SpamCop is incompetent!

[WCoyote]

Let me state right from the beginning that I hate spam. So much so that I do not email my customers unless they contact me first, or we have found an error in our work or products. Like most of you, I spend an enormous amount of time trying to rid my life of spam and I am well aware of the deleterious effect it has on the internet as a whole.

However......

SpamCop is just a perfect example of pure incompetence. To block possibly hundreds of users on an email server just because 1 user is involved in spamming is not only draconian, it is proof that the people creating the blocking mechanism are either lazy or stupid. Either way, incompetent.

I run a legitimate on-line retail business. I am not, never have been and never will be a spammer. I do not run a e-mail list, nor do I do any kind on email promotion. However, I get blocked from responding to my customers by SpamCop. For example, a customer in Spain sent me a request for important information yesterday. This is information that is important to their business, yet I cannot respond because the child-like simplistic rubbish SpamCop com up with is blocking my response. How does this benefit my (and SpamCop's) customer in Spain?

As a result of this, I received another email from them this morning stating that my lack of response has resulted in them no longer doing business with me. This is not the first time either. I have lost yet another customer, thanks to SpamCop.

This is just absurd. I cannot fathom how anyone can support SpamCop's child-like and incompetent methods. How can these idiots continue to ruin from dozens to hundreds of legitimate business people in vain and incompetent efforts to stop one spammer?

If I had deeper pockets, this would be tested in a court of law. What SpamCop are doing amounts to slander and liable. They are destroying my reputation and ruining my business and I am not the only one. If they can;t do the job right, they should stop as they are hurting more than they are helping!

Quite frankly, I expected more from a company like CISCO. Running a garbage piece of s#!t system like SpamCop ensures I will never be a customer again.

:angry:

[rconner]

I can understand your consternation (and will look past the intemperate language), however I think you have your targets mixed up.

First of all, you've reached a board composed mainly of SpamCop users, although administrators can and do show up to handle problems (perhaps that will happen here). You should weigh any responses you get here accordingly.

SpamCop is an advisory service, it cannot "block" anything (except for certain of its paid users, but that's a very tiny subset of people on the internet at large). Basically, SpamCop collects verifiable facts of the form "x persons received spam from IP address y in the past z hours." and makes this information available to providers for their use.

It is the action of the internet providers who use the SpamCop block list that causes mail to be blocked. They are told not to block mail based on nothing more than a blacklist entry, but they often do it anyway. Worse, they may sometimes block the mail for some other reason (e.g., another block list) but misidentify the reason as a SpamCop blocklist entry.

Most internet providers send all their customers' mail through a small number (sometimes one) of IP addresses. If these addresses show evidence of having sent spam (via user reports or via spam trap), then they may wind up on the blocking list. So, yes, all of that provider's users can be affected if other providers decide to block mail based on what SpamCop says. Unfortunately, for largely technical reasons, it may be impossible to accurately or precisely discriminate individual mail users behind that mail server address.

The solution is for the blacklisted provider to get rid of the spammers. If he does so, then the blacklist entry usually disappears automatically within a short time.

Obviously, in order to do anything about your own problem, you'd need to approach a SpamCop admin with details of the problem.

-- rick

[WCoyote]

48 hours is NOT a short time! Not by any means. In business people will not wait 48 hours for a response to a request of even the slightest urgency.

In my case, I have only been blocked by SpamCops's service. Others too, but SpamCop is the primary offender.

"x persons received spam from IP address y in the past z hours." This is exactly the simplistic non-sense I am talking about. This is useless, worse, harmful information and acting on it will do absolutely no one any good.

If one person in Los Angeles has the flu, should all 17 million be quarantined?

SpamCop and other services of this type need to take a more responsible approach to this problem. Just publishing lists of IP addresses that have had complaints against them is no responsible as the uneducated will take harmful action based on that. they need to step up, or step out.

[turetzsr]

48 hours is NOT a short time! Not by any means.

...That depends on to what other service you are comparing it. Compared to almost every other blacklist, SpamCop's algorithm of removing IP addresses within 24 to 48 hours after the spam has stopped is lightning quick.

In my case, I have only been blocked by SpamCops's service. Others too, but SpamCop is the primary offender.

...No, you have never been blocked by SpamCop. SpamCop cannot block e-mail. The admins of the e-mail service used by people you are trying to contact are blocking your e-mails.

<snip>

If one person in Los Angeles has the flu, should all 17 million be quarantined?

