Re: [mailop] SpamCop and listwashing
Hi Luis, On Tue, Aug 27, 2019 at 04:54:20PM -0700, Luis E. Muñoz via mailop wrote: > I guess I'm trying to say is that getting abuse complaints to the right > hands, at scale, is way harder than it seems. "Streamlining" the process is > hard, No argument from me: no easy-seeming here! It's plain to see that what SpamCop have come up with is a really great resource that must have taken (and take) a lot of effort. The apparent lack of other solutions in this space also suggest it's a tough nut to crack, especially at no cost to the reporter. Something I particularly appreciate is when a spam has come to a mailing list or has fake Received headers inserted, SpamCop will usually still be able to work out the correct source. A real time saver compared to studying the headers every time. > and once you walk that path I'm sure you'll get to a similar > conclusion: Some folks don't deserve the bits used to send the complaint. Some providers certainly don't deserve a report, but once the thing has been fed into SpamCop and the reporting form has been reached, SpamCop has basically done all of its work, right? That is, there isn't much effort to be saved regardless of whether I can then go on to have SpamCop send the report or not? Or is it the case that there's going to be hundreds of reports per day being responded to by this provider's shady customer(s) saying, "we removed the complainant; please close the report" each of which has to be dealt with by some non-automated process at SpamCop? Is that where the issue really lies? If it is, then there must be some ways of avoiding that, but it doesn't seem worth going into unless that is known to be the case. I can only go by what has been said so far that it's because they don't deserve the reports due to allowing their customer(s) to repeatedly listwash. Cheers, Andy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
Aside: Clicking Reply-All in Microsoft Outlook only put Luis and Andy into the To: box. I had to manually add mailop. My view is that (generally), Operations that're so big as to receive many reports a day, grossly under-resource their abuse-response capability and don't particularly care about 'minor' (read: non newsworthy) cases of abuse on their networks. I once managed abuse@ for what in my country was officially a very large ISP - 500k customers. There was about 1.3FTE dedicated to abuse@ and I was the .3. We made a valiant attempt to keep up with inbound complaint loading but all too often, the complaints would essentially roll-off the queue (complaints >1month old were harder to investigate as the logs required to track back offending users, were archived after that). This is many years ago - early 2000's. I don't imagine a lot has changed. Mark. -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Luis E. Muñoz via mailop Sent: Wednesday, 28 August 2019 11:54 a.m. To: Andy Smith Cc: mailop@mailop.org Subject: Re: [mailop] SpamCop and listwashing On 27 Aug 2019, at 16:23, Andy Smith via mailop wrote: > So, where else can one go to streamline the spam reporting process? > This page lists only SpamCop and Abusix: > > https://en.wikipedia.org/wiki/Spam_reporting > > As far as I can see Abusix in this context is only an > IP-to-abuse-contact lookup tool. Years ago, while in charge of anti-abuse operations for a sizable group of users, I tried hard to address this challenge. SpamCop was around, Abusix wasn't. Long story short, we ended up implementing direct abuse contact lookup using WHOIS — at that time this was still a feasible exercise. Our reports included logs about the incident — mail headers, ACL logs, whatever was appropriate — and we had actual people, me included, manning the Reply-To of those. The results were mixed and in retrospect, perhaps interesting. Operations that were large enough so as to receive many reports a day — we sent one report per "incident"/day — often complained or outright blocked / devnulled our reports. Complaint receivers that got lots of complaints often claimed that they were unable to process them in such volumes. Based on the traffic we saw from them, their lack of time wasn't related to preventing hostile traffic from leaving through their door. Operators with only the occasional report were in some cases responsive, as we saw the abuse stopped. Some even responded. Some asked us to make special arrangements for their reports to go to a special address, which we were happy to oblige. We got to know who were the good guys and who were just making the right noises. As I'm sure does SC. All this said and done, a huge proportion of the reports we sent to published points of contact for network level objects simply bounced. I guess I'm trying to say is that getting abuse complaints to the right hands, at scale, is way harder than it seems. "Streamlining" the process is hard, and once you walk that path I'm sure you'll get to a similar conclusion: Some folks don't deserve the bits used to send the complaint. -lem ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
