splitcc Posted May 16, 2007 Share Posted May 16, 2007 Hello, I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed? Other RBLs do the same? Only that Thanks! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 16, 2007 Share Posted May 16, 2007 I just have a question about SpamCop. When a spam report is received, which IPs are black listed, the real source of the spam message or the relays through that message has passed? Other RBLs do the same? Quick, 5000' view: SpamCop attempts to work back as far as it trusts, normally that will be the source. There are providers that hide that information, however which would lead to their IP's getting listed. If there is a relay hiding the source information (i.e. corrupted PC), that will be the source. For more information, check the FAQ linked at the top of every page (SPAMCOP FAQ), specifically: SpamCop Blocking List Service ->What is on the list? Every block list has their own criteria for listing which is why you would usually want a few different ones. SpamCop specializes in stoping spam runs as they happen. It is quick to list, but also quick to delist IP addresses when the spamming stops. Link to comment Share on other sites More sharing options...
splitcc Posted May 16, 2007 Author Share Posted May 16, 2007 Hello again, thanks for the reply. The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few... Regards, Alvaro. Link to comment Share on other sites More sharing options...
Wazoo Posted May 16, 2007 Share Posted May 16, 2007 The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages Not necessarily true that the "first IP address" = "real source" ... , if a spammer uses some server to relay it through There are other BLs that work with "open relay" issues. or uses a stolen account on a server, One of the things you seemed to have skipped over is the bit of math involved in a SpamCopDNSBL listing/de-listing .... if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few... Blocking based on the SpamCpDNSBL is not recommended by SpamCop.net itself. It is suggested that the SpamCopDNSBL be used in conjunction with other tools to score, tag, handle suspected spam. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 16, 2007 Share Posted May 16, 2007 The problem that I see to this is that if is only black-listed the real source (the first IP) of the spam messages, if a spammer uses some server to relay it through or uses a stolen account on a server, if I use SpamCop on my MTA, those messages wouldn't be rejected, am I right? May be, those cases, are few... That would only be an issue if you are ONLY checking the connecting IP address as well. SpamCop (and I understand other implementations) checks all IP addresses in the received lines. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.