Jump to content
Sign in to follow this  
MsLil

More phishing scams since I started reporting

Recommended Posts

Your parser finds clear web sites and sends reports to their supervisors.
Sometimes it does, other times it does not. See the many threads about that here in these forums.

When taking out your appendix, would you rather have your neighbor do it, following written instructions by the foremost experts; or would you trust it to be done better by an everyday physician, one who understands the reasons the human body works as it does?
Every doctor I have met has already "read the instructions" before performing the operation, even for the first time. I'll stop there because your analogy breaks down even further beyond that. But keep in mind, most "doctors of spam reporting" do their own parsing and send their own reports (which tend to be more effective that SpamCop reports in my experience), not rely on a tool written by someone else to do it for them.

Share this post


Link to post
Share on other sites
Sometimes it does, other times it does not. See the many threads about that here in these forums.

Every doctor I have met has already "read the instructions" before performing the operation, even for the first time. I'll stop there because your analogy breaks down even further beyond that. But keep in mind, most "doctors of spam reporting" do their own parsing and send their own reports (which tend to be more effective that SpamCop reports in my experience), not rely on a tool written by someone else to do it for them.

Do you have pointy ears?

No, that analogy was much more vague: In my experience, the most detailed instructions fail among 1% of people when something unexpected turns, up (which it always does), and they have to judge for themselves the best course of action.

I'm a doctor of a natural science, not spam reporting. To practice my profession or even have a life, I could never automate my own spam complaints. Yes, I've watched your parser peel the envelope from the outside in, checking each layer. Only a very large & dedicated organization could attempt what SpamCop does. However, I have always filed individual reports of spoofs and phish, which are no longer sent me. I just redirected phish to the to banks, who took it from there.

Miss Betsy was kind enough to point me to a 'Confabulator', or something similar, written for Windows (which I have never owned). The information in it, however, would permit me to throw together an 'awk' scri_pt or something similar. I was hoping instead to have KnujOn added to the recipients of my SpamCop reports; they, in turn, forward theirs to uce.gov. When I can afford a proper account, I may follow your earlier suggestion. Today, as you know, even token fees have to be budgeted by (sadly) many, many people.

There is another possibility, for which there may be a very good reason not to not suggest: Send one unadulterated copy, which goes to those responsible for the mailers; then a second, adulterated one, describing the adulteration in the large comment box, and un-clicking all the little boxes to the mailers, leaving these to be sent to the web site administrators.

Ideally, reports referencing reports would go up the business ladder as far as needed, some possibly to ICAMM itself: these, in turn, would be within the purview of the Federal Trade Commission (and drawn to the attention of the Department of State). It could be done tastefully. Of course, users' reports likely go right to spammers, as one subject line in a previous letter to Miss Betsy suggests.

I'm sure it's coincidence, but since that personal spam to me, all spam of every kind has stopped. Strangely, I'm not sure how I should feel being blacklisted by the blacklisted.

Rapakiwi

Share this post


Link to post
Share on other sites

Actually, those who deal with spam daily, (the experienced doctor) in your analogy, seem to prefer to use a combination of blocklists and content filters (of which the scbl is only one) to prevent spam from entering their network. They may, or may not, report spam to the source, but I expect the ones who do, are discriminatory, only reporting what appears to be a leak to a known, responsible server admin, or in support of their favorite blocklists. The content filter is primarily for those spam that have not been identified yet by the blocklists and probably some of those are reported (or simply added manually to their own blocklist).

The other daily users just leave to the IT department to keep spam out.

Spamvertized site blocklists (some of which come from those identified by spamcop reporters), a server admin estimated, caught about 25% of incoming spam.

Researchers into spam statistics and patterns are necessary as in any field, but unless they produce a better spam trap, the 'experienced' are not much interested in the details.

One point that you might consider in your theory of reporting is that the FTC, the major blocklists, and the major spoofed domains (such as ebay) can collect all the spam they want to analyze without relying on inexperienced people who don't read the instructions before sending reports.

spam goes in waves, for no discernible, repeatable reasons.

Miss Betsy

[PS Official spamcop pages have not been changed for years in spite of suggestions. Spamcop was written for techies and there is no accommodation for anyone who isn't a techie. The forum, and some posters (particularly me since I am technically non-fluent) try to translate for people who are not techies . My quixotic hope is that consumers will become savvy enough to force ISPs to use blocklists rather than content filters and not dump email before the consumer sees it.]

Share this post


Link to post
Share on other sites
...Thank you for your kind explanation of how the internet works. The main focus of spamcop, which I thought you probably knew, since you are researching, is to stop the source of spam, not those websites that are advertising via spam. Are they really different?

Though I may be a researcher, I have a life; and it's not researching spamcop. However, I took a day off to explore how much of my spam is from 'zombies', and whether it may come from the same servers that host the web sites in the spam. This is hardly definitive, but it's mildly interesting.

<snip>

In answer to your question - though you doubtless meant it to be rhetorical- yes, they really are different in terms of the way they are approached. You were quick to dismiss Complainterator yet the base methodology is the exact way to do something about spamvertized websites, in particular the pesky ones hosted on botnets - "attacking" those through SC is like hunting vampires without your trusty silver bullets. As an aside - that's the paradox of pattern recognition - it's the way perception works but if you fix on an incomplete pattern you are blind to much that may be 'real'. Like your cats - or, to reverse things, my daughter's dog which hunts the shadows of smoke. (Other dogs have no idea what she's on about.) For the approach template to initiate effective action against the most intractable spamvertizers see http://forum.spamcop.net/forums/index.php?...ost&p=48929 (IIUC DNSStuff no longer provides free the tools it did then but there are others) - and you could do worse than to read the whole topic. It just takes through, to a useful point, the sort of research you detail in the above post.

SC is a tool with a particular application (identifying and listing the actively-sending IP addresses of significant spam sources). As a sideline (and, no doubt, retained only as a result of much nagging) it makes occasional attempts to resolve spamvertized websites. Many (including me) have railed against the 'wasted opportunity' of such diffidence, pointing out that the spamvertized websites are the whole point of (much of) the spam and we should be attacking them there, at the seat of corruption and where they might be 'hurt'. Yet SC resolutely holds to its self-appointed task. And, in the process, provides a tool which is the mere starting point for serious up-close and personal spam fighting. Despite the name it is not about law enforcement. State and national jurisdictional issues alone make that impracticable. And you are not going to reform SC single-handedly nor overnight. You are clearly exceptional. But not that exceptional. I think challenges to the orthodoxy might be essential to keep SC relevant and viable - thanks for trying (and I don't think you'll stop). But I don't think SC sees it quite the same way.

Share this post


Link to post
Share on other sites

I confess that I am having a bit of trouble following the new direction of this thread, but I take it that we are now discussing why SpamCop won't consistently report website URLs found in spam, and why we aren't allowed to "help" the parser by massaging the spam mail before we submit it for parsing. While I'm not plugged into SpamCop management at all, I have been a paid user for nearly a decade and so perhaps I'm in a position to share some observations. Sorry for the length of this post, but perhaps it will be on-point nevertheless.

TRACING AND REPORTING WEBSITES

Tracing and reporting spam websites is far more difficult, and far more prone to ambiguity, than simply tracing the sources of spam mail (which can be done largely mechanically, the way SpamCop does it). I've been studying this area in particular for several years now, but even all this experience doesn't always enable me to keep up with all the ruses. I suspect that this difficulty and ambiguity are two of the principal reasons why SpamCop does not make exhaustive efforts on this front.

