Gmail's server blocked

[DavidT]

Thanks, Wazoo. I noticed that problem (the lack of a source IP) when looking at a report in the sightings group (not involving the server from this present topic).

There clearly needs to be some communication between SpamCop and Gmail admins, and I think that maybe SC would be wise to initiate that communication.

DT

[Wazoo]

Hmmm, going back through some of my test stuff ... if the e-mail is sent using the (somewhat) recently added POP/SMTP capability, the headers look just fine ... in fact, parsing an e-mail sent from a networked iBook here SMTP'd via a GMail account, sent to a HotMail account and retreived via the OE/HotMail APOP (?) routine, the parse pointed right back to "me" as the source .... It appears that it's the e-mail entered in via the HTTP interface that only contains the GMail networked IPs .... Actually, I've yet to stumble across the right combination of events to have a GMail output server listed as the source (but if course, I'm playing things straight <g>) .. still playing ...

[DavidT]

It appears that it's the e-mail entered in via the HTTP interface that only contains the GMail networked IPs .... Actually, I've yet to stumble across the right combination of events to have a GMail output server listed as the source

Just a moment...that's a bit confusing, Wazoo. It's likely that the majority of Gmail folks are using the HTTP interface, and you say that method produces Gmail IPs in the headers, and Ellen said that Gmail "headers do not indicate the IP of the injecting user" so when you parse a message that came from the Gmail HTTP interface, what winds up being listed as the source?

BTW, it looks like a SC user has submitted one more report on the Gmail IP of this topic (64.233.162.201). The Subject line is:

Re: Dynamic/on the fly Form fields

I scan through my Held Mail every day in Subject line order, and I've never seen any spam Subject line like that. That looks more like a line generated from some sort of Web developer forum, newsgroup, or list. So, I'm guessing that it's yet another bogus spam report, and it had the effect of instantly adding another 24 hours to the time that the IP will remain on the SCBL. Wazoo, if you get a chance, please have Ellen take a look at this report, to see if it's not really spam:

Submitted: Wednesday, April 20, 2005 13:09:17 -0700:

Re: Dynamic/on the fly Form fields

1406899883 ( 64.233.162.201 )

DT

[Wazoo]

E-mail sent using an iBook ... OS-X 10.2.xxx Safari web browser / Apple Mail to send, OE in a Win-98SE machine to APOP the receiving HotMail account

HTTP results - GMail server identified

URL removed

SMTP results - I get pegged (OK, IP was changed a bit <g>)

URL removed

Original data lost in a system crash ... data recreated and provided again in a later post

[Wazoo]

Attempted contact with Google starts with commentary provided via the "Contact Us" form available under the GMail Help function:

Due to the lack of header data specifying the IP of the actual sender, GMail servers are being listed in the SpamCopBL as the source of the e-mails being complained about as spam. Please see the discussion at http://forum.spamcop.net/forums/index.php?showtopic=3973

Oh great! Shades of dealing with HotMail ... just received a nice auto-ack ...

Thanks for taking the time to send us your report. Below, you'll find

links to sections of our Help Center, where the steps to resolve the most

frequently reported technical issues regarding 'spam' are available.

The information provided below is just a sampling of what's available; if

you don't see a link to your specific question, use the search box in our

Help Center to find what you're looking for.

This was followed by several links that don't apply .... following up with a repeat of the first message in hopes that this one will bypass the lunatic robot ....????

Second note sent:

Robotic answers bad in this case. My original remarks were as follows;

Due to the lack of header data specifying the IP of the actual sender, GMail servers are being listed in the SpamCopBL as the source of the e-mails being complained about as spam. Please see the discussion at http://forum.spamcop.net/forums/index.php?showtopic=3973

[PROGAME]

yep i sent them an email and attached a bunch of links yesterday

Dynamic/on the fly Form fields sounds nothing like a spam email

[DavidT]

Dynamic/on the fly Form fields sounds nothing like a spam email

Several of the messages associated with that Gmail IP reported by SC users last week look like potential Nigerian scams:

"Dear: Friend,"

"Urgent And Confidential."

Here's one that is easily explained:

"[Elfmania] nice wallpaper site - sabkhuch.com - now with daily updates"

The SC user that reported that message is subscribed to the "Elfmania" Yahoo Group, so they've actually asked for any messages coming from that group...however, this particular message is not on topic in the group, but it's up to the group owner to deal with any abuse. In fact, I visited the group, and the owner responded and presumably has taken action. It was this single message that triggered the most recent listing, then someone reported one with this Subject:

Contact Makoto

That seems suspiciously un-spamish also, but it bumped the IP back on the list, as did the most recent non-spamish message we've discussed.

