izian Posted July 10, 2005 Share Posted July 10, 2005 We are one of the spammers favourite targets for spoofed from addresses. I need anything att zulloch to be blacklisted and zulloch att zulloch to be whitelisted. Any way to do this? iz :-) Link to comment Share on other sites More sharing options...
Merlyn Posted July 10, 2005 Share Posted July 10, 2005 Spamcop does not work like that. You need to check the FAQ on how Spamcop works using IP's. Link to comment Share on other sites More sharing options...
Wazoo Posted July 11, 2005 Share Posted July 11, 2005 Moved to Lounge, as obviously has nothing to do with the SpamCopDNSBL. There might be a possibility that this deals with a SpamCop E-Mail account, but ... no mention of that in the posting, and definitly posted into the wrong Forum section .... Link to comment Share on other sites More sharing options...
Farelf Posted July 11, 2005 Share Posted July 11, 2005 We are one of the spammers favourite targets for spoofed from addresses. 30076[/snapback] As might be infered from your DNS report: http://www.dnsreport.com/tools/dnsreport.c...www.zulloch.com You might get your ISP to brief you on the warning "Your domain does not have an SPF record." I have no idea whether or not that might be a useful line of inquiry, but it's something to find out and progress if possible. Nothing to do with the SCBL in any event - as said, it doesn't work on the <at> zulloch ... email address, spoofed or not. Link to comment Share on other sites More sharing options...
izian Posted July 11, 2005 Author Share Posted July 11, 2005 As might be infered from your DNS report: http://www.dnsreport.com/tools/dnsreport.c...www.zulloch.com You might get your ISP to brief you on the warning "Your domain does not have an SPF record." I have no idea whether or not that might be a useful line of inquiry, but it's something to find out and progress if possible. Nothing to do with the SCBL in any event - as said, it doesn't work on the <at> zulloch ... email address, spoofed or not. 30087[/snapback] Thks for parking me. So basically the blacklist works on domains (ip) not addresses within domains. I have several [at] addresses, if spamcop blacklist blocks one, it blocks all in that domain? So I have to contact the whole world to get them to add the non spam address to the whitelist? Spamcop seems pretty ineffectual compared to setting my account to accept only mail for existing addresses? I signed up because spamcop boasts of an automatic parser that identifies and notifies ISPs of spammer ips but I have to do the donkey work and check each mail for validity according to spamcop's specs before submitting. I'm as anxious as anyone to get spam stopped but this doesn't seem the right way to be doing it to me. I'm checking out SPF, I upgraded the site very recently, probably the server has it in hand but I will follow up on it. So far I haven't found anything to make me want to do a second year subscription with spamcop. Is there a list of verified active spam ips anywhere? I feel like taking more direct action. iz?? one night - if I don't log in what happens? Link to comment Share on other sites More sharing options...
Farelf Posted July 11, 2005 Share Posted July 11, 2005 To my way of thinking, you have things totally turned around. The SpamCop BL lists the actual source of spam - the IP address - not the email address which is spoofed for most spam so that contacting the apparent sender is just bothering an innocent party. Sooner or later you will even get spammed by your (spoofed) self. Your own IP will never get onto the list through your email address being spoofed. It will only get on the SCBL if someone sharing your IP address sends spam to a SpamCop reporter or to a SpamCop spam trap. If no-one shares your IP you should never have a problem. Whitelisting or filtering based on known or existing addresses is fine but it is no protection against some spammer spoofing such addresses. Depending on how the email account is used, whitelisting might be limiting legitimate contacts. Now *that* is what might be called ineffectual. It is very much harder to fool SpamCop with a fake IP address and the only innocent parties affected by the SCBL are users who share a server with a spammer (in which case they need to remind their mutual ISP of the Acceptable Use Policy that the spammer is breaching). You don't have to report every spam you receive (or any of them for that matter). By the nature of spam, lots of other people are receiving the same garbage and some of them are reporting it too. That will often be enough to get the spammer's IP address on the BL even without much input from you. The benefit of SpamCop is mostly in using the BL (I don't, others can point you in the right direction if you need guidance about that) and/or in using the tools supplied to identify and contact the suppliers of network services to the spammers. All of which seems rather moot - you seem to be mostly concerned about people being able to receive your emails. Which, if any, BLs and filters they use is up to them - the spamCop service is for your benefit to whatever extent you care to use it. And you can be assured that spammers spoofing your email addresses will not cause a listing on the SCBL. Link to comment Share on other sites More sharing options...
