[Resolved] OpenOffice.org email server blocked

[Merlyn]

figures

[DavidT]

As I mentioned before, perhaps this user is not the original owner of the address this is being sent to.

Aw, c'mon...that's pure hypothetical speculation. It's MUCH more likely that they're just reporting stuff without being careful...it happens ALL the time! I've produced PLENTY of proof of that here before.

I have not gone back over this topic, but have you contacted the deputies and gotten a response on this issue?

I put the OpenOffice people and the SpamCop people *and* the IronPort people all in touch over this last year. Yes, there was plenty of communication. What we have here are users making bogus reports.

DT

Quoting Ellen:

I have no idea how they form their maillists; whether they use

closed-loop or any other means of ensuring that the owner of an email

address wants and expects to receive mail.

If the person with responsibility for that IP and/or the openoffice

mailings wants to write to us to discuss this please pass along our

email address: deputies[at]admin.spamcop.net

Been there, done that. In fact, Don D'Minion revoked the reporting privs of one of the boneheads who was doing this before. That was in December, 2006. Then, over a month later, it happened again, so I alerted both the OpenOffice.org people and the SpamCop Deputies. Don got confused at that point and broacast my personal email address to the four errant SpamCop reporting system users (Merlyn, that should help explain part of the "attitude" issue).

As for Ellen's Q about the nature of the lists....to quote one of the OO.o admins:

The majority of these messages appear to be posts to the

users[at]openoffice.org mailing list -- which is a confirmed opt-in list,

with clear unsubscribe instructions contained in both the headers and

the footer of every message.

Any questions? I know what I'm talking about here....the reports are bogus. As a SpamCop user (and paying email customer) I get frustrated when I see misuse of the SC system.

DT

[Miss Betsy]

It is good for the Open Office people that you are keeping tabs especially since spamcop doesn't, apparently, keep records of prior communications.

However, why are the OpenOffice people not doing something when they get spamcop reports? I know many whitehat admins don't like spamcop reports because they are almost always reporter error. What I don't understand is why they can't politely tell the reporter/spamcop. It seems to me that the spamcop method of reporting spam is infinitely superior to other methods of spam filtering where there is no way to find out /why/ an email didn't make it. The problem is that it is not easier for the server admin, only the customer.

OpenOffice admins should be looking after the interests of all the OpenOffice subscribers (the customers) who are responsibly subscribing and unsubscribing by chasing down the ones who aren't and are causing newsletters to be considered spam. At least with spamcop there is a report and therefore a heads up. With systems that just 'learn' from 'this is spam' button pushers, there is no way to know why suddenly a newsletter is not going through to the ones who have subscribed responsibly.

Miss Betsy

[DavidT]

Now, Miss Betsy's tone and point is much more reasonable, and if I were part of the OpenOffice.org team, I'd probably be doing exactly what she suggests. However, they've done nothing wrong, and they shouldn't really have to. My primary point is that there are people using the SC reporting system who are careless and who are damaging the reputation of the SCBL by their carelessness.

DT

[StevenUnderwood]

Now, Miss Betsy's tone and point is much more reasonable, and if I were part of the OpenOffice.org team, I'd probably be doing exactly what she suggests. However, they've done nothing wrong, and they shouldn't really have to. My primary point is that there are people using the SC reporting system who are careless and who are damaging the reputation of the SCBL by their carelessness.

And the only way these things get fixed (i.e. incorrect reporters get punished) is when the reported parties, complain about the problem. If OpenOffice.org is receiving invalid reports, does nothing, and ends up listed, part of the responsibility is theirs and the major inconvienience is also theirs.

They need to provide the proof to spamcop that the reporter is the person who signed up. Then the reporter can be dealt with.

[DavidT]

If OpenOffice.org is receiving invalid reports, does nothing, and ends up listed, part of the responsibility is theirs and the major inconvienience is also theirs. They need to provide the proof to spamcop that the reporter is the person who signed up. Then the reporter can be dealt with.

Sounds reasonable, except that it winds up costing them money in staff time to refute the false reports, and that's inherently not fair. Can you imagine how much money is wasted every year on frivolous lawsuits? They wind up costing real money for the innocent defendants, unless things progress far enough to the point where a judge orders the plaintiff to pay the legal costs.

I'm not sure that organizations such as OpenOffice.org have any choice but to spend the time and energy necessary to defend themselves from false SpamCop reporting. The people responsible for their outbound mail servers are receiving reports and may very well be challenging them...only the Deputies would be able to determine that. As a SpamCop Email customer, I want the SCBL to be as accurate as possible, and it irks me to see continued false reporting of messages that are clearly NOT spam. I've commented here to add to the "historical record" for others to stumble upon, in order to document that not all of the reporting that feeds the SCBL is valid, and should be questioned. Too often, I see the denizens here defending the system as if it were more perfect than it actually is.

