Jump to content

[Resolved] increased spam after using mailwasher and spamcop


kevinb

Recommended Posts

Posted

Hi ALL,

I signed up to mailwahser and spam cop on trial 3 weeks ago and seem to be getting more spam.

It also hits me in a rush around similar time slots.

I am using spam cop and have been bouncing emails.

Should I stop bouncing emails or using spam cop and just delete before they reach my system.

I get the usual porn but I am getting lots of banking spam youtube nigeria type stuff.

i ahve thought of chanign email address because it is dominating my inbox.

most of the mail comes back saying not listed in known dns though many are now coming up as blacklisted.

I ahve over the past 3 months unsubscribed from lots of sites where I used to get news letters and the like hoping this might help.

in by using spam cop am i being targetted more through some form of identification. I have asked same question in mailwasshr forum and waiting a reply.

any help appreciated.

kevin

Posted

Joining SpamCop is joining the army in the fight against spam. As in any army, as a soldier, you fight and fight and never see any benefit.

It's highly unlikely that you will see a reduction in spam as the result of using our service. By the time you found us, your address was already being passed around on the "Millions of Addresses" CDs the spammers sell each other. The level of spam will likely get worse from here on out.

The fight against spam is a long term battle. We get tons of open proxies, open relays, and exploited servers shut down, and we put a lot of spammers out of business, especially novices, but it's very difficult to stop the specific spammers sending *you* the spam.

Your reports make a difference! They are added to our blocking list database, which is being used by more and more ISPs around the world.

We feel like there is hope because of the effect the blocking lists are having. We're driving the professional spammers into ever smaller corners of the Internet where they're easier to block. Service providers around the world are starting to pay a lot more attention to plugging the holes in their systems. Unfortunately, the serious spam networks don't care much about being blocked because they still get their spam to enough gullible people to keep it profitable.

Your email address is not exposed by SpamCop. Our system deletes your address from the headers and then sends the complaints out using the report ID number as an internal SpamCop address.

Your complaints go out using a "From" address like this:

From: "YourNameHere" <5934567890[at]reports.spamcop.net>

As a general rule, people should never respond to spam in any way. The return address on spam and virus traffic is *always* forged, and "remove" addresses are almost universally fake or forged, as are any "remove" links you might find in the spam. Even if by some miracle they actually work, it's likely the spammer is simply using them to verify addresses. If you respond to spam, you're telling the spammer that your address is working and that you read the mail to it. That's pretty much spammer heaven.

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

.

Posted

Don's answer is correct and pertinent. I can only add that you should specifically NOT try to "bounce" spam. As Don notes, spammers forge the e-mail addresses in their messages, so that your bounce will go not to the spammer but to some innocent party. This in itself is a form of unsolicited e-mail, with YOU as the sender.

Also, you can use the paid SpamCop mail service to detect and detain the spam you get, so that what arrives at your computer will contain much less spam, and you can conveniently queue up and report the spam via the SpamCop web interface.

-- rick

Posted

thanks for the reply insight and advice.

I suppose if everyone does their bit then in time things may get better.

kevin

Posted

<snip>

It's highly unlikely that you will see a reduction in spam as the result of using our service.

</snip>

This is true for the immediate future, however, over time, if you keep up a regular schedule of reporting spam, the spammers will get fed up and leave your address alone. This took me about six years after signing up for SpamCop for my received spam to trickle down to one message every two days from twenty messages a day.

Thanks to the SpamCop block list, my average rejection rate is 6 spam messages a day. Please take special note in what Don says about accept and bounce, which should never be deployed. The only true options are to either reject the message during the connection, or to send it to the bit bucket.

thanks for the reply insight and advice.

I suppose if everyone does their bit then in time things may get better.

kevin

Yes, once we all work together as a group, we can trim down the spam.

Posted

Agreed here with the caution against using the "bounce" option in tools like mailwasher. You might get lucky every now and again and have the fake bounce go back to the true sender, but the risk of annoying or inconveniencing innocent bystanders is too high to rely on such techniques.

Posted

I'm getting much less spam now than in the beginning when I started to report it to SC. (I see that was exactly a year ago -minus one day- that I became a member here.)

I used to get a hundred spam a day, now usually only a few.

It's fun to keep the spammers on the run from one provider to another. It's more work and hassle for them. And knowing that, I don't mind spending a few minutes a day on it. Specially also knowing that in general it does diminish receiving spam for many. B)

Posted

Your email address is not exposed by SpamCop. Our system deletes your address from the headers and then sends the complaints out using the report ID number as an internal SpamCop address.

Your complaints go out using a "From" address like this:

From: "YourNameHere" <5934567890[at]reports.spamcop.net>

NOT always... in my experience when i tried reporting some spams that had ALL headers filled with my email address [at]gmail spamcop only removed it from the to: /cc: fields but left it unfiltered in the from: (it was a faked sender) and some other fields commonly added by hosting providers and used for their internal routing.

it also left my user name unfiltered in the body of the email (it wasn't a full email[at]domain, just the user name).

I had to cancel those reports.

