Spam Cop News
Return to Spam Cop

    11/19/1998
  • Added IP tracking to statistics page.
  • Major change in the parsing sytem: automatically 'trusts' the first recieved line. This should speed up parsing and prevent some problems for people who are inside badly-configured networks.
  • Fixed a bug where NNTP parsing could accuse an invalid IP - 127.0.0.1 for example.
    11/18/1998
  • Fixed a bug in the type 2 received line parsing which caused spamcop to mistake a FOR clause for a FROM IP address. Thanks, Luc for pointing this out.
    11/15/1998
  • Mail sent by spamcop is now traceable back to the originating IP. Before today, complaints were effectively annonymized (except for my logs). Now I create a received line for the complaint request in the same format that HotMail uses when they send mail. This identifies the user's true location to anyone that cares. This will prevent the possiblity of abuse through spamcop.
  • On the same note, I generalized the parsing of hotmail-style received lines to allow any server (including my own), not just hotmail's. A spamcop complaint fed into spamcop will result in an accurate target of the user involved, not a target on my server.
  • Added another well-known abuse address: hostmaster@bellsouth.net = abuse@bellsouth.net also: root@rhea.saturn.bbn.com = abuse@bbnplanet.com
  • Now continues parsing received lines until the end of header. Previously, I wold quit if I found a Date field. Just saw a couple of legit headers that have Recieved lines after the Date.
  • Added a feature to count the number of complaints sent to each net-admin address. Check out Complaint Totals.
  • Well, the banner ads are back. I'm getting enough hits now that I think I might actually make a buck or two this way. Ironically, the first ad I got from my ad-provider is one promoting the spamming of "friends and family". HA!
    11/10/1998
  • Added another "Received" format - type 7 (AltaVista Mail) (from [IP](HELO PNAME) by SERVER ...; DATE). Thanks Hank for bringing this one to my attention.
    11/8/1998
  • Fixed the null-email field cookie-setting algorythm so that you don't actually wind up with "spambait@julianhaight.com" in your email field. It should remain blank now if that's how you set it.
  • Later, I fixed a bug that I introduced fixing the null-email bug which failed to print the HTTP and HTML header on the final step. Thanks to Keith and David for pointing it out.
    11/6/1998
  • Added another "Received" format - type 6 (by SERVER from NAME [IP] ..; DATE). Saw this one come in from an anonymous user tagged as SLmail 3.0.2423.
    11/5/1998
  • Fixed a bug in the NEW USENET PARSING. It was always expecting an IP in the NNTP-Posting-Host field. Of course, you can also have an FQN. See, I told you it was beta.
    11/4/1998
  • FINALLY! SpamCop now supports usenet (news group) spam, otherwise known as Velveta. Parsing of the NNTP-Posting-Host field is supported. This feature is considered BETA, so use it at your own risk, and please let me know of any problems.
    11/1/1998
  • Made sure that the headers will always be the first thing quoted from the offending email, even if they are pasted into spamcop last (like from an AOL mail client).
  • Added a warning message to discourage spam-repellant. Please leave field blank instead.
    10/31/1998: (mod 11/6/1998)
  • By default, spamcop no longer CCs you the complaint as it is sent. You may still request a CC by entering "cc:" before your email address, like this:
    DO NOT put anyone's address in this field EXCEPT YOUR OWN. This is where the email is FROM, not just a CC field.
  • You may also leave this field blank. Spamcop will send complaints FROM spambait@julianhaight.com - a valid email account on this server. I will peruse the responses from time to time, but don't expect real personal service. This is simply a better alternative to using a fake address.
    10/24/1998:
  • Hardcoded abuse addresses for often-failing dns-admin@dialsprint.net (abuse@sprint.net) and root@bigguy.gte.net (abuse@gte.net).
    10/22/1998:
  • Fixed IP lookups through arin database. (IP@whois.arin.net)
    10/6/1998:
  • Added support for IPs under kr TLD. (IP@whois.krnic.net).
    10/4/1998:
  • FAQ report: Here's a pretty common email:
    Q: Subject: bad address in your database.
    FYI: Here is the header from a returned message that bounced back to me, after using SpamCop to send a spam notice...

