Jump to content

Not sure how well SpamCop is working...


gkbrown2

Recommended Posts

Here's my story. We moved to a new mail server at a hosting service last friday (1/23/04.) We are now being blocked by spamcop. In the message we received in return notifying us of the situation we receive the following info:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Query bl.spamcop.net - 209.239.45.101

209.239.45.101 is host100.apollohosting.com

(Help) (Trace IP) (Senderbase lookup)

209.239.45.101 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 120 times by about 10 users. It has been sending mail consistently for at least 23.7 days. In the past 745.2 days, it has been listed 6 times for a total of 26.3 days

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 270 times

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Since we have only been on this server for about 5 days, I question the part of this message that says we have been consistanty sending mail for 23.7 days when we have only been on this server for 6 days.

This brings up the question of; does spamcop blocking all email from a server regardless of the domain the email has come from?

The messages Been...,Been...,Been... are really meaningless. Less then 10 times, so. sending mail to spam traps, what's a spam trap? Sending mail about 270 times. We do a lot more mail then that in a week. It would be help full if there were some defs as to the significance of these messages.

As well, given the infestation of the virus that hit on monday, it seems like everyone could be likely to be sending 'spam' this last week. While the service we have now protects us from viruses our old one did not, that is how we got infested.

And finally. What is the procedure to clear this up? My one user will never get to send a mail to her friend on that domain again? Layout a plan to get unblocked and re-evaluated.

-glen

Link to comment
Share on other sites

Here's my story. We moved to a new mail server at a hosting service last friday (1/23/04.) We are now being blocked by spamcop. In the message we received in return notifying us of the situation we receive the following info:

Odds are that whoever you moved to... Apparently apollohosting.com, has you on a shared e-mail server.

What this means, and is really not answered in the link that was provided above, is that not only you, but hundreds, if not thousands of other people use that e-mail server. And if ONE spammer is there and apollohosting doesn't deal with them promptly, then ALL of you get blocked by those who choose to use the Spamcop blocklist.

That is unfortunate, but the only way to deal with irresponsible ISPs/Hosting Providers. Talk to Apollo and get them to dump the spammer. -OR- find another ISP that does not tolerate spammers.

Link to comment
Share on other sites

Since we have only been on this server for about 5 days, I question the part of this message that says we have been consistanty sending mail for 23.7 days when we have only been on this server for 6 days.

This brings up the question of; does spamcop blocking all email from a server regardless of the domain the email has come from?

Spamcop blocks by IP address, not email address, domain name, or user.

The messages Been...,Been...,Been... are really meaningless. Less then 10 times, so. sending mail to spam traps, what's a spam trap?

Spamtraps are addresses that have never been used which should never get any mail. Any mail to them is unsolicted.

As well, given the infestation of the virus that hit on monday, it seems like everyone could be likely to be sending 'spam' this last week. While the service we have now protects us from viruses our old one did not, that is how we got infested.

Viruses are not to be reported using the spamcop system. There is the possibility that viruses *could* send to spam traps. But, in your case, there is no spam trap activity.

And finally. What is the procedure to clear this up? My one user will never get to send a mail to her friend on that domain again? Layout a plan to get unblocked and re-evaluated.

You'll need to contact the hosting company. You may wish to send your mail through your ISP's mail servers rather than via your hosting company.

The IP will be delisted about 48 hours after the last spam report. You may wish to directly contact one of the deputies and see if they'll provide you additional information concerning the listing.

Link to comment
Share on other sites

Thanks for the info. I will try to get hold of the blocking isp. I realize they are using a beta tool for a production site. But, the issue that spamcop doesn't have some role to place in this process is, well incomplete. Sure the ISP should be managing my question but the fact is the ISP is using spamcop to manage their blacklist and spamcop is making some assumtions to for them to do that with. I quess most of my questions are around those assumptions and the nature of the information that is going with the feedback/rejected email.

thanks again.

-glen

Link to comment
Share on other sites

Here's my story. We moved to a new mail server at a hosting service last friday (1/23/04.) We are now being blocked by spamcop. In the message we received in return notifying us of the situation we receive  the following info:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Query bl.spamcop.net - 209.239.45.101

209.239.45.101 is host100.apollohosting.com

(Help) (Trace IP) (Senderbase lookup)

209.239.45.101 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 120 times by about 10 users. It has been sending mail consistently for at least 23.7 days. In the past 745.2 days, it has been listed 6 times for a total of 26.3 days

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 270 times

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Since we have only been on this server for about 5 days, I question the part of this message that says we have been consistanty sending mail for 23.7 days when we have only been on this server for 6 days.

This brings up the question of; does spamcop blocking all email from a server regardless of the domain the email has come from?

The messages Been...,Been...,Been... are really meaningless. Less then 10 times, so. sending mail to spam traps, what's a spam trap? Sending mail about 270 times. We do a lot more mail then that in a week. It would be help full if there were some defs as to the significance of these messages.

