OT: Spamcop BL - good or dangerous?

Rose, Bobby brose at med.wayne.edu
Wed Nov 29 14:33:47 GMT 2006


Your not distinguishing between a spamtrap issue vs a spam reporting
issue.  Spamtrap domains/addresses are not public known as such.
Spamcop has dummy mail domains that doesn't have any users that send any
mail out so it's not reasonable for people to be replying to them, or
those addresses opting into mailings.  The spamtrap addresses are then
seeded on the net so spammers who spider thru google and such to get
email addresses will pick them up.

Also based on what I recall reading on Spamcop, they supposedly contact
the ISP on spam reports (my guess postmaster at domain or based on whois
info )and if the receive no response or no action is taken, then the
host is added to the list of reported spam sources.  So if that's the
case, they are still leaving it up to the ISP to make that
determination.
 




-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Drew
Marshall
Sent: Wednesday, November 29, 2006 8:53 AM
To: MailScanner discussion
Subject: RE: OT: Spamcop BL - good or dangerous?

On Wed, November 29, 2006 13:19, Rose, Bobby wrote:
> Mostly when I've looked at addresses that are listed at spamcop, the 
> addresses are on the temporary blocklist due to the address sending 
> messages to Spamcop's spamtraps.  It's pretty hard to say it's a 
> mistake that a legit system emailed a spamtrap unless they are 
> relaying which then raises other questions.

It's not so much if it's a mistake as you are right, some one
deliberatly sent the sample mail to Spamcop but more about who and what
is making the classification. As just about anyone can send 'Spam' to
Spamcop, who in turn will list the relay(s) (Albeit for varying amounts
of time based on frequency), it becomes a question of who does the
vetting. The problem with Spamcop is that 'no one' is the answer. You
can end up being listed if some takes a dislike to your e-mail and sends
it on to them enough.
This is what makes Spamcop dangerous to use at MTA.

Of cause this raises the point 'What is Spam?'. Because there is no
real, definitive answer other than 'unsolicited 'junk' mail' how do you
define what users should forward, particularly to a global black list
(How many times do we see requests to this list about configuring MS for
individual black/ white lists, SA settings etc?). I very much like and
support the idea of collaborative anti-spam measures but in the same way
that bayes works on the specific mail characteristics of your mail, so,
I think, should RBLs like Spamcop be used in a measured, weighted way
(As it does in SA).

I do block using the Spamhaus RBLs as not only do I find them less
aggressive but they are (Seem?) better moderated and audited. This means
that, in my experience, fewer false positives and more of the true 'bad
guys' being listed and with less chance of removal.

/Throws his final 2p into the air and steps off soap box...

Drew

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



More information about the MailScanner mailing list