Jump to content

Is SpamCop still relevant?


JMark

Recommended Posts

I have been an faithful SpamCop participant for several years, wanting to do my small part in ending spam. But over the past few months, I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam. Also, SC does not support Outlook, perhaps the most common Windows email application out there. In addition, there have been no updates to SC announced in two or more years.

So in short, most spammers have found around SC reporting, SC developers do not bother to keep up with spammer developments and the one of the most common email clients is not supported.

So why should I bother?

Link to comment
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Hi, JMark,

I have been an faithful SpamCop participant for several years, wanting to do my small part in ending spam.
...Thank you! :)
But over the past few months, I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam.
...Can you provide a Tracking Link that shows an example of what you mean? I've never seen this. The only times the SpamCop parser has refused to handle my submitted spam is when there was no body in the e-mail.
Also, SC does not support Outlook, perhaps the most common Windows email application out there.
...Could you explain what you mean by this? I use Outlook as my principal e-mail client and have had no problems at all submitting spam. The only limitation is that I must copy/paste into the online form, I can not forward the spam to the parser.
In addition, there have been no updates to SC announced in two or more years.
...Again, could you please explain why you say this? I see evidence of updates from time to time as I peruse the SpamCop Forum posts.
<snip>So why should I bother?
...SpamCop continues to provide the service it always has (at least for me). It parses spam I submit, counts it towards the SpamCop blacklist, and sends e-mails on my behalf to spam source abuse addresses and other services I select (the US Federal Trade Commissions, coldrain.net, the SIAA [when it seems relevant] and antiphishing.org [when it seems to be a phish]).
Link to comment
Share on other sites

I find the vast majority of my forwards have been rejected due to spoofed dates and other minutia even though they are indeed spam.

As Steve states, there is a Forum section available for Parsing and Reporting issues, a Tracking URL would go a long way in trying to resolve your issues.

Also, SC does not support Outlook, perhaps the most common Windows email application out there.

Although there are numerous caveats, this statement is not technically correct. The orginal FAQ, the single-page-access version found here, the Wiki, and a load of existing Topics/Discussions attempt to deal with the use of Outlook and the Parsing & Reporting System.

In addition, there have been no updates to SC announced in two or more years.

The last two major updates;

15 Jan 2010 - SpamCop v 4.6.0.031 © 1992-2010 Cisco Systems, Inc.

14 Sep 2010 - SpamCop v 4.6.1.006 © 1992-2010 Cisco Systems, Inc.

The last (public) talk about 'current' work was about the IP6 situation.

So in short, most spammers have found around SC reporting,

I can't see that situation from this side of the screen. That there's a lot of ISPs/Hosts out there that don't actually handle their spam sourcing is another issue entrirely.

So why should I bother?

What I think I'm really seeing here is that neither you or your ISP/Host is using the SpamCopDNSBL, which means that you aren't getting the full benefit of your Reporting actions. Please see What is SpamCop.net? There are others that do benefit from your continued Reporting and they thank you.

Link to comment
Share on other sites

...May I ask why you chose to do it that way? I believe it would be far more helpful (for everybody) to include that post within this forum "thread." Would it be acceptable to you if I merged that post into this "thread?"

Yes, because the previous two posters declared I was remiss in not posting to the Reporting Help section. I have complied.

Link to comment
Share on other sites

Already too old to report when received. I don't see Feb 28 in the headers anywhere so the question would be be what could be holding the mail without adding a timestamp? I see occasional complaints/comments about delays in delivery causing the message to age past reporting window but if IIRC these usually have one or more later timestamps that SC has ignored. All the ignored "internal handling" (Yahoo) lines have similar timestamps so there's no blame there. A mystery. I suppose it's because Spamgrabber omits anything modified by Outlook? Whoever/whatever sent it to your Outlook inbox must be source of delay, in any event.

Incidentally, those headers look terribly jumbled to me, I can't make head or tail of the sequence. I'm just hoping Spamgrabber doesn't grab the Outlook jumble instead of the untouched message. Aaagh ... can anyone see what is going on? JMark, can you maybe check header order and consistency by pasting this spam (the source) into the webpage submission boxes (the 2-part Outlook/Eudora) submission? Just the headers would do, with "test" or something in the body part. Or maybe you can see (eyeball) from email source whether the headers are the same/in the same order as those received by the parser as referenced above. I'm probably just lost in all the internal handovers but the integrity of headers is a worry ...

Link to comment
Share on other sites

JMark, can you maybe check header order and consistency by pasting this spam (the source) into the webpage submission boxes (the 2-part Outlook/Eudora) submission? Just the headers would do, with "test" or something in the body part. Or maybe you can see (eyeball) from email source whether the headers are the same/in the same order as those received by the parser as referenced above. I'm probably just lost in all the internal handovers but the integrity of headers is a worry ...

See http://www.spamcop.net/sc?id=z4914357145z7...702bd499b5035bz

Link to comment
Share on other sites

Thanks for the new case and submission via webform. These headers make more sense to me and it does indeed seem to me that the previous Spamgrabber submission passes on the weird Outlook scrambling of the headers. But those are only internal Yahoo NNFMP lines, rather than external received lines, so no harm is done. I'm not confident Spamgrabber could be trusted in all situations but as other active members here use it and have not notified about problems I suppose it is safe.

But no mysterious lost time in the routing and submission this time. I can only imagine that in your first case something happened within mail.rr.com after the date stamping but before you got to see it. Glitches do happen, I've become aware of several unrelated ISPs (including my own) recently having problems with POP3 servers leading to delayed clearance of messages through to recipients. Has Road Runner admitted to any such problems in their bulletins/notices? I guess not. Are there still problems?