DT

[StevenUnderwood]

Sounds reasonable, except that it winds up costing them money in staff time to refute the false reports, and that's inherently not fair.

Part of the cost of doing business.

[kamaraju]

However, they've done nothing wrong, and they shouldn't really have to. My primary point is that there are people using the SC reporting system who are careless and who are damaging the reputation of the SCBL by their carelessness.

I agree with you here. It is spamcop's (user or admin) reporting process that is at fault here. Openoffice mailing list managers are doing it the right way. I hope spamcop's admins will rectify this problem...

raju

[Merlyn]

I agree with you here. It is spamcop's (user or admin) reporting process that is at fault here. Openoffice mailing list managers are doing it the right way. I hope spamcop's admins will rectify this problem...

I do not agree. the proof is on them not spamcop.

[Miss Betsy]

Sounds reasonable, except that it winds up costing them money in staff time to refute the false reports, and that's inherently not fair. <snip>

Life's not fair. I shouldn't have to report spam or JHD. The point is (and your point also) that if everybody did what they were supposed to do, the system would work better. Everyone makes mistakes so both reporting and responding to reports needs to be done.

<snip>As a SpamCop Email customer, I want the SCBL to be as accurate as possible, and it irks me to see continued false reporting of messages that are clearly NOT spam. I've commented here to add to the "historical record" for others to stumble upon, in order to document that not all of the reporting that feeds the SCBL is valid, and should be questioned. Too often, I see the denizens here defending the system as if it were more perfect than it actually is.

Life isn't perfect. A while back a mailing list manager of a PAID list posted here wondering why someone who /paid/ for the list would report the newsletter as spam!

Miss Betsy

[DavidT]

I do not agree. the proof is on them not spamcop.

In the USA, it's generally "innocent until proven guilty," Merlyn....NOT the other way around.

DT

[Telarin]

That may be true in criminal court, but doesn't generally apply to other areas. Espcecially where the internet is concerned, a much better policy is suspicious until proven otherwise.

As you yourself said, we are not talking about a huge volume here. One or two reporters in a six month period causing a problem for a large mailing list is certainly not an unreasonable volume to deal with. All it reaquires is someone to click the link in the report and tell the deputies that the reporter has subscribed to that mailing list. If they want to save a back-and-forth exchange, they can even provide evidence of the subscription in that first email and the deputies will handle it from there.

[DavidT]

As you yourself said, we are not talking about a huge volume here. One or two reporters in a six month period causing a problem for a large mailing list is certainly not an unreasonable volume to deal with.

True...not a huge volume, but it was enough when this all started to put their server on the SCBL, and it appears to be more than "one or two reporters" (but not a lot more). I've kept on top of this particular situation to document that there's a problem with the choices made by at least some SC reporters (so this topic could actually be taking place in the Reporting forum, had it not originally involved the BL).

I'm thinking that with some proven "white hat" servers, an "alert flag" could be triggered for Deputy inspection when people report them....but that's probably a "feature request" and I don't think it would have much of a chance of getting anywhere.

DT

[Miss Betsy]

In the US, I have to show proof of identity if I want to use a check to pay for my purchases and I have never, ever written a bad check.

Business owners have to do all kinds of things (which are added to the cost of purchases for 'innocent' customers) to protect against the few bad hats. Internet businesses must realize that doing business on the internet also creates costs.

Spamcop does its job by notifying the business that there is a report. If it is erroneous, then the business needs to do something about it to protect its other customers. When it is not erroneous, then the business needs to correct the problem. Spamcop does fine and suspend users for erroneous reports, but cannot do so if it is not notified. The problem with a 'flag' is that if there is a mistake on the sending end (and people do make mistakes like when changing servers, forgetting to turn off the open relay), the business is not promptly notified - the entire purpose of spamcop particularly for whitehats.

Miss Betsy

[turetzsr]

...DT, the only thing I can suggest is to keep working on Don and the Deputies. Complaining in a user forum does not really get the problem fixed (although I appreciate your alerting us users to this problem, even if we sometimes seem to not want to hear it).

...Good luck, I hope this eventually gets resolved to your satisfaction -- I don't think any of us wants SpamCop to get the reputation of permitting repeated false spam accusations.

[DavidT]

Thanks, Steve. I'll try to take your advice, but Don and I have some "issues."

A propos to this topic, in another topic/thread, I had identified a LOT of false reporting of the occasional newsletters sent out to registered users of the JAlbum web photo album software. Another newsletter just went out yesterday, and so I checked for SpamCop reports on the IP of the sending server, and sure enough, there were two false spam reports:

Submitted: Friday, June 08, 2007 10:32:35 AM -0700:

JAlbum newsletter: Skins and Photo book

* 2325434771 ( https://jalbum.net/skins ) To: ripe[at]bahnhof.se

* 2325434767 ( https://jalbum.net/donate.jsp ) To: ripe[at]bahnhof.se

* 2325434766 ( http://jalbum.net/skins ) To: ripe[at]bahnhof.se

* 2325434760 ( 213.136.35.49 ) To: ripe[at]bahnhof.se

Submitted: Friday, June 08, 2007 6:46:22 AM -0700:

JAlbum newsletter: Skins and Photo book

* 2324737065 ( 213.136.35.49 ) To: ripe[at]bahnhof.se

I have alerted the owner of JAlbum and suggested that he obtain the reports from BanHof.se. I suggested that he challenge the reports.

