SpamCop Glossary Archive

[Miss Betsy]

Innocent Bystander (IB)

An Innocent Bystander (IB) is a URL or URI that is present in spam but is not placed there by the owner of the URL for spamming purposes.

Spammers will put 'innocent' URL's in their spam to make it look legitimate, for instance references to news articles or government web pages. Other examples include the mandatory advertising placed at the bottom of email messages in footers by free webmail companies and by antivirus software*.

An attempted Report of a URL or URI that is marked as an Innocent Bystander will be met with "ISP does not wish to receive report regarding [the Innocent Bystander]" and possibly "ISP does not wish to receive reports regarding [the Innocent Bystander] - no date available".

Please see Once I close a spammer's account, how can I prevent others reporting it? for how an ISP can mark a URL as an Innocent Bystander.

*Opinion: It is understood that free webmail companies' need to recoup their investments via footer advertising. However, paid antivirus software companies' and paid ISPs are attempting to double-dip (unless they make it very clear in advance to their customers that their prices are significantly lower due to their footer advertising schemes, and give their customers options to pay higher prices for advertising-free products).

I still like my version better. If you think that the 'opinion' enhances the glossary item, I would put it as a footnote. Historically, many legitimate web sites have been marked as IB because spammers at one time used them to make spam look legitimate. Perhaps footers are now creating problems, but they are not the only reason that URLs are marked as IB.

Miss Betsy

[Jeff G.]

OK, but please use "URLs" instead of "URL's", as the apostrophe denotes possession or contraction of "is", rather than plural (what I meant).

[dbiel]

The following is a composite entry is being prepared for final inclusion in the glossary. It was updated on 10-30-05 to reflect the most recent coments. If there are no more comments it will be merged into the glossary shortly.

<a name="InnocentBystander"></a>Innocent Bystander (IB)

An Innocent Bystander (IB) is a URL or URI that is present in spam but is not authorized for such use by its owner.

Spammers will put 'innocent' URLs in their spam to make it look legitimate, for instance references to news articles or government web pages. Other examples include the mandatory advertising placed at the bottom of email messages in footers by free webmail companies and by antivirus software*. In the case of phishing email, nearly all links will be stolen from the Innocent Bystander.

An attempted Report of a URL or URI that is marked as an Innocent Bystander will be met with "ISP does not wish to receive report regarding [the Innocent Bystander]" and possibly "ISP does not wish to receive reports regarding [the Innocent Bystander] - no date available".

Please see Once I close a spammer's account, how can I prevent others reporting it? for how an ISP can mark a URL as an Innocent Bystander.

*Opinion: It is understood that free webmail companies need to recoup their investments via footer advertising. However, paid antivirus software companies' and paid ISPs are attempting to double-dip (unless they make it very clear in advance to their customers that their prices are significantly lower due to their footer advertising schemes, and give their customers options to pay higher prices for advertising-free products).

[dbiel]

Are we defining an Innocent Bystander as a specific URL or as the owner of the URL? The current version above seems to use both.

[Jeff G.]

The phishing link now works fine. I'd suggest replacing "companies'" with "companies" (no need for the trailing apostrophe). SpamCop's Parsing and Reporting Service appears to treat the URL as an IB, and the ISP as the IB's ISP, and I think that terminology is reflected above.

[Wazoo]

I'd love to have the other link (after I close...") point to an entry in the KnowledgeBase thing here, but I've not come up with a shorter title thus far ... need to get down to 50 characters or less, yet still say the same thing ....

[Jeff G.]

How about "I got rid of the spammer, stop the reports!"?

[Wazoo]

Well, just sent another e-mail ... first problem, this specific FAQ entry says "See also the next question related to responding by email instead of the web." .... no link, and on the 'display' there is no "next" item ...

