Jump to content

Feature request


matjday

Recommended Posts

As I understand it, SpamCop lists all blacklisted hosts in the same zone "bl.spamcop.net"

The service could be made more flexible by differentiating between those hosts which have only sent a few spam messages in the last x-days and those which have sent many. This could be done by creating a new zone (say "hsbl.spamcop.net") which only includes the more 'spammy' hosts.

This would enable users of the SpamCop service to pick a level of spamminess of server from which they want to block mail, rather than the current binary situation.

Best regards

Matthew Day

Link to comment
Share on other sites

As I understand it, SpamCop lists all blacklisted hosts in the same zone "bl.spamcop.net"

The service could be made more flexible by differentiating between those hosts which have only sent a few spam messages in the last x-days and those which have sent many.  This could be done by creating a new zone (say "hsbl.spamcop.net") which only includes the more 'spammy' hosts.

This would enable users of the SpamCop service to pick a level of spamminess of server from which they want to block mail, rather than the current binary situation.

Best regards

Matthew Day

That would only encourage more spammers to move around in order to avoid their "special offers" from being rejected. There is already enough of that, many spammers have long lists of open proxy, open relays, and/or trojaned machines and move after only a few spams. This type of listing would probably cause many of them to re-use hijacked machines they normally would abandon once a listing occured.

Link to comment
Share on other sites

Spambo

My idea was to make the service more customisable so that mailadmins could choose the level of "spamminess" of server that they block mail from. You sound very happy with the level at which the current SpamCop threshold is set but others find SpamCop's current threshold too agressive.

My suggestion was to give mailadmins a means of choosing the level of "aggresiveness" of filtering that suits them, since SpamCop's classification system is heavily automated it looked like the ideal BL to implement multiple thresholds.

- it's all about improving the service by giving SpamCop users more choice.

Best

Mat

Link to comment
Share on other sites

IMHO, it is an excellent suggestion, but I think what Spambo was saying is that once spammers knew that there was a distinction, they would manipulate how they send spam in order to get on the "aggressive" list.

I don't understand why spamcop is still considered aggressive. If it blocks "innocent" users, it is generally because there is a trojanized machine which is good for everyone to know. There are ways to still use email while things are being fixed.

In addition, Entries on the scbl age off quickly whereas other lists have months long backlogs. If a network with a trojanized machine did not get blocked and become aware of the problem via spamcop, then they may end up on one of the other lists that are more difficult to get off.

If mail admins would just convince people that the *sender* is the one who is responsible for choosing a reliable email system since only the *sending* end can fix the problem, spamcop would not be too aggressive.

OTOH, there must be /some/ way to recognize whitehat ISP's so that they are not on the scbl for as long as unknown and perpetual listees. Though, the main reason no idea has been implemented, AFAICT, is that all of them proposed to date are open to spammer manipulation.

Miss Betsy

Link to comment
Share on other sites

Miss Betsy

Thanks.

NB Below is just my oppinion, I'm in no way trying to claim that it's more "right" than anyone else's.

An example (from today) of where we find SpamCop too agressive was that the server: (web25005.mail.ukl.yahoo.com [217.12.10.41]) is blacklisted.

The report for this IP says:

"

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 129.7 days. It has been listed for less than 24 hours.

* In the past week, this system has: Been reported as a source of spam less than 10 times

* Been witnessed sending mail about 130 times

"

SpamCop's current approach is that servers for which there are only a few reports of spam at a time and which aren't reported very often are only listed in the RBL for a short while.

It would be great if, instead (or rather, in addition), there was a separate BL which didn't include these not-very-spammy servers, just the more serious/persistent offenders.

SpamCop has by far the best system for listing/unlisting hosts and because so much of it is automated I thought it would be the best candidate to provide the first multi-layered RBL.