It's time for the Deputies to take a closer look at those reports. It sure looks like some of them are not spam.

DT

[Wazoo]

Based on Ellen's response and the additional data posted, kicked a note to Don.

[Miss Betsy]

So you continually assert: my assertion is that very, very few are invalid and that action is taken against mis-reporters. In this case, Gmail have been getting notifications for a couple of weeks and have (apparently) done nothing about it. With traffic up by 150-fold I still think it likely that spammers have more control over this IP than does Google. In this case, SpamCop seems to be working exactly as it should.

Also, even if the spamcop report were invalid, the Gmail admin should be able to determine that and notify both the reporter and spamcop - if they were paying attention.

The point is that Gmail apparently is doing nothing constructive about spamcop reports - which, in the case of a smooth running email system, is essential. It may not be listed on other bl's because spamcop is an early warning system for admins, not just a spam filter.

Miss Betsy

[DavidT]

Miss Betsy,

One dynamic to consider is that with any large ISP receiving thousands of complaints a day at their Abuse address, unless they have a large team of people assigned to respond to those complaints, some things surely "fly under the radar" if they only involve a handful of reports about a given server. Also, they might not consider SpamCop reports all that reliable if they see enough of them coming in that don't involve actual spamming.

Another factor might be that although we consider SpamCop to be an important player in anti-spam efforts, Google is so big that perhaps they see the reports and say "spam-Who?" I don't think we can assume that ISPs are going to give any more weight to SC reports than any other complaints arriving at their Abuse addresses...although it would be a good thing if they did. I think that in a case like this, someone like Julian should really be making contact with the large ISPs because they're more likely to pick up the phone and deal with someone on that level, IMO.

DT

[PROGAME]

Hello,

Thanks for your report. We are aware of this problem, and our engineers

are working diligently to find a solution.

We apologize for any inconvenience this issue may have caused.

Sincerely,

The Gmail Team

[Derek T]

Miss Betsy,

One dynamic to consider is that with any large ISP receiving thousands of complaints a day at their Abuse address, unless they have a large team of people assigned to respond to those complaints, some things surely "fly under the radar" if they only involve a handful of reports about a given server. Also, they might not consider SpamCop reports all that reliable if they see enough of them coming in that don't involve actual spamming.

Another factor might be that although we consider SpamCop to be an important player in anti-spam efforts, Google is so big that perhaps they see the reports and say "spam-Who?" I don't think we can assume that ISPs are going to give any more weight to SC reports than any other complaints arriving at their Abuse addresses...although it would be a good thing if they did. I think that in a case like this, someone like Julian should really be making contact with the large ISPs because they're more likely to pick up the phone and deal with someone on that level, IMO.

DT

26748[/snapback]

Sorry, but I think this is complete nonsense. I see that another spam-run has happened today. Being big does not absolve you from being responsible, nor from setting up your servers properly so that the correct injection point can be identified. Why should we wipe their arses for them?

[DavidT]

I think this is complete nonsense

You're welcome to your opinion, Derek. However, my post to Miss Betsy is probably a realistic description of what's *actually* going on, versus the way you'd *like* for things to be. In an ideal world, a large ISP like Google would be just as responsive as a small one, but I think everyone knows that's simply not the case.

so that the correct injection point can be identified

I'm sure we all agree with that. This is where Gmail users can probably have a positive effect by complaining to Google about that. I also think that it would be useful for the SC admins to initiate a conversation with Google.

I see that another spam-run has happened today

There are indeed two new items reported by SC users. One of them claims to be a "Google Alert," but that's probably bogus, and both of them are probably spam. Interestingly enough, there has yet to be a single report posted to news.admin.net-abuse.sightings involving this server. If a significant amount of spam were emanating from that server, you'd think that a report or two would show up there.

DT

[WisTex]

Q:  Why me?  A:  It Happens to the best of us

It is annoying to have your email blocked. It is also annoying to have a backhoe interrupt email service.

However, until the blocking problem is resolved, you can email people through a web based email service (the most familiar web based email services are hotmail and yahoo).

I guess Gmail is not a web-based e-mail service?

It is sad that one spammer could suddenly disable tens of thousands of honest people's accounts.

Too bad, because Gmail actually blocks spam to Gmail accounts VERY VERY well.

Instead of banning 100% of Gmail, Yahoo! Mail and Hotmail users everytime a spammer signs up for an account, can't you just forward the offending spam e-mail to Google and have them disable the spammer's account? I think that would be much more effective, especially since Google has an interest in terminating spammers and has a policy against spam, just like Yahho! Mail and Hotmail.

