Computer Cops Blacklisted

[Miss Betsy]

This is where I am confused. When is the line of opt-in come into play? I don't consider a PM email notification spam, but I suspect there may be individuals out there that do. What were to happen if such an individual reports Spamcop forums for 'spam abuse' in this case? Can I safely enable such notifications at CCSP like Spamcop has done?

As I said, I don't remember whether I had to check or uncheck the PM notification for this forum. I have never gotten one by email so apparently I set my preferences when I registered.

IMHO, it is more polite to allow the user to decide what options he wants than to pre-select options for him. However, I don't think it is considered bad practice to preselect boxes as long as the user can easily see them and deselect any that s/he doesn't want.

In the case of newsletters, it would still be wise to send a confirmation email so that you have a token to show that that particular user subscribed to the newsletter.

The mechanics of forums and newsletters are different and although I can't explain the difference, I am sure that any forum preferences that were reported as spam would be dealt with differently by the ISP receiving them than complaints about unwanted newsletters. Especially if the newsletter publisher could not show that his entire list was confirmed with a token.

As I said before, your primary problem is that your newsletter was unpublished for some time. People change email addresses and the email addresses get re-assigned. People die. People lose interest in the product. People forget that they signed up. People don't recognize that it is something they signed up to (there is a post in the Lounge about someone who reported a friend because they didn't recognize the title of the newsletter). Or because they have not seen one in a long time, they don't notice it among the spam.

Miss Betsy

[StevenUnderwood]

But my question is, why was it enabled by default? I thought the practice was to have such things disabled and let a user opt-in manually.

I think you have hit on a point that should be modified here if it is possible. I do think that the PM emails should be disabled by default. Come to think of it, I was surprised when I received the meail about my PM. I did not report it because I recognized it as coming from the forum and I had signed up for that.

Please remember that these forums are still pretty new (only a few months now) and there will be bugs like this to work out.

What do others think (and should this part be moved to the lounge)?

[Miss Betsy]

What do others think (and should this part be moved to the lounge)?

Yes. Since we don't have the capability to move this topic, we would have to start a new one.

You can do it since I am not quite sure what the terms should be for discussion.

Miss Betsy

[turetzsr]

But my question is, why was it enabled by default? I thought the practice was to have such things disabled and let a user opt-in manually.

I think you have hit on a point that should be modified here if it is possible. I do think that the PM emails should be disabled by default. Come to think of it, I was surprised when I received the meail about my PM. I did not report it because I recognized it as coming from the forum and I had signed up for that.

Please remember that these forums are still pretty new (only a few months now) and there will be bugs like this to work out.

What do others think

...Sure, but not a particularly high priority.

(and should this part be moved to the lounge)?

...Indifferent.

[Zhen-Xjell]

...Different applications (this forum is an application that uses the InVision Power Board framework; if I understand correctly) have different features; when you request access to an application, you implicitly accept whatever features (including default features) and capabilities are built into the application.

Correct I can agree there. But as someone who is not familiar with Invisionboard, just as there are those who are unfamiliar with phpBB, it is hard to know where to go and make modifications. By default, phpBB has notifications for topics and PMs enabled. At Computer Cops, I manually modified the code to disable this. I would suppose Invisionboard is also capable of being modified to disable notifications by default.

[at]StevenUnderwood:

I concur completely with your reply.

[turetzsr]

...Different applications (this forum is an application that uses the InVision Power Board framework; if I understand correctly) have different features; when you request access to an application, you implicitly accept whatever features (including default features) and capabilities are built into the application.

Correct I can agree there. But as someone who is not familiar with Invisionboard, just as there are those who are unfamiliar with phpBB, it is hard to know where to go and make modifications. <snip>

...Precisely the reason for the "Help" link!

[Zhen-Xjell]

(smile)

Certainly the majority of folks like us will ask if we cannot locate. But its those individuals who are 'rancid' that end up reporting a site for apparently any reason.

[Miss Betsy]

One of the problems that the forum has is getting people to read the pinned FAQ so that the same answers are not posted again and again. Another is to get people to post in the proper forum. Posts for Help with being blocked show up everywhere.

As you pointed out in a previous post, the admin should not have to unsubscribe people who have forgotten their passwords (or for whatever reason they can't seem to follow directions). But no matter how careful you are about your directions, there will be someone who will screw it up. (people have been known to report the autoresponse that spamcop sends to tell them their spam has been accepted for processing. There was also someone here who said that people were reporting as spam, newsletters they had /paid/ to receive.).

Using preselected options means that the user will have to pay attention to unselect. Naturally, some of them don't pay attention. Using the confirmation email gives you, the newsletter publisher, proof that they really did subscribe.