Farelf Posted July 11, 2005 Share Posted July 11, 2005 Is there a list of verified active spam ips anywhere? I feel like taking more direct action. 30100[/snapback] That would be the SCBL itself - perhaps the FAQ is the place to start: http://forum.spamcop.net/forums/index.php?...topic=2238#SCBL "Active" in that context is they have been reported in the previous 24 hours (more or less) to earn a listing. They will "time out" of the list within 24 hours. So this is a dynamic list, spam operations are being shut down all the time and their hosts rehabilitated when the spam stops. You could maybe spend some time looking at spamhaus, the ROKSO list, for information about the hardcore spammers who don't fit that pattern: http://www.spamhaus.org/rokso/index.lasso As said, if you want help with the SCBL, above and beyond what is in the FAQ, others here will be better able to assist than can I. [added] Oh yes, there's the past week's "top 200" IPs in the "Hall of Shame" (updated daily): http://www.spamcop.net/w3m?action=hoshame ... and a heap of other tools that might reward a bit of further exploration of this site. Link to comment Share on other sites More sharing options...
Wazoo Posted July 11, 2005 Share Posted July 11, 2005 Thks for parking me. So basically the blacklist works on domains (ip) not addresses within domains. Words need to be defined. I believe that both IP address and Domain are defined in the Glossary here, found in a link from the FAQ here. An IP Address is not a Domain, whereas a Domain must be pointed to and residing on an IP Address to be found 'on the net' .... I have several [at] addresses, if spamcop blacklist blocks one, it blocks all in that domain? So I have to contact the whole world to get them to add the non spam address to the whitelist? Once again, you are not following the the words. SpamCOp blocks nothing for instance. SpamCop does not block e-mail addresses for another instance. SpamCop doesn't block Domains for a third item. You need to find out what an IP Address is. Spamcop seems pretty ineffectual compared to setting my account to accept only mail for existing addresses? Yet you started this Topic on the note of forged e-mail addresses being involved ..??? I signed up because spamcop boasts of an automatic parser that identifies and notifies ISPs of spammer ips but I have to do the donkey work and check each mail for validity according to spamcop's specs before submitting. I'm as anxious as anyone to get spam stopped but this doesn't seem the right way to be doing it to me. As the general guidance is the an RGC compliant e-mail is what's needed by the parser for it to do its work ... I can't figure out what you "signed up for" that needs you to do the "donkey work" ...???? The SpamCop parsing and reporting tool is simply a tool. Use / feed it wrongly and it doesn't work. I'm checking out SPF, I upgraded the site very recently, probably the server has it in hand but I will follow up on it. So far I haven't found anything to make me want to do a second year subscription with spamcop. There is a free-reporting account offered so that one can try it out and see what's going on. I've still not figured out what you signed up for. Is there a list of verified active spam ips anywhere? I feel like taking more direct action. 30100[/snapback] There are a number of other BLs, other data, other resources provided in the FAQ here, Google has a search capability ... the few BLs that accept input will want to see your evidence of abuse. Link to comment Share on other sites More sharing options...
izian Posted July 11, 2005 Author Share Posted July 11, 2005 Perhaps a whitelist in the blacklist of known good addresses? They would have to be [at] rather than ip. Maybe with subscription? My main concern is that my ip is blacklisted in companies halfway around the world due to ricky[at] esteban[at] river[at] and dozens of other illegal address using our domain as the spoof. That is an inconsequential irritation as we use non public addys for our business mail, our main address is merely a catchall (or at least used to be ). My secound is the volume of bounces. If you saw the image (I resized it) you'll understand I can't physically check them but I guarantee that close to 100% is bounce mail. How am I supposed to submit that with my verification? (rhetorical already answered.) If spamcop can find a way to process them, then maybe every spammer who uses our address to misdirect would be identified. We don't usually use 3rd parties to solve our problems, we have been steadily reporting spammer ips to ISPs, probably why it has steadily escalated. It would be really nice to have a list of verified currently active spammers and their ISPs (perhaps a photograph, their home and business address and contact info), maybe I will do one myself if I get time. Thanks for giving me some pointers, spamcop is useful for our website, the mail link directs to spamcop so future spammers won't pick up our real addy with bots. The ability to use the dom name is worth the subscription, on reflection I'm attending to other [at] addy sources such as ip reg info as I get time. I'm surprised that ISPs allow spamnmers to continue considering the way they are degrading the speed and value therefore commercial and profitability aspects of the net. I have to work, I'll check back later. Thanks for helping. iz (I'm in the lounge so I don't have to be on topic all the time?) sig My parents laid Santa on me complete with bribes. I stopped buying their story when I was 5. Then they laid this really fantastic totally unbelievable stuff about this god and told me I have to believe without question. And there is a life after death, and there is a spammer free paradise (spammers and suicide bombers go to hell). That photo of fairies turned out to be fake too. Give me $1.000.000 and I will give you a personal, written guarantee that you will be continuously absolved of all sin and you WILL go to heaven. God told me to do this because the churches stopped selling them. Link to comment Share on other sites More sharing options...
