Marc Perkel wrote:
My thinking on this is that if we had better automated reporting then
spammers could be shut down at the source and we could reduce spam that
way. I think what needs to happen is to develop some sort of
auto-reporting of spam process that's easy and tie in ISPs and the big
boys into the databse so that a surge of reports could auto shutdown
spammers.
I'm trying an experiment with Yahoo, Gmail, Hotmail, etc. where I'm
forwarding all Hotmail spam to [EMAIL PROTECTED], yahoo spam to
[EMAIL PROTECTED] with the idea of shutting down the perps at the source.
What do you all think of this. Can we build a tool or a web service that
gathers and stores abuse info and turns IP addresses and domain names
into abuse addresses and do automatic reporting?
Auto-reporting is a colossally bad idea.
a) One person's trash is another person's treasure. Similarly, one
person's treasure is another person's trash.
b) Being blacklisted for a false-positive is inexcusable.
c) Being blacklisted due to stupid-user reports is also inexcusable.
d) flooding an abuse address with messages that may or may not actually
be spam is also inexcusably rude.
The only way to prevent the problems that are caused by these is to
insist upon some level of human review of the message before it is sent
on to an external mechanism or process.
You shouldn't automatically send things that SA (or any other spam
detector) said was spam to the related abuse@ address ... because the
spam detector may be wrong. What if you're sending them a bunch of
false positives? That just undermines YOUR credibility with the abuse
group you're reporting to, making community anti-spam efforts HARDER
instead of easier.
Further, a deluge of spam is not helpful. An analysis of the problem
("your web server is sending this out through your outbound mail
gateway, and it looks like you've got a broken submit form on the web
server") followed by links to evidence (copies of the messages) that
backs up the analysis is FAR more useful than just forwarding the
alleged spam itself.
