SpamCop Does More Harm Than Good

[Dave W]

Do you believe using SpamCop has an impact on reducing spam? If so, I believe you are grossly mistaken. And, as the title says, using SpamCop does more harm than good. Stealing a phrase from another thread, "fighting the good fight" makes us all feel better, but it doesn't help.

Sure, there are minor successes. A spammer caught here, an open relay closed there. But does that do anything to slow down or stop spammers? No. And I've seen a few people post that the amount of spam has "dropped" to a hundred day by using SpamCop. But there is absolutely no evidence (IMO) that any drop in the number of spam can be directly related to specific spam reports.

Let's look at the immediate impact of reporting spam. As soon as you report spam, the ISP shuts down the spammer who can no longer send email through that ISP. YOU WISH! In reality, the BEST that happens (in almost all situations) is the ISP shuts down the spammer who has already given up on that particular window of opportunity. So the spammer just moves to the next window, and often using the same ISPs over and over and over and over again. (Just how successful has it been to shut down spam from mtu or kornet, or even gaoland who claims to have taken action?)

The next immediate impact is the spammers now have your email address. This is just as good a confirmation that they're hitting a good address as replying to have your address removed from the spammers list. Once you do that, the spammers zero in on you. Now they start to target you with directed spam, including spam using your email address as the "From" address and addressing you by name in the content. And, how many of you have had a spammer use your email address as the source of their spam? When they do that, you get hammered with all the bouncing email from all the bad addresses they blast out their spam to. And, the ISPs, clueless and uncaring as some are, are happy to return bounced mail to your address when your address wasn't used to send the spam in the first place. (And by the way, SpamCop doesn't permit you to report invalid bounced mail reports from ISPs as spam, even though they are much worse than spam, IMO.) And though I can report each spam using only seconds of my time and it must take the spammers a lot longer than that to create a spam directed at me, that doesn't make me feel better. Creating spam is the spammers job/recreation. He/she can spend much more time generating spam than any normal person would be willing to spend fighting it, unless that is your job.

And once the spammers have your address, then the amount of spam just soars. There's no stopping them now. I'm not privvy to all the techniques, but I'd guess that spammers are just as automated as SpamCop. Once they have your address, forget it. You're going to get blasted no matter what you do. If I had to do it all over again, I would NEVER submit spam reports via SpamCop. And I will strongly urge against anyone from starting to use SpamCop.

Now lets look at the next reason why using SpamCop does more harm than good. I think this is a simple numerical analysis (though I'm sure there are those of you who will argue the numbers are not right). A spammer sends a single email to you. You report it to SpamCop in an email. (If you report on the web, the number of transactions are the same. You just shift the transaction from email to a transfer to/from a web site.) SpamCop then sends you a report email. You follow that by following the link to a web site, then submitting the report. SpamCop finishes up by sending emails to one or more people on the report list. So that one spam has led to 5 or 6 messages, and frequently more, being sent over the internet. WOW! The spammer gets a free multiplier of at least 5 or 6. What else could he/she ask for?

So there you have the subject of my post. But I don't think we should sit back and do nothing. I just think that using SpamCop is not the answer and that reporting spam (even to spam[at]uce.gov) has no immediate or long-term affect. I believe we would be much better off taking the time and money we spend reporting spam and spending it on lobbying efforts to change the industry and improve the CAN-spam laws.

As some examples (and frankly, I have no idea if these are either do-able or could be made legal), why can't ISPs be required to pre-approve any bulk emailers sending more than some limit? So for those legitimate businesses who send out a large volume of mail (Yahoo/Google groups, for example), they would have to be pre-approved by their ISP (themselves in those examples) before they would be permitted to send the volume. The ISP would be legally responsible for insuring this.

In addition, any ISP or relay should be required to refuse email from any ISP who violates the above paragraph or relay that violates this sentence. So if the spam is coming from mtu and mtu is a known spammer site, no other sites (or sites further down the link) would accept email from that site.

I know, the major companies have been working on killing spam for years. Bill Gates declared once that spam would be gone within some small time frame. Of course, he's admitted there is not much that can be done. I'm not an internet communications expert, but my guess is the technical challenges are just too great to implement spam-stopping changes without making major, incompatible changes to the protocols. But if there are options, we, as a community, should be lobbying for changes rather than wasting our time reporting spammers.

