Jump to content
Sign in to follow this  
jpdarcis

How is this possible?

Recommended Posts

I've been a dutifully reporting spamcop email account holder for a few years and have only watched the amount of spam I receive triple or quadruple in that time. Reporting to IP's is a great, noble concept but let's face reality: it's failed miserably.

That's not been my experience. I get very little spam that reaches my mailbox - the bulk gets caught. That assumes, of course, that the end user has implemented a blocking/filtering regime :)

Subject lines with obvious spam keywords should be filtered-out by spamcop before ever reaching the account holder, period. Ideally, this filtered spam will be automatically reported by spamcop.

I don't see automatic reporting ever happening. The essence of the SpamCop process is that reporters confirm that a report is correct. Similarly filtering on the obvious spam words is at best unreliable since there is unlikely to be a unanimous agreement on what those words might be and subject lines don't provide enough data to confirm the 'spamminess' of the actual message. So I fear that the whole message content has to be the determination of spam content.

Member reports should be instantaneously utilized to block spam campaigns, providing a tangible benefit and incentive for doing so.

If you're suggesting that a single report from a member should cause an IP to be listed then, again, I fear you will remain disappointed. But if you are saying that a number of member reports should confirm a spamming IP then that's really the current position.

Andrew

Share this post


Link to post
Share on other sites

Andrew wrote

filtering on the obvious spam words is at best unreliable since there is unlikely to be a unanimous agreement on what those words might be and subject lines don't provide enough data to confirm the 'spamminess' of the actual message

You have to be kidding. If the word "Penis" alone was filtered in the subject line, spam would be probably drop 10% How many people regularly receive normal email with the word "penis" in the subject line?? For those few that do then they probably wouldn't want to have a spamcop account if it was filtered. Here's just a few of the subject lines from the 15 messages I've received in my "Held Mail" during the last hour. Let's see if our panel of experts reading this post can reach consensus on which ones are spam:

1.) Don't be embarrassed every time you get naked! Larger penis is your reality with Megadik!

2.) hey man, your girl feel down with your shorterPenis, our herbal pill can longer bjp

3.) National quality drugs

4.) light skinned sexy black twink fu**ed by a latino guy

5.) Dad loves getting nasty with his two daughters

6.) Mlcro5oft + Ado6e t|tles as L0W as 1O$

7.) Replica Handbags

8.) Re: Thank you, we accepted your loan request

OK, how many of you guessed all of the above? If so, give yourself a pat on the back. The other 7 not listed were made-up words, asian text, a duplicate of number 1, weird looking squares. All but 5 and 8 have easy to filter spam keywords. "drugs" might present a problem since it would have legitimate purpose with many. 8 is a variant of the most prolific current spam attack plaguing my email. In number 4 the "F word" is spelled out in the actual spam subject line.

In reference to my point about the level of spam quadrupling during my years of having a spamcop account despite having been a rabid spam reporter SteveT wrote:

Sorry, I do not agree with this conclusion. The fact that spam grows overall even in the fact of reporting does not mean that reporting fails. IMHO, this is guerrilla warfare and we guerrillas take our small victories where we can get them (and, believe it or not, there have been a few

Steve, no disrespect intended but let's use this analogy: Let's say that you own a private security guard company. Suppose I owned a department store and was getting tired of the shoplifting losses so I hired your firm five years ago.

Your plan was to allow all the known criminals to enter the store unimpeded, terrorize the customers and pilfer the place with the intention of using hidden security cameras to record the mayhem. You would then ask tormented customers to fill-out reports on their ordeal. Copies of everything would be sent to landlords, car dealers, gas stations and grocery stores in the area. The logic being that the owners of these businesses would cooperate in denying the criminals shelter, food and transportation to the store so they would have to leave town.

