From elind at spamcop.net Thu Apr 1 00:13:32 2004 From: elind at spamcop.net (elind) Date: Thu Apr 1 00:15:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: I'm a simple user and appreciate the filtering, and get some satisfaction in the the reporting on the faith that it's done by people who who know how all this works, which I admit I don't when it get down and dirty. However, either this guy (original poster) is a troll, or a spammer plant, or he has a point. Either way I would like to know. The one problem I have with spamcop is that, from my perspective, it's a bunch of geeks who think that mortal users are not worth talking to. The few times I have posted questions here, that were not "geek", I have never had relevant answers and when I once expressed my contempt for the chinese, for example, I got flamed by a bunch of PC geeks instead (I never heard an opinion on why it's the chinese and koreans or brazilians and, recently, russian crooks, who host most of this crap, as opposed to the USA for example, and when I called them names it was far less offensive than what they sent me). I also have never seen a commonsense explanation of what good this reporting actually does, or how the blacklist really work, or why so many well known ISPs (per comments seen here) supposedly ignore the reports in spite of laws against spamming (but, for example, why have the latest prosecutions not been against the biggest fish often mentioned here? Too smart for everyone, including our geek audience?). No doubt I can spend a lot of time educating myself but why should I? I think maybe it will be a lot less effort just to change email addresses periodically. I do have some alternative addresses that almost never get spam, so I know that works. So, to whoever it is that runs spamcop, if you read this stuff, since I can't find any other way to ask you, tell me why I should continue to subscribe? Elind "Tim McGraw" wrote in message news:406B9DD4.1060209@spamcop.net... > Satch wrote: > > I almost got thrown off my ISP today. I did lose all the good-will I've > > built up over more than five years with these people. Thank you, SpamCop. > > > > What was my sin? I reported spam to SpamCop. Unfortunately, SpamCop > > doesn't understand best network practices, including using non-routable > > addresses on internal networks, so not only did my reports misfire LART > > the wrong IP address, but apparently I was placed against my will into > > "mole" mode so the first my ISP learns about the problem is when customers > > are being blocked by SpamCop. > > > > Not that I'm any stranger to SpamCop's little problems in figuring out the > > injection point of spam. I have a Web server that is on-again, off-again > > in the SpamCop blocking list because the service doesn't know how to > > traverse Plesk-enhanced QMail MTA headers. So we get spam notice after > > spam notice, both directly and to our upstream, that isn't our spam. > > > > Today, though, finding out that I've pissed the owner of the ISP off to no > > ends is the last straw. > > > > I'm no longer reporting spam to SpamCop. > > > > What about SpamCop reports I received as an abuse administrator? I'll > > deal with the situations as they crop up. Just as I would with any other > > source of reports. Of the last fifteen SpamCop reports, ALL of them were > > incorrect. > > > > 100 percent false positive. Not good, SpamCop. > > > > This time, you hurt me personally. > > Funny, over on nanae just a few days ago you said: > > > My level with frustration with SpamCop pales markedly when compared with > > my frustrations with Plesk > > Qmail is believed to have about 17% of the market. It's strange you're > the only one with this problem. > From nobody at xyzzy.claranet.de Thu Apr 1 07:29:36 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Apr 1 00:35:03 2004 Subject: [SpamCop-List] Re: ntlworld.com References: Message-ID: <406BA8C0.6734@xyzzy.claranet.de> Mike Gray wrote: >> I have a feeling that you are right as I have failed to get >> any response from the web server to say that I posted a >> report > I did. It took about a week. BTW, I've just sent an update to abuse.net, the address in their whois record is hostmaster@ntl.com Maybe abuse.net (i.e. John L.) replaces the old abuse@ntlworld.com address. Bye, Frank -- I think we've seen that forcing spammers to send more spam hasn't been an effective way to make them stop sending spam. [John L. ] From nobody at xyzzy.claranet.de Thu Apr 1 07:52:50 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Apr 1 00:55:02 2004 Subject: [SpamCop-List] Re: False FROM and REPLY-TO = More bounces than spam (please advise) References: <40667461.3218@xyzzy.claranet.de> Message-ID: <406BAE32.45C0@xyzzy.claranet.de> Peter Pepper wrote: > Do you find it is worth the time to reply to the server that > sent the error message to let them know the addresses were > forged and they are sending erroneous mail to the wrong > recipient? In theory yes, but in practice I can't do this manually, it's too much. As long as the Return-Path is empty (incl. <>) it's easy to delete bounces. Okay, my good old Netscape 3.x can't match empty headers, but it finds postmaster@ or mailer-daemon@ in From: headers. One thing which really upsets me are the numerous "spamarrest" challenges. This is pure spam, and I'm now starting to send this stuff to all involved abuse@ addresses or even hostmaster@ in the case of ntlworld.com, and the next step will be to post this spamarrest.com spam in nananas. This organization (spamarrest.com) is an excessively annoying combination of technical ignorance and UCE. SC should allow to report spamarrest.com challenges as what they are, just spam. My first idea was to simply click on the "whitelist link" in spamarrest spam, but it didn't work, maybe they insist on JS. Rule #3: spammers are stupid. Spamarrest.com _is_ a spammer. Bye, Frank From nobody at spamcop.net Thu Apr 1 01:40:34 2004 From: nobody at spamcop.net (WazoO) Date: Thu Apr 1 02:45:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "elind" wrote in message news:c4g8e4$nit$1@news.spamcop.net... > I'm a simple user and appreciate the filtering, and get some satisfaction in > the the reporting on the faith that it's done by people who who know how all > this works, which I admit I don't when it get down and dirty. So does this mean that you report spam or not? And if you do, do you follow the agreement you made when you signed up fo an account and report responsibly? > However, either this guy (original poster) is a troll, or a spammer plant, > or he has a point. Either way I would like to know. Pretty close to troll level, in my opinion. for instance; > > > What was my sin? I reported spam to SpamCop. Unfortunately, > > > SpamCop doesn't understand best network practices, including > > > using non-routable addresses on internal networks, SpamCop would not generate a report for non-routable internal network IPs. And, even if the IPs were "routable numbers" .. they would only be a possible reporting issue due to either being a spam source, open proxy, open relay, or mis-configured enough to break the chain test of the parsing tool. > > > so not only did my reports misfire LART the wrong IP address, This goes to the "responsibility" question I asked earlier. No report gets sent unless "you, the reporter" ensures that the target address is checked off and the "Send" button clicked. This "second check" that so many people ask about deleting is that last chance to ensure that one does not report themselves, their own ISP, etc. > > > but apparently I was placed against my will into "mole" mode "Against my will" is a pretty silly way to admit that he/she didn't read the screens of data while signing up for an account, as the "mole status" is a check-box item that could have been cleared before moving on to the next screen in the process. And even if he/she figured out later on that "mole status" isn't what was wanted, the account could have been changed. > > > so the first my ISP learns about the problem is when customers > > > are being blocked by SpamCop. As there isn't an accounting of just how many spam reports were generated by this user, we can run with the thought that this user had hundreds of potential occasions to notice that the complaint targets in each of those "reports" was his/her own network connection, but not once did this user take that moment of focus to pay any attention. And of course, this is ignoring the starting comments, in that there would be no "internal non-routable addresses" used to target the complaints, so that it seems like it would have been an easier to see item that he/she was reporting his/her own hosting ISP. To take a step further, you'll note that there is no supporting evidence provided so that anyone here could do a look-up on anything offered in the rant. > > > I have a Web server that is on-again, off-again in the > > > SpamCop blocking list The SpamCop BL doesn't concern itself with web-sites, only e-mail sources. > > > So we get spam notice after spam notice, both directly > > > and to our upstream, that isn't our spam. I'm missing the remarks about what was done to correct the "isn't our spam" situation. > > > Of the last fifteen SpamCop reports, ALL of them were > > > incorrect. 100 percent false positive. Not good, SpamCop. Stuff happens, but some evidence and data would sure be nice to see what the issues really are/were. Tim McGraw has already pointed out some inconsistencies in various postings by the apparently same individual. > The one problem I have with spamcop is that, from my perspective, > it's a bunch of geeks who think that mortal users are not worth talking to. Whatever. > So, to whoever it is that runs spamcop, if you read this stuff, since I > can't find any other way to ask you, tell me why I should continue to > subscribe? Personal decision time, I'd say. You start out by saying you appreciate the filtering and get some satisfaction .. but then turn and talk about how ticked off you are. If you don't want to educate yourself (which from your write-up wouldn't take much more than simply lurking in these news- groups for a few days and reading 'all' posts) .. then there doesn't seem to be much point in going into detail here at all. Make your own decision. From STEVE at cashmans.fsnet.co.uk Thu Apr 1 09:04:32 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 1 03:05:06 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "WazoO" wrote in message news:c4gh1h$thr$1@news.spamcop.net... > "elind" wrote in message > news:c4g8e4$nit$1@news.spamcop.net... > It seems to me that the spamcop system is not user friendly enough for some non-geeks to use without making mistakes. Software should be as close to fool proof as possible - clearly from the comments made by so many the spamcop software is not. A bit more 'user' testing would help. Steve From jgw321 at hotmail.com Thu Apr 1 09:45:00 2004 From: jgw321 at hotmail.com (JG Weston) Date: Thu Apr 1 03:50:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: Message-ID: In article , WazoO wrote: > which ... wouldn't take much more than simply lurking in these news- > groups for a few days and reading 'all' posts I am a fairly new user and it didn't take more than a few days to work out which posters know what they are talking and offer useful advice. JG. From tmcgraw at spamcop.net Thu Apr 1 01:11:32 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 04:15:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: <406BDCC4.6070302@spamcop.net> WazoO wrote: > "elind" wrote in message > news:c4g8e4$nit$1@news.spamcop.net... > >>The one problem I have with spamcop is that, from my perspective, >>it's a bunch of geeks who think that mortal users are not worth >>talkin to. > > Whatever. Right on, WazoO... considering all the time that people freely give to help folks like elind here on these newsgroups, providing helpful answers, this just doesn't ring true. As to Satch's problem it's not explained how reports from only one reporter got him listed.... hmmmmmmm. From tmcgraw at spamcop.net Thu Apr 1 01:23:30 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 04:25:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: <406BDF92.8050800@spamcop.net> Steve Cashman wrote: > > It seems to me that the spamcop system is not user friendly enough for some > non-geeks to use without making mistakes. Software should be as close to > fool proof as possible - clearly from the comments made by so many the > spamcop software is not. Examples? Seems you had your own problem once - bouncing emails. You got plenty of good advice then: http://news.spamcop.net/pipermail/spamcop-list/2003-September/057670.html From STEVE at cashmans.fsnet.co.uk Thu Apr 1 10:36:51 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 1 04:35:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:406BDF92.8050800@spamcop.net... > Steve Cashman wrote: > > > > It seems to me that the spamcop system is not user friendly enough for some > > non-geeks to use without making mistakes. Software should be as close to > > fool proof as possible - clearly from the comments made by so many the > > spamcop software is not. > > Examples? > > Seems you had your own problem once - bouncing emails. You got plenty of > good advice then: > http://news.spamcop.net/pipermail/spamcop-list/2003-September/057670.html > OK so you agree there is a problem. Let's start there, it is in all of our interests to get this fixed. When we get problems who exactly do we report it to? Can we have access to a software bug list to report problems. Is there a method of requesting enhancements? Where can users have feedback for the resolution of these problems and enhancements? As for examples please read the earlier comments over the past few weeks. Steve From kjz at despammed.com Thu Apr 1 11:50:20 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Thu Apr 1 04:55:32 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. burns: SURERXPALACE.COM, SURERXPILLS.COM, RXTECHSOLUTIONS.COM, HEATLHSTATUSNOW.COM, GREATWELLNESSINC.COM In-Reply-To: References: Message-ID: Domain Name: SURERXPALACE.COM 66.110.74.150 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Domain Name: SURERXPILLS.COM 66.110.74.150 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Domain Name: HEALTHEVOLVING.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 Domain Name: ONLINEHEALTHNET.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 Domain Name: BETTERMDPERFORMANCE.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 Domain Name: RXTECHSOLUTIONS.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 Domain Name: HEATLHSTATUSNOW.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 Domain Name: GREATWELLNESSINC.COM Administrative Contact: Marsh, John (37269621P) jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US none GI 954-254-9014 From uce2002 at hotmail.com Thu Apr 1 10:57:40 2004 From: uce2002 at hotmail.com (uce2002) Date: Thu Apr 1 05:00:18 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. burns: SURERXPALACE.COM, SURERXPILLS.COM, DNS: HEALTHEVOLVING.COM, ONLINEHEALTHNET.COM, BETTERMDPERFORMANCE.COM, RXTECHSOLUTIONS.COM, HEATLHSTATUSNOW.COM, GREATWELLNESSINC.COM References: Message-ID: "Karl-Josef Ziegler" wrote in message news:c4gokt$56v$1@news.spamcop.net... > Domain Name: SURERXPALACE.COM 66.110.74.150 > Registrant: > Kelker Holdings Limited > 2-4 Arch.Makarios 111 Avenue > Capital Centre, 9th Floor > Nicosia > NI > CY > 1505 > > Domain Name: SURERXPILLS.COM 66.110.74.150 > Registrant: > Kelker Holdings Limited > 2-4 Arch.Makarios 111 Avenue > Capital Centre, 9th Floor > Nicosia > NI > CY > 1505 > > Domain Name: HEALTHEVOLVING.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 > > Domain Name: ONLINEHEALTHNET.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 > > Domain Name: BETTERMDPERFORMANCE.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 > > Domain Name: RXTECHSOLUTIONS.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 > > Domain Name: HEATLHSTATUSNOW.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 > > Domain Name: GREATWELLNESSINC.COM > Administrative Contact: > Marsh, John (37269621P) jmarsh05051966@hotmail.com > Global Media Holdings > Suite 23 Portland House > Glacis Rd > Outside US, Outside US none > GI > 954-254-9014 Domain Name: EXCELLENTRXMD.COM Administrative Contact: Holdings, Kelker (NIC-8126) legal@kelkerholdings.com Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI, CY 1505 Phone: 8701325027 From tmcgraw at spamcop.net Thu Apr 1 02:23:51 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 05:25:31 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> Message-ID: <406BEDB7.8040000@spamcop.net> Steve Cashman wrote: > "Tim McGraw" wrote in message > news:406BDF92.8050800@spamcop.net... > >>Seems you had your own problem once - bouncing emails. You got plenty of >>good advice then: >>http://news.spamcop.net/pipermail/spamcop-list/2003-September/057670.html > > OK so you agree there is a problem. No I didn't. > Let's start there, it is in all of our interests to get this fixed. Exactly what is the problem? > When we get problems who exactly do we report it to? Here. > Can we have access to a software bug list to report problems. Who is "we"? What you're asking for would be very helpful for spammers to "beat" spamcop. > Is there a method of requesting enhancements? Yes. In these newsgroups. > Where can users have feedback for the resolution of these problems and > enhancements? In these newsgroups. > As for examples please read the earlier comments over the past few weeks. The Mailhosts feature under development - clearly labeled beta - seems to make up the bulk of issues. From nobody at spamcop.net Thu Apr 1 05:41:26 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Apr 1 05:40:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "elind" wrote in message news:c4g8e4$nit$1@news.spamcop.net... > I'm a simple user and appreciate the filtering, and get some satisfaction in > the the reporting on the faith that it's done by people who who know how all > this works, which I admit I don't when it get down and dirty. I am also a simple user. I am technically 'technically non-fluent' when it comes to email systems and how the internet works. > > However, either this guy (original poster) is a troll, or a spammer plant, > or he has a point. Either way I would like to know. The one problem I have > with spamcop is that, from my perspective, it's a bunch of geeks who think > that mortal users are not worth talking to. Most of the people who frequent the newsgroups are "geeks" or directly working with email systems and servers. However, as JG Weston said, it is not difficult, after lurking a while, to start understanding them and to find out who is really knowledgeable and helpful. This is a user group and people 'talk' as the real people they are. And geeks tend not to waste time on being tactful. That doesn't mean they are not helpful or respectful. >The few times I have posted > questions here, that were not "geek", I have never had relevant answers and > when I once expressed my contempt for the chinese, for example, I got flamed > by a bunch of PC geeks instead (I never heard an opinion on why it's the > chinese and koreans or brazilians and, recently, russian crooks, who host > most of this crap, as opposed to the USA for example, and when I called them > names it was far less offensive than what they sent me). Posters tend to be replied to in the same tone they post in. If you were name calling, then people probably answered in kind. (I didn't see the posts) In fact, I believe, that most of the spammer sites and operators are US citizens. They use the chinese, brazilian, and russian sites because they are cheap and because those ISP's don't realize the impact of spam on the internet so don't take the precautions that US and European based ISP's do. Actually, if you have read the newsgroups, you should know that one of the worst offenders is Comcast from the US - not from ignorance nor from desire to get spammer money, but purely from negligence in not closing open proxies. > > I also have never seen a commonsense explanation of what good this reporting > actually does, or how the blacklist really work, or why so many well known > ISPs (per comments seen here) supposedly ignore the reports in spite of laws > against spamming (but, for example, why have the latest prosecutions not > been against the biggest fish often mentioned here? Too smart for everyone, > including our geek audience?). No doubt I can spend a lot of time educating > myself but why should I? If you aren't going to educate yourself, then it would be better not to express opinions and accept what the "geeks" know. > > I think maybe it will be a lot less effort just to change email addresses > periodically. I do have some alternative addresses that almost never get > spam, so I know that works. You would probably be happier doing so. > > So, to whoever it is that runs spamcop, if you read this stuff, since I > can't find any other way to ask you, tell me why I should continue to > subscribe? Unless one can use the spamcop bl, there is nothing but altruism in continuing to subscribe. It is like picking up litter as you take your morning walk. Your contribution is not great; it doesn't solve the problem of litter; and you have no idea of the overall problem and causes and solutions. Miss Betsy From STEVE at cashmans.fsnet.co.uk Thu Apr 1 11:49:38 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 1 05:50:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> <406BEDB7.8040000@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:406BEDB7.8040000@spamcop.net... > Steve Cashman wrote: > > "Tim McGraw" wrote in message > > news:406BDF92.8050800@spamcop.net... > > > >>Seems you had your own problem once - bouncing emails. You got plenty of > >>good advice then: > >>http://news.spamcop.net/pipermail/spamcop-list/2003-September/057670.html > > > > OK so you agree there is a problem. > > No I didn't. > > > Let's start there, it is in all of our interests to get this fixed. > > Exactly what is the problem? > > > When we get problems who exactly do we report it to? > > Here. > > > Can we have access to a software bug list to report problems. > > Who is "we"? > > What you're asking for would be very helpful for spammers to "beat" spamcop. > > > Is there a method of requesting enhancements? > > Yes. In these newsgroups. > > > Where can users have feedback for the resolution of these problems and > enhancements? > > In these newsgroups. > > > As for examples please read the earlier comments over the past few weeks. > > The Mailhosts feature under development - clearly labeled beta - seems > to make up the bulk of issues. > Tim I am trying both to help and to get help here. Please do not be so pedantic and tetchy. http://www.talkaboutspam.com/group/alt.spam/messages/89674.html From agent01413 at my-deja.com Thu Apr 1 04:13:40 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Thu Apr 1 06:15:29 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that "Steve Cashman" had this to say on 01 Apr 2004: > Software should be as > close to fool proof as possible We improve software as quickly as possible to make it as fool proof as possible. Unfortunately, god is rolling out more advanced versions of fools faster than we can roll out more advanced versions of software. -- officially recognized SPEWS puppet ISO certification and everything I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) From tmcgraw at spamcop.net Thu Apr 1 03:20:37 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 06:25:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> <406BEDB7.8040000@spamcop.net> Message-ID: <406BFB05.1000909@spamcop.net> Steve Cashman wrote: > > I am trying both to help and to get help here. Please do not be so > pedantic and tetchy. > > http://www.talkaboutspam.com/group/alt.spam/messages/89674.html That's some funny sh*t there Steve, but still not helpful. Since I'm such a wingnut mebbe someone else can help, mmmkay? From nobody at spamcop.net Thu Apr 1 06:36:08 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Apr 1 06:35:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "Steve Cashman" wrote in message news:c4giae$v28$1@news.spamcop.net... > > "WazoO" wrote in message > news:c4gh1h$thr$1@news.spamcop.net... > > "elind" wrote in message > > news:c4g8e4$nit$1@news.spamcop.net... > > > It seems to me that the spamcop system is not user friendly enough for some > non-geeks to use without making mistakes. Software should be as close to > fool proof as possible - clearly from the comments made by so many the > spamcop software is not. A bit more 'user' testing would help. > > Steve > I'm in a hurry, so can't help. But you are right - the spamcop system is not designed for the technically non-fluent. However, there are people (myself as an example) who with time and patience can, at least, not make mistakes. Julian is trying with the Mailhosts (still in beta - which means testing) to make spamcop more "mistake-proof" And Tim is right - the only place to make suggestions and comments and report bugs is in the newsgroups. spamcop communication with its users is one of its biggest weaknesses (even for the techies), but because Julian is so gifted as a programmer and spamcop is useful for them, most techies are very patient. Also, posters are people, not employees of a help desk. Try to see their posts with personalities. Some of the 'bluntest' are the most knowledgeable. HTH Miss Betsy From nobody at spamcop.net Thu Apr 1 06:37:21 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Apr 1 06:35:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "Socks the white house cat" wrote in message news:Xns94BE2B025DC09agent01413mydejacom@216.154.195.61... > Someday in the distant future, archeologists digging thru the ruins of > spamcop will discover that "Steve Cashman" > had this to say on 01 Apr 2004: > > > Software should be as > > close to fool proof as possible > > We improve software as quickly as possible to make it as fool proof as > possible. Unfortunately, god is rolling out more advanced versions of fools > faster than we can roll out more advanced versions of software. > I sure hope that Steve laughs as hard as I did! Miss Betsy From MikeE at ster.invalid Thu Apr 1 03:39:03 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 06:40:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> <406BEDB7.8040000@spamcop.net> Message-ID: Steve Cashman wrote: > http://www.talkaboutspam.com/group/alt.spam/messages/89674.html Furrfu! That [talkaboutspam] is a weird way to 'steal' a discussion which was in alt.spam!! Here's a snurled google groups of it http://snipurl.com/5fve starting here and continuing for 14 items, view the context Newsgroups: alt.spam Subject: Help -> header ip Date: Sat, 6 Dec 2003 16:35:34 -0200 Message-ID: That discussion started with someone posting headers and asking how to parse them, and I posted 3 ways to 'demonstrate' the parse, including spamcop's results, my favorite 'abbreviated' headers with *comments display, and the popular alt.spam way. Then, the discussion turned to methods to fool spamcop with bogus headers and how spamcop treats the open proxy during the parse and some header forgery experiments which were then discussed back here in spamcop - see this link http://news.spamcop.net/pipermail/spamcop-list/2003-December/066524.html starting Dec 8 in spamcop - Subject: Parse riddle - and that thread involves me, Tim McGraw and Michael Lefevre discussion of what I brought over from alt.spam Then, Munger Joe visits spamcop and lurks and returns to comment in alt.spam. I didn't know talkaboutspam was handling newsgroup 'grabbing' like that. Google's approach is more appropriate. -- Mike Easter From MikeE at ster.invalid Thu Apr 1 04:18:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 07:20:17 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> <406BEDB7.8040000@spamcop.net> Message-ID: Mike Easter wrote: >> http://www.talkaboutspam.com/group/alt.spam/messages/89674.html > > Furrfu! That [talkaboutspam] is a weird way to 'steal' a discussion > which was in alt.spam!! > Newsgroups: alt.spam > I didn't know talkaboutspam was handling newsgroup 'grabbing' like > that. Google's approach is more appropriate. The appearance of the talkaboutspam [and presumably all of the other talkabout forums] is such that the forum doesn't properly 'attribute' the postings there as 'stolen' nntp newsgroup postings. It creates the 'illusion' that the 'dialogs' are going on because of posters to that forum. In fact, it seems to me that it 'conceals' the nntp newsgroup relationship by 'disguising' the names of the groups - ie the 'forum's' name for alt.spam is 'spam' with similar derivatives for the other nntp alt. newsgroups involved with spam. There's something 'wrong' about that - sorta like a 'copyright' issue - if the forum is going to copy things it shouldn't make it appear as if those things 'belonged' to them or happened there. If google recapitulates newsgroups, it makes it perfectly clear just exactly what is going on, right down to the message id and the newsgroup's name. It is also apparent when a newsgroup posting is made via google into nntp. I think google is a legitimate news to/from web gateway. I think talkabout is an 'illegitimate' news to/from web gateway. -- Mike Easter From nobody at spamcop.net Thu Apr 1 13:44:18 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 1 08:45:19 2004 Subject: [SpamCop-List] Re: In case you haven't seen it - http://www.antiphishing.org/ References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4ficn$lr$1 @news.spamcop.net: > In case you haven't seen it - http://www.antiphishing.org/ Has been on my site since 23 March - see: http://banspam.javawoman.com/report3/scam3.html > They accept reports at reportphishing@antiphishing.org, and are very > interested in intact headers it seems (so I guess user Spamcop reports > would be OK to them (?)) I've Cc'ed them on SpamnCop reports several times already. No auto-acks, but no error report on that either, so apparently they do accept SpamCop reports. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Thu Apr 1 13:47:51 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 1 08:50:02 2004 Subject: [SpamCop-List] Re: Help - domain forgery attack References: <406B2866.1090406@cpl.net> Message-ID: Mike Richter (mrichter@cpl.net) wrote in news:406B2866.1090406@cpl.net: > a) Yes, bounces do not get reported through SC. You can use SC to find > the source by pasting in the full header of the message which bounced > (not of the bounce itself), but when you get as close as you can to the > sender, you must act on your own. Apparently this will work only until everyone has to migrate to mailhosts. After that, you'll have to do your own parsing of spam that was not sent to you... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From elind at spamcop.net Thu Apr 1 08:52:20 2004 From: elind at spamcop.net (elind) Date: Thu Apr 1 08:55:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: "WazoO" wrote in message news:c4gh1h$thr$1@news.spamcop.net... > "elind" wrote in message > news:c4g8e4$nit$1@news.spamcop.net... > > I'm a simple user and appreciate the filtering, and get some satisfaction > in > > the the reporting on the faith that it's done by people who who know how > all > > this works, which I admit I don't when it get down and dirty. > > So does this mean that you report spam or not? And if you do, do you > follow the agreement you made when you signed up fo an account and > report responsibly? > > > However, either this guy (original poster) is a troll, or a spammer plant, > > or he has a point. Either way I would like to know. > > Pretty close to troll level, in my opinion. for instance; > > > > > What was my sin? I reported spam to SpamCop. Unfortunately, > > > > SpamCop doesn't understand best network practices, including > > > > using non-routable addresses on internal networks, > > SpamCop would not generate a report for non-routable internal > network IPs. And, even if the IPs were "routable numbers" .. they > would only be a possible reporting issue due to either being a spam > source, open proxy, open relay, or mis-configured enough to break > the chain test of the parsing tool. > > > > > so not only did my reports misfire LART the wrong IP address, > > This goes to the "responsibility" question I asked earlier. No report > gets sent unless "you, the reporter" ensures that the target address is > checked off and the "Send" button clicked. This "second check" that > so many people ask about deleting is that last chance to ensure that > one does not report themselves, their own ISP, etc. > > > > > but apparently I was placed against my will into "mole" mode > > "Against my will" is a pretty silly way to admit that he/she didn't read > the screens of data while signing up for an account, as the "mole status" > is a check-box item that could have been cleared before moving on > to the next screen in the process. And even if he/she figured out later > on that "mole status" isn't what was wanted, the account could have > been changed. > > > > > so the first my ISP learns about the problem is when customers > > > > are being blocked by SpamCop. > > As there isn't an accounting of just how many spam reports were > generated by this user, we can run with the thought that this user had > hundreds of potential occasions to notice that the complaint targets > in each of those "reports" was his/her own network connection, but > not once did this user take that moment of focus to pay any attention. > And of course, this is ignoring the starting comments, in that there > would be no "internal non-routable addresses" used to target the > complaints, so that it seems like it would have been an easier to > see item that he/she was reporting his/her own hosting ISP. > To take a step further, you'll note that there is no supporting > evidence provided so that anyone here could do a look-up > on anything offered in the rant. > > > > > I have a Web server that is on-again, off-again in the > > > > SpamCop blocking list > > The SpamCop BL doesn't concern itself with web-sites, > only e-mail sources. > > > > > So we get spam notice after spam notice, both directly > > > > and to our upstream, that isn't our spam. > > I'm missing the remarks about what was done to correct the > "isn't our spam" situation. > > > > > Of the last fifteen SpamCop reports, ALL of them were > > > > incorrect. 100 percent false positive. Not good, SpamCop. > > Stuff happens, but some evidence and data would sure be nice > to see what the issues really are/were. Tim McGraw has already > pointed out some inconsistencies in various postings by the > apparently same individual. > > > The one problem I have with spamcop is that, from my perspective, > > it's a bunch of geeks who think that mortal users are not worth talking > to. > > Whatever. > > > So, to whoever it is that runs spamcop, if you read this stuff, since I > > can't find any other way to ask you, tell me why I should continue to > > subscribe? > > Personal decision time, I'd say. You start out by saying you appreciate > the filtering and get some satisfaction .. but then turn and talk about how > ticked off you are. If you don't want to educate yourself (which from your > write-up wouldn't take much more than simply lurking in these news- > groups for a few days and reading 'all' posts) .. then there doesn't > seem to be much point in going into detail here at all. Make your own > decision. > > Thanks for proving my point Mr. Whatever!! Not worth talking to am I? I'm here because it was the only help source I could find. It seems to me that it would be trivially simple for spamcop management to have a good primer as well as a "news" item updating the status of the spam wars. I don't want to live on this board nor be an internet routing protocols expert. Since Mr. Whatever responds to two posters in this message, his point become a little confused, but when he asks "So does this mean that you report spam or not? And if you do, do you follow the agreement you made when you signed up for an account and report responsibly?" I don't understand the point of the question. Of course I report, and 99% of the time that is by ticking the check boxes on held mail and submitting. Twice, to my knowledge, I have mistakenly reported non spam and almost immediately realized the mistake, but I know of no way to reverse the action except to apologize to the reported, which I did. My summary point was that I don't know if any of this does any good anymore, and from reading the posts here, including Mr. Whatever's, I get the general feeling that ISP's have come to live with a level of spam and really don't care about what spamcop does; nor do I really know who spamcop is anymore, or if Mr. Whatever is part of it. I hate to take up more time of people like the above responders, but if there is a good primer on all this somewhere I'd appreciate a link. From redford_stone at INVERSE_OF_COLDmail.com Thu Apr 1 14:19:18 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Apr 1 09:20:03 2004 Subject: [SpamCop-List] Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" Message-ID: Picked this little gem up out of NANAE. I haven't seen something as gooney as this since spammers began claiming "Frea Speach" under HR. 1618. Seems that this schmuck wanted to spam from Comcast only to discover that nearly every sane ISP has Comcast blocked. This is hysterical. :-) ------ Received: from [68.35.153.199] by web21327.mail.yahoo.com via HTTP; Tue, 30 Mar 2004 22:39:49 -0800 (PST) Date: Tue, 30 Mar 2004 22:39:49 -0800 (PST) From: Kirk White Subject: PETITION FOR REDRESS OF GRIEVANCE EMAIL .. Message-id: <20040331063949.29536.qmail@web21327.mail.yahoo.com> To whom it might concern: Wherefore I have been notified that my enclosed email titled "PETITION FOR REDRESS OF GRIEVANCE", and/or subsequent email regarding said original PETITION, has been labeled "spam" by the organization / company / group / and/or individual calling itself "SORBS". WHEREFORE, the title of said email very clearly identifies it as EXEMPT from the legal definition of SPAM. WHEREFORE, at no place does it ask for anything monitary, nor do we want, nor do we need, nor do we desire anything monetary. Nor would we accept anything monetary. Therefore, and because it is NOT a commercial message selling a product, it does not fit any legal definition of the term "spam". Moreover, if you as a company or organization believe we are not permitted BY YOU to ask U.S. citizens to sign such a PETITION when our own government is preventing us from asking - IT - for redress of grievance, then you and yours have attended the wrong law school !!! WHEREFORE, what the subject email does ask for, is for citizens to sign a petition regarding the U.S. government's outrageous human rights abuse of one Vince Diehl, a natural born citizen of these United States, that is therein very clearly described. Which included trying to literally starve him to death, and thereby shrinking his stomach to the size of a tennis ball, thereby making it impossible for him to eat normal food. WHEREFORE, under the First Amendment of these United States the subject group calling itself "SORBS" has violated our First Amendment rights to "FREEDOM OF SPEECH", whereas no petition for redress of grievance from such governmental abuse can be labeled as abuse, nor as spam, under federal law. Nor, can it be so labeled under New Mexico State Law. Nor can it be so labeled under INTERNATIONAL law !!! WHEREFORE, not only is the above a violation of our First Amendment Rights to seek redress of Grievance, it is as well a clear violation under Federal Law of our First Amendment Rights to Freedom Of Speech. But nevertheless, one, more than one, or all of those receiving this email, and hereby identified as "SORBS", COGECO, and/or COMCAST, have deemed our subject PETITION to be SPAM, and have illegally blocked us from sending any and all email from the account we have paid for at COMCAST, and have lawful rights to use. And on occassions, blocked us from receiving email. Moreover, as a part of this utterly illegal conduct, the said persons/entity referring to itself as "SORBS" has conspired to extort monies and/or material worth from us, as documented by their website, of which we have made a cerytifiable copy of. Which is as well a FELONY crime. THEREFORE, and for which reason, formal statutory notice is hereby provided that either our email account be fully restored within three (3) days, and a formal written apology be tendered forthwith by the offending entity. Or, in the alternative, provide us with the name of your statutory agent so that we ourselves may start proceedings to have the courts remedy this matter. Or, in the alternative, advise us that you, as one of the entities receiving this email, have not in any way taken part in the subject complained of First Amendment human rights abuse. We, ourselves, will not be contacting you again regarding this matter. ---------------------------------------------------- Enclosed herein below is a true copy of the subject PETITION: ---------------------------------------------------- Subject: PETITION: Date: thur, 19 Feb 2004 15:23:05 -0700 From: Kirk White From: Kirk White To: [spammed addresses suppressed] To whom it may concern: I wasn't going to bother sending this, because in my heart I know it will do no good. But I didn't want to leave anyone with the impression I didn't care. Having said that, I will now begin soliciting others to sign this petition. If we in fact have no obtainable rights. At least everyone has a right to know. Vince Diehl ----------------------------------------------------- . . P E T I T I O N FOR R E D R E S S OF G R I E V A N C E ON BEHALF OF VINCE DIEHL, A NATURAL BORN U.S. CITIZEN AND RESIDENT OF THE STATE OF NEW MEXICO Having read the text at the links provided below, all of which are hereby incorporated by reference and thereby made an integral part of this petition just as though their contents were written and contained herein; I demand a full investigation of the unlawful conduct described within these links: And if after such an investigation, it be found that any of the illegal conducts therein described did in fact take place: I demand that Criminal Charges be sought by a duly impaneled Grand Jury in the place of lawful Venue. And if found guilty the subjects identified in the hereto attached links be prosecuted and sentenced to the fullest extent of all related Criminal Law. See http://theAmericanNightmare.org/case_study.html I am both appalled and outraged that any such conduct could take place in these United States. __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html From SpamCop at pantheus.com Thu Apr 1 06:33:52 2004 From: SpamCop at pantheus.com (Pantheus) Date: Thu Apr 1 09:35:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406BDF92.8050800@spamcop.net> <406BEDB7.8040000@spamcop.net> Message-ID: On Thu, 01 Apr 2004 02:23:51 -0800, Tim McGraw wrote: > The Mailhosts feature under development - clearly labeled beta - seems > to make up the bulk of issues. And /should/ be labeled pre-alpha ! As usual released into the wild way before testing. -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From anjeana at hotmail.com Thu Apr 1 08:36:15 2004 From: anjeana at hotmail.com (adfdsa) Date: Thu Apr 1 09:40:02 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: Again, even if none of you work for SC, 'help and information' rather than sarcasm is what anyone should expect. I simply posted looking for a little info. Luckily, the first and third posts were very helpful and not sarcastic. It seems that the person responsible for the second post doesn't really care if he insults anyone or not. If I'm not mistaken, that type of attitude really isn't conducive to the purpose of this newsgroup. If you take the time to fully read the post that I responded to, the sarcasm is a fact not accusational. I appreciate those that responded in a kind manner and care not for those who did not. If the sarcasm was unintended, I apologize for my behavior. If not, shame on you and those who have responded in kind. I was ignorant of what SC's capabilities are, not stupid. "adfdsa" wrote in message news:c4eo07$saf$1@news.spamcop.net... > So what your saying is that SC really isn't *useful*. It only exists so that > you can feel important. Strange, I thought, rather than sarcasm, 'help and > information' are supposed to be available here. That is your 'job', right? > > "Mike Easter" wrote in message > news:c4c7ov$544$1@news.spamcop.net... > > adfdsa wrote: > > www.spamcop.net/w3m?i=z838136519z4f5888c93e016923e075ddbb77d5738fz > > > > > It would be very helpful if SpamCop would include port information in > > > the complaints. I have a section of my network that sits behind > > > several NAT boxes. The IP information that I receive from SpamCop > > > pertains only to the NAT box, and not the box that is connecting > > > through it. With several hundred machines connecting to one box, > > > additional port information to go along with the IP and time stamp > > > would prove useful in locating the Open Mail Relay and shutting it > > > down. > > > > Here's what is going on here: > > > > This report is concerning unwanted email from 139.78.10.155 > > > > Then, SC provides the 'logic' which is a copy of the spam, including > > headers, which can also be seen at > > www.spamcop.net/sc?id=z379612893zadc33f3248e6b9e27a6c32d9f311cb95z > > > > You can examine those headers and the parsing logic, but all you will > > see is a spamitem from the open proxy "at" 139.78.10.155 and including > > bogus Received trace lines in the spam header. > > > > The reason that that is all you see is that that is *exactly* what the > > spam recipient received. It isn't SC's 'job' to figure out the > > insecurity at or behind the misconfigured insecure box. That is the job > > of the person in charge of the box or the NAT or whatever. I guess that > > would be you. > > > > That IP is listed in CBL & DSBL as insecure, and SCbl as a spamsource. > > > > It looks to me like it is an open socks4 proxy at port 13399. You > > should fix that and any other insecurities. > > > > > > -- > > Mike Easter > > > > From rmu93awSPAMB02 at sneakemail.com Thu Apr 1 08:45:03 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 1 09:45:03 2004 Subject: [SpamCop-List] Re: spamhaus In-Reply-To: References: Message-ID: Spam eater wrote: > http://www.spamhaus.org.uk im told the current offer is $7200 Nuked again, and by a Chinese provider no less. That is some kind of accomplishment. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From STEVE at cashmans.fsnet.co.uk Thu Apr 1 15:53:07 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 1 09:55:03 2004 Subject: [SpamCop-List] Re: Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" References: Message-ID: "Redstone" wrote in message news:Xns94BE402C26E1Elumbercartel@216.154.195.61... > > Picked this little gem up out of NANAE. > Vince Diehl wrote - included trying to literally starve him to death, and > thereby shrinking his stomach to the size of a tennis > ball, thereby making it impossible for him to eat > normal food. > Hey maybe he shouldn't have taken the spammed weight loss pills. From kfasold at hotmail.com Thu Apr 1 09:12:40 2004 From: kfasold at hotmail.com (Karl Fasold) Date: Thu Apr 1 10:15:12 2004 Subject: [SpamCop-List] Re: "Held Mail" now blocks based on *any* header with a blocked IP#??? References: <406A0005.70406@spamcop.net> <1kml60p07dt0835qtmdmguuhatobdtcgl8@4ax.com> <406AE9A7.1010803@spamcop.net> <406B1BC4.9000003@spamcop.net> Message-ID: On Wed, 31 Mar 2004 11:28:04 -0800, Tim McGraw wrote: >Larry Kilgallen wrote: >> In article <406AE9A7.1010803@spamcop.net>, Tim McGraw writes: >> >>>Karl Fasold wrote: >>> >>>>Uh, that's how it's always worked / is supposed to work. >>> >>>That's not been my experience over the five years I've used sc. >> >> It has been my experience over the years that I have used the >> SpamCop Filtering Service. > >Holding mail when the source is not on any blocklist? Really? No, holding mail when an ip in the path is on a blocklist you've selected to use. (of course the 'from' address is a spamtrap -- isn't all of Hotmail? ) If you really need to email, try the same user at spamcop.net From kfasold at hotmail.com Thu Apr 1 09:33:18 2004 From: kfasold at hotmail.com (Karl Fasold) Date: Thu Apr 1 10:35:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: Message-ID: On Wed, 31 Mar 2004 18:25:13 -0800, Satch wrote: >I almost got thrown off my ISP today. I did lose all the good-will I've >built up over more than five years with these people. Thank you, SpamCop. > >What was my sin? I reported spam to SpamCop. Unfortunately, SpamCop >doesn't understand best network practices, including using non-routable >addresses on internal networks, so not only did my reports misfire LART >the wrong IP address, but apparently I was placed against my will into >"mole" mode so the first my ISP learns about the problem is when customers >are being blocked by SpamCop. > >Not that I'm any stranger to SpamCop's little problems in figuring out the >injection point of spam. I have a Web server that is on-again, off-again >in the SpamCop blocking list because the service doesn't know how to >traverse Plesk-enhanced QMail MTA headers. So we get spam notice after >spam notice, both directly and to our upstream, that isn't our spam. > >Today, though, finding out that I've pissed the owner of the ISP off to no >ends is the last straw. > >I'm no longer reporting spam to SpamCop. > >What about SpamCop reports I received as an abuse administrator? I'll >deal with the situations as they crop up. Just as I would with any other >source of reports. Of the last fifteen SpamCop reports, ALL of them were >incorrect. > >100 percent false positive. Not good, SpamCop. > >This time, you hurt me personally. > >Not so respectfully, >Stephen Satchell >System Administrator So, if I understand correctly you sent reports without checking them, and are unhappy because it resulted in reporting yourself to your ISP? (of course the 'from' address is a spamtrap -- isn't all of Hotmail? ) If you really need to email, try the same user at spamcop.net From Kilgallen at SpamCop.net Thu Apr 1 09:53:06 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 10:55:05 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: In article , "elind" writes: < 105 lines of quoted material snipped > > Thanks for proving my point Mr. Whatever!! Not worth talking to am I? Please learn to trim material to which you are responding and properly intersperse responses to individual items rather than "bottom posting" (which runs a close second in ill manners to "top posting". > I'm here because it was the only help source I could find. It seems to me > that it would be trivially simple for spamcop management to have a good > primer as well as a "news" item updating the status of the spam wars. I > don't want to live on this board nor be an internet routing protocols > expert. This is not a "board", but a lot of experience reading this newsgroup would show you that it would not be "trivially simple". I am not saying that you should devote that time -- just take our word for it that everybody has a different problem and different background. Folks have tried to write non-interactive explanations, even posting them on other web sites (obviating a need for blessing by SpamCop), but not have succeeded. For those who do not want to become a protocol expert (and I do not), the simple approach is to carefully review the report recipients that SpamCop proposes and decline to send reports to any who are your own vendors. From Kilgallen at SpamCop.net Thu Apr 1 09:56:18 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 11:00:03 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: In article , "adfdsa" writes: > Again, even if none of you work for SC, 'help and information' rather than > sarcasm is what anyone should expect. Whereas what some of us expect is that people avoid top-posting, even when others do so. You may be assured that modern computer technology ensures that those who behave so rudely in the newsgroup can be fully ignored in the future. From tmcgraw at spamcop.net Thu Apr 1 08:09:45 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 11:10:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: <406C3EC9.2010907@spamcop.net> elind wrote: > > Thanks for proving my point Mr. Whatever!! Not worth talking to am I? WazoO responded, which would indicate the contrary. > I'm here because it was the only help source I could find. And, you got an answer. Good. The system is working, yes? > It seems to me that it would be trivially simple for spamcop > management to have a good primer This has been suggested many times. > as well as a "news" item updating the status of the spam wars. Whoa there nellie, that's way, way, way beyond the scope and mission of spamcop. There's some purty graphs about spam reporting levels, though. > I don't want to live on this board nor be an internet routing protocols > expert. Neither is required to use sc effectively. > > > nor do I really know who spamcop is anymore It seems we've drifted apart, so let's not play this charade. It only hurts the children... From dannyg at dannyg.com Thu Apr 1 08:24:37 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Thu Apr 1 11:24:45 2004 Subject: [SpamCop-List] Re:Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" In-Reply-To: <200404011420.i31EKHkt011132@dannyg.com> Message-ID: on 4/1/04 6:20 AM, spamcop-list-request@news.spamcop.net wrote: > cerytifiable That pretty much says it all. Danny http://www.dannyg.com From anjeana at hotmail.com Thu Apr 1 10:21:53 2004 From: anjeana at hotmail.com (adfdsa) Date: Thu Apr 1 11:25:04 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: "Larry Kilgallen" wrote in message news:XR3eHnm82G$8@eisner.encompasserve.org... > In article , "adfdsa" writes: > > Again, even if none of you work for SC, 'help and information' rather than > > sarcasm is what anyone should expect. > > Whereas what some of us expect is that people avoid top-posting, > even when others do so. > > You may be assured that modern computer technology ensures that > those who behave so rudely in the newsgroup can be fully ignored > in the future. Apologies, I am new to this newsgroup. Some prefer top-posting ;) So ignored. From MikeE at ster.invalid Thu Apr 1 08:30:21 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 11:35:03 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: adfdsa wrote: > If you take the time to fully read the post that I responded to, the > sarcasm is a fact not accusational. You're talking about my post. It's just plain ol' vanilla blunt, non-apologetic me. That's the way I talk. No sugar-coating. Sarcasm is "mocking: characterized by words that mean the opposite of what they seem to say and make fun of something or somebody or express irritation" whereas blunt is "frank or honest without sensitivity: very frank or straightforward and showing no delicacy or consideration" Blunt would be me. I don't see any sarcasm whatsoever in that post you cited. -- Mike Easter From bomarc_com at spam.hotmail.nospam.com.use.spamcop.net Thu Apr 1 08:28:46 2004 From: bomarc_com at spam.hotmail.nospam.com.use.spamcop.net (Dan French) Date: Thu Apr 1 11:35:06 2004 Subject: [SpamCop-List] Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} Message-ID: A link in the spam: Tracking link: http://biz.yahoo.com/bw/040325/255269_1.html ISP does not wish to receive report regarding biz.yahoo.com Resolves to 216.109.124.144 Routing details for 216.109.124.144 Report routing for 216.109.124.144: yahoo@admin.spamcop.net ISP does not wish to receive reports regarding http://biz.yahoo.com/bw/040325/255269_1.html - no date available http://biz.yahoo.com/bw/040325/255269_1.html has been appealed previously #1: How can they appeal (previously) #2: If yahoo doesn't accept Spamcop reports, is Yahoo still black listed (presuming other criteria met, others report it?) #3: If Yahoo doesn't accept Spamcop reports, does Yahoo listen to anyone? Dan French From rmu93awSPAMB02 at sneakemail.com Thu Apr 1 10:42:18 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 1 11:45:04 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" In-Reply-To: References: Message-ID: Stephen Satchell wrote: > OK. I do a rake of all my address space on an occasional basis, and found > this entry today when my scan completed. (The full run took three days > because I try not to bog down the DNS servers being run by the various > dnsbls.) > > This entry appeared in my logs: > > 65.219.62.22 bl.spamcop.net 127.1.0.17 I can't explain how you got the 127.1.0.17 since TTBOMK SC only gives two responses to a query - 127.0.0.2 (if listed) and a failure to resolve (if not listed). My own query of 22.62.219.65.bl.spamcop.net resulted in a failure to resolve meaning the IP is not listed. > [snip] -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From gospamming at yourdomain.invalid Thu Apr 1 16:45:45 2004 From: gospamming at yourdomain.invalid (D.Diaz) Date: Thu Apr 1 11:50:03 2004 Subject: [SpamCop-List] Re: Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} References: Message-ID: "Dan French" wrote in news:c4hg3n$6vv$1@news.spamcop.net: > ISP does not wish to receive reports regarding > http://biz.yahoo.com/bw/040325/255269_1.html - no date available > http://biz.yahoo.com/bw/040325/255269_1.html has been appealed > previously > > #1: How can they appeal (previously) > #2: If yahoo doesn't accept Spamcop reports, is Yahoo still black > listed (presuming other criteria met, others report it?) > #3: If Yahoo doesn't accept Spamcop reports, does Yahoo listen to > anyone? > > Dan French > That link goes to a press release from Yahoo Financial News. The spammer used it in the spam, but Yahoo Financial News has no relationship with the spammer, and does not benefit from any kind of publicity from the spam run. It is an "Innocent Bystander", and so has been marked in the SpamCop database, I'm pretty sure. Yahoo *does* accept SpamCop reports about spam originating from his network, but does not accept reports about that precise link, because it has nothing to do with the real spammer. HTH -- Daniel Diaz My Personal email: ddiazxn @ telefonica . net From rmu93awSPAMB02 at sneakemail.com Thu Apr 1 10:49:11 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 1 11:50:08 2004 Subject: [SpamCop-List] Re: Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} In-Reply-To: References: Message-ID: Dan French wrote: > A link in the spam: > Tracking link: http://biz.yahoo.com/bw/040325/255269_1.html > ISP does not wish to receive report regarding biz.yahoo.com > Resolves to 216.109.124.144 > Routing details for 216.109.124.144 > Report routing for 216.109.124.144: yahoo@admin.spamcop.net > ISP does not wish to receive reports regarding > http://biz.yahoo.com/bw/040325/255269_1.html - no date available > http://biz.yahoo.com/bw/040325/255269_1.html has been appealed previously > > #1: How can they appeal (previously) This means that a paying user of SpamCop has appealled the decision. Only one appeal is necessary so once a user has appealled other users get the "appealed previously" response. > #2: If yahoo doesn't accept Spamcop reports, is Yahoo still black listed > (presuming other criteria met, others report it?) Failure to accept SC reports does not affect the SCBL listings. If there are a sufficient number of reports to cause a listing the listing will occur whether or not the responsible abuse department accepts spam reports from SpamCop. > #3: If Yahoo doesn't accept Spamcop reports, does Yahoo listen to anyone? Yahoo listens to the "greedy" voice in their head, no one else. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From spamcop001 at bellsouth.net Thu Apr 1 10:59:44 2004 From: spamcop001 at bellsouth.net (Bo Briggs) Date: Thu Apr 1 12:00:02 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" In-Reply-To: References: Message-ID: Stephen Satchell wrote: > OK. I do a rake of all my address space on an occasional basis, and found > this entry today when my scan completed. (The full run took three days > because I try not to bog down the DNS servers being run by the various > dnsbls.) > > This entry appeared in my logs: > > 65.219.62.22 bl.spamcop.net 127.1.0.17 > You don't happen to use block.blars.org by any chance? Because that's the return value for 22.62.219.65.block.blars.org Lookup here: http://moensted.dk/spam/?addr=65.219.62.22&Submit=Submit Explanation of the bits here: http://www.blars.org/errors/block.html It would be very rare for much of anything to resolve to 127.1.0.17 - that's the only blocklist or dnsbl lookup of any kind that will return something in the second octet. (127.1) [snip] -- Bo Briggs From nobody at spamcop.nwt Thu Apr 1 12:02:39 2004 From: nobody at spamcop.nwt (Spam Pop) Date: Thu Apr 1 12:05:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: Message-ID: Hey, he says in his sig, it's for entertainment value only: So, uhh, what would you expect? Pop ;-) "Satch" wrote in message news:pan.2004.04.01.02.25.13.510238@satchell.net... > I almost got thrown off my ISP today. I did lose all the good-will I've > built up over more than five years with these people. Thank you, SpamCop. > > What was my sin? I reported spam to SpamCop. Unfortunately, SpamCop > doesn't understand best network practices, including using non-routable > addresses on internal networks, so not only did my reports misfire LART > the wrong IP address, but apparently I was placed against my will into > "mole" mode so the first my ISP learns about the problem is when customers > are being blocked by SpamCop. > > Not that I'm any stranger to SpamCop's little problems in figuring out the > injection point of spam. I have a Web server that is on-again, off-again > in the SpamCop blocking list because the service doesn't know how to > traverse Plesk-enhanced QMail MTA headers. So we get spam notice after > spam notice, both directly and to our upstream, that isn't our spam. > > Today, though, finding out that I've pissed the owner of the ISP off to no > ends is the last straw. > > I'm no longer reporting spam to SpamCop. > > What about SpamCop reports I received as an abuse administrator? I'll > deal with the situations as they crop up. Just as I would with any other > source of reports. Of the last fifteen SpamCop reports, ALL of them were > incorrect. > > 100 percent false positive. Not good, SpamCop. > > This time, you hurt me personally. > > Not so respectfully, > Stephen Satchell > System Administrator > > -- > Opinions in this posting not necessarily opinion of employer. Are > personal notes, posted using my computer, my account. Not legal opinion > or advice. Void where prohibited. For entertainment only. Your mileage > may vary. Not appropriate for children. > From MikeE at ster.invalid Thu Apr 1 09:04:50 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 12:05:09 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" References: Message-ID: Stephen Satchell wrote: > This entry appeared in my logs: > > 65.219.62.22 bl.spamcop.net 127.1.0.17 127.1.0.17 is the way 65.219.62.22 is listed at blars. Here's a description of blars 127.1. coding http://www.blars.org/errors/block.html The reason for adding to BlarsBL is encoded in the two least significant bytes of the returned address: (Listed least significant bit first.) .1 Spam sending domain .2 Multi-hop relay .4 Dialups not in MAPS DUL .8 Wants spam compainers to jump through hoops .16 No working abuse address .32 Hosts spamers web sites .64 Hosts spammers email dropboxes .128 breakin attempts 1. sued or prosecuted DNSBL lister 2. DOS attack 4. supplier of spamware 8. knowingly supports spammers 16. Legal threats 32. attempted mail relay exploits 64. attempted formmail exploits http://openrbl.org/zones/BLARS?65.219.62.22 Short Description private block list, WARNING: Lists /16 and /24 netblocks instead of single IP addresses Additions, Nomination Lists IP addresses based on various reasons, including relaying, dial-up, missing abuse addresses, DoS attackers, formmail robots Removal or Retest none, dont bother -- Mike Easter From MikeE at ster.invalid Thu Apr 1 09:06:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 12:10:02 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" References: Message-ID: Bo Briggs wrote: > You don't happen to use block.blars.org by any chance? Because that's > the return value for 22.62.219.65.block.blars.org Your post beat mine ;-) -- Mike Easter From nobody at spamcop.nwt Thu Apr 1 12:08:09 2004 From: nobody at spamcop.nwt (Spam Pop) Date: Thu Apr 1 12:10:06 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: ... > I also have never seen a commonsense explanation of what good this reporting > actually does, or how the blacklist really work, or why so many well known > ISPs (per comments seen here) supposedly ignore the reports in spite of laws > against spamming (but, for example, why have the latest prosecutions not > been against the biggest fish often mentioned here? Too smart for everyone, > including our geek audience?). No doubt I can spend a lot of time educating > myself but why should I? > ... I pretty much agree with you. I wouldn't have before IronPort, at least not on all points, but ... since the IP jointing, it seems things have come to a screeching halt and there's no consideration for anyone in any way. IMO, we'll both be gone soon - the free reporting will go away or be crippled to the point of useless, and full functionality will go for a premium price. For business men, of course. It's a big disappointment, at least to me. I don't speak for others but when I want to be sure something is properly larted these days, I use SC because it's still there, and free, but it's far from my only tool. Regards, Pop From spam at mrwright.com Thu Apr 1 10:10:16 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 12:15:03 2004 Subject: [SpamCop-List] E-mail Validation in the E-mail...Big Problem! Message-ID: Just received an e-mail that looked like any other until I read the "fine print". It appears the spammers now have a way to validate e-mail addresses. The insert the following line: So as soon as the machine attempts a load the facke graphic, they validate. Not Nice! Has anyone else ever seen this? It's new to me. Mr. Wright From dave at stevens.com Thu Apr 1 11:10:46 2004 From: dave at stevens.com (J.D. Stevens) Date: Thu Apr 1 12:15:10 2004 Subject: [SpamCop-List] Re: mailhosts problem identified and fixed In-Reply-To: References: Message-ID: Ellen wrote: > "J. D. Stevens" wrote in message > news:c4fmll$5eo$1@news.spamcop.net... > >>The only mailhost that shows up is the list for spamcop. I deleted that >>and started over. The results were the same. The spamcop host list >>showed up fine. I added another mailhost. I received the confirmation >>email. I forwarded it as an attachment to the appropriate address. From >>there, nothing more happens. >> >> Dave >> > > > Dave -- and Travis -- and anyone else -- please send a brief description of > the problem and your registered SpamCop email address to > deputies@admin.spamcop.net and I will look at your accounts and get the > problems sent to Julian. > > Ellen > > SUCCESS!! The new mailhost has been added. The winning combination using the Netscape email client appeared to be to include the confirmation email inline, and WITHOUT quotation designators. Dave From nobody at spamcop.nwt Thu Apr 1 12:15:18 2004 From: nobody at spamcop.nwt (Spam Pop) Date: Thu Apr 1 12:20:15 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: WazoO, you said it perfectly! I'm disappointed in SC myself in some ways, but ... I don't shoot myself in the feet to spite my own shortcomings if I can possibly find a way around it ;-] , and my respect still stands even if my loyalty wavers at times. That said however, non-thinkers like the originator need to be pointed out just as you did for the benefit of the newbies and those trying to learn the real processes. \ Thanks WazoO, \ Pop "WazoO" wrote in message news:c4gh1h$thr$1@news.spamcop.net... > "elind" wrote in message > news:c4g8e4$nit$1@news.spamcop.net... > > I'm a simple user and appreciate the filtering, and get some satisfaction > in > > the the reporting on the faith that it's done by people who who know how > all > > this works, which I admit I don't when it get down and dirty. > > So does this mean that you report spam or not? And if you do, do you > follow the agreement you made when you signed up fo an account and > report responsibly? > > > However, either this guy (original poster) is a troll, or a spammer plant, > > or he has a point. Either way I would like to know. > > Pretty close to troll level, in my opinion. for instance; > > > > > What was my sin? I reported spam to SpamCop. Unfortunately, > > > > SpamCop doesn't understand best network practices, including > > > > using non-routable addresses on internal networks, > > SpamCop would not generate a report for non-routable internal > network IPs. And, even if the IPs were "routable numbers" .. they > would only be a possible reporting issue due to either being a spam > source, open proxy, open relay, or mis-configured enough to break > the chain test of the parsing tool. > > > > > so not only did my reports misfire LART the wrong IP address, > > This goes to the "responsibility" question I asked earlier. No report > gets sent unless "you, the reporter" ensures that the target address is > checked off and the "Send" button clicked. This "second check" that > so many people ask about deleting is that last chance to ensure that > one does not report themselves, their own ISP, etc. > > > > > but apparently I was placed against my will into "mole" mode > > "Against my will" is a pretty silly way to admit that he/she didn't read > the screens of data while signing up for an account, as the "mole status" > is a check-box item that could have been cleared before moving on > to the next screen in the process. And even if he/she figured out later > on that "mole status" isn't what was wanted, the account could have > been changed. > > > > > so the first my ISP learns about the problem is when customers > > > > are being blocked by SpamCop. > > As there isn't an accounting of just how many spam reports were > generated by this user, we can run with the thought that this user had > hundreds of potential occasions to notice that the complaint targets > in each of those "reports" was his/her own network connection, but > not once did this user take that moment of focus to pay any attention. > And of course, this is ignoring the starting comments, in that there > would be no "internal non-routable addresses" used to target the > complaints, so that it seems like it would have been an easier to > see item that he/she was reporting his/her own hosting ISP. > To take a step further, you'll note that there is no supporting > evidence provided so that anyone here could do a look-up > on anything offered in the rant. > > > > > I have a Web server that is on-again, off-again in the > > > > SpamCop blocking list > > The SpamCop BL doesn't concern itself with web-sites, > only e-mail sources. > > > > > So we get spam notice after spam notice, both directly > > > > and to our upstream, that isn't our spam. > > I'm missing the remarks about what was done to correct the > "isn't our spam" situation. > > > > > Of the last fifteen SpamCop reports, ALL of them were > > > > incorrect. 100 percent false positive. Not good, SpamCop. > > Stuff happens, but some evidence and data would sure be nice > to see what the issues really are/were. Tim McGraw has already > pointed out some inconsistencies in various postings by the > apparently same individual. > > > The one problem I have with spamcop is that, from my perspective, > > it's a bunch of geeks who think that mortal users are not worth talking > to. > > Whatever. > > > So, to whoever it is that runs spamcop, if you read this stuff, since I > > can't find any other way to ask you, tell me why I should continue to > > subscribe? > > Personal decision time, I'd say. You start out by saying you appreciate > the filtering and get some satisfaction .. but then turn and talk about how > ticked off you are. If you don't want to educate yourself (which from your > write-up wouldn't take much more than simply lurking in these news- > groups for a few days and reading 'all' posts) .. then there doesn't > seem to be much point in going into detail here at all. Make your own > decision. > > From nobody at spamcop.nwt Thu Apr 1 12:18:43 2004 From: nobody at spamcop.nwt (Spam Pop) Date: Thu Apr 1 12:20:28 2004 Subject: [SpamCop-List] Re: Is anyone this dumb? References: Message-ID: "Merlyn" wrote in message news:c4fgps$utd$1@news.spamcop.net... > "Spam Pop" wrote in message > news:c4fg76$u9n$1@news.spamcop.net... > > It got your attention - and you likely remember what they wanted you to > > remember. > > > > > > > Please do not top post. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided > > Oops: Sorry. Forgot. From dkona7b02 at sneakemail.com Thu Apr 1 12:20:31 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Apr 1 12:20:36 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! In-Reply-To: Message-ID: <3.0.5.32.20040401122031.014154d8@loki.fstrf.org> That is referred to as a web bug and they have been around for quite a while now. They are one of the reasons that you should not be reading your email in the preview pane. If you have your mailer set to show you pictures and download web content, you not only leave yourself open to this sort of web bug, but also virus infection via other vulnerabilities! At 10:10 AM 4/1/2004 -0700, Mr. Wright typed: >Just received an e-mail that looked like any other until I read the "fine >print". It appears the spammers now have a way to validate e-mail >addresses. The insert the following line: > >height="0"> > >So as soon as the machine attempts a load the facke graphic, they validate. >Not Nice! > >Has anyone else ever seen this? It's new to me. > >Mr. Wright From jseymour at spamcop.net Thu Apr 1 09:25:13 2004 From: jseymour at spamcop.net (Jim Seymour) Date: Thu Apr 1 12:25:06 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! In-Reply-To: References: Message-ID: Mr. Wright wrote: > [...] > height="0"> > [...] > Has anyone else ever seen this? It's new to me. Wow! How long you been under that rock? :-) Web bugs have been around for years. I see from your headers that you're using Outlook Express version 6. If you don't mind losing some functionality, go to Tools\Options\Read and check the box labeled "Read all messages in plain text". This will neuter the web bugs. A much better solution, though, would be to switch to a mail client that allows you more control over those kind of security features. I use Mozilla and it allows me to preview messages in HTML, but not load remote data. This way, I see the proper color and font formatting when my computer-novice relatives sends me their email, but I'm not at risk from Joe spammer's web bugs. -- Jim Seymour. I do not work for Spamcop, I did not write pflogsumm, and I never wrote for PC Magazine. From MikeE at ster.invalid Thu Apr 1 09:37:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 12:40:04 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Mr. Wright wrote: Newsgroups: spamcop.mail, spamcop, spamcop.geeks Newsgroups: spamcop.spam What's with this crossposting and multiposting? If it's the famous "I didn't know where to put it, so I put it everywhere." that's a dumb answer. If you don't know where to put something, put it one place and if it's the 'wrong' place, someone will help you get it moved. If it's the famous "I felt this was so important, I wanted everyone in every ng to read it immediately." - you were wrong. Under the *rare* circumstance that someone needs to crosspost to more than one ng, it should always have followups to a single ng. I'm surprised at how many people are 'capable' of crossposting and incapable of setting followups. Crossposting requires that you go to extra trouble just to do that. Amazing. And, in this case, also multiposting. Amazing squared. -- Mike Easter kibitzer, not SC admin From addy_only_to_report_spm_no_message_sent_to_it_will_be_seen at hotmail.com Thu Apr 1 10:39:15 2004 From: addy_only_to_report_spm_no_message_sent_to_it_will_be_seen at hotmail.com (David W) Date: Thu Apr 1 12:40:12 2004 Subject: [SpamCop-List] Re: Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" References: Message-ID: WHEREFORE spammers are idiots and criminals, THEREFORE they deserve whatever abuse they got! 8>/ David W From ANZAVIC at webtv.net Thu Apr 1 09:43:01 2004 From: ANZAVIC at webtv.net (Vicki) Date: Thu Apr 1 13:00:07 2004 Subject: [SpamCop-List] Not receiving any emails back from SpamCop Message-ID: <16257-406C54A5-57@storefull-3177.bay.webtv.net> For the last two weeks I've able to send my spam to SpamCop but I do not receive anything back from them. I've used SpamCop for a few years now and this is the first time it's happened to me. Can anyone tell me what to do or where to look to find out why this is happening to me? Thank you, Vic From spam at mrwright.com Thu Apr 1 11:00:40 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 13:05:03 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: I see the NGP are out in force today! > What's with this crossposting and multiposting? If it's the famous "I > didn't know where to put it, so I put it everywhere." that's a dumb > answer. If you don't know where to put something, put it one place and > if it's the 'wrong' place, someone will help you get it moved. Attack! Burn the book because it's in several libraries and not just THE ONE! > If it's the famous "I felt this was so important, I wanted everyone in > every ng to read it immediately." - you were wrong. Oh no, "I'm wrong." Oh, and I thought I was sharing vital information (that is the ng way). Oh well, to err is human, to forgive obvisouly belongs to someone else. > Under the *rare* circumstance that someone needs to crosspost to more > than one ng, it should always have followups to a single ng. I'm > surprised at how many people are 'capable' of crossposting and incapable > of setting followups. Redundant! Apparently people need to repeat themselves (is that posting multiple times in a reply?) > Crossposting requires that you go to extra trouble just to do that. > Amazing. And, in this case, also multiposting. Amazing squared. And there it is...I went to extra effort to possibly help and inform. Maybe I have it wrong, I'm NOT supposed to share information. Isn't it interesting, postings just fall off the disk later in life, just like bad advise. Here's to waiting for the NGP (News Group Police) to fall off the disk. From MikeE at ster.invalid Thu Apr 1 10:04:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 13:05:07 2004 Subject: [SpamCop-List] Re: Is anyone this dumb? References: Message-ID: Spam Pop wrote: > "Merlyn" >> "Spam Pop" >>> It got your attention - and you likely remember what they wanted >>> you to remember. >> Please do not top post. > Oops: Sorry. Forgot. I'm not sure if that is 'cooperation' or 'silent sarcasm' - but the 'opposite' or remedy of top posting isn't 'bottom posting' - it is inline contextualized and *trimmed*. That item needed a lot of trimming, like sigs and such. But, it's a start, so thanks. -- Mike Easter kibitzer, not SC admin From rmu93awSPAMB02 at sneakemail.com Thu Apr 1 12:10:17 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 1 13:15:05 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! In-Reply-To: References: Message-ID: Mr. Wright wrote: > [snip] > > Isn't it interesting, postings just fall off the disk later in life, just > like bad advise. Here's to waiting for the NGP (News Group Police) to fall > off the disk. You're new to newsgroups/Usenet, aren't you? -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From spam at mrwright.com Thu Apr 1 11:11:40 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 13:15:08 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Thanks folks for the heads-up about the web bug. In all my years, I have never seen such a thing. I will immediately inform my clients of this practice and make changes myself. I guess I'm a little naive when it comes to this kind of deceitful practice. Thanks again. From nobody at devnull.spamcop.net Thu Apr 1 13:12:17 2004 From: nobody at devnull.spamcop.net (atf) Date: Thu Apr 1 13:15:11 2004 Subject: [SpamCop-List] E-mail address change Message-ID: Is there a way to change my address with Spamcop, or is it easier to simply re-register? Thanks ATF From nobody at spamcop.net Thu Apr 1 18:13:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 1 13:15:14 2004 Subject: [SpamCop-List] [media] Google your email - without spam Message-ID: Google is planning a free email service - with gobs of storage for each and the facility to search your mail to find back what you remember. Paid for with Google text ads (targeted to the user) there will likely also be an anti-spam feature by letting people report back what is spam. http://www.newscientist.com/news/news.jsp?id=ns99994842 http://www.gmail.com/ -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Thu Apr 1 10:19:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 13:20:03 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Mr. Wright wrote: >> And, in this case, also multiposting. Amazing squared. I retract my criticism of the post in .spam, that was appropriate and different and the right place to put the item, since it contained the spam item in question. I stand by my original crosspost criticism in this thread. My gripe isn't that you didn't know about webbugs, and so you felt that it was important to tell us, just that crossposting 'is a mess'. Most of the time people don't 'notice' that an item is crossposted. When they respond to it, their response is crossposted. Then next, all kinds of offtopic and subthread issues develop; and they are *all* crossposted to all of the groups. The whole thing gets completely outawhack. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Thu Apr 1 12:26:05 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 13:30:04 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Newsgroups: spamcop.mail,spamcop,spamcop.geeks Please do not cross-post between spamcop newsgroups. The topic has nothing to do with the SpamCop Filtering Service. The topic has to do with spam, so is properly in SpamCop rather than spamcop.geeks. Setting followups to spamcop. In article , "Mr. Wright" writes: > Just received an e-mail that looked like any other until I read the "fine > print". It appears the spammers now have a way to validate e-mail > addresses. The insert the following line: > > height="0"> > > So as soon as the machine attempts a load the facke graphic, they validate. > Not Nice! > > Has anyone else ever seen this? It's new to me. It is quite common. If you have an HTML-capable email agent, make sure you don't actually open spam for HTML rendering while connected to the Internet. Spammers can use constructs within the HTML to send themselves word that you are opening the email. At that point they would logically target you for more spam. Even if the constructs in the HTML do not identify your e-mail address, they let the spammer know that your network is allowing spam through to all it's users and therefore they can target more spam through. Also some e-mail clients will automatically send receipts when you look at an e-mail if the sender requests it, and several spammers are using this method for verifying. Most e-mail programs with this capability can be set to request your permission first before sending the verifications. From sean at tcob1.net Thu Apr 1 19:00:09 2004 From: sean at tcob1.net (Sean Rima) Date: Thu Apr 1 13:30:07 2004 Subject: [SpamCop-List] Re: ntlworld.com In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Gray wrote: |>I have a feeling that you are right as I have failed to get any response |>from the web server to say that I posted a report | | | I did. It took about a week. | Jezz, I am amazed that they do this. Sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This key has an expiry date iD8DBQFAbFipXjH8pRIKAvsRAlPGAJ9+4i2gq8FUexXdt8wvbrpEvaLB7gCghL52 HCczPko2qojHZS9CybNZksI= =LySD -----END PGP SIGNATURE----- From Kilgallen at SpamCop.net Thu Apr 1 12:34:07 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 13:35:06 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: In article , "Mr. Wright" writes: > I see the NGP are out in force today! > >> What's with this crossposting and multiposting? If it's the famous "I >> didn't know where to put it, so I put it everywhere." that's a dumb >> answer. If you don't know where to put something, put it one place and >> if it's the 'wrong' place, someone will help you get it moved. > > Attack! Burn the book because it's in several libraries and not just THE > ONE! No, it is in the WRONG library. > And there it is...I went to extra effort to possibly help and inform. Posting in the spamcop.mail group regarding something that is not related to the SpamCop Filtering Service is not a service. From Kilgallen at SpamCop.net Thu Apr 1 12:35:28 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 13:40:03 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: In article , Marjolein Katsma writes: > Google is planning a free email service - with gobs of storage for each > and the facility to search your mail to find back what you remember. It requires one enable both cookies and Javascript. From rmu93awSPAMB02 at sneakemail.com Thu Apr 1 12:37:16 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 1 13:40:05 2004 Subject: [SpamCop-List] Re: E-mail address change In-Reply-To: References: Message-ID: atf wrote: > Is there a way to change my address with Spamcop, or is it easier to simply > re-register? > > Thanks > ATF Assuming you're a free user, you just need to re-register with your new address. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From dkona7b02 at sneakemail.com Thu Apr 1 13:49:16 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Apr 1 13:49:21 2004 Subject: [SpamCop-List] Re: Not receiving any emails back from SpamCop In-Reply-To: <16257-406C54A5-57@storefull-3177.bay.webtv.net> Message-ID: <3.0.5.32.20040401134916.01412600@loki.fstrf.org> I don't know if it is currently the case, but WebTV has been blocking all mail from SpamCop on and off for months now. This means SpamCop is receiving your reports but can't get any replies back to you. :( You should complain to WebTV about that! Now, as a work around, you can always access your Unreported SPAM by going to http://spamcop.net/?code=supersecretcode where supersecretcode is the wacky mix of letters and numbers that you also use when you email your SPAM to SpamCop. Once on that page, click on the Unreported SPAM button and any reports from you that have been processed should show up. Hope this helps, have a nice day At 09:43 AM 4/1/2004 -0800, Vicki typed: >For the last two weeks I've able to send my spam to SpamCop but I do not >receive anything back from them. I've used SpamCop for a few years now >and this is the first time it's happened to me. Can anyone tell me what >to do or where to look to find out why this is happening to me? From gregma at spamhole.com Thu Apr 1 10:51:54 2004 From: gregma at spamhole.com (news.spamcop.net) Date: Thu Apr 1 13:55:05 2004 Subject: [SpamCop-List] Question on a Spam Report Message-ID: Sometimes, when I report Spam, the results come back saying: "ISP has indicated spam will cease; ISP resolved this issue sometime after Thursday, April 01, 2004 6:05:44 AM -0800" What should I do at this point? Still Send the Report? Or just ignore it? My tendancy is to just ignore it and move on to the next Spam. Thanks! Greg From nobody at spamcop.net Thu Apr 1 19:04:10 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 1 14:05:05 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: Larry Kilgallen (Kilgallen@SpamCop.net) wrote in news:b $tuGxyvrEuZ@eisner.encompasserve.org: >> Google is planning a free email service - with gobs of storage for each >> and the facility to search your mail to find back what you remember. > > It requires one enable both cookies and Javascript. Cookies wouldn't worry me - I would imagine they'd serve to store your settings or a session id. What's the JavaScript for? Potentially that could make the service inaccessible; if so, they should be made aware of that. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Thu Apr 1 19:06:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 1 14:10:02 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: news.spamcop.net (gregma@spamhole.com) wrote in news:MPG.1ad604a9d87d4849989682@news.spamcop.net: > "ISP has indicated spam will cease; ISP resolved this issue sometime > after Thursday, April 01, 2004 6:05:44 AM -0800" > > What should I do at this point? Still Send the Report? Or just > ignore it? My tendancy is to just ignore it and move on to the next > Spam. Usually I send the report anyway. Especially if there are multiple reporting addresses; I might uncheck that one reportee but still send it along for all the others. Besides - if "spam will cease" that doesn't mean it already has - a report would keep it in the blocklist as long as it hasn't. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Thu Apr 1 20:30:11 2004 From: nobody at spamcop.net (John McLusky) Date: Thu Apr 1 14:35:03 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: Marjolein Katsma wrote: > news.spamcop.net (gregma@spamhole.com) wrote in > news:MPG.1ad604a9d87d4849989682@news.spamcop.net: > >> "ISP has indicated spam will cease; ISP resolved this issue sometime >> after Thursday, April 01, 2004 6:05:44 AM -0800" >> >> What should I do at this point? Still Send the Report? Or just >> ignore it? My tendancy is to just ignore it and move on to the next >> Spam. > > Usually I send the report anyway. Especially if there are multiple > reporting addresses; I might uncheck that one reportee but still send > it along for all the others. > > Besides - if "spam will cease" that doesn't mean it already has - a > report would keep it in the blocklist as long as it hasn't. I thought that it wasn't possible to send a report in these cases (or at least to the organisation that indicated that 'spam will cease') Perhaps it's just a limitation for freeloaders like me ;-) John. From MikeE at ster.invalid Thu Apr 1 11:42:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 14:45:02 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: Marjolein Katsma wrote: > Cookies wouldn't worry me - I would imagine they'd serve to store your > settings or a session id. > > What's the JavaScript for? Potentially that could make the service > inaccessible; if so, they should be made aware of that. snippages Regardless of the browser used, you must have JavaScript and cookies enabled. Does Gmail support automatic forwarding and POP3 access? -- Not at the moment, but Google believes in helping people access information whenever and however they want to do so. Your email should never be held hostage by a service provider. In the future you will be able to access Gmail messages from non-Gmail accounts for free or at a nominal fee. Are there ads in Gmail? -- There are no pop-ups or banner ads in Gmail. Gmail does include relevant text ads that are similar to the ads appearing on the right side of Google search results pages. The matching of ads to content is a completely automated process performed by computers using the same technology that powers the Google AdSense program. This technology already places targeted ads on thousands of sites across the web by quickly analyzing the content of pages and determining which ads are most relevant to them. No humans read your email to target the ads, and no email content or other personally identifiable information is ever provided to advertisers. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 1 11:46:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 14:50:03 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: John McLusky wrote: > I thought that it wasn't possible to send a report in these cases (or > at least to the organisation that indicated that 'spam will cease') > > Perhaps it's just a limitation for freeloaders like me ;-) It depends what you mean by a 'report'. A report is sent, as you sed, not to the 'offender' - but to the 'dinger' for the source, if that's what is at issue. That is, SC 'internalizes' such reports, and for the ones that 'matter', ie to the SCbl, the bell keeps dinging. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Apr 1 15:03:58 2004 From: nobody at spamcop.net (Firewoman) Date: Thu Apr 1 15:05:04 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: Taking today's date into account.... http://www.fool.com/News/mft/2004/mft04040110.htm From MikeE at ster.invalid Thu Apr 1 12:11:49 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 15:15:04 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: Firewoman wrote: > Taking today's date into account.... > http://www.fool.com/News/mft/2004/mft04040110.htm I read that Motley Fool article referring to the 'humorous' Google PR - which caused me to go read the PR, then read the links in the pr, and the links from there at google. I concluded that they aren't kidding about the big mailbox. They have a plan. The pr was 'cute' and 'joking' a little, but they aren't kidding about the plan. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Apr 1 15:21:08 2004 From: nobody at spamcop.net (Firewoman) Date: Thu Apr 1 15:25:08 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: "Mike Easter" wrote in message news:c4ht28$pt1$1@news.spamcop.net... > I read that Motley Fool article referring to the 'humorous' Google PR - > which caused me to go read the PR, then read the links in the pr, and > the links from there at google. I concluded that they aren't kidding > about the big mailbox. They have a plan. > > The pr was 'cute' and 'joking' a little, but they aren't kidding about > the plan. > > -- > Mike Easter > kibitzer, not SC admin That's my take too... after reading the massive amount of information they have available on it. It sounds almost too good to be true though, a gig of storage? However, they'll be researching whether spam really does go on forever at the "Googlunaplex", where I'll be turning in my resume soon! http://tinyurl.com/324ae From eddie at eddie.web Thu Apr 1 15:26:47 2004 From: eddie at eddie.web (eddie) Date: Thu Apr 1 15:30:03 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: On Thu, 01 Apr 2004 12:11:49 -0800, Mike Easter wrote: > Firewoman wrote: >> Taking today's date into account.... >> http://www.fool.com/News/mft/2004/mft04040110.htm > >snip > The pr was 'cute' and 'joking' a little, but they aren't kidding about the > plan. It confused Drudge, who first had a link to an article about it "straight," then later labeled it "April Fool" and later yet put it back as a "straight" link. I suspect the javascript will be for the ads, which are supposed to be "personally directed" but maybe not. From MikeE at ster.invalid Thu Apr 1 12:39:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 15:40:05 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: Firewoman wrote: > However, they'll be researching whether > spam really does go on forever at the "Googlunaplex", where I'll be > turning in my resume soon! http://tinyurl.com/324ae Ha! Happy AFD. -- Mike Easter kibitzer, not SC admin From baloo at ursine.ca Thu Apr 1 12:48:15 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:05:04 2004 Subject: [SpamCop-List] Re: Is anyone this dumb? References: Message-ID: <87smfnjugg.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Spam Pop" writes: > "Merlyn" wrote in message > news:c4fgps$utd$1@news.spamcop.net... >> >> Please do not top post. > > Oops: Sorry. Forgot. OK, now learn to quote. Hint: You don't need to quote signatures or parts you aren't responding to. http://learn.to/quote/ http://ursine.ca/jargon/html/email-style.html - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbIASUzgNqloQMwcRAofRAJ9oETeylE1Ya9OKqvLFUvAhnkqTGgCgrZ38 T6ARE9TLBmGMmAhl51ubvvc= =DheS -----END PGP SIGNATURE----- From baloo at ursine.ca Thu Apr 1 12:50:16 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:05:11 2004 Subject: [SpamCop-List] Re: E-mail address change References: Message-ID: <87oeqbjud3.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "atf" writes: > Is there a way to change my address with Spamcop, or is it easier to simply > re-register? http://www.spamcop.net/mcgi?action=prefmenu Big freaking link that says, "Change email address or name." Please ask a smarter question next time. http://www.catb.org/~esr/faqs/smart-questions.html - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbICIUzgNqloQMwcRAqM/AKCUyNT/qFFQkJDvDoOzcVRyda2BFACeJE7o JhStPulJ+c1UUe/QytXM2Zs= =3VVD -----END PGP SIGNATURE----- From baloo at ursine.ca Thu Apr 1 12:55:13 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:05:15 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: <87k70zju4u.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , Marjolein > Katsma writes: >> Google is planning a free email service - with gobs of storage for each >> and the facility to search your mail to find back what you remember. > > It requires one enable both cookies and Javascript. Not that Google is untrustworthy... - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbIGzUzgNqloQMwcRAiQWAJ9rQ9r2aFeEMUpqH0sv1oZJNPpzdQCfdYC5 BGAGk+3AfNIMY1YkiJYUDHA= =J39t -----END PGP SIGNATURE----- From baloo at ursine.ca Thu Apr 1 12:55:45 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:05:19 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: <87fzbnju3y.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marjolein Katsma writes: > Larry Kilgallen (Kilgallen@SpamCop.net) wrote in news:b > $tuGxyvrEuZ@eisner.encompasserve.org: > >>> Google is planning a free email service - with gobs of storage for each >>> and the facility to search your mail to find back what you remember. >> >> It requires one enable both cookies and Javascript. > > Cookies wouldn't worry me - I would imagine they'd serve to store your > settings or a session id. > > What's the JavaScript for? Potentially that could make the service > inaccessible; if so, they should be made aware of that. Google's search engine uses JavaScript to help set preferences... - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbIHTUzgNqloQMwcRAmFAAJ46rZMNCIOOb2JQtHVDvcixcbvIzwCfZ+Q9 pQsg+da47NPrefKIJ+nsIwQ= =pXTV -----END PGP SIGNATURE----- From baloo at ursine.ca Thu Apr 1 13:24:37 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:35:08 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: <878yhfjsru.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Firewoman" writes: > However, they'll be researching whether spam really does go on > forever at the "Googlunaplex", where I'll be turning in my resume soon! > http://tinyurl.com/324ae Heh, the moon has more vegitation, cleaner air and more people exhibiting actual human intelligence and basic driving ability than their current Californian surroundings. - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbIiXUzgNqloQMwcRAm2PAJ9rZ8qpXtaiF+KizUDWHaZRtjPK6ACeJ3Ig WpqZAl1tCFAHRmo5w8foUaw= =T8M/ -----END PGP SIGNATURE----- From spam at spammers.sux Thu Apr 1 22:39:23 2004 From: spam at spammers.sux (Frank Murphy) Date: Thu Apr 1 16:40:09 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: On Thu, 1 Apr 2004 18:13:53 +0000 (UTC), Marjolein Katsma wrote: >Google is planning a free email service - with gobs of storage for each >and the facility to search your mail to find back what you remember. Paid >for with Google text ads (targeted to the user) there will likely also be >an anti-spam feature by letting people report back what is spam. > >http://www.newscientist.com/news/news.jsp?id=ns99994842 >http://www.gmail.com/ April 1st anyone. Frank Domestic IT Controller (I turn on the PC) From baloo at ursine.ca Thu Apr 1 13:37:12 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 16:50:02 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: <87fzbnidmf.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 news.spamcop.net writes: > Sometimes, when I report Spam, the results come back saying: > > "ISP has indicated spam will cease; ISP resolved this issue sometime > after Thursday, April 01, 2004 6:05:44 AM -0800" > > What should I do at this point? Still Send the Report? Or just ignore > it? My tendancy is to just ignore it and move on to the next Spam. You got it right, unless the date on your spam is after that time. - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbIuIUzgNqloQMwcRAirwAJ4lZqP1Do14tfsyqI0d3itcw9vBvgCg3Uwc IOQUOhK/xUTQHmwphDEfS5g= =IC2j -----END PGP SIGNATURE----- From kenbrody at spamcop.net Thu Apr 1 17:32:16 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Apr 1 17:40:04 2004 Subject: [SpamCop-List] Re: "Held Mail" now blocks based on *any* header with a blocked IP#??? References: <406A0005.70406@spamcop.net> Message-ID: <406C9870.27ED4E0B@spamcop.net> Tim McGraw wrote: > > I just had two legit emails stuck in Held Mail because *one* server in > the *middle* of the chain had a number that (probably rightfully) is in > SORBS. [...] My understanding is that this has always been the case. Why do you think there is an "X-SpamCop-Checked" header, showing all of the IP addresses the message has gone through? In fact, in "legitimate" e-mail, the source IP address is going to be the typically-dynamic IP of the user's system, and the ISP's mail server is typically the next-to-last address. In my case, the ISP is the 3rd address. First is my system's local IP address. Next is my LAN's gateway. Then, my ISP's mail server. -- +---------+----------------------------------+-----------------------------+ | Kenneth | kenbrody at spamcop.net | "The opinions expressed | | J. | http://www.hvcomputer.com | herein are not necessarily | | Brody | http://www.fptech.com | those of fP Technologies." | +---------+----------------------------------+-----------------------------+ From kenbrody at spamcop.net Thu Apr 1 17:35:33 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Apr 1 17:40:12 2004 Subject: [SpamCop-List] Re: "Held Mail" now blocks based on *any* header with a blocked IP#??? References: <406A0005.70406@spamcop.net> <1kml60p07dt0835qtmdmguuhatobdtcgl8@4ax.com> <406AE9A7.1010803@spamcop.net> <406B1BC4.9000003@spamcop.net> Message-ID: <406C9935.D3756F5E@spamcop.net> Tim McGraw wrote: > > Larry Kilgallen wrote: > > In article <406AE9A7.1010803@spamcop.net>, Tim McGraw writes: > > > >>Karl Fasold wrote: > >> > >>>Uh, that's how it's always worked / is supposed to work. > >> > >>That's not been my experience over the five years I've used sc. > > > > It has been my experience over the years that I have used the > > SpamCop Filtering Service. > > Holding mail when the source is not on any blocklist? Really? Yes, if it passed through a spammy server along the way. (Otherwise, what would stop a spammy server from forging a header saying that they were not the origin?) -- +---------+----------------------------------+-----------------------------+ | Kenneth | kenbrody at spamcop.net | "The opinions expressed | | J. | http://www.hvcomputer.com | herein are not necessarily | | Brody | http://www.fptech.com | those of fP Technologies." | +---------+----------------------------------+-----------------------------+ From nospam-news at johannsen.us Thu Apr 1 15:05:18 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Thu Apr 1 18:10:06 2004 Subject: [SpamCop-List] Header that Spamcop can not parse Message-ID: Received the below email. I submitted via the web interface, and Spamcop is unable to parse the header. Have spammers found a way to write the header so that they are immune to Spamcom? The Spamcop output is SpamCop version 1.3.4 (c) SpamCop.net, Inc. 1998-2004 All Rights Reserved Spam Header This page may be saved for future reference: http://www.spamcop.net/sc?id=z384328429ze840d03831251e841fcacf1aad27ae0cz Skip to Reports Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 View entire message Parsing header: Header incomplete, aborting. No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. Eric Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 Received: (from www@localhost) by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr 2004 06:28:20 -0500 (EST) (envelope-from www) Message-ID: <394006088111.78JxO5iA1315k9@localhost> From: "Oscar Maxwell" To: info@johannsen.us Subject: Custom logos, business and corporate identities Date: Thu, 1 Apr 2004 06:28:20 -0500 (EST) MIME-Version: 1.0 Content-Type: text/html Do you feel that your business lacks personal image? Do your well-targeted offers seem to miss the point? Are you willing to make your business stand out from every other business? Come to Logozine - we will help you.

