Jeff G. Posted February 1, 2004 Share Posted February 1, 2004 Quick Reporting allows the reporting of only spam sources, very quickly. Please see the WARNING: below about the danger of such speed. Note: for those that would rather read a simpler, less detailed description of Quick Reporting see the following entry in the Wiki: QuickReporting The following is a detailed description of Quick Reporting and its Dangers: Emphasis: ONLY the spam source Nothing in the body of the spam is even looked at by the parsing engine. Further explanatory notes found at Is quick-reporting still BETA? Some procedural issues are addressed by Julian at Mailhosts and Quick Reporting Email-based Quick Reporting is a feature of the SpamCop Parsing and Reporting System which may be allowed on a case-by-case basis by a SpamCop Admin. Please see To Quick Report via email (Linear Post #2 below) for details on using it. Web-based Quick Reporting is an exclusive feature of the SpamCop Parsing and Reporting System which only SpamCop Email System Customers may access, and which can currently be used from both Systems' websites. On the SpamCop Parsing and Reporting System, that feature is part of what is variously known as VER (Very Easy Reporting), Held Email, Held Mail Log, held log, and heldlog, and in all cases resides at http://mailsc.spamcop.net/reportheld?action=heldlog. It can accessed via the "HeldMail" Button/Link in the menu bar of the SpamCop Parsing and Reporting System http://mailsc.spamcop.net/ (which can be accessed via the "Report spam" Button/Link in Webmail) and has six Actions as follows:  VER Action                Webmail Capability  ~~~~~~~~~~                ~~~~~~~~~~~~~~~~~~  Quick - report immediately and trash   "Report as spam"  Queue for reporting (and move to trash)  In Progress  Queue for reporting (do not trash)    In Progress  Forward (and whitelist sender)      "Release and Whitelist"  Forward (do not whitelist sender)     Release (or Move or Open and Redirect)  Delete                  Delete To "Queue for reporting" from Webmail, forward (from the message list interface only, not when viewing any particular message) to your confidential submit.16charANcodeNMBR[at]spam.spamcop.net address (your Confidential Submit Address). However Quick Reporting happens, it will produce one or more "SpamCop Quick reporting data" email messages similar to the following: Return-Path: <user.mkWcYgeVzP7tz6z6[at]bounces.spamcop.net> Delivered-To: x[at]spamcop.net Received: (qmail 15696 invoked from network); 28 Sep 2005 21:05:34 -0000 Received: from unknown (192.168.1.103) by blade3.cesmail.net with QMQP; 28 Sep 2005 21:05:34 -0000 Received: from vmx1.spamcop.net (204.15.82.27) by mx53.cesmail.net with SMTP; 28 Sep 2005 21:03:08 -0000 Received: from sc-app5.ironport.com (HELO spamcop.net) (204.15.82.24) by vmx1.spamcop.net with SMTP; 28 Sep 2005 14:03:02 -0700 Wrom: GPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZX To: x <x[at]spamcop.net> Subject: SpamCop Quick reporting data Precedence: list Message-ID: <qr433b0506g7533[at]msgid.spamcop.net> Date: Wed, 28 Sep 2005 21:03:02 GMT X-Mailer: [url="http://www.spamcop.net/"]http://www.spamcop.net/[/url] v1.493 X-spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade3.cesmail.net X-spam-Level: X-spam-Status: hits=-98.1 tests=AWL,FORGED_RCVD_HELO,J_CHICKENPOX_63, J_CHICKENPOX_73,J_CHICKENPOX_75,USER_IN_WHITELIST version=3.0.2 X-SpamCop-Checked: 192.168.1.103 204.15.82.27 204.15.82.24 ... SpamCop.net Here are the results of your submission: Processing spam: Wrom: UWLSZLKBRNVWWCUFPEGAUTFJMVRESK Subject: ATTN: BENEFICIAL PREPOSITION Received: (qmail 32070 invoked from network); 28 Sep 2005 15:55:23 -0000 warning:Ignored Received: from unknown (192.168.1.101) by blade2.cesmail.net with QMQP; 28 Sep 2005 15:55:23 -0000 192.168.1.101 found host 192.168.1.101 (getting name) no name host 192.168.1.101 = ip192-168-1-101.z1-168-192.customer.algx.net (old cache) warning:192.168.1.101 discarded Received: from mail-kr.bigfoot.com (211.115.216.226) by mailgate.cesmail.net with SMTP; 28 Sep 2005 15:55:23 -0000 211.115.216.226 found host 211.115.216.226 = mail-kr.bigfoot.com (cached) mail-kr.bigfoot.com is 211.115.216.226 Possible spammer: 211.115.216.226 Received line accepted Relay trusted (211.115.216.226) Received: from hotmail.com ([65.54.185.21]) by BFLITEMAIL-KR3.bigfoot.com (LiteMail