SPAMCOP Integrity Failing. Blocked 2x in 1 week

[Cyberglobe]

Hello,

There is something SERIOUSLY WRONG with Spamcop. Our mail server just got blocked over the weekend for the SECOND TIME and there is ONLY 1 reported spam for our Mail server. This is some major problem with spamcop. Here are Spamcop's own results from this blocking.

Our Mail Server Network/24 [sB]

Total email volume: 872.00

Total spam reports: 1.00

spam reports vs. email volume 0.00

Number of hosts sending email 1.00

Number of hosts reported for spam 1.00

Hosts reported vs. hosts sending 0.00

Average volume per host sending 872.00

SPAMCOP hides themselves behind a Web interface and are impossible to get in touch with via phone. This is really not good for public relations and I think that Spamcop has finally started to fail to become a truly functional service. We are removing their service from our mail server as we see that their network is starting to fail.

How can our server be blocked by only 1 REPORT on 2 different occasions?

[dra007]

You got it wrong, 1 report is not 1 report but a ratio of reports to actual mail send. However, without the IP in question we cannot provide you with the actual information that may shed some light on the resons behind this block.

[Cyberglobe]

You got it wrong, 1 report is not 1 report but a ratio of reports to actual mail send. However, without the IP in question we cannot provide you with the actual information that may shed some light on the resons behind this block.

37616[/snapback]

The IP in question is 216.252.90.60

Please expand your system so that Administrators have access to such reports... The thing is by blocking without ANY notification is NOT THE WAY TO DO BUSINESS. If this continues, I think that more and more ISPs with Stop using your services cause the business model is flawed.

Oh and Also, I see 1 Report, that means to me 1 REPORT not 700 reports of the same message. Explain to me how 1 Report can get me listed TWICE on your system... after removing our server from the listings the first time?

[Miss Betsy]

The IP in question is 216.252.90.60

Please expand your system so that Administrators have access to such reports... The thing is by blocking without ANY notification is NOT THE WAY TO DO BUSINESS.  If this continues, I think that more and more ISPs with Stop using your services cause the business model is flawed.

37619[/snapback]

If you received no notification that your IP address was on the blocklist, then probably the reports came from spam traps. spam traps don't send reports because they are not used for real email; only receiving email from spammer sources.

Spammers have spoiled seeing the reports just like they have spoiled email.

Did you look at the Why Am I Blocked FAQ? I am not a server admin so I can't guess at what has gone wrong. However, there is extensive information for server admins there.

Miss Betsy

[dra007]

Miss Betsy is quite right:

...DATA.....

216.252.90.60 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 5 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 21.9 days, it has been listed 5 times for a total of 3.5 days

Other hosts in this "neighborhood" with spam reports

216.252.90.59

Spamtraps do not generate reports, and because the IP was already delisted for this type of abuse, express delisting is not available.

The SENDER BASE shows an unusual increase, can you explain that?

There are some reports from real users:

Report History:

--------------------------------------------------------------------------------

Submitted: Thursday, December 01, 2005 12:14:20 PM -0500:

Urgent:Please Reply / svp repondez au message aujourd'hui confirm(1133404736....

1571858874 ( 216.252.90.60 ) To: postmaster[at]colba.net

1571858869 ( 216.252.90.60 ) To: abuse[at]colba.net

--------------------------------------------------------------------------------

Submitted: Saturday, October 29, 2005 4:32:22 PM -0400:

Urgent:Please Reply / svp repondez au message aujourd'hui confirm(1130487778....

1542813451 ( 216.252.90.60 ) To: postmaster[at]colba.net

1542813450 ( 216.252.90.60 ) To: abuse[at]colba.net

...but no spam that fits the trend, so it maybe that all you have to do is to reset your autoresponder to prevent it from sending to spamtraps... There are plenty of FAQ's regarding this subject...

[Cyberglobe]

If you received no notification that your IP address was on the blocklist, then probably the reports came from spam traps.  spam traps don't send reports because they are not used for real email; only receiving email from spammer sources.

Spammers have spoiled seeing the reports just like they have spoiled email.

Did you look at the Why Am I Blocked FAQ?  I am not a server admin so I can't guess at what has gone wrong.  However, there is extensive information for server admins there.

