How We Use SpamCop

[dbiel]

Please note that a more user friendly version of this topic can be found in the SpamCop Wiki at http://forum.spamcop.net/scwik/CategoryHow...etailedExamples ; which is a summarized index of the following posts with links to individual full copies of each of the posts that have been cross linked to pages explaining the various terms used in the posts.

What follows is a series of reports from individual users of SpamCop (some reporting only, some email and reporting) detailing exactly how they are using SpamCop to help deal with the ever growing problem with spam. If you take the time to read each carefully, you will find that there are many different ways that SpamCop can be used and you just may find some new ways to use SpamCop yourself. If you would care to detail just how you use SpamCop we would definitely be interested in hearing from you; just add your post to the end of this topic.

Keeping in mind that there are numerous different ways that the SpamCop system can be used with differing effects and ease of use, and remembering that we are all different, we don't necessarily like all the same things; and further, what works for one, may not work for another, or it may work but they just don't like it; I will start the ball rolling and lets see where it takes us.

I personally do not know of any other system that does a better job than SpamCop, so I am delighted to have the chance to use it and the cost is definitely much less than anything else that comes even close. Do I like everything about SpamCop? Not at all. And if you think that everyone will like anything completely you are living in a dream world. So anyway, this is how I use the system. Note: I started with a free reporting account and soon after added the email service.

I have several email addresses forwarded to my only SpamCop email account.

I have selected all the DNS blacklists and have SpamAssassin set at 5

I use Outlook express as my mail reader and pop messages from SpamCop

I have set up several filters in OE to resort the mail back into it its source address (remember I forward from more than one address) and also filter on some additional items that I what to keep out of my inbox.

Yes, I wish SpamCop personal filters would work outside of the Webmail interface, but they don't and I just have to accept that.

I have also set up my whitelist to avoid regular mail being caught in the heldmail folder.

I have also set up my blacklist to filter out certain domains that are causing me trouble.

I have configured IMAP locally for the purpose of sorting through the held mail

I do not link the VER or Webmail interfaces for processing my heldmail so I don't use them.

I have created several sub-folders in SpamCop to use for mail sorting

It should be noted the root folder in SpamCop is your "InBox" and that "HeldMail" is the only default sub-folder.

I created the trash folder (as it is not automatically created for you)

The other sub-folders I have created are:

"To full report"

"To quick report"

"To whitelist"

To handle daily mail I use OE

I scan my OE inbox, if I have a lot of spam (and recently it has dropped to near zero) I copy it to my IMAP folder "To full report"; if there are only one or two I will forward them as attachment for reporting.

Note: I like to track exactly how much spam I do get and have created a spreadsheet and record totals on a regular basis which makes it easy to spot trends. (My current daily average spam count, including SpamCop Held mail is 48, was as low as 30 and as high as 171, still very low compared to most commenting here) Most people will probably find that a waste of time.

I scan my other OE folders and copy messages as needed to the various IMAP folders.

I then view my IMAP heldmail folder checking for any messages that need to be white listed and drag them into my "to whitelist folder" (and if I am in a hurry I copy them to my inbox) and mark the rest as being read.

Depending on how much time I have to spend on spam and how long its been since I cleaned up the held mail I follow one of several courses:

No time: do nothing (just let the mail accumulate) remember that I only have to scan the unread messages next time I come back.

Lots of time: (still working in the IMAP interface)

I delete all messages that are too old to report and any message I feel should not be reported.

I move any messages that I want to full report to the "to full report folder"

I then open up the VER interface (I like it better than the WebMail interface)

For some strange reason I have to do a browser refresh to display all the messages even though I have just opened it up, but that is no big deal.

I then check the first few messages to be sure no new ones came in that need special handling in the last minute or two.

I then click on check all and send them off for quick reporting.

Going back to IMAP (which I keep open in a separate window) I drag the messages from the "To whitelist folder" to the "HeldMail folder" Going back to VER I do a browser refresh and I then check the first message to me sure it is not a new heldmail message that came in the last minute or two. I check all and send off for white listing.

