Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by proski

  1. Thanks for all the replies. I think maybe it's not so bad that I don't see the subjects in the Held Mail folder. I don't have to look for legitimate subject lines among spam. I use sorting by subject, so I can just skip the first half of the mailbox. I wish Spamcop would just report those bogus messages without my intervention, but I know it won't happen. So I report those messages without looking and I accept the responsibility. If I ever get a legitimate invalid e-mail, I'll be the one who would apologize and explain why I misidentified that message as spam. Automatic reporting should be fixed. There is no way I would be able to do it manually. The main reason I'm paying for my e-mail account is because I don't want to spend my time on spammers. I'm thinking of switching to Gmail or another free provider with good spam filtering. I haven't done it yet because I want to do the right thing and help fight spammers who are stealing not just my time, but also time of other people. Yet I'm not ready to dedicate a significant part of my day to spam fighting. I'm not using greylisting because it doesn't work for me. There are many legitimate senders who cannot get past the filter. The software identifies attempts to send e-mail as different events. I don't have time to teach people how to set up their MTA's. In one case, I could not get reservation confirmation for theater tickets. I doubt they even have a permanent IT position in the theater. Who would I talk to? Greylisting could be fixed to accept repeated attempts to send an e-mail (no matter the same or another one) within an hour. Sure, that would let the most prolific spammers in, but that's exactly who should be reported first.
  2. PayPal was malfunctioning yesterday. I could not buy stuff on eBay because of that. It looks like PayPal is OK today.
  3. I'm seeing a growing amount of spam in the last months that shows as "[No Subject]" in webmail and cannot be reported manually. The problem is that the spam actually has a subject and a body, but Spamcop fails to recognize it. I put an example here: http://sp.red-bean.com/proski/spam.txt The subject is not even shown in the spamcop list of held mail http://www.spamcop.net/reportheld?action=heldlog That's how it looks like: [135871] ( Preview ) () No reason is shown why the message went to the held mail folder, even though it went there automatically. I believe the reason is because the spamassassin code exceeds 5, which is the limit I set for my mail. Now let's try to report it. It fails: http://www.spamcop.net/sc?id=z5295917949zd...e04f8f667c6b4az SpamCop v © 1992-2012 Cisco Systems, Inc. All rights reserved. No blank line delineating headers from body - abort Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z5295917949zd...e04f8f667c6b4az No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like No body text provided, check format of submission. spam must have body text. However, If I paste the same spam on the "report spam" page, it gets parsed, even though the links are not. I believe this inconsistent treatment should be fixed. Spamcop (including the webmail) should be more tolerant to the spam to combat it effectively.
  4. http://webmail.spamcop.net/ is working, but slow. But login on webmail.spamcop.net is not working: "A fatal error has occurred Could not connect to database for SQL SessionHandler. Details have been logged for the administrator." http://mailsc.spamcop.net/reportheld?action=heldlog is not working: "Cannot log into IMAP mailserver as spamtrap[at]spamcop.net" However, IMAP access in my e-mail program is working.
  5. I've enabled the greylisting, and it's working great. The spam level is perhaps 20% of what it used to be. That's still a lot, but at least the legitimate mail (including mailing list traffic) outnumbers spam now for the first time in years. It's also less likely that I would misreport a legitimate message as spam, as most spam that comes through is either in Asian languages or has unambiguous subject lines (all capitals, Viagra and all such stuff). The greylisting block most "newsletters" I never subscribed to from companies I had business with. Those often use benign or attention-grabbing subject lines. How ironic is that the messages purporting to be legitimate are sent in the spam-like fashion and never retried! I'm glad they trust the delivery of their wares to the real companies, that don't give up after the first attempt One thing I'm feeling a bit uneasy about is that if I were still receiving those "newsletters", perhaps I would refrain from dealing with the companies sending them. But on the other hand, it would be great if I ignored all companies who leaked my address, and I cannot identify them, because I'm using my Spamcop address directly, without sneakemail. And if I had a TV, maybe I would not buy something advertised too aggressively. It's just not practical that I expose myself to extra advertising so that I can make better choices. When I first subscribed to the Spamcop webmail system, I decided to use my spamcop address for most of my business needs, hoping that smart spammers won't spam Spamcop addresses, and dumb spammers would be caught or neutralized in some way. Unfortunately, I was wrong. The spam quickly dwarfed the legitimate e-mail, even though I was reporting all the spam coming to me. I think lessons should be learned from that. Reporting alone doesn't harm spammers enough. They spam Spamcop accounts directly with no fear, month after month. Something else needs to be done. Spammers and those who pay for their services should be prosecuted. It may not be the core mission of Spamcop, but if nobody is doing it, we shouldn't be thinking that every our spam report increases our karma and makes the world a better place. I can understand Spamcop users who want to limit the amount of spam they get. We all have to choose our battles. I would rather limit what I receive and report only the spam that comes through despite all automatic measures. For me, spammers are like mosquitoes. You don't go to the woods to fight mosquitoes, you fight those in your house.
