Reporting spam getting useless?

[john1000]

i know this is gonna sound weird but does it do any good..?..reporting spam..?

i thought asking this dumb question because after a full week of reporting i dont see any difference at all....!

The other topic of mine i mentioned that i was almost a victim of spamcop because a member reported me just to cause problems for me and my site.

Funny thing is ,is that i found the copy of it yesterday (cause i saved it as txt file) and after reading it i saw that there's a difference of 1 day !

A difference of 1 day between the day it was reported and the next day my host got it on his doorstep.

So what is actualy happening when im reporting it....?

All i do is mail the header and write as subject "spammer" and after 1 minute the system mails me back with "Subject: SpamCop has accepted 1 email for processing".

and that goes on 25 times a day...i mail,i get the response back.

So what is happening...?

John

[Miss Betsy]

When you get the response back, you need to either follow the link in the email or go to the spamcop website to actually do the "processing"

To process, the spamcop parser does its thing and chooses the actual sending IP address and then gives you the abuse address for that IP address. It also finds the proper abuse addresses for the spamvertized sites within the email (most of the time - spammers try to hide them; reporters figure out how to reveal them to the parser until the spammer comes up with a new trick).

You, the reporter, need to look at the checked addresses and decide if the parser is correct. Once in a while, the parser hiccups and your email IP address is selected. Sometimes spammers will include "innocent" URLS to make their spam look legitimate (like the AMA in a herbal spam).

Then you hit send and spamcop sends the report to the chosen abuse desks. It should not take a day between report and receipt. Sometimes people do not report the spam for a day or more after it has been received. Spamcop won't accept requests for reports if the spam is more than 3 days old. Occasionally email will take a while, but I don't know the technical reasons for that.

Reporting spam is only useful if the report goes to a responsible ISP. They welcome spamcop reports because they can immediately stop the spammer - sometimes in the middle of a spam run. Or they can track down a compromised machine.

Irresponsible ISP's ignore spamcop reports or refuse to accept them. However, it is still worthwhile to report them through spamcop because after a certain number of reports, the IP address goes on the spamcop blocklist which is used by other ISP's to block the sources of spam. The IP address goes on the blocklist whether or not the ISP accepts spamcop reports or not.

I hope that answers your questions. if not, ask for clarification.

Miss Betsy

[john1000]

so then that was realy stupid of me cause it gave me the idea that that was it !

and now you mention it ,i thought the tines in the mail was a little bit strange...

but ok,.....i understand it now that i have to follow up the link in the mail....

but how and when does a isp gets "blacklisted "...?

cause if some dont respond or dont do anything like you said....they can go on untill im 90 !

[Miss Betsy]

The blocklist has an algorithym that calculates various things - the amount of traffic measured by spamcop from that server is one. When the reports equal 2% of the traffic, the IP address is listed. For spamtraps, it only takes one report.

I am not really up to speed on the algorithym, but no IP address is listed after the spam (as reported) stops. The blocklist only lists sending IP addresses. It does not list spamvertized sites.

If the ISP refuses reports, then spamcop trashes the report, but it is still counted on the blocklist.

So IP addresses that make no attempt to stop spammers are always on the blocklist. Once in a while they may drop off for a few hours.

If you use the spamcop blocklist, then almost all of your spam is diverted. ISP's use it and so does the SpamCop Email service. It is considered fairly aggressive because, of course, it will block email that is not spam if it comes from the same IP address and it will block *any* IP address that is reported enough times. Sometimes ISP's think that spamcop should delist their IP address when they have fixed the problem since ordinarily they do not allow spam. But the blocklist is automated and the only manual removals are for reporter errors.

Miss Betsy

[yourbuddy]

Sometimes innocent users of those ISP's (who are also sometimes innocent)

get hurt by their email being blacklisted by an "aggressive" SpamCop system.

This will be moved to "yourbuddy trolling 7", in the Lounge?

[fromcali]

Please don't feed the troll...

Scott (Spamcop user since 2000)

[Jeff G.]

Sometimes innocent users of those ISP's (who are also sometimes innocent)

get hurt by their email being blacklisted by an "aggressive" SpamCop system.

