A warning about SpamCop
May. 7th, 2004 02:04 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gizaIf you use SpamCop to report spam, you should read this post carefully.
Over the past few months since I brought a new server online, I've been bouncing lots of e-mails that are sent to non-existant addresses on my domains. Since lots of spam is forged, it means that innocent users have been seeing bounces in their mailboxes, and then reporting these bounces to SpamCop as "spam". This has caused my machine to be incorrectly listed as a "spam source" on several occasions. It got so bad that I had to spend a couple of hours yesterday configuring qmail to stop issuing bounces for non-existant addresses. Now the mail is just deleted. This means that people who try to e-mail an old address of mine never know it went through. :-(
Another problem with SpamCop, or rather the people who use SpamCop is when they report actual spam they receive. Just the other day, a user got several spams sent to an e-mail address hosted on my machine. The machine didn't provide POP3 service for that user, but just forwarded to their address on another machine. That's all fine and dandy, except for that when they reported it, they incorrectly listed MY machine as an "open relay". 5 times in a row. The end result was that my server got shut down for several hours yesterday (leaving my couple of dozen users unable to retrieve e-mail) until I called up the ISP and promised to resolve the problem. (I resolved the problem by booting that user) Had I been running a business on that box, it would have resulted in money lost. That's not good.
To summarize, here is what you need to be aware of if you use SpamCop:
1) Do NOT report bounces as spam. You're just punishing an innocent sysadmin for running a mailserver in a valid configuration.
2) If you get a legitimate piece of spam, you had better be DAMN sure that the hosts that you are reporting as "sources" and "relays" are in fact not machines that you use regularly. ISPs and co-lo centers DO pay attention to the reports that they get, and they WILL shut you down if they even think you are an open relay, as happened to me.
Pardon my language, I'm still a bit grumpy...
Over the past few months since I brought a new server online, I've been bouncing lots of e-mails that are sent to non-existant addresses on my domains. Since lots of spam is forged, it means that innocent users have been seeing bounces in their mailboxes, and then reporting these bounces to SpamCop as "spam". This has caused my machine to be incorrectly listed as a "spam source" on several occasions. It got so bad that I had to spend a couple of hours yesterday configuring qmail to stop issuing bounces for non-existant addresses. Now the mail is just deleted. This means that people who try to e-mail an old address of mine never know it went through. :-(
Another problem with SpamCop, or rather the people who use SpamCop is when they report actual spam they receive. Just the other day, a user got several spams sent to an e-mail address hosted on my machine. The machine didn't provide POP3 service for that user, but just forwarded to their address on another machine. That's all fine and dandy, except for that when they reported it, they incorrectly listed MY machine as an "open relay". 5 times in a row. The end result was that my server got shut down for several hours yesterday (leaving my couple of dozen users unable to retrieve e-mail) until I called up the ISP and promised to resolve the problem. (I resolved the problem by booting that user) Had I been running a business on that box, it would have resulted in money lost. That's not good.
To summarize, here is what you need to be aware of if you use SpamCop:
1) Do NOT report bounces as spam. You're just punishing an innocent sysadmin for running a mailserver in a valid configuration.
2) If you get a legitimate piece of spam, you had better be DAMN sure that the hosts that you are reporting as "sources" and "relays" are in fact not machines that you use regularly. ISPs and co-lo centers DO pay attention to the reports that they get, and they WILL shut you down if they even think you are an open relay, as happened to me.
Pardon my language, I'm still a bit grumpy...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2004-05-07 06:13 pm (UTC)(no subject)
Date: 2004-05-07 06:16 pm (UTC)Wow you lucked out
Date: 2004-05-07 06:36 pm (UTC)(no subject)
Date: 2004-05-07 07:07 pm (UTC)The boss started vacation on wed. Mustang (our email response management tool) is completely dead today - the database is totally fuckered. Tried maybe 6 different programs to repair and compact the db. For the ones that didn't get broken right away trying to open it broke on the R&C command. Even found some proggies to convert the access db to MySQL - all of them break too. We have the database of death.
Guess what? No one here has access to make any changes to how email gets handled. Cool, no email for 2 weeks followed by 6 months of cleanup and chargebacks.
As an emergency, i setup the support center so that any emails that are sent via the support form will randomly get sent to Me, Marty, or Kennedy (instead of support@, sales@, etc.), bypassing mustang. While this helps us recover only 40% or so of email, I cant make this change live anyway because I dont have access to the live server.
I cant believe I only had one drink at the bar today...
P.S.
Must complete resume this weekend!
(no subject)
Date: 2004-05-07 07:21 pm (UTC)>Must complete resume this weekend!
Good deal. I'd like to have a look at it next week.
(no subject)
Date: 2004-05-07 09:09 pm (UTC)I stopped using Spamcop...
Date: 2004-05-08 02:14 am (UTC)Lately I see next to no spam. Spam filters have gotten quite good. Thunderbird does a decent job of filtering and my comcast.net accounts have a server side filter.
Believe it or not, Microsoft seems to have some damn good filtering on my Hotmail, it's at least 99% accurate. Ditto for my Yahoo and Netscape mail accounts.
(no subject)
Date: 2004-05-09 11:49 pm (UTC)(no subject)
Date: 2004-05-10 01:45 pm (UTC)(no subject)
Date: 2004-05-11 04:43 am (UTC)I read in the latest issue of Discover magazine that Microsoft wants to help prevent spam by causing delays for every email sent, by forcing the client to decrypt some sort of puzzle each time. Instead of spammers being able to send a million messages out every second, it'd force them to send one for every ten seconds, on top notch systems. MS doesn't seem to give a rat's ass about people who wouldn't otherwise need to upgrade from their Pentium 2's, because it'd take their processors 20 times as long to send out a single, personal email to a beloved one.
Mailing lists would also be wiped into oblivion. Could MS really be THIS evil or stupid, or what? I'm praying that the article I read is a hoax.
Old news
Date: 2004-05-11 01:21 pm (UTC)The real problem would be overhauling the existing SMTP protocol to use Hashcash, which make it one step closer to being a FUSSP (http://www.rhyolite.com/anti-spam/you-might-be.html)...
(no subject)
Date: 2004-05-26 02:30 am (UTC)It just seems to do no good.
once in a while I make an error and spamcop does not allow you to cancel a report, and they have no contact e-mail for them. Ended up faxing them and still got no responce.
Just seems so much like a loosed cause sometimes.
(no subject)
Date: 2004-05-26 02:39 am (UTC)But you should also do your bit by rejecting (5xx at the gate) rather than accepting the entire email (even if it is to an unknown user) and generating a bounce. That typically means uninstalling (or at least patching) qmail :)
-srs
(no subject)
Date: 2004-05-26 02:58 am (UTC)About qmail, I don't think patching it would help me with diong 5xx errors after the RCPT TO, since the domains that I accept e-mail for have their mail piped through vpopmail (http://www.inter7.com/vpopmail/) after being accepted. (But if you know of any patches that WILL work, I'm all ears :-)
And that leads me to the other reason I use Qmail, because it integrated very nicely with Vpopmail, which has proven to be a good choice for managing POP3 accounts on my machine.
Ah well. For now, I'm just /dev/nulling the invalid addresses and no longer producing bounces.
(no subject)
Date: 2004-05-26 03:09 am (UTC)some of the qmail patches to qmail-smtpd have a way to read the user info from a cdb. that's a very short piece of code and should be easy to modify to do a mysql lookup instead.
or switch to exim and check out Avleen Vig's vexim - http://www.silverwraith.com/vexim/