Jump to content

spam has multiplied since reporting to Spamcop


Recommended Posts

Hi, this is my first posting (newbie and a bit overwhelmed by it all...)

I signed up for Spamcop, as a vile spammer is sending 'job offer in the US' spam from three of my own email addresses (my own domain). My webhost say they can do nothing about it.

After sending each report to Spamcop I've been receiving a double or triple helping of the same spam messages. Previously I was 'only' getting them once every few days.

Any advice anyone? :(

Linda

PS: the spammer asks job applicants to reply to web-projects-us.com

Edited by angelfire4xx
Link to comment
Share on other sites

Joining SpamCop is joining the army in the fight against spam. As in any army, as a soldier, you fight and fight and never see any benefit.

It's highly unlikely that you will see a reduction in spam as the result of using our service. By the time you found us, your address was already being passed around on the "Millions of Addresses" CDs the spammers sell each other. The level of spam will likely get worse from here on out.

The fight against spam is a long term battle. We get tons of open proxies, open relays, and exploited servers shut down, and we put a lot of spammers out of business, especially novices, but it's very difficult to stop the specific spammers sending *you* the spam.

Your reports make a difference! They are added to our blocking list database, which is being used by more and more ISPs around the world.

We feel like there is hope because of the effect the blocking lists are having. We're driving the professional spammers into ever smaller corners of the Internet where they're easier to block. Service providers around the world are starting to pay a lot more attention to plugging the holes in their systems. Unfortunately, the serious spam networks don't care much about being blocked because they still get their spam to enough gullible people to keep it profitable.

Your email address is not exposed by SpamCop. Our system deletes your address from the headers and then sends the complaints out using the report ID number as an internal SpamCop address.

Your complaints go out using a "From" address like this:

From: "YourNameHere" <4834567890[at]reports.spamcop.net>

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

http://www.spamcop.net/

Link to comment
Share on other sites

Hi Linda,

It seems like 'your' spammer is well enough known -see the reporter comments in http://www.siteadvisor.com/sites/web-proje...stid/?p=4384475 and note the presence in the lookup from http://www.surbl.org/. Your Spamcop reports work on another level - through the IP addresses of the servers sending you the spam e-mails.

As Don says, your increased spam is not a direct consequence of your reporting (there are many others reporting too), but it may be a consequence of the 'war' - a dumb reaction to increasing filtering and/or the steady spread of your addresses in the 'lists'. Usually the actual spammer will never see your reports anyway (his ISP will).

The best you can do is to keep the stuff out of your inboxes. Most mail clients have some form of spam filtering, or, I think you have control of your own server? - if so you should be able to implement more comprehensive server-side filtering, perhaps using some of the blacklists on which the spammer and his sending network appear. Some of the regulars here have server and mail admin experience (not me) and may be able to advise if you have specific questions about software and configuration. Or there are more specialised forums elsewhere.

Anyway, use any such facilities available and, if they are spoofing your own addresses as sender addresses, ensure you don't have those addresses whitelisted. Thing is, if they are using your addresses to spam you, the usual pattern is for them to use it to spam others as well. If that happens on a wide 'broadcast' you are liable to be getting a lot of backscatter (clueless rejections to the spoofed e-mail addresses). You might need to plan for that. Maybe greylisting is something you can research and consider.

Just some thoughts ...

Link to comment
Share on other sites

Thanks guys!

It's a lot to take in, and even the search button doesn't always help... I wouldn't know where to find what blacklist my spammer is on, as he's using my domain name. I think I saw some lists while Spamcop was processing the report, but when I clicked on 'past reports' the lists weren't there.

Btw I'm on a shared server - just a domain hosted on Hostmonster. I only use webmail so rely on the host spam filter and presumably shouldn't blacklist my own email addresses??

I'm very tempted to set up my account to send the spammer's own address an automatic email every two minutes for a couple of weeks saying 'remove me from your list'.

I'm also concerned at another problem, spammers saying they are can-spam compliant and giving you an address to email an unsubscribe request. Then you find the address doesn't work... Here it is if any of you guys come across it remove[at]level11mentoring.net.com

Thanks again

Linda

Link to comment
Share on other sites

As a general rule, people should never respond to spam in any way. The return address on spam and virus traffic is *almost always* forged or fake, and "remove" addresses are almost universally fake or forged, as are any "remove" links you might find in the spam. Even if by some miracle they actually work, it's likely the spammer is simply using them to verify addresses. If you respond to spam, you're telling the spammer that your address is working and that you read the mail to it. That's pretty much spammer heaven.

- Don -

Link to comment
Share on other sites

...Btw I'm on a shared server - just a domain hosted on Hostmonster. I only use webmail so rely on the host spam filter and presumably shouldn't blacklist my own email addresses??

I'm very tempted to set up my account to send the spammer's own address an automatic email every two minutes for a couple of weeks saying 'remove me from your list'. ...

Like Don says - but to answer directly, no, you can't blacklist your own address of course - but neither should you whitelist it, presumably you have no need to send mail from yourself to yourself but whatever is whitelisted bypasses any filtering and you know spam comes from those (spoofed) addresses. You might find you have inadvertently whitelisted yourself - on many systems it is easy to do and not at all apparent that's what you've done until you actually look for it.

Unless your webmail offers user-configurable SpamAssassin filtering or similar you probably can't use blacklist filtering. If it does then you just throw whatever is available at the problem - but to mark and deliver to the junk folder, not to delete because of the possibility of 'false positives'.

If your provider allows your mail to be downloaded to a mail client on your local computer (via POP or IMAP) there is a further opportunity to filter using MailWasher (and there may be other programs). There is another advantage to downloading your webmail that way - working within your quota becomes a lot easier because you are continually clearing the mailserver.

MailWasher brings up another matter since it has the option to send a fake bounce (NDR) back to the 'sending address'. That facility should NEVER be used, should you ever have the opportunity. As Don says, and as you know from experience, that address can be (just about always is) the spoofed address of a total innocent. Just to be clear.

If you have been sending unsubscribe requests, that is the most likely explanation for your increased spam. As Don says, that is sometimes (or often) just a confirmation step for the spammer. He then knows you read your spam and that makes your addresses 'premium' ones, meriting further attention and maybe on-selling.

Hoping this is helpful and not just an 'overload'.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...