Jump to content

Curious abou how this works


Lost Highway

Recommended Posts

How does spamcop know if what is reported as spam is acutally spam?

Reporters are asked to be careful NOT to report anything that is not spam. There are consequences if a reporter does report a non-spam (fines, suspensions, bans).

Generally one mistaken report does not get the IP address listed. If the person receiving the report responds to the reporter pointing out that it looks like a mistake, the reporter should apologize and contact the deputies to cancel the report. The person receiving the report can also contact spamcop and mark that the matter is resolved and drop a note to the deputies that it was a mistake (with evidence).

As in any system there are possibilities of mistakes. The percentage of mistakes compared to total reports is very small. If an IP address is listed (as the PBS one), it is quickly corrected. There is no more interruption of service than a careless backhoe operator (probably even less). It is a small price to pay for the control of spam. We don't complain about security measures that are inconvenient offline. There is no reason why we should complain about security measures online.

In addition, a mistake in the scbl listing is reversible. A mistake in deleting an email among a batch of spam or that was caught by a content filter is just as likely and does not send a notification. Email that is caught by a blocklist returns notification to the sender. Email that is simply deleted by mistake only becomes evident when that creates problems - usually more complicated than rectifying a mistaken bl entry. One can also continue to email correspondents by using an alternate method if one's IP address is on a blacklist so that what one wanted to send can still be sent in a timely fashion.

If you have additional questions, please ask them.

Miss Betsy

Link to comment
Share on other sites

Reporters are asked to be careful NOT to report anything that is not spam. There are consequences if a reporter does report a non-spam (fines, suspensions, bans).

So it's basically the honor system. If I were a less than honorable person, which I am not, I could very easily get any competitor of mine listed.

The percentage of mistakes compared to total reports is very small.

I would modify that to say that the percentage of identified mistakes compared to total reports is very small.

In addition, a mistake in the scbl listing is reversible.

True, but only after the damage is already done. You can't unring a bell.

A mistake in deleting an email among a batch of spam or that was caught by a content filter is just as likely and does not send a notification.

Once again true, but one can set the thresholds of what gets tagged and what does not. Under this system one is wholy at the mercy of any single individual.

One can also continue to email correspondents by using an alternate method if one's IP address is on a blacklist so that what one wanted to send can still be sent in a timely fashion.

Given this I am hard pressed to see how this system is effective in stopping true spammers. If I were in the business of spamming, which I am not, I would simply blow a huge mailing out overnight and then change ip addresses. Maybe that would not work for some reason I am unaware of. It seems like all you would get are the people that don't change ip addresses.

I'm not trying to be a pain the butt (although by this pint I'm sure you are thinking I am) but I find our server blocked on a semi regular basis. Every email ever sent has been sent has been on an opt in basis. We follow all of the rules. Usually what happens is some do gooder it guy reports us when one the companies employees signed up for the email and wants to get it.

I appreciate that spam is annoying. I get 100 to 200 a day. If I could make it go away I would. But this system seems to be a shotgun blast approach. As long as you get 10 spammers no one cares about the 1 or 2 that are legit that get hit.

Link to comment
Share on other sites

So it's basically the honor system. If I were a less than honorable person, which I am not, I could very easily get any competitor of mine listed.

I am not sure what measures there are to prevent that, but if you could, you only could once.

I would modify that to say that the percentage of identified mistakes compared to total reports is very small.

If ISP's pay attention to spamcop reports, there would no unidentified mistakes.

Given this I am hard pressed to see how this system is effective in stopping true spammers. If I were in the business of spamming, which I am not, I would simply blow a huge mailing out overnight and then change ip addresses. Maybe that would not work for some reason I am unaware of. It seems like all you would get are the people that don't change ip addresses.

That is a problem. However, someone else can tell you how that is countered. Since blocking on IP address started, the spammers can't find IP addresses to use so they use open proxies. Many people just use an open proxy blocklist.

I'm not trying to be a pain the butt (although by this pint I'm sure you are thinking I am) but I find our server blocked on a semi regular basis. Every email ever sent has been sent has been on an opt in basis. We follow all of the rules. Usually what happens is some do gooder it guy reports us when one the companies employees signed up for the email and wants to get it.

You might want to take a look at this topic

http://forum.spamcop.net/forums/index.php?showtopic=630

I appreciate that spam is annoying. I get 100 to 200 a day. If I could make it go away I would. But this system seems to be a shotgun blast approach. As long as you get 10 spammers no one cares about the 1 or 2 that are legit that get hit.

Blocklists have been very effective in making it more difficult for spammers to operate. IMHO, the inconvenience of 1 or 2 for a short time is worth it for the hundreds of people who do not receive hundreds of spam.