Wazoo Posted July 11, 2005 Share Posted July 11, 2005 Perhaps a whitelist in the blacklist of known good addresses? They would have to be [at] rather than ip. Maybe with subscription? I'm still stick on what you are referring to .. is it possible you are asking about whitelisting/blacklisting settings in a SpamCop filtered e-mail account? Is so, please make this known. The sentence above doesn't make any sense, again, mixing IP Address with e-mail address ... totally different irems. My main concern is that my ip is blacklisted in companies halfway around the world due to ricky[at] esteban[at] river[at] and dozens of other illegal address using our domain as the spoof. That is an inconsequential irritation as we use non public addys for our business mail, our main address is merely a catchall (or at least used to be ). You've not identified the IP address in question. Taking a shot, I see that this is a "new" e-mail server; http://www.senderbase.org/?searchBy=ipaddr...g=209.59.180.38 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 2.8 .. 1461% Last 30 days .. 2.7 .. 1270% Average ........ 1.6 209.59.180.38 not listed in bl.spamcop.net Cached whois for 209.59.180.38 : abuse[at]liquidweb.com Using abuse net on abuse[at]liquidweb.com abuse net liquidweb.com = abuse[at]liquidweb.com Using best contacts abuse[at]liquidweb.com Being new might explain the increase, but .... for most 'established' addresses these kinds of increase suggest that spammer has control of the e-mail server. http://moensted.dk/spam/?addr=209.59.180.38&Submit=Submit 209.59.180.38 was found in 2 lists (of 260 tested) My secound is the volume of bounces. If you saw the image (I resized it) you'll understand I can't physically check them but I guarantee that close to 100% is bounce mail. How am I supposed to submit that with my verification? (rhetorical already answered.) Actually I deleted the image link .. this forum (section) is not set up to display images, there was no description of the link provided, therefore it was seen as some advertising bit. As above, I'm not seeing where the IP address I'm looking at is actually blocked anywhere significant. If spamcop can find a way to process them, then maybe every spammer who uses our address to misdirect would be identified. Current rules do allow the reporting of bounces but, (perhaps something you were alluding to previously) not all bounces contain the data needed. Perhaps the "Why am I getting all these bounces" FAQ entry is what you are describing? Possibly the Glossary listing for Blowback? We don't usually use 3rd parties to solve our problems, we have been steadily reporting spammer ips to ISPs, probably why it has steadily escalated. It would be really nice to have a list of verified currently active spammers and their ISPs (perhaps a photograph, their home and business address and contact info), maybe I will do one myself if I get time. Again, the FAQ here contains links to spamhaus.org and their ROKSO listings, there is a link that explains SpamCop is not SPEWS, etc ..... Thanks for giving me some pointers, spamcop is useful for our website, the mail link directs to spamcop so future spammers won't pick up our real addy with bots. The ability to use the dom name is worth the subscription, on reflection "the mail links direct to spamcop" has a bad sound to it. I'll suggest that we have some language issues going on and what I read isn't what you meant ..??? I'm attending to other [at] addy sources such as ip reg info as I get time. I'm surprised that ISPs allow spamnmers to continue considering the way they are degrading the speed and value therefore commercial and profitability aspects of the net. On the other hand, some spammer seems to be willing to pay 20 times the 'standard' rate for those services, so there are some ISP's that seem to be willing to accept the traffic. Obviously, these types of ISPs aren't looking out for anyone else. (I'm in the lounge so I don't have to be on topic all the time?) 30107[/snapback] True, but ... that last sig was a but on the large side. Some of the items hinted at as requests for a bit more data haven't been answered. Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 11, 2005 Share Posted July 11, 2005 Perhaps a whitelist in the blacklist of known good addresses? They would have to be [at] rather than ip. Maybe with subscription? My main concern is that my ip is blacklisted in companies halfway around the world due to ricky[at] esteban[at] river[at] and dozens of other illegal address using our domain as the spoof. That is an inconsequential irritation as we use non public addys for our business mail, our main address is merely a catchall (or at least used to be ). My secound is the volume of bounces. If you saw the image (I resized it) you'll understand I can't physically check them but I guarantee that close to 100% is bounce mail. How am I supposed to submit that with my verification? (rhetorical already answered.) If spamcop can find a way to process them, then maybe every spammer who uses our address to misdirect would be identified. <snip> 30107[/snapback] You need to read the glossary and get some terms straight. Your IP address (the numbers xxx.xx.xxx.xxx) is not blacklisted because a spammer is using various addresses at your domain as the return path. Your IP address is blacklisted because spam (probably not with any mention of your domain in the actual spam message or headers) IS coming from that IP address. Again, the bounces, if you research the terms, can be managed in various ways. Not being an admin myself, I can't direct you, but I know that I have read time and again that those who run servers have found that it is necessary to turn off 'catchall' addresses. Again, if you read carefully, there is probably no way that an ordinary person without deep pockets can 'do' anything legal against a particular spammer. Do some more research and maybe you will understand the purpose of blocklists and the purpose of spamcop - both email service and blocklist. Miss Betsy Link to comment Share on other sites More sharing options...