Best

Mat

Link to comment
Share on other sites

The original intent for the BL on SpamCop was a "quick reaction" to a spam run. You're asking for another baseline to be placed. Only Julian can give the definitive answer, but I would see this as way down the priority list. From my perspective, what you are really asking about goes to anyone's decision making process on deciding whther to use a BL at all, and if so, which ones. If you don't agree with the specific BL's guidelines on what it takes to meet their criterion, then it shouldn't be added into the arsenal of e-mail server / account protection tools. Not knocking the suggestion, I was just pointing out that what you're asking for is changing one of the major reasons that makes the SpamCopBL unique.

Link to comment
Share on other sites

<snip>

If you don't agree with the specific BL's guidelines on what it takes to meet their criterion, then don't use it.

Hi, Wazoo,

...That might be interpreted as condescending and dismissive. That was not your intent, correct?

Link to comment
Share on other sites

SpamCop's current approach is that servers for which there are only a few reports of spam at a time and which aren't reported very often are only listed in the RBL for a short while.

It would be great if, instead (or rather, in addition), there was a separate BL which didn't include these not-very-spammy servers, just the more serious/persistent offenders.

Most of these server admins appreciate the spamcop headsup and fix their machines quickly which is why they are not listed very long. However, if they do get listed, it still protects lots of people from getting spam. Think of being blocked as being in traffic jam because there is an accident. It is just one of those things that happen sometimes. As Wazoo said, that is part of the intent of spamcop - to stop spam runs in progress. And spam is spam whether it is coming from a whitehat or blackhat.

SpamCop has by far the best system for listing/unlisting hosts and because so much of it is automated I thought it would be the best candidate to provide the first multi-layered RBL.

The best suggestion that I have heard for "de-aggressive-nizing" spamcop was to give both reporters and admins points in the algorithym. So that more experienced reporters with no mistakes would put more points on the IP address and IP addresses with good records would get points that would get them off the bl more quickly. That preserves the intent of early reporting and blocking, yet doesn't penalize admins who respond quickly and have taken preventative measures (and possibly at the same does penalize those who are habitual tenants). If the reporters are also graded, then there are fewer mistakes that cause someone to be listed (another factor in the aggressivenes).

If you can think of a way, that the spammers can't manipulate to their advantage, to give white hat admins an advantage so that they automatically are removed when they fix the problem (or close to it), that also preserves the stopping of spam as soon as it is detected, by all means post it in the SpamCop Lounge.

This forum is for newcomers to using spamcop and for those who need advice because they are blacklisted. Other discussions tend to frustrate those who come for help. (And I know, the instructions do not say that. This web forum is relatively new and still developing. You could also post in the spamcop newsgroup which some people prefer for discussions like this).

Miss Betsy

Link to comment
Share on other sites

<snip>

SpamCop has by far the best system for listing/unlisting hosts and because so much of it is automated I thought it would be the best candidate to provide the first multi-layered RBL.

It's WAAAAAY too late for SC to provide the first "multi-layered" DNSBL. SPEWS has offered two levels for about 2 1/2 years and there are other lists that return more than positive/negative.. Osirusoft reported something like 9 different levels before it shut down a few months ago.

SpamCop has got a unique offering in that it is designed to detect and list spammers, sometimes within minutes of beginning a spam run. There are a number of blocklists than offer listings of spammers who aren't "moving targets" so admins that want that level of protection already have it.

IMO SpamCop should offer another level but my idea is an even quicker responding level, not one that waits longer when spammy finds a "virgin" IP to begin spewing from.

Link to comment
Share on other sites

I'd love to see a SpamCop Spamvertized IP Block List and a companion SpamCop Spamvertized URL Block List. The data already exists, it's just not being published as a DNSBL or URLBL.

Link to comment
Share on other sites

surely it exists, but is it collated, folded, and spindled? and the code and decision base of what parameter would one put on a web site? sub-domains, domains, or just certain specific pages? And from the end user, gads what a mess ... is it blocked by the ISP due to use of such a block list, is user infected with something like QHOST, would user even notice after picking up something like CoolSearch so user rarely gets to the page that was pointed at to begin with, or is it just another dang OS problem ..???

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...