Innocent parties pay the penalty

[DavoDavo]

My ISP has thousands of users. One of them sends some mail to a spamtrap. Now my mail doesn't get through. Why is it ME who pays the penalty? I have IMPORTANT email to send - I am running a business and this is CRITICAL.

Now don't give me that crap that I should put pressure on the ISP. I know them quite well and I know they will do everything reasonable to get de-listed and to prevent any of their users sending spam through their mailserver. If I moved to another ISP the same thing would happen again (I have had exactly the same problem with a previous ISP)

Spamcop and other blacklisting systems are making the internet worse not better!

Yes, I hate spam too, and I wish it would go away. But overzealous anti-spam crusaders, and people cashing in on anti-spam sentiment, make the problem worse as I suffer both from spam and from blocked email.

Please note: it does include "rants" in the forum description so don't blast me for an OTT post.

[Wazoo]

The only blast allowed is "did you look at the FAQ" .. specifically the entry on "Why am I Blocked?" .... followed by the entries that 'explain' the use of the SCBL ... which suggests using it in a Tag mode so further user handling methods and does state that the SCBL is very aggressive. And to even pound the point harder, SpamCop didn't block anything. Any blockage occurs at the receiving ISP that has chosen to use the SCBL in that fashion. So you've actually got two ISPs involved.

If you'd have offered up the IP in question, some research / specific answers might have been provided. As suggested in the FAQ, "critical" e-mails can be handled another way, even bowing to the use of yet another e-mail provider, and let's not foget that some "critical" items shouldn't be trusted to e-mail to begin with.

[Merlyn]

Spamcop and other blacklisting systems are making the internet worse not better!

22540[/snapback]

No, it is the spammers that have spoiled it for everyone.

[DavoDavo]

No, it is the spammers that have spoiled it for everyone.

22543[/snapback]

The spammers have spoiled things - agreed. Stupid overagressive spam filtering has made things worse.

[DavoDavo]

The only blast allowed is "did you look at the FAQ" .. specifically the entry on "Why am I Blocked?" .... followed by the entries that 'explain' the use of the SCBL ... which suggests using it in a Tag mode so further user handling methods and does state that the SCBL is very aggressive.  And to even pound the point harder, SpamCop didn't block anything.  Any blockage occurs at the receiving ISP that has chosen to use the SCBL in that fashion.  So you've actually got two ISPs involved.

If you'd have offered up the IP in question, some research / specific answers might have been provided.  As suggested in the FAQ, "critical" e-mails can be handled another way, even bowing to the use of yet another e-mail provider, and let's not foget that some "critical" items shouldn't be trusted to e-mail to begin with.

22542[/snapback]

I DID read the FAQ, and I DO understand how these things work.

I understand spamcop doesn't block my email. The recipient ISPs using spamcop's systems block my email. I don't have the time to contact every ISP who blocks my email in this way (six so far this morning). So instead I complain to the providers of the system they're using. Not only to blow off some steam but also to raise the issue that innocent parties like me are suffering because of overagressive spam filtering that spamcop facilitates, even encourages.

I don't post the IP because I assume my ISP will be working to get off your stupid blacklist and I don't want to add any potential for confusion.

The communications I am referring to ARE critical so I use alternative means such as a phone call if they don't get through. This is the "penalty" that I referred to - the extra cost to my business of additional communications. If you think this is trivial, to cover the bounces this morning I needed an extra staff member at $15 per hour. We're a small business and this is not a trivial expense.

Final point. My customers are not web savvy - it is amazingly difficult and time consuming to explain to them even an apparently simple thing like how to whitelist us. In many cases they are not even aware their ISP is running very aggressive spam filtering that is losing them business by blocking legitimate email from people who want to purchase their services.

[StevenUnderwood]

The spammers have spoiled things - agreed. Stupid overagressive spam filtering has made things worse.

22558[/snapback]

Not from my side of the keyboard...I could not deal with email without the filtering that spamcop (and many other) blocklists provide. The difference is that I have a whitelist to keep my expected email flowing while stopping all the spam (125-150 messages per day) easily reportable.

