phpBB auto-notifications being blocked

[Alanna]

I run a website, http://dramatis-personae.com, with an adjacent forum run on phpBB2. One of my users, Honomala, is consistantly having mail bounced back to me because of SpamCop. This is the lastest one, received by me just today:

This is the Postfix program at host spunkymail-a9.dreamhost.com.

I'm sorry to have to inform you that your message could not be

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

The Postfix program

<**email removed**>: host mx1.wmis.net[216.109.194.81] said: 554 5.7.1 Service

unavailable; Client host [208.97.132.62] blocked using bl.spamcop.net;

Blocked - see http://www.spamcop.net/bl.shtml?208.97.132.62 (in reply to

RCPT TO command)

With a copy of the email as an attachment. The email is a regular auto-notification that he has a new Private Message on the board. He has been a regular member of my boards for a year now, but this problem only began a few weeks-- maybe a month-- ago. When it first started, I contacted him asking for an alternate email address, then upon closer inspection told him his spam blocker was blocking us. He sent the following:

It's a spam service through my ISP, so I'm not sure what program they use. Weird thing #1 is that I should be able to view your message on a Web site and decide if I want to trash it or send it along; it shouldn't just be blocking it outright like that. Weird thing #2 is that alanna[at]dramatis-personae.com is on the Approved Senders list, so anything you send should just get forwarded along. Are you using a different address that I should also add to the approved list?

As far as I know, all the auto-mail from the baords come from the alanna[at]dramatis-personae.com address. It should be the same server as my regular mail that I send personally through that address.

I checked the FAQ and my blocked IP's status. The status page said I was being blocked due to "misdirected bounces," but this message is not, as far as I can tell, being bounced from anywhere except my user's mailbox. It also said there were five other complaints of this nature. From my (albeit limited) understanding of the explanation of mail bounces, it said this error occurs because someone sends an email that cannot be delivered and then the autoreply saying it could not be delivered is sent to the wrong address, causing the autoreplier to then be blacklisted? If I'm not understanding properly, if someone could please clarify I'd appreciate it.

I'm not a spammer. Any user can turn on or off the email notification option quite easily. So why am I listed as one? I searched the forum for phpBB and didn't see anything related to a bug associated with phpBB autonotifications.

Any advice is welcome before I try the "contact a person" option.

[Wazoo]

http://www.spamcop.net/w3m?action=blcheck&...p=208.97.132.62

208.97.132.62 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

It appears this listing is caused by misdirected bounces.

Additional potential problems

System administrator has already delisted this system once

Other hosts in this "neighborhood" with spam reports

208.97.132.5 208.97.132.53 208.97.132.61 208.97.132.98 208.97.132.118 208.97.132.176

http://www.senderbase.org/?searchBy=ipaddr...g=208.97.132.62

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day .......... 5.0 .. 359%

Last 30 days .... 4.5 .... 56%

Average .......... 4.3

Parsing input: 208.97.132.62

host 208.97.132.62 = sd-green-bigip-62.dreamhost.com (cached)

host 208.97.132.62 = sd-green-bigip-62.dreamhost.com (cached)

Routing details for 208.97.132.62

Cached whois for 208.97.132.62 : abuse[at]dreamhost.com

Using abuse net on abuse[at]dreamhost.com

abuse net dreamhost.com = abuse[at]dreamhost.com

Using best contacts abuse[at]dreamhost.com

You appear to be using a "shared" server as your outgoing e-mail server ... so the problem may not be "you" .... rather one of your co-hosted places on that network ....

A magnitude of 5, per SenderBase's "Magnitude" Explained . equates to something like 134,000 e-mails a day ... is your forum that busy?

Curious listing, not part of the "blocked" issue, just a bit of oddness in the "preference" column ...

ns3.dreamhost.com reports the following MX records:

Preference Host Name IP Address TTL

0 fltr-in2.mail.dreamhost.com 66.33.206.231 14400

0 fltr-in3.mail.dreamhost.com 66.33.206.232 14400

0 fltr-in1.mail.dreamhost.com 66.33.206.230 14400

[Telarin]

Weird thing #1 is that I should be able to view your message on a Web site and decide if I want to trash it or send it along; it shouldn't just be blocking it outright like that.

Absolutely correct, however, spamcop has no control over how any ISP uses (or misuses) its list. This would be entirely up to the receiving ISP. In fact, spamcop itself recommends AGAINST using the SCBL to direcly block mail.

Weird thing #2 is that alanna[at]dramatis-personae.com is on the Approved Senders list, so anything you send should just get forwarded along.

Again, this is a generally correct assumption, however, his ISP may be blocking using the SCBL before actually checking his Approved Senders list. This would definitely be the case if the approved senders list is something in his local email client, in which case there would be no way for his ISP to check it or even be aware that it existed.

I checked the FAQ and my blocked IP's status. The status page said I was being blocked due to "misdirected bounces," but this message is not, as far as I can tell, being bounced from anywhere except my user's mailbox. It also said there were five other complaints of this nature. From my (albeit limited) understanding of the explanation of mail bounces, it said this error occurs because someone sends an email that cannot be delivered and then the autoreply saying it could not be delivered is sent to the wrong address, causing the autoreplier to then be blacklisted? If I'm not understanding properly, if someone could please clarify I'd appreciate it.