37623[/snapback]

Unfortunately our Mail server offers Vacation messages to our clients as a means of notifying their clients that they will be away. There is no way of disabling this functionality. Therefore, if one of our clients did get this within their vacation message, this ends up blocking everyone else. This is NOT the method of Fixing the situation but rather Spamcop should notify that their server MIGHT be listed due to this problem.

Spamcop should be HELPING ISPs with this problem than to just act ignorant and not report the results to their administrators. This is irresponsible by spamcop on this issue, plain outright.

[Cyberglobe]

Miss Betsy is quite right:

...DATA.....

Spamtraps do not generate reports, and because the IP was already delisted for this type of abuse, express delisting is not available.

The SENDER BASE shows an unusual increase, can you explain that?

There are some reports from real users:

...but no spam that fits the trend, so it maybe that all you have to do is to reset your autoresponder to prevent it from sending to spamtraps... There are plenty of FAQ's regarding this subject...

37624[/snapback]

for the .59 address, it is Normally HIGH cause that IP just went online a few days ago.

As for the messages you are supplying, those are from our Friend's Confirmation system which our mail server uses to filter spam. I have informed our Mail server vendor of the situation and has asked them to modify the reports so that it would only be sent once to the actual sender instead of each message.

[dra007]

Bottom line is that if you are sending to spamtraps it is very likely you are also abusing innocents who had their e-mail forged by spammers... Spammers have spoiled it for everybody..

[Cyberglobe]

Well I found out one of the problems, our upstream did NOT update the ARIN records with our information. Hence why we never got the reports.

However, I think that Spamcop should fix their system also look at the Reverse DNS SOA records to see what email address is in the SOA records too and also send a report to that address as well as this is usually more up to date than ARIN records.

[StevenUnderwood]

As for the messages you are supplying, those are from our Friend's Confirmation system which our mail server uses to filter spam.  I have informed our Mail server vendor of the situation and has asked them to modify the reports so that it would only be sent once to the actual sender instead of each message.

37627[/snapback]

It sounds like this "Friend's Confirmation system" is a Challenge/Response system where when you receive an email, you reply to it with a challenge to see that they are a human. If so, please search these forums for how bad those systems are. You are simply forwarding all your spam onto someone else, some of which are spamtraps.

Personally, each and every time I receive a challenge, I authorize it so I can explain to the receiving party how their system affects me, an innocent third party. If that also allows the viruses or a spam list through that initiated the contact, that is not my problem.

[StevenUnderwood]

However, I think that Spamcop should fix their system also look at the Reverse DNS SOA records to see what email address is in the SOA records too and also send a report to that address as well as this is usually more up to date than ARIN records.

37630[/snapback]

That also tends to be sending messages TO the spammers, which spamcop attempts to avoid. It is the same reason spamcop ignores small IP blocks and uses abuse.net to get the addresses.

[Derek T]

Unfortunately our Mail server offers Vacation messages to our clients as a means of notifying their clients that they will be away.  There is no way of disabling this functionality. 

37625[/snapback]

Sorry, but that's b*llsh*t. In today's world therer is absolutely no excuse for allowing your server to backscatter spam to all and sundry. If you can't disable it on your present server then upgrade.

[Jeff G.]

Here are Spamcop's own results from this blocking.

Our Mail Server Network/24 [sB]

 

Total email volume: 872.00

Total spam reports: 1.00

spam reports vs. email volume 0.00

Number of hosts sending email 1.00

Number of hosts reported for spam 1.00

Hosts reported vs. hosts sending 0.00

Average volume per host sending 872.00

37614[/snapback]

Can you please cite the exact source for that information? Thanks!

Please expand your system so that Administrators have access to such reports... The thing is by blocking without ANY notification is NOT THE WAY TO DO BUSINESS.

37619[/snapback]

ARIN-specified Administrators get SpamCop Reports. Spammers and the general public no longer get specific information from SpamCop because spammers were abusing that information. Such Reports were sent to postmaster[at]colba.net and abuse[at]colba.net on Saturday 2005/10/29 at 16:32:22 -0400 and again on Thursday 2005/12/01 at 12:14:20 -0500 - please take up with them the issue of why they didn't change the ARIN records and why they didn't share those Reports with you.

Unfortunately our Mail server offers Vacation messages to our clients as a means of notifying their clients that they will be away.  There is no way of disabling this functionality.

