You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <su...@junkemailfilter.com> on 2013/10/28 22:06:11 UTC
How to get removed from spamcop?
Just wondering if any real people are there or if it's totally
automated. They have several of our IP addresses listed and delisting
doesn't seem to work. We're a spam filtering company (Junk Email Filter)
and if we fail to block a spam it can appear we are the source.
Anyone know anyone there?
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How to get removed from spamcop?
Posted by Neil Schwartzman <ne...@cauce.org>.
you have to sign up for that service, and depending upon how your network is set up, you may not be able to receive such reports.
I suggest people take a look at all the FBLs at
http://blog.wordtothewise.com/tag/fbls/
as well
Neil Schwartzman
Executive Director
Coalition Against unsolicited Commercial Email
Tel :(303) 800-6345
Mob: (415) 361-0069
@cauce
On Oct 29, 2013, at 5:18 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> On 28.10.13 14:06, Marc Perkel wrote:
>> Just wondering if any real people are there or if it's totally automated. They have several of our IP addresses listed and delisting doesn't seem to work. We're a spam filtering company (Junk Email Filter) and if we fail to block a spam it can appear we are the source.
>
> Aren't they sending you notifications about spam they got from you?
> They don't do it only for spam sent to their spam traps, but even in such
> cases they might provide you filtered headers
Re: How to get removed from spamcop?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 28.10.13 14:06, Marc Perkel wrote:
>Just wondering if any real people are there or if it's totally
>automated. They have several of our IP addresses listed and delisting
>doesn't seem to work. We're a spam filtering company (Junk Email
>Filter) and if we fail to block a spam it can appear we are the
>source.
Aren't they sending you notifications about spam they got from you?
They don't do it only for spam sent to their spam traps, but even in such
cases they might provide you filtered headers.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
Re: How to get removed from spamcop?
Posted by Tom Hendrikx <to...@whyscream.net>.
On 10/29/2013 05:21 AM, Marc Perkel wrote:
>
>
> What's odd is that all my inbound servers are listed.
This sounds like a typical backscatter problem to me...
Kind regards,
Tom
Re: How to get removed from spamcop?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2013-10-28 at 21:21 -0700, Marc Perkel wrote:
> What's odd is that all my inbound servers are listed.
Your INbound servers? Did you not wonder why your INbound servers are
listed for SPEWING spam?
Assuming (well, your wording strongly suggests) your inbound and
outbound servers' IPs are distinct. Listed are the inbound ones. Not the
outbound ones, actually emitting mail to other networks.
In case of the SpamCop rules, that's check_rbl() eval, which operates on
untrusted relays.
If your spam filter customers include your outbound MTAs as trusted, but
not your inbound != outbound MTAs, that would explain why.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: How to get removed from spamcop?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 10/28/2013 8:23 PM, Joe Sniderman wrote:
> On 10/28/2013 05:06 PM, Marc Perkel wrote:
>> Just wondering if any real people are there or if it's totally
>> automated.
> They have real people there.
>
>> They have several of our IP addresses listed
> Hmmm
>
>> and delisting doesn't seem to work.
> Strange....
>
>> We're a spam filtering company (Junk Email Filter) and if we fail to
>> block a spam it can appear we are the source.
> Are you positive that this is the cause of the listing, or just
> speculating. Also, do you only provide inbound filtering to your
> customers, or outbound too?
>
> If you only provide inbound, and your customers are rejecting mails
> you've already accepted on their behalf (sounds like this may be the
> case) do you then generate a bounce? Could some of those bounces be what
> caused the listing in the first place?
>
> Just throwing some ideas out there..
>
What's odd is that all my inbound servers are listed. It's almost as if
someone is deliberately trying to get me listed. used to have a report
every month or so but never anything serious. This time no report and
everything is listed.
About 9 years ago I set up the people at spamcop with a spam feed for
them to use to help them with their list. I'm beginning to think that
they somehow are using that data and wrongly listing me. So I cut off
their feed. Since I set them up they got bought by ironport who got
bought be cisco and there's no reason to give it to them for free
anymore. We'll see if that fixes it.
