Home

Spam email has been one of my pet peeves for years. Five or six years ago I set up an autoreply script in my email program to generate a nastygram on command, but was soon thwarted by the faked email headers many spammers used. Then for a while I forwarded all my spam to an address set up by the FTC, for whatever good that did.

Then a month or so ago I took the plunge and signed up with spamcop.net. It’s the first thing that has worked.

Spamcop.net is a service run by one guy with a few servers in his basement. He’s developed a filtering routine that recognizes the majority of spam formats. For $30 a year, I set all my accounts to redirect all incoming email to my spamcop.net address. Spamcop filters my email and strips the spam out into a held-mail directory. Besides the Spamcop filter, you can also choose to turn on a half-dozen filters made by other people and groups. All email passing muster can be retreived by my email software as usual through POP or IMAP. In addition, Spamcop boasts one of the best webmail interfaces I’ve seen. I can log on while away from my main computer and all my email is there, from all accounts. Given that I receive email at three different accounts every day, this is very handy.

How good is the filtering? I’m just using the basic Spamcop filter, none of the extras, but it’s superb. In a typical week, Spamcop removes well over 100 spams from my incoming mail. Maybe 8-12 get through. It’s really a joy–my inbox is my friend again, instead of the terrible tyrant who brings me pain.

Spamcop does block some legitimate email, mostly random stuff from mailing lists I subscribe to that happen to match some characteristics it suspects. But it doesn’t delete anything without my approval. Instead, I get an email report from Spamcop (configurable to arrive on any or all days of the week I want) listing the subjects & senders of all held mail. Using Spamcop’s web interface, I can see all these filtered emails at once. I can mark them all for deletion and/or mark some for release to my inbox. When I release one, it adds the sender’s email address to a whitelist of approved senders whose mail will no longer be filtered out.

But it gets better. Spamcop also has a very sophisticated spam-reporting service. I can take a spam that got through the filter–or any spam Spamcop filtered–and ask Spamcop to complain about it for me. Spamcop takes the email text, including the full headers, and runs a bunch of scripted tracing routines on the upstream providers, web site and email addresses, and so forth, and generates reports to whatever relavent postmasters it can uncover. It then gives you a list of the addresses it’s sending reports to and you can check/uncheck each one, in case you know some are wrong (such as your own ISP, though that hasn’t happened so far). It’s easiest to just stick with its recommended ones, which are the ones the reporting script has the highest degree of confidence in for accuracy, and then you tell it to get busy.

Spamcop sends out email reports to those destinations with all the dirt it could uncover about the source of the spam. Here’s an example from today, showing what it found about a piece of spam I fed it. This isn’t a report it generated, just the detective work it did and told me about on its results web page:



SpamCop version 1.3.3 (c) Julian Haight, Joel Martin 1998-2002 All Rights Reserved

Saved email:

This page may be saved for future reference:

http://spamcop.net/sc?id=z35248995z52f5600fbcb01d6ab5533bb06f04ba9ez

Converting X-Received to Received:

[show] “nslookup 112.120.118.211.relays.ordb.org.” (checking ip) ip = 127.0.0.2

[show] “nslookup 211.118.120.112” (getting name) no name

[show] “whois 211.118.120.112@whois.arin.net” (Getting contact from whois.arin.net)

   Redirect to apnic:

   [show] “whois 211.118.120.112@whois.apnic.net” (Getting contact from whois.apnic.net)

      whois.apnic.net redirects to krnic

      [show] “whois 211.118.120.112@whois.krnic.net” (Getting contact from whois.krnic.net) (old krnic) Found Admin: b0027848@users.bora.net

      Found Technical: b0027848@users.bora.net

      whois:211.118.120.0 – 211.118.120.255:b0027848@users.bora.net

Routing details for 211.118.120.112

Using last-resort contacts:b0027848@users.bora.net

Whois found:b0027848@users.bora.net

Found link:http://216.240.140.55/datacenter.htm

[show] “nslookup 216.240.140.55” (getting name) no name

[show] “nslookup 216.240.140.55” (getting name) no name

[report history]

