Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×

Automate Spamcop Submissions 183

hausmasta writes "Spamcop is pretty much dependent on user input. If no one submits and verifies spam, then they will have no blacklist. However that whole submission and verification process is a bit annoying. Why should I bother to actually submit spam to Spamcop and have it verified? If I just delete it, that will take less time.. This tutorial shows how to automate the Spam Cop submission and verification process. All I do is just put the spam into certain folders and our good old friend cron does the rest."
This discussion has been archived. No new comments can be posted.

Automate Spamcop Submissions

Comments Filter:
  • great... (Score:2, Insightful)

    by dhruvx ( 942514 )
    I guess this will make it much faster to build black lists. But doesn't this also increase the potential risk of submitting wrong messages?
    • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Sunday May 28, 2006 @11:16AM (#15420708) Homepage
      Do you think anybody at spamcop cares about false positives? If they care, there's no evidence of it. My server was blocked by spamcop this past week. Why? I have no idea, and no way to correct the problem, because when they block you, all they say is "You sent email to one of our secret addresses."
      • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Sunday May 28, 2006 @11:25AM (#15420751)
        Do you think anybody at spamcop cares about false positives?
        Yes, I think they care a lot.
        My server was blocked by spamcop this past week.
        No, your IP address may have been included on one of the blacklists, but your server was not "blocked".

        The person controlling the server that your server was trying to send a message to was using a SpamCop blacklist as a rejection list.

        If you want to complain, complain to that person.
        Why? I have no idea, and no way to correct the problem, because when they block you, all they say is "You sent email to one of our secret addresses."
        The reason to keep those addresses secret is because if the spammers found them, they would not be useful anymore.

        If you have a static IP address, the problem is you. Someone with access to your out-bound email is sending spam.

        If you have a dynamic IP address, you need to get a static address.

        If you cannot get a static address, do not expect your email to always be delivered. You must monitor your logs for the rejection notices and then take whatever actions are necessary to get that site to whitelist your messages.

        Don't blame SpamCop for the situation that results in your IP address being reported to them. No one is forced to used SpamCop's blacklists. They choose to use them because they believe they are useful in reducing spam.
        • by Anonymous Coward
          (Posting as AC, but I'm a registered user who posts often)

          I work at an EMail marketing company (no, not spam) and we have had our servers placed on blacklists multiple times ... you know why? People who are competetors to our clients signup a spamtrap email to their lists, getting our mailserver blacklisted for sending mail to an address -- even though the mail is a "are you sure you wanna subscribe?" message?

          Your casual attitude toward "oh well, shouldn't have sent email to $secretspamtrap" without telling
          • mod parent as informative.

            we have lots of sites out there which send assurance emails to people that register, if a dummy kid who makes a dummy user and puts random data in along the way, the automated welcome or confirmation mail will be sent. if you have hundreds of thousands or millions of users, some of them can accidently trigger it off, some of them can do it on purpose if they somehow have got the knowledge of that `secret address`.

            as for the article, one perl script and cron together are far better
          • I work at an EMail marketing company (no, not spam) and we have had our servers placed on blacklists multiple times ... you know why?

            Yes, it is spam.

            Fuck you you little shit sucking worm. You and your "business" is the reason that SpamCop and others are necessary. And every single shit for brains like you will always start their posts "I don't send spam".

            Yes you do. And I have to spend time finding ways to stop you from filling up my end users' mailboxes with your spam.

            People who are competetors to our c

            • by Anonymous Coward
              It's clear you haven't realized that some email marketing companies are hired by people other than sleazeballs, for reasons other than distributing unsolicited ads. I belong to at least a couple of non-profit organizations that don't run their own mail servers. These organizations use third-party mailers to contact me with news and action requests related to certain political issues. And these organizations have enemies.

              Do you morons ever stop to think about your role in a chain of events like the follow
              • 1) An RIAA lobbyist writes some legislative atrocity and pays off a bunch of US congressmen to introduce it as a bill
                2) The EFF catches wind of it, and uses an email marketing campaign targeted at its members who have asked to participate in such campaigns to ask its members to protest the RIAA-authored bill
                3) The RIAA lobbyist, who has cleverly subscribed to the EFF's mailing list, reports the email to SpamCop
                4) ...
                5) Profit! (For the RIAA)

                You fail to realize that the messages would already be delivered

                • So what if the EFF's IP address is blocked AFTER the mailing?