Glad to hear you started looking for an answer by checking the FAQ, that is a good place to start. Your understanding is pretty much correct, but I will elaborate a bit more.

In a correctly configured mail server, here is what happens:

Sending Server (SS) connects to Receiving Server (RS)

SS initiates a message to user[at]RS.tld

RS responds with a 500 error (meaning permanent failure) and details such as message refused, user over quota, user does not exist, etc.

SS generates an NDR (Non-Delivery Report) for the sender

In an incorrectly configured mail server, things go wrong:

Sending Server (SS) connects to Receiving Server (RS)

SS initiates a message to user[at]RS.tld

RS accepts the message for delivery

RS then checks to see if user exists, is over-quota, etc.

RS decides (after it has already accepted the message) that it cannot deliver message

RS connects to SS

RS initiates a message to user[at]SS.tld and sends its NDR

Now while this doesn't look horribly wrong (albeit slightly less efficient) the problem comes in when the initial message was spam. spam almost ALWAYS uses a forged from address, and often comes through zombied PCs.

In the first instance, when the RS responds with a 500 failure to the SS (a zombied computer), nothing happens as the zombie is not going to generate an NDR.

In the second instance, when the RS accepts the message and then tries to send an NDR, it ends up sending that NDR to user[at]SS.tld, who likely doesn't exist at all, and if he does, had nothing to do with the initial spam other than being unlucky enough to have his address forged as the from.

These "post-facto" bounces have become a major problem when you consider that a single spam run may send a million or more emails using the same forged from address. I personally have received more than 1000 of these bounces in a 24-hour period simply because some spammer decided to forge my from address.

Bounces like this can get your server listed in the SCBL. Once your server is listed, ISP that use the SCBL with either block or filter mail sent from your server to their users.

The SCBL is a completely automated process, so if you turn of post-facto bounces (let us know what mail server software you are using, and someone here can probably point you in the right direction on how to do that) your server will automatically be removed from the list after no more than 24 hours after the last spam or misdirected bounce is seen.

[StevenUnderwood]

Most of the reports against that server appear to be bounces to the spamtrap addresses:

Report History: 
--------------------------------------------------
Submitted: Friday, August 25, 2006 8:10:47 AM -0400: 
Undelivered Mail Returned to Sender 
1891546995 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
--------------------------------------------------
Submitted: Thursday, August 24, 2006 10:10:28 PM -0400: 
Undelivered Mail Returned to Sender 
1891024218 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
--------------------------------------------
Submitted: Thursday, August 24, 2006 7:08:42 PM -0400: 
Undelivered Mail Returned to Sender 
1890884013 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
-------------------------------------------------
Submitted: Thursday, August 24, 2006 9:38:04 AM -0400: 
Undelivered Mail Returned to Sender 
1890234825 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
------------------------------------------------
Submitted: Thursday, August 24, 2006 6:36:13 AM -0400: 
Undelivered Mail Returned to Sender 
1890046819 ( 208.97.132.62 ) To: spamcop[at]imaphost.com 
1890046818 ( 208.97.132.62 ) To: abuse[at]dreamhost.com 
----------------------------------------------
Submitted: Wednesday, August 23, 2006 3:44:25 AM -0400: 
Undelivered Mail Returned to Sender 
1888331258 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
----------------------------------------------
Submitted: Wednesday, August 23, 2006 2:45:38 AM -0400: 
Undelivered Mail Returned to Sender 
1888281029 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net
---------------------------------------------
Submitted: Tuesday, August 22, 2006 4:27:12 PM -0400: 
Undelivered Mail Returned to Sender 
1887747321 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net 
------------------------------------------
Submitted: Tuesday, August 22, 2006 1:09:00 PM -0400: 
Undelivered Mail Returned to Sender 
1887524766 ( 208.97.132.62 ) To: uube[at]devnull.spamcop.net

I just attempted an SMTP connection to the IP address and got the following error:

Connecting To 208.97.132.62...Could not open connection to the host, on port 25: Connect failed

So either a server has been turned off to be fixed or moved from that IP address. Hopefully, the former is the case.

[Alanna]

So I am getting from the replies that:

1. It might not be my fault at all but other sites that happen to be on the same server sending from the same IP.

(And no, we're no where NEAR that size to generate over 100,000 emails per day. We have an active userbase of 87.)

2. The problem may lie with my user's ISP, who might be employed SpamCop at the server level before he even receives his mail.

3. It is possible that a spammer has been spoofing my address or at least my IP, and the resultant thousands of bounces from invalid addresses have caused this listing.

(If this is the case, and I understand correctly, the problem should correct itself if the reports cease. However, this problem has been going on, intermittently, for the last month, so obviously something is retriggering it.)

The last comment:

I just attempted an SMTP connection to the IP address and got the following error:

Connecting To 208.97.132.62...Could not open connection to the host, on port 25: Connect failed

So either a server has been turned off to be fixed or moved from that IP address. Hopefully, the former is the case.

So that means, again, the problem may have resolved itself? I hope this is the case.

[petzl]

(If this is the case, and I understand correctly, the problem should correct itself if the reports cease. However, this problem has been going on, intermittently, for the last month, so obviously something is retriggering it.)

The last comment:

So that means, again, the problem may have resolved itself? I hope this is the case.

