mikerincon Posted June 30, 2004 Posted June 30, 2004 This will be an appeal to add depth of queue information (how many saved reports are left to be reported) and to allow the processing of the entire submission queue in one large submission form. 1) How much spam is left? Could SpamCop please add a feature to show on my logged in homepage at SpamCop a depth of queue indicator so that I know how many more reports I have left to process. This is a fairly protracted / overly interactive process that takes some time to complete and knowing the depth of queue will allow someone to get an idea on just how long it will take to clean it up. 2) Process all spam in queue (optionally, say in blocks of 10 or some sensible number). Another feature which I see as -critical- to the stream lining of the submission/reporting process is the ability to say: Lets process and review the entire queue all at once so that I can reduce the number of mouse/keyboard inputs from 100's of interactions to 1. The most frustrating thing about reporting is how long it takes to clean out a queue of 100 messages. There should be a long list of mails set to be reported, divided by a border on the page with the subject line and say, the first 3 lines of the message. After each report message block in this long list there should be a checkbox to unselect that mail if it was a misreport. Then after reviewing this long list I say: report it all in one giant heap. This is imperative in my estimation - there are probably a considerable amount of people here who would start reporting more often if at the end of the day you could just review and report all your submissions with just a few mouse clicks. - Mike
StevenUnderwood Posted June 30, 2004 Posted June 30, 2004 1) How much spam is left? This is an often asked request but one that has not been implemented so far. My best guess is that it is not as simple as it would appear from the outside to do this. 2) Process all spam in queue And would you carefully look through all 10, 100, or 1000 reports looking for problems if this were possible. I doubt this will ever be implemented. After each report message block in this long list there should be a checkbox to unselect that mail if it was a misreport. While this does give you one final chance to catch a non-spam that slipped through, the real purpose for the confirmation is to confirm that the reports YOU are sending through spamcop are not unreasonable. They are not reporting your ISP because of a parsing failure, they are not reporting your company because your web site was included in the spam, etc. This is imperative in my estimation - there are probably a considerable amount of people here who would start reporting more often if at the end of the day you could just review and report all your submissions with just a few mouse clicks. Quality reports are much more important than quantity of reports. Only report what you have time to do. Encourage others to do the same. If you still want to report lots of messages in a short piece of time, you have a good track record of reporting, and have mailhosts configured (my personal suggestion, not sure if it is a requirement yet), you can email the deputies with your spamcop account information and they may approve quick reporting for you. You would then submit your messages to quick.personalcodehere[at] instead of submit.personalcodehere[at] and only the source of each message will receive a report and you will receive a confirmation email to check for any problems. Spamvertized websites will NOT get reports with this method. I use the quick reporting for all messages in my spamcop email account held mail folder and only do full reports on anything that slips through the filters.
jseymour Posted June 30, 2004 Posted June 30, 2004 1) How much spam is left? This has been asked for many times and never implemented. I conclude, therefore, that it is either very difficult or the powers-that-be don't think it's important. I agree, though, that it would be nice. 2) Process all spam in queue (optionally, say in blocks of 10 or some sensible number). The big problem, though, is that people make stupid mistakes. If submissions are easier, then those same people can make those same stupid mistakes on a grand scale, and this degrades the quality of Spamcop reports. For those who are careful, the "quick reporting" feature is probably the best compromise. OK, so it looks like Steve beat me to the punch and said essentially the same things I did... But dammit! I'm posting this anyway since it's all typed up...
StevenUnderwood Posted June 30, 2004 Posted June 30, 2004 And I just edited my message to include the quick reporting information then I saw your post.
