Jump to content

How can I prevent our server from being listed


Recommended Posts

Please Help,

We have found our mailserver listed in SpamCop twice. In each instance the reason indicated is that we have sent email to some special "spamcop trap".

1. I am confident that no bulk email is running through our system.

2. We use a challenge/reponse system that requires an unknown email to log onto a web page and verify thier existence. This means that for every spam message we receive we repond with a challenge email.

Could this possibly be causing the problem with SpamCop?

Any other ideas? I can't really make any other adjustments without more information. Our only recourse at this time is to recommend to our clients to not use SpamCop.

Tony Reynolds

SecurePay.com

Link to comment
Share on other sites

Challenge response probably got you there!

So your challenge response system sends reply's to the "From" address and All Viurs and 90% of spam uses forged "From" addresses. So now your system is sending challenges (spam) to innocent victims.

You should have done your homework and never went with a c/r system.

I have more to say about c/r systems the most faulty email system that was ever created but I will stop now.

Challenge/Response does not work.............

Link to comment
Share on other sites

Not only do your challenge/responses bother innocent victims who now are getting double spammed[1], but they also go to spamtraps (email addresses never used and can only be obtained by 'harvesting' by spammers). Emails going to spamtraps will get you listed almost immediately on the scbl.

Miss Betsy

[1]spammers use the addresses on their lists as the forged From addresses so not only do victims get the original spam, but also all the email 'bounces' from people who do not know the From address is always forged.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 04:15 PM]Please Help,

We have found our mailserver listed in SpamCop twice. In each instance the reason indicated is that we have sent email to some special "spamcop trap".

1. I am confident that no bulk email is running through our system.

2. We use a challenge/reponse system that requires an unknown email to log onto a web page and verify thier existence. This means that for every spam message we receive we repond with a challenge email.

Could this possibly be causing the problem with SpamCop?

Any other ideas? I can't really make any other adjustments without more information. Our only recourse at this time is to recommend to our clients to not use SpamCop.

Tony Reynolds

SecurePay.com

Hi, Tony!

...First, please read the relevant Pinned items in this forum (they're listed on the forum main page) and the FAQs to which they point. Here are some I think may be especially relevant and/or interesting:

If, after reading these, you still have questions, please return here to post follow-ups.

Link to comment
Share on other sites

Actually Challenge Response does work, unfortunately with so many disparate systems there are conflicts.

I am all good with dropping the challenge response and adding the Spamcop black list, but so far it appears that SpamCop is indescriminate and blocks good mail.

SpamCop as demonstrated clearly has faulty logic in how it works or my challenge response emails would never have triggered the "secret traps". This makes me even more curious as to why a spam filter would trap email that that was generated as spam and replied to and then trap the reply as spam. Seems sort of self serving and not really a benefit at all.

How would you measure SpamCop as a spam preventative?

How much spam still gets through ?

Tony

BTW - My mailserver is 207.53.225.218 ... if I could get more feedback to why it is being blocked.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 03:59 PM] I am all good with dropping the challenge response and adding the Spamcop black list, but so far it appears that SpamCop is indescriminate and blocks good mail.

There is nothing "good" about misdirected challenges being sent to forgery victims.

Link to comment
Share on other sites

I think this statement on the SpamCop website pretty much describes the problem. SpamCop is not ready for primetime.

Tony

SpamCop Blocklist Details & Description

This blocking list is somewhat experimental. This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered. Many end-users and administrators have decided that risking the loss of legitimate email is worth the benefit of blocking most spam. As a result, this list is now used widely and it's reputation for blocking spam while reducing the risk of erronious blocking is growing.

However, it should be noted that SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations.

The description of the algorithm used for deciding whether to block a host may be out of date, and is subject to change without notice.

Link to comment
Share on other sites

Actually Challenge Response does work, unfortunately with so many disparate systems there are conflicts.

No, C/R only works for those behind the C/R system. *everyone* else suffers increased spam.

I am all good with dropping the challenge response and adding the Spamcop black list, but so far it appears that SpamCop is indescriminate and blocks good mail.  SpamCop as demonstrated clearly has faulty logic in how it works or my challenge response emails would never have triggered the "secret traps".

SpamCop lists systems that spam. If *your* system is send mail to people who did not send email to your system, then your system is spamming. No, SpamCop clearly demonstrated how faulty C/R systems are.

How would you measure SpamCop as a spam preventative?

It reduces the amount of spam that I get by several hundred per day.

How much spam still gets through?

What gets through gets reported so that others will not get spammed later.

My mailserver is 207.53.225.218 ... if I could get more feedback to why it is being blocked.

