What happens after reporting spam?

[walidch]

Hello all,

I've been trying to find out what happens exactly after we report spam but haven't been able to find something in the FAQs. We're receiving domain forgery, and the regular pills and meds selling spam, and started using SC to reduce it as our ISP expressed not being able to do much against domain forgery.

Can someone please explains what happens after reporting the spam?

Also, I have added my email to the "User defined recipient" so I receive a copy of the reports. Inside the "Abuse report response center" I have a drop down menu from which I can choose one of the following options:

• I am not the right person to contact about this.
  
• This message is not spam.
  
• Add a note to this issue.
  

Should I just ignore this page as I don't see any option that I should be using?

Much thanks for all the constant effort and the help you've been providing everyone with, especially that you're not SC employees.

Have a great day.

[Miss Betsy]

There are two purposes for spamcop reporting. The first is the report which is sent to the abuse desk in the expectation that the abuse desk will find a way to stop the spam coming from their network. The second is to add the IP address of the sending computer to the spamcop blocklist. The spamcop blocklist has a complicated algorithm that determines whether the IP address is then added to the blocklist. The blocklist is used to block or tag incoming email as spam. Server admins generally use the spamcop blocklist in conjunction with other blocklists and content filters to filter spam for their customers since the spamcop blocklist is considered aggressive.

When spam was becoming a major problem, spamcop reports alerted server admins when a spammer was using their network. It still does, but since responsible server admins have taken measures to prevent their users from sending spam, only occasionally does a spamcop report go to a responsible abuse desk. In those cases, the server admin is usually very grateful.

The way that blocklists work is that the blocklist identifies the IP address from which the spam is coming so that server admins can prevent the spam from entering their networks. Spamcop is different than other blocklists in that as soon as there are no more reports, the IP address drops off the list.

Bottom line: in order to get any benefits from reporting, one needs to use the spamcop blocklist for filtering incoming email. It is advised to use the blocklist to tag suspected spam and put it a folder. That way, if it is coming from a computer that also sends legitimate email, you still can retrieve the legitimate email from the tagged spam folder. (spamcop does not look at the content of an email to see if it is spam)

From what you see in the menu, it looks as though you signed up as an ISP. Those menu choices would be what you could choose if you were getting spamcop reports to your abuse desk. Spamcop gets the abuse addresses by querying whois. Sometimes those addresses are not the people who handle spam reports (the first choice). The second choice is when a reporter is careless and reports an email that is not spam. I am not sure about the third choice, but it sounds to me as though you know it is spam and are telling spamcop what you are doing (the most common reason for responsible ISPs is having a user infect his computer which then sends spam without anyone's knowledge).

I don't know what FAQ you read, but there is a lot of information about how spamcop works in the FAQ in this forum

I don't exactly know what you mean by 'domain forgery' - my guess is that your domain name is being forged in the FROM so that it looks as though the email came from an email address at your domain. Or that you are receiving 'misdirected' bounces from ISPs who are sending a rejection notice to the forged FROM. You can report those misdirected bounces via spamcop and sometimes it wakes up a server admin to keeping up with internet protocol. Reporting may stop misdirected bounces, but usually it doesn't last long anyway as spammers generally use a rotation system in forging addresses. Reporting won't stop the ordinary spam which often comes from botnets (a network of compromised computers). Spammers are now entrenched with spam friendly ISPs or sometimes own their own IP addresses as well stealing computer resources through botnets. The only way to control spam is to use a variety of filtering methods.

HTH

Miss Betsy

[rconner]

As Miss Betsy says, reporting spam leads to notifications being sent to the providers whose resources were used in the spamming. It is up to them what is to be done after this point. Also your reports help feed the SpamCop blocking list, which is widely used around the world to limit spam. So, as one user of the SCBL, I thank you for your reports.

I think what you call "user defined recipient" is actually the "user notification" item on the reporting form, yes?

If so, it isn't really useful to put your own address into this field unless you are simply curious. This field is intended to let you send copies of the report to (1) parties who may have had some role in the spam, but were missed by the parser (e.g., web hosters), or (2) some other service that wants to know about the spam, like KnujOn or government agencies.

If I were you, I would not touch any of the knobs and buttons in the links given you from these reports.

-- rick

[Wazoo]

Also, I have added my email to the "User defined recipient" so I receive a copy of the reports. Inside the "Abuse report response center" I have a drop down menu from which I can choose one of the following options:

• I am not the right person to contact about this.
  
• This message is not spam.
  
• Add a note to this issue.
  

Should I just ignore this page as I don't see any option that I should be using?

You have converted your Reporting account into an ISP Account. Please see ...

Help! I can't paste my spam in the reporting box!

Options are to either contact Don/Deputies to reset your Account type or generate a new Reporting Account.

The SpamCop FAQ as found 'here' and the SpamCop Wiki have several entries dealing with and explaining the difference between the various Reporting Account types. For instance;

SpamCop Reporting Accounts

ISP Account or How can I get SpamCop reports about my network?

Can someone please explains what happens after reporting the spam?

Suggest starting with What is SpamCop.net? .. perhaps then looking at How does SpamCop reporting work? ... after that, a real/specific question will have to be asked ...

[rconner]

I've been trying to find out what happens exactly after we report spam but haven't been able to find something in the FAQs. We're receiving domain forgery, and the regular pills and meds selling spam, and started using SC to reduce it as our ISP expressed not being able to do much against domain forgery.

Just another note about this problem specifically. I assume you use "domain forgery" to mean that your domain appears in the from-addresses of mail sent to your domain. If so, then your ISP is pretty much right about not being able to do much about it. The forgery is trivial to do, and is done well outside your domain, with no contact with your domain (i.e., the spammer just types your domain into his bulker program). On the other hand, it happens so much (in almost every spam sent) that knowledgeable people no longer regard the from-address as a trustworthy indication of the origin of spam.

You might find the From-Address Forgery page in the SpamCop Wiki to be of help.

-- rick

[walidch]

Thank you all for replying and for constantly fighting spam.

This is exactly what I meant by domain forgery, thanks for linking me.

Regarding the menu I get from the reports; I added a gmail personal account of mine to the personal recipient list of outgoing reports so I can see what's being sent in the reports. But I still can report spam when I log into my account.

Thanks for the detailed explanation, I will proceed with the recommendations now.

Have a good day everyone.