MailWasher & Spamcop

[jazzmaster]

I've been using Spamcop for a couple of years. I was always under the impression that my reporting the spam would actually help in getting rid of some of the spammers. I started using Mailwasher about a year ago. For those who may not be familar with Mailwasher, it will allow you to delete the spam from your mail server and, if desired, will send a bounced message to the spammer's return address (even though most spammers use bogus addresses). It also will create a blacklist of email address to automatically mark as a spammer address as you mark, delete and bounce these spam messages. I have noticed lately that I keep getting spam from the same addresses, according to Mailwasher's blacklist. I report every single spam I receive in the hopes that someone will actually read the reprts generated by spamcop. Has something been changed in the reporting or are the ISPs ignoring these reports? I've never known an ISP whose standard TOA didn't specifically and strictly prohibit UCE.

Any thoughts?

Jazzmaster

[Jeff G.]

It is usually difficult to impossible to distinguish between ISPs whose abuse desks:

• are woefully understaffed/overworked
  
• are actually bitbuckets (the mail is never read by a human or is usually discarded)
  
• have their hands tied behind their backs by legal and/or sales departments
  
• think that forwarding the reports to the spammer for listwashing is appropriate "handling"
  

The best abuse desks consistently take SpamCop reports seriously, investigate, don't permit listwashing, get their customers secured and/or boot their customers, follow up with reporters, and apologize (all because they actually care about stopping spam). Whenever I get a response from such an abuse desk (every few months), I respond with thanks.

[petzl]

I started using Mailwasher about a year ago. For those who may not be familar with Mailwasher, it will allow you to delete the spam from your mail server and, if desired, will send a bounced message to the spammer's return address (even though most spammers use bogus addresses)

Any thoughts?

Jazzmaster

21271[/snapback]

While MailWasher is a fine program. For its "Pro" price one can get a FULL SpamCop email address and get FULL POWER & VERY accurate spam filtering backed up by SpamCop Email & VER® (Very Easy Reporting) from the fastest mail servers on this planet. SpamCop will reliably retrieve email from as many addresses as you have and only allow legitimate email to your inbox (at least this is my and most's case)

YES there is much much more! Aside from putting money SpamCops way you get every email virus filtered and can use without fear your email address. Sign up and effectively immunise yourself against Spammers (spammers only end up having email spam immediately bitbinned as they try)

Spammers effectively just end up in a sin bin (attack being the best defence) to be reported & blocked . That’s while they try to send spam, not days later

[Miss Betsy]

For those who may not be familar with Mailwasher, it will allow you to delete the spam from your mail server and, if desired, will send a bounced message to the spammer's return address (even though most spammers use bogus addresses). It also will create a blacklist of email address to automatically mark as a spammer address as you mark, delete and bounce these spam messages.

You don't say whether you use the 'bounce' feature of Mailwasher or not. It is a very BAD idea. Almost always the return path is forged so that you are sending bounce emails to innocent people and just passing the spam on.

I was always under the impression that my reporting the spam would actually help in getting rid of some of the spammers.

The object of reporting is to tell ISPs that there is a spammer operating. In the beginning, it was helpful, but as ISPs realized that allowing spammers to operate resulted in blacklisting, they started to implement preventative measures so there is very little spam coming from responsible ISPs. The spammers then resorted to using ISPs in other countries and open proxies and trojanized machines. There are some countries (for instance China and Korea) where many of the ISPs do not seem to care that the spammers are operating. Those IP addresses are more or less perpetually on the blocklist so to get advantage of reporting, one needs to use the blocklist (I think you can in Mailwasher. Using a filter of your own is not as effective because if you block an IP address, then you get no email from that address. If it is in China and you have no Chinese correspondents, that's ok. However, Comcast has lots of trojanized machines and if you have correspondents on Comcast, you won't get their emails and they won't get an undeliverable message - the blocklist needs to reject at the server level or tag the email so you can see if there are false positives). And the open proxies and trojanized machines owners are generally glad to know that they have a problem and will fix it so reporting does still help. The problem is that there are too many and the spammers keep finding ways to evade the blocklists.