As I said, when one signs up for a forum, there are several preferences to check or uncheck. It is more likely that a user will pay attention because that is what he is doing. OTOH, getting an account or buying something has nothing to do with whether one wants topic updates or newsletters. The user's attention is focussed on the purchase. s/he may very well overlook any options. That's why I would tell the person who reported unexpected email resulting from signing up at a forum to look at their preferences, but would be sympathetic with the person who received a newsletter that they didn't remember signing up for.

Have you read any of the information about confirmed subscriptions? I am sure that it describes the process better. And it doesn't make any difference whether you leave the check box on or off *as long as you send that confirmation email*

Miss Betsy

[Zhen-Xjell]

Hi yes, and thanks for the continued replies. I did infact read the some of the links in your pinned thread during our conversation today. This is why I removed the newsletter option from the registration page.

What I find funny is that people actually reported newsletters as spam for the very ones they purchased to receive. In my mind with that information alone, it seems we have reached a deadend. There are folks who will report emails as spam no matter what we or they do.

The question then becomes, as security experts helping to protect the masses-at-large: do we initiate better filtering mechanisms? I think the answer might be a yes. The Internet is a quick paced environment with controls that need enhancing continually. Perhaps the current filtering mechanisms not only at Spamcop but elsewhere, need updating and better filtering routines.

Why?

Example...

With over 40,000 registered users at Computer Cops that opt-in to receive email notifications for either topic replies, private messages, or newsletters *some* of them have their own auto-responders and the like. This means that I am all of the sudden a victim in receiving tons of useless email.

The question then becomes, where are my rights? Now I'm apt enough to know not to forward these emails to spam blacklisting agencies, but what if I was not and starting sending them in against my own membership? That would not be a good thing.

Granted, I know I must wait 48 hours before Computer Cops is delisted. I've taken this experience to heart and made the process of obtaining email notifications from my site that much more difficult:

ie: emails cannot be turned on, unless the registering user owns the registered email address and receives the system generated password in order to log in

This will also give me the credence to move forward with some ideas in mind for the registration process.

At the same token, we talk about users who do not read pinned posts, Help, or FAQs. By enabling a system that is harder to log into, it greatly increases the ability for users to successfully create logins and register.

Does this mean we are setting ourselves up to be used only by computer savy users and alienating those who have just learned that the ANY KEY does not equate to a single button? There has to be a happy medium, and that I believe comes from all sides:

- the end user

- the policing blacklisting agency

- the provider

In this triad, if but one does not fit into a team framework, then the system falls apart. There exists victims whereas there should have only been perpetrators.

Here is the exact footer that was delivered in the two newsletters sent on Sunday:

=========================================================

You're receiving this Newsletter because you selected (OPTED-IN) to receive it from your user page at Computer Cops.

You can unsubscribe from this service by clicking the following URL:

http://computercops.biz/modules.php?name=Y...unt&op=edituser

Then select "No" from the option to Receive Newsletter by Email and save your changes, if you need more assistance please contact the staff at Computer Cops.

If you have misplaced your password, click the following link to initiate a two-step password recovery process:

http://computercops.biz/modules.php?name=Y...nt&op=pass_lost

Another issue is that users reply to me demanding to know their username. Conveniently enough the email header To: already had that in there. In directing such users to that precious information, some folks are not cogent enough to accept it at face value.

I hope this helps, and by the way, I like our discussion here.

[Miss Betsy]

If you liked this discussion, you might like to read this one

http://forum.spamcop.net/forums/index.php?showtopic=630

This is the one where the reporters were /paid/ subscribers!

Miss Betsy

[Ellen]

Well ...

It looks like doing an innocent thing like operating a newsletter, has got

you at least 48 hrs. of being blacklisted by SpamCop. Isn't SpamCop a

great service that you would like to recommend to users and ISPs? 

All the newsletters I've sent, not counting the ~9 tests are here:

http://computercops.biz/section-3.html

The two sent on Sunday are here:

http://computercops.biz/section-viewarticle-7.html (This was a resend, the initial failed back in Feb)

http://computercops.biz/section-viewarticle-8.html

I started sending the newsletter again because folks were inquiring about them. Please note, the links above show the newsletter bulk, and not the footer with options to be removed.

Example: http://computercops.biz/postt23325.html

We are against spam ourselves. We are the official forums for popular products too. Our foundation is based on security. Like the folks here at Spamcop, we're here to help not to hinder.

For IP 66.227.19.111, looking at reports for 3/21 -3/22 I see 6 reports representing 4 distinct users -- they all have CCSP in the subject line; there are previous reports from March 17 and earlier which are counted towards the blocklist calculation but are aging out. In any case the IP should start delisting in 3 hours

[dont_look_down]

Interesting discussion--I'm going to be starting a newsletter, so it's great to get these practices in focus.

