SpamCop

From Wikipedia, the free encyclopedia
  (Redirected from Spamcop)
Jump to: navigation, search

SpamCop is a spam reporting service, allowing recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" (SCBL) or "SpamCop Blacklist."

History[edit]

SpamCop was founded by Julian Haight in 1998 as an individual effort. As the reporting service became more popular, staff were added and the SCBL became more useful. It has commonly been the target of DDoS attacks and lawsuits from organizations listed in the SCBL.

Email security company IronPort Systems announced its acquisition of SpamCop on November 24, 2003,[1] but it remained independently run by Julian Haight, a small staff and volunteer help in its forum.

IronPort agreed to become a division of Cisco Systems on January 4, 2007[2] effectively making SpamCop a Cisco service. Julian Haight left approximately two years after the Cisco acquisition.[3]

Controversy[edit]

SpamCop's collaboration and creation of its blacklist is commercially controversial in that third parties that don't send spam are affected when an IP address they use becomes listed on the SCBL because of reports that accuse their IP address of being a spam/UBE source. This can happen because their IP address is shared with many other customers of their ISP. It may also be the result of malicious, careless or over-zealous reporting of spam.

Since addresses obtained by way of the above mentioned spamtrap method may have been falsely used as return addresses on spam messages, backscatter caused by these messages (including vacation messages and other auto-replies) can result in a receiving server being blacklisted if it fails to employ backscatter prevention techniques. One of the unique features of the SCBL, however, is that a listing expires automatically when no spam is reported from that source for 24 hours.

SpamCop notes that "The SCBL is aggressive and often errs on the side of blocking mail. By using the SCBL, you can block a lot of spam, but you also may block or filter wanted email" and suggests using the SCBL as part of a scoring system. Many ISPs and IT consultants use the SCBL as a confirmed authority for blocking decisions, often without making it clear to their clients that valid incoming messages may be rejected.

The SpamCop website has an esoteric guide of procedures for blocked senders to submit a de-listing request.[4]

Limitations[edit]

For first-time SpamCop Reporters, the SpamCop Parsing and Reporting Service requires that the reporter manually verify that each submission is spam and that the destinations of the spam reports are correct. People who use tools to automatically report spam, who report email that is not spam, or report to the wrong people may be fined or banned. This verification requires extra time and effort. Despite these steps, reports to innocent bystanders do happen and ISPs may need to configure SpamCop to not send further reports if they don't want to see them again. It is not clear whether reporting spam using SpamCop's reporting service actually reduces the amount of spam that one receives, and complaints on SpamCop's online forum provide anecdotal evidence to support some scepticism about its effectiveness. While some spammers may use SpamCop's reports for listwashing, others could retaliate. Spammers who determine the identity of the complainants can, by doing so, also verify that the email addresses are still in use. What is clear is that much spam email is filtered or blocked by the SCBL, which is fed by many SpamCop Reporters reporting their spam.

That said, SpamCop is effective at helping ISPs, web hosts and email providers identify accounts that are being abused and shut them down before the spammer finishes operations. Finally, SpamCop provides information from its reports to third parties who are also working to fight spam, amplifying the impact of its services beyond its own reach.

It is also remarkable in its own right that SpamCop has survived for so many years, considering the severity of opposition other anti-spam companies have faced in the past, most notably osirusoft and Blue Frog. SpamCop has dealt with attacks by spammers thus far by hiring services from Akamai, but is still the target of many hackers and could face serious difficulties like those faced by Blue Security if it continues to grow in size and effectiveness. The successful attack on Blue Security shows that significant offensive weapons can be wielded by the criminal syndicates behind spammers. SpamCop views itself as an attempt to stop spam without the necessity of governmental intervention, but because it lacks the power of a government or large ISP, it may have greater difficulty dealing with spammers' expertise as well as the large "bot" networks that they control and that they used to cripple Blue Security with a massive DDoS attack.[5]

Also, accessibility to help for paying customers is limited to forums and email; there is no phone number given out by SpamCop, and this can be quite inconvenient when severe problems arise that require immediate attention.

Fake similar organizations[edit]

Several websites exist purporting to provide similar services to SpamCop.net. For example, abusecentral.org (offline now) appeared to be run by phishers who redirect webtraffic elsewhere when people try to enter the phishing website in ways that phisher doesn't want. This will give investigators the incorrect impression that the phishing site has been taken down. Another such organization is SpamCop.com. According to posts on SpamCop.net's forum, SpamCop.com is a newer service owned by a company named Interspectrum, which uses the service to market its anti-spam products. The use of the same name for the same type of service may constitute trademark infringement, and may be confusing to new users who expect the more established of the two services to be hosted on the .com top-level domain.

See also[edit]

References[edit]

  1. ^ Press release: Ironport System Acquires SpamCop 24 November 2003, accessed 11 August 2007
  2. ^ Cisco Announces Agreement to Acquire IronPort 4 January 2007, accessed 9 October 2008
  3. ^ D'Minion, Don. "Reporting problems today? - SpamCop Discussion Forums entry 81639". Retrieved 24 July 2012. 
  4. ^ SCBL dispute resolution, Spamcop .
  5. ^ Hansell, Saul (9 November 2003). "Spammers Can Run but They Can't Hide". The New York Times. p. 1. Retrieved 28 December 2010. 

External links[edit]