Comments on How To Automate Spamcop Submissions
How To Automate Spamcop Submissions Spamcop is a service which provides RBLs for mailservers in order to reject incoming mail from spammers. Their philosophy is to process possible spam complaints from users. When they receive a certain amount of complaints during a time-period then they will blacklist the offender. This system is dependant on spam reporting from users. However, their submission process is not very user-friendly [...]
17 Comment(s)
Comments
Spamcop provides for a special email address associated with your account that allows you to "forward" the spam, and automatically report it.
Though, I believe, that is only a pay-for service, it's very inexpensive and pretty much eliminates the need to do this.
For example, using the above approach and using MUTT, I can create an alias like:
macro index \cx ':set autoedit=no fast_reply=yes editor=/usr/bin/vi<Enter><tag-prefix
><forward-message>spam@localhost<Enter><send-message><pipe-message>/usr/local/bin/razor-
report -home=/home/username/.razor<Enter>:set autoedit=yes fast_reply=no<Enter>' 'Forwa
rd mail to Spam Reporting Processes'
Okay, that cut-and-paste was lousy (sorry) ;-)
What's happening here is I alias my real spamcop address in my /etc/mail/aliases file. But you could use it directly here. I also supplement it with razor reporting. The forwarded message must be a mime-encoded attachment (or somesuch, Spamcop has a reference page that addresses this).
This is not a critique of your approach, it's actually pretty cool - just an alternative way of handling this.
Thanks for posting!
If you use procmail you can automate the submission process without going through a crontab, example script would be as below:
:0 c
* ^Subject: .*SpamCop.*
| grep -F http://www.spamcop.net/sc?id= | while read DATA; do /usr/bin/lynx -dump http://www.website.com/spamcop.php?data=$DATA;done
Explanation:
:0 c ;start of procmail script
* ^Subject: .*SpamCop.* ;search for spamcop in the subject, don't worry if it catches another e-mail it won't be a problem since the next line won't grep out a submission url
| grep -F http://www.spamcop.net/sc?id= | while read DATA; do /usr/bin/lynx -dump http://www.website.com/spamcop.php?data=$DATA;done ; greps out id and submits it to a lynx dump all in one step versus polling files, this'll work with any mailbox format.
If I happen to know your spamcop address, I could craft a message and send it on your behalf to spamcop. Your system would confirm it. I guess spamcop would not like the way you are automating the process of confirming the submissions this way ...
If you go to spamcop's page and read, you'll see that in order to submit under that specialized address, you have to authorize certain mail relays for your domain.
So there are checks in place to prevent abuse. It could be they've enhanced it since I've looked.
Now spamsop sys it will not accept mail over 50K so no you have to right a filter to fine files smaller then 50K in spam folder
Maybe, but considering this is a Linux solution and the Abuse Summary page describes a windows solution, ie:-
Operating System: All 32-bit MS Windows (95/98/NT/2000/XP), then it's not a substitute.
http://sourceforge.net/projects/ol-vbs-spam-rpt/ is a version for Outlook in windows.
So, assuming your email lands on a unix host, why not just use spamassassin (which you apparently use already) to auto-submit the messages and procmail to gather the responses from spamcop and force them through a WWW::Mechanize script to 'approve' the submission? I'd caution you though... if you submit more than 6000 messages in a single day spamcop gets 'upset' :)
Abuse has been automating spam submission to the proper autorities for a few years now. I am sure that, if necessary, it would be possible to add Spamcop to the list of recipients.
If you automate SpamCop reports, aren't you setting up a site that was purposely embedded in the content of an e-mail by a spammer for erroneous reporting? Abuse Reporting Services that use Shotgun Reports or Shotgun Reporting (or whatever they call it) are very succeptable to this, aren't they?
Automating spamcop is a VERY BAD IDEA!
Infact spamcop is made to report also spamvertised websites. It is usual to find in spam emails some urls that are only "innocent bystanders" and has nothing to do with the spam itself.
By monkey-reporting with those script, you do not have the possibility to *see* who you are denouncing! You will end up kicking innocent websites.
I wrote something similar, in Python, but I added some dialogs to allow me choose which addresses to report to.
Where is the advantage!?
Well, TIME: the program will cache all the information locally, in background. Then you analyze your spam all at once without waiting for network operations (because the data is all retrieved locally).