It might take years to have an affect trying to change law, ISP policy or design, but in the end that's the only way we (SpamCop users) will be able to change the way things are.

Just my opinions.

Regards.

Dave W.

[rconner]

Hello, Dave. Not sure whether you are trolling or not, but I'll take the bait anyway...

Do you believe using SpamCop has an impact on reducing spam?

No. I believe that SpamCop automates reports to the sources of spam mail and to the operators of spam hosts.

But does that do anything to slow down or stop spammers? No. And I've seen a few people post that the amount of spam has "dropped" to a hundred day by using SpamCop. But there is absolutely no evidence (IMO) that any drop in the number of spam can be directly related to specific spam reports.

Not sure there's any more evidence the other way, that SpamCop hasn't helped. What is spam would have grown by 30% this past year, but SpamCop (and other anti-spam operations) caused it to grow by only 28%. Is this failure? I wonder what our levels of spam mail would be if it were not for at least the mild pressure exerted by anti-spam operations like SpamCop. If ISPs saw no downside to hosting and supporting spammers, how likely do you think would they be to keep it under control?

Let's look at the immediate impact of reporting spam. As soon as you report spam, the ISP shuts down the spammer who can no longer send email through that ISP. YOU WISH!

Actually, most of the spam I get comes from botnets, not from jackleg ISPs. The ISP has no power to "shut down" the spammer because it has no control over your grandma's zombified PC. The only thing it can do, if it will, is to throw up some port blocking (which some operators have done, greatly reducing the spam that issues from their IP blocks).

Also, reporting spam via SpamCop is important because it adds info to the SCBL, which many people use to filter the spam from their incoming mail. If we all stop trapping and reporting our spam, then we kill the SCBL (and probaly other DNSBLs as well), destroying many people's first-line defense against the spammers.

The next immediate impact is the spammers now have your email address.

No, they don't, at least not unless you turn off the address munging that SpamCop provides. In order for a spammer to get your IP address from a SpamCop report, both of the following must apply: (1) the spammer is the recipient of the report (or the recipient passes the report to the spammer, not very common IMO), and (2) your report contains a "web bug" or similar mechanism that points to your address in the spammer's own databases. In my own case, my e-mail address is munged out of spam reports by SpamCop, so the spammer cannot get at them unless he uses a web bug or the like (and then only if he gets his hands on a copy of the report).

I'm not privvy to all the techniques,

I strongly suggest that perhaps you should become a bit more "privy" about these matters by reading here or in the SpamCop Wiki, this will help you to better understand some of the points you've raised.

I'd guess that spammers are just as automated as SpamCop. Once they have your address, forget it. You're going to get blasted no matter what you do. If I had to do it all over again, I would NEVER submit spam reports via SpamCop. And I will strongly urge against anyone from starting to use SpamCop.

I gently suggest to you that you may be engaging in some fallacious post-hoc reasoning here (i.e., my spam went up after SpamCop, therefore SpamCop caused my mail to go up). Many people have claimed here (and elsewhere) that SpamCop caused them to get more spam, but none to my knowledge have provided any solid quantitative evidence for the claim.

So that one spam has led to 5 or 6 messages, and frequently more, being sent over the internet. WOW! The spammer gets a free multiplier of at least 5 or 6. What else could he/she ask for?

I don't understand. Yes, spam reporting does generate follow-on mail, but as long as this mail is properly targeted and germane to the issue of mail abuse, it is not spam. Also, I fail to see how the spammer benefits from this secondary traffic. Are you suggesting that abuse desk people who read these reports are likely to be convinced to buy penis pills from BadCow or whoever is pushing them today, because they read about them in an abuse report?

I believe we would be much better off taking the time and money we spend reporting spam and spending it on lobbying efforts to change the industry and improve the CAN-spam laws.

I suspect that by "improve the CAN spam laws" you mean to fund more aggressive enforcement and prosecution. If so, I'd agree that this would help. I don't know what you mean by "change the industry;" spaming is not industry, it is organized crime. Anyway, we still have to spend time and treasure reporting spam, because otherwise how do we know that these improved laws have been broken or that the changed industry is not following the rules?

-- rick

(on edit: fixed weird quote-tag problem)

[StevenUnderwood]

Do you believe using SpamCop has an impact on reducing spam? If so, I believe you are grossly mistaken.

