Trouble Getting to SpamCop?

geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"

Tip

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

Re:Tip

[Ilgaz]

or ask your friend, or IRC chatroom on "other ISP" to issue
'nslookup repmx2.spamcop.net' and paste output to you... You can replace the spam.spamcop.net part after @ sign on address which you send spams to... or just be patient ;-)...

Note: above is for people added their special spamcop mail address to their address books. e.g. not pasting source on www.

Re:Tip

[Nintendork]

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

The problem isn't outdated or incorrect information in the spamcop.net zone. The problem is the information on the .net zone. This means that everything under spamcop.net (Including mail records) cannot resolve until the .net servers are updated (Already done) and the SOA information for spamcop.net gets refreshed at your ISPs DNS servers (Sunday night at the latest). Like Julian said, the Time to Live for the SOA record is two days.

-Lucas

Re:Tip

[cft]

or just add one of their nameservers to /etc/resolv.conf

ns1-117.akam.net
ns1-11.akam.net
ns1-109.akam.ne t
asia3.akam.net
ns1-93.akam.net
ns1-90.akam.ne t
use1.akam.net
ns1-73.akam.net

Spamhaus too, maybe.

[MicktheMech]

I've been having trouble getting into Spamhaus too. The spammers are up to something.

Re:Spamhaus too, maybe.

I wish they'd get spews.org pulled too. Look it up sometime. I'm sure they're in Russia.. pfft.

Re:Spamhaus too, maybe.

[Nogami_Saeko]

Won't do them any good here. Local bayesian filter. Approaching 99% classification accuracy after 6 months.

Spam doesn't stand a chance :)

N.

Re:Spamhaus too, maybe.

[MicktheMech]

From Spamhaus.org...

Spammers release virus to attack Spamhaus.org A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. W32/Mimail-E is designed to infect millions of computers causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, to kill the server. The W32/Mimail-E virus is the latest in a string of trojan worms, including SoBig.E and the Fizzer (W32/Fizzer-A) worm, each one released by spammers for the purpose of creating a vast worldwide zombie network of spam-sending machines and building an attack network consiting of hundreds of thousands of virus-infected zombie machines with which the spammers then attack anti-spam organizations.

Re:Spamhaus too, maybe.

Mozilla. 100% accuracy after 1 day.

Re:Spamhaus too, maybe.

[MacFreek]

That is due to a virus (W32.Mimail.D):

A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. [...]

See http://www.spamhaus.org/news.lasso?article=13

Funny, but evil

[IonPanel]

Thats very very funny. However its very evil. Do the y have any idea who did this?

Re:Funny, but evil

[Ilgaz]

half script kiddie/ half social engineer...

IMHO someone knows now that provider works, e.g. know them or worked there...

Re:Funny, but evil

[H310iSe]

"A false complaint to their domain registrar led to all primary DNS information being pulled."

That's funny because a false complaint against us by spamcop led to all our servers being off the net for a day last year. They did ZERO research on the complaint and took it straight to our ISP (rather than trying to contact us by our abundant and up-to-date contact info available in our emails and on our websites). Their conduct was beyond reckless, it was vicious.

I'm all for good anti-spam but those guys can bite me. Serves them right IMHO.

Re:Funny, but evil

It sounds like you don't know how SpamCop works. If it was *a* false complaint, then there is no "they." SpamCop is a tool that allows a user to easily trace and report spam. In your case, apparently a SpamCop user determined that the message they received was spam and used the SpamCop service to send a report to your ISP. Why would the reporter try to contact you if they thought you were the spammer? The proper procedure *is* to report to the ISP of the spammer.

If the message was not spam and your ISP cut you off on the basis of a single complaint, then you have a beef with your ISP. Additionally, if it can be shown that a SpamCop user filed a false complaint, then SpamCop will take action against that user if the issue is reported to SpamCop.

Re:Funny, but evil

[turg]

Sounds like your problem is with your ISP. Would you blame Microsoft if someone used Outlook Express to mail a false complaint to your ISP?

Re:Funny, but evil

Eh? Do you even know what SpamCop is?

And do you understand your contract with your ISP?

Clearly there is some disconnect here - SpamCop is an information provider/aggregator. SpamCop is not in charge of the internet, and it is very unlikely that SpamCop disconnected your organization's connection.

Re:Funny, but evil

[H310iSe]

Comments are well taken, I was -=furious=- at my ISP (Speakeasy, what hath become of thou? You were once so good!). I also blamed the reporting agency somewhat, we use a legitimate reply-to address which we check regularly, a legitimate DNS registration with working contact information, we don't obscure our mail headers in any way and we use an opt-in only list with confirmation and an unsubscribe feature. The most simple check into our organization would have shown we weren't spamming.

The responses are correct, spamcops were a small part of the problem, most of the responsibility was with our ISP (and of course the brain surgeon that reported us). I'll not post grumpy stuff before my morning coffee again, promise :)

Re:Funny, but evil

[Michael+Spencer+Jr.]

aren't complaints by SpamCop...automated?

A user types in an email they say is spam and asks SpamCop to process the email. Spamcop uses a variety of techniques to track down the administrators responsible for the originating IP, and for web pages and email addresses linked in the email, and gives users the option of sending email to the administrators it finds.

You're not required to do this, but if you register an abuse address at abuse.net then SpamCop will find it.

Besides, shouldn't your gripe read: Mishandling by my ISP of a false complaint against us by spamcop led to all our servers being off the net for a day last year. My ISP did ZERO research in the complaint and shut down my connection (rather than trying to contact us by our abundant and up-to-date customer contact info). Their conduct was beyond reckless -- it was vicious. I'm all for good anti-spam but my ISP can bite me.

Why don't you talk to SpamCop and have the user responsible banned?

Re:Funny, but evil

"we use an opt-in only list with confirmation and an unsubscribe feature"

If you use a closed-loop opt-in system that prevents third parties from accidentally or maliciously subscribing someone else's email address, then SpamCop would most likely take action against the user responsible for submitting the false complaint. Also, if that was the case, then your ISP was in the wrong for taking action without any investigation. Again, you don't have a beef with SpamCop--you have a beef with that particular user of Spamcop and with your ISP.

Re:Funny, but evil

Would you blame Microsoft if someone used Outlook Express to mail a false complaint to your ISP?

You DO realize that you posted this to slashdot, don't you?

Re:Funny, but evil

Everyone seems to assume it is a spammer. But there is no evidence of this atm. All we have is evidence of someone with a grudge against anti-spam services, this includes:

1. spammers
2. citizen of a country victim to a blanket IP ban
3. Falsely accused victime suffering DoS or loss of reputation from incomplete spam report investigation.

I doubt that is a complete list.

2004 promises to be interesting

[heironymouscoward]

As spammers and virus writers get more and more integrated. Spammers have the money, virus writers have the skills, together they will play havoc with the cornfields of the Internet.

In the natural world, something like 60% of all species are parasitical, and the war between parasites and hosts is one of the defining aspects of all nature. Sex, for instance, is a way of shuffling locks faster than parasites can evolve keys.

It seems inevitable that software and communications will have to develop similar kinds of defenses against what is an inevitable onslaught from the parasitical forces that have developed to snack on the soft underbelly of the Net.

Cybersex, anyone?

Re:2004 promises to be interesting

Since most of the fucks live in the USA, the US government needs to make it a felony to send forged emails with a 1 year minimum prison sentence and fines of $10,000 per email. They then need to go after them. 90% of the worlds spam is commited by under 200 people in the USA. Think about those figures.

As if the purple dinosaur wasnt bad enough, the USA now gives us billions of spams per day.

Long live SpamCop!

Re:2004 promises to be interesting

[bruthasj]

Cybersex, anyone?

Interesting analogy ... except 66% of the spam is something about sex. How would this activity do anything to reduce spam from being poured into my inbox?

Or are there parallels in biological contexts that show parasitic organisms actually inducing host organisms to have sex? But, maybe you shouldn't since bringing this out would cause an influx of more spam beyond what Viagra has brought. Maybe, the word is "Mum"...

Re:2004 promises to be interesting

[dolo666]

Someone has to protect the public from the people who regularly misuse their power online. To this day, that was Spamcop. Now as many of the anti-spam groups go offline, the public is getting pelted with more and more spam, and viruses.

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

The police profit from the drug war, so they have to keep it going. They bust the guys at the top, but that just creates a vacuum, so they wait for it to be filled, and bust the next idiot who steps in. See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes. If this was a cover of an O'Reilly book, it would be a stippled drawing of one spider eating a hundred flies, and another spider selling tickets, and a few million other flies buzzing around, with a long line of spiders waiting with money for the guy selling tickets.

The situation is like this: the day anyone with money really cares about quality of life online, is the day that delivering quality of life online is very profitable.

It all has to get much worse before it will ever get any better.

Re:2004 promises to be interesting

90% of the worlds spam is commited by under 200 people in the USA

Please list the less than 200 names for us.

Re:2004 promises to be interesting

[marcello_dl]

Fighting spam on a purely technical perspective (authentication and rejection of unsolicited messages) is indeed very similar to competition in the natural world. However, from a different point of view, spammers have a vulnerability: customers must have a way to buy the advertised "product", which makes it traceable. This make spamming very different from most other kind of crimes, so i hope this outstanding peculiarity won't be overlooked when the governments decide it's about time to do something about spam.

Re:2004 promises to be interesting

[PaleBoy]

I may be misinterpreting him, but I believe that the post you responded too was saying that sex is a way to maintain enough genetic variation to prevent parasites (viruses, for example) from destroying a species.

If reproduction was non-sexual, DNA wouldn't be as varied every generation, and easier for a parasite that figures out the right strategy to exploit. Think monocultures of genetic crops. All genetically identical...but if the right blight comes along, they will all perish.

However, there are some species on this planet who get by just fine without sexual reproduction. Some of the walking stick insects (Phasmatodea) can actually reproduce with or without a male! It's true!

Re:2004 promises to be interesting

I'm sure the grandparent is reffering to the stats from the spamhaus ROKSO page.

spamhaus.org seems to be down. Probably being DDOS'd as well.

The google cache of the page is here but it's loading pretty slowly, so I'm not sure how much of the page info is actualy cached.

Not all 200 names on the list are from the USA, but American spammers do seem to be a large majority.

Re:2004 promises to be interesting

[deblau]

Jumping Jesus on a pogo stick, someone just got a (+5, Interesting) for soliciting anonymous cybersex. Are all you people really that fucking desperate?

Re:2004 promises to be interesting

[nyseal]

How did this thread go from spam to sex to parasites.......oh, wait

Re:2004 promises to be interesting

[Analysis+Paralysis]

Someone has to protect the public from the people who regularly misuse their power online. To this day, that was Spamcop.

Do you really have a clue as to how Spamcop works? It takes emails submitted by users and finds the sending server (as well as the ISP for any webpages spamvertised therein). If you've had a false complaint from SpamCop then your beef is with the submitter, not SpamCop itself - and you should contact SpamCop to take that account offline.

the anti-spam and anti-virus corporations profit from buggy Microsoft software

Anti-virus companies yes - but most anti-spam bodies are volunteers who are sick of seeing their inboxes stuffed with crap. I am sure that they would be delighted (as would most people online) to see spam and spammers go for good - your police analogy (which already breaks down somewhat given the consequences of drugs, i.e. armed gangs fighting for control over areas) is completely off the mark.

