Spamcop Security Breach - Customer information briefly exposed

Spamcop Security Breach - Customer information briefly exposed
Links: home · search · speed test · login · more ·

Spamcop Security Breach
Customer information briefly exposed
(old news - 12:09PM Saturday Aug 14 2004)
tags: security · spam

Several users of SpamCop have been informing us they've been notified by e-mail that their e-mail addresses were briefly vulnerable due to a security breach. According to these two threads over at the SpamCop forums, the problem, which allowed spammers access to SpamCop user e-mails, was quickly fixed.

--------
Hello SpamCop user (or recipient of SpamCop reports),

We appologize for this email, but we felt it was important to let you know of a recent security bug in the SpamCop codebase.

This problem was fixed within hours of its discovery, but unfortunately your address was among the very small number that was revealed before we were able to resolve the problem.

We want you to know that security remains our highest priority. We are always working to ensure that your account information remains secure.

Please accept our sincere appologies for this serious oversight. If you have any questions, comments or concerns you may reply to this email to reach a SpamCop representative.

Thank you for your understanding,

- SpamCop management
--------

Related:

Fortune 1000 Spam

'Support Center Robot' Spam Blast

Turn Off The Music, Turn On The Porn

Qwest Employs New Malware Security

Thursday Evening Links

Monday Morning Links

Can Spam Act Celebrates Five Years Of Ineffectiveness

Project Honey Pot: 1 Billion Spam Messages

Links: New Topic
Forums »

dk1983 @ 14th Aug 12:26PM:
Only Email

It was only e-mail address and nothing of high importance..
reply

draven @ 14th Aug 12:30PM:
Oh, the irony.

... is just perfect.
reply

antiphishing @ 14th Aug 12:35PM:
Spamcop.net , Beware of Limitations

Now these would explain why I have been getting three to four times as much junk email in my account the last two weeks of so. Of course, I am being sarcastic here, but spammers do target spamcop.net users on a monthly basis.

Say it isn't so but the people who believe in the service have to face the fact that Ironport doesn't respond to the people who pay to keep the service going. Lets just see in the next couple of days if Ironport makes a public statement about this issue. Likewise, this is not personal vendetta from me against Ironport. This information was was posted in another BSR forum and real is not a true fact. I just disagree on how Ironport runs the service as a whole. In a two year period I have found the service to be inaccurate, prone to technical problems, and at times the service sent complaints directly to spammers.

This was after spending countless hours checking the logic beyond the service using centralops.net

A lot of naive people on the internet real believe in the service, but this new information is wake up call to users who use Spamcop.net and think it's infallible. If you like the service,then keep using it but keep in mind that it has limitations that could cause you to get more junk email.
--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com
spammers_are_scumbags@antihotmail.com
reply
Kim Jong @ 14th Aug 12:40PM:
Re: Spmcop.net , Beware of Limitations

said by antiphishing:
Now these would explain why I have been getting three to four times as much junk email in my account the last two weeks of so. Say it isn't so but the people who believe in the service have to face the fact that Ironport doesn't care about the people who pay for the service. Likewise, this is not personal vendetta from me against Ironport. This was was posted in another forum and real is not a true fact. I just disagree on how Ironport runs the service as a whole. In a two year period I have found the service to be inaccurate, prone to technical problems, and at times the service sent complaints directly to spammers.

This was after spending countless hours checking the logic beyond the service using centralops.net

A lot of naive people on the internet real believe in the service, but this new information is wake up call to user who use Spamcop.net and think it's infallible. If you like the service,then keep using it but keep in mind that it has limitations that could cause you to get more junk email.

""Antihotmail.com "" is powered by © 2001 Everyone.net All Rights Reserved.

Oh move along people!
--
»dickcream.com/tandem/ DC/GNAA/YTMND representing world wide.
reply
antiphishing @ 14th Aug 02:09PM:
Re: Spmcop.net , Beware of Limitations

__________________________
Oh move along people!
___________________________

Just because you don't like my opinions doesn't give you the right to tell other people to move on. Some people just might agree with my opinions towards a online service. A lot of online services get trashed in the forum, but that doesn't give someone the right to unfairly steer a forum topic. Also, notice that what this person posted is different then my final post. My original intentions where to negative and I made changes to better reflect my opinions without resorting to augmentative statement's.

Lets please stick to the forum topic.

I am not trying to start a flame war here, but some people in this forum go to far.

Thank You.
--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com

spammers_are_scumbags@antihotmail.com
reply
Kim Jong @ 14th Aug 02:15PM:
Re: Spmcop.net , Beware of Limitations

said by antiphishing:
__________________________
Oh move along people!
___________________________

Just because you don't like my opinions doesn't give you the right to tell other people to move on. Some people just might agree with my opinions towards a online service. A lot of online services get trashed in the forum, but that doesn't give someone the right to unfairly steer a forum topic. Lets please stick to the forum topic.

