How SpamCop can stop bounced emails from forged

[spiralocean]

I've recently had a spammer start to forge my email in their sludge of spam that they are sending out. Which means I am getting at least 30 email messages a day that are bounced emails from spam sent out from my forged address!

There isn't any way for me to report this spam, because usually the original emails are not included.

I think I have a solution that could easily and effectively stop all these bounce emails and at the same time, excite more people to pay for a SpamCop email address!

If spamcop allowed us to send email from spamcop (username and password login to ensure spam is not sent), and spamcop kept the sent email for 30 days, when bounced email enters the spamcop email address. Spamcop could simply compare the subject lines or sent to headers of my sent email to email coming in! Anything that I have not sent, automatically gets deleted!

¢¢

[StevenUnderwood]

That would work ONLY for the email sent from spamcop. You can send email from ANY location and have a valid bounce message return to spamcop.

I have all my messages use the Return-Path of my forwarding address, so my valid bounces all end up at spamcop through my forwarders. I could just as easily set the Return-Path to be my spamcop address.

[spiralocean]

That would work ONLY for the email sent from spamcop.  You can send email from ANY location and have a valid bounce message return to spamcop.

I have all my messages use the Return-Path of my forwarding address, so my valid bounces all end up at spamcop through my forwarders.  I could just as easily set the Return-Path to be my spamcop address.

15058[/snapback]

Are you disagreeing with the idea?

I've looked around a bit, hoping that SpamCop has an SMTP server, but don't think there is one.

If it is possible to send email out through SpamCop, would someone point me to the link on setting it up?

[StevenUnderwood]

Are you disagreeing with the idea?

Just that it is NOT possible for a large number of configurations. It may be possible with some programming on the spamcop side, whch I doubt will be implemented. I have been very negative about the possiblity of changes being made to spamcop lately as we have not been seeing many of the suggestions implemented. I have managed to figure out a system that works for me and I am satisfied with the status quo.

The only SMTP server available through spamcop is if you use the spamcop webmail service to send your messages. Unfortunately, AUTH on SMTP is only as secure as the weakest password and easily abused (as seen through many of the threads in the Help Forum).

[spiralocean]

You bring up a good point.

Although it is possible if you have multiple email accounts and want to keep them all separate you can set up your email accounts in your mail program to all send from the Spamcop server with different respond to email addresses, keeping your accounts seperate. Which you mentioned in your previous post. The ones that are forwarded back to the spamcop account can be checked against the sent mail.

I think this may not be possible in some corporate email configurations.

It was just a brainstorming idea.

To go one step further, if the system is ever implemented and works for 99% of emails, SpamCop may be able to parse the bounced email notification for the postmaster email address and automatically send an response to the postmaster with the form that you included in one of your other posts! Then both the bounced emails are being handled and the postmasters for those servers are notified that there is a better way to handle bounced emails! That would be the best of both worlds!

Thanks for the response about the SMTP servers. I would love to be able to send email from SpamCop! It's possible that a spammer could abuse the SMTP server, but that's the risk that any webhosting company or ISP takes when allowing an SMTP server.

[michaelanglo]

[...]

It's possible that a spammer could abuse the SMTP server, but that's the risk that any webhosting company or ISP takes when allowing an SMTP server.

For a webhost, yes, but an ISP usually only allows use of its SMTP server from IP addresses on its own network so abusers are its own clients.

An AUTH SMTP user can be anywhere in the world.