In the long term, reporting and the use of blocklists should eliminate spam. In the short term, it really does nothing for your inbox except give you a feeling of contributing to the long term solution.

Miss Betsy

[jazzmaster]

You don't say whether you use the 'bounce' feature of Mailwasher or not. It is a very BAD idea. Almost always the return path is forged so that you are sending bounce emails to innocent people and just passing the spam on.

Highly unlikely. The majority of spammers will use nonsense addresses, i.e. 76hdygrm857[at]nonameip.com. In the event an address has been forged that actually belongs to someone and it bounces, that person will have a much bigger problem than getting bounced messages. That person will have their ISP all over them if they think spam has been coming from their address. Several bounced messages will not matter if their addresses has been used by a spammer. In addition, it's not a common thing for spammers to use real addresses of real people.

The object of reporting is to tell ISPs that there is a spammer operating. In the beginning, it was helpful, but as ISPs realized that allowing spammers to operate resulted in blacklisting, they started to implement preventative measures so there is very little spam coming from responsible ISPs. The spammers then resorted to using ISPs in other countries and open proxies and trojanized machines. There are some countries (for instance China and Korea) where many of the ISPs do not seem to care that the spammers are operating. Those IP addresses are more or less perpetually on the blocklist so to get advantage of reporting, one needs to use the blocklist (I think you can in Mailwasher. Using a filter of your own is not as effective because if you block an IP address, then you get no email from that address. If it is in China and you have no Chinese correspondents, that's ok. However, Comcast has lots of trojanized machines and if you have correspondents on Comcast, you won't get their emails and they won't get an undeliverable message - the blocklist needs to reject at the server level or tag the email so you can see if there are false positives). And the open proxies and trojanized machines owners are generally glad to know that they have a problem and will fix it so reporting does still help. The problem is that there are too many and the spammers keep finding ways to evade the blocklists.

In the long term, reporting and the use of blocklists should eliminate spam. In the short term, it really does nothing for your inbox except give you a feeling of contributing to the long term solution.

True...and as much as I dislike government intrusion in my life, I hope there will be a good, sound assistance from the legislators in the form of serious repecussions to spammers and especially to the ISPs that ignore reports. In my opinion, the ISPs are more of a hinderance simply because of not enforcing their specific TOSA when a spammer is reported. I am glad to see that web based email is getting harder and harder to spam from, but so much more must be done.

[Wazoo]

In addition, it's not a common thing for spammers to use real addresses of real people.

Huh? It's common enough that there's a FAQ entry here .... and many postings relating the crippling effect of having thousands of e-mails a day arriving, then folks a bit ticked over a "Reporting Rules" change that made these particular items non-reportable via the SpamCop parser (this was based on a multitude of issues)

I've had several addresses myself in this condition. Over in the newsgroups, a well-known indivdual there was reporting having issues with his host within the last couple of months, as his 500,000+ incoming e-mails a day was crippling some servers there, and the majority of those were in fact "user unknown" bounces ...

[JosephK]

I am a very big fan of MailWasher. However, as Wazoo points out, the bounce feature is 99% useless due to forged addresses and fake ones. There are also questions about it violating most IPS TOS. Having been a victim of forgeries on more than one occation, the last thing anyone needs are fake bounces added to the list of real ones.

[Jeff G.]

jazzmaster, please be more careful with your quoting and attribution.

[jazzmaster]

jazzmaster, please be more careful with your quoting and attribution.

21604[/snapback]

Please explain?

[StevenUnderwood]

That person will have their ISP all over them if they think spam has been coming from their address.

In addition to the other parts of your argument that do not work in today's internet situation, any ISP that uses the sender address to blame their customers, has not been paying attention. Forges sender addresses are VERY common.

[Jeff G.]

Please explain?

21645[/snapback]

You did it better that time. Please see the "Quoting Posts" section of http://forum.spamcop.net/forums/index.php?...&CODE=01&HID=12 for more info. Thanks!