Computer Cops Blacklisted

[Zhen-Xjell]

Hi folks, I found that computercops.biz (66.227.19.111) is blacklisted in the spamcop list. Please note that aside from being a recognized Internet security company by our friends in the industry, we do not send emails to anyone who does not opt-in during account registration.

By default the option to receive emails is disabled. It appears that some of our members have opted-in to receive these emails and have since used them as 'proof' that we should be blacklisted.

--Paul Laudanski

http://computercops.biz

[Spambo]

Hi folks, I found that computercops.biz (66.227.19.111) is blacklisted in the spamcop list.  Please note that aside from being a recognized Internet security company by our friends in the industry, we do not send emails to anyone who does not opt-in during account registration.

By default the option to receive emails is disabled.  It appears that some of our members have opted-in to receive these emails and have since used them as 'proof' that we should be blacklisted.

--Paul Laudanski

http://computercops.biz

Do you confirm these opt-ins given during the registration process in order to ensure that the registrant hasn't made a typo or given you a false address? If not you very well may be spamming email addresses that never consented to receive email from you.

[Zhen-Xjell]

Yes and no. Yes on the forum email notifications. Users have to subscribe to watch topics in order to receive email updates on them. No on the newsletter. So, I just removed the capability to select the newsletter option during registration (it is set to disabled by default still).

So what happens when one registers at ccsp prior to this change?

1) Create an account, enter a security code, select newsletter receive yes or no

2) User cannot log in until user receives a system generated password at the email supplied during registration

3) User can then log in and select to receive thread notification emails

Now what happens?

1) Create an account as above, but the newsletter option is no longer available and by default gets saved in the database disabled

2) User cannot log in until user receives a system generated password at the email supplied

3) Once logged in, user can select to receive the newsletter as well as thread notification emails

So in summary, up to right now it was 50/50. As of right now, its 100% verification. The user must own the email address in order to receive the password which grants them entry.

This way

[Zhen-Xjell]

How would I know exactly what email has caused the blacklist? Sunday I sent out a newsletter which highlighted such an item as this:

http://computercops.biz/postt23987.html

Any email that does get sent out from Computer Cops contains in its footer information with links on being removed from the opt-in emails. Certainly I work hard to ensure CCSP complies with security practices and standards.

[LizR]

Do you confirm these opt-ins given during the registration process in order to ensure that the registrant hasn't made a typo or given you a false address?  If not you very well may be spamming email addresses that never consented to receive email from you.

The opt-in to receive topic reply notifications is not part of the registration process. This must be enabled in ones user profile after registration and thus is the choice of the new member. This option can be set permanently 'off' or can be disabled on a post-by-post basis. Further notifications are only sent if and when the member revisits the topic.

In my experience, this process is fairly standard with most forums, as appears to be the case here.

[Jeff G.]

How would I know exactly what email has caused the blacklist?

SpamCop reports for "host 66.227.19.156 = computercops.biz" currently go to the following addresses - please ask them for copies of the reports:

admin[at]nocdirect.com

abuse[at]yipes.com

abuse[at]jaguarpc.com

If they can't help you, please see FAQ Entry: Why is my email blocked?.

Also, please see FAQ Entry: Am I Running Mailing Lists Responsibly?.

Thanks!

[Zhen-Xjell]

They did in fact contact me and they responded to the Spamcop abuse email.

[Spambo]

How would I know exactly what email has caused the blacklist?  Sunday I sent out a newsletter which highlighted such an item as this:

http://computercops.biz/postt23987.html

Any email that does get sent out from Computer Cops contains in its footer information with links on being removed from the opt-in emails.  Certainly I work hard to ensure CCSP complies with security practices and standards.

You didn't give an IP and I don't see an MX record for your domain so I'm just guessing

Based on the current IP I get when resolving computercops.biz [66.227.19.156] spam reports would go to:

admin[at]nocdirect.com

abuse[at]yipes.com

abuse[at]jaguarpc.com [NOTE: this address bounces SC reports so the parser no longer uses this address except for statistical purposes].

