[linux-elitists] SpamCop Forgeries

Aaron Sherman ajs@ajs.com
Fri Sep 13 23:37:49 PDT 2002


On Wed, 2002-09-11 at 23:54, Dan Wilder wrote:
> On Wed, Sep 11, 2002 at 08:00:13PM -0700, Marc MERLIN wrote:

> > Any major mail server will be on  spamcop sooner or later because some moron
> > will send a non spam mail to spamcop and say it's spam.

Yes, this can happen (it happened to me when I ran a site that sent out
newsletters to users who never remembered signing up). We were able to
clear this up with Spamcop quickly and efficiently. Spamcop actually
places fairly little weight on individual spam submissions.

> > I can  also forge  a mail and  pretend you sent  it to  me and get  your own
> > server blacklisted on spamcop.

Let's be clear (I think you're right, but I'm not sure if you're saying
what I think you are): you can doctor some Received headers and submit a
piece of spam such that it looks like it came to you via me. Yes, you
can do this. Spamcop does do a fairly good job of weeding these out, but
there's a limit to how much you can do. Yes, user-submitted information
is not 100% useful, but it does work. I also like the sustainable model
of BL-for-pay. I'm happy to cough up a few bucks a year for the service.

> > Do  not use  bl.spamcop.net for  anything else  than giving  a low  score in
> > spamassassin or maybe a warning header.

I set spamcop's blacklist test to 2.0 in my spamassassin. So far, any
time a message has been flagged for that reason, it's been 100% spam.
Then again, perhaps there are messages that never made it to my
threshold that SC was flagging.

> Thanks, Marc, for the words of caution and sanity.

I don't think that urging people to ignore Spamcop is particularly
cautious, and I'm not qualified to judge sane.

I've been using the service (and submitting fresh spam) for 2 years now,
and I really love it. The email forwarding I could take or leave
(ajs@perl.org goes to me via a spamcop filter/forward) but the blacklist
and the spam submission are great features. I love being able to
actually do something about spammers, and I hope that more people begin
to use the service.


-- 
Aaron Sherman <ajs@ajs.com>
http://www.ajs.com/~ajs




More information about the linux-elitists mailing list