Tracking ip 216.240.140.55:

[show] “nslookup 216.240.140.55” (getting name) no name

Routing details for 216.240.140.55

[refresh/show] Cached whois for 216.240.140.55:infosystems@atmlink.net

infosystems@atmlink.net: abuse.net atmlink.net = abuse@webvision.com, postmaster@atmlink.net, spamtool@level3.com

abuse.net atmlink.net = abuse@webvision.com, postmaster@atmlink.net, spamtool@level3.com

Using best abuse.net reporting addresses:abuse@webvision.com postmaster@atmlink.net spamtool@level3.com

postmaster@atmlink.net bounces (9895 sent : 6883 bounces)

Using postmaster#atmlink.net@devnull.spamcop.net for statistical tracking.

spamtool@level3.com redirects to level3@admin.spamcop.net

Whois found:postmaster#atmlink.net@devnull.spamcop.net level3@admin.spamcop.net abuse@webvision.com

Found link:http://216.240.140.55/healthcare/627200/

[show] “nslookup 216.240.140.55” (getting name) no name

[show] “nslookup 216.240.140.55” (getting name) no name

[report history]

Tracking ip 216.240.140.55:

[show] “nslookup 216.240.140.55” (getting name) no name

Routing details for 216.240.140.55

[refresh/show] Cached whois for 216.240.140.55:infosystems@atmlink.net

infosystems@atmlink.net: abuse.net atmlink.net = abuse@webvision.com, postmaster@atmlink.net, spamtool@level3.com

abuse.net atmlink.net = abuse@webvision.com, postmaster@atmlink.net, spamtool@level3.com

Using best abuse.net reporting addresses:abuse@webvision.com postmaster@atmlink.net spamtool@level3.com

postmaster@atmlink.net bounces (9895 sent : 6883 bounces)

Using postmaster#atmlink.net@devnull.spamcop.net for statistical tracking.

spamtool@level3.com redirects to level3@admin.spamcop.net

Whois found:postmaster#atmlink.net@devnull.spamcop.net level3@admin.spamcop.net abuse@webvision.com

Please make sure this email IS spam:

From: “john” (Can you Afford not to have Health Insurance?)



View full message

Report Spam to:

Re:210.164.102.78 (Administrator of network where email originates)

To: miura@acs.co.jp (Notes)

To: okada@ntt.ocn.ne.jp (Notes)

Re:211.118.120.112 (Administrator of network with open relays)

To: b0027848@users.bora.net (Notes)

Re:211.118.120.112 (Automated open-relay testing system(s))

To: Internal spamcop handling: (testrelays) (Notes)

Re:http://216.240.140.55/datacenter.htm (Administrator of network hosting website referenced in spam)

To: abuse@webvision.com (Notes)

To: Internal spamcop handling: (level3) (Notes)

To: postmaster#atmlink.net@devnull.spamcop.net (Notes)

Re:http://216.240.140.55/healthcare/627200/ (Administrator of network hosting website referenced in spam)

To: abuse@webvision.com (Notes)

To: Internal spamcop handling: (level3) (Notes)

To: postmaster#atmlink.net@devnull.spamcop.net (Notes)

ATTENTION: Report only email addresses and web sites which you think are used by the spammer. If you are unsure, do not check any boxes which default off. This will send mail to a network administrator. Please do not waste their time if this is not spam. The last thing we want is for administrators to stop taking these spam reports seriously.


See that? All those addresses in the last few sections are the people who will get the report Spamcop generates about this spam. Hopefully, a few of them will be in a position to shut down access by the spammer.

Spamcop isn’t perfect. It’s becoming very popular, and at times the mail server gets slow or goes down due to heavy access. He’s adding another server this week and will continue to do so as necessary–one benefit of paying for such a service is there’s money for upgrades. But the majority of the time it works great. Getting all this endless spam out of my life, and even having the tools to finally strike back, is a fabulous, wonderful thing.

I love Spamcop! You should to, at http://www.spamcop.net/