The impossibility of fighting SpamCop?
I had a short fight with my hosting provider, MidPhase, today. Without a warning, they suspended two of my domains: SkipDistance.com and PhotographySA.com. The reason being that SpamCop, an online service which claims to detect spam emails, had marked one of my emails as spam and had notified my hosting provider.
What ticked me off was that Midphase suspended both domains without a warning. This happened around 6pm on a Wednesday and I was out. When I came back, I checked PhotographySA.com to find it no longer active. I first thought Midphase was going through one of their regular fuckups as they’re not too reliable in the first place (yeah, I’ve been wanting to move to a different host, but with 30 hosted domains, moving to another host is quite a pain), but checking some of my other domains also hosted at MidPhase, they came up fine. Confused, I absent mindedly looked at my mailbox and found a message from Midphase saying they’d suspended two of my domains. Below the message I received:
Hello.
We received spam complain regarding two your domains PhotographySA.com and SkipDistance.com. Our policy does not allow Spamvertised web sites. So, I’ve disabled these domains.
Followed by an extremely cryptic raw copy of a message which, after staring at it for several minutes, I assumed was sent by SpamCop to someone at MidPhase. The meat of the message was at top, where it said that my two earlier mentioned domains were spamvertised. Here’s the cryptic copy:
[ SpamCop V620 ]
This message is brief for your comfort. Please use links below for details.Spamvertised web site: http://PhotographySA.com/
[report url – removed] is 205.234.193.232; Mon, 12 Feb 2007 18:02:00 GMTSpamvertised web site: http://SkipDistance.com/
[report url – removed] is 205.234.193.232; Mon, 12 Feb 2007 18:02:00 GMT[ Offending message ]
Return-Path: [my email address]
Delivered-To: x
Received: (qmail 10786 invoked by uid 399); 12 Feb 2007 09:13:45 -0000
Delivered-To: x
Received: (qmail 10780 invoked by uid 399); 12 Feb 2007 09:13:45 -0000
Received: from unknown (HELO qb-out-0506.google.com) (72.14.204.236)
by mail4.hivelocity.net with SMTP; 12 Feb 2007 09:13:45 -0000
X-Originating-IP: 72.14.204.236
Received: by qb-out-0506.google.com with SMTP id d8so547097qbc
for ; Mon, 12 Feb 2007 01:08:03 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type;
b=aauVJ+TTgoXeL/TQgpm12UDnaMUnuUIJhDh2cQEcmXbKBptx/elEdgh/WRa6Du2hBkyRJtBNtZyh3vwPBhW+pNc3JuzDFpW6nHxOvaof2IXa5Q2ygcZ/5sdIh+6MCiZO1614M+m1j+U9TbCY5VT1FwjtojVtixXUgscJfx3otUU=
Received: by 10.70.32.6 with SMTP id f6mr14443319wxf.1171271282968;
Mon, 12 Feb 2007 01:08:02 -0800 (PST)
Received: by 10.70.23.8 with HTTP; Mon, 12 Feb 2007 01:08:02 -0800 (PST)
Message-ID: [email protected]
Date: Mon, 12 Feb 2007 11:08:02 +0200
From: “Babak Fakhamzadeh” [my email address]
Reply-To: [my email address]
To: x
Subject: First African photomarathon, in Jo’burg: Feb 24 2007
MIME-Version: 1.0
X-Content-Type: multipart/alternative;
boundary=”—-=_Part_53206_31723597.1171271282900″
Content-Type: text/html
X-SpamCop-note: Converted to text/html by SpamCop (outlook/eudora hack)Hi,
You might not be aware of the first African
photomarathon, which will be held in Jo’burg on the 24th of February
and is organized by PhotographySA.com and The Bag
Factory.You can find more information about the event at http://PhotographySA.com.
A press release can be found here:Click to access Photomarathon-Johannesburg-2007-press-release.pdf
Please feel free to ask for more info or to
forward this email to anyone you think might be
interested.Greetings,
Babak Fakhamzadeh
PhotographySA.com
—
Jo’burg photomarathon: http://PhotographySA.com
Find the right budget airline: http://SkipDistance.com
And realise that the part which holds my original email is now actually legible, as my blog software takes out all the html characters (such as all the break tags).