Link to comment
Share on other sites

...May I ask why you chose to do it that way? I believe it would be far more helpful (for everybody) to include that post within this forum "thread." Would it be acceptable to you if I merged that post into this "thread?"
Yes, because the previous two posters declared I was remiss in not posting to the Reporting Help section. I have complied.
...Oh, I see. I think you (reasonably) misinterpreted the main point Wazoo was making, which is that a Tracking URL would be helpful. Absent someone with the power to do so moving your post to the other Forum (which you can not do), the proper place (IMHO) for the tracking link is as a reply in this "thread." Based on your reply, I shall merge that other "thread" into this one. Thank you!
Link to comment
Share on other sites

There is no way that could be delivered between networks "as is". There is no way it should even be delivered within a network as is. Something untoward is happening, probably within your provider (I'm assuming RR). Instead of deleting spam once reported, you might need to keep it for just a while for diagnostic purposes (and to prove it is not happening on your machine during the submission process - which is a possibility, actually, but a lesser one I suspect). If something is wrong at Road Runner they are going to need the "evidence" in order to investigate (if they do).
Link to comment
Share on other sites

Yes, well I'm stumped. Those are nothing like the full headers (extraction process for pasting into the web submission form detailed at the bottom of http://www.spamcop.net/fom-serve/cache/122.html). There are no received lines at all - when the message ID indicates initiation through vmail2.sunshinemails.net and obviously the messages has transited to your provider for delivery, there has to be a received line.

Is there a support service at Road Runner? Unless an Outlook and/or Road Runner user has some other suggestion it looks to me like that would be where you need to be headed. Are you getting other mail (spam or non-spam) with full headers (as in example at http://www.spamcop.net/fom-serve/cache/17.html)?

Link to comment
Share on other sites

Are you getting other mail (spam or non-spam) with full headers (as in example at http://www.spamcop.net/fom-serve/cache/17.html)?

This comment triggered a thought. When I c/p the header extracted by SpamGrabber to a text message, I get a "received from" as follows (assuming I'm not violating any board rules. My email was blanked) :

Return-Path: <cb8.2bdda66[at]vmail2.sunshinemails.net>

Reply-To: "Stock Castle" <up[at]stockcastle.com>

From: "Stock Castle" <up[at]stockcastle.com>

To: <*********[at]cfl.rr.com>

Subject: Alert: ORRV ready to soar

Date: Wed, 2 Mar 2011 03:08:50 -0500

Message-ID: <0cb8.2bdda66.3e0c2a7[at]vmail2.sunshinemails.net>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_019C_01CBD887.4B410CD0"

X-Mailer: Microsoft Outlook 14.0

Thread-Index: AQGs/qI587wduX74LqfutHM1mlAnVQ==

List-Unsubscribe: <mailto:unsubscribe-241784067-b925f25311107092d8af0e7c77f50285[at]mynewsletterbuilder.com>

X-SpamFlt-Status: spam

X-KASFlt-Status: Profiles 19631 [Mar 01 2011]

X-KASFlt-Status: Version: 4.4.2 (May 26 2010 17:02:10)

X-KASFlt-Status: Envelope from:

X-KASFlt-Status: Rate: 0

X-KASFlt-Status: Status: not_detected

X-KASFlt-Status: Method: none

X-SpamFlt-Phishing: Heuristic detected

<body snipped>

Admittedly a novice, but the only difference I see is a "From:" instead of a "Received from:"

Link to comment
Share on other sites

Different things - the looked-for "received:" lines are inserted by servers handling the mail. The "From:" line is inserted by the sender via their mail application (and is often meaningless/forged in "mainstream" spam)

Link to comment
Share on other sites

Different things - the looked-for "received:" lines are inserted by servers handling the mail. The "From:" line is inserted by the sender via their mail application (and is often meaningless/forged in "mainstream" spam)

Which in turn is different from "Return-Path?"

Following up with Brighthouse. Will post any updates.

Link to comment
Share on other sites

I apologize for the imprecise question. I should have asked is Received-from different than Return-path? That is, does spamcop treat them differently?
No worries. SC uses none of them, only the server-stamped "Received:" lines like (from your first example)
Received: from [92.241.172.104] by web121614.mail.ne1.yahoo.com via HTTP; Thu, 24 Feb 2011 04:04:45 PST
The header line designation is the bit to the left of the colon - :
Link to comment
Share on other sites

No worries. SC uses none of them, only the server-stamped "Received:" lines like (from your first example)

Understood... two separate header references.

The header line designation is the bit to the left of the colon - :
Yes, understood.

So we have a situation where some spam are received with a "Received:" header and some apparently are not.

Link to comment
Share on other sites

actually thinking that this last bit of discussion needs to be split off into a new Topic, probably the Lounge Forum section, as it hasn't that much to do with 'this' Topic.

So we have a situation where some spam are received with a "Received:" header and some apparently are not.

As Farelf has already asked, just how are you actually 'receiving' these e-mails with the lack of any Received: lines? Without those lines. the suggestion would be that these did not traverse the internet at all, yet even 'internal' e-mails (i.e. an AOL/HotMail/Yahoo user to another AOL/HotMail/Yahoo user) still use Recieved: lines showing the 'internal' non-routable IP Addresses of the various servers involved in handling the e-mail involved.

The only thing I can think of that could resilt in zero Received: lines is some sort of e-mail client that offers up some 'simple' header display that strips out what someone considered unimportant data ????? Definitely not usefull at all from a spamcop.net Reporting perspective.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...