I am not trying to start a flame war here, but some people in this forum go to far.

Thank You.

No I'm just pointing out that your opinion might be biased.
--
»dickcream.com/tandem/ DC/GNAA/YTMND representing world wide.
reply
newview @ 14th Aug 02:31PM:
Spamcop.net , Beware of Limitations

said by Kim Jong:
No I'm just pointing out that your opinion might be biased.

As was also pointed out in this thread, which was started by antiphishing, and was locked because antiphishing did not reply.
--
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?
reply
antiphishing @ 14th Aug 02:39PM:
Re: Spamcop.net , Beware of Limitations

____________________________________________________________
was locked because antihotmail See Profile did not reply.
____________________________________________________________

..and that was because I was not given enough time to respond to peoples opinions. I think this forum post explains my position on Spamcop.net without being augmentative.

Lets stick to the forum topic, without resorting to using childish tactics. All we are doing is going around and around without posting any useful information.

Thank You.
--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com
spammers_are_scumbags@antihotmail.com
reply
newview @ 14th Aug 03:02PM:
Spamcop.net , Beware of Limitations

said by antiphishing:
..and that was because I was not given enough time to respond to peoples opinions.
I would think 24 hours is plenty of time to respond to a thread that YOU started, but in any case . . . you could respond now.

said by dbmaven:
I'll leave this open for 24 hours after the initial post (roughly 1PM EDT Friday). If no response by the thread starter by then......locked or jailed.

said by Piobaireachd:
The originator of this thread has a long history (and an axe to grind) with Spamcop. Just do a search for "John Senchak".

said by BangBang:
This guy has become a trolling menace on the spamcop newsgroup

said by madylarian:
What I find kind of interesting about the original poster is the antihotmail.com website being hawked in his or her sig. Just for the heck of it I took a look at it's privacy policy and found this, which happens to be located on everyone.net:

Through our Everyone Benefits program customers can receive information about third party services that are likely to be of interest. Users of our free service will initial be opted in to this program while customers signing up any of our paid service can choose to opt in. Customers can opt out of our Everyone Benefits program by clicking on the link provided in the email or by visiting our site and opting out.

We may also use personally identifiable End-User information to provide targeted content and commerce opportunities to End-Users based on their demographic and behavioral information.

--
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket?
reply
antiphishing @ 14th Aug 03:41PM:
Re: Spamcop.net , Beware of Limitations

I'll leave this open for 24 hours after the initial post (roughly 1PM EDT Friday). If no response by the thread starter by then......locked or jailed.

[Sorry, I don't visit this forum everyday, because I have a life.]

said by Piobaireachd See Profile:The originator of this thread has a long history (and an axe to grind) with Spamcop. Just do a search for "John Senchak".

[I covered this already in the original post in this topic.]

said by BangBang See Profile:This guy has become a trolling menace on the spamcop newsgroup

[This is speculation on false information that was found on the internet.
Don't always, believe what you read on the internet because it's not always true.]

said by madylarian See Profile:What I find kind of interesting about the original poster is the antihotmail.com website being hawked in his or her sig. Just for the heck of it I took a look at it's privacy policy and found this, which happens to be located on everyone.net:

[If people where intelligent enough to do a WHOIS lookup on the domain, you would in find that I run the site. Now lets move on, and stick to the topic at hand. I am done on this issue.]

Thank You
--
Dslreports.com Forum No-Spin zone starts here.
»www.antihotmail.com
spammers_are_scumbags@antihotmail.com
reply
madylarian @ 14th Aug 04:02PM:
Re: Spamcop.net , Beware of Limitations

said by antiphishing:

[If people where intelligent enough to do a WHOIS lookup on the domain, you would in find that I run the site. Now lets move on, and stick to the topic at hand. I am done on this issue.]

You started this and now you are ducking the issue? I can not only do a WHOIS but I can read urls and links. And I am intelligent enough to also know that you may run the site but the site host's privacy policy applies and that policy says they can spam any users of your "service".

mady
--
Honi soit qui mal y pense
reply
antiphishing @ 14th Aug 04:32PM:
Re: Spamcop.net , Beware of Limitations

____________________________________________________
and that policy says they can spam any users of your "service".
_____________________________________________________

Which is more untrue speculation on your part.

Many sites on the internet have good and bad things written about them. Why do you people insist on focusing on the bad things? My goal on this post was inform users of my opinions on Spamcop.net. Regardless if you accept them as being negative , it's my opinion that the spam reporting
side of the service is problematic. It's your choice if want to accept my opinions the wrong way.

