Trouble Getting to SpamCop?

geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"

Tip

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

Re:Tip

[Ilgaz]

or ask your friend, or IRC chatroom on "other ISP" to issue
'nslookup repmx2.spamcop.net' and paste output to you... You can replace the spam.spamcop.net part after @ sign on address which you send spams to... or just be patient ;-)...

Note: above is for people added their special spamcop mail address to their address books. e.g. not pasting source on www.

Re:Tip

[Nintendork]

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

The problem isn't outdated or incorrect information in the spamcop.net zone. The problem is the information on the .net zone. This means that everything under spamcop.net (Including mail records) cannot resolve until the .net servers are updated (Already done) and the SOA information for spamcop.net gets refreshed at your ISPs DNS servers (Sunday night at the latest). Like Julian said, the Time to Live for the SOA record is two days.

-Lucas

Re:Tip

[cft]

or just add one of their nameservers to /etc/resolv.conf

ns1-117.akam.net
ns1-11.akam.net
ns1-109.akam.ne t
asia3.akam.net
ns1-93.akam.net
ns1-90.akam.ne t
use1.akam.net
ns1-73.akam.net

Spamhaus too, maybe.

[MicktheMech]

I've been having trouble getting into Spamhaus too. The spammers are up to something.

Re:Spamhaus too, maybe.

[Nogami_Saeko]

Won't do them any good here. Local bayesian filter. Approaching 99% classification accuracy after 6 months.

Spam doesn't stand a chance :)

N.

Re:Spamhaus too, maybe.

[MicktheMech]

From Spamhaus.org...

Spammers release virus to attack Spamhaus.org A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. W32/Mimail-E is designed to infect millions of computers causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, to kill the server. The W32/Mimail-E virus is the latest in a string of trojan worms, including SoBig.E and the Fizzer (W32/Fizzer-A) worm, each one released by spammers for the purpose of creating a vast worldwide zombie network of spam-sending machines and building an attack network consiting of hundreds of thousands of virus-infected zombie machines with which the spammers then attack anti-spam organizations.

Re:Spamhaus too, maybe.

[MacFreek]

That is due to a virus (W32.Mimail.D):

A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. [...]

See http://www.spamhaus.org/news.lasso?article=13

Funny, but evil

[IonPanel]

Thats very very funny. However its very evil. Do the y have any idea who did this?

Re:Funny, but evil

[Ilgaz]

half script kiddie/ half social engineer...

IMHO someone knows now that provider works, e.g. know them or worked there...

Re:Funny, but evil

[H310iSe]

"A false complaint to their domain registrar led to all primary DNS information being pulled."

That's funny because a false complaint against us by spamcop led to all our servers being off the net for a day last year. They did ZERO research on the complaint and took it straight to our ISP (rather than trying to contact us by our abundant and up-to-date contact info available in our emails and on our websites). Their conduct was beyond reckless, it was vicious.

I'm all for good anti-spam but those guys can bite me. Serves them right IMHO.

Re:Funny, but evil

It sounds like you don't know how SpamCop works. If it was *a* false complaint, then there is no "they." SpamCop is a tool that allows a user to easily trace and report spam. In your case, apparently a SpamCop user determined that the message they received was spam and used the SpamCop service to send a report to your ISP. Why would the reporter try to contact you if they thought you were the spammer? The proper procedure *is* to report to the ISP of the spammer.

If the message was not spam and your ISP cut you off on the basis of a single complaint, then you have a beef with your ISP. Additionally, if it can be shown that a SpamCop user filed a false complaint, then SpamCop will take action against that user if the issue is reported to SpamCop.

Re:Funny, but evil

[turg]

Sounds like your problem is with your ISP. Would you blame Microsoft if someone used Outlook Express to mail a false complaint to your ISP?

Re:Funny, but evil

[H310iSe]

Comments are well taken, I was -=furious=- at my ISP (Speakeasy, what hath become of thou? You were once so good!). I also blamed the reporting agency somewhat, we use a legitimate reply-to address which we check regularly, a legitimate DNS registration with working contact information, we don't obscure our mail headers in any way and we use an opt-in only list with confirmation and an unsubscribe feature. The most simple check into our organization would have shown we weren't spamming.

The responses are correct, spamcops were a small part of the problem, most of the responsibility was with our ISP (and of course the brain surgeon that reported us). I'll not post grumpy stuff before my morning coffee again, promise :)

Re:Funny, but evil

[Michael+Spencer+Jr.]

aren't complaints by SpamCop...automated?

A user types in an email they say is spam and asks SpamCop to process the email. Spamcop uses a variety of techniques to track down the administrators responsible for the originating IP, and for web pages and email addresses linked in the email, and gives users the option of sending email to the administrators it finds.

You're not required to do this, but if you register an abuse address at abuse.net then SpamCop will find it.

Besides, shouldn't your gripe read: Mishandling by my ISP of a false complaint against us by spamcop led to all our servers being off the net for a day last year. My ISP did ZERO research in the complaint and shut down my connection (rather than trying to contact us by our abundant and up-to-date customer contact info). Their conduct was beyond reckless -- it was vicious. I'm all for good anti-spam but my ISP can bite me.

Why don't you talk to SpamCop and have the user responsible banned?

2004 promises to be interesting

[heironymouscoward]

As spammers and virus writers get more and more integrated. Spammers have the money, virus writers have the skills, together they will play havoc with the cornfields of the Internet.

In the natural world, something like 60% of all species are parasitical, and the war between parasites and hosts is one of the defining aspects of all nature. Sex, for instance, is a way of shuffling locks faster than parasites can evolve keys.

It seems inevitable that software and communications will have to develop similar kinds of defenses against what is an inevitable onslaught from the parasitical forces that have developed to snack on the soft underbelly of the Net.

Cybersex, anyone?

Re:2004 promises to be interesting

[bruthasj]

Cybersex, anyone?

Interesting analogy ... except 66% of the spam is something about sex. How would this activity do anything to reduce spam from being poured into my inbox?

Or are there parallels in biological contexts that show parasitic organisms actually inducing host organisms to have sex? But, maybe you shouldn't since bringing this out would cause an influx of more spam beyond what Viagra has brought. Maybe, the word is "Mum"...

Re:2004 promises to be interesting

[dolo666]

Someone has to protect the public from the people who regularly misuse their power online. To this day, that was Spamcop. Now as many of the anti-spam groups go offline, the public is getting pelted with more and more spam, and viruses.

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

The police profit from the drug war, so they have to keep it going. They bust the guys at the top, but that just creates a vacuum, so they wait for it to be filled, and bust the next idiot who steps in. See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes. If this was a cover of an O'Reilly book, it would be a stippled drawing of one spider eating a hundred flies, and another spider selling tickets, and a few million other flies buzzing around, with a long line of spiders waiting with money for the guy selling tickets.

The situation is like this: the day anyone with money really cares about quality of life online, is the day that delivering quality of life online is very profitable.

It all has to get much worse before it will ever get any better.

Re:2004 promises to be interesting

[marcello_dl]

Fighting spam on a purely technical perspective (authentication and rejection of unsolicited messages) is indeed very similar to competition in the natural world. However, from a different point of view, spammers have a vulnerability: customers must have a way to buy the advertised "product", which makes it traceable. This make spamming very different from most other kind of crimes, so i hope this outstanding peculiarity won't be overlooked when the governments decide it's about time to do something about spam.

Re:2004 promises to be interesting

[PaleBoy]

I may be misinterpreting him, but I believe that the post you responded too was saying that sex is a way to maintain enough genetic variation to prevent parasites (viruses, for example) from destroying a species.

If reproduction was non-sexual, DNA wouldn't be as varied every generation, and easier for a parasite that figures out the right strategy to exploit. Think monocultures of genetic crops. All genetically identical...but if the right blight comes along, they will all perish.

However, there are some species on this planet who get by just fine without sexual reproduction. Some of the walking stick insects (Phasmatodea) can actually reproduce with or without a male! It's true!

Re:2004 promises to be interesting

I'm sure the grandparent is reffering to the stats from the spamhaus ROKSO page.

spamhaus.org seems to be down. Probably being DDOS'd as well.

The google cache of the page is here but it's loading pretty slowly, so I'm not sure how much of the page info is actualy cached.

Not all 200 names on the list are from the USA, but American spammers do seem to be a large majority.

Re:2004 promises to be interesting

[deblau]

Jumping Jesus on a pogo stick, someone just got a (+5, Interesting) for soliciting anonymous cybersex. Are all you people really that fucking desperate?