Re:2004 promises to be interesting

I predict a total system failure type of worm to make the rounds in 2004. I'm talking about a slammer/blaster/code red type of worm with far more melicious intent. It will happen and it will destroy millions of systems. After the world recovers that's when you'll see people taking this stuff seriously. Until then we'll have to live with Bill's cavalier attitude about security and user's lack of knowledge.

Re:2004 promises to be interesting

[Rasta+Prefect]

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

Interesting assertion. Care to back it up, by disclosing this great plan for the removal of all drugs from our streets (working within the boundaries of the US Constitution and Legal system, as cops must) or do you prefer to just sit back and slander people?

See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes.

Ugh. This doesn't even fit your analogy above. Yes, anti-spam and anti-virus companies profit from spam and viruses. This doesn't mean they aren't doing their best to stop them. Microsoft could certainly do a hell of a lot to stop them from the virus angle, but they're just purveyors of lousy software, not an anti-spam or anti-virus company.

Re:2004 promises to be interesting

[ppanon]

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

Don't be stupid. The USA is always going on about market economies and how they are the best way of allocating resources; you need to realize this is just an example of a market. Drug sales are just a market and, as long as you have demand, you will have somebody willing to provide the supply. By restricting the supply, all you do is raise the price and increase the crime required to pay for it. By making it illegal you make sure that organized crime gets all the profit.

The drug war is a sham because you can never completely cut off supply. The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals, or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

But that would be downright un-American.

Re:2004 promises to be interesting

[dolo666]

Do you really have a clue as to how Spamcop works?

Yup. Spamcop was protecting people by going after the spammers. That is a good thing!

By anti-spam corporations, I meant programs like Outlook for Office that has anti-spam features. These are marketed features that would not exist if spam was anihillated, like it should be!

Hotmail subscriptions offer more features to protect against spam, if you pay extra.

Without spam, there isn't a reason for users to be enticed to pay money to prevent it.

Without viruses, there isn't a reason for users to be enticed to pay money to prevent them.

Please don't misunderstand me. I think the anti-spam movement is a great thing. It's the companies who are making money off spam, in the guise of being anti-spam, that piss me off.

Re:2004 promises to be interesting

[dolo666]

Don't be stupid.

That's good advice.

The drug war is a sham because you can never completely cut off supply.

I agree! :)

The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals,...

Spoken like someone who doesn't have any kids.

... or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

I like this second part better.

Re:2004 promises to be interesting

[scrytch]

> Or are there parallels in biological contexts that show parasitic organisms actually inducing host organisms to have sex

Sexual reproduction has bloody little to do with parasites, who thrive just fine thank you on sexually reproducing mammals. It's about creating genetic diversity more rapidly, which allows favorable mutations to occur more often and be selected, while culling unfavorable ones through selection and lack of interoperability (most genetic defects render you sterile). This is an advantage for large organisms where individual survival is important to group survival, but bacteria do just fine with asexual reproduction, where sheer numbers are all that really matters.

In a way, common protocols allow for some of the same strengths of sexual reproduction, by allowing for different implementations to implement their own features and augment each other's strengths as they communicate (e.g. spam filtering inbound with throttling outbound) ... as well as pass on weaknesses (exchange's eagerness to bounce). It's not exactly the same, but it's the same idea of diversity moderated by a requirement to stay the same "species" to interoperate.

Re:2004 promises to be interesting

[Analysis+Paralysis]

Pardon me - I took the first two sentences in your previous comment to be a rant at SpamCop as a power-abuser! (given the number of pro-spammer comments this thread is attracting, hopefully an understandable error...)

Re:2004 promises to be interesting

[dolo666]

There we were on the same page after all! :)

I made ya a friend for your trouble.

Re:2004 promises to be interesting

[ppanon]

The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals,...

Spoken like someone who doesn't have any kids.

I expect what makes drug use look appealing to kids falls under 2 main categories, 1) a change from their everyday life (which may be ugly or seem ugly because of poverty, crappy scholastic environments, abusive home life, just boredom, or something else) and 2) peer pressure that drugs are exciting because they're forbidden.

Spend enough time with your kids and keep them involved in activities that keep them interested and challenged and they will be a lot less likely to get involved in drugs. But that's admittedly really tough in poor ghettos for working poor running between 2 or more part-time jobs.

... or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

I like this second part better.

Yeah, so do I. But the problem is that you already have a whole underground network that is predicated on finding new customers to market the junk to. You're not going to be able to outmarket them because they've had 30 years to refine their technique. The only way to beat them is to drop the price of the drugs by flooding the market while at the same time attacking the demand.

Indeed while I said you had a choice between the two, you really need to do both. Undercut the illegal monopoly so the criminals can no longer afford their distribution channel, while also attacking the reasons for new users to take up drugs. Existing drug addicts may not have as much incentive to clean up, but then again, if they're already using drugs while it's illegal, the illegality is unlikely to be a big factor in a decision to dry out.

It you're middle-class and suspect that your kids may be getting involved in drugs, then escorting them to the sights, sounds, and smells of your nearest skid row/needle park may be an enlightening experience in showing them how far they can fall. If they live two blocks from that place, it's unlikely to make much of an impression.

Re:2004 promises to be interesting

[rossifer]

Sexual reproduction has bloody little to do with parasites, who thrive just fine thank you on sexually reproducing mammals.

And which do even better on axesual animals (which have correspondingly shorter lifespans, but read on...)

If you're interested in the subject, I would suggest you check out a copy of "The Red Queen" by Matt Ridley from your local library (or Amazon, if your local library isn't up to scratch). In it, you'll find multiple discussions which consider many possible reasons for sex, heavily referencing the enormous diversity of sexual strategies available.

The big problem for two parent reproduction is that it results in half as many offspring as single parent reproduction, so how could it possibly have been successful in the face of faster breeding parthenogenetic competitors?

Currently, the strongest theory is that the longer the lifespan, the more certain the eventual susceptibility to pathogens. They evolve faster than you can adapt and will eventually catch up to you (historically recent medicines nonwithstanding). If your children have the same defenses you do, they start this race at a distinct disadvantage (the parthenogenetic problem). If, however, your children have a whole new set of defenses, then the battle begins anew.

Bacteria don't need sex because individual lifespans are so short that there is no advantage over the parthenogenetic parent. Bacteria do, however, occasionally exchange genetic material, though you'll have to read the book to find out the reasons why that happens...

Regards,
Ross

Re:2004 promises to be interesting

See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes.

So you mean goatse.cx is part of the spam and virus problem?

Oh. OS gaping holes, not just gaping holes in general...

Distrubited Blacklist

[attobyte]

When are we going to do a distributed blacklist so this @$#$!@#@$ $pammer$ can't pull this crap?

Re:Distrubited Blacklist

Spamcop provides a lot more than blacklists.

Re:Distrubited Blacklist

[Dos4ever]

I guess some day you will have to request to the person who you want to e-mail over the phone. This special e-mail software will be more like Active Directory where you set up an account for that Person (User Account)and he is granted permissions to e-mail you.
This SPECIAL ACCOUNT will give you an e-mail with people you WANT to talk too.
(sigh)I guess Microsoft "is asleep at the wheel" as usual for this.

Re:Distrubited Blacklist

[attobyte]

Well most of the corporate world doesn't agree with you but thats alright. Just becuase you had a bad experience with a blacklist doesn't make them all bad.

Re:Distrubited Blacklist

[bigberk]

When are we going to do a distributed blacklist

USENET is pretty good. Something like this, with underlying public-key crypto, may be more robust (it's worth the read!).

Re:Distrubited Blacklist

[mabu]

Forget a distributed blacklist. Why create a list of billions of hosts, when it's easier to create a centralized, sanctioned SMTP Whitelist that's a fraction of the size?

Re:Distrubited Blacklist

[Apiakun]

If Microsoft were to really help out on this sort of thing, who would they have left to sell their subscriber e-mail addresses to ?

Re:Distrubited Blacklist

[Dos4ever]

I think that they would making tons of money giving relief to spam weary individuals. This also has a side effect of containing worms and viruses.

Re:Distrubited Blacklist

[Sebby]

Thanks for proving me right!

Re:Distrubited Blacklist

[Analysis+Paralysis]

The problem with a whitelist is that it removes the ability to receive email from anyone (which is an important ability for some and required for others, e.g. support addresses).

Bayesian filters have the downside that spammers will eventually craft emails so bland that they cannot be filtered without tagging a lot of legitimate email.

The problem with spam is that it combines 2 qualities - it is in bulk and it is unsolicited. If senders of unsolicited email could be restricted in quantity (to, say, a couple of thousand emails a day) then the spam problem would disappear.

The most effective method in my view, would be to create a separate protocol for bulk email (to cover legitimate senders like newsletters and list servers) where the following process would occur:

• sender applies for a "bulk ID" from a bulk server, providing verifiable details (like source IP address) and publicises this ID on their web page;
• prospective recipients submit their address with this bulk ID to indicate they want to recieve emails from this source; this information is kept on the bulk server and not made available to the sender (except perhaps for statistical information);
• sender sends email to bulk server which then forwards a copy to each recipient;
• if emails from a list are no longer desired, the recipient sends an unsubscribe message to the bulk server.

As the bulk server stores recipient addresses and does the sending, this prevents a spammer from emailing directly. The bulk servers could use SMTP to send emails (with ISPs maintaining a whitelist of legitimate ones to prevent spammers from setting up their own bulk server) to maintain compatibility with existing email clients.

For unsolicited emails, stick with SMTP (too much work to switch to a new protocol) but add measures to cut the bulk (since we no longer have to worry about newsletters and legit bulk senders). The easiest would be to impose rate limits on mail received from other SMTP servers (e.g. 10 emails/second) and adding extra delays in response times for those servers that do not supply a confirmation key for each message (this key being computationally expensive to derive but quick to verify). This would require changes to mail server software (far easier than getting every user to upgrade their client) and could be rolled out gradually. Bulk servers would have to be supplied and maintained by ISPs (much like email/news servers are currently) but this could be financed by charging business users.

Re:Distrubited Blacklist

"doesn't make them all bad"

Perhaps not, but it give them all a bad name

Re:Distrubited Blacklist

Take one definition of 'prove', and call me in the morning.

Dr Literacy.

Re:Distrubited Blacklist

[attobyte]

What pointing out that companies that make over 100 billion dollars use blacklist prove you're right, then WOW!!!!, you want a job? I have an opening for a Unix Admin that needs to be open minded like you. Please fax me your resume.

Re:Distrubited Blacklist

[Sebby]

NTR

Re:Distrubited Blacklist

[Sebby]

You need to work on your reading skills. I was talking about blacklistsl; I never mentioned companies, you did

Re:Distrubited Blacklist

No thought required? While I agree that that's how you approached your comment, I'm not sure what you hoped to gain by pointing it out.

Re:Distrubited Blacklist

[Sebby]

"No troll response"

Get a clue!

Re:Distrubited Blacklist

[Sebby]

Actually, I should have written 'NACTR' in your case.

Can you actually decipher that one, or am I going to have to explain it to you?