  • For example, if you run a local nslookup on a URL given in spam, you cannot be sure that the IP address returned to you is the correct and only address of the site.
  • Even if you do a top-down authoritative nslookup, however, you still can't rely completely on the results because some spammers can change their DNS records as frequently as every couple of minutes, meaning that the report you just worked so hard to document becomes invalid before you even manage to send it (check out the website URL in this very fresh tracking link, for instance -- it is currently showing four addresses and a three-minute TTL).
  • Many websites are effectively protected by reverse-proxying zombies (NOT the same as the common Googlepages/Geocities redirectors), so your report will involve only a zombie and not the actual web server itself.
  • You can't even go after the DNS support for these rotating websites and botnets, because the auth-DNS service itself is on the botnet and you (as a plain ol' user) can't always find the "brains" of the operation without concerted effort that can take literally DAYS.
  • You can send notes to the domain registrars for the domains in question, but these domains are usually sold by the very same outfits that regularly appear on the various "Worst Registrars" lists, and you can automatically assume that any domain-WHOIS info you find is bogus. Your complaints will likely go straight to /dev/null.
  • On the spam website itself, you may find a redirection to some other website where the stuff is sold. The spammer might be kind enough to include this in a META REFRESH tag for you to view, but more likely it will be encrypted into a java scri_pt that you cannot easily inspect. Yes you can report the site that is doing the redirecting, but this does not help you deal with the hand inside the sock puppet.
  • Many spam links I get now are simply search-engine queries that are contrived to point directly to (and redirect to) the spammer's site. Often, the spammer includes enough alphabet soup and fake search info in these links to make them even more difficult to parse than they already would be in the first place.
  • Many spam URLs are munged with errors that make them non-compliant with respect to strict URL syntax (e.g., backslashes in place of forward slashes, whitespace inserted, and the like), but the spammers have learned that many browsers (oh, say, IE) will tolerate these errors. So, a strict URL parser won't see them, but the user's mail program or browser certainly will
  • And then, it might even be that the website named in the spam doesn't have anything at all to do with the spam (e.g., it was a link placed after-the-fact by some free e-mail service or anti-virus software, or it may have been planted on purpose by the spammer with the intention of diverting investigators, providing fake "documentation" for a claim (e.g., in 419 mail or stock spam), or "joe-jobbing" an enemy). No machine could figure out that such links aren't reportable.

Not every spam website link presents such problems, but in my experience enough of them do to make it tricky to program a machine to deal with them; human judgment is invariably required. There are so many chuckholes down this road that it hardly seems surprising (to me at any rate) that SpamCop would not want to deal with this problem. Although I do try to LART such sites myself (usually outside of SpamCop) if I have the time, it is not always very easy or fast to do (particularly where rotating IP addresses are involved).

THE NO-ALTERATION RULE

As for altering spam before parsing it: if there were no rule to prohibit people from altering spam they receive before they submit it, this would invariably lead to people clobbering RFC2822 structure, MIME layout and encoding, URL syntax, etc. They might cut off parts of a URL they have "decoded" (a critical error if you are dealing with a Geocities or Blogger redirect, for example). Not to mention that they could put info into their messages that could be just flat WRONG. This would allow the spammers targeted by SpamCop to justifiably claim "see, these SpamCop guys will forge evidence if they can't find it legitimately." This is precisely the kind of thing that SpamCop seeks to avoid. Again, speaking as user of SpamCop, I believe it to be better all around just to have The Rule.

If you are interested in having someone look at the websites in spam you get (or, at least, the ones that SpamCop doesn't deal with), you should be able to forward your SpamCop reports to Knujon (I don't think that this requires a paid Knujon membership). Best to check the Knujon website (http://www.knujon.com/) for this info. To me, forwarding to Knujon has been a bit like throwing stuff over a high wall -- I can't tell very easily what gets done with my spam after I forward it (and I actually paid for a membership). Still, they have been making some positive headlines recently, particularly with regard to crooked domain registrars.

-- rick

Share this post


Link to post
Share on other sites
I confess that I am having a bit of trouble following the new direction of this thread, but I take it that we are now discussing why SpamCop won't consistently report website URLs found in spam, and why we aren't allowed to "help" the parser by massaging the spam mail before we submit it for parsing.

Rick,

That was my fault. Initially I was answering Miss Lil's original question: Does reporting phish increase it. No. After only two weeks of (rapidly) reporting it to SpamCop (and banks as well), I suddently received a bundle of it. When I continued reporting, I received an ultimate phish, one sent 'from me', then never another. The last make it very clear who had control. Let me make it very clear that I sign all SpamCop's complaints with my name and my email address, and I personally comment each.

Someone earlier had assumed he was receiving much more spam because he had been reporting it to SpamCop. So, I expanded the topic to spam. I was amazed to discover this was 100% malicious. After three weeks of rapidly reporting it, I received a burst of spam, which I reported. Then came what appears a penultimate spam letter, one addressed to me on the subject line, and one more. Since then, I've been cut off of all spam. Ironically, I feel a little down, being on the blacklisteds blacklist. In perverse way, it's like being the lowest of the lows. I did receive a pretty 64-bit encoded one from the 'Bat!', if that really counts as one. But that's like being mugged by Black Bart. (A Californian joke.)

I've little time (and hate thinking about crime), so I use the forums for the rare problem I encounter; then I try and repay this by, in this case I thought, encouraging people to report. This 'thank you' to SpamCop's forum isn't what I had intended.

However, the answer to all is that SpamCop may greatly reduce your spam, if you report it rapidly and fearlessly. (My average time was about 3 hours.)

TRACING AND REPORTING WEBSITES

There is absolutely no question this is true! A beautiful summary, which I shall keep. However, should you have spam before you, with a return address and a web site link, which would the spammer want to be found more easily: his address or his web site? SpamCop reports unmunged web sites. Would they really change by the day and minute if no one harassed them? (One changed while I was writing a letter to Miss Betsy.)

This subject latter subject arose when I began doodling. There are many countries, yet SpamCop reports went to few. Assuming one country was 'owned' by a coordinated group of spammers, I made a simple adjacency graph among the countries in my reports. I found only two connected graphs: one in Asia and one in South America. Asia had rather tenuous connection between an East European and a Middle and Far Eastern section (which had a very speciic connection, explored in Miss Betsy's sub-thread). At most three spammers were responsible for all the spam to a university?

What surprised me was that the spam web sites themselves broke into these same groups. However, mail from China might point to a site in Turkey, and mail from Turkey might point to a site in China. The circular paths enlarged, but it seemed clear from my little sample (especially considering the mailer header shown to Miss Betsy), that some ISPs themselves were sending spam. If this is the case, why shouldn't they offer spam sites as well?

Amusingly, when my wife asked me where I would place a computer allowed to connect to the internet and do this, I said 'a small town in southern Brazil'. When I prepared the report for Miss Betsy, I was quite amused. It was about this time that most spam sites became munged, designed for everyday people to easily fix, and I fixed two by replacing [DOT] with a period.

THE NO-ALTERATION RULE

Your last information was great; but this paragraph is just a bit 'over the top', isn't it? We are talking here of capital punishment for replacing [DOT] with a period, after watching SpamCop attempt to parse the URL and fail. The clearly printed rule allows no exceptions.