On 27 Aug 2019, at 16:23, Andy Smith via mailop wrote: So, where else can one go to streamline the spam reporting process? This page lists only SpamCop and Abusix: https://en.wikipedia.org/wiki/Spam_reporting As far as I can see Abusix in this context is only an IP-to-abuse-contact lookup tool. Years ago, while in charge of anti-abuse operations for a sizable group of users, I tried hard to address this challenge. SpamCop was around, Abusix wasn't. Long story short, we ended up implementing direct abuse contact lookup using WHOIS — at that time this was still a feasible exercise. Our reports included logs about the incident — mail headers, ACL logs, whatever was appropriate — and we had actual people, me included, manning the Reply-To of those. The results were mixed and in retrospect, perhaps interesting. Operations that were large enough so as to receive many reports a day — we sent one report per "incident"/day — often complained or outright blocked / devnulled our reports. Complaint receivers that got lots of complaints often claimed that they were unable to process them in such volumes. Based on the traffic we saw from them, their lack of time wasn't related to preventing hostile traffic from leaving through their door. Operators with only the occasional report were in some cases responsive, as we saw the abuse stopped. Some even responded. Some asked us to make special arrangements for their reports to go to a special address, which we were happy to oblige. We got to know who were the good guys and who were just making the right noises. As I'm sure does SC. All this said and done, a huge proportion of the reports we sent to published points of contact for network level objects simply bounced. I guess I'm trying to say is that getting abuse complaints to the right hands, at scale, is way harder than it seems. "Streamlining" the process is hard, and once you walk that path I'm sure you'll get to a similar conclusion: Some folks don't deserve the bits used to send the complaint. -lem ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
Hi Al, On Tue, Aug 27, 2019 at 09:29:32AM -0500, Al Iverson via mailop wrote: > You're new to a very old problem. Yes it seems I am, as I've had a misunderstanding about SpamCop for a really long time. > I could probably find blog posts I wrote in 2003 complaining about > how Spamcop chooses to block reports to some platforms or networks > and how it's confusing to the end user because it looks like the > provider is rejecting them, which is not true. I think that is the worst problem here because I have certainly made value judgements about sending networks based on my mistaken understanding of what it means for there not to be a valid reporting address in SpamCop. > You'll never get anywhere trying to argue the case pro or con; > just do what you think is best and know that the rest of the world > will also do the same. As the issue is new to me, I feel like I had to see what others' views were on this, and have stated mine. But yeah I'm not going to labour the points. So, where else can one go to streamline the spam reporting process? This page lists only SpamCop and Abusix: https://en.wikipedia.org/wiki/Spam_reporting As far as I can see Abusix in this context is only an IP-to-abuse-contact lookup tool. Cheers, Andy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
Hello, On Tue, Aug 27, 2019 at 10:07:21AM -0700, Jay Hennigan via mailop wrote: > On 8/27/19 03:54, Andy Smith via mailop wrote: > >Last week or so I noticed that I can no longer send SpamCop reports > >to a large hosting provider. The option now shows up as: > > > >abuse#example@devnull.spamcop.net > > > >with no explanatory text. > > Spamcop doesn't send reports to well known spammers because it doesn't cause > them to alter their behavior in a good way (such as stopping the spam). > Often they alter their behavior in a bad way such as listwashing, or they do > nothing. I think it's my decision whether the report is worth it or not, as it's my or my users' addresses that may be listwashed. By disabling the reporting I now can't report it (without a lot more effort) and I also don't know why I can't report it. I don't really understand how me NOT reporting it leaves anyone in a better position so while I can appreciate that SpamCop is at the end of its tether with this provider, it would be immensely more useful for SpamCop to tell me that its at the end of its tether with this one, rather than to tell me nothing and just not let me report. Worst case scenario of me reporting it against SpamCop advice: Their customer removes the recipient and carry on spamming. Worst case scenario of me not reporting it because it is too much effort: Their customer carries on spamming and my recipient still gets that. I'm not seeing where SpamCop has facilitated anything