A warning about SpamCop
May. 7th, 2004 02:04 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gizaIf you use SpamCop to report spam, you should read this post carefully.
Over the past few months since I brought a new server online, I've been bouncing lots of e-mails that are sent to non-existant addresses on my domains. Since lots of spam is forged, it means that innocent users have been seeing bounces in their mailboxes, and then reporting these bounces to SpamCop as "spam". This has caused my machine to be incorrectly listed as a "spam source" on several occasions. It got so bad that I had to spend a couple of hours yesterday configuring qmail to stop issuing bounces for non-existant addresses. Now the mail is just deleted. This means that people who try to e-mail an old address of mine never know it went through. :-(
Another problem with SpamCop, or rather the people who use SpamCop is when they report actual spam they receive. Just the other day, a user got several spams sent to an e-mail address hosted on my machine. The machine didn't provide POP3 service for that user, but just forwarded to their address on another machine. That's all fine and dandy, except for that when they reported it, they incorrectly listed MY machine as an "open relay". 5 times in a row. The end result was that my server got shut down for several hours yesterday (leaving my couple of dozen users unable to retrieve e-mail) until I called up the ISP and promised to resolve the problem. (I resolved the problem by booting that user) Had I been running a business on that box, it would have resulted in money lost. That's not good.
To summarize, here is what you need to be aware of if you use SpamCop:
1) Do NOT report bounces as spam. You're just punishing an innocent sysadmin for running a mailserver in a valid configuration.
2) If you get a legitimate piece of spam, you had better be DAMN sure that the hosts that you are reporting as "sources" and "relays" are in fact not machines that you use regularly. ISPs and co-lo centers DO pay attention to the reports that they get, and they WILL shut you down if they even think you are an open relay, as happened to me.
Pardon my language, I'm still a bit grumpy...
Over the past few months since I brought a new server online, I've been bouncing lots of e-mails that are sent to non-existant addresses on my domains. Since lots of spam is forged, it means that innocent users have been seeing bounces in their mailboxes, and then reporting these bounces to SpamCop as "spam". This has caused my machine to be incorrectly listed as a "spam source" on several occasions. It got so bad that I had to spend a couple of hours yesterday configuring qmail to stop issuing bounces for non-existant addresses. Now the mail is just deleted. This means that people who try to e-mail an old address of mine never know it went through. :-(
Another problem with SpamCop, or rather the people who use SpamCop is when they report actual spam they receive. Just the other day, a user got several spams sent to an e-mail address hosted on my machine. The machine didn't provide POP3 service for that user, but just forwarded to their address on another machine. That's all fine and dandy, except for that when they reported it, they incorrectly listed MY machine as an "open relay". 5 times in a row. The end result was that my server got shut down for several hours yesterday (leaving my couple of dozen users unable to retrieve e-mail) until I called up the ISP and promised to resolve the problem. (I resolved the problem by booting that user) Had I been running a business on that box, it would have resulted in money lost. That's not good.
To summarize, here is what you need to be aware of if you use SpamCop:
1) Do NOT report bounces as spam. You're just punishing an innocent sysadmin for running a mailserver in a valid configuration.
2) If you get a legitimate piece of spam, you had better be DAMN sure that the hosts that you are reporting as "sources" and "relays" are in fact not machines that you use regularly. ISPs and co-lo centers DO pay attention to the reports that they get, and they WILL shut you down if they even think you are an open relay, as happened to me.
Pardon my language, I'm still a bit grumpy...