Slashdot Mirror
Trouble Getting to SpamCop?
geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"
Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.
I've been having trouble getting into Spamhaus too. The spammers are up to something.
As spammers and virus writers get more and more integrated. Spammers have the money, virus writers have the skills, together they will play havoc with the cornfields of the Internet.
In the natural world, something like 60% of all species are parasitical, and the war between parasites and hosts is one of the defining aspects of all nature. Sex, for instance, is a way of shuffling locks faster than parasites can evolve keys.
It seems inevitable that software and communications will have to develop similar kinds of defenses against what is an inevitable onslaught from the parasitical forces that have developed to snack on the soft underbelly of the Net.
Cybersex, anyone?
Ceci n'est pas une signature
When are we going to do a distributed blacklist so this @$#$!@#@$ $pammer$ can't pull this crap?
I didn't use the preview button, so get over it!!!!
Mike
quietly reporting everything I get through spamcop and to the FCC.
It isn't helping, but maybe one of the ones I help get shut down will quit.
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
This is scary stuff... anyone can get any domain pulled with a little accusation?
We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...
---
Programming is like sex... Make one mistake and support it the rest of your life.
> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.
Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.
They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.
The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.
The owls are not what they seem
I was a religious SpamCop user for awhile. You tattle to SpamCop on a spam you receive, it checks its various databases, and then notifies various network authorities of the problem.
Problem being, that several of the network authorities are huge megacorps where the complaints get filed with the rest of 98,000 or are spamhosts themselves.
I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.
Isn't effectiveness the whole reason eight-year-olds tattle in the first place? ("Billy hit me!" Billy gets in trouble. (And Tommy gets beaten up after school.)) Somehow, I don't think enough spammers got in trouble.
It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.
Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
I'll tell you why: they are not numerous enough. I'm the abuse mailbox handler for a well-known company that is disliked on and off line. Out of a 5-million-address mailing, I get maybe 12 complaints. Management does not care to alter anything about our "customer retention management" system. In fact, with only 12 complaints our of 5 million emails, they think we're doing pretty damn good, and so do I.
We do the following:
1. Opt-out only. You do business with us, you're on the list and have to taken yourself off of it to stop getting our mailings. There is no choice to opt-out at time of purchase, no choice to omit your email address.
2. Sell your address to our partners. Our contracts with our partners requires us to collect addresses when we make a sale for them, and pass the address lists along.
3. Pass off opting out of partners' lists to our partners.
(We spell all this out in the online Terms of Service which is displayed before a customer makes a purchase. People still buy).
Still, with all these "bad practices" in place, we only get a dozen complaints out of several million spams sent. We're on AOL's whitelist of approved spammers^Wmarketers whose mailings bypass their spam filters. We're on other ISP whitelists, too. If we get a Spamcop complaint, I dutifully click on the link in the notice, check "account terminated" and that's the end of it. But with only a handful of them each week, I can take care of the Abuse mailbox in less than a hour a week. Anti-spammers have had no adverse effect on us in the four years we've been doing it this way.
I'm glad I'm not the only one wondering about this. I thought I was going crazy.
I'm a spamcop member but I realized that whenever I reported spam, I'd start getting more emails a few days later. I stopped reporting them and the number of messages went down a few weeks later.
A couple weeks ago I thought I was just being paranoid, so I started reporting them again. Same thing happened.
Overall they are doing a great service. But somehow (random letters, or reports being sent to the wrong people), my address keeps getting flagged as a valid one. So I'm done with them.
IANAL, but doesn't this give reason for some sort of lawsuit? Joker have, on account of one false complaint about wrong adres info, suspended a service which i presume was still being paid, without any warnings after their first one, though a reply had been given. I don't know which law applies here, but in Holland, this would be reason enough for a court meeting.
On top of that, there is ofcourse the question of: how is this possible? are there rules for actions of this kind? returning a fax is, IMHO, indeed no prove at all, though it will probably hold in court.
And a question to the lawyers here: if you, with bad intentions, use this method to bring down sites, is that a crime? I'd think yes, but then, Joker has to give the name of the person that claimed te info being false.
In all: interesting things may come out of this...
There is a new email worm called W32/Mimail-E that is designed to create a distributed denial of service attack on the anti-spam websites of spamcop, SPEWS, and spamhause. See: sophos write-up.
SPF support for most open source mail servers can be found at libspf2.
There is no proven connection between the issues at the registrar and Jamie Baillie's attempt to have SpamCop shut down, but the complaint to Joker (the registrar) was anonymous and clearly vindictive.