Somene on that IP is bouncing emails which are being reported as spam

[Wazoo]

1. It might not be my fault at all but other sites that happen to be on the same server sending from the same IP.

(And no, we're no where NEAR that size to generate over 100,000 emails per day. We have an active userbase of 87.)

Correct.

2. The problem may lie with my user's ISP, who might be employed SpamCop at the server level before he even receives his mail.

The "issue" is that the SpamCopDNSBL appears to be used in a blocking fashion at the user's ISP .. and that is something that is up to that ISP .... Even SpamCop.net doesn't recommend this.

3. It is possible that a spammer has been spoofing my address or at least my IP, and the resultant thousands of bounces from invalid addresses have caused this listing.

Neither .... probable indications are that spammer is hitting this server with "forged To: / Reply-To:" e-mails that are then being badly bounced back to those forged addresses. Spoofing is a technical term not associated with this type of behavior.

(If this is the case, and I understand correctly, the problem should correct itself if the reports cease. However, this problem has been going on, intermittently, for the last month, so obviously something is retriggering it.)

Again, "What is on the List?" is a SpamCop FAQ entry here, links at the top of the page .... the "automatic" function of listing/de-listing is described there ....

[Alanna]

Correct.

The "issue" is that the SpamCopDNSBL appears to be used in a blocking fashion at the user's ISP .. and that is something that is up to that ISP .... Even SpamCop.net doesn't recommend this.

Neither .... probable indications are that spammer is hitting this server with "forged To: / Reply-To:" e-mails that are then being badly bounced back to those forged addresses. Spoofing is a technical term not associated with this type of behavior.

Again, "What is on the List?" is a SpamCop FAQ entry here, links at the top of the page .... the "automatic" function of listing/de-listing is described there ....

This is the Postfix program at host spunkymail-mx1.dreamhost.com.

I'm sorry to have to inform you that your message could not be

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

The Postfix program

<address removed> (expanded from <address removed>): host

mail.catklaw.com[63.247.70.209] said: 550-Message rejected because

sd-green-bigip-60.dreamhost.com 550-(spunkymail-mx1.dreamhost.com)

[208.97.132.60]:33504 blacklisted at 550 bl.spamcop.net (in reply to RCPT

TO command)

=======================================================

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

* System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 62.5 days, it has been listed 9 times for a total of 5.8 days

============================================================

Now this is starting all over again with a new user. I think I understand, as well as I can without knowing the miniscule technicalities of mail servers and smtp, how this works-- the question is how to stop it. I understand that the IP will get relisted automatically if there are more complaints. The problem is the complaints are most likely not coming from my particular bit of the server, and thus I have no control over them.

So I guess my question now is--

Is this SpamCop's fault for being to broad in blocking IPs?

Or is this Dreamhost's fault for hosting more than one mail server per IP?

...Or is all this unavoidable?

And how can I tell the difference? I set up my phpBB board, have tweaked it a lot, and done a fair bit of php/MySQL coding, and am a fairly techno-savvy, smart person all around, but I find the IP/hostname gobbledygook extremely difficult to decipher.

Just as an observation, I think it's a very poor spam blocker that catches this much legitimate mail this easily. I would rather deal with individual pieces of spam as they come than miss messages I want; this is why I turned off SpamCop for my own mail. Most people have no idea how to configure this stuff; expecting them to deal with IPs and understand how redirection and bouncing works is not realistic.

[StevenUnderwood]

So I guess my question now is--

1.Is this SpamCop's fault for being to broad in blocking IPs?

2. Or is this Dreamhost's fault for hosting more than one mail server per IP?

3. ...Or is all this unavoidable?

And how can I tell the difference? I set up my phpBB board, have tweaked it a lot, and done a fair bit of php/MySQL coding, and am a fairly techno-savvy, smart person all around, but I find the IP/hostname gobbledygook extremely difficult to decipher.

4.Just as an observation, I think it's a very poor spam blocker that catches this much legitimate mail this easily. I would rather deal with individual pieces of spam as they come than miss messages I want; this is why I turned off SpamCop for my own mail. Most people have no idea how to configure this stuff; expecting them to deal with IPs and understand how redirection and bouncing works is not realistic.

Thank you for the investigation first. Below I have included the reports paying reporters can see for this specific IP address. There are a couple regular reports, mostly UUBE, however.

To answer your questions:

1. The only information available to a mail server receiving a message that is not easily forgable is the IP address that message is coming from. Everything else is provided as part of the message (including previous headers. Therefore, the smallest thing that can be listed reliably is the IP address sending the spam.

2. There can only be one mail server per IP address, but there may be many domains using that server. Having many domains on a single server is not a problem by itself.

3. It is also not unavoidable, but is up to the administrator of that server to do anything about it. This server is sending undeliverable messages to addresses that did not send the original, all over the internet.

4. It is your choice to not use SpamCop just as it is the choice of many administrators to enable it. My domain receives about 80% spam, which is more than 4000 messages today. I find it offensive for you to want me to accept mail from a server that is abusing the internet like this one is.