                  The EFF, like many such groups isn't exactly a one time afair you know..

                  Want more? That's easy. Not only would the listing not be in effect until AFTER the mailing, but it would only affect those people who's servers block in-bound email based off of that list.

                  In other words, the net effect would be NOTHING.


                  Thanks to the fact that most mail admins with any clue whatsoever avoid spamcop, indeed.

                  The listing would go into effect AFTER the mailings we
                • But I deal with it from the point of view of an email admin who is trying to reduce the in-bound spam while making sure that all the legitimate email is allowed through.

                  I believe that you are lying -- perhaps mostly to yourself -- but what you are saying is not factual. The spamcop blocking list *purposefully* blocks sites which accept all email and then bounce the undeliverables. This is an industry standard practice which Spamcop has unilaterally declared nonstandard. That's fine -- everyone needs to d
                  • Sending NDRs to forged addresses is spam. Spamcop called that one right. If you can't verify the MAIL FROM, don't send any NDR. Best to reject with a 55x at RCPT or DATA.
                    • Yes, you are completely correct. It is spam.

                      But you will not change his opinion. I believe he is the anonymous "EMail marketing company" from earlier in this thread.

                      He claims that "This is an industry standard practice..." but that phrase means whatever anyone wants it to mean.

                      That practice has been vilified for YEARS as "collateral spam". Here is a reference from FIVE YEARS AGO http://www.ja.net/CERT/JANET-CERT/mail/junk/collat eral.html [ja.net]

                      Again, always remember Rule #1.

                      Spammers lie. He is a spammer. He lies.
                    • I'm pretty sure Russ Nelson is neither anonymous nor affiliated with any kind of "email marketing". I have great respect for his accomplishments and philosphy (see his web page) but wish he would change his mind about autoresponses (including NDRs). After AOL, Yahoo, and Hotmail saw the light my backscatter spam load went down tremendously; now we just need to spread the word to the remaining few thousand mail admins still living in the 20th century.
                    • Here's his post http://slashdot.org/comments.pl?sid=186884&cid=15 4 24457 [slashdot.org]

                      He may be confusing his post with the anonymous post to which I was replying.

                      Or he may be saying that he was the one who was posting anonymously.

                      I have great respect for his accomplishments and philosphy (see his web page) but wish he would change his mind about autoresponses (including NDRs).

                      I can agree with you on the NDR issue, but I haven't seen anything from Russ that would merit any respect from me. In fact, the opposite is

                    • But I believe Russ Nelson has only a superficial understanding of email and is ignorant of the depth of his ignorance.

                      I was an Internet postmaster when your mother was still wiping shit off your butt.

                      If he was running a double-opt-in list, then his address would only have been flagged for 24 hours when he sent the verification email.

                      You see how confused you are? Double-opt-in (which, by the way, is a SPAMMER term, so who's the spammer here?) is the industry standard for ensuring that a mailing list does no
                    • I was an Internet postmaster when your mother was still wiping shit off your butt.

                      Sure you were.

                      You see how confused you are?

                      No, why don't you explain it?

                      Double-opt-in (which, by the way, is a SPAMMER term, so who's the spammer here?) is the industry standard for ensuring that a mailing list does not spam.

                      Let's see, I would say that the spammer was the one of us who was listed by SpamCop.

                      Oh, you don't like the terms I use? I guess that is too bad for you.

                      I'm not the one listed by SpamCop, you are.

                      So,

              • But I guess you didn't think of that before you flamed the grandparent to a crispy golden brown, huh.

                Not hardly. Perhaps I'm a little warmer. On one side. I've had worse sunburns. Khasim is an amateur postmaster and an amateur flamer. If he was to show his head in alt.flame, and attempt to flame one of the masters, he would be a crunchy blackened cinder.
          • Oh come on, "email marketing" is a code word for "spamming" in the biz. OK, maybe, just maybe, your messages are "legit" and maybe you really do take people off your lists when they opt-out, but the reality is that savvy users shouldn't trust opt-outs. Too many spammers use it as a way of verifying good addresses to spam. It is much easier to simply report emails from unwanted "email marketers" as spam.