I wasn't aware than KunjOn wasn't a public service organization as well. That is sad. spam can be 'redirected' to the Federal Trade Commission, and phish to abuse[at]bank. spam wasn't a problem with me when before I learned it was all malicious. Reporting phish was, for it took up to an hour to prove a spoof: and this had to me done immediately. I spent three days trying to rid Goggle's network of a sniffer than clandestinely installed spyware on PCs. (Google claimed it wasn't they're problem.) These sorts of problems still need a philanthropic organization who know whom to report to.

Thank you for the really excellent report on why a URL may not resolve correctly. The question in my mind is, would a spammer really want my spam's hyperlink to not resolve for me?

Rapakiwi

Oh, joy! I caught a little phish, warning me my computer is compromised. I feel great.

Share this post


Link to post
Share on other sites
Would they really change by the day and minute if no one harassed them?
Clearly, some spammers have been driven to this extremity by spam complainers (including SpamCop perhaps). As I described, however, tracking these exploits is not a job you can simply throw up to an automated parser that has only milliseconds to find and deliver its results.

Your last information was great; but this paragraph is just a bit 'over the top', isn't it? We are talking here of capital punishment for replacing [DOT] with a period, after watching SpamCop attempt to parse the URL and fail. The clearly printed rule allows no exceptions.
I don't find anything about my paragraph to be over the top. I was merely giving my own surmise as to why this rule is in place. I was not commenting on the consequences of breaking the rule. Yes, replacing "[DOT]" is a minor alteration, but then we would be on an untenable slippery slope here. Besides, how is SpamCop to know that you made this alteration? Most SpamCop users are not what Miss Besty calls "techies," they do not understand which alterations are OK and which aren't.

The law enforcement types have a notion called "chain of custody of evidence." If spam is a crime, then the SMTP packet is the evidence of the crime. If the cops don't have a process in place to protect their evidence from tampering (whether innocent or sinister), then they can get their heads handed to them by defense attorneys. The "no alteration" rule, as I see it, is SpamCop's chain of custody: if an ISP says "nope, wasn't me, your user must have made this up," SpamCop can legitimately point to The Rule and indicate that users aren't ALLOWED to make things up.

I wasn't aware than KunjOn wasn't a public service organization as well. That is sad.
Why? If the guy is a private party using network resources and spending his time on this, doesn't he deserve to have his costs reimbursed, or even to make a little profit by which tp pay his mortgage? Actually, though, I think the only difference between paid and unpaid users is that the paid users get their own personal submission address and also get their own reports. Not nearly as dramatic a difference as between paid & unpaid SpamCop users.

The question in my mind is, would a spammer really want my spam's hyperlink to not resolve for me?
He would want it to resolve for you if you are a prospective customer. Otherwise, he would rather it not. This was sometime a paradox, but now the time gives it proof; tricks like those I describe now make it possible.

-- rick

Share this post


Link to post
Share on other sites

It is true that some spammers use 'listwashing' or removing reporters' addresses from their database. However, since many spammers use zombies to send (which are not 'fixed' by insisting the owners fix them) and the rotating websites, it is not necessary for them. In fact, they seem to harvest addresses, including spamcop email addresses, from reports. In previous topics about this (and probably this one as well), the general consensus of reporters is that as many spam report recipients add names as listwash so it doesn't make a lot of difference. In the old days, there was an argument that reporters should avoid listwashing so as to keep the IP address on the scbl, but nowadays, there are other bls that list the zombies so it is not as important.

A lull in the receiving of spam may mean that the spammer is a listwasher; however, many reporters experience the lull and then start receiving another type of spam which seems to indicate that the address has been sold as a 'guaranteed live address'

What I don't understand is that, if you have the time to report spamvertized websites (which, as rconner indicates, takes a lot of time to do properly), you don't have the time to research what others have experienced. Shutting down criminal websites is something that, if local law enforcement wanted to do so, they could very easily set up spam traps and get exactly the evidence that they want without outside help. That says to me that those local law enforcement agencies either do not have the laws to do so or are not interested.

It also doesn't hurt to report them manually as long as you know what you are doing. ISPs made it difficult for spammers to operate because of public pressure. It may also be true for those in control of websites. You need more of a stick than just saying that is wrong, however. I think one reporter found their name servers and blocked them. And you may report to someone who wants to shut them down and the spammer just slipped through a crack in their defenses.

Some people think (and I am one of them) that the rules regarding registrars should be strengthened so that they do not allow bogus whois information. That's why pushing ICANN to strengthen the rules by reporting violations is a worthwhile endeavor, IMHO.

Yes, it is true that spammers went to the evasive tactics for websites because of reporting. However, there are other blocklists that concentrate on spamvertized websites that do it a whole lot better than spamcop. spamcop is a tool. You don't use a screwdriver when you need a hammer.

There would be no reason for spamvertized websites if none of their spam was ever delivered. If they still wanted to have websites, then, as you pointed out, it is caveat emptor for the web surfer looking to buy something just as it is offline in responding to a newspaper ad.

Miss Betsy

Share this post


Link to post
Share on other sites
... Some people think (and I am one of them) that the rules regarding registrars should be strengthened so that they do not allow bogus whois information. That's why pushing ICANN to strengthen the rules by reporting violations is a worthwhile endeavor, IMHO.

...

There would be no reason for spamvertized websites if none of their spam was ever delivered. If they still wanted to have websites, then, as you pointed out, it is caveat emptor for the web surfer looking to buy something just as it is offline in responding to a newspaper ad.

Prezac'ly x 2

It might be said that, [short of]/[on the way to] shutting down delinquent websites, there is arguably a role to be played by the "site advisory" tools - IE7's phishing alert, McAfee's SiteAdvisor, etc. which also have some small effect in contributing to the pressure on indifferent/complicit registrars, as well as serving as half a brain for the unwary web surfer who might be (nevertheless) smart enough to use them. And in the case of SiteAdvisor the battered public can contribute reports for the guidance of others (and, supposedly, the sharpening or the amelioration of the public assessment).

Consider the ineffectuality of the standard SpamCop report concerning phishing site groupdg.cn in http://www.spamcop.net/sc?id=z2035178519zb...708394bd1c9b36z (apart from the distraction of innocent bystander Google Adwords) the odds are that everytime the message is parsed/viewed, there will be a different (practically immaterial) notifying address concerning the .cn criminals' handiwork.

The SiteAdvisor entry is to be found at http://www.siteadvisor.com/sites/groupdg.cn and the detail indicates to me that this activity is unlikely to be checked soon (though they might be inconvenienced if vulnerable in the nameservers). Anyway, at least a warning is out there.

Share this post


Link to post
Share on other sites
It might be said that, [short of]/[on the way to] shutting down delinquent websites, there is arguably a role to be played by the "site advisory" tools - IE7's phishing alert, McAfee's SiteAdvisor, etc.

Mr Elf,

Indeed. Should Mac users think themselves safe from spammers' web sites making them zombies, I offer today's quote from Softpedia.com:

Rumor had it that visiting a maliciously crafted website using Safari may lead to "an unexpected application termination or arbitrary code execution," because of a memory corruption issue in WebKit's handling of java scri_pt arrays. Therefore, Apple has released Safari 3.1.2 for Tiger, available as a free download for all 10.4 11 users.

No one should have to be a mechanic to drive a car; and no one should have to be a security expert to safely use the internet. (At least that's a dream I've had for 20 years.) For years I've been 'suggesting' to Apple that they warn users of mail with forged 'From:' lines and hyperlink URLs 'named' other URLs. (I'm persona non grata there as well.) It seems so simple. Examine the quote above: all it takes is one mistake when browsing. I always advise going to a reliable archive or the Wikipedia rather than search engines to initially get a popular website (such as OpenOffice.org rather than OpenOffice.com), then following hyperlinks in these. Whether you'll get mugged depends upon what street you walk. Why can Firefox users have a plug-in from 'Finjan', yet Safari users not?