Report History: 

Don't Display UUBE
------------------------------------------------------------
Submitted: Saturday, September 16, 2006 4:20:52 AM -0400: 
Undelivered Mail Returned to Sender 
1923382197 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-------------------------------------------------------------
Submitted: Friday, September 15, 2006 12:34:48 PM -0400: 
Undelivered Mail Returned to Sender 
1922538637 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------
Submitted: Friday, September 15, 2006 10:15:23 AM -0400: 
Burt Guthrie 
1922386146 ( 71.166.150.189 ) To: spamcop[at]imaphost.com 
1922386141 ( 71.166.150.189 ) To: abuse[at]verizon.net 
1922386135 ( 208.97.132.60 ) To: abuse[at]dreamhost.com 

---------------------------------------------------------
Submitted: Monday, September 11, 2006 9:05:12 AM -0400: 
Undelivered Mail Returned to Sender 
1917038813 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------
Submitted: Monday, September 11, 2006 12:30:09 AM -0400: 
Undelivered Mail Returned to Sender 
1916494721 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

---------------------------------------------------------
Submitted: Sunday, September 10, 2006 1:50:04 PM -0400: 
Undelivered Mail Returned to Sender 
1915927832 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------
Submitted: Friday, September 08, 2006 7:19:17 PM -0400: 
Undelivered Mail Returned to Sender 
1913547207 ( 208.97.132.60 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

[Wazoo]

note that your first complaint/query stated that host mx1.wmis.net rejected the e-mail based on the SpamCopDNSBL listing of 208.97.132.62 (not currently listed)

Your last complaint/query states that host mail.catklaw.com is who rejected that e-mail based on a SpamCopDNSBL listing of 208.97.132.60 (currently listed)

Multiple ISPs using the SpamCopDNSBL in a "blocking fashion" on e-mails coming from an ISP's multiple e-mail servers that have managed to send out enough "bad stuff" to get noticed and recognized ....

And as noted at http://www.spamcop.net/w3m?action=checkblo...p=208.97.132.60 ...

Other hosts in this "neighborhood" with spam reports

208.97.132.5 208.97.132.53 208.97.132.66 208.97.132.74 208.97.132.81 208.97.132.83 208.97.132.98 208.97.132.118 208.97.132.176 208.97.132.202

The guess at this moment is that, just like so many other folks using a "shared" MX output server(s), you have no control over just which server your e-mail actually goes out from ... one e-mail may leave from non-listed server #3, the next e-mail may go out server #7 which is listed .... and this actually only matters if the e-mail is addressed to arrive at an ISP that is using the SpamCopDNSBL as a blocking tool ....

Because these servers are "shared" you also have no control of the traffic leaving them, therefore you are at the mercy of the other users, this ISP, and the amount of 'bad' e-mail they allow to leave their servers ....

[Miss Betsy]

Just as an observation, I think it's a very poor spam blocker that catches this much legitimate mail this easily. I would rather deal with individual pieces of spam as they come than miss messages I want; this is why I turned off SpamCop for my own mail. Most people have no idea how to configure this stuff; expecting them to deal with IPs and understand how redirection and bouncing works is not realistic.

Spamcop blocklist is designed to be used to 'tag' email as possibly spam. Many people, like you, prefer to accept everything and then sort through it for legitimate email. Myself, IMHO, as the receiver, prefer that the *sender* have to deal with whether or not the email is delivered - particularly since the sender is the only one who can correct any problems. In addition, any legitimate email gets a rejection notice from a blocklist so none is ever missed. I know that often I will miss a legitimate email in amongst all the spam. And, finally, any filtering done after acceptance can be on so many different criteria that it is difficult to sort out why a particular legitimate email was selected. I recently had an email sent to the bulk email folder. I have no idea why. The sender was not on any blocklist. The email was similar to other emails sent to that address. And it took a while to find it since it was unexpected.

It is not really very difficult to understand the concepts behind email and IP addresses and bounces. A non technically fluent person may not be able to read headers with any accuracy (except the first one), but non-technically fluent people can, IMHO, understand enough to be able to choose an ISP who is responsible and reliable. Most people don't understand a lot about automobiles - but most people do know about oil changes and batteries.

The scbl is used by many server admins in conjunction with other blocklists and filters. It is too aggressive to be used as the first rejection in the opinion of many people. However, IMHO, if consumers were made aware that they are contributing to the spam problem by not using discrimination in the selection of an email service provider, there might be a huge reduction in spam - at least for those who chose an ISP who uses blocklists.

Miss Betsy

[Alanna]

So the salient points seem to be:

1. Once an IP is reported enough times, all mail from that IP is blocked, regardless of domain or sender. This is despite the fact that many different domains can use the same mail server, and thus the same IP.

2. SpamCop is sometimes employed by ISPs to block mail *for* their users, something that is apparently built into the program to be able to do and yet is recommended against by SpamCop. As a programmer, I don't understand why you would make capabilities if you don't want them used.

3. There is absolutely nothing I can do about this, since I am in control neither of my entire server, nor can I change my users' ISP options. My only option is to get my own server, with far more room and resources than my small group needs, at an exhorbitant price.

3. It is also not unavoidable, but is up to the administrator of that server to do anything about it. This server is sending undeliverable messages to addresses that did not send the original, all over the internet.

I'll put in a support ticket and see what they say-- but I fail to see how someone else who happens to be on my server spamming should affect me and my mail, with no direct recourse I can take other than trying to talk to my webhosting and having my user talk to her ISP. Punish the spammer, not the people unfortunate enough to send from the same mail server.

