Seems like more spam now

[StevenUnderwood]

I have back-tracked through the SpamCop site to see what it actually says and have to disagree with most of what has been said to me here in the forum.

36328[/snapback]

I provided a link to this AND posted another excerpt from that page in Linear Post #42 I have modified that post to placew the quote in a quote box.

[Jeff G.]

I think it is 'offered' but not sent.  IOW, an interested person would have to seek it out.

36332[/snapback]

These appear to be the "email alerts", "Periodic Summary Reports", and/or "Aggregate Reports" I referred to as being available to ISPs in FAQ Entry: SpamCop Account Types.

Having signed up long before there were 'mole' reporters, I can't make any comment on what was presented when you chose that option that would make it clearer that no reports are sent.  As a matter of fact, I believe that it has gone back and forth several times on whether reports are sent so possibly when you signed up, reports were being sent.

36332[/snapback]

Having followed them from the beginning, I don't think normal Reports were ever sent by 'mole' Reporters.

[Wazoo]

The page "SpamCop FAQ: What is "mole" reporting?" states: --

To me, that does not suggest at all that 'no reports will be sent'. It simply means that my name and email address [or any other mole reporters] will not be associated with the reports - just the statistics.

just the statistics = SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly consciencious ISPs will still find some value in these aggregate numbers, = no reports, only statistics made available ....

One would hope that the information is being passed on to other organisations who would be interested in validated information on spam and Spammers and their Spamvertised sites.

Data is "made available" ....

And, by the way, it was only several clicks deep into the site that much of the information in question became available

Several clicks deep suggests;

browser was sent to www.spamcop.net

Help link was tapped

SpamCop FAQ was pulled up on screen

SpamCop Parsing and Reporting Service link was selected and clicked on

What is "mole" reporting? link was clicked on, data read

In contrast, one could go to the Forum version, single-page access point, linked to at the top of this page in a couple of different fashions (one opens a new window, the other 'takes one to the page' and in the Pinned pointers at the top of each Forum entry screen - Pinned: Original SpamCop FAQ Plus - Read before Posting

Follow one of those links, and you have a single page to scroll through ... and one of the first things seen there is a "jump-to" list to even possible shorten up the scroll-down process .... under the section SpamCop Parsing and Reporting Service the link n question is "buried" as seen in this snippet;

How do I submit spam via email?

What is Mole Reporting?

What is Quick Reporting?

How can I unsend a Report?

and was clear only because I have used the site, this forum and thought and discussed it quite a lot. In my opinion, the information needs to be made available up front and in order much more than it is.

36328[/snapback]

As I'm in the process of trying to populate the Knowledgebase/ view of this same FAQ (this link bit seen at http://forum.spamcop.net/forums/index.php?act=faq&article=29 ) you have the opportunity to open up a new bit of discussion in the FAQ Development Forum and suggest your "better" wording.

I believe there is a "part" score added to SCBL for mole reporting, as is the count used by SpamCop's spam Traps 

A larger score/count is used by a "normal" SpamCop report meaning a Normal and or unmunged report will list a spamming IP quicker

36331[/snapback]

The last data released "publicly" can be found in the Announcements Forum, Mole Reporting is Back, Kind of (?)

These appear to be the "email alerts", "Periodic Summary Reports", and/or "Aggregate Reports" I referred to as being available to ISPs in FAQ Entry: SpamCop Account Types.Having followed them from the beginning, I don't think normal Reports were ever sent by 'mole' Reporters.

36336[/snapback]

I agree .. Mole reports have never been "sent" anywhere. The only thing "changed" has to do with what happens with the data they represent, and once again, I can only point to the "last data released publicly" found in the Announcements Forum Mole Reporting is Back, Kind of (?).

[PGTips91]

just the statistics = SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly conscientious ISPs will still find some value in these aggregate numbers, = no reports, only statistics made available ....

Data is "made available" ....

Mole reports have never been "sent" anywhere.  The only thing "changed" has to do with what happens with the data they represent, and once again, I can only point to the "last data released publicly" found in the Announcements Forum Mole Reporting is Back, Kind of (?).

However, it seems from the 'SURBL - spam URI Realtime Blocklists' site [http://www.surbl.org/], that Spamvertised sites from SpamCop are passed on to them and end up in their blocklist. That is a lot more than just being available if the ISP is interested.