Re:Distrubited Blacklist

[mabu]

The problem with a whitelist is that it removes the ability to receive email from anyone (which is an important ability for some and required for others, e.g. support addresses).

I do not think so. It might make it slightly more difficult for someone to spontaneously set up a SMTP relay, but the benefits exponentially outweigh any inconveniences imposed.

Look at it this way. The way the current SMTP system is set up, it's analagous to a TLD system that requires no registration: anyone can flip on a SMTP relay and start spewing crap to the Internet with bogus header information which in turn creates DDOS situations. You can't arbitrarily employ a new TLD without first going through a registration process to legitimize your new domain name. These processes are now fully-automated. The exact same thing could be done with SMTP relays, and this would:

a) make it much more difficult for spammers to remain anonymous
b) make it much more expensive and time-consuming for spammers to operate
c) eliminate the most destructive method of virus/worm propagating by cutting down on rogue software that secretly turn unauthorized client machines into smtp relays
d) help identify the networks, registrars and the people involved in spamming, making it easier to enforce all the existing laws

The most effective method in my view, would be to create a separate protocol for bulk email

Your idea still doesn't deal with the worst problem of spamming, which is the theft of bandwidth. I should not be paying for the bandwidth that a spammer uses on my network, regardless of the protocol.

There are already numerous industry-best practices which address what you're talking about, the most obvious of which is simple responsible mailing practices and opt-in+confirm mailing lists.

In addition to this, enforcement of your bulk-specific protocol would be virtually impossible. You can't find a spammer on the planet who would call his crap "unsolicited", therefore nobody would even claim they're bound by rules forcing them to use such an ineffective method in the first place.

Re:Distrubited Blacklist

[Analysis+Paralysis]

It might make it slightly more difficult for someone to spontaneously set up a SMTP relay, but the benefits exponentially outweigh any inconveniences imposed.

Where do relays come into this? We are talking about end users running whitelists, right?

The way the current SMTP system is set up, it's analagous to a TLD system that requires no registration: anyone can flip on a SMTP relay and start spewing crap to the Internet with bogus header information which in turn creates DDOS situations.

Hence my proposal for bulk mail to be handled separately - bulk servers would need to be registered and ISPs would have to individually decide whether to allow traffic from them, preventing any rogue setups. The current SMTP setup remains for individual mails but with all the counter-measures (rate limiting, tarpits) to limit crapflooding. The problem with the spam countermeasures to date is that they all affect "legitimate" bulk mail like newsletters and mailing lists - moving the legit stuff to another system solves this concern.

Your idea still doesn't deal with the worst problem of spamming, which is the theft of bandwidth.

Please re-read it - bulk email get moved onto a separate system which requires:

1. registered servers;
2. individual ISP agreement to carry the traffic (i.e. whitelisting at ISP-level);
3. confirmed opt-in from subscribers;
4. one message from the sender which is copied to all registered recipients - a one-to-many communication (like IP multicasts) rather than the many-to-many currently used.

All these attributes should reduce email traffic - SMTP abuse will remain but ISPs now have more freedom to tackle it without hitting legitimate stuff.

enforcement of your bulk-specific protocol would be virtually impossible

Enforcement should be easy, the ISPs run the bulk servers so they set the rules locally. Bulk senders do not get to see the addresses the server forwards their mails to (preventing them from initiating one-one communication separately). If a rogue ISP or well-heeled spammer sets up their own bulk server for spamming, it get dropped from every other ISPs whitelist (assuming it ever gets on there in the first place).

There are already numerous industry-best practices which address what you're talking about, the most obvious of which is simple responsible mailing practices and opt-in+confirm mailing lists.

And the bulk servers will enforce these best practices. All that is needed is to make them compulsory for bulk email (which is achieved by limits on SMTP capacity as mentioned previously).

You can't find a spammer on the planet who would call his crap "unsolicited"

Agreed - which is why this system takes the administration of lists out of the senders' hands - they may be told how many people they're sending to but not to whom (although they could try getting this info through other means). Spammers would most likely try their own rogue bulk server (which would fail to be whitelisted by the majority of ISPs), stick with SMTP (which will be less and less effective as rate limiting cuts in) or leave the party and go elsewhere.

Re:Distrubited Blacklist

[mabu]

Where do relays come into this? We are talking about end users running whitelists, right?

No. ISPs use a RBL-style system to whitelist relays from which they receive mail.

Agreed - which is why this system takes the administration of lists out of the senders' hands - they may be told how many people they're sending to but not to whom (although they could try getting this info through other means). Spammers would most likely try their own rogue bulk server (which would fail to be whitelisted by the majority of ISPs), stick with SMTP (which will be less and less effective as rate limiting cuts in) or leave the party and go elsewhere.

I can appreciate your attempt to find a solution but the bottom line is your idea is impractical. It requires spammers to adhere to certain rules, which they have demonstrated with virtual unwaivering consistency they won't do.

In fact, the idea of a bulk mail protocol would likely be an addendum to the existing problem, and would actually create a new, additive form of spam that would encourage others who aren't in the business to actually get involved, therefore increasing the amount of spam. As an ISP, I would never subscribe to any new system, and the idea that it might generate revenue is about as exciting as all those other affiliate programs that promise new revenue sources. Bad idea.

Re:Distrubited Blacklist

You read slashdot and don't even know what 'ntr' means??

Boy, are you out of the loop!

Re:Distrubited Blacklist

You don't understand the definition of prove. I point this out, and you fall back to calling me a troll, because you can't actually face the point. Fair enough, I'll leave you to your ignorance then.

Re:Distrubited Blacklist

[Sebby]

A wise man once said:Anonymous Cowards filtered. If their words aren't worth so much as a pen name why should I value them any more?

And he wasn't hinding behind an AC moniker as you are.

Re:Distrubited Blacklist

Fine then, "prove" him wrong.

And I still soldier on...

[Maserati]

quietly reporting everything I get through spamcop and to the FCC.

It isn't helping, but maybe one of the ones I help get shut down will quit.

Re:And I still soldier on...

[Ryokos_boytoy]

I hear ya. I added a lot of spammer typos of my users to my aliases. I went from 2 a day to 50 a day just to report them and get them on the BL.

It's like standing on the beach and cursing the tide but you have to keep fighting. Those bastards have to be stopped.

Re:And I still soldier on...

[mabu]

Right now, even though it seems like spitting in the wind, your efforts do make a difference. All of us ISPs who use Spamcop's BL rely on diligent, responsible people such as yourself to report spam. It helps. If nobody else will say Thank You, please allow me!

Re:And I still soldier on...

Not very likely... Spamcop reports DO help, but you usually won't realize a reduction in spam, but over the long term, each report can shut off yet another spam proxy, and I assure you, it IS casing spammers some headaches.

PLEASE PLEASE - do as much spam reporting as you can, it IS making a difference, but individually, it's not going to be reducing YOUR spam, at least not right away.

Re:And I still soldier on...

[soulee]

Agreed. I report everything I get to SpamCop. If the spammers find ways through my blocks I sign up their addresses to as many free shemale email porn sites as I can find. Makes me feel a little better inside.

Re:And I still soldier on...

[drinfothv]

Just can't wait to inform on your neighbor, eh? Big Brotherism marches on. Well, take me to the prison and strap that sexy rat filled cage on my face! Why don't you try getting a life and a job or set your email to known users only or PRESS DELETE. REMEBER. ONE MAN'S SPAM IS ANOTHER MAN'S BACON!

Re:And I still soldier on...

[drinfothv]

oh really. so fraud is acceptable to the anti spam community. whats next axes to the front door of every spammer suspect.fascist.

Re:And I still soldier on...

> Just can't wait to inform on your neighbor, eh?

If my neighbor was a spammer, I'd set his dog on fire, fuck his wife in the ass, and shit on his porch every morning.

Fuck spammers, fuck your fucking "bacon" argument, and while we're at it, fuck you for defending spammers. I hope someone sets your dog on fire, fucks your wife in the ass, and poops on your porch.

You fucking cunt.

Re:And I still soldier on...

[Ryokos_boytoy]

You sound like a fucking spammer. I'll report anything thing I choose and no fucknut waving his 8th grade copy of "1984" is gonna stop me. I have a job and my job is stopping fuckheads from bothering my users.

Re:And I still soldier on...

[drinfothv]

actualy what i am is someone who believes in privacy and innocent until proven guilty. thanks for all the obscenities you spewed at my reply. i guess it shows the kind of person im dealing with when a total stranger has to resort to the level of toilet talk you did to have a discussion. have a great day .

Yikes!

[Quasar1999]

This is scary stuff... anyone can get any domain pulled with a little accusation?

We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...

Re:Yikes!

[loraksus]

well, if you pick a domain registrar that acts like a whiny bitch . . .

Re:Yikes!

The complaint wasn't invalid. SpamCops registration data was falsified (not unusual on many domain registrations, but still a violation of AUP and grounds for termination if anyone notifies the registrar).

The SpamCop administrator was notifed by his registrar and told to fix the registration and fax them to tell them he'd done so or they'd suspend the domain.

He did fix the registration, he didn't fax them. They suspended his domain.

If he'd used a less cheap-ass registrar he might have got a little more slack, but the low-end registrars are pretty much entirely automated.

Re:Yikes!

[djmurdoch]

SpamCops registration data was falsified

False, but not falsified. They gave a phone number which was later disconnected, and they forgot to update their registration. Falsified would mean they did what spammers do, and gave fake details from the beginning.

Re:Yikes!

Actually, it doesn't matter if you fax them or not. In our case, with Verisign (ugh), the domain was still pulled after the fax and the fix. Hooray!

Re:Yikes!

[EM+Adams]

Have you read the PATRIOT Act? That is already how it is.

Re:Yikes!

Joker.com appears to be the WORST registrar.... but it's up the registrar to verify contact information before pulling a domain.

Usually, they make an attempt to contact the registered domain owner. If in 2 weeks, they fail to get in contact with the domain name owner, they write a snail-mail letter to the last known Snailmail address. After yet another 2 weeks, they can then pull the domain.

I've gotten hundreds of spammer's domains shut down for having bogus "whois" data for their domains. ICANN.ORG has a policy that ALL registrars should follow, and that is a zero tolerance for bogus info.

Spammers would also register a domain (under a real reachable address), then a few weeks later, contact the registrar with their new contact info. In most cases, registrars do NOT verify the new address (not like in the old days when InterNIC was around).

But if you put enough pressure on the registars, they WILL pull domains with bogus "whois" data.

Go here: http://reports.internic.net/cgi/rpt_whois/rpt.cgi

To report invalid Whois info if you feel compelled to shut down a spamvertized site.

In about 70% of the time, you'll find the Whois data invalid, and if you do, we encourage you to report them. At the very least, this forces spammers to reveal their contact info, or loose their domain names....

Re:Yikes!

Given past dealings with the aptly named 'Joker' - Spamcop's registrar - it's hardly surprising the DNS data was pulled by them so quickly and without investigation. Customer service and accuracy don't appear to be phrases they know or care about.

Thorn? It doesn't matter,

[Trick]

> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.

Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.

They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.

