Jump to content

False Positives


epodowski

Recommended Posts

Posted

I will most likely get flamed for this, that is if it is ever posted.

Spamcop may be preventing the bulk of the spam from getting to their end users, but is it also preventing email from getting through for legitimate users. I have been receiving phone calls from my clients, clients who have been with me for 5 - 10 years about their email being rejected due to spamcop. Clients who depend on us and are asking for a resolution.

We do not host spammers. We have never hosted a spammer in 10 years of business. We only host our clients who we can reach out and touch. Our innocent clients are being hurt by spamcop. And there seems to be no resolution.

Sure you can justify anything. You can argue any side you want. You can even pass the buck to the end user. Yes it is their responsibility.

The bottom line is your spamcop system is broken and needs to be fixed. There are way too many false positives. You are severely hurting legitimate businesses. Businesses who depend on their email communications going through. Spamcop is hurting the Internet more than it is helping at this point.

I said this calmy! I am appealing to the end user.

I am very technical. I can provide proof of the false positives. I have done the research. The Internet is not forgiving. It is only a matter of time until spamcop becomes known as a hindrance. The one thing I have learned about the Internet - action is swift.

You need to fix your broken system, before the Internet rejects spamcop. I am a very concerned and responsible Internet user.

Posted
You need to fix your broken system, before the Internet rejects spamcop.  I am a very concerned and responsible Internet user.

39449[/snapback]

There's no reason why you should be flamed although I guess using the correct Forum might reduce the risk :)

That said, your post is similar to some that appear from time to time and typically they reveal that the original poster, whilst having a good grasp of some technicalities, they have not taken time to find out just how the SpamCop block list works.

If you read the FAQ entries you'll see that SpamCop blocks nothing at all. The SCBL is recommended for use as a means of tagging potential spam. However, many, many ISPs choose to use it to block because it so effective at identifying spam. It is also very quick at de-listing identified sources of spam as soon as the flow of unwanted mail stops.

If you would provide the IP address of the mail server you believe to have been reported then I guarantee that you'll find a very ehlpful set of people to assist.

Andrew

ADMINS: Could this move to the Block List if we get more info or lounge if this proves to be someone letting off steam.

Posted
I will most likely get flamed for this, that is if it is ever posted.

It was "posted" within a couple of seconds after you hit the Submit button.

However, your bit a rant was posted into the wrong Forum section. don't see where anything in your text relates to the use of a SpamCop Filtered E-mail Account. So the qustion of the moment .. should I move this to the Blocking List Help Forum section, as this seems to be what the post is about .... or should I move it to the Lounge as a simple rant, based on the fact that no supporting data was provided ?????

Spamcop may be preventing the bulk of the spam from getting to their end users, but is it also preventing email from getting through for legitimate users.  I have been receiving phone calls from my clients, clients who have been with me for 5 - 10 years about their email being rejected due to spamcop.  Clients who depend on us and are asking for a resolution.

Specific data might help someone offer some details ....

We do not host spammers.  We have never hosted a spammer in 10 years of business.  We only host our clients who we can reach out and touch.  Our innocent clients are being hurt by spamcop.  And there seems to be no resolution.

????? Appearances are that no research has been conducted ... and again, with no data provided for someone to dig up a few facts, perhaps you are right .. there is no resolution ... but that would be based on everyone being in the dark ....

Sure you can justify anything.  You can argue any side you want.  You can even pass the buck to the end user.  Yes it is their responsibility.

The bottom line is your spamcop system is broken and needs to be fixed.  There are way too many false positives.  You are severely hurting legitimate businesses.   Businesses who depend on their email communications going through.  Spamcop is hurting the Internet more than it is helping at this point.

Rather than "arguing" .. justifying .. even debating ... get to the details ... take a look at the various FAQs already provided .. ask a specific question ...

I said this calmy!  I am appealing to the end user.

Define "end user" .... posting of a rant into a support venue for the use of the various SpamCop.net tool-set items doesn't really seem to be doing much good for "your end-users/customers"" ..????

I am very technical.  I can provide proof of the false positives.  I have done the research.  The Internet is not forgiving.  It is only a matter of time until spamcop becomes known as a hindrance.  The one thing I have learned about the Internet - action is swift.

You need to fix your broken system, before the Internet rejects spamcop.  I am a very concerned and responsible Internet user.

39449[/snapback]

At this point, there is no "evidence" of anything available here ... your false-positives are nothing but rhetoric at this point ....

