Mung-ing and Mole-ing

[moonbroth]

I guess this is a new feature request. In this forum post from Don in SpamCop Admin, we learn about the limitations of SpamCop's address munging:

The "identity" that SpamCop obscures is the recipient's email address in the spam. Nothing else. The parse will remove the "To" and "For" addresses, and usually all the "Cc" addresses. If it finds the "To" address in the body text, it will munge it, too.

The parse can't find email addresses that have been encoded in "remove" links or such, either in the headers, or in the body. For example, username[at]domain.com can be found, but username=domain.com is not a standard format and won't be munged.

So sometimes when reviewing the body of a spam message I'm about to report, I see my identifying details in the body of the spam, and hesitate. Despite the munging, I'm about to submit a spam report containing my personal details. What to do? Well, usually I hit "Cancel" and discard that spam. :angry:

What I'd like to do is hit a "Mole" button (next to the "Cancel" button?) and -- for that message only -- submit my report to the Spamcop bit-bucket and the blocking list database. As Don said in the post quoted above:

Mole complaints feed our blocking list database, but no reports are sent out. The act of "sending" the report to devnull (trash) accomplishes our purposes.

What I fear is that by hitting the "Cancel" button (to preserve my privacy, fend off crapfloods, avoid listwashing, etc.), I'm letting some of the most irritatingly intrusive spammers get away with it, and I'm not even adding them to the SpamCop Block List to help all the other users.

Could this be done? (Does it happen already??) Have I expressed my suggestion clearly enough? Or is there some hitch I just don't see?

Cheers, Nick

[Wazoo]

After Don made that post, the FAQ was updated http://www.spamcop.net/fom-serve/cache/373.html .. mole-reporting was a failed experiment.

Here's the issue ... have you ever heard the phrase "if you have to ask how much it costs, you can't afford it" .... This is more or less where you're at in the "how (much) can I mung" scenario. Once upon a time, there was some latitude on what and how much data could be "played with" .. However, some folks got a bit wild and were munging so much that there was no way for the abuse guy at an ISP to have a chance to track down the source. (for example/info, see http://forum.spamcop.net/forums/index.php?...indpost&p=12002 )

So SpamCop owner and staff, after receiving so much abuse from other ISP abuse staff over the munging of too much data issues, came down with the "thou shall not mung" edict. Yes there a couple of FAQ enries that still contain some "it's OK to ...." things (and these are rumoured to be short-lived) ... and yes, even in your referenced posting by Don that stated that munging your address was a 'norm' .. the problem is that by offering up a blanket statement of "yes, it's ok to mung" .. the next thing you see is all the queries as to why someone's account was cancelled, because they munged too much, the wrong stuff, etc. ... So, we're back to the hypothetical of "if you have to ask, you better not" ....

Hope this helps.

[moonbroth]

After Don made that post, the FAQ was updated ... http://www.spamcop.net/fom-serve/cache/373.html .. mole-reporting was a failed experiment.

[snip]

Hope this helps.

Yes, thanks (and your speedy turnaround is most excellent!).

What I'm reading from this is that if I look at the body of a held email and see see my personal details (in any format other than "username[at]domain.tld"), I should hit "Cancel", as SpamCop munging doesn't (and won't) remove "username" or "domain.tld" from the body of held messages. (And that mole reporting is now dead). Thanks for the information.

(BTW, this isn't meant to sound like a whinge. I love SpamCop -- it's the only thing that has saved my email address from death by spam. I just want to understand my options a bit more clearly).

Cheers, Nick

[Wazoo]

(and your speedy turnaround is most excellent!)

If only I could sleep like a normal person <g>

I should hit "Cancel", as SpamCop munging doesn't (and won't) remove "username" or "domain.tld" from the body of held messages

It can and does sometimes <g> .. but you have to remember that those evil spammers work and work to stay ahead of Julian who works and works to stay ahead of the spammers <g>

On the other hand, don't lose sight of the fact that the spammer already had your address, that's how you got the apm in the first place. A few years ago, there was always the risk of facing some retribution from a spammer, especially if you got his/her service/accounts taken down. But, that hasn't happened to me in so long, I don't think the current spammer crop considers it much beyond the "cost of doing business"...

And now to go a step further into the existing FAQs ... http://www.spamcop.net/fom-serve/cache/283.html still states;

"It is okay to munge your personal email address contained within links in the body of the spam, if SpamCop does not find and munge them, with one exception. If a report is going to an abuse desk that does not accept munged reports, you must not make even these minor changes to the spam."

[moonbroth]

On the other hand, don't lose sight of the fact that the spammer already had your address, that's how you got the [spam] in the first place.  A few years ago, there was always the risk of facing some retribution from a spammer, especially if you got his/her service/accounts taken down.  But, that hasn't happened to me in so long, I don't think the current spammer crop considers it much beyond the "cost of doing business"...

Yeah, I'd like to think so, but I have had the unpleasant experience of seeing my mailbox flooded with crap after filing reports through SpamCop. Good news: SpamCop catches all the crap. Bad news: it makes me more cautious about reporting.

Re: manually munging reports: it sounds as if to do this I should cut'n'paste the spam's body from the "View full message" link into a new "Report spam" form, cancel the original report, and process the new one manually (with tweaks). Yep?

Re: evil spammers, I completely agree. Julian & SpamCop work wonders. So do many other good people (authors of SpamAssassin, Bayesian filter makers, Steve Linford & Spamhaus, SPEWS & NANAE...). And, at long last, (some) spammers are starting to be dragged out into the sunlight... it feels like there's more good news every week.

Cheers, Nick

[Wazoo]

Re: manually munging reports: it sounds as if to do this I should cut'n'paste the spam's body from the "View full message" link into a new "Report spam" form, cancel the original report, and process the new one manually (with tweaks). Yep?

Now if I answered this with a yes, then I could be next up on Ellen's whipping post <g>

On the other hand, if you had said something like "I grabbed the spam source, tossed it into NotePad, 'checked the spam for errors', and then pasted this into the spam reporting box for submittal" .. I could say that this sounds awfully familiar <g> Just remain aware of Don's statement "we will happily cancel the account"!

[moonbroth]

On the other hand, if you had said something like "I grabbed the spam source, tossed it into NotePad, 'checked the spam for errors', and then pasted this into the spam reporting box for submittal" .. I could say that this sounds awfully familiar <g>  Just remain aware of Don's statement "we will happily cancel the account"!

Oh, THAT'S what I meant to say. Thanks!

BTW, this is hardly ever necessary (cf. Rule #3). SpamCop's munging mungs almost everything perfectly. But when it doesn't... there's NotePad!

Cheers, Nick