![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Open Proxy SCBL Rules
K. Crocker
nobody at spamcop.net
Tue Feb 1 23:54:29 EST 2005
John E. Malmberg wrote:
> K. Crocker wrote:
>
>> If spam is reported coming from an open proxy and the address is
>> subsequently listed, is there a check to keep the address listed if it
>> is still open when the listing times out? If not, can anyone think of
>> a reason not to add this qualification?
>
>
> Spamcop.net does not perform open proxy tests. It only looks at the
> open proxy data to aid in the accuracy of the parsing.
>
> My mail server operators, like many have the open proxy list checks
> before they accept e-mail, so once the spam source is on the open proxy
> list, their mail servers no longer receive any spam from it.
>
> It also means that their users are no longer reporting spam from it to
> spamcop.net.
>
> There is no reason for spamcop.net to duplicate the function of the open
> proxy lists.
I suppose it depends on SpamCop's charter and how accurate the
determination of "open proxy" is. My ISP hasn't revealed the algorithm
it uses, except to say that they are using SCBL. Every additional list
each ISP uses consumes that much more bandwidth, multiplied by each
piece of email (spam and valid) flowing through the internet.
Logistically, it could be argued that the perfect block list should add
blackhat addresses ASAP and keep them there ALAP, commensurate with a
totally automatic system.
>> Also, if spam is submitted that indicates that its source is an open
>> proxy, would it make sense that the address should be listed
>> immediately, bypassing any rules that require samples from different
>> submitters before a listing occurs?
>
>
> The parser does not indicate if the I.P. address is already on the
> spamcop.net list. For you to check that would mean an extra step each
> time you submit a spam.
I think you missed my point. I understand what you are saying. I've
done both parsing and checking to see if an IP address was on the SCBL
on numerous occasions. My intent was to foster a discussion, perhaps
observed by a deputy, to get open proxy addresses added ASAP to the
SCBL, rather than waiting for corroborative evidence.
>> My POP3 service uses the SCBL, so any spam I receive is usually from
>> sources not on the SCBL. A large proportion of that spam appears to be
>> coming from open proxies, hence the interest. Thanks for your comments!
>
>
> It is probably is a case that your mail server operators are using an
> open proxy list, yet at the time your mail server operator accepted the
> e-mail, that I.P. address was not yet on either the open proxy lists
> that they use, or on the spamcop.net list either.
I would guess that my ISP is *not* using an open proxy list, or, at
least, not the one SC uses. I've parsed spam literally seconds old that
shows up open proxy, yet was admitted through my ISP.
> Statistics from one of my mail server operators show that the
> spamcop.net blocking list is only catching 3% of the spam. The majority
> of spam is removed by more conservative blocking lists.
I think you meant liberal. SCBL would be considered conservative, since
one of it's aims is to block as little valid email as possible. Pardon
the nit picking...
> Other statistics that I am seeing indicate that the bulk of the spam is
> coming from dynamic pools, which many mail server operators block.
<dynamic pool discussion> Thanks for the info!
> But do not submit I.P. addresses for listing in a dynamic pool unless
> you have strong evidence that the I.P. address is dynamic, as the
> processing of them is completely manual.
Ah, if I had the kung fu (time + effort) to do this! I once kept track
of some of the IP addresses used by one spammer as they sent one
particular email campaign. I recorded well over 100 different addresses
before I got tired, many from vastly differing blocks, none reused.
This has nothing to do with the open proxy issue, but just to say that
spammers have the "whack-a-mole" game down pat.
If the open proxy determination was simple and bullet proof, I don't
see a reason why it shouldn't be used to prevent known chronic repeat
offenders from moving back into my neighborhood, to borrow from a
different analogy.
> -John
> wb8tyw at qsl.network
> Personal Opinion Only
Thanks for your comments and info!
More information about the SpamCop-List
mailing list