It is not well optimized, but here it is: SpamCop Denouncer
I added also a statistical tool to estimate how many reports you send, their freshness, the top recipients, and how much time do your reporting activity cost.
It's not a full automatic submission but semi as you have to first actually single out the spam emails.
Once you've done that, you should not be required to do anything anymore. The more you have to do on your side, the less likely somebody does it.
Furthermore you point out the "legit" urls in emails. How do you know they are legit? Do you check each single one of them? This is time consuming and it stops people from submitting.
So people should carefully read each spam message to figure out if there are legit urls? And if they has, do not report at all or - log in to spamcop, paste the spam, wait the delay, review the recipients and send reports?
Or, report automatically *anything* and denounce automatically innocent websites, making the blacklist more dangerous for admins?
That's not an improbable event. I receive ~2-3 email/day which contains MY OWN web domain - these email advetise silly ways of increasing my ranking in search engines.
I totally stopped submitting automated reports (which I can submit) when I saw what was happening, and that many spam contained links to unrelated websites.
It sounds way more time consuming than simply screen a dialog for each email resuming all useful information.
It takes to me ~1.5seconds/spam, because all the networking is done in batch mode before I interact with the program answering the dialogs. The program records all my chooses, then submit again them in batch mode after I have interacted with it.
For my spam volume, ~250msg/day, it means ~4 minutes every day:
STATISTICS since 05/27/08 (1 day period): Reporting quality: 1.761h of mean spam age Total time cost: 1827.1shi, efficiency: 0.9s/spam Processed: 2146, 195.1/period - Reported: 1942, 176.5/period Reporting activity (1 day period): day processed reported sessions cost quality 05/27/08 16 16 2 0.00 0.00 05/28/08 179 178 13 106.82 0.00 05/29/08 292 250 14 245.41 0.00 05/30/08 185 183 13 189.44 2.01 05/31/08 142 138 9 223.98 1.91 06/02/08 141 96 1 21.42 5.41 06/03/08 258 209 6 166.69 3.13 06/04/08 250 210 13 180.18 1.39 06/05/08 152 151 7 163.74 2.12 06/06/08 297 283 12 341.59 2.22 06/07/08 234 228 3 187.87 1.64 Overall top 10 report destinations coldrain.net 1505 devnull.spamcop.net 937 kisa.or.kr 471 hanaro.com 459 certcc.or.kr 459 ns.chinanet.cn.net 230 ttnet.net.tr 138 jsinfo.net 134 olcab.ro 114 cert.br 98
Yes, I review each single url: it's not hard. Usually there are no more than 4-5 url, and they are usually clearly illicit/legit starting from the name. That saves me from carefully reading the spam: the urls are already extracted and listed. If I am in doubt, I remove from the report only the possibly legit urls.
Anyway that's a good point for doing better: the program could check if an url is already blacklisted somewhere, or other parameters, and score each one, like spamassassin do with emails.
I could not find a perl module for mime-construct nor an rpm for centos 4.7 =( help?
The most useful I've been found! Thanks a lot!
I tried your scripts - but the php confirmation script using snoopy does not seem to work. When run to confirm a pensing report, the output gives me a lot of variables - and then:
0: HTTP/1.0 301 Moved Permanently
1: Server: Apache
2: Location:
https://www.spamcop.net/https:/www.spamcop.net/https:/www.spamcop.net/h
ttps:/www.spamcop.net/https:/www.spamcop.net/https:/www.spamcop.net/sc
3: Content-Length: 349
4: Content-Type: text/html; charset=iso-8859-1
5: Expires: Tue, 21 Nov 2017 21:18:36 GMT
6: Cache-Control: max-age=0, no-cache, no-store
7: Pragma: no-cache
8: Date: Tue, 21 Nov 2017 21:18:36 GMT
9: Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.spamcop.net/https:/www.spamcop.ne
t/https:/www.spamcop.net/https:/www.spamcop.net/https:/www.spamcop.net/https:/ww
w.spamcop.net/sc">here</a>.</p>
</body></html>
Just enable SpamCop plugin with SpamAssassin and it will do the reporting for you, no need to use mime-construct.
Add to /etc/mail/spamassassin/local.cf
spamcop_from_address <email>
spamcop_to_address [email protected]
Uncomment at /etc/mail/spamassassin/v310.pre:
loadplugin Mail::SpamAssassin::Plugin::SpamCop
And at your script fe.sh, report the email with:
spamassassin -r < $FILENAME