On Wed, 7 Sep 2005, Greg Allen wrote:
Spamcop admins are idiots. They have always had issues with allowing major
ISPs such as Hotmail to be listed.
Sure, and spammers never abuse hotmail accounts? Put the blame where it
lies. Simple equation.
For free email service X, you have Y users who will be abusive, for which
you need Z people working the abuse box. If these services weren't
popular among spammers, it wouldn't be blacklisted.
Spamcop users are idiots too. When you have end users pushing the 'this is
spam' button when they get an email that they don't like from their own
friends or family, well... you get Spamcop.
The procedure for reporting spams taken with any degree of seriousness is
more than just pushing a button. It involves pushing a button, going to
the spamcop site, reviewing the email, and making SURE it's spam, and also
TELLS you where the abuse reports will be sent.
AOL/Juno's SCOMP are not blacklist based (at least, not
externally-published blacklists), but ARE that much simpler (push
a button).
Anonymous spamcop complaints do very little to cause blacklisting.
For another example of what idiot users can do with Spamcop.. At one company
I worked for, we gave a virtual domain email address to our business
partners. For example, [EMAIL PROTECTED]
We then forwarded their business mail to their ISP email address so that
they did not need to login to multiple servers and we did not have to
maintain, backup and manage user email boxes.
You were in control of the mail -- and both you and the user had options
available to you. If your user is, effectively, denying service to other
users, take the appropriate action.
Well, some dumb cow that had about half a brain and thought she was a
computer genius would report spam to her virtual business email address to
Spamcop. She ended up getting us listed for SPAM when we were not the
source, we were just forwarding whatever email to her (spam filtered with SA
even). When she saw the very few spam emails that did get through to her
that had the ****SPAM**** and a message at the top of the email telling her
the email was forwarded from us, she would report it to Spamcop!
Sorry, wrong.
Spamcop requests that for any email address or domain you have, you have
SpamCop send you a couple test messages that allow them to trace the path
the mail takes to get to you, and then forward it back to them. The
system is fairly intelligent in doing so, as my shell is presently a
consolidation point for several other mail accounts I have all over the
place.
That said, SpamCop does NOT presently have any way of knowing about
mailing list membership. I filed off one of my spams that was sent
through a list that didn't use obvious tags (another good reason to do
so), and caused a minor issue, although no blacklisting of any sort
ensued.
As a result, she got our server blacklisted several times and affected about
400 users. I went round and round with her telling her to knock it off.
And by "several times" I'd say you didn't figure out the solution the
first time.
I've found the SpamCop admins to be decent folks, in my communications
with them anyway. And admittedly, they get a little upset when their
system is misused.
One spammer sent me something, I responded with a spamcop complaint.
I heard back from the spammer (who I guess the relevant abuse contact
forwarded it to) saying "what address was this sent to,
I'll remove you", and I reported that to spamcop as well. They weren't
pleased with that, and we went back and forth a few times on it.
In the end, I agreed not to report legitimate responses as more spam --
but that one ISP has earned a place as the ONLY permanent block on my mail
server.
I would definitely tune down Spamcop score to maybe about 1.5 or 2 points,
because of lots of false positives.
-----Original Message-----
From: Pierre Thomson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 07, 2005 10:01 AM
To: users@spamassassin.apache.org
Subject: SpamCop listing internal hotmail servers?
Hi all,
I've had a rash of FP's in the last few days from hotmail users
whose servers are listed at Spamcop.net. I know it's not a
SpamAssassin issue per se, but as this DNSBL gives a healthy 3
points to every mail, it drives some ham over the threshold.
The only thing that looks unusual in the headers is that the
first Received-from IP always seems to be one owned by Hotmail.
Is this a new proxy technique they are using?
Received: from hotmail.com (bay105-f30.bay105.hotmail.com [65.54.224.40])
by mail1.domain.com (8.11.6/8.11.6) with ESMTP id j879HW815454
for <[EMAIL PROTECTED]>; Wed, 7 Sep 2005 05:17:32 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Wed, 7 Sep 2005 02:17:26 -0700
Message-ID: <[EMAIL PROTECTED]>
Received: from 65.54.224.200 by by105fd.bay105.hotmail.msn.com with HTTP;
Wed, 07 Sep 2005 09:17:26 GMT
X-Originating-IP: [82.105.172.204]
X-Originating-Email: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
From: "Alessandro User" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
...
3.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?65.54.224.200>]
If it's true that the first hop used HTTP, then the blacklisted
IP is some sort of HTTP proxy. And these proxies must be getting
abused by spammers to get them listed on Spamcop. The net result
is that all (or most) hotmail users' mail is being penalized.
Any ideas about how to stop the FP's? Make a custom META rule to
counteract the Spamcop score? Complain to MSN/Hotmail? Custom
bounce that says "get a real mail provider"? ;)
Pierre
--
<Zaren> Christ almighty... my EYES! They're melting!
-Zaren, Efnet #macintosh, in response to:
www.geocities.com/CollegePark/Classroom/1944
The WEBSITE DESIGN class that gave my fiancee a D.
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