Re:Thorn? It doesn't matter,

[King_TJ]

Yeah, when I worked at my previous job, I spent lots of time trying to cut down on incoming spam email. (We had loads of complaints, and when you're using Exchange Server 5.5 for your email with Microsoft's Internet Mail Connector, you don't have all the filtering options of a Unix box....)

I religiously reported problem emails to Spamcop, for about a year straight, and only *once* did an ISP actually write me back to report that they removed someone's account, and thanked me for reporting the issue. On the other hand, the amount of new spam I received seemed to roughly double. I can't prove it, but I have a suspicion that somehow, some of the spammers figure out where Spamcop reports against them originate from (we had a static IP) and launch spam campaigns on these folks, personally.

Re:Thorn? It doesn't matter,

[__aaevmb228]

SpamCop makes an effort to hide your email address when you report spam through them, but it doesn't always work. Though it hasn't happened lately, I've noticed where it thinks my email is associated with the spammer, and wants to send a complaint to *my* ISP.

The spammers certainly picked up on this effort to mask the reporter's email address. I'm convinced that the random strings of letters and nonsense sentences are in fact obfuscations of an ID that leads back to an email address in their databases. When they get a spam complaint, they need only look that up in their database, and now they know that email address is actively read.

I took many months off sending my spam to SpamCop. I recently started up again, and while I don't have proof, it sure seems like my incoming spam has multiplied. I'm up to 100-150 per day now. Thankfully, most of it is flagged by various block lists I check and the rest is caught by my well-trained bogofilter. Spam rarely makes it to my inbox.

Re:Thorn? It doesn't matter,

[Chmarr]

I have to report it the other way, actually. Since I've been reporting mail to spamcop, the number of spam messages I've been receiving (and this is before the filters) has actually come DOWN.

I also believe that it's in the spammers best interest to remove your email address from lists. After all, your address is now a 'active spamcop reporter' address, and is poison for their spamming efforts.

(This doesn't apply to the virus/distrubuted spammers, of course, since spamcop and other IP-based block lists are ineffectual against such things)

Re:Thorn? It doesn't matter,

[acceleriter]

I think the Chinese spammers redouble their efforts on a reporting address just for spite. They seem to have "bulletproof" hosting over there, since they only shoot dissidents, not spammers, unfortunately.

Re:Thorn? It doesn't matter,

[__aaevmb228]

Then perhaps it isn't a coincidence that a LOT of the spam I report to Spamcop ends up sending abuse reports to .cn sites. I've seriously given thought to flagging the entire Asian continent.

Brazil is a problem for me, too, but not nearly as big.

Re:Thorn? It doesn't matter,

[Chmarr]

That wont work, unfortunately, unless you tweak your filter so that if the website that is being spamvertised is in china, THEN block the spam.

Blocking china wont block where most of the spam comes FROM, though.

More's the pity.

Surge in spam

[October_30th]

The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.

Re:Surge in spam

[onepoint]

You saw that too...

I would consider 450K systems that are breached, under the control of 1 group, a concern for national security.

that's alot of fire power someone holds and can easily place a company out of web side of the buisness.

but the good thing is that I have taken this as something serious, and have slowly made sure that when i report spam i try to call the ISP. don't know if it is working but maybe it will help.

-onepoint

Re:Surge in spam

The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.

When are you guys going to get over it. Spam is just a way of life in the real world. I mean, I can't be the only one that gets pornographic advertising and viagra/penis enlargement snail mail am I? Why just this past Friday I got an offer from General Mutumbo of the Nigerian National Congress to help him wire $10,000,000 (TEN MILLION AMERICAN DOLLARS) in the mailbox. Last Tuesday a fat naked woman was standing outside my window shouting at me about the benefits of breast augmentation. Spam is nothing new, so deal with it.

Re:Surge in spam

[nurb432]

Ive noticed that too. I'm now up to over 500 a day to my entire domain.. and its just a tiny spot on the roadway...

At the office, over 20,000 are deleted off the bat, and that doesnt include what gets thru.. ( though that is a major domain with over 40,000 users.. )

Re:Surge in spam

[Spoing]

The amount of spam I receive every day has clearly been steadily growing for the last few months.

Mine has doubled (at a minimum) over the last 6 months. I regularly purge 100-200 spam messages a day, though some days it's much lighter.

Re:Surge in spam

[letxa2000]

In March of this year I received 1638 spam. In September I received 5073, and in October alone it increased over 50% to 7704.

The good news is that with Bayesian filtering I only saw 13 of them in October.

Interestingly, my Bayesian filter continues to increase in accuracy. In October I was up to 99.8%. My guess is that they're increasing the number of times they do each spam run and that only makes Bayesian that much more accurate. That's the explanation I have for seeing such an increase in the volume of spam but at the same time seeing Bayesian getting ever more accurate.

Re:Surge in spam

[Mashiki]

Beh 8000+ probes from former soviet countries, and other known spam havens in the last month you tell me where this is going.

I am on a simple cable modem, but the rogers network has been having huge problems the last while(virus, trojans, headend issues, DNS issues, DHCP server issues, on and on). I wonder if they(spammers) pay attention to the fact that rogers has recently upped the speeds from 1.5mbps to 3mbps; were unsure if this is perm. yet or not. But it could be and that would be boon to the spammers wouldn't it?

I know there are spammers on the rogers network, and the fact that those of us who got screwed when we got dropped have been rather vocal on DSLR when the speed went back up. And we see our fair share of Spammers lurking in those forums as well.

Re:Surge in spam

We shut down more the 600 spam proxies last week, but we haven't yet lanched our real weapon... one in which has the ability to shut down more then 10,000 per week, provided the ISP's get their act together.

I figure I should have it coded in a few weeks, then things will get reported automatically, and the real big "shutdowns" will occur.

Of course I wish to remain anonymous, because if spammer found out about this, I'm sure they would try to wipe my ass off the internet. Luckily, I have no assets on the internet to attack, and my "shutdown" tool runs from any client.

How effective is SpamCop?

[YetAnotherName]

I was a religious SpamCop user for awhile. You tattle to SpamCop on a spam you receive, it checks its various databases, and then notifies various network authorities of the problem.

Problem being, that several of the network authorities are huge megacorps where the complaints get filed with the rest of 98,000 or are spamhosts themselves.

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

Isn't effectiveness the whole reason eight-year-olds tattle in the first place? ("Billy hit me!" Billy gets in trouble. (And Tommy gets beaten up after school.)) Somehow, I don't think enough spammers got in trouble.

Re:How effective is SpamCop?

What? Why??? Why should my mail server have to deal with all the traffic and why should spammers eat my bandwidth just for mailassassin to then /dev/null the email. This way, you dont even have to detail with all the extra traffic, it just disconnects the spammer, effective as the fucks usually bounce everything off open relays

Re:How effective is SpamCop?

[Detritus]

One benefit of reporting spam to spamcop is that it lets ISPs know about client systems that have been owned and are being used for relaying spam. I don't know how many of the major ISPs actually do anything with the information.

Re:How effective is SpamCop?

[Ilgaz]

As now Yahoo's (mega) Baesian filter catches all the spam I still check turkish (my language) spams and report them to .tr ISP'es.

I really had some suscess...

Re:How effective is SpamCop?

[onepoint]

have you noticed the latest spam, it's repetive (same ) on the subject line over multiple message and ( in my perception ) written like a regular subject line.

maybe they are trying to flood these filters to start producing false reports.

I came to this conclusion due to about 1900 spams I recieved in the last 4 days, out of the 1900, 400 had the same subject line 5 to 7 times, another 700 had the same subject line 3 to 4.

I don't understand Baesian filters yet but I would think, that this sort of spamming might create multiple false reports.

-onepoint

Re:How effective is SpamCop?

[tsarin]

As you say, SpamCop is fine; it's the ISPs that you need to worry about. A while back, I was running a mail server (forwards for a hundred-odd users, plus my own mail) off my DSL service. One of my users, playing the good little netizen, reported a batch of her spam to SpamCop, who, since my machine was in the headers, reported to my ISP--who promptly turned me off. No investigation, no "Hey, what's going on here?", not even a "Why are you spamming?". Lather, rinse, repeat, until the ISP ended up turning me off permamently. (And then, promptly, went out of business, shorting me nearly six months of my prepaid contract.)

Had they taken the thirty seconds to actually look at the headers, it'd've been obvious that I was, effectively, as much a victim of the spam as my user.

A "disconnect first, ask questions later" policy is fine, assuming you bother to ever actually ask.

Re:How effective is SpamCop?

I'd be demanding a nice credit from your ISP.

If they don't give you one, sue for breach of contract.

Re:How effective is SpamCop?

[James+Crid]

>I gave up in favor of SpamAssassin ...you probably won't know that SpamCop mail has SpamAssassin built-in to it these days. It works well, too.

All my mail goes through SpamCop; sure, it's been damn annoying over the last day not being able to see my mail, but it's a lot less annoying than not being able to read my real e-mail because of all the spam.

Re:How effective is SpamCop?

[bigbigbison]

I used to use it pretty consistently. There were occasions when my inbox would get flooded with the same spam hundreds of times. The only times it ever happened was when I was reporting stuff to spamcop. This leads me to beleive that on some level spammers were being at least made aware of the fact that they were being reported (and then trying to take some measure of revenge).

Re:How effective is SpamCop?

[Ilgaz]

but a "viagra" seller has to use "viagra" word or link some "viagra" image on html message...

I think suscess come from there...

BTW, I had Korean spam a lot, I added their charpage (multiple ones) string to filters and I got rid of it manually...

Re:How effective is SpamCop?

I used to have lots of success reporting spam with spamcop. Most places shut down within a week. Now, nearly all spam not from trojans is from China and nearly all spammed websites are in China too. They don't do anything as far as I can tell, so it's really started to get out of hand.

Re:How effective is SpamCop?

[SwansonMarpalum]

I wouldn't worry about flooding filters hampering their accuracy. As long as people keep more or less true to the model which Paul Graham prescribed (training the bayesian filter only when it makes a mistake), then these spams have absolutely no bearing on the server's records; during the classification operation the filter's word database is "read-only".
What the spammers may have latched onto is the concept of overfitting. However due to implementation details, this shouldn't be a problem unless those operating the filters are grossly incompetant (you'd have to mark all of the things it catches as spam as not being spam, then mark it as being spam once again in order to do try and do this).
However one of the previous articles regarding the Joe-Jobs incited by the mocking of Dimensional Warp Generators does give one cause to pause before implementing one of Mr. Graham's retaliatory filters.

Re:How effective is SpamCop?

[m0i]

Actually, SpamCop now uses SpamAssassin as well as its own blocklist. And I use it mainly for one-click accurate reporting through the 'held' web interface. You are right that most abuse desks don't care about SpamCop reports, but it's still worth it for the remaining doing their job.
Regarding Joker registrar policy wrt to validation procedures, I suppose that the fact that SpamCop goes away tells it all.

Re:How effective is SpamCop?

[Uggy]

I agree. The only way to stop spam is by filtering it at the ISP or end user level. Email is too entrenched and too important for us to be mucking around with whitelists and trusted senders and whatnot. Reverse lookups would really do the trick, but since in my experience 99% of ISP's/bandwidth providers are just too uncooperative in updating their reverse DNS, that is out. Couldn't do virtual domains either.