I do the same for the full reporting list

I then go to the reporting screen and start reporting spam checking each message as I go. I stop when I run out of time, and if it is too long before I get back I simply delete what is still left to report.

Long story, but maybe someone will find it helpful.

I am not saying that this is the best way to use spam Cop, it is just the way that works best for me.

You need to find the way that works best for you.

Key point. You do NOT HAVE to report EVERY spam you get. If you spend so much time reporting that it is causing you problems don't do it.

Anything that you do report correctly helps.

Taking short cuts just so you can report all the spam you get can be very bad if you end up reporting things that should not be reported.

The safe rule is; When in doubt do NOT report. There are a lot of other people reporting so just do what you can and forget about the rest. Don't let spam rule your life.

SpamCop is here to make our lives better, not to eat up all of our spare time so use it accordingly.

So much for my sermon

Thanks to all who use this forum and thanks to SpamCop for making it possible.

[StevenUnderwood]

I have 4 permanent addresses for each member of my family hosted by netforward.com that get directed to my spamcop email account. I also have 1 ISP account forwarded to spamcop and 1 Yahoo account that spamcop POPs for me.

All of these messages are filtered using all of the available DNSBLs and SpamAssassin set to 3. I have 1 blacklist entry of a legitamate company that added me to their list without request and has ignored all unsubscribe attempts. I have a whotelist of about 50-75 entries, mostly in the domain.tld format, for companies I have requested corresponence that have ended up being blocked at one time or another. There are also some personal friends who use services like MSN and Hotmail that get blocked from time to time I have their entire email address whitelisted so I don't open too big a hole.

The filtered messages currently collect in the spamcop Inbox where I log in several times a day via webmail to report held mail (whitelisting and forwarding any misdirected message) using the quick "Report as spam) link and check my Inbox. Any spam that missed the filters is forwarded to my submit address and then moved to a "Submitted spam" folder. After reporting, I delete the spam from the Submitted spam folder and the Sent Mail folder.

Once per day, after cleaning out the inbox, I POP my messages to my local client for storage purposes. That client also POPs my ISP (which is empty because of the forward) in order to authenticate for SMTP from the home computer per the requirement of my ISP. Any spam that slips by the filters between my checking via webmail and popping arre transferred back to the Inbox via IMAP for report submission.

[PeterJ]

I'll throw in my current usage of SpamCop for a contrast. I have had a SpamCop email account for around 4 years by now and have changed ISPs and moved once, so for starters having my primary email address (with SpamCop) separated from those who provide me internet service is a big draw for me. I typically forward whatever addresses I might have with my ISP at the time to my SpamCop mail account. I give out my SpamCop mail address all the time to friends and companies that I have relationships with. If I am skeptical of a place that wants an email addy for me, then I use one I created with my ISP for this purpose.

Filtering and Whitelist setup:

I have turned off all blacklists and SpamAssassin so that SpamCop is not doing any filtering for me at all. Also my whitelist is completely empty and I am not using it. Instead I am relying on POPFile to sort my mail for me into several folders. I am running the latest POPFile CVS which has support for IMAP accounts. POPFile is a bayesian based email sorting tool that allows me great flexibility when coupled with my SpamCop IMAP access. My installation of POPFile runs on my file server at home such that it runs 24x7 always sorting my mail as soon as it sees something new in my SpamCop account (via IMAP.) The advantages of this are excellent, because it means that none of my workstation computers are responsible for sorting, it all happens on my backend. It essentially gives me server side filtering (although my server) for my SpamCop mail account, a feature that many SpamCop users have requested over time. POPFile's support for IMAP remains young, but I have assisted with reporting bugs when I experience them, overall it is a great program. I have not tracked my filtering stats all that well but usually I seem to be at a 98% accuracy rating with POPFile's classifications.

Reading Mail:

I typically use Thunderbird to read my mail utilizing IMAP when at home, otherwise I use the SpamCop webmail interface (Horde IMP.) The glory of my POPFile setup is that regardless of where I check my mail, either at home with a client, or away with Horde, my mail is always sorted for me when I go to look at it.

