Jump to content

Should I bother clicking repeated e-mail addresses for multiple spams?


lpickup

Recommended Posts

Posted

I am swimming in spam and lately it seems like when one spam comes in, I always get 2 or 3 within a minute of each other. Slightly different subject, different sender/IP address, but otherwise almost identical.

I just started submitting spam reports, and as expected, for the related spams, the reports end up going to the same abuse e-mail addresses. But I was surprised that about 80% of the spams I reported went to those same two domains / abuse contacts.

I haven't had any problem submitting the reports--everything is working just fine.

My question is this: when I start to see 30-40 spams that end up reporting to the same domain, should I un-check the boxes so as not to send what are ultimately redundant e-mails to the abuse contacts? Or is it important for them to see that the spam is coming from several different IPs within their networks?

In fact, will spamcop even recognize that an e-mail report was recently submitted to a given abuse contact and determine on its own not to send out the e-mails?

Some of these reports wind up with 9 or so e-mail boxes I have to un-check to avoid sending out too many abuse e-mails and that's somewhat of a burden on my end, but I'm sensitive to the fact that I don't want to overburden legitimate abuse departments, and I understand that e-mailing illegitimate spammer networks probably won't have any effect anyway.

Does unchecking all the e-mail boxes still cause the report to be tracked for purposes of blocking a given IP?

What about the devnull entries...I've read the FAQs and I don't think I quite understand what their purpose is. Should I leave those checked or unchecked for the repeated spams?

Thanks,

...Lance

Posted

Hi, Lance -- welcome!

<snip>
My question is this: when I start to see 30-40 spams that end up reporting to the same domain, should I un-check the boxes so as not to send what are ultimately redundant e-mails to the abuse contacts? Or is it important for them to see that the spam is coming from several different IPs within their networks?

&nbsp &nbsp&nbsp&nbsp&nbsp That would depend on the spam source admin's preferences but you can't know that. I'd be inclined to send them all, since those Admins that don't care about multiples can ignore them but those that want to see them will get them.

In fact, will spamcop even recognize that an e-mail report was recently submitted to a given abuse contact and determine on its own not to send out the e-mails?

&nbsp &nbsp&nbsp&nbsp&nbsp Not that I'm aware. Sometimes SC won't send reports for one reason or another but I can't remember ever seeing it not do that due to this reason.

Some of these reports wind up with 9 or so e-mail boxes I have to un-check to avoid sending out too many abuse e-mails and that's somewhat of a burden on my end, but I'm sensitive to the fact that I don't want to overburden legitimate abuse departments, and I understand that e-mailing illegitimate spammer networks probably won't have any effect anyway.

&nbsp &nbsp&nbsp&nbsp&nbsp IMHO, your being considerate in this way is kind but, as I noted before, results in too little information going to those spam source admins who prefer to receive them.

Does unchecking all the e-mail boxes still cause the report to be tracked for purposes of blocking a given IP?

&nbsp &nbsp&nbsp&nbsp&nbsp As long as you actually Submit, yes it does.

What about the devnull entries...I've read the FAQs and I don't think I quite understand what their purpose is. Should I leave those checked or unchecked for the repeated spams?

&nbsp &nbsp&nbsp&nbsp&nbsp Hm, that's seems to me to be a good question! Hopefully someone else will come by to answer.

Posted

What about the devnull entries...I've read the FAQs and I don't think I quite understand what their purpose is. Should I leave those checked or unchecked for the repeated spams?

You should leave them checked. SpamCop stores them internally for their documentation. If it is spam and you click Submit, the devnull reports are the documentation of the report that would have been sent to the ISP, if they accepted them. Of course if a report was sent documentation is in "mail sent".

Posted

Another thing - you may sometimes see the same reporting destination checked as an abuse address for several/numerous "spamvertized" websites (which are within a single spam body). When that happens only the one report appears to be sent to that abuse address, which can be seen/verified after the event, when checking the actual report distribution through your "Past Reports". In any event you do NOT have to uncheck "duplicate" reports.

Posted

Thanks for all the great responses. That significantly helps clear up the best practices for me and my only followup question was just addressed by Farelf.

IMHO, your being considerate in this way is kind but, as I noted before, results in too little information going to those spam source admins who prefer to receive them.

Believe me, it is not out of kindness that I would ever consider backing off on sending reports to what appear to be legitimate contacts. It's more a case of effectiveness and avoiding running afoul of whatever policies exist here. Like it says in the FAQ (or somewhere else that I read), the last thing you would want to do is overwhelm ISPs' abuse departments that would otherwise be helpful in addressing problems, but due to volume shift into an "ignore" mode.

...Lance

Posted

Any ISP handling spam reports seriously will have a 'deduplicate' routine which perhaps will only give the original source and the numbers involved plus possibly the spam software used and whether it's instrumented with web bugs and coded destinations.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...