Re:2004 promises to be interesting

[nyseal]

How did this thread go from spam to sex to parasites.......oh, wait

Re:2004 promises to be interesting

[Analysis+Paralysis]

Someone has to protect the public from the people who regularly misuse their power online. To this day, that was Spamcop.

Do you really have a clue as to how Spamcop works? It takes emails submitted by users and finds the sending server (as well as the ISP for any webpages spamvertised therein). If you've had a false complaint from SpamCop then your beef is with the submitter, not SpamCop itself - and you should contact SpamCop to take that account offline.

the anti-spam and anti-virus corporations profit from buggy Microsoft software

Anti-virus companies yes - but most anti-spam bodies are volunteers who are sick of seeing their inboxes stuffed with crap. I am sure that they would be delighted (as would most people online) to see spam and spammers go for good - your police analogy (which already breaks down somewhat given the consequences of drugs, i.e. armed gangs fighting for control over areas) is completely off the mark.

Re:2004 promises to be interesting

[Rasta+Prefect]

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

Interesting assertion. Care to back it up, by disclosing this great plan for the removal of all drugs from our streets (working within the boundaries of the US Constitution and Legal system, as cops must) or do you prefer to just sit back and slander people?

See how this connects to the anti-spam and anti-virus corporations profit from buggy Microsoft software and OS gaping holes.

Ugh. This doesn't even fit your analogy above. Yes, anti-spam and anti-virus companies profit from spam and viruses. This doesn't mean they aren't doing their best to stop them. Microsoft could certainly do a hell of a lot to stop them from the virus angle, but they're just purveyors of lousy software, not an anti-spam or anti-virus company.

Re:2004 promises to be interesting

[ppanon]

This whole thing reminds me of the war on drugs. If the cops wanted to really stop the drugs from existing on the streets, they could. But they don't have any incentive for that because it works against their budgets to pull all the drugs off the streets.

Don't be stupid. The USA is always going on about market economies and how they are the best way of allocating resources; you need to realize this is just an example of a market. Drug sales are just a market and, as long as you have demand, you will have somebody willing to provide the supply. By restricting the supply, all you do is raise the price and increase the crime required to pay for it. By making it illegal you make sure that organized crime gets all the profit.

The drug war is a sham because you can never completely cut off supply. The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals, or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

But that would be downright un-American.

Re:2004 promises to be interesting

[dolo666]

Do you really have a clue as to how Spamcop works?

Yup. Spamcop was protecting people by going after the spammers. That is a good thing!

By anti-spam corporations, I meant programs like Outlook for Office that has anti-spam features. These are marketed features that would not exist if spam was anihillated, like it should be!

Hotmail subscriptions offer more features to protect against spam, if you pay extra.

Without spam, there isn't a reason for users to be enticed to pay money to prevent it.

Without viruses, there isn't a reason for users to be enticed to pay money to prevent them.

Please don't misunderstand me. I think the anti-spam movement is a great thing. It's the companies who are making money off spam, in the guise of being anti-spam, that piss me off.

Re:2004 promises to be interesting

[dolo666]

Don't be stupid.

That's good advice.

The drug war is a sham because you can never completely cut off supply.

I agree! :)

The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals,...

Spoken like someone who doesn't have any kids.

... or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

I like this second part better.

Re:2004 promises to be interesting

[scrytch]

> Or are there parallels in biological contexts that show parasitic organisms actually inducing host organisms to have sex

Sexual reproduction has bloody little to do with parasites, who thrive just fine thank you on sexually reproducing mammals. It's about creating genetic diversity more rapidly, which allows favorable mutations to occur more often and be selected, while culling unfavorable ones through selection and lack of interoperability (most genetic defects render you sterile). This is an advantage for large organisms where individual survival is important to group survival, but bacteria do just fine with asexual reproduction, where sheer numbers are all that really matters.

In a way, common protocols allow for some of the same strengths of sexual reproduction, by allowing for different implementations to implement their own features and augment each other's strengths as they communicate (e.g. spam filtering inbound with throttling outbound) ... as well as pass on weaknesses (exchange's eagerness to bounce). It's not exactly the same, but it's the same idea of diversity moderated by a requirement to stay the same "species" to interoperate.

Re:2004 promises to be interesting

[Analysis+Paralysis]

Pardon me - I took the first two sentences in your previous comment to be a rant at SpamCop as a power-abuser! (given the number of pro-spammer comments this thread is attracting, hopefully an understandable error...)

Re:2004 promises to be interesting

[dolo666]

There we were on the same page after all! :)

I made ya a friend for your trouble.

Re:2004 promises to be interesting

[ppanon]

The only way to kill drug crime is to flood the market with cheap drugs so that its no longer profitable for criminals,...

Spoken like someone who doesn't have any kids.

I expect what makes drug use look appealing to kids falls under 2 main categories, 1) a change from their everyday life (which may be ugly or seem ugly because of poverty, crappy scholastic environments, abusive home life, just boredom, or something else) and 2) peer pressure that drugs are exciting because they're forbidden.

Spend enough time with your kids and keep them involved in activities that keep them interested and challenged and they will be a lot less likely to get involved in drugs. But that's admittedly really tough in poor ghettos for working poor running between 2 or more part-time jobs.

... or to attack the demand by eliminating the poverty and other social conditions that make drug use attractive.

I like this second part better.

Yeah, so do I. But the problem is that you already have a whole underground network that is predicated on finding new customers to market the junk to. You're not going to be able to outmarket them because they've had 30 years to refine their technique. The only way to beat them is to drop the price of the drugs by flooding the market while at the same time attacking the demand.

Indeed while I said you had a choice between the two, you really need to do both. Undercut the illegal monopoly so the criminals can no longer afford their distribution channel, while also attacking the reasons for new users to take up drugs. Existing drug addicts may not have as much incentive to clean up, but then again, if they're already using drugs while it's illegal, the illegality is unlikely to be a big factor in a decision to dry out.

It you're middle-class and suspect that your kids may be getting involved in drugs, then escorting them to the sights, sounds, and smells of your nearest skid row/needle park may be an enlightening experience in showing them how far they can fall. If they live two blocks from that place, it's unlikely to make much of an impression.

Re:2004 promises to be interesting

[rossifer]

Sexual reproduction has bloody little to do with parasites, who thrive just fine thank you on sexually reproducing mammals.

And which do even better on axesual animals (which have correspondingly shorter lifespans, but read on...)

If you're interested in the subject, I would suggest you check out a copy of "The Red Queen" by Matt Ridley from your local library (or Amazon, if your local library isn't up to scratch). In it, you'll find multiple discussions which consider many possible reasons for sex, heavily referencing the enormous diversity of sexual strategies available.

The big problem for two parent reproduction is that it results in half as many offspring as single parent reproduction, so how could it possibly have been successful in the face of faster breeding parthenogenetic competitors?

Currently, the strongest theory is that the longer the lifespan, the more certain the eventual susceptibility to pathogens. They evolve faster than you can adapt and will eventually catch up to you (historically recent medicines nonwithstanding). If your children have the same defenses you do, they start this race at a distinct disadvantage (the parthenogenetic problem). If, however, your children have a whole new set of defenses, then the battle begins anew.

Bacteria don't need sex because individual lifespans are so short that there is no advantage over the parthenogenetic parent. Bacteria do, however, occasionally exchange genetic material, though you'll have to read the book to find out the reasons why that happens...

Regards,
Ross

Distrubited Blacklist

[attobyte]

When are we going to do a distributed blacklist so this @$#$!@#@$ $pammer$ can't pull this crap?

Re:Distrubited Blacklist

[Dos4ever]

I guess some day you will have to request to the person who you want to e-mail over the phone. This special e-mail software will be more like Active Directory where you set up an account for that Person (User Account)and he is granted permissions to e-mail you.
This SPECIAL ACCOUNT will give you an e-mail with people you WANT to talk too.
(sigh)I guess Microsoft "is asleep at the wheel" as usual for this.

Re:Distrubited Blacklist

[attobyte]

Well most of the corporate world doesn't agree with you but thats alright. Just becuase you had a bad experience with a blacklist doesn't make them all bad.

Re:Distrubited Blacklist

[bigberk]

When are we going to do a distributed blacklist

USENET is pretty good. Something like this, with underlying public-key crypto, may be more robust (it's worth the read!).

Re:Distrubited Blacklist

[mabu]

Forget a distributed blacklist. Why create a list of billions of hosts, when it's easier to create a centralized, sanctioned SMTP Whitelist that's a fraction of the size?

