jseymour Posted February 14, 2005 Posted February 14, 2005 Twice in the last few days, I have received phishing attempts to an address that my mail server forwards along to Spamcop. In both cases, the message never appeared in my "Held Mail" folder - just as if it were a virus (but it's not). I checked my mail server logs and the forwarding was accepted by Spamcop's mail server with a 250 response. (In the past, I've noticed some forwarded messages are rejected by Spamcop, but this is not the case here). This makes me think it was either a couple of transient flukes, or Spamcop is doing some content-based silent rejection - which seems counter to the intent of spam reporting. Anybody see something similar? The two phishes were for Citibank and eBay respectively. Here's the tracking URL for the most recent one: http://mailsc.spamcop.net/sc?id=z732343727...07bcff545d55b3z
dra007 Posted February 14, 2005 Posted February 14, 2005 my work's e-mail filter also identifies some phishers as viruses...
StevenUnderwood Posted February 14, 2005 Posted February 14, 2005 and as dra007 and I both use postini at work, I was going to let you know the same thing. This is the first time I have heard of this through spamcop. however.
jseymour Posted February 15, 2005 Author Posted February 15, 2005 and as dra007 and I both use postini at work, I was going to let you know the same thing. This is the first time I have heard of this through spamcop. however. 24351[/snapback] Thanks for the reply. If anybody inside Spamcop sees this as a problem, I'd be happy to supply snippets of mail logs if that will help.
jseymour Posted February 18, 2005 Author Posted February 18, 2005 Got another one today. http://www.spamcop.net/sc?id=z733637039z71...3c56cc535f06e0z The message was silently deleted by Spamcop when my mail server forwarded it. I had to copy the message (using IMAP) into my Held folder so I could report it. Does Spamcop think this is normal? Is deleting phish attempts the desired behavior? Or is this a bug? I can see why Spamcop would get skittish about these messages, though. This one was peppered with links to valid eBay pages - and so I had to go through and uncheck several boxes before filing the reports. The casual user probably wouldn't bother, which would result in erroneous reports.
StevenUnderwood Posted February 18, 2005 Posted February 18, 2005 I don't know what is happening here but I regularly get ebay phishing attempts into my spamcop inbox (I have them whitelisted so I don't miss anything). I don't know if I am missing any that are being seen as viruses (viruses are silently dropped by the spamcop email system), however. You should probably contact JT directly: support<at>spamcop.net and ask the question, offering your logs if needed. And if you could post and answers here, that would be great to help out the next person.
jseymour Posted February 28, 2005 Author Posted February 28, 2005 You should probably contact JT directly: support<at>spamcop.net and ask the question, offering your logs if needed. And if you could post and answers here, that would be great to help out the next person. 24489[/snapback] These are still infrequent, but I've seen about four over the last couple weeks. Here's another: http://www.spamcop.net/sc?id=z737269217z42...4a5a14fbd9ee5cz My system received this phish attempt this morning at 06:39:20. It was forwarded on to my Spamcop account two seconds later. Spamcop accepted the message with a 250, but it never showed up in my Held Items (nor was it returned to me). It is as if this phish was treated as a virus and deleted silently - which (to me) is a bug. I asked support[at]spamcop.net about this, but got no response.
jseymour Posted April 14, 2005 Author Posted April 14, 2005 And it keeps coming... http://www.spamcop.net/sc?id=z752359153ze3...e169f4bcde127bz I just can't understand why these are being deleted. There's no active content that I can see, so I don't believe they are being rejected as viruses. It seems that either there's a bug somewhere or Spamcop has made a conscious decision to delete phishing attempts.
jseymour Posted May 13, 2005 Author Posted May 13, 2005 For those keeping score at home, these vanishing phish emails keep showing up. I finally contacted the deputies and got an answer confirming that they are being deleted by the anti-virus software. It's not quite what they want - but apparently, it's not something they can change. Since I don't receive a lot of these, I can live with that explanation. It's frustrating, but since I keep local copies of all messages that I forward to Spamcop, I can still manually report the ones that go into the A/V black hole.
Wazoo Posted May 13, 2005 Posted May 13, 2005 Your research was a bit convoluted. It was suggested earlier that you'd want to contact JT. You say you asked the Deputies (who then would have had to contact JT, get an answer) and then they replied to you. Now that you have some kind of feedback and posted this bit, I'll try to follow up by contacting JT to get the full story .. sounds like something that needs to be added to the Announcements section. In all fairness, let me say that JT gets hammered from many directions. The newsgroups, this Forum, and SpamCop e-mail accounts are running on his servers. He also runs his own CES business from the same facility. For some reason, countless numbers of people pick his address to send queries, complaints, and bitches about the SpamCop reporting side of things, "fan" mail from folks finding themselves on the SCBL, in addition to actual 'real' e-mail. Not knowing what your Subject line was, what the e-mail said, etc. .. hard to guess at the lack of a response, but can only state that even my e-mail queries seem to not always hit the mark, or get answered im a spurt sometime down the road .. so ut us possible that a response from him may yet arrive ...???
jseymour Posted May 14, 2005 Author Posted May 14, 2005 Your research was a bit convoluted. It was suggested earlier that you'd want to contact JT. You say you asked the Deputies (who then would have had to contact JT, get an answer) and then they replied to you. [...] In all fairness, let me say that JT gets hammered from many directions. Indeed. I did send an email to JT back in February (with the Subject of "Phishing attempts being silently deleted?"), but saw no response. After a few more phishes went missing, I tried the deputies. I didn't mean to sound like I was complaining about a lack of response. It's true, I got no "official" response to repeated postings here and one email - but I never considered this issue to be "grave", so I tried not to make a fuss. Sorry if I breached some etiquette by going to the deputies to get a resolution...
Wazoo Posted May 15, 2005 Posted May 15, 2005 Was just pointing out that the Deputies don't have direct access to the e-mail side if the house ...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.