The SpamCop Blocking List (SCBL) lists IP addresses which have transmitted reported email to SpamCop users. SpamCop, service providers and individual users then use the SCBL to block and filter unwanted email. The SCBL is a fast and automatic list of sites sending reported mail, fueled by a number of sources, including automated reports and SpamCop user submissions. The SCBL is time-based, resulting in quick and automatic delisting of these sites when reports stop.

The SCBL aims to block spam with minimal blocking or misidentification of wanted email. Given the power of the SCBL, SpamCop encourages users to also actively maintain a whitelist of wanted senders of email. SpamCop also encourages SCBL users to tag and divert email, rather than block it outright. In the end, most SCBL users find that the amount of unwanted email successfully filtered makes the risks and additional efforts worthwhile.

SCBL Rules

The system currently operates based on these rules:

  • SCBL lists IP addresses with a large number of reports relative to reputation points. The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible.
  • The SCBL weights reports depending on how recently the mail was received (or “freshness”):
    1. The SCBL counts the most recently received reports 4:1.
    2. The SCBL counts reports for email 48 hours and older 1:1, with a linear sliding scale between the most recent and 48 hours past.
    3. The SCBL ignores reports for email received more than one week ago.
  • The SCBL uses Spamtrap reports to weight total reports. For spamtrap scores less than 6, the SCBL multiplies by 5 the quantity of spamtrap reports and adds this to the report score. For larger spamtrap scores, the SCBL squares the quantity. Examples:
    1. If an IP address has 2 spamtrap reports and 3 SpamCop user-reported reports, its weighted score is 13: (2 * 5) + 3 = 13.
    2. If a host has 7 spamtrap reports and 3 manual reports, its weighted score is 52: (7 * 7) + 3 = 52.
  • The SCBL does not count reports regarding URLs or addresses in the body of the email. Therefore, the SCBL does not list websites or email addresses used to receive replies in reported email, unless that IP is also used to send the mail.
  • The SCBL will not list an IP address with only one report filed.
  • With only two reports against an IP address, the SCBL will list the IP address for a maximum of 12 hours after the most recent reported mail was sent.
  • The SCBL will not list an IP address if there are no reports against it within 24 hours.
  • If a server sends bounces to an SCBL spamtrap in sufficient quantity to meet the listing criteria, the SCBL will list that server. This situation results as some mailservers do not reject mail during the SMTP transaction, but rather accept the mail and then send a bounce message later. (These servers usually run qmail or postfix). Viruses and spam often contain a forged From: line. If email is rejected or blocked during the SMTP transaction, the bounce will go to the connecting IP. If the bounce comes after the mail is accepted for delivery, then the bounce will go to the address in the From: field. Viruses and spam often use addresses from the list of recipients to populate the From: field. Sometimes, these addresses are spamtraps.

TECHNICAL DETAILS:

Website: http://www.spamcop.net/bl.shtml

DNS look-up: bl.spamcop.net