Re:Distrubited Blacklist

[Apiakun]

If Microsoft were to really help out on this sort of thing, who would they have left to sell their subscriber e-mail addresses to ?

Re:Distrubited Blacklist

[Dos4ever]

I think that they would making tons of money giving relief to spam weary individuals. This also has a side effect of containing worms and viruses.

Re:Distrubited Blacklist

[Sebby]

Thanks for proving me right!

Re:Distrubited Blacklist

[Analysis+Paralysis]

The problem with a whitelist is that it removes the ability to receive email from anyone (which is an important ability for some and required for others, e.g. support addresses).

Bayesian filters have the downside that spammers will eventually craft emails so bland that they cannot be filtered without tagging a lot of legitimate email.

The problem with spam is that it combines 2 qualities - it is in bulk and it is unsolicited. If senders of unsolicited email could be restricted in quantity (to, say, a couple of thousand emails a day) then the spam problem would disappear.

The most effective method in my view, would be to create a separate protocol for bulk email (to cover legitimate senders like newsletters and list servers) where the following process would occur:

• sender applies for a "bulk ID" from a bulk server, providing verifiable details (like source IP address) and publicises this ID on their web page;
• prospective recipients submit their address with this bulk ID to indicate they want to recieve emails from this source; this information is kept on the bulk server and not made available to the sender (except perhaps for statistical information);
• sender sends email to bulk server which then forwards a copy to each recipient;
• if emails from a list are no longer desired, the recipient sends an unsubscribe message to the bulk server.

As the bulk server stores recipient addresses and does the sending, this prevents a spammer from emailing directly. The bulk servers could use SMTP to send emails (with ISPs maintaining a whitelist of legitimate ones to prevent spammers from setting up their own bulk server) to maintain compatibility with existing email clients.

For unsolicited emails, stick with SMTP (too much work to switch to a new protocol) but add measures to cut the bulk (since we no longer have to worry about newsletters and legit bulk senders). The easiest would be to impose rate limits on mail received from other SMTP servers (e.g. 10 emails/second) and adding extra delays in response times for those servers that do not supply a confirmation key for each message (this key being computationally expensive to derive but quick to verify). This would require changes to mail server software (far easier than getting every user to upgrade their client) and could be rolled out gradually. Bulk servers would have to be supplied and maintained by ISPs (much like email/news servers are currently) but this could be financed by charging business users.

Re:Distrubited Blacklist

[Sebby]

NTR

Re:Distrubited Blacklist

[Sebby]

"No troll response"

Get a clue!

Re:Distrubited Blacklist

[Sebby]

Actually, I should have written 'NACTR' in your case.

Can you actually decipher that one, or am I going to have to explain it to you?

Re:Distrubited Blacklist

[mabu]

The problem with a whitelist is that it removes the ability to receive email from anyone (which is an important ability for some and required for others, e.g. support addresses).

I do not think so. It might make it slightly more difficult for someone to spontaneously set up a SMTP relay, but the benefits exponentially outweigh any inconveniences imposed.

Look at it this way. The way the current SMTP system is set up, it's analagous to a TLD system that requires no registration: anyone can flip on a SMTP relay and start spewing crap to the Internet with bogus header information which in turn creates DDOS situations. You can't arbitrarily employ a new TLD without first going through a registration process to legitimize your new domain name. These processes are now fully-automated. The exact same thing could be done with SMTP relays, and this would:

a) make it much more difficult for spammers to remain anonymous
b) make it much more expensive and time-consuming for spammers to operate
c) eliminate the most destructive method of virus/worm propagating by cutting down on rogue software that secretly turn unauthorized client machines into smtp relays
d) help identify the networks, registrars and the people involved in spamming, making it easier to enforce all the existing laws

The most effective method in my view, would be to create a separate protocol for bulk email

Your idea still doesn't deal with the worst problem of spamming, which is the theft of bandwidth. I should not be paying for the bandwidth that a spammer uses on my network, regardless of the protocol.

There are already numerous industry-best practices which address what you're talking about, the most obvious of which is simple responsible mailing practices and opt-in+confirm mailing lists.

In addition to this, enforcement of your bulk-specific protocol would be virtually impossible. You can't find a spammer on the planet who would call his crap "unsolicited", therefore nobody would even claim they're bound by rules forcing them to use such an ineffective method in the first place.

Re:Distrubited Blacklist

[Analysis+Paralysis]

It might make it slightly more difficult for someone to spontaneously set up a SMTP relay, but the benefits exponentially outweigh any inconveniences imposed.

Where do relays come into this? We are talking about end users running whitelists, right?

The way the current SMTP system is set up, it's analagous to a TLD system that requires no registration: anyone can flip on a SMTP relay and start spewing crap to the Internet with bogus header information which in turn creates DDOS situations.

Hence my proposal for bulk mail to be handled separately - bulk servers would need to be registered and ISPs would have to individually decide whether to allow traffic from them, preventing any rogue setups. The current SMTP setup remains for individual mails but with all the counter-measures (rate limiting, tarpits) to limit crapflooding. The problem with the spam countermeasures to date is that they all affect "legitimate" bulk mail like newsletters and mailing lists - moving the legit stuff to another system solves this concern.

Your idea still doesn't deal with the worst problem of spamming, which is the theft of bandwidth.

Please re-read it - bulk email get moved onto a separate system which requires:

1. registered servers;
2. individual ISP agreement to carry the traffic (i.e. whitelisting at ISP-level);
3. confirmed opt-in from subscribers;
4. one message from the sender which is copied to all registered recipients - a one-to-many communication (like IP multicasts) rather than the many-to-many currently used.

All these attributes should reduce email traffic - SMTP abuse will remain but ISPs now have more freedom to tackle it without hitting legitimate stuff.

enforcement of your bulk-specific protocol would be virtually impossible

Enforcement should be easy, the ISPs run the bulk servers so they set the rules locally. Bulk senders do not get to see the addresses the server forwards their mails to (preventing them from initiating one-one communication separately). If a rogue ISP or well-heeled spammer sets up their own bulk server for spamming, it get dropped from every other ISPs whitelist (assuming it ever gets on there in the first place).

There are already numerous industry-best practices which address what you're talking about, the most obvious of which is simple responsible mailing practices and opt-in+confirm mailing lists.

And the bulk servers will enforce these best practices. All that is needed is to make them compulsory for bulk email (which is achieved by limits on SMTP capacity as mentioned previously).

You can't find a spammer on the planet who would call his crap "unsolicited"

Agreed - which is why this system takes the administration of lists out of the senders' hands - they may be told how many people they're sending to but not to whom (although they could try getting this info through other means). Spammers would most likely try their own rogue bulk server (which would fail to be whitelisted by the majority of ISPs), stick with SMTP (which will be less and less effective as rate limiting cuts in) or leave the party and go elsewhere.

Re:Distrubited Blacklist

[mabu]

Where do relays come into this? We are talking about end users running whitelists, right?

No. ISPs use a RBL-style system to whitelist relays from which they receive mail.

Agreed - which is why this system takes the administration of lists out of the senders' hands - they may be told how many people they're sending to but not to whom (although they could try getting this info through other means). Spammers would most likely try their own rogue bulk server (which would fail to be whitelisted by the majority of ISPs), stick with SMTP (which will be less and less effective as rate limiting cuts in) or leave the party and go elsewhere.

I can appreciate your attempt to find a solution but the bottom line is your idea is impractical. It requires spammers to adhere to certain rules, which they have demonstrated with virtual unwaivering consistency they won't do.

In fact, the idea of a bulk mail protocol would likely be an addendum to the existing problem, and would actually create a new, additive form of spam that would encourage others who aren't in the business to actually get involved, therefore increasing the amount of spam. As an ISP, I would never subscribe to any new system, and the idea that it might generate revenue is about as exciting as all those other affiliate programs that promise new revenue sources. Bad idea.

Re:Distrubited Blacklist

[Sebby]

A wise man once said:Anonymous Cowards filtered. If their words aren't worth so much as a pen name why should I value them any more?

And he wasn't hinding behind an AC moniker as you are.

And I still soldier on...

[Maserati]

quietly reporting everything I get through spamcop and to the FCC.

It isn't helping, but maybe one of the ones I help get shut down will quit.

Re:And I still soldier on...

[Ryokos_boytoy]

I hear ya. I added a lot of spammer typos of my users to my aliases. I went from 2 a day to 50 a day just to report them and get them on the BL.

It's like standing on the beach and cursing the tide but you have to keep fighting. Those bastards have to be stopped.