37625[/snapback]

Then your Mail server is being correctly listed by the SCBL. Such vacation messages (as a subcategory of auto-responses) are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the "Traditional auto-responders" section of Why are auto-responders (and delayed bounces) bad?.

As for the messages you are supplying, those are from our Friend's Confirmation system which our mail server uses to filter spam.  I have informed our Mail server vendor of the situation and has asked them to modify the reports so that it would only be sent once to the actual sender instead of each message.

37627[/snapback]

Filtering is one thing; what your "Friend's Confirmation system" is doing (even if it only sends one message per source address) is quite different - it appears to be a CR (Challenge/Response) system. SpamCop doesn't recommend such CR systems - they are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Challenge/response spam filtering section of Why are auto-responders (and delayed bounces) bad?.

Well I found out one of the problems, our upstream did NOT update the ARIN records with our information.  Hence why we never got the reports. 

However, I think that Spamcop should fix their system also look at the Reverse DNS SOA records to see what email address is in the SOA records too and also send a report to that address as well as this is usually more up to date than ARIN records.

37630[/snapback]

This is a good idea, but is probably not going to happen because spammers have too much control over their own DNS records, including Reverse DNS (in-addr.arpa) SOA.

[Derek T]

So, all-in-all, contra the original rant, SpamCop is working perfectly in listing an abusive server. No change there then.

[Cyberglobe]

It sounds like this "Friend's Confirmation system" is a Challenge/Response system where when you receive an email, you reply to it with a challenge to see that they are a human.  If so, please search these forums for how bad those systems are.  You are simply forwarding all your spam onto someone else, some of which are spamtraps.

Personally, each and every time I receive a challenge, I authorize it so I can explain to the receiving party how their system affects me, an innocent third party.  If that also allows the viruses or a spam list through that initiated the contact, that is not my problem.

37639[/snapback]

It is NOT forwarding any spam as the original message is not included. If you do authorize it, You will never receive a virus from our server and I think that THIS is where everyone has gotten this spam thing wrong. Via a Challenge/response system, the initial message is never sent back. Therefore, what you are getting is a new message entirely without ANY possible spam.

However, I have asked my vendor to modify the C/R system into a Capture and Filter system instead to help eliminate the C/R system from getting caught in the Spamcop system. Or, modify it in a way that the C/R will only send the C/R response ONCE in the email address lifetime. This way, there is no more C/R spamming in the future. Also, it would report as a 550 or 450 error which will atleast notify the sender that their initial C/R message was never acknowledged.

[turetzsr]

<snip>

It is NOT forwarding any spam as the original message is not included.  If you do authorize it, You will never receive a virus from our server and I think that THIS is where everyone has gotten this spam thing wrong.

37675[/snapback]

...Understood but consider that, from the perspective of the person receiving these messages, spam is about consent, not content. In other words, if I didn't request it, I shouldn't be receiving it. <g>

However, I have asked my vendor to modify the C/R system into a Capture and Filter system instead to help eliminate the C/R system from getting caught in the Spamcop system.  Or, modify it in a way that the C/R will only send the C/R response ONCE in the email address lifetime.

<snip>

37675[/snapback]

...IIUC (subject to correction from the more knowledgeable of my colleagues [which is pretty much all of them]), that should be much better -- thank you!

[Cyberglobe]

Sorry, but that's b*llsh*t. In today's world therer is absolutely no excuse for allowing your server to backscatter spam to all and sundry. If you can't disable it on your present server then upgrade.

37643[/snapback]

Sorry derek, but a vacation message is a perfectly LEGAL form of informing someone that you will be away and will only return on x day.

This is exactly like voicemail

Voicemail mailbox stating I am away until jan 5th 2006 == email vacation notification (ISSUED ONLY ONCE for ∞ amount of email from that sender) for that specific vacation message.

If you block a legal method of informing clients that you are not able to read their mail cause you are away, then you end up causing friction between the 2 people. eg: One client sends a message about his hardware malfunctioning. Support team has no vacation message cause "SPAMCOP" does not allow such a thing until they come back after the new years. Customer gets irate by sending multiple emails like "where are you, I need support, how come your nto answering" and if the issue is like an EBay one, you can end up by having a legal battle to deal with.