izian Posted July 12, 2005 Author Share Posted July 12, 2005 Please don't respond to this till I finish reading the posts and give you the info you wish. I think I had a touch of heatstroke yesterday, compounded by responders sensitivity. The direction I found myself going was not the direction I wanted. There are not enough ppl doing what SpamCop does and I'm happy to support. I'm not fishing for a refund and I'm trying to avoid making enemies here. I'm not a techie but I try to know enough to keep my web site and email in secure running order. I use private email services to look after our business email, the web site solely being a first contact and the ability to use our domain name in mail as a reputation. The site is not so very important either as almost all our work comes from word of mouth recommendation. I try to run the business at the same time, and have a family life. I don't get a lot of spare time. I understood rebound spam to be identifiable as spam when the headers are intact when an address/ip is known as a spam addy beforehand. The site actually discusses rebounds in the context of spam, making the argument that any rebounds are unsolicited mail. I was disappointed to find what I know to be rebound from spam in my inbox. That I didn't read all of the available information is true, there is so much. I skimmed a lot and got the impression you were tackling the rebound problem. Rebounds to mail I send I don't consider spam but it is not possible for me to filter them from the mass of spoofed address rebounds. Quote ... When email for you arrives at the SpamCop Email System, it is analyzed to see if it comes from a known spam source or from a system likely to be used by spammers. If that's the case, the email is automatically moved into a special "Held Mail" folder for suspected spam. What's left is your good email, free of nearly all spam. UnQuote Quote SpamCop has an extensive database of spam sources that is automatically updated every two minutes. All email received is checked to see if it has passed through a system which is in the database. If it is, then the message is flagged as probable spam. UnQuote Excepting rebounds, they arrive in the inbox regardless of who they are from, the mail filter doesn't find the spam ip in rebounds? You have to set your own filters to control them even when they are known spam rebounds. The technology is still being developed/expanded I guess. I wish I had the skill and the time to help, but I have to look after my own first. One thing I can offer is that you can use spamcop att zulloch dot com as a reporting address to ISPs for those users who want to remain anonymous if it can be useful. Another few million unwanted mails additional to that arriving in my inbox is inconsequential. I'd get a feel good feeling too knowing I was irritating the problem makers. Regarding Spf, I want our private address spoofed as our public address to remain private. Putting it into a public service I think would also risk putting it within the reach of spammers. I think I'll pass on that for now. I want this thread deleted when we finish or now if you feel so inclined as I don't want to be responsible for bad mouthing someone who is actually doing something about the problem. Link to comment Share on other sites More sharing options...
