[SpamCop-List] Re: Great. Now it's my turn to get blocked.
nobody at spamcop.net
Sun Jan 25 15:36:41 EST 2004
Michael Lefevre wrote:
> Mike Easter wrote:
>>I have several 'problems' with the result of spamtrap parses creating a
>>SCbl listing. One of them is that the effect is based on 'autopilot'
>>which /assumes/ several things which are not appropriately assumable,
>>namely that the parse is *correct*. Ideally, a 'normal' parse and
>>report would be overseen by a 'competent' human who would recognize a
>>parse error or premature chain breakage and cancel. This is not the
>>case for the spamtrap hit.
> For the spamtrap headers I've seen, I would think it's quite unlikely that
> a parse could go wrong. If it does, it's the person running the spamtrap
> that has the problem. I don't think that particular issue is likely to be
> a problem.
I have two big worries about automated processing of mail received
at spamtrap addresses:
1 - The header parsing can and does make mistakes. One of my
hosts was a victim of a parsing error last year when the
rDNS lookup timed out because of high system load (the
infamous "Molasses Meltdown"). That rDNS lookup failure
caused the parse to bail and blame my IP. This is another
reason for a human to vet a purported spamtrap report.
2 - If a spamtrap address is available to be harvested by a
'bot, then it can be gleaned by a human. For example, the
rotating spamtrap addresses that appear and change from time
to time on the various SpamCop web pages. A malicious
person could grab one of those, and subscribe it to a
mailing list somewhere.
That well-run mailing list will of course send a subscription
confirmation message with some sort of unique key ("double
opt-in", "confirmed opt-in", "closed-loop opt-in", whatever
you want to call it).
When that mailing list sends the confirmation email to the
spamtrap address, it must not get listed automatically!
It's doing exactly what we want (and demand) the mailing
list signup process to do. Innocent mail sent to a spamtrap
address needs to be filtered out, and that may require human
Don Wannit <edb2000 -at- spamcop.net>
A paid SpamCop user since 1999
More information about the SpamCop-List