Logozine will provide your business with a unique and memorable visual image. Seen only once, your outstanding logo or corporate identity will win customer attention and recognition. You will never have to introduce yourself twice.

Logozine specializes in the creation of logos, business and corporate identities on individual request. We guarantee fast turn-around and 100% customer satisfaction. You will be able to choose from as many design ideas as you wish, pick as many colors as you like, request any changes you want, and get any formats you need. But don't expect extra fees or fantastic prices, our services are affordable even for individual businesses.

Visit our web site to see our portfolio and hot offers. Make your business recognizable in just a few days!

www.loqozine.com
Oscar Maxwell

______________________________________________________
Press here to remove your address from this list
______________________________________________________
From MikeE at ster.invalid Thu Apr 1 15:43:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 18:45:07 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Eric Johannsen wrote: > Received the below email. I submitted via the web interface, and > Spamcop is unable to parse the header. Here's a good way to show this: www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z If you click that tracker you will see the headers and the parse results. If you want to see the whole spam you click the link there that sez: View entire message When you are looking at that, you see something very different from what you posted here and what I see when I go to the tracker which you posted. As a result of the tracker above's parse, you see these results: Report Spam to: Re: 201.1.80.68 (Administrator of network where email originates) To: Internal spamcop handling: (spambr) (Notes) To: mail-abuse@nic.br (Notes) Re: 201.1.80.68 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://www.anty.info/cs/lz/ (Administrator of network hosting website referenced in spam) To: b4039913@users.bora.net (Notes) Re: http://www.anty.info/out.php?email=x (Administrator of network hosting website referenced in spam) To: b4039913@users.bora.net (Notes) If you post a tracker, usually you will not need to post a complete spam. You should not post spams in this group spamcop or .help, these are for discussing spams. If a spam 'needs' to be posted somewhere instead of or in addition to the tracker, it should only be posted in the newsgroup .spam. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Apr 1 19:01:33 2004 From: nobody at devnull.spamcop.net (atf) Date: Thu Apr 1 19:05:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> Message-ID: Well that link didn't work. You're not angry about something are you? Would you like to explain that a little more to make it clearer? I'm not getting it and don't think anyone else did either. "Paul Johnson" wrote in message news:87oeqbjud3.fsf@ursine.ca... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "atf" writes: > > > Is there a way to change my address with Spamcop, or is it easier to simply > > re-register? > > http://www.spamcop.net/mcgi?action=prefmenu > > Big freaking link that says, "Change email address or name." Please > ask a smarter question next time. > http://www.catb.org/~esr/faqs/smart-questions.html > > - -- > .''`. Paul Johnson > : :' : > `. `'` proud Debian admin and user > `- Debian. Because it *must* work. debian.org aboutdebian.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFAbICIUzgNqloQMwcRAqM/AKCUyNT/qFFQkJDvDoOzcVRyda2BFACeJE7o > JhStPulJ+c1UUe/QytXM2Zs= > =3VVD > -----END PGP SIGNATURE----- From mjl at canamweb.net Thu Apr 1 16:03:36 2004 From: mjl at canamweb.net (Martin J. Lutterman) Date: Thu Apr 1 19:05:09 2004 Subject: [SpamCop-List] Problems Submitting SPAM Reports Message-ID: I have submitted several SPAM Reports but I keep getting an autoresponder email from SpamCop informing me.... [quote] SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: [unquote] I am going to the received SPAM, hitting "forward", pasting in the authorised SpamCop email address and hitting "enter" but for some reason all submissions are fired back at me. Can anyone pls tell me what I am not doing properly??? Feeling somewhat stupid, canamweb From nobody at devnull.spamcop.net Thu Apr 1 19:04:51 2004 From: nobody at devnull.spamcop.net (atf) Date: Thu Apr 1 19:05:13 2004 Subject: [SpamCop-List] Re: E-mail address change References: Message-ID: That's what I thought when I couldn't find a link to change it, thanks. Spambo" wrote in message news:c4hngs$itn$1@news.spamcop.net... > atf wrote: > > > Is there a way to change my address with Spamcop, or is it easier to simply > > re-register? > > > > Thanks > > ATF > > Assuming you're a free user, you just need to re-register with your > new address. > > -- > Just a SpamCop newsgroup participant, not an admin or employee of > SpamCop or related domains. > From a at all.addresses.on.cdrom.are.invalid.aaa Thu Apr 1 19:23:18 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Thu Apr 1 19:25:04 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! In-Reply-To: References: Message-ID: Jim Seymour wrote: > > A much better solution, though, would be to switch to a mail client that > allows you more control over those kind of security features. I use > Mozilla and it allows me to preview messages in HTML, but not load > remote data. This way, I see the proper color and font formatting when > my computer-novice relatives sends me their email, but I'm not at risk > from Joe spammer's web bugs. How do you get the color and formatting right when the sending software is making assumptions about your screen size, resolution, and number of color planes? :-) -John wb8tyw@qsl.network Personal Opinion Only From baloo at ursine.ca Thu Apr 1 16:22:52 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 1 19:35:05 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> Message-ID: <87ekr7ut2b.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 English is read top-down with context, not random order with minimal context. Please adjust your quoting style accordingly. (Even Californian public high school grads know that, and they're only about as bright as third graders elsewhere). http://learn.to/quote "atf" writes: > "Paul Johnson" wrote... >> "atf" writes: >> >> > Is there a way to change my address with Spamcop, or is it easier >> > to simply re-register? >> >> http://www.spamcop.net/mcgi?action=prefmenu >> >> Big freaking link that says, "Change email address or name." Please >> ask a smarter question next time. >> http://www.catb.org/~esr/faqs/smart-questions.html > > Well that link didn't work. Try again, worked for me. > You're not angry about something are you? Just stupid questions and stupid people. - -- .''`. Paul Johnson : :' : `. `'` proud Debian admin and user `- Debian. Because it *must* work. debian.org aboutdebian.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbLJcUzgNqloQMwcRAtP3AKDIhLxH0zqtNWga0+hCs2A7nD4h/gCeN5hm plSO4eLD62x21A/9zIC/QVY= =1eMD -----END PGP SIGNATURE----- From nospam-news at johannsen.us Thu Apr 1 16:30:03 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Thu Apr 1 19:35:16 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Why would I see something different when following the link below than originally when I submitted the spam report? What's the reason for not posting spam here, if the intent of the post is to discuss that specific spam? I saw posts in spamcop.spam stating that that is the wrong place for any discussion - so figured I would post here to ask about the parse results I was seeing. If I post a question about spam here and just have the spam example as a "PS" to the question, it does not add any additional posts to this list compared to if I post the question here and the spam itself in a related news group. Not complaining, just confused. Thanks, Eric "Mike Easter" wrote in message news:c4i9ft$70j$1@news.spamcop.net... > Eric Johannsen wrote: > > Received the below email. I submitted via the web interface, and > > Spamcop is unable to parse the header. > > Here's a good way to show this: > > www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z > > If you click that tracker you will see the headers and the parse > results. > > If you want to see the whole spam you click the link there that sez: > > View entire message > > When you are looking at that, you see something very different from what > you posted here and what I see when I go to the tracker which you > posted. As a result of the tracker above's parse, you see these > results: > > Report Spam to: > Re: 201.1.80.68 (Administrator of network where email originates) > To: Internal spamcop handling: (spambr) (Notes) > To: mail-abuse@nic.br (Notes) > Re: 201.1.80.68 (Third party interested in email source) > To: Cyveillance spam collection (Notes) > Re: http://www.anty.info/cs/lz/ (Administrator of network hosting > website referenced in spam) > To: b4039913@users.bora.net (Notes) > Re: http://www.anty.info/out.php?email=x (Administrator of network > hosting website referenced in spam) > To: b4039913@users.bora.net (Notes) > > If you post a tracker, usually you will not need to post a complete > spam. You should not post spams in this group spamcop or .help, these > are for discussing spams. If a spam 'needs' to be posted somewhere > instead of or in addition to the tracker, it should only be posted in > the newsgroup .spam. > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Thu Apr 1 18:36:54 2004 From: nobody at spamcop.net (WazoO) Date: Thu Apr 1 19:40:03 2004 Subject: [SpamCop-List] Re: Problems Submitting SPAM Reports References: Message-ID: "Martin J. Lutterman" wrote in message news:c4ialv$831$1@news.spamcop.net... > I have submitted several SPAM Reports but I keep getting an > autoresponder email from SpamCop informing me.... > > [quote] > SpamCop encountered errors while saving spam for processing: > SpamCop could not find your spam message in this email: > [unquote] > > I am going to the received SPAM, hitting "forward", pasting in the > authorised SpamCop email address and hitting "enter" but for some > reason all submissions are fired back at me. > > Can anyone pls tell me what I am not doing properly??? For starters, the basic requirement to use the SpamCop tool-set is that the spam submittal must be complete ... lacking any specific data on your set-up, how about starting by taking a look at http://www.spamcop.net/fom-serve/cache/19.html and see where you fit into that environment. From skiwi+newsgroups at spamcop.net Thu Apr 1 16:50:00 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Thu Apr 1 19:50:02 2004 Subject: [SpamCop-List] Re: Freespeechstore threatens SC? In-Reply-To: References: Message-ID: indigo wrote: > Saw this in a thread over at NANAE: > > Watch the media and search engines, cartooney is about to become a reality > with Ironport and Spamcop. This is guy is a loon! http://www.interocitor.net/freespeechstore.html From nobody at spamcop.net Thu Apr 1 19:31:52 2004 From: nobody at spamcop.net (Ellen) Date: Thu Apr 1 20:00:07 2004 Subject: [SpamCop-List] Re: Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} References: Message-ID: "Dan French" wrote in message news:c4hg3n$6vv$1@news.spamcop.net... > A link in the spam: > Tracking link: http://biz.yahoo.com/bw/040325/255269_1.html > ISP does not wish to receive report regarding biz.yahoo.com > Resolves to 216.109.124.144 > Routing details for 216.109.124.144 > Report routing for 216.109.124.144: yahoo@admin.spamcop.net > ISP does not wish to receive reports regarding > http://biz.yahoo.com/bw/040325/255269_1.html - no date available > http://biz.yahoo.com/bw/040325/255269_1.html has been appealed previously > > #1: How can they appeal (previously) > #2: If yahoo doesn't accept Spamcop reports, is Yahoo still black listed > (presuming other criteria met, others report it?) > #3: If Yahoo doesn't accept Spamcop reports, does Yahoo listen to anyone? > The yahoo finance site is being used by the spammer; the payload of the spam isn;t a yahoo url they are using that to lend credibilty to a pump and dump and there is nothing that yahoo can do about a spammer using a link to their financial news site. Yahoo accepts SpamCop reports. Ellen From nobody at spamcop.net Thu Apr 1 19:34:43 2004 From: nobody at spamcop.net (Ellen) Date: Thu Apr 1 20:00:17 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: "news.spamcop.net" wrote in message news:MPG.1ad604a9d87d4849989682@news.spamcop.net... > Sometimes, when I report Spam, the results come back saying: > > "ISP has indicated spam will cease; ISP resolved this issue sometime > after Thursday, April 01, 2004 6:05:44 AM -0800" > > What should I do at this point? Still Send the Report? Or just ignore > it? My tendancy is to just ignore it and move on to the next Spam. > Yes send the report anyway. If the ISP has turned off reports for the injecting IP by sending the report you are still adding to the blocklist. The IP will automatically reopen for report sending in 24 hours. If it is for a spamvertized site and you are a paying member you will be able to appeal the closure unless someone else already has. Ellen From spam at mrwright.com Thu Apr 1 18:09:07 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 20:10:04 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Thanks Mike. I appreciate it. And in the future, I WILL avoid cross-posting. > I retract my criticism of the post in .spam, that was appropriate and > different and the right place to put the item, since it contained the > spam item in question. I stand by my original crosspost criticism in > this thread. From MikeE at ster.invalid Thu Apr 1 17:16:21 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 20:20:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Eric Johannsen wrote: > Why would I see something different when following the link below than > originally when I submitted the spam report? Yours is 'full of' empty lines which the parser cannot abide in the header. I don't know how they got there. > What's the reason for not posting spam here, if the intent of the > post is to discuss that specific spam? It's 'tradition' -- that's the way it was when I got here. The 'model' is that nothing is discussed in .spam, because no one likes to go there unless they are looking for something specific. And no spam is posted in spamcop or .help, probably because some people get this newsgroup by mailing list and no one likes to look at or download spam unless 'they have to'. > I saw posts in spamcop.spam > stating that that is the wrong place for any discussion - Correct. > so figured > I would post here to ask about the parse results I was seeing. Ask the question/s here or .help. Post the spam in .spam. > If I > post a question about spam here and just have the spam example as a > "PS" to the question, it does not add any additional posts to this > list compared to if I post the question here and the spam itself in a > related news group. The idea is to keep the spam out of here and .help. And to keep the discussions here and .help and not .spam. > Not complaining, just confused. It would be nice if there were a great faq on the subject which isn't ambiguous so that when we [there is no we] try to encourage people to follow the tradition, that there were actually some kind of specific 'official' support or 'rule book'. But there isn't. It is one of those local lore things. The other day just to be a little different, I had a 'discussion' in .spam without moving it. Discussing in .spam isn't as 'bad' as posting spam in spamcop or .help. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 1 17:19:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 20:20:08 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Mike Easter wrote: > Eric Johannsen wrote: >> Why would I see something different when following the link below >> than originally when I submitted the spam report? > > Yours is 'full of' empty lines which the parser cannot abide in the > header. I don't know how they got there. And I took them out and 'remodeled' the original spam so that it would be acceptable. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 1 17:26:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 20:30:02 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: Mr. Wright wrote: > Thanks Mike. I appreciate it. And in the future, I WILL avoid > cross-posting. Oh good. If David Butler pops up in this conversation, you will notice that he has been beaten to a bloody pulp and has scars and other disfigurements from my merciless savagery on him for his occasional crosspost ;-) I try to tiptoe very delicately around the deputies when they have some very important message to give all of the 'troops' and they appropriately crosspost into everything, but sometimes they forget to put followups to one ng. One has to be very careful and not be beating up on deputies ;-) -- Mike Easter kibitzer, not SC admin From spam at mrwright.com Thu Apr 1 18:30:10 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 20:35:02 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: LOL > Oh good. If David Butler pops up in this conversation, you will notice > that he has been beaten to a bloody pulp and has scars and other > disfigurements from my merciless savagery on him for his occasional > crosspost ;-) From MikeE at ster.invalid Thu Apr 1 17:37:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 20:40:02 2004 Subject: [SpamCop-List] Re: Problems Submitting SPAM Reports References: Message-ID: Martin J. Lutterman wrote: > I am going to the received SPAM, hitting "forward", pasting in the > authorised SpamCop email address and hitting "enter" but for some > reason all submissions are fired back at me. What Wazoo sed leads to instructions for obtaining spam with complete headers for parsing and also to instructions for emailed submissions. Read all that stuff, and be sure to recognize the difference between 'forward' and 'forward as attachment' which are *completely* different functions if your mail user agent is Outlook Express like your newsagent. Forward as attachment results in the email submission address receiving an item which has the mail headers of your mail to submit which can be stripped off leaving the 'original' spamitem complete with attached headers. Simply 'forwarding' results in an item which has your sending mail headers followed by the forwarded /body/ content of the spambody with a little 'extra' depending upon configuration, and *no* original spam headers. The result of that 'encounter' would cause the parser to 'barf' on no headers. -- Mike Easter kibitzer, not SC admin From spam at mrwright.com Thu Apr 1 18:37:43 2004 From: spam at mrwright.com (Mr. Wright) Date: Thu Apr 1 20:40:06 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: > Wow! How long you been under that rock? :-) It was a heavy one, but the rock is gone and I see the light! > Web bugs have been around for years. I see from your headers that > you're using Outlook Express version 6. If you don't mind losing some > functionality, go to Tools\Options\Read and check the box labeled "Read > all messages in plain text". This will neuter the web bugs. I use Outlook 2003. Turns out that I can inhibit graphics from downloading with the click of the Almight Mouse. Not only does it have a great Junk E-mail setting (which I keep set in High), I can turn off automatic downloads from everything unless it's part of my safe senders list or part of my Trusted network. Can you believe it, MS has actually created something good...THAT WORKS. The spam filter hits about 90% plus. I found one drawback though, with the auto d/l setup, I can't forward a message to FTC (uce@ftc.gov) unless I allow the content to be downloaded. My workaround is the create a new e-mail and simply paste the text and header and then send it. From gregma at spamhole.com Thu Apr 1 18:12:57 2004 From: gregma at spamhole.com (news.spamcop.net) Date: Thu Apr 1 21:15:31 2004 Subject: [SpamCop-List] Re: Question on a Spam Report References: Message-ID: In article , nobody@spamcop.net says... > > "news.spamcop.net" wrote in message > news:MPG.1ad604a9d87d4849989682@news.spamcop.net... > > Sometimes, when I report Spam, the results come back saying: > > > > "ISP has indicated spam will cease; ISP resolved this issue sometime > > after Thursday, April 01, 2004 6:05:44 AM -0800" > > > > What should I do at this point? Still Send the Report? Or just ignore > > it? My tendancy is to just ignore it and move on to the next Spam. > > > > Yes send the report anyway. If the ISP has turned off reports for the > injecting IP by sending the report you are still adding to the blocklist. > The IP will automatically reopen for report sending in 24 hours. > > If it is for a spamvertized site and you are a paying member you will be > able to appeal the closure unless someone else already has. Thanks all for the wisdom. I'll follow the majority opinion and report anyway. Thanks! Greg From nobody at xyzzy.claranet.de Fri Apr 2 04:32:06 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Apr 1 21:35:04 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" References: Message-ID: <406CD0A6.640E@xyzzy.claranet.de> Bo Briggs wrote: > the only blocklist or dnsbl lookup of any kind that will > return something in the second octet. (127.1) Blars is IMNSHO as useless as the former dorkslayers, but here's another list using 127.1.?.?: host 2.0.0.127.opm.blitzed.org = 127.1.0.31 Bye, Frank From usenet at satchell.net Thu Apr 1 18:58:37 2004 From: usenet at satchell.net (Satch) Date: Thu Apr 1 22:00:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: On Thu, 01 Apr 2004 00:13:32 -0500, elind is alleged to have said: > However, either this guy (original poster) is a troll, or a spammer plant, > or he has a point. Either way I would like to know. The one problem I have > with spamcop is that, from my perspective, it's a bunch of geeks who think > that mortal users are not worth talking to. The few times I have posted > questions here, that were not "geek", I have never had relevant answers and > when I once expressed my contempt for the chinese, for example, I got flamed > by a bunch of PC geeks instead (I never heard an opinion on why it's the > chinese and koreans or brazilians and, recently, russian crooks, who host > most of this crap, as opposed to the USA for example, and when I called them > names it was far less offensive than what they sent me). I love it when people talk about me like I'm not there. Brief history: I date back to the original ARPAnet back when the protocol was NCP, not TCP/IP. I was at the University of Illinois Center for Advanced Computation working on the development, deployment, and proof of concept of what was then Network Graphics Protocol. (It died, unfortunately.) I've been involved in telecommunications in a number of different places, and at one time was one of a handful of independent modem testers. (I edited TIA TR-30.3 EIA-3800, the modem test procedures. I was also responsible for the clean-up of what is now V.80.) My day job is system administrator for a mid-sized Web hosting company, and I'm also Mr. Abuse during weekday business hours. Back when the closest I ever got to high-speed network was a DSLAM I frequented NANAE, and returned when I discovered that SPEWS had blocked an entire /24 where I work. I found it, I fixed it, and then worked to get the listing lifted. My problem is a simple one: I get between 80-100 spams a day. I read every single one of them to ensure they are spam before routing them to the LART machine. From there, I depended on SpamCop to live up to its reputation. Up until recently (about a month ago) I had no problems at all with the process. The first sign of trouble is when I had a Web server blocked for spam...long after we closed down the source of spamming, an exploitable Web CGI script. When I checked up with the deputies, they told me that the server didn't have a viable PTR record. I fixed that. The second sign of trouble is when my ISP changed the way it configured its mail system to improve throughput in the face of a three-fold increase in spam volume, and the system administrator (my neighbor) made a stupid error. Found, fixed, all better. During this time, SpamCop still was labeling my server at work the injection point for spam, in spite of the fact that a human being had no problems getting past the QMail headers. (You'd think that a popular MTA like QMail would be handled...) The latest sign of trouble is because SpamCop could not deal with mail internally routed at my ISP, and a new blockade was put in place solely because of my reports. Furthermore, I never asked to be a "mole" yet my ISP never saw a single message. (When I was doing the reports, I don't recall any of them with the abuse address of my ISP, either, but I digress.) I a big booster of processes to centralize the detection and recording of spam. I thought I was helping that process. I was wrong. It's bad enough when they LART my server wrongly. Today I received a SpamCop report that one of my customers were spamvertised. Right. The actual code in the message was: _ That's a real great way to spamertise a site, expecially when its amid a whole bunch of clutter. Thanks, SpamCop. Satch -- Opinions in this posting not necessarily opinion of employer. Are personal notes, posted using my computer, my account. Not legal opinion or advice. Void where prohibited. For entertainment only. Your mileage may vary. Not appropriate for children. From elind at spamcop.net Thu Apr 1 22:27:43 2004 From: elind at spamcop.net (elind) Date: Thu Apr 1 22:30:08 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: Well so much for that. I asked a few questions that were obviously not very technically interesting, and I got no answers, except for unrelated advice. "Larry Kilgallen" wrote in message news:jLPmrD69x98j@eisner.encompasserve.org... > In article , "elind" writes: > > < 105 lines of quoted material snipped > > > > Thanks for proving my point Mr. Whatever!! Not worth talking to am I? > > Please learn to trim material to which you are responding and properly > intersperse responses to individual items rather than "bottom posting" > (which runs a close second in ill manners to "top posting". > > > I'm here because it was the only help source I could find. It seems to me > > that it would be trivially simple for spamcop management to have a good > > primer as well as a "news" item updating the status of the spam wars. I > > don't want to live on this board nor be an internet routing protocols > > expert. > > This is not a "board", but a lot of experience reading this newsgroup > would show you that it would not be "trivially simple". I am not > saying that you should devote that time -- just take our word for it > that everybody has a different problem and different background. Folks > have tried to write non-interactive explanations, even posting them on > other web sites (obviating a need for blessing by SpamCop), but not have > succeeded. > > For those who do not want to become a protocol expert (and I do not), > the simple approach is to carefully review the report recipients that > SpamCop proposes and decline to send reports to any who are your own > vendors. From Kilgallen at SpamCop.net Thu Apr 1 21:29:30 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 22:30:30 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: In article , Satch writes: > My problem is a simple one: I get between 80-100 spams a day. I read > every single one of them to ensure they are spam before routing them to > the LART machine. From there, I depended on SpamCop to live up to its > reputation. Perhaps the reputation you have heard exceeds reality. SpamCop proposes report recipients, and you get to decide whether those are the proper recipients. From Kilgallen at SpamCop.net Thu Apr 1 21:32:50 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 1 22:35:15 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: Are you striving for a "perfect score" in ignoring posting conventions ? In article , "elind" writes: > Well so much for that. > > I asked a few questions that were obviously not very technically > interesting, and I got no answers, except for unrelated advice. So now you have decided to top-post. Is this some sort of Turing test to see how rude you can be ? From elind at spamcop.net Thu Apr 1 22:35:34 2004 From: elind at spamcop.net (elind) Date: Thu Apr 1 22:40:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406C3EC9.2010907@spamcop.net> Message-ID: Well so much for that. I asked a few questions that were obviously not very technically interesting to those who might know more, and I got no relevant answers, except for this kind of everyday newsgroup banter. So it goes. "Tim McGraw" wrote in message news:406C3EC9.2010907@spamcop.net... > elind wrote: > > > > Thanks for proving my point Mr. Whatever!! Not worth talking to am I? > > WazoO responded, which would indicate the contrary. > > > I'm here because it was the only help source I could find. > > And, you got an answer. Good. > > The system is working, yes? > > > It seems to me that it would be trivially simple for spamcop > management to have a good primer > > This has been suggested many times. > > > as well as a "news" item updating the status of the spam wars. > > Whoa there nellie, that's way, way, way beyond the scope and mission of > spamcop. > > There's some purty graphs about spam reporting levels, though. > > > I don't want to live on this board nor be an internet routing protocols > > expert. > > Neither is required to use sc effectively. > > > > > > > nor do I really know who spamcop is anymore > > It seems we've drifted apart, so let's not play this charade. It only > hurts the children... > From MikeE at ster.invalid Thu Apr 1 20:09:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 1 23:10:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406C3EC9.2010907@spamcop.net> Message-ID: elind wrote: > I asked a few questions that were obviously not very technically > interesting to those who might know more, and I got no relevant > answers, except for this kind of everyday newsgroup banter. I saw these questions attached to someone else's thread [not that there's anything wrong with that] elind wrote: > I also have never seen a commonsense explanation of what good this > reporting actually does, or how the blacklist really work, SpamCop reporting notifies providers for sources and spamvertisers. Sources these days are usually insecure users' boxen, and it is 'difficult' for their providers to deal with that. Spamvertisers are frequently unresponsive, but occasionally do. SC reporting also contributes to the SCbl, a very popular and dynamic blocklist which is used by many in their filter system. The SCbl is only one of a host of different kinds of popular blocklists, and it is somewhat unique in its function and dynamics, and as such is a valuable contribution to the overall spamwars. A blocklist works by enabling a filter to block or tag an item, almost always on the basis of IP address, because the IP is listed in a DNSbl, a blocklist of IP addresses or blocks of addresses. > or why so > many well known ISPs (per comments seen here) supposedly ignore the > reports in spite of laws against spamming (but, for example, why have > the latest prosecutions not been against the biggest fish often > mentioned here? I can't answer that usefully. > tell me why I should continue > to subscribe? You can subscribe to 'help' foster SpamCop; also paying users get some benefits in the reporting process not available to free reporters. A person could pay or contribute and not report, report and not pay, pay and report, subscribe to the spamcop mail filtering system, or help out in some other way. A person can fight spam by pledging to never aid a spammer and just hitting delete. Another person can choose to do their own notifications with or without feeding spamcop. Another person can develop some other strategy to spamfight, such as honeypots and proxypots. Lotsa opportunities, since there's lotsa spam. -- Mike Easter kibitzer, not SC admin From ric.gates at bigsleep.org Fri Apr 2 04:20:02 2004 From: ric.gates at bigsleep.org (Blammo) Date: Thu Apr 1 23:25:03 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: <87fzbnju3y.fsf@ursine.ca> Message-ID: On 01 Apr 2004 Paul Johnson entered spamcop and left news:87fzbnju3y.fsf@ursine.ca: > > Google's search engine uses JavaScript to help set preferences... > It uses Javascript to /enhance/ preferences setting. I just changed my language to Elmer Fudd with Javascript off. From tmcgraw at spamcop.net Thu Apr 1 20:26:45 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 23:30:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: <406CEB85.7090003@spamcop.net> Satch wrote: > > > > My problem is a simple one: I get between 80-100 spams a day. I read > every single one of them to ensure they are spam before routing them to > the LART machine. From there, I depended on SpamCop to live up to its > reputation. Up until recently (about a month ago) I had no problems at > all with the process. According to this post not all was well at satchell.net in January: http://tinyurl.com/2tdnu It appears your problems are at your end. Without posting examples in .spam there's no way to tell. > The first sign of trouble is when I had a Web server blocked for > spam...long after we closed down the source of spamming, an exploitable > Web CGI script. When I checked up with the deputies, they told me that > the server didn't have a viable PTR record. I fixed that. Ah, progress. > The second sign of trouble is when my ISP changed the way it configured > its mail system to improve throughput in the face of a three-fold > increase in spam volume, and the system administrator (my neighbor) made a > stupid error. Found, fixed, all better. During this time, SpamCop still > was labeling my server at work the injection point for spam, in spite of > the fact that a human being had no problems getting past the QMail > headers. (You'd think that a popular MTA like QMail would be handled...) As I said earlier you seem to be the only Qmail user with this problem. > The latest sign of trouble is because SpamCop could not deal with mail > internally routed at my ISP, and a new blockade was put in place solely > because of my reports. Furthermore, I never asked to be a "mole" yet my > ISP never saw a single message. (When I was doing the reports, I don't > recall any of them with the abuse address of my ISP, either, but I digress.) Claiming to not know you've switched to mole reporting is akin to not knowing that you've unchecked "send me offers from third parties" when signing your addy up at a web site. Not being a mole reporter myself, I don't know if there are subtle or even obvious interface differences... for instance, is there still a button that says "Send report now"? Your claim seems to be that sc never sent the reports. [Contacting mail.satchell.net [208.170.252.115]...] [Connected] 220 ssatchell1.pyramid.net ESMTP Postfix HELO hexillion.com 250 ssatchell1.pyramid.net VRFY abuse 502 VRFY command is disabled ...so, who knows? > It's bad enough when they LART my server wrongly. Today I received a > SpamCop report that one of my customers were spamvertised. Right. The > actual code in the message was: > > _ Post the turdlet in .spam for examination if you really want to help. From tmcgraw at spamcop.net Thu Apr 1 20:29:46 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 1 23:30:11 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: <406CEC3A.5090901@spamcop.net> elind wrote: > > I asked a few questions that were obviously not very technically > interesting, and I got no answers, except for unrelated advice. The answers I provided were direct and accurate answers to your questions, so I'm calling troll. From kb1cvh at AikoRomeoRomeoLima.comcast.net Thu Apr 1 23:39:54 2004 From: kb1cvh at AikoRomeoRomeoLima.comcast.net (Peter Grace) Date: Thu Apr 1 23:35:04 2004 Subject: [SpamCop-List] Re: Mailhosts In-Reply-To: References: Message-ID: I see Why, When, How, on the Mailhost link, but not What. Okay, so spamcop is doing a reconfig. What is it? What will it do for me? I can't get any idea of the implications of this without more details. Peter Travis Rabe wrote: > How does this new feature work. I followed the first few step, replied to > my e-mails. Now what? > > Travis > > From nobody at spamcop.net Thu Apr 1 23:43:34 2004 From: nobody at spamcop.net (Tom) Date: Fri Apr 2 00:45:04 2004 Subject: [SpamCop-List] Re: MEDIA: FDA OVERWHELMED BY VOLUME OF ILLEGAL Rx DRUGS SENT THROUGH MAIL References: Message-ID: <04vp6098rgrm7nv4t3rp7858s8eo3tle7j@4ax.com> On Tue, 30 Mar 2004 16:23:14 -0500, eddie wrote: >What kind of moronic idiot (assuming there are non-moronic idiots) would >buy pills via spam in the first place? Whoever they are, they should be >exempt from any kind of federal assistance. Termination would be good. People on fixed incomes who often want to try out their neighbor's medicines for nausea to see if it cures their own arthur-itis! Seriously, the rising costs of medication in the U.S. are a real problem to the elderly who live on fixed incomes. The second part of my comment is just as appropriate... Trading medication takes place more often that anyone wants to admit and to top it off, television advertising is paying big time. Far too many people will develop acid reflux disease, just to get that little purple pill... From mythosmanor at hotmail.com Thu Apr 1 21:45:23 2004 From: mythosmanor at hotmail.com (Chuck) Date: Fri Apr 2 00:50:02 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: "adfdsa" wrote in message news:c4eo07$saf$1@news.spamcop.net... > So what your saying is that SC really isn't *useful*. It only exists so that > you can feel important. Strange, I thought, rather than sarcasm, 'help and > information' are supposed to be available here. That is your 'job', right? > Spamcop is very useful, at least I find it so. It allows me to parse highly obfuscated spam, with forged header segments, and determine who it should be reported to. It's not Spamcop's fault that it can't provide you (based on the headers of the spam we report via it) with information that IS NOT IN said headers. You are asking for something that just isn't within the scope of Spamcop's purpose. It's a reporting tool, NOT a tool for diagnosing which machine (on the other side of a NAT or other firewall) is spewing spam. There are other tools out there that monitor open relays and such, it's not Spamcop's job to duplicate those tools/services. The stuff on YOUR SIDE of YOUR NAT is YOUR RESPONSIBILITY not ours. Nevertheless, several other messages posted above pointed you at other resources you can use to discover the ports being used by your open mailserver. So while the answer has not been handed to you on a silver platter, you HAVE been shown ways you can diagnose what's going on. So please, make note of the resources you have been pointed to, and go use them to resolve this issue, and also I would hope the next time someone sets up in open relay on your side of your NAT. From smcgarrett at hawaii.com Thu Apr 1 23:50:38 2004 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Fri Apr 2 00:55:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? In-Reply-To: References: <406B9DD4.1060209@spamcop.net> Message-ID: Satch wrote: > On Thu, 01 Apr 2004 00:13:32 -0500, elind is alleged to have said: > > I love it when people talk about me like I'm not there. Well, you weren't, for over 24 hours. :-) Aloha, McGarrett "LART 'em, Danno!" From smcgarrett at hawaii.com Fri Apr 2 00:17:23 2004 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Fri Apr 2 01:20:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? In-Reply-To: References: <406B9DD4.1060209@spamcop.net> Message-ID: Larry Kilgallen wrote: > > SpamCop proposes report recipients, and you get to decide whether > those are the proper recipients. Get real, Larry. That's like saying "Your doctor proposes a diagnosis, and you get to decide if he's right." Or "Your lawyer proposes a contract, and you get to decide whether it will protect you." For any given subject, the vast majority of people out there are not experts, and cannot be expected to be even reasonably fluent. And, of those who could be experts, many simply choose to do other things with their time, instead. That's why people hire experts to do work for them. I imagine that, for almost all its users, SpamCop is the expert when it comes to parsing spam headers. Even for those of us, like you and me, who could parse the headers manually (although I'm still not absolutely clear on how to determine if a "Received:" line is genuine, beyond those produced by my own mail machine), SpamCop provides the ability to produce a LART in a few seconds. It would take me several minutes to do the same thing by hand, which is essentially what I would have to do in order to decide whether SpamCop found the proper recipients. I've got better things to do with my time than manually LART the 30 or so pieces of my spam a day that the scbl doesn't catch. Without SpamCop, my LART number would be zero. Are you saying that's to be preferred? From my perspective, the biggest problem is not SpamCop's technical ability, which I would give a grade of A, but SpamCop's customer service, which I would give a big, fat F. Satch's complaint provides just one example: It's been known for some time that SpamCop's parser will sometimes finger the reporter's mail server as the source of spam. There are a variety of reasons for this (the diversity of mail handing programs out there, mail handling programs and readers that not only don't adhere to RFCs, but actually butcher them, RFCs that are unclear or widely ignored, and even imperfect SpamCop logic), but there are a few simple (relative to the complexity of SpamCop) things that could mitigate the problem. For example: -Allow SpamCop users to have individual whitelists of IP addresses, domains, and reporting addresses which SpamCop should never allow them to report. In "novice" (default) mode, this list could be generated by asking users for their email addresses (the ones that are used to get the spam which they report). This list would be used to generate a liat of corresponding mail servers, which would then be used to generate a list of abuse addresses. SpamCop would refuse to issue a report from that user for any IP with an abuse address on that list. (In "expert" mode the SpamCop user could manually modify the list.) -Provide the reported IP and abuse address for mole reports. The statement "/dev/null'ing report for mole@devnull.spamcop.net" is useless. A statement like: "Mole report issued for x.x.x.x. Would have sent report to foo.bar.invalid, who.me.invalid." would be useful. -Refuse to add an IP to the scbl unless that IP's reporting address had been sent (say) 2 reports for that IP in the last 15 days. This would give the owners of these IPs some warning, while not allowing massive listwashing. There could even be a sort of "prefer to be a mole" munging setting for the SpamCop reporter. This setting would cause SpamCop to send a report only if the current number of reports for that IP was insufficient, while otherwise treating the reporter as a mole. Such setting might be the default for new users. Yes, implementing these ideas would result in some IPs taking longer to reach the scbl, or failing to be listed at all. They would result in some reporters being listwashed. They would not completely eliminate reporters getting their own ISP listed (although I believe they would reduce that significantly). But I think they would give SpamCop reporters and scbl users greater confidence, which would increase SpamCop's use and, therefore, its usefulness. Suggestions like these have been made before. So why haven't they been implemented? I get the impression that TPTB consider them either not sufficiently interesting, not sufficiently challenging, or not sufficiently elegant. But I don't think SpamCop's customers care whether SpamCop's programming is interesting, challenging, or elegant. I think they just care about having a SpamCop that works better. Too bad they're not getting it. Aloha, McGarrett "LART 'em, Danno!" From usenet at satchell.net Fri Apr 2 00:22:59 2004 From: usenet at satchell.net (Satch) Date: Fri Apr 2 03:25:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406CEB85.7090003@spamcop.net> Message-ID: On Thu, 01 Apr 2004 20:26:45 -0800, Tim McGraw is alleged to have said: > According to this post not all was well at satchell.net in January: > http://tinyurl.com/2tdnu > > It appears your problems are at your end. Without posting examples in > .spam there's no way to tell. I was posting from satchell.net, but the problem I was describing was at hostrack.com. HostRack doesn't subscribe to any news service (nor does it need to) so I use my ISP's news service from my personal domain. -- Opinions in this posting not necessarily opinion of employer. Are personal notes, posted using my computer, my account. Not legal opinion or advice. Void where prohibited. For entertainment only. Your mileage may vary. Not appropriate for children. From usenet at satchell.net Fri Apr 2 00:24:05 2004 From: usenet at satchell.net (Satch) Date: Fri Apr 2 03:25:23 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406CEB85.7090003@spamcop.net> Message-ID: On Thu, 01 Apr 2004 20:26:45 -0800, Tim McGraw is alleged to have said: > Claiming to not know you've switched to mole reporting is akin to not > knowing that you've unchecked "send me offers from third parties" when > signing your addy up at a web site. Not being a mole reporter myself, I > don't know if there are subtle or even obvious interface differences... > for instance, is there still a button that says "Send report now"? > > Your claim seems to be that sc never sent the reports. > > [Contacting mail.satchell.net [208.170.252.115]...] > [Connected] > 220 ssatchell1.pyramid.net ESMTP Postfix > HELO hexillion.com > 250 ssatchell1.pyramid.net > VRFY abuse > 502 VRFY command is disabled > > ...so, who knows? Did you check at abuse.net? -- Opinions in this posting not necessarily opinion of employer. Are personal notes, posted using my computer, my account. Not legal opinion or advice. Void where prohibited. For entertainment only. Your mileage may vary. Not appropriate for children. From kjz at despammed.com Fri Apr 2 11:18:31 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Fri Apr 2 04:20:03 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. burns: med4rens.com, eeds3mds.com, DNS: nsolu.com In-Reply-To: References: Message-ID: Teleglobe only seems to be a temporary host for Al until he has bribed other Chinese network admins to host his crap. Now again 'Zhang jun' (Registrars: Paycenter for domains, DirectI for DNS) must do it. It would be interesting how many black hat hosts around the world Al has bribed. And: who are the producers of all the quack medicines Al wants to promote? Domain Name:med4rens.com 221.5.250.123 Billing Contact: zhang jun zhang jun P.O. BOX dang dong Liaoning 118000 China tel: 86 415 6169599 fax: 86 415 6169599 spring2004@126.com Registration Date: 2004-03-24 Update Date: 2004-03-24 Expiration Date: 2005-03-24 Primary DNS: ns1.nsolu.com Secondary DNS: ns0.nssolu.com 61.128.194.45 Domain Name:eeds3mds.com 202.106.127.112 Billing Contact: zhang jun zhang jun P.O. BOX dang dong Liaoning 118000 China tel: 86 415 6169599 fax: 86 415 6169599 spring2004@126.com Registration Date: 2004-03-24 Update Date: 2004-03-24 Expiration Date: 2005-03-24 Primary DNS: ns1.nsolu.com Secondary DNS: ns0.nssolu.com 61.128.194.45 Registration Service Provided By: WANG LONG (<-- Reseller as member of Al's gang?) Contact: hezuo2002@163.com Domain Name: NSOLU.COM Registrant: zhang jun zhang jun (spring2004@126.com) P.O. BOX 38 dan dong Liao NIng,118000 CN Tel. +86.4156169599 Creation Date: 19-Mar-2004 Expiration Date: 19-Mar-2005 From windsorfoxNOSPAM at cox.net Fri Apr 2 03:51:10 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Fri Apr 2 04:56:11 2004 Subject: [SpamCop-List] Re: Freespeechstore threatens SC? In-Reply-To: References: Message-ID: Skiwi wrote: > indigo wrote: > >> Saw this in a thread over at NANAE: >> >> Watch the media and search engines, cartooney is about to become a >> reality >> with Ironport and Spamcop. > > > > This is guy is a loon! > > http://www.interocitor.net/freespeechstore.html Looks like some 14 yo kid who needs to have his AOL privileges removed by mommy or daddy. From spamcop-list-at-news.spamcop.net at musaic.net Fri Apr 2 13:29:16 2004 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Fri Apr 2 06:29:38 2004 Subject: [SpamCop-List] Withdraw report? Message-ID: <1794065981.20040402132916@musaic.net> Oooopps! http://www.spamcop.net/sc?id=z385244616z519accd101e676407bc7237a676652b4z How do one withdraw? -- St From gospamming at yourdomain.invalid Fri Apr 2 11:49:08 2004 From: gospamming at yourdomain.invalid (D.Diaz) Date: Fri Apr 2 06:50:03 2004 Subject: [SpamCop-List] Re: Withdraw report? References: Message-ID: "St - Musaic.Net" wrote in news:mailman.374.1080905377.20699.spamcop-list@news.spamcop.net: > > Oooopps! > > http://www.spamcop.net/sc?id=z385244616z519accd101e676407bc7237a67665 > 2b4z > > How do one withdraw? > You cannot withdraw. You have to face it. ;-) So you have two options now: 1) Commit seppuku 2) Continue to live with the shame, and send your apologies to the abuse team at nextra.com and the deputies at spamcop.net, citing the SpamCop report number or, at least, including that previous tracker HTH -- Daniel Diaz My Personal email: ddiazxn @ telefonica . net From Kilgallen at SpamCop.net Fri Apr 2 06:17:26 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Apr 2 07:20:04 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: In article , Steve McGarrett writes: > Larry Kilgallen wrote: >> >> SpamCop proposes report recipients, and you get to decide whether >> those are the proper recipients. > > Get real, Larry. > > That's like saying "Your doctor proposes a diagnosis, and you get to > decide if he's right." Or "Your lawyer proposes a contract, and you get > to decide whether it will protect you." If your lawyer proposes sueing yourself, clear-thinking client decline. > For any given subject, the vast majority of people out there are not > experts, and cannot be expected to be even reasonably fluent. And, of > those who could be experts, many simply choose to do other things with > their time, instead. That's why people hire experts to do work for them. But nobody should be on the internet without knowing who their own ISPs are. From winelight at spamcop.net Fri Apr 2 13:19:47 2004 From: winelight at spamcop.net (Andrew Ward) Date: Fri Apr 2 07:20:17 2004 Subject: [SpamCop-List] SpamAssassin and blackhole lists: which order applied? Message-ID: I know that I should know the answer to this, but for some reason I've clean forgotten which happens first at SpamCop: SpamAssassin or the blackhole lists? Logically it should be the blackhole lists but I seem to remember some discussion of the processing overhead that SpamAssassin was causing because it was being applied to all emails. Why I want to know is whether by turning off SpamAssassin the emails that are currently caught by it may then go on to be stopped by the blackhole lists or whether they'd end up in my inbox. Andrew Ward From spamcop001 at bellsouth.net Fri Apr 2 06:34:19 2004 From: spamcop001 at bellsouth.net (Bo Briggs) Date: Fri Apr 2 07:35:04 2004 Subject: [SpamCop-List] Re: Help! "65.219.62.22 bl.spamcop.net 127.1.0.17" In-Reply-To: <406CD0A6.640E@xyzzy.claranet.de> References: <406CD0A6.640E@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Bo Briggs wrote: > > >>the only blocklist or dnsbl lookup of any kind that will >>return something in the second octet. (127.1) > > > Blars is IMNSHO as useless as the former dorkslayers, but Blars himself says "...since few people use BlarsBL to block email" > here's another list using 127.1.?.?: > > host 2.0.0.127.opm.blitzed.org = 127.1.0.31 > Forgot about blitzed.org (Thanks for the correction. I should have said 'that I can think of'). opm.blitzed.org could also return 127.1.0.17, indicating Wingate and HTTP Post proxies. http://opm.blitzed.org/info#using > Bye, Frank > -- Bo Briggs From nobody at spamcop.net Fri Apr 2 13:22:44 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 08:25:03 2004 Subject: [SpamCop-List] Re: Bona-fide blank spam References: Message-ID: Ellen (nobody@spamcop.net) wrote in news:c4dh18$lgc$1@news.spamcop.net: > I saw a spam header today with 2 forged > received headers; they were real tricky to pick up as they had > ([%CUSTOM_IP]) in the from clause ... I had one with the following Date: header: Date: %CURRENT_DATE_TIME The same %CURRENT_DATE_TIME appeared in two Received: headers as well (obviously forged); the only valid timestamp was that put in by my own server. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 2 08:25:47 2004 From: nobody at spamcop.net (Firewoman) Date: Fri Apr 2 08:30:03 2004 Subject: [SpamCop-List] Spammer Caught and Jailed! Message-ID: Oh happy day http://www.buffalonews.com/editorial/20040401/1048828.asp From nobody at spamcop.net Fri Apr 2 08:33:20 2004 From: nobody at spamcop.net (Firewoman) Date: Fri Apr 2 08:35:03 2004 Subject: [SpamCop-List] Re: [OT] Google your email - without spam References: <87fzbnju3y.fsf@ursine.ca> Message-ID: "Blammo" wrote in message news:Xns94BECEDCB7891blammo@216.154.195.61... > I just changed my language to Elmer Fudd with Javascript off. I like the Bork version myself, makes my searches much more interesting :) http://www.google.com/intl/xx-bork/ Um gesh dee bork, bork! From nobody at devnull.spamcop.net Fri Apr 2 08:44:36 2004 From: nobody at devnull.spamcop.net (atf) Date: Fri Apr 2 08:45:06 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Nope sorry, still not getting it. Maybe you can help me with this? From your posts it sounds like you must really know a lot. > >> http://www.spamcop.net/mcgi?action=prefmenu > >> > >> Big freaking link that says, "Change email address or name." Please > >> ask a smarter question next time. "Paul Johnson" wrote in message news:87ekr7ut2b.fsf@ursine.ca... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > English is read top-down with context, not random order with minimal > context. Please adjust your quoting style accordingly. (Even > Californian public high school grads know that, and they're only about > as bright as third graders elsewhere). > http://learn.to/quote > > "atf" writes: > > "Paul Johnson" wrote... > >> "atf" writes: > >> > >> > Is there a way to change my address with Spamcop, or is it easier > >> > to simply re-register? > >> > >> http://www.spamcop.net/mcgi?action=prefmenu > >> > >> Big freaking link that says, "Change email address or name." Please > >> ask a smarter question next time. > >> http://www.catb.org/~esr/faqs/smart-questions.html > > > > Well that link didn't work. > > Try again, worked for me. > > > You're not angry about something are you? > > Just stupid questions and stupid people. > > - -- > .''`. Paul Johnson > : :' : > `. `'` proud Debian admin and user > `- Debian. Because it *must* work. debian.org aboutdebian.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFAbLJcUzgNqloQMwcRAtP3AKDIhLxH0zqtNWga0+hCs2A7nD4h/gCeN5hm > plSO4eLD62x21A/9zIC/QVY= > =1eMD > -----END PGP SIGNATURE----- From sally at nowhere.net Fri Apr 2 09:04:13 2004 From: sally at nowhere.net (sally) Date: Fri Apr 2 09:00:03 2004 Subject: [SpamCop-List] What does this reply mean and why did I receive it? Message-ID: Received: by pop5.mx.voyager.net (mbox munged@munged.com) (with voyager.net's vgrpop Fri, 2 Apr 2004 08:31:07 ) Received: from vmx2.spamcop.net (vmx2.spamcop.net [206.14.107.117]) by mx3.mx.voyager.net (8.12.9/8.10.2) with ESMTP id i31BsBhV098270 for ; Thu, 1 Apr 2004 06:54:12 -0500 (EST) Received: from sc-app2.verio.ironport.com (HELO spamcop.net) (192.168.11.202) by vmx2.spamcop.net with SMTP; 01 Apr 2004 03:54:05 -0800 X-SpamCop-Return-Path: Received: from vmx2.spamcop.net (sc-smtp2.verio.ironport.com [192.168.12.80]) by sc-app2.verio.ironport.com (Postfix) with ESMTP id ED33D51592C for <845211386@reports.spamcop.net>; Thu, 1 Apr 2004 03:53:32 -0800 (PST) Received: from mx01.uunet.co.za (196.31.48.143) by vmx2.spamcop.net with ESMTP; 01 Apr 2004 03:53:32 -0800 Received: from hill.noc.uunet.co.za ([196.7.0.142]) by mx01.uunet.co.za with esmtp (Exim 4.20) id 1B90l9-0000Ar-E9; Thu, 01 Apr 2004 13:53:23 +0200 Received: by hill.noc.uunet.co.za (Postfix, from userid 1022) id D64406A934; Thu, 1 Apr 2004 13:53:22 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by hill.noc.uunet.co.za (Postfix) with ESMTP id CFB086A931; Thu, 1 Apr 2004 13:53:22 +0200 (SAST) Date: Thu, 1 Apr 2004 13:53:22 +0200 (SAST) From: Ridwaan Roberts X-X-Sender: ridwaanr@hill.noc.uunet.co.za Reply-To: Ridwaan Roberts To: 845211386@reports.spamcop.net Cc: abuse@za.uu.net Subject: Re: [abuse] [SpamCop (196.31.123.42) id:845211386]Fight for your self-esteem!!! In-Reply-To: Message-ID: <20040401135122.X44984@hill.noc.uunet.co.za> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: -4.2 (----) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1B90l9-0000Ar-E9*5pAClARFM66* Status: U Hi One of yours. On Wed, 31 Mar 2004 845211386@reports.spamcop.net wrote: > [ SpamCop V1.3.4 ] > This message is brief for your comfort. Please use links below for details. > > Email from 196.31.123.42 / Wed, 31 Mar 2004 18:15:08 -0500 (EST) > 196.31.123.42 is open proxy, see: http://www.spamcop.net/mky-proxies.html > http://www.spamcop.net/w3m?i=z845211386z8d522388c9352be1c4954cb161417a03z > > [ Offending message ] > Received: by pop8.mx.voyager.net (mbox x) > (with voyager.net's vgrpop Thu, 1 Apr 2004 05:52:09 ) > Received: from ndf-dial-196-31-123-42.mweb.co.za > (ndf-dial-196-31-123-42.mweb.co.za [196.31.123.42]) > by mx12.mx.voyager.net (8.12.9/8.10.2) with SMTP id i2VNDXdn073755; > Wed, 31 Mar 2004 18:15:08 -0500 (EST) > Received: from 122.0.238.62 by 196.31.123.42; Thu, 01 Apr 2004 05:07:57 +0600 > Message-ID: > From: xyvyhkesbce@msn.com > Reply-To: xyvyhkesbce@msn.com > To: x > Subject: Fight for your self-esteem!!! > Date: Wed, 31 Mar 2004 19:12:57 -0400 > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > MIME-Version: 1.0 > X-Content-Type: multipart/alternative; > boundary="--25861220597245324" > X-Priority: 3 > X-MSMail-Priority: Normal > Status: U > Content-Type: text/plain > X-SpamCop-note: Converted to text/plain by SpamCop (outlook/eudora hack) > > Get your university DEGREE! > > It's time you take what belongs to you > > Didn't have time for it in the past? > > Don't let your University Diploma slip away > > Receive the payment and respect that you deserve!! > > Get a Bachelors, Masters, MBA, and Doctorate (PhD) diploma! > > No one is turned down! > > Call Today 1-248-927-0446 (7 days a week) > > Confidentiality assured! > > out > > http://www.mega-health.net/off.html0 > Best regards The contents of this e-mail and any accompanying documentation is confidential and any use thereof, in whatever form, by anyone other than the addressee for whom it is intended, is strictly prohibited. --- Ridwaan Roberts Network Operations Centre UUNET (SA) (PTY) LTD Tel: +27 21 6588585 / Fax: +27 21 6588552 Customer Service Centre: 08600 UUNET / 08600 88638 Email: ridwaan@za.uu.net Website: http://www.uunet.co.za From michael.spamcop at michaellefevre.com Fri Apr 2 14:04:55 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Fri Apr 2 09:05:07 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: Steve McGarrett wrote: > Larry Kilgallen wrote: >> >> SpamCop proposes report recipients, and you get to decide whether >> those are the proper recipients. > > Get real, Larry. > > That's like saying "Your doctor proposes a diagnosis, and you get to > decide if he's right." Or "Your lawyer proposes a contract, and you get > to decide whether it will protect you." No, it's like your lawyer advising you about how much protection a contract gives you, and you making the decision whether or not to sign the contract. You wouldn't generally have a lawyer to do something, and have them go off negotiate the contract and sign it for you. [snip] > I imagine that, for almost all its users, SpamCop is the expert when it > comes to parsing spam headers. It's not an expert, it's a computer parser attached to it's own big database and a bunch of public databases. However, you're right that it's not what people are expecting, and it seems to be increasingly unrealistic to expect people to treat it as they should, rather than according to their expectations. [snip] > -Allow SpamCop users to have individual whitelists of IP addresses, > domains, and reporting addresses which SpamCop should never allow them > to report. In "novice" (default) mode, this list could be generated by > asking users for their email addresses (the ones that are used to get > the spam which they report). This list would be used to generate a liat > of corresponding mail servers, which would then be used to generate a > list of abuse addresses. SpamCop would refuse to issue a report from > that user for any IP with an abuse address on that list. (In "expert" > mode the SpamCop user could manually modify the list.) Something very much like that is currently being developed - it's the "mailhosts" thing being discussed in this group and the web forums. > -Provide the reported IP and abuse address for mole reports. The > statement "/dev/null'ing report for mole@devnull.spamcop.net" is > useless. A statement like: "Mole report issued for x.x.x.x. Would have > sent report to foo.bar.invalid, who.me.invalid." would be useful. That one has already gone into the virtual suggestion box. Dunno if/when it might happen... > -Refuse to add an IP to the scbl unless that IP's reporting address had > been sent (say) 2 reports for that IP in the last 15 days. This would > give the owners of these IPs some warning, while not allowing massive > listwashing. There could even be a sort of "prefer to be a mole" munging > setting for the SpamCop reporter. This setting would cause SpamCop to > send a report only if the current number of reports for that IP was > insufficient, while otherwise treating the reporter as a mole. Such > setting might be the default for new users. Mole reporting is already the default for new users. With increasing numbers of mole reporters, I don't think that would be a practical solution. The idea of sending notifications of mole/spamtrap "reports" to ISPs on an opt-in basis has been discussed, and I'm under the impression that it will happen at some point... > I get the impression that TPTB consider them either not sufficiently > interesting, not sufficiently challenging, or not sufficiently elegant. I don't think any of those are the reasons - tailoring things to individual users was something that TPTB (i.e. Julian) had, from my understanding, pretty much decided to do at least 8 months ago. The delay, I think, is between deciding to do something, and actually implementing it. -- Michael From MikeE at ster.invalid Fri Apr 2 06:21:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 09:25:25 2004 Subject: [SpamCop-List] Re: What does this reply mean and why did I receive it? References: Message-ID: sally wrote: Subject: What does this reply mean and why did I receive it? That's an 'acknowledgement' of a SC report. You received a spam 'Fight for your self esteem' which was sourced an open proxy at a South Africa uunet and you spamcop reported it report #845211386 which went to abuse@za.uu.net & abuse@uunet.co.za with the standard evidence and tracker. That item came to be in the hands of Ridwaan Roberts noc at .za uunet who emailed acknowledgement back to the report# addy which the spamcop 'system' sent on to you. The 'content' of his mail consisted of the content of the report mail with added "Hi One of yours Best regards" plus a disclaimer and a sig. You've pasted here the message source of that, consisting of spamcop to you headers plus the body of Ridwaan's mail containing what is described above. -- Mike Easter kibitzer, not SC admin From anjeana at hotmail.com Fri Apr 2 08:23:04 2004 From: anjeana at hotmail.com (adfdsa) Date: Fri Apr 2 09:25:48 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: > Spamcop is very useful, at least I find it so. It allows me to parse highly > obfuscated spam, with forged header segments, and determine who it should be > reported to. > > It's not Spamcop's fault that it can't provide you (based on the headers of > the spam we report via it) with information that IS NOT IN said headers. > You are asking for something that just isn't within the scope of Spamcop's > purpose. It's a reporting tool, NOT a tool for diagnosing which machine (on > the other side of a NAT or other firewall) is spewing spam. There are other > tools out there that monitor open relays and such, it's not Spamcop's job to > duplicate those tools/services. > > The stuff on YOUR SIDE of YOUR NAT is YOUR RESPONSIBILITY not ours. > Nevertheless, several other messages posted above pointed you at other > resources you can use to discover the ports being used by your open > mailserver. So while the answer has not been handed to you on a silver > platter, you HAVE been shown ways you can diagnose what's going on. > > So please, make note of the resources you have been pointed to, and go use > them to resolve this issue, and also I would hope the next time someone sets > up in open relay on your side of your NAT. > You really should read all the posts. Information is what is sought here. NOT sarcasm. As I said in an earlier post, "I was ignorant of what SC's capabilities are, not stupid". But, thanks for the tips. PS: The box in question was disabled as soon as it was located due to the information from 'several other messages posted above'. From michael.spamcop at michaellefevre.com Fri Apr 2 14:27:04 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Fri Apr 2 09:30:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: atf wrote: > Nope sorry, still not getting it. Maybe you can help me with this? From > your posts it sounds like you must really know a lot. I'm not sure if you still need help, or if you're just continuing the argument about the manner of Paul's answer, but just in case: If you are using the free service, then the answer is at: http://www.spamcop.net/fom-serve/cache/231.html (you do need to reregister) If you've paid for the Spamcop service, then you want: http://www.spamcop.net/fom-serve/cache/232.html (which uses the link Paul described in the first message) -- Michael From anjeana at hotmail.com Fri Apr 2 08:29:07 2004 From: anjeana at hotmail.com (adfdsa) Date: Fri Apr 2 09:30:11 2004 Subject: [SpamCop-List] Re: Getting SpamCop complaints on a box behind a NAT References: Message-ID: "Mike Easter" wrote in message news:c4hg2v$6vd$1@news.spamcop.net... > adfdsa wrote: > > If you take the time to fully read the post that I responded to, the > > sarcasm is a fact not accusational. > > You're talking about my post. It's just plain ol' vanilla blunt, > non-apologetic me. That's the way I talk. No sugar-coating. Sarcasm > is "mocking: characterized by words that mean the opposite of what they > seem to say and make fun of something or somebody or express irritation" > whereas blunt is "frank or honest without sensitivity: very frank or > straightforward and showing no delicacy or consideration" > > Blunt would be me. I don't see any sarcasm whatsoever in that post you > cited. > > > -- > Mike Easter > Explanation accepted. I can see that I can expect 'the truth and only the truth' from you. Now that, hopefully, this is out of the way. I look forward to utilizing resources that I was not aware of until now. From MikeE at ster.invalid Fri Apr 2 06:32:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 09:35:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: Message-ID: atf wrote: > Is there a way to change my address with Spamcop, or is it easier to > simply re-register? Click on the link below, and read everything on that page. Also read everything on the pages that are linked from that page. http://www.spamcop.net/anonsignup.shtml Getting Started READ THIS You may re-run this free authorization whenever you need to. If you do, any previous authorization information associated with your email address will be deleted. Oh, well, go ahead and read all of the links on this page too. http://www.spamcop.net/ -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 2 15:24:12 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 10:25:03 2004 Subject: [SpamCop-List] Re: [OT] Google your email - without spam References: <87fzbnju3y.fsf@ursine.ca> Message-ID: Firewoman (nobody@spamcop.net) wrote in news:c4jq2v$tpe$1@news.spamcop.net: > I like the Bork version myself, makes my searches much more > interesting :) http://www.google.com/intl/xx-bork/ > > Um gesh dee bork, bork! And it gets *really* interesting when you follow the "Lungooege-a Tuuls" link ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 2 15:34:07 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 10:35:02 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4jt7o$1un$1@news.spamcop.net: > If you've paid for the Spamcop service, then you want: > http://www.spamcop.net/fom-serve/cache/232.html (which uses the link > Paul described in the first message) I have a paid reporting account. The URL Paul gave: http://www.spamcop.net/mcgi?action=prefmenu doesn't work for me either. The URL you give: http://www.spamcop.net/fom-serve/cache/232.html works for me but it _doesn't_ link to Paul's URL. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Fri Apr 2 07:50:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 10:55:02 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: > The URL Paul gave: > http://www.spamcop.net/mcgi?action=prefmenu > doesn't work for me either. I'm wondering if what Paul gave is a 'derivative' of http://members.spamcop.net/mcgi?action=prefmenu That is, if one takes that link and 'dis-members' it into a www. - or perhaps if one had some kind of cookie enabled they wouldn't get a "Authorization failure, no username provided by server" at the www link. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 2 10:56:42 2004 From: nobody at spamcop.net (Firewoman) Date: Fri Apr 2 11:00:07 2004 Subject: [SpamCop-List] Re: [OT] Google your email - without spam References: <87fzbnju3y.fsf@ursine.ca> Message-ID: "Marjolein Katsma" wrote in message news:Xns94BFB109C2493homesitehelp@216.154.195.61... > And it gets *really* interesting when you follow the "Lungooege-a Tuuls" > link ;-) > > > -- > Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ I didn't know they had a special google just for Jersey!! Still waiting for the Texas Google.... From caroljean52 at yahoo.com Fri Apr 2 08:09:37 2004 From: caroljean52 at yahoo.com (caroljean52) Date: Fri Apr 2 11:10:03 2004 Subject: [SpamCop-List] (media) Spammer Convicted - was Re: Spammer Caught and Jailed! References: Message-ID: "Firewoman" wrote: > Oh happy day > http://www.buffalonews.com/editorial/20040401/1048828.asp Another article on this: 'Buffalo Spammer' Convicted http://yahoo.pcworld.com/yahoo/article/0,aid,115503,00.asp "A man accused of using EarthLink e-mail accounts to release a flood of spam has been convicted on charges of identity theft and falsifying business records... "The New York case against Carmack was the first to use a new state identity-theft law that makes identity theft a misdemeanor, says Brad Maione, a spokesperson for the attorney general's office. Previously, identity theft was not a crime, he says. "The charges of falsifying business records stem from Carmack changing e-mail header information to create forged sender addresses for the spam messages." From michael.spamcop at michaellefevre.com Fri Apr 2 16:13:55 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Fri Apr 2 11:15:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: [snip] > I have a paid reporting account. > > The URL Paul gave: > http://www.spamcop.net/mcgi?action=prefmenu > doesn't work for me either. > > The URL you give: > http://www.spamcop.net/fom-serve/cache/232.html > works for me but it _doesn't_ link to Paul's URL. Ah yes - the first one will only work if you're logged in already, with cookies. I would imagine that, given that you're not hugely keen on using cookies for authentication, you don't have them. so Paul's answer was correct only in the case of paying members using cookies... -- Michael From tmcgraw at spamcop.net Fri Apr 2 08:14:01 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 2 11:15:11 2004 Subject: [SpamCop-List] Re: Freespeechstore threatens SC? References: Message-ID: <406D9149.4060904@spamcop.net> WindsorFox[SS] wrote: > Skiwi wrote: > >> >> This is guy is a loon! >> >> http://www.interocitor.net/freespeechstore.html > > Looks like some 14 yo kid who needs to have his AOL privileges removed > by mommy or daddy. He's been on AOL for years. For some reason they won't touch him. Incriminating pictures of Steve Case, perhaps...? From tmcgraw at spamcop.net Fri Apr 2 08:15:48 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 2 11:20:02 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406CEB85.7090003@spamcop.net> Message-ID: <406D91B4.1040208@spamcop.net> Satch wrote: > On Thu, 01 Apr 2004 20:26:45 -0800, Tim McGraw is alleged to have said: > >>Your claim seems to be that sc never sent the reports. >> >>[Contacting mail.satchell.net [208.170.252.115]...] >>[Connected] >>220 ssatchell1.pyramid.net ESMTP Postfix >>HELO hexillion.com >>250 ssatchell1.pyramid.net >>VRFY abuse >>502 VRFY command is disabled >> >>...so, who knows? > > Did you check at abuse.net? Yes. Just because an addy is listed at abuse.net doesn't mean someone reads and acts on abuse reports, ie comcast and hundreds of other poorly managed networks. From jseymour at spamcop.net Fri Apr 2 08:19:08 2004 From: jseymour at spamcop.net (Jim Seymour) Date: Fri Apr 2 11:20:13 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! In-Reply-To: References: Message-ID: Mr. Wright wrote: > I use Outlook 2003. [...] Ah... Please tell me you're using OE to access this newsgroup. Because the headers of your posts show "Microsoft Outlook Express 6.00.2800.1158" on the X-Newsreader line. -- Jim Seymour. I do not work for Spamcop, I did not write pflogsumm, and I never wrote for PC Magazine. From tdy at blackhole.aosake.net Fri Apr 2 09:04:19 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Fri Apr 2 12:05:20 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: In article , nobody@devnull.spamcop.net says... > Nope sorry, still not getting it. Maybe you can help me with this? From > your posts it sounds like you must really know a lot. Your exchange with Paul is confusing because you and he are using different styles of posting and quoting. He appears to be a stubborn bottom poster, who doesn't gladly suffer whom he thinks of as fools. You appear to be an equally stubborn top poster/full quoter. Since neither seems willing to adjust to the others style, the whole effect is, well; damned hard reading. Japanese is ten times easier! -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.aosake.net Fri Apr 2 09:09:01 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Fri Apr 2 12:10:03 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: In article , jseymour@spamcop.net says... > Mr. Wright wrote: > > I use Outlook 2003. [...] > Ah... Please tell me you're using OE to access this newsgroup. > Because the headers of your posts show "Microsoft Outlook Express > 6.00.2800.1158" on the X-Newsreader line. Those versions of MS Outlook with the capability to access news groups do it by invoking MS Outlook Express, in some weird way. And some people just bounce between Outlook for mail and Outlook Express for news, same as I bounce between Pegasus Mail for email and Gravity for news. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From usenet1 at DE.LETE.THISljvideo.com Fri Apr 2 17:25:42 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Fri Apr 2 12:30:03 2004 Subject: [SpamCop-List] Re: MEDIA: FDA OVERWHELMED BY VOLUME OF ILLEGAL Rx DRUGS SENT THROUGH MAIL References: <04vp6098rgrm7nv4t3rp7858s8eo3tle7j@4ax.com> Message-ID: Waiving the right to remain silent, Tom said: > Seriously, the rising costs of medication in the U.S. are a real > problem to the elderly who live on fixed incomes. There are plenty of legitimate ways to save on the cost of medicines. Anyone who gives their money to Subject: !!!MEDS!!! xxuuuygh-mknnnit34 /////// 49449589576GHJ From: slop.quarry455567@iwonttell.net.ro and a web site in China deserves to be scammed. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From Kilgallen at SpamCop.net Fri Apr 2 12:19:47 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Apr 2 13:20:16 2004 Subject: [SpamCop-List] Re: MEDIA: FDA OVERWHELMED BY VOLUME OF ILLEGAL Rx DRUGS SENT THROUGH MAIL References: <04vp6098rgrm7nv4t3rp7858s8eo3tle7j@4ax.com> Message-ID: In article , Larry Jandro writes: > Waiving the right to remain silent, Tom said: > >> Seriously, the rising costs of medication in the U.S. are a real >> problem to the elderly who live on fixed incomes. > > There are plenty of legitimate ways to save on the cost of medicines. > > Anyone who gives their money to > > Subject: !!!MEDS!!! xxuuuygh-mknnnit34 /////// 49449589576GHJ > From: slop.quarry455567@iwonttell.net.ro > > and a web site in China deserves to be scammed. ...which in no way detracts from the fact that the spammer should be punished, of course. From sean at tcob1.net Fri Apr 2 18:46:03 2004 From: sean at tcob1.net (Sean Rima) Date: Fri Apr 2 14:00:23 2004 Subject: [SpamCop-List] Problem using cookie login with Firefox Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use Firefox as my browser and find that I cannot goto another spam to report, ie Firefox doesn't stay logged in. If there a cure for this. Sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This key has an expiry date iD8DBQFAbabaXjH8pRIKAvsRApAgAJ0cxJf5at1jSQfxomjNPmpy87DUwgCgsju8 zFR3PeD2zeb5j7/xJfLyDFk= =W06P -----END PGP SIGNATURE----- From sean at tcob1.net Fri Apr 2 19:54:18 2004 From: sean at tcob1.net (Sean Rima) Date: Fri Apr 2 14:00:49 2004 Subject: [SpamCop-List] Re: Problem using cookie login with Firefox In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sean Rima wrote: | I use Firefox as my browser and find that I cannot goto another spam to | report, ie Firefox doesn't stay logged in. If there a cure for this. | | Sean Ignore sorted :) Sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: This key has an expiry date iD8DBQFAbbbaXjH8pRIKAvsRAuEsAJsFunRxtlz5cKUR6VKdwZW9yi7jKwCeMZUq lDm0KYkQMDnd/hP7p6teAZI= =u6Ax -----END PGP SIGNATURE----- From nobody at spamcop.net Fri Apr 2 14:30:33 2004 From: nobody at spamcop.net (Spam Pop) Date: Fri Apr 2 14:35:06 2004 Subject: [SpamCop-List] X-10 success story - Message-ID: While I was at the buffalonews.com site reading the jailed spammer article, I noticed zedo.com trying to barrage me with cookies, besides buffalo.com and buffalo.someting else, in blocks of 6 sends each, so just for the heck of it I decided to visit zedo (safely), and see what they looked like, just for grins. On the bottom of the opening page there are some "interesting" links about Inforspace, Hotwire, and Wired, so I chose one to see why those names, of all the names around, would be fiddling with what was pretty obviously a spam server. I had my appetite satisfied with the first link I clicked the Wired link and came to: http://www.zedo.com/zedo/company/press/20020610-wired.jsp I read a para or two until I got bored, skimmed a couple more, and left, then thought youi guys might like a short look into the spammer's havens. I imagine the other name links are just as "interesting". If nothing else, it is an interesting read. I wonder of X-10 still thinks so well of them ;-) Probably some truth in it though. Regards Pop From nospam-news at johannsen.us Fri Apr 2 11:44:43 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Fri Apr 2 14:45:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: I cut and pasted the message source EXACTLY from the message source window in Outlook Express... Eric "Mike Easter" wrote in message news:c4if2o$cst$1@news.spamcop.net... > Mike Easter wrote: > > Eric Johannsen wrote: > >> Why would I see something different when following the link below > >> than originally when I submitted the spam report? > > > > Yours is 'full of' empty lines which the parser cannot abide in the > > header. I don't know how they got there. > > And I took them out and 'remodeled' the original spam so that it would > be acceptable. > > -- > Mike Easter > kibitzer, not SC admin > From baloo at ursine.ca Fri Apr 2 11:31:22 2004 From: baloo at ursine.ca (Paul Johnson) Date: Fri Apr 2 14:50:04 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: <87llle41o5.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 N. Miller writes: > In article , nobody@devnull.spamcop.net > says... > >> Nope sorry, still not getting it. Maybe you can help me with this? From >> your posts it sounds like you must really know a lot. > > Your exchange with Paul is confusing because you and he are using different > styles of posting and quoting. He appears to be a stubborn bottom poster, > who doesn't gladly suffer whom he thinks of as fools. You appear to be an > equally stubborn top poster/full quoter. Since neither seems willing to > adjust to the others style, the whole effect is, well; damned hard reading. > Japanese is ten times easier! Unlike him, I understand that English is read from top down and not in the random order he's trying to produce. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbb+KUzgNqloQMwcRAn+SAKDLVUZ3kjrSp3gFIMagTAzjVvdrtgCfSKaC t4xvNQhY0hf21ZnQpOrSQkc= =xc72 -----END PGP SIGNATURE----- From tmcgraw at spamcop.net Fri Apr 2 11:57:11 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 2 15:00:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: <406DC597.6060504@spamcop.net> N. Miller wrote: > In article , nobody@devnull.spamcop.net > says... > >>Nope sorry, still not getting it. Maybe you can help me with this? From >>your posts it sounds like you must really know a lot. > > > Your exchange with Paul is confusing because you and he are using different > styles of posting and quoting. He appears to be a stubborn bottom poster, > who doesn't gladly suffer whom he thinks of as fools. You appear to be an > equally stubborn top poster/full quoter. Since neither seems willing to > adjust to the others style, the whole effect is, well; damned hard reading. > Japanese is ten times easier! Those of us who follow widely accepted posting conventions *could* be called stubborn in the same way I suppose I could be called a "stubborn anti-spammer." From MikeE at ster.invalid Fri Apr 2 12:55:29 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 16:00:42 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Eric Johannsen wrote: > I cut and pasted the message source EXACTLY from the message source > window in Outlook Express... That's the way I do it all the time. I've never received headers 'spaced out' like that popping from my provider. One would expect mail to be following a standard format in the smtp transaction 'game' and OE does a good job of saving the 'smtp mime' as I call it in the standard form it was received. The spamcop faq shows an example of what "everyone's" headers look like at -- What do you mean by "full headers"? -- http://www.spamcop.net/fom-serve/cache/17.html Notice that each header element, Received: From: Date: Content-Type etc begins the line; they aren't 'run together'; also there are no empty lines between the elements. What you posted doesn't look like that at all. Since I'm not 'looking over your shoulder' while you copy and paste from your Outlook Express, I can't say, "You're right. It's all spaced out." I can only say I've never seen it in mine, but it is very common for the 'handling' of items which are copied and pasted and 'massaged' by the newsgroup posting and wrapping to change the character. As I sed, I don't have answer. I just know that the parser won't parse stuff that looks like that. -- Mike Easter kibitzer, not SC admin From bonni at cartoonjazz.com Fri Apr 2 16:14:57 2004 From: bonni at cartoonjazz.com (Bonni Clark) Date: Fri Apr 2 16:10:02 2004 Subject: [SpamCop-List] SPAM...Internet Marketing Solutions References: Message-ID: Anyone know how to contact them?? Or get rid of them?? Nothing works. Not even spam cop... sigh.. I got 5 spam from them today... "Mike Easter" wrote in message news:c4eprm$uqo$1@news.spamcop.net... > Bonni Clark wrote: > > I tried to "opt-out" of the mailings, but the hyperlinks do not work. > > I even tried to reply to the emails, but the mailboxes are all full. > > Don't be doing that. Many spammers 'pay attention' to the feedback they > get from the following: > > -1- People who open their spam insecurely > -2- People who 'believe' their spam by using the remove function > -3- People who belive their spam by clicking on the 'interested' link > > > I even tried to find a phone number or website to contact them, but > > no suck luck. > > > > Is anyone else receiving TONS of spam from this company?? > > I see a very recent sightings with this 'classical' spammer disclaimer: > > This mailing has been performed by Internet Marketing Solutions, 1719 > University Avenue, Bronx NY 10453 USA, in compliance with the CAN-SPAM > Act of 2003; approved and signed by the president of The United States > of America on Dec. 16, 2003. For this reason, this email cannot be > considered SPAM. > > If you are opening your spam and reading it and believing it, you are > going to be in a lot of 'spam trouble'. > > I recommend that you not open any spam, and certainly not insecurely, > and certainly don't believe it and click on its links or correspondence. > > -- > Mike Easter > From MikeE at ster.invalid Fri Apr 2 13:11:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 16:15:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Mike Easter wrote: > Notice that each header element, Received: From: Date: Content-Type > etc begins the line; they aren't 'run together'; also there are no > empty lines between the elements. What you posted doesn't look like > that at all. Forget about empty lines. I had something else on my mind. Yours doesn't have empty lines, it has elements run together.. > "You're right. It's all > spaced out." Forget about spaced out. Run together, not spaced out. And in the case of #1, it has header elements and body elements all mixed together. I think it might be being caused by your mail provider screwing it up before it gets to your OE. That would be spamcop. I'm not clear on how you get your mail. It looks like you have a spamcop.net address, but since you are using OE you must be popping your mail from spamcop. Is that it? I don't know much about spamcop mail, so I may be running out of gas here on giving advice. I just know those headers are screwed up, and it isn't likely that OE is screwing them up, so it must be spamcop. -- Mike Easter kibitzer, not SC admin From mythosmanor at hotmail.com Fri Apr 2 13:11:27 2004 From: mythosmanor at hotmail.com (Chuck) Date: Fri Apr 2 16:15:08 2004 Subject: [SpamCop-List] Re: Spammer Caught and Jailed! References: Message-ID: "Ramba Zamba" wrote in message news:c4kj54$r7v$1@news.spamcop.net... > Firewoman wrote: > > Oh happy day > > > > http://www.buffalonews.com/editorial/20040401/1048828.asp > > 4/1/2004 Nope, this is an on-going case.. I don't think this is April 1 prank.. http://www.buffalonews.com/editorial/20040331/1015965.asp http://www.buffalonews.com/editorial/20040330/1015409.asp From MikeE at ster.invalid Fri Apr 2 13:20:40 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 16:25:03 2004 Subject: [SpamCop-List] Re: SPAM...Internet Marketing Solutions References: Message-ID: Bonni Clark wrote: > "Mike Easter" >> Bonni Clark wrote: >>> I even tried to find a phone number or website to contact them, but >>> no suck luck. >> I see a very recent sightings with this 'classical' spammer >> disclaimer: >> >> This mailing has been performed by Internet Marketing Solutions > Anyone know how to contact them?? Or get rid of them?? > > Nothing works. Not even spam cop... > > sigh.. I got 5 spam from them today... You're not following what I'm saying. Altho' this might not be true, play like.... There is no such thing as Internet Marketing Solutions. All spammers lie. This spammer-speak is 'pretending' that this is a legitimate mailing from a legitimate company and it isn't spam. It is spam. The spammer lies. It isn't a legitimate company, or even if it were, the spammer still lies. It wouldn't matter if it said "I'm going to keep spamming you to death and there's nothing you can do about it. Nyah nyah nyah." Or, if it said, "This is the last mail you will receive from us." It is all lies. Do not believe them. You may continue to report, but do not expect or be disappointed if your continued reporting seems to have no effect on your continuing receipt of spam; even spam with the same content. And don't be reading it or responding to it. -- Mike Easter kibitzer, not SC admin From dkona7b02 at sneakemail.com Fri Apr 2 16:26:32 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Fri Apr 2 16:26:36 2004 Subject: [SpamCop-List] Re: Spammer Caught and Jailed! In-Reply-To: References: Message-ID: <3.0.5.32.20040402162632.00fe8c38@loki.fstrf.org> First, let me apologize on behalf of myself and my fellow Buffalonians for hosting this scumbag SPAMmer in our fine city. Yes, this is a real case and yes, the bastard is going to jail! No joking he is going to see some serious jail time!!! I hope this lesson will be repeated more and more often in the coming months. Would love to see Florida's Attorney General grow a set as big as NY's Elliott Spitzer... :) At 01:11 PM 4/2/2004 -0800, Chuck typed: > >"Ramba Zamba" wrote >> Firewoman wrote: >> > Oh happy day >> > >> > http://www.buffalonews.com/editorial/20040401/1048828.asp >> >> 4/1/2004 > >Nope, this is an on-going case.. I don't think this is April 1 prank.. > >http://www.buffalonews.com/editorial/20040331/1015965.asp > >http://www.buffalonews.com/editorial/20040330/1015409.asp From nobody at spamcop.net Fri Apr 2 21:53:42 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 16:55:03 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: Spam Pop (nobody@spamcop.net) wrote in news:c4kf0n$nb3$1 @news.spamcop.net: > http://www.zedo.com/zedo/company/press/20020610-wired.jsp "Thanks to a savage online-advertising downturn, a few choice deals won X10 blanket coverage.It managed to do what was once unimaginable - it bought the Internet.You can run, but you can't hide from those cheesy spycam offers." ??? I've never seen any of that - what's to "run from" or "hide from"? "X10's ads open in a separate window, requiring you to take note at least long enough to close them." Oh. If you _allow_ them to open a separate window, of course. But why would you? Sounds like author Chris Anderson has never used a decent browser - or even an undecent browser with a decent popup stopper. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 2 21:58:26 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 17:00:05 2004 Subject: [SpamCop-List] Re: Problem using cookie login with Firefox References: Message-ID: Sean Rima (sean@tcob1.net) wrote in news:c4kcsq$87d$1@home.tcob1.net: > Sean Rima wrote: >| I use Firefox as my browser and find that I cannot goto another spam >| to report, ie Firefox doesn't stay logged in. If there a cure for >| this. >| >| Sean > Ignore sorted :) Do you mean: "Ignore previous message because it's sorted" or "Ignore other 'sorted' messsage" because it isn't? And, in case it _is_ sorted, what was the problem and how was it solved? That might be helpful for others with (possibly) the same problem... And in case it isn't sorted - what did you try that was unsuccessful? That might be helplful for others trying to help you. Sometimes full sentences can enhance communication. ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 2 21:59:15 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 17:00:12 2004 Subject: [SpamCop-List] Re: Spammer Caught and Jailed! References: Message-ID: Ramba Zamba (spambox555@nurfuerspam.de) wrote in news:c4kj54$r7v$1 @news.spamcop.net: >> http://www.buffalonews.com/editorial/20040401/1048828.asp > > 4/1/2004 ISO date format is easier and less ambiguous :) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From skiwi+newsgroups at spamcop.net Fri Apr 2 14:01:30 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Fri Apr 2 17:05:04 2004 Subject: [SpamCop-List] How many comments can you make? :-) Message-ID: http://www.surveymonkey.com/s.asp?u=19160428882 Bring out all those complements, complaints, suggestions, peeves, etc - we got ourselves a survey to take! :-) (cookies though, grrrr....) From nobody at spamcop.net Fri Apr 2 22:04:56 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 17:05:13 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4k3g3$877$1@news.spamcop.net: > so Paul's answer was correct only in the case of paying members using > cookies... Ah. Which I'm not. It seems particularly hard these days to refer to a particular SpamCop URL that's operational for all readers though - I'd suggest that needs fixing. A single reference should work for all. As it is now, you'd have different URLs for: - free reporting users - paid reporting users using normal login - paid reporting users using cookie login - mail system users (and maybe more...) That isn't conducive to sharing information on the SpamCop site. Especially since so much of SpamCop support depends on user-to-user help, it would help us help each other if SpamCop would not make it so hard to refer to information in the site! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From bonni at cartoonjazz.com Fri Apr 2 17:21:33 2004 From: bonni at cartoonjazz.com (Bonni Clark) Date: Fri Apr 2 17:20:03 2004 Subject: [SpamCop-List] Re: SPAM...Internet Marketing Solutions References: Message-ID: Aah got it!!! Now I think I understand... so basically, just report it (without opening it, of course) and then delete it?? "Mike Easter" wrote in message news:c4klfa$u4s$1@news.spamcop.net... > Bonni Clark wrote: > > "Mike Easter" > >> Bonni Clark wrote: > >>> I even tried to find a phone number or website to contact them, but > >>> no suck luck. > > >> I see a very recent sightings with this 'classical' spammer > >> disclaimer: > >> > >> This mailing has been performed by Internet Marketing Solutions > > > Anyone know how to contact them?? Or get rid of them?? > > > > Nothing works. Not even spam cop... > > > > sigh.. I got 5 spam from them today... > > You're not following what I'm saying. Altho' this might not be true, > play like.... > > There is no such thing as Internet Marketing Solutions. > > All spammers lie. This spammer-speak is 'pretending' that this is a > legitimate mailing from a legitimate company and it isn't spam. It is > spam. The spammer lies. It isn't a legitimate company, or even if it > were, the spammer still lies. It wouldn't matter if it said "I'm going > to keep spamming you to death and there's nothing you can do about it. > Nyah nyah nyah." Or, if it said, "This is the last mail you will > receive from us." > > It is all lies. Do not believe them. You may continue to report, but > do not expect or be disappointed if your continued reporting seems to > have no effect on your continuing receipt of spam; even spam with the > same content. > > And don't be reading it or responding to it. > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Fri Apr 2 14:27:09 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 17:30:11 2004 Subject: [SpamCop-List] Re: SPAM...Internet Marketing Solutions References: Message-ID: Bonni Clark wrote: > "Mike Easter" >> All spammers lie. > Aah got it!!! > > Now I think I understand... > > so basically, just report it (without opening it, of course) and then > delete it?? Yes indeedy. You'll find it much more efficient, less frustrating, and less 'dangerous' if there's anything suboptimal about your mail handling configuration. Because of configurations, spam openers or previewers get more spam than those who don't. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 2 14:28:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 17:30:19 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: > A single reference should work for all. > - free reporting users That one will do it. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 2 22:31:20 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 2 17:35:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4knrq$1b0$1 @news.spamcop.net: > http://www.surveymonkey.com/s.asp?u=19160428882 "You Must Enable Cookies..." and it goes on to list a longish list of browsers none of which I use. (Not that I don't know how to enable cookies, I just won't.) What's it about then? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From skiwi+newsgroups at spamcop.net Fri Apr 2 14:48:55 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Fri Apr 2 17:50:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4knrq$1b0$1 > @news.spamcop.net: > > >>http://www.surveymonkey.com/s.asp?u=19160428882 > > > "You Must Enable Cookies..." and it goes on to list a longish list of > browsers none of which I use. (Not that I don't know how to enable > cookies, I just won't.) > > What's it about then? From the mailsc.spamcop.net page, Julian (?) posted in the News area: Help improve SpamCop Take our two minute survey to tell us about you and what we should do to improve the usefulness of the service. Take the survey (Hosted off-site at surveymonkey.com) The 'take the survey' is the link above, and they ask questions, and better yet allow for textual comments, suggestions, etc... wonder how many times 'Cyveillance' and the online help forum 'interface' will get mentioned in those boxes?!? :-) From me at privacy.net Fri Apr 2 19:47:12 2004 From: me at privacy.net (Frog Prince) Date: Fri Apr 2 19:50:11 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: "Skiwi" | Bring out all those complements, complaints, suggestions, peeves, etc - | we got ourselves a survey to take! :-) (cookies though, grrrr....) I don't usually accept cookies but acceded for this application in an attempt to be helpful. Found the requirement to answer *all* questions regardless if they applied to my case as typical of useless surveys. (I don't care if the data is useful/accurate/representative I want it all or else.) AKA GIGO garbage in garbage out. I backed out and dumped the cookie. Still curious just what does the cookie have to do with the data desired? From skiwi+newsgroups at spamcop.net Fri Apr 2 16:59:47 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Fri Apr 2 20:00:04 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) In-Reply-To: References: Message-ID: Frog Prince wrote: > "Skiwi" > > | Bring out all those complements, complaints, suggestions, peeves, etc - > | we got ourselves a survey to take! :-) (cookies though, grrrr....) [snip] > Still curious just what does the cookie have to do with the data desired? simplistic approach to try to stop you 'voting' twice? From me at privacy.net Fri Apr 2 20:10:17 2004 From: me at privacy.net (Frog Prince) Date: Fri Apr 2 20:20:08 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: "Skiwi" | > | Bring out all those complements, complaints, suggestions, peeves, etc - | > | we got ourselves a survey to take! :-) (cookies though, grrrr....) | | [snip] | | > Still curious just what does the cookie have to do with the data desired? | | simplistic approach to try to stop you 'voting' twice? Anyone *really* think that will work especially with this group? From nobody at spamcop.net Fri Apr 2 20:33:17 2004 From: nobody at spamcop.net (Miss Betsy) Date: Fri Apr 2 20:30:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> <406C3EC9.2010907@spamcop.net> Message-ID: "elind" wrote in message news:c4in2e$khc$1@news.spamcop.net... > Well so much for that. > > I asked a few questions that were obviously not very technically interesting > to those who might know more, and I got no relevant answers, except for this > kind of everyday newsgroup banter. > > So it goes. > I gave you very specific answers. And so it goes... Miss Betsy From Barbara_Yoon at att.com Fri Apr 2 22:33:42 2004 From: Barbara_Yoon at att.com (Barbara Yoon) Date: Fri Apr 2 22:35:23 2004 Subject: [SpamCop-List] spam problem worsening... Message-ID: My e-mail spam problem is worsening -- I now get about 50 to 100 e-mails every day, of which more than 95% are spam... How do anti-spam programs work? Are there any good ones that don't require a lot of work by the user (such as having to create a "white list," or such), and that are free? And if somebody is kind enough to provide such a program, how can I be sure it's not really a 'dirty trick' by some spammer?! From MikeE at ster.invalid Fri Apr 2 19:49:11 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 2 22:50:04 2004 Subject: [SpamCop-List] Re: spam problem worsening... References: Message-ID: Barbara Yoon wrote: > My e-mail spam problem is worsening -- I now get about 50 to 100 > e-mails every day, of which more than 95% are spam... How do > anti-spam programs work? Let's use the example of Outlook Express mailuser agent, and SpamPal as a transparent proxy. You configure to get your mail from the SpamPal proxy and SpamPal gets your mail from your provider. It uses its filters to tag your spam so that OE's message rule sorts it all into its own folder. SpamPal's filtering discrimination is very powerful and configurable. OE's 'natural' message rules are very weak and not very configurable. > Are there any good ones that don't require > a lot of work by the user (such as having to create a "white list," > or such), and that are free? Some configuration is essential for a variety of reasons. SpamPal's documentation and support is excellent. Another alternative is to use a service such as SpamCop to filter your mail. It isn't free, but it is reasonable, and lends itself to reporting. You might consider it simpler than using the SpamPal filter. > And if somebody is kind enough to > provide such a program, how can I be sure it's not really a 'dirty > trick' by some spammer?! There are a lot of happy users out there to vouch for SpamPal and some other popular filters. There are also some 'bad guy' filters whose negative features get discussed in groups like alt.spam. -- Mike Easter kibitzer, not SC admin From Barbara_Yoon at att.com Fri Apr 2 22:56:22 2004 From: Barbara_Yoon at att.com (Barbara Yoon) Date: Fri Apr 2 23:00:03 2004 Subject: [SpamCop-List] Re: spam problem worsening... References: Message-ID: >> My e-mail spam problem is worsening -- I now get about 50 to 100 >> e-mails every day, of which more than 95% are spam... How do >> anti-spam programs work? "Mike Easter": > Let's use the example of Outlook Express mailuser agent, and SpamPal > as a transparent proxy. You configure to get your mail from the SpamPal > proxy and SpamPal gets your mail from your provider. It uses its filters > to tag your spam so that OE's message rule sorts it all into its own folder. > SpamPal's filtering discrimination is very powerful and configurable. > OE's 'natural' message rules are very weak and not very configurable. Thanks, Mike.....and I have seen first-hand how ineffective OE is...!! >> Are there any good ones that don't require a lot of work by the user >> (such as having to create a "white list," or such), and that are free? > Some configuration is essential for a variety of reasons. SpamPal's > documentation and support is excellent. Another alternative is to use > a service such as SpamCop to filter your mail. It isn't free, but it is > reasonable, and lends itself to reporting. You might consider it > simpler than using the SpamPal filter. >> And if somebody is kind enough to provide such a program, how >> can I be sure it's not really a 'dirty trick' by some spammer?! > There are a lot of happy users out there to vouch for SpamPal and > some other popular filters. There are also some 'bad guy' filters > whose negative features get discussed in groups like alt.spam. From spam at mrwright.com Fri Apr 2 21:29:39 2004 From: spam at mrwright.com (Mr. Wright) Date: Fri Apr 2 23:30:04 2004 Subject: [SpamCop-List] Re: E-mail Validation in the E-mail...Big Problem! References: Message-ID: > Ah... Please tell me you're using OE to access this newsgroup. > Because the headers of your posts show "Microsoft Outlook Express > 6.00.2800.1158" on the X-Newsreader line. Like N. Miller suggested, I use both. Mr. Wright From spambots at eatthis.com Fri Apr 2 23:54:59 2004 From: spambots at eatthis.com (marc) Date: Fri Apr 2 23:55:02 2004 Subject: [SpamCop-List] Re: Spammer Caught and Jailed! References: Message-ID: "Firewoman" wrote in message news:c4jpkk$tc2$1@news.spamcop.net... > Oh happy day > > http://www.buffalonews.com/editorial/20040401/1048828.asp > Notice that the guy is supposed to have been making a stunning $60K ~ $70K a year............ This is what kills me; the occasional Ralskys etc aside, most spammers probably don't make a whole lot of money. Spamming costs US businesses and consumers several billion dollars a year in hogging internet & email capacity, lost productivity, extra IT staff to handle the stuff, extra software, etc. All this damage, and for what? The average payoff to the average spammer might boost their income to that of department store manager for a year or two. From spambots at eatthis.com Sat Apr 3 00:02:10 2004 From: spambots at eatthis.com (marc) Date: Sat Apr 3 00:05:02 2004 Subject: [SpamCop-List] Re: [media] Google your email - without spam References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94BECDCDED881homesitehelp@216.154.195.61... > Google is planning a free email service - with gobs of storage for each > and the facility to search your mail to find back what you remember. Paid > for with Google text ads (targeted to the user) there will likely also be > an anti-spam feature by letting people report back what is spam. I like this anti-spam method; let the recipients tell the ISP what is spam. It seems to work very well nowadays for Yahoo Mail and even wonder of wonders for Hotmail. Yahoo Mail has one of the largest email systems in the world, and they make reporting spam very easy -- each message has a little "spam" button at the top that you can click if you thnk that is what you've got. I am not sure what happens next (would be interesting to find out) but I imagine with a base of several million email customers, a spammer gets picked up pretty quick. No need to devise more sophisticated spam filters, the users just "vote" on what they consider spam, and the first few dozen recipients filter out the spam for the remaining thousands. From nobody at spamcop.net Sat Apr 3 06:01:49 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 01:05:10 2004 Subject: [SpamCop-List] Header of the week Message-ID: One (I think one) particular spammer always includes fancy headers in the spam mails. Not just fancy content, but the header "keyword" itself is entirely made up. The one I just saw was particularly funny: teletypesetting-eater: phenomenon afresh traitorous -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 06:05:42 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 01:10:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4kqkn$8sk$1 @news.spamcop.net: > Help improve SpamCop > Take our two minute survey to tell us about you and what we should > do to improve the usefulness of the service. Take the survey > (Hosted off-site at surveymonkey.com) Ah. That sounbds worthwhile enough to temporarily enable cookies for. ;) (I see it now on http://members.spamcop.net/ too; I rarely see that page since I stay logged in for days at a time - until forced to rebot, generally.) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 06:17:15 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 01:20:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: Frog Prince (me@privacy.net) wrote in news:c4l1jb$ns8$1@news.spamcop.net: > Still curious just what does the cookie have to do with the data > desired? Most survey systems use either cookies, or IP logging (or both) to prevent people from "voting" several times, or more frequenltly than a set maximum. So these cookies are probably a standard feauture of the survey system used. When it's purely a matter of "voting" that makes sense - but when it's a matter of gathering opinions (free text entry) less so; but not all polling services allow configuration of whether or not cookies are required. If it's cookies only, it's of course easy enough to remove it, close your browser, and start again; having a number of different browsers around can also help. ;-) So, from a statistics perspective, using cookies to limit "over" voting is unreliable. But the same is true for using an IP address: whole corporations can sit behind a firewall/proxy that exposes a single IP address to the outside world - and one vote from one person would then prevent everyone else in the company from casting their vote. The opposite is true as well: if you have a dial-up with a dynamic IP address, re-dialling would (most liklely) allow you to vote again ... but at the same time prevent someone else who gets the "used" IP address later to vote as well. A more flexible system (not found in many voting apps though) is to _try_ to use cookies, and if the cookie is not accepted, silently use IP logging instead. No system, using either cookies or IP address, or both, is thus perfect; if the poll "taker" has a choice (and configurability in the software used) (s)he can try to choose an optimum, but in interpretation of the results considerable care is still needed. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 06:22:45 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 01:25:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4kper$6ms$1 @news.spamcop.net: >> A single reference should work for all. > >> - free reporting users > > That one will do it. Then why didn't Paul's strategy to *create* such a link work? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 07:13:44 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 02:15:17 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4kqkn$8sk$1@news.spamcop.net: > From the mailsc.spamcop.net page, Julian (?) posted in the News area: > > Help improve SpamCop > Take our two minute survey to tell us about you and what we > should do to improve the usefulness of the service. Take the > survey (Hosted off-site at surveymonkey.com) Done two to get in a reasonable amount of comments (some of which are comments on the questions asked, where I judge them ineffective or incomplete) ... but that took FAR more than two minutes each. ;-) If I think of more, I'll do another one, of course ;-) BTW, did you notice the lack of a mention of the newsgroups? Forums get the lowest score possible, newsgroups the highest - but I had to add that as a comment... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 07:35:05 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 02:40:02 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4knrq$1b0$1 @news.spamcop.net: > http://www.surveymonkey.com/s.asp?u=19160428882 Another observation: the survey not only requires cookies (not really a problem) but requires JavaScript as well. That makes it inaccessible - Julian won't be able to get feedback from our blind or visually impaired fellow spamcoppers. The fact that the code is actually totally invalid won't exactly help with accessibility either (looking at the code, I'm surprised that mess even works in Mozilla!). *) At least it's usable on WebTV (or at any rate the latest version). *) If I ever need an online survey, I now know what *not* to use! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From baloo at ursine.ca Sat Apr 3 00:04:07 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sat Apr 3 03:20:45 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: <87fzbl32tk.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marjolein Katsma writes: > Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4knrq$1b0$1 > @news.spamcop.net: > >> http://www.surveymonkey.com/s.asp?u=19160428882 > > "You Must Enable Cookies..." and it goes on to list a longish list of > browsers none of which I use. (Not that I don't know how to enable > cookies, I just won't.) Two browsers on only one OS and architecture isn't exactly a long list. > What's it about then? Make your browser lie about who it is. In Konqueror, go to Settings, Configure Konqueror, Browser Identification, and set a specific User Agent for that site. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbm/5UzgNqloQMwcRAhbyAJsFixsxhGMn6JZ0oHGEOK0OXe+fDACg36GH EG/j8pambamC4lBKEomDuXU= =WVM8 -----END PGP SIGNATURE----- From baloo at ursine.ca Sat Apr 3 00:12:08 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sat Apr 3 03:21:02 2004 Subject: [SpamCop-List] Re: spam problem worsening... References: Message-ID: <87u1011nvr.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Barbara Yoon" writes: > My e-mail spam problem is worsening -- I now get about 50 to 100 > e-mails every day, of which more than 95% are spam... How do > anti-spam programs work? Well, what's your mail setup? I started off with Derrick Hudson's exim config[1] and improved apon it[2]. It works well for me, your mileage may vary. If you post your setup, you might get a more relevant answer if running your own server isn't your bag. > Are there any good ones that don't require a lot of work by the user > (such as having to create a "white list," or such), and that are > free? And if somebody is kind enough to provide such a program, how > can I be sure it's not really a 'dirty trick' by some spammer?! Trust open source. http://www.spamassassin.org/ or http://www.sourceforge.net/ [1] http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/ [2] http://ursine.ca/~baloo/clamd-exiscan.txt - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbnHYUzgNqloQMwcRAl94AJ0X7z3SNAg4P9p/y+/CxSRkVFWSPgCgnlSB UqPN6/t+CIuo1VF4lVWK17c= =1DeZ -----END PGP SIGNATURE----- From mauvaislespam at yahoo.fr Sat Apr 3 08:34:47 2004 From: mauvaislespam at yahoo.fr (fred) Date: Sat Apr 3 03:35:03 2004 Subject: [SpamCop-List] Re: mailhosts problem identified and fixed References: Message-ID: <20040403103454800+0200@news.spamcop.net> Hello, I added a mailhost I got the robot mail with the 'special codes' I re-created an email copy-pasting the former one into and sent it Then (12h later) , nothing happenned ( no mail confirmation, no host added in the mailhost list ) Voil?, Fred From nobody at xyzzy.claranet.de Sat Apr 3 11:28:35 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 3 04:35:08 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: <406E83C3.6EA1@xyzzy.claranet.de> Marjolein Katsma wrote: > the survey not only requires cookies (not really a > problem) but requires JavaScript as well. But you can look at the privacy policy explaining this problem. It's dark black blue on a black background. Of course I have a bookmarklet to change the background colour, but it requires JavaScript... > That makes it inaccessible ...ACK. I won't enable JS 1.1 only to read an explanation, why JS is required. Generally that's the very last step before my browser crashes (JS 1.1 is not exactly up to date ;-) In rare cases this requires a reboot (restarting the workplace shell is not always good enough to get rid of the dead browser windows). I love these known bugs, they are so predictable. Bye, Frank From nobody at xyzzy.claranet.de Sat Apr 3 11:47:50 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 3 04:51:07 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: <406E8846.243F@xyzzy.claranet.de> Marjolein Katsma wrote: > worthwhile enough to temporarily enable cookies for. ;) Temorarily enabling JavaScript 1.1 doesn't help, it crashes my Netscape 3.x. In theory I could start Netscape 4.x, is it _that_ important ? Otherwise I skip this survey. Bye, Frank From jwray at nildram.co.uk Sat Apr 3 11:53:23 2004 From: jwray at nildram.co.uk (James Wray) Date: Sat Apr 3 04:55:08 2004 Subject: [SpamCop-List] Stopping Spammers Using Your Server Message-ID: Hi, We have always had trouble with people faking header from site addresses, which is fine as never any volume in it. Must be from people with infected machines, so I sometimes get spam from my site address etc. However, last fortnight we started getting thousands of returned mails to our default. I contacted our host Servint and we had a look, they could not see anything going out, just the returns. So we thought, must be faked. Anyway, last week SPAMCOP listed us on their blacklist. I contacted them right away and they gave me some good info and also confirmed that the mail was coming from us. Anyway I took the following measure (some of which shold have been done before) we disabled formmail server wide and physically removed it and any other cgi scripts that the site owers either did not use or did not know what they were, I had all websites change all their scripts, forum admin, mail and cpanel passwords. Asked them to do this every few months and make them difficult so not TolkienIlove or such (we run and host Lord of the Rings sites). I disabled any sites who did not respond within 5 hours. Just 2 left to respond :) I also asked them if they were using any more secure mailer scripts to rename them from their default. I also set a limit per domain of 1000 mails an hour, which we only switch off to send our own newsletter. Our host Servint has port sentry, some anti relay script and some other things running. We have checked for open relays. We also enabled suexec support and phpsuexec and have blocked nobody from sending mail. Our server is managed so we have to rely on them to an extent regards Linux security. Now it seems to have worked and SPAMCOP have removed our server from their list. Though we are still getting blocked by some big ISP's hoping it will drop off. My question is, can we do anything else? I thought of maybe getting a senderbond or such, but it is quite costly. Any recommendations welcome. Thanks James James N Wray Administrator: War of the Ring From windsorfoxNOSPAM at cox.net Sat Apr 3 04:04:23 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Apr 3 05:06:03 2004 Subject: [SpamCop-List] Re: Freespeechstore threatens SC? In-Reply-To: <406D9149.4060904@spamcop.net> References: <406D9149.4060904@spamcop.net> Message-ID: Tim McGraw wrote: > WindsorFox[SS] wrote: > >> Skiwi wrote: >> >>> >>> This is guy is a loon! >>> >>> http://www.interocitor.net/freespeechstore.html >> >> >> Looks like some 14 yo kid who needs to have his AOL privileges >> removed by mommy or daddy. > > > He's been on AOL for years. > > For some reason they won't touch him. > > Incriminating pictures of Steve Case, perhaps...? > Most likely because being an obnoxiuos moron is not against AOL's TOS, for, well, obvious reasons. From windsorfoxNOSPAM at cox.net Sat Apr 3 04:27:27 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Apr 3 05:30:22 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Oh. If you _allow_ them to open a separate window, of course. But why > would you? > > Sounds like author Chris Anderson has never used a decent browser - or > even an undecent browser with a decent popup stopper. > > As someone who has spent enormous amounts of time removing adware and spyware from "average Joe" users I will answer that with, because the vast majority of users do not know to not allow it nor would they know how and a very large majority of those are either incapable of or unwilling to learn how. ie: Don't know, don't care. From nobody at spamcop.net Sat Apr 3 10:30:27 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 05:35:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E8846.243F@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:406E8846.243F@xyzzy.claranet.de: > Temorarily enabling JavaScript 1.1 doesn't help, it crashes > my Netscape 3.x. In theory I could start Netscape 4.x, is it > _that_ important ? Otherwise I skip this survey. Bye, Frank If you have no wishes at all for SpamCop _and_ don't want to give any feedback about the current system, tehn it's not important. If you have any thoughts at all about SC might be improved, then yes, it is _that_ important. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 10:34:44 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 05:35:11 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:406E83C3.6EA1 @xyzzy.claranet.de: > I won't enable JS 1.1 only to read an explanation, why > JS is required. If you look at the code it's pretty obvious why it's required. That's just the way the survey is programmed (not all that unusual). So if you *can* use JS at all (and from your other post it seems that you can), don't complain later that your input wasn't considered if you won't give it now. > I love these known bugs, they are so predictable. Try finding an online survey service that can handle the expected volumen and doesn't have this "bug". or try writing a polling system yourself (I did, and it's not easy). If you do find a better system let us know. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 10:37:43 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 05:40:02 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in news:c4m3g3$7jk$1 @news.spamcop.net: > As someone who has spent enormous amounts of time removing adware > and spyware from "average Joe" users I will answer that with, because > the vast majority of users do not know to not allow it nor would they > know how and a very large majority of those are either incapable of > or unwilling to learn how. ie: Don't know, don't care. But I understand this is about simple popunders - that's not spyware or adware, just ad "behavior". As far as I know the large majority of users *do* care (practically everyone finds popups and popundeers annoying), they just don't know how to stop the pops. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 10:40:04 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 05:45:02 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in news:c4m3g3$7jk$1@news.spamcop.net: >> Sounds like author Chris Anderson has never used a decent browser - >> or even an undecent browser with a decent popup stopper. >> >> > > As someone who has spent enormous amounts of time removing adware > and spyware from "average Joe" users ... Still that would imply Chris Anderson is an "average Joe" IT journalist who doesn't know how to stop popups/popunders? I find that hard to believe. The article suggests there is no escape; it would have been infinitely better if it explained *what* escape is possible. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From Windrider6 at SpamCop.net Sat Apr 3 12:03:05 2004 From: Windrider6 at SpamCop.net (Bruce A. Johnson) Date: Sat Apr 3 07:05:02 2004 Subject: [SpamCop-List] What about spamcop.com? Message-ID: I don't remember ever seeing any discussion about spamcop.com. I see from the WhoIs info that they registered after spamcop.net did. Are they just moochers off of SpamCop.net's good name? Are their services worth looking at, or spitting at? Will IronPort try to obtain that domain name to protect the trademark? What about spamcop.org and spamcop.ca? Maybe IronPort should snatch them up so noone else can use them? Seems like a good idea, . . . IMO. - Bruce A. Johnson in Hardisty, Alberta, Canada - Windrider6@SpamCop.net From MikeE at ster.invalid Sat Apr 3 04:48:21 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 07:50:37 2004 Subject: [SpamCop-List] Re: What about spamcop.com? References: Message-ID: Bruce A. Johnson wrote: > I don't remember ever seeing any discussion about spamcop.com. I see > from the WhoIs info that they registered after spamcop.net did. > > Are they just moochers off of SpamCop.net's good name? Are their > services worth looking at, or spitting at? spamcop.com at its www. and redirecting to its tricky vww. is the home of SpamInspector, an antispam product of the Giant Company. SpamInspector purports to parse spam and notify providers. It also has the unhealthy features of bogus bounce forgeries, advertising itself on all of your mail, and running affiliate programs which result in its spammy usenet and other promotions. I think you can choose to not exercise any of those options. The concept of registering all of the various tld's for the present and future must be something that the domain registrars love. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Apr 3 12:58:49 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 08:00:07 2004 Subject: [SpamCop-List] Re: What about spamcop.com? References: Message-ID: Bruce A. Johnson (Windrider6@SpamCop.net) wrote in news:Xns94C03362EC973Windrider6SpamCopnet@216.154.195.61: > I don't remember ever seeing any discussion about spamcop.com. I see > from the WhoIs info that they registered after spamcop.net did. There have been discussions allright; try this Google: http://tinyurl.com/3b8gr > Are they just moochers off of SpamCop.net's good name? Yes. > Are their services worth looking at, or spitting at? The latter. > Will IronPort try to obtain that domain name to protect the trademark? > > What about spamcop.org and spamcop.ca? Maybe IronPort should snatch > them up so noone else can use them? I don't think Julian was ever that much interested (although a fight over a domain name can get quite expensive and may not have been affordable); I don't know what IronPort's attitude / position in this is. .org might be interesting - but I don't think .ca is (most people not in canada won't recognize that as a canadian TLD, and SC is not in Canada anyway...). If .ca is intesting, where do you stop? All countries where SC has users? That's an awful lot... But if you want to make a suggestion, why not use the SpamCop survey? http://www.surveymonkey.com/s.asp?u=19160428882 -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From bar_n0ne at hotmail.com Sat Apr 3 18:09:36 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 3 09:10:08 2004 Subject: [SpamCop-List] just how effective is SCBL blocking nowadays? Message-ID: Folks, I'm curious abut how efective the SCBL list is in these days of distributed trojanized spam systems. Anyone have any ratios of tagged vs passed for it? spam vs ham catch ratios? Thanks From MikeE at ster.invalid Sat Apr 3 06:17:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 09:20:03 2004 Subject: [SpamCop-List] Re: just how effective is SCBL blocking nowadays? References: Message-ID: Berny wrote: > I'm curious abut how efective the SCBL list is in these days of > distributed trojanized spam systems. Anyone have any ratios of tagged > vs passed for it? spam vs ham catch ratios? Jeff Makey compares blocklists and he 'likes' spamcop's. However, he handles spamcop's 'cleverly' and defends his usage of the SCbl in nanae, where many criticize it for its potential for false positives. The SCbl is a frisky and dynamic blocklist and defnitely has a place in the arsenal. Realize that for its own mail subscribers that spamcop *tags* mail rather than deleting it. Blacklists Compared http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Apr 3 14:25:31 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 09:30:04 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in news:c4f6d5$h6u$1 @news.spamcop.net: > No matter howmuch someone dislikes women posing in swimsuits it is not > porn. And nudity is??? C'mon! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Sat Apr 3 06:41:16 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 09:45:04 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: Marjolein Katsma wrote: > WindsorFox[SS] >> No matter howmuch someone dislikes women posing in swimsuits it is >> not porn. > > And nudity is??? C'mon! You snipped away some of what he sed WindsorFox[SS] wrote: > To many people innocent nudity > such as on the beach is not porn that's why it's described as > containing nudity. It's only a really tough decision to people who > have the wrong motivations. As a general rule, 'regular' nudism and nudist camps and beaches and such are very 'innocent' and are considered a family activity by nudists. We have a nearby nude beach and parts of it are 'contaminated' [or frequented if you prefer] by open sexual activities that would be upsetting to some 'family entertainment' sorts. The open sexual activities are typically male homosexual. -- Mike Easter kibitzer, not SC admin From michael.spamcop at michaellefevre.com Sat Apr 3 15:25:02 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sat Apr 3 10:30:08 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: Marjolein Katsma wrote: > WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in > news:c4m3g3$7jk$1@news.spamcop.net: > >>> Sounds like author Chris Anderson has never used a decent browser - >>> or even an undecent browser with a decent popup stopper. >>> >> As someone who has spent enormous amounts of time removing adware >> and spyware from "average Joe" users ... > > Still that would imply Chris Anderson is an "average Joe" IT journalist > who doesn't know how to stop popups/popunders? I find that hard to > believe. The article suggests there is no escape; it would have been > infinitely better if it explained *what* escape is possible. Well, it implies that at least he didn't, not doesn't. Note that the article we're discussing here is from a couple of years ago. I think they're still going, but due to losing a patent case over their pop-under adverts, X10 went into bankruptcy protection a few months ago. -- Michael From michael.spamcop at michaellefevre.com Sat Apr 3 15:27:42 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sat Apr 3 10:30:32 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: > Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in > news:c4k3g3$877$1@news.spamcop.net: > >> so Paul's answer was correct only in the case of paying members using >> cookies... > > Ah. Which I'm not. > > It seems particularly hard these days to refer to a particular SpamCop > URL that's operational for all readers though - I'd suggest that needs > fixing. A single reference should work for all. As it is now, you'd have > different URLs for: > - free reporting users > - paid reporting users using normal login > - paid reporting users using cookie login > - mail system users > (and maybe more...) Aside from stuff about account preferences, which is necessarily different for different accounts, the www. URLs work for everything except cookie logins. I don't think there's any practical way of having the same URL work for auth login and no login at all, because there's no way of the server knowing what kind of user you are before it asks for the login. -- Michael From MikeE at ster.invalid Sat Apr 3 07:38:58 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 10:40:02 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Mike Easter wrote: > Mike Easter wrote: >> Notice that each header element, Received: From: Date: Content-Type >> etc begins the line; they aren't 'run together'; also there are no >> empty lines between the elements. What you posted doesn't look like >> that at all. > > Forget about empty lines. I had something else on my mind. Yours > doesn't have empty lines, it has elements run together.. > >> "You're right. It's all >> spaced out." > > Forget about spaced out. Run together, not spaced out. And in the > case of #1, it has header elements and body elements all mixed > together. > > I think it might be being caused by your mail provider screwing it up > before it gets to your OE. That would be spamcop. > > I'm not clear on how you get your mail. It looks like you have a > spamcop.net address, but since you are using OE you must be popping > your mail from spamcop. Is that it? I don't know much about spamcop > mail, so I may be running out of gas here on giving advice. I just > know those headers are screwed up, and it isn't likely that OE is > screwing them up, so it must be spamcop. AAARRGGHHH!! Forget about what I said to forget about. I'm all completely mixed up with two different kinds of issues, and I'm going to have to back up and figure out whereall I said something different than what I should have been talking about. I'm getting the issue this thread is about mixed up with a different issue that Keith is posting. Your [Eric] lines are 'spacey' - Keith's lines are runon and probably due to the spamcop filter. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 3 07:59:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 11:00:04 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Eric Johannsen wrote: > I cut and pasted the message source EXACTLY from the message source > window in Outlook Express... Okay. I'm back in the groove now and not confused between Eric and Keith. What is this "thing"? Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 What does MailEnable Catch-All Filter have to do with the handling of this item? Maybe it is the 'thing' that is screwing up the mail before it gets to your OE, or maybe it is what is described below. Also, something is 'all screwed up' between isaac.com and johannsen.us - that is, in how whichever is supposed to be stamping this line below is 'taking care of business'. Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr 2004 06:28:20 -0500 (EST) (envelope-from www) That line is supposed to say: Received: from HELO ([source.ip]) by receving.domain.name with somestufff datestamp not Received: from HELO (source.ip]) by some.domain.name with somestuff datestamp1 by another.domain.name somestuff datestamp2 Whatever is screwing up its stamp is probably screwing up those headers [and the spambody] before your OE gets them. The line in question is the sourceline, where 201.1.80.68 rDNS 201-1-80-68.dsl.telesp.net.br is calling itself isaacsmail.com in the HELO for the transaction. -- Mike Easter kibitzer, not SC admin From bomarc_com at spam.hotmail.nospam.com.use.spamcop.net Sat Apr 3 08:05:24 2004 From: bomarc_com at spam.hotmail.nospam.com.use.spamcop.net (Dan French) Date: Sat Apr 3 11:10:04 2004 Subject: [SpamCop-List] Re: Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} References: Message-ID: I directly sent them an email notice about the spam. (Why would a spammer, other than retaliation, advertise a company that they won't get profit from?) Yahoo's comment: You didn't send the full header. (?) #1: The full header is going to impact the fact of the issue that the spammer is using this website. #2: The full header was included. {Yahoo email: Forward as attachment} "Ellen" wrote in message news:c4idmm$bbq$1@news.spamcop.net... > > > The yahoo finance site is being used by the spammer; the payload of the spam > isn;t a yahoo url they are using that to lend credibilty to a pump and dump > and there is nothing that yahoo can do about a spammer using a link to their > financial news site. Yahoo accepts SpamCop reports. > > Ellen > > From a at all.addresses.on.cdrom.are.invalid.aaa Sat Apr 3 11:30:00 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sat Apr 3 11:30:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) In-Reply-To: <406E8846.243F@xyzzy.claranet.de> References: <406E8846.243F@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Marjolein Katsma wrote: > >>worthwhile enough to temporarily enable cookies for. ;) > > Temorarily enabling JavaScript 1.1 doesn't help, it crashes > my Netscape 3.x. In theory I could start Netscape 4.x, is it > _that_ important ? Otherwise I skip this survey. Bye, Frank None of the push buttons work for me. Mozilla 1.5. -John wb8tyw@qsl.network personal Opinion Only From nobody at spamcop.net Sat Apr 3 17:32:28 2004 From: nobody at spamcop.net (John McLusky) Date: Sat Apr 3 11:35:03 2004 Subject: [SpamCop-List] Re: just how effective is SCBL blocking nowadays? References: Message-ID: Mike Easter wrote: > Berny wrote: >> I'm curious abut how efective the SCBL list is in these days of >> distributed trojanized spam systems. Anyone have any ratios of tagged >> vs passed for it? spam vs ham catch ratios? > > Jeff Makey compares blocklists and he 'likes' spamcop's. However, he > handles spamcop's 'cleverly' and defends his usage of the SCbl in > nanae, where many criticize it for its potential for false positives. > The SCbl is a frisky and dynamic blocklist and defnitely has a place > in the arsenal. Realize that for its own mail subscribers that > spamcop *tags* mail rather than deleting it. Indeed. I use SCBL, CBL and SBL (tag only, for the moment) and between them it catches between 80% and 90% of my incoming spam. It's also rare to get a false positive. John, From eddie at eddie.web Sat Apr 3 12:20:37 2004 From: eddie at eddie.web (eddie) Date: Sat Apr 3 12:25:22 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: On Fri, 02 Apr 2004 14:01:30 -0800, Skiwi wrote: > http://www.surveymonkey.com/s.asp?u=19160428882 > > Bring out all those complements, complaints, suggestions, peeves, etc - we > got ourselves a survey to take! :-) (cookies though, grrrr....) Delete all cookies if you have any at all. Turn on cookies visit website leave website delete all cookies turn off cookies. I believe that there is some software that stored the cookies in a temporary ram to satisfy the site and deletes them as soon as you move on. I leave them on, but only for the visited site and I run antispyware regularly. I am more concerned with the GPS in my new cellphone. From nobody at spamcop.net Sat Apr 3 17:41:54 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 12:45:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E8846.243F@xyzzy.claranet.de> Message-ID: John Malmberg (a@all.addresses.on.cdrom.are.invalid.aaa) wrote in news:c4moq8$tog$1@news.spamcop.net: > None of the push buttons work for me. Mozilla 1.5. Make sure JavaScript is enabled. Otherwise upgrade to Moz 1.6; I had no problem using it with that. (Why they have to be such silly "buttons" instead of ordinary radio buttons and checkboxes is beyond me - it doesn't increase usability at all - but that's another matter) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 17:43:19 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 12:45:13 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: Message-ID: eddie (eddie@eddie.web) wrote in news:pan.2004.04.03.17.20.37.134000 @eddie.web: > I am more concerned with the GPS in my new cellphone. If you mean it transmits your location - you should be able to turn that off... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 17:54:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 12:55:03 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4ml0e$qfh$1@news.spamcop.net: >> Still that would imply Chris Anderson is an "average Joe" IT >> journalist who doesn't know how to stop popups/popunders? I find that >> hard to believe. The article suggests there is no escape; it would >> have been infinitely better if it explained *what* escape is >> possible. > > Well, it implies that at least he didn't, not doesn't. Note that the > article we're discussing here is from a couple of years ago. A couple of years ago it was already quite possible to stop practically all popups and popunders. I use Mozilla now, which does agoo job by itself, but I still have The Proxomitron (mostly with IE) which can be configured to stop or change anything that HTTP sends your way (and browser sends with HTTP to a server). I've been using that for years, and it wasn't the only tool around either. I've *never* seen anything from X-10. Even if the article is a few years old - I'm unimpressed by the writer's knowledge. > I think they're still going, but due to losing a patent case over > their pop-under adverts, X10 went into bankruptcy protection a few > months ago. No advertizing company that is based on a single technology can be a "success story". To be effective you have to continue to adapt since the "public" continues to find new ways to get around the ads (or just gets blind to them - "banner blindness" was already well known 5 years ago); there has been a wave to make ads more and more agressive (popunders are part of that) but that merely spawns a new generation of anti-ad software; ultimately non-intrusive ads are more effective since people will be less annoyed by them and bother less with anti-tools, so they'll see more. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sat Apr 3 18:30:41 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sat Apr 3 13:35:03 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4ml5e$qfh$2@news.spamcop.net: > I don't think there's any practical way of having the same URL > work for auth login and no login at all, because there's no way of the > server knowing what kind of user you are before it asks for the login. I'm sure it can be done. For starters, if you ask for a page and you're *already* logged in, it *already* knows what kind of account you have - so it can redirect from a general-purpose URL to one that's appropriate for your account. If you're not logged in when you request the general- purpose URL and it asks for a login in, then after the login the server will know what type of account you have and can *then* redirect to the appropriate page. The real "problem" is designing a system of general-purpose URLs that will have account-specific counterparts the server can redirect to as soon as it knows "who" you are. For instance, use "gen" as server name instead of 'www', 'members', 'mail' or whatever. All quite practical, not hard at all - just sit down and do a little design. BTW, teh same system could be used for the "finish reporting" links uin the mails SC now sends instead of the 'www' links which try to force us to use cookie login (quite unsuccessfully, in my case, since I automatically change those links back to 'members'. ;-)) There is really no need to force anyone into a particular authentication system or server when there are several available already. Just make it a little more intelligent! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From caroljean52 at yahoo.com Sat Apr 3 10:56:21 2004 From: caroljean52 at yahoo.com (caroljean52) Date: Sat Apr 3 14:00:20 2004 Subject: [SpamCop-List] Comcast strikes again! Message-ID: Just signed up with Comcast for broadband. (Yeah, I know--but we didn't have time to shop around and this was the simplest alternative for us. Believe me, I'm being *very* careful. And I'll never waste my time using my new Comcast email address since I'm sure most of my outgoing mail would be blocked!) Guess what I just discovered: Comcast will not let me forward spam to the FTC or the FDA! Had to switch back over to the Earthlink dialup to send those! Guess Comcast doesn't want to implicate themselves to the government. (Yep, several of the spams I was forwarding came from Comcast.) Carol Seattle USA From bert at visi.com Sat Apr 3 19:04:35 2004 From: bert at visi.com (Bert Hyman) Date: Sat Apr 3 14:05:03 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: In news:c4n1cl$50d$1@news.spamcop.net "caroljean52" wrote: > Comcast will not let me forward spam to the FTC or the FDA! How does this manifest itself? What error/status do you get when you try? What mail client do you use? -- Bert Hyman St. Paul, MN bert@visi.com From mrichter at cpl.net Sat Apr 3 11:36:00 2004 From: mrichter at cpl.net (Mike Richter) Date: Sat Apr 3 14:40:03 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: <406F1220.5050302@cpl.net> caroljean52 wrote: > Just signed up with Comcast for broadband. (Yeah, I know--but we > didn't have time to shop around and this was the simplest alternative > for us. Believe me, I'm being *very* careful. And I'll never waste my > time using my new Comcast email address since I'm sure most of my > outgoing mail would be blocked!) Since the blocklists are based on IP addresses, using another e-mail address will do no good if you send through your Comcast account. Enjoy your dialup. Mike -- mrichter@cpl.net http://www.mrichter.com/ From eddie at eddie.web Sat Apr 3 14:49:51 2004 From: eddie at eddie.web (eddie) Date: Sat Apr 3 14:50:03 2004 Subject: [SpamCop-List] latest bank scam/phishes go to devnull Message-ID: Most of the recent bank scams I am getting wind up in the /dev/null bucket as SC. I guess the phishers are getting very smart and know who to hijack so that they get away with it. The last one should have gone to internet.abuse@sjrb.ca but they refuse munged reports so the report dies. Score: Phishers 1, internet.abuse@sjrb.ca 0 From eddie at eddie.web Sat Apr 3 14:52:30 2004 From: eddie at eddie.web (eddie) Date: Sat Apr 3 14:55:02 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: On Sat, 03 Apr 2004 10:56:21 -0800, caroljean52 wrote: > Just signed up with Comcast for broadband. (Yeah, I know--but we didn't > have time to shop around and this was the simplest alternative for us. > Believe me, I'm being *very* careful. And I'll never waste my time using > my new Comcast email address since I'm sure most of my outgoing mail would > be blocked!) > > Guess what I just discovered: > > Comcast will not let me forward spam to the FTC or the FDA! > snip That's rather amazing because a good deal of my spam comes from hijacked comcast boxens - and their spam gets out OK. If you disguised it as spam it would probably get through. From nobody at spamcop.net Sat Apr 3 14:54:35 2004 From: nobody at spamcop.net (indigo) Date: Sat Apr 3 15:00:03 2004 Subject: [SpamCop-List] Re: With friends like SpamCop, who needs spammer? References: <406B9DD4.1060209@spamcop.net> Message-ID: Larry Kilgallen wrote: > In article , "elind" > writes: Larry? Is that you? Thought you were dead! ;-) From MikeE at ster.invalid Sat Apr 3 12:35:51 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 15:40:02 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: eddie wrote: > Most of the recent bank scams I am getting wind up in the /dev/null > bucket as SC. I guess the phishers are getting very smart and know > who to hijack so that they get away with it. > The last one should have gone to > internet.abuse@sjrb.ca > but they refuse munged reports so the report dies. > > Score: > Phishers 1, internet.abuse@sjrb.ca 0 That's the abuse addy for Shaw Comm cable in Calgary. Interestingly, the various banks or whatever's accounts are being phished often don't want to hear about it either. I was looking over a site the other day and they have a 'gizmo' so that you can look up the particular scam. If they already know about that one, they don't want to hear about it. Only if it is a new gig would they like to see it. Others don't want to hear about any of them; they just give the client some pointers on how to avoid being phished. And they have a number to call if you've already /been/ phished. -- Mike Easter kibitzer, not SC admin From dommanno at netscape.net Sat Apr 3 16:01:47 2004 From: dommanno at netscape.net (D.F. Manno) Date: Sat Apr 3 16:05:04 2004 Subject: [SpamCop-List] Re: Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" References: Message-ID: In article , Redstone wrote: > We, ourselves, will not be contacting you again > regarding this matter. Promise? -- D.F. Manno dommanno@netscape.net "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." (Benjamin Franklin) From MikeE at ster.invalid Sat Apr 3 13:21:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 16:25:09 2004 Subject: [SpamCop-List] Media - ICANN: whois inaccuracies Message-ID: ICANN Reports On WHOIS Inaccuracies -1- ICANN instituted the ... (WDPRS) ... to let individual users report incorrect domain registration information. -2- confirmed WHOIS inaccuracies... 16,045 unique domain names -3- one glaring hole in the process is that registrars are not required to report back to ICANN on the status of their investigations. -4- registrars reported back on 36 percent of the total number of reports sent. -5- no particular registrar was more deficient than its competitors in the number of incorrect WHOIS entries http://internetnews.com/xSP/article.php/3334181 http://yro.slashdot.org/yro/04/04/03/1726226.shtml?tid=126&tid=95 -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Sat Apr 3 13:23:41 2004 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 3 16:25:21 2004 Subject: [SpamCop-List] Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" Message-ID: http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=showhistory From tmcgraw at spamcop.net Sat Apr 3 14:01:54 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Apr 3 17:05:08 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: <406F3452.3080309@spamcop.net> WindsorFox[SS] wrote: > indigo wrote: > >> Only until you get to the part that says "ok, what is porn and what is >> not?". The Sports Illustrated swimsuit issue is banned in some >> places...... > > Only by bunheads and public school administrators with some kind of a > point to prove. I think it's easy. Any email that contains nudity, > sexual rferences (not inuendo) or has a direct URL link to any > pornographic web site, which as we already know (if i owned the world) > would end in .xxx . No matter howmuch someone dislikes women posing in > swimsuits it is not porn. To many people innocent nudity such as on the > beach is not porn that's why it's described as containing nudity. It's > only a really tough decision to people who have the wrong motivations. You're making a complex issue a black and white one. "In 1964, Justice Potter Stewart tried to explain 'hard-core' pornography, or what is obscene, by saying, 'I shall not today attempt further to define the kinds of material I understand to be embraced... [b]ut I know it when I see it.'" http://tinyurl.com/smsa From tmcgraw at spamcop.net Sat Apr 3 14:03:32 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Apr 3 17:05:27 2004 Subject: [SpamCop-List] Re: Freespeechstore threatens SC? References: <406D9149.4060904@spamcop.net> Message-ID: <406F34B4.6050906@spamcop.net> WindsorFox[SS] wrote: > Tim McGraw wrote: > >> WindsorFox[SS] wrote: >> >>> Skiwi wrote: >>> >>>> This is guy is a loon! >>>> >>>> http://www.interocitor.net/freespeechstore.html >>> >>> Looks like some 14 yo kid who needs to have his AOL privileges >>> removed by mommy or daddy. >> >> He's been on AOL for years. >> >> For some reason they won't touch him. >> >> Incriminating pictures of Steve Case, perhaps...? > > Most likely because being an obnoxiuos moron is not against AOL's TOS, > for, well, obvious reasons. Nor any other ISP's TOS. From michael.spamcop at michaellefevre.com Sat Apr 3 22:12:54 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sat Apr 3 17:15:02 2004 Subject: [SpamCop-List] Re: Ok, what happens to this one? {ISP does not wish to received... has been appealed previously} References: Message-ID: Dan French wrote: > I directly sent them an email notice about the spam. (Why would a > spammer, other than retaliation, advertise a company that they won't get > profit from?) There wouldn't be much point in that, but it's not what happened here. The Yahoo! site has financial information about lots of companies (which is also available from other sites). The spammer is interested in "pumping" the stock of the company whose data is shown on the page. Neither Yahoo (nor the company, generally) benefit from this - the people that benefit are the ones holding the stock, which is the spammer (or the spammer's client). Asking Yahoo to edit their news and/or stock information because a spammer references it is futile. -- Michael From tmcgraw at spamcop.net Sat Apr 3 14:15:52 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Apr 3 17:20:02 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: <406F3798.90603@spamcop.net> caroljean52 wrote: > Just signed up with Comcast for broadband. (Yeah, I know--but we didn't have > time to shop around and this was the simplest alternative for us. Believe > me, I'm being *very* careful. And I'll never waste my time using my new > Comcast email address since I'm sure most of my outgoing mail would be > blocked!) > > Guess what I just discovered: > > Comcast will not let me forward spam to the FTC or the FDA! Comcast simply does not do that. Something in your email client must be misconfigured... what's the error? From michael.spamcop at michaellefevre.com Sat Apr 3 22:31:24 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sat Apr 3 17:35:02 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: > Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in > news:c4ml5e$qfh$2@news.spamcop.net: > >> I don't think there's any practical way of having the same URL >> work for auth login and no login at all, because there's no way of the >> server knowing what kind of user you are before it asks for the login. > > I'm sure it can be done. For starters, if you ask for a page and you're > *already* logged in, it *already* knows what kind of account you have - > so it can redirect from a general-purpose URL to one that's appropriate > for your account. If you're not logged in when you request the general- > purpose URL and it asks for a login in, then after the login the server > will know what type of account you have and can *then* redirect to the > appropriate page. > > The real "problem" is designing a system of general-purpose URLs that > will have account-specific counterparts the server can redirect to as > soon as it knows "who" you are. For instance, use "gen" as server name > instead of 'www', 'members', 'mail' or whatever. I don't quite follow how you think that would work. If a page has HTTP AUTH, the browser will prompt for login information, unless you've already logged in to the site in which case the browser will resend the information it has stored. The only way for the server to figure out if you're logged in is to ask for the authentication, which will make a prompt appear if you haven't already provided it. If you had authentication on the general-purpose URLs, then anyone browsing to a general page would get a login prompt, which they'd have to cancel in order to get redirected to a non-auth page. That's not a good solution - and in order not to prompt the user on every page, you would have to have the server use cookies or session-tagged URLs so it could track the user as being someone who shouldn't be asked to authenticate. > There is really no need to force anyone into a particular authentication > system or server when there are several available already. Just make it > a little more intelligent! I don't believe it can be made to work cleanly with HTTP authentication - the protocol doesn't allow for that kind of intelligence. That's actually the reason many sites use cookies instead - they allow the server to be more "intelligent", because it can see if there's a cookie on the first request, rather than having to send a "login required" message to the browser to find out if there's any login information. -- Michael From nobody at spamcop.net Sat Apr 3 23:51:48 2004 From: nobody at spamcop.net (Tim) Date: Sat Apr 3 17:55:02 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: "Skiwi" wrote in message news:c4na0v$enf$1@news.spamcop.net... > http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=showhistory > LOL! Morons! What rule # is that? From eddie at eddie.web Sat Apr 3 18:25:45 2004 From: eddie at eddie.web (eddie) Date: Sat Apr 3 18:30:03 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: On Sat, 03 Apr 2004 12:35:51 -0800, Mike Easter wrote: snip > That's the abuse addy for Shaw Comm cable in Calgary. > > Interestingly, the various banks or whatever's accounts are being phished > often don't want to hear about it either. I was looking over a site the > other day and they have a 'gizmo' so that you can look up the particular > scam. If they already know about that one, they don't want to hear about > it. Only if it is a new gig would they like to see it. Others don't want > to hear about any of them; they just give the client some pointers on how > to avoid being phished. And they have a number to call if you've already > /been/ phished. Well, since it is not a bank I deal with, and since nobody seems to want to hear about it, I will start deleting these phisher-spams immediately, since they only go to the bit-bucket anyway. Score 1 for the bad guys who have discovered a workaround using a spam-friendly ISP, Shaw Comm in Canada. When all the ISPs refuse munged reports, the spammers will have won the game. From MikeE at ster.invalid Sat Apr 3 15:50:26 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 3 18:55:03 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: eddie wrote: > Well, since it is not a bank I deal with, and since nobody seems to > want to hear about it, I will start deleting these phisher-spams > immediately, since they only go to the bit-bucket anyway. > Score 1 for the bad guys who have discovered a workaround using a > spam-friendly ISP, Shaw Comm in Canada. > When all the ISPs refuse munged reports, the spammers will have won > the game. Well, deleting spam is one way to deal with it. Hopefully while pledging to never aid *any* spammer. Feeding it to spamcop and reporting causes the source IP to get scbl dinged regardless of whether anyone actually gets a report. Feeding it to spamcop and manually reporting it however you like in addition to the 'standard' SC report can be even more effective, but it is more trouble. My manual reports go to providers for open smtp relays, upstreams of non-responsive providers, providers who don't accept munged SC reports, and various agencies or other parties interested in some particular gig. On any given item, as a general rule, my manual notifies are much more 'comprehensive' than SC's. But, then, I don't get much spam. If someone gets a lot of spam they should figure out their own 'style' I think the way I would do it if I were getting dozens a day would be to have SpamPal sort it for me and I would report all of it with spamcop and some 'subset' with my own manual style, say about 5-10 a day. That limited number of manuals wouldn't take very long. I have no idea how people manage to expose their addy so that they get hundreds of spams, but I would do something to get that down to a manageable number so that I could report all of my spam responsibly. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat Apr 3 16:11:45 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Apr 3 19:15:03 2004 Subject: [SpamCop-List] Re: Header of the week References: Message-ID: <406F52C1.8010800@spamcop.net> Marjolein Katsma wrote: > One (I think one) particular spammer always includes fancy headers in the > spam mails. Not just fancy content, but the header "keyword" itself is > entirely made up. The one I just saw was particularly funny: > > teletypesetting-eater: phenomenon afresh traitorous Good one. Just got this: DeerAntler Plus//Hundred% MBG-Hundred% No Side-Effects Hundred%Doc-Approved-Receive Multible-Orgasms-Satisfy-Yourself-or-Your Lover-4 Hours!-Shellout Nada if all is not true! Satisfy yourself or your lover? Why do they have to be mutually exclusive? From nobody at spamcop.net Sun Apr 4 12:53:37 2004 From: nobody at spamcop.net (Petzl) Date: Sat Apr 3 20:55:19 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <406F3798.90603@spamcop.net> Message-ID: On Sat, 03 Apr 2004 14:15:52 -0800, Tim McGraw wrote: >caroljean52 wrote: >> Just signed up with Comcast for broadband. (Yeah, I know--but we didn't have >> time to shop around and this was the simplest alternative for us. Believe >> me, I'm being *very* careful. And I'll never waste my time using my new >> Comcast email address since I'm sure most of my outgoing mail would be >> blocked!) >> >> Guess what I just discovered: >> >> Comcast will not let me forward spam to the FTC or the FDA! > >Comcast simply does not do that. > >Something in your email client must be misconfigured... what's the error? Could be the FDA blocks ComCast senders as does everyone else? Alos it does not matter what email address one uses if you send from a Comcast IP it will be bit binned Petzl -- "The price of living in a democracy is that the morons can vote, say anything they want, and procreate at will" - Dr John Becker From nobody at xyzzy.claranet.de Sun Apr 4 06:39:28 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 3 22:45:10 2004 Subject: [SpamCop-List] Re: Media - ICANN: whois inaccuracies References: Message-ID: <406F8370.6ED1@xyzzy.claranet.de> Mike Easter wrote: > ICANN Reports On WHOIS Inaccuracies They now support all gTLDs (minus .mil and .arpa), that used to be only cno (.com, .net, .org). > one glaring hole in the process is that registrars are not > required to report back to ICANN on the status of their > investigations. Fixed, they now send inquiries to the original submitter with the old and new whois data (I haven't tested this yet, and no, I'm not one of the top 20 reporters with more than 40% of all reports ) > no particular registrar was more deficient than its > competitors in the number of incorrect WHOIS entries At least that's their "official" interpretation of the data. They found two registrars with a higher standard deviation: The whois data report form (now for almost all gTLDs) still uses Bye, Fran From nobody at xyzzy.claranet.de Sun Apr 4 06:48:00 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 3 22:50:12 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <406F3798.90603@spamcop.net> Message-ID: <406F8570.46B3@xyzzy.claranet.de> Petzl wrote: > Alos it does not matter what email address one uses > if you send from a Comcast IP it will be bit binned That's the spirit. Bye, Frank From baloo at ursine.ca Sat Apr 3 20:03:20 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sat Apr 3 23:20:02 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: <87y8pcl793.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "caroljean52" writes: > Comcast will not let me forward spam to the FTC or the FDA! Get a commercial account, run a mail server. That's how I solved that one before it got started. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAb4kIUzgNqloQMwcRAjqqAJ9bzp96jA3q1G9XuahWZaW/HO2pSACdFPI2 ABMzN/BMWtmScHGiB5W2zkg= =qZml -----END PGP SIGNATURE----- From nobody at xyzzy.claranet.de Sun Apr 4 07:34:10 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 3 23:40:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> Message-ID: <406F9042.7A30@xyzzy.claranet.de> Marjolein Katsma wrote: > if you *can* use JS at all (and from your other post it > seems that you can) Maybe. As you've seen I tested JavaScript 1.1 and that didn't work. But it only crashed my browser, not the workplace shell. So I could still fire up Netscape 4.x, one of the worst known browsers (until you find its "disable style sheets" option ;-) > don't complain later that your input wasn't considered if > you won't give it now. Sure. OTOH I'm not in the habit to jump over all sticks. >> I love these known bugs, they are so predictable. > Try finding an online survey service that can handle the > expected volumen and doesn't have this "bug" Hm ? I was talking about the known bugs of Netscape 3.x and its JavaScript 1.1, what are you talking about ? E.g. there is no "screen" object in this dialect, so any script trying to get the screen width more than 10 ten times dies with a "too many Javascript errors" message. Please don't ask me why a script should be interested in the dimensions of my screen, my browser windows are always smaller. > try writing a polling system yourself Why should I ? I rarely test Lynx, but solutions working for Netscape 3.x exist, and probably they work for later browsers. (I'm no JavaScript expert and not even a beginner, so don't nail me if there's a problem with say (void) and locations). > If you do find a better system let us know. Surveys by ICANN and of course amazon.* were always okay. But I can't say if they required JS. One survey about spam in the EU was tricky. Bye, Frank From RobertTaylor at SpamCop.net Sat Apr 3 23:43:43 2004 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Sat Apr 3 23:45:03 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: In news:406F3452.3080309@spamcop.net, Tim McGraw sent: > WindsorFox[SS] wrote: >> indigo wrote: >> >>> Only until you get to the part that says "ok, what is porn and what is >>> not?". The Sports Illustrated swimsuit issue is banned in some >>> places...... >> Only by bunheads and public school administrators with some kind of a >> point to prove. I think it's easy. Any email that contains nudity, >> sexual rferences (not inuendo) or has a direct URL link to any >> pornographic web site, which as we already know (if i owned the world) >> would end in .xxx . No matter howmuch someone dislikes women posing in >> swimsuits it is not porn. To many people innocent nudity such as on the >> beach is not porn that's why it's described as containing nudity. It's >> only a really tough decision to people who have the wrong motivations. > You're making a complex issue a black and white one. > > "In 1964, Justice Potter Stewart tried to explain 'hard-core' > pornography, or what is obscene, by saying, 'I shall not today attempt > further to define the kinds of material I understand to be embraced... > [b]ut I know it when I see it.'" [] Hello Group, With respect: In my opinion, Justice Stewart's remark is an unsatisfactory, if well-intentioned side-step around the periphery of an admittedly /vexing/ issue; analogous, perhaps, to the well-worn "I don't know anything about art, but I know what I like". (A view, by the way, which I do not subscribe to, but with which I have no quarrel.) To my knowledge, no one has thusfar succeeded in defining "pornography", "obscenity" or "indecency" in a rational, coherent, or even an understandable manner. Not surprisingly, this often results in a labyrinth of circular arguments, the only use of which is to raise collective blood-pressure and foster ill-will, often for reasons poorly understood, even by the participants in the discussion. No matter how "good", sensible or well-intentioned some suggested methods for quarantine or other "partitioning" of certain matter considered objectionable by some, the question seems always to swerve unerringly back like a boomerang, as the poster suggests above, to "ok, what is porn ... [or insert equivalent pet peeve here] ... and what is not?". We all have opinions as to what is or is not indecent, and (in the U.S.) we are free to choose or reject materials on the basis of those opinions, as we see fit. The High Court has, as I recall, done a side-step, if not a pirouette, by declaring something to the effect that such matters should be determined according to 'acceptable community-standards', or words to that effect, presumably at the state and/or local level. This would not seem to solve the matter, and IMO might well provoke more fist-fights than compromises. I guess it is clear that I am opposed to censorship, gross or subtle. It seems to me that our Constitution, with its Bill of Rights, guarantees us the prerogative to say or write anything we please (short of the principle of "... yelling fire in a crowded theater"--where there is no fire--etc.). If we find the speech or writings of others offensive or otherwise objectionable, we are free to oppose them, expressing our own beliefs and refuting their arguments or assertions, no matter how repugnant they may be to us. If we simply find some materials obscene, we are free to put the book back on the library shelf or switch off the radio, TV set or other device. If children are at risk of being exposed to objectionable material, I would think that the responsibility for controlling that rests squarely on the shoulders of parents. I cannot see how a "universal" principle, with (or without) the force of law, could be concocted to cover every conceivable problem of this kind. Justice Stewart's remark is indeed unsatisfactory; but it's very inconclusiveness--especially coming from an eminent jurist--should serve as a powerful pointer to the complexity and the pitfalls involved in the matter of censorship in all its myriad forms, and the potential implications of this with regard to the civil liberties of us all (and not just in the U.S.). Regards, -- Robert From nobody at xyzzy.claranet.de Sun Apr 4 07:58:22 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 4 00:05:02 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: Message-ID: <406F95EE.7827@xyzzy.claranet.de> James Wray wrote: > My question is, can we do anything else? Maybe read the abuse.net "spam tools" mailing list, important news about block lists or new developments like RMX and SPF always make it into this list. Interesting authors are among others Seth B. and John L. (both) Bye, Frank From jwray at nildram.co.uk Sun Apr 4 08:04:32 2004 From: jwray at nildram.co.uk (James Wray) Date: Sun Apr 4 01:05:05 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:406F95EE.7827@xyzzy.claranet.de... > James Wray wrote: > > > My question is, can we do anything else? > > Maybe read the abuse.net "spam tools" mailing list, important > news about block lists or new developments like RMX and SPF > always make it into this list. Interesting authors are among > others Seth B. and John L. (both) > > Bye, Frank > Thanks Frank, I will be monitoring the various newsgroups and posting updates to sites we host as well as taking our own action on our site. Out of interest one of the admins from a hosted site found a lot of these emails on one of the accounts: I am no expert but they look very suspicious and all from the same aol account. Is this what they were using to spam from the server you think? It would be good to know so that we can say well it was that, rather than still no know and worry about other things that may still be open. thanks James Email below: ----- Forwarded message from iTIxM2de@muggleinformer.net ----- Date: Sat, 27 Mar 2004 00:38:15 -0500 From: iTIxM2de@muggleinformer.net Reply-To: iTIxM2de@muggleinformer.net Subject: http://www.muggleinformer.net/cgi-sys/formmail.pl (212.21.228.26:80) bcc: coholx1@aol.comcuu 2r38H3tc4 nUfhA cm 4t5m0egh1 I0kHsMBQbRT 8e4R1l Khx3Kl2R W Q3Gq 9L8UvFaBVVG5tWTjl6b69kk ÿFFFFCC. To: iTIxM2de@muggleinformer.net body: cuu 2r38H3tc4 nUfhA cm 4t5m0egh1 I0kHsMBQbRT 8e4R1l Kh x3Kl2R W Q3Gq 9L8UvFaBVVG5tWTjl6b69kk ÿFFFFCC ----- End forwarded message ----- From DougThegarden at hotmail.com Sun Apr 4 09:26:50 2004 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 4 03:30:18 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: Robert Taylor wrote: > > With respect: In my opinion, Justice Stewart's remark is an unsatisfactory, > Personally I prefer the criteria suggested by Mervyn Griffiths-Jones, the prosecutor in the famous Lady Chatterley's Lover obscenity trial in London in 1960, a definition that has gone down as a classic: "You may think one of the ways in which you can test this book is to ask yourself the question: would you approve of your own son and daughter, because girls can read as well as boys, reading this book? Is it a book you could have lying in your own house? Is it a book you would wish your wife or your servant to read? " Unsurprisingly, even for those times, he lost the case Doug ;-) From nobody at spamcop.net Sun Apr 4 08:45:18 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 03:50:04 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Skiwi (skiwi@spamcop.net) wrote in news:c4na0v$enf$1@news.spamcop.net: > http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=show > history Not everyone here has a SC mail account; I certainly don't. Care to tell us what this is about? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From JohnJBurnessAT at ieeDOT.org Sun Apr 4 10:17:23 2004 From: JohnJBurnessAT at ieeDOT.org (John J. Burness) Date: Sun Apr 4 04:20:02 2004 Subject: [SpamCop-List] One Scammer gone!! Message-ID: See http://news.bbc.co.uk/1/hi/wales/north_west/3594043.stm From windsorfoxNOSPAM at cox.net Sun Apr 4 04:34:50 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Apr 4 04:35:03 2004 Subject: [SpamCop-List] Re: Ebay Con Spam In-Reply-To: References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: Mike Easter wrote: > Marjolein Katsma wrote: > >>WindsorFox[SS] >> >>>No matter howmuch someone dislikes women posing in swimsuits it is >>>not porn. >> >>And nudity is??? C'mon! > > > You snipped away some of what he sed > > WindsorFox[SS] wrote: > >>To many people innocent nudity >>such as on the beach is not porn that's why it's described as >>containing nudity. It's only a really tough decision to people who >>have the wrong motivations. > > > As a general rule, 'regular' nudism and nudist camps and beaches and > such are very 'innocent' and are considered a family activity by > nudists. We have a nearby nude beach and parts of it are 'contaminated' > [or frequented if you prefer] by open sexual activities that would be > upsetting to some 'family entertainment' sorts. The open sexual > activities are typically male homosexual. > > That's NOT what was in my mailbox though. From windsorfoxNOSPAM at cox.net Sun Apr 4 04:37:36 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Apr 4 04:40:04 2004 Subject: [SpamCop-List] Re: Ebay Con Spam In-Reply-To: <406F3452.3080309@spamcop.net> References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: Tim McGraw wrote: > > You're making a complex issue a black and white one. > > "In 1964, Justice Potter Stewart tried to explain 'hard-core' > pornography, or what is obscene, by saying, 'I shall not today attempt > further to define the kinds of material I understand to be embraced... > [b]ut I know it when I see it.'" > > http://tinyurl.com/smsa > Pictures of grown men "hanging" around on Black's Beach is not pornography or particularly obscene, however; most prudent people do not want it lurking in their 9 year old daughters email box. Of course we all know this it NOT was is being spammed by porners. From pete at heypete.com Sun Apr 4 00:44:30 2004 From: pete at heypete.com (Pete Stephenson) Date: Sun Apr 4 04:46:07 2004 Subject: [SpamCop-List] Re: spam problem worsening... References: Message-ID: In article , "Barbara Yoon" wrote: > My e-mail spam problem is worsening -- I now get about 50 to 100 > e-mails every day That's it? I got 545 yesterday...and it's only 12:45am, and I've already received 15. -- Pete Stephenson HeyPete.com From nobody at spamcop.net Sun Apr 4 09:54:58 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 04:56:04 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:406F9042.7A30 @xyzzy.claranet.de: >> try writing a polling system yourself > > Why should I ? I rarely test Lynx, but solutions working for > Netscape 3.x exist, and probably they work for later browsers. > (I'm no JavaScript expert and not even a beginner, so don't > nail me if there's a problem with say (void) and locations). Just to find out that it's really not easy - and that many, many people have a good reason *not* to write their own but use a service. And if you use a service, it still helps to *have* written your own (or tried to) so you know what to look for, in making sure the poll is actually usable by *all* of your target audience. >> If you do find a better system let us know. > > Surveys by ICANN and of course amazon.* were always okay. But > I can't say if they required JS. And they used what? > One survey about spam in the EU was tricky. And they used what? It's obvious to me Julian has either not considered the consequences of using the particular service he's using, or simply does not have the experience (with polling systems) to appropriately judge what it is this service offers and how it creates hurdles for some of those who try to give the feedback he's asking for. Since I *do* know just how hard it is to write a good, and usable, polling system, I tend to make allowances for those who use an outside service when writing polls is not their daily job but they want to get your input all the same. At the same time, they *should* get feedback about the usability and accessibility of the polling system if there are problems. That, at least, would enable them to choose a better service (or configure it better) the next time they sollicit feedback. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From windsorfoxNOSPAM at cox.net Sun Apr 4 05:00:23 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Apr 4 05:00:15 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in > news:c4m3g3$7jk$1@news.spamcop.net: > > >>>Sounds like author Chris Anderson has never used a decent browser - >>>or even an undecent browser with a decent popup stopper. >>> >>> >> >> As someone who has spent enormous amounts of time removing adware >>and spyware from "average Joe" users ... > > > Still that would imply Chris Anderson is an "average Joe" IT journalist > who doesn't know how to stop popups/popunders? I find that hard to > believe. The article suggests there is no escape; it would have been > infinitely better if it explained *what* escape is possible. > > Perhapse he's being dramatic. From nobody at spamcop.net Sun Apr 4 10:10:52 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 05:15:14 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4ndvs$kt9$1@news.spamcop.net: >> There is really no need to force anyone into a particular >> authentication system or server when there are several available >> already. Just make it a little more intelligent! > > I don't believe it can be made to work cleanly with HTTP > authentication - the protocol doesn't allow for that kind of > intelligence. That's actually the reason many sites use cookies > instead - they allow the server to be more "intelligent", because it > can see if there's a cookie on the first request, rather than having > to send a "login required" message to the browser to find out if > there's any login information. Using cookies _only_ actually allows the server to be *less* intelligent, not more: it wants a cookie and doest't try anything else: that's not very intelligent, it's actually quite dumb. What's the problem with using both? If the browser sends a cookie, you don't need to ask for authentication, if it doesn't ask for authentication, and if the browser gives it, you're already logged in, otherwise you're prompted. Oh yes, that *would* require the server (or, rather, the script running on the server) to be more intelligent - but it's definitely possible; I've seen systems that do exactly this. The current 'www' links in the mails (and the way the server handles them) don't allow this: they require cookies only - which I object to because they're unnecessary and insecure. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From me at privacy.net Sun Apr 4 07:02:46 2004 From: me at privacy.net (Frog Prince) Date: Sun Apr 4 06:10:04 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: "Frank Ellermann" | > My question is, can we do anything else? | | Maybe read the abuse.net "spam tools" mailing list, important | news about block lists or new developments like RMX and SPF | always make it into this list. Interesting authors are among | others Seth B. and John L. (both) Are there any links to information on how to best secure public (free) WiFi Hot spot system? From me at privacy.net Sun Apr 4 07:03:39 2004 From: me at privacy.net (Frog Prince) Date: Sun Apr 4 06:10:17 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> Message-ID: "Paul Johnson" | | > Comcast will not let me forward spam to the FTC or the FDA! | | Get a commercial account, run a mail server. That's how I solved that | one before it got started. Isn't a commercial account much more expensive? From nobody at xyzzy.claranet.de Sun Apr 4 14:40:06 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 4 07:45:22 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: <406FF416.DCA@xyzzy.claranet.de> Frog Prince wrote: > any links to information on how to best secure public (free) > WiFi Hot spot system? Sorry, but what's a "WiFi got spot system" ? Has it something to with with "spam tools" and fighting spam ? If yes, you can check it out for yourself, they have a public archive. That's what I do about once per month, I'm no subscriber, bye, Frank From nobody at xyzzy.claranet.de Sun Apr 4 14:49:01 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 4 07:55:03 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: <406FF62D.58CE@xyzzy.claranet.de> James Wray wrote: > I am no expert You could ask Spamcop for a second opinion, if you have the complete header + body. SC is quite good at parsing mails headers. > From: iTIxM2de@muggleinformer.net One of your "Lord of the ring" fans also likes Harry Potter... > body: cuu 2r38H3tc4 nUfhA cm 4t5m0egh1 I0kHsMBQbRT 8e4R1l ...and (s)he's a parselmouth . Joke off, you need the complete header incl. Return-Path: and all Received: lines. Bye, Frank From MikeE at ster.invalid Sun Apr 4 06:02:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 08:05:03 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: WindsorFox[SS] wrote: > Pictures of grown men "hanging" around on Black's Beach is not > pornography or particularly obscene, however; most prudent people do > not want it lurking in their 9 year old daughters email box. Of > course we all know this it NOT was is being spammed by porners. If a 9 year old [girl or boy] has 'free access' to the internet, pornographic spam and websites isn't hir greatest 'threat' - there are much much more potentially dangerous issues than that. There needs to be considerable 'oversight' and supervision about how the 'educational' exposure process is going. That age is perfectly capable of participating in the setting up of spam filters and also in knowing just exactly what they are filtering. I don't think their eyes need to be shielded from it. Or saturated with it. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sun Apr 4 15:39:43 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 4 08:45:19 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> Message-ID: <4070020F.65C@xyzzy.claranet.de> Marjolein Katsma wrote: > Just to find out that it's really not easy I believe it without trying to roll my own. Look, I have no Web server, if you don't count my script trying to generate a 404 for doubleclick and other addresses with IP 127.0.0.1 on my system. I don't know apache, if you don't accept "like a Fido mailbox, only with http over TCP/IP" (and you shouldn't). I'm not in the position to develop a system for Web surveys... > many people have a good reason *not* to write their own ...yes, add me, please. > it still helps to *have* written your own (or tried to) Sure. But if I'd be that interested, I would start to install a Web server. Or rent a host with an existing Web server, to learn the administration. Or find a hoster where I'm allowed to run my own cgi scripts (the number of cgi applications I've modified so far is exactly one, and that was a C program... ;-) [ICANN and amazon] > And they used what? If there was no JS (and I don't think so), then they used the HTML-form elements supported by Netscape 3.x (on my side of the action). E.g. no buttons outside of forms (important for Netscape up to 4.x). Table(s) within form(s) or vice versa, but no form starting within table one and continued in table two, i.e. plain simple and _valid_ HTML. That's probably not what you're asking, but it's very important for my browser(s). >> One survey about spam in the EU was tricky. > And they used what? They used JS for the input validation and some kind of control flow from question to question. Because I had JS disabled I got a monster page with all questions of their survey (and numerous useless "next question" buttons, which didn't work, but I could still answer all questions on one page). > hurdles for some of those who try to give the feedback he's > asking for. Oops, tnx for info, I didn't know that he really is asking for feedback. I rarely look at the "news" section of the welcome page, because I'm normally busy to use "report now" on this page. Back to the "survey service" question, it's probably a good idea to test services by 3rd parties with Lynx before. Using the W3 validator would be too hard, and using cg-eye online is already too technical. Bye, Frank From michael.spamcop at michaellefevre.com Sun Apr 4 13:43:54 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sun Apr 4 08:45:41 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Marjolein Katsma wrote: > Skiwi (skiwi@spamcop.net) wrote in news:c4na0v$enf$1@news.spamcop.net: > >> http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=show >> history > > Not everyone here has a SC mail account; I certainly don't. Care to tell > us what this is about? Well, you can see the whole header from the tracking URL: http://members.spamcop.net/sc?id=z388382644zd23b133c52274d39eb886d9086f006f7z but that doesn't add anything to his message - I assume he's just laughing at the idea of selling debt consolidation in a religious context. -- Michael From michael.spamcop at michaellefevre.com Sun Apr 4 13:55:13 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sun Apr 4 09:00:04 2004 Subject: [SpamCop-List] Re: E-mail address change References: <87oeqbjud3.fsf@ursine.ca> <87ekr7ut2b.fsf@ursine.ca> Message-ID: Marjolein Katsma wrote: [snip] > > What's the problem with using both? If the browser sends a cookie, you > don't need to ask for authentication, if it doesn't ask for > authentication, and if the browser gives it, you're already logged in, > otherwise you're prompted. Oh yes, that *would* require the server (or, > rather, the script running on the server) to be more intelligent - but > it's definitely possible; I've seen systems that do exactly this. But then you're requiring either a cookie or a login - most of the pages also need to work when you don't have either. For the links in the emails, that would be possible. -- Michael From dms at zetnet.co.uk Sun Apr 4 15:25:21 2004 From: dms at zetnet.co.uk (Donna Smillie) Date: Sun Apr 4 09:30:04 2004 Subject: [SpamCop-List] Seems you can now opt in to receive 419 scam emails... Message-ID: Received from Limelight Networks abuse desk in response to a Spamcop report re a 419 scam email: >Hello > >The customer has replied to us regarding this ticket and has >stated that the users email address has been removed from their >opt-in list. !!!!! From Windrider6 at SpamCop.net Sun Apr 4 14:29:14 2004 From: Windrider6 at SpamCop.net (Bruce A. Johnson) Date: Sun Apr 4 09:30:14 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Donna Smillie wrote in news:ko20705iomp4csonl4hb9v24s8b48l56gd@4ax.com: > Received from Limelight Networks abuse desk in response to a Spamcop > report re a 419 scam email: > >>Hello >> >>The customer has replied to us regarding this ticket and has >>stated that the users email address has been removed from their opt-in >>list. > > !!!!! > > If the e-mail address in question was munged in the SpamCop report, like it normally would be, then how would "the customer" legitimately know what e-mail address to remove from the opt-in list? - Bruce A. Johnson in Hardisty, Alberta, Canada - Windrider6@SpamCop.net From me at privacy.net Sun Apr 4 10:29:42 2004 From: me at privacy.net (Frog Prince) Date: Sun Apr 4 09:35:04 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> <406FF416.DCA@xyzzy.claranet.de> Message-ID: "Frank Ellermann" | > any links to information on how to best secure public (free) | > WiFi Hot spot system? | | Sorry, but what's a "WiFi hot spot system" ? Has it something | to with "spam tools" and fighting spam ? If yes, you can | check it out for yourself, they have a public archive. That's | what I do about once per month, I'm no subscriber, bye, Frank On the accurate presumption that WiFi *is* a tool for spammer to send their spew. (check recent post on T-Mobile in SC and other news groups) I've looked over the site listed (and quite a few others) and there is very little on how to make such a public WiFi HotSpot program as secure as possible from roaming spammers. Basically what's happening is these hot spots are 'plugged-in and forgotten'. The only savings grace is that they are not yet wide spread as to show up on the spam radar as a major source of problems. I have a FAST (first application system test) 'toy' site set up and have been hit at least twice in the past month with 'drive by spammer attempts'. I caught the attempts as I was watching the traffic real time else I'd have never know it until the s|it hit the fan. Public hot spots in the area (WNC) have been hit and short of unplugging the service no one has a clue on how to prevent the abuse. I ask the question as I'm directly involved with a number of city wide, public WiFi projects and would prefer to deal with the problem (as much as I can) in the front rather than after the spew is on the net. I should mention that I'm dumb as a post on this spam and on networking in general (my only savings is I know RF) but like the one eyed man in the land of the blind I'm the smartest guy on the ground in these parts. I kinda sorta though this group might have the same feelings on the subject. If I'm wrong I apologize and I'll take my question/search elsewhere. From spnewssp at mathom.jp Sun Apr 4 23:39:48 2004 From: spnewssp at mathom.jp (Taro Kawahara) Date: Sun Apr 4 09:40:02 2004 Subject: [SpamCop-List] why 202.247.191.99 is treated as spam souce? Message-ID: I noticed that my provider's mailserver [202.247.191.99] (mx1.rim.or.jp) is listed on spamcop blocklist. But I checked latest 10 reports from report history, it sounds all of these reports had something spamcop error. All of these seem mx1.rim.or.jp is not a spam source. Would our server have removed from spamcop blacklist? -- tarokawa From spamcop001 at bellsouth.net Sun Apr 4 09:51:21 2004 From: spamcop001 at bellsouth.net (Bo Briggs) Date: Sun Apr 4 09:55:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: Mike Easter wrote: > Eric Johannsen wrote: > >>I cut and pasted the message source EXACTLY from the message source >>window in Outlook Express... > > > Okay. I'm back in the groove now and not confused between Eric and > Keith. > > What is this "thing"? > > Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable > Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 > > What does MailEnable Catch-All Filter have to do with the handling of > this item? Maybe it is the 'thing' that is screwing up the mail before > it gets to your OE, or maybe it is what is described below. > It's just a delivery thing in MailEnable if you have Catch-All on. I don't know why it's put in a received line, but it seems that the parser knows to ignore the line. > Also, something is 'all screwed up' between isaac.com and johannsen.us - > that is, in how whichever is supposed to be stamping this line below is > 'taking care of business'. > > Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with > MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 by isaacsmail.com > (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr 2004 > 06:28:20 -0500 (EST) (envelope-from www) > > That line is supposed to say: > > Received: from HELO ([source.ip]) by receving.domain.name with > somestufff datestamp > > not > > Received: from HELO (source.ip]) by some.domain.name with somestuff > datestamp1 by another.domain.name somestuff datestamp2 > Did you copy/paste Eric's original post to get that parse? http://www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z When I do it (and fix up the double line spacing and indents), I get this: http://www.spamcop.net/sc?id=z389840749za410ee9402b26b6316f6ecf4560eabdcz > Whatever is screwing up its stamp is probably screwing up those headers > [and the spambody] before your OE gets them. > > The line in question is the sourceline, where 201.1.80.68 rDNS > 201-1-80-68.dsl.telesp.net.br is calling itself isaacsmail.com in the > HELO for the transaction. > > But when I go back to the original post, I see that Eric copied these headers: Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 Received: (from www@localhost) by isaacsmail.com (8.10.2/8.10.2) So there is another received line in there (the line that starts Received: (from www@localhost) and the 'by isaacsmail.com (8.10...' is added to the correct MailEnable received line above it. -- Bo Briggs From MikeE at ster.invalid Sun Apr 4 08:03:16 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 10:05:02 2004 Subject: [SpamCop-List] Re: why 202.247.191.99 is treated as spam souce? References: Message-ID: Taro Kawahara wrote: > I noticed that my provider's mailserver [202.247.191.99] > (mx1.rim.or.jp) is listed on spamcop blocklist. But I checked latest > 10 reports > from report history, it sounds all of these reports had something > spamcop error. All of these seem mx1.rim.or.jp is not a spam > source. Would our server have removed from spamcop blacklist? 