Jump to content

[Resolved] Spamcop Logic?


Traged1

Recommended Posts

Do you have a SpamCop reporting account?

If so, log into your www.spamcop.net web page, under Report Handling Options, select "Show Technical Details during reporting" .. incidentally 'explained' as;

SpamCop can reveal the logic it uses as it finds the right reporting parties for your spam. This can be helpful for advanced users who want to double-check SpamCop's logic, or for new users who want to learn from SpamCop's example.

Moved from the Lounge to "Reporting Help" Forum section ....

Link to comment
Share on other sites

<snip>
SpamCop can reveal the logic it uses as it finds the right reporting parties for your spam. This can be helpful for advanced users who want to double-check SpamCop's logic, or for new users who want to learn from SpamCop's example.
<snip>

34534[/snapback]

...Might be useful for spammers who want to trick the SpamCop parser, too, mightn't it? :) <g>
Link to comment
Share on other sites

I am not a spammer, in fact I am a developing admin who aspires to help the fight on spam. I am developing our own in house spam tools, to rip spamassassin headers, report to spamcop and post the IP of the real sender in our own in house rbl. The reason we need this that our RBL will be much ore strick/harder then spamcop's bl. We will not remove the ip's after 3 days, and we will not require the spam to be reported by multiple accounts. Basically, we want a system which blocks IP's for a serious lenght of time if a spammer has sent even 1 piece of spam to our servers. We are sick and tired of spending countless hours and days, infact the past 6 years fighting spam and manually processing spam only to see the levels of spam increase by ten fold.

I hate spammers and if I didn't have children I would go postal on them and hunt every last ^%&^%$# down and make them feel the wrath!!

Unfortunetly, I have too much responibility to do that currently, but I will wait for the day I can hunt them down like the rats they are.

Untill then, I will continue the fight through developing tools to help protect me and my users, and my children from thier sic emails.

Link to comment
Share on other sites

I am working in PERL, and I am having a hard time creating regex's to pick up all the different types of "Received" headers from different MTA's. Once I can manage to get that done, I will then run into a logic issue where I need to figuire out how I can seperate a bogus IP header from the real one, for obvious reasons.

Link to comment
Share on other sites

Over the years I have become to trust spamcop logic as it appears to have worked extremely well in determining the real sender, this is what I would like to do. Not to devalue, or copy or use against spamcop in any form. We are not developing this to become a competitor or spamcop or to try to get around the spamcop process. We merely appricaite the spamcop logic and would like to create something similar to so that we can use it in a much more hardened fashion.

Link to comment
Share on other sites

Per the SpamCop FAQ entry Can I get a copy of the source code for SpamCop? ... there once was a time that "some" of the code was made available. The "official" FAQ entry isn't telling the whole truth, in that there "was" a lot of interest ... however, what was made available was incomplete, made calls to code not made available, on and on .... use of the search bar at the top of this page, looking into the newsgroup archives may pull up some of the discussions from that way back when period. To save you the time if you aren't that interested, no, the "juicy" part of the spam analysis mode wasn't included in the "let the spammers see how I'm doing it" released code bundles <g>

Link to comment
Share on other sites

If you have a small (0 would be best) number of legitimate accounts forwarding to your system, the rest of the connecting systems delivering spam are spammers (or their proxies or relays) connecting directly, which vastly simplifies the analysis. You should know exactly what legitimate Received Header Lines from your system look like, plus legitimate Received Header Lines from the "legitimate accounts forwarding to your system". The IP address in the last of those is the culprit connecting to your system (the one that your internal blacklist would show the door), no need to go further. Of course, you shouldn't bounce any spam message from the "legitimate accounts forwarding to your system", just use such a spam message to feed the blacklist and to direct the spam message to a "Held Mail" equivalent on your system.

Link to comment
Share on other sites

Thanks, I picked up the source from sourceforge, it appears it's still kicking around there. This will help me greatly in my new project. I have been a paid user of spamcop, and a volunteer where I have dedicated countless hours of my time to reporting. I thank you for this help, and I will continue to use Spamcop even after I finish my new BL, so that all spamcop users can have cleaner mail.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...