Trouble Getting to SpamCop?

geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"

Yikes!

[Quasar1999]

This is scary stuff... anyone can get any domain pulled with a little accusation?

We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...

Thorn? It doesn't matter,

[Trick]

> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.

Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.

They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.

Spamcop's a waste of time.

[Anonnymous+Coward]

Most of the spam comes from and/or points to IP addresses in China and Brazil. Their reaction to your reports, if they even receive them, is "We'll get right on it."

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Re:Spamcop's a waste of time.

[admbws]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Re:How effective is SpamCop?

[tsarin]

As you say, SpamCop is fine; it's the ISPs that you need to worry about. A while back, I was running a mail server (forwards for a hundred-odd users, plus my own mail) off my DSL service. One of my users, playing the good little netizen, reported a batch of her spam to SpamCop, who, since my machine was in the headers, reported to my ISP--who promptly turned me off. No investigation, no "Hey, what's going on here?", not even a "Why are you spamming?". Lather, rinse, repeat, until the ISP ended up turning me off permamently. (And then, promptly, went out of business, shorting me nearly six months of my prepaid contract.)

Had they taken the thirty seconds to actually look at the headers, it'd've been obvious that I was, effectively, as much a victim of the spam as my user.

A "disconnect first, ask questions later" policy is fine, assuming you bother to ever actually ask.

Re:How effective is SpamCop?

[Uggy]

I agree. The only way to stop spam is by filtering it at the ISP or end user level. Email is too entrenched and too important for us to be mucking around with whitelists and trusted senders and whatnot. Reverse lookups would really do the trick, but since in my experience 99% of ISP's/bandwidth providers are just too uncooperative in updating their reverse DNS, that is out. Couldn't do virtual domains either.

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail. They'd call, "Hey, so and so can't send me email." I'd telnet to their port 25 and check what they returned in their HELO... sure enough, it was incorrect, so I'd notify the administrator and our client that their email server is not configured correctly (and it's an open relay to boot). A couple of days later this client would call again saying, "Other people can receive this guy's email, but I can't. What's wrong with your server?"

After a while, it's just a perception problem. You've got to be able to receive from everybody (except the absolute worst spammers). So we accept all mail and tag it with spamassassin using the X-Spam-Status tag. Clients then can filter it and check at their leisure. If they have a little more no-how, we tell them to download and install mozilla-mail or thunderbird with built in spam filtering. You've got to train it, but it works.

Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

And just think about this: even ipv6 STILL isn't widely deployed.