--- Marc Perkel - Sales/Support support@junkemailfilter.com
http://www.junkemailfilter.com Junk Email Filter dot com 415-992-3400
Re: How to get removed from spamcop?
Posted by Joe Sniderman <jo...@thoroquel.org>.
On 10/28/2013 05:06 PM, Marc Perkel wrote:
> Just wondering if any real people are there or if it's totally
> automated.
They have real people there.
> They have several of our IP addresses listed
Hmmm
> and delisting doesn't seem to work.
Strange....
> We're a spam filtering company (Junk Email Filter) and if we fail to
> block a spam it can appear we are the source.
Are you positive that this is the cause of the listing, or just
speculating. Also, do you only provide inbound filtering to your
customers, or outbound too?
If you only provide inbound, and your customers are rejecting mails
you've already accepted on their behalf (sounds like this may be the
case) do you then generate a bounce? Could some of those bounces be what
caused the listing in the first place?
Just throwing some ideas out there..
--
Joe Sniderman <jo...@thoroquel.org>
Re: How to get removed from spamcop?
Posted by Mauricio Tavares <ra...@gmail.com>.
On Mon, Oct 28, 2013 at 5:06 PM, Marc Perkel
<su...@junkemailfilter.com> wrote:
> Just wondering if any real people are there or if it's totally automated.
> They have several of our IP addresses listed and delisting doesn't seem to
> work. We're a spam filtering company (Junk Email Filter) and if we fail to
> block a spam it can appear we are the source.
>
Check the log files for clues. At least with me once I found
that a mail server I was responsible for was blacklisted, checking at
both the site that blacklisted us and the mail logs was enough to find
which user did the deed.
> Anyone know anyone there?
>
> --
> Marc Perkel - Sales/Support
> support@junkemailfilter.com
> http://www.junkemailfilter.com
> Junk Email Filter dot com
> 415-992-3400
>
Re: How to get removed from spamcop?
Posted by Axb <ax...@gmail.com>.
On 10/29/2013 05:26 PM, Joe Sniderman wrote:
> On 10/29/2013 12:19 PM, Benny Pedersen wrote:
>> Marc Perkel skrev den 2013-10-28 22:06:
>>> Just wondering if any real people are there or if it's totally
>>> automated. They have several of our IP addresses listed and delisting
>>> doesn't seem to work. We're a spam filtering company (Junk Email
>>> Filter) and if we fail to block a spam it can appear we are the
>>> source.
>>
>> and ?, do you see your own logs who use spamcop.com as rbl ?
>>
>> http://www.mywot.com/en/scorecard/spamcop.com
>>
>> users of wot dont trust them
>
> o rly:
>
> https://www.mywot.com/en/scorecard/spamcop.net
Guys - this thread has gone from OT to pointless and totally unrelated to SA
Please move it to SDLU or mailop lists or some more adequate forum
SDLU
https://spammers.dontlike.us/mailman/listinfo/list
Mailops:
http://chilli.nosignal.org/mailman/listinfo/mailop
Re: How to get removed from spamcop?
Posted by Joe Sniderman <jo...@thoroquel.org>.
On 10/29/2013 12:19 PM, Benny Pedersen wrote:
> Marc Perkel skrev den 2013-10-28 22:06:
>> Just wondering if any real people are there or if it's totally
>> automated. They have several of our IP addresses listed and delisting
>> doesn't seem to work. We're a spam filtering company (Junk Email
>> Filter) and if we fail to block a spam it can appear we are the
>> source.
>
> and ?, do you see your own logs who use spamcop.com as rbl ?
>
> http://www.mywot.com/en/scorecard/spamcop.com
>
> users of wot dont trust them
o rly:
https://www.mywot.com/en/scorecard/spamcop.net
--
Joe Sniderman <jo...@thoroquel.org>
Re: How to get removed from spamcop?
