Jump to content
Sign in to follow this  
splitcc

SpamCop: source or relay?

Recommended Posts

Hello,

I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed?

Other RBLs do the same?

Only that :)

Thanks!

Share this post


Link to post
Share on other sites
I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed?

Other RBLs do the same?

Quick, 5000' view: SpamCop attempts to work back as far as it trusts, normally that will be the source. There are providers that hide that information, however which would lead to their IP's getting listed. If there is a relay hiding the source information (i.e. corrupted PC), that will be the source.

For more information, check the FAQ linked at the top of every page (SPAMCOP FAQ), specifically:

SpamCop Blocking List Service

->What is on the list?

Every block list has their own criteria for listing which is why you would usually want a few different ones. SpamCop specializes in stoping spam runs as they happen. It is quick to list, but also quick to delist IP addresses when the spamming stops.

Share this post


Link to post
Share on other sites

Hello again,

thanks for the reply.

The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

Regards,

Alvaro.

Share this post


Link to post
Share on other sites
The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages

Not necessarily true that the "first IP address" = "real source" ...

, if a spammer uses some server to relay it through

There are other BLs that work with "open relay" issues.

or uses a stolen account on a server,

One of the things you seemed to have skipped over is the bit of math involved in a SpamCopDNSBL listing/de-listing ....

if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

Blocking based on the SpamCpDNSBL is not recommended by SpamCop.net itself. It is suggested that the SpamCopDNSBL be used in conjunction with other tools to score, tag, handle suspected spam.

Share this post


Link to post
Share on other sites

The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few...

That would only be an issue if you are ONLY checking the connecting IP address as well. SpamCop (and I understand other implementations) checks all IP addresses in the received lines.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×