Reporting spam:

I have found myself almost exclusively using the VER for reporting because it allows me to easily see the email addy and the subject and determine whether it is spam or not. If I use the webmail interface I find that I "miss" the email address and that the "Display Name" is not useful, sometimes even a hindrance. So, I use quick reporting from VER and report the 20 to 30 spam I get per day with this method. If I get busy and I do not make it to VER then I usually just delete messages older than a day before resuming my quick reports again. I do look through the "Quick Report" email repsonses I get back from SpamCop to primarily ensure I have not reported myself, but secondarily for mistakes that standout.

Training my POPFile filtering:

This is the easy part and another great thing about POPFile's IMAP support. When I get either a false positive or a false negative, simply moving the message to the correct folder (Inbox >> Held Mail or Held Mail >> Inbox) causes POPFile to reclassify the message and become aware of the mistake it made. Another benefit of POPFile being setup and running 24x7 on a server at my residence combined with IMAP support means that I can TOE (train on errors) when I am away from my residence and only using SpamCop's webmail acccess. All I have to do in SpamCop's webmail is move the mistakenly classified messages to their correct folder.

Future:

I intend to keep my SpamCop email address as my permanent address for the foreseeable future. For now I am very happy with my POPFile setup not only because it sorts spam for me, but also because it can sort other types of mail as well, such as newsgroups or work related mail. If and when JT upgrades to SpamAssassin 3, I may try it's filtering over my POPFile setup or perhaps even in conjunction, not sure yet.

*** Note that POPFile's IMAP support has only been around for 3 or 4 months, so my above setup has not been in place for that long. Prior to this I still always relied on IMAP, but utilized all blacklists and a SpamAssassin setting of '3' I believe.

[bobbear]

I use Spamcop in perhaps the most simple way.

I use Firefox as my browser and OE as my mail client, (tried Thunderbird, but reverted to OE as preferred client).

I do not have a spamcop email account, but I do have about a dozen totally unfiltered, (by me, anyway), current accumulated email accounts that I collect mail from using OE.

I only receive about 40-50 spam emails a day on these accounts which I report using the webform, each report taking a total of about 30 seconds to assess the email as spam, derive source code, submit for parsing in the webform, verify/check options on returned parse and click on submit to report. I then file the spam and a copy of the returned report.

I tend to differentiate between general spam and '419'/lottery scams that have a response address and report the source network of these via spamcop and the response addresses manually to get response account closures as spamcop does not parse these addresses. However, I find the spamcop web parser invaluable to derive the reporting address(es) for the MX address relating to the email address of these scams.

In all it's a very useful tool to me.

[Jeff G.]

I use the SpamCop Parsing and Reporting System/Service via all three of its sites to:

• parse and report spam
  
• parse individual addresses
  
• review Tracking URLs, SCBL Listings, Statistics, and Past Reports
  
• verify and refute claims about it
  

I use the SpamCop Email System to:

• collect email from a variety of sources, including forwarding, POP3, AOL, MSN Hotmail, and Yahoo!
  
• filter that mail using all the available blocklists and blacklists (except South Korea, korea.services.net, only because I can't whitelist bigfoot.com's mailservers in that country)
  
• hold my ham unread in my Inbox mailbox/Folder
  
• hold my spam unread in my Held Mail mailbox/Folder
  
• filter my Inbox mailbox/Folder every time I display anything in Webmail
  
• filter my Held Mail mailbox/Folder using the little "Apply Filters on" funnel-shaped Icon (which also looks like a "martini glass" and resides between the Refresh and Search icons to the right of the Folder name) while viewing that mailbox/Folder. My filters (which only work on unread messages) move messages, flag them, and (if moving to Inbox or Held Mail) mark them as read.
  
• POP my ham from my Inbox mailbox/Folder
  
• review and quick-report my spam from my Held Mail mailbox/Folder
  
• review my other Folders/mailboxes for appropriate actions
  
• verify and refute claims about it
  

I use the SpamCop Blocking List to help the SpamCop Email System determine whether inbound email destined for my mailbox is spam and to verify and refute claims about it.