Vacation Messages should be made so that ONLY ONE message be sent for the life of the Actual Vacation Message and NOT 1:1 triggering which I do agree is annoying.

here is what I am requesting from our mail software vendor and I think other software vendors should do the same... and MAYBE if Spamcop is up for the Challenge, start creating a "DO NOT REPLY to VACATION MESSAGE" email address LIST so that mail servers can query this info via DNS to help stop further unwanted Vacation Messages. By Blocking it for all, the non-technically inclined customers will rant and rip your ears out saying that SPAMCOP is not allowed to do this. By creating this DNRVM list, the power is now brought to you to make sure you can never get vacation or after reception bounce messages again. This will make both worlds happy and help reduce the Spamcop syndrome.

2: Spamcop Model will only have the following features:

- When a vacation message is set up, it will automatically send only 1 copy to ∞ amounts of actual new messages.

- There should be a Vacation Expire Date (Manditory) so that when the person comes back from vacation, it will automatically deactivate itself.

-When a new Vacation Message is entered, the list of Email addresses the message was sent to is erased.

- If the recipient does NOT want to receive this vacation message, they should be able to add themselves to a global Do Not Reply to Vacation Messages List (DNRVML) (maybe maintained by Netwinsite themselves to be able to distribute to all your clients.)

- Keep a log of all DNRVML in the email log system so that if someone says they Never got the Vacation message, our client can notify their client if they are on a DNRVML list or not.

[Cyberglobe]

Such vacation messages (as a subcategory of auto-responses) are now considered abusive and Filtering is one thing; what your "Friend's Confirmation system" is doing (even if it only sends one message per source address) is quite different - it appears to be a CR (Challenge/Response) system.  SpamCop doesn't recommend such CR systems - they are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Challenge/response spam filtering section of Why are auto-responders (and delayed bounces) bad?.This is a good idea, but is probably not going to happen because spammers have too much control over their own DNS records, including Reverse DNS (in-addr.arpa) SOA.

37646[/snapback]

Well by using the Reverse DNS SOA records, it would be in addition to the ARIN records and NOT a replacement.

I now have to wait 3 days for the update which is 3 days too late for our clients who are getting blocked.

[Cyberglobe]

So, all-in-all, contra the original rant, SpamCop is working perfectly in listing an abusive server. No change there then.

37649[/snapback]

We it is working but not perfectly. Here is the Best way to fix those bugs.

1: Add RDNS SOA Email address as an Additional source of sending Abuse reports.

2: SPAMCOP should create a new global Do Not Reply to Vacation and Bounce Message List so that those who are offended by such emails can have it stopped immediately by supporting mail software.

3: Hoping SPF can finally be standardized and allowed to

This simple #2 feature will reduce atleast 90 of all junk UCE messages that is currently bouncing out there.

[Cyberglobe]

...Understood but consider that, from the perspective of the person receiving these messages, spam is about consent, not content. In other words, if I didn't request it, I shouldn't be receiving it. <g>...IIUC (subject to correction from the more knowledgeable of my colleagues [which is pretty much all of them]), that should be much better -- thank you!

37677[/snapback]

What a stupid philosophy. So according to your philosophy, if a customer sent me a message, BUT I did not request him to send it to me, I can Report him to SPAMCOP and have his domain and other mail mail domains banned. Get real... You guys really are NOT BRIGHT with that philosophy.

If you guys are looking for a clean alternative, just force all your friends to talk to you either on one global webmail provider (eg Hotmail or Spamcop's own email service) and do not ALLOW any other emails in your system.

However, the world is not all technical and it does involve businesses to now communicate over a service that is now considered essential. By adding your No sollicitation stickers to your snail mailboxes, you can make sure that your to eliminate all non-addresses spam but you still get addressed spam.

This is why a DNR list MUST be setup to notify the mail servers that you do not want those non-addressed Spams from coming to you in a reply back.

[Cyberglobe]

Now the problem I am having is with SPAMCOP's method of delivery via the DNS records. The timeout has been set to high and still now our mail servers are still being blocked after 4 hours of it being unblocked.

[Wazoo]

Interesting suggestions, some hard work apparently attempted .. Thanks.

However, looking at what seems to be a bit of rant, it does appear that you may have skipped over the Start Here - before you make your first Post item on the "front" page .... The SpamCopDNSBL simply does not have the power to block your or anyone else's e-mail. Usage of the SpamCopDNSBL (or any other BL) is at the discretion of the (receiving) ISP, and had you caught the write-up, even the guy that developed the SpamCop toolset suggests that it not normally be used as a "blocking" agent.

