Discussion:
SpamCop Issues - Just Curious
User
2006-04-30 14:32:31 UTC
Permalink
To avoid being labeled as an outright complaint and/or gripe .......

Yes ..

I support SpamCop - purchase 50 mb at a time
I report EVERY spam regardless if trapped by SpamAssassin on my server
I will continue to support and report

Now, the question ..

What "good" is SpamCop doing to abate spam? The same spam just keeps
coming in day after day, week after week, advertising the same stuff,
eg., Viagra, Cialis, Stock Market Advisories, Hoodia .. all from what
appears to be from the same central sources and we continue reporting to
what seems like no avail.

Also appears that a great deal of this spam is channeled through
open-relays.

Looks to me like spam is just too large an entity to be addressed by
conventional methods ... Hmmm, perhaps a .44 Magnum would be a solution? :-D
Mike Easter
2006-04-30 15:26:02 UTC
Permalink
Post by User
What "good" is SpamCop doing to abate spam?
... also add 'abusive servers' which also get SC reported for such as
backscatter. Abusive servers definitely remedy themselves and abate
that abusive activity.

Generally the 'good' effect is not to abate spam, but to contribute to
the various overall processes of spamfiltering mechanisms.

- Rarely there is the possibilty that reporting to a spamvertiser
provider can inform a whitish-hatted provider about spamvertising and
result in that provider taking action against the spamvertiser. The
more general situation is that the spamvertiser provider's hat is not
white and the provider is not interested in the courtesy SC report

- Occasionally the spamsource providers who are notified about their
spamsources which are generally abused open proxy trojan user IPs will
take note of their insecurity and remedy it. It is not uncommon that
some whitehat server 'discovers' an insecurity as a result of spamcop
source reports or listings or blocked mail.
Post by User
The same spam just keeps
coming in day after day, week after week, advertising the same stuff,
Correct. SC doesn't do much of anything to actually descrease the
incoming spam.
Post by User
appears to be from the same central sources and we continue reporting
to what seems like no avail.
The avail is to contribute to the SCbl which aids me and many others
with one of our dnsbl spamfilters. There are antispam effects of
filtering the spam even when the filtering isn't actually a reduction in
spam. The more effective filtration is, the less people actually
'encounter' or see their spam subjects or have an opportunity to open
their spam and profit the spam process.

The spamvertisers which are 'indirectly' reported to the sc-surbl help
those who are using the surbl as a body filter.
Post by User
Also appears that a great deal of this spam is channeled through
open-relays.
The term 'open relay' applies to open smtp relays. I see virtually no
spam coming thru' open relays these days. Perhaps you mean injected an
an 'open' or available proxy trojan user IP. That is a different
mechanism than an open smtp relay.
Post by User
Looks to me like spam is just too large an entity to be addressed by
conventional methods ... Hmmm, perhaps a .44 Magnum would be a
solution? :-D
I tend to interpret those remarks as encompassing some 'frustration'
with spamload. IMO, the management of one's mailbox should be very
'painless' -- not frustrated by spamload. For me, virtually 100% of my
spam is channeled into a Junk folder which doesn't even appear 'before
my eyes' or in my 'range of consciousness' unless I choose to go visit
it. When I choose to visit it, in a matter of seconds it is reported to
SC. That reporting contributes to the SCbl. That SCbl is part of my
armamentarium of dnsbl/s which make up the 'shield' which channels the
spam into the Junk folder. So, my mailbox and my spamhandling is both
painless and self-reinforcing.
--
Mike Easter
kibitzer, not SC admin
Porpoise
2006-04-30 17:44:57 UTC
Permalink
<SNIPPED loads of stuff>

$server_owners = (ISP or MAILLIST_OWNER or PRIVATE_SMTP)
$unsavouries = (DRUG_RUNNERS or HITMEN or CROOKED_BUSINESSMEN or
[insert_your_own])
$absolutely_sure =
(SURE_TO_THE_BEST_OF_THEIR_ABILITY_AND_BEST_EFFORTS_TO_ASCERTAIN_WHO_THEIR_CUSTOMER_IS)


The main push of all this activity ISTM is to make $server_owners
responsible for the users they allow to use their servers and the security
of said servers being of a quality as to prevent unauthorised use of same.

There was a time when any bank could open an account for anyone walking
through the door with a bag of money - which could include all sorts of
$unsavouries. That is no longer the case, as banks now have to *know* their
customer and be $absolutely_sure that they are not opening an account for
$unsavouries.

I suspect most/a lot of people's wish would be for ISPs/registrars to have
to do the same with all their signups.......
User
2006-04-30 16:58:16 UTC
Permalink
On 30.04.2006 10:26, Mike Easter wrote:

--- Original Message ---
Post by Mike Easter
Post by User
What "good" is SpamCop doing to abate spam?
... also add 'abusive servers' which also get SC reported for such as
backscatter. Abusive servers definitely remedy themselves and abate
that abusive activity.
Yes, but in a minority of cases, IMHO of course, as witnessed by the
proliferation of spam coming from the same source(s) day after day.
Different spam, same server(s).
Post by Mike Easter
Generally the 'good' effect is not to abate spam, but to contribute to
the various overall processes of spamfiltering mechanisms.
- Rarely there is the possibilty that reporting to a spamvertiser
provider can inform a whitish-hatted provider about spamvertising and
result in that provider taking action against the spamvertiser. The
more general situation is that the spamvertiser provider's hat is not
white and the provider is not interested in the courtesy SC report
Unfortunately the "white hats" are outnumbered by the "black hats".
There's LOTS of $$$$ to be made in all facets of "spamvertising", eg.,
the beneficiary of the spam, the advertiser and the server owner.
Post by Mike Easter
- Occasionally the spamsource providers who are notified about their
spamsources which are generally abused open proxy trojan user IPs will
take note of their insecurity and remedy it. It is not uncommon that
some whitehat server 'discovers' an insecurity as a result of spamcop
source reports or listings or blocked mail.
Agree
Post by Mike Easter
Post by User
The same spam just keeps
coming in day after day, week after week, advertising the same stuff,
Correct. SC doesn't do much of anything to actually descrease the
incoming spam.
And THAT is where I think my disillusionment is centered.
Post by Mike Easter
Post by User
appears to be from the same central sources and we continue reporting
to what seems like no avail.
The avail is to contribute to the SCbl which aids me and many others
with one of our dnsbl spamfilters. There are antispam effects of
filtering the spam even when the filtering isn't actually a reduction in
spam. The more effective filtration is, the less people actually
'encounter' or see their spam subjects or have an opportunity to open
their spam and profit the spam process.
Filtering only hides it, doesn't address it but I understand what you're
saying.
Post by Mike Easter
The spamvertisers which are 'indirectly' reported to the sc-surbl help
those who are using the surbl as a body filter.
Post by User
Also appears that a great deal of this spam is channeled through
open-relays.
The term 'open relay' applies to open smtp relays. I see virtually no
spam coming thru' open relays these days. Perhaps you mean injected an
an 'open' or available proxy trojan user IP. That is a different
mechanism than an open smtp relay.
Approximately 25% of all spam I report to SC says:

xxx.xxx.xxx is an "open relay"
Post by Mike Easter
Post by User
Looks to me like spam is just too large an entity to be addressed by
conventional methods ... Hmmm, perhaps a .44 Magnum would be a solution? :-D
I tend to interpret those remarks as encompassing some 'frustration'
with spamload. IMO, the management of one's mailbox should be very
'painless' -- not frustrated by spamload. For me, virtually 100% of my
spam is channeled into a Junk folder which doesn't even appear 'before
my eyes' or in my 'range of consciousness' unless I choose to go visit
it. When I choose to visit it, in a matter of seconds it is reported to
SC. That reporting contributes to the SCbl. That SCbl is part of my
armamentarium of dnsbl/s which make up the 'shield' which channels the
spam into the Junk folder. So, my mailbox and my spamhandling is both
painless and self-reinforcing.
Not "frustrated" but rather puzzled as to the enormity of the spam load
and why "something" cannot be done. Passing any sort of legislation in
the U.S. is nothing less than laughable. It's BIG business, maybe too big.

-----------------
My Son, the *NIX guru to end all gurus (teaches *nix at the college
level) and the proverbial "can find humor in most anything", had nothing
better to do one day when he got another one of those "increase the size
of your penis" spams.

He calculated that if he took just ONE pill from EACH spam purporting to
lenthen by x number of inches, his member would have reached a total
length of 28.58341 FEET by now.

-----------------

Thanks for the "enlightenment" and I'm off to once again to edit my
server's SpamAssassin prefs.
Mike Easter
2006-05-01 00:00:52 UTC
Permalink
Post by User
Post by Mike Easter
Post by User
Also appears that a great deal of this spam is channeled through
open-relays.
The term 'open relay' applies to open smtp relays. I see virtually
no spam coming thru' open relays these days. Perhaps you mean
injected an an 'open' or available proxy trojan user IP. That is a
different mechanism than an open smtp relay.
xxx.xxx.xxx is an "open relay"
I would like to see that exactly. If you can post a tracker to one of
those items, I can comment on it.