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail. They'd call, "Hey, so and so can't send me email." I'd telnet to their port 25 and check what they returned in their HELO... sure enough, it was incorrect, so I'd notify the administrator and our client that their email server is not configured correctly (and it's an open relay to boot). A couple of days later this client would call again saying, "Other people can receive this guy's email, but I can't. What's wrong with your server?"

After a while, it's just a perception problem. You've got to be able to receive from everybody (except the absolute worst spammers). So we accept all mail and tag it with spamassassin using the X-Spam-Status tag. Clients then can filter it and check at their leisure. If they have a little more no-how, we tell them to download and install mozilla-mail or thunderbird with built in spam filtering. You've got to train it, but it works.

Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

And just think about this: even ipv6 STILL isn't widely deployed.

Re:How effective is SpamCop?

[wayne]

I was a religious SpamCop user for awhile. [...]

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

I like SpamAssassin and use it myself. However, remember that one things that makes Spamassassin effective is their use of the SpamCop DNSBL. As a result, I report spam to spamcop in large part to make sure the spammers get listed on the SCBL. This seems to be a very effective technique to reduce the spam comming your way.

Re:How effective is SpamCop?

Suing a bankrupt business? Sounds like a waste of time to me.

Re:How effective is SpamCop?

[letxa2000]

No, if they send you the same spam with the same subject (or mostly the same words in the subject) 700 times then Bayesian will only get more accurate.

The spammers have yet to come up with a single approach that consistently gets past Bayesian filters. They're trying, but what they're trying makes it clear they truly don't understand how it works. Sending the same message over and over only increases the chance of the messages being caught by Bayesian. Inserting random words has no effect since they are virtually always neutral (i.e. 10% - 50% spam probability). Same with inserting paragraphs from the Constitution.

For a spammer to get through a Bayesian filter they need to use truly INNOCENT words--we're talking words with 1% or below spam probability. Otherwise, they're going to get filtered. Even the latest tactic (Spelling Viagra as V I A G R A or whatever) is silly. Turns out that normal mails don't usually include the word "V" and "G" and "R" so by breaking up the word they actually just created 3 words with very high spam probabilities.

It really is a lost cause for the spammers. Bayesian filters are their enemy and they will not win. Of course, pity those that don't use Bayesian filters because they WILL be overrun with spam.

Re:How effective is SpamCop?

Yeah, Spamcop still fucks up headers. Ive asked Julian so so so many times to sort it out as all the spam I report from our exchange servers gets reported as the source. I have to remove the top two "recieved from" headers for everyspam due to the exchange routing going on.

Re:How effective is SpamCop?

[rsmith-mac]

Even though the reports may go in to a black hole, it's still a good idea to keep reporting. Spamcop is partially "user controled" in that it decides what to block in some cases based on how many complaints have come in for that mail server; if there are a lot of complaints, the server will be added to the blacklist, and future messages will be caught. Even this isn't 100% effective mind you, but it's about as close as you're going to get considering it's impossible for anything to be 100% effective.

Re:How effective is SpamCop?

[Saint+Aardvark]

Someone else has already mentioned this, but here's my two cents.

I used to work at the helpdesk at a small dial-up ISP. I ended up taking care of abuse complaints, and SpamCop came in handy many times. For a while we had a spammer sign up once a month for a throwaway account, and the very first indication was always SpamCop. I flatter myself that after being shut down a few times in a row, he went elsewhere.

SpamCop is easy to use, quick, and it provides the admin with all the information she needs. If you've got rogue ISPs (hate to use the phrase, but it's appropriate), then they're not gonna pay attention to anything less than the 153rd Airborne. (Not a bad idea, actually.) But for places that do care, it's excellent.

Re:How effective is SpamCop?

[Malc]

I've been noticing a lot of false-positives in the last 6 months with Yahoo's spam detection. People who use the wem mail interface might notice as I'm sure they don't check their bulk folder enough. I have my Yahoo mail forwarded by SMTP and my server bounces anything with X-YahooFilteredBulk set (and forwards it to Spamcop)... at least 5 times a month a friend comes to me saying their message got returned as spam. According to my logs, Debian users mailing list messages are also getting trapped on a regular basis.

Yahoo's filters are effective at catching spam, but they also create a lot of false-positives (worse).

Re:How effective is SpamCop?

[Senior+Frac]

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

That depends on your goal. You apparently want to not see the spam after it's sent, but don't care about paying for it's transmission. Some people care about the latter and view the spam problem as a social one that must be addressed.

Re:How effective is SpamCop?

[jrockway]

> Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

I'm glad someone finally got it right. Let's come up with a technical solution instead of a legislative solution. This way, everyone is free to do what they want (which IMO is a good thing), and I don't have to read spam. SpamAssassin is great (I've been training it with sa-mark for quite some time, but it's not doing bayesian filtering yet. Time to RTFM...).

Re:How effective is SpamCop?

[arth1]

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail.

Insightful, my arse.

The RFCs specifically state that a mail transport agent MUST accept the connection regardless of the HELO/EHLO. There's a reason for that too.
What if the sending MTA is inside a NAT boundary, with its own internal DNS servers? Then its *real* name could very well be "microsoft.msft".
Further, it would have NO way of knowing what the name as seen from the outside would be -- with multiple routes to the outside, that would depend on which interface on which NAT router the outgoing call went through. So the MTA does the right thing -- it identifies itself with what it believes is its correct name.
If your MTA won't accept that, then you don't really understand how cross-network traffic works, and have seriously misconfigured your MTA.

Again, there's good reasons why the RFCs specifically states that your MTA must accept all valid HELO/EHLO names. If you need authentication, implement authentication. HELO/EHLO was never meant to be that.

--
*Art

Re:How effective is SpamCop?

What this means is that one of the domains that you were complaining directly to was owned and operated by a spammer. They do seemed to get a little pissed off when complaints are being sent accussing them of spamming. The only real fix is to complain to the upstream providers. But even this doesn't always work. Must upstream providers couldn't care less as long as they are getting paid.

Re:How effective is SpamCop?

[Uggy]

I suppose you're also the type that likes to see 192.168.x.x in a traceroute from the Internet? Hmmm?

The HELO check was a life saver during sobig. And I don't care who you are, reporting yourself as microsoft.msft is just stupid even through a nat'd connection.

One more thing... magic must defeat magic!!

Re:How effective is SpamCop?

That depends on who owns the corpus. Is their corpus system global wide, or only one per user. If it's one per user, then the user MUST have a clean corpus or it won't be very effective. if just ONE spam lives in the "ham" corpus, then it's polluted.

Then, the spammers are going through great lengths to get past the Baysian filters, and seem to be doing a good job of it., but we've been able to filter those out as well.

Re:How effective is SpamCop?

[aggressivepedestrian]

I agree. I'm still using SpamCop, but I get serveral false negative a day that Mozilla recognizes as junk, and several false negatives that Mozilla recognizes as valid mail. Why should I pay them $30 a year when Mozilla gives me better filtering?

Re:How effective is SpamCop?

[Kris_J]

My primary email address is a Spamcop address. I get about one spam a month and it never makes it to my inbox. This last bit is important -- I only have dial-up at home and I don't think that downloading 40 spam messages (my old daily rate, when I had a Yahoo account) then filtering them is the answer.

Re:How effective is SpamCop?

[Malc]

1) As somebody whose mail is automatically forwarded from Yahoo... tell me how to update my corpus?

2) I'm not convinced by Bayesian filters. It took tens or hundreds of Sven viruses before Mozilla started automatically moving it to my junk folder. I would say that half the stuff that get's past Yahoo also gets past Mozilla, even though I've trained Mozilla with about 15,000 pieces of mail (half-and-half junk and not junk).

DNS

[Detritus]

What's preventing the restored DNS records from propagating from the root server down to all of the requesters?

When I send mail to spamcop, my ISP's mail server bounces it with a fatal DNS error.

Re:DNS

[sethgecko]

What's preventing the restored DNS records from propagating from the root server down to all of the requesters?

your isp cached the fatal response. you have to wait for the fatal response to expire from their cache before they query the root servers again. Or run your own dns server.

Spamcop's a waste of time.

[Anonnymous+Coward]

Most of the spam comes from and/or points to IP addresses in China and Brazil. Their reaction to your reports, if they even receive them, is "We'll get right on it."

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Re:Spamcop's a waste of time.

[OS24Ever]

What's wrong with Cyveillance?

Being that I"ve used Spamcop now for 3 or 4 years, just curious.

Re:Spamcop's a waste of time.

[Detritus]

Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Why?

Re:Spamcop's a waste of time.

[admbws]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

Cyveillance ignores robots.txt and uses deceptive user agents to crawl websites that might have material that doesn't jibe with the PR stance of their corporate clients. They are actively involved in suppressing free speech on the Internet by selling "monitoring" services to its corporate masters. The discussion about Spamcop in bed with them

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

I agree that blanket bans suck, but (especially in oppresive China) the administrators of those IP blocks are capable of getting their act together. Their elimination of access to the mailboxes around the world is a natural consequence of their inaction wrt the spam problem.

Re:Spamcop's a waste of time.

Simple, I dont know anyone in China, Korea or South America. Ive just banned LAPNIC IP adderss, all of China and Korea and most of the rest of Asia as well. Fuck em, ive someone there wants to email me, they can me phat.co.nz

Re:Spamcop's a waste of time.

[Carrion+Creeper]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China

(sarcasm)That way we can be sure not to hear anything about human rights violations in China as well. That stuff is even worse than spam. Who wants to hear it? Not me. Pesky dissidents trying to send messages out of the country.(/sarcasm)

And god forbid anyone in china or brazil should try to conduct business with the US (just assuming here). Like our trade deficit wasn't enough already.

Re:Spamcop's a waste of time.

blanket bans may suck but it's better than nothing. if all u.s. isps were to completely blacklist ALL asian, brazilian, pakistanian and russian ip blocks, you'd see the spamcount in your inbox go way down.

as long as those overseas isps don't have to face any consequences for their actions, then they will continue them.

maybe their one or two legit customers could apply some pressure on them to clean up their act but given that the chinese government runs the telecoms there, and given that government's history of abuses, i doubt it.

Re:Spamcop's a waste of time.

[Rick+Zeman]

Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Why?

Cuz as a paying member of Spamcop (reporting is integrated into Mailsmith for OS X and it's just too easy to use(, it pisses me off that I'm paying for the pleasure of giving Cyveillance information that they're getting paid to utilize.

Re:Spamcop's a waste of time.

[AKnightCowboy]

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Banning is the proper way to deal with unethical Internet activity. There's nothing wrong with it. If an ISP chooses to allow unethical behavior to occur on its network then it will need to learn to deal with the consequences of the rest of the Internet shunning it. Sure, it hurts innocent people, but people shouldn't give business to unethical businesses. "But Maaaaannnnnn, it's the only ISP in town that offers broadband!" Well, suck it up then. It sucks, but that's the price we pay for running all the small mom and pop ISPs out of business by moving to MegaTelco DSL provider.

Re:Spamcop's a waste of time.

See "CDDB" and "Gracenote"

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

Please see my reply to the sibling of your pose wrt Cyveillance.

Re:Spamcop's a waste of time.

[Ilgaz]

and you think those T3 mail harvesters really CARE about robots.txt ?