By the way, I never dismissed Criticiseorator, I just can't spell it. It wasn't written for my operating system (Java source?): but the textfiles inside contain enough for a quick awk scri_pt. The fact that is difficult to on the internet shows how feared it is. I would be great had it been written in a platform independent language and distributed on Sourceforge or standard archives.

In addition to agreeing with everyone about everything, I should like to say that I believe web sites in spam need to be taken down within minutes to avoid tragedies. Harassing spammers rapidly, continuously, and doggedly, as SpamCop does, is the only real defense against any criminals who don't perform crimes in the country they live (or flee to). So long as the profit from their actions exceed the difficulty in having to move, or be harassed by their own government (because other countries will impose tariffs on trade), new spammers will take the place of others.

Rapid reporting should help remove zombies and harass spammers who have direct access to the internet, whose web sites my computer finds thanks to ICAMM. (Note the X- comments on a previous response to Ms Betsy.) However, the latter may likely be removed only when our Department of State (Foreign Office) realizes that the US lost enough money to foreign spammers last year to balance its budget. I recorded a 'You have spam!' message, and 'Growl' plays it on a speaker whenever mail pops into my junk folder. :-)

Rapakiwi (On parole from Dartmoor.)

PS. Good news: I think my address may have been sold, as Miss Betsy predicted! Oh, Joy!

Share this post


Link to post
Share on other sites
Should Mac users think themselves safe from spammers' web sites making them zombies, I offer today's quote from Softpedia.com:
The quote is well-taken. Generally, Apple gets out security patches pretty quickly, and these can be fairly painlessly downloaded and applied even by novices (but of course they must take action do do so).

Another problem that may affect Mac OS X due to its UNIX family resemblance is poor password security. If a Mac user opens a port he shouldn't, a crook could try cracking the passwords, and if they are weak then he can get in. OS X makes it damned near impossible to log in as root under any circumstances, but if you know an admin password and can get in on a shell, you may be able to use "sudo" to become root temporarily. I used to leave the inbound FTP port open on my home machine (so I could reach it from the office) but soon stopped when I saw how frequently it was attacked (without success, fortunately) by scri_pt kiddies.

By the way, I never dismissed Criticiseorator, I just can't spell it. It wasn't written for my operating system (Java source?): but the textfiles inside contain enough for a quick awk scri_pt. The fact that is difficult to on the internet shows how feared it is. I would be great had it been written in a platform independent language and distributed on Sourceforge or standard archives.
Agree. This app really should be open-source, I don't think it does anything particularly secret or magical. The fact that it won't run on OS X has dampened any potential interest in it on my part.

In addition to agreeing with everyone about everything, I should like to say that I believe web sites in spam need to be taken down within minutes to avoid tragedies. Harassing spammers rapidly, continuously, and doggedly, as SpamCop does, is the only real defense against any criminals who don't perform crimes in the country they live (or flee to). So long as the profit from their actions exceed the difficulty in having to move, or be harassed by their own government (because other countries will impose tariffs on trade), new spammers will take the place of others.
Again, I agree. I'm doing my part by reporting as aggressively as I can. We can only hope that the reports go to outfits that give a %$.

-- rick

Share this post


Link to post
Share on other sites
Another problem that may affect Mac OS X due to its UNIX family resemblance is poor password security.

Promise, a little graph of spam letters a day for a month is coming, Ms Lil! Until then:-

Mr Conner,

Indeed. I use a random password generator, with KeyChain, for all but the users' passwords. These passwords (and using one machine from the administrator's account) are the weakest link: these must be memorized & easy to type. (I use my own nonsense phrase of non-dictionary words.)

Another weak link is the death of the dot-matrix printer. As you know, administrators used to have logins and uses of 'su' (sudo) appended immediately to a paper log, so they would be alerted by the noise, and Trojan horses couldn't hide (or crackers hide their tracks). I'm intimidated by optical media, but I don't think the write-once ones allow any appending.

BSD Unix & TCP/ip were chosen for the public internet because of they were designed for, well, Berkeley students to communicate. ('Finger' was great: you could even see whether someone had read your email yet.) Before it went public, I encountered only one spam (from an professor seeking student volunteers), and I immediately reported it to SRI, who requested a public apology from him the next day. Halcyon days.

Clearly, I was not a visionary. However, Unix has a nice feature I've not seen taken advantage of. A CD or DVD is just another disk to it. Portable applications are taking advantage of this; but one can refer to such a volume for confidential information. Safari has 'private browsing', which leaves no trace on any disk. I've not checked whether this works with MacOSX, but it would be nice if Apple made it so.

spam, in my experience, exists to steal personal information. If one popped in an optical disc or USB dongle with encrypted sensitive information, when 'requested' by MacOSX (just a change in error message), sensitive information wouldn't be accessible very long. If one then didn't give it away (by way of, for example, spam websites), 'the goods' wouldn't so easy to acquire.

You might be interested in hacking something like this. I'll try, when I have time. It shouldn't be very difficult, because it wasn't difficult in Unix.

Rapakiwi

Share this post


Link to post
Share on other sites
....By the way, I never dismissed Criticiseorator, I just can't spell it.
:lol: Nor can I, I have to look it up in previous posts every time - drives me crazy.
It wasn't written for my operating system (Java source?): but the textfiles inside contain enough for a quick awk scri_pt. The fact that is difficult to on the internet shows how feared it is. I would be great had it been written in a platform independent language and distributed on Sourceforge or standard archives....
Yes! But since it wasn't, I just point to the method/approach in that "template" (somewhere earlier, my penultimate post perhaps) for "manual" replication. The Complainterator {sigh} folk must be doing something right going by the number of times their forum gets shut down by attacks. Anyone can use the method, independently of the 'software'.

Smoko over, back on my head.

Share this post


Link to post
Share on other sites
<snip>

A hyperlink to a web site in spam is, essentially, malware delivered by email. If not, botnets would not have over a million zombie computers in them. Clearly SpamCop would like to remove malware, as my ISP does, so it would be nice to know why you choose only to 'kill the messenger', as Shakespeare wrote.

...It might but that (AIUI) isn't its mission.
If spam were sent from botnets, created by web sites with [DOT] or a similar spelling variant, how effective would SpamCop be?
...That wouldn't affect SpamCop one whit, since it does not look at the web site from which spam is sent, only the IP address.
Perhaps only I am confused. More and more I've found law and common sense conflicting. If this a fine reading of the law, as parsed by spammers' litigation attorneys, is there any reason the law(s) should not be changed? If the law prevents SpamCop from reporting spam after computers at SpamCop 'convert the URL to the proper syntax', shouldn't it prevent me from doing just that?
...No, (AFAIK) it has nothing to do with the law.
Admittedly, it takes human intervention to replace the [DOT] with a period; but it also takes human intervention to click a hyperlink.
...Again, not relevant to SpamCop. SpamCop deals principally and almost exclusively with the IP address that is sending spam e-mail.
<snip>

The actual document, posted in preparation for a pan-galactic bypass, gave as an example of a 'material change' the addition of a From line where it was not in the real header. That could screw things up, I agree. It also stated that, because SpamCop doesn't have a java scri_pt parser, I could interpret the java scri_pt manually.