  6. The net result is that about one third of spam is caught by SCBL. Perhaps my e-mail address is known to the "best" spammers using the most "advanced" methods of spam delivery via zombies
  7. These are the four spams that slipped through SCBL since I turned off other filters: http://www.spamcop.net/sc?id=z1082903827z6...87d9d2eb2745aez http://www.spamcop.net/sc?id=z1082903838z4...5241fad58efed3z http://www.spamcop.net/sc?id=z1082903847zb...31d97fb62ddb1fz http://www.spamcop.net/sc?id=z1082988037z2...b5a252abceda20z
  8. Thanks for the link! That answers some of my questions. I should have concentrated my initial post on one problem, namely SCBL being ineffective. So far, 1 of 4 spams has been blocked: [52224] yamasaki2525[at]hotmail.co.jp (=?ISO-2022-JP?B?GyRCJWIlSyU/ITw1XkpnPTghKiEqGyhC?= Preview ) Thu, 28 Sep 2006 19:33:59 -0400 (Blocked bl.spamcop.net) [52225] lznoiybdszl[at]yahoo.co.jp (=?iso-2022-jp?B?GyRCTSUkNyQkOEBNVSRyJCskMSRGJCQkPyRAJCQkPyQzJEghIjtkJE8bKEI=?= Preview ) Thu, 28 Sep 2006 19:34:22 -0400 () [52226] tomwblvq[at]acculab.com (Young aphrodisiac Cuties good Videeo! Preview ) Thu, 28 Sep 2006 17:14:58 -0400 () [52227] jaimeerhart[at]x-provider.com (Oristano/ E' morto il parlamentare di Forza Italia Ignazio Manunza Preview ) Thu, 28 Sep 2006 17:49:13 -0500 () I bet I saw that "aphrodisiac cuties" spam in my INBOX earlier today and reported it. If dynamic IP filtering (SCBL) plus static content filtering (SpamAssassin) are ineffective, maybe we should be thinking about dynamic content filtering? That's surely a topic for the "feature requests" section.
  9. Anyway, I think I see more spam getting through than blocked by SCBL. And it's pretty "spammy", although it lacks the exact characteristics SpamAssassin is looking for. It also has patterns suggesting that spam is sent by the same people. The spam that gets through all the time: spam containing "pußIicidad" in subject, always from Peru Canadian pharmacy "Russian teens", usually misspelled and with a female name in From pump-and-dump using a GIF image for the message and some meaningless text spam that used to get through until I put them to my personal blacklist: bizsyscon.com (radio hardware) mwart.com (medieval weapons) beautysak.com (cosmetics) I've just disabled all blacklists and Spamassassin, leaving only SCBL. Let's see what I'll get overnight.
  10. I'm a paid subscriber. I have noticed that very little spam to my SpamCop address is blocked by the SpamCop blacklist. Most spam is blocked by SpamAssassin, and quite a lot of spam is getting to my INBOX. It used to be different. Until a few months ago, I had all blacklists enabled in the blacklist configuration (http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php), and the SpamAssassin limit was set at the default 5. Very few spam would come through. I remember that about a third or all spam as shown by http://www.spamcop.net/reportheld?action=heldlog was blocked by bl.spamcop.net. Back then, the biggest problem wasn't the spam getting through - it were false positives, i.e. legitimate messages getting to the Held Mail folder. One day I got fed with it and disabled two blacklists that cause virtually all of the false positives - list.dsbl.org and dnsbl.sorbs.net. I also upped the SpamAssassin limit to 6 to allow some very technical posts with lots of unusual punctuation. As one would expect, false positives became quite rare, while more spam started getting to the INBOX. But over time, the amount of spam getting though the filters grew dramatically, exceeding the legitimate e-mail traffic, including several mailing lists I'm subscribed to. Initially, I attributed it to increased cleverness of the spammers. However, I noticed one anomaly. Very few spams are blocked by bl.spamcop.net now. Absolute majority of spams are blocked by SpamAssassin, even despite the limit increased to 6. I don't have any reliable statistics, but bl.spamcop.net catches one or two spams of 100-150 spams I'm getting in a day. I would say bl.spamcop.net almost certainly catches less than 5% of the spam I'm getting. I'm reporting all the spam that comes to me. My average reporting time is 4 hours. Am I wasting my time on those reports? Is bl.spamcop.net getting too lenient to spammers?