v3.03 (BFLITEMAIL-KR3)) with SMTP id 0509281145_BFLITEMAIL-KR3_464317_53569328; Wed, 28 Sep 2005 11:51:06 -0400 EST 65.54.185.21 found host 65.54.185.21 = bay15-f21.bay15.hotmail.com (cached) bay15-f21.bay15.hotmail.com is 65.54.185.21 Possible spammer: 65.54.185.21 Possible relay: 211.115.216.226 211.115.216.226 not listed in relays.ordb.org. 211.115.216.226 has already been sent to relay testers Received line accepted Relay trusted (hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 28 Sep 2005 08:50:58 -0700 warning:Ignored Received: from 63.215.198.21 by by15fd.bay15.hotmail.msn.com with HTTP; Wed, 28 Sep 2005 15:50:58 GMT 63.215.198.21 found host 63.215.198.21 = unknown.Level3.net (cached) Possible spammer: 63.215.198.21 Possible relay: 65.54.185.21 65.54.185.21 not listed in relays.ordb.org. 65.54.185.21 has already been sent to relay testers Received line accepted Sender relay: 63.215.198.21 De-referencing level3.net[at]abuse.net abuse net level3.net = abuse[at]level3.net, spamtool[at]level3.net Report routing for 63.215.198.21: abuse[at]level3.net, spamtool[at]level3.net abuse[at]level3.net redirects to level3[at]admin.spamcop.net spamtool[at]level3.net redirects to level3[at]admin.spamcop.net Tracking message source:80.88.135.149: Report routing for 80.88.135.149: emperion.net[at]devnull.spamcop.net Message is 5 hours old 80.88.135.149 not listed in dnsbl.njabl.org 80.88.135.149 not listed in dnsbl.njabl.org 80.88.135.149 not listed in cbl.abuseat.org 80.88.135.149 not listed in dnsbl.sorbs.net 80.88.135.149 not listed in relays.ordb.org. /dev/null'ing report for emperion.net[at]devnull.spamcop.net May be saved for future reference: [url="http://www.spamcop.net/sc?id=z810205604z2434444f7217f4c47d6e96388a8c07c6z"]http://www.spamcop.net/sc?id=z810205604z24...6e96388a8c07c6z[/url] Processing spam: From: ycorditej[at]mailpride.com...[/CODEBOX] [color=red]WARNING:[/color] Like its counterpart of normal Reporting, Quick Reporting also allows the reporting of you to your ISP or of your ISP to your ISP's ISP (both Very Bad Things), but in a more dangerous manner because it is faster and there is no verification step. Your ISP probably has various "solutions" in its arsenal to stop you from Quick Reporting yourself or it, including friendly advice, warning, suspension, deactivation, termination, fines, and even lawsuits for breach of contract, defamation, and/or interference with a contractual relationship. PLEASE make sure that your normal Reporting is working well for an extended period (never offering to report you to your ISP or your ISP to your ISP's ISP) before venturing into Quick Reporting. PLEASE also review your "SpamCop Quick reporting data" email messages to ensure that your Reports are not going to the wrong places. Please see FAQ Entry: What is VER (Very Easy Reporting)? for details on VER (Very Easy Reporting). Please see http://mail.spamcop.net/individuals.php for details on signing up for the SpamCop Email System. For addiltional official uptodate comments by SpamCop Admin see the following post http://forum.spamcop.net/forums/index.php?...ost&p=37352 posted on December 7, 2005 2004/03/22 [Wazoo] Updated to reflect new "Release" Links and "Queue for reporting" workaround. Edit: 2005/09/19 08:40 EDT -0400 Jeff G. updated with more info on email-based Quick Reporting (including reference to the Post below) and clarified some other language. Edit: 2005/09/28 00:04 EDT -0400 Jeff G. added access hints for VER, a caution for quick reporting via email, and a link to the new "FAQ Entry: What is VER (Very Easy Reporting)?". Edit: 2005/09/28 10:06 EDT -0400 Jeff G. added the [color=red]WARNING[/color] (thanks to Steve T for bringing it up). Edit: 2005/09/28 17:54 EDT -0400 Jeff G. added info about the the "SpamCop Quick reporting data" email messages to the body and the [color=red]WARNING[/color] (thanks to Steven Underwood and again to Steve T for bringing it up). Edit: 2005/12/06 11:05 PST -0800 dbiel added link to Don's December 7th post on the topic of Quick Reporting Edit: 2006/09/03 - [Wazoo] shortend up the long Received: Lines in the [ code box ] section to resolve a user complaint of having to scroll horizintally to read this Topic/Discussion .... Edit: 2006/12/14 - [Dbiel] added link to Wiki entry near the beginning of this post Link to comment Share on other sites More sharing options...