bad in either of the worst cases there, unless we would argue that SpamCop users need to be protected from [the hosts of] rampant listwashers. But then there are so much other things that SpamCop users need to be protected from in the course of reporting that I would have to ask, is that worth doing? The main disagreement appears to be over what the best case is, with me thinking it possibly could do some good, and SpamCop thinking that it is a lost cause. I don't mind if SpamCop wants to tell me that it's a lost cause, I'll certainly bear that in mind and appreciate it, but does SpamCop really need to just not allow me to report and not tell me why? > There are different errors where the spam source refuses munged reports or > user-defined reports, or indeed no functional reporting address can be > found. Would be nice to add actual information in the case where reporting is disabled because SpamCop doesn't like the provider, then. > >Since… > > > >a) I know this used to work, and > >b) this is a pretty big provider that I am often sending reports to, and > > So you're receiving spam from them, you're often sending reports to them > about it, and the spam keeps coming. That's a hint. Come on now. Do I really need to point out that this is a huge provider, and that I am also receiving lots of spam from gmail, hotmail, OVH, linode, digitalocean, sendgrid, mailchimp, … ? Again, it should be my decision. You currently can't report spam from sendgrid or mailchimp through SpamCop either. Is that because they don't accept those reports (my prior assumption) or because SpamCop doesn't like them? (As an aside, in the past I've asked both SendGrid and Mailchimp many times why they don't accept SpamCop reports and they've never replied to that portion of the abuse reports. In the past I've assumed it's because they just want everything going through their reporting web page, but now I don't know. With them I only bother going direct because at least I do know they will action it.) > >c) I know that provider is represented on this list > > There are lots of providers on this list, and a recurring theme from some of > them is, "Help, I'm on $BLOCKLIST, how do I get off of it?" Being > represented on this list doesn't preclude someone from being a spammer. Can you show me where I said it did? I bothered contacting them because I've seen them active on this list, meaning I felt it was possible I would get some interaction. I am not cheerleading for them not being a source of spam. You know how you can tell I'm not cheerleading for them not being a source of spam? Because I have some spam from their network that I want to report! Who's making that hard to do here? If YOU don't think spam should be reported to such providers that is absolutely fine with me, but you appear to be quite hostile to MY desire to, for some reason. > The fact that said provider still is taking money from those customers and > sending mail on their behalf despite multiple complaints from Spamcop is > another hint. Just like a lot of other huge companies that I should have the choice to send reports to or not, then? > Are you still seeing spam from this provider? Despite their occasional > responses that they're "dealing with stuff" does the spam continue? That's > another hint. Funnily enough I don't drop all email from linode, hotmail, gmail, … yet spam still comes from them. I'm not looking for a debate on whether provider X is spammier than provider Y or not; I'm
Re: [mailop] SpamCop and listwashing
On Tue, Aug 27, 2019 at 10:48 AM Michael Peddemors via mailop < mailop@mailop.org> wrote: > On 2019-08-27 10:07 a.m., Jay Hennigan via mailop wrote: > > Don't use Spamcop then. Send your complaints directly to the abuse desk. > > Let us know if it does any good. > > While overall great comments, we all have to realize the frustration of > those involved in sending reports 'directly' as well.. > Or the frustration in receiving them. I've seen manual reporters who take a single spam message and turn it into 20+ abuse@ reports... and they do that to messages that were detected as spam and in the spam label. They're turning a minor spam issue that was already handled into work for 20+ people to find out how they're possibly related to this spam message. You can build some systems around automating that, and blacklisting such reporters, but you end up mostly dealing with penny ante crap instead of the vastly larger abuses that you handle with improved detection and automation. But of course, no one looks good continuously missing the little crap either. And maybe it doesn't look so little to the people on the receiving end. https://dilbert.com/strip/2001-12-05 Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
