how SpamCop works.

[Miss Betsy]

I am not sure that 'blowing off steam' is not idiotic in an online forum.

I thought that cogentco was spammy.

Miss Betsy

[StevenUnderwood]

It is, but the OP simply stated that bandwidth is available cheap through them...We know why, OP probably does not.

[Ihatespamcopandspam]

Again, you know not of which you speak...

We run a T1 and email traffic takes up about 5% of that.  And as with many business plans, you pay by the amount of data transferred over the line.

So by weeding out the ~75% (yesterday, it was exactly 65.3%) of spam that comes to our domain accounts I have saved my company a heafty amount on  internet costs. 

In our business, we do not reject anything, instead we use an outside vendor (postini) to accept our email, categorize it and hold the questionable content.  Our users can then go to a web site and forward any missing messages and delete the rest, all without incurring the download charge for most of it.  Of those trapped, less than 1% gets forwarded.

14678[/snapback]

I know not what I speak, lol

That is what I was trying to say. If you have someone like yourself that is paying per the amount of data that you are transferring, then you guys are paying way too much for your bandwidth.

I was not trying to say millions of spam would not eat a little of your bandwidth.

[Ihatespamcopandspam]

...Spambo, IIUC Cogent is not the OP's provider.  See full quote:

...IMHO, the OP is not (necessarily) an idiot -- (s)he just appears to be frustrated and came here to blow off steam before understanding how SpamCop works.

14692[/snapback]

Exactly, Thank You for clarifying that for others. I might be mistaken, but I thought that is what forums were for? To talk about issues and problems.

I think some people misunderstood what I said at first. I know Spamcop does not block anything themselves.

[Wazoo]

OK, you want to go back to the beginning .. fine ...

Both spam and Spamcop cause the same amount of problems and headaches for people.  Spamcop is fine for blocking a single Spammers IP or server address, but when some idiot decides to block an entire ISP's  server address range just because of one idiot sending spam, that is just (snip foul lnguage) stupid.

You are apparently lost, or have a serious problem. SpamCopDNSbl doesn't do "IP ranges"

From now on, if you are going to report an IP address as sending spam, don't be a lazy ass and just report the IP address to Spamcop.  Try donig a little checking first to make sure it does not belong to an ISP for sending email for thousands of domains.  Common sense would tell you that you need to report it to that particular ISP, but I guess that would be asking too much.

IP addresses aren't submitted to the SpamCop parsing engine .. spam spew is. There is a method as to who receives the report. In the case of the IP you offered as a sample, reports would be sent to the following;

Parsing input: 66.118.156.121

host 66.118.156.121 = ns14.webmasters.com (cached)

Reporting addresses:

abuse[at]webmasters.com

Have you talked to these folks?

Therefore, the idiots that randomly report IP's because they got a single spam from it need to stop because you are causing as many problems, if not more, than the actual spam.

Again, I've got no idea where you get your facts .. random IPs, single spam ...???? again, the IP addresses in question come from submitted spam, and it takes more than "a" report to make it to a listing.

By the way, http://www.spamcop.net/w3m?action=blcheck&ip=66.118.156.121 currently indicates that the reason for listing is due to spamtrap hits, which also tends to rule out your accusation of crazy people submitting random IP addresses .... spamtrap hits are incoming e-mails to accounts that only exist to be scraped by spammers .... as has been suggested before, try hitting a FAQ or two here that will go into a bit more detail.

Rant if you must, but a much wiser course of action is to do a bit of research and handle the actual problem .. kill the spew (though noting that SenderBase's page seems to indicate that the output from this IP is on a downward slope ....)

[dbiel]

Refer to the following posting from another business owner who was affected by the SpamCop BL. This is the way things should be done!!!!

You have blocked my IP, and I cant contact clients, Plz Help ASAP

Note: After the problem was addressed the business owner edited out sensitive personal information originally necessary to help fix the problm but no longer necessary to be displayed in public.

Thanks Ryan for setting a great example as how things should and do work here!!!

[Merlyn]

If the IP is actually 66.118.156.121 Then

According to the Spamcop history on this IP it will probably age off in a short time:

Listing History

In the past 478.7 days, it has been listed 3 times for a total of 4.8 days

But

It will never age off of SPEWS.

See: http://spews.org/html/S333.html

It is the line:

1, 66.118.128.0/18, Sago Networks (ASN'd) (GBLX feed)

The IP is in that range 66.118.128.0 - 66.118.191.255

SPEWS is down the hall ----> that way

See: http://spews.org/faq.html

HTH HAND