Jump to content

Very poor Spamcop stop rates


Recommended Posts

SpamCop stops all in "Zen" as zen is the combined spamhaus.org lists

You can reduce SpamAssasin level down to stop more spam try 4

Your whitelist

http://webmail.spamcop.net/horde/imp/spamcop/whitelist.php

overrides ALL Blacklists and Greylisting

http://webmail.spamcop.net/horde/imp/spamcop/preferences.php

to activate click

"Click here to enable greylisting"

If spamcop is not reporting YOU (your mail hosts are set-up) you can use Quck-reporting in VER

http://mailsc.spamcop.net/reportheld?action=heldlog

"Quick report and send to trash"

You can also Whitelist emails in you VER (Held) folder by same scroll bar

I understand whitelists, greylists and blacklists.

I have had senders who I know I"ve whitelisted still get held. I don't think it has happened recently. But, now that I know where to check and maintain my own whitelist, I'll keep an eye out for that.

Unfortunately, since I'm redirecting from another server, greylisting won't work for me. I was on a webhost for about a year that implemented greylisting and it was great. I went from 30 held spam per day to about 1 per day.

Today, I have another 15 or so cluttering my inbox, and only 1 held, plus one false positive. Frustrating.

I might try Mailwasher. I know I looked at it once, a few years ago.

Drake

Link to comment
Share on other sites

  • Replies 69
  • Created
  • Last Reply

Yesterday, I only had about 5 spam altogether, and 1 was held. I guess the jerks took a day off.

Today, I've had about 12 spam held and about 12-15 leak through. So, that's encouraging. Anyone know if something has changed?

Drake

Link to comment
Share on other sites

... Anyone know if something has changed?

Well, the e-mail system stopped working for a while, a new server is being/has been brought on-line, filtering was/is apparently affected as part of that process - http://forum.spamcop.net/forums/index.php?showtopic=14091 - but yes, encouraging if the proportion of spam being diverted has improved. Maybe the deficient filtering performance was related to that former, inadequate server. As seen even in just this topic, others have also had complaints/observations about poor filtering, occurring for several/many months. Just conjecture ...
Link to comment
Share on other sites

May be totally unrelated but - a bell has been rung in the world of 'forum spamming' that there has possibly been a recent and massive move by Chinese spammers to use substantial US IP addresses allocations delegated to Chinese owners. Going by the last Chinese comment spammer banned from these pages - okay, a sample of one - that applies also to the 'payload' domains, the spamvertized websites with Chinese registrants (as always, 'follow the money').

Forum spam is a different movie. Many regional/special interest forums have very high memberships but aggressively block membership from whole counties, deemed to have no legitimate interest in such forums and historically associated with spam attacks. Well, some individual e-mail account holders (even whole businesses) have a similar philosophy, compounded in the business case by trade and export restrictions and other difficulties. What seems like a good idea to bypass this by one bunch of spammers might also seem like a good idea to another.

'Whole of country' filtering has always been problematic due to the dynamism of allocations and delegation across national boundaries, and 'professional proxies' have been around 'forever'. But this (possible) spam use of extra-national delegations (and specifically, Chinese ones) appears to be a significant upswing.

In forum spamming, the evidence (apart from the fact of Chinese delegations recorded by APNIC) is just 'statistical' - an 11% of total drop in Chinese spam (16% reduction in share) and a 7% of total increase (doubling) of 'US' spam out of 76,848,524 records at the moment. Haven't bothered to do the math but, trust me, those changes have to be highly significant. These Chinese figures are themselves influenced (subdued) by pre-existing filtering and other administrative restrictions. Thanks to stopforumspam.com user crfriend for the observation and suggested mechanism.

Back to e-mail spam - even without 'country' filters, I would imagine some heuristic filters might be pushed into short-term 'seek' oscillation if such a change was occurring there too. Must say I had never noticed a lot of Chinese message spam when I used to get spam but that was mostly botnet sourced (unknown owners/hirers) and, yes, there were certainly times when Chinese 'alphabet soup' domains predominated as the 'payload' (though with ostensibly Chines owners? - can't recall).

Anyway, not looking good for 'whole country' filtering. Those with their own servers can apparently overcome this by adding a level of scripting to interrogate NICs for organization and/or owner name/address and referencing tables.

Link to comment
Share on other sites

I'm continuing to see about a 50% stop rate the last coupla days. Including some of the paired-up spam. Hopefully, the server replacement was the issue, and the rates will climb as these continue to be reported.

Drake

Link to comment
Share on other sites

I'm continuing to see about a 50% stop rate the last coupla days. Including some of the paired-up spam. Hopefully, the server replacement was the issue, and the rates will climb as these continue to be reported.

Drake

Well that's certainly better than what I was seeing. Since the last outage, my email hasn't been going through Spamcop but if it gets reasonably effective and stays up for awhile, I could be tempted back.

Could you tell us what spam cop features are blocking your messages? For example, on my messages prior to the outage, the vast majority of SC blocks were due to spam Assassin. That didn't impress me all that much since I tend to assume that Thunderbird's filtering is likely to get whatever spam Assassin gets. However, if some or all of the block lists are now catching significant amounts, then SC is interesting to me again.

Link to comment
Share on other sites

  • 1 month later...

My total volume of spam is so low, lately, that it's hard to say. One day, four will leak through with none stopped. Another, two will leak with three stopped. Etc. I think there has only been one or two days in the last month with more than ten total spam in one day. My general impression is that it's stopping something less than 1/3.

The spam that does get through it tends to be lumped together, so that most of them show up within an hour or two.

Drake

Link to comment
Share on other sites

Of the last 32 spam emails I received, my host's free spam filtering found 59% of them and the rest were spotted by Thunderbird. It's probably dangerous to make broad comparisons on such small numbers of messages, but I think I will stick with my host's spam feature for the time being.

Thanks for the update!

Link to comment
Share on other sites

  • 2 weeks later...

The scammers seem to have Spamcop all figured out, now.

Instead of two at a time, I'm now getting ten at a time. Ten spam at one time, slightly different, all about diabetes. Then, a few minutes later, ten about background checks. And Spamcop is catching none of them.

Clearly, these are coming from the same group that has been sending doubles for the last few months. And Spamcop has been helpless to stop them.

Link to comment
Share on other sites

I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed.

I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail.

Not sure a paid Webmail account is worth it after 10+ years.

Link to comment
Share on other sites

I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed.

I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail.

Not sure a paid Webmail account is worth it after 10+ years.

While it is out of touch and getting outdated, it allows unlimited spam reporting

Never get spam in my inbox?

You maybe have whitelisted your own email address (don't)?

check your blacklist settings

http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php

then click Submit or it won't activate

Link to comment
Share on other sites

I, too, am getting more spam in my Inbox than in my Held Mail. The only spam being "caught" are the typical "your rich Nigerian Uncle has died" and the "low, low loan rates". The ones for used cars, cure diabetes, HARP, etc., are ALL going to Inbox. I have ALL blacklists checked, and no settings have changed.

I am getting 15-20 of these daily, all at one time. Maybe 8-10 in Held Mail.

Not sure a paid Webmail account is worth it after 10+ years.

If you can summarise the SpamAssassin scores for the ones that make it to your Inbox ?

Link to comment
Share on other sites

Eash person's settings may vary of course but in the 10+ years I've used SC it's been excellent and I've hardly ever received any spam in my actual email client inbox. It's blocked everything bad.

Settings I have are as follows but as I said, results may vary do play around with them:

Options, Select your email filtering blacklists.

Block All - yes (checked)

Tag Only - blank (unchecked)

SpamAssassin - Checked and set to limit '1'

Block Russian - yes (checked)

DNS Blacklists - all are selected.

Click Submit if you changed anything.

Try adjusting settings and I think you'll find it works well.

I do not use the graylist as it, for me at least, simply adds complication to the equation.

Link to comment
Share on other sites

Then the Whitelist comes into play. I find the combination of SA limit of 1 and the Whitelist works perfectly.