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

The T3 mail harvesters don't claim to be legitimate businesses and sell their services to corporate America.

Re:Spamcop's a waste of time.

[James+Crid]

>It would be far more effective to simply drop any SMTP connections from networks in Brazil or China Indeed, which is why SpamCop's mail allows you to do that if you wish.

Re:Spamcop's a waste of time.

"but blanket bans suck [somethingawful.com]."

No, I am glad my ISP blocks all mail originating from CogentCo servers. They allow spammers to operate freely and even aid them in changing their IP's when they are blacklisted. Anyone that does business with these scumbags deserves what they get.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

If China would like to conduct business via email, they can clean up their spam problem. Or buy a subscription to AOL and call long-distance :).

Re:Spamcop's a waste of time.

I can't figure out your sarcasm. Which part you don't agree with and which you do. I don't think any dissidents are going to send me anything. I hear about that stuff from the news, not e-mail.

Re:Spamcop's a waste of time.

[Ilgaz]

eek... That corp is evil... Thanks for info, will cancel spamcop account right now.

Re:Spamcop's a waste of time.

[mabu]

You don't understand how Spamcop works.

There are several levels. The "complain to the ISP" is just one of Spamcop's services. Their network employs an automated system maintaining a real-time relay blacklist based on spam reports. Even if the ISP doesn't respond or take action, rogue smtp relays will be automatically blacklisted and participating networks will begin to refuse to accept mail from these systems, whether the ISP chooses to deal with it or not.

Re:Spamcop's a waste of time.

Bullshit.

Much of the spam operations going on right now are "mom and pop" businesses themselves.

Moron.

Re:Spamcop's a waste of time.

If they even attempted to be accurate, it might be worth using to dump email from IPs on the list to a special folder for later sorting. As it is, they are nearly as bad as SPEWS.

Look at number 10 on this page

SpamCop now implements "pre-emptive" blocking of hosts. This is based on non-SUBE points (mail volume) alone, and is not related to complaints. If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed. For example, a host which has no more than 24 hours history for sending mail will be listed under the assumption that it is most likely a new source of spam (since the great majority of new sources of email are sources of spam). After 24 hours, we hope that users will have had a chance to report spam from the new host - or not. If they do, then the other rules will list the host. If they don't (and the host keeps sending mail), then it will drop off the blacklist.

Not bad enough the accidental false positives. Now they block you just because you send any email at all.

If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed.

Bullshit. My site has sent god knows how many emails since April, there has NEVER been a spam complaint on the IP address and likely never will be, yet I am receiving bounces from people using their "pre-emptive" blocklist.

Spamcop is bullshit run by a Seattle hippie with an agenda, namely that all commerce is evil and should be kept off the internet.

Re:Spamcop's a waste of time.

(sarcasm)That way we can be sure not to hear anything about human rights violations in China as well. That stuff is even worse than spam. Who wants to hear it? Not me. Pesky dissidents trying to send messages out of the country.(/sarcasm)

I drop all connections from APNIC (except for OutBlaze), RIPE, LATNIC, 38/8, any open proxy/relay, known spammers, and anyone sending more than 50 emails in an hour.

Strangely, the spam load on my users has dropped by 60% or more, with only one or two false positives per week. (traffic is > 60K per day).

I am now looking at using SpamAssassin to find links in email and dump any with ties back to APNIC, LATNIC, RIPE, or 38./8.

As for any cries about injustice and not getting any email about it from China, I remind you that the current administration has already proven several times not to give a fig. That's why Seria is on the Human Rights commission in the UN, and the US isn't. For further proof, look at how many countries the US supports that are dictatorships, against their foes which are, wait for it, freely elected governments. For example, Pakistan v. India.

Now go be a gool little bundist and mod this down because I'm bashing Dubbya.

Re:Spamcop's a waste of time.

"Spamcop is bullshit run by a Seattle hippie with an agenda, namely that all commerce is evil and should be kept off the internet."

Spoken like a true spammer. The "commerce is evil" bit is straight out of the spammer handbook for trashing anti-spammers. Gee, a spammer that doesn't like SPEWS or SpamCop--how unusual.

Re:Spamcop's a waste of time.

[DonnaS]

Without knowing the IP address in question, it's kind of hard for anyone else to judge. I use the SCBL as one of a range of filtering (not blocking) options on my personal email, and the few false positives I see (about 2 a week out of, oh, about 2000 emails on average) result from the Bayesian filter not the SCBL. I don't think I've ever seen a false positive resulting from using the SCBL. Doesn't mean it can't happen, I know, but it's not been my experience.

Re:Spamcop's a waste of time.

And god forbid anyone in china or brazil should try to conduct business with the US (just assuming here)

As far as I'm concerned, chinese businesses can fuck off. They come to visit your company on pretext of setting up business deals, all the while busily taking pictures of your manufacturing and getting information about your procedures. Then they go away never to heard from again, and six months later the chinese are knocking out copies of your product.

Re:Spamcop's a waste of time.

"Without knowing the IP address in question, it's kind of hard for anyone else to judge."

Sure, an IP address would certainly help clarify this particular person's problem. In absence of an IP address, one can only judge based on the comments of the poster. In this case those comments were anti-SPEWS, anti-SpamCop, and anti-anti-spammer. Typically, that indicates one of three things:

1. ignorance
2. a spammer
3. an innocent bystander who is having connectivity difficulties due to the fact that his ISP is providing spam support services and people have chosen not to except email from that spammy ISP.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

It appears that rules 1 and 2 are still in force.

Re:Spamcop's a waste of time.

No, bans are good; somethingawful.com sucks. I would ban somethingawful just because it's full of worthless whining idiots, but SPEWS never even listed them at all. SPEWS listed their spam-whoring ISP, CogentCo, which richly deserves complete loss of all connectivity of any kind. Mail admins everywhere agree, which is why somethingawful temporarily lost some of its CogentCo-hosted SMTP connectivity. Oh, boo hoo. If this happens to you, quit crying and screaming and reroute your outgoing mail through a less "awful" ISP. It's not rocket science, and it's not somebody else's problem.

well

[loraksus]

They did have a disconnected phone number, which Joker might of have had some legal crap in their AUP, if so, it does change the situation a bit - but it seems that Joker was kind of a bitch here and the articles don't exactly give shining reviews of their customer service. Seems that the company is living up to their name.

I wonder how much better a distributed system would work . . .

Re:ATTN: Webmaster of goatse.cx/hick.org

I can't wait to see what they do for Thanksgiving!

~~~

Re:ATTN: Webmaster of goatse.cx/hick.org

[October_30th]

Stuffed goatse-turkey, of course.

SpamCop costs

[cft]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Proletariat of the world, unite to kill spammers

Re:SpamCop costs

DDOS attacks are dumb. If Al Queda want to do one, let them. "Oh no" -- Microsoft.com will be offline for a few days, or whitehouse.gov will be unreachable.

big deal. Why does everyone have to bring it back to terrorism.

Re:SpamCop costs

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it. The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

I can't say that I feel sorry for the anti-spammers. While I think that their intentions are good their methods are almost as sleazy. Having worked for an ISP in a previous life I can say that anti-spammers didn't give a hoot about anything but stopping spam...at whatever cost to the ISP.

Re:SpamCop costs

go away, you piece of shit somethingawful user. for crying out loud, don't you people know when to stop?

Re:SpamCop costs

Indeed. The anti-spammers have had a worse impact on my life than the spammers. But they don't care, they have an agenda. They could resolve the problem themselves by requiring all of their e-mail participants to use PGP signed e-mails and a key trust network. But nooo, they'd rather sit back and attack ISPs left and right. Bunch of babies.

Re:SpamCop costs

[shokk]

And at what point do people get sick of the legal route and take matters into their own hands? I think the messages gets across after a few spammers disappear in a mist of quickly oxidizing nitrogen-based substances, or a hail of metal. For those International spammers, at some point the links to the civilized world have to be considered a liability and just need to be shut off or filtered.

Re:SpamCop costs

[grolschie]

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed

"We are 100% certain that they have Zombies of Mass Destruction" - GW Bush

First DoS'd by spammers...

and now slashdotted...

Poor SpamCop.

USENET is INDESTRUCTABLE!!!

Just post it to usenet.

'A false Complaint'

[nurb432]

Is this the wave of the future? If you dont like someone just make up something and 'report' them... Let them pay the bill to fight it. Be it with their ISP or the HSD......

Just wonderful...

[rjch]

geekwench writes "SpamCop was apparently the victim of a recent DoS attack.

So of course, you just had to follow a DoS attack with a Slashdotting, didn't you? :)

SpamCop doesn't work..

[destiney]

I reported every single spam email I got to SpamCop for over 4 months, did the follow up confirmations and all. My spam intake went throught the roof in that 4 month period.

http://destiney.com/spam.php

Finally I just gave up and stop reporting spam to them at all.

Re:SpamCop doesn't work..

[Anonnymous+Coward]

This is probably because, despite's SpamCop's best efforts, there was something in each email (maybe that "random text" included to get past filters) that identified your address. Once it was a known good address, they spammed away. The spammers come mostly from Brazil and China, and/or use open proxies or hacked machines to send their sporge. Reporting them has no effect, other than maybe helping $CABLE_ISP tell a user to scan his box.

Re:SpamCop doesn't work..

[Therlin]

I'm glad I'm not the only one wondering about this. I thought I was going crazy.

I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.

A couple weeks ago I thought I was just being paranoid, so I started reporting them again. Same thing happened.

Overall they are doing a great service. But somehow (random letters, or reports being sent to the wrong people), my address keeps getting flagged as a valid one. So I'm done with them.

Re:SpamCop doesn't work..

Maybe you would like to run your spam through Mail::Graph - see cpan or bloodgate for the scripts, and here for an example.

If you have any questions, mail me.

Tels

Re:SpamCop doesn't work..

[djmurdoch]

I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.

I had exactly the opposite experience. I've been a regular Spamcop user since last year. For about a month this spring I was too busy, and stopped reporting, and the amount of spam I was receiving doubled. It's kept fairly steady since then.

I suspect that my name is listwashed by some spammers, and added to other lists. When I stopped reporting, they stopped listwashing.

This is why...

[Dthoma]

...we have client-side spam filtering.

spamcop is also being used to suppress bbv

[DrunkClam]

www.blackboxvoting.com

Re:spamcop is also being used to suppress bbv

[thirty2bit]

Interesting site.

Luckily, I'm politically agnostic.

Re:spamcop is also being used to suppress bbv

Did you read their site? It helps to have Spamcop in the loop.

"Only after SpamCop repudiated the complaint on our behalf did he relent and reestablish service." ...

"I thought that would be the end of the matter, but several weeks later we were again shut down over a "spam complaint", this time for a news announcement Bev sent to our "opt-in only" mailing list. Once again, Mr. Kish was implaccable and this time we had no SpamCop to intercede, as this complaint had come straight to them."

Re:ATTN: Webmaster of goatse.cx/hick.org

Hopefully with a little "dressing!"

~~~

Complaints don't work

I'll tell you why: they are not numerous enough. I'm the abuse mailbox handler for a well-known company that is disliked on and off line. Out of a 5-million-address mailing, I get maybe 12 complaints. Management does not care to alter anything about our "customer retention management" system. In fact, with only 12 complaints our of 5 million emails, they think we're doing pretty damn good, and so do I.

