Reporting bouncing spam?

[David]

In the FAQ it says this about receiving bounced spam:

If the bounce message contains spam, it is not permitted for you to report the spam contained within the bounce, even if it includes what appear to be the full original headers. This is someone else's spam, not yours. It is expected that you can verify the headers of reported mail are accurate, something you can't do for mail received on a network you are not familiar with.

This seems like a very strange and artificial restriction. In the last few days, some spammer has taken to using my email domain in their 'From' fields ... which has resulted in me receiving around 3000 spam email bounces a day. How is this not spam, and why do you not want me to report it?

As I see it, this spammer is causing me an order of magnitude more problem (and several orders of magnitude more bandwidth) than the normal recipients of his spam, and will presumably not stop until I report him.

I accept that I cannot guarantee that the headers in the bounce mail are accurate, but I think the odds against several hundred domains suddenly sending me fake bounce messages are pretty high. (And if the headers are faked, then I should be reporting the domains which are faking the bounce message)

[Miss Betsy]

Many people would like to have a BounceCop - particularly the ones with domain names that are being abused. IIRC, Ellen said that she has a domain that is essentially unusable because of the spam and bounces from spammers.

There are ways to cope with it, but since I am not a domain owner, I don't remember them. If you search the forums, you should get some ideas.

My only contribution is that you get together with other domain owners and make a push to convince ISPs NOT to send undeliverable messages after acceptance - even get the RFC changed. Also, buy ads against Mailwasher and their 'bounce' feature. And McAfee who advises virus recipients to notify the return path address.

Miss Betsy

[Wazoo]

"Artificial limits" .. actually had to be invoked this way due to user actions in the past. If one starts with that the bounce contained a complete copy of the original spam, then, yes it is/was possible to extract that spam and run it through the parser. The problem is that taking this course of action requires some knowledge of e-mail construction and content. Unfortunately, there are too many indiscriminate spam reporters involved, some of which would "modify" ther submittals to try to force the parser to come up with results, the end result being wrong reports being sent to the wrong parties. So the rules were changed in order to try to retain the cocept that a SpamCop report was a 'good' report accurately targeted and delivered.

The educational process of trying to get ISPs to change the whole process of (bad) e-mail delivery / notification is going to be a long and tedious process. The original concept of a bounce notification was nice, but also based on the old original "trust" levels in the networking of the "net" ... spammers have destroyed the entire "trust" scenario.

[dbiel]

Remember it is permitted to use the Parser to process the bounced message to aid in personal reporting.

It is NOT permitted to submit the reports through SpamCop or in anyway reference SpamCop in the reports that you generate yourself.

[David]

Remember it is permitted to use the Parser to process the bounced message to aid in personal reporting.

Thanks for the replies - I guess this is the way forward for me.

In the longer term, I do think it would be useful to harvest these bounce messages to help fight spam ... I feel like i'm sitting on an awful lot of (too much!) information about 1 specific spammer (or group of spammers). Almost feels like a waste to delete it all

[rpm]

In a similar vein to David in this thread I've just received five bounced spam mails claiming to have come from my account. However, they're claiming to have come from my spamcop.net address.

If I can't report them and Spamcop won't notice that they didn't actually come from it in the first place what am I to do? Just delete them and hope it doesn't happen any more?

Apologies if this has been answered in depth elsewhere. Many thanks in advance.

[Merlyn]

Let me get this straight. An email was bounced to you because it could not reach it's invalid recipient and they screwed up and bouced it to you which was an invalid From address and now you want to report the invalid bounce?

Why?

(Abbot: Who's on first?)

[turetzsr]

In a similar vein to David in this thread I've just received five bounced spam mails claiming to have come from my account.  However, they're claiming to have come from my spamcop.net address.

If I can't report them and Spamcop won't notice that they didn't actually come from it in the first place what am I to do?  Just delete them and hope it doesn't happen any more?

Apologies if this has been answered in depth elsewhere.  Many thanks in advance.

18699[/snapback]

...dbiel's reply in David's topic is your answer, I believe. JHD (just hit delete) is a reasonable alternative if you do not want to bother.

[Wazoo]

and yes, as the subject and answers are both referring to "this" Topic, this discussion has been merged into "this" Topic.

[rpm]

Let me get this straight. An email was bounced to you because it could not reach it's invalid recipient and they screwed up and bouced it to you which was an invalid From address and now you want to report the invalid bounce?

Why?

(Abbot: Who's on first?)

18700[/snapback]

I guess I was:

(a) thinking on similar lines to David in his original post

( trying to point out that in this specific case, as opposed to David's, Spamcop was failing to pick up on its own addresses being used as invalid 'From' addresses (presumably something it could figure out pretty easily) and that someone might care to look into it

I shall proceed with the 'JHD and hope it doesn't happen again' approach and if it does happen again I'll do some personal reporting.

Thanks for your help.

[dbiel]

Remember that the parser does not even look at the "From" mail address at all.

Second, the email is not being bounced by Spamcop but by some other ISP that received the mail and rejected it after first accepting it and passing it through the initial SMTP process.

Third, Spamcop does not filter any incoming mail but allows each user to select and use any combination of the available group filters (blocking lists) and personal filters. So you could create a filter to pull out all mail that shows your spamcop email address as the "from" address.

Fourth, if you check the IP address related to the original message (if the headers are provided) you will find that it is not a spamcop address.

[Merlyn]

I guess I was:

(a) thinking on similar lines to David in his original post

( trying to point out that in this specific case, as opposed to David's, Spamcop was failing to pick up on its own addresses being used as invalid 'From' addresses (presumably something it could figure out pretty easily) and that someone might care to look into it

I shall proceed with the 'JHD and hope it doesn't happen again' approach and if it does happen again I'll do some personal reporting.

Thanks for your help.

18768[/snapback]

Sorry I didn't mean to be a smart a__

I just wanted to put in a more simple light :-)