If you think this is trivial, to cover the bounces this morning I needed an extra staff member at $15 per hour. We're a small business and this is not a trivial expense.

Perhaps you need a new business model or your own server IP that you control. Email is not a guaranteed delivery method. For the 6 that you got bounces for (a very good thing about blocklists in my opinion) there were probably 25 more that were simply dropped with no notice to the sender or receiver. Also, another simpler method would be to resend those messages from another server.

[WB8TYW]

I DID read the FAQ, and I DO understand how these things work.

I don't post the IP because I assume my ISP will be working to get off your stupid blacklist and I don't want to add any potential for confusion.

22559[/snapback]

Confusion only results when the I.P. is not known because this is a public forum, and all sorts will start answering with either guesses, or their own rants.

With the I.P. it can usually be determined what evidence there is on the many public archives on the internet.

If someone posts an I.P. and the only thing that can be found is a spamtrap hit, then the only people that can determine the cause of listings is a deputy.

But if a search on the I.P. shows up in news.admin.net-abuse.sightings and in other places, then it shows a different story.

Many times once the participants in the forum have been given the blocked I.P. address, the public evidence shows that the ISP has been ignoring a spam problem for a week or longer that they should have been receiving reports about it.

Most of the time that I see posters showing up complaining about a real mail server being listed, that mail server has a serious misconfiguration that is allowing unauthorized users to either send or bounce e-mail from it.

Spamcop.net used to make more evidence public but the spammers were using that information to target their spam run. The evidence was showing what ISPs had poor spam control, and it was also letting the spammers know when to hop to a new server to keep spamming.

When that missing evidence used to show is that in most cases were some like you shows up complaining about a block is that the block did not occur until after spam complaints had been sent to the owner for the listed I.P. for about a week before enough reports came in to cause it to become listed.

Once the listed I.P. is posted, usually the server misconfiguration can be deterimined by inspecting the publically available information, and the problem gets fixed so that server never gets on the spamcop.net DNSbl again.

With out the I.P. address, also no one can confirm if the security problem has really been fixed.

When spammers find an insecure mail server, they tend to use it until it is listed, and then wait a week to a month to let the listing age off, and then they spam through it again. So if an ISP changes nothing, then eventually that server will be listed again.

So while you may be stating what you know to be the facts, with out the I.P. address, no one can tell if they agree with the public evidence.

With the I.P. address you have a chance of getting verifyable facts instead of relying on your ISP to tell you what is really happening.

-John

Personal Opinion Only

[Merlyn]

I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes.

The only way to block is by IP address. If you have a better idea then lets hear it.

[DavoDavo]

As I sort of expected, inhabitants of this forum either don't get the point or fundamentally disagree with me, I can't be entirely sure which.

First, since you ask so nicely, the IP was 203.31.48.33 and my search showed only reported on a spamtrap. I have every reason to believe the ISP is taking all reasonable action to prevent subscribers sending spam, but I'm happy to be proven otherwise. Also, one other misunderstanding - I had bounces from 6 ISPs, but many more individual delivery failures.

To be fair to spamcop. The majority of our problems are caused by individuals and ISPs with poorly configured spam filters. The problem is the default settings are far too agressive and there is no real understanding of the cost of "false positives".

I just have to comment on whitelists, which many seem to think solve the problem of over-aggressive spam filters. For example, StevenUnderwood said "The difference is that I have a whitelist to keep my expected email flowing". Sadly, whitelists are of very little help for people who want to do things like hear from customers they've never met before. I'm in the travel business. Every day I and the businesses I support receive hundreds of emails from people we've never met before - these emails are requesting travel services. I'm not going to go through our communication process in great detail, but it does involve our own dedicated email server and websites. Trust me when I tell you that all your simplistic ideas on whitelisting will only make a small impact - I know because I've tried them all.

In our business, everyone has an anti-spam system which puts junk into their local email account. They MUST check this twice per day. At present we have a false-positive rate less than 1% but this is not good enough. The effort to do this - maximum 5-10 mins per day is DWARFED by the time we spend dealing with email blocked by overagressive spam filters.

