OT: Spamcop BL - good or dangerous?

Wed Nov 29 19:18:41 GMT 2006

Arthur Sherman wrote:
>> And, the OP isn't even complaining about *HIS* mail being 
>> blocked, he's
>> complaining about spamassassin.apache.org being blocked while 
>> trying to send TO him!
> 
> 
> Matt, all, I am probably to blame for your confusion.
> 
> Let me state this again:
> 
> I'm subscribed to SpamAssassin ML with an address on my server (not the one
> I send to this list - this one is from my ISP)
> 
> My server bounced the message coming from spamassassin.apache.org due to
> blocking in Spamcop.
> 
> Justin told me to get rid of Spamcop.
> 
> That's how all this started...

That's exactly how I understood it.

Apparently Gerard saw you as having an end-user account, and jumped to the
conclusion you had a problem with being listed yourself.

However, your original post is *quite* clear about this:

"Sometimes I get a message from any of lists I'm subscribed to, that mail to
my address bounces."

I don't see anything in that which might lead to the conclusions Gerard came to.
It's quite clear from that one sentence you're having problems receiving mail
from legitimate senders.

And yes, SpamCop is a false-positive prone system.

And yes, it regularly lists the apache.org that hosts the SpamAssassin mailing list.

Apparently some dimwits are subscribed to the spamassassin-users list that have
their systems configured to auto-report to SpamCop anything that SA tags as
spam. This is in flagrant violation of the terms of service for SpamCop, but
they do it anyway. And the same dimwits do not have the list whitelisted.

Therefore, anytime someone posts a sample of spam to the sa-users list, the list
gets auto-reported to spamcop.

SpamCop used to be good, but it's become polluted. Part of me wonders if it's
user error, or deliberate malicious submissions.

People are so aggressive about reporting ebay phishes that they're reporting
real ebay servers too.

Case in point:

Right now 66.135.215.234 is listed in spamcop, and is in the SPF record for
ebay.com, so it's a real ebay server.

$dig txt ebay.com
ebay.com.               3600    IN      TXT     "v=spf1 mx
include:s._spf.ebay.com include:m._spf.ebay.com include:p._spf.ebay.com
include:c._spf.ebay.com ~all"

$dig txt m._spf.ebay.com
m._spf.ebay.com.        1425    IN      TXT     "v=spf1 ip4:66.135.215.224/27
ip4:216.33.244.96/27 ip4:216.33.244.84 ~all"

http://www.spamcop.net/w3m?action=checkblock&ip=66.135.215.234
----
66.135.215.234 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will
be delisted automatically in approximately 15 hours.
----

Way to go spamcop submitters! You go get those ebay phishers at ebay.com!