E-Mail spam submittals blocked by your ISP

[Stan_qaz]

Farelf, Thanks for the link - very interesting idea to reduce the volume of reports but my problem is outgoing content filtering and a very clueless ISP HughesNet.

[Telarin]

I would say at this point, your best bet would be to play the clueless user and contact your ISP and tell them that your outgoing email is not getting through, and see if you can get them to admit to anything there.

There is really nothing fundamentally wrong with outgoing content filtering, in fact, it is a good way to help reduce the spam originating from their network. However, it really needs to give you some kind of feedback (message refused by server, etc) rather than just dropping the messages with no feedback.

Even if they are filtering outgoing mail, it should be fairly easy for them to whitelist spamcop.net as a recipient.

[Tesseract]

You can add iiNet to the list. The normal customer service representatives don't seem to know anything about it, but I managed to contact the guy in charge of their mail systems through the whirlpool forums.

He told me that they are running Brightmail on outgoing mail and silently deleting spammy-looking messages, which of course makes forwarding spam impossible. Their reasoning is that being blacklisted hurts their customers more than losing the occasional legitimate message. He also told me that he is investigating ways to make the SMTP server give a 550 reply for spammy-looking messages, instead of happily accepting them but then failing to either deliver them or generate a bounce. Apparently it's difficult because Brightmail can't look at messages before the SMTP conversation is finished.

My current workaround is to run my own mail server, which works for SpamCop submissions, but still has to relay through iiNet's server for a lot of sites which reject mail from all dynamic IPs. I enquired about getting iiNet's server to whitelist certain recipient addresses and/or subdomains, but haven't received a reply yet.

[Farelf]

You can add iiNet to the list. ...

41943[/snapback]

Thanks for the info. As stated earlier, I've been getting "variable" results forwarding through iiNet but whenever SpamCop's servers are behaving themselves they seem to get through okay. However the spam I get to report through iiNet has (IIUC) already been through the Brightmail wringer from another ISP (AT&T).

[Stan_qaz]

This was suggested to me as a possibility, so far it is working.

http://www.softstack.com/freesmtp.html

I'll have to find something a bit more polished if I'm going to keep using it.

[Tesseract]

This was suggested to me as a possibility, so far it is working.

http://www.softstack.com/freesmtp.html

41976[/snapback]

Hmm, I think I'll stick with Postfix for now.

[TerryNZ]

However the spam I get to report through iiNet has (IIUC) already been through the Brightmail wringer from another ISP (AT&T).

41947[/snapback]

As an AT&T client (attglobal.net) I simply take the option to turn off the Brightmail filtering, since it is optional. That way I can maximize my spam reporting to Spamcop and Blue Frog and FirstAlert from MailWasher Pro.

And if you have an attglobal.net account, I recommend the use of the Authenticating SMTP server.

* No outbound spam blocking,

* No .eml blocking,

* No limiting to certain IP addresses

Just configure to use Authenticating SMTP, provide account ID and password, relax and report spam unimpeded.

Disclaimer: I am a former employee of AT&T.

Terry

[Farelf]

As an AT&T client (attglobal.net) I simply take the option to turn off the Brightmail filtering, since it is optional.  ...

42006[/snapback]

Thanks Terry, that and your other suggestions will be useful tips for many, I'm sure. Seems, I have possibly been overhasty in ascribing Brightmail filtering to AT&T in the forwarding process (based on declining numbers of forwarded spam and Brightmail headers in the spam received) - in fact all my mail in the iiNet account, spam and non-spam, including that which has gone direct, carries the same Brightmail headers, evidently inserted during iiNet acceptance. AT&T never inserted Brightmail headers during acceptance - the optional spam tag was quite different - so I have no actual evidence of AT&T filtering during forwarding. Anyway, AT&T "spam control" filtering has been turned off for months. I shall start turning off my account-level (inwards) filters - though apparently I have no control over (from "User Information")

Countries Restricted from Access:  BG,PH,PK,RU

Is the Commonwealth of Australia at war with these countries or something? Why was I not informed? Why is CN not included? Admittedly, the only email contact I have ever had with anyone in RU ended in tears (the restriction was evidently not then in place). Tatanya, if you read this, I'm sorry, and yes, the emu *did* kick down my dunny door (you can call the bloody thing off now).