You may be able to determine which emails have triggered the spam reports by contacting abuse[at]yipes.com or admin[at]nocdirect.com.

If your mail server is located in a different network then the above may not be receiving the reports.

If you believe that someone is intentionally filing false spam reports about you see: http://www.spamcop.net/fom-serve/cache/167.html

[Zhen-Xjell]

You didn't give an IP and I don't see an MX record for your domain so I'm just guessing

Actually yes I did give the IP in my topic initiation post:

66.227.19.111

Thanks

[turetzsr]

You didn't give an IP and I don't see an MX record for your domain so I'm just guessing

Actually yes I did give the IP in my topic initiation post:

66.227.19.111

Thanks

...According to SpamCop checkblock for IP address 66.227.19.111:

66.227.19.111 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 10 times by less than 10 users. It has been sending mail consistently for at least 61.8 days. It has been listed for 25 hours.

In the past week, this system has:

Been reported as a source of spam about 10 times

Been witnessed sending mail about 60 times

[Zhen-Xjell]

Yes I'm aware of those links. In many cases the reports grouped the CCSP IP into a broader IP range that had nothing to do with CCSP. All that is detailed in this post:

http://computercops.biz/postt26324.html

With various links and history of suspects and victims found in NANAE and JaguarPC.

The only time CCSP has been directly involved has been due to the recent newsletters, at least to my knowledge. There have been cases when users did sign up and register to receive newsletters only in return send me nasty unprofessional emails demanding action be taken on their accounts that they themselves had opened. This is why a user account maintenance is provided much like the interface on this site here.

Please ensure you have time to read the full history as provided by the above link.

[Miss Betsy]

They did in fact contact me and they responded to the Spamcop abuse email.

There are two ways to respond to the spamcop report. One way the ISP responds stating whether the problem is resolved or not. The other way is to respond directly to the reporter.

Reporters do not often get responses and don't always answer them, but they should. However, reporters are very sensitive to being "listwashed" (removed from a list because that means that a real spammer will be able to continue spamming without fear of reports).

Any email that does get sent out from Computer Cops contains in its footer information with links on being removed from the opt-in emails. Certainly I work hard to ensure CCSP complies with security practices and standards.

Unfortunately, spammers have ruined unsubscribe use unless it is something that you are sure that you have subscribed to. So expecting people who have gotten the newsletter inadvertently to unsubscribe is not realistic.

If you want to make sure that the names on your list are real subscribers, you could send a confirmation email to the entire list. It is not a bad idea to do so anyway on a regular basis since people do change email addresses and forget to change all their subscriptions or die and their heirs don't know what email subscriptions to cancel. Confirmation emails do not contain advertising. And are not supposed to be reported thru spamcop.

Good luck with your newsletter! It is a shame that spammers have created such problems for us all.

Miss Betsy

[yourbuddy]

Well ...

It looks like doing an innocent thing like operating a newsletter, has got

you at least 48 hrs. of being blacklisted by SpamCop. Isn't SpamCop a

great service that you would like to recommend to users and ISPs?

[Zhen-Xjell]

First let me thank everyone for replying. Secondly, thanks Miss Betsy for jumping in here too. I sent out about 9 test newsletters last week because the system was not being used for about a year. Computer Cops just reached 40,000 registered members last week and we're seeing a 4.5 million page hit state monthly. This translates into having 12,000 registered users who have selected the newsletter option to be delivered.

The old engine for sending out newsletters was based on PHP and this caused issues with my MTA. Timeouts were severe. So I was debugging and sending out 'test' newsletters. Each of these also contained in the footer directions to unsubscribe.

Please notice currently 11 pages of newsletter test replies from the CCSP memberbase:

http://computercops.biz/postt24780.html

On Sunday I sent out two newsletters using a new newsletter transport mechanism. This one worked, and all subscribers received their newsletters.