Maybe these things are already done, but here's my $0.02:

As is done with Spamnet (well, it isn't exactly the same, but...), allow legit sites to register and indicate that they follow a set of guidelines specified. This way, instead of a knee-jerk response, registered sites would get a look at the alleged spam before being blacklisted. A quick look at the emails being reported as spam would give a good idea whether they are legit or not. Most spammers who tried to get away with registering would automatically disqualify themselves from such consideration by sending their spam from spoofed addresses or other addresses not specified in their registration.

I'll bet the number of complaints can roughly be corelated with the traffic of the site. There could be a standard that acts as a red flag. A site with a low enough ratio would only be banned if a look at their alleged spam or opt-out process revealed that they were not up to snuff. Good grief, I am unable to easily unsubscribe from Microsoft newsletters because of their bizarre system, so I filter their drivel. I'd ban Microsoft before I'd ban ComputerCops :>)

And hooray for ComputerCops.org!!! They recently helped me survive a really nasty attack of hijacking.

[Miss Betsy]

As is done with Spamnet (well, it isn't exactly the same, but...), allow legit sites to register and indicate that they follow a set of guidelines specified. This way, instead of a knee-jerk response, registered sites would get a look at the alleged spam before being blacklisted. A quick look at the emails being reported as spam would give a good idea whether they are legit or not. Most spammers who tried to get away with registering would automatically disqualify themselves from such consideration by sending their spam from spoofed addresses or other addresses not specified in their registration.

I agree with you that people who are trying to be responsible should get an edge when something goes wrong.

However, spamcop is not a knee-jerk response; it is automatic. It is designed to stop spam from coming to more mailboxes when spam is discovered coming from an IP address. White hat ISP's like the early warning report, fix the problem, and age off the bl quickly. (my preference would be that whitehat ISP's would age off more quickly)

And another thing is that once one starts to define spam by conTent, one becomes a censor. spam is unsolicited, unwanted email. It is about conSent not conTent. Therefore, porn newsletters that use confirmed subscription are just as legitimate as a church newsletter. And a church newsletter that does not use confirmed subscription is just as spammy as the porn that is spewed from harvested emails.

And something else that isn't clear. The "knee jerk" response comes from the ISP who gets the spamcop report if he cancels a legitimate site just because of one report and doesn't investigate to see what the problem is. Newsletter publishers, if they follow the confirmed subscription loop and other common sense practices (there were three people lately who got reported because they hadn't sent a newslettter in months). Another way that newsletter publishers can keep out of trouble is to have a good working relationship with their ISP/host. Instead of cancelling, they may pull the plug if there is a problem so that the IP address is not blocked, but they work with you to fix it.

It would be nice if nobody ever used bad checks to pay for purchases so that one did not have to show an ID to cash a check or that one could continue to put all the info on checks that clerks need for verification, but no longer can because of identity theft. The confirmed subscription, the extra work that both admins and consumers have to do to sign up are no different. If it weren't for spammers, we could "trust" people.

And Hooray for ComputerCops that they are willing to step outside their area of expertise and learn about newsletters!

Miss Betsy

[dra007]

The problem I have had lately is that spammers send me pages that look quite legit until I look at the header and see that the e-mail does not originate from the site it says it does. Another alarm signal is mispells or breaks in unexpected places. Another lame attempt to fraudulently trap people into giving away information or bombard you with useless e-mail. I don't report unless I look at the header though.

[Miss Betsy]

I forget what email reader you are using, but if you can, you should read any unexpected email without actually opening the email.

All I know about is OE. Turn off the preview panel, choose read all email in plain text, and read the email in the Message source (right click->Properties->Details->Message source)

Any time that you open an email, it is possible for "web bugs" to activate, reporting that you opened it or worse activating pop up screens.

I don't open *any* unexpected email - including undeliverable email notices and FW:FW's.

If it looks ok in the Message Source, then it's ok to open it.

Miss Betsy

[Max]

Using netscape/mozilla (and most probably even these ill-designed

micro$oft products I would never dare to launch (*) ),

you can *and should* check the option

"Do not load images in mail and Newsgroup messages"

(in Mozilla: Preferences->Security->Images)

Then you can look without any risk at the message

(it won't use any of the links contained)

and if you trust it, you can load the image individually.

(*) note that IE as installed by default also tries to connect to microsoft each time you open it !

Moral (mine, at least) : if you really do need to use M$-Windows because of hardware that does not work on linux, then at least use Netscape for web & mail, OpenOffice for text & spreadsheets,

and in general all possible replacements to the M$ analogons, for which the viruses are designed

(and which, by the way, are designed to saturate your harddisk and CPU resources to make you buy bigger machines - by hiding flight simulators and flippers in word processing and spreadsheet programs,

for example !!! -- this is plain truth, as you can check it yourself by hitting the well known key combinations!)

[Zhen-Xjell]

Certainly was an interesting discussion about folks who pay for email and then report it as spam. One has to wonder ...