    A: Don't worry about this stuff. I don't maintain a 'database' per se. I try 3 places to send complaints. sometimes one (or even two) of the three will bounce. It's not really a 'problem'; however, I'm thinking about adding a feature where you can disable sending to either address on a case-by-case basis. the abuse@ address is probably the most likely to fail, becuase it's just an agreed-upon 'standard' complaint-line. I don't know for sure that it exists at the domain I'm sending to. The other address - "SOA" - is supposed to be correct, however it is sometimes woefully out of date, or simply missing altogether. You will usually get through on one or the other and if that dosn't work, the third - @abuse.net will hopefully find the right person. Perhaps I should maintain a database of these places, but that means I'd have to keep it up to date, which is more time than I want to spend. For now, see the next item - I only plan to update this DB with the biggest ISP's - not every mom-and-pop. You just have to put up with the bounces, or lie about your address so you never get any mail from spam-cop sources.

  • Added a long-overdue feature so that spam cop 'knows' about the main ISP's abuse addresses (currently uu.net, psi.com, sprint.net, netcom.com). When one of these ISPs is to blame, we send email only to the official email abuse address and forgo the usual abuse@, SOA address and @abuse.net addresses. This should cut down on a lot of bounces.

    If you want to recommend an abuse address for this list, be sure to include the address that spamcop comes up with 'naturally' as well as the new official abuse address.

    10/1/1998:
  • Fixed a problem that I introduced recently - I'd give up too soon, when I hit the "Message-Id:" field. Now I put it back to looking only for the "Date:" field.
    9/29/1998:
  • Something I did earlier must have screwed up the netscape header parsing - at least to the point where I couldn't find the Subject line (for the archive). Fixed that bug thanks to a tip from a user.
    9/28/1998:
  • Expanded domains which are off-limits to complaints - added nic.uk, co.uk, ripe.net, apnic.net, arin.net to the already existing internic.net.
    9/23/1998:
  • More minor improvements to the reverse-DNS lookups
    9/22/1998:
  • When getting domain name, try an nslookup before resorting to DIG.
  • Added another backup method for finding a domain for an ip - "whois IP@whois.arin.net". Right now this method is a last-ditch, but I may make it the preferred method.
    9/18/1998:
  • Ditched the banner ads - I made $4 in a month and pay $200 in the same time. Feel free to send money.
  • Made spamcop slightly more permisive in parsing type 1 headers, also let it use non-reverse DNS matching to verify the Received chain.
    9/15/1998:
  • Fixed a problem that was causing Spam Cop to notify administrators in domains that are mearly providing secondary DNS for spam IPs. When I can't find an SOA for an IP now, I use the first ANY record to determine the domain, then get the SOA for that domain.
    9/13/1998:
  • Added support for a 'type 5' received line. Looks like this:
    Received: from 128.0.0.4 (actually host-209-214-13-81.pbi.applesouth.net) by george (PP) with SMTP; Sun, 13 Sep 1998 06:21:07 +0100
    9/9/1998:
  • Added explicit support for hotmail. We now notify abuse@hotmail.com so that the hotmail account will get yanked as well as the ISP used to connect to hotmail. This should surprise some spammers!
  • Fixed a bug that falsely notified ISI.EDU of spam that wasn't their fault. (Sorry, it won't happen again.)
    9/8/1998:
  • Added an explict message for people who don't give me the full headers.
  • Small change to the hostmaster-finding algorythm so that it fails gracefully to a default "postmaster@" instead of refusing to continue.
    9/7/1998:
  • Removed much of the logging. I am receiving about a megabyte of spam a day through spam cop. I can no longer personally check on the accuracy of spam cop's determinations, so I will no longer be keeping full headers on the spam that spam cop parses correctly. I am still logging and investigateing spam that spam cop is unable to parse correctly. I am now counting on you, the user, to notify me if you see something that dosn't look right.
    9/6/1998:
  • Spam library - all the spam recorded so far.
  • Spam Killer is now Spam Cop so as not to conflict with previously-existing spamkiller
  • AOL message-then-header format will autodetect
  • Removed a feature which prevented sending mail to your own domain's administrator - members of large domains (aol, uunet) will often get spam from other users in their domain.
    9/1/1998:
  • In addition to the SOA contact, Spam Cop now automatically emails the 'standard' abuse address, abuse@.