[SpamCop-List] Re: Victim of Spam-Trap addresses...

[Marc W. Mengel]

Larry Kilgallen wrote:

> Why is it _our_ problem to settle the exact way in which your highly
> vulnerable network is spamming ?  

Spamcop has, in a public forum, declared us to be  "spammers", if only 
for 5 apparently random days.

If I were posting notices in public forums, declaring *you* to be a 
{rapist,thief,minion of Goser} but refusing to give any actual evidence 
of same, you would be similarly peeved, and rightfully so.

You, personally, have accusing us of running a "higly vulnerable 
network", and of "sending unsolicited bulk email".  And in your case,
you don't even have whatever evidence spamcop claims to have.  And I
think you owe me, and my coworkers, an apology for such claims.

 > You seem to indicate you have not prevented backscatter, viruses, etc.

I most assuredly have not indicated any such thing.  I said we have not 
yet removed *all* backscatter from our site; but the same is true of 
*everyone* here.  After all, if you are, as you claim, running only 
confirmed-opt-in mailing lists, then sending a subscription request
to your mailing list server yeilds an opt-in message in reply, yes?

Guess what -- that opt-in confirmation message is *backscatter*.  And I 
bet if we poked around for a while, we could come up with dozens of 
other situations under which your site would still send email to an 
unconfirmed email address.  In fact, I bet you have *printers* that
will send email to an unconfirmed address everytime they run out of
paper, or even every time they print a print job, if so configured.

If someone managed to get one of your printers configured to email
a spamtrap, how would *you* find it?  You would probably have to
ask the folks who run the spamtrap.  And if they don't reply, you've
got nothing.

>>Secondly, I have yet to see *any* evidence that we actually are sending 
>>spam.  And of course having such evidence would be useful, as it is
>>literally a Federal offense to use our systems for such a purpose.
> 
> Spam has to do with the unsolicited bulk email coming out of your facility,
> not with the exact details of how you created it.

So in this case, our listserv was sending "your message has been 
forwarded to a list moderator for approval" (not the text of the 
message, just the two-line note) to the apparent sender of messages
which were flagged by spamassasin (it isn't any more, by the way).

So this had *nothing* to do with who was subscribed to lists, whether 
they were confirmed, whether our gateways were validating addresses, 
etc. etc. etc., it was simply a listserv admin not noticing a sentence 
in a manual about the conditions under which an auto-reply message got sent.

But you happily labeled our site as "vulnerable" and me and my 
associates as spammers, with no evidence to back it up, just the
blatant assumption that any site that sent anything to a spamtrap
address was clearly a spammer.

>>But the thing to remember is, the more you blacklist sites who are doing 
>>their darndest to squelch spam with the resources they have, the more 
>>you make yourselves a bad source of blacklist data.
> 
> 
> It is precisely the rigor of the SpamCop methodology that makes the
> list so valuable.

It is *more* valuable when it helps provide information to those who 
turn up on the lists about *why* they turn up on the list, so they can
do something about it.  Actually stopping sources of unwanted mail is 
more useful than simply blacklisting them.  And in this particular, 
grantedly isolated, case, all the FAQ's and configuration hints that you 
folks repeated so heavily were *not* useful.  Only the actual 
information about the origin and  content of the messages being sent
was useful to discovering and correcting the problem, and that was what 
took over a month to obtain, despite a polite, concise request on the
first appearance of our site on the spamcop blacklist.

Marc