Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by oldjack

  1. I don't think I implied in my original post that I had any right to tell anyone what to do. If I don't like it, my option is to stop using it (which will be a PITA since I've had the e-mail acct since 1995). But I think I have a right (and maybe even a duty) to suggest that false positives may not be noticed until graduate school acceptances or contractors' bids disappear, and that they can keep the filters but also take steps to help out people who are concerned about false postives. And it does seem to be a hyperactive spam filter. Only seven spams have made it through to SpamCop in the last three days (vs. 100 spams per day before). And, although the spam filter is no doubt an excellent product, it's sad that a prestigious university would buy into that "WITHOUT EXCEPTION" stuff. Unfortunately, the school won't offer these options to end users. Thanks to all of you for your thoughts. I really appreciate it!
  2. It is Proofpoint Messaging Security Gateway.
  3. I use SpamCop to filter spam from my permanent address, which got about 100 spams per day. It works very well. After some tweaking of options, I got maybe 2 spams per day in my inbox and very few false postives in my held mail. The school with which my mail provider is affiliated has installed a spam filtering system, and the number of spams reaching my SpamCop held mail has dropped from about 100 per day to about 5 per day, so it's doing some serious filtering. Under their spam filtering system, the filtered mail is discarded, and there is no way to check for false positives. I sent them an e-mail, basically expressing concern about false positives and important mail being lost. I got this reply: "We are only discarding messages with spam scores of 98-100. Based on their experience to date, [they are] so confident that messages with scores are spam WITHOUT EXCEPTION that they are going to be using this as the default configuration for all students." (their capitalization, not mine) Has the state of the art in spam filtering become so advanced that a system can discard 90+% of spam with no false positives? Thanks in advance for any thoughts you might have on this.
  4. On the SpamCop Email System News is the following: It's not just a Comcast problem. Comcast uses ATT for mail, as do Insight (my cable provider) and Mediacom. ATT is the one doing the blocking. ATT was also bouncing mail forwarded from Spamcop for several days earlier in Feb, and they are doing it again, as I write this: The following message to <***[at]insightbb.com> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-' blocked by blacklist.sequoia.ops.asp.att.net.\nBlocked for abuse. Please contact the administrator of your ISP or sending mail service.' I realize Spamcop cannot control ATT. I just want to warn anyome who is a Comcast, Insight, or Mediacom customer who forwards from Spamcop.
  5. For a young man who has repeatedly reached into the personal e-mail boxes of uncountable numbers of Americans, Ryan Pitylak is awfully bashful. His name never appears as the sender in any of these e-mails, and he has taken great pains to set up hundreds of shell companies, with anodyne names such as Federated Continuum, Northern Alternative and Visionary Advanced, that conceal his true identity. http://www.chicagotribune.com/technology/c...techtopheds-hed (chicagotribune.com requires registration; http://www.bugmenot.com/ if you wish to try to bypass registration)
  6. Everybody's mail is different, but benign e-mails that fail SPF are not rare in my e-mail. I get e-mail from complete strangers. For me, the beauty of spamcop filtering is that all these benign e-mails get through, but only a few spams a week get past spamcop's filters. I cannot have this benign mail going to purgatory. So I would have to increase my spamassassin number (currently set at 2) to compensate for the new spamassassin SPF value, whatever it would be. If I had to increase my spamassassin number, more spam would get through, which would be counterproductive for me. SPF has some appeal as a concept, and maybe someday there will be a general understanding that everyone has to behave in accordance with it. But in the year 2004, it's too much of a baby/bathwater problem.
  7. I have also been getting them. I've only received two (both within the last 48 hours) but, for me, that's the most spam to get past spamcop in a 48-hr period in quite some time. It does appear to be a growing problem, although who knows whether it will have staying power. Here's an article about it: http://www.theregister.co.uk/2004/06/11/ge...ate_mail_virus/ It does seem to be the sort of thing that spamassassin could detect, without causing any collateral damage. Someone with a knowledge of German (or maybe even someone using babelfish) could isolate the German hate words.
  8. (please disregard this post--i think i found an answer)
  9. Thanks to both of you for your replies! The IPs are: (There may be others, but those are the ones I know of.) I did some more research after I posted and maybe found a possible reason for the myrealbox SMTP errors: some SMTP providers don't like it when someone uses a "from" address that's from a different domain--they don't want spammers using their SMTP to send stuff out under fake addresses. I wasn't using my myrealbox address as the "from" address. We try to uniformly use a single e-mail address that we've had since 1995 (except for web page mailto's & other mail to people we don't know, for which we use spamgourmet addresses). We have a spamcop e-mail account, but we use it just for the spam/virus blocking. BTW, that suggestion about using an address that is not susceptible to dictionary attacks is a very good one. I don't think our spamcop e-mail address is guessable, and we keep it under wraps.
