Slashdot Mirror

The same thing is happenning to me. If I determie that they are trying to make a commercial profit with the e-mails, I send it to spamcop. Otherwise I leave them alone.

Filtering is not a true spam solution. All it takes is for one false positive on a Really Important Email and be accidentally deleted to totally destroy the value of any filtering system.

One of the side effects of spam is that there are no "Really Important Emails" any more. Spam and spam filters have degraded the reliability of email to such an extent that you'd have to be crazy to send anything Really Important by email.

Right now, I get 60-80 spams a day. What happens when I start getting 600-800 a day?

That's a good point. The solution is to get less spam. You can do that by changing email addresses frequently (a really inconvenient solution that I don't recommend), or by getting spammers shut down (or yourself listwashed by the spammers).

Let the spammers know that if they send something to you, they'll lose money, and they won't send you so much spam. SpamCop reporting makes this easy. If you want to be listwashed, don't munge your address when you send reports. (This is an option with SpamCop.)

Some people claim that you'll get more spam or get listbombed or something if you send complaints without munging; that's not my experience. I get 20-30 spams per day, total, at all of my 4 publicly available email addresses. (Ninety to 95 percent of them get caught by the SpamCop filters, which have almost never caught valid email.)

Spamcop is very good for reporting Spam. It analyzes the headers automatically, and I think it's very good at doing that. I report all my spam via Spamcop. Quite a lot of spam comes from China, but it's all over the world (there's a lot of spam from servers in Brazil, for example). There's nearly always someone to report to - if there's an open relay that doesn't add useful Received headers report to the upstream provider of that open relay (and saving IP addresses to lists is useful). As far as I know, Spamcop does all that and although it takes a few seconds extra effort per spam mail, I prefer reporting to just deleting.
What Spamcop does, as well, and which is perhaps even more important, is reporting to upstream providers of spamvertized websites. While spammers can switch mail servers very easily, it causes some additional work or cost for them if they have to upload their websites again and again because many free webspace providers spammers use remove spamvertized sites (you can also report e-mail addresses in the mail body, but that's off by default because you could easily lart yourself since spammers often include recipients' addresses in the body).
I'm very satisfied with Spamcop, and while there are certainly administrators who don't care about spam, but others do and I think especially fast reporting of fresh spam (to administrators/upstream providers of both mail sourse and spamvertizes sites) can help a lot in the fight against spam.
Spamcop also offers filtering (based on mail source). I personally found the filters not really usable - an unacceptable number of false positives and also a lots of false negatives, probabilistic content-based filtering we have heard a lot about recently are certainly better. However, even without using this filtering, I have registered for this paid service because it also makes reporting even faster (just a few clicks) than with the free web-based interface (where you have to use copy-paste). So, it doesn't take too much time to report every single spam mail (at least in my case, I don't get that much spam mails, after all).

Praed argued, very eloquoently & persuasively (hey, he's a lawyer :) that there are laws on the books banning spam in nearly every state. All you have to do is find a way to bring those laws to your assistance. In particular, note that:

• Ever have a hard time tracking down a spammer? Ever have one that spoofed message headers? Gee, that sounds like fraud, doesn't it? Indeed it does -- much or even all spam can be considered as fraud, and as such you can attack it from that angle anywhere in the country.
• Laws are pending in various jurisdictions to outlaw spammers' bulk mail software. The catch here is that there is a lot of legitimate bulk mail software that can be abused -- think majordomo, MailMan, etc -- so any laws crafted will have to include clauses that protect legitimate use of such software while banning UCE somehow. Watch for this to develop over time.
• Suggestion: if you get spam that mentions a trademarked product (Viagra, pirated copies of well known software, etc), forward the message to the holder of that trademark. They will almost always be keenly interested in this abuse of their trade name, and will take it upon themselves to go after the spammer.
• If you are in the habit of reporting spam to an organization like SpamCop, do so as quickly as possible: spammers are getting in the habit of leaving their ads up long enough for recipients to respond to, but pulling them down before investigators get a chance to scrutinize anything. The faster these groups can analyze the sources of spam, the better the chances of getting all the way back to the source.
• Final and most important point: the precedent set by the Verizon vs. Ralsky case was very valuable to anti-spam efforts. First, that spam prosecution can be carried out in the jurisdiction that the harm occurred, not where the person doing harm was when causing it. So if California has anti-spam laws, they can potentially be used no matter where the spammer lives. Praed practices law in Virginia, so I'm assuming that their laws are amenable to this kind of application. Second point: ignorance about an ISPs acceptable use policies (AUP) are no defence in court -- certain etiquette standards have emerged over time, and it is assumed that the sender of UCE has to be aware of these standards. As a result, if your ISP has an AUP that forbids UCE, this can be a tangible protection for you in court. This is very good news!