Go back and then lok at the "next item" .... How can I respond to spam complaints via email? is up to four e-mails now on the "you can always log out the web-browser and visit the resolution web page." line ... again with no link, no reference, no clue as to what a "resolution page" is ..... (yes, you know, I know, RW knows, but ... this is supposed to be the (official) FAQ list with the answers and definitions ...)

This is one of those that I'd like to be able to place all the sub-links in place so that I can place the 'main' item and be able to place the sub-link pointers in that one at that time, rather than having to edit crap over and over ....

[Miss Betsy]

The entry looks ok to me - though I did wonder about the 'next page' but didn't have time to research it. Would ISPs be likely to be looking at that particular glossary item? Somehow I think they would be going in a different direction so that part could be left out - they would be looking for 'how do I stop people sending reports when I have shut down spammer?' rather than 'Innocent Bystander' (which doesn't seem like a big problem nowadays, anyway. ISPs who are responsible have already found out.)

Miss Betsy

[dbiel]

The phishing link now works fine.  I'd suggest replacing "companies'" with "companies" (no need for the trailing apostrophe).  SpamCop's Parsing and Reporting Service appears to treat the URL as an IB, and the ISP as the IB's ISP, and I think that terminology is reflected above.

35203[/snapback]

Made the change from "companies'" to "companies"

I am still having problems with the phishing link resolving correctly. For me it only takes me the the top of the glossary topic rather than to the phishing entry.

I am beginning to think that it is simply a problem with my browser.

Edit: it does appear the my link problem was strictly limited to problems related to my browser. So will consider it resolved for now.

[Jeff G.]

<a name="Jargon"></a>Jargon

Definition 2 of the noun "jargon" per Merriam-Webster is "the technical terminology or characteristic idiom of a special activity or group". In the case of this Glossary (which attempts to explain SpamCop Jargon), the special activity is spam-fighting via SpamCop, and the group is spam-fighters or anti-spammers who use SpamCop. For more generic computer or hacker jargon, please see The Jargon File.

[Jeff G.]

<a name="RTFF"></a>RTFF

Read The Fine FAQ. Also, Read The F___ing FAQ in coarser circles. We currently recommend the SpamCop FAQ (about SpamCop), the SpamCop Forum FAQ (about these Forums), and the SpamCop Glossary (this document). There is also the quaint old cache of the original FAQ-O-Matic SpamCop.Net FAQ, if you're into history, and the still-under-development SC-FAQ.

<a name="RTFM"></a>RTFM

Read The Fine Manual. Also, Read The F___ing Manual in coarser circles. As SpamCop doesn't have a Manual per se, please RTFF instead.

[dbiel]

Innocent Bystander (IB) merged into master glossary and all development posts merged into archive glossary.

[dbiel]

I wonder how we managed to forget to add this one?

It needs more work and I am looking for additional comments but have entered this as a starting place.

Edited 11-5-05 6:30pm PST - added references suggested by Jeff G.

<a name="spam"></a>spam

spam, in our web based usage, should never be spelled "spam" which is a registered trademark of Hormel Foods (see http://www.spam.com/hp/hp_lg.htm) Additionally, unless grammar requires it spam should never be spelled "spam" as it is not a proper noun.

What spam is NOT per SpamCop On what type of email should I (not) use SpamCop?

spam Defined link to spam Rejection Service by Integrated Data Processing, Inc.

MAPS' Definition of "spam"

The Responsible Net Commerce Site's What is spam?

CAUCE's About Junk Email / UCE / spam

Spamhaus's Definition of spam

The SpamCon Foundation's About SpamCon Foundation -- Summary

[Jeff G.]

Please add:

MAPS' Definition of "spam"

The Responsible Net Commerce Site's What is spam?

CAUCE's About Junk Email / UCE / spam

Spamhaus's Definition of spam

The SpamCon Foundation's About SpamCon Foundation -- Summary

[turetzsr]

...The URL for the link labeled "Spamtrap," http://forum.spamcop.net/forums/index.php?...29916Spamtrap, is incorrect. Either the name of the anchor for the "spam Trap" entry should be changed to "Spamtrap" or the link should be changed to "http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916spamtrap". Thanks!

