![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Open Proxy SCBL Rules
John E. Malmberg
wb8tyw at qsl.network
Tue Feb 1 23:45:42 EST 2005
K. Crocker wrote:
> If spam is reported coming from an open proxy and the address is
> subsequently listed, is there a check to keep the address listed if it
> is still open when the listing times out? If not, can anyone think of a
> reason not to add this qualification?
Spamcop.net does not perform open proxy tests. It only looks at the
open proxy data to aid in the accuracy of the parsing.
My mail server operators, like many have the open proxy list checks
before they accept e-mail, so once the spam source is on the open proxy
list, their mail servers no longer receive any spam from it.
It also means that their users are no longer reporting spam from it to
spamcop.net.
There is no reason for spamcop.net to duplicate the function of the open
proxy lists.
> Also, if spam is submitted that indicates that its source is an open
> proxy, would it make sense that the address should be listed
> immediately, bypassing any rules that require samples from different
> submitters before a listing occurs?
The parser does not indicate if the I.P. address is already on the
spamcop.net list. For you to check that would mean an extra step each
time you submit a spam.
> My POP3 service uses the SCBL, so any spam I receive is usually from
> sources not on the SCBL. A large proportion of that spam appears to be
> coming from open proxies, hence the interest. Thanks for your comments!
It is probably is a case that your mail server operators are using an
open proxy list, yet at the time your mail server operator accepted the
e-mail, that I.P. address was not yet on either the open proxy lists
that they use, or on the spamcop.net list either.
Statistics from one of my mail server operators show that the
spamcop.net blocking list is only catching 3% of the spam. The majority
of spam is removed by more conservative blocking lists.
Other statistics that I am seeing indicate that the bulk of the spam is
coming from dynamic pools, which many mail server operators block.
Of the major DNSbls that cover dynamic pool addresses, the SORBS one
seems to be the most up to date. If you show technical details on the
spamcop.net parse, if the source I.P. is not an open proxy, but is known
to SORBS as a dynamic address, it will show up as 127.0.0.10.
In that case, find out which dynamic pool list that your ISP uses, and
how to submit new entries to them, so when you find one that is in
SORBs, it means it was not in your ISP's list, and you can get that fixed.
If the SORBS line does not show up in the parse, then you need to do a
manual lookup at the SORBS site.
And the rDNS can also tell you if the I.P. address is a "dynamic", or
"dhcp", or "dialup". In which case it should show up in the SORBS
dynamic database.
But do not submit I.P. addresses for listing in a dynamic pool unless
you have strong evidence that the I.P. address is dynamic, as the
processing of them is completely manual.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the SpamCop-List
mailing list