I noticed this in passing and didn't note the actual page, however, see for example the 'Usage' page: --

The SpamCop-URI-derived SURBL can be found in sc.surbl.org. It includes both domain name an reversed-numeric addresses of SpamCop-reported spam sites in the standard formats: spamdomain.com.sc.surbl.org for name-based references, and 4.3.2.1.sc.surbl.org for numbered references. Matching references return an Address (A) Resource Record of 127.0.0.2 and a Text (TXT) Resource Record currently reading: "Message body contains SpamCop spamvertised domain." In other words, it looks like a typical RBL.

From their Introduction page : --

Spammers have found ways to get around conventional RBLs by stealing services from multiple open relays or hijacking computers using viruses or trojan horse programs. Because of this theft of services and forced entry into unsuspecting victim computers, spammers are able to exploit multiple new mail sources, sometimes for only a few minutes at a time, faster than RBLs can identify and block mail from those addresses. This is a significant weakness in conventional RBLs, and spammers have devised various ways to exploit it.

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

Paul

[Miss Betsy]

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

38398[/snapback]

The problem of trojaned machines is easily solved if ISPs would cut connectivity immediately. And, the scbl is particularly good in this area, because the spam that people get is reported and the ISP gets a report. If they are responsible ISPs, they investigate and find out that there is outgoing traffic that shouldn't be.

Most server admins do not depend on one bl to stop spam - they use a mixture of methods. That does not diminish the value of bls.

And it points out what I have been saying - that no matter what methods one devises to keep spammers (particularly the scammers) OUT, there will always be ways to get around those barriers. What needs to be done is to make the *sending* end responsible by education and monetary pressure - something that does work with some people - not people like Langa who think because they would have to make an effort, it is not a good idea.

If the *sending* end cooperated and the receiving end used bls, then pretty soon spam would be controlled.

Miss Betsy

[StevenUnderwood]

However, it seems from the 'SURBL - spam URI Realtime Blocklists' site [http://www.surbl.org/], that Spamvertised sites from SpamCop are passed on to them and end up in their blocklist. That is a lot more than just being available if the ISP is interested.

38398[/snapback]

This information is not "passed on" to them. They simply parse the available information from the spamcop webpage and use it for their own purpose. I think they (SURBL) did send notice to spamcop they were doing this, but I don't think they ever got a reply of any kind.

Now that is what I have been contending for here for some time, with little support from others it seems. I am glad to find someone who sees things as I do for a change.

38398[/snapback]

Spammers have been trying to get around blocklists as long as blocklists have been around. In my experience, they are not very successful in doing so getting around the combination the SpamCop email service provides. I generally get less than one spam slipping by spamcop's filters a day. I am also not sure of your <can't think of word here> that mole report information is put into that publically available web site of reported spamvertized sites which is available here: http://www.spamcop.net/w3m?action=inprogress;type=www

[PGTips91]

This information is not "passed on" to them.  They simply parse the available information from the spamcop webpage and use it for their own purpose. I think they (SURBL) did send notice to spamcop they were doing this, but I don't think they ever got a reply of any kind.

Well, at least the effort of ensuring the Spamvertised sites are reported seems worthwhile if blocklists are based on this information rather than it just being filed for information of responsible ISPs! I can't for the life of me see much good coming from that course of action by SpamCop.

Spammers have been trying to get around blocklists as long as blocklists have been around.  In my experience, they are not very successful in doing so getting around the combination the SpamCop email service provides.  I generally get less than one spam slipping by spamcop's filters a day.

The idea that I have been promoting would turn it around and make the Spammers try and get onto a 'White list', which they could do only by agreeing to certain conditions that would expose them to commercial penalties if broken. This would have much more effect than the current system of blocklists, which are forever playing catch-up with the SpamBots and do let enough through to keep it economic for the Spammers. Also, it costs everyone else but the Spammers to maintain the system while they get to send billions of emails at our expense.

I am also not sure of your <can't think of word here> that mole report information is put into that publically available web site of reported spamvertized sites which is available here: http://www.spamcop.net/w3m?action=inprogress;type=www

There is not good communication going on about this whole issue on the SpamCop web site. It is part of a wider problem of lack of accountability that exists here, too.

Paul

[StevenUnderwood]

The idea that I have been promoting would turn it around and make the Spammers try and get onto a 'White list', which they could do only by agreeing to certain conditions that would expose them to commercial penalties if broken.

38415[/snapback]

So you want to put the 99% of all IP's which are good onto a whitelist? How would you start this whitelist? Are you going to charge for it? There are systems already in place (BondedSender, for instance) already trying to use this model. If you think you have a better idea, go for it. If it is good and you promote it, it will catch on. I just don't know how you would acurately maintain a list of 4 billion IP addresses.