4. It is your choice to not use SpamCop just as it is the choice of many administrators to enable it. My domain receives about 80% spam, which is more than 4000 messages today. I find it offensive for you to want me to accept mail from a server that is abusing the internet like this one is.

And I think it's offensive that SpamCop blocks email from mailservers even though most webhosting companies put many domains on one server. How is it *un* offensive to block mail from six or ten or twenty domains because of one? I don't care who individually uses SpamCop. But as you yourself noted, these are two different users in different parts of the country-- possibly the world-- with two entirely different ISPs, neither of whom made the choice to use SpamCop. The choice was made for them, without their knowledge.

What I'm getting from this is this is not my fault-- some other domain on this IP is getting mail in SpamCop's spamtraps and getting ALL mail on the IP blocked. This particular user has many many many topics flagged to notify her when they get responses, and right now those autonotifications are all bouncing to me. How is that good for her? She has no idea how she has SpamCop, she didn't put it on herself, though she says her ISP may be using it.

If I sound annoyed, it's because at this point, I can't send *any* mail to her through my organization address. And my point is that I get spammers on my board with addresses from Yahoo or Gmail or Hotmail but I don't block all users who have email addresses from those domains because that would be stupid.

but non-technically fluent people can, IMHO, understand enough to be able to choose an ISP who is responsible and reliable.

Well, if you're talking about my users' ISP, I know I don't get a choice in ISPs if I want broadband-- where I live determines it. I am fortunate enough to live somewhere right now where I can get either DSL *or* cable, which is the most choice I've had since I left dialup six years ago.

If you're talking about my webhosting, I fail to see where any other hosting would be any different unless, as I said above, we went to the trouble and expense to get our own server, which in any other way we do not need.

I doubt there's webhosting out there that gives every domain its own mailserver, unless you get your own server. And without each domain having its own mailserver, with the same mailserver serving multiple domains, wouldn't we potentially run into the same problem? There are LOTS of spammers out there. It seems it only takes one to spoil the IP.

Many people, like you, prefer to accept everything and then sort through it for legitimate email. Myself, IMHO, as the receiver, prefer that the *sender* have to deal with whether or not the email is delivered - particularly since the sender is the only one who can correct any problems.

I don't sort through all my mail. I have a spamblocker that actually works. Gmail automatically flags spam, and it catches almost everything. I get maybe one every three weeks in my inbox. The rest I never have to see. And Outlook Express's rules, once I set them, which takes maybe ten messages and about a week, also works really well. And it blocks what *I* want it to block, and I can see exactly what I miss if I want to, just in case.

And I, or my domain at least, as the sender, can do nothing, see above. Especially since it's not me who's even doing the spamming!

If blocking at the ISP is so bad, as you've said repeatedly SpamCop says *not* to, why do you even leave it open as an option? That totally removes the users' choice to individually choose a more or less agressive spamblocker.

I find it tragically funny some of you are getting snippy with me over things beyond me or my users' control. This is the main point: I am not a spammer. I am getting blocked as one. This should not happen. Period.

[DavidT]

I only have time to quickly respond to a few of your points/misconceptions (but hopefully, it's better than nothing):

1. Once an IP is reported enough times, all mail from that IP is blocked, regardless of domain or sender. This is despite the fact that many different domains can use the same mail server, and thus the same IP.

Yes, but that's the only way to do it. The outgoing spam mostly likely has everything changed ("forged") except for the IP address of the server in question, so the *only* way to deal with it is to flag that IP as a spam source. This is done by many blocking and filtering services, not just SpamCop. However, SpamCop's methodology is more "forgiving" than many, in that if the bad transmissions stop, then the IP address falls off the SCBL relatively quickly.

2. SpamCop is sometimes employed by ISPs to block mail *for* their users, something that is apparently built into the program to be able to do and yet is recommended against by SpamCop. As a programmer, I don't understand why you would make capabilities if you don't want them used.

You can use a hammer to kill someone, but the manufacturers of the hammer would surely recommend that you shouldn't hit someone on the head with their product. In other words, tools can be mis-used. The SCBL is best used in the tagging and filtering of potential spam, but some ISPs are too lazy to set up "Held Mail" systems for their users, so they configure their servers to either reject or possibly to simply delete mail from "bad" servers. In the whole scheme of things, this is the fault of SPAMMERS, and of those who don't do enough to stop the spamming at the source.

3. There is absolutely nothing I can do about this, since I am in control neither of my entire server, nor can I change my users' ISP options. My only option is to get my own server

Not necessarily true. There are hosting situations that don't make use of a single IP for all of the outgoing mail from a shared server. For example, the VPS (virtual private server) host that I use has things set up so that only *my* domains transmit from an IP assigned only to me, although I share the "node" (server) with other customers, but I don't get tarred with their "sins." I'm not aware if there are hosts where you could do this with a single domain, however, but they might exist.

Punish the spammer, not the people unfortunate enough to send from the same mail server.