We do the following:
1. Opt-out only. You do business with us, you're on the list and have to taken yourself off of it to stop getting our mailings. There is no choice to opt-out at time of purchase, no choice to omit your email address.
2. Sell your address to our partners. Our contracts with our partners requires us to collect addresses when we make a sale for them, and pass the address lists along.
3. Pass off opting out of partners' lists to our partners.
(We spell all this out in the online Terms of Service which is displayed before a customer makes a purchase. People still buy).

Still, with all these "bad practices" in place, we only get a dozen complaints out of several million spams sent. We're on AOL's whitelist of approved spammers^Wmarketers whose mailings bypass their spam filters. We're on other ISP whitelists, too. If we get a Spamcop complaint, I dutifully click on the link in the notice, check "account terminated" and that's the end of it. But with only a handful of them each week, I can take care of the Abuse mailbox in less than a hour a week. Anti-spammers have had no adverse effect on us in the four years we've been doing it this way.

Re:Complaints don't work

You're full of shit. Name the company. The next step after a false "account terminated" is to contact the upstream, and contact live people at the company. You'd get more than "twelve" out a 5E6 scale mailing, I assure you. Just from me.

~~~

Re:Complaints don't work

Yeah, sure, whatever you say. Care to back up your claims by identifying your company?

Re:good service

haha you have to post at -1 so no one can even see what you post!!!!!!!!1111!!!

Can't

[Convergence]

The problem is that anti-spammers demand a nuke-first ask-questions-later policy for shutting down 'bad' sites.

Unfortunately, that policy can also bite you in the ass. You can't have it both ways.

W32/Mimail.e@mm attacking spamcop also

Network Associates is reporting an E variant that just came out of W32/Mimail that attacks the following domains:

spews.org
spamhaus.org
spamcop.net
www.spews. org
www.spamhaus.org
www.spamcop.net

Here is the link to the description:

Link to W32/Mimail.e@mm description

This might explain some of the other issues folks mentioned above like getting to Spamhaus, etc... I saw a few instances of W32/Mimail.c@mm on Friday in my day job. That one launched DoS against darkprofits.net besides sending itself to everyone in an address book.

bbh

lawsuit?

[Althazzar]

IANAL, but doesn't this give reason for some sort of lawsuit? Joker have, on account of one false complaint about wrong adres info, suspended a service which i presume was still being paid, without any warnings after their first one, though a reply had been given. I don't know which law applies here, but in Holland, this would be reason enough for a court meeting.

On top of that, there is ofcourse the question of: how is this possible? are there rules for actions of this kind? returning a fax is, IMHO, indeed no prove at all, though it will probably hold in court.

And a question to the lawyers here: if you, with bad intentions, use this method to bring down sites, is that a crime? I'd think yes, but then, Joker has to give the name of the person that claimed te info being false.

In all: interesting things may come out of this...

Personal Thought

[Kyrthira]

It's about time. I can't say I'm surprised. Childishness over the internet seems to be a trend lately. -.-

New email worm that DDoS's Spamcop/SPEWS/Spamhaus

[wayne]

I saw this mentioned on the spamcop news group.

There is a new email worm called W32/Mimail-E that is designed to create a distributed denial of service attack on the anti-spam websites of spamcop, SPEWS, and spamhause. See: sophos write-up.

Because they violate copyright laws?

Lets see, Cyveillance:

• Copies copyrighted materials without permission, for a commercial purpose;
• Takes this copyrighted matterial and puts it into a databse;
• then sells access to this material for at least $80,000/year
• Refuses to stop doing this when requested
• Hides the identity of their robots.

Sounds like a thief to me.

You may think that one can download anything off the web you want, but you can't. Just because the public can see something does not mean that people can copy it and then sell it.

Re:good service

[acceleriter]

I saw it.

Funny, your name doesn't sound very Pakistani.

Why is that?

Was it an attempted LART?

[Dynamoo]

There's a long and quite interesting thread in news.admin.net-abuse.email about an attempted "LART" on SpamCop by a well-known character called Jamie Baillie. This came out of a result of a long-running dispute between Mr Baillie and more or less everyone else who posts to that newsgroup.

There is no proven connection between the issues at the registrar and Jamie Baillie's attempt to have SpamCop shut down, but the complaint to Joker (the registrar) was anonymous and clearly vindictive.

Oh yes.. the domain name cesmail.net will often work in place of spamcop.net for those still struggling to get through.

Spamcop is infuriating - can't interpret anything

[DoorFrame]

So I use Outlook XP for email (go ahead and laugh now). One of Spamcop's most useful features is the ability for the user to simply forward spam directly to a predefined email address (one for each end user) and have Spamcop handle the rest. I have one or two addresses within a domain that I own which receive nothing but spam. I usually just filter them all to the trash, but I decided to start forwarding them along to Spamcop and let them do their thing. When it works, Spamcop is great.

So I tried this with Outlook. Spamcop simply responds that it cannot find the spam within the forwarded message. Apparently it doesn't parse Outlook mail properly. This seems weird considering Outlook is the most widely used commercial email program... you think they would write their filters with Outlook in mind. But ok... I go back to my server. I set up aliases for the two offending usernames and send the spam directly to spamcop, never having it touch my Outlook. I figured this would solve the problem.

Nope, Spamcop couldn't read that spam either. And Spamcop won't tell you what the problem is, exactly. I've never been able to get the email forwarding thing to work properly, and it's frustrating because it would be a great service.

Has anyone had a good experience with email forwarding? Can anyone suggest a simply solution to this problem?

Joker.com's lack of due diligence.

[wayne]

I've been thinking about this. I agree, Joker did not exercise proper due diligence.

They *assume* that email is a reliable way of contacting someone, but the *require* you to fax a document to them. I do not even have a fax machine and, off hand, I don't know where I could send a fax from the US to Germany. I suspect that it would cost at least a couple of bucks and would take a fair amount of time.

They sent *one* email before shutting the domain down. They did not reply to the (one) email that was sent in reply. I've never used joker as a registrar, but I bet they send out more than just one email to remind people to renew their domain.

The email that joker sent needs to be rewritten by someone who knows english and to make it clearer. I found it quite ambiguous.

Granted, Julian freely admits that there was a bad phone number and also that he didn't fax a response to them. Part of the fault does lie with Julian, but I think far more lies with joker.

Re:Joker.com's lack of due diligence.

[Basje]

I use joker exclusively, and they don't mail only once. As I can tell from my email history, they send 2 mails: the first 8 weeks before a domain expires, another 4 weeks before it expires.

They may send more, but I never let it come that far: either I canceled at that point, or I extended the contract.

Re:How effective is SpamCop? -- We Love It!

[gizmonic]

I work for an ISP and honestly, we love SpamCop. Our abuse mail gets a lot of complaints. We can take action on maybe 2% of them, because people simply don't give us enough information. "Stop sending me spam" does nothing for us, nor do the 75% of people who forward the spam and do not inlcude the headers. (Honestly, how can so many people still not know to include full headers when reporting spam?)

The SpamCop reports have ALL the information we need (timestamps with time zone are crucial) to track down a spammer and get them off our network. The other nice thing is that once all the SpamCop complaints are handled, we usually find that the few regular spam reports we can track were about the same people we just got done banning due to the SpamCop reports.

So, at least for us, SpamCop is very effective. Granted that's just one ISP, but there ya go.

Because...

...it really reduces the traffic load on ISPs.

Spamcop works!

[Futurepower(R)]

There have been times when I have reported spam to Spamcop and received an apology from the spammer's ISP less than two hours later.

Re:Spamcop is infuriating - can't interpret anythi

I noticed that error when I forwarded some spam inline instead of attached.

Don't blame spamcop for a default MS Outlook setting!

Re:Listen up, niggers!

Yes, having one nuke makes your shitty country a "nuclear power." But once you've used it, or we've destroyed it, you're just another third world backwater that has two choices: acquiesce or die. Your government seems to have wisely chosen the former, at least for the moment.

~~~

SpamCop's odd choices for providers?

[harlows_monkeys]

I don't understand spamcop.net's choices of providers for various services. For a domain registrar, they are using a German company, that they have no idea how to call when things go wrong. Wouldn't it make a lot more sense to use a US or Canadian company that would be easy to contact? (Note that I'm not saying there is anything wrong with German companies!)

Second, on their pages, they have at the top a recommendation for a specific web hosting company, presumably the one they use--this isn't a banner ad, but rather an ad written right into their HTML, so it sure looks like it is their personal recommendation for web hosting. When I was looking for a new hosting company for my site, I wanted to find one that was not soft on spam, so that I would not have to worry about ending up in SPEWS, and figured that the one SpamCop uses would have to be good. Checked out their plans, and they were good. I was ready to sign up, but decided it would be dumb not to at least Google a bit...and I found that that hosting company does NOT have a good reputation in the anti-spam community!

You'd think one sure-fire way to find a white-hat ISP would be to use the one that a major anti-spam site recommends, so this was quite a shock.

Re:Spamcop is infuriating - can't interpret anythi

[mabu]

So I use Outlook XP for email

What's it like to live your life at Defcon 1 with Outlook?

Re:New email worm that DDoS's Spamcop/SPEWS/Spamha

I have been contending for years that a substantive (if not majority) proportion of virus and trojan activity is the work of spamming operations. This latest worm leaves no doubt.

The Federal Authorities are aware that spammers lead the way in the most "terroristic" use of network technology. Why are they not doing something about this?

Only 10?

We can put in more effort than that!

Spamcop works

[Blackknight]

Spamcop is great if the ISP or web host actually responds to the complaints. I work for a web hosting company and we investigate every complaint that comes in. If it's legit the account gets terminated.

I still think by the time spamcop gets to us it's too late though. You can't unsend spam, once it's out it's out. They'll just get a different account on another host. What we need is some kind of filtering on the incoming and outgoing sides. Or the world could just switch to something besides Outlook, which helps these viruses and worms propagate.

Re:Spamcop is infuriating - can't interpret anythi

[athakur999]

Check out SpamSource. It's a plugin for Outlook that'll let you forward email correctly to SpamCop or any other service.

Outlook doesn't forward all the headers properly if you just use the "Forward" button which makes trying to submit spam that way useless. There is a way to get the complete headers, but it's time consuming, so SpamSource makes things much easier.

It's partially free, depending on what features you enable. Hopefully someone will create a totally free full featured workalike eventually.

Best working solution we have right now

[mabu]

Right now, Spamcop is THE most effective anti-spam solution bar none. End users don't realize the effect Spamcop has on overall network performance and the reduction of spam they receive in their inbox. Most users naively think client-side filtering helps when it's little more than a band-aid on a severed artery.

In the last 24 hours, one of my modest-sized mail servers reported these stats:

accepted mail: 2480 messages
spamcop blacklist rejected mail: 8216 messages

This is with no legitimate mail being blocked and a rather conservative set of relay blacklist rules.

That's more than 70% of the e-mail we receive clearly identified as spam and rejected at the server level.

But at least we stop the spammer as soon as he connects. We don't receive any of the junk e-mail once we identify mail coming from a known spam source. This reduces our operational costs, tax on hardware and software and available bandwidth to all users. Client-side filtering consumes all these resources and offloads the burden on the end-user to pay for software that still does not effectively deal with spam.

