[SpamCop-List] Re: Blacklists don't work - with less babble

[Miss Betsy]

"Bucky" <spamcop at bucks.f9.co.uk> wrote in message
news:cvghlp$tkg$1 at news.spamcop.net...
<snip> Also based on real experience, Outlook 2003 picks up almost
all the spam I
> receive and maybe 1 in 500 are wrongly marked as spam. This seems
a much
> more reasonable false positive rate IMO.

1 in 500 is a lot harder to find than one that is rejected at the
server and returned to you.  I guess that I am agreeing with you
that blacklists don't work.  Blocklists are the way to go.

>
> 1. Domain name host forced to use Spamcop
> ===============================
> My domain name host is forced to use Spamcop data by upstream
ISPs. They are
> also forced to add [*SUSPECTED SPAM*] to the beginning of the
subject line
> as the upstream ISPs say that just adding the Spamcop header is
not good
> enough; their reason for this is that "some email programs cannot
filter by
> header".
>
> This information is from discussions with my domain name host. I
have had a
> number of conversations with them about this and so please do not
say that I
> am *WRONG* and have no clue what I am talking about.

I don't understand very much about forwarding services, but even
though you may be correct in repeating what they say, it still
doesn't make sense to me.

<snip>
> Just saying "well change your domain name host" is not helpful. I
have a
> long and good relationship with this company who offer IMO an
excellent
> service, apart from this annoyance now that they are forced to
use Spamcop
> data.

It is not spamcop data that is causing the problem; it is how it is
being used, IIUC.  And also making a sweeping statement that all
blacklists don't work is not accurate.  There are blacklists that
are not as aggressive as spamcop that many ISPs use.

> 2. My ISP's outbound email server was recently added to Spamcop
> ==============================================
> Due to one machine being hijacked by spammers, hundreds of
people, including
> myself had their emails affected by Spamcop data. My ISP is *not*
> "irresponsible or ignorant of ordinary internet safety measures"
and cleared
> the issue up with Spamcop within a few hours. During that time
though, my
> emails to various customers and friends were marked as
[*SUSPECTED SPAM*]

I realize that this wasn't from the same post, but it is not your
ISP or spamcop's fault that there is spam.

"Anyone who uses email probably can be expected to be blocked
sometime just as any traveler on any interstate can expect to
encounter stoppages at some time.  However, if there are many such
problems, then it is time to look for a more reliable email
provider."

<snip>
> If I were to post a letter in the same post box on the street as
my
> neighbour who was committing fraud, should I expect to be
associated with
> them and slandered in the process?

There are neighborhoods where you can't get a pizza delivered or a
taxi.  Why should online be so different?

>
> The problem here is that even though the blacklist is only saying
this 'may
> be spam', many people and ISPs see it as meaning 'definately
spam'. This
> causes some to just drop the email completely with no response to
the sender
> to say why.

And that is wrong, but not spamcop's fault.

>
> This is fine if it really is spam, but a blacklist alone cannot
give you
> that fact. I understand that there are some on this newsgroup who
use many
> blacklists and other filters. That sounds like a better solution,
but there
> are also plenty of people who feel just a blacklist is enough. I
get that
> impression from Miss Betsy for instance.

I don't run a server and can't speak from experience about the
proper combination of filters for a particular situation.  I am an
advocate of blocklists that reject at the server level with a
message to the sending machine.  That the recipient never sees
spam.  If there is a problem, the sender has to deal with it.  Nine
times out of ten, it is either a real problem that they need to
address or as in your case, one of those hitches in modern life
that happen because there are crooks and idiots - even the best ISP
may sometimes let a spammer slip through.  And if there is truly a
mistake on the blocklist, then it can also be addressed immediately
since the sender knows that his message has been rejected.

>
<snip>
> 4. Blacklists don't work
> ================
> Blacklists mark an IP or range of IPs as sending spam. Miss Betsy
rightly
> IMO believes that the only way to stop spam is by stopping the
sender, but
> blacklists do not do that; they (in theory) just say that a
particular
> sending IP may be a spammer.
>
> Blacklists mark IPs, as far as I understand, from user reports.
These users
> include (from what eddie said?) Norton Antispam users, and other
antispam
> packages which probably make it very easy to mark something as
spam. This
> marking of spam is a lot easier than reading the email to see how
to
> unsubscribe, and so adversly affects legitimate bulk emails.

You don't understand how all blocklists work.  Spamcop relies on
user reports (which has nothing to do with marking something as
spam in some program).  Legitimate mailing lists can quickly show
that the recipient had requested to be on the mailing list (and
while it is a nuisance, there aren't that many that make a mistake
and report an email that they had requested and is part of the
business of being an email mailing list manager).  Again, there
wouldn't be a problem if it weren't for the spammers.
>
> Equally, for an ISP, if just one customer's machine is hijacked
and sends a
> bulk spam, then even if it is caught very quickly and taken off
the network,
> the damage has already been done. The ISPs email server will be
put on the
> blacklist, and adversly affect all customers that use that email
server for
> a period of time.

For other blocklists, perhaps.  However, for spamcop, the listing
expires when the spam stops.  It is often a good thing to get a
spamcop report before other blocklists list which do require more
to get off.  It is kind of an early warning system that something
is wrong.  There are also ways, I think, that ISPs can detect
themselves that something is wrong if they took the effort to use
them.  (that I am not sure of)

If more ISPs used blocklists, then there wouldn't be as much grey.
It would be black and white.  White could send and receive email
with no hindrance from spam.  Black could receive email from
anyone, but those using black, would have to use a white web based
email to send email that anyone could receive.

Miss Betsy