Jump to content
Sign in to follow this  
DCSmooth

Recipients who refuse munged reports....

Recommended Posts

Hi,

I've used Spamcop for quite a while now, and I've always left the boxes on my Spamcop reports unchecked for recipients who "refuse munged reports".

But a couple of weeks ago, I decided to make an exception to this rule. My spam has thankfully reduced to maybe one or two messages a day, and it seems like nearly all of my recent Spamcop reports provide the option to send to abuse[at]above.net, a recipient who refuses munged reports. I checked out the website www.above.net and (perhaps I am being naive here) the site makes them *look* like a reputable organization, and their prominently posted "Anti-spam Policy" claims that they have "zero tolerance" for spammers using their resources and that they deal with them in an appropriate manner.

So, for two weeks, I've decided to experiment with above.net. I've been allowing these people unmunged reports in hopes that they'll live up to their anti-spam policy, in hopes that perhaps my already limited spam level will decrease even farther.

So far, no progress.

So, my question is two-fold:

(1) Specifically, is above.net a lost cause? Is there something I should know about them? Should I give up allowing them un-munged reports?

-and-

(2) In general, are there legitimate reasons for ISP's to refuse munged reports? Perhaps a legitimate reason why they should demand to see the e-mail address of their accuser (me)? Or would I be better off returning to my policy of never checking the box next to munged-report-refusers on my reports?

All advice appreciated,

Dan

Share this post


Link to post
Share on other sites

this is only slightly related, but I'd really like to see spamcop publish a DNSBL listing the ip's of sites

who have refused munged reports, so I could block the spam sooner...

Share this post


Link to post
Share on other sites

Wow, I thought that there would be tons of replies by now on this one ...

Easy thing first ... ISP alleges that their lawyer has stated that they need original, un-modified evidence in order to persue the bag guys. This might actually be true in some cases. However, there isn't a lot of pree play showing that the majority of the ISPs in question really and actually do any of this lawsuit stuff ... EarthLink has had some major stories, yet in reality, SpamCop complaints were just a bit of additional data adding to show the scale of things. The "real" work in those cases was tacking down the ID and actuvity of the spammer who was using Earthlink services to do the spew .... AOL does their own stuff with their own data .... Microsoft obviously uses their own data, based on the cluelessness of the abuse staff reacting to complaints <g> .... there might be cases actually started by some of these other ISPs, but ....

Next easiest ... Above.net does not hav a good name. Not that they don't do "anything" ... but what they do do is way too little, way too late. Partially 'explained' based on the vastness of the Above.net reach, you've got that customer of a customer of a customer thing going on, and each of those 'customer/ISPs probably has their own legal representation ... such that ABove.net just reaching down and attempting to close Joe Schmuck's account on Ritter's Bar, Grill, and Internet Service in Somewhere, USA just isn't going to happen. By the time the complaint sent to Above.net actually gets down to Joe Shmuck's ISP, the spammer has long since moved on ....

The 'bad' side of the issue is that there are ISPs out there that do pass on reports to the spammer, usually figuring that if the spammer removes the accounts of those complaining, the spam can still go out, the ISP continues to get paid for the massive bandwidth consumed, and "everybody" is happy. Grom this side of the screen it is very hard to tell if the ISP in question is one of these folks. Investigation of stuff like that takes you down other paths, using other resources, never mind trying to sort out who you trust <g>

There's a start of an answer for you ... hopefully starting the ball rolling on others adding in their thoughts.

Share this post


Link to post
Share on other sites
(1) Specifically, is above.net a lost cause? Is there something I should know about them? Should I give up allowing them un-munged reports?

-and-

(2) In general, are there legitimate reasons for ISP's to refuse munged reports?  Perhaps a legitimate reason why they should demand to see the e-mail address of their accuser (me)?  Or would I be better off returning to my policy of never checking the box next to munged-report-refusers on my reports?

