Still doesn't understand "all" addresses

[n6ber]

I'm still confused. I run my own mail server and have several addresses on that server. When I read the FAQ it says to put in all addresses. In other places it seems to say only one. One does not make since. I would think you need to enter them all. In another place I think I read to enter them all but only the last will show. Which is it. If only one will show how would we ever be able to be sure which ones we put in??? If only one is needed how would you know that our other, using that same server, are valid addresses you should allow.

Questions:

1) Do we put in ALL e-mail addresses server by the same mail server?

2) If 1 is yes will you update the web site so we can see all of the e-mail addresses server by a given server and allow us to add and delete as required?

3) If 1 is no then how would you ever know that the other e-mail addresses belong to us? I see no way that you would.

Another point I think you need to look at.

There is a common way to "TAG" e-mail addresses by putting a "+" between the user name and the tag, i.e., user+tag[at]domain.com, that several mail server use. I think that there is even a RFC to covers it but I'd have to check that. Although you most likely want to not always remove the "+tag" from the e-mail address when doing checks you should have an option per e-mail address or per server to have spamcop remove any tags when it does compairs. I know on my mail server this is at the server level so that should be fine. This way if I report a spam message that contains user+tag[at]domain.com you would do the checks for user[at]domain.com.

John

[Wazoo]

Not exactly sure what you are really asking. So let's go back to square one. You want to talk about your own e-mail server and are in a panic over "all" the e-mail addresses. However, the Mail-Host thing is a configuration for "you" and "your" reporting account, pulled into use when reporting "your" spam. The actual criticality of an e-mail address comes in when "you" submit "your" reports. The mail-hosts thing is to set up the database so that "your" host is known, so as to minimize your oppotunity to report yourself, which again is not based on your e-mail account, rather the IP and designation of where the e-mail came from.

[Ellen]

The thinking behind mailhosts is this: for each registered SC email address (i.e. each user) the system needs to know *all* the possible paths that mail legitimately takes to get to that registered email address. So, for example, I own a domain with lunlimited email addresses *but* I am the only registered SC user for the domain so I need to only go thru the mailhost procedure for one address on that domain. However that SC account, in addition to getting mail directly addressed to [at]example.com domain/mailserver, also gets mail forwarded to that [at]example.com from elsewhere. I also have to register mailhosts for the domains that forward to that domain.

Ex: Registered SC email address is ellen[at]example.com; I also report spams sent to <any email address>[at]example.com. I register a mailhost for ellen[at]example.com and I will be able to report all spam sent directly to *[at]example.com. I have an account at yahoo that forwards to *[at]example.com as well as accounts at other forwarding mailservers. I have to register my [at]yahoo.com account using mailhosts as well as the other email addresses/acccounts at the other fowarders.

If I had real other users [at]example.com who had their own registered SC accounts then they would have to register [at]example.com as a mailhost for their SC account as well as any other email addresses/mailservers that forwarded into their [at]example.com account.

[dbiel]

To expand on Ellen's statement:

If you have multiple addresses at your domain that you report spam from ie:

name1[at]example.com

name2[at]example.com etc

and you personally are reporting spam through your only SpamCop account, then you only have to register one of the names (name1 or name2). It does not hurt to register both, but only the last one registered will apprear.

To respond to your statement

3) If 1 is no then how would you ever know that the other e-mail addresses belong to us? I see no way that you would.

The point is that SpamCop does not care about email addresses only the mail servers used by the addresses.

If you are concerned about someone using that same mailserver as you who happens to be a spammer and not wanting to "register his address" your thinking is off base. If you receive spam from someone who uses the same mailserver to send his spam as you use to send your vaild mail through, you do NOT want to report that person using the SpamCop service as you will be hurting yourself as well. Remember that what gets listed is NOT the email address of the spammer, it is the IP address of the server that sent the spam. You need to report spammers who are using your server directly to your own Admin and get it stopped there and hopefully before other people report them and you find that your mail is also being blocked because of them.

Remember that the purpose of MailHosts is to provide a way of helping to prevent accidentally reporting yourself (or more specificly, your mailserver) as the source of spam that you are reporting, and nothing more that that.

One other possible point of confusion I would like to clarify is that if you have more than one SpamCop reporting account (one or more free accounts, one or more paid accounts, one or more email accounts and you report spam using more than one of them, you will have to go though the MailHost registation for each of those accounts separately.

If you have a email account that you never report any spam that you receive at that account, then you do not have to register that account (you may, if you want, but it is not necessary)

[n6ber]

Don't know what happen to my other post but I'll try one here.

I think I have this down but I have a couple of suggestions.

1) Only thing I don't like is that all of the e-mail addresses that I enter don't showup in a list. I'd like to see that changed as it would be more user friendly.

2) I'd like to see the ability to pass control of the mailhost record to the postmaster of that mail host. That way they could make changes as required since this is a shared record among all users. Registering the postmaster would be a start. Once that address is verified that user would then be the controlling user.

[Wazoo]

Don't know what happen to my other post but I'll try one here.

I have split your posts out from where you put them, as you are "joining" inot other conversations, but starting your own issues, not "replying" to the original issue of the Topic you posted in .... thus your post was moved into its own Topic .... and as you are carrying on with the theme, I split your last post from the Topic you added it to and then added it back to "your" Topic that I made stand-alone from your first "mis-placed" posting.

I think I have this down but I have a couple of suggestions.

1) Only thing I don't like is that all of the e-mail addresses that I enter don't showup in a list. I'd like to see that changed as it would be more user friendly.

Instructions/Pinned items all state that it's the "last" entry that shows up .... and again, the e-mail address actually has little to do with the actual usage of the mail-hosts configuration, it's the flow of the e-mail involved.