[PGTips91]

So you want to put the 99% of all IP's which are good onto a whitelist?  How would you start this whitelist?  Are you going to charge for it?  There are systems already in place (BondedSender, for instance) already trying to use this model. If you think you have a better idea, go for it.  If it is good and you promote it, it will catch on.  I just don't know how you would accurately maintain a list of 4 billion IP addresses.

38428[/snapback]

Hi Steven,

Thank you for your contributions to this thread.

Maybe I should not have used the word "whitelist" as that would presuppose that someone would have to maintain a separate list, which would never be up to date, just like blacklists can never be up to date. Rather the concept is to include the information in the DNS system. The responsibility to supply the information would rest with all those ISPs and without their cooperation they would be excluded from the secure email network.

I know that there are systems, based on the current insecure email system, that try to do some of what I am proposing. The difference in what I propose is that there be a completely separate secure email system, with proper commercial/legal protections to ensure compliance by participating individuals or entities. Entry to the network would be by commercially binding agreement with some overseeing entity or entities with penalties for breeches of the agreement [read sending spam, hosting spammers, allowing open relays, etc].

From my limited research I think that this is a novel approach. If I am wrong and there are already proposals to do something like this I'd be glad to hear about it.

Paul

[Wazoo]

From my limited research I think that this is a novel approach. If I am wrong and there are already proposals to do something like this I'd be glad to hear about it.

38432[/snapback]

The "limited research" is part of the "lack of responses/interest" you alleged in one of your recen postings. Here's a "blast from the past" that pretty much covers most of the ground you're trying to cover in your "new" approach ..... start with the X.400 protocols/standards, see also the X.500 .....

[Jeff G.]

the concept is to include the information in the DNS system. The responsibility to supply the information would rest with all those ISPs and without their cooperation they would be excluded from the secure email network.

38432[/snapback]

By "include the information in the DNS system", I assume that you mean within the current standard fields, as currently maintained by ICANN, the IANA, ISPs, and private network admins worldwide. Exactly what information would be put in the DNS system (exactly what info in exactly what fields), by exactly whom? If the senders put it in, so can spammer senders. If the recipients put it in, how do they know what info to put in? If a third party puts it in, then the third party would be maintaining a DNS-based whitelist that would need to scale to nearly 4 billion entries (not to mention IPv6), and who would pay that third party to do that?

Even if there were only ten thousand legit responsible networks (there are many more, but humor me), your concept appears to include legal agreements between all of them, a total of a hundred million agreements, with each network's legal team having to keep track of ten thousand each. Sorry, but it just doesn't scale.

If your concept includes expanding the DNS system by expanding its specification, exactly how would you do that? SPF hasn't even done that.

Thanks!

[mozartm]

Could somebody explain what I should do after I complained to some adminstrator

and got a lot more spams after than before?

Those adminstrator email, all of them looks legimate, with "anti-spam", "abuse", "cnc-abuse" or with "[at]devnull.spamcop.net" at the end.

What happened is I have used the spamcop.net for more than 2 years on my University alumni account. At that time I always get about 2 to 3 spam/junk mail per day, usually from these Chinese admin after processing via Spamcop:

ip-admin[at]online.sh.cn

postmaster#online.sh.cn[at]devnull.spamcop.net

webmaster#online.sh.cn[at]devnull.spamcop.net

wengwq[at]online.sh.cn <-- these one I "unchecked" from reporting system because it does not look legimate

These two years I got gradually more spams, usually into 5-6 spams a day, that includes:

postmaster#cnc-noc.net[at]devnull.spamcop.net

abuse[at]cnc-noc.net

abuse[at]chinanet.cn.net

All of them usually have Sprint as ISP on this side, cnc-abuse[at]abuse.sprint.net

What happened last two weeks after sending to the above sites was much worse, I got about 15 spams per day. So I'm sure some of the complaints I use on spamcop were used against me and to generate more spams.

What happened last few days got even worse, I got about 35-40 spams a day, mostly of them always have similiar messages with the Linked sites at the same ISP hosting them, like "Video Cam Hookup", "Don't be alone again"

So to summarize I'm 100% some of the following email I reported to were used against me as **A LOT** more spams came in now. What should I do? I don't report to these mostly "Chinese" and some "Korean" admin/hostmaster/postmaster anymore, but will I get gradually 100 emails a day if I don't do something? Are reporting to [at]devnull.spamcop.net addresses safe?