            -matthew
          • You made a few mistakes in your post so I'm fixing them for you.

            (Posting as AC, but I'm a registered user who posts often)

            (Posting as AC because I know what I'm doing is wrong and I don't want people to harass me over it)

            I work at an EMail marketing company (no, not spam) and we have had our servers placed on blacklists multiple times... you know why?

            I drain the life blood of the internet at a Spam farm and we have had our spambots placed on blacklists multiple times because the tripe we send out is flat ou
          • I'm pretty sure this would be impossible if you used a double opt-in subscription system.

            Plus, since they use secret spam traps, then your competitors couldn't sign them up unless somehow they knew what the spam trap addresses are. And if they did know the secret spam trap addresses, they'd probably be making money off selling the addresses to spammers so the spammers could clean their lists. They probably wouldn't worry too much about thwarting your spamming -- I mean marketing -- business.
            • Double opt-in means when person X signs up with foo@bar.com as the email, the provider sends a "Click here to verify your subscription" link to foo@bar.com

              This would make it susceptible to getting on a blacklist from a spamtrap style email account.
              • First off, that would mean that those spamtrap addresses had been compromised. So far no one has been able to demonstrate that. Just a lot of claims.

                Double opt-in means when person X signs up with foo@bar.com as the email, the provider sends a "Click here to verify your subscription" link to foo@bar.com

                But that does not match what the GP was claiming. From his (anonymous) claims:

                I work at an EMail marketing company (no, not spam) and we have had our servers placed on blacklists multiple times ... you kno

                • It requires that Company C KNOW that Company B hired Company A.

                  Which just requires them to get an earlier mailing sent by company A for company B. Not very difficult so far.

                  AND
                  It requires that Company C KNOW the spamtrap addresses of SpamCop.


                  No, it requires knowledge of one spamtrap, tho still highly unlikely, its by far not as difficult as you seem to suggest.

                  AND
                  It requires that Company A be running a regular double-opt in mailing list.


                  No, it requires company A to be running any kind of mailing list.. 'dou
          • So how are your client's competitors finding out the SpamCop email addresses? Sounds like there's _some_ way of doing it - you might want to look into that before they put you out of business.. (as opposed to complaining on Slashdot about bad guys making your job "harder")
            • They could run a bot that signs up thousands of addresses scraped from webpages. Some of those are likely to be spamtraps. If they were careful and the list operators not particularly vigilant, such an attack might slip through. Of course it is arguable that the fallout of that attack (thousands of random addresses receiving subscription confirmations) is in fact spam.
          • That someone who all but admits to being a spammer is mod'ed up 3 times (after posting anon)...

            While the follow-ups criticising such are mod'ed down.

            Seems like there are a lot of pro-spammer accounts with mod points today.

            Anyway, you're still wrong.

            #1. The "competitors" you're complaining about would have to have poisoned your "clients" email listing prior to you receiving those listings. That's just unrealistic. Either they'd have to have:

            1a. Poisoned almost every company's email listings in which
          • There is no way to signup a spamtrap address to a mailing list if you use confirmed opt-in.

            And if you don't, you are a spammer.

            So either you're a spammer, or you're lying. Which is it?
            • To be fair, I think he is talking about the confirmation emails triggering the block.

              1. Competitor X signs up a spamtrap address to the "marketing" list
              2. Spammer^H^H^H^H^H^HMarketer sends confirmation email to the spamtrap.
              3. Marketer gets blocked because he is trying to confirming the subscription of a spamtrap address

              Personally, I've never seen confirmation emails for marketting material. Mailing lists and forums, yes, but not marketing. So I am suspicious of the claim.

              -matthew
        • The reason to keep those addresses secret is because if the spammers found them, they would not be useful anymore. If you have a static IP address, the problem is you. Someone with access to your out-bound email is sending spam.

          Only problem is that I keep hearing from friends who have really locked down mail servers but keep getting blocked by spamcop...yet spamcop claims the friend's mail server sent a message to one of their secret mailboxes.