I mean, this isn't like you are dealing with a shady company.

I hope this gets resolved soon. I know Google does not want their system used for spam.

[turetzsr]

Q:  Why me?  A:  It Happens to the best of us

It is annoying to have your email blocked. It is also annoying to have a backhoe interrupt email service.

However, until the blocking problem is resolved, you can email people through a web based email service (the most familiar web based email services are hotmail and yahoo).

I guess Gmail is not a web-based e-mail service?

26781[/snapback]

...It certainly is! What in the note you quoted leads you to ask this question? Did you miss the "the most familiar web based email services are" part of what Miss Betsy wrote? <g>

It is sad that one spammer could suddenly disable tens of thousands of honest people's accounts.

26781[/snapback]

...The existence of spam is itself sad. It's good that there is a service that alerts e-mail admins to the fact and allows them to identify the IP addresses through which the spam is being sent.

Too bad, because Gmail actually blocks spam to Gmail accounts VERY VERY well.

26781[/snapback]

...Great point -- Google is quite "responsive" to its own customers in terms of blocking spam coming in but not nearly so to the rest of us in the world who are victims of its less than stellar ability/willingness to stop the spew coming from their server(s).

Instead of banning 100% of Gmail, Yahoo! Mail and Hotmail users everytime a spammer signs up for an account, can't you just forward the offending spam e-mail to Google and have them disable the spammer's account?  I think that would be much more effective, especially since Google has an interest in terminating spammers and has a policy against spam, just like Yahho! Mail and Hotmail.

I mean, this isn't like you are dealing with a shady company.

26781[/snapback]

...SpamCop doesn't ban anything and it does send notices of the spam to the registered abuse address of the IP address through which the spam is flowing (in this case, GMail). It is only because they have been slow to stop the flow (for whatever reason, even that posed by DavidT, who seems to be the most understanding contributor here -- a bit too understanding, IMHO) that their IP address(es) remain on SpamCop's list of spam sources.

[Wazoo]

I've got no response from Google, however, Don's response is pretty clear;

>Subject: Conjectured bad reporting involved

>http://forum.spamcop.net/forums/index.php?showtopic=3973

>One of GMail's servers involved.

Looks like Gmail needs to get a handle on the spam.

- Don -

[DavidT]

DavidT, who seems to be the most understanding contributor here

Lest anyone get the mistaken impression that I'm soft on spam, here's a page that I put online about 10 years ago:

http://hypercreations.com/david/ojen.html

After working with others to try to get some useful laws in place, I eventually couldn't devote so much time to it, so I scaled back to someone who mostly reports, and occasionally goes after individual spammers when they're involved in my profession, or when they hit an address that I've given out for a specific purpose (one that couldn't have been harvested).

DT

[StevenUnderwood]

There are indeed two new items reported by SC users. One of them claims to be a "Google Alert," but that's probably bogus, and both of them are probably spam.

26779[/snapback]

David, While I disagree with your feelings that many of these are false reports, the Google Alert possibly is a valid email that may have been trapped due to the listing and reported automatically (or semi-automatically). Google alerts have the following characteristics:

From: Google Alerts <googlealerts-noreply<at>google.com>

Subject: Google Alert - <search string>

[turetzsr]

DavidT, who seems to be the most understanding contributor here

Lest anyone get the mistaken impression that I'm soft on spam, <snip>

26786[/snapback]

...And in case it's what I wrote that leads anyone to believe I was accusing DT of being soft on spam, I wish to say that I did not intend that at all! My reference was to his comments about Google being large and their "abuse" staff presumably overworked explaining their lack of speed in stopping the spam, plus his suggestion that it may be that some of the spam reports about Google IPs may not be valid.

[StevenUnderwood]

Here's a problem....apparently anyone visiting one of the "blcheck" URLs at www.spamcop.net can click on the 1-time delisting button. For example, I've been spammed today by a RoadRunner IP, and if you go to this page:

http://www.spamcop.net/w3m?action=blcheck&ip=24.227.225.145

you can click on the button to delist it, even if you're not actually an authorized RoadRunner system admin. That's very stupid, IMO.

26707[/snapback]

As I see it, that is NOT the way it works.

Send delist confirmation to:

  abuse[at]biz.rr.com postmaster[at]biz.rr.com administrator[at]biz.rr.com hostmaster[at]biz.rr.com abuse[at]rr.com postmaster[at]rr.com administrator[at]rr.com hostmaster[at]rr.com

Based on the other parts of spamcop, a valid assumtions would be that hilling the button after choosing one of the admin addresses would send an email to that address (which would confirm that the person who hit the botton atcually controls the abuse or admin addresses) and a confirmation link of some sort would be presented, I assume with more warnings about delisting without actually fixing the problem.

