Shamusnc Posted February 15, 2005 Share Posted February 15, 2005 True, but most of the companies I end up talking to don't realise the impact of what they are doing when they use Spamcop. It is listed in the FAQ not to use in production systems or to use as part of a scoring mechanism. I just wish more adminstrators would read that or look at what their ISP is doing when the ISP claims to be "blocking spam". <cough> BS <cough> As long as they have sales organizations, these companies will use OOF. Until there is a standard for user validation (i.e. The sending e-mail address is valid and is being sent by the user, not some robot) then you will get OOF and NDR messages to forged addresses. Link to comment Share on other sites More sharing options...
swingspacers Posted February 15, 2005 Share Posted February 15, 2005 As long as they have sales organizations, these companies will use OOF. Until there is a standard for user validation (i.e. The sending e-mail address is valid and is being sent by the user, not some robot) then you will get OOF and NDR messages to forged addresses. 24386[/snapback] Agreed, but the problem can be greatly reduced. There are ways of mitigating the problem without disabling auto-responses altogether. One method is described at the bottom of this page, and there are others: http://www.spamcop.net/fom-serve/cache/329.html If you adopt such a system, you greatly reduce your risk of sending mail to an innocent third party, being reported to SpamCop, and getting blacklisted. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 15, 2005 Share Posted February 15, 2005 My attitude is that people should follow the rules that are set forth by the IETF. That's a standards body that many people contribute to so standards can be defined for all. To define your own standards violates this princple. Have you looked at the last time those "Standards" were updated? RFC 821 August 1982 RFC 2821 April 2001 These dates are both before the bulk of the current spam problem evolved. While still "legal", following those does not constitute "best practices". I here you. I've been the victim of those as well, but listing the way spamcop is doing can cause economic harm because they don't get valid traffic when they should. This also will cause lost business. The people blocking using any list are responsible for what is blocked. By Spamcop's rules, you need to just blacklist every Fortune 1000 since they almost all use Out of Office messages. Don't forget include Ironport since they also use OOF. If they send messages to spamtraps, they do get listed. If they send their bounces to people, they are liable to be reported for spamming. Noboby is immune to the spamcop bl. If your server is sending spam, in any of its forms, it will be listed. Link to comment Share on other sites More sharing options...
Shamusnc Posted February 15, 2005 Share Posted February 15, 2005 That's great. If you don't like the way that the RFC is stated or worded, feel free to submit your comments or write your own. I've considered doing just that for another matter rather than make up the rules the way I see fit. http://www.rfc-editor.org/howtopub.html Link to comment Share on other sites More sharing options...
Wazoo Posted February 15, 2005 Share Posted February 15, 2005 That's great. If you don't like the way that the RFC is stated or worded, feel free to submit your comments or write your own. I've considered doing just that for another matter rather than make up the rules the way I see fit. Not with your stand at all here, though agreeing that the RFCs are woefully out of touch with reality. The SpamCop Parsing and Reporting tool is simply a tool, used by those wishing to report their spam in hopes that the ISP involved will handle the problem, and now the SpamCopDNSBL, which is there to be used by folks to try to handle the spew from ISPs that don't .... There has been no re-write of any rules, simply an additional tool in the mix. You are invited to take a look at any of the thousands of other BLs out there and see what it takes for listing/de-listing from them ... noting that many of those were also developed for a specific workplace, then offered up as a public resource. What I see at this point, you ran into an issue. Problems were explained, suggestions and pointers made, and you are basically spitting into the wind at this point when saying you are running things "like all the big boys" ...??? Even AOL has made changes to resolve the backscatter issues involved. Link to comment Share on other sites More sharing options...