Unfortunately, that's not possible. How would we find the spammer and make sure they get punished? Spammers don't only send from computers/resources that they've paid for...that was many years ago. They now send from hijacked machines that have been infected with malicious software, creating networks of "zombie" machines at some of the big broadband ISPs. Or they move all of their transmitting activities offshore to China, Korea, South America, etc. I think that the biggest problem that "domestic" hosts are having right now is with UUBE (Unwanted/Unsolicited Bounce Email), in which nondelivery email reports are getting sent (bounced) to innocent victims whose addresses were forged onto spam. This is something that the offending hosts can do something about...they are mis-handling the bounces, and I think this is at the root of your problem. This is something that Dreamhost should fix, and if they don't, move your domain/forum somewhere else.

All for now...sorry....but as reasonable as your arguments sound, you're wrong.

Peace,

DT

[Wazoo]

Have you actually looked at the page linked from Start Here - before you make your first Post ???? Do you have any idea what a 'Credit Reporting Agency' is? It is obvious that you have not looked at the What is on the list? SpamCop FAQ entry yet, or paid all that much attention to what others have actually said repeatedly thus far.

The SpamCopDNSBL is a "list" .... other ISPs that want to "use that list" have to configure their e-mail software to "use that list" .... There are a whole bunch of different software packages out there to handle e-mail on a server, some for Windows, some for *NIX, some for Macintosh, some for mainframes, etc., etc. etc. .... it is all those people that choose to use this list, decide 'how' to use that list, whether to tell their customers that this or any list is in use, whether to allow their users any possible configuration settings for their own use .... on and on ....

There are many ISPs out there that have never heard of SpamCop.net .... there are also many ISPs out there that ignore the SpamCop.net early-warning reports of a spew issue from their servers .. there are many ISPs that when they receive a SpamCop.net report, something gets done to stop the spew from their servers ....

You talk about yourincoming spam, allegedly 'from' HotMail, GMail, Yahoo, etc .... in reality, I'll bet very little of that spam actually comes from HotMail, GMail, Yahoo, etc .... you are probably focusing on the forged data in the 'From:' line ....

[turetzsr]

<snip>

2. SpamCop is sometimes employed by ISPs to block mail *for* their users, something that is apparently built into the program to be able to do and yet is recommended against by SpamCop. As a programmer, I don't understand why you would make capabilities if you don't want them used.

...What program? SpamCop does not provide a program. What is doing the blocking (IIUC) is the receiver's mail server administrator (perhaps through the mail service software).

3. There is absolutely nothing I can do about this, since I am in control neither of my entire server, nor can I change my users' ISP options. My only option is to get my own server, with far more room and resources than my small group needs, at an exhorbitant price.

...WRONG! You (and your fellow customers of your ISP/e-mail provider) are the only ones who have control over how your ISP/e-mail provider operate, because you are the ones keeping them in business by paying them. There are other ISPs and e-mail providers out there who are diligent about keeping spammers from using their resources. On the other end, only the people to whom you are trying to send e-mail can control what their ISPs/e-mail service providers do. If they want to be able to whitelist your e-mail address, they can take their business to a provider that includes that service.

I'll put in a support ticket and see what they say-- but I fail to see how someone else who happens to be on my server spamming should affect me and my mail, with no direct recourse I can take other than trying to talk to my webhosting and having my user talk to her ISP.

<snip>

...Because you are the only one amongst us who has any power whatsoever over what your ISP does.

And I think it's offensive that SpamCop blocks email

<snip>

...If that were true, I might feel the same way. It isn't. You don't seem to want to "hear" that, unfortunately.

these are two different users in different parts of the country-- possibly the world-- with two entirely different ISPs, neither of whom made the choice to use SpamCop. The choice was made for them, without their knowledge.

...Then if they are not getting the service for which they are paying, they should complain to their e-mail providers.

If I sound annoyed, it's because at this point, I can't send *any* mail to her through my organization address.

<snip>

...Unsolicited bit of advice: if you are relying on e-mail, you are making a mistake. E-mail is not now, never has been, and is unlikely to be any time soon, a guaranteed delivery mechanism. Backhoes cut into lines, servers go down, etc. You should have some backup communication method for critical communications.

I don't block all users who have email addresses from those domains because that would be stupid.

...Neither does SpamCop; neither to e-mail providers that use SpamCop to block e-mails. It only contains IP addresses of spam sources. Admittedly, a domain may have only one outgoing e-mail server with one IP address; but then blocking all e-mail from that server makes sense because 1) it saves the resources otherwise required to deal with the spam coming from that server and 2) it alerts the senders that something is wrong.

Well, if you're talking about my users' ISP, I know I don't get a choice in ISPs if I want broadband-- where I live determines it.

<snip>

...That's relevant if it is your ISP that is being blocked but not if it's your e-mail provider that is being blocked. And, again, you are paying for a service; if you are not getting it, let your ISP know. If they won't do anything about it, then I'm sorry you have to suffer but that's a lot better, IMHO, than the dozens or hundreds of totally innocent e-mail users and administrators that would have to deal with all the spam coming from the offending IP address.

If blocking at the ISP is so bad, as you've said repeatedly SpamCop says *not* to, why do you even leave it open as an option?

...SpamCop (note: not "us" -- we are users, not administrators, of SpamCop) has zero control over how e-mail administrators configure their incoming e-mail. Besides, it isn't necessarily bad to use the SCBL in blocking fashion, as Miss Betsy and I have pointed out.

I find it tragically funny some of you are getting snippy with me over things beyond me or my users' control.

