Jump to content

Does Spamcop delete phishing attempts?


jseymour

Recommended Posts

Twice in the last few days, I have received phishing attempts to an address that my mail server forwards along to Spamcop. In both cases, the message never appeared in my "Held Mail" folder - just as if it were a virus (but it's not).

I checked my mail server logs and the forwarding was accepted by Spamcop's mail server with a 250 response. (In the past, I've noticed some forwarded messages are rejected by Spamcop, but this is not the case here).

This makes me think it was either a couple of transient flukes, or Spamcop is doing some content-based silent rejection - which seems counter to the intent of spam reporting.

Anybody see something similar?

The two phishes were for Citibank and eBay respectively. Here's the tracking URL for the most recent one: http://mailsc.spamcop.net/sc?id=z732343727...07bcff545d55b3z

Link to comment
Share on other sites

and as dra007 and I both use postini at work, I was going to let you know the same thing.  This is the first time I have heard of this through spamcop. however.

24351[/snapback]

Thanks for the reply. If anybody inside Spamcop sees this as a problem, I'd be happy to supply snippets of mail logs if that will help.

Link to comment
Share on other sites

Got another one today.

http://www.spamcop.net/sc?id=z733637039z71...3c56cc535f06e0z

The message was silently deleted by Spamcop when my mail server forwarded it. I had to copy the message (using IMAP) into my Held folder so I could report it.

Does Spamcop think this is normal? Is deleting phish attempts the desired behavior? Or is this a bug?

I can see why Spamcop would get skittish about these messages, though. This one was peppered with links to valid eBay pages - and so I had to go through and uncheck several boxes before filing the reports. The casual user probably wouldn't bother, which would result in erroneous reports.

Link to comment
Share on other sites

I don't know what is happening here but I regularly get ebay phishing attempts into my spamcop inbox (I have them whitelisted so I don't miss anything). I don't know if I am missing any that are being seen as viruses (viruses are silently dropped by the spamcop email system), however.

You should probably contact JT directly: support<at>spamcop.net and ask the question, offering your logs if needed. And if you could post and answers here, that would be great to help out the next person.

Link to comment
Share on other sites

  • 2 weeks later...
You should probably contact JT directly: support<at>spamcop.net and ask the question, offering your logs if needed.  And if you could post and answers here, that would be great to help out the next person.

24489[/snapback]

These are still infrequent, but I've seen about four over the last couple weeks. Here's another:

http://www.spamcop.net/sc?id=z737269217z42...4a5a14fbd9ee5cz

My system received this phish attempt this morning at 06:39:20. It was forwarded on to my Spamcop account two seconds later. Spamcop accepted the message with a 250, but it never showed up in my Held Items (nor was it returned to me).

It is as if this phish was treated as a virus and deleted silently - which (to me) is a bug.

I asked support[at]spamcop.net about this, but got no response.

Link to comment
Share on other sites

  • 1 month later...
  • 5 weeks later...

For those keeping score at home, these vanishing phish emails keep showing up. I finally contacted the deputies and got an answer confirming that they are being deleted by the anti-virus software.

It's not quite what they want - but apparently, it's not something they can change.

Since I don't receive a lot of these, I can live with that explanation. It's frustrating, but since I keep local copies of all messages that I forward to Spamcop, I can still manually report the ones that go into the A/V black hole.

Link to comment
Share on other sites

Your research was a bit convoluted. It was suggested earlier that you'd want to contact JT. You say you asked the Deputies (who then would have had to contact JT, get an answer) and then they replied to you. Now that you have some kind of feedback and posted this bit, I'll try to follow up by contacting JT to get the full story .. sounds like something that needs to be added to the Announcements section.

In all fairness, let me say that JT gets hammered from many directions. The newsgroups, this Forum, and SpamCop e-mail accounts are running on his servers. He also runs his own CES business from the same facility. For some reason, countless numbers of people pick his address to send queries, complaints, and bitches about the SpamCop reporting side of things, "fan" mail from folks finding themselves on the SCBL, in addition to actual 'real' e-mail. Not knowing what your Subject line was, what the e-mail said, etc. .. hard to guess at the lack of a response, but can only state that even my e-mail queries seem to not always hit the mark, or get answered im a spurt sometime down the road .. so ut us possible that a response from him may yet arrive ...???

Link to comment
Share on other sites

Your research was a bit convoluted.  It was suggested earlier that you'd want to contact JT.  You say you asked the Deputies (who then would have had to contact JT, get an answer) and then they replied to you.

   [...]

In all fairness, let me say that JT gets hammered from many directions.

Indeed. I did send an email to JT back in February (with the Subject of "Phishing attempts being silently deleted?"), but saw no response. After a few more phishes went missing, I tried the deputies.

I didn't mean to sound like I was complaining about a lack of response. It's true, I got no "official" response to repeated postings here and one email - but I never considered this issue to be "grave", so I tried not to make a fuss.

Sorry if I breached some etiquette by going to the deputies to get a resolution...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...