This will be moved to "yourbuddy trolling 7", in the Lounge?

yourbuddy, you have made your position abundantly clear. Please stop. Thanks!

[yourbuddy]

JeffG ...

It is not always clear to new (or even experienced) users, the damage

that SpamCop can cause to the "innocent bystanders" of ISP services,

who have been blacklisted by SpamCop (sometimes incorrectly).

[Miss Betsy]

Please ignore the "troll" - a troll is a poster who posts, usually contradictory, information that is irrelevant to the original question. S/he hopes to start an argument with regular posters.

We(tinw) hope for the sake of newcomers who are looking for answers that all subsequent posts to this topic are on topic to the original question. There are several threads in the Spamcop Lounge if anyone wants to play games with yourbuddy.

Miss Betsy

[yourbuddy]

"Miss Manners" ...

It's not a "game", it's serious when SpamCop causes innocent email

users to lose their service by "sometimes incorrectly" blacklisting, or

by "correctly, but overzelously" blacklisting large service providers.

[bdepauw]

Personally just getting though with a problem with an Open Relay on a new server I setup for a local nonprofit months back (I missed disableing spoofing of the postmaster account Oops).

I know they were blocked for a good reason this time but I really do not agree with blacklists in general. I find them to be far to much of a liability to company operations to miss emails that some other company decides is "bad". Though of late I have to say spam Cops 48 hour release program to be refreshing but should have an ability to manually remove or retest a server much like ORBD.org.

spam is a problem but mass banning of IPs or Domains isnt the solution.

Persnally a well maintained and properly configured filter system with SOPs (Standard Operating Procedures aka "Company Email cannot contain the following: ") is the proper solution for this little coperate mofo.

Hopes you guys don't ban for difference in views.

Image Removed Becouse tag didn't work properly.

[Miss Betsy]

This forum is for the discussion of user issues and for why am I blocked? IMHO, there should be two forums: one for user issues and one for people who are blocked.

I hope JeffG moves this discussion to the spamcop lounge because it would be interesting discussing the whole problem of spam and spam prevention with you.

If you /really/ want to get into a discussion, you should access the spamcop newsgroup. a newsgroup format makes for a much better discussion than a web forum. It isn't Usenet, but posters tend to be blunt. If that doesn't make you see red, you should have an interesting discussion.

However, although I forget what the primary question was on this thread, this is what this forum is for: to answer questions.

Miss Betsy

[turetzsr]

Hi, bd!

...(b)DePauw as in Greencastle, IN? My mom and sister live down the road in Terre Haute, so (assuming my guess to be correct) I pass by your neighborhood quite frequently!

Personally just getting though with a problem with an Open Relay on a new server I setup for a local nonprofit months back (I missed disableing spoofing of the postmaster account Oops).

...Thanks for fixing that!

<snip> I really do not agree with blacklists in general.  I find them to be far to much of a liability to company operations to miss emails that some other company decides is "bad".

...Fair enough, we won't insist that you use them, although your e-mail customers might appreciate it if you would, so that likely spams go to a separate folder.

spam is a problem but mass banning of IPs or Domains isnt the solution.

...Note that SpamCop doesn't recommend doing that!

Hopes you guys don't ban for difference in views.

...SpamCop doesn't ban anyone, so it won't ban for a difference in views. However, I don't see a difference in views, here.

[john1000]

indeed...he...he.....the only difference is ,is that this topic is not serving my pupose anymore........as for the reason of posting it i mean...

[turetzsr]

Hi, John,

indeed...he...he.....the only difference is ,is that this topic is not serving my pupose anymore........as for the reason of posting it i mean...

...My assumption is that Miss Betsy's post answered your question. If not, please post another here and we'll try to help further.

[john1000]

he...he...that would be a nice trick turetzsr,cause im busy now for 2 days here .

so this single problem is making me a number poster and turns me into an advanced user......but im not.

i dont know how to explain it more clearer.

the best way is that someone explains it to me by phone,that should do it.

but at this moment spamcop isnt sending the mails anymore .

[turetzsr]

...Sorry, John, I may be mistaken but I don't believe that phone support is offered for SpamCop reporting.

...When spam reporting rises to the top of your priority list, please return here with questions.

...By the way, you can help your fingers by addressing me as "Steve" rather than "turetzsr."

