Spamcop and Gmail lock horns again

Google has once again had to lock horns with Spamcop, the service which blocks unwanted e-mail on behalf of many mail service providers, following the blocking of several Gmail servers, leading to normal mail being rejected as spam.

Several minor incidents of "false positive" spam identification occurred last year, but this month, several Google servers have been blacked completely, shutting all users of those servers off from sending e-mail to any address monitored by Spamcop.

Google is attempting to deal with the matter diplomatically. It informed users: "Some organizations, like SpamCop and SORBS, keep track of email spam so email providers/ISPs can use it to prevent spam from being delivered to their users. Occasionally, Gmail is listed on SpamCop because we do not reveal the IP address of our users."

In fact, although Spamroll experts have expressed serious doubts about Google's position on privacy, the finger points at clumsy implementation of Spamcop rules.

In its advice to mail server operators, Google says: "If you use a third-party block list, you should have a whitelisting mechanism in your SMTP gateway." This would require the mail service to note, for example, that a customer has sent e-mail to the appropriate address, and that therefore a reply from that address cannot be unsolicited - and therefore should not be blocked.

The search company has come under pressure once again, because of its insistence on maintaining user confidentiality. It recently found itself at loggerheads with the US Government, which asked for all searches relating to child porn to be sent to a Federal authority - something Hotmail and Yahoo! have both complied with, but Google is challenging.

Spamroll's expert says that "I am not sure what Google's beef over privacy is here, but it makes little sense to me." The author of the comment continues: "First, it is extremely difficult to learn much about a sender from their IP address, other than the general locale that particular e-mail was generated from. But why would a legitimate user care about that? The good guys aren't going out of their way to remain anonymous (at least not yet). It's the bad guys altering their headers, bouncing e-mails off open proxies, and using privacy tools to mask their real locations that you have to worry about, and an IP address in plain site is not going to bother them too much. In fact, it is a boon for them - one less thing to worry about."

However, the Spamcop move is seen as an unnecessarily blunt instrument. Google goes to a lot of trouble to ensure that it's not possible to set up a Gmail identity without having someone vouch for you. It gives accounts only to people recommended by existing users; and alternatively, insists on validating by sending a text message to a mobile phone.

Brian McWilliams noted that the Gmail servers in question are not on other big blacklists, "which makes you wonder how SpamCop is making decisions on their own account," said Spamroll.

Coincidentally, perhaps, Spamcop's owner, IronPort Systems, has failed to respond to requests for a comment on this issue. This might indicate that it has nothing to say, or it might indicate that even inside IronPort, Spamcop implementation is not sensitively set up.