
In a message written on Fri, Apr 25, 2003 at 11:35:16AM -0700, Will Yardley wrote:
If you're talking about the actual reports sent by SpamCop, they are not unsolicited, because they're going to abuse and / or role accounts (and are thus solicited implicitly). If you don't want to receive SpamCop reports, I'm almost certain you can ask them not to send you reports.
The problem is you can be spammed and blocked by proxy. A company, who will remain nameless, configured their mail server to report "spam" to "spamcop". One of their users was on a mailing list I run. They reported a completely legitimate e-mail to SpamCop, which SpamCop took as a Spam report. SpamCop then added my mailer to their DNS black list. This is in fact how I noticed, I received mail refused from list deliveries before I ever got a SpamCop report (which I did receive a few hours later). To their credit, when I pointed out this was legitimate mail they did remove the offending entry quickly. Only to have it reappear 6 hours later when the next mailing list mail was reported in the same way. :( So, a bogus reporter was able to: 1) Waste my time and resources by having spamcop send me mail I did not ask for, want, or deserve. 2) Tarnish my reputation which I had to defend. 3) Make several of my users unable to receive e-mail from my legitimate lists because their ISP's/Companies use SpamCop's list. I used to be a fan of various services that "listed spammers", including SpamCop, and the RBL. No more. Both seem to use the nuclear weapon to take out an ant method, which given those tools is probably the only way they have any chance of working. If you have a hammer, everything looks like a nail. They also both assume mail is "normal", that is one end user to one mail server to another mail server to an end user. Add mailing lists, relaying services, and other things and legitimate e-mail gets classified as spam, or worse, spam that passed through a legitimate gateway gets the gateway listed. The tools inside spam assassin, baysean(sp?) filtering, fingerprint checks of known spam messages, filtering of known spam identifiers is both more effective at actually catching the spam, and it's also much better at not wacking legitimate messages. Listing services are yesterday's technology, and frankly, have failed in their end goal. The community needs to push forward with more advanced tools, like the fingerprinting software. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org