It *really* irritates me that there are stupid reporters out there submitting false reports that feed the SCBL.

Some of you may think otherwise, but....you'd be wrong.

DT

[DavidT]

Another OpenOffice.org newsletter was sent out today, and yet again, we have stupid SpamCop users (actually only one stupid user so far, but give it time) reporting the message as if it were spam (and it's NOT!).

Submitted: Monday, September 10, 2007 2:46:34 AM -0700:

[ooo-announce] IBM joins the OpenOffice.org Community

* 2491061634 ( http://www.openoffice.org/press/ibm_press_relea... ) To: abuse[at]collab.net

* 2491061630 ( http://www.openoffice.org/press/ibm_press_faq.html ) To: abuse[at]collab.net

* 2491061627 ( 204.16.104.2 ) To: abuse[at]collab.net

I'll contact the Collab.net abuse folks and let them know that they ought to nip this in the bud, before their IP address winds up on the SCBL again.

DT

[DavidT]

Update: a helpful forum user suggested that I bypass the Deputies and send some queries to the "reports.spamcop.net" addresses associated with the bogus OpenOffice.org spam reports. I just did, and I received a positive response from a mail server admin, who said that he would:

make a change to our mail server so it can not report as spam if openoffice.org is in the from address

DT

[turetzsr]

<snip>

I received a positive response from a mail server admin, who said that he would:

make a change to our mail server so it can not report as spam if openoffice.org is in the from address

...If I were a spammer, that bit of information would be very valuable to me, wouldn't it? <frown>

[Farelf]

...If I were a spammer, that bit of information would be very valuable to me, wouldn't it? <frown>

Good point - time will tell. I suspect the overwhelming majority of the little baskets don't work that hard at their 'trade', on the assumtion that one of them would own the observable universe by now if they did. I guess this becomes an inadvertent test of that hypothesis.

[Wazoo]

To be honest, it's that other bit of How to .. that got my attention. Yes, the capability was always there to 'use' a Report-ID, but ..... that it's now been pointed out clearly, with a suggested usage ... a bit of an ouch there possible for some ....

[DavidT]

Update: another OpenOffice.org newsletter went out today and lo and behold, two idiot reporting system users have already reported it as if it were spam. I've sent queries to:

(removed)[at]reports.spamcop.net

[second address removed on edit, because the user responded--in ALL CAPS, what a....--and promised to stop]

asking them why they keep reporting these non-spam items as spam and told them that I'd report them to the deputies. I'm tired of people being allowed to report non-spam as if it where spam, so I guess I'll just keep after these idiots until they either stop on their own or get the deputies to hit them with a clue-stick.

Another update: I checked the reporting history again and another user has carelessly reported the OOo newsletter:

(removed)[at]reports.spamcop.net

I've written to them and am awaiting their response.

[update] Got a very nice response from the most recent reporter, confessing to his mistake and promising to be more careful. I'll take another shot at this when the next OOo newsletter gets sent out. I think that reports on obviously good senders such as OOo should be flagged by the system for Deputy intervention/action.

DT

[Farelf]

... Yes, the capability was always there to 'use' a Report-ID, but ..... that it's now been pointed out clearly, with a suggested usage ... a bit of an ouch there possible for some ....

Heh, winks and nods to blind horses etc (previous post). Yet the clues have been 'out there' for ages (easy enough to say in retrospect, to be sure), I thought Don had even mentioned it in clear terms recently but I must have been mistaken. Not something to add to the FAQ/Wiki presumably - yet what is the harm, actually?

[Wazoo]

The "you could use yours" thing was the somewhat given. It was the "you could use someone else's" that has never been specifically pointed out before (on SpamCop.net turf) ..... the general thought being .. only someone devious would even dare think of such a thing ..... that naive, trust thing yet again I suppose ..

The last time that this actual bit of knowledge came up ... spammers were using those same addreses in their spam directly. Seems like that was over a couple of years ago .... back in the "it was normal to seek revenge" days ....

[Farelf]

...The last time that this actual bit of knowledge came up ... spammers were using those same addreses in their spam directly. Seems like that was over a couple of years ago .... back in the "it was normal to seek revenge" days ....

Thanks for that, and it was then compounded by one or more things going wrong to allow +30 day reports to be used (failure to 'retire' expired report IDs, failure to adequately filter) IIUC.