From: Gordon J. Holtslander (holtsg@duke.usask.ca)
Date: 02/23/03-10:53:32 PM Z
Hi:
to quote our support people:
-----------
The spamcop.net blacklisting method is buggy and error-prone. They say
so on their web site. Unfortunately, some servers are starting to use the
spamcop.net blacklisting service prematurely.
----------
Furthermore spamcop iself states: (from http://spamcop.net/bl.shtml)
----------
This blocking list is somewhat experimental and should not be
used in a production environment where legitimate email must be delivered.
It is growing more stable and is used by many large sites now. However,
SpamCop is aggressive and often errs on the side of blocking mail - users
should be warned and given information about how their mail is filtered.
Ideally they should have a choice of filtering options. Many mailservers
can operate with blacklists in a "tag only" mode, which is preferable in
many situations.
---------
Spamcop is stating that their blacklist will often block legitimate email
and that ISP's should inform their users that their mail is filtered and
that ISP's should offer their users a choice of filtering options.
Did your ISP offer this information to you?
It was blocking yours as well as two other list members.
The Univesities server is not left as an open relay, Spamcop was blocking
the sask.usask.ca server itself and not an imaginary "bad server".
The University is properly managing its mail server. Your ISP is using a
spam-filter that explicitly says it will often block legitimate email.
Your ISP appears to be feeding you buffalo dung. They seem reluctant to
say they are using an imperfect experimental system that may block
legitimate email.
Spamcop recomends that ISP's use their service to "tag" email as possible
spam, rather than rejecting outright. This way you are able to confirm
that filtered email is spam and not legitimate email.
Spamcop relies on users sending spam reports. This is done by sending
spam that people have received to spamcop. Spamcop's computers looks at
the email mesage, determines where it came from and adds it to the
blacklist.
What can happen is if someone forwards spam from a legitimate address to a
second address, and then this second person reports this email as spam to
spamcop- the first legitimate address is where the email came from, so
spamcop adds that server to the blacklist, and _not_ the server where the
spam originated from.
What has likely happened is that someone on sask.usask.ca forwarded spam
to another person and this second person reported it to spamcop, resulting
in sask.usask.ca being blacklisted.
Spamcop hasn't worked all the bugs out of their system yet.
There is no way anyone here at the UofS can prevent this from happening.
Its a problem with spamcop. Any mailserver can be potentially blacklisted
by spamcop.
Your ISP is trying to pass the buck for a problem it has created.
Gord
List Manager
On Sun, 23 Feb 2003, Katharine Thayer wrote:
> Hi Gordon,
> Here's what my ISP says about SpamCop blocking some of my list mail:
>
> They say SpamCop is one of several spam-filter services they subscribe
> to and they consider it one of the best, and would not consider not
> using the service.
>
> They say the only thing that can be done about my problem is for the
> University of Saskatchewan to get themselves off the blacklist by
> satisfactorily explaining the circumstances that got them on the
> blacklist in the first place (such as a server left open so a spammer
> could use it as a sending server) to the SpamCop folks.
>
> When I asked why I get some of the mail from usask; it's not blocked
> every time, he said it must be because the university routes their mail
> through several servers, and only one of them has been blacklisted. So
> the mail that goes out through that "bad" server is blocked, but the
> mail that goes through a different server, that hasn't been blacklisted,
> is not filtered out.
> Katharine
>
>
>
>
> Gordon J. Holtslander wrote:
> >
> > Hi:
> >
> > A critique of spamcop os here: http://jhoward.fastmail.fm/spamcop.html
> >
> > Everything thats wrong with spamcop ...
> >
> > SpamCop is using the 1st style of filtering. It blocking messages because
> > they are coming from a particular computer. It does not read the message
> > to check for spam content
> >
> > SpamCop uses a blacklist - It will reject message from any computer on the
> > blacklist.
> >
> > A computer can be added to the blacklist by someone reporting to have
> > recieved spam from this computer.