...That's up to the owners of the resources that any of the 17 million Angelinos are trying to use. If the admins of service A feel that their service is sufficiently harmed by even the smallest chance of harm from someone who has the flu, they must be allowed to deny that service to all Angelinos, even if their fear is irrational, shouldn't they? And then, I would argue, it would be up to Angelinos and other stakeholders of service A to convince the admins, by boycott or threatening to or actually going with another provider or other means, to take some other action than blocking all Angelinos.

<snip>

SpamCop and other services of this type need to take a more responsible approach to this problem. Just publishing lists of IP addresses that have had complaints against them is no responsible as the uneducated will take harmful action based on that. they need to step up, or step out.

...Suggestions for improvement are most welcome here. However, SpamCop has been at this for a very long time, from back when it was a one-man operation, and they have a very large base of support, so they probably are doing things about as well as can be done with the state of internet and e-mail technology. And if you have a problem with the "uneducated" use of the blacklist, your time and effort would certainly be better spent on helping with the education than complaining to us SpamCop supporters, wouldn't it? And, even more so, in pressing your e-mail provider and/ or ISP to eliminate the spam coming from its system to ensure its IP addresses stay off the SpamCop blacklist, or finding a more competent provider with whom to spend your money.

[WCoyote]

The ISP can't de facto tell the difference between their high volume email users. There are many legitimate uses for high volumes of email and to the email server, there is no difference from these legitimate high volume users and spammers.

Companies like SpamCop could work with the ISPs to develop a system to put an end to this, but instead, they just point fingers. Stating that this is the best the current technology can do cannot be used as an excuse. Something has to be done about this as damaging large numbers of innocent and legitimate users to get the few bad apples is not acceptable.

Most large and responsible companies these days use content inspection on their incoming email to control spam. They realize that blocking a potentially important client is just not the way to do business.

SpamCop and other similar bottom feeders need to grow up and take this in a different direction. "It's been done this way for a long time" sounds really old and counter progressive.

[turetzsr]

...Sorry, again, your claims are just not consistent with what we (think we here) know -- what SpamCop itself says and what we have actually experienced.

<snip>

"It's been done this way for a long time" sounds really old and counter progressive.

...If that is all I had written, you'd be 100% correct -- but you missed a very important part of what I wrote (the rest of my sentence)!

[rconner]

Again, I think your best bet is to find out why your outgoing mail service is (by your own account) a serial failure at staying off spam blocking lists.

-- rick

[Farelf]

Agree with Rick - if you know the affected IP address, check it against other blocklists (most are less forgiving than SC and list longer). The CBL (cbl.abuseat.org) in particular can be enlightening (showing the "infection" of servers or of clients connected to them), usually with quite detailed advice on finding the problem. In some circumstances also (where there are member reports) SC offers mail admins very detailed information to help track down the end source - but not for spamtrap hits. For those, the mail admins may be able to obtain some limited but useful information from the SC staff, if they approach them directly.

[WCoyote]

Agree with Rick

To yourself and Rick, I know why, but that changes nothing.

But I can see by your signature line that real change is not something you embrace. I think there are many like that here.

This system (IP level block lists) is just the wrong way to go about this. It has had it's time, now it just has collateral victims. However, SpamCop fans will never agree to this statement. There is nothing open, progressive or inquisitive about this group.

To me, an IT consultant, there are obvious ways around this and I have been asked why I don't suggest a better way. Well, I did but I am not sure if it's been noticed. No surprise. As to specifics, details and an action plan, I'd be more than happy to. CISCO have deep pockets. If they want turnkey solutions, they can pay my usual daily rate of $2000 and they will get a well thought out proposal, with a complete end to end implementation plan as well as a quote for a follow on project to spearhead the partnership recruitment and orientation.

If I wanted an extensive LAN/WAN design, I am sure they would ask no less.

In any case, there is no point to arguing this with the gnostic faithful here. i just wanted to lend some support to those poor victims like myself that come here only to be told "Yeah, too bad for you." I'll leave you all with your delusions and I will seek remediation by other means.

It's been an education! Live well.

[turetzsr]

...WCoyote, you started out with what appeared to me to be ignorant, knee-jerk rants about SpamCop and have progressed rapidly towards lucid criticism and suggestions, for which I, for one, am grateful, despite no doubt appearing to you to be frustratingly closed, unprogressive, uninquisitive and gnostic. <g> For what it's worth, your pricetag of $2000 (I assume that someone of your skill would be able to put together the plan you've offered in a day's work) seems eminently reasonable and I'd jump at it were I Cisco; you might try offering it to them (perhaps bidding $10,000 rather than $2000, though <g>).

<snip>

But I can see by your signature line that real change is not something you embrace. I think there are many like that here.