Now, five years later my shoplifting losses have quadrupled under your tenure. The criminals are so brazen many of them wear t-shirts proclaiming their membership in the "shoplifting gang" Others use typical patterns easy to identify. I suggest that we need to do more such as at least stopping the obvious criminals at the door before they even enter my store. You say "We can't do that, our security personal sit in the back-room with camera and recording equipment." I counter, "yes I understand that but maybe you can also add guards at the door."

Edited by buffed

Share this post


Link to post
Share on other sites

Here's just a few of the subject lines from the 15 messages I've received in my "Held Mail" during the last hour.

So SpamCop is doing it's job, fiultering your spam to the Held Mail folder.

It seems to me you are simply upset with either the number of spams you receive to your Held Mail folder(which will happen on most any widely distributed or fairly unprotected address) or the fact you have false negatives ending up in that folder. It would be more efficient for you to determine exactly why those false negatives are getting in there and possibly modify your generic filter settings or emply whitelists (if these are always the same addresses).

Why are you trying to change a system that has worked well for many people for a long time to fit YOUR preferences (I have been an extremely happy customer for years now).

Share this post


Link to post
Share on other sites
You have to be kidding. If the word "Penis" alone was filtered in the subject line, spam would be probably drop 10% How many people regularly receive normal email with the word "penis" in the subject line??

No, I am not kidding. The point I was making is that the subject line alone is an inadequate means of determining 'spamminess'. The whole message is a better test. I have no idea how many people may, or may not, receive Emails that are legitimate with particular words in the subject. Perhaps you can tell me the answer?

As you note, the spam was detected and placed in your held mail folder. So SpamCop Email did exactly what it was intended to do - identified the spam item and moved it.

If you really don't want to have spam moved to held mail then you could implement the grey-listing function which should drop much of the incoming spam addressed directly to you.

You could also opt for the Empty spam button on your tool bar and hit that each time you log-in and that will dump your held spam. (Options : Deleting and Moving Messages) Or you could make your held mail folder your trash folder and have it empty automatically after your chosen period of time.

I suggest that we need to do more such as at least stopping the obvious criminals at the door before they even enter my store. You say "We can't do that, our security personal sit in the back-room with camera and recording equipment." I counter, "yes I understand that but maybe you can also add guards at the door."

Apart from not agreeing that your analogy is entirely comparable, there is a guard at the door already - in fact there are two - SpamAssassin and grey-listing - and for those crooks who slip past the guards, photos of likely suspects have been given to the guards inside the store so they can identify new offenders.

Andrew

Edited by agsteele

Share this post


Link to post
Share on other sites

You have to be kidding. If the word "Penis" alone was filtered in the subject line, spam would be probably drop 10% How many people regularly receive normal email with the word "penis" in the subject line?? For those few that do then they probably wouldn't want to have a spamcop account if it was filtered.

Well, there probably is a "middle ground" area here where some improvement could be made. What I would LOVE to have would be a facility like the existing whitelist / blacklist where you could block based on a user-defined list of keywords (filters don't work for me as I don't use webmail). No automatic reporting, but anything which had your particular pet hate word(s) in the subject line could be automatically diverted to held mail. I would probably have quite a lot of biological terms included in my "hatelist"; a gynaecologist might choose not to.

And why would it not be sensible to switch to automatic reporting of emails with spammy subject lines? Literally just fished an email out of the "held" folder, entitled "Fancy a new partner?", addressed to one of my colleagues. It was actually an email from a car dealership she has bought a car from in the past, trying to sell her a new Peugeot Partner car. Now, aside from the fact that they probably DESERVE to be reported for using such a spammy subject line (and possibly also prosecuted for crimes against marketing), this would be an ideal candidate for an automatic reporting system to catch. Human involvement in the process is what gives the Spamcop system credibility.

Edited by Dangerman

Share this post


Link to post
Share on other sites
<snip>

Steve, no disrespect intended

...And none taken. I find your suggestion interesting and well presented. It just doesn't mesh with what SpamCop is or intends to be (as I understand it).
but let's use this analogy: Let's say that you own a private security guard company. Suppose I owned a department store and was getting tired of the shoplifting losses so I hired your firm five years ago.