2) I'd like to see the ability to pass control of the mailhost record to the postmaster of that mail host. That way they could make changes as required since this is a shared record among all users. Registering the postmaster would be a start. Once that address is verified that user would then be the controlling user.

13831[/snapback]

You must be joking.

[n6ber]

You must be joking.

13845[/snapback]

Why would I be joking, the reason was based of several things that I read on this board. Someone that put their mail server in found that the address and name listed was what someone else put in.

My suggestion would be to allow the postmaster of a mail server be the one to set the name of that mail server in the spamcop records plus any other additions that you may add that is specific to the mail server. I don't see where this could become a problem.

The owner, i.e., postmaster, should be the one that control the information for their server. This is much the same as how abuse records are setup with abuse.com.

Would there be a usefull reason for the owner of the mail server to see everyone that has put records into the spamcop database for their server? And would it be usefull to allow for the removal or blocking of any of those addresses? Just asking:)

My other question was about using tags, "user+tag[at]domain.com", part of an e-mail address that many mail servers support. Will the tags effect spamcop in anyway? I use them to track where a spammer got the e-mail address from since they really don't know if everything starting with the "+" is really part of the e-mail address or a tag so most leave it in.

[dbiel]

Would there be a usefull reason for the owner of the mail server to see everyone that has put records into the spamcop database for their server? And would it be usefull to allow for the removal or blocking of any of those addresses? Just asking:)

There are several problems related to this statement.

SpamCop does not block ANY mail based on the email addresses.

All blocking is based on the IP addresses.

The only place email addresses come into play is with your personal black and white lists.

The reason that only the last email address registered appears is that there is NO data base entry created for each address registered, only for each unique "mailhost name" There for what you are asking for would require the complete rebuiling and expanding of the mailhost database and would require everyone to start all over again. I do not see that ever happening.

[Wazoo]

The owner, i.e., postmaster, should be the one that control the information for their server. This is much the same as how abuse records are setup with abuse.com.

Yes, no, not really, kind of ..... John still controls what gets put into that database. There are certain decision points based on where the e-mail came from as far as adding / changing data.

Would there be a usefull reason for the owner of the mail server to see everyone that has put records into the spamcop database for their server? And would it be usefull to allow for the removal or blocking of any of those addresses? Just asking:)

I don't see it ..... data entered was accomplished by one of that ISP's users, in some cases a single user, in other cases thousands of users ... why would "which user" be an issue?

My other question was about using tags, "user+tag[at]domain.com", part of an e-mail address that many mail servers support. Will the tags effect spamcop in anyway?

and the answers keep coming back .... SpamCop doesn't deal with e-mail addresses other than SpamCop account data. Munging of an e-mail address within a spam may be an issue, but it already is, so no significant change there ...

[hadaso]

... If you receive spam from someone who uses the same mailserver to send his spam as you use to send your vaild mail through, you do NOT want to report that person using the SpamCop service as you will be hurting yourself as well... 

And by reporting an email coming from any other mailserver you would be "hurting" every user of that mailserver. So I don't see the difference. Just that in case the sending mailserver is the one I use I am more interested in sending the spam report because it is more important to me that the report is sent and the spammer is dealt with in this case.

A single or a few reports shouldn't result in a listing. Anything less than 5 events is considered inaccurate in statistics.

If the same mailserver that I use is the source of spam then the report should be sent to the abuse team. Only if a relaying server is mistakenly identified as the source the report should not be sent. Perhaps what spamcop needs to do is to provide an option to send report without being counted for listing... Then this can be used not just for the complainer's own mailserver, but also whenever the complainer recognizes that the source is a service that caters more to rgular users than to spammers. The main reason for SpamCop's existence is to help postmaster identify spammers, so reporting should have a higher priority than listing!

[StevenUnderwood]

The main reason for SpamCop's existence is to help postmaster identify spammers, so reporting should have a higher priority than listing!

That may be your opinion. I think the blacklist is the main reason for spamcop and the reporting is a nice addition.

[Wazoo]

The main reason for SpamCop's existence is to help postmaster identify spammers, so reporting should have a higher priority than listing!

Actually, the BL came along much later, and it was because there were so many ISPs that weren't doing their part in controlling the spew. The BL is just another tool to try to bring attention to the issue.

[StevenUnderwood]

Learned something new today...

[dbiel]

And by reporting an email coming from any other mailserver you would be "hurting" every user of that mailserver. So I don't see the difference. Just that in case the sending mailserver is the one I use I am more interested in sending the spam report because it is more important to me that the report is sent and the spammer is dealt with in this case.

A single or a few reports shouldn't result in a listing. Anything less than 5 events is considered inaccurate in statistics.

If the same mailserver that I use is the source of spam then the report should be sent to the abuse team. Only if a relaying server is mistakenly identified as the source the report should not be sent. Perhaps what spamcop needs to do is to provide an option to send report without being counted for listing... Then this can be used not just for the complainer's own mailserver, but also whenever the complainer recognizes that the source is a service that caters more to rgular users than to spammers. The main reason for SpamCop's existence is to help postmaster identify spammers, so reporting should have a higher priority than listing!

13983[/snapback]

A bit late time wise, but to help you understand what I was trying to say,

If the spammer is one that is using the same server as you, you are better off reporting directly to your mailserver admin rather than doing so through SpamCop. ISP tend to take reports from their own customers more seriously than reports sent through a standard reporting service like SpamCop. Use your clout when you can, customers always have more clout than non customers and when you report through SpamCop you would probably be considered a non customer. Too many ISP simply ignore spam reports until they start getting complaints from their own customers about mail delivery problems as a result of blocking lists.