Jump to content

SpamCop: source or relay?


splitcc

Recommended Posts

Hello,

I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed?

Other RBLs do the same?

Only that :)

Thanks!

Link to comment
Share on other sites

I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed?

Other RBLs do the same?

Quick, 5000' view: SpamCop attempts to work back as far as it trusts, normally that will be the source. There are providers that hide that information, however which would lead to their IP's getting listed. If there is a relay hiding the source information (i.e. corrupted PC), that will be the source.

For more information, check the FAQ linked at the top of every page (SPAMCOP FAQ), specifically:

SpamCop Blocking List Service

->What is on the list?

Every block list has their own criteria for listing which is why you would usually want a few different ones. SpamCop specializes in stoping spam runs as they happen. It is quick to list, but also quick to delist IP addresses when the spamming stops.

Link to comment
Share on other sites

Hello again,

thanks for the reply.

The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

Regards,

Alvaro.

Link to comment
Share on other sites

The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages

Not necessarily true that the "first IP address" = "real source" ...

, if a spammer uses some server to relay it through

There are other BLs that work with "open relay" issues.

or uses a stolen account on a server,

One of the things you seemed to have skipped over is the bit of math involved in a SpamCopDNSBL listing/de-listing ....

if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

Blocking based on the SpamCpDNSBL is not recommended by SpamCop.net itself. It is suggested that the SpamCopDNSBL be used in conjunction with other tools to score, tag, handle suspected spam.

Link to comment
Share on other sites

The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

That would only be an issue if you are ONLY checking the connecting IP address as well. SpamCop (and I understand other implementations) checks all IP addresses in the received lines.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...