[thelist] Spam Cop??

Ben Dyer ben_dyer at imaginuity.com
Thu Feb 13 11:49:01 CST 2003

At 11:06 AM 2/13/2003, you wrote:
> > 1. People assume that they are permanently reliable.
>That is because people are not reading. The SpamCop site explains their
>reliability many times on their web:

Again, perhaps not a fault of the technology directly, but no consolation
to those who are inadvertently blocked because of it.

> > 2. SpamCop assumes that reports are true.
>This is absolutely NOT true. In contradiction, SpamCop only talks about
>SUBE - Supposed Unsolicited Bulk Mail. If you want to know more about how
>SpamCop treats reports, gop and read

401 - Authorization Required.

>That is why they weigh all reports. One single report (made by mistake) has
>almost no effect, but a lot of reports during a long time cannot be
>considered a mistake anymore.

But, again, that's assuming that all humans are correct.  Politech (2,000
members or so) was blocked several times by SpamCop.  There is no way to
receive e-mail from them without subscribe/confirm e-mail and yet they
still were blacklisted.

This means that either, (a) SpamCop doesn't have a high threshold of
reports required to blacklist someone or (b) A *lot* of people mistakenly
submitted reports.  I don't know which it is but, either way, something is
wrong with the SpamCop system itself if either can happen.

> > Well, when you're signing up for a hosting company, do you think they
> > are advertising their status in various blackhole lists? :)
>This is true, but the moment I find out my hosting provider is sponsoring
>(actively or passively) spammers, I am gone.

We had a client who had a site on UUNet about two years ago.  UUNet didn't
know what was going on, but almost all of the e-mail for that client was
being bounced.  We had to do all the digging ourselves to figure out what
happened (we were apparently in a block of UUNet that got blacklisted by
ORBS - we didn't send out any e-mail ourselves).  Someone who didn't know
what they were doing would never have figured it out.

Worse yet, many hosters sublease hosting space from companies like
UUNet.  So, even if you *knew* UUNet wasn't worth going with, your hosting
company might still be affected!

Anyways, yes, hosters like that need to correct their servers, but this
isn't the way to try to make them.

>Can you explain me how a big company like UUNet or RackSpace can ignore
>thousands of complaints stating that one of their clients is breaking their
>acceptable use policy??????

It's because they're so big, they don't care.  Doesn't help the poor saps
who fell for their advertising...or signed long-term contracts.  I know
that many hosts just ignore spam warnings.  Some seem to consider
self-imposed...well..."Spam Cops" :) more of a nuisance than anything else.

Basically, my point is when you use technologies like this, it doesn't just
affect *you*, it affects lots of other people who have nothing to do with
you.  By giving acceptance to the technology, you affect lots of innocent

>Content-based filters only make that I don't see those messages. I still
>receive them, and when your using a slow modem, the delivery of all those
>messages can be really irritating. Therefore I want to stop spam before they
>reach my mailbox, and therefore we neet blocklists.

Well, you can implement content filters to do the same thing, using
SpamAssassin or Vipul's Razor or DCC.  Then set it up to bounce or log at
the server level.  Any server-based solution leaves less room for error
(but there are fewer errors to begin with), but there you go.

>Or better, fix the servers with security flaws...

Now, *that*, I'll agree with.  :)

I'll put it like this, we've been using SpamAssassin for about six months
now.  It's successfully caught almost 1,000 spam e-mails (to me alone) with
maybe a dozen false positives (which were fixed by the whitelist) and maybe
two dozen false negatives (mostly when the software occasionally wouldn't
engage following reboot).

Anyways, I'm not in the mood for a flame war, so thus ends my contributions
to this thread.


More information about the thelist mailing list