To give you some idea, here is a typical phone call following up a delivery failure. After introductions:

US: "unfortunately our emails to you are not getting through"

Recipient: "No, my email is working fine I got some email a minute ago"

US: "Yes, but there must be a spam filter blocking some mail because ours bounced"

Recipient: "Could you fix this please"

US: "Unfortunately its your spam filter which is the problem, could you white list us please, would you like instructions?"

Recipient: "I don't have a spam filter"

US: "Sorry, you're right - your ISP is blocking the email"

Recipient: "My ISP hasn't got a spam filter, I never asked for it"

US: "Well they have, from the headers it appears to be [insert overagressive spam filtering system], could we fax the headers to your ISP on your behalf, please?"

etc. Don't even get me started about dealing with other ISPs (starts with, "what is your account name, please" and gets worse).

I was asked recently if I would pay a third-party service $1 for every bounced email they got through to the recipient. You bet I would.

To anyone who reads to the bottom of this post - thanks for putting up with my rant

[agsteele]

To be fair to spamcop. The majority of our problems are caused by individuals and ISPs with poorly configured spam filters. The problem is the default settings are far too agressive and there is no real understanding of the cost of "false positives".

22593[/snapback]

I think you have hit the nail on the proverbial head here.

The SpamCop blocklist is provided as is to any ISP that wishes to use it. Responsible ISPs will not reject these messages (unless that is what their customer requests) but will flag or filter based on the list. Just as the SpamCop Email seervice does. Indeed, the SpamCop recommendation to ISPs is to not block or reject.

However, most ISPs are so tired of paying for the bandwidth needed to carry all the unsolicited Emails that they choose, instead, to reject or drop messages that are matched by a blocklist.

So whilst your legitimate Emails are being frustrated by the ISPs of those you are writing to, your rant here (I wouldn't call it a rant but you did) is, perhaps, better directed at ISPs who block rather than filter as recommended.

As for the cost of false positives... The cost of positive negatives on my business is immense. Since I adopted a more aggressive approach to filtering we've saved a great deal of cash at our end. I know that I get a very few false positives (but I capture them and they get seen eventually).

So I'd say the pain is being shared by everyone and once again the spammers have spoilt it for us all.

By now you'll have seen that:

203.31.48.33 not listed in bl.spamcop.net

203.31.48.33 not listed in dnsbl.njabl.org

203.31.48.33 not listed in cbl.abuseat.org

203.31.48.33 not listed in dnsbl.sorbs.net

203.31.48.33 not listed in relays.ordb.org

So your mail should be flowing again.

Andrew

[DavoDavo]

Hi agsteele, I don't really disagree with anything you say. Well, just one thing, which is that I shouldn't be unhappy with spamcop its the recipient ISPs. This is correct to an extent, but what I am actually unhappy with is the entire anti-spam movement. Your reply is really a good example. You have clearly outlined why aggressive spam filtering works for your case. Thats great, you have made an informed decision about spam filtering. However, 99.99% (probably more) of users of email do not understand the issues and have not made an even slightly informed decision. Re-read the conversation in my previous post:

US: "unfortunately our emails to you are not getting through"

Recipient: "No, my email is working fine I got some email a minute ago"

US: "Yes, but there must be a spam filter blocking some mail because ours bounced"

Recipient: "Could you fix this please"

US: "Unfortunately its your spam filter which is the problem, could you white list us please, would you like instructions?"

Recipient: "I don't have a spam filter"

US: "Sorry, you're right - your ISP is blocking the email"

Recipient: "My ISP hasn't got a spam filter, I never asked for it"

This is actually a simplified version, in reality most people are far more confused and inclined to assume that I can "fix it". It is these people who are being hurt by over-aggressive spam filtering applied on their behalf and without their informed consent. Yes, the ISPs save on bandwidth but the general public loses their email. If the overall false positive rate is just one percent (I believe it would be much higher) then hundreds of millions of legitimate emails are being junked EVERY DAY. This has got to be costing economies billions - possibly more than the cost of the spam in the first place (which I agree is a terrible cost).

