Mailing list gateway getting reportted at SpamCop

Discussion in 'Ruby' started by Dennis Oelkers, Jan 6, 2005.

  1. Hello list,

    during the last few days we are receiving SpamCop-reports concerning the
    submission of mails originating
    from one of our host repeatedly. We found out that all of those reports
    are related to someone (or something)
    submitting mails from ruby-talk which were forwarded by the Usenet <->
    mailing list gateway running at our site,
    so SpamCop determined the gateway as the origin of those mails.

    Those mails were not even close to uce, they are just 100% legitimate
    comp.lang.ruby postings, and it seems
    that the person (or the script?) submitting those postings to SpamCop is
    always the same.

    Nevertheless we fear that we might get listed in the SpamCop-RBLs, and
    one of my Co-Admins (who is
    my supervisor) concluded the situation in our last conversation with the
    sentence "do something so it will stop".
    I guess I don't have to explain that "something" may mean "shut the
    gateway down" in the long run.

    My questions:
    - Do we have the same problem with other mailing list traffic getting
    reported?
    - Is it possible to find out who is submitting the legitimate traffic to
    SpamCop, and manually unsubscribe that
    address from ruby-talk?
    - Are there really people stupid enough to mix up mail they received
    from a mailing list (and which they probably
    subscribed themself to) with uce, or is it a script which is reporting
    us at SpamCop?
    - Does anyone here has experience with SpamCop and false submissions?

    I do not want to shut down the gateway in any case, but I might get
    forced to. I hope for your help.

    Kind regards,
    Dennis Oelkers
     
    Dennis Oelkers, Jan 6, 2005
    #1
    1. Advertising

  2. "Dennis Oelkers" <> schrieb im Newsbeitrag
    news:...

    First thing I'd probably do is to contact SpamCop and try to sort out with
    them:

    - how we got on their list and

    - whether they can whitelist us or

    - change their algorithm to just include original posters not gateways.

    I don't know how promising this approach is though...

    Kind regards

    robert
     
    Robert Klemme, Jan 6, 2005
    #2
    1. Advertising

  3. Dennis Oelkers

    Craig Moran Guest

    I'd like to add a piece to this puzzle. Maybe this will help to
    trigger a solution. I am using Gmail (as are plenty of other folks),
    which does some SPAM filtering automatically. I have received a few
    bonafide SPAM messages via ruby-talk and have labelled them as such.
    However, Gmail's SPAM filtering has taken over and has started
    labelling a few legitimate messages as SPAM and moves them from my
    Inbox without me ever seeing them. Does Gmail report these
    automatically?

    I don't wish to point the finger at anyone in case it is their fault
    (and to save their pride), but I have noticed that these legitimate
    postings to ruby-talk are all from the very same sender. Only 6 such
    email messages were auto-labelled as SPAM from 28 DEC 2004 to 5 JAN
    2005. Have any of our other Gmail users experienced this?

    If the person's name and email will help clear this up, please request
    a private message from me with a private email addy.
    Warm Regards-
    Craig

    On Thu, 6 Jan 2005 19:16:02 +0900, Dennis Oelkers <> wrote:
    > Hello list,
    >
    > during the last few days we are receiving SpamCop-reports concerning the
    > submission of mails originating
    > from one of our host repeatedly. We found out that all of those reports
    > are related to someone (or something)
    > submitting mails from ruby-talk which were forwarded by the Usenet <->
    > mailing list gateway running at our site,
    > so SpamCop determined the gateway as the origin of those mails.
    >
    > Those mails were not even close to uce, they are just 100% legitimate
    > comp.lang.ruby postings, and it seems
    > that the person (or the script?) submitting those postings to SpamCop is
    > always the same.
    >
    > Nevertheless we fear that we might get listed in the SpamCop-RBLs, and
    > one of my Co-Admins (who is
    > my supervisor) concluded the situation in our last conversation with the
    > sentence "do something so it will stop".
    > I guess I don't have to explain that "something" may mean "shut the
    > gateway down" in the long run.
    >
    > My questions:
    > - Do we have the same problem with other mailing list traffic getting
    > reported?
    > - Is it possible to find out who is submitting the legitimate traffic to
    > SpamCop, and manually unsubscribe that
    > address from ruby-talk?
    > - Are there really people stupid enough to mix up mail they received
    > from a mailing list (and which they probably
    > subscribed themself to) with uce, or is it a script which is reporting
    > us at SpamCop?
    > - Does anyone here has experience with SpamCop and false submissions?
    >
    > I do not want to shut down the gateway in any case, but I might get
    > forced to. I hope for your help.
    >
    > Kind regards,
    > Dennis Oelkers
    >
    >
     
    Craig Moran, Jan 6, 2005
    #3
  4. > trigger a solution. I am using Gmail (as are plenty of other folks),
    > which does some SPAM filtering automatically. I have received a few
    > bonafide SPAM messages via ruby-talk and have labelled them as such.
    > However, Gmail's SPAM filtering has taken over and has started
    > labelling a few legitimate messages as SPAM and moves them from my
    > Inbox without me ever seeing them. Does Gmail report these
    > automatically?


    I have seen this as well, its possible. I've had to mark a few
    messages as legitamate but I can't remember who they where from.