When you employ client-side filtering you do NOT stop spam; you do NOT reduce anyone's operational cost. When you deny mail relay access from spammers you DO cost the spammers time and money!

Spamcop has proven itself to be the most effective and productive solution at present, which is why it's being targetted by spammers. Using Spamcop's RBL, spammers can't even connect to participating networks. When you employ client-side filtering, you help spammers because their argument for de-regulation of spam involves putting the cost burden on the users - all they care about is delivering X messages and that is still accomplished, whether your mail filter catches it or you manually delete the junk, so this "solution" encourages future spam activity and also breathes more life into companies like Symantec that actually profit from the spam epidemic.

There are only two more-effective solutions to the spam problem: 1. The Federal Government finally deciding to pursue the spammers who break into computer systems (which has been illegal since before the Internet existed), and the employment of a sanctioned smtp whitelist.

I posted a previous comment with my detailed analysis of the issue and exactly how it can be realistically solved.

Re:Best working solution we have right now

[-jaded-]

I'm curious how you determined that there were no legitimate messages blocked if you are rejecting the message on connection rather than based on analysis of its content. If you reject the message fefore you even look at it can you make any valid statements regarding the message content i.e. spam vs. legitimate?

There is also the odd statistical discrepancy that about 50% of all email traffic is spam and yet you are rejecting a significantly larger fraction that average. Unless your organization is a serious anomaly and gets significantly more spam then average you should go back and check your numbers a bit.

Check the latest product reviews. Spamcop isn't the most effective or the one with the lowest rate of legitimate messages blocked. They're not bad but they're a far cry from the best.

And finally, regarding your shot about Symantec profiting from spam filtering consider the following question. If Spamcop has no means of making money from its spam filtering, what gurantee do you have that they will be around for the long term especially if they are spending enough on bandwidth to weather a sustained DDOS?

Re:Best working solution we have right now

[mabu]

I'm curious how you determined that there were no legitimate messages blocked if you are rejecting the message on connection rather than based on analysis of its content. If you reject the message fefore you even look at it can you make any valid statements regarding the message content i.e. spam vs. legitimate?

Believe me. My clients let me know pretty darn quickly if any legitimate mail gets blocked. Our system bounces the e-mail with a URL to a page where they can contact us to let us know that their legitimate mail was blocked.

I am aware Spamcop isn't the "tightest" RBL, and most ISPs, including me, use multiple RBLs that have different, yet complimentary criteria for listing. If you're a network admin and you're tweaking your mail system, there are a number of factors to take into consideration, as well as priorities. My goal was to employ the tightest anti-spam protection with the least impact on legitimate mail. I could cut down on the spam that gets through by tightening things a little more, but I'd rather be conservative in this respect.

Spamcop does make money and charges its members for its service. Obviously Spamcop profits from spam as well, but unlike Symantec and other producers of client-side filtering systems, the use of Spamcop *reduces* user and network resources whereas the client-side systems consume even more.

As far as Spamcop and the DDOS vulnerability, it's an issue; it's an issue for everyone online. My advice to Spamcop is to have them host a small government web site for free... that way when they're DDOS'd, it would be considered an act of "terrorism" and the attacker could get the death penalty under the Patriot Act...

Umm....

I also wondered the same thing, but for reasons best left unsaid maybe it wasn't a good idea to point him out and mention this to slashdot.

Re:Umm....

What, that he will feel obligated to post on slashdot defending himself like he does on nanae?

In case you're interested, here is what happened just before he made the threat to spamcop. This is proof that he is not above such things.

And, yes, this is my site.

Re:Umm....

No, I was definitely not thinking of that and while it would be funny, that wasn't quite what I was concerned with.

Its just that Lamie has enough attention already, and it might not be the best thing to give him even more attention from slashdoters and slashtrolls. Some examples would be an increase in the amount of threads about him LARTing, or an increase in Lamie joe jobs.

Then again, maybe I shouldn't worry this. People might just end up wasting Lamie's time, which means less of it posting to NANAE, more time spent "LARTing" and sending five pages of tracert information to every email box he can find. Maybe a kook from here will email him and their "discussion" will end up in an infinite loop.

If you happen to be reading this Lamie all I have to say is this:
TEST!

Spambayes

[kenyob]

Who needs SpamCop...
Just use <A href="http://spambayes.sourceforge.net/">SpamBayes </A>.Its free, open source, and works almost as well as my Mailblocks account...

Dropping/Banning China and Brazil

Unless you're talking about doing the blocking/banning for your own email account exclusively, you must be one of the FEW companies anywhere that has absolutely no business or communications with China.

How interesting it would be if one of the managers, CEOs, or others try to contact their supply chain in China, only to find their emails being bounced by your blanket ban on all emails there.

Or then again, maybe you choose to ignore China altogether, ignoring the biggest market in the world, cheapest labour (for better or for worse), place of the next Olympics, one of few countries able to launch astronauts in space, etc.... I wonder how long you keep your admin job.

Re:Dropping/Banning China and Brazil

[Anonnymous+Coward]

During discussions with management about blocking China, Korea, Brazil, and other countries whose PTT's are spam havens, management can indicate what to whitelist in the unliikely event there would be any legitimate traffic blocked.

I wonder how long an admin would keep his job when his managers are subject to the full tide of Chinese spam.

Re:Spamcop is infuriating - can't interpret anythi

[DonnaS]

Suggest you read the archives on the Spamcop newsgroup - this was discussed at great length there, with various solutions offered, if I remember rightly. The fault is not with Spamcop, but with how email from Outlook is constructed.

Blocking by country is fraught with danger

[dbIII]

Most of the spam comes from and/or points to IP addresses in China and Brazil.... drop any SMTP connections from networks in Brazil or China

Vast amounts appears to come from the USA - by IP address anyway. The net is still US centric (ie. plenty of Asia to Europe stuff is routed through the USA, and plenty of offshore stuff is hosted in the USA) - so blocking those IP addresses would be idiotic. A lot of companies do business with China, and any company of any decent size anywhere has a few employees that send mail to relatives in China - so blocking mail from there is impractical, and has serious policy issues (ie. why everyone but those of chinese descent can email their friends and relatives). I'm sure in the USA, being closer to Brazil, there are similar issues with Brazil.

The next thing to consider, is that hosting of hotmail type services may end up moving to other countries to save costs. Suddenly not being able to recieve mail from such a source is the sort of thing that gets sysadmins sacked.

Personal, recreational email is a different story - you could limit it to only the contents of your address book without much drama. You'll still get spam though - just not much of it.

An Eye for an Eye... Attacking Spammers

I've been having trouble getting into Spamhaus too. The spammers are up to something.

Not withstanding the fact that spam is, itself, a denial of service attack, when spammers DoS a website or service, we have to respond by plowing them into the ground with our own DoS attack.

I like this little script, which I use on every URL in every spam that I receive. (Note that they were warned on my webpage not to send e-mail to the address which is "donotspam@$MYDOMAIN.com".)

Someone needs to write a Windows version of this and start quietly distributing it on the 'Net. It's an active and retaliatory means of dealing with spammers.

#!/bin/bash

COUNT=0

while [ $COUNT -lt 2000 ]; do

lynx -dump -traversal -useragent="By sending e-mail to my domain, you agreed to the published Terms of Service of my privately owned domains and servers, including the stipulation that all spam would result in your webserver log being filled with garbage. If you don't like it, don't send e-mail to my domains. If you don't want me to visit your website, don't solicit my visit by sending me unsolicited e-mail. You do not have a First Amendment right to waste my bandwidth, electricity, CPU time or hard disk drive space with your crap, characteristically illiterate or otherwise. Furthermore, I pray to The Lord Satan below that your wife and children get colorectal cancer and die slow and horribly painful and undignified deaths in front of you." $1?YOU_FILL_MY_MAILBOX_WITH_UNSOLICITED_CRAP_AND_W E_WILL_DO_THE_SAME_TO_YOUR_WEBLOGS

let COUNT=COUNT+1

echo $COUNT

done

I have spoken with a Federal Judge who assures me that there is little legal basis for a spammer to fight this tactic, given that my website includes a warning about what will happen if spam is sent to any e-mail address in my domain. Furthermore, I'm simply visiting their websites, with my web browser, as they've requested. Note that this judge is blind, and he is afraid to open his e-mail client in public because of the embarrassment of having "Bob's Magic Baste-On Penis Enlarger" being trumpted aloud by his screen reader.

I would suggest that any improvements to this program search for and eliminate e-mail addresses and other unique serial numbers from the URLs prior to pounding them. And it should also deal with "http://blah.com@www.spammer.com", hijacking of Yahoo and Google redirectors, and obfuscated URLs.

Analysis in my journal

[heironymouscoward]

From a while back...

here

NDA

Care to back up your claims by identifying your company?

And being taken to court for trade secret infringement and contract violation and losing a multi-million-dollar judgment? Ever heard of "non-disclosure agreements" or "trade secrets"?

Re:NDA

ever heard of bawk bawk chicken?

hows your 12 inch penis going to help you whithout any balls

Re:NDA

Ever heard of "non-disclosure agreements" or "trade secrets"?

Ever heard of spammer rule #1?

Re:Listen up, niggers!

It looks like some of you got lost. This discussion was about SpamCop and Joker.

The Irony

So mod me down as -1 Troll.

But the irony is delicious.

An anonymous complaint is made, no check to see if its valid, the evidence is not made available to the accused, summary judgement is made and the "guilty" party is black banned.

Sounds like the very worst stalinist justice?

Hah, at least Joker contacted Julian Haight, showed him the "evidence" and gave him plenty of time to fix the trivial problem. More than spamcop does.

This is a classic case of the kettle calling the pot black.

http://www.freedom-to-tinker.com/archives/000023 .h tml
http://www.politechbot.com/p-04126.html
http ://www.spamresource.com/sc.html

Not only that...

For a long time, Joker was seen by a lot of antispammers as being "the spammer's registrar of choice." Spammers were registering domains through Joker left and right, with clearly bogus information, and nothing was getting done about it. Complaints accomplished nothing.

I wonder why an antispam site would make this choice of registrars? Maybe Joker has cleaned up their act (actually it looks like they went a little too far) but I remember Joker as being a very spam friendly registrar.

Time for everyone to avoid joker.com

[getnuked]

This sounds so much like a moronic thing verisign.com would do (back in the day, or even recently) when they 'accidentally' gave away domain names without confirming the requests). How could these idiots do this, especially for such a high profile domain name?

I have my important domains at directnic.com which provides amazing 24/7 trouble-ticket based support. I don't even think the somewhat less tech savvy the, yet ultra cheap godaddy.com would try this.

Re:Time for everyone to avoid joker.com

GoDaddy pulled two of our domains last week without contacting us.

Outlook is the problem - read the FAQ

[Dave21212]

Spamcop has a detailed explainantion of the issues with the way the Outlook forwards mail. They also have suggested workarounds for Lookout's shortcomings.

mod -1: Xerox machine.

[YOU+ARE+SUCH+A+FAG!]

Way to cut and paste ass-master.

Do you masterbate to photocopies of your own ass, too?