          Don't blame SpamCop for the situation that results in your

        • Aren't you overlooking the fact that even if he has a static IP address
          that someone might have forged their packets such that they appeared to
          originate from his IP?

          It seems a little harsh to assume that he's done something wrong when
          there is an alternative that doesn't assign blame.
        • The reason to keep those addresses secret is because if the spammers found them, they would not be useful anymore.

          If you have a static IP address, the problem is you. Someone with access to your out-bound email is sending spam.

          I understand you've never administrated services for a user base which you don't completely control? How is a conscientious administrator who wants to fix the problem supposed to identify the spamdrone-infected PC if Spamcop won't even give up a queue ID to search for in the logs? Wit

          • I understand you've never administrated services for a user base which you don't completely control?

            That would depend upon what you mean by "completely control".

            How is a conscientious administrator who wants to fix the problem supposed to identify the spamdrone-infected PC if Spamcop won't even give up a queue ID to search for in the logs?

            #1. Block all outgoing traffic on port 25. Except for the mail servers that you control.

            #2. Rate limit the out-bound traffic on those mail servers.

            #3. MONITOR your ser

        • No, your IP address may have been included on one of the blacklists, but your server was not "blocked".

          That's like a hollywood exec saying, "I didn't blacklist that actress; I just mentioned to everyone I know that she was a communist and let them make up their own minds whether to support communism."

          Fine if you're right about her. Libel if you're not.

          Spamcop's secret addresses... Not secret enough. I run a huge opt-in political list. Someone entered at least one of spamcop's secret addresses in to my web s
        • If you want to complain, complain to that person.

          Oh, I do! I tell them that only morons use Spamcop's blocking list. I would guess from your heated reply that you are one of those morons.

          I don't spam. My server accepts email and the n bounces it if it's undeliverable. Spamcop calls that spam if the email was forged from a spamtrap address.

          Is there any way to get a permanent block entered into the Spamcop blocking list? I'd really rather dispose of this issue by getting rid of morons -- or converting th
      • There are some services provided on the internet that make your server more likely to get hit with these stupid things, and personally I think that services like this are nothing but a pain in the ass and a crutch to people trying to run some types of non-spamming sites...

        In example, I run a couple online forums. These forums can be configured to send notification messages to it's users when someone replies to a post they made or sends them a private message. They can also subscribe to threads and get u
    • The problem is that Spamcop encourages people to use it as a way to reject mail at the entry point, rather than as a tool for spam scoring (Spamassassin, etc.) ...

      We frequently get blocked because one of our users desktops has been pwned and the virii manage to SMTP-AUTH using our users login and password. (usually not too hard to manage) These ones we can catch pretty quickly with our logging system.

      The really painful ones are when someone finds a hole in an application we're hosting for someone and spew
  • Is this compliant to Spamcop's terms of services? Automating might make it too easy to accidentally submit false positives...
    • I don't think they prohibit automated reporting. I wouldn't point it at a Spamassassin-controlled junk folder, though. I would rather scan the messages and drop them into a designated folder, which is what it looks from the writeup what his approach is.
  • NO NO NO (Score:5, Interesting)

    by Anonymous Coward on Sunday May 28, 2006 @10:51AM (#15420604)
    Apparently you've missed the point of SpamCop. YOU are still supposed to VERIFY that EVERYTHING you submit is ACTUALLY SPAM. False reports hurt SpamCop and all SpamCop users.

    If you want to cut down on Spam, then tighten you filters and reject it at SMTP level. Then anything that still makes it through, submit it to SpamCop. Automating your initial submission is okay, but DO NOT AUTOMATE THE VERIFICATION PROCESS.
    • From the FA:
      "Spamfolder"
      Then you need to create a folder where you put all your spam into.. . .

      This looks to me like his intent is to automate the SpamCop submission process, not the verification process.

    • Agree in principal, but he's talking about a way to fast track the actual process - so manually placing e-mails in a folder and then not having to jump through hoops to submit.