On the off chance that you will be back and provide something of substance, I will move this to the (assumed more appropriate) Blocking List Help Forum section ....

Posted

Thank you for your comments.

I can assure you, I am not someone blowing off steam. It is true that I do not know all the details of how spamcop works. I do not need to know. I just know it is blocking email that should go through. Again, spamcop can blame the end users, or take the responsibiltity to do what is right and find a way to stop spam while correcting the false positives it is generating. You can not place the responsibility on the average end user. They just want the spam to stop, but eventually they will decide that the complaints from their customers are far more serious and then they will have a decision to make.

Here is the latest complaint we received just a few hours ago. I kept the domains in the message, but hide the users personal email addresses. [We do not need any spammers to get their addresses.]

----------

> <known_user[at]libertytravel.com>:

> 65.220.104.18 does not like recipient.

> Remote host said: 550 Rule imposed as known_user[at]zeffertandgold.com is

> blacklisted on SpamCop (see www.spamcop.net)

> Giving up on 65.220.104.18.

>

> --- Below this line is a copy of the message.

>

> Return-Path: <known_user[at]zeffertandgold.com>

> Received: from mx31.bcrtfl01.us.mxservers.net (131.103.218.73)

> by mail01h.rapidsite.net (RS ver 1.0.95vs) with SMTP id 1-0648314771

> for <known_user[at]libertytravel.com>; Thu, 19 Jan 2006 10:33:01 -0500 (EST)

> Received: from www.zeffertandgold.com [168.143.151.142] (EHLO

> zeffert89c6vkl)

> by mx31.bcrtfl01.us.mxservers.net (mxl_mta-1.3.8-10p4) with ESMTP id

> 813afc34.25596.379.mx31.bcrtfl01.us.mxservers.net;

> Thu, 19 Jan 2006 09:32:56 -0500 (EST)

----------

Ok, your going to find that their email server appears on the blacklist. That information to my clients is useless. Yes, I understand that they will be removed from the blacklist within 24 hours of the last reported spam. The fact remains, they did not send spam and they should not be on the blacklist.

You are also going to say, they are on a share hosting server. Yes they are. So is about 90% of all small and medium size businesses.

You are also going to say they didn't send the spam but someone else on their shared hosting sent it. But...why is the innocent being penalized?

Again, not blowing off more steam, just relating my experience with spamcop.

Posted
Thank you for your comments.

I just know it is blocking email that should go through.

Again, not blowing off more steam, just relating my experience with spamcop.

39453[/snapback]

As a technical user, you should know that spamcop can not block any message not sent to it's servers. The admin of 65.220.104.18 is the one doing the blocking. None of the IP addresses shown are listed currently and only host 131.103.218.73 = mx31.bcrtfl01.us.mxservers.net has any reports against it, but there are a lot of them. The fact there are 2 IP's for many of these reports may indicate that server is relaying spam for other sources and being listed because of it.

Report History:

-------------------------------------------------------------------------------

Submitted: Wednesday, January 18, 2006 6:19:09 PM -0500:

[spam] Unauthorized access to your CHASE Bank account !

1627040410 ( z_User_Notification ) To: [concealed user-defined recipient]

1627040409 ( z_User_Notification ) To: [concealed user-defined recipient]

1627040406 ( http://www.outdoor4business.de/catalog/images/c... ) To: abuse[at]schlund.de

1627040404 ( http://www.chase.com/pages/chase ) To: postmaster[at]bankone.com

1627040402 ( 65.39.223.18 ) To: spamcop[at]imaphost.com

1627040399 ( 65.39.223.18 ) To: abuse[at]peer1.net

1627040396 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, January 16, 2006 9:31:28 AM -0500:

ÇлçÇÐÀ§¶«¿¡ ºÒÀÌÀÍ~~ÀÌÁ¨ ´õ ÀÌ»ó ¿ë³³¸øÇØ^^^

1623929478 ( http://aaa7aaa.nh.to ) To: abuse[at]kornet.net

1623929477 ( 221.220.185.180 ) To: spamcop[at]imaphost.com

1623929474 ( 221.220.185.180 ) To: postmaster#publicf.bta.net.cn[at]devnull.spamcop.net

1623929472 ( 221.220.185.180 ) To: postmaster#public.bta.net.cn[at]devnull.spamcop.net

1623929468 ( 221.220.185.180 ) To: abuse[at]cnc-noc.net

1623929465 ( 221.220.185.180 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1623929463 ( 221.220.185.180 ) To: ct-abuse[at]abuse.sprint.net