I just happened to think that Spamcop.net email service is excellent. Are you going to turn this around and then put a negative spin on that?

Lets stick to the forum topic please.

--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com

spammers_are_scumbags@antihotmail.com
reply
Authority @ 14th Aug 05:07PM:
Re: Only Email

I heard they're giving all affected users a free year of service. Problems happen, but it's how a company responds that ultimtely matters.

Brett
reply
nguyen27 @ 15th Aug 11:35PM:
Re: Spamcop.net , Beware of Limitations

Isn't it kindda irony as customers of spamcop get their emails exposed? You are to control spam and yet you can't even protect user's email? how does the company get the name SPAMCOP???
reply
claudeo @ 16th Aug 04:34AM:
Re: Spamcop.net , Beware of Limitations

Spamcop is probably one of the top targets for crackers and the spammers and criminals who are sponsoring them, because it is a thorn in their side. It is constantly targeted by DDOS and sophisticated hacks. So it is not a surprise that a small glitch has occured. The important thing is that they took immediate action to correct the situation and notify those concerned.

Spamcop normally does a good job of protecting the privacy of its subscribers. For example, as a subscriber you can file reports so that relays and spam patterns can be tested, but not let the reports get forwarded to the presumed abuse contact of the spammer's ISP, since experience has shown that many of those reports end up going directly to the spammers, and that it is nearly impossible to munge them to defeat the identification features hidden in the messages or headers. As for filtering quality, I receive upward of 400 spams a day, 98% of which end up in SpamCop held mail. False positives are rare, thanks to tuning and whitelist options.

Am I concerned about the company that now owns SpamCop? Of course I am. Just as I am concerned about every company I do business with. Market and other pressures are constantly pushing them into behaviors that are not in my interest. But that's not news.
reply
antiphishing @ 16th Aug 12:57PM:
Re: Spamcop.net , Beware of Limitations

____________________________________________________________
since experience has shown that many of those reports end up going directly to the spammers, and that it is nearly impossible to munge them to defeat the identification features hidden in the messages or headers.
_____________________________________________________________

This is my biggest complaint with the service. I found though checking of the logic beyond the service that the volume of complaints going to spammers is quite small in comparison to complaints going to the wrong ISP or hosting service. A lot of times the service will not detect that the spammers site has changed to another ISP or hosting service and then will continue to report the wrong abuse contact.

One thing that I found with the service is that spammers are using exploit trojan code in the contents of junk email. The service will not block these email with the malice code. Spamcop.net will eventually send these junk email off to administrators who will open up the complaint and then infect their computers. When I was opening up these spams my virus scan would detect trojans in a good majority of the junk emails. This is one of the main reason why I stopped using the service.

Nowhere on Spamcop.net does it warn people about the dangers of opening up junk email. When I sent emails to Spamcop.net and Ironport regarding why they don't warn users about opening up junk emails, they never responded.

I would agree with you one hundred percent that the whitelist feature of Cesmail.net is excellent.
--
Dslreports.com Forum No-Spin zone starts here.
»www.antihotmail.com
spammers_are_scumbags@antihotmail.com
reply
claudeo @ 16th Aug 03:55PM:
Re: Spamcop.net , Beware of Limitations

I agree with you that trying to use spamcop for LARTs is a futile exercise. In fact I don't even bother to try to open any message in my held mail. I do a quick scan to verify that I don't have obvious false positives, and then just delete. I use the webmail interface to SpamCop to do that, opening the held mail folder with option set to 500/page, which is much faster and efficient than using the normal "held mail" page. In case of doubt on what makes it through, opening a message in the SpamCop webmail interface is "safe". If it shows that there is no plaintext version of the message, I don't bother--immediate report as spam (to add to stats and open relay test list, but with the actual report to devnul). It is annoying and time consuming to have to do this, but my livelihood depends on new contacts and leads that come through the mail, and I can't afford to lose any. Spamcop allows me to use a layered approach to spam management, where if I am on the road and with only a modem connection I can still cope with the 400+ spams/day without having to download them first. I just don't have the time and resources to set up and especially maintain my own email server.
reply
antiphishing @ 16th Aug 04:26PM:
Re: Spamcop.net , Beware of Limitations

Well it's good to see that someone in this forum agrees with me on the topic of Spamcop.net.

I use the whitelist feature of Spamcop.net quite aggressively and real haven't had a problems with it. With over five thousand listings in my Spamcop.net whitelist, it does a good job of preventing false positive. I do on occasion have to whitelist the same email more then once for what ever reason.
--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com
spammers_are_scumbags@antihotmail.com
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2010 silver matrix LLC