This depends on how you define "using SpamCop". I believe spamcop has a negligible effect on the numbers of spam being sent but a major effect on the number being delivered. The primary benefit is getting the IP addresses listed on the blocklists then using that blocklist.

My "use of SpamCop" is in getting the messages redirected to my Held Mail folder and doing quick reporting (with returns turned off) of all messages caught. The only messages sent out are to give a heads up to the ISP hosting the spammer. Many times, they already know this, but once in a while it helps.

My solution saves in excess of 95% of the spam from going into my inbox. If I get more than 1 or 2 a week in the inbox, it is rare.

[turetzsr]

Do you believe using SpamCop has an impact on reducing spam? If so, I believe you are grossly mistaken. And, as the title says, using SpamCop does more harm than good. Stealing a phrase from another thread, "fighting the good fight" makes us all feel better, but it doesn't help.

<snip>

...To quote a famous line from Gone with the Wind: "Frankly, my dear, I don't give a damn." Does reporting suspected prowlers to the police have an impact on reducing the overall numbers of prowlers or prowling incidents? Not really, but I'm going to continue, anyway.

[Telarin]

I suggest that you read up a bit in this thread, as there are a number of good cases in here with people like me gaining a very real, measurable benefit by using SpamCop for reporting and then taking advantage of the SCBL to filter incoming email at the mail server.

[washmail]

There's also the different types of spammers.

When I first started reporting I had a fair number of 'over-zealous businesses' type spammers who were just trying to cash in on the opportunities of mass emailing, often not realizing the consequences. These quickly disappeared, with a few needing an extra push such as phoning or writing to them directly with threats of SC reporting & the consequences. (The only exception for us was the online software dealer ashampoo.com , and I give their domain without concern as they deserve the mention. The end solution was simply to blacklist their domain.)

So in this respect, spam WAS conquered via spam Cop.

I decided to take the 'brave' route of not munging my reports in order to get past those ISPs refusing to accept such, but it definitely did increase my spam iro the career spammers.

It got worse when I gave detailed reports, and eventually even personal.

I take my hat off to those that keep reporting year after year. They've made a serious difference for everyone.

Perhaps some BL contributions have now become more automated though. I'm thinking of gmail in particular with their 'report spam' feature; just a simple click. Although considering how many unknowing individuals may report their friends if annoyed with them today etc., who knows how much it may be a contaminated process as well. I don't know if gmail (or any other independent public systems) share/combine their BLs.

(IMO) What is really needed is a re-design of the whole system. Unfortunately that requires a degree of cooperation seldom seen in the world. And the dynamics of spam activity will continue to challenge regardless.

[Miss Betsy]

You have your answer - you don't understand how email works or why laws/regulations don't control spam and that the best spam control is to use blocklists of known spamsources, of which spamcop blocklist is one that many server admins find useful.

Miss Betsy

[cats]

Many people have claimed here (and elsewhere) that SpamCop caused them to get more spam, but none to my knowledge have provided any solid quantitative evidence for the claim.

I've been using SpamCop (SC) for several years and am moderately happy with it. There are almost no false positives and it does a better job of filtering than other techniques I have tried. I usually report the few spam that get through each day via the webmail interface. However, an interesting situation has developed.

I searched my Held messages recently and found that SC has filtered out around 60 spams per day. Now the bad news. Three-quarters of that spam is to my SC email address which I do not use for email. Only a quarter of the spam is to the active email address which I forward to SC for filtering. So, how did that happen? The only thing I can think of is that the spammers got my SC address from the spam reports. I didn't think that the address was included in reports but now I have my doubts. In any case, it certainly appears that SC causes me to get more spam by a factor of about 4.

I'm not terribly concerned about this but it would be nice to stop those 45 spams I get every day to my SC address. Have other users noticed this situation and done anything about it?

[Farelf]

...I'm not terribly concerned about this but it would be nice to stop those 45 spams I get every day to my SC address. Have other users noticed this situation and done anything about it?

Lots of discussion over the years:

http://forum.spamcop.net/forums/index.php?showtopic=1771

http://forum.spamcop.net/forums/index.php?showtopic=9333

etc. etc...

Probably raises more questions than answers, so don't be afraid to ask.

[Miss Betsy]

Yes, other users have noticed this phenomenon. For those who are interested in filtering spam, it doesn't make a lot of difference. Others get upset.