[Added]Getting back to the point ... I am not currently encountering any blocking of the SpamCop submissions I make through iiNet. The few instances I get now with "evaporating" submissions or missing "SpamCop has accepted ..." responses seem to correlate with SpamCop problems. Maybe iiNet has whitelisted SpamCop in my account, without confirming they've done that. This doesn't seem to fit with the information Tesseract has unearthed (the detail of which was another reason I assumed the spam I was reporting had already passed through similar AT&T blocks). Seems it is a little more complicated ...

[Tesseract]

I am not currently encountering any blocking of the SpamCop submissions I make through iiNet.  The few instances I get now with "evaporating" submissions or missing "SpamCop has accepted ..." responses seem to correlate with SpamCop problems.  Maybe iiNet has whitelisted SpamCop in my account, without confirming they've done that.

42017[/snapback]

It is entirely possible that iiNet has changed something recently. I no longer submit spam through their servers. A couple of months back, though, the only spam that made it through was the stuff that wasn't tagged on the way in.

[Farelf]

emailed submissions through iiNet are going missing again. Nothing at all wrong with SpamCop that I can see. Oh well, it worked fine for an extended peiod. iiNet seems a little chaotic in terms of consistency. Never did get an actual response when I queried this with them last time (submissions just started working). Guess I will head over to Whirlpool when I get a chance.

[Added] emailed submissions working again all Saturday, Sunday (+8) after failing for maybe 48 hours before; no action taken by me, it just "came back". Thanks to whoever did what - certainly Tesseract recently alerted their support staff to the issue. Which they should have known about through prior query but may have let "sink beneath their wisdom" - there's a lot of that these days.

[JSK333]

Add nuvox.net to the list.

This started happening recently. However, they alert you with an error message when trying to send them:

Transaction failed

Server replied: 554 5.7.1 Access denied. Possible UBE/UCE detected. Contact postmaster[at]nuvox.net

This happens with both webmail and SMTP.

I've noticed, with webmail at least, that it seems to accept single reports with 3 or fewer spams attached.

It had been happening seemingly randomly, but now it appears to be all the time, so that I can't send my 15-20 spams per report email any longer. Very annoying.

I've written their postmaster but have yet to receive a reply as of 2-3 days.

[Element Dave]

RCN also appears to be silently discarding outgoing spam submissions to spamcop.* None of my submissions to spamcop sent through RCN's SMTP server have gone through. And yes, I have tried adding myself to the CC field of submissions, among other tests to rule out alternative possibilities.

If I'm able to get any notable information from them concerning the issue, I will report back.

* I don't expect that there will be any confusion, but to make clear, the filtering is based on e-mail content, not the recipient -- in this case spamcop.

[Farelf]

nuvox.net added to the list per JSK333's post and no subsequent response reported or refutation offered.

[Wazoo]

adelphia.net added to the list, based on dialog at http://forum.spamcop.net/forums/index.php?showtopic=7348

[elvey]

Those ISPs (or techs in the mix) have stated that this is for the purposes of stopping spam from their system. Overlooked is that these days, the compromised machines are using their own SMTP engines, therefor not going through the ISP's provided e-mail servers with all this filtering applied. And again, even this data is provided by the few that either know or are allowed to talk about it ... as it turns out, most users don't know that this is going on at all.

You say hat color, but you also have to include some cluelessness.

The idea of running outgoing spam through a spam detector isn't a bad one; it just needs to be implemented cluefully. E.g. Email to abuse[at]*, postmaster[at]* or *[at]*spamcop.net should be ignored, and the action should not be a silent drop. The main system I use sends an error to the MUA during the SMTP transaction, e.g. if it detects a syntax error in a destination email address; works very well.