I use the SpamCop Forums to:

• keep up-to-date on, report problems with, and help resolve problems with all things SpamCop
  
• help others to do the same
  
• perform moderation functions
  
• verify and refute claims about them
  

I use the SpamCop News Server to:

keep tabs on the spamcop.mail newsgroup (which has been replaced by the SpamCop Email System and Accounts Forum)

• occasionally venture into the other newsgroups
  
• verify and refute claims about it
  

[Lking]

I use SpamCop.net only to report spam. I do not have SpamCop email nor use it for spam filtering. I am on a futile quest to squash spam. I receive about 30 spam a day and divide them into the following groups for specific reporting in addition to SpamCop: Software piracy, drugs on-line, 419 scams, Spoofing/phishing, stocks and all others. Those spam that fall into a category are emailed as attachments to others with a Bcc: to submit.xxx[at]spam.spamcop.net. ‘Others’ may be emailed as attachments to spamcop or pasted into the webpage depending how many received at a time and how I feel.

Configuration

I have my own domain so get all mail sent to anyone[at]domain.com and several variants of account[at]ISP.net. I am connected via DSL. Running Windows XP, Norton Internet Security and use Netscape 7.2 for email and browsing. Norton AntiSpam identifies about 95% of the spam and adds [Norton AntiSpam] to the subject of each identified spam. The Netscape message filter is used to put the spam in a separate mail folder.

Webpage cut and past

An email that falls into the ‘others’ category is opened using Netscape. The open message with header is copied to the clipboard using View Message Source <Ctrl> U, Select All <Ctrl> A, and Copy <Ctrl> C. I use Netscape to login to ScamCop.net (with cookies) and then past the message (on the clipboard) into the on line form with <Ctrl> V. Pressing <Process spam> starts the SpamCop process. After reviewing who spam reports will be sent to pressing <Send spam Report(s) Now> completes the reporting process.

Submit as attachment

All the messages in each category are identified. Sometimes I use the message label function to visually identify each category by color. Using Compose I create an out going message, address it based on the category and add Bcc: submit.xxx[at]spam.spamcop.net. Some destinations want key words in the subject i.e. “Piracy Report.” Using the mouse I then drag and drop each message in this category to the list of attachments and then sent the message to SpamCop and others.

After sending a message for each category I have two options: 1) I can wait for Spamcop to sent messages with links for each spam submitted and finish the reporting process by clicking on each link, reviewing the reports and pressing <Send spam Report(s) Now>. Or 2) I login to SpamCop.net (with cookies) and use the <Report Now> button to process each spam submitted to SpamCop. After reviewing reports to be sent pressing <Send spam Report(s) Now> completes the process.

Edited to make minor corrections

[dbiel]

Copied for a post in the newsgroups.

Peter Pearson wrote:

> I'm thinking of writing a Python program to create an IMAP

> connection to Spamcop and move the really blatant spam

> from my held-mail folder into my spam-for-sure folder.

> If anybody has advice or instructive insults, please tell.

Steve McGarrett replied:

I do this already by using Thunderbird's IMAP support to access my held

mail folder, then using Thunderbird's filters to move blatant spam to my

spam-for-sure folder. I then manually move the remaining spam to my

spam-for-sure folder. Finally, I log in to webmail to release and

whitelist any false positives and quick report the messages in my

spam-for-sure folder.

The only problem I've been having lately is the spammers who've been

sending out messages with sizes of 10-40k. These can cause the total

size of the messages in my spam-for-sure folder to top the 100k limit

allowed for a single report.

BTW, I also have a search folder set up to search my Inbox for messages

with the subject "SpamCop Quick reporting data" and the phrase "sent to:

<my ISP's reporting address>" in the body. This allows me to see if

quick reporting is accidentally reporting my ISP's inbound mail server.

It hasn't in over two years of checking, but it never hurts to be safe.

Details:

I never get legitimate email from China, Korea, Brazil, Argentina or

Nigeria, so I have these blacklists, along with others, turned on in my

SpamCop Tools. I also have my SpamAssassin limit set to 5.

