Mailing list gateway getting reportted at SpamCop

[Dennis Oelkers]

Hello list,

during the last few days we are receiving SpamCop-reports concerning the
submission of mails originating
from one of our host repeatedly. We found out that all of those reports
are related to someone (or something)
submitting mails from ruby-talk which were forwarded by the Usenet <->
mailing list gateway running at our site,
so SpamCop determined the gateway as the origin of those mails.

Those mails were not even close to uce, they are just 100% legitimate
comp.lang.ruby postings, and it seems
that the person (or the script?) submitting those postings to SpamCop is
always the same.

Nevertheless we fear that we might get listed in the SpamCop-RBLs, and
one of my Co-Admins (who is
my supervisor) concluded the situation in our last conversation with the
sentence "do something so it will stop".
I guess I don't have to explain that "something" may mean "shut the
gateway down" in the long run.

My questions:
- Do we have the same problem with other mailing list traffic getting
reported?
- Is it possible to find out who is submitting the legitimate traffic to
SpamCop, and manually unsubscribe that
address from ruby-talk?
- Are there really people stupid enough to mix up mail they received
from a mailing list (and which they probably
subscribed themself to) with uce, or is it a script which is reporting
us at SpamCop?
- Does anyone here has experience with SpamCop and false submissions?

I do not want to shut down the gateway in any case, but I might get
forced to. I hope for your help.

Kind regards,
Dennis Oelkers

 

[Robert Klemme]

First thing I'd probably do is to contact SpamCop and try to sort out with
them:

- how we got on their list and

- whether they can whitelist us or

- change their algorithm to just include original posters not gateways.

I don't know how promising this approach is though...

Kind regards

robert

 

[Craig Moran]

I'd like to add a piece to this puzzle. Maybe this will help to
trigger a solution. I am using Gmail (as are plenty of other folks),
which does some SPAM filtering automatically. I have received a few
bonafide SPAM messages via ruby-talk and have labelled them as such.
However, Gmail's SPAM filtering has taken over and has started
labelling a few legitimate messages as SPAM and moves them from my
Inbox without me ever seeing them. Does Gmail report these
automatically?

I don't wish to point the finger at anyone in case it is their fault
(and to save their pride), but I have noticed that these legitimate
postings to ruby-talk are all from the very same sender. Only 6 such
email messages were auto-labelled as SPAM from 28 DEC 2004 to 5 JAN
2005. Have any of our other Gmail users experienced this?

If the person's name and email will help clear this up, please request
a private message from me with a private email addy.
Warm Regards-
Craig

 

[Robert McGovern]

trigger a solution. I am using Gmail (as are plenty of other folks),

which does some SPAM filtering automatically. I have received a few
bonafide SPAM messages via ruby-talk and have labelled them as such.
However, Gmail's SPAM filtering has taken over and has started
labelling a few legitimate messages as SPAM and moves them from my
Inbox without me ever seeing them. Does Gmail report these
automatically?

I have seen this as well, its possible. I've had to mark a few
messages as legitamate but I can't remember who they where from.

Rob

 

[Jared Richardson]

I don't know if this is an option for most people, but I use the newsgroup,
not the mailing list. Perhaps turning the list into a newsgroup only (w/a
handy web interface for those who don't do usenet) would solve the problem?

Jared

 

[Sam Roberts]

Quoteing (e-mail address removed), on Fri, Jan 07, 2005 at 05:06:37AM +0900:

I don't know if this is an option for most people, but I use the newsgroup,
not the mailing list. Perhaps turning the list into a newsgroup only (w/a
handy web interface for those who don't do usenet) would solve the problem?

That would make a number of folks very unhappy, I suspect.

Imagine if you were told you had to abandon your newsreader and use the
mailling list, but that you could use some lame web interface (and all
web interfaces to mail and/or news are lame in comparison to native
apps, IMHO) instead...

Cheers,
Sam

 

[Jared Richardson]

Quoteing (e-mail address removed), on Fri, Jan 07, 2005 at
05:06:37AM +0900:

That would make a number of folks very unhappy, I suspect.

Imagine if you were told you had to abandon your newsreader and use the
mailling list, but that you could use some lame web interface (and all
web interfaces to mail and/or news are lame in comparison to native
apps, IMHO) instead...

Cheers,
Sam

I agree with you... I only mentioned it as it sounds like the hosting
provider is going to terminate the list if a solution can't be found
quickly... and so far there don't seem to be any other solutions.

 

[Dennis Oelkers]

Hello Robert,

First thing I'd probably do is to contact SpamCop and try to sort out
with them:

- how we got on their list and

- whether they can whitelist us or

I already used their supplied response form, to tell both the submitter
and SpamCop that the reported mails are legitimate
postings of comp.lang.ruby, forwarded to ruby-talk. I did not receive a
response yet.

- change their algorithm to just include original posters not gateways.

Well, in fact it is already almost working like that. Instead of the
original poster (which could only be determined by the
From-header (which could be forged), it looks at the Received-header and
mails the site-contact which is listed in the whois db
of the netblock where the mail originates from. Due to the fact that the
gateway is the first hop where the mail enters SMTP space,
it will always be our host, no matter who wrote the mail.

We didn't receive any mails in the last few days, maybe the problem
solved itself. If it didn't, I hope we'll find a solution so I do not
have to shut down the gateway.

I don't know how promising this approach is though...

Kind regards

robert

Kind regards,
Dennis Oelkers

 

[Sam Roberts]

Quoteing (e-mail address removed), on Tue, Jan 11, 2005 at 12:35:57AM +0900:

Well, in fact it is already almost working like that. Instead of the
original poster (which could only be determined by the
From-header (which could be forged), it looks at the Received-header and
mails the site-contact which is listed in the whois db
of the netblock where the mail originates from. Due to the fact that the
gateway is the first hop where the mail enters SMTP space,
it will always be our host, no matter who wrote the mail.

I might be in outer-space here, but the gateway shouldn't be the first
hop... is there information in the Usenet message that can be used to
construct a received header (by the gateway) that points backwards to
the sender so that it doesn't look like its the gateway that originates
the email?

Cheers,
Sam