    Rob
     
    Robert McGovern, Jan 6, 2005
    #4
  5. I don't know if this is an option for most people, but I use the newsgroup,
    not the mailing list. Perhaps turning the list into a newsgroup only (w/a
    handy web interface for those who don't do usenet) would solve the problem?

    Jared
     
    Jared Richardson, Jan 6, 2005
    #5
  6. Dennis Oelkers

    Sam Roberts Guest

    Quoteing , on Fri, Jan 07, 2005 at 05:06:37AM +0900:
    > I don't know if this is an option for most people, but I use the newsgroup,
    > not the mailing list. Perhaps turning the list into a newsgroup only (w/a
    > handy web interface for those who don't do usenet) would solve the problem?


    That would make a number of folks very unhappy, I suspect.

    Imagine if you were told you had to abandon your newsreader and use the
    mailling list, but that you could use some lame web interface (and all
    web interfaces to mail and/or news are lame in comparison to native
    apps, IMHO) instead...

    Cheers,
    Sam
     
    Sam Roberts, Jan 6, 2005
    #6
  7. "Sam Roberts" <> wrote in message
    news:...
    > Quoteing , on Fri, Jan 07, 2005 at
    > 05:06:37AM +0900:
    >> I don't know if this is an option for most people, but I use the
    >> newsgroup,
    >> not the mailing list. Perhaps turning the list into a newsgroup only (w/a
    >> handy web interface for those who don't do usenet) would solve the
    >> problem?

    >
    > That would make a number of folks very unhappy, I suspect.
    >
    > Imagine if you were told you had to abandon your newsreader and use the
    > mailling list, but that you could use some lame web interface (and all
    > web interfaces to mail and/or news are lame in comparison to native
    > apps, IMHO) instead...
    >
    > Cheers,
    > Sam



    I agree with you... I only mentioned it as it sounds like the hosting
    provider is going to terminate the list if a solution can't be found
    quickly... and so far there don't seem to be any other solutions.
     
    Jared Richardson, Jan 7, 2005
    #7
  8. Hello Robert,

    Robert Klemme wrote:

    >
    > "Dennis Oelkers" <> schrieb im Newsbeitrag
    > news:...
    >
    > First thing I'd probably do is to contact SpamCop and try to sort out
    > with them:
    >
    > - how we got on their list and
    >
    > - whether they can whitelist us or


    I already used their supplied response form, to tell both the submitter
    and SpamCop that the reported mails are legitimate
    postings of comp.lang.ruby, forwarded to ruby-talk. I did not receive a
    response yet.

    >
    > - change their algorithm to just include original posters not gateways.


    Well, in fact it is already almost working like that. Instead of the
    original poster (which could only be determined by the
    From-header (which could be forged), it looks at the Received-header and
    mails the site-contact which is listed in the whois db
    of the netblock where the mail originates from. Due to the fact that the
    gateway is the first hop where the mail enters SMTP space,
    it will always be our host, no matter who wrote the mail.

    We didn't receive any mails in the last few days, maybe the problem
    solved itself. If it didn't, I hope we'll find a solution so I do not
    have to shut down the gateway.

    >
    > I don't know how promising this approach is though...
    >
    > Kind regards
    >
    > robert
    >

    Kind regards,
    Dennis Oelkers
     
    Dennis Oelkers, Jan 10, 2005
    #8
  9. Dennis Oelkers

    Sam Roberts Guest

    Quoteing , on Tue, Jan 11, 2005 at 12:35:57AM +0900:
    > >"Dennis Oelkers" <> schrieb im Newsbeitrag
    > >news:...
    > >- change their algorithm to just include original posters not gateways.

    >
    > Well, in fact it is already almost working like that. Instead of the
    > original poster (which could only be determined by the
    > From-header (which could be forged), it looks at the Received-header and
    > mails the site-contact which is listed in the whois db
    > of the netblock where the mail originates from. Due to the fact that the
    > gateway is the first hop where the mail enters SMTP space,
    > it will always be our host, no matter who wrote the mail.


    I might be in outer-space here, but the gateway shouldn't be the first
    hop... is there information in the Usenet message that can be used to
    construct a received header (by the gateway) that points backwards to
    the sender so that it doesn't look like its the gateway that originates
    the email?

    Cheers,
    Sam
     
    Sam Roberts, Jan 10, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steven D'Aprano

    Is the mailing list to usenet gateway borked?

    Steven D'Aprano, Jun 20, 2011, in forum: Python
    Replies:
    4
    Views:
    629
    Peter Pearson
    Jun 21, 2011
  2. Andrew Berg
    Replies:
    7
    Views:
    271
    Thomas 'PointedEars' Lahn
    Jul 2, 2011
  3. Nikolai Weibull

    Gateway(?) spamcop.net issue

    Nikolai Weibull, Mar 29, 2005, in forum: Ruby
    Replies:
    0
    Views:
    71
    Nikolai Weibull
    Mar 29, 2005
  4. Andreas Schwarz

    Mailing list <-> web forum gateway

    Andreas Schwarz, Nov 12, 2005, in forum: Ruby
    Replies:
    6
    Views:
    111
    Andreas Schwarz
    Nov 13, 2005
  5. Jason Toy
    Replies:
    0
    Views:
    96
    Jason Toy
    Nov 19, 2007
Loading...

Share This Page