I've discovered that any false positives I get never have SpamAssassin

scores higher than 7, although a good bit of the spam I get has scores

of 5 or 6.

The Thunderbird filters move messages in which "X-SpamCop-Disposition"

contains "korea.services.net", "cn.rbl.cluecentral.net", etc. to my

spam-for-sure folder. They also move messages in which "X-spam-Level"

contains "*******" (meaning SpamAssassin score is 7 or higher) to my

spam-for-sure folder.

What remains in my Held Mail folder is email trapped by various

blocklists (including the SCBL) with a SpamAssassin score of six or

lower. There are few enough of these to be handled manually with ease.

Hope this helps.

Aloha,

McGarrett

"LART 'em, Danno!"

[dbiel]

We are always looking for more examples.

It is interesting to note the vast differences in the ways different users utilize SpamCop.

Take some time and read though the examples already posted and maybe consider posting your own example.

There is definately a lot of different ways that SpamCop can be used.

Thanks to Wazoo for adding to the FAQ

I found Steven P. Underwood's note very informative. If you are having problem using your ISP's SMTP server, this might be the reason.

Once per day <snip>, I POP my ISP (which is empty because of the forward) in order to authenticate for SMTP from the home computer per the requirement of my ISP.

PeterJ presented a very different approach to using SpamCop that I found very inlightening.

Examples by bobbear, Jeff G., Lking, and Steve McGarrett (in reply to Peter Pearson post in the newsgroup) have expanded the collection of ideas and methods.

How about taking some time adding your story of how you use SpamCop, it could be of a great benifit to others!!

[TimK]

I actually have found that I have a specific need not met by SpamCop's E-mail system. This post will describe how I have decided to handle this.

I subscribe to several mailing lists and prefer to sort E-mails from each list into a separate folder. This makes it easier to follow the activity on each list. In addition, as much as possible, I prefer to only save E-mails in my Inbox that I need to reply to. Therefore, the many E-mails that I get that aren't mailing-list posts, and don't require a reply, go into a separate "NoReply" folder so they don't clutter up the Inbox.

Because of the volume of E-mail I get, it's considerably simpler to have rule-based filtering sort the incoming E-mail into folders automatically rather than having to move it all myself.

I used to retain all my E-mail on my local machine, and use an E-mail client to set up rules and do the filtering and sorting. (I was using Thunderbird.) That worked fine -- until my PowerBook was stolen and I lost a fair amount of E-mail with it. That made me decide to start keeping my E-mail on a server with IMAP, which also provides the advantage that I can access it over the Web from any machine with Internet access and a browser. On my own machine, I still prefer to use an E-mail client to read and compose E-mail.

I then began checking on the SpamCop site to see whether the SpamCop system could do filtering on all incoming E-mail. Unfortunately it will not -- you have to be logged in to the Webmail system in order to apply the filters; you can set them up to automatically run each time the Inbox is displayed, but that's as automatic as it gets.

Consequently, I ended up obtaining IMAP service from another provider that does give me the ability to set up filters that are applied to all incoming E-mail. I went with imap-partners.net, but there are numerous other providers; I recommend a look at Nancy McGough's Infinite Ink Web page about IMAP for some guidance. Note that it is quite long; be prepared to go through a LOT of useful information on that page.

So my setup is now as follows:

My primary E-mail address forwards automatically to SpamCop.

A few other secondary E-mail addresses are POPped by SpamCop at intervals.

In the SpamCop system, under Options - SpamCop Tools - "Select your email forwarding, change your password or mail reports," I've set up my imap-partners.net address for SpamCop to forward all my E-mail to (except for Held Mail, of course; that automatically lands there and stays there).

When the E-mail hits imap-partners.net, it's filtered and sorted in the ways I need according to the filters I've set up.

As I mentioned above, I then usually handle it from an E-mail client that's pointed at the imap-partners.net server. (I also have that client pointed at the SpamCop server so I can see when mail lands in Held Mail.)

Simpler than it sounds (I think) and works well.

[Jeff G.]

