SpamCop To Be Sold To IronPort?

Iphtashu Fitz writes "InfoWorld is reporting that SpamCop is about to be sold to IronPort Systems for an undisclosed amount of money. According to the InfoWorld article, the announcement will be made on Nov. 25, and will include IronPort investing $1 million in SpamCop to keep the service up and running. IronPort apparently makes use of the SpamCop DNS blocklist in their spam filtering products and this move is seen as a way to help support SpamCop and formalize their relationship. IronPort is reported as stating that the SpamCop blocklist data will remain freely available to the public."

Potential advantage of corporate backing

[bigberk]

Spamcop is one of the blocklists that has been under perpetual attack by spammers. Recently, spammers started a rather major DDoS against spamcop and several other services.

Antispam services that have limited operating resources (such as the now defunct monkeys.com and osirusoft.com) -- while extremely useful services, simply didn't have the means to withstand major attacks. Those two services had to be shut down because the owners could not deal with the onslaught. Spamhaus, and probably now Spamcop will be able to withstand attacks.

Kudos to any company that joins in on the spam fighting effort. Also worth mentioning are the good folks at Easynet, who have been running top-notch anti-abuse DNSBLs that are available to the public.

Calm down

[kevin_conaway]

Relax, everytime one service/company gets bought by a bigger one, folks flip out. Yes, sometimes larger companies have sinister motives but most of the time it is in the best interests of both companies and the industry. Corporate backing == more money == better products (hopefully)

Re:IronPort's Reputation?

[nbvb]

No way, the guys at IronPort are fantastic.

If I've ever met a group of people who understand the Spam Problem, it's them.

This is *fantastic* news! The guys at IronPort Systems make the best damned mail routers I've ever seen. Bar none.

Their SenderBase and Bonded Sender programs are really a lead into solving the SPAM problem.

Both products integrate directly into the IronPort C60 mail appliances and automatically apply what they call "reputation filters" which let you control SPAM. You can throttle based on the "reputation score" from SenderBase, as well as traditional methods.

The fact that BrightMail is integrated also is a major bonus.

Back to the original point, I'd definitely give IronPort a chance here. They're a GREAT group of people (I've met everyone from the CEO on down), understand e-mail, and really want to do the Right Thing.

Check them out at: http://www.ironport.com

Unfortunately, my company's rules won't let me give a public testimonial as a satisfied customer, but believe me, if I could, I would!!

Deja vu Comments?

[stryders]

This comment seems oddly familiar

Great. Slashdot subscriber spammer! MOD DOWN!

[numbski]

I'm even putting karma on the line to say so.

Ugh....I can't believe the couth of some people...

SpamCop/IronPort needs to be careful

Right now, I believe SpamCop is legally just a private list that a small group of people use for their own personal email filtering purposes, and which they just happen to make available to the public. As such, they are all but untouchable in regards to any legal claims or actions. Should the list's purpose change, their untouchability may also change.

Re:I don't know what to be: happy, sad, indifferen

[silentbozo]

SpamCop publishes a list, but whether it is used for scoring or blocking is completely up to the person receiving the list. For example, you state that you like SpamAssassin - one of the filters that is used by SA to score spam is the SpamCop blacklist. Also keep in mind that publishing this list is only one of the benefits that SpamCop provides. I use the reporting service to report spam (and incidentally, it's these reports that go into the creation of the blacklist.)

Funnily enough, SpamCop recently incorporated SpamAssassin for the pop/webmail service that they provide.

As for getting on and off, there is a deputy you can e-mail (a live human being), in addition to the standard set of webforms etc. SpamCop these days is a very benign service (for the most part). The fact that SpamCop is under almost constant attack by spammers trying to DDOS them, trying to overload their systems with fake accounts, etc. tells me that spammers consider SpamCop to be a major threat.

Re:Ironport?

[twitchkat]

Ironport's product is targeted at companies that send tons of emails that they don't consider SPAM -- big companies like Sony or Blockbuster or Merrill Lynch that have huge customer bases who have "registered" to receive mail.

These big companies' mailservers are often blacklisted as spammers because of:

- the volume of email they send out,
- recipients who forget they've opted into receiving mail and report the mail as SPAM,
- etc.

IronPort's products are supposed to help these companies out and ensure they can keep pumping out mail.

I guess by buying SpamCop IronPort will be able to insert their own whitelist into the filtering process: "don't blacklist SPAM from Merrill Lynch because they're a customer."

Re:I use SpamCop for e-mail...

[Zocalo]

Any one "possible spam" message processed through its system lands the server on the blacklist

That's not quite correct. SpamCop uses a fairly simple, but quite effective weighting system that combines the number of reports and the age of reports to decide whether to block an IP or not. You can find out the specifics here if you want, but in a nutshell a minimum of *two* reports are required for a listing of just 24 hours. All IPs will be delisted 48 hours after the last spam complaint, which can be upto 5 days after the last spam was sent, as you imply.