      Of course, if users then misuse it by setting up filters to automatically put mail in there...
      • Re:NO NO NO (Score:5, Informative)

        by AaronLawrence ( 600990 ) * on Sunday May 28, 2006 @11:06AM (#15420668)
        The point is, that YOU should CHECK the results of spamcop's parsing, to make sure something dumb hasn't happened - like listing your own provider as the spammer.

        This can happen outside your control because your email provider has changed configuration and messed up headers.

        Spamcop only needs small numbers of properly checked submissions. Piles of submissions don't help - it's not a statistical process like Bayesian filters.
      • Um yea true- but I think everyone's missing a point- surely a one click/step/time-setup solution is the way that spam reporting *should* work. I mean, in Thunderbird if you hit the 'J' key the machine will mark it as junk and add that mail's data to the spam filter's aggregated data.

        Surely any spam software shoudl work in roughly the same way?
        • No, because if you make a mistake submitting to spamcop thousands of people will feel the effects (potentially). Make a mistake in your own junk mail, its only you that gets hurt.
          • Hang on, surely a single accidental submission to Spamcop doesn't make a significant difference to the overall picture. That would make it much too easy to do as you say, to accidentally block a valid sender, but to also maliciously blacklist an entire company's email with a few clicks. If the software isn't set up to ignore the few wild submission results from the overall spam data it gets, then it isn't worth having.
            • No, a couple of invalid submissions to spamcop aren't too big a problem.

              The thing is, spamcop has more than one user. The people providing the service have determined that single-click accuracy is not high enough overall and therefore require that their users verify their submissions (in most cases).

    • Mod parent up.

      Beyond just that, blacklists like SpamCop constantly block legitimate mail, especially from webmail providers like GMail. For awhile, virtually every message I sent from GMail was blocked by various spam filters because SpamCop decided to put Google's ip addresses on their blacklist. That was a very frustrating two weeks.

      Frankly, I discourage the use of SpamCop altogether. Content-based filtering does a good enough job.
      • Google runs GMail's system so that their servers are the LAST verifiable IP address in the chain.

        What that means is if I upload a message to a GMail server, their headers will NOT include the IP address of my machine.

        So SpamCop has no way of identifying the IP address that originally sent the spam to the GMail server.

        So SpamCop reports the GMail server as the "source" of the spam. And that IP address gets blacklisted.

        Personally, I believe that the "free" email services should assign people to work with the
  • Give me the ability to check my spams and submit them to SpamCop (rather than having to go through each webmail's contortions to get full headers) and I'd have lots more food for the SCBL. On my personal server, I block all of LACNIC and APNIC, so I don't get much spam there.
    • Why not modify Blue Security's Firefox reporting tool? It used e-mail for reporting spam from yahoo and hotmail at Blue Sec.
      • Why not modify Blue Security's Firefox reporting tool?

        Funny, yesterday on the #okopipi IRC channel, I suggested that okopipi should automate submissions to spamcop, nanas, dcc and razor, in addition to the FTC and SEC submissions that bluefrog did. Basically, it would give the spammers several more good reasons to pay attention to okopipi's do-not-spam list.

        • Better still, let okopipi do its thing, and let other email-reading tools automate the sending of spam to these anti-spam tools. Then you're not duplicating effort.

          Mailwasher, possibly the biggest reason BlueFrog got taken down (because before they added BlueFrog to mailwasher, no-one knew or cared about the odd BlueFrog reports, after they added it, the spammers got quite cross indeed), already automates this reporting. Currently you can enable SpamCop reports, and (defunct) BlueFrog reports.

          The trouble wi
  • by Anonymous Coward
    ... you might want to reconsider using any of them. Lots of companies that have nothing to do with spam have been targetted due to proximity in IP space, or using a provider the RBL maintainer hates.

    RBLs are a waste of time, they give immense power to a few individuals and groups, more often with an axe to grind. Do you really want to do that? Rhetorical question, you don't.
    • What other means do you have in mind to get providers to stop carrying spammers' traffic? If one subscribes to a pink contract ISP and can't get one's legitimate email through, the obvious solution is to change ISPs. This gets your email through and deprives the rogue ISP of revenue. There's nothing immoral or illegal about that solution--users of RBLs have a right to refuse mail from anyone they wish, and customers have the right to choose ISPs with good reputations whose IP space won't be blacklisted.
      • If one subscribes to a pink contract ISP and can't get one's legitimate email through, the obvious solution is to change ISPs.

