ohmniscient Posted April 30, 2010 Share Posted April 30, 2010 Hi fellows, Your system is really great! However, I've been testing it for about a month and I got the following bugs that may be useful to correct. 1. Sometimes, spamcop analysis tells that the spammer IP is a forgery, and determines the real spammer IP as the ip of my e-mail server (a relay), because my job e-mail redirects to my personal e-mail. Therefore, I need to edit the headers to have the job done. Why doesn't the system ask us if the IP is from an e-mail redirector or which is the real ip? I also would like to have an option to save the ip from my e-mail server redirector to avoid have it being considered the spammer IP. I know that I don't need to report my e-mail server, but I lose the opportunity to report the original spammer IP. 2. Many spams show several URLs redirections, example: #http://fa21.derryclinic.ru/?yzyyli=295869680b36b32]http://fa21.derryclinic.ru/?yzyyli=295869680b36b32 #http://503f.derryclinic.ru/?ufojyo=c20290d790d6d]http://503f.derryclinic.ru/?ufojyo=c20290d790d6d #http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc]http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc #http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7]http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7 #http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa]http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa #http://82.derryclinic.ru/?rimodyy=543a8d568e91992]http://82.derryclinic.ru/?rimodyy=543a8d568e91992 #http://06.derryclinic.ru/?afyug=0ef43e9749169]http://06.derryclinic.ru/?afyug=0ef43e974916 #http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180]http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180 The problem is: spamcop cannot analyze either one, because it tells: "too many links!". This doesn't make sense, because if I leave only 5 URLs, the system analyze them and report them. So why, don't you analyze the first five (or more) URLs? In this example, as in many other cases, the URLs have the same IP! So, 1 URL being analyzed would be better than nothing. Thanks in advance, Ohm Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted April 30, 2010 Share Posted April 30, 2010 spamcop analysis tells that the spammer IP is a forgery, and determines the real spammer IP as the ip of my e-mail server (a relay), because my job e-mail redirects to my personal e-mail.It sounds like you need to register your email providers with our Mailhosts system. You can do that by running our Mailhost configuration utility so that SpamCop can create a list of the services that handle your email so that our system will know what servers to trust when you report your spam. You'll need to configure a host for *all* the providers you receive mail through. That would include any webmail hosts, such as Yahoo, HotMail, or gMail, and forwarding services like Bigfoot or Sneakemail, and any other services that provide you an email address, such as alumni associations or professional associations. You can accomplish that by logging into your SpamCop account at http://www.spamcop.net and using the Mailhosts tab to tell SpamCop about *all* of your service providers, forwarding services, and webmail hosts. You only need to register one email address for each network/host/service that provides you an email address. SpamCop doesn't care about email addresses or domains. It only wants to know about the hosts/services that supply you with email services. Registering your email providers is pretty much the same as reporting spam, except that you return our test emails to a different address, or copy/paste them into a different form. The instructions are contained in every test email we send. The Mailhost system is an effective defense against reporting errors because when SpamCop knows about all of your email providers, it can more accurately pinpoint the true source of the spam. Registering your hosts completely changes the way SpamCop looks at your spam. - Don D'Minion - SpamCop Admin - service[at]admin.spamcop.net . Link to comment Share on other sites More sharing options...
turetzsr Posted April 30, 2010 Share Posted April 30, 2010 Hi, ohm, welcome! <snip> Hi fellows, Your system is really great! ...Yes, most of us fellow users agree! In case you (or others reading your kind message) were thinking that this Forum is frequented by SpamCop staff, though, I just need to emphasize that it is actually populated mostly by fellow users such as yourself and others with a general interest in fighting spam. Only Don, who replied above, and one or two other rare participants who have the "spamcop.net" "badge" over the text "Group: SpamCop Staff" are actually SpamCop staff.<snip> 2. Many spams show several URLs redirections, example: <snip> The problem is: spamcop cannot analyze either one, because it tells: "too many links!". This doesn't make sense <snip> ...That would be true if catching such URLs were considered by the SpamCop developers and management to be an important function for it to perform but that actually isn't the case. See SpamCop FAQ (link near top left of pretty much every SpamCop Forum page) entry labeled "SpamCop reporting of spamvertized sites - some philosophy." For tools whose main function is reporting such links, I'd recommend that you search (there are two search tools near the top of pretty much every SpamCop Forum page, one using Google and one built-in to the Forum software) for "Complainterator" and "Knujon."<snip> I need to edit the headers to have the job done. <snip> if I leave only 5 URLs, the system analyze them and report them. <snip> ...If you do that, be sure you do not report them using SpamCop!!! See one or both SpamCop Forum entries labeled "Material changes to spam" and "Material changes to spam - Updated!" and also "What if I break the rule(s)?" Link to comment Share on other sites More sharing options...
