thatsaspam Posted August 15, 2007 Share Posted August 15, 2007 My mail server has been blacklisted for sending email to a SpamCop spamtrap. Before I go on, I'll put my own philospohy on spam into perspective. I've been using SpamCop and other blacklists to try to manage spam, as a mail admin, for at least five years. I typically report something like 30 emails a day as spam - my logic on this is that anything that doesn't get caught by my mailer's auto-filtering gets reported (if I reported everything I'd be doing 250-300 a day, and unfortunately I don't have the time for that). So, I think this generally indicates that I am a "friend" of SpamCop, and not an obvious spammer. So, back to the listing. We have no PCs on our small network of about half a dozen machines - so no host has been compromised by malware (and there is no evidence to the contrary). I am the only user sending email out on a regular basis: in general that's as responses to incoming mail. We manage a few small lists, which have 10 - 5,000 users on them (in reality that's one big list and three-four small ones, for a total of less that 6,000 users). To put that number in perspective, the biggest list is an opt-in announce list that has been built up over a ten year period. This sends out mail on an intermittent basis, one mail every two - four weeks. This big list is also regularly trimmed for bounces (ie if we get three consecutive bounces on an address it is removed from the list), and requires verification to subscribe. Given the size and policy on this list I think it's fairly clear we aren't spammers. Additionally, just to note, the mail host hasn't been listed by users who have been receiving spam, but by automated spam traps. I can only think of two ways this could have happened: 1. Someone has managed to by-pass the verification process on the mail list subscription (bug in software, it can happen). 2. A bounce message from our mail host has been sent to a spam trap address, because that was the stated return address (the SpamCop help sheet says that this can happen). There may be other ways that other people can think of, but these are the only two I think are possible. If this is correct, then this indicates that the SpamCop spam trap addresses are known, and that someone is using them maliciously to undermine the effectiveness of the system. The help sheet in this area says that SpamCop will not supply the "spammer" with information about the spam trap reports. I have emailed the SpamCop admin and not yet received a response (setting out my concerns as above). So, my question is: how do I track down an apparently verified list subscription address, when I don't know the email address or even the list it was sent from (most probably the big list, but not guaranteed), or how do I deal with bounces (which I think should be sent to indicate a problem to the sender) when the sender may be a compromised spam trap address? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.