Global ISP blocking - the downside

[JLH]

Global ISP blocking has led to huge rise in "undelivered mail" spoof spam. I use Orange ( AKA Freeserve / Wanadoo ) as my ISP. This ISP is regularly being blocked by spamcop and causing problems with several people I need to communicate with frequently. I notice that many other ISPs are also being globally blocked - Google's GMail, Yahoo groups etc.

Globally blocking ISPs and causing problems to millions of users because a few members are either wilfully spamming, or, more likely, their PC's are not properly protected by antivirus and firewall software and acting as zombies for the real spammers, is NOT the way to go.

In principle Spamcop is a good idea - at the moment I think of it as "spam Traffic Warden" or "spam Park Keeper".

I believe that the practice of globally blocking ISPs has led to the huge recent rise of "undelivered mail" spoof spam / virus loaded emails. So many people have been having emails blocked by Spamcop that they have been having to keep an eye on all undelivered mail reports. This plays directly into the hands of the spammers - they are now aware of this and send spam dressed up like an undelivered mail report. As a result I now no longer read my undelivered mail reports.

This needs resolving as soon as possible - for your own credibility as well as the sanity of the millions worldwide who keep having their ISP blocked and inboxes flooded with "undelivered mail" reports.

[Telarin]

First off, spamcop doesn't block anything, ISP or otherwise.

Spamcop is a tool for reporting spam to the ISP from which it originated. Spamcop also maintains a list of servers CURRENTLY SENDING spam. There is no regard to which ISP these servers belong to. It is not uncommon for an ISP to have some servers listed and some unlisted.

What a receiving ISP does with this list is entirely up to them. Spamcop's own email service uses this list as part of a scoring scheme to determine whether a message is spam. This method is the method recommended by spamcop.

I on the other hand use this list to block incoming email to my mail server. It saves me money, and makes it far less likely that a good message will end up in someone Junk E-mail folder and be missed.

[agsteele]

Global ISP blocking has led to huge rise in "undelivered mail" spoof spam. I use Orange ( AKA Freeserve / Wanadoo ) as my ISP.

SpamCop does not offer global ISP blocking although I suppose other block lists could do so. As Telarin notes, all SpamCop does is collect a list of ips which are currently sending spam.

The block is imposed by the receiving ISP. So my ISPs actually use the SCBL to filter incoming Email. But many, probably the majority, prefer to block. So the argument is, in reality, with the ISPs for the people you are attempting to reach. So your contacts probably have the best chance of getting their ISPs to stop blocking and start filtering.

But, as Telarin also notes, the reason for using blocking is that it saves a lot of cash for ISPs that pay for bandwidth used. An example, I recently monitored my Email over a 24 hour period. only approximately one-third of incoming Email was legitimate. Two-thirds was spam. Some of my clients have a worse ratio. So, if ISPs can reduce their bandwidth costs by 66% then I suspect that will be too tempting. In those situations ISPs will continue to block. SpamCop is favoured by many because it responds quickly to a problem and then just a promptly when the spam stops.

Andrew

[turetzsr]

...This was posted to the SpamCop Blocklist Help Forum, which is described as

A forum to help those who use or have had their e-mail blocked based on use of the SpamCopDNSBL by the receiving ISP.

Since it does not appear to be seeking assistance due to blocking based on the SCBL, I have moved it to the SpamCop Lounge Forum (I left a link to this thread in the Forum to which it was originally posted].

[DavidT]

So, JLH, since your basic premise is flawed (SC doesn't do any "global" stuff), would you care to rework your question to us? I think should do a little reading of the FAQs and of topic related to this issue first, however.

DT

[Miss Betsy]

Globally blocking ISPs and causing problems to millions of users because a few members are either wilfully spamming, or, more likely, their PC's are not properly protected by antivirus and firewall software and acting as zombies for the real spammers, is NOT the way to go.

Why not? If people do not properly protect themselves with antivirus and firewall software, continue to support irresponsible or incompetent ISPs, and do not complain about unreliable email service to the provider - who is the only person who can stop spam from happening, then why should they continue to be allowed to eat up resources of other internet users?

I believe that the practice of globally blocking ISPs has led to the huge recent rise of "undelivered mail" spoof spam / virus loaded emails. So many people have been having emails blocked by Spamcop that they have been having to keep an eye on all undelivered mail reports. This plays directly into the hands of the spammers - they are now aware of this and send spam dressed up like an undelivered mail report. As a result I now no longer read my undelivered mail reports.

Your belief is incorrect. The spammers forge the return path on spam and ignorant people send emails to that forged return path saying the spam is undeliverable. The rise of those NDRs is due to the rise in spam. Viruses that spoof undeliverable mail messages have nothing to do with being blocked. Many ISPs now block viruses so that their customers don't get them. A rise in virus laden email means that someone who has your email address on hir computer is infected. If you have a large address list, particularly of people who have never heard of the Boulder Pledge*, then your email address could be on computers all over.

Miss Betsy

*The Boulder Pledge:

"Under no circumstances will I ever purchase anything offered to me

as the result of an unsolicited email message. Nor will I forward

chain letters, petitions, mass mailings, or virus warnings to large

numbers of others. This is my contribution to the survival of the

online community."

Roger Ebert

[JLH]

So, JLH, since your basic premise is flawed (SC doesn't do any "global" stuff), would you care to rework your question to us? I think should do a little reading of the FAQs and of topic related to this issue first, however.

OK - Spamcop itself doesn't do any global stuff.

