Jump to content
Sign in to follow this  
calspace

Suggestions for visually identifying spam

Recommended Posts

Before I begin, I should explain that when I log onto my e-mail, I go to the end and work my way backwards, reporting things I can identify as spam as I go. When I have reached the first unread message, I read the mail by moving from item to item, reporting spam as I find it. This may or may not be the way others do it.

I don't use my spamcop.net e-mail address. The only thing I should receive to that address is my renewel notice from SpamCop. However, I receive a lot of e-mail to it as well as to cpthook[at]spamcop.net. Right now, in my trash I have mail addressed to comanon, crusher, ciscospice, csouter, admin, cparsons, antihotmail, csmith0406, cpwoodford, cowtown, conradt, cotta, anzam1, anubis, ingelsp, constance, cpbow, cuiry, and colonnade. The prevanlence of words beginning with c indicates that someone has a dictionary spam tool.

First suggestion: If I had a column that showed me what was in the to: address line, I could scan through my e-mails and identify a larger number of the spam. "You should read this" is a common spam subject. It is also a normal suggestion from one person to another. I volunteer for a huge organization (50,000+ active members) and I manage two projects that cause me to receive a lot of e-mail from people I don't know. I can't automatically assume that "You should read this" is spam.

Second suggestion: some tool needs to be developed that identifies e-mail containing multiple spamcop e-mail addresses. I don't know anyone else who uses spamcop. It's not like AOL or RoadRunner or Yahoo, where I might conceivably have six friends who share the same service because we met on AOL or all get Time Warner Cable. There is no reason why an e-mail like this:

To: You <josh[at]spamcop.net>

Cc: You <siegel[at]spamcop.net>, You <mje[at]spamcop.net>, You <bartross[at]spamcop.net>, You <cssc[at]spamcop.net>, You <massey1[at]spamcop.net>

should not immediately be identified as spam.

Third suggestion: we should be able to specify another e-mail address to which we want communications from SpamCop sent. I didn't waste nearly so much time on spam when I had everthing [at]spamcop.net sent to the trash. That is until February, two years in a row, when my e-mail would suddenly be cut off because I hadn't renewed my service.

Share this post


Link to post
Share on other sites
I don't use my spamcop.net e-mail address. The only thing I should receive to that address is my renewel notice from SpamCop.

Before getting to your suggestions my first question is "Why do you maintain your spamcop email account?" If you don't use it why pay for it? If you drop the email account you don't have to filter out the spam. We all have better things to do.

Lou

Share this post


Link to post
Share on other sites

Basically agreeing with Lking .. it simply appears to me that you have not looked at or set any of the configuration settings available with a spamcop.net e-mail account.

I'm actually at a bit of a loss ... if you "don't use the account" .. then just why would you take the time to read each and every e-mail to then decide whether it's spam or not?

I can tell you that in all the boatloads of spam I receive, I can't reecall seeing your suggested 'common' Subject line once ....

There is no reason why an e-mail like this:

To: You <josh[at]spamcop.net>

Cc: You <siegel[at]spamcop.net>, You <mje[at]spamcop.net>, You <bartross[at]spamcop.net>, You <cssc[at]spamcop.net>, You <massey1[at]spamcop.net>

should not immediately be identified as spam.

Seems pretty presumptuous, probably pretty contrived .. but ...

My point is ... I do use a spamcop.net account for handling spamcop.net affairs. I really don't have a problem identifying spam In the last week, out of something like 1,000 e-mails, I actually only had three that were 'real' e-mail contacts.

Share this post


Link to post
Share on other sites
... Right now, in my trash I have mail addressed to comanon, crusher, ciscospice, csouter, admin, cparsons, antihotmail, csmith0406, cpwoodford, cowtown, conradt, cotta, anzam1, anubis, ingelsp, constance, cpbow, cuiry, and colonnade. The prevanlence of words beginning with c indicates that someone has a dictionary spam tool. ...
I think you will find those are, or were, actual addresses - in fact I recognize the name of another poster to these forums in there. I think this is just a "bite-sized chunk" of a spammer's list for the domain and, apart from the rest of the alphabet in other chunks, there will be similar lists for other domains. You may well ask how can anyone be so stupid as to spam multiple spamcop.net accounts but, sending through zombies, they really don't have to worry - given the current indifference of ISPs to such things.

The most persistent and numerous of all the identifiable "streams" or "flavors" of spam I have seen is precisely this mass mailing of members of a particular domain address. Even when it is bcc'd instead of 'to' or 'cc', the occasional broken example shows exactly the same pattern.

... Second suggestion: some tool needs to be developed that identifies e-mail containing multiple spamcop e-mail addresses. I don't know anyone else who uses spamcop. It's not like AOL or RoadRunner or Yahoo, where I might conceivably have six friends who share the same service because we met on AOL or all get Time Warner Cable. There is no reason why an e-mail like this:

To: You <josh[at]spamcop.net>

Cc: You <siegel[at]spamcop.net>, You <mje[at]spamcop.net>, You <bartross[at]spamcop.net>, You <cssc[at]spamcop.net>, You <massey1[at]spamcop.net>

should not immediately be identified as spam. ...

It is, as I have said, not just SC. There were times when I wanted exactly the same (for attglobal.net). As you can recognize, this would be a little risky in the general arena and it could be readily defeated just by the spammer dropping the names into 'blind carbon copy' (bcc) but to my mind it would have the merit of raising the bar just a little. I wish all mail applications offered some capability/facility along these lines. Or I used to, until my provider decided to abrogate his responsibilities by filtering out 99.9% of all spam inwards and a slightly higher percentage outwards (the difference being that contained in the reports he blocks). Whatever.

Share this post


Link to post
Share on other sites
I don't use my spamcop.net e-mail address. The only thing I should receive to that address is my renewel notice from SpamCop. However, I receive a lot of e-mail to it as well as to cpthook[at]spamcop.net. Right now, in my trash I have mail addressed to comanon, crusher I didn't waste nearly so much time on spam when I had everthing [at]spamcop.net sent to the trash. That is until February, two years in a row, when my e-mail would suddenly be cut off because I hadn't renewed my service.

Taking a big step from the point at which you are, I suggest you activate greylisting (New Feature: Greylisting *UPDATED*) http://forum.spamcop.net/forums/index.php?...ic=8650&hl=

Based on my experience it should cut your direct to spamcop mail spam by 90%

You could also and as well whitelist communications from spamcop and cesmail.net and personal blacklist everything else ( com, net, ru)

HTH

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×