[john1000]

hi steve....,well i think the phone support is only for paid members.

i dont know that...ha...ha,just a feeling.

But this is getting a big laugh steve,so you dont know it either what the problem is?

But to make sure you know of the steps ive taken.....this is what ive done.

Step 1.

I copy the complete header stuff of my idiot spammers mail and put that below in my mail client ( outlook express 6 ) as text.

Step 2.

I mail it to spamcop with my free acount,and should be send to....

submit.somecode[at]spam.spamcop.net

Step 3

Then i get a returned mail with a link i should click on ....cause it says something like....were now ready for you or something like that.....

So i click on the link and the page that opends shows the spammers info.....

bla....bla(original is posted in other topic) and thats it !

No "way" of finishing the report....!

So now you know it to steve....

[turetzsr]

Hi, John,

...Well, I can't really help you much because I don't use OE for e-mail. However, you might try the following:

• Skip your step 1 -- my understanding is that it isn't necessary
  
• If when you originally signed up with SpamCop you received an e-mail with subject "SpamCop authorization," go to the link that follows "Alternately, you can submit spam via the web here:" then click the link labeled "Select outlook/eudora workaround form" and paste in the headers and body in the separate entry areas and press the "Process spam" button
  
• Have a look at these SpamCop FAQ pages: Microsoft Products and Outlook 98 and 2000
  

...Hope this helps!

[Wazoo]

Use of OE6, simply right-click on the subject line, select "Forward as Attachment" .. address it to the submit address you've already mentioned ... no need for all the cut/paste activity ... after a couple like that, then feedback if things are still screwed up ....

[bdepauw]

..(b)DePauw as in Greencastle, IN?  My mom and sister live down the road in Terre Haute, so (assuming my guess to be correct) I pass by your neighborhood quite frequently! 

Interesting that you would think that. There are so few DePauw's left state side these days. I am not the one you are thinking I personally reside in Lafayette, LA. But its nice to meet you anyway.

Personally just getting though with a problem with an Open Relay on a new server I setup for a local nonprofit months back (I missed disableing spoofing of the postmaster account Oops).

Unfortunately I dont have contact with the nonprofit often and it was left unchecked until it started effecting there connection speed recently (Business DSL) so I am not sure how long it ran but I can assure you its tight as a drum now. Already been released by ORBD.org and MAPS RSS. Just waiting on this 48 hour period for spamcop to resolve to be able to communicate with many of our volenteers is a pain. Already missed a court date or 2 over it. Eep!

...Fair enough, we won't insist that you use them, although your e-mail customers might appreciate it if you would, so that likely spams go to a separate folder.

My primary customer is usually a corparate big wig who would fire me on the spot if they missed something even slightly important like a productions report. Even with a whitelist I can not risk the chances of losing emails even if they have to deal with the minor amount of spam that gets past the filters my team and I produce.

If you /really/ want to get into a discussion, you should access the spamcop newsgroup. a newsgroup format makes for a much better discussion than a web forum. It isn't Usenet, but posters tend to be blunt. If that doesn't make you see red, you should have an interesting discussion.

Nah I think I am done here. Just wanted to put in a quick dose of the reality that some of us face and reason why blacklists are not always the right option. If anything spam blocking should be handled at a client level so that the over all responsiblity for lost or mislabeled mail getting missed does not fall on the shoulders of the server admins (exect in open relay cases) but on the person/customer making the choice to filter it. After all who are we (admins) to decide what our paying customers should and should not see in there email. If that were the case why havnt ISP's blanket banned *.exe or *.scr or other common virus carrering attachments as a default for there customers? Make the vast minority that might have a valid reason for receiving those attachments ASK for it since they are appreatly the more advanced users.

Anyway thanks for the chat. Oh one other note I am a forum junky and firmly believe that they beat decission and news groups when it comes to decissing matters such as these. Though I will admit this might not be the best thread for it.

[Miss Betsy]

Nah I think I am done here.

Since you are done, I am not going to suggest that you move the discussion to SpamCop Lounge. But if you want to continue, that's where I suggest you post.

Already missed a court date or 2 over it. Eep!

Doesn't anybody have a phone or fax? I, too, do most of my communicating with volunteers via email, but I do have phone numbers and addresses for all of them.