...I'm pretty sure you misunderstand his "sig" -- it does not mean that he is resistant to change. <g>

...Peace and long life to you, as well.

[WCoyote]

...WCoyote, you started out with what appeared to me to be ignorant, knee-jerk rants about SpamCop and have progressed rapidly towards lucid criticism and suggestions, for which I, for one, am grateful, despite no doubt appearing to you to be frustratingly closed, unprogressive, uninquisitive and gnostic. <g> For what it's worth, your pricetag of $2000 (I assume that someone of your skill would be able to put together the plan you've offered in a day's work) seems eminently reasonable and I'd jump at it were I Cisco; you might try offering it to them (perhaps bidding $10,000 rather than $2000, though <g>). ...I'm pretty sure you misunderstand his "sig" -- it does not mean that he is resistant to change. <g>

...Peace and long life to you, as well.

Steve, you beg one last comment. You too have been very fair in your responses, which admittedly, tempered my rant. However, $2000 is my daily rate. The plan would take quite a bit longer than a day.

[turetzsr]

<snip>

$2000 is my daily rate. The plan would take quite a bit longer than a day.

...Well, then, you clearly wound up causing my estimation of you to be raised too high -- but let's blame that mistake on me! <big g>

...Seriously, it was a pleasure to have had you here and I appreciate your thoughts. We never know about these things but perhaps an idea or two that you dropped here might trigger some action by SpamCop to reduce the impact of blacklist (or blocklist, if you prefer) listings on innocent bystanders like you.

[Farelf]

All very nice but at the end of the day no actual data provided and, given the O/P's propensity for leaping to unwarranted but "convenient" conclusions and resolute refusal to research or address the issues, nothing more than a pointless rant (yes, yes, Mr Bill Gates promised us a master plan to free us from spam too and that never happened - when was that? - and with all due deference to the O/P I don't believe his own fiddling on the fringes of the industry bears comparison). Unless actual listing on the SCbl is verified by interrogating the record, even that part of the scenario can't be taken "as read". How many times has the NDR/bounce turned out to be "misconfigured" - which is to say the wrong reason has been attributed to rejection?

At the risk of repeating my signature ... we used to see a lot of rants. What has changed? Well, networks have gotten a whole lot better at filtering, both in extent and (presumably) reliability/avoidance of false positives. We wish they wouldn't use the SCbl to block, that's not the way it was intended to work and certainly can harm innocent parties - but with the huge overhead of spam generated every second of every day (albeit, almost none of it destined ever to be delivered) they obviously have their own priorities.

SpamCop offers a unique facility to mail admins responsible for the sources of spam (in many cases, early warning before listing and all the headers and practically the entire text of each spam to help identify specific delinquent/hijacked/compromised accounts). So far as the "prophylactic" aspect (not primarily punitive), the listing of recalcitrant IP addresses with uncaring or complicit networks, it is actually rather hard to get them listed. Just ask the frustrated reporters, sick of being inundated.

[rconner]

If nothing else, this sad vignette brings out the following points:

1. It is unwise to depend for your business' health on the delivery of any given SMTP message. E-mail is not and has never been a public utility or a secure, guaranteed-delivery service. You simply don't know from whom the messages come from and to whom your replies will go. Messages are exchanged among thousands of individual domains, each of which has a right to set its own polices for the sending and receiving of mail. At best, the sender may get a bounce notice to alert him to delivery problems, but don't count on it. Doctors don't use SMTP mail for sensitive customer data, neither do banks. Get an alternate e-mail address from a different provider, use web-based communications, or just use a damn telephone.
   
2. The assertion was made that a mail provider can't tell bulk users from spammers. This is simply untrue. First of all, no one here to my knowledge has conflated "bulk mail" with "spam." It is the "unsolicitedness" that makes spam, not merely the fact that it was delivered in bulk. Competent mail providers should be keeping outgoing mail logs and address lease info (at least for a short time after transmission), and if you hand them a spam message they should be able to track it down to a specific user at a specific time and date.
   
3. Yes, there is a potential for false positives in which an innocent sender's mail is blocked just because he happens to share an outgoing MTA with a drive-by spammer. The SMTP protocol is notoriously lacking in means to validate the origins of messages, and provides no verifiable means to distinguish one user of the domain from another.
   
4. One issue not taken up here is the fact that many spams (if not most of them) come from botnets rather than actual outgoing MTA hosts; these represent abusive attempts to get around a provider's outgoing mail security. SpamCop is very good at identifying these "spewing IPs" so they can be dealt with, and these cases have little potential for false positives.