Tim, thank you for your addition. Please consider reporting what spam messages do land in your Held Mail mailbox/Folder or slip through to Folders on your imap-partners.net account, to help keep that spam source's spew away from the Inboxes of all of us who use the SCBL.

In the interest of full disclosure, other readers should note that imap-partners.net does charge money for its services after a one month free trial - please see http://www.imap-partners.net/pricing.shtml and http://www.imap-partners.net/trial.shtml for details.

[dbiel]

Copied from a post by PGTips91 aka Paul G. Taylor

Link to original post

Also posted at How to use .... > SpamCop Reporting .... > How to use Thunderbird to report multiple emails, One users step by step example

First, the settings in Thunderbird;

Edit > Preferences

Composition Tab 'Forward messages: as attachment'

Advanced Tab, Privacy 'Block loading of remote images in mail messages'

Second, how to report spam in blocks.

I have set my preferences with my ISP so that their filtering does not pre-filter any spam I receive and I allow Thunderbird to do the filtering. This suits me as the number of spam emails I get is rather low and I want to report them all. With Bayesian filtering in place most spam find their way directly to my 'Junk' folder in Thunderbird.

After a quick review to ensure that no genuine emails are included, I do the following: --

1) Select all spam that I wish to forward. [easy if view set to 'Recent']

1.1) Edit > Select All

1.2) Ctr +A

1.3) Select the first, scroll to the last, holding the 'Shift' key down click on the last to select all from first to last.

2) Right-click on the selection and choose 'Forward as attachments'.

This will open a new email with all selected spam emails included as attachments.

3) Enter my SpamCop forwarding address in the 'To' field.

With the address already set up in my address book, all it takes is to type 'sp'[enter] to select the forwarding

address.

4) Send email with no 'body' required and 'Subject' optional, and wait for it to be acknowledged.

5) Once I have the acknowledgment back, go to my SpamCop web page for reporting spam [http://www.spamcop.net/], sign in and click on the link which says 'You have unreported spam'.

6) Review the output and when satisfied send the reports.

6.1 )The biggest difficulty I have is to get the parser to recognise some embedded URLs. I have found that using the 'Back' button in Firefox to go back to the 'Report spam' page and input the URL [copied from the report] by itself. This may need to be repeated too but usually gets over the hurdle and reports the Spamvertised site as well as the sending URL when I again click the 'You have unreported spam' button.

7) Repeat steps 5 and 6 until done.

I keep Firefox open with my Web Mail on one Tab, SpamCop reporting on another and DNS Stuff

[http://www.dnsstuff.com/] on another. That way I can monitor what is going on and research stuff easily.

This scheme works for me as I have a small load to deal with. Others might like to comment on what works for them.

Paul G. Taylor

Auckland, NZ

[dbiel]

The following was taken from another thread in this forum that I felt would make a great addition to this topic.

I run a Microsoft Exchange organization with just a little over 30 users. When I came into this position, we were receiving a total of about 6000 spams per day delivered to users inboxes.

I immediately upgraded our mail system to Exchange 2003, and added Intelligent Message Filtering which reduced the number of emails delivered to users inboxes to a more managable 2000 spams per day. However, that was still not acceptable to me, so I further implemented the Smaphaus blocklist and the SpamCop blocklist. Between those 2 blocklists, and Microsofts IMF addon, I have reduced the number of spams delivered to users inboxes in my organization from a staggering 6000 per day to less than 100 per day. Yeah, you read that right, less than one hundred spams per day for 30 users, thats only about 3 messages per day that they have to deal with.

While this is great simply from a time spent standpoint, there are other more substantial implications. Because we are in the insurance business, every email that we send or receive has to be saved... Forever. Once per month, all email from the previous month gets archived to DVD. Before I implemented the blocklists, it took me 3 DVDs to archive a months worth of email for 30 people, thats about 14GB of data per month. With the addition of the BL, these emails are never delivered, so unlike messages sent to the junk mail folder with IMF, they take up absolutely 0 disk space. This means I can keep mail on the server longer before filling up the Exchange message store.