        If both ISPs that offer service to one's geographic area are pink, then how does one find the money to move and a job in the new location?

        • Re:Duopoly (Score:2, Insightful)

          Unless you're talking about consumer level ISPs, there are going to be more than two options for your exit traffic. If there aren't, you can buy the right to relay via a non-pink server.
    • Spamcop specifically avoids those two problems (though it has others).
      It only blocks specific IPs identified as sources of spam.
      And it only blocks due to submitted spam - no manual entries.

      So, your comments are irrelevant to spamcop.
    • Different DNSBLs have different policies. Spamcop's simply happens to suck, but that doesn't mean that everybody's does. For example, spamhaus's listing are very reliable.
  • I used Spamcop's paid webmail service before Gmail came along. Naturally, it had semi-automated reporting. It took me to a reporting page with all the mail it thinks is SPAM and all those I've personally tagged and I had to tick all those I wanted to report.

    I did "Select All" and went through the list looking for false positives. This process was only time consuming if you didn't do it regularly and it reassured me that I knew everything that was being reported was indeed SPAM.

  • Oh sure, it's quicker for any given email, but if you just delete it, Spamcop will never know about it. If Spamcop never knows about it, it'll never block it. If it never blocks it, you'll just keep on getting the spam. The more spam you get, the longer you spend just deleting it...
  • by JanneM ( 7445 ) on Sunday May 28, 2006 @11:03AM (#15420658) Homepage
    I have spamcop checking turned off. Maybe because the service is tuned to north american audiences, I don't know, but its recommendations seem completely arbitrary and frequently mistakenly marks genuine email for me. With two emails (from a legitimate source) one can be marked OK, the other one not.

    By contrast, local filtering generally works excellenty. When I finally turned off all on-line checking, I have a perceptible bump in the quality of filtering.
  • spamcop blows (Score:1, Insightful)

    by Anonymous Coward
    they constantly list and relist one mf my servers because it bounces mail back to them. well, it is not a bounceback. it is an auto reply to a mailing list submission that customers actually use.
    measuring the mail we get from non-customers, the amount of mail that is not valid that gets a reply is negligible.

    yet, spamcop decides that ALL auto replies are spam.

    the only explanation I can come to is that most of that mail is from their super secret spam finding system.

    wrong.
    • yet, spamcop decides that ALL auto replies are spam.

      Yup. They're attacking the symptom of forgeries (misdirected auto replies) rather than the cause of forgeries: unsigned email. DomainKeys will get rid of 99% of all forgeries. Instead of blocking sites that send auto replies, they should be blocking sites that don't sign their email with DomainKeys.

      Or perhaps less radically, they should block sites that send auto replies to email with a forged DomainKey.
  • A frog-like idea (Score:3, Interesting)

    by gsasha ( 550394 ) on Sunday May 28, 2006 @11:09AM (#15420683) Homepage
    Well, submitting the mails may be interesting, but here's a (probably) even better idea.

    1. Maintain a repository of scripts for offending webshops (can be based on SF, or distributed by P2P). Each of the scripts goes to post a complaint in BlueFrog-like manner.
    2. Write an extension to Thunderbird (and maybe to others as well) that, when I click a "Junk" on a mail, goes and fires the corresponding complaint script. Alternatively, have a cron job for that.
    3. ???
    4. Profit :)

    Well, look, this is much less questionable than Blue Frog's approach - I'm actively and individually complaining on the spam I got. I don't have the registry of those who want to be exempted - just to annoy the spammers and drive them out of business. What the program actually supplies is automation of the complaint process, without which I, arguably, would not bother complaining - but if it's just one click, I may choose to do so!
  • You can simply ask the SpamCop admins to enable so called "quick reporting" for your account. Then, you just change your address from submit.RANDOMHASH@mail.spamcop.net to quick.RANDOMHASH@mail.spamcop.net, and you're all set. The spams you forward (via attachments) to this address are auto-reported immediately, no need to go clicking on the website.