On Tue, Aug 27, 2019 at 10:09 AM Jay Hennigan via mailop wrote: [snip] > > Or take the chance and hit the "Unsubscribe" link on something to which > you never subscribed. This risks the possibility that your address will > be sold to other spammers as "one who has responded to similar offers". > The spammer knows that you took the time to read the message, and you > did in fact respond. > I realize that this is the assumed correct thought on unsub, but I wonder how true it actually is. At one point I did a simple query to see what percentage of our active user base received a spam mail attempt in a week period ... and iirc the number was somewhere in the 80+% range. I mean, there are billions of addresses available on the web with passwords from various hacks, just as one example. I've watched some old tagged addresses of my own get passed around or wind up in various lists when companies go out of business or are hacked. On top of that, I find it hard to believe that most of the larger spammers we see have any real targeting. They're willing to make billions of attempts just to have some number wind up in the spam label, it's all a numbers games to them, they're not attempting to stay on the right side of any reputation or other system with partial credit, or hew as closely to that line as possible. I realize there are different levels of spammers, of course, and plenty who think they're legit and trying to play those games, and we shouldn't encourage them either... Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
I did make contact with Andy through the deputies' queue. In this case is is one big provider that has been ignoring a well known spammer on their network that sends our hundreds of messages per day "I have removed the user" Richard On 2019-08-27 4:54 a.m., Andy Smith via mailop wrote: Hello, Are there any representatives of SpamCop here? Last week or so I noticed that I can no longer send SpamCop reports to a large hosting provider. The option now shows up as: abuse#example@devnull.spamcop.net with no explanatory text. In the past when I have seen this, I have assumed that SpamCop was unable to find a reporting address, or the address bounces, or the provider has told SpamCop to stop sending them reports. Since… a) I know this used to work, and b) this is a pretty big provider that I am often sending reports to, and c) I know that provider is represented on this list …yesterday I sent the representative of that provider a direct email asking why they are no longer accepting SpamCop reports. Today they kindly replied to let me know that they still welcome SpamCop reports but SpamCop has decided that their customers have been listwashing and for that reason SpamCop will not send them any further reports. I don't know any more details, particularly I don't know the scale involved here. I suppose I could see an argument that if there's a huge number of reports then the provider is letting their customers listwash when they should be enforcing AUP on them. But is that SpamCop's fight? From my end as the reporter I'm not really seeing much of an uptick in reports to this large provider, and I do sometimes get a response from them to say they're dealing with stuff, so I'd prefer that I could continue sending reports. So, should SpamCop be in the business of caring whether providers [allow their customers to] listwash? Until today I had always been under the impression that SpamCop was merely putting reporters in contact with providers, not making value judgements on the quality of the abuse desk. Given the choice of either not reporting or risking listwashing, I think I would rather risk the listwash. I can do my own analysis to decide whether to stop reporting and start blocking more aggressively. If SpamCop really wants to take a stance on listwashing then I would much rather they gave an option on their reporting page. At the moment there are some providers who do not accept the anonymised SpamCop reports and for these SpamCop leaves the checkbox unchecked. When you check it, it pops up a warning saying that your real email address will be passed along if you continue. Perhaps they could do similar for the providers they deem to allow too much listwashing? Fundamentally, the way it is now, it is not possible to distinguish providers who refuse reports from providers who SpamCop refuses to report to, and I think that is not ideal. In fact, I have used SpamCop's ability to send reports or not as part of my stance on how aggressively to deal with email from various providers before, thinking that it's always down to the provider. I now realise that may have been an incorrect assumption. What are the list's thoughts? Is there some other service other than SpamCop that I should be using to send reports? I do not have time to check headers and send emails to individual abuse addresses on individual samples of spam. Checking SpamCop's workings and then hitting send is much more convenient, but this has really dented my confidence in it. On the other side as a very small hoster, I occasionally receive SpamCop reports about my customers and generally find them actionable and useful so this is a real shame. (I did already also fill in SpamCop's contact form to query this situation, but wondered whether there were any SpamCop reps here and also if my views on this are in a minority.) Cheers, Andy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