  11. Unfortunately, this spammer is using fake addresses, so filtering by the return address won't work.
  12. Agreed I mean I'd like to see it available in the Spamcop mail system, not on my server (I don't have one). It would be useful as a temporary measure to divert spam in progress to the "held mail" folder until the spammer is located and dealt with individually.
  13. Thanks for SMTP! It's working fine. I sent a mail to myself, and it came back fast. If anyone is using Evolution, the way to specify port 587 is to add it after the colon in the Server line: smtp.cesmail.net:587 Just one nitpick. This is one of the lines from the headers: Received: from unknown (HELO relay.cesmail.net) ([]) by c60.cesmail.net with ESMTP; 13 Sep 2006 16:23:29 -0400 What's exactly "unknown" here? Shouldn't spamcop systems know each other?
  14. There has been a surge of spam penetrating the blacklists and ending up in my mailbox. The most common type of spam is in Spanish. The hallmark of the spam is "publicidad" in the subject, possibly modified to avoid filtering. All reports go to addresses ending with .pe, which is the domain of Peru. The spammer even leaves his or here address and telephone number: Pt NO?;;retirarlistaa [at] yahoo . es;; telf 4_5 21,7-50 - ;;siemprellegaa [at] yahoo . es;; Arenas A -T a q u.i ta hu , ana 123 lima 3 2 I don't know why other blacklists fail to catch this spam. I guess the spammer uses different relays all the time. I have all blacklist filters enabled except list.dsbl.org and dnsbl.sorbs.net (both contributed to false positives in the past), plus I have several entries in the personal blacklist, I'm getting more spam in my INBOX than legitimate messages (not counting mailing lists), and it's a clear sign that the filtering offered by Spamcop mail is not sufficient. I think it's about time that we introduce a blacklist for Peru. Peruvians have been most annoying lately, much more than Argentinians and Brazilians together. I don't get any legitimate e-mail from Peru anyway (unlike Brazil).
  15. I actually sent two e-mail to myself from a whitelisted address. When sending one of them I put a procmail rule on the forwarding system to replace space with a tab after "From:" Sure enough, the message with the tab wasn't whitelisted, but the unchanged message was, so "From:" is involved. Now I have the opposite rule in my .procmailrc on the forwarding system: :0fhw: $HOME/mail.lock | /bin/sed -e 's/^From:\t/From: /' It improved things greatly. I'm subscribed to mailing list where some active members live in Japan, which lands them on various blacklists from time to time. I guess the IP space is very tight in Japan, and it's hard to be in a spammer free subnet. Finding 20 legitimate e-mails in 100 spams every day was a chore. Now I'm getting 2-3 false positives a day. At least the probability of fat-fingering a legitimate e-mail is significantly reduced. And by the way, the host-tracker.com messages are whitelisted now. I guess something has been fixed.
  16. OK, I've tested host-tracker.com, and they don't capitalize "From:" in the header, although they use a space after it. Following headers are not capitalized: content-transfer-encoding: quoted-printable mime-version: 1.0 subject: 61723e0c23 Activation code from: noreply[at]host-tracker.com to: bait[at]spam.spamcop.net content-type: text/plain; charset=ISO-8859-1 I think Spamcop could handle it better. On the other hand, host-tracker.com should be told about the problem. It looks quite lame even if it's standard compliant.
  17. I believe the whitelist is broken. My suspicion is that it fails to find addesses on lines starting with "From:" followed by a tab. Wazoo, looking why the message is blocked is not an answer. The personal whitelist should trump all blacklists. But of course it would be great to see the full headers, or at least the From: and the X-SpamCop* lines.
  • Create New...