I'm sure that challenge messages to spamtraps is the reason it was blocked. Drop a polite email to deputies <at> spamcop.net

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 04:59 PM]<snip unsupported defense of c/r>

I am all good with dropping the challenge response and adding the Spamcop black list, but so far it appears that SpamCop is indescriminate and blocks good mail.

...Actually, SpamCop blocks nothing at all. All it does is

  • provide a list of IP addresses either reported by SpamCop users as having sent spam or which have sent e-mail to spamtraps
  • provide an e-mail service to subscribers which uses the BL to filter so that e-mails coming from IPs on the BL get routed to a separate folder

securepay.com,Jun 3 2004, 04:59 PM]SpamCop as demonstrated clearly has faulty logic in how it works or my challenge response emails would never have triggered the "secret traps".

...You could not be more mistaken. SpamCop works exactly as its developers intend and its subscribers and users wish. Apparently, your c/r system is sending "challenges" to "From" addresses and someone is forging the spamtraps into the "From" address. If that's what's happening, then it's your c/r system that's at fault, not SpamCop.

securepay.com,Jun 3 2004, 04:59 PM]This makes me even more curious as to why a spam filter would trap email that that was generated as spam and replied to and then trap the reply as spam. Seems sort of self serving and not really a benefit at all.

...The point is to identify spam-friendly ISPs and e-mail providers. Co-incidentally, systems making mistakes such as sending e-mail to (easily forged) "From" addresses are also identified, which is a very good thing for the administrators of those systems.

securepay.com,Jun 3 2004, 04:59 PM]How would you measure SpamCop as a spam preventative?

...Well, since I don't use it to prevent anything, I can't say.

securepay.com,Jun 3 2004, 04:59 PM]How much spam still gets through ?

...Lots and lots of spam goes through and will continue to go through the internet whether services such as SpamCop are present or not. SpamCop doesn't seek (at least not directly) to stop spam getting through -- only to identify likely sources of spam.

securepay.com,Jun 3 2004, 04:59 PM]BTW - My mailserver is 207.53.225.218 ... if I could get more feedback to why it is being blocked.

...The best way to do that is to write to the SpamCop deputies at e-mail address deputies <at> spamcop <dot> net.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 05:05 PM] I think this statement on the SpamCop website pretty much describes the problem. SpamCop is not ready for primetime.

Tony

SpamCop Blocklist Details & Description

This blocking list is somewhat experimental. This system and most other spam-filtering systems should not be used in a production environment where legitimate email must be delivered. Many end-users and administrators have decided that risking the loss of legitimate email is worth the benefit of blocking most spam. As a result, this list is now used widely and it's reputation for blocking spam while reducing the risk of erronious blocking is growing.

However, it should be noted that SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations.

The description of the algorithm used for deciding whether to block a host may be out of date, and is subject to change without notice.

Anyone that uses a challenge resonse system to send messages to addresses that never sent them should be banned from the web.

As long as the email system works as is then challenge response will never work it is a faulty system. The evidence is right here. You send challenges to someone at an address that never sent the email.

Every major ISP that "Tried" C/R systems dropped them just as fast.

BUT.........

Some people never learn.

Link to comment
Share on other sites

So, the position here is that since I use challenge response which does prevent a large amount of spam from getting through to my users I am the bad guy. Since I stop it from coming into my mailbox, but do give legitimate users a way to get through, once added they never need to do the CR again.

However, since SpamCop has listed my servers IP address then legitimate email coming from my users is returned.

Seems to be conflicting approaches to resolve the same problem. It is tough, but unless SpamCop can provide a "Non Experiemental" I will have to keep looking at the alternatives.

Tony

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 02:29 PM] So, the position here is that since I use challenge response which does prevent a large amount of spam from getting through to my users I am the bad guy.

The issue is that *your* system is sending mail to those that did not request it. (aka your mail server is a source of spam)

Other issues are not relevent to your server being listed.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 02:42 PM] OK, I think you folks are a little one sided on your opinions, but the object is to try and prevent spam from getting through. So I have turned off the CR and added the bl.spamcop.net to the DNSBL list.

Any other suggestions other than more convictions :)

Tony

I would suggest the use of the following dnsbl's instead (or in conjunction) if you are worried about false positives:

sbl-xbl.spamhaus.org

relays.ordb.org

list.dsbl.org

dnsbl.njabl.org

dynablock.njabl.org

Thanks for listening...

Link to comment
Share on other sites

Hi, Tony,

securepay.com,Jun 3 2004, 05:42 PM]OK, I think you folks are a little one sided on your opinions, ...

<snip>

...You bet we are! Just exactly as anyone whose rights and property are being trampled would (and should) be! :) <g>

securepay.com,Jun 3 2004, 05:42 PM]... but the object is to try and prevent spam from getting through. So I have turned off the CR and added the bl.spamcop.net to the DNSBL list.