[Miss Betsy]

This is actually a simplified version, in reality most people are far more confused and inclined to assume that I can "fix it". It is these people who are being hurt by over-aggressive spam filtering applied on their behalf and without their informed consent. Yes, the ISPs save on bandwidth but the general public loses their email. If the overall false positive rate is just one percent (I believe it would be much higher) then hundreds of millions of legitimate emails are being junked EVERY DAY. This has got to be costing economies billions - possibly more than the cost of the spam in the first place (which I agree is a terrible cost).

In general, if one uses blocklists, the email can be rejected at the server and the sender gets an undeliverable message. The sender, then, has the opportunity to use some other means of reaching the recipient.

The real culprits are the 'content' filters or tagged email where false positives are inevitable and hard to find.

If the spam is to be conquered, internet users are going to have to be aware that ISPs can control spam from their servers and that there are choices among filters and how to whitelist,etc. It does no good to rant and rave over what is really so simple - ISPs have to become responsible for spam leaving their servers; consumers need to demand competent filtering at the server, and to view occasional rejection in the same light as encountering an accident on the freeway or to view constant interruption as something to complain about or reason to switch ISPs. And they need to complain very loudly about ISPs censoring their email before they get it without their knowledge. Of course, the alternative is spam in their inbox, but once they understand that instead of replying to you with confusion, they will say, "Find a responsible way of reaching me."

Miss Betsy

[agsteele]

Hi agsteele, I don't really disagree with anything you say. Well, just one thing, which is that I shouldn't be unhappy with spamcop its the recipient ISPs. This is correct to an extent, but what I am actually unhappy with is the entire anti-spam movement. Your reply is really a good example. You have clearly outlined why aggressive spam filtering works for your case. Thats great, you have made an informed decision about spam filtering. However, 99.99% (probably more) of users of email do not understand the issues and have not made an even slightly informed decision.

22600[/snapback]

Well I would disagree that SpamCop is at fault. The SpamCop blocklist provides an excellent means for identifying potential spam Email. The fault lies with the implementation which lies with the receiving ISP. SpamCop's list is particularly dtnamic and responds rapidly to systems being fixed so as not to relay spam. There are some blocklists which make it extremely difficult to get delisted from.

I do agree that most users have no idea of the importance of making informed decisions about how to implement a blocking or filtering process. I don't think there would be much dissent in these forums about that and the need for ISPs to explain the issues to their customers.

I have a dozen clients for whom we provide Email service. Every six months I write to them and remind them of the options that they have in relation to spam filtering.

1. To have no filtering in place and receive all Email regardless of content

2. To have all their Email checked and a x-spam flag added to their mail headers so that they can filter and check the messages at their leisure.

3. To have the source IP of their incoming Email checked against multiple blocklists and have it rejected if it matches more than two lists.

We always recommend option 2 but without exception all of these clients request option 3 even though I have them accept the fact that they might lose a small quantity of legitimate Email. They all say that they would prefer to have that situation than have staff faced with invitations to view pornography, purchase body enhancing drugs, take up amazing mortgage offers or whatever.

So for my clients at least, and I can obviously speak for no others, I provide what they want.

I think I'm responsible in my explanations, I encourage a preferred option which involves filtering but the customer chooses the most aggressive option. If my clients happened to be one of your customers then they have chosen to accept that they will miss your Email if you become listed in three of the blocklists we use rather than have to deal with the mounds of stuff that the really don't want to receive.

I'm not sure I can do anything else. And the thousands of messages that are silently dropped each week do save us lots of money in bandwidth charges.

I can truly understand the frustration you face and if you have an alternative, reliable approach to identifying potential spam Email then I'm sure you'll have a product that will win users. So far IP blocklists is the only approach I've found reliable and we have looked at other schemes.

If, though, you're saying that spam filtering should stop and end users and ISPs should lose the right to reject material that is offensive, time-wasting and bandwidth hungry then I suspect you're in the wrong place to get a friendly audience

Andrew

[StevenUnderwood]

As I sort of expected, inhabitants of this forum either don't get the point or fundamentally disagree with me, I can't be entirely sure which.

I fundamentally disagree with you.

To be fair to spamcop. The majority of our problems are caused by individuals and ISPs with poorly configured spam filters. The problem is the default settings are far too agressive and there is no real understanding of the cost of "false positives".