On 2019-08-27 10:07 a.m., Jay Hennigan via mailop wrote: Don't use Spamcop then. Send your complaints directly to the abuse desk. Let us know if it does any good. While overall great comments, we all have to realize the frustration of those involved in sending reports 'directly' as well.. To the point they give up. Even on our spam auditing team the frustration grows, especially with the 'too big to block' providers, when serious threats are reported and they only get.. * We are working on it.. * We have to advise the customer first before taking action.. * We have notified the reseller.. * We have given them 2-3 weeks to address this problem (and it sure doesn't help if they simply tell a bad actor, you have been detected, and not stem the tide) In the mean time, the world continues to be attacked, the bad actors see a 'safe haven' in those providers who let them operate for weeks, before being stopped, and all the hard working infosec people get burned out, from trying to do the right thing, with little or no effect.. If your tiny voice can't be heard, you can understand why many prefer to simply notify 3rd parties like spamcop or team cyrmu or even directly to government CERT or cyber agencies instead. But of course, if the behaviour of the large providers allows malicious behaviour to continue, given the sheer dangers of the threats, in the current geo political climates, and renewed calls to action, unfortunately it may be only when governments start stepping in with threats of fines, that any real change to this problem will occur. my 2 cents.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SpamCop and listwashing
On 8/27/19 03:54, Andy Smith via mailop wrote: Last week or so I noticed that I can no longer send SpamCop reports to a large hosting provider. The option now shows up as: abuse#example@devnull.spamcop.net with no explanatory text. Spamcop doesn't send reports to well known spammers because it doesn't cause them to alter their behavior in a good way (such as stopping the spam). Often they alter their behavior in a bad way such as listwashing, or they do nothing. In the past when I have seen this, I have assumed that SpamCop was unable to find a reporting address, or the address bounces, or the provider has told SpamCop to stop sending them reports. There are different errors where the spam source refuses munged reports or user-defined reports, or indeed no functional reporting address can be found. Since… a) I know this used to work, and b) this is a pretty big provider that I am often sending reports to, and So you're receiving spam from them, you're often sending reports to them about it, and the spam keeps coming. That's a hint. c) I know that provider is represented on this list There are lots of providers on this list, and a recurring theme from some of them is, "Help, I'm on $BLOCKLIST, how do I get off of it?" Being represented on this list doesn't preclude someone from being a spammer. …yesterday I sent the representative of that provider a direct email asking why they are no longer accepting SpamCop reports. Today they kindly replied to let me know that they still welcome SpamCop reports but SpamCop has decided that their customers have been listwashing and for that reason SpamCop will not send them any further reports. The fact that said provider still is taking money from those customers and sending mail on their behalf despite multiple complaints from Spamcop is another hint. I don't know any more details, particularly I don't know the scale involved here. I suppose I could see an argument that if there's a huge number of reports then the provider is letting their customers listwash when they should be enforcing AUP on them. But is that SpamCop's fight? Spamcop isn't in the business of facilitating spamming, their goal is just the opposite. Listwashing facilitates spamming as it reduces the complaint percentage while allowing the spam to continue. From my end as the reporter I'm not really seeing much of an uptick in reports to this large provider, and I do sometimes get a response from them to say they're dealing with stuff, so I'd prefer that I could continue sending reports. Are you still seeing spam from this provider? Despite their occasional responses that they're "dealing with stuff" does the spam continue? That's another hint. Given the choice of either not reporting or risking listwashing, I think I would rather risk the listwash. I can do my own analysis to decide whether to stop reporting and start blocking more aggressively. Don't use Spamcop then. Send your complaints directly to the abuse desk. Let us know if it does any good. Or take the chance and hit the "Unsubscribe" link