Email bombing??

[shorten.ws]

I am shorten.ws, a url shortening service much like tinyurl.com

I usually deal with complaints straight from the source (the end user) at the abuse[at] email I have setup... however lately spamcop has decided to join the race, and INSTEAD of sending it to the abuse[at] email setup just for this, it has email bombed my server people, upstream providers, godaddy, etc. with hundreds of emails everyday.

What can be done about this? Being that I am a url shortening service, I actually have nothing to do with the spam or other illegal activities and shut down any bad urls as soon as I know about it.

My providers are complaining about the extent of the email bombing from spamcop, which is clearly a bit of a silly implementation... as I can't seem to find any option to tell spamcop to only send reports to a certain address?

[Wazoo]

This is not a Geek/Techy thing .. it is an issue with the SpamCop.net Reporting System .... therefore, this Topic will be moved to the appropriate Forum section with this post.

SpamCop.net does not send reports out on its own ... which is addressed in numerous places around this Forum the Original/Official FAQ, the single-page-access-expanded version found 'here'. the Wiki. a boatload of previous Topics/Discussions in the appropriate Forum section. Eaxh Report has been sent due to yet another user submitting, parsing, aggreeing with the results, and hitting the Send/Submit button on the spam that each use has received. ottom line, your 'thousands SpamCop spams' are actually 'thousands of SpamCop users ticked off about receiving spam and complaining about it' .....

Parsing input: http://shorten.ws

Host shorten.ws (checking ip) = 74.205.120.99

host 74.205.120.99 = 114873-web1.www.officedebo.com (cached)

Host shorten.ws (checking ip) = 74.205.120.99

host 74.205.120.99 = 114873-web1.www.officedebo.com (cached)

Routing details for 74.205.120.99

[refresh/show] Cached whois for 74.205.120.99 : abuse[at]rackspace.com

Using abuse net on abuse[at]rackspace.com

abuse net rackspace.com = abuse[at]rackspace.com

Using best contacts abuse[at]rackspace.com

Rackspace knows exactly how SpamCop.net Reporting works, or at least they did a few years back when they were world-renowned for their hosting of spammers and taking no action on complaints.

[shorten.ws]

Thank you, I will forward this to rackspace. Has to be mentioned though: your thousands of complaints are shooting the wrong messenger... we are merely shortening a URL and have complied many, many times with deleting bad ones.

Maybe you guys need to like... chase the people who actually spam?

[Wazoo]

Maybe you guys need to like... chase the people who actually spam?

You offer no specific data to talk about, therefore it's pretty hard to get into any specifics.

Based on your limited description, your are talking about a SpamVertised URL being included in a spam. There is a FAQ, a Wiki, A dictionary, a Glossary, provided here and as noted before, a ton-load of existing Discussions on this kind of stuff. If you actually want some help, get yourself a bit more educated, provide some specific data, ......

[shorten.ws]

You offer no specific data to talk about, therefore it's pretty hard to get into any specifics.

Based on your limited description, your are talking about a SpamVertised URL being included in a spam. There is a FAQ, a Wiki, A dictionary, a Glossary, provided here and as noted before, a ton-load of existing Discussions on this kind of stuff. If you actually want some help, get yourself a bit more educated, provide some specific data, ......

Here is one of the tracking URLs..

http://www.spamcop.net/sc?id=z1623067414z2...9942804b31465az

[Telarin]

Seems to be working as designed, reports reguarding the spamvertised URL are going to the owner of the IP address hosting said URL. The fact that it is a shortened URL offered by your service is irrelevant. You might be able to talk the deputies into sending copies of these reports to you directly if you show a good track record of dealing with them, but that would be pretty unusual for them to do. Your best bet would be to contact them directly at deputies[at]admin.spamcop.net and explain your situation to them and see if they can offer a better way for the reports to be handled.

[Lking]

Seems to be working as designed

Subject: Find best International on-line pharmacy

Without going through today's and/or yesterday's reports that subject looks familiar. Could be one of mine.

JMHO but you could resolve you problem by changing your business module.

Edit----

Though I had see this

http://www.spamcop.net/sc?id=z1623311827z4...939251bdb814d4z

[Farelf]

Thank you, I will forward this to rackspace. Has to be mentioned though: your thousands of complaints are shooting the wrong messenger... we are merely shortening a URL and have complied many, many times with deleting bad ones.

Maybe you guys need to like... chase the people who actually spam?

Where do your requests to delete "bad ones" come from? One avenue could be via rackspace relaying reports to you but you evidently discount this. Or haven't/don't want to/can't set this up. Problem is, rackspace's response just might be to refuse future reports in connection with shorten.ws which will do nothing (to help you) to discover abuses of your service. I'm not sure of SURBL policy but that could result in blacklisting there (no, you're not currently) if they include intermediaries/.ws - SURBL+ Checker or further adverse comments in SiteAdvisor McAfee SiteAdvisor. I think Will's suggestion (Telarin) to enlist the support of the Deputies in finding a solution to suit you is good advice.

As, hopefully, you now know, "chase the people who actually spam" is SpamCop's primary mission. Spamvertized web sites reports are merely a courtesy to the hosts of such which they might decline at any time. Viewed as a resource, the "heads up" provided by those reports could be useful to you. Oh, and (some of) those reported spamvertizements feed the SURBL which is (otherwise) a seperate entity.