The list below definitely have "dark-side" admin who uses the abuse report against you:

postmaster#online.sh.cn[at]devnull.spamcop.net

anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net

ip-admin[at]mail.online.sh.cn

webmaster#online.sh.cn[at]devnull.spamcop.net

wengwq[at]online.sh.cn

abuse#gddc.com.cn[at]devnull.spamcop.net

postmaster#cnc-noc.net[at]devnull.spamcop.net

abuse[at]cnc-noc.net

abuse[at]chinanet.cn.net

postmaster[at]china-netcom.com

crnet_tec[at]chinatietong.com

crnet_mgr[at]chinatietong.com

postmaster[at]chinatietong.com

abuse[at]hanaro.com

cnc-abuse[at]abuse.sprint.net

postmaster[at]public1.nc.jx.cn

root#public1.nc.jx.cn[at]devnull.spamcop.net

hostmaster#public1.nc.jx.cn[at]devnull.spamcop.net

abuse[at]fjdcb.fz.fj.cn

root#dns.fz.fj.cn[at]devnull.spamcop.net

abuse#dqt.com.cn[at]devnull.spamcop.net

postmaster[at]dqt.com.cn

postmaster#bta.net.cn[at]devnull.spamcop.net

postmaster[at]wh.hb.cn

anti-spam#ns.chinanet.cn.net[at]devnull.spamcop.net

spam_hb[at]public.wh.hb.cn

abuse_hb[at]public.wh.hb.cn

abuse[at]jsinfo.net

abuse[at]pub.nt.jsinfo.net

[Wazoo]

[at]devnull ..... see the SpamCop Glossary or the recently announced SpamCop Dictionary for what this means ...

SpamCop FAQ linked to at the top of this page

Original SpamCop FAQ & Added Forum Items, Never up to date, changes often

Under the SpamCop Parsing and Reporting Service section;

Why did my spam load increase after I started Reporting?

and actually this "new" Topic will be Moved/Merged into this existing Topic/Discussion ....

PM sent to advise of this Move/Merge action

[Telarin]

It is not unusual for the amount of spam received at any email address to gradually increase over time. Especially if your email address is published on a publicly available website as is often the case with alumni directories.

There is no way to attribute this increase to a particular cause such as spamcop reporting. I started reporting spam to spamcop from a "mature" email address. It is an address that I have been using for about 10 years, and has received a constant amount of spam for a long time. The assumption here is that the address is old enough that its already on all the lists.

There has been no change in the amount of spam received at this address despite reporting spam to spamcop for several months, so I find it unlikely that that is the cause of your increase in spam.

Instead, I would look at other factors. Do you post to usenet groups using your address in an unmunged form? Is it listed in any online profiles or directories that are publicly available? Have you used it to buy anything online? All of these factors can potentially provide your email address to spammers.

The bad news, is once you get on one of their lists, they all trade and sell their lists, so it will only be a matter of time before you are on all the spam lists.

The only thing you can do at that point is either use filtering to bring the spam down to a level that you can live with, or abandon the email address altogether.

[Black Tiger]

There is no way to attribute this increase to a particular cause such as spamcop reporting.

I strongly disagree with you there.

Take myself. I have several email addresses and a certain amount of spam per day which lies about 15 spammails per email address.

I started to report with one of my addresses a few days ago now.

The other email addresses have their normal spam amount, but the one I was reporting for is now raised to about 30 spam emails a day.

And that was not mole reporting.

I did not think that the amount of spam I received would be less by reporting, but I also did not think it would increase that much.

The reason I started reporting to Spamcop was because I want to help fighting spam because it has grown to much over the years.

Second reason was that there are a lot of dns blacklists around, but also a lot which blacklist ip's on the wrong arguments, or... which I also discovered, blacklist some isp and if he wants of the blacklist, he has to pay for it. This happened with an adsl-provider, versatel.nl, wanadoo.nl or home.nl (not sure which one).

The world is not being helped by blocking whole domains because of a few users which spam because their computers are hacked or have worm or such.

This is the reason I went looking for a system which is trustworthy, where support is good and questions can be asked and spam can be reported for free.

This way I ended up at Spamcop. And I like it.

But I can support the statement that spam grows when reporting mail as spam when not being a mole. That's a sure fact.

I have no clue why this did not happen to you, but that's only positive for you and I would be happy about it.

However, I'm not very good in understanding all English because I'm Dutch. In spite of all efforts to explain what's happening if you're a mole I just don't quite understand if spammers get on the spamcop blacklist or not when you report as a mole.

To my opinion, it should be this way.

Interesting discussion by the way. I'm also pleasantly surprised about the kindness en friendliness the way people communicate and discuss with each other on this forum.

My compliments for that!

[dra007]

Well, spammers are scum, immoral and criminal, if they know someone is actively opposing them they will attempt retaliation sooner or later. Maybe less nowdays when they are sending millions of spam ...But..