Shamusnc Posted February 16, 2005 Share Posted February 16, 2005 Not with your stand at all here, though agreeing that the RFCs are woefully out of touch with reality. The SpamCop Parsing and Reporting tool is simply a tool, used by those wishing to report their spam in hopes that the ISP involved will handle the problem, and now the SpamCopDNSBL, which is there to be used by folks to try to handle the spew from ISPs that don't .... There has been no re-write of any rules, simply an additional tool in the mix. You are invited to take a look at any of the thousands of other BLs out there and see what it takes for listing/de-listing from them ... noting that many of those were also developed for a specific workplace, then offered up as a public resource. What I see at this point, you ran into an issue. Problems were explained, suggestions and pointers made, and you are basically spitting into the wind at this point when saying you are running things "like all the big boys" ...??? Even AOL has made changes to resolve the backscatter issues involved. Well, we can agree to disagree then. I disagree with the BL lists out there for many reasons and actually considered Spamcop to be one of the better ones for a while. [1] Once you start going down the path where "you" decide how things should work, then I feel that you are wrong. In conversations I've had in the past with various administrators of different systems I've found that the Linux/Unix adminstrators like to complain about the way Microsoft disregards the RFC's yet are most willing to disregard the RFC's when it suits them. That's my core issue. Those rules are put into place so ALL the systems can work together (at least most of the time) and we have an internet. There have been many suggestions to improve the SMTP protocols, but they are rarely implemented due to the massive changes that could impact mail flow. The HELO command still MUST be supported even after all these years of ELHO being the "standard". To be well thought out, RFC changes are challenged by many individuals so the net impact to the systems can be determined. [1] The majority of the BL's out there as you stated started as a private resource made public. The people running those BL's decided the way that mail should work for them (most of the time based on the way Sendmail works). Thanks for your time. JIM Link to comment Share on other sites More sharing options...
dub Posted March 8, 2005 Share Posted March 8, 2005 I agree with Jim, Spamcop is acting irresponsibly by making such a significant policy change. In correspondance with Ellen I was advised that their justification for expecting people to go against standards was 'ten years ago it was acceptable to run an open relay'. Spamcop has seated themselves firmly in the 'run for morons by morons' group of RBL with the likes of spambag.org and SORBS. I work for an organisation with over 400,000 email users who are now having their mail rejected by countless small companies who simply dont know that spamcop has adopted this moronic policy. The best we can do is advise them on a case by case basis that spamcop is has been taken over by crack smoking internet terrorists and should be avoided at all cost. So far we have found only agreement once the facts are presented. Well done spamcop, you f***** monkies. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 I agree with Jim, Spamcop is acting irresponsibly by making such a significant policy change. Maybe it's the late date, maybe it's just the words ... I just can't immediately jump to just what the "significant poilcy change" might be referring to. In correspondance with Ellen I was advised that their justification for expecting people to go against standards was 'ten years ago it was acceptable to run an open relay'. Don't you just hate progress? I remember being fairly happy with gopher, Veronica, FTP, Telnet, and various BBS applications for that 'local/community" thing .... Having no idea what you dialog with Ellen was about (and not even caring actually) ... it's more of adapting and keeping things functional in spite of the lowlife scum that has made a career out of exploiting the network founded on the basic premise of trusted users, data, and applications. Spamcop has seated themselves firmly in the 'run for morons by morons' group of RBL with the likes of spambag.org and SORBS. Whatever .... I work for an organisation with over 400,000 email users who are now having their mail rejected by countless small companies who simply dont know that spamcop has adopted this moronic policy. The best we can do is advise them on a case by case basis that spamcop is has been taken over by crack smoking internet terrorists and should be avoided at all cost. So far we have found only agreement once the facts are presented. Well done spamcop, you f***** monkies. Actually, this is beginning to sound like a personal problem at this point. The use of the "Warning System" has been invoked, your profanity edited, and a general thought of "hope you're having a bad day also" has been lofted into your general direction. Are you a member of the abuse[at]clear.net.nz team? Link to comment Share on other sites More sharing options...
Jeff G. Posted March 8, 2005 Share Posted March 8, 2005 Wazoo, thank you for excising the profanity. It appears that the policy change was in allowing the reporting of misdirected bounces. Having been bombed by them enough times, I finally came to the conclusion that they were evil, especially the ones that don't contain enough info to report the original spam manually. Lotus Notes (or Bloated Goats, as some have taken to calling it) is notoriously good at neglecting to include the source email when sending Out Of oFfice messages to the Internet; fortunately, this "feature" can be turned off by the end-users, or by savvy admins who change the templates. One of my addresses is still getting bombed after over a year, although the frequency has vastly diminished. I guess the fact that its userid is a common English word (despite being 11 letters) doesn't help matters. Link to comment Share on other sites More sharing options...