However, I can understand the frustration of those who try to do the right thing. My solution is for white hats to create their own bl that is truly useful and protects them from being blocked unless they are careless.

Miss Betsy

Link to comment
Share on other sites

As for the issue of "simply blow a huge mailing out overnight and then change ip addresses", that generally doesn't work very well, because you've got people like me who have it set up so we monitor our incoming email 24/7.

If I get a spam, even at 2:00am, my computer wakes me up. I then report to SpamCop, the FTC, the California State Attorney General, several Block Lists. This is all done semi-automatically. All I have to do is click a few times.

I then use Sam Spade to dig out the spamvertised websites and report them to the web hosts and upstream providers. If the website redirects, I'll dig out each site in the chain of spamvertised websites, and report each one. I've had some that redirected 8 times.

After that, I go to work on some other methods that I can't really discuss.

I had one spammer start out the day by sending a spam advertising a website hosted on a hijacked server from a nursing school in China. I reported it, they shut the website down.

I got an identical spam a while later, from another hijacked server in China. I reported it, they shut it down.

A while later, another identical email, this time advertising the website hosted from Venezuela. I reported it, they shut it down.

A bit later, another identical email, this time advertising the same website, but hosted from Romania. I reported it, they shut it down.

I haven't heard from that spammer since. If their websites keep getting shut down, they'll eventually give up.

So far, over the last week, I've only gotten 2 spams. I'm not running any software that rejects emails based on Block Lists, the spammers just avoid our email addresses because I use some pretty vicious methods to get them shut down and to run up their costs.

The way I see it, if they want to escalate such that they're bombarding everyone with hundreds of spams per day, I'll escalate as well. What I do can't be considered 'legal' in the strictest sense of the word, but do you think the spammers are going to report me?

Whatever works, works. And what I do works.

Link to comment
Share on other sites

[Flame on]

Geez, I've held my tongue through about a dozen of these kind of postings over the past month. I'm sure they were going on for eons before I got here. Sorry Lost Highway, I know you were just asking nicely so don't take this personally.

I don't know how many times people can say this:

SpamCop does not block mail. If you have a problem getting mail to someone, talk to the administrator of the server you're having problems with.

SMTP transactions are not guaranteed reliable. Futhermore, people seem to think the dynamic blocklists are some kind of spooky magic. Server administrators could easily hard-code the exact same lists into their firewalls and servers to accomplish the exact same thing. Many do. Do people complain to them about those "blacklists" or do the dynamic people take all the hits because they are more public and visible?

Yes, you can abuse blacklists. Just like hijacking netblocks, smurfing, DDoS-ing and a dozen other blackhat capers, you can pull pretty much anything off if you are sneaky. You are at the whim of the masses once you join the Internet. If you don't like it, set up a VPN, get some nailed up T1s or pull some dark fiber between your remote sites and build your own network.

Those of us that used the osirusoft blacklist woke up one day to find that we were bouncing the entire IPv4 address space. We got over it. The world kept spinning. It was the administrators choice to use that blacklist. We made the decision and suffered the consequences.

Its pretty simple: If you make money off of anything that goes on over the Internet, you better try to control as many things in the data path as you can. The internet is a free media to the extent that people let you use their media/resources/equipment. If you don't have control over their equipment (e.g. mail servers) then you better make nice with them... because the rest of us don't care.

Last time I checked, nobody was forced to use Spamcop or any of the hundreds of other lists out there ( http://www.dnsstuff.com/tools/ip4r.ch?ip=127.0.0.1 ). Just as you are allowed to publish your newsletters, the administrator of this site is allowed to put whatever he wants on his servers. If you don't find it useful, don't use it.

[Flame off]

Link to comment
Share on other sites

Hi, Lost Highway!

...Good questions, by the way (IMHO).

Reporters are asked to be careful NOT to report anything that is not spam. There are consequences if a reporter does report a non-spam (fines, suspensions, bans).

So it's basically the honor system. If I were a less than honorable person, which I am not, I could very easily get any competitor of mine listed.

...No, you couldn't (at least, not easily). It takes more than one SpamCop user to get an IP address on the block list (unless the IP address is actually routing e-mail to spamtraps, but you as a reporter can't cause that to happen to an IP address not under your control).

<snip>

In addition, a mistake in the scbl listing is reversible.

True, but only after the damage is already done. You can't unring a bell.

...But if the block only lasts a short while, relatively little damage is done. That's why SpamCop automatically "de-lists" IP addresses within 48 hours of the last report (personally, that seems a bit long to me, but I don't get to make the rules).

A mistake in deleting an email among a batch of spam or that was caught by a content filter is just as likely and does not send a notification.

