reporting web promotion spams

[godfreynix]

Hi, I am a newbie here

I cannot see the answer to this question elsewhere, so here goes.

spammer sends a message saying "I will promote your site www.<domain>"

this gets reported to spamcop as junk - quite right, too

But, how (or does) the system determine the spammer is the sender of the message, and the URL is the victim? Or will any URL in the message be treated as spam advertised?

[StevenUnderwood]

But, how (or does) the system determine the spammer is the sender of the message, and the URL is the victim? Or will any URL in the message be treated as spam advertised?

Any URL that is parsed is treated as spam advertised. Before submitting the reports, please uncheck any sites you believe are the "victim". That is one of the reasons the confirmation is there.

P.S. There is an additional check in that these reports go to the ISP hosting the site. If the report is actually read, it will probably be obvious that the site is a victim and no drastic action will be taken. There have been reports to the contrary, however, so please be careful.

[HillsCap]

Or, if your web host also runs the mail server on which you receive email, instead of unchecking the box next to your web host, leave it checked, but add a text blurb stating that you had nothing to do with the spamming, but that your website was mentioned in the spam.

That way, if your web host / email provider can filter out subsequent spam from that spammer, they at least have a chance to.

[Wazoo]

how (or does) the system determine the spammer is the sender of the message, and the URL is the victim?

The magic art of tracking the spam back to its source (not necessarily the spammer) is what makes the SpamCop tool set (in)famous. It's done by tracking the details in the message header, looking for the starting point it used to weasel its way onto the Internet. Once the headers and source of the spam is located, then the body of the spam is analyzed. Links found there are identified.

Now, the decision point ... these referenced points, those involved in the transmittal of the spam and the advertised links are all offered up to the SpamCop user to make the final decision as to whether or not to actually commit the SpamCop engine to generate and send a spam complaint.

This final point is the cause of most of the problems .. users that blindly click on all offered targets specifically. The next thing "we" will hear is that they've got themselves in a block-list due to reporting themselves, or there is an ISP somewhere that's unhappy at receiving a SpamCop spam report / complaint which is found to be false for one reason or another. And now, we have to add in the "mole" reporters that can add to the database, but the ISP doesn't get a notification.

--> following is a bit over-simplified <--

In reality, the "mole" non-report shouldn't be an issue in the run-of-the-mill spam run, as there will be others who report manually in addition to the "non-mole" SpamCop reporters. But it's the "mole" reporter that has just clicked off 200 spam complaints, but not realizing that the headers are screwed up, and therefore it appears that the user's own ISP was the last good address found in the headers. IPS gets no reports, 200 complaints made, and someone notices a problem somewhere. Now we have an issue where an ISP is ticked, a user wonders why his/her e-mail is blocked, and SpamCop's image is a bit tarnished, although in this case it may have been the original ISP's configuration that caused the issue ... doesn't matter at this point in time <g> .. everybody is ticked off ...

anyway, hope this helps to answer what you were originally looking for ..

[godfreynix]

In reality, the "mole" non-report shouldn't be an issue in the run-of-the-mill spam run, as there will be others who report manually in addition to the "non-mole" SpamCop reporters.  But it's the "mole" reporter that has just clicked off 200 spam complaints, but not realizing that the headers are screwed up, and therefore it appears that the user's own ISP was the last good address found in the headers.  IPS gets no reports, 200 complaints made, and someone notices a problem somewhere.  Now we have an issue where an ISP is ticked, a user wonders why his/her e-mail is blocked, and SpamCop's image is a bit tarnished, although in this case it may have been the original ISP's configuration that caused the issue ... doesn't matter at this point in time <g> .. everybody is ticked off ...

anyway, hope this helps to answer what you were originally looking for ..

Now I am beginning to understand. Where I work we are swamped with messages where some of our hosting customers have signed up to SpamCop mail filtering. These are customers who have web hosting, but set our mail server to forward all their mail to some place else, then set SC to filter that mail!

We are then seen as the spam relay, thus blocking all mail sent from our servers! Oh what a life!

Most of the time the customers are unaware that anything is wrong because they have set SpamCop mail system to automatically report all items that are detected as spam.

Thinks - I'd better get an account myself to filter my mail, so that I can see what the setting options are and how to deal with it.

[Wazoo]

We are then seen as the spam relay

I'd like to say that this shouldn't happen, but of course ....

Would you check that your servers are tagging all it's lines correctly .. specifically, adding in the correct headers lines of where the mail came from, and that your system is in there, with all good data ... The first thing that comes to mind that tags you as the "spam souce" is that your server handling lines aren't full or correct, so that the spamcop parser doesn't get beyond your server in its chaining test.

they have set SpamCop mail system to automatically report

This is not really an option. SpamCop does the analysis, then presents a checklist to the user for the user's final determination as to which complaints get sent. As a matter of fact, one of the major complaints / suggestions from SpamCop users is to get rid of this exact "second action" ... and, there have been a few suggesting that they'd written thier own scripts "just to shorten up the reporting time" ....

Per the guidelines and rules when users sign up to use the SpamCop tools, there is notice made that if they are screwing up, sending bad or false reports ... free users can be banned, paying members can be fined ... So in all fairness, you should note that in the suggested situation you're describing, you could in fact (having to assume you've some connection with where the abuse reports are coming in) send a complaint back to SpamCop admin about these folks that are reporting their own ISP / host .... but, make sure your e-mail servers are doing the right thing first .....

[dbiel]

Very interesting topic with a lot of educational material in it.

You should consider making this a hot topic encouraging all member to read it.

The answers make it much clearer how Spamcop actually works and issues that users should consider before blinding reporting. It takes a bit more time to report but is probably well worth the time spent.

Alternately you may want to edit it some what and post it as an Important Topic

It also seems that this topic ends of dealing with both the Spamcop Help forum as well as the Spamcop Email forum