Well, munged URLs were designed so computer could not parse & interpret them, only humans can. So, I did. Now I just watch SpamCop fail, but I suggest it's failing because they already know the site in Argentina hosting all sites munged with a [DOT]. That would have been a clarification.

...No, it fails because it (for whatever reason) will only handle URLs that are in a particular format and for which it can quickly find an e-mail address to which to report the spamvertizing.
<snip>

Where are we now? We clearly followed the second line to the letter, so SpamCop could also help close the web site down. Do you honestly think someone who does this should be returned to Dartmoor?

...Sorry, I'm not sure what you are saying. Are you asking for an opinion as to whether you should be "punished" by SpamCop staff for making what they judge to be a "material" change? I don't believe that's relevant. The SpamCop parser is a tool that SpamCop provides to the public for general use (and without fee [although it accepts donations called "fuel"]). You may not agree with SpamCop's rules but surely it is incumbent upon us to play by the rules set out by SpamCop, even those with which we disagree.
<snip>

Watch it fail and do nothing to help. Watch crimes occur and do nothing to help. Watch people be hurt and do nothing to help.

...Not at all! You are welcome to report manually -- you can even use the SpamCop parser to help you determine to whom to report, you just can't use SpamCop to submit the report!
Twenty years ago I gave up a teaching career at a university because essentially all the students wanted only a diploma and to be told what they needed to do to get one: no one came to learn how to think for themselves and question the reasoning behind statements of 'fact'.

<snip>

...Nor has anyone (that I can remember) suggested that you not continue in your efforts to make SpamCop staff see things your way. Just be aware it's been done before by more than one person and no one has yet succeeded.

Share this post


Link to post
Share on other sites
There was an experiment once done with cats, I believe. They were raised in an environment with all vertical stripes. When then placed in one with horizontal stripes, they didn't see them: they didn't see what didn't make sense. I'm guessing some other people, too, are like cats. I could easily read all the carefully written instructions and fail to recognize those that go against common sense.

<snip>

...That may be but be comforted by the fact that you are not alone in challenging the rule. I, personally, do not; it isn't because I think the rule necessarily makes sense but rather because I understand that it could make sense but SpamCop staff either can not or do not wish to explain and since it's their (free) tool, I yield to their request.
All that will help these miscreants is, I suspect, to clarify why this is bad. Repeating is not clarifying. Speaking more loudly, with harsher punishments, is not clarifying. 'SpamCop does what it does and doesn't do for a reason.' Perhaps they should know exactly what this reason is.

<snip>

...That would be nice but IMHO not essential. Again, it's their (SpamCop's) tool, they get to define the rules under which it will and will not be used. If you think there should be a tool like the SpamCop parser which allows its users to modify the body of the spam any way they wish, you are welcome to write it or assemble a team of developers to do so.
The web site address is the only one in any spam that is known to be genuine. Some people who are afflicted with self thought might not understand that 'throwing out the baby with the bath water' is good, common sense. Explaining that SpamCop's purview is not web sites doesn't address the above problem, it just adds a second.
...Sorry, I may have missed something, here: a second what? Problem? If so, what is the first problem? A piece of software, especially one that is offered free to its users, can not possibly be expected to be all things to all people, so there have to be some boundaries defined for its domain.
Your parser

<snip>

...Not "our" parser (in the sense that we have any "ownership" of it) -- we (except for Don) are users, just like you.
<snip>

Increasing the severity of the punishment won't help these 'normally challenged' people.

...My guess would be that the threat of punishment is there principally for those for whom it is the only (or best) discouragement; it may also be there so that SpamCop is seen to the outside world as a "responsible" entity that has and enforces sanctions for violation of its rules.
When taking out your appendix, would you rather have your neighbor do it, following written instructions by the foremost experts; or would you trust it to be done better by an everyday physician, one who understands the reasons the human body works as it does?
...Would you, as the patient, demand to know exactly why the world's foremost appendix physician will do and not do certain things while removing your appendix before you let her or him do the work?
<snip>

Your last information was great; but this paragraph is just a bit 'over the top', isn't it? We are talking here of capital punishment for replacing [DOT] with a period, after watching SpamCop attempt to parse the URL and fail. The clearly printed rule allows no exceptions.

<snip>

...You repeat this thought in different words but it just isn't so. There is no discouragement from using the SpamCop parser to find e-mail addresses to which to complain about spamvertized web sites. You just can not use SpamCop to generate and send the complaint.

Share this post


Link to post
Share on other sites
...That may be but be comforted by the fact that you are not alone in challenging the rule. I, personally, do not; it isn't because I think the rule necessarily makes sense but rather because I understand that it could make sense but SpamCop staff either can not or do not wish to explain and since it's their (free) tool, I yield to their request....That would be nice but IMHO not essential. Again, it's their (SpamCop's) tool, they get to define the rules under which it will and will not be used.

My apology that no one got my point.

SpamCop is an essential tool to reduce spam. There is a class of spam that is not sent to advertise legitimate web sites: it is sent to steal information, then money: about $4 billion last year from the US to places it which the US has no legal jurisdiction (not that this seems to have deterred of late). Of all the spam reaching the alumni of two colleges, 100% is this latter kind.

The damage is done between the receipt of the letter and the taking down of the web site. Yes, my concern is not innocuous spam, which I'm told is SpamCop's purview: it is dangerous spam. Normally, I should say that this kind of spammer would like me to find his web site but not his address; however, I've found that much of it likely comes from the same ISPs that host the web site: a letter from Istanbul has a web site in Seoul, a letter from Seoul has a web site in Sao Paulo, a letter from Sao Paulo has a web site in Istanbul.

The owner of a web store in Beijing owned (that day) 2000 other online 'stores'. If didn't cause thousands of personal tragedies daily, they wouldn't be there. Imagine a million spam letters going out that day, in 2000 different flavors. In my case, the spammer lives at his 'stores'.

The point of all the above is that it not that SpamCop help close these sites (which it currently does, by reporting to administrators up the line, and consequently harassing some sites). The point is that the instruction to not de-mung the URLs that fail to be parsed at all will quickly be forgotten by some who only remember facts that are reasonable to them, facts that connect neurologically. A simple reason or just a comment that this rule doesn't appear logical to some would help, IMO, greatly.

We don't all have the religiously disciplined minds of those taught to memorize and not think. Some do, (and I gave up a life to prevent being one who helps create these). SpamCop (to whom I'm extraordinarily grateful) does what it is allowed to do; and I do what I am allowed to do: advise those who write the SpamCop instructions that one person, at least, will not remember regulations that do not appear to be 'the right thing to do'.

Rapakiwi

PS. More recent experience has given me reason to understand why SpamCop takes the position it does. I don't mention it here because even mentioning publicly the 'reason I have in mind' for the regulation and its punishment might not be 'the right thing to do'. However, SpamCop could just say 'Although it doesn't seem reasonable to some ...' . Am I not allowed to try and help SpamCop in this way? (Twenty years ago, it was part of my job to write instructions to Unix user of a national supercomputing center in the Eastern US.)

Share this post


Link to post
Share on other sites
My apology that no one got my point.
I got your point the first time.

1. We are all users here. No one can change the way that the 'official' rules are written. We could, I suppose, add something to the FAQ here in the forum or wiki for those who like to be creative in interpretation. You are not the first person to 'interpret' making changes differently than spamcop does. However, being able to think outside the box does not mean that one cannot follow rules.