All advice appreciated,

Dan

22376[/snapback]

Several months ago I was receiving a fair amount from above.net - stock fraud, pirated software - and checked the box to unmunge. After a few weeks I stopped getting stuff from those domains and in fact virtually nothing from above.net since. Apparantly they do pass on the reports to the spammers and I was de-listed. The fact that I haven't been getting anything else from other domains makes me suspect that they might be keeping lists of reporters and passing them on to other spam acounts. I had a similar experience with optonline.net (unless they shut down their spammers...). I've also unmunged to earthlink and sprint without any obvious effect. I don't know of any really legitiamate reasons to require unmunged reports - it's to limit/discourage reporting or assist spammers in identifying the reports. As yet, I haven't seen any signs of "retaliation" due to sending unmunged reports.

Share this post


Link to post
Share on other sites

Thanks for the informative replies, mshalperin and Wazoo.

From what you've both said, I think I'll go ahead and continue unmunging for above.net. It sounds like the worst-case scenario is the spammer gets the opportunity to delist me along with other spamcop users who unmunge, possibly prolonging their spamming careers due to fewer reports. But on the bright side that situation would mean less spam in my inbox.

As for a (possibly unrealistic) best-case scenario, I'm thinking maybe if enough squeaky wheels unmunge and report to above.net, they might eventually consider other courses of action they can take to do better than their apparent current policy of "way too little, way too late."

Thanks again for all the info!

Share this post


Link to post
Share on other sites
Hi,

...

So, my question is two-fold:

(1) Specifically, is above.net a lost cause? Is there something I should know about them? Should I give up allowing them un-munged reports?

-and-

(2) In general, are there legitimate reasons for ISP's to refuse munged reports?  Perhaps a legitimate reason why they should demand to see the e-mail address of their accuser (me)?  Or would I be better off returning to my policy of never checking the box next to munged-report-refusers on my reports?

All advice appreciated,

Dan

22376[/snapback]

Above.net is/was Paul Vixie and certainly *IS* reputable. As one of the largest bandwidth providers

in the world they have had (and do currently have) many unresolved spam issues. Just remember, these

are/were the same people who operate (or at least founded) MAPS. IMNSHO, they can be trusted.

Share this post


Link to post
Share on other sites
Above.net is/was Paul Vixie and certainly *IS* reputable.

22488[/snapback]

the same guy who wrote vixie-cron?

Share this post


Link to post
Share on other sites
the same guy who wrote vixie-cron?

22735[/snapback]

Yes, the same Vixie of Vixie cron, the original bind and the same person who long ago setup the first major ftp server on the internet, gatekeeper.dec.com (which for years I reached by its original IP address, 16.1.0.2 - still know it by heart), along with many many other contributions to the community. But yes, they can be slow to act (because of MAPS, now part of Kelkea, Inc. they were the first provider to have been targeted by spammers for legal harrassment). He is also the driving force behind (and provided the original funding for) the ISC which produces the DHCP implimentation used by most *nix users and many other tools. He and AboveNet have also provided significant support to Vernon Shryver's DCC project.

Yes, the are many problems with AboveNet customers, but in my experience, when given what they consider "proper" evidence, at times they have acted very quickly (I've seem the "plug pulled" overnight in at least one clear cut case of fraud). A previous comment in this thread was correct, in almost all cases, the spammer is a customer of a customer and not anyone with whom AboveNet has a direct legal relationship (which greatly ties their hands and explains why they need generally stronger evidence than an ISP who directly hosts the spammer and ths can thus apply a TOS or AUP directly).

I say all this, because I believe that AboveNet had been overly attacked in the anti-spam community and their contributions generally ignored -- they have probably done more to stem the tide of spam than any other major bandwidth provider in the US. (compare them to MCI or Sprint for instance, heaven forbid, they should not even be mentioned in the same breath as most cable companies providing internet service).

P.S. I have personally pointed out to Spamhaus personnel the contradiction between a quote by their founder that "MAPS is our hero" and their own occasional "tar-and-feathering" of AboveNet (this "hero" quote can be easily found in Google's archives).

P.P.S. I am not now or have ever been an employee of AboveNet, any of their affiates or any other "Vixie" company. I have in the past been both a direct and indirect customer, and they have performed "special" favors for me in the past (best left unmentioned in public).

Edited by get-even

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×