...As the customer of the offending ISP or e-mail provider, only you have control. The victims of the spam certainly have none.

[turetzsr]

This is the main point: I am not a spammer. I am getting blocked as one. This should not happen. Period.

...If you can come up with a better way to do it, given the currently limitations of SMTP and the internet, please let us know. As is, one person is being disadvantaged (you) and potentially hundreds are being helped.

[Miss Betsy]

So the salient points seem to be:

1. Once an IP is reported enough times, all mail from that IP is blocked, regardless of domain or sender. This is despite the fact that many different domains can use the same mail server, and thus the same IP.

Yes. You can use FedEx, UPS, or DHL or some guy with a truck to deliver packages for you. You get what you pay for.

2. SpamCop is sometimes employed by ISPs to block mail *for* their users, something that is apparently built into the program to be able to do and yet is recommended against by SpamCop. As a programmer, I don't understand why you would make capabilities if you don't want them used.

I don't understand that either. I think it has something to do with caveat emptor.

3. There is absolutely nothing I can do about this, since I am in control neither of my entire server, nor can I change my users' ISP options. My only option is to get my own server, with far more room and resources than my small group needs, at an exhorbitant price.

Yes there is something that you can do.

I'll put in a support ticket and see what they say-- but I fail to see how someone else who happens to be on my server spamming should affect me and my mail, with no direct recourse I can take other than trying to talk to my webhosting and having my user talk to her ISP. Punish the spammer, not the people unfortunate enough to send from the same mail server.

And I think it's offensive that SpamCop blocks email from mailservers even though most webhosting companies put many domains on one server. How is it *un* offensive to block mail from six or ten or twenty domains because of one? I don't care who individually uses SpamCop. But as you yourself noted, these are two different users in different parts of the country-- possibly the world-- with two entirely different ISPs, neither of whom made the choice to use SpamCop. The choice was made for them, without their knowledge.

You are either part of the problem or part of the solution. You are choosing to be part of the problem. You are paying for an internet service that is neither responsible nor competent.

If people are ignorant, then they are going to have problems.

What I'm getting from this is this is not my fault-- some other domain on this IP is getting mail in SpamCop's spamtraps and getting ALL mail on the IP blocked. This particular user has many many many topics flagged to notify her when they get responses, and right now those autonotifications are all bouncing to me. How is that good for her? She has no idea how she has SpamCop, she didn't put it on herself, though she says her ISP may be using it.

You are mistaken. You are not a spammer. You may not be the cause of the problem. However, it is your fault that you are using an email service provider who doesn't care about the internet community and doesn't support their users by helping them to be responsible internet users.

If I sound annoyed, it's because at this point, I can't send *any* mail to her through my organization address.

And I have had my emails dropped, sent to bulk email, and I have no clue why. Why is that? Because content filters don't tell you why. Blocklists do.

And my point is that I get spammers on my board with addresses from Yahoo or Gmail or Hotmail but I don't block all users who have email addresses from those domains because that would be stupid.

What is stupid is end users not knowing what they can do about insisting on reliable email service.

Well, if you're talking about my users' ISP, I know I don't get a choice in ISPs if I want broadband-- where I live determines it. I am fortunate enough to live somewhere right now where I can get either DSL *or* cable, which is the most choice I've had since I left dialup six years ago.

The way you connect to the internet has nothing to do with what email service you use.

<snip>

I doubt there's webhosting out there that gives every domain its own mailserver, unless you get your own server. And without each domain having its own mailserver, with the same mailserver serving multiple domains, wouldn't we potentially run into the same problem? There are LOTS of spammers out there. It seems it only takes one to spoil the IP.

No, it doesn't. It only takes an irresponsible or incompetent ISP who allows spammers to operate.

I don't sort through all my mail. I have a spamblocker that actually works. Gmail automatically flags spam, and it catches almost everything. I get maybe one every three weeks in my inbox. The rest I never have to see. And Outlook Express's rules, once I set them, which takes maybe ten messages and about a week, also works really well. And it blocks what *I* want it to block, and I can see exactly what I miss if I want to, just in case.

You are contradicting yourself. If you never look at your spam, then how do you know that legitimate email isn't there? The email that I sent (identical to previous emails) went to the bulk email folder (which you never see) for some unknown reason. And why should the receiver who has no control over whether spammers operate have to do anything with spam? Why should not the sender who can control it be the one who is inconvenienced?

Miss Betsy

[Alanna]

And instead of getting all self-righteous and telling me how selfish, ignorant, and/or stupid I am, you (any of you) might simply have answered my question from the beginning by saying something along the lines of "Your webhosting should be able to shut down the spammer. Talk to them about clearing up the problem." All I wanted from the beginning was to know

1. Whose fault is this (SpamCop's for being to broad, or my webhosting for having some glitch in their email, or a spammer for operating on my mailserver)

and

2. Who should I talk to to fix this (SpamCop or Dreamhost, depending on above), or is this something I just have to deal with as collateral damage in the spam wars?

There's no need to be so condescending. SpamCop is not going to save the world from spam. The spammers will just switch IPs back and forth, because they can do that. I-- and other people who can't afford their own servers, or VSPs-- are the ones who will get screwed because we can't just pick up and switch. You can minimize the annoyance, but you're never going to eliminate spam. It's just a necessary evil of the Internet.