Keep in mind, many spammers like to use an ISP's mail gateways; these detectors are essential to dealing with that desire.

[Toffa]

Having had a series of arguments with them (and them denying everything) BigPond here in Oz should be added as they now even admit to the hidden filtering practice on their Web Site. They're blocking "identifiable" incoming spam so I can't report it. How we're supposed to get the Spammers off the air when the mails are blocked is beyond me. The filters work on outgoing mail too, so if the spam came to my Email client via a non BigPond Mail Server, the attachment I send to you is sometimes identified on it's way out and the whole Mail Message is just trashed without even a non-delivery notification. Nice....... NOT

This quote from the BigPond Web Site on this page - Email Services - Telstra BigPond:

SNIP.....

Your mailbox is automatically covered by our network spam and Email Virus Filters. That'll cut out a lot of annoying junk mail

SNIP.....

And the reason I was raging at them? This crap filter is so Draconian that it is also restricting genuine email that I want to receive :angry:

[Miss Betsy]

<snip>

And the reason I was raging at them? This crap filter is so Draconian that it is also restricting genuine email that I want to receive :angry:

My complaint exactly! I am in favor of blocklists where there is a message returned to the source because that way legitimate senders who get blocked can actually *do* something about the spam whether it is complain to their provider or change providers.

Miss Betsy

[turetzsr]

<snip>

And the reason I was raging at them? This crap filter is so Draconian that it is also restricting genuine email that I want to receive

My complaint exactly!

...Not if I understand correctly (see below)!

I am in favor of blocklists where there is a message returned to the source because that way legitimate senders who get blocked can actually *do* something about the spam whether it is complain to their provider or change providers.

Miss Betsy

...IIUC, Toffa is complaining that BigPond is blocking suspected spam rather than tagging or sorting it and giving him access to it, whereas you are complaining about not sending a rejection (5xx) message to the source. BigPond may be doing the 5xx reject (can not tell from the information Toffa provided, which is okay because it's not germane to his complaint). <g>

[Farelf]

Having had a series of arguments with them (and them denying everything) BigPond here in Oz should be added as they now even admit to the hidden filtering practice on their Web Site. ... The filters work on outgoing mail too, so if the spam came to my Email client via a non BigPond Mail Server, the attachment I send to you is sometimes identified on it's way out and the whole Mail Message is just trashed without even a non-delivery notification. Nice....... NOT ...

Hi Toffa - possibly not quite enough to add them to the list - my emphasis - ("... the attachment I send to you is sometimes identified on it's way out ... "). FWIW iinet.net.au which I use seems to do the same - but they also seem to leave alone anything (in attachments) that has been tagged by NAS (Norton), no doubt others too. But if I have a single untagged spam in my submission batch, the whole submission "evaporates". And they won't admit it (no doubt on the justification that spammers might benefit somehow).

Has there been any discussion of these matters in the PigPong (sorry, "BigPond") forum at Whirlpool? Other users may have some tips about the ISP filtering (both inwards and outwards). With "normal" ISPs you can sometimes get some remediation happening through those forums but I wouldn't think the mighty Telstra would descend to walk amongst mere mortals (guess who missed out on the share offers?).

HTH

[Miss Betsy]

My complaint exactly!...Not if I understand correctly (see below)!...IIUC, Toffa is complaining that BigPond is blocking suspected spam rather than tagging or sorting it and giving him access to it, whereas you are complaining about not sending a rejection (5xx) message to the source. BigPond may be doing the 5xx reject (can not tell from the information Toffa provided, which is okay because it's not germane to his complaint). <g>

Well, that's part of my complaint - that whatever some ISPs do, they won't tell you /why/ or /what/ or let you set your own parameters except sometimes to whitelist. If the accepted norm was a 5xx message to spam, then the *senders* would be able to change things by insisting on reliable email and phantom senders would never get through.