As well, given the infestation of the virus that hit on monday, it seems like everyone could be likely to be sending 'spam' this last week. While the service we have now protects us from viruses our old one did not, that is how we got infested.

And finally. What is the procedure to clear this up? My one user will never get to send a mail to her friend on that domain again? Layout a plan to get unblocked and re-evaluated.

-glen

even though it is less than 10 times, how many pieces of spam do you think 1 report represents? A run of a few million may only produce less than 10 reports.

If you only moved to the server on friday and you believe none of these complaints are about you then you should contact your ISP and ask them why they moved you to a server that spam was being reported coming from.

I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes.

By using Spamcop the above has stopped coming to our inboxes. If unlisting you causes our mailboxes to get flooded with spam then I don't think it will happen. That is why there is a 48 hour delay from the last spam report for delisting.

HTH HAND

Link to comment
Share on other sites

This is fun. Well as for Merlyn's comments. Less then 10 could also mean 0. The point here is this is meaningless infomation. Computers can be, and are by definition, very percise, this info is simply meaningless.

Great, now we have to know all the ISP's relative rating on spam abuse. Not likely, as well anyone could sign up abuse the system and go somewhere else. While all this is happening, it would make sense to ban the domains, especially since it is for only 48 hours. Since most email is hosted in this kind of shared environment, it would make sense to give this some consideration.

As well, there was a virus infestation triggered on Monday, it did send a lot of spam to many invalid addresses as well as valid ones.

Link to comment
Share on other sites

This is fun. Well as for Merlyn's comments. Less then 10 could also mean 0. The point here is this is meaningless infomation. Computers can be, and are by definition, very percise, this info is simply meaningless.

Great, now we have to know all the ISP's relative rating on spam abuse. Not likely, as well anyone could sign up abuse the system and go somewhere else. While all this is happening, it would make sense to ban the domains, especially since it is for only 48 hours. Since most email is hosted in this kind of shared environment, it would make sense to give this some consideration.

As well, there was a virus infestation triggered on Monday, it did send a lot of spam to many invalid addresses as well as valid ones.

Virus are not reported through Spamcop.

You cannot get listed for 0 or 1 reports.

Spamcop used to post more details but had to remove them as spammers took advantage of this information to avoid being listed.

Seems like spammers spoil everything.

The calculations that Spamcop uses to determine it's blocking work very well for those that do not want to receive any spam.

Link to comment
Share on other sites

But what about legitimate email that you want to get in your inbox? SpamCop has no safety net for that.

There seems to be a too bad so sad attitude about people who get stuck in the middle. I have read a post about someone trying to contacct a family member in a foreign country who can't because of spam Cops list.

I keep hearing that spam Cop has no responsibility for this matter. But YOU DO! If it weren't for your list, my email wouldn't be blocked. An ISP can choose to use the list or not, yada yada yada. But the bottom line is, I have never had an email blocked by anyone but SpamCop's list. And it never happened before the stupid test virus came along.

Spammers are spoiling email for the rest of us. However, SpamCop has given me a big headache in the last 24 hours. Best of all, I can't do a thing about it.

Link to comment
Share on other sites

This is fun. Well as for Merlyn's comments. Less then 10 could also mean 0. The point here is this is meaningless infomation. Computers can be, and are by definition, very percise, this info is simply meaningless.

More precise information is kept. It used to be published, but it allowed spammers to calculate precisely how to avoid getting their email blocked. Admins and deputies still have access to it though...

The server at 209.239.45.101 is still sending email to spam traps (5 in the last hour) and being reported by Spamcop users. The emails received have subjects such as "Win Now! .downslope townsman townsmen" "Receive Money .entomology automorphic automorphism" and "Win Now! .endomorphism sodomy codon" and are being sent by a local user (or a process running as a local user) via the sendmail server running on the machine.

There is some consideration given to servers that are shared between many users - Spamcop attempts to track email generally, as well as spam, so if the server is sending a large amount of legitimate email, it is less likely to get listed. In your case, the email received in the general sampling isn't much more than the volume of spam received by the spamtraps.

Link to comment
Share on other sites

It could be worse.

I use about 12 other lists on our servers and have our spam down to almost nothing. Yes it is sad when people get caught in the middle but without using those lists then our inboxes would be hammered with thousands of spam.

Spamcop is a trusting list because you get automatically removed after 48 hours of no reports. Many (almost all) of the other lists are not that easy.

spam is a problem and it is costing billions every year. If ISP's would act on reports instead of turning a blind eye then this problem would not exist. Like it or not spam is a problem and blocking lists seem to be the ony thing that works. Many ISP's are turning to block lists because they work.

I wish you luck

Link to comment
Share on other sites

Re IP 209.239.45.101 host100.apollohosting.com

There are at least 2 users on that server -- maybe more -- that are spewing large amounts of spam to our spamtraps. There have been over 100 hits in the last few days. If you have someone from apollohosting write to

deputies <at> spamcop.net I can provide them with more information. Please ask them to include the IP number: 209.239.45.101

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...