As a lawyer that has successfully prosecuted a number of spammers, Praed was able to talk about all of this with some authority. He cautioned everyone though that laws will never eradicate spam -- as he put it, "people still rob banks since that's where the money is". But legislation & prosecution can still be a very valuable tool in fighting spam, and an important supplement to things like better mail filters. This is a big problem, and is going to need a variety of tiered solutions to control it.

I'm not very tech-savvy, though I admire those who are. I hate spam, and used to get lots of it. Here's my fixes.

My ISP makes Brightmail spam filtering available to all users at no cost... if they opt in to it. All Brightmail's catches are held in a spam folder until you get round to reviewing and deleting them. It takes a couple of clicks to wipe out a dozen spams.

Anything that gets through Brightmail then is filtered through the Spamcop mail forwarding service I've set up - my ISP allows me multiple email ID's, so I don't download or read the "public" one any more. Anything that's blocked by Spamcop is ipso facto more insidious than the Brightmail harvest, so I happily punish the "clever" spammers by reporting them to their ISPs, web hosts, etc. With Spamcop's "quick reporting" option, it only takes a couple of clicks to report dozens of spammers.

Not much gets through both. If it does, I delete it. The problem's become almost invisible to me.

(I'd still kinda like my own Bayesian filter, though...)

• Open Relays Database ORDB
• Osirusoft RBL
• Spamcop
  
• And Postfix and it's great spam filtering options.

I experienced some real anxiety, when I opened up my mailbox, and saw sixty odd "undeliverable" messages. But it turned out it was all addressed to a userid I hadn't used in almost six years. That ISP kindly agreed to keep forwarding my old email. This was useful for the first year or so. From then on all it got me was the occasional SPAM.

Then the SPAM grew more frequent. And, more recently, I started getting SPAM addressed to me under the name Joan.

Then, in late November of last year I got the same flood of undeliverable messages bmooney describes.

I found it very surprising how many ISPs could not detect that the messages were SPAM. Most ISPs didn't bounce back enough to submit a report to http://spamcop.net. But some did. And I reported those. Altogether I got about 600 warnings and error messages.

At first I was getting about fifty or so a day. But then they slowed to a trickle.

I can't understand what advantage there is for a SPAM artist to forge a real address as the author of their SPAM.

I suspect that the arrival of SPAM addressed to "Joan" marked the beginning of SPAM artists using this userid. The forged userid was accompanied by dozens of made up names. I suspect that one SPAM artist mistakenly harvested the forged name Joan from a previous SPAM campaign.

One of the other respondents to bmooney's article has reported their userid too has been forged into SPAM, and they estimated 150K messages went out. I was curious how many messages went out under my old userid. How would one make a reliable estimate, based on the number of undeliverables?

My SPAM artist was trying to sell penis enlargement.

I too only received a single reply from a live human being, who couldn't tell that the message was SPAM, and replying was useless. I got a couple of dozen messages from people who had set up autoresponders, because they were on vacation.

---
We have just released 2 Million freshly extracted Canadian email addresses.

Just for this week, you can download these for only US$29!

Now you can send emails to only people who reside in Canada.

To order yours, please fill in the form below and email it back to ***********@btamail.net.cn
Make sure you put "ORDER" in the SUBJECT line.
---
(addressed blanked out, I don't want to send them more business!)

I know I've sent tonnes of complaints to the ISPs involved with btamail (though SpamCop), but I wonder if there's a more direct or effective approach... especially since I'm certain they're pimping out *MY* E-mail address in their "freshly extracted" batch.

Yeah. I'm bitter.

Has he completely missed that point?

I'd have to say, yes.

Personally I use Spamcop's RBL and reporting service. I check the held mail page a couple of times a day. I have yet to see a legitimate mail be blocked and it's reduced the number of spams a day I get from hundreds to 2 or 3.