mikerincon Posted June 30, 2004 Author Posted June 30, 2004 I think its fair then for "the powers that be" to come and explain the complexities of implementing a depth of queue gauge. As far as reporting spam. I don't know if this is a "bad thing," but I almost never change anything about what I'm reporting. I'd say that the only thing I ever change or look at is for mail I shouldn't have reported in the first place. I move all spam to suspect area first, check it again, and then send reports. To me, asking me to atomically revalidate something I already did is absurd. There are two axioms competing here. Measure twice, cut once. This is bad - I'll tell everyone why. A builder once told me that that phrase is balderdash and made me realize the folly: He said measure once correctly, cut once. It is true. One must get it across that misreporting is bad, not make people stumble over hurdles to "do the right thing;" often this has the opposite effect, as I personally look for anyway to streamline the process and decrease my interaction with the system. My attention span for this stuff is near zero since it is already a horribly time consuming distraction, but I can't imagine that mining hundreds of thousands of spam and the correlating data isn't worth quite a bit to the spam fighting process. If the reporting process was something closer to being more automated, one might find the distribution of the reports changes significantly - for the better - allowing more effective blocking and reporting for TOS violations. I'm also beginning to believe that the "quality of reporting" thing will hold less water over time. One is assuming the evil behind the IP address spamming owns or is in any way related to the IP. Given widespread mechanisms to infect and control boxes there is an increasing likelihood that the spam one is getting is some fool's un-patched Windows box. Try nmap-ing source IPs - almost always they reek of a compromised Windows box gleefully pumping out spam at the behest of some unknown third party. Why my assumptions about this might be off, I can't imagine that eventually more heuristics (in addition to other methods) will be required to find spammers and validating reports as good. The data that once can collect by doing something such as what SpamCop does will be invaluable to determining what goes wrong in this process. Collecting spam data will allow one to potentially locate a spammer by propagation characteristics. So that said, I still maintain that for me forcing me to atomically deal with reporting does not force me to do anything more than a rapid once-over. I could do this far more efficiently in another way, and I will continue to ask for the ability to do this. Jerry McGuire says, "Help me, help you!"
mikerincon Posted June 30, 2004 Author Posted June 30, 2004 I do not understand the implications of the "quick reporting." Is there something I can read about quick reporting? What makes a quick report less "beefy" than a full one? Also, I read the FAQ on mailhost. I do not fully understand the implications of that as well.
jseymour Posted June 30, 2004 Posted June 30, 2004 I do not understand the implications of the "quick reporting." Is there something I can read about quick reporting? What makes a quick report less "beefy" than a full one? Quick reporting sends a report only for the source of the message. It does not examine the body to report any websites. It still feeds the blacklist, though, so I consider it an adequate substitute if you don't have time to do "full" reporting. (I will usuually pick and choose certain messages for full reporting, then quick-report the rest). Also, I read the FAQ on mailhost. I do not fully understand the implications of that as well. The biggest problem with quick-reporting (and reporting in general) is that Spamcop occasionally hiccups while traversing the Received: lines and incorrectly determines a legitimate relay as the source. The point of mailhosts is that you identify who is supposed to relay your messages. In the simplest case, you tell Spamcop who your ISP is. If a message arrives from the ISP, then Spamcop knows to keep going back when studying the Received lines. It is meant to minimize these hiccups and make quick reporting safer...
StevenUnderwood Posted July 1, 2004 Posted July 1, 2004 Jerry McGuire says, "Help me, help you!" Having inaccurate reports helps no one. The purpose of the confirmation is to be sure that the reports are going to the correct places. Most of these errors happen in the web links in the message, so quick reporting turns those off. You may feel spamcop is asking you to reconfirm something you already checked, but you are supposed to be looking at a different part of the process. That is why all of the data is presented as to where the reports are going and the check marks to add/remove the incorrect ones.
mikerincon Posted July 1, 2004 Author Posted July 1, 2004 I've yet to change any of the checkboxes in a report ever. The defaults seem reasonable, and I certainly have never seen any useful links in there. I don't see why I would ever have to since all I report is spam, so where would legitimate links come from? Also, are you insinuating that I've submitted poor reports? I've never gotten any complaints about the reports I've submitted. You (specifically) seem adamant about ensuring 100% accuracy but I've also noticed the efficacy of reporting specific spammers (that make it rather obvious there is one spammer behind it by sending nearly identical spam to multiple mailboxes over the course of weeks, often with watermarks) has been dropping. After reporting these religiously for weeks, I've seen no abatement, whereas before results were fairly fast. Maybe if the process wasn't so laborious a better sample would be obtained. Again, I fail to see how looking at these links in bulks of 10 possibly more would increase or decrease accuracy, I'm definitely only giving them a cursory inspection as it is. How is it that you are the spokesperson for what data is is useful and what isn't? I'm not sure why I should take your word for it.