izian Posted July 12, 2005 Author Share Posted July 12, 2005 "So basically the blacklist works on domain ips not [at]addresses belonging to the somain ip within domains." "Nothing to do with the SCBL in any event - as said, it doesn't work on the <at> zulloch ... email address, spoofed or not." If i said blocklist and not blacklist? irrelevant as you answered - "Spamcop does not work like that. ------------ "All of which seems rather moot - you seem to be mostly concerned about people being able to receive your emails. Which, if any, BLs and filters they use is up to them - the spamCop service is for your benefit to whatever extent you care to use it. And you can be assured that spammers spoofing your email addresses will not cause a listing on the SCBL." My first concern was what SpamCop can and can't do. Answered already. I'm locked out of many companies as anythingat Zulloch. They see the from address so often repeated they block all from zulloch. Not something SpamCop can solve. Not a hinderance to communication tho, just damage to our reputation. "You need to read the glossary and get some terms straight. Your IP address (the numbers xxx.xx.xxx.xxx) is not blacklisted because a spammer is using various addresses at your domain as the return path." I was asking if I could be conditionally blocklisted (misunderstanding "blacklisted" meant something entirely different). It is not possible. My ip is effectively blocked by company gateways by them blocking atzulloch, not the ip itself. Rejected spam comes to me because of the [at] address, not the ip. Forgive my ignorance in assuming that known, consistently used [at] addys would be a factor in a maintained blocklist. "QUOTE(izian [at] Jul 11 2005, 12:47 PM) Perhaps a whitelist in the blacklist of known good addresses? They would have to be [at] rather than ip. Maybe with subscription? I'm still stick on what you are referring to .. is it possible you are asking about whitelisting/blacklisting settings in a SpamCop filtered e-mail account? Is so, please make this known. The sentence above doesn't make any sense, again, mixing IP Address with e-mail address ... totally different irems." Substitute blocklist for blacklist or don't bother, it can't be done in the blocklist as the blocklist only deals with ips. "Actually I deleted the image link" It referred to 16+ million mails in my inbox before I triggered the filter. Could this be a misreport because only a few thousand were reported filtered. 13 mil today, maybe our ISP mailserver is malfunctioning. It used to be around 1 - 2 thousand daily. "the mail links direct to spamcop" has a bad sound to it. I'll suggest that we have some language issues going on and what I read isn't what you meant ..???" spamcopatzulloch linked to from our webpage instead of the written addresses. "You need to read the glossary and get some terms straight." Hi Miss Betsy, I've terms coming out of my ears because of the business I'm in. But I'm trying. "Your IP address (the numbers xxx.xx.xxx.xxx) is not blacklisted because a spammer is using various addresses at your domain as the return path. Your IP address is blacklisted because spam (probably not with any mention of your domain in the actual spam message or headers) IS coming from that IP address." I have no further problem (for this forum) with ips or my ip being blocked, it is my domain name being blocked that is my problem. SpamCop cannot help here either. It was a very tentative question, if it had been possible to filter domain addys via SpamCop blocklist, and list the few consistently targetted domain names....... if ifs were buts. "Do some more research and maybe you will understand the purpose of blocklists and the purpose of spamcop - both email service and blocklist." SpamCop creates and distributes blocklists and advice and maintains a free and commercial e-mail and reporting service. I have to understand the machinations before I can expect help. The purpose of the blocklists is to block known spam by ip identified by and reported by users, the ip staying on the list till not enough ppl report it. Guess there is more to it than that. The purpose of the e-mail service is too extensive to recount. Thank you all for my education. http://forum.spamcop.net/forums/style_imag...icons/icon1.gif http://forum.spamcop.net/forums/style_imag...icons/icon1.gif iz:-) sig. Istanbul is beautiful at night too. I'm off to enjoy from across the Golden Horn.. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 12, 2005 Share Posted July 12, 2005 Please don't respond to this till I finish reading the posts and give you the info you wish.30129[/snapback] OK, it looks like you're done now.The site actually discusses rebounds in the context of spam, making the argument that any rebounds are unsolicited mail.30129[/snapback] Not all, only the unsolicited ones. Rebounds/bounces/autoreplies/whatever for emails you sent are not reportable using SpamCop.Rebounds to mail I send I don't consider spam but it is not possible for me to filter them from the mass of spoofed address rebounds.30129[/snapback] I use a multi-level filtering system that isolates emails from postmaster and mailer-daemon addresses (or without [at]-signs in the from addresses) to my addresses authorized to send mail (reviewing those manually), and report the other bounces.Excepting rebounds, they arrive in the inbox regardless of who they are from, the mail filter doesn't find the spam ip in rebounds?30129[/snapback] No, rebounds/bounces/autoreplies/whatever are not standardized enough for the SpamCop Email System to filter on them. Its SpamAssassin, however, can filter on the content of the spam.One thing I can offer is that you can use spamcop att zulloch dot com as a reporting address to ISPs for those users who want to remain anonymous if it can be useful. Another few million unwanted mails additional to that arriving in my inbox is inconsequential. I'd get a feel good feeling too knowing I was irritating the problem makers.30129[/snapback] I'm not sure I understand the logic of complaining about so much spam and in the same post requesting more. Regarding Spf, I want our private address spoofed as our public address to remain private. Putting it into a public service I think would also risk putting it within the reach of spammers. I think I'll pass on that for now. 30129[/snapback] SPF has to do with telling the world what public mailserver IP Address(es) is/are authorized to send email on your domain's behalf. Spammers don't generally take advantage of IP Addresses, except to try to relay or proxy through them or send mail directly to them. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 12, 2005 Share Posted July 12, 2005 I'm locked out of many companies as anythingat Zulloch. They see the from address so often repeated they block all from zulloch.30132[/snapback] You may want to consider getting a different domain name to use for email. You can thank the spammers for ruining your domain for email.Forgive my ignorance in assuming that known, consistently used [at] addys would be a factor in a maintained blocklist.30132[/snapback] They could be a factor in some blacklists or blocklists, but they aren't with the SCBL.Perhaps a whitelist in the blacklist of known good addresses? They would have to be [at] rather than ip. Maybe with subscription?30132[/snapback] SpamCop Email System Customers have the the option of using an email-address-based blacklist and whitelist for filtering their own mail.SpamCop creates and distributes blocklists and advice and maintains a free and commercial e-mail and reporting service.30132[/snapback] The SpamCop Email System is commercial, the SpamCop Parsing and Reporting Service is both free (ad-supported and delayed) and commercial (ad-free). Also, there is only one SCBL (not multiple blocklists).The purpose of the blocklists is to block known spam by ip identified by and reported by users, the ip staying on the list till not enough ppl report it. Guess there is more to it than that.30132[/snapback] There is not much more to it than that, just some proprietary methods for determining when an IP Address gets listed, and what it takes to stay listed.The purpose of the e-mail service is too extensive to recount.30132[/snapback] You may wish to peruse the SpamCop Email System & Accounts Section of the SpamCop FAQ.Thank you all for my education.30132[/snapback] You're welcome. Thank you for being willing to learn. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 12, 2005 Share Posted July 12, 2005 I want this thread deleted when we finish or now if you feel so inclined as I don't want to be responsible for bad mouthing someone who is actually doing something about the problem.30129[/snapback] I don't see anything you have posted here as having badmouthed anyone, except spammers and backscatterers, who deserve it. Link to comment Share on other sites More sharing options...
izian Posted July 12, 2005 Author Share Posted July 12, 2005 I don't see anything you have posted here as having badmouthed anyone, except spammers and backscatterers, who deserve it. 30137[/snapback] In the eyes of the beholder. I thought I was raising issues contrary to SpamCop's better interests, but if not, then stet. "You may want to consider getting a different domain name to use for email. You can thank the spammers for ruining your domain for email." Not necessary as the domain is only ruined for rebounds. An interesting by consequence to the spoofed from addy has been the fact that our domain name arrived in a lot of ppls address books, some with a replicating virus. the virus then dispatched itself using addresses including ours to untold other addresses. It is not just spam that is damaging our reputation. "I use a multi-level filtering system that isolates emails from postmaster and mailer-daemon addresses (or without [at]-signs in the from addresses) to my addresses authorized to send mail (reviewing those manually), and report the other bounces." If that is not infinitely complicated to set up on an easily damaged vitual server, and not confidential, could you give details? "SpamCop Email System Customers have the the option of using an email-address-based blacklist and whitelist for filtering their own mail." Not really the same nor as useful as an auto filter. "I'm not sure I understand the logic of complaining about so much spam and in the same post requesting more." To my mind the benefits - especially ISPs not rejecting notifications because there is a from address - outweigh the disadvantages, and I have a backdoor. The rule that requires ISPs to respond or provide a response service certainly has to be repealed. It's too early to expect more from blocklists is my understanding and I also understand that my expecting more from glancing thru the bumpf was unrealistic. I think spam generated rebounds are certain to overtake spam as the no1 nuisance, loops can eat up far more bandwidth than delivered mails. That actually could lead to a quandry for ppl in SpamCop's position, when the spam generated load reaches close to log jamming the system, SpamCop and ilk will have to decide whether to let the system lock and bring the issue to the point where a permanent solution to spamming has to be found (family castration to get it out of the gene pool?) or prop up a system that is wholly bogged with spam. Like global warming as a fanciful comparison, I think impacts will escalate far more rapidly than present defences will be able to cope with. It's interesting how much time, money and public resources US, European and many other countries have dedicated (army, police, universities etc.) to hacking ppls computers to check for evidence at the behest of the few (regarding p2p) but failed to do anything significant, or even noticable, (or even at all) in the far more serious problem of spam, which affects everyone. spam is a $4billion a year business, some spammers must be getting megabucks. Where from? Sex sites and casinos I suppose, seems to be the only way to make real money on the net. What a sad and sorry state we've let the net get into. I think the problem in the end has to be tackled in the real world rather having to build better and better defences. Perhaps a law making it illegal to finance spam in any way and multinational government sponsored spam report with investigation centre. Or abandon this net to the wreckers and start afresh maybe. Early days but this is getting old fast. Catch u later. iz Link to comment Share on other sites More sharing options...