dub Posted March 8, 2005 Share Posted March 8, 2005 Maybe you should have bothered to take in the context? The 'keeping things functional' bit is classic, real comedy. I have, in fact, been having a bad week, due primarily to dealing with the fallout from this policy change. Might I offer a 'sc** you, ***hat' in return. And way to drag an innocent commercial entity into what you have deemed a personal problem. Another fine example of spamcop's professional attitude. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 OK, introductions are over it appears. Another warn level added, posting rights have been tagged as needing approval before appearing to the rest of the public. As far as SpamCop's professional attitude, the question asked and not answered at all was from me, and you will note the lack of a SpamCop.net logo attached. I had added a bit of note at the top of each Forum that states that the primary mode of support here is from other users. It should have also been apparent from the response to your first post that profanity wasn't welcome here. Had you offered some data, some research could have been at least attempted. That you say you've already been talking to Ellen suggests that the only reason for your appearance here was for posting your rant material, which falls under the description of content for the Lounge area ... not in a 'support' Forum. You barge in here with a rant in full blow, offer nothing for any evidence ot whatever issue you're carrying on about, and violate several rules of normal etiquette (repeatedly) ... To match your frustration levels, there's a lot of other things I could be spending my time on also. Link to comment Share on other sites More sharing options...
dub Posted March 8, 2005 Share Posted March 8, 2005 Note: I don't actually care if this gets approved or not but try and see past your own inflated sense of indignation and take this on board. I don't need support, just offering my agreement (granted with some embellishment) to a post on an existing thread. I was just googling for other instances of people having this problem with your RBL. I am already confident that spamcop can't (read won't) help me, the best I can do is minimise the impact of your policy by showing people how stupid it is, a process that is working better than expected. Sorry but like it or not your 'administrator' status will lead people to believe you are spamcop staff as such your posts will carry this stigma. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 Again, this is a support Forum. If you actually want some help, specific data is required. There's nothing I can offer that will clear your perceptions, other than suggesting that further research on your part would be required. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 8, 2005 Share Posted March 8, 2005 I work for an organisation with over 400,000 email users who are now having their mail rejected by countless small companies who simply dont know that spamcop has adopted this moronic policy. The best we can do is advise them on a case by case basis that spamcop is has been taken over by crack smoking internet terrorists and should be avoided at all cost. So far we have found only agreement once the facts are presented. I am surprised that anyone will agree with you that spamcop consists of 'crack smoking internet terrorists' If someone told me that was my problem when my email was rejected (or if I were using the spamcop blocklist), I would be very suspicious. I might agree just so that you would go away. If it is 'misdirected bounces', then anyone who receives spam knows that they have become as great a nuisance as spam. When people first receive them, they are sometimes really upset (as much or more than you are) because they are afraid that they are being thought spammers. Occasionally, the number causes their email to be unusable. There are a great many original practices for email that have been totally spoiled because of the spammers. The use of forged return paths by the spammers has ruined what was once a good idea. The number of people inconvenienced (as well as scared and angered) by bounce emails probably outnumbers by far the number of people inconvenienced by mistyping an address and not knowing that it was returned until they have access to the email address from which they sent it. In fact, most email users probably don't know that they can change their return path at will, yet they are the very ones who will be receiving spam because they don't know how to avoid it. If anyone agrees with you that bounces created after the email has been accepted and sent to the return path is still a good idea, then they have no knowledge of current events on the internet. I don't know why you won't change your habits, but it could be because you don't want to spend the money to change or you don't want to admit to the 400,000 users that you have made a mistake. Miss Betsy Link to comment Share on other sites More sharing options...
dub Posted March 8, 2005 Share Posted March 8, 2005 Lets iron out a few things and leave it at that. I don't disagree that rejection should be done at SMTP time, yes 'misdirected bounces', bogus NDNs, Joe jobbing, etc is a problem. I disagree with the policy that spamcop has put in place to list originators of these NDNs. Spamcop has a large number of subscribers to their RBL, a large percentage of these are small time mail servers run by small businesses with limited resources. Spamcop made a significant change to their policy by beginning to list originators of NDNs. I remember finding a one liner about this policy change on a FAQ around the time it was implemented but now after spending a few minutes on the website I cant find any reference to it. IMHO there should be highly visible notices all over your website advising of the change and its impact, that users of spamcop's RBL will be rejecting mail from entities that are running their systems to accepted standards and specifications. Maybe standards need to change, maybe spamcop thinks it can draft people into revolution, maybe the needs of the end user should have been considered. Link to comment Share on other sites More sharing options...