Posted by Neil Schwartzman <ne...@cauce.org>.
On Oct 29, 2013, at 9:19 AM, Benny Pedersen <me...@junc.eu> wrote:
> Marc Perkel skrev den 2013-10-28 22:06:
>> Just wondering if any real people are there or if it's totally
>> automated. They have several of our IP addresses listed and delisting
>> doesn't seem to work. We're a spam filtering company (Junk Email
>> Filter) and if we fail to block a spam it can appear we are the
>> source.
>
> and ?, do you see your own logs who use spamcop.com as rbl ?
>
> http://www.mywot.com/en/scorecard/spamcop.com
>
> users of wot dont trust them
well no, especially since the correct address is spamcop.NET
https://www.mywot.com/en/scorecard/spamcop.NET
Re: How to get removed from spamcop?
Posted by Benny Pedersen <me...@junc.eu>.
Marc Perkel skrev den 2013-10-28 22:06:
> Just wondering if any real people are there or if it's totally
> automated. They have several of our IP addresses listed and delisting
> doesn't seem to work. We're a spam filtering company (Junk Email
> Filter) and if we fail to block a spam it can appear we are the
> source.
and ?, do you see your own logs who use spamcop.com as rbl ?
http://www.mywot.com/en/scorecard/spamcop.com
users of wot dont trust them
> Anyone know anyone there?
in my email startup i was a registrated users of there limited services,
but i stopped long time ago with that job of supporting them, i use
mydns/bind9/rpz-sone in bind to block spam now
i dont list ips
Re: Outbound filtering (was Re: How to get removed from spamcop?)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On 29 Oct 2013 09:45:02 -0700
"Neil Schwartzman" <ne...@cauce.org> wrote:
> the difficulty with a rate-limiting approach is the criminals
> reverse-engineer it pretty quickly, and just spread the joy over
> numerous accounts.
True, though that's quite hard. Given a user population of 10K users,
it's pretty easy to phish a handful of accounts. It's a lot harder to
phish say 50 of them, so you can only spread the joy so much.
Additionally, we apply a (higher) rate-limit to our customer's
back-end servers to catch massive spam runs that really do come from
lots of compromised accounts.
> generally speaking, they pretty much trickle spam out over ATOed
> accounts instead of doing it all in one fell (foul?) swoop.
Possibly, but we're not too concerned about that. If our IPs send a
trickle of spam, we probably won't get blacklisted. If we start
spewing like a firehose, we need to stop that quickly.
> But yeah, i think John underestimates how difficult it is to do
> outbound filtering for more than a few dozen users who expect their
> mail to be delivered immediately, for some value of immediately.
Yup. We still get support tickets from people who send an email, call
the recipient up right away and then wonder why the email hasn't arrived
within 30 seconds. :(
Regards,
David.
Re: Outbound filtering (was Re: How to get removed from spamcop?)
Posted by Neil Schwartzman <ne...@cauce.org>.
On Oct 29, 2013, at 9:31 AM, David F. Skoll <df...@roaringpenguin.com> wrote:
> On Mon, 28 Oct 2013 21:42:29 -0400 (EDT)
> "John R. Levine" <jo...@iecc.com> wrote:
>
>> But outbound filtering is far more useful when it, you know, actually
>> works.
>
> Outbound filtering is far trickier than inbound filtering. Unless you
> really want to annoy your customers, you have to hold suspect mail
> (anything scoring let's say 5.0 to 8.0 or so on SpamAssassin's scale)
> for review rather than rejecting outright. Once you start having more
> than a few thousand outbound users, you end up spending a lot of time
> reviewing suspect mail.
>
> We take another approach and apply per-sender rate-limits. If a given
> sender or IP sends to more than X recipients in a given window of
> time, we hold all mail from that sender/IP and alert. This has
> enabled us to catch and shut down several phished accounts over the
> last few months. Rate-limiting also helps if a phished account is
> used to blast out large quantities of spam that nevertheless are not
> detected as spam by content filtering.