    The only slight drawback to this method is that quick reports only get sent for the source of the spam, but not for the web sites advertised in them.
  • The user who submits the spam may comply with a "spam submission" police, after the system administrators see that's a spam then will be sent to spamcop. Never let the final user do the poor job.
  • Good Tutorial (Score:3, Informative)

    by Ythan ( 525808 ) <{ythan} {at} {taconic.net}> on Sunday May 28, 2006 @11:18AM (#15420720) Homepage
    Mechanize::SpamCop [cpan.org] is another tool you can use.
  • by 0xC2 ( 896799 ) on Sunday May 28, 2006 @11:23AM (#15420743) Homepage
    I'm a longtime spamcop.net user. I've used it to filter numerous email addresses through its spam filter, which is effective and accurate, and highly configurable. However the allure of GMail prompted me to forward my other addresses to GMail and begin phasing out the spamcop address. Which is when I noticed something interesting:

    I don't receive spam to my spamcop.net address! This result is very interesting, mainly because my spamcop address is a "dictionary word" address. I can only conclude that spammers must avoid spamcop.net email.

    Which is making me rethink my decision to phase out spamcop.net. Have any other long-time users noticed this with their spamcop.net email?
    • I can only conclude that spammers must avoid spamcop.net email.

      Maybe they don't bruteforce addresses @spamcop.net like they do with other providers, but they certainly don't avoid spamcop addresses all-together.

      I average about 20 spams per days on my spamcop.net account after a couple years of active use (99% are correctly filtered), apparently entirely from mailing lists, since I use spamgourmet to forward everything else.

      I've thought of switching to gmail myself, but I'm hesitant, since they can always pu

  • Needless? (Score:3, Interesting)

    by JanneM ( 7445 ) on Sunday May 28, 2006 @11:47AM (#15420825) Homepage
    My main address is fairly old - I have been using it for over ten years. I've also been using it with wild abandon pretty much anywhere on the net for as far back as I can remember, and it attracts an absolutely ridiculous amount of spam today. If it was a person, it would have it's own red-carpeted VIP entrance at the veneral disease department at the university hospital.

    I today filter with a bayesian filter, and only with a bayesian filter - I quit using those on-line services over a year ago. In addition I pre-approve some addresses to make sure I don't miss anything from people important to me. I see perhaps one spam every third day on average. It spikes temporarily when there's a shift in tactics - I get three or four a day - and then it calms down again to one a week or thereabouts.
    • I today filter with a bayesian filter, and only with a bayesian filter

      I use bogofilter [sourceforge.net] and it works very well once a database has been built up. The problem I have at the moment is that somebody is sending spam with one of my domains in the From: field.

      If I am lucky it will be a former client of mine who uses notoriously rooted windows boxes in their office. Eventually they will stop working and my problems will be solved. Until then I have to deal with the bounces.

  • Investment (Score:3, Informative)

    by Zindagi ( 875849 ) on Sunday May 28, 2006 @11:51AM (#15420839)
    Think of the time spent verifying spam as an investment; use your time now and have far less spam/worries about genuine mail being marked as spam in the future. Not to mention the saved minutes that you can spend browsing slashdot more thoroughly.
  • ...is spam Spamcop?

  • Forgeries (Score:3, Insightful)

    by Ankh ( 19084 ) * on Sunday May 28, 2006 @11:53AM (#15420849) Homepage
    The more widely known your email address becomes, the greater the chance that some zombie or virus will see it in someone's address book and send spam pretending to come from you. Spamcop will generally believe that you sent the spam, as far as I can tell.

    They routinely list w3.org (W3C) as a source of spam for this (incorrect) reason.

    Spamcop says you should not use their results as authoratative, but only as one factor to consider, but in practice a number of large companies blacklist anyone listed by spamcop automatically.