The lists it produces are used by some ISPs in ways that globally block mail servers of other ISPs.

It still seems to me like punishing the whole class because somebody made a bad smell.

spam is annoying - I would be the first to agree with that. I use Spamweed, and that works very well for me. Even more annoying than spam is not being able to send important emails for anything up to several days, several times a month. I have already spoken to my ISP who assures me they are trying to find and eject the spammers.... we'll see.

Since the EU made it "illegal" to send spam I have not heard of one prosecution.

Maybe it's my perception - but this huge rise in NDR's seemed to coincide with the onset start of globally blocked emails and the innevitable genuine NDR reports these produce ( whether by using Spamcop lists or not ).

As the first reply to my original post said - it suits some ISPs to globally block because it cuts their costs and effort.

[Miss Betsy]

What I think you mean is that all the users of an outgoing mail server are blocked when the administrators of that server either allow spammers, do not control the use of auto responders like out of office replies and zombied computers, or do not reject undeliverable email at the server level (a new development due to spammers forging the return path and causing NDRs to go to hundreds (thousands) of innocent people who never sent the messages).

First of all, your email is only blocked by some of your correspondents who are using an email service that uses the spamcop blocklist to block email. At least you know when your email is not being delivered to those people. Other email services, such as yahoo, send emails to the bulk email folder for no discernable reason and some simply drop them so you never know that they weren't delivered.

If your email service is as unreliable as you indicate, then it probably would be a good idea to have an alternate so that those 'important' emails can be delivered.

The problem is that only the *sending* end can determine which email account is causing the problem. If the *receiving* end doesn't block all email from that mail server, then their customers receive all the spam also.

Another problem you have. the spamcop blocklist is dynamic. the IP address is listed as long as it is sending spam and delisted automatically when the spam stops. Lots of server admins use blocklists and other blocklists are not as easy to be removed from although it takes longer for them to be listed. If your IP address is regularly on the spamcop blocklist, then sooner or later it will be added to other blocklists.

Blocklists are the natural way for the internet to protect itself against spam. Almost all ISPs now use blocklists to protect their clients against spam. Others rely on content filtering, but in those cases, as I have pointed out, if your email goes to the bulk email folder, it is lost amongst the spam and the sender is not notified. Some people use whitelists for regular correspondents to prevent that from happening - it may be possible to get your correspondents to whitelist you.

One analogy for using blocklists is the fact that you cannot get pizza delivered or get a taxi in certain parts of a city because of the 'bad' character of the neighborhood. Not getting your email delivered is similar because of the 'bad' character of the email in your neighborhood.

Miss Betsy

[JLH]

Hi Miss Betsy - you are correct in saying that the blocking is at mail server level, not an entire ISP at once. My ISP has recently undergone major changes / revamp of all its pages and services - which I am hoping explains why they may have had to take their eye off the spammers for this period.

It is only a couple of regular recepients I have problems with, one of these uses Lumison as their ISP - since this is a major business contact for me it is a big problem. I do use hotmail and Skype as alternatives when mail servers are blocked. When using email for ongoing work it is obviously inconvenient and messy to end up with related emails fragmented and not easy to follow as a thread.

I get so many spam NDRs these days that I generally don't open them unless I can see that one is directly related to a mail I just sent.

If my ISP doesn't resolve the situation soon I will be forced to find another ISP and hope for better service..... a bit like being forced to change bank because your favourite Pizza parlour has had problems with a few credit cards from your bank. A daunting prospect for anybody whose used any bank / ISP for any length of time involving some considerable upheaval for you and all those you interact with.

[DavidT]

The lists it produces are used by some ISPs in ways that globally block mail servers of other ISPs.

Well, no, that statement is not correct as written, but I think Miss Betsy might have cleared that up for you.

It still seems to me like punishing the whole class because somebody made a bad smell.

No, that's not a good analogy. It's more like putting a group of people into medical quarantine because one of them has tested positive for a highly-communicable disease and the others might also be carriers. Or, another...here in the US we recently had to suspend the consumption of fresh spinach because some growers in California were carelessly allowing their crop to be contaminated with the deadly E-Coli bacterium. Therefore, it affected all the other growers from that area until the source could be identified and dealt with.

The SpamCop BL never blocks a whole range of IP addresses....just the single IP of the server which has been either sending to "spamtrap" addresses (which are secret) or been reported by users as sending them spam.

this huge rise in NDR's seemed to coincide with the onset start of globally blocked emails and the innevitable genuine NDR reports these produce

Wait...I'm not sure if you're clear on the distiction between *acceptable* and *unacceptable* NDRs. The ones that happen *during* the SMTP delivery attempt are fine. It's the ones that are sent *after the fact* to innocent victims who didn't even transmit the messages producing the NDRs that are NOT fine, and those are causing a lot of servers to be put on various blocklists. Your ISP (Orange, AKA Freeserve / Wanadoo ) must not only deal with spammers, they must also make sure that they are following the best practices in this regard.

DT

[Miss Betsy]

If my ISP doesn't resolve the situation soon I will be forced to find another ISP and hope for better service..... a bit like being forced to change bank because your favourite Pizza parlour has had problems with a few credit cards from your bank. A daunting prospect for anybody whose used any bank / ISP for any length of time involving some considerable upheaval for you and all those you interact with.

That's a sensible decision. However, you don't realize that it is not just spamcop blocklist that doesn't like whatever it is your ISP is doing. However, other spam filters may not have notified you that your email wasn't received. That's happening to me more and more.

Sometimes banks fall behind the times and you do have to change.

Miss Betsy