Reporting problems today?

[A.J.Mechelynck]

[at]ArtmakersWorlds: Unrelated to SC, I think. Just a new spammer (or spammers) with new ways to spam, and the yahoo filters haven't yet caught up.

Similarly, sometimes I get a spam message that makes it through the Gmail filters to their POP3 server, and when later I go to their webmail "spam" folder (to look for false positives) I find that more messages like the one that got through have been caught.

[lisati]

And does yahoo care at all? Some time ago (months) yahoo had an actual reporting address the complaints went to. On occasion I would forward their junk directly to them. But now that only bounces. It's a yahoo at spamcop addy now.

That's largely why I set up my own email server, which, amongst other things, gives me the option of rejecting mail from their servers during the SMTP dialog. It can get frustrating trying to report spam to Yahoo, only to be fobbed off with bounces, autoresponses that advise you to click on a "report spam" button that your email client doesn't have, and other "helpful" stuff like that.

[Stan_qaz]

Just got my fuel update and a few minutes later got the e-mail confirming it.

Looks like every spamcop.net account that submitted a spam in the last six months is getting the free fuel.

[lisati]

Just got my fuel update and a few minutes later got the e-mail confirming it.

Looks like every spamcop.net account that submitted a spam in the last six months is getting the free fuel.

Same here. Looks like my confirmation email is on the way, my email server's greylisting department needs another entry in its whitelist.

Edit: Whitelist ammended, and the email has arrived. A big "thank you" to the team.

[A.J.Mechelynck]

Just got my fuel update and a few minutes later got the e-mail confirming it.

Looks like every spamcop.net account that submitted a spam in the last six months is getting the free fuel.

Yes, me too, and yet I used to be a "free" user. Two obvious differences: no more nag screens, and an input field for a user-selected reporting address (for instance, I could send a copy of spam reports to myself. I don't think I will.) Also, the "front page" lists the remaining "Mbytes available".

But of course you all saw this.

[csouter]

Hi, all!

I got my free fuel as well!

Thanks, SpamCop!

[Farelf]

Me too, same differences noted by Tony, above. Didn't ask for it but much appreciate Cisco/SC's gesture . Of course (such is the way of the world/my luck) NOW is the time my spam comes with exploit attachments (trojans/trojan downloaders) to eat up my new reserves as fast as possible.

Ah well, SC trims such stuff 'way down which greatly reduces the potential erosion and I could trim it even more without getting into trouble if I really wanted to. Well, I might do that in future. I have been going back and "detaching" those nasty zips, etc. (mail client option) for sending to VirusTotal (since they're always early in the AV/AM detection cycle, practically "zero day") and then deleting them.

Just a matter now of doing all that that BEFORE SC submission and reporting, rather than after. I guess many mail services delete such before final delivery anyway (thinking of the "no material changes to spam" rule) but, as said, these are practically zero day (so mostly not detected) and my service (presently) gives me the option to leave them alone, in my account malware handling configuration. Anyway, I'm sure Don has said elsewhere a while back that it's OK to trim the bodies a bit more than SC would offer to do by default.

In the early days of VirusTotal (and there are several others, similarly tapping into 30-40 or more commercial AV/AM engines), it was sort of hoped as a by-product that it would encourage competition amongst those AV/AM owners to close up the detection cycles and even for them to take the opportunity to access the virus samples and work with the larger community. Didn't seem to work out that way back then - some of the big boys apparently withdrew their engines and pouted pointedly and it took forever for some of the new malware varieties to be detected by more than a handful of engines even weeks after release into the wild (and the initial detections always seemed to be from a different handful of engines for any given virus).

Well, something's changed, I tried re-submission just the other day of one (the classical "DHL consignment note", IIRC) after six days and it went from just a handful of detections at the beginning to just about 100% detections within that timespan. The quickening of pace makes it hard to do that check in fact, my resident scanner tends to wake up and grab the sample before I can send it off since its definitions have been updated in the meantime Anyway, makes the VT submission thing seem a worthwhile exercise - just don't try it unless you're confident you can handle the malware without opening/running it.

[newsmedia]

Thanks to all who worked to right the reporting problems and thanks to admin and Cisco for fuelling up all registered users.

Rgds

Keith

[ArtmakersWorlds]

Boy I wish I understood half the stuff you people talk about in here.

sigh.

Anyway, since the "fix" there is a new field on my reporting page. "user notes."

What is that? Who gets it? How is it any different from the field for "additional comments" already there?

Thanks.

[SpamCopAdmin]

>- new field on my reporting page. "user notes."

That is not just a "notes" textbox.

Notice the "To:" box.

It is designed to allow you to send a copy of your SpamCop report to an address of your choice. And you can add notes to that report that will not appear in the regular reports you send.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

[turetzsr]

..."Regular" does not necessarily imply daily, especially if there's nothing new to report. <g>

...But I'll risk providing an update for today that I'd think should be acceptable to SpamCop:

<snip>

...Latest of significance: 14 July 82005[/snapback].

...Nothing new of significance today, yet.