I believe most people setting these up know they will be blocking some legitamate email. I made that quite plain to the CFO of my company but he could see the benefit of reducing our internet access costs by about 50% (which stopping spam before it came through our doors did). We do not use a blocking system, however, the recipient needs to check an external site for any held messages, and most do not. If someone calls asking if a message was received or if an employee is expecting something that did not get through, the box is usually checked at that time.

I just have to comment on whitelists, which many seem to think solve the problem of over-aggressive spam filters. For example, StevenUnderwood said "The difference is that I have a whitelist to keep my expected email flowing". Sadly, whitelists are of very little help for people who want to do things like hear from customers they've never met before. I'm in the travel business. Every day I and the businesses I support receive hundreds of emails from people we've never met before - these emails are requesting travel services.

Then YOU should not be using a blocking system. The business I am in has very little outside contact. We supply parts to several large firms and initial contact is almost always made in person. These domains are easily added to our company whitelists if it becomes a problem. So far I have not had to whitelist any domains, onla a few vendor addresses. If you want the business of someone using a blocklist, it is up to you (the sender) to get your message through or drop the potential business.

I'm not going to go through our communication process in great detail, but it does involve our own dedicated email server and websites. Trust me when I tell you that all your simplistic ideas on whitelisting will only make a small impact - I know because I've tried them all.

I thought you started this thread saying another customer of oyur ISP hit a spamtrap. If your server hit a spamtrap, you have bigger problems. This does not seem to be the case, however, as your IP resolves to: host 203.31.48.33 = mailhost.netspeed.com.au

Because I am a paid reporter, I can see some information and your server has been reported several times by actual people, most recently (according to what I can see) on November 24 and the most damaging:

Submitted: Monday, November 08, 2004 5:14:23 PM -0500:

Fw: <basic sex site with every word misspelled>

[Wazoo]

Not stated, but the current SpamCop disposition is;

203.31.48.33 not listed in bl.spamcop.net

[StevenUnderwood]

Not stated, but the current SpamCop disposition is;

203.31.48.33 not listed in bl.spamcop.net

22643[/snapback]

It was specifically stated in agsteele's earlier response.

[Wazoo]

It was specifically stated in agsteele's earlier response.

Yep, you got me there .. apologies to both .. was just caught up in the rapture of another of your excellent postings and only saw that one missing detail there at the end <g>

[Mikey]

I don't mean this to be pejorative but why don't you just set up your own server on your own IP? You seem fairly sharp on this kind of stuff.

You could get a business DSL (last time I looked they were like $75 a month) and set up your own linux box. You would have complete control over not only what goes over the wire, but what goes on inside the machine. Don't let anyone tell you that you have to be a super geek. Its not that big of a deal.

I bet it would be a lot cheaper in the long run. And I guarantee that it would create way fewer headaches. If you're savy, you could get a bigger pipe and set up websites for other folks (who you know and trust) -- get them to pay for your server and line.

Again, not trying to pick a fight. Just speaking from experience.

[turetzsr]

Hi agsteele, I don't really disagree with anything you say. Well, just one thing, which is that I shouldn't be unhappy with spamcop its the recipient ISPs. This is correct to an extent, but what I am actually unhappy with is the entire anti-spam movement. Your reply is really a good example. You have clearly outlined why aggressive spam filtering works for your case. Thats great, you have made an informed decision about spam filtering. However, 99.99% (probably more) of users of email do not understand the issues and have not made an even slightly informed decision.

22600[/snapback]

...But that's how our system of economic organization works -- consumers (as a body) determine the quality of the products and services available by voting (or walking away) with their dollars. Uneducated consumers may tend to get lower-quality (or at least different quality than they wish) product. Those of us who appropriately and knowledgeably use tools like the SpamCop Blocklist should not be punished because of the existence of the uneducated by having our tools removed. I'm sorry that causes you extra expense and pain but it's what it is. It's a bit like (as fellow forum contributor Miss Betsy has elsewhere put it so well) being stuck in a traffic jam because some other careless person on the road, not you, had an accident.