Once again true, but one can set the thresholds of what gets tagged and what does not. Under this system one is wholy at the mercy of any single individual.

...Not true. One reporter can not get an IP address listed.

One can also continue to email correspondents by using an alternate method if one's IP address is on a blacklist so that what one wanted to send can still be sent in a timely fashion.

Given this I am hard pressed to see how this system is effective in stopping true spammers. If I were in the business of spamming, which I am not, I would simply blow a huge mailing out overnight and then change ip addresses. Maybe that would not work for some reason I am unaware of. It seems like all you would get are the people that don't change ip addresses.

...Addressed quite well by HillsCap, above.

I'm not trying to be a pain the butt (although by this pint I'm sure you are thinking I am)

...Slightly, but I don't mind the opportunity to hash this out. Seems a pretty valuable discussion, to me. :)

but I find our server blocked on a semi regular basis. Every email ever sent has been sent has been on an opt in basis. We follow all of the rules. Usually what happens is some do gooder it guy reports us when one the companies employees signed up for the email and wants to get it.

...Have you considered things from the point of view of the people receiving your "opt in" e-mails? Bearing in mind that it takes more than one report to get listed, it is conceivable that you are missing some small condition that is causing several people to report your IP address(es) "on a semi-regular basis."

I appreciate that spam is annoying. I get 100 to 200 a day. If I could make it go away I would. But this system seems to be a shotgun blast approach. As long as you get 10 spammers no one cares about the 1 or 2 that are legit that get hit.

...That's why there are deputies, support addresses, and these web fora. The problems seem to get addressed in a pretty timely manner once their brought here or to the deputies.

Link to comment
Share on other sites

So it's basically the honor system. If I were a less than honorable person, which I am not, I could very easily get any competitor of mine listed.

Not without being quickly detected and having your account cancelled.

Given this I am hard pressed to see how this system is effective in stopping true spammers. If I were in the business of spamming, which I am not, I would simply blow a huge mailing out overnight and then change ip addresses. Maybe that would not work for some reason I am unaware of. It seems like all you would get are the people that don't change ip addresses.

The identification process isn't "on duty" only part time. Spammers are frequently changing IP addresses, many do so more often than once a run. The quick responding nature of the SCBL allows for only a few spams to come from an IP before it is listed.

Link to comment
Share on other sites

After that, I go to work on some other methods that I can't really discuss.

I had one spammer start out the day by sending a spam advertising a website hosted on a hijacked server from a nursing school in China. I reported it, they shut the website down.

...

I haven't heard from that spammer since. If their websites keep getting shut down, they'll eventually give up.

...

the spammers just avoid our email addresses because I use some pretty vicious methods to get them shut down and to run up their costs.

The way I see it, if they want to escalate such that they're bombarding everyone with hundreds of spams per day, I'll escalate as well. What I do can't be considered 'legal' in the strictest sense of the word, but do you think the spammers are going to report me?

Whatever works, works. And what I do works.

Are the undiscussable, possibly questionably legal methods described anonymously anywhere?

What do you do for website hosts that ignore complaints as is typically founded for .cn, eg 220.175.8.39?

Link to comment
Share on other sites

Are the undiscussable, possibly questionably legal methods described anonymously anywhere?

There is nothing illegal about compiling a database containing IPs that have been determined to be the source of spam that users report. There is nothing illegal about publishing this database. There is nothing illegal about an admin deciding to use this database to decide whether or not to accept SMTP connections. In short, there is no reason to secretly discuss the legalities.

US Code, TITLE 47, CHAPTER 5, SUBCHAPTER II, Part I, Sec. 230

What do you do for website hosts that ignore complaints as is typically founded for .cn, eg 220.175.8.39?

The SCBL lists sources of spam emails, it does not list domain names, spamvertised URLs, or email addresses. If an IP is detected to be the source of spam emails it is listed when it meets or exceeds the algorithm threshold regardless of where the IP is physically located.

Link to comment
Share on other sites

Are the undiscussable, possibly questionably legal methods described anonymously anywhere?

What do you do for website hosts that ignore complaints as is typically founded for .cn, eg 220.175.8.39?

There is nothing illegal about blocking email for ISP's/email administrators/users or anyone. The internet is not a public playground it is made up of thousands of private networks and users that make their own decision about the content they wish to view, post, deny or accept.

Link to comment
Share on other sites

I don't think that he will tell you (or even point to some place describing them) since he doesn't want to get into trouble.

Also, most SpamCop members do not approve of using "fire to fight fire" The basic premise of spamcop is that spam can be controlled by using above board methods. IOW, two wrongs do not make a right.

And he probably knows that also so he is not advocating on the spamcop forum that others use his methods. He is simply reporting that he, himself, is winning the battle - at the moment.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...