How many Comcast customers would be appalled to know how much porn Comcast allows to be sent?

Miss Betsy

[Desertphile]

It looks like Hughes.net using cp.net as their mail processing service needs to be added to the clueless list. HughesNet is the new name for the DirecWay Satellite Internet service.

Connection log:

�[ Wrote ]

�[ Wrote ]

�[ Wrote ] .

�[ Read ] 554 Message refused

�[ Wrote ] RSET

�[ Read ] 250 RSET

�[ Wrote ] QUIT

�[ Read ] 221 n126.sc0.cp.net QUIT

What is going to be needed at some point is another way of quickly submitting spam reports, bypassing clueless ISP's mail servers.

BlueSecurity.com is working on a HTTP based spam submission method using plugins for your mail program. FireTrust.com uses a spam submission method that avoids SMTP for thier FirstAlert spam blocking service.

Indeed, I use hughes.net and it not only rejects reports being submitted to SpamCop, but also rejects complaints I try to send to various ISP's abuse email addresses. It even rejcts the following email I tried to send to a friend of mine:

> Hey

>

> So you know what the deal is with emails that end up in my junk folder with

> rather normal names but are filled with words that make no sense?? What are

> they, code for something? They don't advertise anything. I don't get it. I

> get lots of those. No attachments. There has to be some catch??? My junk

> folder catches them but they don't get screened out..

Hi. I cannot say what they are without seeing them, but I suspect they

have image URLs attached to them: commercial spam using pictures

instead of text. Damn bastards.

I do not see anything sinister in the above, but hughes.net's spam filter does.

[Farelf]

... I do not see anything sinister in the above, but hughes.net's spam filter does.

Unbelievable - maybe they are a bit sensitive on the parentage thing and with good reason I should think. Added to the list at the head of this topic. You will have seen the workarounds and suggestions which followed the Stan_qaz post you quoted (just to note for others passing by and who maybe haven't browsed the full topic that some of that content may be useful).

[Desertphile]

Unbelievable - maybe they are a bit sensitive on the parentage thing and with good reason I should think. Added to the list at the head of this topic. You will have seen the workarounds and suggestions which followed the Stan_qaz post you quoted (just to note for others passing by and who maybe haven't browsed the full topic that some of that content may be useful).

I just had yet another email rejected by hughes.net

Incredably, it was rejected because it had the Subject: line that read "To start a brawl" which, when I changed the Subject: line to "The Preserve," hughes.net's mailer accepted the email and sent it on its way. Frankly I cannot imagine what is offensive or spam-like in "To start a brawl."

I will look for the work-arounds you have mentioned.

This was suggested to me as a possibility, so far it is working.

http://www.softstack.com/freesmtp.html

I'll have to find something a bit more polished if I'm going to keep using it.

How confident are you that Free SMTP Server is not malicious? Could it be sending email, or other information, that you are not aware of?

[Wazoo]

As posted to the spamcop newsgroup;

From: SpamCop Admin <nobody[at]devnull.spamcop.net>

Newsgroups: spamcop

Subject: Re: cox now blocking reports to spamcop (labelling them as spam)

Date: Tue, 08 May 2007 04:42:11 -0600

Message-ID: <qqk043h5ff6996bjjn2i59tkjg51ljgch2[at]4ax.com>

References: <24057796.dZx3GzRDtk[at]rawgames.org>

NNTP-Posting-Host: 206.207.78.146

X-No-Archive: yes

Technomage Hawke wrote:

>-looks like someone in the anti-spam corps for cox.net is getting anal

>-retentive.

Forwarded without comment...

A Cox user told me this...

"forwarding to Spamcop for reporting is no longer allowed as of

05/03/07. Talking with a Cox representative, they feel this is simply

a duplication of their already superior services! I may report

suspected errors in their spam filtering to help enhance their system,

but from now on things will be done their way only."

- Don -

[Wazoo]

RoadRunner added based on commetary seen at http://forum.spamcop.net/forums/index.php?...ost&p=57801