[Dshield] Question about spam sent to list address

Mike Easter mike.easter at gmail.com
Sat Mar 4 00:52:26 GMT 2006


Tom wrote:
> As for your comment about spamcop, I am very surprised as Julian has
> always been helpful and proactive with me whenever I identified a
> problematic issue. I would contact him if I were you so that he can
> set his system to reject all mistaken submissions - effectively
> whitelisting dshield & sans.

? Reject mistaken submissions?  There is no automated spamcop mechanism
for rejecting mistaken submissions and there is no mechanism for a
reporter to unsend a mistaken report -- a deputy has to manually
intervene to delist something if it has become listed because of
mistaken submissions.  If a reporter makes a mistake and discovers it
after the fact, there is a mechanism for hir to 'fess up - but there is
no intervention for bad reports on the deputies part /unless/ a SCbl
listing occurs.

Spamcop's blocklisting system doesn't 'whitelist' anything, including
dshield, sans, or anything else.  There is absolutely no provision for
whitelisting anything on such a blocklist.

If a reporter errs and makes a bad report of hir own mailing list item
/and/ as a result the IP gets blocklisted /and/ the report or the
listing is disputed by the reported source /and/ reports are found to be
in error -- then a deputy will manually 'subtract' or remove such errant
reports.  But that should not pertain, see below.

There is potential for discplining reporters who make mistaken reports,
banning or suspending free reporters, fining, suspending, or banning
paid reporters.

And, more importantly....

If a reporter were to report one of these mailing list items, the
spamcop parser would determine the source to be the individual mailing
listee, as opposed to some mailing lists which result in a spamcop
report reporting the mailing list's majordomo or listserv server.  This
is because the parser for both a mailhosted and a non-mailhosted account
[which are parsed slightly differently] will parse thru' the dshield.org
server/s all the way back to the listee's IP as source.  I know that to
be true because I have tested these mailing list items just now with
both types of account and found that to be the case.

I would imagine that if somehow the dshield server should get itself SC
blocklisted, that listing would be from some other problem than a bad
reporter mailing list item  submission.  The most common cause of server
listings is misdirected bounces.  It is also possible for a server to
get a report if some miscreant forge subscribes spamtrap addresses and
the confirmation mails hit a spamtrap.  Those are also deputy removable
if it would cause a SCbl listing.

--
Mike Easter



More information about the list mailing list