[turetzsr]

Sorry derek, but a vacation message is a perfectly LEGAL form of informing someone that you will be away and will only return on x day. 

 

This is exactly like voicemail 

<snip>

37678[/snapback]

...Sorry, Cyberglobe, but derek is exactly right: a vacation message is not like an out-of-office voicemail message. The key difference is that the caller of the voicemail is unambiguously the right person to get the out-of-office voicemail message whereas the person receiving the e-mail vacation message might (and, in fact in your case, is sometimes not) the right person to receive the e-mail.

...It may be legal but it is still potentially abusive.

[Miss Betsy]

However, the world is not all technical and it does involve businesses to now communicate over a service that is now considered essential. By adding your No sollicitation stickers to your snail mailboxes, you can make sure that your to eliminate all non-addresses spam but you still get addressed spam.

The internet is run on netiquette. Offline Miss Manners says the polite way to deal with unacceptable behavior is give the 'cut direct' The online equivalent is to block unwanted email from entering your server with a polite message that the sender should be aware that the IP address being used is not behaving in a neighborly manner and is being ignored. An aggressive list like SpamCop is designed to be used to tag email as 'unwanted' especially for businesses or other people who do not want to miss any unsolicited email.

Your ideas about the internet are extremely disrespectful of many, many users of the internet. Email is no more complicated than running an automobile and drivers of automobiles for the most part have grasped the technical details even if they don't actually change the oil or replace the brake drums.

Miss Betsy

[turetzsr]

...Understood but consider that, from the perspective of the person receiving these messages, spam is about consent, not content. In other words, if I didn't request it, I shouldn't be receiving it. smile.gif <g>...IIUC (subject to correction from the more knowledgeable of my colleagues [which is pretty much all of them]), that should be much better -- thank you!

What a stupid philosophy. So according to your philosophy, if a customer sent me a message, BUT I did not request him to send it to me, I can Report him to SPAMCOP and have his domain and other mail mail domains banned. Get real... You guys really are NOT BRIGHT with that philosophy.

If you guys are looking for a clean alternative, just force all your friends to talk to you either on one global webmail provider (eg Hotmail or Spamcop's own email service) and do not ALLOW any other emails in your system.

However, the world is not all technical and it does involve businesses to now communicate over a service that is now considered essential. By adding your No sollicitation stickers to your snail mailboxes, you can make sure that your to eliminate all non-addresses spam but you still get addressed spam.

This is why a DNR list MUST be setup to notify the mail servers that you do not want those non-addressed Spams from coming to you in a reply back.

37682[/snapback]

...Cyberglobe, you are more than entitled to your own opinion but you are not entitled to your own facts. E-mail, as does the rest of the internet, operates on the basis of netiquette (as Miss Betsy pointed out in her reply immediately above, posted as I was writing this). Sending e-mail to innocent bystanders that did not request it and have no relationship with the sender is abuse.

...No, you can not get a customer's "domain and other mail mail domains banned" by submitting a single report to SpamCop. First of all, SpamCop does not have the power to do that. Second, one report is not sufficient to get an IP address (SpamCop does not deal with e-mail addresses at all) on the SpamCop blacklist. Third, the philosophy I propounded is not (necessarily) SpamCop's philosophy, it's just the philosophy of some of us users (spam victims).

...Whether the world is "all technical" is beside the point. Unwanted e-mail is spam, IMHO (and that of others here). That some businesses choose to use e-mail as an "essential" communication service simply shows how unwise those businesses are: e-mail is not (at least, not yet) a guaranteed delivery mechanism -- e-mail gets lost due to backhoes hitting WAN lines, servers hiccupping, etc. Multiple forms of communication are used by wise businesses.

...Why should I be forced to tell anyone not to send me spam with a DNR list? Why should ISPs and MSPs (e-mail service providers) be forced to handle spam, which can be up to 80% of e-mails for some such providers? Why should ISP and MSP subscribers have to pay for all the storage and handling costs and spend the time to look through their inboxes and "potential spam" folders to check for false positives and negatives?

...So far, no one seems to have been able to come up with a better alternative to address spam than blacklists. Backscatter is now seen by many as abusive. We will report it to try to help save both ourselves and others from having to spend as much resources as currently spent on spam.

...Yes, spammers have spoiled the internet and e-mail for us all.