Your plan was to allow all the known criminals to enter the store unimpeded, terrorize the customers and pilfer the place with the intention of using hidden security cameras to record the mayhem.

<snip>

...Then I wouldn't be anything like SpamCop. As I understand it, SpamCop is more analogous to a credit reporting agency. It is definitely not a security guard company.

Share this post


Link to post
Share on other sites

Let's carry this a step further.

Every day I get more-or-less the same pattern of spam content. I've applied

all the blocklists that SpamCop offers, and I still have to scroll through about

250 spams a day in order to find the errors and whitelist the unfortunate few

friendly emails that have a listed IP address.

Put 2&2 together:

1. SpamCop looks up the true senders' IP addresses and records them.

2. My Smoothwall.org hardware firewall can be set to reject any of a [very

long] list of black hat IP addresses.

To arrive at this conclusion:

SpamCop could keep track of the IP addresses that I personally have labeled as

spam; let's say, that after I have reported xxx.xxx.xxx.xx# five times, that

SpamCop simply bitbucket anything further from xxx.xxx.xxx.xx#. Once

xxx.xxx.xxx.x## have been bitbucketed, henceforth bitbucket everything from the

range xxx.xxx.xxx.###. Carry forward until all traffic from xxx.###.###.###

gets bitbucketed. RIP.

Put this another way: If I have reported a given IP block umpteen times for spamming,

why should anything further from that source ever get placed into my Held mail folder ?

amenex

Share this post


Link to post
Share on other sites

Put this another way: If I have reported a given IP block umpteen times for spamming,

why should anything further from that source ever get placed into my Held mail folder ?

First, SpamCop does not work with IP blocks. It deals with IP addresses which have been reported as sending spam. That IP address could also (though less likely in the current standard spammer configuration) be sending valid emails. Other hosts in the block could most certainly be sending nothing but valid emails.

If the IP address is reported to have spammed recently, it will be listed. It goes into the Held Mail folder so it can easily be reported again to keep it on the list (since it is still spamming). If those messages don't get reported, it is more likely the IP address will fall off the SpamCop list and get into your Inbox.

Once again, it sounds like you are a great candidate to employ the greylisting feature which was recently introduced. Anyone who wants to not see the spam at all, can use this method. That is the only feature which I do NOT use because I want to see every piece of spam so it can be reported.

Share this post


Link to post
Share on other sites

StevenUnderwood wrote

It seems to me you are simply upset with either the number of spams you receive to your Held Mail folder.........Why are you trying to change a system that has worked well for many people for a long time to fit YOUR preferences

I'm certainly not alone. I've read posts in other threads on the frustration associated with mounting spam despite all the reporting. Remember, this thread was originally started by jpdarcis asking about obvious spam.

Amenex wrote:

I still have to scroll through about 250 spams a day in order to find the errors and whitelist the unfortunate few friendly emails

This is exactly my point and I'm recieving the same amount of spam. Having suspect emails routed to the "Held Mail" folder separates most of the likely spam and certainly makes it easier to sift through but you still have to go through it. However, I still don't understand why absolute blatant spam keywords can't be programmed into Spamcop to be rejected, even automatically reported if possible.

I've set-up a fairly good set of keywords to filter. At first this seemed like a way to reduce the obvious spam that piles up in my held mail. However, for some reason the filtering is working sporadically. I have to click the funnel Icon button many times to get it to start picking away at the spam. It wasn't even working on many of them today, some even had multiple trigger spam words in the subject line and they would still be unaffected by hitting the funnel button numerious times. Any answers?