Jeff G. Posted July 12, 2005 Share Posted July 12, 2005 "I use a multi-level filtering system that isolates emails from postmaster and mailer-daemon addresses (or without [at]-signs in the from addresses) to my addresses authorized to send mail (reviewing those manually), and report the other bounces." If that is not infinitely complicated to set up on an easily damaged vitual server, and not confidential, could you give details? 30141[/snapback] I am using OE6. It collects emails via POP3, IMAP4, and HTTP from various places (HTTP from MSN and MSN Hotmail accounts). It can only filter the POP3, so I POP from every account I can, or use my SpamCop Email System account to POP from my spammiest POP account and pseudo-POP from various Yahoo!, MSN Hotmail, and AOL accounts, and POP from pop.spamcop.net. Most of my rules have one criterion, start with "Apply this rule after the message arrives", and end with "Move it to the _____ folder and Stop processing more rules". My first group of rules files emails strictly on the basis of which account they came from. These accounts either are not expecting email (only used for testing) or belong to certain friends and relatives from whom I have been delegated spam-reporting authority. My second group of rules uses specific criteria in priority order, filtering various email for various reasons (mailing lists, from a certain place, to a certain address, using a certain something in the subject, containing a certain something in the body, etc.). My third group of rules files whatever is left on the basis of which account it came from (these are accounts on which I am expecting email). When all is functioning well, NOTHING ends up in my Inbox. Among my second group of rules are the following which may interest you, in order: Apply this rule after the message arrives Where the From line contains '[at]reports.spamcop.net'   and Where the Subject line contains '[spamCop'   and Where the message is from the example pop j account Move it to the scr folder   and Mark it as read   and Stop processing more rules (These are forwarded copies of my slow SpamCop Reports) Apply this rule after the message arrives Where the Subject line contains '[sC-Help]'   and Where the message is from the example pop j account Move it to the d sc-help folder   and Stop processing more rules (These are copies of postings to the spamcop.help newsgroup via the SC-Help mailing list, as there has been the occasional need to reference the IP Address which sourced a post to that mailing list, which IP Address is not transferred to the newsgroup, for purposes of researching that IP Address's listing on the SCBL or its Report History) Apply this rule after the message arrives Where the Subject line contains '[spamCop'   and Where the To or CC line contains '[at]reports.spamcop.net' Move it to the scr responses surely folder   and Stop processing more rules Apply this rule after the message arrives Where the message is from the example2.com account Move it to the example2 folder   and Stop processing more rules Apply this rule after the message arrives Where the From line contains 'me' or 'my friends' or 'my family' or 'my close associates' or 'etc.' Move it to the personal folder   and Stop processing more rules Apply this rule after the message arrives Where the From line contains 'abuse[at]' Move it to the from abuse folder   and Stop processing more rules Apply this rule after the message arrives Where the From line contains 'postmaster[at]' Move it to the from postmaster folder   and Stop processing more rules Apply this rule after the message arrives Where the From line contains 'MAILER-DAEMON' Move it to the from mailer-daemon folder   and Stop processing more rules Apply this rule after the message arrives Where the From line does not contain '[at]' Move it to the from not-[at] folder   and Stop processing more rules (this one catches some weird-looking emails, some with so little data they are unreportable) Apply this rule after the message arrives Where the To or CC line contains 'abuse[at]example.com'   and Where the message is from the example pop j account Move it to the e abuse folder   and Stop processing more rules Apply this rule after the message arrives Where the To or CC line contains 'jeff[at]example.com'   and Where the message is from the example pop j account Move it to the e jeff folder   and Stop processing more rules Apply this rule after the message arrives Where the To or CC line contains 'postmaster'   and Where the message is from the example pop j account Move it to the e postmaster folder   and Stop processing more rules Apply this rule after the message arrives Where the To or CC line contains 'example.com'   and Where the message is from the example pop j account Move it to the e example folder   and Stop processing more rules (Anything falling into this folder is guaranteed spam or blowback) Apply this rule after the message arrives Where the message is from the example pop j account Move it to the example allbcc folder   and Stop processing more rules (Anything falling into this folder is guaranteed spam or blowback, but may be malformed) Of course, example.com and example2.com are not the real domain names. Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 13, 2005 Share Posted July 13, 2005 I have no further problem (for this forum) with ips or my ip being blocked, it is my domain name being blocked that is my problem. SpamCop cannot help here either. It was a very tentative question, if it had been possible to filter domain addys via SpamCop blocklist, and list the few consistently targetted domain names....... if ifs were buts. 30132[/snapback] There are people who do have a "this is spam" button that do block on the return path. I don't know if this is what you are referring to. There are also people who use the 'bounce' function (very bad practice) on Mailwasher that sends an email to the return path and those may be some of what you are getting. And a few misguided ISPs who still accept email and then send bounce emails to the return path. Unfortunately, there is nothing that spamcop can help with in the above instances. Except if you report the bounces, they may perhaps realize that they are contributing to the problem of spam. Also, although my mother used to say not to tell her that anyone had it worse than she did - that if anyone was worse off than she was, there ought to be a law! - you are not the only domain that is being affected. As I said before, many people turn off the catch all (and I will have to let some admin explain that to you) because of this problem. I hope you come back refreshed after viewing the sunset! Miss Betsy Link to comment Share on other sites More sharing options...