Re:And I still soldier on...

[mabu]

Right now, even though it seems like spitting in the wind, your efforts do make a difference. All of us ISPs who use Spamcop's BL rely on diligent, responsible people such as yourself to report spam. It helps. If nobody else will say Thank You, please allow me!

Re:And I still soldier on...

[soulee]

Agreed. I report everything I get to SpamCop. If the spammers find ways through my blocks I sign up their addresses to as many free shemale email porn sites as I can find. Makes me feel a little better inside.

Re:And I still soldier on...

[drinfothv]

Just can't wait to inform on your neighbor, eh? Big Brotherism marches on. Well, take me to the prison and strap that sexy rat filled cage on my face! Why don't you try getting a life and a job or set your email to known users only or PRESS DELETE. REMEBER. ONE MAN'S SPAM IS ANOTHER MAN'S BACON!

Re:And I still soldier on...

[drinfothv]

oh really. so fraud is acceptable to the anti spam community. whats next axes to the front door of every spammer suspect.fascist.

Re:And I still soldier on...

[Ryokos_boytoy]

You sound like a fucking spammer. I'll report anything thing I choose and no fucknut waving his 8th grade copy of "1984" is gonna stop me. I have a job and my job is stopping fuckheads from bothering my users.

Re:And I still soldier on...

[drinfothv]

actualy what i am is someone who believes in privacy and innocent until proven guilty. thanks for all the obscenities you spewed at my reply. i guess it shows the kind of person im dealing with when a total stranger has to resort to the level of toilet talk you did to have a discussion. have a great day .

Yikes!

[Quasar1999]

This is scary stuff... anyone can get any domain pulled with a little accusation?

We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...

Re:Yikes!

[loraksus]

well, if you pick a domain registrar that acts like a whiny bitch . . .

Re:Yikes!

[djmurdoch]

SpamCops registration data was falsified

False, but not falsified. They gave a phone number which was later disconnected, and they forgot to update their registration. Falsified would mean they did what spammers do, and gave fake details from the beginning.

Re:Yikes!

[EM+Adams]

Have you read the PATRIOT Act? That is already how it is.

Thorn? It doesn't matter,

[Trick]

> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.

Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.

They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.

Re:Thorn? It doesn't matter,

[King_TJ]

Yeah, when I worked at my previous job, I spent lots of time trying to cut down on incoming spam email. (We had loads of complaints, and when you're using Exchange Server 5.5 for your email with Microsoft's Internet Mail Connector, you don't have all the filtering options of a Unix box....)

I religiously reported problem emails to Spamcop, for about a year straight, and only *once* did an ISP actually write me back to report that they removed someone's account, and thanked me for reporting the issue. On the other hand, the amount of new spam I received seemed to roughly double. I can't prove it, but I have a suspicion that somehow, some of the spammers figure out where Spamcop reports against them originate from (we had a static IP) and launch spam campaigns on these folks, personally.

Re:Thorn? It doesn't matter,

[__aaevmb228]

SpamCop makes an effort to hide your email address when you report spam through them, but it doesn't always work. Though it hasn't happened lately, I've noticed where it thinks my email is associated with the spammer, and wants to send a complaint to *my* ISP.

The spammers certainly picked up on this effort to mask the reporter's email address. I'm convinced that the random strings of letters and nonsense sentences are in fact obfuscations of an ID that leads back to an email address in their databases. When they get a spam complaint, they need only look that up in their database, and now they know that email address is actively read.

I took many months off sending my spam to SpamCop. I recently started up again, and while I don't have proof, it sure seems like my incoming spam has multiplied. I'm up to 100-150 per day now. Thankfully, most of it is flagged by various block lists I check and the rest is caught by my well-trained bogofilter. Spam rarely makes it to my inbox.

Re:Thorn? It doesn't matter,

[Chmarr]

I have to report it the other way, actually. Since I've been reporting mail to spamcop, the number of spam messages I've been receiving (and this is before the filters) has actually come DOWN.

I also believe that it's in the spammers best interest to remove your email address from lists. After all, your address is now a 'active spamcop reporter' address, and is poison for their spamming efforts.

(This doesn't apply to the virus/distrubuted spammers, of course, since spamcop and other IP-based block lists are ineffectual against such things)

Re:Thorn? It doesn't matter,

[acceleriter]

I think the Chinese spammers redouble their efforts on a reporting address just for spite. They seem to have "bulletproof" hosting over there, since they only shoot dissidents, not spammers, unfortunately.

Re:Thorn? It doesn't matter,

[__aaevmb228]

Then perhaps it isn't a coincidence that a LOT of the spam I report to Spamcop ends up sending abuse reports to .cn sites. I've seriously given thought to flagging the entire Asian continent.

Brazil is a problem for me, too, but not nearly as big.

Re:Thorn? It doesn't matter,

[Chmarr]

That wont work, unfortunately, unless you tweak your filter so that if the website that is being spamvertised is in china, THEN block the spam.

Blocking china wont block where most of the spam comes FROM, though.

More's the pity.

Surge in spam

[October_30th]

The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.

Re:Surge in spam

[onepoint]

You saw that too...

I would consider 450K systems that are breached, under the control of 1 group, a concern for national security.

that's alot of fire power someone holds and can easily place a company out of web side of the buisness.

but the good thing is that I have taken this as something serious, and have slowly made sure that when i report spam i try to call the ISP. don't know if it is working but maybe it will help.

-onepoint

Re:Surge in spam

[nurb432]

Ive noticed that too. I'm now up to over 500 a day to my entire domain.. and its just a tiny spot on the roadway...

At the office, over 20,000 are deleted off the bat, and that doesnt include what gets thru.. ( though that is a major domain with over 40,000 users.. )

Re:Surge in spam

[Spoing]

The amount of spam I receive every day has clearly been steadily growing for the last few months.

Mine has doubled (at a minimum) over the last 6 months. I regularly purge 100-200 spam messages a day, though some days it's much lighter.

Re:Surge in spam

[letxa2000]

In March of this year I received 1638 spam. In September I received 5073, and in October alone it increased over 50% to 7704.

The good news is that with Bayesian filtering I only saw 13 of them in October.

Interestingly, my Bayesian filter continues to increase in accuracy. In October I was up to 99.8%. My guess is that they're increasing the number of times they do each spam run and that only makes Bayesian that much more accurate. That's the explanation I have for seeing such an increase in the volume of spam but at the same time seeing Bayesian getting ever more accurate.

Re:Surge in spam

[Mashiki]

Beh 8000+ probes from former soviet countries, and other known spam havens in the last month you tell me where this is going.

I am on a simple cable modem, but the rogers network has been having huge problems the last while(virus, trojans, headend issues, DNS issues, DHCP server issues, on and on). I wonder if they(spammers) pay attention to the fact that rogers has recently upped the speeds from 1.5mbps to 3mbps; were unsure if this is perm. yet or not. But it could be and that would be boon to the spammers wouldn't it?

I know there are spammers on the rogers network, and the fact that those of us who got screwed when we got dropped have been rather vocal on DSLR when the speed went back up. And we see our fair share of Spammers lurking in those forums as well.

How effective is SpamCop?

[YetAnotherName]

I was a religious SpamCop user for awhile. You tattle to SpamCop on a spam you receive, it checks its various databases, and then notifies various network authorities of the problem.

Problem being, that several of the network authorities are huge megacorps where the complaints get filed with the rest of 98,000 or are spamhosts themselves.

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

Isn't effectiveness the whole reason eight-year-olds tattle in the first place? ("Billy hit me!" Billy gets in trouble. (And Tommy gets beaten up after school.)) Somehow, I don't think enough spammers got in trouble.

Re:How effective is SpamCop?

What? Why??? Why should my mail server have to deal with all the traffic and why should spammers eat my bandwidth just for mailassassin to then /dev/null the email. This way, you dont even have to detail with all the extra traffic, it just disconnects the spammer, effective as the fucks usually bounce everything off open relays

Re:How effective is SpamCop?

[Detritus]

One benefit of reporting spam to spamcop is that it lets ISPs know about client systems that have been owned and are being used for relaying spam. I don't know how many of the major ISPs actually do anything with the information.

Re:How effective is SpamCop?

[Ilgaz]

As now Yahoo's (mega) Baesian filter catches all the spam I still check turkish (my language) spams and report them to .tr ISP'es.

I really had some suscess...

Re:How effective is SpamCop?

[onepoint]

have you noticed the latest spam, it's repetive (same ) on the subject line over multiple message and ( in my perception ) written like a regular subject line.

maybe they are trying to flood these filters to start producing false reports.