Share this post


Link to post
Share on other sites
It wasn't even working on many of them today, some even had multiple trigger spam words in the subject line and they would still be unaffected by hitting the funnel button numerious times. Any answers?
It's working for me today. I'd suggest that you take a close look at the raw headers of some of those items, to make sure that there isn't some other spammer trickery going on, such as some sort of encoding of the Subject line, or tricky mis-spellings (zero instead of the letter "o" for example) that are causing your filters not to work. If, after full analysis, and you determine that it's the fault of the system, then you need to contact Support and have them take a look at your situation.

DT

Share this post


Link to post
Share on other sites

...Did you try the grey-listing option suggested by agsteele and StevenUnderwood, above?

Yup; however, see this Spamcop discussion:

http://forum.spamcop.net/forums/lofiversio....php/t8650.html

My experience with a short (four hour) test of greylisting is that it

greylisted one sender six times and six more senders one time

each. About thirty spams got through from mail POP'ed from my

various IP's. Greylisting works only on idiotic spam sent directly to

my "user'[at]spamcop.net address. I have no idea how many folks got

turned away at the door.

George Langford

(amenex)

Share this post


Link to post
Share on other sites
About thirty spams got through from mail POP'ed from my various IP's. Greylisting works only on idiotic spam sent directly to my "user'[at]spamcop.net address.

Yes, you're correct. Grey-listing only works on mail delivered to your spamcop mailbox. If POP a remote account the grey-listing doesn't have any effect. That's the nature of the grey-listing approach.

Andrew

Share this post


Link to post
Share on other sites

Yup; however, see this Spamcop discussion:

http://forum.spamcop.net/forums/lofiversio....php/t8650.html

My experience with a short (four hour) test of greylisting is that it

greylisted one sender six times and six more senders one time

each. About thirty spams got through from mail POP'ed from my

various IP's. Greylisting works only on idiotic spam sent directly to

my "user'[at]spamcop.net address. I have no idea how many folks got

turned away at the door.

Yes, that is exactly right. All the greylisting system is doing is testing the integrity of the mailserver which is delivering mail to your inbox, so if your mail is being forwarded from a domain host to your Spamcop mailbox it will achieve absolutely nothing, since it is always your domain host's mailserver which is delivering to Spamcop. Ditto if you are forwarding from another mailbox - it will be your ISPs mailserver which will be challenged, not the spammer's. And POP'ing is by its nature bypassing the greylisting system completely, since nothing is being delivered to Spamcop in the first place; you are going off and retrieving it instead.

If you are forwarding directly from a domain one option is to use a domain host who uses greylisting. I use Netnames in the UK, and although I was initially loathe to use greylisting it reached a stage where the volume of spam was getting unmanageable: I didn't have time to review my held folder properly any more, so occasional false positives were getting dumped anyway, and so the risk of greylisting blocking the occasional legitimate message made me think it was worthwhile giving it a try. The reality is that greylisting has resulted in the number of spam messages I receive each day dropping from literally thousands to a couple of hundred, and I have only come across one person who has had problems getting mail through to me (who is with a strange little ISP I have never heard of before whose mailservers are presumably badly configured).

Edited to say: beaten to it by Andrew!

Edited by Dangerman

Share this post


Link to post
Share on other sites
This is exactly my point and I'm recieving the same amount of spam.

OK... I may have misunderstood your issue. Sadly, the volumes of spam being sent is increasing so no matter how much reporting goes on the flow continues. But the use of the block lists and SpamAssassin does mean that a user can identify the junk as it arrives allowing the source servers to be reported and blocked more quickly.

Having suspect emails routed to the "Held Mail" folder separates most of the likely spam and certainly makes it easier to sift through but you still have to go through it. However, I still don't understand why absolute blatant spam keywords can't be programmed into Spamcop to be rejected, even automatically reported if possible.

I can see that searching through a full held mail folder can be a hassle, frustration, annoyance or some other adjective of your choice. But you are suggesting that everyone would want the solution you propose. That evidently isn't the case. So working with filters seems the likely solution once you've implemented grey-listing.

Automatic reporting will never happen unless there is a change in the SCBL philosophy which I don't see happening any time soon.

Andrew

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×