Just wanted to put in a quick dose of the reality that some of us face and reason why blacklists are not always the right option. If anything spam blocking should be handled at a client level so that the over all responsiblity for lost or mislabeled mail getting missed does not fall on the shoulders of the server admins (exect in open relay cases) but on the person/customer making the choice to filter it. After all who are we (admins) to decide what our paying customers should and should not see in there email. If that were the case why havnt ISP's blanket banned *.exe or *.scr or other common virus carrering attachments as a default for there customers?

The big advantage of blocklists that reject at the server level with a code message is that the sender gets a bounce message saying that hir email didn't go thru and why. Any other sort of filtering does not tell the sender why hir email didn't make it.

Many ISP's do have virus filtering in place. There is no need to ban attachments. Occasionally, one gets thru before the av is updated so customers need to be diligent anyway.

And, since blocklists have convinced many ISP's to adopt TOS and AUP that do not allow spamming and to make responsible ISP's adopt various measures to detect spammers before they spew, spam comes thru mostly open relays, open proxies, and compromised machines - all of which are more efficiently and effectively handled at the admin level.

My primary customer is usually a corparate big wig who would fire me on the spot if they missed something even slightly important like a productions report. Even with a whitelist I can not risk the chances of losing emails even if they have to deal with the minor amount of spam that gets past the filters my team and I produce.

Then you need additional training in how to communicate. Any person with any intelligence at all can understand that the *sender* is responsible for choosing a reliable email carrier and that, like other methods of communication, there are occasional interruptions of service.

In addition, end users are also capable of making decisions on the kinds of blocklists they want to use just like they can make decisions on other technical consumer products. I don't have to be able to install a car part to know whether I want to use a brand name or equivalent or a part from the junk yard - or to trust my mechanic to decide.

It is unconscionable that techies do not tell their customers that there *is* a way to control spam.

Miss Betsy

[bdepauw]

Miss Betsy,

I had not intended to reply here again but your comments I feel need some clarification.

The big advantage of blocklists that reject at the server level with a code message is that the sender gets a bounce message saying that hir email didn't go thru and why. Any other sort of filtering does not tell the sender why hir email didn't make it.

Personally my system handles enough traffic without having to increase my bandwidth useage to include telling people I deleted there junk becouse it was spam. Like you said the return addresses are usually spoofed or inocent servers misconfigured to relay.

Many ISP's do have virus filtering in place. There is no need to ban attachments. Occasionally, one gets thru before the av is updated so customers need to be diligent anyway.

Heh maybe I need to come live in your neck of the woods becouse I cannot name one in this state that does. Well maybe AOL but I beleive that handle that client side with the software they provide.

No question open relays are the responsibility of the administrator.

Then you need additional training in how to communicate. Any person with any intelligence at all can understand that the *sender* is responsible for choosing a reliable email carrier and that, like other methods of communication, there are occasional interruptions of service.

Hold the phone here. It does not matter who sends it once it reaches my server and my settings mark it as spam and it puts in a folder with 100 other spam messages and they miss a productions report it's my fault no matter how you cut the cake.

It is unconscionable that techies do not tell their customers that there *is* a way to control spam.

My bosses hired me (a techie by education, training, experance, and sure love of it) to make that kind of decision for the company becouse they do not know or do not want to know about the subject. It's my call.

You are impling that I have no way of blocking spam but to use blacklist personally I beleive we get a good 80%+ of it all spam with 100% of the real mail getting though. Which in my case is better then 99% of the spam getting caught with a 1% margin of error.

Care to point me to a link to this descussion site you mentioned. Or prehaps get an admin to move this thread.

[Miss Betsy]

I don't know how to get admin to move the thread unless he happens to read this thread.

The way I get to the Spamcop Lounge is to click on the first Spamcop Discussion at the top of this page and then choose Spamcop Lounge. this might get you there

also

http://forum.spamcop.net/forums/index.php?showforum=6

But I am going to try to move the discussion there.

This is not one of my better days so I am not hopeful

Miss Betsy

[Jeff G.]

Moved from SpamCop Help to SpamCop Lounge because it has nothing to do with SpamCop, although SpamCop is mentioned in passing.