Often you will see identifiers within the spam, which are as plain as your e-mail address but can also be a code which can trace back a report to you, regardless of that report being munged ..

Since I started reported here I have had waves of virus attacks, port scans (through Korean and Chinese servers) and trojan attempts, one as recently as today (posted in the Lounge)..

Of course, in their sick and criminal mind they think intimidation will work... In my case it has the opposite effect, just makes the fight more worthwhile... and it is a sure sign that I am disturbing their criminal activities..

[StevenUnderwood]

I strongly disagree with you there.

Take myself. I have several email addresses and a certain amount of spam per day which lies about 15 spammails per email address.

I started to report with one of my addresses a few days ago now.

The other email addresses have their normal spam amount, but the one I was reporting for is now raised to about 30 spam emails a day.

And that was not mole reporting.

39596[/snapback]

Also suspect is your handling of the spam. Many people when they start to report spam start opening it to be sure of what they are reporting, setting off the web bugs embedded in the spam and alerting the spammer of a live address. This is not a response to the reporting itself as the same would happen if you opened the email but never reported anything.

You should always open your spam off-line or in a text only mode to minimize this risk.

[tadpole88]

I was getting about 10-15 spam emails a day and then decided to use SPAMCOP to eliminate or tone down the number of spam emails and it back fired. After reporting the emails using spamcop the number of emails I have now started receiving have gone up to about 30-50 spam emails a day. I have tried several filtering methods but can't seem to get anything to work to eliminate or automate the deleting of the messages can anyone here tell me why the spam increased and what should I do next?

Tadpole88

[Telarin]

Reporting alone will not reduce the number of spams you receive, your spam will continue to increase at the normal rate (seems about 100% per 6-12 month period to me, but that is just my personal experience). In order to get any benefit from reporting to spamcop, you must use some tool that will check incoming mail against the SCBL. If you run your own mailserver, simply setting up incoming connection filtering to use the SCBL should do the trick. If not, there are a number of tools available capable of taking advantage of the data in the SCBL for various mail clients.

[craigt]

... there are a number of tools available capable of taking advantage of the data in the SCBL for various mail clients.

Could you point me in the direction to find the tool list for mail clients; I would love to run my own mailserver but running any server is against my ISP's TOS.

[dra007]

Could you point me in the direction to find the tool list for mail clients; I would love to run my own mailserver but running any server is against my ISP's TOS.

No, you can use spampal to filter your inbox. Free to download and easy to configure.

[Wazoo]

Tried for quite a while, but still can't really make sense of the Subject/Title of this Topic ..????

Could you point me in the direction to find the tool list for mail clients; I would love to run my own mailserver but running any server is against my ISP's TOS.

I know I had built up a FAQ for this. Went looking for it .. OK, it was in a version of the FAQ that was 'internal' to the Forum, and it didn't make the last upgrade to this application. Will try to pull up what I had put together once upon a time, see if I can put it into the Wiki... but SpamPal comes up often enough, not sure why it would still be "unknown" ....

On the other hand, the "subject matter" is addressed within the current SpamCop FAQ here ... Why did my spam load increase after I started Reporting?

[Farelf]

Tried for quite a while, but still can't really make sense of the Subject/Title of this Topic ..???? ...

"Reported spam, now getting bombarded" is the sense of it. As dear old Omar said:

The Moving Finger writes; and, having writ,

Moves on; nor all your Piety nor Wit

Shall lure it back to cancel half a Line,

Nor all your Tears wash out a Word of it.

However if the OP would verify "we" would be happy to change his title for him (and maybe even if he doesn't) thus saving further puzzlement to those of tidy mind, more importantly assisting the future recall of the discussion.

[Wazoo]

"Reported spam, now getting bombarded" is the sense of it.

OK, caught up elsewhere, running back through this, you probably quoted the intent corrently .. and with that, Merged this into the previously referenced 'other Topic' .. PM sent to advise of the Move/Merge ..

[nomad]

same with me, i report a small amount to spam cop then got bombarded with spam, its got so bad now i am setting up a new e.mail and will hide myself away from spammers, nothing gets done, in fact i checked a few reports and they said ignore spamcop reports !!! i really wanted to fight these time wasting tossers but spamcop doesnt work , maybe due to the fact that one of the spammers took ironport to court ? if this isnt the case then please answer this question " why is it when we report spam we get an increase ? surely if we report it correctly then the spammers will be stopped and our e.mails free from spam ? its not the case . i leave and never report any more spam for fear of floodgates being opened once more. thanks nomad