on something to which you never subscribed. This risks the possibility that your address will be sold to other spammers as "one who has responded to similar offers". The spammer knows that you took the time to read the message, and you did in fact respond. If SpamCop really wants to take a stance on listwashing then I would much rather they gave an option on their reporting page. At the moment there are some providers who do not accept the anonymised SpamCop reports and for these SpamCop leaves the checkbox unchecked. Spamcop reports really aren't very thoroughly anonymized. Most bulk senders embed tracking bug spyware in the message that Spamcop doesn't redact. Spamcop cleans the headers but leaves the body intact. When you check it, it pops up a warning saying that your real email address will be passed along if you continue. Perhaps they could do similar for the providers they deem to allow too much listwashing? Fundamentally, the way it is now, it is not possible to distinguish providers who refuse reports from providers who SpamCop refuses to report to, and I think that is not ideal. To me it's pretty obvious. When you see a valid abuse reporting address modified to @devnull.spamcop.net it's an indication that the provider doesn't care. It doesn't make any real difference whether they refuse reports entirely or continue spamming despite receiving reports, they're going to keep spamming. In fact, I have used SpamCop's ability to send reports or not as part of my stance on how aggressively to deal with email from various providers before, thinking that it's always down to the provider. I now realise that may have been an incorrect assumption. What are the list's thoughts? The sender's reputation is bad enough that Spamcop has given up on them and you're still seeing spam after you've been sending complaints for
Re: [mailop] SpamCop and listwashing
You're new to a very old problem. I could probably find blog posts I wrote in 2003 complaining about how Spamcop chooses to block reports to some platforms or networks and how it's confusing to the end user because it looks like the provider is rejecting them, which is not true. You'll never get anywhere trying to argue the case pro or con; just do what you think is best and know that the rest of the world will also do the same. Cheers, Al Iverson On Tue, Aug 27, 2019 at 5:58 AM Andy Smith via mailop wrote: > > Hello, > > Are there any representatives of SpamCop here? > > Last week or so I noticed that I can no longer send SpamCop reports > to a large hosting provider. The option now shows up as: > > abuse#example@devnull.spamcop.net > > with no explanatory text. > > In the past when I have seen this, I have assumed that SpamCop was > unable to find a reporting address, or the address bounces, or the > provider has told SpamCop to stop sending them reports. > > Since… > > a) I know this used to work, and > b) this is a pretty big provider that I am often sending reports to, and > c) I know that provider is represented on this list > > …yesterday I sent the representative of that provider a direct email > asking why they are no longer accepting SpamCop reports. > > Today they kindly replied to let me know that they still welcome > SpamCop reports but SpamCop has decided that their customers have > been listwashing and for that reason SpamCop will not send them any > further reports. > > I don't know any more details, particularly I don't know the scale > involved here. I suppose I could see an argument that if there's a > huge number of reports then the provider is letting their customers > listwash when they should be enforcing AUP on them. But is that > SpamCop's fight? > > From my end as the reporter I'm not really seeing much of an uptick > in reports to this large provider, and I do sometimes get a response > from them to say they're dealing with stuff, so I'd prefer that I > could continue sending reports. > > So, should SpamCop be in the business of caring whether providers > [allow their customers to] listwash? Until today I had always been > under the impression that SpamCop was merely putting reporters in > contact with providers, not making value judgements on the quality > of the abuse desk. > > Given the choice of either not reporting or risking listwashing, I > think I would rather risk the listwash. I can do my own analysis to > decide whether to stop reporting and start blocking more > aggressively. > > If SpamCop really wants to take a stance on listwashing then I would > much rather they gave an option on their reporting page. At the > moment there are some providers who do not accept the anonymised > SpamCop reports and for these SpamCop leaves the checkbox unchecked. > When you check it, it pops up a warning saying that your real email > address will be passed along if you continue. Perhaps they could do > similar for the providers they deem to allow too much listwashing? > > Fundamentally, the way it is