I came to this conclusion due to about 1900 spams I recieved in the last 4 days, out of the 1900, 400 had the same subject line 5 to 7 times, another 700 had the same subject line 3 to 4.

I don't understand Baesian filters yet but I would think, that this sort of spamming might create multiple false reports.

-onepoint

Re:How effective is SpamCop?

[tsarin]

As you say, SpamCop is fine; it's the ISPs that you need to worry about. A while back, I was running a mail server (forwards for a hundred-odd users, plus my own mail) off my DSL service. One of my users, playing the good little netizen, reported a batch of her spam to SpamCop, who, since my machine was in the headers, reported to my ISP--who promptly turned me off. No investigation, no "Hey, what's going on here?", not even a "Why are you spamming?". Lather, rinse, repeat, until the ISP ended up turning me off permamently. (And then, promptly, went out of business, shorting me nearly six months of my prepaid contract.)

Had they taken the thirty seconds to actually look at the headers, it'd've been obvious that I was, effectively, as much a victim of the spam as my user.

A "disconnect first, ask questions later" policy is fine, assuming you bother to ever actually ask.

Re:How effective is SpamCop?

[James+Crid]

>I gave up in favor of SpamAssassin ...you probably won't know that SpamCop mail has SpamAssassin built-in to it these days. It works well, too.

All my mail goes through SpamCop; sure, it's been damn annoying over the last day not being able to see my mail, but it's a lot less annoying than not being able to read my real e-mail because of all the spam.

Re:How effective is SpamCop?

[bigbigbison]

I used to use it pretty consistently. There were occasions when my inbox would get flooded with the same spam hundreds of times. The only times it ever happened was when I was reporting stuff to spamcop. This leads me to beleive that on some level spammers were being at least made aware of the fact that they were being reported (and then trying to take some measure of revenge).

Re:How effective is SpamCop?

[Ilgaz]

but a "viagra" seller has to use "viagra" word or link some "viagra" image on html message...

I think suscess come from there...

BTW, I had Korean spam a lot, I added their charpage (multiple ones) string to filters and I got rid of it manually...

Re:How effective is SpamCop?

[SwansonMarpalum]

I wouldn't worry about flooding filters hampering their accuracy. As long as people keep more or less true to the model which Paul Graham prescribed (training the bayesian filter only when it makes a mistake), then these spams have absolutely no bearing on the server's records; during the classification operation the filter's word database is "read-only".
What the spammers may have latched onto is the concept of overfitting. However due to implementation details, this shouldn't be a problem unless those operating the filters are grossly incompetant (you'd have to mark all of the things it catches as spam as not being spam, then mark it as being spam once again in order to do try and do this).
However one of the previous articles regarding the Joe-Jobs incited by the mocking of Dimensional Warp Generators does give one cause to pause before implementing one of Mr. Graham's retaliatory filters.

Re:How effective is SpamCop?

[m0i]

Actually, SpamCop now uses SpamAssassin as well as its own blocklist. And I use it mainly for one-click accurate reporting through the 'held' web interface. You are right that most abuse desks don't care about SpamCop reports, but it's still worth it for the remaining doing their job.
Regarding Joker registrar policy wrt to validation procedures, I suppose that the fact that SpamCop goes away tells it all.

Re:How effective is SpamCop?

[Uggy]

I agree. The only way to stop spam is by filtering it at the ISP or end user level. Email is too entrenched and too important for us to be mucking around with whitelists and trusted senders and whatnot. Reverse lookups would really do the trick, but since in my experience 99% of ISP's/bandwidth providers are just too uncooperative in updating their reverse DNS, that is out. Couldn't do virtual domains either.

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail. They'd call, "Hey, so and so can't send me email." I'd telnet to their port 25 and check what they returned in their HELO... sure enough, it was incorrect, so I'd notify the administrator and our client that their email server is not configured correctly (and it's an open relay to boot). A couple of days later this client would call again saying, "Other people can receive this guy's email, but I can't. What's wrong with your server?"

After a while, it's just a perception problem. You've got to be able to receive from everybody (except the absolute worst spammers). So we accept all mail and tag it with spamassassin using the X-Spam-Status tag. Clients then can filter it and check at their leisure. If they have a little more no-how, we tell them to download and install mozilla-mail or thunderbird with built in spam filtering. You've got to train it, but it works.

Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

And just think about this: even ipv6 STILL isn't widely deployed.

Re:How effective is SpamCop?

[wayne]

I was a religious SpamCop user for awhile. [...]

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

I like SpamAssassin and use it myself. However, remember that one things that makes Spamassassin effective is their use of the SpamCop DNSBL. As a result, I report spam to spamcop in large part to make sure the spammers get listed on the SCBL. This seems to be a very effective technique to reduce the spam comming your way.

Re:How effective is SpamCop?

[letxa2000]

No, if they send you the same spam with the same subject (or mostly the same words in the subject) 700 times then Bayesian will only get more accurate.

The spammers have yet to come up with a single approach that consistently gets past Bayesian filters. They're trying, but what they're trying makes it clear they truly don't understand how it works. Sending the same message over and over only increases the chance of the messages being caught by Bayesian. Inserting random words has no effect since they are virtually always neutral (i.e. 10% - 50% spam probability). Same with inserting paragraphs from the Constitution.

For a spammer to get through a Bayesian filter they need to use truly INNOCENT words--we're talking words with 1% or below spam probability. Otherwise, they're going to get filtered. Even the latest tactic (Spelling Viagra as V I A G R A or whatever) is silly. Turns out that normal mails don't usually include the word "V" and "G" and "R" so by breaking up the word they actually just created 3 words with very high spam probabilities.

It really is a lost cause for the spammers. Bayesian filters are their enemy and they will not win. Of course, pity those that don't use Bayesian filters because they WILL be overrun with spam.

Re:How effective is SpamCop?

[rsmith-mac]

Even though the reports may go in to a black hole, it's still a good idea to keep reporting. Spamcop is partially "user controled" in that it decides what to block in some cases based on how many complaints have come in for that mail server; if there are a lot of complaints, the server will be added to the blacklist, and future messages will be caught. Even this isn't 100% effective mind you, but it's about as close as you're going to get considering it's impossible for anything to be 100% effective.

Re:How effective is SpamCop?

[Saint+Aardvark]

Someone else has already mentioned this, but here's my two cents.

I used to work at the helpdesk at a small dial-up ISP. I ended up taking care of abuse complaints, and SpamCop came in handy many times. For a while we had a spammer sign up once a month for a throwaway account, and the very first indication was always SpamCop. I flatter myself that after being shut down a few times in a row, he went elsewhere.

SpamCop is easy to use, quick, and it provides the admin with all the information she needs. If you've got rogue ISPs (hate to use the phrase, but it's appropriate), then they're not gonna pay attention to anything less than the 153rd Airborne. (Not a bad idea, actually.) But for places that do care, it's excellent.

Re:How effective is SpamCop?

[Malc]

I've been noticing a lot of false-positives in the last 6 months with Yahoo's spam detection. People who use the wem mail interface might notice as I'm sure they don't check their bulk folder enough. I have my Yahoo mail forwarded by SMTP and my server bounces anything with X-YahooFilteredBulk set (and forwards it to Spamcop)... at least 5 times a month a friend comes to me saying their message got returned as spam. According to my logs, Debian users mailing list messages are also getting trapped on a regular basis.

Yahoo's filters are effective at catching spam, but they also create a lot of false-positives (worse).

Re:How effective is SpamCop?

[Senior+Frac]

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

That depends on your goal. You apparently want to not see the spam after it's sent, but don't care about paying for it's transmission. Some people care about the latter and view the spam problem as a social one that must be addressed.

Re:How effective is SpamCop?

[jrockway]

> Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

I'm glad someone finally got it right. Let's come up with a technical solution instead of a legislative solution. This way, everyone is free to do what they want (which IMO is a good thing), and I don't have to read spam. SpamAssassin is great (I've been training it with sa-mark for quite some time, but it's not doing bayesian filtering yet. Time to RTFM...).

Re:How effective is SpamCop?

[arth1]

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail.

Insightful, my arse.

The RFCs specifically state that a mail transport agent MUST accept the connection regardless of the HELO/EHLO. There's a reason for that too.
What if the sending MTA is inside a NAT boundary, with its own internal DNS servers? Then its *real* name could very well be "microsoft.msft".
Further, it would have NO way of knowing what the name as seen from the outside would be -- with multiple routes to the outside, that would depend on which interface on which NAT router the outgoing call went through. So the MTA does the right thing -- it identifies itself with what it believes is its correct name.
If your MTA won't accept that, then you don't really understand how cross-network traffic works, and have seriously misconfigured your MTA.

