Trouble Getting to SpamCop?

geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"

Spamhaus too, maybe.

[MicktheMech]

I've been having trouble getting into Spamhaus too. The spammers are up to something.

2004 promises to be interesting

[heironymouscoward]

As spammers and virus writers get more and more integrated. Spammers have the money, virus writers have the skills, together they will play havoc with the cornfields of the Internet.

In the natural world, something like 60% of all species are parasitical, and the war between parasites and hosts is one of the defining aspects of all nature. Sex, for instance, is a way of shuffling locks faster than parasites can evolve keys.

It seems inevitable that software and communications will have to develop similar kinds of defenses against what is an inevitable onslaught from the parasitical forces that have developed to snack on the soft underbelly of the Net.

Cybersex, anyone?

Re:2004 promises to be interesting

[bruthasj]

Cybersex, anyone?

Interesting analogy ... except 66% of the spam is something about sex. How would this activity do anything to reduce spam from being poured into my inbox?

Or are there parallels in biological contexts that show parasitic organisms actually inducing host organisms to have sex? But, maybe you shouldn't since bringing this out would cause an influx of more spam beyond what Viagra has brought. Maybe, the word is "Mum"...

Re:2004 promises to be interesting

[marcello_dl]

Fighting spam on a purely technical perspective (authentication and rejection of unsolicited messages) is indeed very similar to competition in the natural world. However, from a different point of view, spammers have a vulnerability: customers must have a way to buy the advertised "product", which makes it traceable. This make spamming very different from most other kind of crimes, so i hope this outstanding peculiarity won't be overlooked when the governments decide it's about time to do something about spam.

Distrubited Blacklist

[attobyte]

When are we going to do a distributed blacklist so this @$#$!@#@$ $pammer$ can't pull this crap?

Re:Distrubited Blacklist

[bigberk]

When are we going to do a distributed blacklist

USENET is pretty good. Something like this, with underlying public-key crypto, may be more robust (it's worth the read!).

And I still soldier on...

[Maserati]

quietly reporting everything I get through spamcop and to the FCC.

It isn't helping, but maybe one of the ones I help get shut down will quit.

Surge in spam

[October_30th]

The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.

Re:Surge in spam

[letxa2000]

In March of this year I received 1638 spam. In September I received 5073, and in October alone it increased over 50% to 7704.

The good news is that with Bayesian filtering I only saw 13 of them in October.

Interestingly, my Bayesian filter continues to increase in accuracy. In October I was up to 99.8%. My guess is that they're increasing the number of times they do each spam run and that only makes Bayesian that much more accurate. That's the explanation I have for seeing such an increase in the volume of spam but at the same time seeing Bayesian getting ever more accurate.

How effective is SpamCop?

[YetAnotherName]

I was a religious SpamCop user for awhile. You tattle to SpamCop on a spam you receive, it checks its various databases, and then notifies various network authorities of the problem.

Problem being, that several of the network authorities are huge megacorps where the complaints get filed with the rest of 98,000 or are spamhosts themselves.

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

Isn't effectiveness the whole reason eight-year-olds tattle in the first place? ("Billy hit me!" Billy gets in trouble. (And Tommy gets beaten up after school.)) Somehow, I don't think enough spammers got in trouble.

Re:How effective is SpamCop?

What? Why??? Why should my mail server have to deal with all the traffic and why should spammers eat my bandwidth just for mailassassin to then /dev/null the email. This way, you dont even have to detail with all the extra traffic, it just disconnects the spammer, effective as the fucks usually bounce everything off open relays

Re:How effective is SpamCop?

[bigbigbison]

I used to use it pretty consistently. There were occasions when my inbox would get flooded with the same spam hundreds of times. The only times it ever happened was when I was reporting stuff to spamcop. This leads me to beleive that on some level spammers were being at least made aware of the fact that they were being reported (and then trying to take some measure of revenge).

Re:How effective is SpamCop?