So rather annoyed, I contacted online Midphase support, who told me to respond to the email I was sent and tell them I hadn’t sent spam. That, and it was going to be resolved within the hour.
Now, realise that the email I sent went to a few dozen photographers, printshops, galleries and whatnot, in South Africa, contained a link to a press release and was, telling them about next week’s photomarathon in Jo’burg, therefore very relevant for the intended recipients.
Also, I checked PhotographySA.com about two hours after it was suspended. I could have been out for the evening, not checking my mail or website for 12 hours or more. For that time, and probably more because my hosting provider is in the US and if I’d check in the morning, I’d have to wait for support to wake up.
And then, besides the unreasonable suspension of PhotographySA.com, there’s the extremely unreasonable suspension of SkipDistance.com.
Here’s what I sent back to MidPhase:
I find it amazing you suspend domains BEFORE checking with the domain owner. This does not reflect well on your business practice.
Both domains should NOT be suspended. What seems to be the offending mail, which you include in your message, was sent, by me, to around 40 email addresses of related businesses: photography-related businesses or individuals in South Africa.
As you can see from that email and if you’d taken a look at the website in question, PhotographySA.com organizes a photography event in Johannesburg, South Africa on February 24, endorsed by the municipality of Johannesburg. The 40 email addresses were mostly suggested by existing participants to the photographic event.Why also the domain SkipDistance.com has been suspended is fascinating.
Please resolve this ASAP. Photographers are registering through the website PhotographySA.com and the domain being offline does not reflect well on the organization.
So by now, if you’re still with me, you should have gotten an idea of what happened: One of the recipients of my email complained with SpamCop, or, even worse, SpamCop automatically intercepted my email and marked it as spam. Then, SpamCop sent a message to my hosting provider and my hosting provider, acting on SpamCop’s message, suspended the two domains mentioned in my email, without checking with me first.
Luckily, within the hour, the domains were back online. Here’s MidPhase’s response:
Hello.
Yes, but it seems SpamCop has another viewpoint.
They recognized your email as SPAM.
I’ve just activated suspended web sites back.
But if we get such complaint next time we’ll have to block your web sites again without back reactivation. So, please be careful and don’t send such emails anymore.Thank you.
Now this is where it gets spooky. If you don’t see why, read my reply to the message above.
Thank you.
However, this approach (of suspending domains) can not be acceptable. The possibility for an outside party to shut down a domain for spamming without the ability to respond to the accusation is like being jailed without a trial.
To put so much trust in a service such as SpamCop is unreasonable and even scary. The SpamCop entry at Wikipedia (http://en.wikipedia.org/wiki/Spamcop) shows that although in general SpamCop might be a valuable service, it also tends to make mistakes. And it is exactly these mistakes you, as an ISP, need to be careful of as they -will- push your customers away from you.
What’s important here is that, through SpamCop, anyone can apparently easily get a domain suspended just by sending a bit of ‘spamvertising’. As I say above, this is like being put in jail after being accused of murder, without the possibility of trial or a defence.
So, here’s my five steps to getting any domain suspended.
Five steps to getting any domain suspended
- Find the offending domain (example domainoffender.com).
- Create a Gmail address which can be linked to the offending domain (example: [email protected]).
- Send a bunch of emails to a large group of people, praising the offending domain.
- Wait a day or so, assuming you’ve hit one recipient who uses SpamCop.
- Send another bunch of emails, preferably to the same email addresses as before.
Now, if the offending domain’s host was MidPhase, as it was in my case, the offending domain, according to MidPhase support, would have been ‘ block[ed] … without [the ability of] back reactivation ‘.
As, apparently, responding to these accusations of sending spamvertising around is not possible, the only possibility for the owner of the offending domain is to move to another hosting provider.
Needless to say, this lack of democratic values on what some consider the most democratic platform in the world, is shocking.