Jump to content

personal blacklist not being honored?


Recommended Posts

I have one prolific spammer who seems to send me at least three or four messages per day. I have put them in my personal black list, but they are still getting through. I have kept a webmail window open, in case that's the issue, but they are still getting through. How do I get them redirected to held mail if the personal blacklist doesn't stop them? :(

Link to comment
Share on other sites

...I have put them in my personal black list, but they are still getting through. I have kept a webmail window open, in case that's the issue, but they are still getting through. How do I get them redirected to held mail if the personal blacklist doesn't stop them? :(
Do you have any other personal blacklist entries that DO work? Unsure whether this is a problem with

- the blacklists system (there was seemingly a recent case of the opposite problem, possibility of some server-level adjustments as part of the solution to that one)

- configuration (whether keeping webmail window open is enough) or

- the blacklist entries (topics http://forum.spamcop.net/forums/index.php?showtopic=10005 and

http://forum.spamcop.net/forums/index.php?showtopic=9065 explore that aspect).

Maybe post a tracking URL of one that got through despite the personal blacklist activation? It would be good to see the SC headers. From an example you recently gave for collagenforbeauty (before adding the blacklist) they were slipping through with a spam score of 2 which is presumably unchanged? Just one of the points of interest (the blacklist should over-ride that anyway but just what is relevant and what is not isn't clear yet - well, not to me anyway). But I do note that greylisting isn't going to work for this one (a "straight-up" spammer with regular hosting).

Talking of which, have you tried their "unsubscribe" link? If you have and they've not honored it within a reasonable time then they're in breach of the CAN-spam Act. Well, they probably are already but ... nothing to lose by using the link and mounting evidence of breaches of the Act to gain.

Link to comment
Share on other sites

How do I get them redirected to held mail if the personal blacklist doesn't stop them?

As Farelf suggests, a Tracking URL would certainly help. At this point, all one could suggest from this side of the screen is that either the Blacklist entry wasn't entered in correctly or there's a Whitelist entry that's over-riding any of the filters or specific Blacklist entry.

I have kept a webmail window open, in case that's the issue,

I will admit to ignorance, but .... as I recall, the magic of some of these filters happened "at the time of login" .... so I'm of the thought that simply keeping the window open wouldn't be 'enough' .... in the back of my mind is the needed use of the 'apply now' type button action if the e-mail arrives while in an active session.

Link to comment
Share on other sites

How do I get them redirected to held mail if the personal blacklist doesn't stop them?

I think that the personal blacklist works from the Return-Path header rather than the From line. Since, with spam generated through bots and/or multiple servers the return path can vary this is not a particularly effective means of diverting spam from any source using multiple servers or bots to despatch stuff.

But, in any case, try the return path and simply add the domain part of the address rather than the whole Email address. That may give you a great hit.

Does that help?

Andrew

Link to comment
Share on other sites

I think that the personal blacklist works from the Return-Path header rather than the From line. Since, with spam generated through bots and/or multiple servers the return path can vary this is not a particularly effective means of diverting spam from any source using multiple servers or bots to despatch stuff.

But, in any case, try the return path and simply add the domain part of the address rather than the whole Email address. That may give you a great hit.

Does that help?

Well, I tried just the "collagenforbeauty.com" part first and that didn't work. I'll check and see what happens now that I've added the whole email address. IIRC, I looked for the spam score and didn't see one in the headers of the last spam that got through. As for tun unsubscribe link, I'm reluctant to try that as it has been drilled into us that that typically confirms your email address for the spammer and leads to more spam.

Link to comment
Share on other sites

Well, I tried just the "collagenforbeauty.com" part first and that didn't work. I'll check and see what happens now that I've added the whole email address. IIRC, I looked for the spam score and didn't see one in the headers of the last spam that got through. As for tun unsubscribe link, I'm reluctant to try that as it has been drilled into us that that typically confirms your email address for the spammer and leads to more spam.

But are you looking at the return path header? That may not refer to collagenforbeauty.com at all. You may be doing so but that isn't clear from your response. Although most legitimate messages do have a match between the From and Return Path spam is not always so well behaved.

Andrew

Link to comment
Share on other sites

From the directions on the blacklist page:

From here, you can add email addresses to your personal blacklist.

Mail from users whose email addresses match your blacklist will be blocked without checking any DNS blacklists. The email address checked is the envelope sender which is identified in the headers of the email as the Return-Path. This might be different from the From: address shown in the email.

Link to comment
Share on other sites

From the directions on the blacklist page:

From here, you can add email addresses to your personal blacklist.

Mail from users whose email addresses match your blacklist will be blocked without checking any DNS blacklists. The email address checked is the envelope sender which is identified in the headers of the email as the Return-Path. This might be different from the From: address shown in the email.

Yes that's what the Horde text says but in fact the evidence is that

the following headers are checked against the whitelist

* Envelope Sender aka Return Path

* From:

* Sender:

--------> 13 Nov 2007 here

a little looking though my folders, and I found several recent

emails that have been through the Spamcop Email system and where the

Return-Path: and From: differ.

Results were that X-SpamCop-Whitelisted: appears for both Return-Path:

and From: items and in fact a check in Feb 2010 shows that, currently, when both

are in the Whitelist, the From: item is shown

I did some tests, just to confirm, and the personal blacklist doesn't look at the To: or the Reply-to: just the From: etc.

----

The only cases known when data correctly entered in the personal whitelist/ blacklist is not found are when the header item is encoded, say as UTF-8.

So we need a tracker of an email didn't go right and also, if possible, of one that went right.

Link to comment
Share on other sites

...As for tun unsubscribe link, I'm reluctant to try that as it has been drilled into us that that typically confirms your email address for the spammer and leads to more spam.
Generally wise, but this appears to be a 'straight-up' spammer of the kind hardly seen any more (one with visible assets at stake) so certainly don't write off the option on 'first principles' because maybe those just don't apply. You will learn more getting the blacklist to work perhaps but SC reporting a 'straight-up' is largely an exercise in futility - they will never be cut off by their host if you haven't tried (unsuccessfully) to unsubscribe. Catch 22 if they pass on your address in spite (or if they're just a front to verify addresses) but the modern spammer 'business model' doesn't seem to use those methods any more.

Anyway, yes, I think getting the blacklist to work will be much more interesting.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...