> >
> > If there is a recent report of spam from a computer it will be
> > blacklisted. After a while, if there are no complaints the computer will
> > be unblacklisted.
> >
> > So if sask.usask.ca is currently on the blacklist Katherine's email from
> > the list gets tossed in the garbage. When it comes off the list she gets
> > email, but she will NEVER recieve the email that was sent while
> > sask.usask.ca is blacklisted
> >
> > This also depends on the ISP maintaining updated information - likely
> > needs to be updated every 4 hours.
> >
> > The problem is that occasionally valid email gets reported as spam
> >
> > Quoting above site:
> >
> > -----------
> >
> > A SpamCop report occurs when a SpamCop notification system user reports a
> > message as spam, and SpamCop's analysis results in it being connected with
> > a particular email server. At FastMail.FM we have seen the following
> > result in SpamCop reports
> >
> > Genuine spam is correctly connected with the correct sending server.
> >
> > Genuine spam is received by a user, who forwards it to another email
> > provider (e.g. due to an automatic rule they have set up) or moves it with
> > their email client manually, and is then reported from the final location.
> > This can result in their own email provider getting listed because that
> > looks like the "spam source", because that is the server through which it
> > was forwarded.
> >
> > A virus results in an email being sent, which is incorrectly reported as
> > spam.
> >
> > A SpamCop notification user sends someone a message which the recipient
> > bounces (e.g. they are rejecting emails from that sender automatically),
> > and the SpamCop user reports the bounce notification.
> >
> > -------------
> >
> > >From the error message posted on spamcops site it appears that someone was
> > forwarded, or recieved through a virus, spam that had originally been sent
> > to a sask.usask.ca address. They filed a spamcop report on this,
> > resulting in sask.usask.ca being blacklisted.
> >
> > This means that any ISP using SpamCop will toss all list messages in the
> > garbage when this occurs.
> >
> > Its up to list suscribers to deal with their ISP's about this. I can't do
> > anything about it.
> >
> > Gord
> >
> > On Fri, 21 Feb 2003, Eric Maquiling wrote:
> >
> > > On 02/21 10:05, Katharine Thayer wrote:
> > > > On the other hand, an ISP-level filter that blocks messages with the
> > > > subject line "Aqua Regia" might at some times be a useful feature.
> > >
> > > Sorry for being REALLY OT here but 2 things can happen at the ISP
> > > level. Think of them as 2 doors:
> > >
> > > 1st door
> > > email comes in
> > > email servers ask "what IP address did you come from?"
> > > email server looks up the IP address
> > > lookup says "that IP address routinely sends SPAM"
> > > email server closes the door on that email
> > > next mail
> > > lookup says "that IP address is good"
> > > email server forwards the mail to:
> > > 2nd door
> > > another serivce
> > > checks for the entire email for anything that might be
> > > considered as spam
> > > checks good
> > > email goes to recipeient
> > > checks bad, words like "click here now!" or "increase your ***"
> > > email gets rejected.
> > >
> > > This concludes our basic email server lesson for today.
> > >
> > > (Thought I might contribute to something I actually know something
> > > about)
> > >
> > > You guys are super cool printmakers.
> > >
> > > --
> > > Eric
> > >
> >
> > ---------------------------------------------------------
> > Gordon J. Holtslander Dept. of Biology
> > holtsg@duke.usask.ca 112 Science Place
> > http://duke.usask.ca/~holtsg University of Saskatchewan
> > Tel (306) 966-4433 Saskatoon, Saskatchewan
> > Fax (306) 966-4461 Canada S7N 5E2
> > ---------------------------------------------------------
>
---------------------------------------------------------
Gordon J. Holtslander Dept. of Biology
holtsg@duke.usask.ca 112 Science Place
http://duke.usask.ca/~holtsg University of Saskatchewan
Tel (306) 966-4433 Saskatoon, Saskatchewan
Fax (306) 966-4461 Canada S7N 5E2
---------------------------------------------------------
This archive was generated by hypermail 2.1.5 : 03/04/03-09:19:09 AM Z CST