Oh yes.. the domain name cesmail.net will often work in place of spamcop.net for those still struggling to get through.
Never email donotemail@WeAreSpammers.com
I work for an ISP and honestly, we love SpamCop. Our abuse mail gets a lot of complaints. We can take action on maybe 2% of them, because people simply don't give us enough information. "Stop sending me spam" does nothing for us, nor do the 75% of people who forward the spam and do not inlcude the headers. (Honestly, how can so many people still not know to include full headers when reporting spam?)
The SpamCop reports have ALL the information we need (timestamps with time zone are crucial) to track down a spammer and get them off our network. The other nice thing is that once all the SpamCop complaints are handled, we usually find that the few regular spam reports we can track were about the same people we just got done banning due to the SpamCop reports.
So, at least for us, SpamCop is very effective. Granted that's just one ISP, but there ya go.
WWJD?
JWRTFM!
Second, on their pages, they have at the top a recommendation for a specific web hosting company, presumably the one they use--this isn't a banner ad, but rather an ad written right into their HTML, so it sure looks like it is their personal recommendation for web hosting. When I was looking for a new hosting company for my site, I wanted to find one that was not soft on spam, so that I would not have to worry about ending up in SPEWS, and figured that the one SpamCop uses would have to be good. Checked out their plans, and they were good. I was ready to sign up, but decided it would be dumb not to at least Google a bit...and I found that that hosting company does NOT have a good reputation in the anti-spam community!
You'd think one sure-fire way to find a white-hat ISP would be to use the one that a major anti-spam site recommends, so this was quite a shock.
Spamcop is great if the ISP or web host actually responds to the complaints. I work for a web hosting company and we investigate every complaint that comes in. If it's legit the account gets terminated.
I still think by the time spamcop gets to us it's too late though. You can't unsend spam, once it's out it's out. They'll just get a different account on another host. What we need is some kind of filtering on the incoming and outgoing sides. Or the world could just switch to something besides Outlook, which helps these viruses and worms propagate.
"A false complaint to their domain registrar led to all primary DNS information being pulled."
That's funny because a false complaint against us by spamcop led to all our servers being off the net for a day last year. They did ZERO research on the complaint and took it straight to our ISP (rather than trying to contact us by our abundant and up-to-date contact info available in our emails and on our websites). Their conduct was beyond reckless, it was vicious.
I'm all for good anti-spam but those guys can bite me. Serves them right IMHO.
closed minded is as closed minded does
Right now, Spamcop is THE most effective anti-spam solution bar none. End users don't realize the effect Spamcop has on overall network performance and the reduction of spam they receive in their inbox. Most users naively think client-side filtering helps when it's little more than a band-aid on a severed artery.
In the last 24 hours, one of my modest-sized mail servers reported these stats:
accepted mail: 2480 messages
spamcop blacklist rejected mail: 8216 messages
This is with no legitimate mail being blocked and a rather conservative set of relay blacklist rules.
That's more than 70% of the e-mail we receive clearly identified as spam and rejected at the server level.
But at least we stop the spammer as soon as he connects. We don't receive any of the junk e-mail once we identify mail coming from a known spam source. This reduces our operational costs, tax on hardware and software and available bandwidth to all users. Client-side filtering consumes all these resources and offloads the burden on the end-user to pay for software that still does not effectively deal with spam.
When you employ client-side filtering you do NOT stop spam; you do NOT reduce anyone's operational cost. When you deny mail relay access from spammers you DO cost the spammers time and money!
Spamcop has proven itself to be the most effective and productive solution at present, which is why it's being targetted by spammers. Using Spamcop's RBL, spammers can't even connect to participating networks. When you employ client-side filtering, you help spammers because their argument for de-regulation of spam involves putting the cost burden on the users - all they care about is delivering X messages and that is still accomplished, whether your mail filter catches it or you manually delete the junk, so this "solution" encourages future spam activity and also breathes more life into companies like Symantec that actually profit from the spam epidemic.
There are only two more-effective solutions to the spam problem: 1. The Federal Government finally deciding to pursue the spammers who break into computer systems (which has been illegal since before the Internet existed), and the employment of a sanctioned smtp whitelist.
I posted a previous comment with my detailed analysis of the issue and exactly how it can be realistically solved.
Who needs SpamCop...s </A>.Its free, open source, and works almost as well as my Mailblocks account...
Just use <A href="http://spambayes.sourceforge.net/">SpamBaye