Help | Site Map
| Text size: - +
(Answer) (Category) SpamCop FAQ : (Category) SpamCop Blocking List information :
What is the SpamCop Blocking List (SCBL)?
NO WARRANTY OR LIABILITY: BY USING THE SCBL, OR ANY INFORMATION CONTAINED ON THE SPAMCOP WEBSITE, YOU ACKNOWLEDGE AND AGREE THAT THE SCBL IS PROVIDED "AS IS", SPAMCOP DOES NOT GUARANTEE THE EFFECTIVENESS OR RESULTS OF THE SCBL OR ANY OTHER SERVICE OR PRODUCT PROVIDED BY SPAMCOP, AND ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE, ARE EXPRESSLY EXCLUDED. IN NO EVENT SHALL SPAMCOP, OR ITS PARENT, SUBSIDIARIES OR LICENSORS, BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SCBL OR THE SPAMCOP WEBSITE, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY.

Important Disclaimers:

This description is subject to change and may be out of date.

The description that follows is complex. It is an attempt to explain accurately and in detail the SpamCop Blocking List (SCBL), specifically the SCBL rules and how the SCBL decides to list an IP address. SpamCop provides this description so that email senders and recipients will understand better how and why email is refused, blocked or filtered. We intentionally omit the description of certain processes in order to make it more difficult for senders of spam to evade or "game" the SCBL.

What is the SCBL?

The SCBL is a list of IP addresses which have transmitted reported email to SpamCop users, which in turn is used to block and filter unwanted email. The SCBL is a fast and automatic list of sites sending reported mail, with a number of report sources, including automated reports and SpamCop user submissions. The SCBL also quickly and automatically delists these sites when reports stop.

The SCBL aims to block spam with minimal blocking or misidentification of wanted email. Given the power of the SCBL, SpamCop encourages users to also actively maintain an allowlist of wanted senders of email. SpamCop also encourages SCBL users to tag and divert email, rather than block it outright. In the end, most SCBL users find that the amount of unwanted email successfully filtered makes the risks and additional efforts worthwhile.

Important Definitions

How the SCBL Works

The SCBL is a list of IP addresses which have transmitted reported email to SpamCop users. The sending system can be a direct email source (such as a site's primary mail server) or an indirect source (such as an open proxy or open relay that has been abused to send spam). The SCBL weights the number of reports referencing an IP against a sample of the total amount of email sent by that IP. This method is not perfect. For example, some IPs which send a significant amount of reported mail may rarely or never be listed in the SCBL because those IPs also send a lot of non-reported mail.

SpamCop uses a number of report sources, including SpamCop users, spamtraps and websites that use the SCBL. Spamtraps are email addresses that spammers have harvested or created, but the owner of these email addresses never used them to receive wanted email or to subscribe intentionally to mailing lists. SpamCop also monitors queries from a sample of sites that use the SCBL. SCBL users query the SCBL servers during every SMTP transaction. We count the total number of queries for each IP address and whether or not that IP address appears on the SCBL, to generate an estimate of how much email is transmitted by each IP. When a sampled site queries the SCBL about an IP address sending mail which is not reported mail, that host is given a reputation point.

Most of the sites SpamCop monitors send either mostly reported email or mostly non-reported email. The difficult part is deciding what to do with ones in the middle. These few systems account for the most email.

Some blocking lists block mail from misconfigured or insecure servers (such as open proxies or open relays), or from certain classes of machines (such as machines with dynamically-assigned IP addresses). The SCBL does not consider these characteristics. Instead, the SCBL lists only IP addresses of machines that are sending reported email. As a result, IP addresses which do not host a misconfigured or insecure server, but do send reported mail, may be listed. An insecure machine that has never been abused would not be listed.

Timeliness is key to the SCBL's value. The automated queries results in fast listing of spam, which increases the accuracy of the SCBL. Also, without any additional reports, a reported address stays on the SCBL for only 24 hours. This limits the amount of damage if users make a mistake and report legitimate mail using SpamCop.

SCBL Rules

The system currently operates based on these rules:


[Append to This Answer]