Perhaps at the end of each month I will send a conrfirmation newsletter. But what to do about topic reply notifications? Certainly this can be turning into a management nightmare, not to mention bandwidth consumption. This is all a free service, so how practical is it for such a process to take place?

Finally, as stated the new method takes account not just for topic notifications emails as it did before, but also for newsletter subscriptions. When one signs up now, newsletter is turned off just like for topic replies. In order to enable them, the user must receive the system generated password at their registered email address. This signifies they own that email address.

Once the password is in their hands, they can log in and make changes.

Futhermore, I've received a handful of emails, especially from really rancid individuals, who demand I spend time to remove them manually. That is something I'm not about to do -- manage someone elses account for them when I am busy managing the entire site. Hence, I reply back and tell them to interface with the lost password function to generate a new password so they may log in and deselect their original settings.

[Zhen-Xjell]

Well ...

It looks like doing an innocent thing like operating a newsletter, has got

you at least 48 hrs. of being blacklisted by SpamCop. Isn't SpamCop a

great service that you would like to recommend to users and ISPs? 

All the newsletters I've sent, not counting the ~9 tests are here:

http://computercops.biz/section-3.html

The two sent on Sunday are here:

http://computercops.biz/section-viewarticle-7.html (This was a resend, the initial failed back in Feb)

http://computercops.biz/section-viewarticle-8.html

I started sending the newsletter again because folks were inquiring about them. Please note, the links above show the newsletter bulk, and not the footer with options to be removed.

Example: http://computercops.biz/postt23325.html

We are against spam ourselves. We are the official forums for popular products too. Our foundation is based on security. Like the folks here at Spamcop, we're here to help not to hinder.

[Miss Betsy]

Perhaps at the end of each month I will send a conrfirmation newsletter. But what to do about topic reply notifications? Certainly this can be turning into a management nightmare, not to mention bandwidth consumption. This is all a free service, so how practical is it for such a process to take place?

Annually or semi annually should be sufficient IMHO. And not a newsletter - a real confirmation email that states what it is, why it is being done, and what to do (if reply, you get newsletters; if you don't, you don't get newsletter).

I am not clear about the topic reply notifications, but again an annual or semiannual re-subscription should be sufficient.

Futhermore, I've received a handful of emails, especially from really rancid individuals, who demand I spend time to remove them manually. That is something I'm not about to do -- manage someone elses account for them when I am busy managing the entire site. Hence, I reply back and tell them to interface with the lost password function to generate a new password so they may log in and deselect their original settings.

In the future, perhaps you won't get such emails. I think a lot of your problem was in the length of time since the last newsletter - a lot happens in a few months.

However, I would take the time now to remove them manually. "Rancid" individuals are more likely to report your newsletters as spam if they have asked for removal and not been removed. I won't unsubscribe from anything that I don't remember subscribing for - even if it looks absolutely legitimate. I do send an email and then if it is not taken care of, send one to the ISP asking them to contact the company for removal.

Once you get things running smoothly, there won't be as many headaches.

Miss Betsy

[Merlyn]

Isn't SpamCop a

great service that you would like to recommend to users and ISPs? 

Yes.

[Zhen-Xjell]

One thing I noticed off the bat in these forums is I received a PM and an email notification was sent to me. I did not subscribe to that feature here. Computer Cops takes the liberty to turn this feature off by default. If someone wants a notification, they have to enable it. So using these forums at Spamcop as an example, what would this PM notificiation be viewed as since the option was set to receive them by default?

[turetzsr]

One thing I noticed off the bat in these forums is I received a PM and an email notification was sent to me.  I did not subscribe to that feature here.  Computer Cops takes the liberty to turn this feature off by default.  If someone wants a notification, they have to enable it.  So using these forums at Spamcop as an example, what would this PM notificiation be viewed as since the option was set to receive them by default?

...PM noticification appears to be a feature of the forum -- you get it when you sign up. It does seem to have the capability to permit you to block PM on a user-by-user basis but I don't see any way of turning off PM totally.