StevenUnderwood Posted July 1, 2004 Posted July 1, 2004 I don't see why I would ever have to since all I report is spam, so where would legitimate links come from? 1)How about stock pumping spam that says to go to X finance page to see how great it is? 2)How about a web designer who sends a message to every user on a web hosting service and includes http:\\yourdomain.invalid in the text of the spam? 3)How about the recent spam with lots of unrelated links in them? 4)How about the "Male growth" spam that reference a medical health or medical report site. I have seen all three of these types of mistakes in spamcop parses. Not every link in a spam is directly related to the spam. There are innocent third parties that have information on web sites that spammers use to make their spam look legitimate. Spamcop usually does a good job weeding out the innocent ones. Yahoo does not accept reports for example one above, for instance. And the code keeps getting modified to handle example 3. I also USUALLY accept the defaults spamcop provides. It is probably less than 0.5% that have problems that I have seen. Maybe all of your spam is generic but it that does not mean it will remain that way. I don't want to report an innocent party and I don;t want to receive spam reports because someone used a link to my site without my permission. Also, are you insinuating that I've submitted poor reports? I've never gotten any complaints about the reports I've submitted. No, I am not, but I have made mistakes 3 times that I am aware of and only one of them was brought to my attention by the end party. The other 2 times I caught it myself and sent apologies to the reportee and the deputies. It won't always be brought to your attention. You (specifically) seem adamant about ensuring 100% accuracy That should be a goal of any reporting system. It will not reach that, but it doesn't mean the effort should not be put forth. After reporting these religiously for weeks, I've seen no abatement, whereas before results were fairly fast. Are they all coming from the same IP addresses? Probably not. The spammers have adapted and are using more open proxies, usually because of infected Windows boxes directly on the internet. What does this have to do with the accuracy of the reports. Maybe if the process wasn't so laborious a better sample would be obtained. And maybe if spammers followed the rules to make it easy to track them, the process would not need to be so laborious. If they did not insert fake headers in the messages, if they did not use open proxies to totally hide where the message came from, if, if, if. I'm sure IF Julian could make it simple and accurate, he would. Again, I fail to see how looking at these links in bulks of 10 possibly more would increase or decrease accuracy, I'm definitely only giving them a cursory inspection as it is. Because most people will take the easy way out and skip to the end and hit REPORT for all of the messages without looking at them at all. The current system at least makes them click Report near where the reports that are going IN THEIR NAME are actually heading. How is it that you are the spokesperson for what data is is useful and what isn't? I'm not sure why I should take your word for it. I am not an offical spokesman and you don't need to take my word for it. I am just another user of spamcop with a good understanding of the email process to begin with. I have been around for close to 2 years and have seen the messages posted here and on the newsgroups for that entire time. I have seen the position of the deputies and the other people in charge (Julian and JT). I have seen how the changes that have been made have always leaned toward more accuracy (and sometimes more work on the reportes part, Mailhosts for example). I have compiled all of this and am trying to help new users understand the "SpamCop philosophy". If I was not giving accurate information, others would be correcting me as done in many other threads. Take from this what you will. Good luck. As an example of what can happen due to an inaccurate report, see http://forum.spamcop.net/forums/index.php?showtopic=1981
Wazoo Posted July 1, 2004 Posted July 1, 2004 How is it that you are the spokesperson for what data is is useful and what isn't? I'm not sure why I should take your word for it. If you're taking a poll or just having a bad day, I'll offer this ... I'll back StevenUnderwood's thoughts, logic, and words. I hadn't jumped in with my own thoughts as he's already made most of them. And if you feel you want to ask "who the hell am I" ... I'd be at a loss as to where to go from there.
turetzsr Posted July 1, 2004 Posted July 1, 2004 How is it that you are the spokesperson for what data is is useful and what isn't? I'm not sure why I should take your word for it. If you're taking a poll or just having a bad day, I'll offer this ... I'll back StevenUnderwood's thoughts, logic, and words. I hadn't jumped in with my own thoughts as he's already made most of them. And if you feel you want to ask "who the hell am I" ... I'd be at a loss as to where to go from there. ...FWIW, I'll second that! IMHO, Steven (as is Wazoo) is one of the half-dozen most reliable sources of information around here.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.