Wazoo Posted April 30, 2010 Share Posted April 30, 2010 OK, Don answered #1, Steve got to #2 before I finished up my research. Although I commend you on building the list of sites and data on the anti-malware, anti-phishing, etc. reporting/analysis sites .... I have a hard time working with the 'Group' designation as compared to a single-member / zero-Post Forum hosted on a 'free' web-site host. If you are looking for help, supporters, etc., there are much better ways than trying to do this by sneaking in what is seen as Signature-spam/Search-engine stuffing on your very first Post here. Signature data removed at this point. I never did see how this ties into a SpamCop E-mail System or Account issue. Moving this Topic over to the Reporting Help Forum section. Link to comment Share on other sites More sharing options...
Farelf Posted April 30, 2010 Share Posted April 30, 2010 On your second point, to expand on Steve's points regarding the infamous "too many links". The parser usually gives up at a certain number of URLs and your suggestion that it self-limit to the first five (or some number) is sensible and you might like to make that a requested change in New Feature Request however, note: the parser has been progressively improved over the years in terms of its ability to resolve links and in terms of the number it will handle and what you now see is probably as far as it is going to go because SpamCop's primary objective is the e-mail source of the sender there are simply too many variables and tricks and issues to stay in front of the spammers as a secondary objective using an automated system - see SpamCop reporting of spamvertized URLs, Viewpoint(s) [*]there is no evidence SC developers are actually influenced by items in New Feature Requests [*]there are more specialized tools to deal with spamsites - such as Complainterator for Windows, Complainterator for Linx and KnujOn (EXTERNAL link) [*]nevertheless you can use the SC parser to find reporting (of hosts) for Manual Reports just paste the URL (alone) into the submission webform (member's page) to get a result like http://www.spamcop.net/sc?track=319.derryclinic.ru - a (North) Vietnamese host please be careful with spambodies - don't open the spam, use your browser's "View source" or equivalent Link to comment Share on other sites More sharing options...
ohmniscient Posted April 30, 2010 Author Share Posted April 30, 2010 OK, Don answered #1, Steve got to #2 before I finished up my research. Although I commend you on building the list of sites and data on the anti-malware, anti-phishing, etc. reporting/analysis sites .... I have a hard time working with the 'Group' designation as compared to a single-member / zero-Post Forum hosted on a 'free' web-site host. If you are looking for help, supporters, etc., there are much better ways than trying to do this by sneaking in what is seen as Signature-spam/Search-engine stuffing on your very first Post here. Signature data removed at this point. Wow... You're probably in a bad day. I've never seen such attack for a such a veteran in forums. Violating the ethics completely, exposing for everybody what is definitely not related to the post. If you didn't like my signature, you could remove it and call me in a private message. Why not to be polite? 1. My questions were very meaningful, this is why it has nothing to do with "sneaking". 2. I'm a med-student, internet is a hobby, I'm not going to have a hard time with forums, never. What I do is to help people. I don't intend to be one of you, neither to have a spamcop system or something like that... Anyway, see my contribution in the anti-malwarebytes forum: http://forums.malwarebytes.org/index.php?showforum=51 or in the malwaredomainlist forum: http://www.malwaredomainlist.com/forums/index.php?board=16.0 This tells a little bit about my experience regarding politeness in forums 3. I'm very happy that I got very good responses from the other guys. I'm gonna follow your instructions! thank you! Link to comment Share on other sites More sharing options...
Marty Posted May 1, 2010 Share Posted May 1, 2010 Wow... You're probably in a bad day. I've never seen such attack for a such a veteran in forums. Violating the ethics completely, exposing for everybody what is definitely not related to the post. If you didn't like my signature, you could remove it and call me in a private message. Why not to be polite? Not defending the Forum Owner/Admin here. (I know that he's thick skinned. I believe that he's seen it all before. He can take care of himself and doesn't need my help ) OP, Wazoo was in a GREAT mood yesterday, and then you showed up! My own view of the available evidence is that OP got busted big time and doesn't like it much. There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it. "just my two (worthless) spam bytes" --- Marty SpamCop user for many years Link to comment Share on other sites More sharing options...
turetzsr Posted May 3, 2010 Share Posted May 3, 2010 Not defending the Forum Owner/Admin here. (I know that he's thick skinned. I believe that he's seen it all before. He can take care of himself and doesn't need my help ) <snip> ...Nevertheless, I think your contribution to be helpful, as it shows that not everyone thinks his posts merit condemnation. <g><snip> There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it. <snip> ...There are probably several; the most recent one being Errors Encountered linear posts 4-8, 10-20. Link to comment Share on other sites More sharing options...
Wazoo Posted May 3, 2010 Share Posted May 3, 2010 There is a link around here someplace that I can't find right now that deals with "apparent" lack of politeness in posts. I Hope someone can PM me how/where to find it. Here's my guess as to the Post in question; SpamCop Discussion > Discussions & Observations > Going to make your first post here? Alleged, Implied, Perceived Rude Responses ..???? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.