[Wazoo]

Shortcut at the top of the Glossary and the anchor tag changed/fixed .... works internally to that post .... the link provided in the last post drops me at the top of the Glossary though .... have to play with something it appears ..???

Later: Boy, that was ignorant .. I changed the anchor tag .... as I said above ....

http://forum.spamcop.net/forums/index.php?...&p=29916Strap

[turetzsr]

Shortcut at the top of the Glossary and the anchor tag changed/fixed ....

<snip>

http://forum.spamcop.net/forums/index.php?...&p=29916Strap

36121[/snapback]

...That looks like the hard way to fix it (changing both the name of the anchor and the URL tag) but it does, indeed, seem to work. Thanks, Wazoo! <g>

[dbiel]

...The URL for the link labeled "Spamtrap," http://forum.spamcop.net/forums/index.php?...29916Spamtrap,  is incorrect. Either the name of the anchor for the "spam Trap" entry should be changed to "Spamtrap" or the link should be changed to "http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916spamtrap". Thanks!

36117[/snapback]

The funny thing is that the link was working when it was merged into the glossary.

I am having a hard time understanding what went wrong.

[dbiel]

Added links to index for the varrious report types and altered the "Report Type" link to follow the same link format as the rest of the glossary.

[dbiel]

In reading the ng logs on "The webgizmo is gone!!" made available by Wazoo's link I found the following that I thought might make a good addition to the glossary originally posted by Larry Kilgallen

In article <Xns947FE8117EF79homesitehelp at 216.154.195.61>, Marjolein Katsma <nobody at spamcop.net> writes:

> Actually, the OP asked *several* times how "ISP" and "IP" are related,

> or how to find "IP" when all he knows is "ISP". No one actually

> explained to him how to do that, or even what an IP is or why it is

> relevant.

And if they had, they would likely have been wrong.

An IP is an "Internet Protocol" implementing lower layers of

the ISO 7-layer model for purpose of communication.

Proposed addition to glossary:

<a name="IP"></a>IP

An IP is an "Internet Protocol" implementing lower layers of the ISO 7-layer model for purpose of communication.

An "IP address" is something different, and having people call it "an IP" only harms communication.

[Wazoo]

In reading the ng logs on "The webgizmo is gone!!" made available by Wazoo's link I found the following that I thought might make a good addition to the glossary originally posted by Larry Kilgallen

<snip>

37132[/snapback]

You're right .. something actually covered in the remarks under IP Address .... (NOTE: the above is very simplified. If/when all the other techy stuff gets added, this block will be revisited and a bunch of items will be added, like "See TCP/IP, Network Protocols, Proxy, etc.) .. but having to admit that I never got around to developing those entries ....

[dbiel]

In light of all the "problems with communications" recently, I felt that this one (IP) needed to be broken out. I deliberately did not expand on the definition as to me that defeated the main purpose which was simply to clarify the difference between IP and IP address; expecially since it is the IP address that we are interested in with regards to the SpamCop BL

[dbiel]

Another suggested addition to the glossary

<a name="honeypot"></a>Honeypot

A server that is set up to trick an intruder. Located either outside or inside the firewall, it is designed to let crackers think they are in a production machine. The applications running in the honeypot are set up similar to a normal server except that the data being processed is phony.

The honeypot is used to detect intruder's techniques as well as determine what may be vulnerable in the configuration of servers that are performing valid work. A "honeynet" is a network containing honeypots. A "virtual honeynet" is a honeynet that resides in a single server, but pretends to be a full network.

See entry in The Jargon File for additional meanings and usages of the term.

[Miss Betsy]

From that description, my interpretation of the purpose of a honeypot is to study spammer techniques. Most of the configuration, etc. is above my head so I never read any dialogue about honeypots carefully, but I think there is more prupose to it than that.

Miss Betsy