[SpamCop-List] Re: Challenge to nanae (part 2)

[Miss Betsy]

"McWebber" <mcwebber at my-deja.com> wrote in message
news:b3gad7$60c$1 at news.spamcop.net...
"Miss Betsy" <nobody at spamcop.net <mailto:nobody at spamcop.net>> wrote in
message
<news:b3g6eb$11v$1 at news.spamcop.net>...
<snip>
>>
>> There is still little point to anyone who is not an expert (professional
or
> >amateur) to report to an ISP.

>That is simply flat out wrong.

***Ok, let's put it this way.  someone who is not an expert doesn't know
which ISP's to trust.  An ISP that has a spammer on his network is probably
less trustworthy than most.  If the company who sent the spam is reasonably
legitimate (not a scam or whatever), then it might make more impact to write
directly to the company and explain why they don't like getting their
emails.  Either way, with an unmunged report or with a letter, they will be
listwashed.  However, the ISP will see it as a mistaken report and if it
comes from spamcop, start refusing to look at spamcop reports.

>> They might help provide the numbers for a
>> business like Target or Chadwick's (or even Topica) to start using more
user
> >friendly sign up procedures by writing directly to the company.

>I would still lart the ISP.
***That's because you know what you are doing. And they might listen to you.

<snip>

>Most ISP's that I've seen prohibit opt-out spam, so if you're not reading
>the privacy policy, which seems to be the case with Target, then yes,
>they'll listwash you since they do say they'll add you to their list if
they
>have your email address.
****In this particular case, I was not buying from Target, but from the
Signals catalog.  I used a Signals catalog number to order.  There was no
reason for me to think that I would be added to Target's mailing list or
that I needed to check out their policy.  And in any case, IMHO, with spam
increasing any "unexpected" email is more and more likely to be reported (or
filtered out).  It becomes the merchant's problem if the buyer does not
explicitly know when they order, on the order page, that they are also
signing up for a mailing list.  (and IMHO, it is also unethical to hide
things like that in fine print).  And IMHO, ISP's who side with their
clients on these issues are also unethical.  It is not the standard
confirmation email procedure.
<snip>

>Depends on what the consequences are to the ISP for not dealing with the
>spammer. I don't unsubscribe from things I didn't subscribe to. I will
>create a unique address for a company and see if they sell it or spam me.
And neither do I.  To the best of my knowledge and belief, I never agreed to
receive emails from Target.

> > Well, they may confirm it by the fact you bought from them and your
email
> > didn't bounce.
>
> Exactly. I don't believe that that many people "forget" they signed up
for
> a mailing list.

>In this case it appears you did, based on their Privacy Policy.
****Which I never saw so I couldn't forget it.  But that's what I imagine
many ISP's would say and that's why they think there are so many "mistakes."
IMHO, there are probably more problems with how the list was created than
there are people who "forget"  They just never realized that they would be
signed up without someone asking them if they wanted to, the notice was not
clear, and maybe a bunch of other things.

>
> > > Even ISP's are using the false "bounces" (not code replies, but email
> > > replies) that, in theory, at least are the same as spam (sending
> > unsolicited
> > > email to unknown addresses that, while are not bulk from one
individual,
> > > have the same effect since they are replies to bulk mailings).
> >
> > I find spammers ignore the 5xx bounce messages and keep right on
spamming.
>
> I think you misunderstood me here. IIUC from the Bounce thread, when an
ISP
> gives an option to "bounce" for a filtering program or when somebody uses
> Mailwasher, those are all going to the forged return paths which, aside
from
> irritating or scaring someone whose address has been used by the spammer,
> also causes servers to get a significant number of tries to non-existent
> addresses, etc. which is a pain for the admin of that server.

I'm talking about the mainsleeze spammers who keep changing their domain
names. The return paths are real, and so are the mail servers sending. They
would get a 550 if they looked when my server responds:
reject=553 5.3.0 Mail from 199.166.201.172 Email blocked using SPEWS

> ISP's put up
> with that, but they can't put up with a few mistaken spamcop reports?

I think the problem is it's more than a few, and for the ISP w/o the
sender's real email address they can't check the customer's list to see if
that address really did sign up or was confirmed.

***I don't know why an ISP can't tell by looking a list whether it is a
confirmed subscription list or not.  Or why he can't test it out one time,
on the first report, to see if it is.  Of course, the person's name is going
to be on that list; he got an email.  The question is whether he "forgot" he
signed up or whether no one told him, he signed up.

> If
> we(tinw) are going to win the battle against spam, everyone has to put up
> with some inconveniences.

Which is why SPEWS works so well. The spammers are identified and it's up to
the ISP to get rid of them.

> Why shouldn't ISP's put up with a few more
> mistaken reports if it means that they get more indication of real spam
(or
> clients who are not really using confirmed subscription practices) because

> many more people are reporting?

Becasue often they are not getting anything but munged reports from Spamcop
and they have no way to know if it's a joe job or real spam.
***I am not just talking just about spamcop now.  If more people knew to
report, there would bound to be more reports period and the number of
mistakes would increase.  The reports from spamcop are much less likely to
be a joe job (in the sense that someone is making the reports falsely) than
unknown senders.  I would think that an ISP would have some kind of clues
besides the email address of the reporter especially if it is a joe job or
not a marginal case.

> It is the "not in my backyard" mentality
> that those who don't want spam, but also get bent out of shape if their
> emails are blocked or emails to them are blocked by their ISP have. Those
> people will have to accept some inconvenience until the market sorts
itself
> out. The "innocent" people on SPEWS blocks, the newsletter with a broken
> unsubscribe, the legitimate retailers that have to go to great lengths to
> confirm subscriptions, etc.

What great lengths? Subscription goes out, confirmation comes back. Not too
tough.
****They can't change those parts that recipients might whitelist on or it
will get blocked, filtered to trash, reported.  There are lots of little
things that a conscientious bulk emailer would do that are really not
necessary except for spam.

> all have had to do things that they don't like
> doing and add time and effort to their days.

A cost of doing business. Making change is time consuming in retail, but you
don't get to round up to avoid it.

> Why shouldn't abuse desks -
> especially white hat abuse desks? (and that is something perhaps that I
> could post on nanae and get debated reasonably).

***ISP's are also businesses and good abuse desks are a cost of doing
business.

Try using spamcop to just tell you where to send and email it yourself
unmunged and see what happens. Maybe you'll end up finding an ISP that uses
the Spamcop BL and/or SPEWS and Spamhaus to block.

****If you are referring to the Target issue.  I did lart it through spamcop
and the first time explained the circumstances in the user comments.  And as
I said if all I want to do is get lishwashed, I can probably just the use
the "unsubscribe"  It would be a lot easier and I certainly wouldn't want to
put extra work on an abuse desk when I can do it myself.

Miss Betsy, an almost new spamcop user
sorry about the quoting - I just don't have time to fix it right now