[SwansonMarpalum]

I wouldn't worry about flooding filters hampering their accuracy. As long as people keep more or less true to the model which Paul Graham prescribed (training the bayesian filter only when it makes a mistake), then these spams have absolutely no bearing on the server's records; during the classification operation the filter's word database is "read-only".
What the spammers may have latched onto is the concept of overfitting. However due to implementation details, this shouldn't be a problem unless those operating the filters are grossly incompetant (you'd have to mark all of the things it catches as spam as not being spam, then mark it as being spam once again in order to do try and do this).
However one of the previous articles regarding the Joe-Jobs incited by the mocking of Dimensional Warp Generators does give one cause to pause before implementing one of Mr. Graham's retaliatory filters.

SpamCop costs

[cft]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Proletariat of the world, unite to kill spammers

Re:SpamCop costs

[shokk]

And at what point do people get sick of the legal route and take matters into their own hands? I think the messages gets across after a few spammers disappear in a mist of quickly oxidizing nitrogen-based substances, or a hail of metal. For those International spammers, at some point the links to the civilized world have to be considered a liability and just need to be shut off or filtered.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

Cyveillance ignores robots.txt and uses deceptive user agents to crawl websites that might have material that doesn't jibe with the PR stance of their corporate clients. They are actively involved in suppressing free speech on the Internet by selling "monitoring" services to its corporate masters. The discussion about Spamcop in bed with them

Re:Spamcop's a waste of time.

[AKnightCowboy]

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Banning is the proper way to deal with unethical Internet activity. There's nothing wrong with it. If an ISP chooses to allow unethical behavior to occur on its network then it will need to learn to deal with the consequences of the rest of the Internet shunning it. Sure, it hurts innocent people, but people shouldn't give business to unethical businesses. "But Maaaaannnnnn, it's the only ISP in town that offers broadband!" Well, suck it up then. It sucks, but that's the price we pay for running all the small mom and pop ISPs out of business by moving to MegaTelco DSL provider.

Complaints don't work

I'll tell you why: they are not numerous enough. I'm the abuse mailbox handler for a well-known company that is disliked on and off line. Out of a 5-million-address mailing, I get maybe 12 complaints. Management does not care to alter anything about our "customer retention management" system. In fact, with only 12 complaints our of 5 million emails, they think we're doing pretty damn good, and so do I.

We do the following:
1. Opt-out only. You do business with us, you're on the list and have to taken yourself off of it to stop getting our mailings. There is no choice to opt-out at time of purchase, no choice to omit your email address.
2. Sell your address to our partners. Our contracts with our partners requires us to collect addresses when we make a sale for them, and pass the address lists along.
3. Pass off opting out of partners' lists to our partners.
(We spell all this out in the online Terms of Service which is displayed before a customer makes a purchase. People still buy).

Still, with all these "bad practices" in place, we only get a dozen complaints out of several million spams sent. We're on AOL's whitelist of approved spammers^Wmarketers whose mailings bypass their spam filters. We're on other ISP whitelists, too. If we get a Spamcop complaint, I dutifully click on the link in the notice, check "account terminated" and that's the end of it. But with only a handful of them each week, I can take care of the Abuse mailbox in less than a hour a week. Anti-spammers have had no adverse effect on us in the four years we've been doing it this way.

Re:SpamCop doesn't work..

[Therlin]

I'm glad I'm not the only one wondering about this. I thought I was going crazy.

I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.

A couple weeks ago I thought I was just being paranoid, so I started reporting them again. Same thing happened.

Overall they are doing a great service. But somehow (random letters, or reports being sent to the wrong people), my address keeps getting flagged as a valid one. So I'm done with them.

Was it an attempted LART?

[Dynamoo]

There's a long and quite interesting thread in news.admin.net-abuse.email about an attempted "LART" on SpamCop by a well-known character called Jamie Baillie. This came out of a result of a long-running dispute between Mr Baillie and more or less everyone else who posts to that newsgroup.

There is no proven connection between the issues at the registrar and Jamie Baillie's attempt to have SpamCop shut down, but the complaint to Joker (the registrar) was anonymous and clearly vindictive.