[StevenUnderwood]

[Edit - to clarify] I'm not claiming that the reports regarding a truly "dirty" server (one involved in obvious spam runs) are bogus. In those cases, it's likely that all the reports are valid. My statements about bogus reports involve servers that handle high volumes of legitimate traffic, such as the Yahoo Groups and the Gmail servers. When I look at the SC report "History" on those IP's, I regularly see items that don't appear to be spam.

26710[/snapback]

They may not appear to be spam to you but how do you know that it is not spam to the person reporting it? How do you know that the person in control of that mailbox actually signed up for the group or list? I have been signed up to multiple lists, some very valid, without my authorization. I don't know who signed me up and I really don't care, I report them. It is also possible someone is receiving traffic intended for the previous owner of the address (I still see traffic intended for users at work for people who have not worked there in more than 7 years, when I started, even though every messge is rejected because of no user). I think we have determined that Google is hurting themselves, at least in some cases, due to not presenting the IP address of the source in a standard (if at all) way.

[DavidT]

...a valid assumtions would be that ... a confirmation link of some sort would be presented, I assume with more warnings about delisting without actually fixing the problem.

Maybe, but that's not explicitly stated on the site, AFAICS. I hope you're right about that, but you're making an assumption about how it works. It's also possible that clicking the button actually puts the delisting action in motion, and the "confirmation" message sent to the selected email address is informational only (which means it might get ignored).

DT

[Miss Betsy]

There has been a lot of conversation since I posted so I am not going to bother to quote.

IMHO, the only way to control spam is to get end users involved because they are the ones who can vote - with their purses - for responsible email practices. The bigger the email server that is blocked, the better to my mind because that means that more people are aware that *their* ISP controls how spam is on the internet and how responsive their ISP is in fixing problems.

It may be that everybody knows that you can't expect good service from large corporations, but that doesn't mean that spamcop has to give bad service by whitelisting large servers because large servers make more money by giving poor service to many more people. It may keep spamcop a small player in the internet world, but, at least spamcop email customers are not bothered with spam from large servers.

And, while bad reports are a problem, the ones who can see the emails that are listing this server are saying that they are spam. It is not a bad conjecture in the beginning, but it happens in this case not to be true. And I have absolutely no patience with the admins who say that the only spamcop reports they get are false so spamcop reports can't be relied on - obviously, from the subject line one can tell on most - and if there is more than one report, there might be a problem. There can't be a whole lot of problems in identifying erroneous spamcop reports and if they live in glass houses, then they can throw stones.

Probably not my most coherent post, but I am very sleepy.

Miss Betsy

[PROGAME]

64.233.162.201 not listed in bl.spamcop.net

i don't know how much time that will last but i think this is the time for the fireworks

EDIT:

non of the 60 Gmail servers are currently listed by anyone

[WisTex]

They may not appear to be spam to you but how do you know that it is not spam to the person reporting it?  How do you know that the person in control of that mailbox actually signed up for the group or list?  I have been signed up to multiple lists, some very valid, without my authorization.  I don't know who signed me up and I really don't care, I report them.

26793[/snapback]

Yeah, I had that happen a couple of times on one of my lists I used to run. I remember one situation. Someone signed up someone else, apparently, or they forgot they signed up. Instead of contacting us or unsubscribing, they contacted our ISP. Since our ISP knows we are legit, they simply asked us to remove the e-mail address, which we did. Actually, we banned his e-mail address so he couldn't be signed up ever again even if he wanted to. We forwarded the IP address of the person who signed up to our ISP. We also sent the person who complained an e-mail stating that we removed him as requested, and that his e-mail has been banned to prevent someone signing them up again. We also gave him the IP address and datestamp of the person who did sign him up and told them if they want to get the real person who signed them up, they should complain to that ISP, not ours. Luckily he didn't report us to SpamCop, otherwise we would have been blacklisted for a crime we did not commit.

I hate spam, but I hate being accused of spamming even more, especially since we use safeguards such as double-opt in and recording the IP address of the person who signed up to prevent abuse.

I don't know who signed me up and I really don't care, I report them.

26793[/snapback]

I hope you mean that you report the person who signed you up as the spammer, and not the mailing list owner. Legitimate mailing list senders have a vested interest in preventing their list as being used as a spam attack. Instead of alienating potential allies by reporting the wrong people, perhaps you should find out who really signed you up and go after them. Otherwise the guilty go free and the innocent get punished.