Posted
Agreed here with the caution against using the "bounce" option in tools like mailwasher. You might get lucky every now and again and have the fake bounce go back to the true sender, but the risk of annoying or inconveniencing innocent bystanders is too high to rely on such techniques.

I second this. Many spams are sent "from" a harvested address, the same as the "to" addresses. If your address happens to be the unlucky one picked from the list, you might end up being the "sender" of a bunch of spams, and subject to all those bounces that MailWasher users are sending back (in addition to the actual bounce messages from bad addresses).

One other reason for not using MailWasher's bounce feature is that it isn't actually sending real bounces. A bounce is a notification from the email server that it was unable to deliver the message. In the case of these spams, the message has already been delivered, and MailWasher is creating a reply message that looks like a bounce. However, it is most definitely distinguishable from an actual bounce message. If a spammer actually took the time to look at the bounce messages (or discovered a unique pattern in MW's bounce message), it could actually be used to verify that your address is a legitimate spam target.

There are several possible outcomes from "bouncing" spam:

  1. It goes to the spammer's valid address and the mailing software or spammer himself removes you from the list.
  2. It goes to the spammer's valid address and nothing happens because he doesn't care about bad addresses in the list.
  3. It goes to the spammer's valid address and he uses it to verify your address, because it's a forged bounce.
  4. It goes to an innocent bystander's spoofed address, and you've now just added crap to her mailbox.
  5. It goes to an invalid address and you get another bounce back. You've just done extra work and caused a few extra emails for nothing.

Only the first of those options actually helps your spam situation. This option is probably the rarest situation as well, as it would make the spammer more identifiable and easier to shut down if he actually used a valid email address. Even if it did make it back to a valid mailbox for the spammer, there's a good chance it would simply be ignored (option 2). As I said before, there's even a slight possibility that the spammer could identify the forged bounce and it would simply verify your valid email address and increase your spam. The last two options have no effect on your own spam because they never make it to the spammer, and just cause extra work and crap emails for other people/systems.

I was a donating user of MailWasher back when it was free, and still use MW Pro 6.54 to this day to check my email and submit to SpamCop. However, I completely removed the Bounce option from the display years ago.

SpamCop tries to hide your address in the reports so that spammers (if configured as the actual admins, or when receiving a copy of the complaint from the system admin) won't see your address. However, they could have special codes in the email that let them cross-reference the email to a specific user on their list, or other advanced tracking methods that SpamCop can't really do anything about. MailWasher sends bounces to make spammers think your address is invalid, but it is distinguishable from an actual system-generated bounce. Unsubscribe links may actually remove you from a list (especially with more people getting savvy about spam and better laws against spamming), but they may be ignored or used as verification of a valid email address (which could be added to a different list even if it is removed from this one).

Unfortunately, any interaction with spammers could give them more info that they could use to send you more spam. I think SpamCop does a good job of hiding your info from the bad guys. It's not perfect and never will be, but it hides most of the info most of the time. Simply deleting spam (preferably from something like MailWasher rather than a full email cient) is the safest way to avoid it, but reporting actually helps interfere with spammers' operations, which should help reduce the amount of spam sent to everyone.

Posted

Good response InvisiBill. We should remember that one (of the very few) material change to spam permitted is to remove any personal identification within the spam that has not been removed by the SC processing. However, as InvisiBill says, there is no defence against encoded trackers. And it takes some effort to vet spam for even obvious identifiers (often involving cancelling a report to go back and take out one more instance just spotted). Personally I haven't bothered even to try for years. YMMV but, trust me, I started out as the most timorous of mole reporters and remained one for what was possibly the all-time record length of time.

The popular wisdom is that spammers mostly don't seem to bother with such sophistication as tracking/personal identification. The prevailing "business model" is to pump out as much as possible at little or no cost to themselves in the sure and certain knowledge that if they send enough, the small fraction of it that is read and the even tinier fraction that is heeded will generate some sort of revenue. That approach does not lend itself to tracking the stuff. Most of it does not even reach our mailboxes due to provider filtering, grey-listing rejection, rate limiting and such-like - despite spam supposedly constituting some 95% of all e-mail sent.

An indication of the truth of the extreme volume business model view comes when it is your turn to be spoofed as the "sender" of a major spam run and you find yourself the recipient of countless thousands of misdirected bounces from clueless mail admins (almost certainly a minority of their kind these days) "helpfully" informing you that the address "you" sent to does not exist. Spammers can't even be bothered obtaining decent mailing lists and their business model does not require that they need to do so, far less that they should need to maintain and adjust those lists.

That's the majority "hard-core" mass-mailing, "scattergun" spam. There's also the (vanishing) "mainsleaze" spam and that stuff just might include some sort of coarse tracking (like an affiliate code for instance) or web bugs but they are mostly interested in trends and if they do look for individual identification it is probably for no more purpose than for list washing (as a cheaper alternative to proper list maintenance).

One should be alert for targeted spam which is a whole different matter but if you're important enough to get that stuff you can be quite sure the perpetrators are well aware of your identity before they even started whatever sting they are attempting.

Just an opinion. Well, several opinions.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...