now, it is not possible to distinguish > providers who refuse reports from providers who SpamCop refuses to > report to, and I think that is not ideal. > > In fact, I have used SpamCop's ability to send reports or not as > part of my stance on how aggressively to deal with email from > various providers before, thinking that it's always down to the > provider. I now realise that may have been an incorrect assumption. > > What are the list's thoughts? > > Is there some other service other than SpamCop that I should be > using to send reports? I do not have time to check headers and send > emails to individual abuse addresses on individual samples of spam. > Checking SpamCop's workings and then hitting send is much more > convenient, but this has really dented my confidence in it. > > On the other side as a very small hoster, I occasionally receive > SpamCop reports about my customers and generally find them > actionable and useful so this is a real shame. > > (I did already also fill in SpamCop's contact form to query this > situation, but wondered whether there were any SpamCop reps here and > also if my views on this are in a minority.) > > Cheers, > Andy > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- al iverson // wombatmail // chicago http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] SpamCop and listwashing
Hello, Are there any representatives of SpamCop here? Last week or so I noticed that I can no longer send SpamCop reports to a large hosting provider. The option now shows up as: abuse#example@devnull.spamcop.net with no explanatory text. In the past when I have seen this, I have assumed that SpamCop was unable to find a reporting address, or the address bounces, or the provider has told SpamCop to stop sending them reports. Since… a) I know this used to work, and b) this is a pretty big provider that I am often sending reports to, and c) I know that provider is represented on this list …yesterday I sent the representative of that provider a direct email asking why they are no longer accepting SpamCop reports. Today they kindly replied to let me know that they still welcome SpamCop reports but SpamCop has decided that their customers have been listwashing and for that reason SpamCop will not send them any further reports. I don't know any more details, particularly I don't know the scale involved here. I suppose I could see an argument that if there's a huge number of reports then the provider is letting their customers listwash when they should be enforcing AUP on them. But is that SpamCop's fight? From my end as the reporter I'm not really seeing much of an uptick in reports to this large provider, and I do sometimes get a response from them to say they're dealing with stuff, so I'd prefer that I could continue sending reports. So, should SpamCop be in the business of caring whether providers [allow their customers to] listwash? Until today I had always been under the impression that SpamCop was merely putting reporters in contact with providers, not making value judgements on the quality of the abuse desk. Given the choice of either not reporting or risking listwashing, I think I would rather risk the listwash. I can do my own analysis to decide whether to stop reporting and start blocking more aggressively. If SpamCop really wants to take a stance on listwashing then I would much rather they gave an option on their reporting page. At the moment there are some providers who do not accept the anonymised SpamCop reports and for these SpamCop leaves the checkbox unchecked. When you check it, it pops up a warning saying that your real email address will be passed along if you continue. Perhaps they could do similar for the providers they deem to allow too much listwashing? Fundamentally, the way it is now, it is not possible to distinguish providers who refuse reports from providers who SpamCop refuses to report to, and I think that is not ideal. In fact, I have used SpamCop's ability to send reports or not as part of my stance on how aggressively to deal with email from various providers before, thinking that it's always down to the provider. I now realise that may have been an incorrect assumption. What are the list's thoughts? Is there some other service other than SpamCop that I should be using to send reports? I do not have time to check headers and send emails to individual abuse addresses on individual samples of spam. Checking SpamCop's workings and then hitting send is much more convenient, but this has really dented my confidence in it. On the other side as a very small hoster, I occasionally receive SpamCop reports about my customers and generally find them actionable and useful so this is a real shame. (I did already also fill in SpamCop's contact form to query this situation, but wondered whether there were any SpamCop reps here and also if my views on this are in a minority.) Cheers, Andy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop