[RE: [Dshield] mail1.giac.net spamcop listed]

Chris Brenton cbrenton at chrisbrenton.org
Sat Dec 13 18:09:56 GMT 2003

On Fri, 2003-12-12 at 22:11, Rick Klinge wrote:
> This is highly "effective"  SpamCop is doing a fine job for what it is
> designed to do.

Ah ha! Thank you for the clarification that blocking people who are not
actually sending spam is actually a "feature" with spamcop. ;-)

BTW, I hear that Sourcefire and snort.org was black listed by Spamcop at
about the same time. I'm wonder if someone is using Spamcop to DoS
security related mailing lists. Hummm... 

> I don't know if this is factual or stipulation.  What I was told by Ellen
> from SpamCop was that possibly DShields list servers' subscribe verification
> might be questionable. 

LOL! I guess when I joined the list I must have missed the Viagra ad in
my verification request. ;-)

> > Personally, I'm kind of glad it happened. If the person had actually
> > verified their subscription then may have tried posting. ;-)
> >
> This makes no sense.. why be glad that DShield got listed?

Not what I said. I was poking fun that if a person signed up for the
list and then was dumb enough to report the subscription verification as
spam, its probably best that we don't have to weed through that person's
posts. Of course now its looking more like it was done on purpose. I'm
hearing they be even more security related companies got blacklisted by
spamcop at about the same time. 

> Your confusing statement is an oxymoron - if the reported spam had been
> correlated against 2 more blacklist then the report would clearly show that
> it was NOT spam. 

I guess we have different definitions of "effective" and "fine job".
Sounds to me like you are saying "don't trust it unless you can verify
the info through another blacklist". IMHO if you were expected to verify
the Dshield top 10 attack IPs through multiple other sources before use,
people would not perceive the list as being nearly as effective.

>  That blacklist (SpamCop) did exactly what it is programmed
> to do. 

Except it didn't. It blocked sites that never actually sent any spam.
Not only that, but they are sites that are recognized as being "good
guys" in the security industry. If Snort & Dshield can get listed when
they never actually sent spam, it can happen to anyone.

> > Huh? Again, the message in question ___was not spam___. It was a
> > subscription verification sent out because this individual tried to join
> > the list.
> >
> Wrong again .. they 'SpamCop' confirmed the emails to be suspect.

OK, please quote the penis enlargement section of the Dshield
verification message that was found to be "suspect". I'm sure Johannes
would be happy to remove it. I'll even talk to the guys over at Snort
about doing the same. ;-)


More information about the list mailing list