It took a bit of playing around before I got it right. As I said, "results may vary"...!!

Link to comment
Share on other sites

I have been seeing similar issues. Spamcop use to block close to all my spam. Now it's in the 20% range. I have all the lists checked, and have spam assassin set to 3. This use to work very well, now it does not anymore. With the recent downtime and now the lack of effective spam blocking, I am starting to think it is time to move on. I use to highly recommend this service because it blocked spam so well. But it is not anymore. And I can report spam until my fingers are blue and it does not help. I also use blacklisting and a whitelisting. But like hasbeen said, my settings are fairly dormant and the effectiveness has gotten sucky the last half a year so . Not sure what to do other then move on. Either the spammers have figuredd out how to get around spamcop, or the various lists are not being updated anymore.

Link to comment
Share on other sites

In answer to an earlier question, I've looked at a few of the recent spam from the group that gets everything through. It looks like they've managed to tune their spam to hover around a score of 3.

I have mine set at 5. If I can conveniently produce a list of my common contacts and add them to my whitelist then I will look at lowering that setting.

Drake

Link to comment
Share on other sites

Spamcop use to block close to all my spam. Now it's in the 20% range. I have all the lists checked, and have spam assassin set to 3. This use to work very well, now it does not anymore.

Same thing here, all lists checked, spam assassin set to 3, greylisting enabled, and lots of spam gets through. Then when I do report the spam most of the reports are just devnulled so nothing is really reported by SC.
Link to comment
Share on other sites

<snip>

Then when I do report the spam most of the reports are just devnulled so nothing is really reported by SC.

...To those not very familiar with how SpamCop reporting works: please bear in mind that submitting the spam has as many as three possible results:
  • sending a notification to the abuse address of the spam source (IP address).
  • (lowest priority) finding spamvertizing and sending a notification to the abuse address responsible for the spamvertized host(s).
  • (most importantly) contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist.

"Dev nulling" only means that the first and/ or second of these will not be done; your reports are still contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist.

Link to comment
Share on other sites

"Dev nulling" only means that the first and/ or second of these will not be done; your reports are still contributing to the statistics that SpamCop uses to decide whether to put the spam source on the SpamCop blacklist.

This is why I've been reporting them, lately. But, even though these bad ones are on a limited number of subjects, and probably coming from the same zombie farm, I think I've seen about two or three of them held, ever. Out of hundreds. I would expect some improvement, as I see very similar emails come through week after week.

That's a big part of what has made this so frustrating, lately.

Drake

Link to comment
Share on other sites

<snip>

I think I've seen about two or three of them held, ever. Out of hundreds.

...Yes, frustration understood.
I would expect some improvement, as I see very similar emails come through week after week.

<snip>

...Again for the not yet overly familiar with SpamCop: while one can hope that reporting spam might improve the ability of the e-mail filtering to catch those sources, there's no reason to think that any one person's or a few people's reporting will do that because of how SpamCop determines whether to place any IP address on the blacklist and the nature of how spammers do their work these days (botnets). Reporting seems largely to be a pursuit with little direct benefit to us reporters other than the satisfaction of feeling we've done a bit to fight back against the spam scourge and that we might hit the occasional "white hat" provider who can benefit from a SpamCop report.
Link to comment
Share on other sites

...Yes, frustration understood....Again for the not yet overly familiar with SpamCop: while one can hope that reporting spam might improve the ability of the e-mail filtering to catch those sources, there's no reason to think that any one person's or a few people's reporting will do that because of how SpamCop determines whether to place any IP address on the blacklist and the nature of how spammers do their work these days (botnets). Reporting seems largely to be a pursuit with little direct benefit to us reporters other than the satisfaction of feeling we've done a bit to fight back against the spam scourge and that we might hit the occasional "white hat" provider who can benefit from a SpamCop report.

I was working under the assumption that, since I get so many of these, that a lot of other people are, too. And, that a useful percentage of those people were reporting them. Maybe not. Or, maybe the spammers have injected enough random text at the bottom to offset their Bayesian score.

Drake

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...