Yes, mistakes can and do happen (I've seen Amazon and a popular mailing list blocked), which is why SpamCop recommends you don't use it as a DNSBL, but despite that I have found it to be the most accurate blocklist of all. I use three DNSBLs on my server (SpamCop, Spamhaus and my own local one) with an SMTP error verbose enough to pick up bounces. I've seen just *two* false positives, one from a mailing list and another an advert from Amazon. A simple "amazon.com OK" in my mail config fixed that permanantly, but that's not really an applicable solution for a big multi-user server.

If that kind of filtering makes you nervous, then a better solution is to configure something like SpamAssassin to check the DNSBLs for you and assign a positive score to the hits. If you adjust your SpamAssassin scores to reflect your personal confidence in each enabled service then the results are superb. For the last three months I've been running with the three DNSBLs listed above blocking IPs outright and SpamAssassin checking about half a dozen more for a match amongst all its other checks, plus a few custom ones and adjusted scores. The results are stunning:

• Two minor false positives on the DNSBLs
• Zero false positives from SpamAssassin (you rock!)
• Three spams of the meaningless content type arrived in my inbox (fixed by tweaking some SpamAssassin scores)
• A few thousand legitimate emails received
• Probably a similar number blocked or removed - who cares?

Spam problem? What spam problem? ;)

Re:Ironport?

[Zocalo]

No. It means that someone legit like Lyris can run two or more different mailing lists on two or more different IPs at the same time on the same box. If one list gets blacklisted accidentally, then the others can carry on functioning. A conventional MTA gateway setup does not offer this by default, although there is no reason why you couldn't configure your favorite MTA to do this.

True, a spammer could abuse the system, but why would they need too spend the money on the device in the first place? If they have all those IPs available in a single block then a traditional single IP MTA setup would work fine. A simple script to fire off a batch of spam for a couple of hours, switch the MTAs default IP to another and repeat. SpamCop will delist after at most 120 hours after the last spam was sent from an IP, so if you have an entire class /24 to play with and you switch IPs every few hours then uyou have a considerable idle time on each IP while it de-lists. Not much defence against Spamhaus though, once they get wind of the IP block it'll be on their SBL almost immediately. ;)

Dear Sweet Crap

[Dragoon]

I'm a former direct-mailer (spammer). Yes, Hate me.

We had 2 IronPort A60's that we would use to pound mail out like insane pixies who had too much sugar.

With SpamCop being owned by Ironport.. .dear lord, will this mean for an extended supscription one would get removed from spamcop?

This obviously would mean the dependance on spamcop to be a serious regulatory company, would be an idiotic assumption.

Ironport Sells 2 series of devices The A and the C

the A60 is the flagship of the outgoing mail genre, and the C60 is the flagship for blocking the incoming mail.

In basic sense, they sell the ultimate spam machine, as well as the ultimate anti-spam machine.

They're basically Gun Runners, and fairly evil. They will sell you one product to send huge mail campaings, and another to avoid them, its a damn protection racket.

How is this legal in the us?

Re:SMTP Servers?

[jbrw]

So, does anyone know of a company that just sells SMTP access?

fastmail will let you use their smtp server for a one time fee of $14.95. which also gets you access to an imap account, web based mail, super good spam filtering, and some other stuff.

i primarily use them for the smtp server nowdays though.

and if you sign up and are feeling generous, you can use "jwilson" as the referrer code and i'll get a kickback of a $1 or something. woo! :)

you may want to go read their official support forums, with regular appearances from the actual developers/owners of the company, to get a feel for what they offer/how they operate, etc.

regardless of the smtp server, their web based mail is super nice. go tell your hotmail using friends to sign up to the free fastmail account (sans-smtp access) instead... fastmail will happily suck mail from existing hotmail accounts, so it makes the transition a bit easier.

Re:I don't know what to be: happy, sad, indifferen

[scrytch]

I personally opt for SpamAssassin Milter

You do realize of course that two of the checks in SpamAssassin are for Spamcop and the Ironport Bonded Sender whitelist?

Now am I that far off? Are there redeeming qualities about SpamCop that I'm overlooking that make this blocklist a good thing? Who controls who's blocked? Is it fair? Is there a human contact when things go awry?

Spamcop blocks nothing. It simply tells you whether an IP address is on the list and provides you with a URL to use to make the final determination yourself. Spamcop itself does not recommend automatically blocking based on SC listing alone. Spamcop is quite trigger happy because it's largely automated (and unfortunately the DNSBL doesn't include things like volume statistics to help automate it -- I suspect that'd be a commercial value-add). If you want a more carefully researched blacklist, I recommend the spamhaus SBL.

The contact process is documented on spamcop's site. Humans do read and act on it. They're generally a lot more reasonable than, say, the folks on usenet you'll have to speak to if you wind up on SPEWS.

I'd be astroturfing if I told you the overall "safe" solution I recommend, so I'll leave it there.