[SC-Help] Re: Blocked? Read this.

[John E. Malmberg]

In article <d0s42b$6cu$1 at news.spamcop.net>,
"Miss Betsy" <nobody at devnull.spamcop.net> writes:
> An unkown poster with an admitted forged address wrote:
> <snip>
>> So, what is that got to do with my issue with SpamCop, or even
>> with my actual Optonline IP?

Possibly nothing at all since the affected IP was not given.
<snip>

>> Just for your knowledge most, if not all cable service provider
>> issues DHCP IPs for their subscribers. Should I shut down my cable
>> modem, then the next time I'll have a different IP address. That
>> IP might already be on the SpamCop BL despite the fact, that I have
>> nothing to do with the previous history of the IP address currently
>> assigned to me.

Spamcop.net listings expire at most 48 hours after the last received
timestamp of spam from that I.P. address.

If your brand new DHCP address was already listed with spamcop.net, or
any DHCP addresses on your subnet are listed with spamcop.net, it likely
means that there is a computer on your cable modem leg that is compromised
and controlled by a zombie.

Since the spammmers will be periodically pushing as much spam through it
as your ISP's network capacity can handle, the compromised computer is
likely causing noticable slowdowns if not complete outages for you and
your neighbors.

I did an experiment last year on a forum where people were complaining
about outages and severe slow downs on their cable modems.  In every case
a search using google revealed the IP address of one or more compromized
system in their area, and since the people that post such evidence
publically also ususally send notifications to the abuse or postmaster
addresses, the ISP should have been aware of what it took to fix the
problem for days before they started issuing refunds or credits to the
affected users.

The problem was is that the ISP was giving the owners of the infected
machines 5 business days to fix their machine before cutting them off,
with out realizing all the damage and costs those infected machines were
causing them.

>> That's
>> not fair and this where SpamCop is dead wrong for listing cable
>> providers' dynamically assigned IP addresses. They are not blocking
>> spemmers IPs all the time, they BL also blocks legitimate email traffic.

Almost all mail server operators now use blocking lists that list DHCP
addresses.  A spamcop.net listing of a DHCP address would probably not
be noticed as the DHCP blocking lists are in far more common use than
spamcop.net.

>
> <snip>
>> If spam fighting is a war, then we are loosing judging by the
>> percentage of spam increase on my spam filtering server at work
>> since lart year.

It is only the people whose mail server operators do not know how to
keep spam out that are losing the battle.

>> You might of had to deal with collateral damage related to the zombie home
>> PCs, but I have to addresses lost businesses because SpamCop's action.
>> Our business relies heavily on the email systems and we most certainly would
>> not do anything to hurt our own business by sending out spam.

There are so many ways that e-mail systems can fail.  All you have done is
pointed out that you do not have a backup system should a problem occur with
your primary ISP.

>> We do require from our email server to auto-reply to undeliverable
>> emails due to the business requiremnents. Our clients and partners do
>> require notification should email not reach the intended recipient.

The SMTP protocol does not guarantee notifications will be made of delivery
success or failure.

If you mail server does not respond or issues an SMTP reject for undeliverable
e-mail, then if the sender's mail server is set up correctly they will get
notified by their mail server that it could not deliver the message.

Your auto-replies to spam or viruses are effectively a denial of service attack
on the owners of domains that the spammers are forging.

>> My company can loose money, if our email servers aren't doing this.
>> This is RFC822 compliant and SpamCop should not arbitrary change the RFC.
>
> It is very simple to reject email at the server level instead of
> after acceptance and accomplish your goal of not losing any email.
> You can also filter through to weed out the legitimate ones and dev
> null the rest.  This is a case of who is being inconvenienced
> more - your company or the thousands of people who are
> inconvenienced by receiving your back scatter.

The RFCs may permit such bouncing, but that method is no longer acceptable
to much of the internet.  Even the very conservative spamhaus.org is now
starting to list mail servers that are so abusive when they do not stop
it after receiving complaints.

And the spamhaus.org service is far more widely used than spamcop.net.

I know of at least two large U.S. ISPs that will quicly put a local block on
your IP address if any of their users complain about backscatter from it.
It seems to take a lot more hoops to get off of those ISP's local blocking
lists than spamcop.net and it seems that it is extremely easy to get on
them, and no way to tell until your e-mail is rejected that you are even
on their local list.

The RFCs are guidelines.  The bounce part of the protocol was when most
e-mail when through one or more unknown third-party relays before it
reached the destination mail server.  The end system would issue a reject,
and the intermediate relays systems would generate the bounce message.

As the internet facing mail server of a company is the destination, and not
an independent third party relay, it should be able to check if the e-mail
is deliverable or not before accepting it, and issue the SMTP rejection.

Even independent third party relays are now probing the destination server
for delivery before they accept a mail for relay, and will reject it
if they can not get an assurance that the destination will accept the mail.

> <snip>
>> The worst is that in the US anyone is considered innocent until proven
>> guilty. The exception is SpamCop where they pronounce you guilty and
>> then you have jump through loops to prove that your are not guilty.

While your operation may pay a fixed rate for your e-mail systems, for large
operations, they have to pay a metered rate.

Accepting your backscatter to forged addresses greatly increase the costs
of operating a mail server that is on a metered rate connection.

The faster that a source of spam, virus or backscatter can be identified,
the less money is needlessly spent on bandwidth.

Why should my mail server operators pay two to three times as much per month so
that your mail server can auto reply to forged addresses instead of using
SMTP rejections?

> Ignorance of the law is no excuse.
>
>>  And for what? Marginal effect at best to
>> the Spam emails. SpamCop's action does hurt legitimate businesses and does
>> nothing to the spammers.

Spamcop.net makes them switch more often, and network operators with a clue
use the spamcop.net reports to quickly remove zombies from their networks
because they know that every second that the zombie is on their network it is
needlessly costing them operating cash.

>> The spammers can switch email servers on a dime,  but I cannot. My only
>> options are to change the server IP address, or hope that there will be
>> no other self rightious people who forgot that they did actually subscribe
>> to your email notification.

A now you are claiming something else entirely.  The story is morphing.

If someone has made a false report, spamcop.net takes action against them
and will remove the block if present.  It does happen from time to time,
usually such reports are not enough to cause a listing, unless the mailing
list is small.

You are the one being self rightious as you want the receiver to pay for
the added costs of dealing with spam or abusively configured mail servers.

There are people and companies that have lost the use of their e-mail addresses
because of the volume of abusive bounces was so high that either their
individual mail quota was used up, or either their bandwidth or mail server
was not up to the capacity.

It is particularly a problem for some domains that people think do not
exist, so use them for posting to avoid spam themselves.

The best known example of that is TEST.COM, they made the national news about
the bounces from abusive mails servers effectively wiped out their mail server.

HERE.COM does not seem to have an I.P. address allocated assigned to it at
the moment, but google shows over 100,000 hits the e-mail address you used
for posting, which means that if the owner of that domain actually were to
try to use it for e-mail, the backscatter from the viruses and spam would
likely overload their connection or server.

Is that fair to the legitimate owner of a domain?  A domain that otherwise
would have great marketing value?

-Jonn
wb8tyw at qsl.network
Personal Opinion Only