Miss Betsy

[DavidT]

Three-quarters of that spam is to my SC email address which I do not use for email.

My experience is entirely different. In all the analysis and spot-checking I've done of incoming spam, whether caught in my Held mail or not, I've rarely if *ever* received one that was addressed to my SpamCop email address.

Now, perhaps you've sent more mail using the SpamCop webmail system than I have, because formerly, even if you had configured alternate email identities in the webmail system, our true SC email addresses were still embedded in the headers of outgoing messages. This could have had the effect of "publishing" our otherwise secret addresses to computers of friends or other contacts whose computers were compromised by various spammer trojans/botnets/etc. which would result in incoming spam. This problems seems to have been recently fixed.

Or there's some other explanation for our quite different experiences, perhaps, but I don't receive spam at my SC email address.

DT

[cats]

Lots of discussion over the years... Probably raises more questions than answers, so don't be afraid to ask.

No kidding! I'm afraid I understand about half of what is said and don't really want to know the gory details. It sounds as if there is nothing much I can do about the spam to my SpamCop email address; it's unclear why changing one's address is discouraged.

... and

Yes, other users have noticed this phenomenon. For those who are interested in filtering spam, it doesn't make a lot of difference. Others get upset.

The difference it makes is that I have to look through all that held mail once in a while to check for false positives from new email sources I have not yet white-listed. The other consideration is that I am paying SpamCop to catch about 15 spam per day (the other 45 are to my SpamCop address). Is that is worth the subscription cost given that there are several free or bundled options available to me? For now, at least, I value the additional level of filtering that SpamCop provides.

Thanks all for helping answer my question.

[Farelf]

...No kidding! I'm afraid I understand about half of what is said and don't really want to know the gory details.

Fair enough.

...It sounds as if there is nothing much I can do about the spam to my SpamCop email address; it's unclear why changing one's address is discouraged...

I'm not sure where changing your SC email address is discouraged but I would be inclined to just go ahead and do it if I were you and that is what I/you wanted.

Just how you might use your new address day-to-day will be the biggest part of determining your future 'spam experience' and if you want to try excluding SC reporting (or "full reporting") as part of that mix, that's entirely up to you - no-one could say in advance whether or not that will improve things longer term, in your specific circumstance (it's just a balance of probability thing in the *general* case). As with any address change there may be a load of consequent advices to be issued and changes to be made which you will take into account considering the advantage:disadvantage ratio.

[cats]

The difference it makes is that I have to look through all that held mail once in a while to check for false positives from new email sources I have not yet white-listed. The other consideration is that I am paying SpamCop to catch about 15 spam per day (the other 45 are to my SpamCop address). Is that is worth the subscription cost given that there are several free or bundled options available to me? For now, at least, I value the additional level of filtering that SpamCop provides.

An update. For a couple of months now all the spam I received was to my SpamCop address even though I do not use it for sending mail. My 5 active email accounts on 3 different services had no spam. Not sure why, maybe better filtering by the providers or perhaps just a cyclical lull. In any case, for me there is little reason to continue using SpamCop. Good luck to the rest of you who still find it useful.

[Farelf]

An update. For a couple of months now all the spam I received was to my SpamCop address even though I do not use it for sending mail. My 5 active email accounts on 3 different services had no spam. Not sure why, maybe better filtering by the providers or perhaps just a cyclical lull. In any case, for me there is little reason to continue using SpamCop. Good luck to the rest of you who still find it useful.

Thanks for the update - yes, there should be no top-level filtering on the SC account (intention being you do the filtering and report or delete, reporting supporting the SCbl) but ISPs generally seem to be inwards filtering more and more - some of them using the SCbl, no doubt, or IronPort. I have an account too, which admits no spam at all now for days on end (and then very little). But the filtering is switchable so I see the spam is still out there, just not getting through when the account is in 'shields up' mode. Spammer response to increased filtering is (mostly) to send more spam, I believe.

If the aim is to keep spam out of your inbox, SC can be good but if it is to keep it out of your account(s) entirely then there are more efficient solutions, with just some (seemingly small) risks in terms of 'goodmail' delivery reliability. Whichever way you cut it, unless you want to - and can - support the reporting effort and do something to address the massive (and supposedly increasing) bandwidth theft going on, SC is not for you. Goodbye and good luck, thanks for giving it a try.