Jump to content

A Few Newbie Questions


paul101

Recommended Posts

My employer (a longtime Spamcop client) recently asked me to take over his spam reporting as part of my job -- freeing up an hour or so of his daily schedule. Most of our incoming spam ends up in our "held mail" folder (an average of 30 to 50 held messages per day, plus a handful that slip through to our actual inbox). We generally use the Spamcop web form for reporting. I've been studying the FAQs, pinned messages, etc., and don't find a ready answer to a few items. If they're covered elsewhere, please excuse this relative newbie and point me in the right direction.

1: If the parsing engine can't resolve a URL link in the spam after refreshing, etc., but I can find out more info about an offending domain (through a WhoIs server like GeekTools.com or the Abuse group on Google), is it OK for me to go ahead and report the spammer (or, maybe better, their DNS contact info of record) via the form by adding the appropriate email address to the "User Notification" field? In other words, am I wasting time looking up a WhoIs record and reporting the spammer in the "User Notification" field if the parsing engine can't resolve a spam link? Does that mess up anything on Spamcop's end? Does it tip off the spammer that they've been found out? I realize many WhoIs records are faked, but sometimes an obvious DNS host shows up - like MCI or SBC, for example. I want our reports to be as complete and useful as possible.

2: Does the "User Notification" field allow me to add multiple addresses -- maybe separated by commas or something? It doesn't seem to allow this. If it does, how is that accomplished?

3: I understand that "quick reporting" only looks at the origin of the spam and not at any links in the spam. Is it therefore any less valuable in fighting spam? In other words, should I go ahead and slog through all the spam messages one at a time and report it the "regular" way? Is that any more useful to spamcop and those ethical ISPs that might actually want to keep spammers off their networks?

Thanks!

Paul

Link to comment
Share on other sites

My employer (a longtime Spamcop client) recently asked me to take over his spam reporting as part of my job -- freeing up an hour or so of his daily schedule. Most of our incoming spam ends up in our "held mail" folder (an average of 30 to 50 held messages per day, plus a handful that slip through to our actual inbox). We generally use the Spamcop web form for reporting. I've been studying the FAQs, pinned messages, etc., and don't find a ready answer to a few items. If they're covered elsewhere, please excuse this relative newbie and point me in the right direction.

38365[/snapback]

Welcome, Paul, and thanks for joining the fight!
1: If the parsing engine can't resolve a URL link in the spam after refreshing, etc., but I can find out more info about an offending domain (through a WhoIs server like GeekTools.com or the Abuse group on Google), is it OK for me to go ahead and report the spammer (or, maybe better, their DNS contact info of record) via the form by adding the appropriate email address to the "User Notification" field?

38365[/snapback]

Yes, that's what that field is there for.
In other words, am I wasting time looking up a WhoIs record and reporting the spammer in the "User Notification" field if the parsing engine can't resolve a spam link?

38365[/snapback]

No, you're not.
Does that mess up anything on Spamcop's end?

38365[/snapback]

No.
Does it tip off the spammer that they've been found out?

38365[/snapback]

It could. A safer approach is to put any address you found out (either the spammed URL or a reporting address you researched) into the paste your spam box in another Browser Window or Tab, and use the resulting address in your "User Notificaiton" field.
I realize many WhoIs records are faked, but sometimes an obvious DNS host shows up - like MCI or SBC, for example. I want our reports to be as complete and useful as possible.

38365[/snapback]

Thanks!
Link to comment
Share on other sites

2: Does the "User Notification" field allow me to add multiple addresses -- maybe separated by commas or something?

38365[/snapback]

Yes, it does, a maximum of four. I separate mine with a "comma space" sequence.
It doesn't seem to allow this. If it does, how is that accomplished?

38365[/snapback]

Just type in the field. If you get an error message while doing so, please reply with that error message.
3: I understand that "quick reporting" only looks at the origin of the spam and not at any links in the spam. Is it therefore any less valuable in fighting spam?

38365[/snapback]

Only a little. TPTB are concentrating on the sources of spam.
In other words, should I go ahead and slog through all the spam messages one at a time and report it the "regular" way?

38365[/snapback]

Only if you feel like it and/or your boss wants you to. :)
Is that any more useful to spamcop and those ethical ISPs that might actually want to keep spammers off their networks?

38365[/snapback]

Yes.
Thanks!

38365[/snapback]

You're welcome!
Link to comment
Share on other sites

I understand that "quick reporting" only looks at the origin of the spam and not at any links in the spam. Is it therefore any less valuable in fighting spam? In other words, should I go ahead and slog through all the spam messages one at a time and report it the "regular" way? Is that any more useful to spamcop and those ethical ISPs that might actually want to keep spammers off their networks?

38365[/snapback]

Hi Paul!

First off, thanks to you and your employer for contributing to the effectiveness of the SpamCop block list. Every form of reporting keeps the blocklist up to date.

Since the main emphasis of SpamCop is identifying the sources of spam (ie the IP addresses of the mail servers involved) using quick reporting is just as effective as the full reporting process. Yes, spamvertised URLs are not checked but since these are only used to send advice to ISPs and no other action is taken it isn't a particularly essential part of the parsing process (IMO). Many ISPs have enough trouble keeping on top compromised machines without attempting to argue with 'clients' who happen to host a spamvertised website.

I use a mixed approach. first thing most mornings I use the quick reporting approach to clear the overnight log-jam. Then a couple of times during the day I'll manually report the smaller quantities that appear. This seems to be a reasonable compromise for the time I have available to process spam.

But whatever you do, please keep on reporting. It is much appreciated.

Andrew

Link to comment
Share on other sites

Thanks, everyone, for your replies. I've been allocated about an hour a day to report spam, research spam news on Google and elsewhere, study these forums, and become familiar with the ROKSO info over at Spamhaus.org. I told my boss he should check with the accountant to see if we can write off this time as R&D. :)

Sounds like Andrew's "mixed approach" is best for us. I'll try adding more addresses as per Jeff's reply and report back if I run into an error. I must have done something wrong before.

By the way, I found a good free site for resources and reporting addresses: Spamlinks.net. The "Addresses" link in the "spam Tracking" section is especially helpful, as is the "spam-related Fraud, Scams and Crimes" link on that page. It lists lots of useful reporting addresses all in one place and saves valuable look-up time.

Thanks again, happy hunting and season's best!

Paul

Link to comment
Share on other sites

By the way, I found a good free site for resources and reporting addresses: Spamlinks.net. The "Addresses" link in the "spam Tracking" section is especially helpful, as is the "spam-related Fraud, Scams and Crimes" link on that page. It lists lots of useful reporting addresses all in one place and saves valuable look-up time.

38391[/snapback]

This site is one of many already listed in the Other information, help and links section of the (Forum version) of the SpamCop FAQ

Link to comment
Share on other sites

This site is one of many already listed in the Other information, help and links section of the (Forum version) of the SpamCop FAQ

38395[/snapback]

Thank you, Wazoo. I missed that link before. There's so much to explore here! I'm still learning my way. Kudos to all forum admins for what must be a monumental, never-ending, and often thankless task. I'll continue to explore and learn -- and I'll try to stay on topic, avoid duplication and practice all other forms of good netiquette.

Paul

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...