Changes at Spamcop

Earlier this week some ESPs started asking if other ESPs have seen an uptick in Spamcop listings. The overwhelming answer (9 of 11 ESP representatives) said yes. I’ve also had clients start to ask me about Spamcop listings. All in all, there seems to be some changes at Spamcop that means more senders are showing up on the Spamcop radar.
Luckily, Spamcop provides us some insight into their data processing. If you look at the current monthly volume graph, we can see some very interesting changes in data.

Spamcop volume graph
Volume of received mail went way up in late September.
We can see, before the volume spike, that the number of reports sent tracked closely to the spam submitted. The number of reports stay reasonably consistent through the volume spike. I think it’s a reasonable interpretation that SpamCop has started receiving some new data sources in the last few weeks. I suspect these new data sources are the ones driving the new listings.
There are people who attribute the increase in listings to new spamtraps coming online. The data does seem to suggest that something brought more data to Spamcop, and a new trap feed is highly likely.
This is just another example of the continual adaptation of filters. Filters are going to try and catch as much spam mail as possible. And part of that is bringing on new spamtraps. Spamhaus does it, Spamcop does it, commercial spam filtering companies do it. M3AAWG has even published a best practices document on creating spamtraps (.pdf download).
If you’re seeing an increase in listings on the Spamcop blocklist, you’re not alone. If these really are spamtraps, then you should look at your bounce handling process and see why these addresses weren’t removed in the past.

Related Posts

Barracuda clicking all links in emails

A number of people have asked me recently if I know anything about appliances clicking all the links in emails. Some of those people have asked specifically about Barracuda, some have just asked if I knew of any filters that clicked links.
The answer is, yes, there are cases where spam filters have followed all the links in an email. One of the filters that I know has done this in the past is Barracuda. Based on discussions with the different people who are reporting this behavior, it does seem that this is happening more often. One person did mention that they were primarily seeing this with mail where the click domains were different from the From: domains.
I’m still working on getting more information from folks, and will update if I hear anything more. I’m also working on some advice for folks who get caught in this.
If you have experience with Barracuda (or other spam filters) clicking all the links in an email, drop me an email (contact)

Read More

TWSD: Adapt to filters

This morning the new Yahoo! CEO posted about changes to Yahoo! mail. I logged into one of my Yahoo accounts to check and see if I had access to the new Yahoo! mail client yet. I don’t, but I did notice that spammers have adapted to the new Yahoo model of disabling filters in the mail folder. Most of the mail in my inbox has, at the very top of the message “Click not spam to enable links!”
My favorite has to be the animated gif of how to click “not spam.”
Spammers spend so much time and energy compensating for filters, hopping IP addresses, rotating through domains, and specially creating mail for different ISPs. I have to wonder, though, if they would waste less time by sending opt-in mail.

Read More

Filtering is not just about spam

A lot of filters started out just as filters against spam. But over the years they’ve morphed into more general blocks against dangerous or problematic email. There’s a lot of crime and bad behavior on the internet, much of it using email as a conduit or vector. Filtering is so much more than stopping spam now. It’s as much, or more, about stopping crime.
Email filters are essential to protect us from scammers. Sometimes I forget this, and then I read about a grandmother getting swindled by a Nigerian scammer and ending up dead.
There are real consequences to poor filtering and there is real crime facilitated by email. It’s easy to forget this as we deal with the email that gets caught in filters when they shouldn’t.
Filters are one of the first lines of defense against online crime.
Not only does filtering stop crime, but they also keep email working. An unfiltered mail stream is an ugly, unreadable, unworkable mess.

Read More