izian Posted July 13, 2005 Author Share Posted July 13, 2005 "... you are not the only domain that is being affected. As I said before, many people turn off the catch all (and I will have to let some admin explain that to you) because of this problem." Thank you for your concern Miss B. I have a high level of understanding of what goes on in my domain, it's only in the wild blue yonder where I meet techies with world experience and novelties like SFP, exotic algorithms for processing spam and such that I have a problem. I have a fairly complex forwarding set up on our server split between 2 external addys, S.cop and a n other, complex because the buggy sware (cpanel makes you swear) only allows one outside address for the top level domain. I'm fairly naive with regard to standalone external filters like spamcop and such but I learn quick. I noticed maybe half a doz others doing similar to spamcop and I'll be checking them out to see what they offer, maybe I'll find the grail. I will stop forwarding to spamcop soon as I have an alternative because it's using bandwidth to no avail. I send them here and I have to log on to delete. Not my idea of fun. I saw something about blackhole sites, I'll be looking that way too. The site ip is new btw because I upgraded and got moved to a new machine, the domain is quite old in terms of internet . The ip is not static but only changes with serious mods to the site. My choice. Jeff G. I'm reading... Thanks for spending the time to type it. iz Link to comment Share on other sites More sharing options...
shmengie Posted July 14, 2005 Share Posted July 14, 2005 Use the Block Lists. This will greatly reduce the spam recieved (and bandwidth consumed) and have no effect on legit e-mail. I do not own a server w/which to implement the Block Lists, but have stood over other's sholders while they do. In order to implement them read the FAQs http://www.spamcop.net/fom-serve/cache/290.html http://spamhaus.org -- Quick reporting may also be a spamcop option you may want to explore. I wrote a program to report spam, much like what spam cop does. I also want to report to spamcop, so their filters would be aware of my spam sources. Quick reporting is an ideal solution for my needs. -Joe Link to comment Share on other sites More sharing options...
turetzsr Posted July 14, 2005 Share Posted July 14, 2005 <snip> Quick reporting is an ideal solution for my needs. 30242[/snapback] ...But not for everyone -- for many of us, it greatly increases the probability of reporting our own ISP or e-mail provider. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 15, 2005 Share Posted July 15, 2005 Quick reporting is an ideal solution for my needs.30242[/snapback] ...But not for everyone -- for many of us, it greatly increases the probability of reporting our own ISP or e-mail provider.30243[/snapback] That probability/likelihood is greatly enhanced when the reporter doesn't configure Mailhosts correctly or the reporter's ISP changes mailserver names or IP Addresses willy-nilly without notice or regard for the implications for SpamCop's Mailhosts feature and the ISP's userbase in common with the SpamCop Reporter userbase. The ideal procedure for an extremely responsible ISP to follow would be to put the new server into nearly-prodution testing (it accepts email for the ISP's userbase but isn't advertised in any MX Record(s)), ask a SpamCop Admin to add it to the ISP's Mailhosts, wait for the addition to happen, and only then put it into production. I just reposted this in ISP Procedure - Adding a Mail Server to Mailhosts in the Mailhost System Configuration Forum. Link to comment Share on other sites More sharing options...
shmengie Posted July 15, 2005 Share Posted July 15, 2005 ...But not for everyone -- for many of us, it greatly increases the probability of reporting our own ISP or e-mail provider. 30243[/snapback] I'm at a loss here, how does quick reporting increase this probability? Guess #1: some submittions to spamcop aren't spam? and the cancel sending button is the salvation mechinisim Guess #2: spamcop parses e-mail identifying your isp as the sender of spam due to forwarding mechanisims in place Link to comment Share on other sites More sharing options...
Jeff G. Posted July 15, 2005 Share Posted July 15, 2005 shmengie, Guess #1 is scary, but is not necessarily a reason why Quick Reporting would increase reports to one's own provider, unless one includes the tendency of customers of any particular provider to email their co-customers in higher proportion than non-customers due to the customer community relationship, especially customers of high-perceived-value and high-affinity services that promote intra-provider inter-customer relationships, such as CompuServe, Prodigy, AOL, Yahoo!, MSN, and MSN Hotmail. Guess #2 is much more on point - providers can and do mess up their server and DNS configurations enough to confuse the Parser into reporting their own servers, and then those providers blame their own users for reporting their servers and getting their servers listed by the SCBL. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.