Given my experience working as the guy charged with outbound spam at a mjaor freemail provider, i can say this :
the difficulty with a rate-limiting approach is the criminals reverse-engineer it pretty quickly, and just spread the joy over numerous accounts.
generally speaking, they pretty much trickle spam out over ATOed accounts instead of doing it all in one fell (foul?) swoop.
But yeah, i think John underestimates how difficult it is to do outbound filtering for more than a few dozen users who expect their mail to be delivered immediately, for some value of immediately.
Emailin’ ain’t easy.
Outbound filtering (was Re: How to get removed from spamcop?)
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Mon, 28 Oct 2013 21:42:29 -0400 (EDT)
"John R. Levine" <jo...@iecc.com> wrote:
> But outbound filtering is far more useful when it, you know, actually
> works.
Outbound filtering is far trickier than inbound filtering. Unless you
really want to annoy your customers, you have to hold suspect mail
(anything scoring let's say 5.0 to 8.0 or so on SpamAssassin's scale)
for review rather than rejecting outright. Once you start having more
than a few thousand outbound users, you end up spending a lot of time
reviewing suspect mail.
We take another approach and apply per-sender rate-limits. If a given
sender or IP sends to more than X recipients in a given window of
time, we hold all mail from that sender/IP and alert. This has
enabled us to catch and shut down several phished accounts over the
last few months. Rate-limiting also helps if a phished account is
used to blast out large quantities of spam that nevertheless are not
detected as spam by content filtering.
Regards,
David.
Re: How to get removed from spamcop?
Posted by "John R. Levine" <jo...@iecc.com>.
> More to the point, if you're a spam filtering company, you shouldn't
> be delivering something you "failed to block" to anybody but your own
> customers.
Outbound filtering is a reasonable thing to do, to catch spambots and the
like.
But outbound filtering is far more useful when it, you know, actually
works.
R's,
John
Re: How to get removed from spamcop?
Posted by Bart Schaefer <ba...@gmail.com>.
On Mon, Oct 28, 2013 at 3:08 PM, John Levine <jo...@taugh.com> wrote:
>>They have several of our IP addresses listed and delisting
>>doesn't seem to work. We're a spam filtering company (Junk Email Filter)
>>and if we fail to block a spam it can appear we are the source.
>
> Uh, Marc, if the spam comes out of your servers, you ARE the source.
> Nobody but you cares about your business model.
More to the point, if you're a spam filtering company, you shouldn't
be delivering something you "failed to block" to anybody but your own
customers.
Doesn't that make this a customer education issue? Why are your
customers reporting you to spamcop?
Re: How to get removed from spamcop?
Posted by Neil Schwartzman <ne...@cauce.org>.
or wait 24 hours for the listing to expire.
that said deputies@spamcop.net works just fine.
Neil Schwartzman
Executive Director
Coalition Against unsolicited Commercial Email
Tel :(303) 800-6345
Mob: (415) 361-0069
@cauce
On Oct 28, 2013, at 3:08 PM, John Levine <jo...@taugh.com> wrote:
>> Just wondering if any real people are there or if it's totally
>> automated.
>
> I've never had any trouble getting replies to polite inquiries.
>
>> They have several of our IP addresses listed and delisting
>> doesn't seem to work. We're a spam filtering company (Junk Email Filter)
>> and if we fail to block a spam it can appear we are the source.
>
> Uh, Marc, if the spam comes out of your servers, you ARE the source.
> Nobody but you cares about your business model.
>
> R's,
> John
>
Re: How to get removed from spamcop?
Posted by John Levine <jo...@taugh.com>.
>Just wondering if any real people are there or if it's totally
>automated.
I've never had any trouble getting replies to polite inquiries.
>They have several of our IP addresses listed and delisting
>doesn't seem to work. We're a spam filtering company (Junk Email Filter)
>and if we fail to block a spam it can appear we are the source.
Uh, Marc, if the spam comes out of your servers, you ARE the source.
Nobody but you cares about your business model.
R's,
John