Maybe some RBLs still work the way the author decribes but from what I'm hearing that's not the way many work now. Now it's more like a reporting user recieves a spam (hopefully very near the start of the spamming run) and reports it. The reporting system works out the most probable source and lists it (due to the fact that spoammers often move within a netblock the netblock rather than the individual IP address has to be blocked for the RBL to be effective), the system also mails the admin address for the appropriate domain (and any listed interested third parties) with the information required to identify the spammer and asks them to deal with them. That IP address is also monitored by the RBL. When the spammer stops sending spam or the administrator informs the RBL operator that they've dealt with the problem the netblock is taken off the RBL.

If the mail system administrator are on the ball and not asleep at the switch there's no reason why the total time from a netblock being entered into an RBL to being removed need be more than a couple of hours. If they're crap at their job or beligerant then they don't deserve honest customers.

The complaints made by the author of this paper are very reminisent of some of those I've seen on antispam/pro-RBL mailing lists from spammers who've had their spams stopped by RBLs. Draw your own conclusions, but I'm inclined to go with "If it looks liek a duck, it quacks like a duck nd tastes great with plum sauce...".

Stephen

I agree to that - if You're going to use the SpamCop BL, use it to tag email, not bounce it!

SPEWS will flag far less non-spam email, and I use it to bounce at the first connect attempt.

Now, if you are on a "spam-friendly" ISP like my "anon coward" brother above probably is, SPEWS is not your friend - and rather than get their ISP to clean up, these posters just whine and say how evil SPEWS is.

Take your $ and move brother, why support a sleazy ISP, why not support a clean one? I know I do.

We ditched SPEWS and started using SpamCop's BL. Much nicer

Except that the SCBL is currently experimental. It specifically says it should not be used to block mail.

The fact that you are posting as an AC makes me strongly suspect you are one of the spammer sockpuppets running AntiSpews.

I don't use it (don't have my own server) but as far as I'm concerned, SPEWS is doing a great thing. Namely, applying pressure to ISPs to not support spam in the first place.

Why even bother with Spews? Why not Spamcop, who doesn't block half the planet?

SpamCop's blacklist announces hosts with a bad no-spam/spam ratio. As a result, non-US freemail providers tend to end up in SpamCop's blacklist.

SpamCop is honest and they warn that the blacklist should only be used for tagging, but many people ignore this advice.

We use spamcop.net at work. It's gets 95% of the spam. The thing which made us move on it was female employees complaining of sexually explicit spam from porn sites--with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.

Unless a company makes a best effort to protect people from exposure to offensive material (as defined by them, within reason), the company could be sued by the employee for creating a hostile workplace. While I haven't heard of cases of this yet, it's only a matter of time. (I hope I didn't give anyone any ideas here...)

We've been experimenting with spamassassin, and it's roughly as good as spamcop (as to how much spam gets through to the end user), but it's free. Note: spamcop and spamassassin have to completely different approaches to determining what is spam.

[...] spammers have a harder time getting work addresses. They're a lot less likely to be on public web pages, they're not used in chat rooms and they're much harder to generate by brute force.

This may be a bit dated, but a newsgroup post from January has Alan Ralsky's registration information with his PO Box as follows:

Alan Ralsky
PO Box 89
Fort Smith, AR 72903

Is there any way to verify this?

If you're paying any attention to the From: header then you obviously know very little about spam tracking. Just submit the full message to SpamCop and they'll sort out the offenders 99.4% accurately.

Also, commercial spam by definition cannot be totally faked, because they have to include some way for money to travel from you to them.

The "spam queen" was on NPR this morning (this link works but the audio's not available yet as I write this, and NPR might prefer you go thru npr.org, "audio archives" link).

She seems to be on a public relations campaign for spammers in general. She's not identifying a sponsor -- perhaps the the Direct Marketing Association (more here) -- but I doubt she'd deliberately attract so much attention without some reward. Maybe she's just drumming up more business this way. She made her usual claims that she never sends sex-related spam (i.e. porn or herbal viagra), never emails anyone without their permission, and advises listeners if they receive unwanted commercial email they can simply click the opt-out link included in each message. How very helpful.

Anyway, she reports there are more lawsuits in progress against anti-spam organizations, presumably including voluntary blackhole services. She identifies SpamCop as an unethical services because they allow anonymous reporting, and she argues she has the right to confront her accuser -- the interviewer, naive and non-confrontational, doesn't ask how she thought this right applied outside of a court trial, in a voluntary system (not to mention if "joe-jobs" are protected by the constitution). Actually he missed a lot of questions that would be obvious to the average /.-er.

Spammers are an organized, moneyed interest that is lobbying Congress in the US, and will presumably do the same in other countries where it serves them to do so. Spamming may be getting harder, but counteracting spam is also getting harder. ISP's in financial distress will tend to make business decisions to aid spammers in whatever way is still legal.

Email as we know it could become unworkable, and a new protocol may be necessary. As Aunt Tilly gets hooked by more email fraud, and receives more animated .GIF's of women having sex with farm animals, I think the incentive for most users to abandon traditional email will be there when the technology becomes available.

I have tried both http://www.mailcircuit.com and http://www.spamcop.net . Both are usable, neither is good enough yet for all. Mailcircuit ($20/year) will drive fellow email list users ape because it does not allow whitelisting, so its ping-pong email acceptance messages get thrown all over the place, i.e., adding its own spam population. Spamcop ($30/year) does not have ping-ponging, and so does allow three or four garbage messages per month through, but its reliability is excellent. I use Spamcop now, but will switch if I find something different which does everything I want. On the other hand, Spamcop is in heavy development (and it is nonetheless extremely reliable, I get tons of email every week), and their people reliably respond to email queries; whereas Mailcircuit told me they would solve the problems of which I spoke to them, and did not, and belatedly claimed that it was impossible (give me a break).

What is needed, in my opinion, is such a service with (a) whitelists, (b) ping-ponging, (c) blacklists which /dev/null instead of holding, and (d) the ability to do everything through SMTP/POP3, i.e., to never ever have to use webmail or web interaction, to do everything by automated email commands.

Crud. Well, copy and paste then. :)

If someone can't be bothered to do that, that bug is preventing pasting of more than 4000 bytes from other apps into Mozilla. 4kB ain't much, for example pasting spam mails into SpamCop forms usually won't work, most spammers aren't too considerate about the size of their spam... :-P

I get about 5-7 per day, on average. Not 200, but to have to get rid of 5-7 messages per day (and report them to spamcop) is very, very irritating.

No one should have to abandon an e-mail address because of unsolicited e-mail, especially (as in my case) if they've had their account for five years, and all of their friends and relatives know it...

Ever heard of confirmed opt-in? See this link for info. This basically prevents evil-doers from signing up your email for a /. account without permission.

Upon clicking the button, O/OE would parse the message header, lookup the source IP in WHOIS and contact all necessary parties to report the spam.

Sounds like a poor man's SpamCop. It doesn't work. The reports go to the wrong people, and they just end up setting up filters to bin anything from SpamCop rather than deal with so many false reports.

A knowledgable reporter might be able to minimise these false reports, but you're talking about my grandmother. No way can she work out where the reports should go, she'll just hit "Go!".

You're just adding to the problem.

Since he lives in west bloomfield and his lawyer (who probably lives near by) lives in bloomfield hills, I was able to find this map to his house, and the following from spamcop.

Aliases and Addresses
Name: Alan M Ralsky 5016 Patrick Rd. West Bloomfield, MI 48322 248-661-3355
Aliases and Addresses
Jeff Kramer 6567 Long Lake Road Birmingham, MI 48009
Domain Name: cambridgewater.net
Jeff Kramer (COCO-227918) aral54

Additional Benefits
2121 Richard Ave W. Bloomfield, MI 48322 248-200-3492

Creative Marketing Zone Inc 5016 Patrick Rd West Bloomfield, MI 48322

Sam Smith (MAILSVC2-DOM) 200 W. Long Lake Drive Troy, MI 48332 US
Domain Name: MAILSVC.NET
Smith, Sam (SS9752) aral

William Window (template COCO-265759)
4512 Westside Royal Oak, Michigan 48098 US
William Window (COCO-265759) aral54
+1 248 544 4314

Alan Ralsky, (AR1574) aral
Sav-Rx (RXPOINT-DOM) Domain Name: RXPOINT.COM
9439 N Leamington Skokie, IL 60077
(847) 677-5516 (FAX) (847) 677-5329

Alan M Ralsky, (AMR43) amr1
Additonal Benefits 5016 Patrick Drive
West Bloomfield, MI 48322 1-248-661-3355 (FAX) 1-248-661-3054

AB Internet 528 S. State St. PMB 523
Ann Arbor, MI 48104
(There is no building face with that address on it. There *is*, however, a building that accepts that mail - the University of Michigan Student Union, and the Mailboxes, Etc. that is housed therein.)

rxpoint.com
5016 Patrick Rd. West Bloomfield, MI 48322

MPI Global 5016 Patrick Road W Bloomfield, MI 48322
(248) 661-3355

mpiglobal 25514 Graceland Dearborn Heights, MI 48125US

Ray Esseily mpiglobal.com
25514 Graceland Drive Dearborn Heights , MI 48125
1-313-278-8845

I personally use both Razor and Spamassain, and between them I get very little left over spam, and no false positives.

For all you americans out there, sue a spammer, make him/her pay for all loss of productivity he/she has caused. It'll make you rich, and perhaps make spammers think twice before clicking that send button.

Or, translated to Slashdotese:

1. Hire lawyers
2. Set up spam reporting service
3. Sue the pants off spammers
4. Profit!

True, excellent point.

I've also been thinking of implementing my own spam filter here, but after receiving tons of spam advertising "viagra", "viagrea", "wiagra", and "\/iagra" I realized the majority of the problem, and continued my volumteer work for spamcop.net and ordb.org.
I believe it's an effective method, as long as the mailserver administrators can straighten up a bit.

Another thing is the spammers behaviour and ethics. So they offer me viagra and university dimplomas, even though I didn't ask for it, then fine. My life goes on. But my bigger concern are the younger surfers. Kids, maybe as young as 8 or 9 years old with their private @hotmail.com address, who knows how much porn offers and links they receive each day? How can spammers sleep at night when they expose the youngest to something like that?

-skurk

Software that only does mail filtering encourages spammers. The technically knowledgeable people don't get spam, so they stop worrying about it.

All mail filters should also use a service like SpamCop, so that the spammers lose their internet service accounts as the spam is filtered.

I send Spamcop all my spam. Spamcop analyzes it automatically and sends a message to the Internet Service Provider. I use the free Reporting only service.

Software that only does mail filtering encourages spammers. The technically knowledgeable people don't get spam, so they stop worrying about it.

All mail filters should also use a service like SpamCop, so that the spammers lose their internet service accounts as the spam is filtered.

I send Spamcop all my spam. Spamcop analyzes it automatically and sends a message to the Internet Service Provider. I use the free Reporting only service.

I have been doing various things for years to try and counter spam. I recently joined Spamcop.net and have blocked and reported over 195 pieces of spam since Nov 1st. What a blessing! I never guessed I was getting an average of 13+ spams a day.

All my POP account are forwarded though thier service and questionable mail is moved to 'Held Mail'. Once in 'Held' status you give them a quick check to be sure they are really spam (I can usually tell by the headers) and then it is a 1-click report to report them to thier ISP and relays. Addtional filters can be put on, but I have yet to have a need. I am VERY impressed!

If things do get though, the inital filters, you have multiple ways of reporting it from e-mail to cutting and pasting the headers and message. All this for less than $3 a month. Money well spent not to have to change my email address every few months.

1. $1,000.00 USD guarantee that companies will abide by OUR rules and your information will never be sold or given out.
2. 100% True Opt-in
3. Nobody EVER sees any information you've signed up with other than the marketing preferences you have specified.
4. You will receive a flat fee per email received.
5. AND/OR you can specify a charity to receive all or part of the per email income.
6. Opt-out 100% completely at any time and have your account deactivated or destroyed.
7. Preferences:
8. 1. Allow you to be very specific about the types of material you will receive.
   2. You can also specify the maximum number of emails you will receive in a month.
   3. Block specific companies from contacting you.

1. $1,000.00 USD guarantee that every person that receives your marketing information explicitly signed up and was verified to receive it. (No pissed off customers!!!)
2. This WILL cost you more than the fly by night spammers charge.
3. You WILL reach a targetted audience.
4. Your advertisements will also be available from this site for a duration of time you specify up to 3 months.
5. All emails must be approved by us before being sent out. (No pornography or scam related material allowed.)
6. Nothing is sent out before payment is received. (This allows us to keep dishonest companies from signing up and not paying up.)
7. Users have the option to give you feedback on your advertisements.

1. Cauce: Coalition against unsolicited email
2. Spam Laws and Regulations
3. Spamcop: SPAM Reporting
4. Spampal: Windows Filtering Software
5. Spamhaus: Track the worst spammers

1. $1,000.00 USD guarantee that companies will abide by OUR rules and your information will never be sold or given out.
2. 100% True Opt-in
3. Nobody EVER sees any information you've signed up with other than the marketing preferences you have specified.
4. You will receive a flat fee per email received.
5. AND/OR you can specify a charity to receive all or part of the per email income.
6. Opt-out 100% completely at any time and have your account deactivated or destroyed.
7. Preferences:
8. 1. Allow you to be very specific about the types of material you will receive.
   2. You can also specify the maximum number of emails you will receive in a month.
   3. Block specific companies from contacting you.

1. $1,000.00 USD guarantee that every person that receives your marketing information explicitly signed up and was verified to receive it. (No pissed off customers!!!)
2. This WILL cost you more than the fly by night spammers charge.
3. You WILL reach a targetted audience.
4. Your advertisements will also be available from this site for a duration of time you specify up to 3 months.
5. All emails must be approved by us before being sent out. (No pornography or scam related material allowed.)
6. Nothing is sent out before payment is received. (This allows us to keep dishonest companies from signing up and not paying up.)
7. Users have the option to give you feedback on your advertisements.

1. Cauce: Coalition against unsolicited email
2. Spam Laws and Regulations
3. Spamcop: SPAM Reporting
4. Spampal: Windows Filtering Software
5. Spamhaus: Track the worst spammers

They've been on and off Spamcop's blacklist for over a year now:
http://spamcop.net/w3m?action=checkblock&ip=63.237 .158.36

Exactly correct--the spam you receive seems to originate overseas. Actually, much of it is coming from hucksters in North America. They're just bouncing their pitches off open relays overseas.

Well, not according to SpamCop.
Most come from Europe/Asia, except for the Hotmail spam (now that's weird, isn't it?).

Blacklists ARE solving the problem. I subscribe to SpamCop.net and I get about 50 spams filtered out daily. Bandwidth is NOT chewed up because the message is never sent--just a small rejection notice.

If you go over to the Spamcop newgroups (www.spamcop.net and search for Felton, you will see that he is not always on the side of the angels.

He started a silly rant about how Spamcop "shut down his web site" because they assert he is a spammer. Which is completely false. Rather than repeating it all here, I suggest you go read it yourself - Here's the relevant archive month on Spamcop - unfortunately their search system sucks.

If you go over to the Spamcop newgroups (www.spamcop.net and search for Felton, you will see that he is not always on the side of the angels.

He started a silly rant about how Spamcop "shut down his web site" because they assert he is a spammer. Which is completely false. Rather than repeating it all here, I suggest you go read it yourself - Here's the relevant archive month on Spamcop - unfortunately their search system sucks.

Once you've identified the message as spam, you can submit it to services like spamcop or create a short term blackhole list to block future connection attempts. This is of course based on the claim that it stops all but 5 out of 1000 spam messages, with 0 false positives

I suspect that the implementation of this would best be done in the mail client, and not on the mail server, which might be a problem. Setting up a hash for every user on any mail server with a reasonably large userbase would require massive disk space and huge processing time.

The bst blacklist filters get 50% of the spam, and have a positive number of false positives (i.e. real mail accidentially junked) as well.

Your point that filters aren't perfect (with both false positives and false negatives) is correct, but your 50% estimate is way too low. The IP-based filtering at spamcop.net catches 90-95% of my incoming spam, with around a 1% false positive rate. It's much better than Brightmail, which my ISP uses.

What you do is sign up for $30/yr, and they give you an email address at spamcop.net. You forward all incoming mail to that address; their system looks through the headers for signs that it originated (or passed through) a blacklisted system. Stuff that passes the check goes into a POP3/IMAP mailbox, or can be forwarded offsite (your choice). Stuff that fails is either tagged as spam or diverted to a separate folder, again by your choice.

Some people have much higher false positive rates than me: if you are unlucky (or stupid) enough to use an ISP whose servers are blacklisted, then all of your incoming mail will be filtered. But if you use it as recommended, this just tags or diverts the message, it won't be deleted.

They also make it pretty easy to report incoming spam, and their filter is based on blocking any IP address that has been reported sufficiently recently.

It's a good service.