Again, there's good reasons why the RFCs specifically states that your MTA must accept all valid HELO/EHLO names. If you need authentication, implement authentication. HELO/EHLO was never meant to be that.

--
*Art

Re:How effective is SpamCop?

[Uggy]

I suppose you're also the type that likes to see 192.168.x.x in a traceroute from the Internet? Hmmm?

The HELO check was a life saver during sobig. And I don't care who you are, reporting yourself as microsoft.msft is just stupid even through a nat'd connection.

One more thing... magic must defeat magic!!

Re:How effective is SpamCop?

[aggressivepedestrian]

I agree. I'm still using SpamCop, but I get serveral false negative a day that Mozilla recognizes as junk, and several false negatives that Mozilla recognizes as valid mail. Why should I pay them $30 a year when Mozilla gives me better filtering?

Re:How effective is SpamCop?

[Kris_J]

My primary email address is a Spamcop address. I get about one spam a month and it never makes it to my inbox. This last bit is important -- I only have dial-up at home and I don't think that downloading 40 spam messages (my old daily rate, when I had a Yahoo account) then filtering them is the answer.

Re:How effective is SpamCop?

[Malc]

1) As somebody whose mail is automatically forwarded from Yahoo... tell me how to update my corpus?

2) I'm not convinced by Bayesian filters. It took tens or hundreds of Sven viruses before Mozilla started automatically moving it to my junk folder. I would say that half the stuff that get's past Yahoo also gets past Mozilla, even though I've trained Mozilla with about 15,000 pieces of mail (half-and-half junk and not junk).

DNS

[Detritus]

What's preventing the restored DNS records from propagating from the root server down to all of the requesters?

When I send mail to spamcop, my ISP's mail server bounces it with a fatal DNS error.

Re:DNS

[sethgecko]

What's preventing the restored DNS records from propagating from the root server down to all of the requesters?

your isp cached the fatal response. you have to wait for the fatal response to expire from their cache before they query the root servers again. Or run your own dns server.

Spamcop's a waste of time.

[Anonnymous+Coward]

Most of the spam comes from and/or points to IP addresses in China and Brazil. Their reaction to your reports, if they even receive them, is "We'll get right on it."

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Re:Spamcop's a waste of time.

[OS24Ever]

What's wrong with Cyveillance?

Being that I"ve used Spamcop now for 3 or 4 years, just curious.

Re:Spamcop's a waste of time.

[Detritus]

Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Why?

Re:Spamcop's a waste of time.

[admbws]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

Cyveillance ignores robots.txt and uses deceptive user agents to crawl websites that might have material that doesn't jibe with the PR stance of their corporate clients. They are actively involved in suppressing free speech on the Internet by selling "monitoring" services to its corporate masters. The discussion about Spamcop in bed with them

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

I agree that blanket bans suck, but (especially in oppresive China) the administrators of those IP blocks are capable of getting their act together. Their elimination of access to the mailboxes around the world is a natural consequence of their inaction wrt the spam problem.

Re:Spamcop's a waste of time.

[Carrion+Creeper]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China

(sarcasm)That way we can be sure not to hear anything about human rights violations in China as well. That stuff is even worse than spam. Who wants to hear it? Not me. Pesky dissidents trying to send messages out of the country.(/sarcasm)

And god forbid anyone in china or brazil should try to conduct business with the US (just assuming here). Like our trade deficit wasn't enough already.

Re:Spamcop's a waste of time.

[Rick+Zeman]

Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Why?

Cuz as a paying member of Spamcop (reporting is integrated into Mailsmith for OS X and it's just too easy to use(, it pisses me off that I'm paying for the pleasure of giving Cyveillance information that they're getting paid to utilize.

Re:Spamcop's a waste of time.

[AKnightCowboy]

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

Banning is the proper way to deal with unethical Internet activity. There's nothing wrong with it. If an ISP chooses to allow unethical behavior to occur on its network then it will need to learn to deal with the consequences of the rest of the Internet shunning it. Sure, it hurts innocent people, but people shouldn't give business to unethical businesses. "But Maaaaannnnnn, it's the only ISP in town that offers broadband!" Well, suck it up then. It sucks, but that's the price we pay for running all the small mom and pop ISPs out of business by moving to MegaTelco DSL provider.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

Please see my reply to the sibling of your pose wrt Cyveillance.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

The T3 mail harvesters don't claim to be legitimate businesses and sell their services to corporate America.

Re:Spamcop's a waste of time.

[James+Crid]

>It would be far more effective to simply drop any SMTP connections from networks in Brazil or China Indeed, which is why SpamCop's mail allows you to do that if you wish.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

If China would like to conduct business via email, they can clean up their spam problem. Or buy a subscription to AOL and call long-distance :).

Re:Spamcop's a waste of time.

[mabu]

You don't understand how Spamcop works.

There are several levels. The "complain to the ISP" is just one of Spamcop's services. Their network employs an automated system maintaining a real-time relay blacklist based on spam reports. Even if the ISP doesn't respond or take action, rogue smtp relays will be automatically blacklisted and participating networks will begin to refuse to accept mail from these systems, whether the ISP chooses to deal with it or not.

Re:Spamcop's a waste of time.

If they even attempted to be accurate, it might be worth using to dump email from IPs on the list to a special folder for later sorting. As it is, they are nearly as bad as SPEWS.

Look at number 10 on this page

SpamCop now implements "pre-emptive" blocking of hosts. This is based on non-SUBE points (mail volume) alone, and is not related to complaints. If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed. For example, a host which has no more than 24 hours history for sending mail will be listed under the assumption that it is most likely a new source of spam (since the great majority of new sources of email are sources of spam). After 24 hours, we hope that users will have had a chance to report spam from the new host - or not. If they do, then the other rules will list the host. If they don't (and the host keeps sending mail), then it will drop off the blacklist.

Not bad enough the accidental false positives. Now they block you just because you send any email at all.

If a host has no mail volume within the past 7 days except for a 1 day or less period where it does show volume, it will be listed.

Bullshit. My site has sent god knows how many emails since April, there has NEVER been a spam complaint on the IP address and likely never will be, yet I am receiving bounces from people using their "pre-emptive" blocklist.

Spamcop is bullshit run by a Seattle hippie with an agenda, namely that all commerce is evil and should be kept off the internet.

Re:Spamcop's a waste of time.

[DonnaS]

Without knowing the IP address in question, it's kind of hard for anyone else to judge. I use the SCBL as one of a range of filtering (not blocking) options on my personal email, and the few false positives I see (about 2 a week out of, oh, about 2000 emails on average) result from the Bayesian filter not the SCBL. I don't think I've ever seen a false positive resulting from using the SCBL. Doesn't mean it can't happen, I know, but it's not been my experience.

Re:Spamcop's a waste of time.

[Anonnymous+Coward]

It appears that rules 1 and 2 are still in force.

well

[loraksus]

They did have a disconnected phone number, which Joker might of have had some legal crap in their AUP, if so, it does change the situation a bit - but it seems that Joker was kind of a bitch here and the articles don't exactly give shining reviews of their customer service. Seems that the company is living up to their name.

I wonder how much better a distributed system would work . . .

SpamCop costs

[cft]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Proletariat of the world, unite to kill spammers

Re:SpamCop costs

[shokk]

And at what point do people get sick of the legal route and take matters into their own hands? I think the messages gets across after a few spammers disappear in a mist of quickly oxidizing nitrogen-based substances, or a hail of metal. For those International spammers, at some point the links to the civilized world have to be considered a liability and just need to be shut off or filtered.

Re:SpamCop costs

[grolschie]

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed

"We are 100% certain that they have Zombies of Mass Destruction" - GW Bush

'A false Complaint'

[nurb432]

Is this the wave of the future? If you dont like someone just make up something and 'report' them... Let them pay the bill to fight it. Be it with their ISP or the HSD......

Just wonderful...

[rjch]

geekwench writes "SpamCop was apparently the victim of a recent DoS attack.

So of course, you just had to follow a DoS attack with a Slashdotting, didn't you? :)

SpamCop doesn't work..

[destiney]

I reported every single spam email I got to SpamCop for over 4 months, did the follow up confirmations and all. My spam intake went throught the roof in that 4 month period.

http://destiney.com/spam.php

Finally I just gave up and stop reporting spam to them at all.