That means that it takes me less time to retrieve archived messages. It also substantially reduces the processing load on the server, and the amount of bandwidth that I use for SMTP, both of which are very tangible, real, and substantial costs.

So in answer to your question, YES, the SCBL does make a MAJOR difference to those of us that use it, especially when combined with other filters and lists.

Is it enough by itself? Of course not, but then, I also don't use a single security solution to protect my network from viruses and such either. As with everything else, multiple layers offers the best solution, but the SCBL is one of my most important first-line layers when it comes to spam.

37212[/snapback]

In a reply to a request about how vaild mail that gets rejected is handed, Telarin replied:

Honestly, VERY little valid mail gets rejected. I have maybe 1 or 2 confirmed rejections per month. These are handled on a case-by-case basis. If it is a company with which we do regular business, I will usually go ahead and add their mail servers IP address to the global accept list in exchange. If it is a customer, depending on their apparent level of technical expertise, their ISP, how rude they are, and what kind of mood I am in; I will either add their email address to the global accept list, encourage them to send through a different email account, or for the really dense, simply tell them that the problem is with their ISPs mail server and that they will need to contact their tech support.

37236[/snapback]

[lcusdtech]

My usage:

I manage two e-mail server with about 400 users. These users are all internal, or employees. One of the servers is only used for a handful of listservs. These are managed by me directly, people can not subscribe to them, the lists are setup by me for the purposes of our business. (I know that may sound like every other spammer out there, but I am not. And to this date neither of our two e-mail servers has ever been on a blacklist, that I am aware of)

Anyway, on to the usage. The other server is our main e-mail server. It's gateway is configured to check the following lists in this order and drop the connection if there is a hit:

bl.spamcop.net, sbl.spamhaus.org, spam.dnsbl.sorbs.net, dul.dnsbl.sorbs.net, nomail.fhsbl.sorbs.net, list.dsbl.org, cbl.abuseat.org

Yes I know that it is not recommended to reject mail based on a blacklist. That may be fine for others, but I prefer to reserve our limited bandwidth for legitimate traffic and deal with the small amount of false blocks. This config is very effective as these stats show:

Server uptime: 3 days 7 hrs 27 mins

Messages Received: 6,649

Messages Sent: 1,582

Connection Denied: 44,778 (this is what the blacklist checks reject from coming in)

As you can see most of our traffic is in-bound, and the blacklists are keeping a huge amount of spam from even getting in.

Of the 6,649 messages that make it in, about another 500 a day of those are caught by our second line of defense. A server side process that checks each message against spam filters, does a viruses scan, a SURBL check, looks at sender address for things like opt-in, and message content before it is sent on to the users inbox. This almost completely eliminates spam from getting to an inbox. What does make it in is about 1-5 a day for me. Some messages are also falsely identified as spam by this process, and I have to manually pass those through when a user notifies me of such. I have some users forward what spam gets through to me, I take that along with what I get and use a paid SpamCop account to parse and report those. For these I view the mime source, select all, copy, open FireFox, goto the SpamCop REport spam web interface, paste, process, and sned reports. Occasionally when I have a lot of free time, I'll check to see what is not getting a SURBL hit and submit those too. (since this system stores everything it blocks, I can go back an recover any message)

I also use these forums to keep up to date on what is going on with SpamCop. When I have time I try to contribute what little I can to the cause of fighting spam, and to other users of SpamCop. I'd also like to note that I have never user the SpamCop newsgroups.

[michaelanglo]

My usage:

SpamCop Mail filtering service.

Month to date 2256 spams, all quick reported, 63 'leakers' all full

reported, no false drops

(I have whitelisted, eg, a newsletter which SpamAssassin objected to when one issue has a dozen 'biz' URLs ).

I chose to post because I though I might be using the Personal Black list in a unusual way, the point being that even though the From: or Return-path: in spam may be forged it can still be used in a blacklist.