HTH

[shorten.ws]

Thought I should update this thread and inform you that Rackspace and I have sorted out an automated solution for this.

Rackspace automatically forward all SpamCop reports / notices to an email handler I have, which automatically removes the offending short url and responds to SpamCop, to say it has been handled as such.

Is this sufficient?

[agsteele]

Is this sufficient?

It depends upon what you mean when you ask the question...

Remember that the messages your ISP is receiving are advisory stating that a URL has been included in a spam Email message.

Certainly removing the URL is a contribution but I cannot see that it will stop messages to your ISP in the first instance - although it may reduce the number. The advisory messages simply alert your ISP to the fact that someone is spamming and quoting one of your URLs in the message. So even if you remove the URL fairly quickly the spam will have been distributed and the advisory messages will be sent.

I think what you need is to arrange with the SpamCop admins to stop the advisory messages for your URLs. The fact that you are doing all you can to prevent abuse of your service will be greatly appreciated. Of course, if you stop the advisory messages you will have lost the automated system you have created with your ISP.

But if the process you've arranged with your ISP satisfies their concerns then, yes, I guess it is sufficient

Andrew

[Miss Betsy]

Of course it would be better to not allow offending URLs in the first place.

But, if you want to be able to remove offending URLs as soon as possible, I think the system you have set up is probably a good one. spamcop reports are often an early warning system and are easier to deal with than blacklists that list based on URLs.

Does informing spamcop automatically make a difference in the number of reports you get? Have you talked to the deputies at all about how to inform them that the offending URL has been removed? I am not sure that they pay attention to automated responses without prior arrangements.

What you want to do, ISTM, is to get the reports, kill the offending URL, then inform spamcop so that they no longer send reports about that URL. Since I am not an ISP, I don't know much about how one interacts with the deputies.

Now that you have the first two steps set up, it might be a good idea to email the deputies and find out what they think.

Miss Betsy

[Farelf]

I would go along with the preceding comments - that is:

...Rackspace automatically forward all SpamCop reports / notices to an email handler I have, which automatically removes the offending short url and responds to SpamCop, to say it has been handled as such. ...

... needs to followed by the deputies cutting off the notifications once the removal of the "offending" short url is confirmed by you. So yes, talk to the deputies, see if they can assist that way. Then everyone is satisfied. Except those trying to abuse your service.

I guess some of those urls could theoretically be innocent, just being "gamed" by hypothetical third parties - but that is less likely with ad-hoc shortened urls which I guess most/all are.

Thanks for your efforts on this. If only others were as concerned and energetic ...

[Telarin]

An automated system of killing off the URLs will most likely reduce your services desirability to spammers, so I think your solution will probably help a lot.

One suggestion, you might want to keep a database to crossreference killed URLs to the IP address that registered them, and start block IPs that the spammers are using to register the addresses, that should help to cut down on the number of reported URLs eventually.

Another suggestion is to limit the number of URLs that can be registered from a single IP in a given time frame. Ideally, pick a number that no legitimate user would ever hit, which might require some digging through your database of URL registrations to determine, but I would think something like 5 URLs in 10 minutes would probably be more than enough. That way spammers using automated scripts to register thousands of URLs for inclusion in a spam run would fail.

I'm not sure if spammers register one URL, and send it out to an entire spam run, or if they scri_pt to register lots of URLs and only use each one a few times. If the former is the case, the second solution above probably wouldn't do much good, but if they are using a scri_pt, it should help cut down the number of reports you have to handle as well.

As far as other suggestions here to inform the deputies when a URL has been killed, I'm not sure how productive that would be. Since your system is automated, it probably takes a lot less time for it to just receive and discard duplicate reports, whereas the deputies would have to manually handle each confirmed "kill" by hand. Since spamcop URL reports are simply informatory and don't really feed the blocklist, I'm not sure that reporting back is really necessary.

[shorten.ws]

Rackspace appear to be happy with this setup, as they no longer need to deal with the load of complaints... and I am happy, as dealing with it has now become automated.

I actually don't *want* the reports to slow down or stop. I am glad they are coming, so that I can remove them. We actually don't allow spammers to use our URLs, and I doubt if we said so in big black letters on the front of the site, would that even stop them anyhow.

I think this automated solution means a big "f-off" to the spammers... and they will get the idea that spammer URLs won't work here.

I will contact the deputies and point them to this thread, to double check we are doing everything right. I quite like the service SpamCop provides, as it allows us to deal with spam very quickly.

Perhaps I could link people to SpamCop as a means to reporting spam?

- AJ

[petzl]

Perhaps I could link people to SpamCop as a means to reporting spam?

A good idea for the planet

SpamCop always sends a notice to the owner of the spam source and if requested "interested parties"

spammers get their fingers burnt because of this and may well go elsewhere (like the court system)

[Merlyn]

My providers are complaining about the extent of the email bombing from spamcop, which is clearly a bit of a silly implementation... as I can't seem to find any option to tell spamcop to only send reports to a certain address?

Then your providers are complaining about the amount of spammers that are using your service. Your providers should be getting all the reports! If you make a system that is easy for the spammers to exploit then do not want to hear about the ones exploiting your service then there lies a problem.