Re:SpamCop doesn't work..

[Anonnymous+Coward]

This is probably because, despite's SpamCop's best efforts, there was something in each email (maybe that "random text" included to get past filters) that identified your address. Once it was a known good address, they spammed away. The spammers come mostly from Brazil and China, and/or use open proxies or hacked machines to send their sporge. Reporting them has no effect, other than maybe helping $CABLE_ISP tell a user to scan his box.

Re:SpamCop doesn't work..

[Therlin]

I'm glad I'm not the only one wondering about this. I thought I was going crazy.

I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.

A couple weeks ago I thought I was just being paranoid, so I started reporting them again. Same thing happened.

Overall they are doing a great service. But somehow (random letters, or reports being sent to the wrong people), my address keeps getting flagged as a valid one. So I'm done with them.

Re:SpamCop doesn't work..

[djmurdoch]

I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.

I had exactly the opposite experience. I've been a regular Spamcop user since last year. For about a month this spring I was too busy, and stopped reporting, and the amount of spam I was receiving doubled. It's kept fairly steady since then.

I suspect that my name is listwashed by some spammers, and added to other lists. When I stopped reporting, they stopped listwashing.

This is why...

[Dthoma]

...we have client-side spam filtering.

spamcop is also being used to suppress bbv

[DrunkClam]

www.blackboxvoting.com

Re:spamcop is also being used to suppress bbv

[thirty2bit]

Interesting site.

Luckily, I'm politically agnostic.

Complaints don't work

I'll tell you why: they are not numerous enough. I'm the abuse mailbox handler for a well-known company that is disliked on and off line. Out of a 5-million-address mailing, I get maybe 12 complaints. Management does not care to alter anything about our "customer retention management" system. In fact, with only 12 complaints our of 5 million emails, they think we're doing pretty damn good, and so do I.

We do the following:
1. Opt-out only. You do business with us, you're on the list and have to taken yourself off of it to stop getting our mailings. There is no choice to opt-out at time of purchase, no choice to omit your email address.
2. Sell your address to our partners. Our contracts with our partners requires us to collect addresses when we make a sale for them, and pass the address lists along.
3. Pass off opting out of partners' lists to our partners.
(We spell all this out in the online Terms of Service which is displayed before a customer makes a purchase. People still buy).

Still, with all these "bad practices" in place, we only get a dozen complaints out of several million spams sent. We're on AOL's whitelist of approved spammers^Wmarketers whose mailings bypass their spam filters. We're on other ISP whitelists, too. If we get a Spamcop complaint, I dutifully click on the link in the notice, check "account terminated" and that's the end of it. But with only a handful of them each week, I can take care of the Abuse mailbox in less than a hour a week. Anti-spammers have had no adverse effect on us in the four years we've been doing it this way.

Can't

[Convergence]

The problem is that anti-spammers demand a nuke-first ask-questions-later policy for shutting down 'bad' sites.

Unfortunately, that policy can also bite you in the ass. You can't have it both ways.

W32/Mimail.e@mm attacking spamcop also

Network Associates is reporting an E variant that just came out of W32/Mimail that attacks the following domains:

spews.org
spamhaus.org
spamcop.net
www.spews. org
www.spamhaus.org
www.spamcop.net

Here is the link to the description:

Link to W32/Mimail.e@mm description

This might explain some of the other issues folks mentioned above like getting to Spamhaus, etc... I saw a few instances of W32/Mimail.c@mm on Friday in my day job. That one launched DoS against darkprofits.net besides sending itself to everyone in an address book.

bbh

lawsuit?

[Althazzar]

IANAL, but doesn't this give reason for some sort of lawsuit? Joker have, on account of one false complaint about wrong adres info, suspended a service which i presume was still being paid, without any warnings after their first one, though a reply had been given. I don't know which law applies here, but in Holland, this would be reason enough for a court meeting.

On top of that, there is ofcourse the question of: how is this possible? are there rules for actions of this kind? returning a fax is, IMHO, indeed no prove at all, though it will probably hold in court.

And a question to the lawyers here: if you, with bad intentions, use this method to bring down sites, is that a crime? I'd think yes, but then, Joker has to give the name of the person that claimed te info being false.

In all: interesting things may come out of this...

Personal Thought

[Kyrthira]

It's about time. I can't say I'm surprised. Childishness over the internet seems to be a trend lately. -.-

New email worm that DDoS's Spamcop/SPEWS/Spamhaus

[wayne]

I saw this mentioned on the spamcop news group.

There is a new email worm called W32/Mimail-E that is designed to create a distributed denial of service attack on the anti-spam websites of spamcop, SPEWS, and spamhause. See: sophos write-up.

Re:good service

[acceleriter]

I saw it.

Was it an attempted LART?

[Dynamoo]

There's a long and quite interesting thread in news.admin.net-abuse.email about an attempted "LART" on SpamCop by a well-known character called Jamie Baillie. This came out of a result of a long-running dispute between Mr Baillie and more or less everyone else who posts to that newsgroup.

There is no proven connection between the issues at the registrar and Jamie Baillie's attempt to have SpamCop shut down, but the complaint to Joker (the registrar) was anonymous and clearly vindictive.

Oh yes.. the domain name cesmail.net will often work in place of spamcop.net for those still struggling to get through.

Spamcop is infuriating - can't interpret anything

[DoorFrame]

So I use Outlook XP for email (go ahead and laugh now). One of Spamcop's most useful features is the ability for the user to simply forward spam directly to a predefined email address (one for each end user) and have Spamcop handle the rest. I have one or two addresses within a domain that I own which receive nothing but spam. I usually just filter them all to the trash, but I decided to start forwarding them along to Spamcop and let them do their thing. When it works, Spamcop is great.

So I tried this with Outlook. Spamcop simply responds that it cannot find the spam within the forwarded message. Apparently it doesn't parse Outlook mail properly. This seems weird considering Outlook is the most widely used commercial email program... you think they would write their filters with Outlook in mind. But ok... I go back to my server. I set up aliases for the two offending usernames and send the spam directly to spamcop, never having it touch my Outlook. I figured this would solve the problem.

Nope, Spamcop couldn't read that spam either. And Spamcop won't tell you what the problem is, exactly. I've never been able to get the email forwarding thing to work properly, and it's frustrating because it would be a great service.

Has anyone had a good experience with email forwarding? Can anyone suggest a simply solution to this problem?

Joker.com's lack of due diligence.

[wayne]

I've been thinking about this. I agree, Joker did not exercise proper due diligence.

They *assume* that email is a reliable way of contacting someone, but the *require* you to fax a document to them. I do not even have a fax machine and, off hand, I don't know where I could send a fax from the US to Germany. I suspect that it would cost at least a couple of bucks and would take a fair amount of time.

They sent *one* email before shutting the domain down. They did not reply to the (one) email that was sent in reply. I've never used joker as a registrar, but I bet they send out more than just one email to remind people to renew their domain.

The email that joker sent needs to be rewritten by someone who knows english and to make it clearer. I found it quite ambiguous.

Granted, Julian freely admits that there was a bad phone number and also that he didn't fax a response to them. Part of the fault does lie with Julian, but I think far more lies with joker.

Re:Joker.com's lack of due diligence.

[Basje]

I use joker exclusively, and they don't mail only once. As I can tell from my email history, they send 2 mails: the first 8 weeks before a domain expires, another 4 weeks before it expires.

They may send more, but I never let it come that far: either I canceled at that point, or I extended the contract.

Re:How effective is SpamCop? -- We Love It!

[gizmonic]

I work for an ISP and honestly, we love SpamCop. Our abuse mail gets a lot of complaints. We can take action on maybe 2% of them, because people simply don't give us enough information. "Stop sending me spam" does nothing for us, nor do the 75% of people who forward the spam and do not inlcude the headers. (Honestly, how can so many people still not know to include full headers when reporting spam?)

The SpamCop reports have ALL the information we need (timestamps with time zone are crucial) to track down a spammer and get them off our network. The other nice thing is that once all the SpamCop complaints are handled, we usually find that the few regular spam reports we can track were about the same people we just got done banning due to the SpamCop reports.

So, at least for us, SpamCop is very effective. Granted that's just one ISP, but there ya go.

Spamcop works!

[Futurepower(R)]

There have been times when I have reported spam to Spamcop and received an apology from the spammer's ISP less than two hours later.

SpamCop's odd choices for providers?