Jeff G. Posted September 19, 2005 Author Share Posted September 19, 2005 To Quick Report via email (if you are authorized to do so), forward to your confidential quick.16charANcodeNMBR[at]spam.spamcop.net address (your Confidential Quick Address, where "quick" is substituted for "submit"). If you have never used that address, you will get authorization instructions the first time you email Confidential Quick Address. Those instructions currently read as follows for a test message that doesn't contain another message (munged for the web): Return-Path: <spamid.0[at]bounces.spamcop.net> Received: from vmx1.spamcop.net (204.15.82.27) by your mailserver with SMTP; date/time Received: from sc-app4.ironport.com (HELO spamcop.net) (204.15.82.23) by vmx1.spamcop.net with SMTP; date/time From: SpamCop AutoResponder <spamcop[at]devnull.spamcop.net> To: you Subject: SpamCop encountered errors Date: date/time Message-ID: <unique message-id[at]msgid.spamcop.net> Content-type: text/plain In-Reply-To: <your original message-id> References: <your original message-id> Quick reporting is disabled due to careless use. It may be reactivated on a case-by-case basis. Email service[at]admin.spamcop.net to request access. Using normal confirmed reporting instead. SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: followed by normal "SpamCop encountered errors" output including your original message as sent to your Confidential Quick Address. Such forwarding is subject to the same restrictions as forwarding to your Confidential Submit Address - attachments are best, limit 50KBytes per message, and limit 100 attached messages per message. Edit: 2005/09/28 00:09 EDT -0400 Jeff G. added the last paragraph.. Link to comment Share on other sites More sharing options...
Jeff G. Posted September 28, 2005 Author Share Posted September 28, 2005 I just updated both Posts above. Link to comment Share on other sites More sharing options...
turetzsr Posted September 28, 2005 Share Posted September 28, 2005 ...Looks good (to someone who doesn't use Quick Reporting and therefore can not verify accuracy). ...Might it be worthwhile to include any caveats about dangers (reporting your own ISP)? Link to comment Share on other sites More sharing options...
Jeff G. Posted September 28, 2005 Author Share Posted September 28, 2005 ...Looks good (to someone who doesn't use Quick Reporting and therefore can not verify accuracy).33425[/snapback] Thanks!...Might it be worthwhile to include any caveats about dangers (reporting your own ISP)?33425[/snapback] Yes, thanks for the push. Please see the WARNING above. I trust that it addresses your concerns both above and in your Reply to FAQ Entry: What is VER (Very Easy Reporting)?. Link to comment Share on other sites More sharing options...
turetzsr Posted September 28, 2005 Share Posted September 28, 2005 <snip> ...Might it be worthwhile to include any caveats about dangers (reporting your own ISP)? 33425[/snapback] Yes, thanks for the push. Please see the WARNING above. I trust that it addresses your concerns both above and in your Reply to FAQ Entry: What is VER (Very Easy Reporting)?.33427[/snapback] ...Thanks for adding that! My only concern is that, IIUC, even after an extended period of successful reporting, a change to the ISP/MSP server infrastructure can still trigger a self-report. This has happened to me. Thus, I believe VER and Quick Reporting may be even more dangerous (at least for some of us) than even the very good warning you provided would suggest. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 28, 2005 Share Posted September 28, 2005 My only concern is that, IIUC, even after an extended period of successful reporting, a change to the ISP/MSP server infrastructure can still trigger a self-report. This has happened to me. Thus, I believe VER and Quick Reporting may be even more dangerous (at least for some of us) than even the very good warning you provided would suggest. 33437[/snapback] I feel that as long as people continue to monitor the quick-reporting reports, then the chance is minimized as presumably they will stop using it if errors start to be seem. Link to comment Share on other sites More sharing options...