    If you are going to automate submissions to spamcop, please at least use SPF to verify that the sender was in fact associated with that domain, where SPF records are available.
    • Not really. The system is intelligent enough to check the headers and verify the hostnames aren't bogus when checked against the IP addresses - and if one's SMTP server is correctly set up, then it will still get the hails from the client SMTP system.
  • by mobby_6kl ( 668092 ) on Sunday May 28, 2006 @12:24PM (#15420942)
    Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 9): 550 5.7.0 Your server IP address is in the SpamCop database, bye
    No, I don't send spam, and this was bounced back to my gmail address anyway.
    • Technical details of permanent failure:
      PERM_FAILURE: SMTP Error (state 9): 550 5.7.0 Your server IP address is in the SpamCop database, bye

      With Exim4, I can customize the rejection messages so that they include the phrase:

      Please call email admin at (NNN) NNN-NNNN

      Spam zombies and such won't ever call. But if you're a person, and your email server is halfway decent, you'll see the rejection notice and you can call me and I can add you to whomever's whitelist. Or you can call that person directly and s/he

      • You can also customize them in Postfix, but the nature of the message means nobody reads them anyway.

        Your custom message will appear as a single line below four or five lines of technical jargon appended by the sender's own SMTP program. There is no ability to add formatting or hyperlines, as it's just plain text.

        Including the web address for a blacklist lookup (e.g. "Your message was blocked because it came from a server that sent spam, please see http://sorbs.net/lookup?ip=w.x.y.z [sorbs.net]") has proved com

  • All I do is just putting the spam into certain folders and our good old friend cron does the rest.

    Man I can't believe we're still doing this. Cron? The proper way to do this is to have a "Spam" button on your email program that triggers a script (and preferrably provide default scripts for things like SpamCop).
  • Why put myself through this when there is an easier way? I use gmail pretty much exclusively. I just checked my account and there is currently 850 (!) spam emails in my spam folder. There was one spam email in my inbox. Nomrally I never see this at all because what doesn't register as spam with gmail gets caught by Thunderbird. Furthermore, I can set Thunderbird to download copies of my email and leave the originals on the server, so if there is spam in my inbox all I have to do is go to my gmail account in

  • by Radi-0-head ( 261712 ) on Sunday May 28, 2006 @02:39PM (#15421430)
    I was a Spamcop subscriber, using their SMTP forwarding/filtering system. I got fed up with the downtime and the false positives, and canceled the account. A month later, I start getting MASSIVE amounts of spam directed to the "secret" account that is set up for forwarding of "clean" email. Most of these messages had both my true email account and the secret account as recipients.

    There's no possible way anyone could have guessed this address (it consisted of random characters), and Spamcop was the only other organization that ever had record of it, and that ever used both of these addresses together.

    I don't trust them at all.
    • by mmclean ( 29486 ) <mike.mclean@pobox.com> on Sunday May 28, 2006 @03:52PM (#15421684)
      Amen to the don't trust them at all bit. They are more than happy to provide customer service when you are spending money to establish and account, but once they have your money forget it.

      I had an account over a year ago, the real email account with storage and was having a problem with it. I emailed support, no answer. I posted in the Spamcop form and the moderator (the great and powerful Wazoo) decided that I was full of shit and my problem didn't exist. A few days later, I posted different symptoms of the problem in a new thread and the great and powerful Wazoo decided that I was reiterating the same problem (didn't even take time to read and realize that I was posting different symptoms). He then merged the threads -- essentially burying my problem report at the end of a long thread so that no one could read it without clicking through 3-4 pages of the previous post. I posted in the forum actually begging for support -- and was constantly squashed by Wazoo.

      When I finally did get an answer from my email to support, the content of that email was essentially "we saw the thread in the forum and Wazoo says it's not a problem."

      This was one of the worst, most pathetic customer experiences that I have ever had -- and I had previously thought Spamcop were the "good guys" and directed many different friends, relative, and clients to them -- needless to say I cancelled, a number of my friends cancelled, and they've gotten zero new business from my recommendations.
  • Spamcop's benefit and problem are the same- content exposure.

    I used to submit all of my Spam to Spamcop as well as a few other blacklists. Of course properly, all the real spam maintaining all of the important information. The issue?

    It posted the message for the Spammer to see. It sent it to the ISP. As a part of an ISP, I'm pleased when I get that, as there's nothing worse than "someone submitted something" messages. At the same time, as a user, they put my e-mail addresses in the headers. They inclu

You are always doing something marginal when the boss drops by your desk.

Working...