1623929461 ( 221.220.185.180 ) To: postmaster#bta.net.cn[at]devnull.spamcop.net

1623929460 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, January 13, 2006 10:36:22 AM -0500:

[spam] Useful Pharamafce utical

1620557738 ( 82.243.80.141 ) To: spamcop[at]imaphost.com

1620557730 ( 82.243.80.141 ) To: abuse[at]proxad.net

1620557728 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, January 13, 2006 12:20:47 AM -0500:

Re: liable sloughy

1619989465 ( 60.48.87.203 ) To: spamcop[at]imaphost.com

1619989452 ( 60.48.87.203 ) To: abuse[at]tm.net.my

1619989448 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Thursday, January 12, 2006 10:18:59 AM -0500:

[spam] »çȸº¹Áö»ç ¹«·áÀÚ·á~ Áö±Ý ½ÅûÇϼ¼¿ä~

1619283174 ( 222.129.109.160 ) To: spamcop[at]imaphost.com

1619283170 ( 222.129.109.160 ) To: abuse[at]cnc-noc.net

1619283167 ( 222.129.109.160 ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net

1619283166 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, January 04, 2006 10:55:49 PM -0500:

Deal of the Week, coupons, cheap long necks and more!

1609889724 ( 209.238.251.157 ) To: spamcop[at]imaphost.com

1609889694 ( http://www.funatbombay.com/ ) To: abuse[at]verio.net

1609889692 ( http://www.funatbombay.com ) To: abuse[at]verio.net

1609889680 ( 209.238.251.157 ) To: abuse[at]verio.net

1609889677 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

1609889676 ( 131.103.218.173 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, December 26, 2005 11:32:41 AM -0500:

WE WISH sales A MERRY CHRISTMAS

1599007583 ( 62.234.48.249 ) To: spamcop[at]imaphost.com

1599007570 ( 62.234.48.249 ) To: abuse[at]wanadoo.nl

1599007546 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, December 21, 2005 3:51:54 PM -0500:

[spam] 6°³¿ùÈÄ¸é ³ªµµ ÇлçÇÐÀ§ ¼ÒÁö°¡ °¡´É...

1594322070 ( http://www.haksha.ez.ro ) To: support[at]kidc.net

1594322064 ( http://www.haksha.ez.ro ) To: abuse[at]kidc.net

1594322056 ( http://www.haksha.ez.ro ) To: postmaster[at]kidc.net

1594322052 ( http://www.haksha.ez.ro ) To: security[at]kidc.net

1594322051 ( 222.35.77.67 ) To: spamcop[at]imaphost.com

1594322050 ( 222.35.77.67 ) To: postmaster[at]chinatietong.com

1594322048 ( 222.35.77.67 ) To: crnet_mgr[at]chinatietong.com

1594322046 ( 222.35.77.67 ) To: crnet_tec[at]chinatietong.com

1594322045 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, December 21, 2005 12:14:09 PM -0500:

Facts speak more than words, impress him

1594153575 ( 85.214.18.106 ) To: spamcop[at]imaphost.com

1594153574 ( 85.214.18.106 ) To: cmueller[at]cronon.net

1594153573 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Thursday, December 08, 2005 5:56:52 PM -0500:

Bombay Christmas Party

1579700915 ( Forwarded spam ) To: [concealed user-defined recipient]

1579700914 ( 209.238.251.157 ) To: spamcop[at]imaphost.com

1579700913 ( http://www.funatbombay.com ) To: abuse[at]verio.net

1579700912 ( 209.238.251.157 ) To: abuse[at]verio.net

1579700911 ( 131.103.218.77 ) To: abuse#verio.net[at]devnull.spamcop.net

1579700910 ( 131.103.218.73 ) To: abuse#verio.net[at]devnull.spamcop.net

Posted
There are also some odd statistics with that IP in the sender base, as if someone decided to shut it down: ...

39466[/snapback]

Could be, though I'm starting to suspect SenderBase's sampling is inadequate or at least cause for caution - for instance

http://www.spamcop.net/sc?id=z860965848z78...2c0eec3cda4e89z on which SenderBase currently says

Report on IP address:  24.249.148.111

Volume Statistics for this IP

Magnitude  Vol Change vs. Average

Last day  0.0  -100%

Last 30 days  0.0  -100%

Average  0.0 

and

No address list shown since no email was detected from 24.249.148.0/24.