2. Rules don't have to make sense unless you are in a situation where you are part of the rule making process and can challenge a rule that doesn't make sense. Spamcop is not one of those situations. The rules are the rules and whether or not they make sense, spamcop will withdraw reporting privileges from those who break them. The rule is clear: No material changes to spam that makes the parser find what it otherwise would not find.

3. Spamcop is not at all interested in the 'content' or 'purpose' of spam. Spamcop exists to provide a tool for server admins to block or tag /unsolicited email/ from entering the end user's inbox. I haven't seen this phrase for a while (probably because almost all spam is either criminal or very close to it), but the defenses against spam are about conSENT, not conTENT. If you want to receive porn or questionable sources of retail goods and sign up for the mailing list, you can receive all the email you want on those subjects. It is ONLY email that you have not requested that you should not get even if it is from your pastor.

4. I don't know why you think that individual efforts against 'evil' websites is going to be effective in protecting the gullible and ignorant. Reporters sometimes do connect with someone who does care about reputation (see DavidT's recent post), however, most 'evil websites' are owned and operated by those who are in it for the money. If there is any law enforcement or higher authority/owner than evil website owner, those law enforcement officers or owners have the means to police the problem and correct it without a reporter making a report.

5. It is not the website, but the email that delivers the link that the unwary or ignorant or the gullible click on that gets them in trouble. Eliminate the email and you eliminate the source of risk.

6. You cannot stop the criminal and the gullible from meeting no matter how fast you shut down websites. Both have been around from the beginning of time.

7. Shutting down websites for content is getting on a slippery slope of censorship.

8. Spamcop doesn't harass anyone. Those who use the spamcop blocklist to identify spam, especially those who block email from that IP address, are not harassing anyone. They simply do not want to receive spam and all the sender has to do is to correct the problem. Abuse desks can request spamcop not to send them reports and spamcop no longer sends them reports.

Miss Betsy

Share this post


Link to post
Share on other sites

In general, if you wished to be exempted from any of the 'rules' (or to propose any sort of personal variation) you would need to approach the SC staff (Don, SC Admin, in particular). And, needless to say, there would be no public confirmation or commentary if successful. I hasten to add that I know of no such arrangements ever being made. In days of yore, near the beginning when the user group was more 'intimate' and liablilites seemed less, things may have been slightly more relaxed but it is a different world now, only Don can answer for Don and he answers to others. I wouldn't actually advocate such an approach (that would be presumptuous of me and likely unwelcome to SC staff), merely point out the 'structure'.

As said, confronting the fundamental/deep-down villains in the world of spamdom requires approaches and methods that the SC tools (and the actual SC reports) do little to address, in fact the grizzled veterans would argue that placing reports in the hands of the black-hat brigade is actually counter-productive to the anti-spam effort (not to mention increasing the risk - whatever that means - to the reporter). SC's contribution is, by design, more modest and more fundamental, as Miss Betsy elucidates.

...PS. More recent experience has given me reason to understand why SpamCop takes the position it does. I don't mention it here because even mentioning publicly the 'reason I have in mind' for the regulation and its punishment might not be 'the right thing to do'. However, SpamCop could just say 'Although it doesn't seem reasonable to some ...' . Am I not allowed to try and help SpamCop in this way? (Twenty years ago, it was part of my job to write instructions to Unix user of a national supercomputing center in the Eastern US.)
It is most unlikely that anything in your recent experience has not been replicated over time by the experiences of the collective of internet internet users "here" and in the newsgoups (all of whom are "motivated" and - skewed distribution - include a disproportional number of very bright and very perceptive individuals) or that those experiences / observations / conjectures have not been raised in public on numerous occasions.

While it is true that there are probably some matters best not raised in neon lights, all posters are encouraged to assist in the work of clarifying/expanding on the forum-hosted FAQs It is perfectly in order (would be welcomed) for you to propose new / amended / expanded specifics that may assist in that effort. This is hard for the relative newcomer (and having no direct access to the wiki or pre-existing posts for editing) but contributions ARE encouraged and we are very aware that much more can be done to improve the existing stuff which is written from less than the total wisdom of the user-base. Logically, there must even be previous commentary of merit which has languished, neglected, when the work of translating it into specific help-page entries has been too much.

But "we" volunteers (and, seemingly, most of the SC paid staff) have no discernable influence on the official FAQs and help pages (spamcop.net as distinct from forum.spamcop.net). None of which helps the new individual coming in afresh and with 'unschooled' thoughts and questions. Yes, by all means we need to help those too (particularly to help those too) and this is the only venue in which that might be possible and, as the longer-term members have confessed on numerous occasions, that takes 'new eyes'. Which is why (on several levels) "we" spend so much time in reponding to posts and less time in writing FAQs.

Share this post


Link to post
Share on other sites
I got your point the first time.

<SNIP>

You are not the first person to 'interpret' making changes differently than spamcop does.

Then, perhaps there is a problem with the method of SpamCop's instruction. I've thought of a good reason why no alterations of any kind should be made. Having a reason, I will now remember to do this after, say, a year or two absence from a networked computer. All I have ever suggested is that memorization of, or even appreciating while reading, unreasonable-appearing instructions is very difficult for some 'normally challenged' people. This could be easily fixed.

However, being able to think outside the box does not mean that one cannot follow rules.

That's exactly what it means. Such people will 'rewrite' rules in their minds so they make sense. That was the point of all my posts.

That's my whole message. The remaining will just be my personal thoughts on the issues raised in the rest of your letter and is only for the curious. Because you research SpamCop and have given these issue great thought, I recommend my thoughts be ignored; however, they may help explain my misuse of SpamCop.

2. Rules don't have to make sense unless you are in a situation where you are part of the rule making process and can challenge a rule that doesn't make sense. Spamcop is not one of those situations.

The unanticipated will, in my experience, always occur. That is why, when computers perform remote surgeries, there is always a person on the other end with understanding in addition to knowledge. People always disagree with this and say 'What could go wrong'? If I knew, I should anticipate it, and it wouldn't go wrong. Let me offer two examples.

Several spam letters I recently received purposefully cited very legitimate web sites. Because the polite, repeated reporting of repeated offenses constitutes harassment (in my and my dictionary's opinion), this ploy appeared designed to damage the credibility of SpamCop or other reporting organization. I had to decide, within the minute of so I had (for this isn't my profession), whether to report the letter (unchanged) to SpamCop or not, for I knew I mustn't touch the letter. My choice was to have SpamCop parse it, and see whether I could unclick reports to 'Opera'. (To my pleasure, SpamCop had been pre-programmed to ignore that link.) How many people, in a hurry, chose to not report that spam for fear of harming SpamCop? (Please, no references to the rules on unchecking the little boxes.)

Others I honestly can't identify as phish or not, for companies hire other companies to advertise for them. This is always a problem. Because I once requested a certain form of notification from the company being advertised, I did not report it to SpamCop. Instead, I redirected it to abuse[at]blip.net, so I would take the blame of a false report, yet make them aware of a dangerous phish if the report was correct. When moments count, I can't browse the forum for advise on this point.

When first using SpamCop, I reported a legitimate advertisement from Princeton University. When I also wrote the University that I had done so, they didn't know whether it was a phish or not. After they discovered that a different office had hired an advertising company, they asked the office send their own advertisements after this.

Making informed decisions can never be done away with by rigid instructions.

4. I don't know why you think that individual efforts against 'evil' websites is going to be effective in protecting the gullible and ignorant.

They shut down their web sites as rapidly as they do their email addresses. Something must be causing this. It is my (admittedly ignorant) feeling that these sites don't like attention being drawn to them by their victims.