  10. My ISP (BTW, it's not Comcast) contracts with another company to handle incoming and outgoing mail. That same company also contracts with some other ISPs to do the same thing. I checked a couple of blocklist lookups and it appears that over a dozen blocklists are blocking the IP addresses for that company's outbound mail servers. (In fact, because I have all of spamcop's blocklists turned on, if I sent mail to myself it would go in the "held mail"!) When we send mail to a few of our friends and relatives, it gets rejected. Sometimes it's a hard bounce. Sometimes it's the vague Persistent Transient Failure. These people don't have any trouble getting mail from anybody else. I can't change my ISP. This ISP is the only broadband available to me. I live across the road from a corn field and I am lucky to have broadband at all. I have contacted my ISP (including the highest-up person I could find an address for) and I have gotten form-letter replies that say "we apologize for the inconvenience, we are aware of this problem, we are working on it". I am not going to waste any more time on that. As an experiment, I changed my SMTP to my myrealbox account. I sent test mails to the people who were not getting our mail at the time. They went through without a hitch. It worked fine for about a day. Then I started getting errors saying that myreabox's SMTP server couldn't be reached. Don't know whether that was a temporary myrealbox outage or whether they started rejecting my attempts to connect, but my wife was not happy and I am not going to try myrealbox's SMTP again. We are low volume e-mail users. We only send a few e-mails a day and receive a few e-mails a day (other than the spam and viruses, which spamcop catches). But we are tired of wondering whether our mail is being received or not. Services like fastmail.fm, runbox.com and softhome.net offer SMTP and cost $20 to $30 a year. All I would need is the SMTP; I don't need the POP. I would gladly pay for one of these if it is reliable and if it is not spammy and therefore subject to the same blocking issues. Am I looking at this the right way? Could one of these services solve my problem? Is there another solution that I'm overlooking? Thanks!
  11. I got a lot of Klez. I tried various methods to get ISPs to take action. In a very small fraction of cases (involving small ISPs) I was successful. In fact, after my repeated calls to one small ISP in Texas, a support guy said he had personally cleaned the customer's infected machine! But my efforts were mostly a waste of time. In some cases, I was able to get the actual e-mail address of the person who was actually infected (for example, when AOL or Compuserve added the X-Apparently-From header disclosing the actual sender). I could sometimes google information about these people. I had no better luck with them. For example, a lawyer in Chicago Klezzed me for several months. I sent her an e-mail whenever she Klezzed me. She ignored them. I called her. She hung up on me. In hindsight, I wouldn't have bothered with any of that. The reward was so miniscule for the amount of time I invested. Now the viruses never reach me--that's one of the reasons why spamcop mail is so fantastic. Out of sight, out of mind.
  12. I don't report them. I didn't mean to imply that I did. To some extent, I sympathize with those who think they should be reportable, but they probably have more in common with chain letters (and other annoying things that aren't reportable) than they have in common with spam. As Mydoom subsides, we will have a respite from these people (until the next e-mail worm appears and they crank up their misinformation apparatus again).
  13. I am taken aback that there is still a person who thinks that it's OK to send an e-mail to an innocent person, accusing the innocent person of sending a virus. The last major virus that used the actual e-mail address of an actual infected computer was Sircam. Sircam has not been a major problem since 2001 (and even Sircam used a mixture of real and fake addresses). Since then, the major viruses that have spread themselves by e-mail have forged the sender's address. I can understand that someone might send these e-mails out of ignorance, because they do not realize the harm they are doing. But that's not the case here. This person knows the harm he is doing, but he does it anyway. Anyone who says he still needs to send these e-mails on the off-chance that there might still be some virus, somewhere, that's being sent with the actual e-mail address of an actual infected computer needs to understand: It's 2004, not 2001. There's no baby anymore, just bathwater. (btw, I really don't know what to think about whether, as a matter of policy, these e-mails should be reportable to Spamcop. These e-mails are pernicious, but not everything that's pernicious is spam.)
  14. The ones I would really like to see, with the most annoying on top, are: Hong Kong Russia Mexico France Germany Maybe someone's done a study of which countries are the biggest sources. Countries probably go on & off the top 10, but I think there are a few whose inclusion would probably be welcomed by consensus.
  15. Most of the spam that slips through to me is coming from a couple of countries that do not have DNS blacklists available on the Blacklists page. I think I once read in the forum that more country blacklist options were not offered because they wanted a set of blacklist options that could be generally recommended to be turned on. If that's the case, how about a link on the Blacklists page to a separate "advanced" page, and make other country blacklists available on that separate page? I'm not suggesting that a blacklist for every country be added--just a few additional countries that are the source of a lot of spam but are not currently available on the Blacklists page. People who didn't want to use the lists (and people who oppose country blacklists on a philosophical or political basis) wouldn't have to use them, but they would help some people. I could say goodbye to Glut H. Aquifer and Hellenization S. Suarez and their webmail friends forever.
  • Create New...