<snip>

...Why did and how are you using the SpamCop BL? It sounds from your prior posts that this was not a good choice (unless you are just using it to filter e-mail, not block it). Chris's suggestion to look for other BLs is probably the right approach.

...Good luck! And thanks for keeping your cool amidst the somewhat adversarial tone us SpamCop users have been taking with you.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 02:42 PM]OK, I think you folks are a little one sided on your opinions, but the object is to try and prevent spam from getting through. So I have turned off the CR and added the bl.spamcop.net to the DNSBL list.

Any other suggestions other than more convictions :)

Tony

I wouldn't dream of using the Spamcop list as an all-out blocklist. I think it works well when used as input to a content filter such as SpamAssassin, but I think it's got an unacceptable number of false positives to be used without a whitelist.

I use these blocklists - which I consider safe:

relays.ordb.org

list.dsbl.org

dul.dnsbl.sorbs.net

cbl.abuseat.org

Link to comment
Share on other sites

And thanks for keeping your cool amidst the somewhat adversarial tone us SpamCop users have been taking with you.

IMHO, stating facts is not adversarial. The truth might hurt, but IMHO, the OP is more to be commended for not whining and for listening to those recipients of c/r who have been inconvenienced.

Miss Betsy

Link to comment
Share on other sites

And thanks for keeping your cool amidst the somewhat adversarial tone us SpamCop users have been taking with you.

IMHO, stating facts is not adversarial. The truth might hurt, but IMHO, the OP is more to be commended for not whining and for listening to those recipients of c/r who have been inconvenienced.

Miss Betsy

...Here's the meaning of which I was thinking when I used the word (from Merriam-Webster Online Dictionary):

adversarial: of, relating to, or characteristic of an adversary

adversary: one that contends with, opposes, or resists

I stand by my word selection. Note, though, that it was not intended as a criticism of the adversaries -- I just wanted to compliment the OP (as you just did, and rightly so!). :) <g>
Link to comment
Share on other sites

You say you've turned off the C/R system, but .. just for a bit of background on that configuration, especially if you need some future justification for having done this ... please see some ancient "conversations" here for both sides of the concept;

Mailblocks.com, Mailblocks.com is the solution to spam!

mailblocks.com rant

I am a normal person and am still blocked, What to do

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 04:29 PM]So, the position here is that since I use challenge response which does prevent a large amount of spam from getting through to my users I am the bad guy.

When you send challenges to forgery victims whose email address is being abused by a spammer then - "YES", you are a bad guy. Imagine the forgery victim getting the bounces caused by bad addresses and the angry replies from the clueless recipients who don't realize they're complaining to an innocent person. Why add C/R emails to the forgery victim's burden?

securepay.com,Jun 3 2004, 04:29 PM]Since I stop it from coming into my mailbox, but do give legitimate users a way to get through, once added they never need to do the CR again.

Keeping spam out of inboxes is the goal of almost every email user but that shouldn't come at the cost of abusing others with C/R (which, for the forgery victims, is unsolicited bulk email).

securepay.com,Jun 3 2004, 04:29 PM]However, since SpamCop has listed my servers IP address then legitimate email coming from my users is returned.

SpamCop doesn't bounce any emails. At worst any email you send to SpamCop customers is diverted to their 'Held Mail' folder. They can then whitelist you if they want and your emails will be delivered to their inboxes in the future. No lost "legitimate" emails, no additional abuse inflicted on forgery victims.

If the people that you're writing are using the SCBL to return emails then you can, among other things, request them to whitelist you or you can ask them to give you an address for an account that isn't filtered.

securepay.com,Jun 3 2004, 04:29 PM]Seems to be conflicting approaches to resolve the same problem. It is tough, but unless SpamCop can provide a "Non Experiemental" I will have to keep looking at the alternatives.

You certainly shouldn't use the SCBL if it doesn't suit your needs. Don't count on the "experimental" status changing though. I doubt that spammers will quit evolving and so new measures will probably always be tested.

Link to comment
Share on other sites

securepay.com,Jun 3 2004, 05:29 PM] So, the position here is that since I use challenge response which does prevent a large amount of spam from getting through to my users I am the bad guy. Since I stop it from coming into my mailbox, but do give legitimate users a way to get through, once added they never need to do the CR again.

However, since SpamCop has listed my servers IP address then legitimate email coming from my users is returned.

Seems to be conflicting approaches to resolve the same problem. It is tough, but unless SpamCop can provide a "Non Experiemental" I will have to keep looking at the alternatives.

Tony

Not sure if that is the position here I only speak for myself but as you know when running a mail server you get tired of all the junk and c/r definately adds to it ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...