( http://www.senderbase.org/search?searchString=24.249.148.111 )

Despite CBL entry.
Posted
Ok, your going to find that their email server appears on the blacklist.  That information to my clients is useless.  Yes, I understand that they will be removed from the blacklist within 24 hours of the last reported spam.  The fact remains, they did not send spam and they should not be on the blacklist.

You are also going to say, they are on a share hosting server.  Yes they are.  So is about 90% of all small and medium size businesses. 

You are also going to say they didn't send the spam but someone else on their shared hosting sent it.  But...why is the innocent being penalized?

Again, not blowing off more steam, just relating my experience with spamcop.

39453[/snapback]

Rather than retyping it all, please see http://forum.spamcop.net/forums/index.php?...indpost&p=39474 ... and a few of the other posts in that Discussion.

Well, Steven's post confirms my initial suspicion.. There are also some odd statistics with that IP in the sender base, as if someone decided to shut it down:

131.103.218.73

39466[/snapback]

??At the time of this posting;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 2.9 .. -53%

Last 30 days .. 2.7 .. -70%

Average ........ 3.2

Posted
Could be, though I'm starting to suspect SenderBase's sampling is inadequate or at least cause for caution - for instance ..... on which SenderBase currently says ........

Yeah but .... you pointed out one sentence, I'll point out another data field ...

http://www.senderbase.org/search?searchString=24.249.148.111

Date of first message seen from this address -- <Blank>

Despite CBL entry.

39473[/snapback]

and .... http://cbl.abuseat.org/lookup.cgi?ip=24.249.148.111 also says;

IP Address 24.249.148.111 was found in the CBL.

It was detected at 2006-01-19 21:00 GMT (+/- 30 minutes).

Perhaps partially explaining why there hasn't been enough e-mail ending up at the right spots to yet "be seen" by the SenderBase network????? IronPort - The Company

Posted

Verio's outgoing mail server are notorious for sending delayed bounces and blowback. If email is really so critical to your customer, I would highly recommend that they invest in a static IP address, and a copy of Microsoft Exchange 2003 or the mail server software of their choice and run their own mail server. That way they aren't at the mercy of an irresponsible ISP, and do not have to share their mail server with other customers whose email practices they can't control.

Many will probably gripe at my support of a Microsoft product, however, exchange is easy to setup, easy to manage and configure correctly, supports DNSBLs for filtering spam from your incoming email, and support for it is readily available from literally thousands of sources.

Posted
t is true that I do not know all the details of how spamcop works.  I do not need to know.  I just know it is blocking email that should go through.  Again, spamcop can blame the end users, or take the responsibiltity to do what is right and find a way to stop spam while correcting the false positives it is generating.  You can not place the responsibility on the average end user.  They just want the spam to stop, but eventually they will decide that the complaints from their customers are far more serious and then they will have a decision to make.

39453[/snapback]

You are right, you don't need to know how SpamCop works - but it might help you understand the explanations provided.

I as a very small ISP choose to use the SCBL as one of a selection of methods for identifying and rejecting unsolicited Email entering our system.

Because it works well, we consider it a useful tool to provide our customers with a spam free life.

Now, if your mail server's IP address is listed, your messages will be rejected - not by SpamCop but by my mail server. I, not SpamCop, choose to reject your message(s) and I am quite happy to do so as are my customers. It is like me deciding to reject regular letters which come through the post on the basis of where the sender's address is. I may throw out a legitimate letter in and amongst all the advertising - but that's my choice and my risk.

If I thought using the SCBL was creating a problem for my customers then I could stop using it, or implement my use differently but since it doesn't create a problem for me or my customers I'm happy to use it.

In the end the SCBL is simply a list of IP addresses which all responsible ISPs will use if they consider it serves their customers well.

That so many choose to use the list is a testimony to its effectiveness. No receiving ISP is forced to use the SCBL. We do so because it is so responsive to spam traffic and quickly responds when spam stops flowing.

Andrew

Posted
You are also going to say they didn't send the spam but someone else on their shared hosting sent it. But...why is the innocent being penalized?

If you were sending packages by a ground carrier and the carrier not only delivered your package, but also several dirty, greasy packages crawling with bugs, would you consider yourself penalized if your customer refused to accept all the packages?

If spam is to be controlled, the *sender* has to be responsible for not sending, AND, not using servers that are sending spam. There are many responsible server admins that do not permit spam to be sent via their servers. Savvy online businesses use reliable email service.

Miss Betsy

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...