[harlows_monkeys]

I don't understand spamcop.net's choices of providers for various services. For a domain registrar, they are using a German company, that they have no idea how to call when things go wrong. Wouldn't it make a lot more sense to use a US or Canadian company that would be easy to contact? (Note that I'm not saying there is anything wrong with German companies!)

Second, on their pages, they have at the top a recommendation for a specific web hosting company, presumably the one they use--this isn't a banner ad, but rather an ad written right into their HTML, so it sure looks like it is their personal recommendation for web hosting. When I was looking for a new hosting company for my site, I wanted to find one that was not soft on spam, so that I would not have to worry about ending up in SPEWS, and figured that the one SpamCop uses would have to be good. Checked out their plans, and they were good. I was ready to sign up, but decided it would be dumb not to at least Google a bit...and I found that that hosting company does NOT have a good reputation in the anti-spam community!

You'd think one sure-fire way to find a white-hat ISP would be to use the one that a major anti-spam site recommends, so this was quite a shock.

Re:Spamcop is infuriating - can't interpret anythi

[mabu]

So I use Outlook XP for email

What's it like to live your life at Defcon 1 with Outlook?

Spamcop works

[Blackknight]

Spamcop is great if the ISP or web host actually responds to the complaints. I work for a web hosting company and we investigate every complaint that comes in. If it's legit the account gets terminated.

I still think by the time spamcop gets to us it's too late though. You can't unsend spam, once it's out it's out. They'll just get a different account on another host. What we need is some kind of filtering on the incoming and outgoing sides. Or the world could just switch to something besides Outlook, which helps these viruses and worms propagate.

Re:Spamcop is infuriating - can't interpret anythi

[athakur999]

Check out SpamSource. It's a plugin for Outlook that'll let you forward email correctly to SpamCop or any other service.

Outlook doesn't forward all the headers properly if you just use the "Forward" button which makes trying to submit spam that way useless. There is a way to get the complete headers, but it's time consuming, so SpamSource makes things much easier.

It's partially free, depending on what features you enable. Hopefully someone will create a totally free full featured workalike eventually.

Best working solution we have right now

[mabu]

Right now, Spamcop is THE most effective anti-spam solution bar none. End users don't realize the effect Spamcop has on overall network performance and the reduction of spam they receive in their inbox. Most users naively think client-side filtering helps when it's little more than a band-aid on a severed artery.

In the last 24 hours, one of my modest-sized mail servers reported these stats:

accepted mail: 2480 messages
spamcop blacklist rejected mail: 8216 messages

This is with no legitimate mail being blocked and a rather conservative set of relay blacklist rules.

That's more than 70% of the e-mail we receive clearly identified as spam and rejected at the server level.

But at least we stop the spammer as soon as he connects. We don't receive any of the junk e-mail once we identify mail coming from a known spam source. This reduces our operational costs, tax on hardware and software and available bandwidth to all users. Client-side filtering consumes all these resources and offloads the burden on the end-user to pay for software that still does not effectively deal with spam.

When you employ client-side filtering you do NOT stop spam; you do NOT reduce anyone's operational cost. When you deny mail relay access from spammers you DO cost the spammers time and money!

Spamcop has proven itself to be the most effective and productive solution at present, which is why it's being targetted by spammers. Using Spamcop's RBL, spammers can't even connect to participating networks. When you employ client-side filtering, you help spammers because their argument for de-regulation of spam involves putting the cost burden on the users - all they care about is delivering X messages and that is still accomplished, whether your mail filter catches it or you manually delete the junk, so this "solution" encourages future spam activity and also breathes more life into companies like Symantec that actually profit from the spam epidemic.

There are only two more-effective solutions to the spam problem: 1. The Federal Government finally deciding to pursue the spammers who break into computer systems (which has been illegal since before the Internet existed), and the employment of a sanctioned smtp whitelist.

I posted a previous comment with my detailed analysis of the issue and exactly how it can be realistically solved.

Re:Best working solution we have right now

[-jaded-]

I'm curious how you determined that there were no legitimate messages blocked if you are rejecting the message on connection rather than based on analysis of its content. If you reject the message fefore you even look at it can you make any valid statements regarding the message content i.e. spam vs. legitimate?

There is also the odd statistical discrepancy that about 50% of all email traffic is spam and yet you are rejecting a significantly larger fraction that average. Unless your organization is a serious anomaly and gets significantly more spam then average you should go back and check your numbers a bit.

Check the latest product reviews. Spamcop isn't the most effective or the one with the lowest rate of legitimate messages blocked. They're not bad but they're a far cry from the best.

And finally, regarding your shot about Symantec profiting from spam filtering consider the following question. If Spamcop has no means of making money from its spam filtering, what gurantee do you have that they will be around for the long term especially if they are spending enough on bandwidth to weather a sustained DDOS?

Re:Best working solution we have right now

[mabu]

I'm curious how you determined that there were no legitimate messages blocked if you are rejecting the message on connection rather than based on analysis of its content. If you reject the message fefore you even look at it can you make any valid statements regarding the message content i.e. spam vs. legitimate?

Believe me. My clients let me know pretty darn quickly if any legitimate mail gets blocked. Our system bounces the e-mail with a URL to a page where they can contact us to let us know that their legitimate mail was blocked.

I am aware Spamcop isn't the "tightest" RBL, and most ISPs, including me, use multiple RBLs that have different, yet complimentary criteria for listing. If you're a network admin and you're tweaking your mail system, there are a number of factors to take into consideration, as well as priorities. My goal was to employ the tightest anti-spam protection with the least impact on legitimate mail. I could cut down on the spam that gets through by tightening things a little more, but I'd rather be conservative in this respect.

Spamcop does make money and charges its members for its service. Obviously Spamcop profits from spam as well, but unlike Symantec and other producers of client-side filtering systems, the use of Spamcop *reduces* user and network resources whereas the client-side systems consume even more.

As far as Spamcop and the DDOS vulnerability, it's an issue; it's an issue for everyone online. My advice to Spamcop is to have them host a small government web site for free... that way when they're DDOS'd, it would be considered an act of "terrorism" and the attacker could get the death penalty under the Patriot Act...

Spambayes

[kenyob]

Who needs SpamCop...
Just use <A href="http://spambayes.sourceforge.net/">SpamBayes </A>.Its free, open source, and works almost as well as my Mailblocks account...

Re:Spamcop is infuriating - can't interpret anythi

[DonnaS]

Suggest you read the archives on the Spamcop newsgroup - this was discussed at great length there, with various solutions offered, if I remember rightly. The fault is not with Spamcop, but with how email from Outlook is constructed.

Blocking by country is fraught with danger

[dbIII]

Most of the spam comes from and/or points to IP addresses in China and Brazil.... drop any SMTP connections from networks in Brazil or China

Vast amounts appears to come from the USA - by IP address anyway. The net is still US centric (ie. plenty of Asia to Europe stuff is routed through the USA, and plenty of offshore stuff is hosted in the USA) - so blocking those IP addresses would be idiotic. A lot of companies do business with China, and any company of any decent size anywhere has a few employees that send mail to relatives in China - so blocking mail from there is impractical, and has serious policy issues (ie. why everyone but those of chinese descent can email their friends and relatives). I'm sure in the USA, being closer to Brazil, there are similar issues with Brazil.

The next thing to consider, is that hosting of hotmail type services may end up moving to other countries to save costs. Suddenly not being able to recieve mail from such a source is the sort of thing that gets sysadmins sacked.

Personal, recreational email is a different story - you could limit it to only the contents of your address book without much drama. You'll still get spam though - just not much of it.

Analysis in my journal

[heironymouscoward]

From a while back...

here

Re:Dropping/Banning China and Brazil

[Anonnymous+Coward]

During discussions with management about blocking China, Korea, Brazil, and other countries whose PTT's are spam havens, management can indicate what to whitelist in the unliikely event there would be any legitimate traffic blocked.

I wonder how long an admin would keep his job when his managers are subject to the full tide of Chinese spam.

Time for everyone to avoid joker.com

[getnuked]

This sounds so much like a moronic thing verisign.com would do (back in the day, or even recently) when they 'accidentally' gave away domain names without confirming the requests). How could these idiots do this, especially for such a high profile domain name?

I have my important domains at directnic.com which provides amazing 24/7 trouble-ticket based support. I don't even think the somewhat less tech savvy the, yet ultra cheap godaddy.com would try this.

Outlook is the problem - read the FAQ

[Dave21212]

Spamcop has a detailed explainantion of the issues with the way the Outlook forwards mail. They also have suggested workarounds for Lookout's shortcomings.