[Wazoo]

And instead of getting all self-righteous and telling me how selfish, ignorant, and/or stupid I am, you (any of you) might simply have answered my question from the beginning

And yet .. I built a FAQ here that expanded upon the 'Original/official' FAQ and to which others have spent their time adding to that collection of Questions & Answers .... I started a Glossary to help those that didn't understand thechnical words, others helped to expand that .. I added in a Dictionary tool to offer up another iterface to that word list, others helped to expand & maintain that .. I added in a Wiki tool for yet another interface to the FAQ data, others have contributed to populating, expanding, and maintaining that tool. I stuck links in places that you had to scroll by to get anywhere else, suggesting places to go to find data, do some research, learn about the tools offered by SpamCop.net .... and again, there are countless numbers of postings made in response to so many other queries about the same situiation that could have been looked at prior to registering and posting about your specific issue ....

yet you apparently ignored all of that data which attempted to (and does) explain things such that you probably didn't even have to register and post .. and now you want to dump on all the people that have taken even more time to try to address your situation specifically .... not appreciated at all ....

The point is .. your question was actually answered long before you asked it.

There's no need to be so condescending. SpamCop is not going to save the world from spam. The spammers will just switch IPs back and forth, because they can do that. I-- and other people who can't afford their own servers, or VSPs-- are the ones who will get screwed because we can't just pick up and switch. You can minimize the annoyance, but you're never going to eliminate spam. It's just a necessary evil of the Internet.

And SpamCop.net is but one tool in that fight against "that evil" ... and like any tool, some people don't read the instructions on how to use it prior to actually implementing / using them ... thus some folks get hurt as a result.

[turetzsr]

And instead of getting all self-righteous and telling me how selfish, ignorant, and/or stupid I am, you (any of you) might simply have answered my question from the beginning by saying something along the lines of "Your webhosting should be able to shut down the spammer. Talk to them about clearing up the problem." All I wanted from the beginning was to know

1. Whose fault is this (SpamCop's for being to broad, or my webhosting for having some glitch in their email, or a spammer for operating on my mailserver)

and

2. Who should I talk to to fix this (SpamCop or Dreamhost, depending on above), or is this something I just have to deal with as collateral damage in the spam wars?

There's no need to be so condescending.

<snip>

...Forgive my "condescension" but I see nothing self-righteous or condescending in this thread until you started throwing flames from apparently false assumptions:

<snip>

I fail to see how someone else who happens to be on my server spamming should affect me and my mail, with no direct recourse I can take other than trying to talk to my webhosting and having my user talk to her ISP. Punish the spammer, not the people unfortunate enough to send from the same mail server.

And I think it's offensive that SpamCop blocks email from mailservers even though most webhosting companies put many domains on one server. How is it *un* offensive to block mail from six or ten or twenty domains because of one?

<snip>

If I sound annoyed, it's because at this point, I can't send *any* mail to her through my organization address. And my point is that I get spammers on my board with addresses from Yahoo or Gmail or Hotmail but I don't block all users who have email addresses from those domains because that would be stupid.

<snip>

And I, or my domain at least, as the sender, can do nothing, see above. Especially since it's not me who's even doing the spamming!

If blocking at the ISP is so bad, as you've said repeatedly SpamCop says *not* to, why do you even leave it open as an option? That totally removes the users' choice to individually choose a more or less agressive spamblocker.

I find it tragically funny some of you are getting snippy with me over things beyond me or my users' control. This is the main point: I am not a spammer. I am getting blocked as one. This should not happen. Period.

IOW, it seems to me you started the unnecessarily rough words.

[Miss Betsy]

And instead of getting all self-righteous and telling me how selfish, ignorant, and/or stupid I am, you (any of you) might simply have answered my question from the beginning by saying something along the lines of "Your webhosting should be able to shut down the spammer. Talk to them about clearing up the problem." All I wanted from the beginning was to know

1. Whose fault is this (SpamCop's for being to broad, or my webhosting for having some glitch in their email, or a spammer for operating on my mailserver)

and

2. Who should I talk to to fix this (SpamCop or Dreamhost, depending on above), or is this something I just have to deal with as collateral damage in the spam wars?

There's no need to be so condescending. SpamCop is not going to save the world from spam. The spammers will just switch IPs back and forth, because they can do that. I-- and other people who can't afford their own servers, or VSPs-- are the ones who will get screwed because we can't just pick up and switch. You can minimize the annoyance, but you're never going to eliminate spam. It's just a necessary evil of the Internet.

If you are talking to me, you should talk to your email service provider.

There is no collateral damage in the spam wars. People either understand or they don't. Everyone who uses email is getting to be 'collateral damage' - blocklists (including spamcop) are more 'user friendly' in that there is something that the sender can do when they receive a notice that their email has not gone through. Content filters do not send notices.

spam is not a 'necessary evil' It can be controlled by the use of blocklists and people who are responsible users of the internet.

I am getting screwed because of the content filters and other ways that ISPs use to 'drop' spam or direct it to bulk email. I have no idea whether my email has reached the recipient or why it hasn't.

And that's because consumers are ignorant of what constitutes 'good' email service. Why that is, is up for conjecture. IMHO, it is because some end users aren't careful consumers (or vocal ones).

Miss Betsy