Thus my blacklist now includes

paypal.com

ebay.com

Because the fraudsters <i>have</i> to use these and any real use goes to a different, and secret, mail box.

adventist.org (my religious is spam)

penknifepress.com (no unsubscribe even if I had ever subscribed).

virgilio.it (lottery frauds, every one)

br, cn, ru already blacklisted in principle if the actual origin is there, so someone who uses a brazilian from:, forged or not, can be treated the same way even if the actual spew is from elsewhere.

HTH

[dbiel]

The following entry relates to the use of Quick Reporting using the VER interface and was taken from the following post:FAQ Entry: What is Quick Reporting? post #14

To help avoid this (the possibility of reporting myself due to changes in the MailHost configuration), I personally 'fully report' 4 to 5 spams a days

(i.e., "Queue for reporting and send to trash") to try and make sure

that the mailhost config. has not been changed - and then report the

rest (majority) by "Quick reporting"

Note: this was originally posted in the Newsgroups [spamCop-List] Re: Is it possible to submit spam via email without having to verify it online? as a reply to the listed topic.

The concept is an excellent idea and should be considered by anyone using Quick Reporting which includes SpamCop Email users who use the WebMail interface "Report as spam" which I personally believe to be a very misleading name for Quick Reporting.

[dbiel]

The following example was taken from a newgroup post by Graeme Leith aka GraemeL in reply to a post by Chris Wright

I have two mailboxes on my own server, I'll call them clean and dirty,

but only Spamcop and myself know what they really are.

Clean is my real mailbox that my mail client connects to. Whenever I

need to supply somebody with an email address, I create a new alias for

clean (usually of the form xxdescriptionyymmdd[at]example.invalid. Since

newly handed out addresses don't usually get any spam, the mail will be

delivered straight to my mailbox.

Dirty is for addresses that have been around for a while and have

started to get spam. It easy to change the alias of any address to point

to this mailbox in a few seconds.

The dirty mailbox is popped by the spamcop mail system every 15 minutes

or so (my gmail and a few other accounts are popped too). Anything that

Spamcop thinks is spam is put into the SC held mail folder

automatically. Anything spamcop thinks is ham is forwarded to clean.

As well as having my main inbox, my mail client has an IMAP connection

to the Spamcop mail server, so any spam that ends up here can be sent to

SC by simply right clicking and copying it to my held mail folder.

Two or three times a day, I visit the SC web site, review the contents

of the held mail box and either do individual reports, or quick report

it all depending on the volume of spam there and the time I have available.

Any spamtrap hits on my server are automatically quick reported via

email submission using procmail and a perl scri_pt available in the SC FAQs.

I also knocked together a web form, so I can view and create aliases

when I'm not at the machine. I can even do it from my mobile phone.

[dbiel]

It has taken nearly 5 months to complete, but this entire topic has now been copied over into the SpamCopWiki which includes a summarized index with links to the individual full copies of each of the posts which have been cross linked to pages explaining the various terms used in the posts.

Take a look at the Wiki version which can be found at http://forum.spamcop.net/scwik/CategoryHow...etailedExamples and see what you think.

The topic contains numerous different ideas and suggestion of ways to use the SpamCop tools, some which you may not have thought of; but you might find useful in making your use of the SpamCop tools faster and more enjoyable.

[Farelf]

Great job dbiel - thanks.

[StevenUnderwood]

It has taken nearly 5 months to complete, but this entire topic has now been copied over into the SpamCopWiki which includes a summarized index with links to the individual full copies of each of the posts which have been cross linked to pages explaining the various terms used in the posts.

Take a look at the Wiki version which can be found at http://forum.spamcop.net/scwik/CategoryHow...etailedExamples and see what you think.

The topic contains numerous different ideas and suggestion of ways to use the SpamCop tools, some which you may not have thought of; but you might find useful in making your use of the SpamCop tools faster and more enjoyable.

Did you notice my small edit today? Is it OK?

[dbiel]

Did you notice my small edit today? Is it OK?

I sure did, just have not got around to replying to you yet. Don't know how I miss that entry. I built the list from the bottom up with yours being the next to last entry, yet somehow I failed to add it into the summary page.

Thanks for taking care of that.

The only thing I would change is to delete the extra blank line following the entry.

Thanks again for catching my mistake.