A tracker looks like:

http://www.spamcop.net/sc?id=z931595589ze19c2f93bcb5c03ec48ca212323eda79z

and it is found at the top of the spam parse before cancelling or
reporting. If you want to use an old one you have already reported, you
can access it with a reportid which is a little complicated to explain
how to do, or you could just parse it again and copy the tracker and
then cancel the report and then paste the tracker here.
--
Mike Easter
kibitzer, not SC admin
User
2006-05-01 00:19:33 UTC
Permalink
On 30.04.2006 19:00, Mike Easter wrote:

--- Original Message ---
Post by Mike Easter
Post by User
Post by Mike Easter
Post by User
Also appears that a great deal of this spam is channeled through
open-relays.
The term 'open relay' applies to open smtp relays. I see virtually
no spam coming thru' open relays these days. Perhaps you mean
injected an an 'open' or available proxy trojan user IP. That is a
different mechanism than an open smtp relay.
xxx.xxx.xxx is an "open relay"
I would like to see that exactly. If you can post a tracker to one of
those items, I can comment on it.
http://www.spamcop.net/sc?id=z931595589ze19c2f93bcb5c03ec48ca212323eda79z
and it is found at the top of the spam parse before cancelling or
reporting. If you want to use an old one you have already reported, you
can access it with a reportid which is a little complicated to explain
how to do, or you could just parse it again and copy the tracker and
then cancel the report and then paste the tracker here.
Next time I report one, I'll post a tracker. Thanks ....
WazoO
2006-05-01 01:14:30 UTC
Permalink
Post by Mike Easter
I would like to see that exactly. If you can post a tracker to one of
those items, I can comment on it.
http://www.spamcop.net/sc?id=z931595589ze19c2f93bcb5c03ec48ca212323eda79z
and it is found at the top of the spam parse before cancelling or
reporting. If you want to use an old one you have already reported, you
can access it with a reportid which is a little complicated to explain
how to do, or you could just parse it again and copy the tracker and
then cancel the report and then paste the tracker here.
And yet .... there is a bit of work done on doing that ...
just so 'you' wouldn't have to type it all up again ...
"Getting a Tracking URL from a Report ID"
http://forum.spamcop.net/forums/index.php?showtopic=4498
User
2006-05-02 12:58:01 UTC
Permalink
On 30.04.2006 19:00, Mike Easter wrote:

--- Original Message ---
Post by User
xxx.xxx.xxx is an "open relay"
Dummy me !!!!

The message in the report is:

xxx.xxx.xxx. is an "open proxy", not "relay".

Sorry ... :-(
Mike Easter
2006-05-02 15:33:19 UTC
Permalink
Post by User
Post by User
xxx.xxx.xxx is an "open relay"
Dummy me !!!!
xxx.xxx.xxx. is an "open proxy", not "relay".
Now that makes sense. The vast majority of spams are being injected by
proxified trojan user IPs which are very often listed, most often in CBL
which gets them into XBL of spamhaus.

The parser's verbose informs about the proxy database listing like that.
--
Mike Easter
kibitzer, not SC admin
Kenneth Brody
2006-05-03 21:35:30 UTC
Permalink
Post by Mike Easter
Post by User
Post by User
xxx.xxx.xxx is an "open relay"
Dummy me !!!!
xxx.xxx.xxx. is an "open proxy", not "relay".
Now that makes sense. The vast majority of spams are being injected by
proxified trojan user IPs which are very often listed, most often in CBL
which gets them into XBL of spamhaus.
[...]

BTDTGML[1], due to a misconfigured router, which allowed anyone to use
its winsock proxy, not just local IPs. It took me a while to figure out
why all those outgoing SMTP connections were appearing in the status
window.

Of course, when you come here for help, with the "I screwed up, how do I
unscrew it?" attitude (as opposed to the "how dare you call me a spammer"
attitude), people here are more than happy to help you fix it. It still
amazes me how many people come here with the "how dare you" attitude, and
refuse to help others help them fix their problem, and simply want to get
SpamCop to stop listing them.


[1] "BTDT Got Myself Listed".
--
+-------------------------+--------------------+-----------------------------+
| Kenneth J. Brody | www.hvcomputer.com | |
| kenbrody/at\spamcop.net | www.fptech.com | #include <std_disclaimer.h> |
+-------------------------+--------------------+-----------------------------+
Don't e-mail me at: <mailto:***@gmail.com>
Loading...