[Resolved] At what point is action taken against spamming ISPs?

[Steve57]

It seems that a LOT of spam that I report gets tossed into the "Null" folder because of invalid email addresses that just bounce. I am also told that the information provided is added to the statistics and if warranted, the ISP is blacklisted.

So when does the blacklisting start? It seems I keep getting loads of spam from the same ISPs and it never ceases even though they have been reported repeatedly.

So why do some many spamming ISPs seem to go unpunished or blocked?

This is not a negative rant, just merely trying to understand the operations of SpamCop.

[Lking]

So when does the blacklisting start? It seems I keep getting loads of spam from the same ISPs and it never ceases even though they have been reported repeatedly.

So why do some many spamming ISPs seem to go unpunished or blocked?

Do you realize that the blacklisting works on the receiving end not on the sending end?

Unless you/your ISP uses the SCbl list you may not see any effect of your reporting. In addition it takes several reports from more than one person to get an IP blocked.

However, you may not see the results of your effort, but others do. I have been reporting for ~9 yrs and have not seen any real change in my level of received spam. But then I do have my email wide open so I get everything addressed to my domain.

Keep reporting with the knowledge that others are benefiting from your work.

[Farelf]

Quite a lot for you to take on-board ... to add to/expand on Lou's response.

SpamCop "cops" considerable flack over the supposed aggressiveness of its blocklist but the truth is a large-volume server which is mostly sending/relaying legitimate mail will possibly never make it to the SCbl on the basis of reporter submissions alone. That is even more likely if reporters become discouraged and stop reporting their particular "bad boys". If there are also spamtrap hits (which might happen at any time in the spam cycle), the equation changes. See http://www.spamcop.net/fom-serve/cache/297.html for the official description of how it works. That detail (and the process itself) is not completely precise or necessarily up-to-date - probably to minimise the chance of spammers using it to tippy-toe around tripping points (just my opinion).

You can get some impression of the functioning (and limitations) of it all through the statistics facilities at http://www.spamcop.net/spamstats.shtml - and further to the "ham/spam" (reputation) aspects of the SCbl by drilling down through the browsable map of netspace which starts at http://www.spamcop.net/w3m?action=map - which is also sortable every which way - within that.

As might be imagined from the foregoing, the responsive abuse desks are an important part of spam control in conjunction with SC's unique offer to report right from the rising edge of spam outbreaks; but so many are unresponsive, at least until their legitimate customers are affected by SCbl listing and it is probably already too late then for them to reassert control - because other, sterner, RBLs are often involved by then. Others (the worst) refuse abuse reports entirely. Presumably those eventually become non-functional as entire networks progressively block them at their edges (IronPort and similar technologies).

Then there are botnets (almost unblockable on the basis of IP address which is SC's method - but still somewhat/theoretically vulnerable, piecemeal, to the efforts of responsive abuse desks within the compromised networks) and generally their "command and control" functions are vulnerable to other spamfighting tools/agencies. Snowshoe spammers are not much affected by SC reporting either (and even regular networks will "loadshare" a little to similar effect) but again there are specialized tools to address the worst of that - for instance the Spamhaus CSS component of their BLs.

And the "humongous" ESPs such as Microsoft, Google and Yahoo tread their own paths to spam control and, at various times in their "evolution", appear to make no provision for SC contribution to that. But even those get their servers listed in the SCbl from time to time, when they lose effective control of parts of their networks.

So, when it comes to SC reporting, the general advice is to keep on reporting, with as much effort as you are comfortable in outlaying. And try not to be discouraged if reports are not sent - that is only part of the total (and things change). SC has a part to play (a unique part) within the broad spectrum of anti-spam effort.

Finally, it is possible to utilize the SCbl in your own spam control and reporting through "account level" filtering - MailWasher (Windows and Apple) is often mentioned in that context in these forums, as is Ð…pam Assassin for the Unix world. I'm afraid I know nothing of those personally.

HTH

[Steve57]

Do you realize that the blacklisting works on the receiving end not on the sending end?

Unless you/your ISP uses the SCbl list you may not see any effect of your reporting. In addition it takes several reports from more than one person to get an IP blocked.

However, you may not see the results of your effort, but others do. I have been reporting for ~9 yrs and have not seen any real change in my level of received spam. But then I do have my email wide open so I get everything addressed to my domain.

Keep reporting with the knowledge that others are benefiting from your work.

Thanks. I guess I was hoping to see particular domains being blocked; (I am reporting on an individual/client, not as someone running an on-prem mail server.)

Again, thanks for the info.