...You could check the "Help" (see link in upper right of page). Perhaps a moderator will confirm or correct what I've written here.

[Zhen-Xjell]

Just trying to understand the difference in email practice on this board versus CCSP. By default, when someone receives a PM here an email is sent notifying them of such. At CCSP the default is otherwise: no email is sent. Does this mean I can switch the default to email notifications on?

[Miss Betsy]

I don't adminster newsletters or forums so I may not understand everything properly.

I don't believe that having a checked box on your subscription page is not good practice. However, the *first* email should be a confirmation email that returns a token that you can identify. If they don't return the token/confirmation email, then their email address does not go on your list.

I can't remember the forum notification, but I believe that good practice dictates that when someone signs up for anything on the internet that they receive a notification. Many times it requires returning in order to establish an account. As I said, I don't remember about this forum.

The basic idea is to confirm that the person signing up intended to do so. If it is a mistake, when they get the confirmation email, they will not return it and the sign up is deleted. If they did intend to sign up, then they return the confirmation and the web site now has proof that they intended to sign up. It also confirms to the person signing up that nothing happened to interfere with their sign up.

If you read the pinned FAQ about best practices for mailing lists, I am sure they explain it better than I am.

Miss Betsy

[turetzsr]

Just trying to understand the difference in email practice on this board versus CCSP.  By default, when someone receives a PM here an email is sent notifying them of such.  At CCSP the default is otherwise: no email is sent.  Does this mean I can switch the default to email notifications on?

...Perhaps this will work:

• click on your name (Zhen-Xjell), where it's a hyperlink
  
• click the link labeled "Edit my Profile"
  
• click the link labeled "Email Settings"
  
• under 'Board Preferences," uncheck the box labeled "Send a confirmation email when I receive a new private message"
  

[Zhen-Xjell]

RE: Computer Cops

When a new user signs up (or even if someone is trying to spoof an email address), they cannot log in until they receive that email from the portal. That email contains their password. Passwords are not supplied by the user at registration time, they are generated by the system. Without that email, the user cannot log in. Hence, no emails are sent either via topic replies or newsletters because those options are disabled by default. If I send someone a PM, by default they are not notified of it by email.

RE: Spamcop Forums

When I registered today I received an email asking me to confirm my account. Instead of a system generated password, I supplied my own. Outside of my username, password, and email address, I made no selection for receiving any emails. I received a PM today, and also found an email from Spamcop advising me of such. So the default setting is to receive emails on PM notification.

This is where I am confused. When is the line of opt-in come into play? I don't consider a PM email notification spam, but I suspect there may be individuals out there that do. What were to happen if such an individual reports Spamcop forums for 'spam abuse' in this case? Can I safely enable such notifications at CCSP like Spamcop has done?

Thank you in advance for helping me to catch up in this area at Spamcop.

--Paul

[Zhen-Xjell]

...Perhaps this will work:

• click on your name (Zhen-Xjell), where it's a hyperlink
  
• click the link labeled "Edit my Profile"
  
• click the link labeled "Email Settings"
  
• under 'Board Preferences," uncheck the box labeled "Send a confirmation email when I receive a new private message"
  

You replied during my reply...

Yes I think that will work, haven't actually tried it. But my question is, why was it enabled by default? I thought the practice was to have such things disabled and let a user opt-in manually.

[turetzsr]

...Perhaps this will work:

• click on your name (Zhen-Xjell), where it's a hyperlink
  
• click the link labeled "Edit my Profile"
  
• click the link labeled "Email Settings"
  
• under 'Board Preferences," uncheck the box labeled "Send a confirmation email when I receive a new private message"
  

You replied during my reply...

Yes I think that will work, haven't actually tried it. But my question is, why was it enabled by default? I thought the practice was to have such things disabled and let a user opt-in manually.

...Different applications (this forum is an application that uses the InVision Power Board framework; if I understand correctly) have different features; when you request access to an application, you implicitly accept whatever features (including default features) and capabilities are built into the application.