Trouble Getting to SpamCop?

geekwench writes "SpamCop was apparently the victim of a recent DoS attack. A false complaint to their domain registrar led to all primary DNS information being pulled. The problem is now fixed, but there may still be access issues for the next couple of days as ISPs clear the old DNS information out of their caches. You can read about it here and here. (Sounds to me as if SpamCop is proving to be a good-sized thorn in the sides of a number of spammers.)"

Tip

Because of caching, sometimes some things resolve and some don't... so, if www.spamcop.net doesn't work, try spamcop.net minus the www. Of course, if your mail server can't resolve their mail server properly, then submitted spam is a much bigger pain.

2004 promises to be interesting

[heironymouscoward]

As spammers and virus writers get more and more integrated. Spammers have the money, virus writers have the skills, together they will play havoc with the cornfields of the Internet.

In the natural world, something like 60% of all species are parasitical, and the war between parasites and hosts is one of the defining aspects of all nature. Sex, for instance, is a way of shuffling locks faster than parasites can evolve keys.

It seems inevitable that software and communications will have to develop similar kinds of defenses against what is an inevitable onslaught from the parasitical forces that have developed to snack on the soft underbelly of the Net.

Cybersex, anyone?

Distrubited Blacklist

[attobyte]

When are we going to do a distributed blacklist so this @$#$!@#@$ $pammer$ can't pull this crap?

Yikes!

[Quasar1999]

This is scary stuff... anyone can get any domain pulled with a little accusation?

We need to secure the domain registration/ownership process... seriously... We might not be able to take down microsoft.com, but with this complaint technique, I'm sure we could do some damage to a lot of less high profile companies... We need to get this fixed now! It's almost as bad as being allowed to call your neighbour a terrorist, and have him/her arrested indefinetly, with no proof...

Thorn? It doesn't matter,

[Trick]

> Sounds to me as if SpamCop is proving to be a
> good-sized thorn in the sides of a number of
> spammers.

Maybe, but maybe not. The DOS attacks by spammers have been getting pretty brazen of late. SpamCop's a well-known name, and that's probably all it took to make it the target of an attack, regardless of how effective it is.

They've gotten almost no resistance to the attacks they've launched so far. They've got no reason not to launch an attack on anyone who even attempts to block spam at this point.

Surge in spam

[October_30th]

The amount of spam I receive every day has clearly been steadily growing for the last few months. Looks like the spammers are winning the war by DoSing spam fighters and hiring mercenary hackers with 450000 trojaned systems.

How effective is SpamCop?

[YetAnotherName]

I was a religious SpamCop user for awhile. You tattle to SpamCop on a spam you receive, it checks its various databases, and then notifies various network authorities of the problem.

Problem being, that several of the network authorities are huge megacorps where the complaints get filed with the rest of 98,000 or are spamhosts themselves.

I gave up in favor of SpamAssassin and Mozilla's spam filtering, which turned out to be far more effective.

Isn't effectiveness the whole reason eight-year-olds tattle in the first place? ("Billy hit me!" Billy gets in trouble. (And Tommy gets beaten up after school.)) Somehow, I don't think enough spammers got in trouble.

Re:How effective is SpamCop?

[tsarin]

As you say, SpamCop is fine; it's the ISPs that you need to worry about. A while back, I was running a mail server (forwards for a hundred-odd users, plus my own mail) off my DSL service. One of my users, playing the good little netizen, reported a batch of her spam to SpamCop, who, since my machine was in the headers, reported to my ISP--who promptly turned me off. No investigation, no "Hey, what's going on here?", not even a "Why are you spamming?". Lather, rinse, repeat, until the ISP ended up turning me off permamently. (And then, promptly, went out of business, shorting me nearly six months of my prepaid contract.)

Had they taken the thirty seconds to actually look at the headers, it'd've been obvious that I was, effectively, as much a victim of the spam as my user.

A "disconnect first, ask questions later" policy is fine, assuming you bother to ever actually ask.

Re:How effective is SpamCop?

[Uggy]

I agree. The only way to stop spam is by filtering it at the ISP or end user level. Email is too entrenched and too important for us to be mucking around with whitelists and trusted senders and whatnot. Reverse lookups would really do the trick, but since in my experience 99% of ISP's/bandwidth providers are just too uncooperative in updating their reverse DNS, that is out. Couldn't do virtual domains either.

You could utilize some minimal checks like forward dns or just a HELO name check, which my company used for a while. But, there are SOOO many exchange servers out there that identify themselves as "microsoft.msft" (which is of course not correct) that some of our clients couldn't get their mail. They'd call, "Hey, so and so can't send me email." I'd telnet to their port 25 and check what they returned in their HELO... sure enough, it was incorrect, so I'd notify the administrator and our client that their email server is not configured correctly (and it's an open relay to boot). A couple of days later this client would call again saying, "Other people can receive this guy's email, but I can't. What's wrong with your server?"

After a while, it's just a perception problem. You've got to be able to receive from everybody (except the absolute worst spammers). So we accept all mail and tag it with spamassassin using the X-Spam-Status tag. Clients then can filter it and check at their leisure. If they have a little more no-how, we tell them to download and install mozilla-mail or thunderbird with built in spam filtering. You've got to train it, but it works.

Email is too important and too ubiquitous to be screwed around with. The surest and best way to deal with spam is to filter/tag at the end user or ISP. Legislation won't cut it. Threats won't cut it. Whitelists/Blacklists won't work. You can't even rely on first line HELO identification checks. There are just too many monkeys who've set up email servers out there.

And just think about this: even ipv6 STILL isn't widely deployed.

Spamcop's a waste of time.

[Anonnymous+Coward]

Most of the spam comes from and/or points to IP addresses in China and Brazil. Their reaction to your reports, if they even receive them, is "We'll get right on it."

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Spamcop is a nice parser, though, for those rare occasions in which reporting would do any good. Unfortunately, they're in bed with Cyveillance--don't forget to uncheck that box to avoid helping them.

Re:Spamcop's a waste of time.

[admbws]

It would be far more effective to simply drop any SMTP connections from networks in Brazil or China. Even better would be to actively scan emails for links pointing to that IP space, and dump any messages received. This would eliminate most spam from user mailboxes.

Alternatively, you can simply drop all SMTP connections from the entire IPv4 address space! That would eliminatate all spam from user mailboxes!

P.S. I'm being sarcastic, but blanket bans suck.

SpamCop costs

[cft]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Proletariat of the world, unite to kill spammers

Re:Funny, but evil

[H310iSe]

"A false complaint to their domain registrar led to all primary DNS information being pulled."

That's funny because a false complaint against us by spamcop led to all our servers being off the net for a day last year. They did ZERO research on the complaint and took it straight to our ISP (rather than trying to contact us by our abundant and up-to-date contact info available in our emails and on our websites). Their conduct was beyond reckless, it was vicious.

I'm all for good anti-spam but those guys can bite me. Serves them right IMHO.