Oh yes.. the domain name cesmail.net will often work in place of spamcop.net for those still struggling to get through.

SpamCop's odd choices for providers?

[harlows_monkeys]

I don't understand spamcop.net's choices of providers for various services. For a domain registrar, they are using a German company, that they have no idea how to call when things go wrong. Wouldn't it make a lot more sense to use a US or Canadian company that would be easy to contact? (Note that I'm not saying there is anything wrong with German companies!)

Second, on their pages, they have at the top a recommendation for a specific web hosting company, presumably the one they use--this isn't a banner ad, but rather an ad written right into their HTML, so it sure looks like it is their personal recommendation for web hosting. When I was looking for a new hosting company for my site, I wanted to find one that was not soft on spam, so that I would not have to worry about ending up in SPEWS, and figured that the one SpamCop uses would have to be good. Checked out their plans, and they were good. I was ready to sign up, but decided it would be dumb not to at least Google a bit...and I found that that hosting company does NOT have a good reputation in the anti-spam community!

You'd think one sure-fire way to find a white-hat ISP would be to use the one that a major anti-spam site recommends, so this was quite a shock.

Best working solution we have right now

[mabu]

Right now, Spamcop is THE most effective anti-spam solution bar none. End users don't realize the effect Spamcop has on overall network performance and the reduction of spam they receive in their inbox. Most users naively think client-side filtering helps when it's little more than a band-aid on a severed artery.

In the last 24 hours, one of my modest-sized mail servers reported these stats:

accepted mail: 2480 messages
spamcop blacklist rejected mail: 8216 messages

This is with no legitimate mail being blocked and a rather conservative set of relay blacklist rules.

That's more than 70% of the e-mail we receive clearly identified as spam and rejected at the server level.

But at least we stop the spammer as soon as he connects. We don't receive any of the junk e-mail once we identify mail coming from a known spam source. This reduces our operational costs, tax on hardware and software and available bandwidth to all users. Client-side filtering consumes all these resources and offloads the burden on the end-user to pay for software that still does not effectively deal with spam.

When you employ client-side filtering you do NOT stop spam; you do NOT reduce anyone's operational cost. When you deny mail relay access from spammers you DO cost the spammers time and money!

Spamcop has proven itself to be the most effective and productive solution at present, which is why it's being targetted by spammers. Using Spamcop's RBL, spammers can't even connect to participating networks. When you employ client-side filtering, you help spammers because their argument for de-regulation of spam involves putting the cost burden on the users - all they care about is delivering X messages and that is still accomplished, whether your mail filter catches it or you manually delete the junk, so this "solution" encourages future spam activity and also breathes more life into companies like Symantec that actually profit from the spam epidemic.

There are only two more-effective solutions to the spam problem: 1. The Federal Government finally deciding to pursue the spammers who break into computer systems (which has been illegal since before the Internet existed), and the employment of a sanctioned smtp whitelist.

I posted a previous comment with my detailed analysis of the issue and exactly how it can be realistically solved.

Re:Spamcop's a waste of time.

If they even attempted to be accurate, it might be worth using to dump email from IPs on the list to a special folder for later sorting. As it is, they are nearly as bad as SPEWS.

Look at number 10 on this page

SpamCop now implements "pre-emptive" blocking of hosts. This is based on non-SUBE points (mail volume) alone, and is not related to complaints. If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed. For example, a host which has no more than 24 hours history for sending mail will be listed under the assumption that it is most likely a new source of spam (since the great majority of new sources of email are sources of spam). After 24 hours, we hope that users will have had a chance to report spam from the new host - or not. If they do, then the other rules will list the host. If they don't (and the host keeps sending mail), then it will drop off the blacklist.

Not bad enough the accidental false positives. Now they block you just because you send any email at all.

If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed.

Bullshit. My site has sent god knows how many emails since April, there has NEVER been a spam complaint on the IP address and likely never will be, yet I am receiving bounces from people using their "pre-emptive" blocklist.

Spamcop is bullshit run by a Seattle hippie with an agenda, namely that all commerce is evil and should be kept off the internet.