The bst blacklist filters get 50% of the spam, and have a positive number of false positives (i.e. real mail accidentially junked) as well.

Your point that filters aren't perfect (with both false positives and false negatives) is correct, but your 50% estimate is way too low. The IP-based filtering at spamcop.net catches 90-95% of my incoming spam, with around a 1% false positive rate. It's much better than Brightmail, which my ISP uses.

What you do is sign up for $30/yr, and they give you an email address at spamcop.net. You forward all incoming mail to that address; their system looks through the headers for signs that it originated (or passed through) a blacklisted system. Stuff that passes the check goes into a POP3/IMAP mailbox, or can be forwarded offsite (your choice). Stuff that fails is either tagged as spam or diverted to a separate folder, again by your choice.

Some people have much higher false positive rates than me: if you are unlucky (or stupid) enough to use an ISP whose servers are blacklisted, then all of your incoming mail will be filtered. But if you use it as recommended, this just tags or diverts the message, it won't be deleted.

They also make it pretty easy to report incoming spam, and their filter is based on blocking any IP address that has been reported sufficiently recently.

It's a good service.

Last time I checked, its pretty difficult for ISPs to trace where an email came from.

If these guys can do it...

Services like Spamcop, you don't need to pay for it, and I've managed to reduce my spam to almost nothing, and it really hurts the spammers

This news makes me pretty happy for our futures of spam but... This being Utah & Ohio could create a bigger problem with shared information on the internet. If the boundies of this(these) law(s) are confined to Utah & Ohio then spammers will either ignore the law all together OR they will start passing off information of where you live, as to avoid states with this new bill. That's a little worrysome to me.

I don't know if a Federal law would help much either. That could do the exact same thing. None the less, this changes the rules a little and that is comforting to me.

Here's a tip for all you guys who hate spam as much as I do. Check out SpamCop.net. I've noticed a slight (any decline is good to me) decline in my spam since I've been using spamcop. You forward (with the header) the spam to the email address you signed up to get and they will process and track the spam and then allow you to email the spam's ISP straight from their forum. It's really nice. Check it out, and it's free!

IMHO, in rough order of value:
SpamCop - Catches by far the most spam. Falses rarely, though yahoo shows up from time to time.
Spews - Known spam sources. Never falses.
ORDB - Fair false rate, and a lot of overlap with SpamCop.

I've been using Spamcop for a while. It picks up E-mail from other pops then runs it through a spam filter. I have my E-mail client pick up mail on from Spamcop. It's pretty effective. Maybe one a week leaks through.

Do the analysis and reporting automatically, here. No effort required further than forwarding the spam message to their (free) service and acknowledging the analysis on completion.

' Dont just delete it'

I have been using SPAMCOP to report SPAM. You can sign up (free) and then start reporting the spam you receive.

Advantage is that you don't have to do all the traceroutes etc yourself; they check the headers, report to appropriate admin accounts, abuse accounts etc.

There is even a tiny 'plugin thing' for MS Outlook that is really nice; plugs all relevant info into an email or to the clipboard.

Highly recommended!

Well, there's always spamcop, right? It's not what you describe, but the premise seems similar. People report spammers, and subscribers to the service get spam filtered for them automatically.

Use Spamcop. It has a nice little window where you can paste the message source. If you select show details, you'll see everything you need to know as well as who spamcop will contact about the spam. It was well worth the subscription cost just to get an email address I could forward spam to and have it automated.

Spamcop filters mail based entirely on the source IP address - which some people find inadequate. I disagree.

I have all my mail filtered by Spamcop. Like any system, there will be a few false positives and a few spams will slip through. However, the vast majority will be blocked - at which point, I log in and report them.

The biggest problem is the occasional server outage. They've gotten better in recent months, but they still hiccup once in awhile and your mail will get held up. For this reason, I have my incoming mail delivered locally *and* forwarded onto Spamcop for filtering. (But I run my own mail servers, so this is easier for me to do than for "normal" people).

Another "problem" is the cost. Spamcop charges $30/year for their filter service. For me, it's worth it - but YMMV.

Anyone interested is encouraged to go here: http://spamcop.net

You broke one of the most rudimentary anti-spam rules. By repsonding to the 'remove-me' link you are telling them that they sent a message to a real address of someone who opens and reads spam. That increases the value of your address by an order of magnitude. Instead, try responding with SpamCop and get them shut down.