Jeff G. Posted September 28, 2005 Author Share Posted September 28, 2005 OK, I added some more stuff. *bump* Link to comment Share on other sites More sharing options...
dle Posted April 29, 2006 Share Posted April 29, 2006 Just to make it clear: Quick reporting by email is available only for holders of a payed spamcop email account? Dominik Link to comment Share on other sites More sharing options...
Wazoo Posted April 29, 2006 Share Posted April 29, 2006 Just to make it clear: Quick reporting by email is available only for holders of a payed spamcop email account? 42417[/snapback] "Quick-Reporting by e-mail" is the only way that it can be done by someone not using a SpamCop.net e-mail account. Link to comment Share on other sites More sharing options...
Lking Posted April 30, 2006 Share Posted April 30, 2006 "Quick-Reporting by e-mail" is the only way that it can be done by someone not using a SpamCop.net e-mail account. 42418[/snapback] Not sure we are using the same english. I do not have an email account, I have a paid reporting account. I can report spam by email using either quick.<code word>[at]spam.spamcop.net which processes the attached spam and sends the reports and sends me a report of what it did or submit.<code word>[at]spam.spamcop.net which processed the attached spam sends me a link (http://www.spamcop.net/sc?id=z931....) to a page that displays the proposed reports to be sent. I can then send or not send selected reports. This process mirrors the web reporting process except the submit. email replaced the cut and past of the spam into the web page. submit. email ------ quick. email ------------- v v receive emil with link to v v v web cut/past spam -> process botton --> process results screen -> report botton --> v receive emil with list of reports sent sorry for the crude graphics Link to comment Share on other sites More sharing options...
Wazoo Posted April 30, 2006 Share Posted April 30, 2006 Have to agree ... I don't see how your explanation of the "by e-mail" examples changes what I said .... but then the waters got cloudy when you then said "mirrors the web reporting process" ...????? Use of the web-form - no option for "Quick-Reporting" E-mail submittals - meet the requirements, get the flag set, Quick-Reporting is an option Submitting from a SpamCop E-mail Account - I'll point back the the FAQ and the How-to-Use .... Forum sections ... My point was .. there is no way to "Quick-Report" in any other fashion than by e-mail outside of the various buttons/functions found on the SpamCop.net webmail interface .... Link to comment Share on other sites More sharing options...
Lking Posted April 30, 2006 Share Posted April 30, 2006 To quote an old movie "What we have here is a failure to communicate." and I missed your point which I see now. What I meant by "mirrors" was that when using a submit email and following the link returned by spamcop, you end up on a spamcop web page that is the same as the one that would have been displayed if you had entered to spam on the web and pressed the process button. Looking at my grades, you would think I was taking english as a second language so it understandable my 'failure to communicate.' Link to comment Share on other sites More sharing options...
Wazoo Posted April 30, 2006 Share Posted April 30, 2006 To quote an old movie "What we have here is a failure to communicate." 42425[/snapback] While looking at this Topic, I realized that some activity discussed within the spamcop newsgroup earler this month still had not been actioned by anyone. (see http://news.spamcop.net/pipermail/spamcop-...ril/110435.html ) So, I'll do it myself .... from an earlier post within that same thread; Skiwi offers - [snip] > > Another alternative is quick reporting, which has requirements and > disadvantages. The requirements for quick reporting are that your > request to quick report has to be approved, and you also have to be > configured for a mailhosted account, which is described here > http://www.spamcop.net/fom-serve/cache/397.html How do I configure > Mailhosts for SpamCop? [snip] > If a reporter is both mailhosted and approved to be a quick reporter, > then many spams can be submitted by email at one time, and all of the > spams are parsed for spamsource and reported without any approval > process by the reporter. That lack of oversight can cause a reporter to > report their own mailhost many times if the parser makes an error, which > could result in the reporter's own provider becoming blocklisted and > causing significant grief to the reporter -- including loss of email > account. [snip] To help avoid this, I personally 'fully report' 4 to 5 spams a days (i.e., "Queue for reporting and send to trash") to try and make sure that the mailhost config. has not been changed - and then report the rest (majority) by "Quick reporting" Link to comment Share on other sites More sharing options...