Wazoo Posted March 8, 2005 Share Posted March 8, 2005 I don't disagree that rejection should be done at SMTP time, yes 'misdirected bounces', bogus NDNs, Joe jobbing, etc is a problem. I disagree with the policy that spamcop has put in place to list originators of these NDNs. Actually, this is a flip back to the original condition. Bounce messages became such an issue due to the bad reporting job some folks were accomplishing based on the lousy bounce message configuration of some ISPs that reporting these bounces was simply banned. For whatever reasons, this ban was removed (best guess is that the MailHost configuration also helped stop people from reporting themselves and that some spammers had made this their main method of transmission ... but that's only a partial guess.) Spamcop has a large number of subscribers to their RBL, a large percentage of these are small time mail servers run by small businesses with limited resources. First of all, RBL is a term controlled by MAPS ... all others are simply referred to as BLs .... Second, I've no idea as to where you might be getting your numbers from to make your guess at prercentages .... a one-line entry into a configuration file is hardly a "subscription" for most users, be it ISP or end-user. Spamcop made a significant change to their policy by beginning to list originators of NDNs. please see above comment. I remember finding a one liner about this policy change on a FAQ around the time it was implemented but now after spending a few minutes on the website I cant find any reference to it. IMHO there should be highly visible notices all over your website advising of the change and its impact I can find a couple of items talking about that changed item. Both are here in the Forum .. one is at http://forum.spamcop.net/forums/index.php?...indpost&p=17157 and the other is the change I made to the Forum FAQ such that the calling item line was changed to read "Rules - everybody read! (recent changes made ... you may need to re-look) " .. Again, there's only so much I can do from my vantage point as a free reporting account holder ... that users of spamcop's RBL will be rejecting mail from entities that are running their systems to accepted standards and specifications. Maybe standards need to change, maybe spamcop thinks it can draft people into revolution, maybe the needs of the end user should have been considered. You can keep your "running to standards" position and end up on a boatload of other BLs that aren't near as forgiving as the SpamCopDNSBL or you could shine a light on the problem and try to handle it like a lot of other ISPs today. Already mentioned in the SpamCopDNSBL description is that it is very aggressive and should be used for Tagging rather than rejection, but ... you see how many folks use that guidance .... Maybe just a bit of a reminder here .. if it weren't for the spammers abusing the system, there would be no need for SpamCop or any of the other BLs, filtering agents, configuration woes of e-mail apps, etc. Link to comment Share on other sites More sharing options...
turetzsr Posted March 18, 2005 Share Posted March 18, 2005 Not with your stand at all here, though agreeing that the RFCs are woefully out of touch with reality. The SpamCop Parsing and Reporting tool is simply a tool, used by those wishing to report their spam in hopes that the ISP involved will handle the problem, and now the SpamCopDNSBL, which is there to be used by folks to try to handle the spew from ISPs that don't .... There has been no re-write of any rules, simply an additional tool in the mix. You are invited to take a look at any of the thousands of other BLs out there and see what it takes for listing/de-listing from them ... noting that many of those were also developed for a specific workplace, then offered up as a public resource.Well, we can agree to disagree then. I disagree with the BL lists out there for many reasons and actually considered Spamcop to be one of the better ones for a while. [1] Once you start going down the path where "you" decide how things should work, then I feel that you are wrong. In conversations I've had in the past with various administrators of different systems I've found that the Linux/Unix adminstrators like to complain about the way Microsoft disregards the RFC's yet are most willing to disregard the RFC's when it suits them. That's my core issue. Those rules are put into place so ALL the systems can work together (at least most of the time) and we have an internet. <snip> 24412[/snapback] Maybe I missed something, but I don't see how you reach the conclusion that "'you' decide[d] how things should work..." All that SpamCop decided was to change a policy that excluded some spam sources (those that generate the bounce messages to innocent bystandards whose e-mail addresses are forged into "From" lines of e-mails). As Wazoo correctly pointed out, it is the users of the blocklist who are rejecting e-mails from listed sources, not SpamCop itself. IMHO it isn't fair to characterize those users as being too limited in their resources as not to be able to use the blocklist wisely. You are free to disagree with SpamCop's decision and decide to not use the blocklist and you are free to criticize those who decide to continue but those that decide to continue or equally free to do that. Ultimately, they are responsible to their own customers and they are the end users who should and are being served. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.