...Nothing new of significance today, yet. However, I sense that the problem may have been resolved. Does anyone have any evidence to the contrary? Unless I hear otherwise, I shall stop these daily "updates."

[weif]

For two days now, I have not had a single error, delay, or time out. It looks like it may be past...

thanks to the staff for getting it worked out.

[ArtmakersWorlds]

>- new field on my reporting page. "user notes."

That is not just a "notes" textbox.

Notice the "To:" box.

It is designed to allow you to send a copy of your SpamCop report to an address of your choice. And you can add notes to that report that will not appear in the regular reports you send.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

So... lets say a spam contains a URL. But spam reports do not go to said URL admin. Can I do a whois look up and forward the complain to what ever address comes up in that? Without actually using my email to do it?

Am I understanding that right?

Who else would I want to send copies to? My friends???

Still scratching head.

"Fuel!" OOOHHH! I got an email today from Cisco. Looks like no more delay between pasting spam and reporting it??? Very cool indeed.

[SpamCopAdmin]

Lots of SpamCop users do their own research and develop contact addresses that they send copies of their reports to.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

[hok]

>- new field on my reporting page. "user notes."

That is not just a "notes" textbox.

Notice the "To:" box.

It is designed to allow you to send a copy of your SpamCop report to an address of your choice. And you can add notes to that report that will not appear in the regular reports you send.

I find this is useful. For example, common URL for pill spam these days are in the format of http://??????.MEDIC????.ru/. SpamCop reporting address is heibaizhuli[at]yahoo.com.cn which I believe is spammers' e-mail address. I would send report to following addresses instead:

postmaster[at]public.zz.ha.cn

abuse[at]cnc-noc.net

abuse[at]chinaunicom.cn

spam[at]ccert.edu.cn

[hok]

I sense that the problem may have been resolved. Does anyone have any evidence to the contrary?

SpamCop continues to send more reports than spam submitted per statistics graphs at http://forum.spamcop.net/forums/index.php?...&page=stats since week 27.

[SpamCopAdmin]

>- SpamCop continues to send more reports than spam submitted

That is normal. It has always been that way.

However, the stats graph has not always reflected that fact. I don't know why the sudden change.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

[turetzsr]

SpamCop continues to send more reports than spam submitted per statistics graphs

<snip>

...That is by design, not a symptom of a bug or problem (thanks, Don!). I was referring to "sigalarm" or errors of that nature when attempting to report spam.

[Lodewijk]

SpamCop has been working for me as fast and smooth again as before.

A Big "Thank You!" to those who fixed this problem, and on top of that gave many of us -including undersigend- $15 fuel!

[ArtmakersWorlds]

does anyone ever forward spam to spam AT uce.gov? Does it do any good?

(Assuming the spammer is in the states. It wouldn't do any good for other countries.)

And... would that extra field to add another email address be the place for this?

[weif]

does anyone ever forward spam to spam AT uce.gov? Does it do any good?

(Assuming the spammer is in the states. It wouldn't do any good for other countries.)

I do forward all spam to that address. It does do good, as it is stored and made available to law enforcement agencies and states' attorneys general when they are preparing to take action.

And... would that extra field to add another email address be the place for this?

Maybe. I forward to that address when I forward to the SpamCop submit address. You should also be aware that for some hosts, the address SpamCop has listed as the abuse address...

[turetzsr]

does anyone ever forward spam to spam AT uce.gov? Does it do any good?

(Assuming the spammer is in the states. It wouldn't do any good for other countries.)

...If the US FTC is not prohibited by law from doing so, they could send the information to interested parties outside the USA. I don't know whether they are doing that; you could check their web site to see whether they say.

And... would that extra field to add another email address be the place for this?

...Yes. Please be aware, however, that (IIUC) the number of total bytes allowed for those addresses for paying members (that is, those of us who have fuel) differs from that allowed for "free" members, so if your list of addresses exceeds the limit for non-paying members, you may lose some when your fuel level reaches 0.

[A.J.Mechelynck]

[...]...Yes. Please be aware, however, that (IIUC) the number of total bytes allowed for those addresses for paying members (that is, those of us who have fuel) differs from that allowed for "free" members, so if your list of addresses exceeds the limit for non-paying members, you may lose some when your fuel level reaches 0.

When I was a free user (until I got the "free grant" of $15 at the end of the recent problems, that is), I had no additional "user" reporting address. It was yes/no for the abuse addresses detected by SpamCop, and comment boxes (one for everyone plus one for each), period.

[turetzsr]

<snip>

When I was a free user (until I got the "free grant" of $15 at the end of the recent problems, that is), I had no additional "user" reporting address. It was yes/no for the abuse addresses detected by SpamCop, and comment boxes (one for everyone plus one for each), period.

...Yes, actually, you did -- you just never knew that because it's pretty well hidden (how do I know? because until a couple of days ago I, like you, was a "free user"!). <g> Please see my last reply in SpamCop Forum article "nomaster[at]devnull.spamcop.net."

[A.J.Mechelynck]

[at]turetzsr: Aha! Well, as you say, it's pretty well hidden. As a, well, let's say "fueled" user I see it plain as your face, right there on the reporting page.