TerryNZ Posted May 15, 2006 Share Posted May 15, 2006 How to request and set up Quick Reporting to Spamcop I have read all of the supposed guide to requesting and setting up Quick Reporting to Spamcop. It is utterly confusing, and seems designed to obfuscate rather than inform. There is a more "English as a first language" description of the process located at Spamcop Quick Reporting set-up guide Would you consider importing that here, and using it as a more informative guide? Then you could append the subtle distinctions of Spamcop's web-mail reporting versus user SMTP reporting if that is considered necessary. You could also add a table with - What quick reporting does on one side and What individual submit reporting does on the other. Just an idea. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 15, 2006 Share Posted May 15, 2006 One note, that text says nothing about checking the received reports for improperly reported messages, whether because they were not spam (noticed later) or because they went to the wrong location. While in general it is fairly safe to use quick reporting, things in the background can change causing spamcop to report the users ISP account. That warning should always be included, IMHO. Link to comment Share on other sites More sharing options...
dbiel Posted May 16, 2006 Share Posted May 16, 2006 The ability to disable SpamCop's automatic response to "Quick" spam submissions is now available as a user option. - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
Wazoo Posted May 16, 2006 Share Posted May 16, 2006 Pinned Don's Announcement in the Reporting Forum .... Not posted here yet, newsgroup traffic is "Where's it at?" thus far .... Link to comment Share on other sites More sharing options...
Wazoo Posted May 16, 2006 Share Posted May 16, 2006 From: SpamCop Admin <nobody[at]devnull.spamcop.net> Newsgroups: spamcop.help Subject: Re: Quick reporting data Reports Date: Tue, 16 May 2006 00:36:07 -0600 Message-ID: <qgsi625os1he8l7u738rukjhv7u4atutpt[at]4ax.com> Alan Brown wrote: >-I just looked and did not see this feature. Which options panel is this >-found on? It's in the "Report Handling Options" section under the "Preferences" tab on the reporting server. Log in at: http://www.spamcop.net http://members.spamcop.net http://mailsc.spamcop.net - Don - Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 16, 2006 Share Posted May 16, 2006 How to request and set up Quick Reporting to Spamcop I have read all of the supposed guide to requesting and setting up Quick Reporting to Spamcop. It is utterly confusing, and seems designed to obfuscate rather than inform. There is a more "English as a first language" description of the process located at Spamcop Quick Reporting set-up guide Would you consider importing that here, and using it as a more informative guide? Then you could append the subtle distinctions of Spamcop's web-mail reporting versus user SMTP reporting if that is considered necessary. You could also add a table with - What quick reporting does on one side and What individual submit reporting does on the other. Just an idea. It is definitely a good idea. I have made edits to the existing user created FAQ but they were not implemented. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted September 10, 2006 Share Posted September 10, 2006 Interesting tidbit from the spamcop newsgroup; From: "WazoO" <nobody[at]devnull.spamcop.net> Newsgroups: spamcop Subject: Re: Forwarding Submissions Automatically Date: Sun, 10 Sep 2006 17:10:25 -0500 Message-ID: <ee22gj$nqp$1[at]news.spamcop.net> References: <edpju2$v8d$1[at]news.spamcop.net> <edps6u$8ui$1[at]news.spamcop.net> <eduf6n$hia$1[at]news.spamcop.net> "Gerard Seibert" wrote in message news:eduf6n$hia$1[at]news.spamcop.net... > "WazoO" wrote in message news:edps6u$8ui$1[at]news.spamcop.net... > > > > Yet again .... the SpamCop.net FAQ - single-page-expanded version > > http://forum.spamcop.net/forums/index.php?showtopic=2238 > > Under the "SpamCop Parsing and Reporting Service" section > > See the entry: "What is Quick Reporting?" > > > > Note the warnings .... > > I read through that thread and gathered this tidbit: > > When users are in this mode, they can visit the mailhosts page > from the main menu and see this " > Remove quick-reporting prohibition > > I have not been able to find the 'Remove" referenced on that > page. Is it visable to you? Very interesting .... coincidentally showing up just after I made some changes in the Forum that impacted "Staff" accounts .... Item 1: it appears that Don deleted his posting (actually the entire Topic/Discussion) into the Announcements Forum section (that I later Pinned ... added some commentary ... recalling that he was a bit upset at my remarks ....???) Item 2: Don's use of the X-No-Archive: flag was honored by the SpamCop.net newsgroup server, so his posts there are not in the archives. However, the follow-on dialog still exists .... SpamCop newsgroup: thread starts at http://news.spamcop.net/pipermail/spamcop-...May/111320.html SpamCop.help newsgroup: thread starts at http://news.spamcop.net/pipermail/spamcop-...May/066013.html Bottom line: Don was excited by the content of an "engineering report" .. posted the data ... there were some major (account) configuration issues ... mass confusion reigned supreme ... "new feature" was removed .... some accounts had to be manually "adjusted" during/after all these changes .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.