... law enforcement officers or owners have the means to police the problem and correct it without a reporter making a report.

Is the crime not being committed in the country receiving the scam letter? I'm not sure, but I suspect stealing money from 'the gullible' (me, when I first bought a computer) is far worse a crime in the country stolen from than in the country the money is being sent to (if the latter is a crime). France once closed all its borders for two weeks or so, to arrest terrorists who had been bombing France, then fleeing to its neighboring countries, where they committed no crime.

5. It is not the website, but the email that delivers the link that the unwary or ignorant or the gullible click on that gets them in trouble. Eliminate the email and you eliminate the source of risk.

True. However, the email address can be changed a second after mailing, and the damage will be done until the web site is shut down. If one shuts down the email address immediately upon the first report, the effect upon 'business' would be nil.

6. You cannot stop the criminal and the gullible from meeting no matter how fast you shut down websites. Both have been around from the beginning of time.

Email lingers in one's box. The moment a scan web site is shut down, a personal tragedy is stopped. Your immediate view must be true, though I cannot understand it. In the longer term, when crime become more expensive than profits, I should imagine scammers would move on and become something like arms dealers instead.

7. Shutting down websites for content is getting on a slippery slope of censorship.

Reporting hosts of links in spam letters is censorship? What about reporting mailers of unsolicited advertising, in the hope of stopping them from writing?

8. Spamcop doesn't harass anyone. Those who use the spamcop blocklist to identify spam, especially those who block email from that IP address, are not harassing anyone. They simply do not want to receive spam and all the sender has to do is to correct the problem. Abuse desks can request spamcop not to send them reports and spamcop no longer sends them reports.

:-)

Miss Betsy,

Receiving spam isn't one of my problems. (Not receiving enough is.) When I walked along a sidewalk, I always removed branches that a sightless person might trip over. When I hiked in a National Park, I always carried an empty backpack to fill with trash that prevented people from enjoying their walks. When a railway crossing fails to work, I always stopped and controlled traffic until the police assured me that trains were told to slow down because of it. None of these I had been authorized to do. It's just part of being a citizen of a country.

When I receive email advertisements whose use would 'ruin a computer user's day', I feel it is my social obligation to prevent the mail from attaining its goals. However, the contribution to civilization I have devoted my life to is the education of my granddaughter and the publication of new theorems. I just 'do what I can' in a reasonable amount of time.

Many banks still won't accept reports of phish unless I am a customer. ( ! ) My first report of an internet scam was in 1984, and it resulted in an FBI arrest. Since phish have appeared, I have spent, on average, an hour of each day reporting just one (principally finding who would even care). It was then I focused upon the web site rather than upon the sender, for time was critical.

The banks I reported phish to had the original letter, with its date stamp and ip address: they could report this to the FBI, if they wished. However, I gave them the name and location of the ISP hosting the site, to 'encourage' them to protect their 'gullible and ignorant' customers.

Only a year ago did I discover SpamCop. It has been a godsend, for they did automatically what I felt the need to do manually. My hour is now a minute. If SpamCop feels that my using them to find and inform people who can stop an internet crime I see happening right now, before my eyes, is a misuse of their service, I shall instead use KnujOn or the Federal Trade Commission.

I don't think it does any harm.

Rapakiwi

Share this post


Link to post
Share on other sites
In general, if you wished to be exempted from any of the 'rules' (or to propose any sort of personal variation) you would need to approach the SC staff (Don, SC Admin, in particular).

Mr Elf,

Have I ever suggested this wish?

My point was that there might be far fewer violations of this rule if it were presented in a way that made sense. After being reminded of it (actually, I misread it originally), I have obeyed the rule without exception and shall continue to do so.

Why don't we all end this misdirection of the thread? A similar outrage erupted at on the Apple Discussion Board, when I suggested a forum on how to use a computer securely (such as connecting to the internet only after the protective software has been loaded & run). Everyone pointed me to Apple advertisements of how wonderful their computers were.

There suggestions were not permitted on the Board: Apple had webmail for reporting bugs and making suggestions. When I suggested there be a forum for discussing how Apple's application software could be modified to better serve the users, I was effectively driven off the Board by the true brethren, including hate mail from some who had contributed over 20,000 posts.

My life is devoted to neither spam nor crime: I am extremely grateful to SpamCop for giving me an extra hour of life in each 24-hour day. (I fear my attempt to understand a rule might be similarly misread by Dartmoor's parole board.)

Should I complain to registrars, it would have to be automated, by way of a scri_pt I may someday have time to write. (I could likely have written it in the time it has taken me to clarify my single 'suggestion', which was of no help to me, just to SpamCop.)

I'll officially rescind my comments, so we can all end responding to my unclear suggestion to clarify a rule that few, apparently, find unclear simply because reading it in the manner hoped for goes against common sense. This will be my last post on this frayed thread, except to give 'Miss Lil' my own change in spam rate.

My gratitude to Don D'Minion for informing me of an excellent way members can report a web site; and similar gratitude to Miss Betsy for pointing me to two valuable tools I wasn't aware of.

Rapakiwi

Share this post


Link to post
Share on other sites
My point was that there might be far fewer violations of this rule if it were presented in a way that made sense.

As I understand it, there are very few violations of this rule as it is. Remember that spamcop averaged 22 spam reports sent/second for the last 12 months. That is a lot of reports. Most people don't do anything to their spam in order to report them.

Share this post


Link to post
Share on other sites
That's exactly what it means. Such people will 'rewrite' rules in their minds so they make sense. That was the point of all my posts.
Such people, of normal intelligence, will either learn now, or have already learned, that unless one wants to get into trouble, one follows the letter of the law. I am a great 'spirit of the law' person and whenever it suits my personal agenda, will follow the spirit of the law rather than the letter. I do know the difference and I do recognize the consequences if the letter of the law is enforced - which may deter me.

<snip>

Several spam letters I recently received purposefully cited very legitimate web sites. Because the polite, repeated reporting of repeated offenses constitutes harassment (in my and my dictionary's opinion), this ploy appeared designed to damage the credibility of SpamCop or other reporting organization. I had to decide, within the minute of so I had (for this isn't my profession), whether to report the letter (unchanged) to SpamCop or not, for I knew I mustn't touch the letter. My choice was to have SpamCop parse it, and see whether I could unclick reports to 'Opera'. (To my pleasure, SpamCop had been pre-programmed to ignore that link.) How many people, in a hurry, chose to not report that spam for fear of harming SpamCop? (Please, no references to the rules on unchecking the little boxes.)

Those people who are in a hurry generally use quick reporting which ignores the body of the spam. Others who don't mind taking a little time, recognize an 'innocent bystander' and uncheck the box. Those 'innocent bystanders' who get missed, email the deputies with the first report and are added to the parser list of 'innocent bystanders'.

<snip>

When first using SpamCop, I reported a legitimate advertisement from Princeton University. When I also wrote the University that I had done so, they didn't know whether it was a phish or not. After they discovered that a different office had hired an advertising company, they asked the office send their own advertisements after this.
This is one of the reasons that spamcop reporters keep reporting. Once in a while there is still someone who hasn't heard about best mailing practices and needs to be educated. Or doesn't know how to prevent spam from leaving hir network or several other scenarios where someone is grateful for receiving a spamcop report because it is a learning experience.

