[unisog] .edu's who use SpamCop?

Brian Eckman eckman at umn.edu
Wed Dec 17 17:23:50 GMT 2003


Christopher A Bongaarts wrote:
> In the immortal words of Rodrigues, Philip:
> 
> 
>>We are currently using SpamCop's dynamic list of spammers to reject some
>>mail sent to the University.  This has the benefit of blocking lots of
>>spam, and the drawback of occasionally blocking legitimate mail from
>>sources SpamCop has determined to be spammers.
>>
>>I am looking for support for and against this policy:
>>
>>Does anyone else use SpamCop as one of their spam filters?
>>
>>Has anyone looked into SpamCop and decided *not* to use them?  Why not?
> 
> 
> We currently look up MTA's that connect to us in SpamCop and "flag"
> them, but do not block based on them.  Historically they have had
> problems with overzealous blocking, but apparently they've been
> improving lately, particularly in the last six months or so, both by
> our own observation and second-hand reports from other administrators.
> 
> We'd actually be interested in hearing about what people are seeing as 
> far as false positives with SpamCop *recently*...

FWIW, I don't recall any SpamCop reports being sent to us as being false 
positives. However, I do know that the Web-based "www.spamcop.com" site 
that isn't affiliated with them is prone to errors when Received headers 
are well forged.

> 
> (Incidentally, I'm told our abuse@ folks absolutely love SpamCop
> because they are prompt with notification when someone on our network
> misbehaves.)

I don't know that we *love* them :-)  But they are nice, and easy to 
deal with. Having the IP address in the subject line makes it easy for 
us to quickly combine multiple complaints for the same host.

We currently are catching most spam trojans on our network before we 
even get a SpamCop or other report about them. Most SpamCop reports that 
do arrive come *after* we've taken the offending machine off of the 
network. But, the reports are certainly welcomed, and they do 
occasionally catch infected machines before we do. (Most of the SpamCop 
users are courteous, which is also a nice bonus.)

> 
> The most effective DNSBL we've been using for spamblocking has been
> the Spamhaus Block List.

(And I might add, that must be very effective, as incoming Spam here is 
quite rare. The problem is, it can be so uncommon that when users do get 
a UCE, they forward their Spam to us abuse@ people.)


> 
> %%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
> %%  Internet Services         %%  http://umn.edu/~cab  %%
> %%  University of Minnesota   %%  +1 (612) 625-1809    %%
> 


Brian
-- 
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota


"There are 10 types of people in this world. Those who
understand binary and those who don't."



More information about the unisog mailing list