Making informed decisions can never be done away with by rigid instructions.
A tool is something that one needs precise instructions on how to use. Although a screwdriver can be used as a hammer if you don't have a hammer, it is not good for either the screwdriver or for what you are trying to do. If the screwdriver is owned by someone else, then the screwdriver owner has a right to state that it is not to be used as a hammer under any conditions. Spamcop is a tool owned by someone who states that no material changes are to be made to send a report. You can decode URLs and run them through the parser to see who spamcop would send a report to, but you can't send a report.

<snip>

True. However, the email address can be changed a second after mailing, and the damage will be done until the web site is shut down. If one shuts down the email address immediately upon the first report, the effect upon 'business' would be nil.
I don't think that we are communicating now. Blocklists do not deal with email addresses; they deal with IP addresses. Spammers do rotate IP addresses in the same way that they rotate website addresses. That keeps them off the spamcop blocklist. However, other blocklists list all the IP addresses that are used. That's why server admins use a variety of ways to filter spam.

Reporting hosts of links in spam letters is censorship? What about reporting mailers of unsolicited advertising, in the hope of stopping them from writing?
The true attitude of the internet is really liberal - there is no attempt to control what others do; the server admin controls what happens in his space, my server, my rules. I don't like unsolicited email; I block it. As a courtesy, I tell you why email from your IP address is not welcome, but it is not my problem whether you continue to send spam or not. If you want to send email to my network, you will have to stop sending spam. Your server, your rules.

When I walked along a sidewalk, I always removed branches that a sightless person might trip over. When I hiked in a National Park, I always carried an empty backpack to fill with trash that prevented people from enjoying their walks. When a railway crossing fails to work, I always stopped and controlled traffic until the police assured me that trains were told to slow down because of it. None of these I had been authorized to do. It's just part of being a citizen of a country.
So am I a good citizen in the same way. However, I rarely go on someone else's property and pick up the trash on their lawn or weed their flower beds - especially if doing so, would be a criticism of their life style. However, if there is a dangerous situation, such as a swimming pool that is unfenced, I would report it to the proper authorities. If reports to the police or landlords don't correct what, to me, is a dangerous situation, I look for some other method of protecting children.

When I receive email advertisements whose use would 'ruin a computer user's day', I feel it is my social obligation to prevent the mail from attaining its goals.
However, reporting the website via spamcop legally, or illegally, doesn't prevent the mail from attaining its goal since most responsible website owners have taken steps to prevent spam and spamvertized sites. It takes a lot of research and ingenuity to find and convince someone to shut down a website. Reporting the /source/ prevents the email from ever being seen by the gullible or ignorant. These are two different approaches. The former is time-consuming to do effectively and spamcop is not the correct tool. The latter is what spamcop is designed to do quickly and accurately and has a good reputation so the scbl is used by lots of server admins.

It doesn't do any harm for you to spend hours tracking down one website and trying to close it down to protect the gullible and greedy. It does a great deal of good for you to quick report your spam and feed the scbl for those who use it to prevent spam from entering their systems.

Miss Betsy

Share this post


Link to post
Share on other sites
The true attitude of the internet is really liberal - there is no attempt to control what others do; the server admin controls what happens in his space, my server, my rules.

As long as a server is connected to the Internet, then regulations and exceptions to the "my server, my rules" come into play. Same thing as with "free speech." That sort of freedom isn't absolute. Once your server starts negatively affecting the common good (hosting a spamvertised website, distributing illegal/pirated software or copyrighted content, or spewing spam), then I don't care a whit what your rules are, I'm going to use whatever avenues are available to me to see if I can stop any of those things that either affect me directly or affect others who I choose to assist.

...since most responsible website owners have taken steps to prevent spam and spamvertized sites. It takes a lot of research and ingenuity to find and convince someone to shut down a website.

I'm working on getting a (probably marginal) webhost to shut down 35 spamvertising domains at the moment, and expect to succeed. You're correct that SpamCop isn't the best tool to do so, but it can be a part of such an effort.

Reporting the /source/ prevents the email from ever being seen by the gullible or ignorant.

Except when the transmission of the spam run is distributed over multiple IP addresses, and not enough of them either hit SpamCop spam traps or get reported in order to make it onto the SCBL. That's exactly what didn't happen in the case I've described in the Lounge here:

http://forum.spamcop.net/forums/index.php?...ost&p=65394

I found that I'm having much better luck by "calling out" the hosts involved at the WebHostingTalk forums, where they care about their reputation. I posted about their involvement with spamming there and I'm now getting results. I wasn't getting results when I was only submitting SpamCop reports to them, or even manual reports directly to their preferred abuse addresses....they ignored all of that.

IMO, the URIBLs have become increasingly important in preventing users from having to ever see spamvertising. The effectiveness of the SCBL has been weakened, due to the distributed nature of the IP sources of spam.

DT

Edited by DavidT

Share this post


Link to post
Share on other sites
I found that I'm having much better luck by "calling out" the hosts involved at the WebHostingTalk forums, where they care about their reputation.

That's great. Spamhaus lists the the names of notorious spammers. Because this isn't on comprehension, so I'll offer an amusing anecdote on whether spammers might read forums or make note of comments on SpamCop reports.

When I visited one site of a class of 'luxury good' spam and posted my visit here (see above), all spam of that kind stopped for a week. I did, however, note that I received a 64-bit encoded spam from 'The Bat!', noting that this was like being mugged by Black Bart. (Black Bart was a very old bandit, who used to quote poetry to those in Californian horse-drawn coaches he robbed.)

When 'luxury good' spam started being replaced by pornographic spam, I kindly requested on my SpamCop report that this kind not be sent me (with a good reason). It stopped, and a spam from 'The Bat!' was phoned in by modem to an ISP in Southern Brazil with this message (translated by me from the German):

"Fixed. In the year 905 A.D. the poet 'Ki No Tsurayuki' became the first 'Minister of Poetry' under Emperor Daigo, in the preface to his first large, court-decreed Anthology,"

:-)

Rapakiwi

Share this post


Link to post
Share on other sites
As long as a server is connected to the Internet, then regulations and exceptions to the "my server, my rules" come into play. Same thing as with "free speech." That sort of freedom isn't absolute. Once your server starts negatively affecting the common good (hosting a spamvertised website, distributing illegal/pirated software or copyrighted content, or spewing spam), then I don't care a whit what your rules are, I'm going to use whatever avenues are available to me to see if I can stop any of those things that either affect me directly or affect others who I choose to assist.
Those who don't identify themselves or don't play by the rules of the server - which may that the sending of unsolicited spam is not allowed, should not be allowed to connect. The only reason some server rules are to not send unsolicited email is because, if it is sent, then other servers won't recognize them.

I'm working on getting a (probably marginal) webhost to shut down 35 spamvertising domains at the moment, and expect to succeed. You're correct that SpamCop isn't the best tool to do so, but it can be a part of such an effort.
Yes, it can, but not to find URLs automatically.

Except when the transmission of the spam run is distributed over multiple IP addresses, and not enough of them either hit SpamCop spam traps or get reported in order to make it onto the SCBL. That's exactly what didn't happen in the case I've described in the Lounge here:
Again, because that's not the function of the spamcop tool. There are other tools to catch them. spamcop catches spam runs at the time they are happening. IP addresses that are 'dirty' are permanently on some other popular lists. Lists of spamvertized websites only catch 25%. It takes more than one tool to stop spam from entering one's inbox.

<snip>

"Fixed. In the year 905 A.D. the poet 'Ki No Tsurayuki' became the first 'Minister of Poetry' under Emperor Daigo, in the preface to his first large, court-decreed Anthology,"
That means that /you/ have been listwashed, but not the poor people you are trying to protect.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×