202.247.191.99 rDNS mx1.rim.or.jp is listed, and .100 rDNS mx2 has also been reported but isn't listed. If the parser makes an error and the reporter reports the IP the output server can be listed. Only a deputy can look at the evidence and see if such a problem is happening. Emailed. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sun Apr 4 17:14:30 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 4 10:20:03 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> <406FF416.DCA@xyzzy.claranet.de> Message-ID: <40701846.7AD2@xyzzy.claranet.de> Frog Prince wrote: > check recent post on T-Mobile in SC and other news groups Has this something to do with an intentionally (or not so intentionally ;-) public WLAN abused by spammers ? Then I'm completely lost, if an obvious idea like blocking outgoing port 25 traffic doesn't help. Probably a stupid question, but isn't this essentially the same as an open proxy ? > I kinda sorta though this group might have the same feelings > on the subject. Oh, that's sure, but I don't recall any discussion about your special problem here. Bye, Frank From sally at nowhere.net Sun Apr 4 11:18:16 2004 From: sally at nowhere.net (sally) Date: Sun Apr 4 10:25:04 2004 Subject: [SpamCop-List] Re: What does this reply mean and why did I receive it? References: Message-ID: Mike Easter wrote in message news:c4jssn$1cc$1@news.spamcop.net... > sally wrote: > Subject: What does this reply mean and why did I receive it? > > That's an 'acknowledgement' of a SC report. > > You received a spam 'Fight for your self esteem' which was sourced an > open proxy at a South Africa uunet and you spamcop reported it report > #845211386 which went to abuse@za.uu.net & abuse@uunet.co.za with the > standard evidence and tracker. > > That item came to be in the hands of Ridwaan Roberts noc at .za uunet > who emailed acknowledgement back to the report# addy which the spamcop > 'system' sent on to you. The 'content' of his mail consisted of the > content of the report mail with added "Hi One of yours Best regards" > plus a disclaimer and a sig. > > You've pasted here the message source of that, consisting of spamcop to > you headers plus the body of Ridwaan's mail containing what is described > above. > Thanks for the explanation, Mike. I've been reporting spam via spamcop for a long time and this is the first time I've ever received an acknowledgment. Sally From MikeE at ster.invalid Sun Apr 4 08:22:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 10:25:16 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Bo Briggs wrote: > Mike Easter wrote: >> Also, something is 'all screwed up' between isaac.com and >> johannsen.us - that is, in how whichever is supposed to be stamping >> this line below is 'taking care of business'. >> >> Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with >> MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 by isaacsmail.com >> (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr >> 2004 06:28:20 -0500 (EST) (envelope-from www) >> >> That line is supposed to say: >> >> Received: from HELO ([source.ip]) by receving.domain.name with >> somestufff datestamp >> >> not >> >> Received: from HELO (source.ip]) by some.domain.name with somestuff >> datestamp1 by another.domain.name somestuff datestamp2 >> > > Did you copy/paste Eric's original post to get that parse? www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z I just rechecked that. The just above is different from yours; it only has 2 Received: trace lines [separating below for clarity]: Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr 2004 06:28:20 -0500 (EST) (envelope-from www) > When I do it (and fix up the double line spacing and indents), I get > this: www.spamcop.net/sc?id=z389840749za410ee9402b26b6316f6ecf4560eabdcz Yours has 3 Received: trace lines and a little more stuff [seperating below, removing whitespace and wraps, newspost will add new wraps]: Received: from 201.1.80.68 ([201.1.80.68]) for with MailEnable Catch-All Filter; Thu, 01 Apr 2004 03:30:34 -0800 Received: from isaacsmail.com ([201.1.80.68]) by johannsen.us with MailEnable ESMTP; Thu, 01 Apr 2004 03:30:33 -0800 Received: (from www@localhost) by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 for ; Thu, 1 Apr 2004 06:28:20 -0500 (EST) (envelope-from www) The important difference would be the presence of this "Received: (from www@localhost)" to precede the 'by' field of isaacsmail in the bottom line. That really helps a lot. I wonder why we are seeing something different at his original? I checked it two different places, at the original link, and then the link which goes to view entire message: http://www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2 z&action=display There are only 2 Received: lines and no '(from www@localhost)' field in what I am seeing. -- Mike Easter kibitzer, not SC admin From rickert+nn at cs.niu.edu Sun Apr 4 15:25:37 2004 From: rickert+nn at cs.niu.edu (Neil Rickert) Date: Sun Apr 4 10:30:02 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-04-04, Bruce A. Johnson wrote: > If the e-mail address in question was munged in the SpamCop report, like > it normally would be, then how would "the customer" legitimately know > what e-mail address to remove from the opt-in list? Header information should be enough to locate the logs for that message. The logs should list the recipient. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SunOS) iD8DBQFAcBrfvmGe70vHPUMRAvpIAKCM2h+ZjzFDM6lE2EyrNObrB2jZXgCgpZNT SjAHW/RxolDkGbtn/IqoLMw= =Mh0V -----END PGP SIGNATURE----- From DONOTSPAMpeterpepper at NOSPAMbizwax.com Sun Apr 4 10:30:05 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Sun Apr 4 10:30:10 2004 Subject: [SpamCop-List] Re: False FROM and REPLY-TO = More bounces than spam (please advise) References: Message-ID: update: anti-spam@ns.chinanet.cn.net will return a bounce after floating around in email la-la land for about 5 days... > anti-spam@ns.chinanet.cn.net > host lookup did not complete: retry timeout exceeded PP "Peter Pepper" wrote in message news:c4cdca$bif$1@news.spamcop.net... > I'm keeping my inbox empty, but its a chore! > > According to APNIC (http://www.apnic.net/apnic-bin/whois.pl), spam > complaints for IP 219.133.31.178 should go to: anti-spam@ns.chinanet.cn.net. > SC lists a similar but different address of anti-spam@chinanet.cn.net and > states it bounces. Can SC update this address so reports do not get sent to > devnull? > > PP > > > "Mike Easter" wrote in message > news:c3plj7$fbb$1@news.spamcop.net... > > Peter Pepper wrote: > > > A spammer is falsifying the FROM and REPLY-TO field by fraudulently > > > using one of my domain names in these fields. This is causing me to > > > incur a landslide of errors, bounces, and complaints from the several > > > ISPs and users. I am now probably getting as many bounces as actual > > > spam, which has in effect doubled my already large spam load. > > > > That can be very inconvenient, but there's nothing you can do about it > > except to manually report the original spam items on the basis of the > > original spam headers and spambody. You can parse the spam with > > spamcop, but you can't spamcop report it, as it isn't 'spamcop spam' as > > per the faq on bounces. > > > > > The spammer is advertising a website that uses the following IP > > > address: 219.133.31.178 That is about as much information as I can > > > find on the spammer. > > > > SpamCop would say to manually report that as: > > Parsing input: 219.133.31.178 > > host 219.133.31.178 (getting name) no name > > Reporting addresses: > > ipadm@gddc.com.cn > > ctsummary@special.abuse.net > > > > You can also usually examine the original spamheaders, not the bounce > > headers, for the source, which is likely an open proxy and report that > > to the insecure provider. > > > > > Please advise if you know of any remedies for this type of scenario. > > > > No 'remedies' - only some standard manual actions on the original spam. > > If you don't have manual reporting 'ability' or skills then there's > > absolutely nothing you can do except to keep your mailbox empty so that > > your own good mail won't start getting lost because of full mailbox. > > > > -- > > Mike Easter > > > > From a at all.addresses.on.cdrom.are.invalid.aaa Sun Apr 4 11:33:06 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sun Apr 4 10:35:04 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server In-Reply-To: References: <406F95EE.7827@xyzzy.claranet.de> <406FF416.DCA@xyzzy.claranet.de> Message-ID: Frog Prince wrote: > > On the accurate presumption that WiFi *is* a tool for spammer to send their > spew. (check recent post on T-Mobile in SC and other news groups) I've > looked over the site listed (and quite a few others) and there is very > little on how to make such a public WiFi HotSpot program as secure as > possible from roaming spammers. Basically what's happening is these hot > spots are 'plugged-in and forgotten'. The only savings grace is that they > are not yet wide spread as to show up on the spam radar as a major source of > problems. They need to be locked down to provide minimum connectivity. > I have a FAST (first application system test) 'toy' site set up and have > been hit at least twice in the past month with 'drive by spammer attempts'. > I caught the attempts as I was watching the traffic real time else I'd have > never know it until the s|it hit the fan. Public hot spots in the area (WNC) > have been hit and short of unplugging the service no one has a clue on how > to prevent the abuse. To stop abuse of the external internet, All server ports must be blocked. You must block port 25 for direct e-mail. People who want to send e-mail must either have their systems registered with you to send using SMTP auth through your provided mail server, or they must use an external server using one of the alternate ports provided for by RFC. This e-mail restriction is no different than many other ISPs. > I ask the question as I'm directly involved with a number of city wide, > public WiFi projects and would prefer to deal with the problem (as much as I > can) in the front rather than after the spew is on the net. Stopping the spew from the Internet should not be too hard, you just severely limit what unauthenticated users can do. Unless someone wants to set up a web or ftp server from your hot-spot, none of your users will notice anything other than two things. 1. You require them to use an alternate port to reach their SMTP servers, which if their network operators understood internet security, they would encourage them to use. 2. You require them to have secured their systems to prevent with software firewalls if they are running a platform that is vulnerable to popular worms. Both of these are something that all mobile users should expect to be done as a standard procedure. And your terms of service should word it in such a way that does not insult the customer, but strongly implies that only incompetent network operator would not require these things. > I should mention that I'm dumb as a post on this spam and on networking in > general (my only savings is I know RF) but like the one eyed man in the land > of the blind I'm the smartest guy on the ground in these parts. You have two problems to solve. 1. To prevent internal users from causing external abuse. That is done with a firewall and mandatory proxy server. No direct access to the outside internet. Use a NAT scheme and allocate all internal users an RFC non-routable addresses. You can give them all the same public I.P. address, or you can map them one to one for external addresses. That way there is no way that they can effectively operate an abusive service. They can not even participate in external DDOS attacks. Port 25 requires use of your mail server should you decided to provide one, and requires SMTP auth used with SSL. Put rate limiting on mailings through your mail server, a tighter lock down for new accounts. For example: Allow the mail server to send only 5 emails per hour for a new account. For an existing account, 25 emails an hour unless they make special arrangements with you. That is the easy part. Problem 2. WiFi users in a hotspot are vulnerable to abuse by other WiFi users. One abusive user can potentially hijack your entire hotspot. You must be continually scanning for DHCP servers that may show up. If a cracker adds a DHCP server to the hot-spot that can respond faster than yours, he owns the hot-spot, and can reroute all network traffic through their system. For systems that are vulnerable to worms, make running a software firewall a mandatory requirement for using the hot spot. When a system first gets a DHCP address, do a security scan to see if the Windows networking ports are open. If so, shut off their access as they are likely infected, and are vulnerable to many known and yet to be discovered exploits. You must watch for traffic showing up from non-broadcast I.P. addresses that you did not assign manually, or by your dhcp server. If you see them, you have either a mis-configured server, or someone is trying to break in. > I kinda sorta though this group might have the same feelings on the subject. > If I'm wrong I apologize and I'll take my question/search elsewhere. For real technical details, spamcop.geeks may be more appropriate. Networking is not hard on an individual home basis, but it gets more complicated when you do not have control of the systems directly connected. In the WiFi case, you are connecting two insecure networks, and need to do so in such a way that they can not cause abuse. So you must first set-up the hot-spot as an intra-net with a limited gateway. And then take steps to prevent internal abuse of the hot-spot. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Sun Apr 4 08:34:21 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 10:35:15 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Bo Briggs wrote: > Did you copy/paste Eric's original post to get that parse? > www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z Oh, I get it. I only 'looked at' the information at the tracker and its 'derivative' "View entire message" - I didn't 'look at' what he pasted into the ng message [since it wasn't supposed to be here ;-) ] Now that I re-examine the spam he put in here, I see that it is different from the spam which the parser worked. You are correct, what he /posted/ contains the missing "Received: (from www@localhost)" and results in what you posted below. > When I do it (and fix up the double line spacing and indents), I get > this: > http://www.spamcop.net/sc?id=z389840749za410ee9402b26b6316f6ecf4560eabdc z -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sun Apr 4 20:30:06 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 4 11:35:09 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: "Bruce A. Johnson" wrote in message news:Xns94C14C29BA163Windrider6SpamCopnet@216.154.195.61... > Donna Smillie wrote in > news:ko20705iomp4csonl4hb9v24s8b48l56gd@4ax.com: > > > Received from Limelight Networks abuse desk in response to a Spamcop > > report re a 419 scam email: > > > >>Hello > >> > >>The customer has replied to us regarding this ticket and has > >>stated that the users email address has been removed from their opt-in > >>list. > > > > !!!!! > > > > > > If the e-mail address in question was munged in the SpamCop report, like > it normally would be, then how would "the customer" legitimately know > what e-mail address to remove from the opt-in list? > > - Bruce A. Johnson in Hardisty, Alberta, Canada > - Windrider6@SpamCop.net This should go to sightings and NANAE, limelight needs to be blocked at the router From nobody at spamcop.net Sun Apr 4 12:05:26 2004 From: nobody at spamcop.net (WazoO) Date: Sun Apr 4 12:10:02 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: "Frog Prince" wrote in message news:c4omkt$o6g$1@news.spamcop.net... > > Are there any links to information on how to best secure public (free) WiFi > Hot spot system? Had you asked this over in 'geeks' ... I might have suggested a link like http://www.seattlewireless.net ... but you asked here, so guess I won't From basmith61 at spamcop.net Sun Apr 4 10:40:21 2004 From: basmith61 at spamcop.net (B. Smith) Date: Sun Apr 4 12:45:53 2004 Subject: [SpamCop-List] Why doesn't SC find this spammer's address? Message-ID: See same title in .spam ... If I manually just enter the spammer's address "http://www.viagrax.biz" SC wants to send the reports to postmaster@hljtele.com, and network@hljtele.com. But when I just copy and paste the whole spam into SC it never lists the reporting address for viagrax.biz. From MikeE at ster.invalid Sun Apr 4 10:48:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 12:50:07 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: Message-ID: B. Smith wrote: > See same title in .spam ... > > If I manually just enter the spammer's address > "http://www.viagrax.biz" SC wants to send the reports to > postmaster@hljtele.com, and network@hljtele.com. > > But when I just copy and paste the whole spam into SC it never > lists the reporting address for viagrax.biz. Empty BCC line in header. SC can't parse the body if there's an empty BCC line. You have to remove the empty BCC, parse the item, but then you can't spamcop report that because you can't spamcop report something which you have to change to get SC to see the link. I didn't know you had this thread in spamcop, so I answered your .spam one in .help. Talk about it either place. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Apr 4 18:43:50 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 13:45:05 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Michael Lefevre (michael.spamcop@michaellefevre.com) wrote in news:c4ovu9$um9$1@news.spamcop.net: > Well, you can see the whole header from the tracking URL: > http://members.spamcop.net/sc? id=z388382644zd23b133c52274d39eb886d9086f006f7z > but that doesn't add anything to his message Well, a tracking code (use 'www' for a URL) would allow *anyone* to see what it's about, and not just the header either. :) Really nice graphics, for instance, someone made a lot of effort here. And this: "...and forgive us our debts...(Matt. 6:12)" (I have no idea whether that's a real quote though :)) And then on their site (about): "Christian Debt Management provides direction for those with financial burdens. Our mission is to provide individuals and families with assistance to lighten the load and relive (sic) the stress caused by financial burdens. Our desire is to help you become debt free and reach financial freedom through our simple debt consolidation services. We can help you so don't delay!" Yes, that adds a lot! These are *nice* spammers! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sun Apr 4 18:44:27 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 13:45:23 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Donna Smillie (dms@zetnet.co.uk) wrote in news:ko20705iomp4csonl4hb9v24s8b48l56gd@4ax.com: >>The customer has replied to us regarding this ticket and has >>stated that the users email address has been removed from their >>opt-in list. LOL! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sun Apr 4 18:49:26 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 13:50:03 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4n778$bsv$1@news.spamcop.net: > Interestingly, the various banks or whatever's accounts are being > phished often don't want to hear about it either. I was looking over > a site the other day and they have a 'gizmo' so that you can look up > the particular scam. If they already know about that one, they don't > want to hear about it. Let me guess: citibank? They have a lot of info, but *no* email address for reports, alas. > Only if it is a new gig would they like to see it. > Others don't want to hear about any of them; they just give the > client some pointers on how to avoid being phished. And they have a > number to call if you've already /been/ phished. Yes, ... I actually tried writing to a few banks but received ZERO reaction to my request for an email address - no reply at all. Still, some banks and financial instututions *do* want to hear about them - see http://banspam.javawoman.com/report3/scam3.html for all that I've been able to find. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sun Apr 4 18:50:36 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 13:55:05 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: eddie (eddie@eddie.web) wrote in news:pan.2004.04.03.23.25.45.150000 @eddie.web: > Well, since it is not a bank I deal with, and since nobody seems to want > to hear about it, I will start deleting these phisher-spams > immediately, since they only go to the bit-bucket anyway. "Nobody" is not right. At least the Anti-Phishing Working Group wants to hear about them. See http://banspam.javawoman.com/report3/scam3.html for more. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From eddie at eddie.web Sun Apr 4 14:50:59 2004 From: eddie at eddie.web (eddie) Date: Sun Apr 4 13:55:16 2004 Subject: [SpamCop-List] verio, etal, the ostrich and munging Message-ID: Verio and other spam-friendly ISPs do not accept munged complaints. Then, no doubt, like the head-in-the sand ostrich, they proudly say that they do not support spam because they don't get any complaints. I suppose that the money is making them act this way. Verio is just another off-shore spamhouse. I wish they would move home. From usenet1 at DE.LETE.THISljvideo.com Sun Apr 4 18:51:30 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Sun Apr 4 13:55:24 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: Message-ID: Waiving the right to remain silent, "Mike Easter" said: > Empty BCC line in header. SC can't parse the body if there's an > empty BCC line. What the he!! good is Spamcop's reporting system if one needs to manually correct the email's headers..? Only dedicated geeks understand headers. Wasn't that supposed to be the purpose of the parser - to do the work for the AVERAGE user..? -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From tmcgraw at spamcop.net Sun Apr 4 11:54:37 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 13:55:30 2004 Subject: [SpamCop-List] {Virus?} Thank you Message-ID: <407059ED.90004@spamcop.net> spam with same subject just posted in .spam. While posing as a virus notification, it appears to be from an unsecured AOL server. Comments? From tmcgraw at spamcop.net Sun Apr 4 11:56:03 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 14:00:04 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: Message-ID: <40705A43.5050806@spamcop.net> Larry Jandro wrote: > Waiving the right to remain silent, "Mike Easter" > said: > >>Empty BCC line in header. SC can't parse the body if there's an >>empty BCC line. > > What the he!! good is Spamcop's reporting system if one needs to > manually correct the email's headers..? > > Only dedicated geeks understand headers. Wasn't that supposed to be > the purpose of the parser - to do the work for the AVERAGE user..? Q: Do you believe this is spamcop's "fault"? Or the spammer's? From nobody at spamcop.net Sun Apr 4 18:57:08 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 14:00:13 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4nik4$rsn$1 @news.spamcop.net: > I have no idea how people manage to expose their addy so that they get > hundreds of spams Want some ideas? - register a domain (or better yet, several) - create a website and put your email on it (unobfuscated) for people to contact you. Even just a few years ago that was not a problem. Now those addresses get heavily spammed; they're on all the spammers CDs. I've already changed the email address for all my domain registrations to a spammotel addy... I still use email links (I do want to make it easy for people to contact me about a web page) but the addresses are obfuscated, and where possible hidden completely from spambots. And I've already completely given up email with two providers. Last time I made an estimate, about 150 spams a day came to me (a lot of them rejected based on two blacklist); I suspect it's even higher now. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Sun Apr 4 11:59:43 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 14:00:21 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Those of us who score points for the spammer when people read spammer subjects, more points when people read spammer bodies, more points when people hit spammer websites, and more points when more people get more people to do that are sitting here tallying up way more points for the spammers than the spammer critics. I'm playing a game here, and people are helping my opponents. Oh, well. It's OK. I also don't mind if someone wants to help my chess or checker opponent and especially if they want to help my poker opponent, as long as they don't cheat. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 4 12:04:46 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 14:05:07 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: <40705C4E.6080307@spamcop.net> Mike Easter wrote: > Those of us who score points for the spammer when people read spammer > subjects, more points when people read spammer bodies, more points when > people hit spammer websites, and more points when more people get more > people to do that are sitting here tallying up way more points for the > spammers than the spammer critics. > > I'm playing a game here, and people are helping my opponents. > > Oh, well. It's OK. I also don't mind if someone wants to help my chess > or checker opponent and especially if they want to help my poker > opponent, as long as they don't cheat. Mike, with all due respect, is there a "better" way to expose spammer's scams? From bar_n0ne at hotmail.com Sun Apr 4 23:12:15 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 4 14:15:03 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C1C8D0B6AB3homesitehelp@216.154.195.61... > Donna Smillie (dms@zetnet.co.uk) wrote in > news:ko20705iomp4csonl4hb9v24s8b48l56gd@4ax.com: > > >>The customer has replied to us regarding this ticket and has > >>stated that the users email address has been removed from their > >>opt-in list. > > LOL! > > > -- > Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ > Spam reporting addresses: http://banspam.javawoman.com/report3.html it also seems there is a chain of evidence law enforcement could follow here, and it sure seems that the isp is an accomplice. From mjl at canamweb.net Sun Apr 4 12:13:25 2004 From: mjl at canamweb.net (Martin J. Lutterman) Date: Sun Apr 4 14:15:13 2004 Subject: [SpamCop-List] Thank You, SpamCop !! Message-ID: SPAM was never a real problem until two months ago. All of a sudden I was bombarded with 8 to 25 pieces of commercial spam every time I checked my email (which is several times a day). I tried to trace them but all the info in the headers was bogus. In my attempt to stop the spam I spent hours learning as much as I could but I was still not able to stop it. Then I found SpamCop.... For three days I made spam reports with SpamCop and bingo!! NO MORE SPAM. So to all you non-believers and critiques out there, you don't know what you are talking about. SpamCop is the only anti-spam organization that effectively & truly elimi,nates spam. And the most surprising thing is that I was able to do it for free, but I can tell you that as soon as I click on "send" I intend to go to SpamCop and put my credit card on the table. They deserve all the financial support we can give them. We've all bought stuff on the Internet that turned out to be either useless or unnecessary... How about supporting an organization that is helping to rid the Internet of irritating & costly spam? Thank You SpamCop !! From nobody at spamcop.net Sun Apr 4 19:19:07 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 14:20:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:4070020F.65C@xyzzy.claranet.de: > [ICANN and amazon] >> And they used what? > > If there was no JS (and I don't think so), then they used the > HTML-form elements supported by Netscape 3.x (on my side of > the action). E.g. no buttons outside of forms (important for > Netscape up to 4.x). Table(s) within form(s) or vice versa, > but no form starting within table one and continued in table > two, i.e. plain simple and _valid_ HTML. That's probably not > what you're asking, but it's very important for my browser(s). > >>> One survey about spam in the EU was tricky. >> And they used what? > > They used JS for the input validation and some kind of control > flow from question to question. Because I had JS disabled I > got a monster page with all questions of their survey (and > numerous useless "next question" buttons, which didn't work, > but I could still answer all questions on one page). Well, *valid* code is a first requirement for accessibility anyway. But I didn't formulate it so clearly - what I meant was: what *service* did they use (or did they actually in-house written software)? There are a lot of such services around, and generally only really big IT departments would roll their own; but quality of the services differs widely. > Back to the "survey service" question, it's probably a good > idea to test services by 3rd parties with Lynx before. Yes - but not *only* that. JavaScript can actually do a lot to make such (often long) forms better usable (immediate validation, for instance), but ideally the system should work without JavaScript *as well*. So test both conditions, check for valid HTML (and CSS), check accessibility. For starters. ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Sun Apr 4 19:27:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 14:30:03 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Berny (bar_n0ne@hotmail.com) wrote in news:c4pj61$jta$1@news.spamcop.net: > it also seems there is a chain of evidence law enforcement could follow > here, and it sure seems that the isp is an accomplice. ... or just clueless! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Sun Apr 4 12:35:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 14:40:04 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: <40705C4E.6080307@spamcop.net> Message-ID: Tim McGraw wrote: > Mike, with all due respect, is there a "better" way to expose > spammer's scams? Well, I'm sorta kidding and I'm sorta not. I get in 'fights' about this subject all the time over in alt.spam and no one agrees with me so I'm in a minority that isn't much larger than one. I just 'launched' one of my little missives in the same subject there at Subject: Re: Is this a possible scam - it appears genuine. Message-ID: where the thread has evolved from its initial purpose and at this stage of 'evolution' I argue that if I'm reading a spamsubject in my inbox, that's a point for the spammer. It makes the people in alt.spam 'crazy' because a lot of spamfighters like to open and read spam, for various reasons. But, those are 'victories' on my scorecard for the spammer. Anything a spammer can do, however ridiculous it is, to get a spam opened and read counts on my scorecard. Most of the time that scammers do the best is when the 'adversary' or the mark knows they are outwitting the scammer. In this case, the 'optimal' way to fully appreciate how 'ridiculous' this spam was is to visit the website to see the graphic. That's a victory of a high level for the spammer on my scorecard; and I don't even know how many people visited it. I also understand that the problem is much more serious when a gullible reads a subject and a gullible opens a spam and a gullible visits a website by clicking on a link. I understand the difference between gullibles and non. But, it's a 'game' to me, and I'm keeping score. I get points for convincing people to ideally never have to read a spam subject in their Inbox [seeing a spam subject in a Junk folder is OK] and to never have to open or preview a spam [examining a spambody by its properties is OK] and to never have to 'visit' a website to figure out how to report it [using a non-browser GET function is OK]. So, just because some of my 'teammates' are laughing at the spammer doesn't keep the score from going up. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 4 12:47:42 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 14:50:08 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: <40705C4E.6080307@spamcop.net> Message-ID: <4070665E.6050207@spamcop.net> Mike Easter wrote: > Tim McGraw wrote: > >>Mike, with all due respect, is there a "better" way to expose >>spammer's scams? > > > > But, it's a 'game' to me, and I'm keeping score. I get points for > convincing people to ideally never have to read a spam subject in their > Inbox [seeing a spam subject in a Junk folder is OK] and to never have > to open or preview a spam [examining a spambody by its properties is OK] > and to never have to 'visit' a website to figure out how to report it > [using a non-browser GET function is OK]. That last one... doesn't that count as "hit" in the spammer's logs, even if they can't "trace" the viewer? ...and what about posting spam in .sightings? Where does that go on your scorecard? From nobody at spamcop.net Sun Apr 4 15:42:02 2004 From: nobody at spamcop.net (Ellen) Date: Sun Apr 4 14:50:19 2004 Subject: [SpamCop-List] Re: why 202.247.191.99 is treated as spam souce? References: Message-ID: "Taro Kawahara" wrote in message news:c4p37e$2db$1@news.spamcop.net... > I noticed that my provider's mailserver [202.247.191.99] (mx1.rim.or.jp) > is listed on spamcop blocklist. But I checked latest 10 reports > from report history, it sounds all of these reports had something > spamcop error. All of these seem mx1.rim.or.jp is not a spam > source. Would our server have removed from spamcop blacklist? > > -- > tarokawa > The server has delisted and I have set flags for .99 and .100 indicating that they are valid mailservers. Ellen From skiwi at spamcop.net Sun Apr 4 12:49:53 2004 From: skiwi at spamcop.net (Skiwi) Date: Sun Apr 4 14:50:24 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" In-Reply-To: References: Message-ID: Michael Lefevre wrote: > Marjolein Katsma wrote: > >>Skiwi (skiwi@spamcop.net) wrote in news:c4na0v$enf$1@news.spamcop.net: >> >> >>>http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=show >>>history >> >>Not everyone here has a SC mail account; I certainly don't. Care to tell >>us what this is about? > > > Well, you can see the whole header from the tracking URL: > http://members.spamcop.net/sc?id=z388382644zd23b133c52274d39eb886d9086f006f7z > but that doesn't add anything to his message - I assume he's just > laughing at the idea of selling debt consolidation in a religious context. Yeah sorry, I was just thinking that 'Christian' and lying / cheating / stealing don't seem to go together... (1) I watch the religious channels sometimes and see the amazing (and scary IMHO) psychological methods they use - and now spammers are trying to do the same... (2) I also had a auntie & uncle, seven kids, that seriously believed that "the Lord would provide" whenever they had debt issues... to their detriment and their kid's health... (3) there is a TV evangelist (sic) called Benny Hinn (http://www.bennyhinn.org/index1.cfm) that asks his listeners to send in their phone bills, power bills, etc that they "can't afford to pay", he puts them in a big pile (the pile looks the same every time I see it - a (showman's) prop?!?), "blesses" them, and magically, sorry, through prayer they just 'disappear' - it is hard not to be patronizing, but I wonder how may poor SOBs had the debt collectors after chasing them after trying this 'approach' From skiwi at spamcop.net Sun Apr 4 12:56:57 2004 From: skiwi at spamcop.net (Skiwi) Date: Sun Apr 4 15:00:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" In-Reply-To: References: Message-ID: Michael Lefevre wrote: > Marjolein Katsma wrote: > >>Skiwi (skiwi@spamcop.net) wrote in news:c4na0v$enf$1@news.spamcop.net: >> >> >>>http://mailsc.spamcop.net/mcgi?slice=reportid&val=853847827&action=show >>>history >> >>Not everyone here has a SC mail account; I certainly don't. Care to tell >>us what this is about? > > > Well, you can see the whole header from the tracking URL: > http://members.spamcop.net/sc?id=z388382644zd23b133c52274d39eb886d9086f006f7z > but that doesn't add anything to his message - I assume he's just > laughing at the idea of selling debt consolidation in a religious context. Yeah sorry, I was just thinking that 'Christian' and lying / cheating / stealing don't seem to go together... and some laughter, some 'worry' for those who respond... (as condescending as that sounds...) (1) I watch the religious channels sometimes to see the amazing (and scary IMHO) psychological methods they use - and now spammers are trying to do the same... (2) I also had a auntie & uncle, seven kids, that seriously believed that "the Lord would provide" whenever they had debt issues... to their detriment and their kid's health... (3) there is a TV evangelist (sic) called Benny Hinn (http://www.bennyhinn.org) that asks his listeners to send in their phone bills, power bills, etc that they "can't afford to pay." He puts them in a big pile (the pile looks the same every time I see it - a (showman's) prop like his Nehru jacket?!?), "blesses" them, and magically, sorry, through prayer they just 'disappear.' It is hard not to be patronizing, but I wonder how may poor SOBs had the debt collectors chasing them after trying this 'approach'? From bcs1 at spamcop.net Sun Apr 4 16:07:07 2004 From: bcs1 at spamcop.net (Bill) Date: Sun Apr 4 15:10:23 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull (ellen?, deputies...incoming report from me) References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C1C9A924D34homesitehelp@216.154.195.61... > Mike Easter (MikeE@ster.invalid) wrote in > news:c4n778$bsv$1@news.spamcop.net: > > > Interestingly, the various banks or whatever's accounts are being > > phished often don't want to hear about it either. I was looking over > > a site the other day and they have a 'gizmo' so that you can look up > > the particular scam. If they already know about that one, they don't > > want to hear about it. > > Let me guess: citibank? They have a lot of info, but *no* email address > for reports, alas. > I call them when possible... got a phish just a min ago, reported, "challenged", and noted that the site is in fact still up, and the pop-up's still there asking for info. ATM/Debit Card (CIN) PIN Expiration date Social Security Number (SSN) Mother's Maiden Name (MMN) Date Of Birth (DOB) gosh I hope this doesn't come out in html format Bill begin 666 pixel.gif J1TE&.#EA`0`!`( ``````/___R'Y! $```$`+ `````!``$`0 (!3 `[ ` end From me at privacy.net Sun Apr 4 16:04:23 2004 From: me at privacy.net (Frog Prince) Date: Sun Apr 4 15:20:11 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: "Marjolein Katsma" | > it also seems there is a chain of evidence law enforcement could follow | > here, and it sure seems that the isp is an accomplice. | | ... or just clueless! Clueless is not a valid defense. From spambots at eatthis.com Sun Apr 4 16:17:28 2004 From: spambots at eatthis.com (marc) Date: Sun Apr 4 15:20:32 2004 Subject: [SpamCop-List] Re: Thank You, SpamCop !! References: Message-ID: "Martin J. Lutterman" wrote in message news:c4pj8e$jvd$1@news.spamcop.net... > SPAM was never a real problem until two months ago. All of a sudden I was > bombarded with 8 to 25 pieces of commercial spam every time I checked my > email (which is several times a day). I tried to trace them but all the info > in the headers was bogus. In my attempt to stop the spam I spent hours > learning as > much as I could but I was still not able to stop it. Then I found > SpamCop.... For three days I made spam reports with SpamCop and bingo!! NO > MORE SPAM. So to all you non-believers and critiques out there, you don't > know what you are talking about. SpamCop is the only anti-spam organization > that effectively & truly elimi,nates spam. And the most surprising thing is > that I was able to do it for free, but I can tell you that as soon as I > click on "send" I intend to go to SpamCop and put my credit card on the > table. They deserve all the financial support we can give them. We've all > bought stuff on the Internet that turned out to be either useless or > unnecessary... How about supporting an organization that is helping to rid > the Internet of irritating & costly spam? Thank You SpamCop !! > I agree Spamcop is a great service, and I financially contribute as well. But whether the reports actually had anything to do with the spam stopping or not is hard to say. Sometimes people post messages here complaining that after they started reporting via Spamcop their spam increased, and suggest that the reporting had something to do with it. The general consensus is that spam volumes fluctuate a lot and most of the times any increase or decrease in spam is coincidental. Reports can shut down individual spammers, but may not stop the circulation and re-use of your email address for further spam. From spambots at eatthis.com Sun Apr 4 16:27:38 2004 From: spambots at eatthis.com (marc) Date: Sun Apr 4 15:30:06 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: "Mike Easter" wrote in message news:c4piek$i8j$1@news.spamcop.net... > Those of us who score points for the spammer when people read spammer > subjects, more points when people read spammer bodies, more points when > people hit spammer websites, and more points when more people get more > people to do that are sitting here tallying up way more points for the > spammers than the spammer critics. I certainly do not score points for the spammer just for looking at their website. Nor do I score points for them by reading their spam-mail, especially if imaging is turned off so they cannot record my email address as active. I check out a lot of spammers website just to see what they are up to. How does this help them? Moral affirmation? If I don't buy anything from them after looking at their website they gain nothing. If their ISP charges them based on bandwidth and traffic to their site I might in theory even cost them a few fractions of a penny. If I notice something on their website that helps me report them better it might cost them somewhat more. But usually it has no effect one way or another. From MikeE at ster.invalid Sun Apr 4 13:31:37 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 15:35:04 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: <40705C4E.6080307@spamcop.net> <4070665E.6050207@spamcop.net> Message-ID: Tim McGraw wrote: > That last one... doesn't that count as "hit" in the spammer's logs, > even if they can't "trace" the viewer? I think so. Altho' it counts as a hit on the site's logs, it doesn't count on my scorecard. Just like eyeballing a spambody in message properties may be similar to 'reading' it, but it doesn't count for the spammer on my card. In those types of cases, it is scored on the basis of 'doing it my way' not the spammer's way. Simply 'smirking' while you're doing it the spammer's way doesn't 'neutralize' the fact that you did it the spammer's way. > ...and what about posting spam in .sightings? Where does that go on > your scorecard? Posting in sightings scores on the spamfighter's side, but I don't recommend doing it with spams to useful addies, even if presumably munged. For the person who is 'defending' their addy, not 'throwing away' addies, they should be very careful about the possibility of exposing it, even in sightings. Small part scores: if you can move a spamitem that 'accidentally' got into the Inbox to the Junk folder without even thinking about it, it counts less than it would have if you had to think about it. If an item in the Junk folder has to be examined by its properties to be sure it is really junk, that doesn't count against you. The moral of that scoring lesson is to be 'strict' with how Junk is handled, and to be aggressive with getting things into the Junk folder. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 4 13:42:37 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 15:45:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: marc wrote: > I certainly do not score points for the spammer just for looking at > their website. Nor do I score points for them by reading their > spam-mail, especially if imaging is turned off so they cannot record > my email address as active. I check out a lot of spammers website > just to see what they are up to. How does this help them? Moral > affirmation? If I don't buy anything from them after looking at their > website they gain nothing. If their ISP charges them based on > bandwidth and traffic to their site I might in theory even cost them > a few fractions of a penny. If I notice something on their website > that helps me report them better it might cost them somewhat more. > But usually it has no effect one way or another. Well, I know. Your 'attitude' is popular in alt.spam - which is why I get in so many 'fights' over there [also over here]. I'm giving those points to the spammer because the spammer made you curious enough to want to see more. It was an otherwise 'unnecessary' visit. You didn"t "advance" the cause of antispamming as much as you responded like a curious mail opener. Anti-s [and I'm an anti- too] like to take a somewhat 'holier than thou' attitude that they can open spam and visit websites because they are anti-s -- but gullibles can't open spam or visit websites because they are gullible. They are both 'suffering from' normal human curiosity. When the spammer 'tickles' your curiosity button and gets you to do what they want you to do, that scores points for the spammer on my card. Everyone has to play their games the way they like to play them. I'm just describing how I think it should be. For example, if I have to visit a website to 'investigate' and I actually come away empty handed because my investigation didn't get me any real anti- advancement, the spammer gets points for that encounter. -- Mike Easter kibitzer, not SC admin From thegreatone at example.com Sun Apr 4 13:45:59 2004 From: thegreatone at example.com (Jim Thompson) Date: Sun Apr 4 15:50:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <40705A43.5050806@spamcop.net> Message-ID: <6dp0701dkinml9h07c9mkrhsscdb8cjp7h@4ax.com> On Sun, 04 Apr 2004 10:56:03 -0800, Tim McGraw wrote: >Larry Jandro wrote: >> Waiving the right to remain silent, "Mike Easter" >> said: >> >>>Empty BCC line in header. SC can't parse the body if there's an >>>empty BCC line. >> >> What the he!! good is Spamcop's reporting system if one needs to >> manually correct the email's headers..? >> >> Only dedicated geeks understand headers. Wasn't that supposed to be >> the purpose of the parser - to do the work for the AVERAGE user..? > >Q: Do you believe this is spamcop's "fault"? Or the spammer's? The *real* question should be "Why can't SpamCop handle an empty BCC line?" Sloppy programming? ...Jim Thompson -- From tmcgraw at spamcop.net Sun Apr 4 13:53:15 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 15:55:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <40705A43.5050806@spamcop.net> <6dp0701dkinml9h07c9mkrhsscdb8cjp7h@4ax.com> Message-ID: <407067AB.2020507@spamcop.net> Jim Thompson wrote: > On Sun, 04 Apr 2004 10:56:03 -0800, Tim McGraw > wrote: > >>Larry Jandro wrote: >> >>>What the he!! good is Spamcop's reporting system if one needs to >>>manually correct the email's headers..? >>> >>>Only dedicated geeks understand headers. Wasn't that supposed to be >>>the purpose of the parser - to do the work for the AVERAGE user..? >> >>Q: Do you believe this is spamcop's "fault"? Or the spammer's? > > The *real* question should be "Why can't SpamCop handle an empty BCC > line?" Sloppy programming? Q: Are you a programmer? I'm not being facetious. There may be a good reason for this that neither you or I know. From eddie at eddie.web Sun Apr 4 16:55:10 2004 From: eddie at eddie.web (eddie) Date: Sun Apr 4 16:00:04 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: On Sun, 04 Apr 2004 17:49:26 +0000, Marjolein Katsma wrote: snip > > Still, some banks and financial instututions *do* want to hear about them > - see http://banspam.javawoman.com/report3/scam3.html for all that I've > been able to find. Citibank, after some prodding, now has a warning on their website for all their users to read, and special email addresses and phone numbers for phish scams to be reported to. Some institutions are simply too stupid to understand the problem, or too lazy to do anything about it, or, in some sinister fashion are encouraging it by their lack of doing anything. Perhaps they think the notoriety will help? From MikeE at ster.invalid Sun Apr 4 13:59:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 16:00:14 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: Tim McGraw wrote: > spam with same subject just posted in .spam. > > While posing as a virus notification, it appears to be from an > unsecured AOL server. > > Comments? I don't think that's it. The problem is with the unnamed [but I figgered it out] server at 203.81.71.104 - which has no rDNS but it is actually send.bagan.net.mm [that resolves to the IP] and that corresponds to the virus stripper's name, and it calls itself localhost.localdomain when it transacts [I also transacted with it a little bit]. Here's the abbreviated salient parts of your header: from (rly-xk01.mail.aol.com [172.20.83.38]) by air-xk04.mail.aol.com from localhost.localdomain ([203.81.71.104]) by rly-xk01.mx.aol.com from aol.com ([192.168.246.80]) by localhost.localdomain That is /not/ an aol server using a non-routing IP relaying thru' the bagan to get it back into the aol. That is either the bagan doing a bad job of open relaying [anonymizing] or it is the 'source' somehow. At any rate, that is as far back as the chain can go and that is who would be notified. The bagan did the stripping. I think it did the relaying of an item which didn't have a msgid, so it gave it one, making me think that the problem is right at or right behind the bagan. There are also no good notify addies for the bagan situation [Myanma(r) is .mm, like Burma?]: inetnum: 203.81.64.0 - 203.81.95.255 descr: Myanma Post and Telecommunication nic-hdl: ZT19-AP = mpt-admin@cscoms.net nic-hdl: DS72-AP = mpt-technical@cscoms.net whois -h whois.abuse.net cscoms.net ... No abuse address is registered with abuse.net whois -h whois.abuse.net bagan.net.mm No abuse address is registered with abuse.net and the whois.nic.mm doesn't answer nor does www.nic.mm which are 'supposed to' I haven't worked up the upstream yet; but normally notifying upstreams about a server problem isn't quite the right place. I guess I would go for those tech/admins. -- Mike Easter kibitzer, not SC admin From SpamCop at pantheus.com Sun Apr 4 14:03:00 2004 From: SpamCop at pantheus.com (Pantheus) Date: Sun Apr 4 16:05:03 2004 Subject: [SpamCop-List] Re: verio, etal, the ostrich and munging References: Message-ID: On Sun, 04 Apr 2004 13:50:59 -0400, eddie wrote: > Verio and other spam-friendly ISPs do not accept munged complaints. Then, > no doubt, like the head-in-the sand ostrich, they proudly say that they do > not support spam because they don't get any complaints. I suppose that the > money is making them act this way. Verio is just another off-shore > spamhouse. I wish they would move home. eddie, While they are owned now by NTT, a Japanese outfit, read this: Verio Inc. World Headquarters 8005 South Chester Street, Suite 200 Englewood, Colorado 80112 USA 1-800-GET-VERIO (1-800-438-8374) Ken -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From MikeE at ster.invalid Sun Apr 4 14:05:07 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 16:10:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <40705A43.5050806@spamcop.net> <6dp0701dkinml9h07c9mkrhsscdb8cjp7h@4ax.com> <407067AB.2020507@spamcop.net> Message-ID: Tim McGraw wrote: > Jim Thompson wrote: >> The *real* question should be "Why can't SpamCop handle an empty BCC >> line?" Sloppy programming? > > Q: Are you a programmer? > > I'm not being facetious. There may be a good reason for this that > neither you or I know. I'm not a programmer, but I'm also very curious about why the condition has been allowed to stand as long as it has with the 'attention' that has been given here and in email. It must be a more difficult problem than it looks like. Mechanics and plumbers and other tradespeople like to joke about how the public sez "All you hafta' do is..." while they are talking about how someone /else/ needs to fix something /they/ brought in. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 4 14:07:14 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 16:10:14 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: <40706AF2.70401@spamcop.net> Mike Easter wrote: > > Myanma(r) is .mm, like Burma? They appear to be one in the same: http://travel.state.gov/burma.html Don't know why they changed their name, their shaving lotion had quite a good reputation :) From tmcgraw at spamcop.net Sun Apr 4 14:09:55 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 16:10:20 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: <40706B93.5070804@spamcop.net> Mike Easter wrote: > > There are also no good notify addies for the bagan situation ...and, being a virus notification that was (bogusly) bounced back to me, it's also not spam. Thanks for the analysis. From MikeE at ster.invalid Sun Apr 4 14:35:18 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 16:40:26 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706B93.5070804@spamcop.net> Message-ID: Tim McGraw wrote: > ...and, being a virus notification that was (bogusly) bounced back to > me, it's also not spam. > > Thanks for the analysis. You're welcome, I'm not calling the part I'm seeing in .spam a bounce. That virm started somewhere behind the bagan, the bagan relayed and stripped it and attached the stripping information and sent it via aol to you, like there's an aol account in there, perhaps belonging to gxry@aol.com - [and/or do you have an aol account that is forwarding to SC?] I think the original subject was 'Thank you' and the stripper prepended it with '{Virus?}' Many or all of the Xlines are 'useful' as opposed to bogus. I think aol recorded the IP it got it from and I think the bagan put some xlines in there 'honestly' - aol reported the attachment [which had been put there by the bagan to replace the virm]. It all sorta makes sense if you let the bagan screwup a little bit. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 4 14:37:36 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 16:40:53 2004 Subject: [SpamCop-List] Re: Duelling Disclaimers References: Message-ID: <40707210.2050707@spamcop.net> Bob W. wrote: > > > > First, the disclaimer from the ubiquitous PrintPal: > >>Printpal does not send out any emails nor do we have a list containing your >>email address. Our offer is being sent by a third party that has agreed to >>abide by all State and Federal email laws. http://www.printpal.com/affiliate > Then, later in the same message, the disclaimer from the "marketer", > which calls itself "netbella": > >>As is stated in our Privacy Policy, netbella does >>not promote or endorse any of the companies advertising through us, and >>netbella may transfer your information to our partners at any time. PrintPal is the beef left in the sun. Netbella is the maggots. From tmcgraw at spamcop.net Sun Apr 4 14:40:12 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 16:45:03 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706B93.5070804@spamcop.net> Message-ID: <407072AC.9050601@spamcop.net> Mike Easter wrote: > Tim McGraw wrote: > >>...and, being a virus notification that was (bogusly) bounced back to >>me, it's also not spam. >> >>Thanks for the analysis. > > > > and/or do you have an aol account that is forwarding to SC? POP'ing, actually, but it's not not gxry[*]aol.com. From tmcgraw at spamcop.net Sun Apr 4 14:53:42 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 16:55:04 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: <407075D6.3080409@spamcop.net> Mike Easter wrote: > > > > That is /not/ an aol server using a non-routing IP relaying thru' the > bagan to get it back into the aol. That is either the bagan doing a bad > job of open relaying [anonymizing] or it is the 'source' somehow. Parser says the source is 203.81.71.104/cscoms.net. Whois for cscoms.net says it belongs to CS Loxinfo Public Company Ltd., Pathumwan, Bangkok. APNIC says 203.81.71.104 belongs to Myanma Post & Telecommunication, Yangon, Myanma, and is "ALLOCATED PORTABLE," but all the addys in the whois go to cscoms.net. Seems to me that cscoms.net *is* the upstream? And is it spamcop-reportable? From MikeE at ster.invalid Sun Apr 4 15:20:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 17:25:03 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706B93.5070804@spamcop.net> <407072AC.9050601@spamcop.net> Message-ID: Tim McGraw wrote: > POP'ing, actually, but it's not not gxry[*]aol.com. Yeah, popping. No, I didn't think gxry was 'you' [perhaps the source, but I've discarded that idea] - but I was trying to figure out the 'structure'. Was your username in the spot that has '[spam victim]' in the item's To: ? It would make more sense for the virm to send a 'simple' mail, not with one person in the To: and some more BCCs. Since the preceding, I've read more about the MyDoomF and some more things are 'perfect'. The gxry is the 'random' version of the username. The aol domain in the From is one of 4 'big' domains, besides the random.edu. There are a few words in between the information from bagan that actually belong to the virm 'Read the details'. The subject is Thank you, so bagan prepended it with the virus? word. Very few of the virus sites describe 'precisely' how a particular viral smtp engine works, ie does it get the name of a server from the infected registry, or does it do direct to mx, or what? What I think should have happened is that the infected IP behind the bagan server should've been recorded by the bagan, and the propagator should have been 'exposed'. But no, we have a bagan server which is 'brilliantly' scanning and chopping off virus payloads and sending the empty package on while it is 'stupidly' failing to do its normal job as a server. Very very bad resource management. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 4 15:26:49 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 17:30:03 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706B93.5070804@spamcop.net> <407072AC.9050601@spamcop.net> Message-ID: <40707D99.7080401@spamcop.net> Mike Easter wrote: > Tim McGraw wrote: > >>POP'ing, actually, but it's not not gxry[*]aol.com. > > Yeah, popping. No, I didn't think gxry was 'you' [perhaps the source, > but I've discarded that idea] - but I was trying to figure out the > 'structure'. Was your username in the spot that has '[spam victim]' in > the item's To: ? Yes. > > > But no, we have a bagan server which is 'brilliantly' scanning and > chopping off virus payloads and sending the empty package on while it is > 'stupidly' failing to do its normal job as a server. Very very bad > resource management. So what's new!?! From MikeE at ster.invalid Sun Apr 4 15:36:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 4 17:40:04 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <407075D6.3080409@spamcop.net> Message-ID: Tim McGraw wrote: > Mike Easter wrote: >> That is /not/ an aol server using a non-routing IP relaying thru' the >> bagan to get it back into the aol. That is either the bagan doing a >> bad job of open relaying [anonymizing] or it is the 'source' somehow. > > Parser says the source is 203.81.71.104/cscoms.net. Yeah, I understand why the parser would say that. The chain ends at that IP and that's the domainname of the admin/tech. > Whois for cscoms.net says it belongs to CS Loxinfo Public Company > Ltd., Pathumwan, Bangkok. Yeah, but I think that's just where those admintech 'dudes' like to get their mail. It doesn't look like it has much to do with our Burma bagan baddie > APNIC says 203.81.71.104 belongs to Myanma Post & Telecommunication, > Yangon, Myanma, and is "ALLOCATED PORTABLE," but all the addys in the > whois go to cscoms.net. > > Seems to me that cscoms.net *is* the upstream? Not the upstream... in this case the mailing address domain of the admintech. I would mail to the admin tech, not any kind of abuse@ or pm@ - The issue is about bagan and Myanma Post and Telecommunication in Burma, not that Thai mailbox.outfit. It [MPT] is AS9988 whose upstream adjacencies are verio, thaicom, and reach, if you want to work it that way because they are badboys about not having appropriate reg'd abuse addies. It is 'legitimate' to notify the upstreams with a gripe about that in the same mail you are notifying about the 'problem'. The problem is also that they shouldn't be handling their virms in that way and the server is misconfigured. > And is it spamcop-reportable? I would say no. Besides, the nature of the notify has gone off to the side. It's not about spam. It's about mishandling virms and about misconfigured server and about not having reg'd abuse addies. -- Mike Easter kibitzer, not SC admin From verdy_p at wanadoo.fr Mon Apr 5 00:57:07 2004 From: verdy_p at wanadoo.fr (Philippe Verdy) Date: Sun Apr 4 17:55:02 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: <40705C4E.6080307@spamcop.net> <4070665E.6050207@spamcop.net> Message-ID: "Tim McGraw" a écrit dans le message de news:4070665E.6050207@spamcop.net... > > [using a non-browser GET function is OK]. > > That last one... doesn't that count as "hit" in the spammer's logs, even > if they can't "trace" the viewer? > ...and what about posting spam in .sightings? Where does that go on your > scorecard? If the basic HTTP GET is performed without transmitting any of the usual "tracking" headers that browsers send silently, it won't help the spammer qualifying its spam, notably if the "visit" is performed through a well known HTTP client proxy, ushc as a wellknown "web acceleration" _caching_ proxy. Some ISPs provide this service to their customers, it may be great to defeat spammers if we could "visit" their sites just to get their status, through a secure anonymizing and caching proxy. One similar thing that could be done is to use, for example, the Google translation service that will load and cache the spamming site, will index it, and could mark it as spamming (this cached page would be banned from the Google search listings, but it could be revealed at any time for keeping a dated proof of the spammy content). From bar_n0ne at hotmail.com Mon Apr 5 03:05:17 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 4 18:10:03 2004 Subject: [SpamCop-List] Re: verio, etal, the ostrich and munging References: Message-ID: "Bob W." wrote in message news:responseguard-A01022.13342704042004@news.cesmail.net... > In article , > eddie wrote: > > > Verio and other spam-friendly ISPs do not accept munged complaints. > > Then, no doubt, like the head-in-the sand ostrich, they proudly say that > > they do not support spam because they don't get any complaints. > > I suppose that the money is making them act this way. Verio is just > > another off-shore spamhouse. I wish they would move home. > > It's interesting to note that Verio never complains about the munged > reports that I send them directly. > > So... I'm guessing that abuse reports that are sent directly to Verio > are simply disguarded, while those coming to them through SpamCop are > systematically forwarded to their spammer customers to provide > listwashing service. > > But hey, that's just my own conjecture. > > -- > ...Bob W. I have had 2 spams from verio in the past year and a half, Impressive listwashing if you ask me. I have only recently seen afew spamvertised websites hosted by verio, they disappeared after a few days. I think their hat is a lot whiter now Bye, Berny From tmcgraw at spamcop.net Sun Apr 4 16:33:12 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 18:35:05 2004 Subject: [SpamCop-List] Re: Duelling Disclaimers References: <40707210.2050707@spamcop.net> Message-ID: <40708D28.6080804@spamcop.net> Bob W. wrote: > > > > PrintPal is just as much a maggot as Netbella. Probably a more accurate statement... you're the expert on this stuff! From tmcgraw at spamcop.net Sun Apr 4 16:34:13 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 18:35:23 2004 Subject: [SpamCop-List] Re: Header of the week References: Message-ID: <40708D65.8010702@spamcop.net> Here's another: learn to seduce any girl (poultry) From bcs1 at spamcop.net Sun Apr 4 19:46:07 2004 From: bcs1 at spamcop.net (Bill) Date: Sun Apr 4 18:50:03 2004 Subject: [SpamCop-List] Re: Header of the week References: <40708D65.8010702@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:40708D65.8010702@spamcop.net... > Here's another: > > learn to seduce any girl (poultry) > uhh ok...maybe I'm missing something...but who *really* wants to flirt with chickens?...I mean with the *bird flu* and all... Bill From RobertTaylor at SpamCop.net Sun Apr 4 20:05:01 2004 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Sun Apr 4 19:10:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: In news:c4piek$i8j$1@news.spamcop.net, Mike Easter sent: > Those of us who score points for the spammer when people read spammer > subjects, more points when people read spammer bodies, more points when > people hit spammer websites, and more points when more people get more > people to do that are sitting here tallying up way more points for the > spammers than the spammer critics. > > I'm playing a game here, and people are helping my opponents. > > Oh, well. It's OK. I also don't mind if someone wants to help my chess > or checker opponent and especially if they want to help my poker > opponent, as long as they don't cheat. LOL -- Robert From nobody at spamcop.net Mon Apr 5 00:36:34 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 19:40:04 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Frog Prince (me@privacy.net) wrote in news:c4pmur$q9h$1@news.spamcop.net: > Clueless is not a valid defense. I didn't say it was - surely ISPs should educate themselves. But you cannot be an "accomplice" for something you don't know about or don't understand. "Accomplice" implies intent. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 00:40:55 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 19:45:04 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: <40705C4E.6080307@spamcop.net> Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4pkhj$m0c$1 @news.spamcop.net: > It makes the people in alt.spam 'crazy' because a lot of spamfighters > like to open and read spam, for various reasons. But, those are > 'victories' on my scorecard for the spammer. I (sometimes) "like" to look at the spam source, or the HTML source, or the source of what's on the server the spam is linking to for a single purpose: to determine *what* it is the spammer is spamvertizing - because knowing that I can report more effectively by adding extra reporting addresses. Those are "losses" on the scorecard for spammers (unless I can't figure out what it is even with a reasonable amount of effort). -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 00:54:15 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 19:55:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4pofh$s68$1@news.spamcop.net: > I'm giving those points to the spammer because the spammer made you > curious enough to want to see more. With the sole exception of the spam referred to in this thread (where I was made curious by the OP, not the spam!) - the spammer doesn't "make me curious enough to see more": instead, the spammer irritates me enough to want to determine what type of spam it is so I can add as many appropriate reporting addersses as possible, to fight the spammer all the better. Curiosity has nothing at all to do with that - it's simply analysis with a very specific goal: more effective spam fighting. It's very, very rare that a spammer actually makes me curious about anything at all (except, possibly, what new tricks they're up to). > When the spammer 'tickles' your curiosity button and gets you to do > what they want you to do, that scores points for the spammer on my > card. That does not even apply in this case - I'm absolutely sure the spammer does not "want" me to read it's spammy HTML and read the HTML on the site. I don't even "look" at the site or mail in any way that renders it - all I ever see is source code or (rarely) images opened separately (that won't even result in a referrer on the server logs). > For example, if I have to visit a website to 'investigate' and I > actually come away empty handed because my investigation didn't get me > any real anti- advancement, the spammer gets points for that > encounter. Sure. But if, on the other hand, inspection of the site's code gives me more ammunition, that's a point for me. And I assure you that's *much* more common. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 00:56:38 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 20:00:02 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Skiwi (skiwi@spamcop.net) wrote in news:c4plpp$njf$3@news.spamcop.net: > (1) I watch the religious channels sometimes to see the amazing (and > scary IMHO) psychological methods they use - and now spammers are trying > to do the same... He, wish I could (well, not really). We don't *have* religious channels. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From eddie at eddie.web Sun Apr 4 21:02:14 2004 From: eddie at eddie.web (eddie) Date: Sun Apr 4 20:05:05 2004 Subject: [SpamCop-List] Re: verio, etal, the ostrich and munging References: Message-ID: On Sun, 04 Apr 2004 13:03:00 -0700, Pantheus wrote: snip > eddie, > > While they are owned now by NTT, a Japanese outfit, read this: > > Verio Inc. World Headquarters snap Yup, I know that. I once had some of my websites hosted by hiway.com in FL. Verio bought them up and it was still OK. Then the Japanese bought Verio and things started to deteriorate - the service, support, etc went away. They really want to service portals and superdomains, not my kind of sites, so I left. From nobody at spamcop.net Mon Apr 5 01:03:32 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 20:05:16 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4ppf1$tqf$1 @news.spamcop.net: > There are also no good notify addies for the bagan situation [Myanma(r) > is .mm, like Burma?]: Myanmar (with 'r' at the end - formerly "Burma") has indeed country code 'mm'. > inetnum: 203.81.64.0 - 203.81.95.255 > descr: Myanma Post and Telecommunication Could be "Myanma" (without the 'r') is an adjective (and don't forget this is English, not the native language in that country). -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 01:06:22 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 20:10:03 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706AF2.70401@spamcop.net> Message-ID: Tim McGraw (tmcgraw@spamcop.net) wrote in news:40706AF2.70401@spamcop.net: > They appear to be one in the same: http://travel.state.gov/burma.html Oh, the US government doesn't want to use the country's official name? Interesting... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 01:20:37 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 20:25:03 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull (ellen?, deputies...incoming report from me) References: Message-ID: Bill (bcs1@spamcop.net) wrote in news:c4pmd8$phj$1@news.spamcop.net: >> Let me guess: citibank? They have a lot of info, but *no* email address >> for reports, alas. >> > I call them when possible... I'd happily send them an email to report phishing (if they would allow that), and I've already seen several - but making an international phone call is just too much to expect. I report phishing to all those who have provided email addresses (that I've been able to find). -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 01:24:25 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 4 20:25:14 2004 Subject: [SpamCop-List] Re: latest bank scam/phishes go to devnull References: Message-ID: eddie (eddie@eddie.web) wrote in news:pan.2004.04.04.19.55.09.301000@eddie.web: > Citibank, after some prodding, now has a warning on their website for > all their users to read, and special email addresses and phone numbers > for phish scams to be reported to. Where (which URL) do you find that email address? I only see forms, no address. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From tmcgraw at spamcop.net Sun Apr 4 18:28:41 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 4 20:30:09 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> <40706AF2.70401@spamcop.net> Message-ID: <4070A839.8010801@spamcop.net> Marjolein Katsma wrote: > Tim McGraw (tmcgraw@spamcop.net) wrote in news:40706AF2.70401@spamcop.net: > >>They appear to be one in the same: http://travel.state.gov/burma.html > > Oh, the US government doesn't want to use the country's official name? > Interesting... The State Department's wheels turn very, very slowly. Just ask Richard Clarke ;) From baloo at ursine.ca Sun Apr 4 18:48:37 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 4 21:05:10 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> Message-ID: <87wu4vuu56.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Frog Prince" writes: > "Paul Johnson" > | > | > Comcast will not let me forward spam to the FTC or the FDA! > | > | Get a commercial account, run a mail server. That's how I solved that > | one before it got started. > > Isn't a commercial account much more expensive? Yeah, but that's what's nice about having roommates to chip in. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAcKzlUzgNqloQMwcRAhyUAJwOlf0Hoxet6+TyGG3bvTmma7wELACg0tCX ZD2xR/FeQt4s9OF/HZpiO+8= =CH5Q -----END PGP SIGNATURE----- From MikeE at ster.invalid Sun Apr 4 22:12:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 00:15:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Marjolein Katsma wrote: > Mike Easter >> I'm giving those points to the spammer because the spammer made you >> curious enough to want to see more. > > I was made curious by the OP, not the spam!) That was sorta my 'beef' - I was chidin' y'all. > - it's simply analysis with a very specific goal: more effective spam > fighting. Right on, bro'. With that kind of attitude, you'll get more points than you'll lose. > It's very, very rare that a spammer actually makes me curious about > anything at all (except, possibly, what new tricks they're up to). Okey dokey. > I don't even "look" at the site or mail in any way that > renders it - all I ever see is source code or (rarely) images opened > separately (that won't even result in a referrer on the server logs). That's the style that makes me smile. :-) [First a pasted sonnet, now poetry of my own.] >> For example, if I have to visit a website to 'investigate' and I >> actually come away empty handed because my investigation didn't get >> me any real anti- advancement, the spammer gets points for that >> encounter. > > Sure. But if, on the other hand, inspection of the site's code gives > me more ammunition, that's a point for me. And I assure you that's > *much* more common. Oh yeah. That is, oh /yeah/. As in, oo-rah. Hmm. That may be a little 'Americanistic'. That oo-rah is a US Marine 'thing'. -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Sun Apr 4 23:52:54 2004 From: skiwi at spamcop.net (Skiwi) Date: Mon Apr 5 01:55:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Skiwi (skiwi@spamcop.net) wrote in news:c4plpp$njf$3@news.spamcop.net: > > >>(1) I watch the religious channels sometimes to see the amazing (and >>scary IMHO) psychological methods they use - and now spammers are trying >>to do the same... > > > He, wish I could (well, not really). We don't *have* religious channels. Lucky you! TBN (www.tbn.org) hasn't got to Holland yet?! But they are always buying new transmitters to prolestiyse to the world - or so they say during their endless fund raisers, or was that bibles, or new guilt chairs for their TV studio sets...???? I watch it about once a month for 15 minutes or so out of a morbid curiosity and a perverse 'admiration' (sic) for their methodologies... From nobody at spamcop.net Mon Apr 5 08:39:15 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 03:40:06 2004 Subject: [SpamCop-List] Re: {Virus?} Thank you References: <407059ED.90004@spamcop.net> Message-ID: Marjolein Katsma (nobody@spamcop.net) wrote in news:Xns94C214F205D24homesitehelp@216.154.195.61: >> inetnum: 203.81.64.0 - 203.81.95.255 >> descr: Myanma Post and Telecommunication > > Could be "Myanma" (without the 'r') is an adjective (and don't forget > this is English, not the native language in that country). On second thought, given that English is not the native language nor a Latin script is used, it could simple be "phonetic" spelling as is often seen with people who don't write in English and don't use the Latin alphabet either. After all, *our* spelling "Myanmar" is a transliteration. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 08:52:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 03:55:03 2004 Subject: [SpamCop-List] Re: Pleeeeezzzzze - "Debt Consolidation with a Christian Perspective" References: Message-ID: Skiwi (skiwi@spamcop.net) wrote in news:c4qs7n$ucv$1@news.spamcop.net: > TBN (www.tbn.org) hasn't got to Holland yet?! Had to look that up ... Trinity Broadcasting Network? I already find it hard to believe they (the three of them) wrote a book - but now they're broadcasting as well??? "If a window did not pop-up to play the movie, please click here." Sorry, no. No popups, no flash either. "Skip intro" OK, not _all_ bad. "Your Destiny" Doesn't seem to be about my destiny at all. "If you prayed the Prayer of Salvation, we would love to hear from you!" They won't hear from me. Ever. ;-) I do have a few statues of Ganesh around. I'm sure that helps my destiny (not). But I like Ganesh! > I watch it about once a month for 15 minutes or so out of a morbid > curiosity and a perverse 'admiration' (sic) for their methodologies... LOL! Similar to the perverse "admiration" for the latest spammers' obfuscation tricks, I guess... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 10:42:04 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 05:45:09 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4mief$olt$1 @news.spamcop.net: > As a general rule, 'regular' nudism and nudist camps and beaches and > such are very 'innocent' and are considered a family activity by > nudists. We have a nearby nude beach and parts of it are 'contaminated' > [or frequented if you prefer] by open sexual activities that would be > upsetting to some 'family entertainment' sorts. The open sexual > activities are typically male homosexual. But what you describe there is not "nudity" - and partner preference has nothing to do with it either. Nudity, of and by itself, cannot be considered porn - sexual activities might be. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From kjz at despammed.com Mon Apr 5 12:46:45 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Mon Apr 5 05:50:05 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. burns: China: ENDSLES.COM, stifyems.com, DNS: name-okk.com, name-ok.com; Teleglobe: SURERXSOURCE.COM, SURERXMED.COM, ONLINEHEALTHNET.COM,BETTERMDPERFORMANCE.COM, HEATLHSTATUSNOW.COM,GREATWELLNESSINC.COM In-Reply-To: <4022475E.1913@xyzzy.claranet.de> References: <4022475E.1913@xyzzy.claranet.de> Message-ID: from his Chinese branch: Registration Service Provided By: WANG LONG Contact: hezuo2002@163.com Domain Name: ENDSLES.COM 221.5.250.123 Registrant: Huang Gui Fang Huang Gui Fang (huangjack1@126.com) #101 Unit 1 NO.4 Century Garden , Long cheng Str. Fu shun null,113006 CN Tel. +86.4137480040 Creation Date: 31-Mar-2004 Expiration Date: 31-Mar-2005 Domain servers in listed order: ns0.name-ok.com 219.153.1.179 ns1.name-okk.com 202.104.234.73 Domain name: stifyems.com 202.106.127.112 Billing Contact: Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn DNS: ns1.name-okk.com ns0.name-ok.com Created: 2004-04-01 Expires: 2005-04-01 Registration Service Provided By: WANG LONG Contact: hezuo2002@163.com Domain Name: NAME-OK.COM Registrant: Huang Gui Fang Huang Gui Fang (huangjack1@126.com) #101 Unit 1 NO.4 Century Garden , Long cheng Str. Fu shun null,113006 CN Tel. +86.4137480040 Creation Date: 25-Mar-2004 Expiration Date: 25-Mar-2005 Teleglobe branch: Domain Name: SURERXSOURCE.COM 66.110.74.150 Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Domain servers in listed order: NS1.HEALTHEVOLVING.COM NS1.ONLINEHEALTHNET.COM NS1.BETTERMDPERFORMANCE.COM NS1.RXTECHSOLUTIONS.COM NS1.HEATLHSTATUSNOW.COM NS1.GREATWELLNESSINC.COM Record created on 2004-03-17 15:52:06.967 Database last updated on 2004-03-29 09:52:21.28 Domain Expires on 2005-03-17 15:52:06.967 Domain Name: SURERXMED.COM 66.110.74.150 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Domain servers in listed order: NS1.HEALTHEVOLVING.COM NS1.ONLINEHEALTHNET.COM NS1.BETTERMDPERFORMANCE.COM NS1.RXTECHSOLUTIONS.COM NS1.HEATLHSTATUSNOW.COM NS1.GREATWELLNESSINC.COM Record created on 2004-03-17 15:52:02.293 Database last updated on 2004-03-29 09:52:06.937 Domain Expires on 2005-03-17 15:52:02.293 From nobody at spamcop.net Mon Apr 5 10:49:04 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 05:50:16 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: WindsorFox[SS] (windsorfoxNOSPAM@cox.net) wrote in news:c4ohdj$jpn$2 @news.spamcop.net: > Pictures of grown men "hanging" around on Black's Beach is not > pornography or particularly obscene, however; most prudent people do > not want it lurking in their 9 year old daughters email box. Do most fathers of 9-year old daughters hide themselves from them? I'm pleased to tell you my father never did. It didn't do me one iota of harm either. Such pictures might actually be a nice "hook" to educate those daughters (and the sons as well). -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From bar_n0ne at hotmail.com Mon Apr 5 16:46:12 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 5 07:50:10 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C2105F452E0homesitehelp@216.154.195.61... > Frog Prince (me@privacy.net) wrote in news:c4pmur$q9h$1@news.spamcop.net: > > > Clueless is not a valid defense. > > I didn't say it was - surely ISPs should educate themselves. But you > cannot be an "accomplice" for something you don't know about or don't > understand. "Accomplice" implies intent. > > > -- > Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ They became wilful accomplices (in a legal sense) after recieving the complaint, which presumably contained the scam letter, and passing it back to the spammer for listwashing and then allowing him/her to continue to send 419's to the rest of the world. That they were too clueless to read the complaint before acting on it is immaterial, that is simply wilful negligence. IANAL, but my readings of court cases lead me to the above conclusions. They could plausibly not be culpable by your logic if they had simply bit-binned the complaint and/or never replied. Bye, Berny From nobody at xyzzy.claranet.de Mon Apr 5 14:46:52 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 5 07:50:36 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: Message-ID: <4071472C.1BD1@xyzzy.claranet.de> Larry Jandro wrote: > Only dedicated geeks understand headers. It's not that difficult. > Wasn't that supposed to be the purpose of the parser The parser handles almost all normal cases. It can't think, that's still our job as users. > - to do the work for the AVERAGE user..? That's what it does. But in some cases where spammers deliberately (ab)use the numerous bugs of Microsoft products it can't decide what to do, because depending on the circumstances this decision could hurt innocent bystanders. BTW, I've no idea why an empty BCC header is a problem - except from the simple fact that BCC headers make no sense in incoming mail. Bye, Frank From MikeE at ster.invalid Mon Apr 5 06:32:55 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 08:35:42 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <4071472C.1BD1@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > BTW, I've no idea why an empty BCC header is a problem I don't think it is the 'effect' of the fact that there /is/ a line 'Bcc:' there. I think the problem arises when SC tries to /munge/ it. What happens next is that the algorithm replaces everything after the Bcc: with an 'x' but then it handles the EOL CR 'badly'. [Or maybe the EOLs' CRs.] As a result of both of those actions, the resultant header has a 'bad' line, namely the newly SC created 'x' line and the header 'breaks'. SC's newly created 'x' is on a line all by itself after the 'old' Bcc: line. I don't know why this is a different kind of problem for BCC than it would be for, say, an empty CC: line. Maybe I'll tinker with that as an experiment and see if SC barfs on that. Rereading my "As a result.." sentence above is confusing to me. To say it another way, SC replaces the empty Bcc: with two lines, an empty 'Bcc:' one and an 'x' one, and I think it is the 'x' line that is the deal breaker, or rather the parse breaker. -- Mike Easter kibitzer, not SC admin From me at privacy.net Mon Apr 5 09:33:07 2004 From: me at privacy.net (Frog Prince) Date: Mon Apr 5 08:40:03 2004 Subject: [SpamCop-List] Re: Stopping Spammers Using Your Server References: <406F95EE.7827@xyzzy.claranet.de> Message-ID: "WazoO" | > | > Are there any links to information on how to best secure public (free) | WiFi Hot spot system? | | Had you asked this over in 'geeks' ... I might have suggested a link | like http://www.seattlewireless.net ... but you asked here, so | guess I won't Thanks all. I posted in this tread as it seemed to be related to some of the problems I'm having (the clueless part is my fault). I'll go play with what's been posted and be back in a bit with more stupid question but next time I'll post in .geeks Thanks again FP From nobody at xyzzy.claranet.de Mon Apr 5 15:34:13 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 5 08:40:17 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> Message-ID: <40715245.2D70@xyzzy.claranet.de> Marjolein Katsma wrote: > *valid* code is a first requirement for accessibility anyway. Yes. BTW, with some difficulties I was able to start Netscape 4.x for this survey, and that did the trick. OTOH, on my side of this survey all I got were essentially two pages, each page with a big form. Not one dependency between different points of the survey, so there was _no_ reason to use JavaScript (or rather JS better than JS 1.1) in this survey. Just two method="post" forms in plain XHTML 1.0 could handle the input side of this survey (the XHTML subset also known in HTML 3.2, buttons only within forms, the works). It's probably still interesting to collect and later evaluate the input, and present the results, but nothing required more than HTML 2.0 + tables for the input. > what *service* did they use (or did they actually in-house > written software)? No idea. But collecting and evaluating method="post" input can't be too difficult, It's probably less simple if question 4 depends on the answer to question 3, i.e. if you have some kind of control flow. > only really big IT departments would roll their own For simple answers like "poor fair neutral good excellent" in SC's survey a script could probably present it as Excel table (or an equivalent open office format). And you couldn't outsource the text input evaluation, only Ellen / Julian / etc. would understand our "ad 9" comments in question 7 mentioning newsgroups... ;-) Assuming that anybody reads the text input at all. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 5 15:55:10 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 5 09:00:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <4071472C.1BD1@xyzzy.claranet.de> Message-ID: <4071572E.436C@xyzzy.claranet.de> Mike Easter wrote: > I think the problem arises when SC tries to /munge/ it. That sounds very plausible. In news we have the rule that there MUST be a space (or TAB) after any header keyword: IIRC there's no such rule for mail headers. So if SC uses the rule for news and always ignores the first character after the ":", and if there is no such character in an empty BCC:, then that could "eat" the and result in major confusion. > I don't know why this is a different kind of problem for > BCC than it would be for, say, an empty CC: line. If your idea is correct you should find the same effect for both To: and CC: - unless Julian fixed it for these cases and forgot BCC: because there should be no BCC: at all in incoming mail... ;-) > Maybe I'll tinker with that as an experiment and see if > SC barfs on that. And please send it to the deputies if you're sure, this apparently simple problem pops up here again and again. Bye, Frank From nobody at spamcop.net Mon Apr 5 14:13:30 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 09:15:30 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Berny (bar_n0ne@hotmail.com) wrote in news:c4rgu5$ebk$1@news.spamcop.net: > They became wilful accomplices (in a legal sense) after recieving the > complaint, which presumably contained the scam letter, and passing it > back to the spammer for listwashing and then allowing him/her to > continue to send 419's to the rest of the world. That they were too > clueless to read the complaint before acting on it is immaterial, that > is simply wilful negligence. Actually, I suspect they were clueless enough not to take any action at all but instead send a standard response :) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From spamcop at oitc.com Mon Apr 5 10:18:26 2004 From: spamcop at oitc.com (spamcop) Date: Mon Apr 5 09:20:03 2004 Subject: [SpamCop-List] Australian spam Message-ID: The Aussie government wants to know about since they have a new antiSpam law. Since SC knows when the souce (or a relay) if the spam comes from AU and if a spamvertized website is on a AU CIDR block, Maybe SC should forward spam reports to the two reporting addresses listed on the Gov website: http://www.aca.gov.au/consumer_info/spam/ Tom From me at privacy.net Mon Apr 5 10:30:05 2004 From: me at privacy.net (Frog Prince) Date: Mon Apr 5 09:55:30 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> <87wu4vuu56.fsf@ursine.ca> Message-ID: "Paul Johnson" | > | > Comcast will not let me forward spam to the FTC or the FDA! | > | | > | Get a commercial account, run a mail server. That's how I solved that | > | one before it got started. | > | > Isn't a commercial account much more expensive? | | Yeah, but that's what's nice about having roommates to chip in. Since my room mate is my wife the money may come from a different pocket but still the same pair of pants. Aside from a higher bill what are the other advantages to a commercial cable account? I ask (we're on Charter) as there may be some real advantage to us. FWIW trying to get an accurate answer out of Charter Sales is much more difficult than getting straight answers out of tech support. From bar_n0ne at hotmail.com Mon Apr 5 19:10:45 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 5 10:15:25 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C29AE084CDChomesitehelp@216.154.195.61... > Berny (bar_n0ne@hotmail.com) wrote in > news:c4rgu5$ebk$1@news.spamcop.net: > > > They became wilful accomplices (in a legal sense) after recieving the > > complaint, which presumably contained the scam letter, and passing it > > back to the spammer for listwashing and then allowing him/her to > > continue to send 419's to the rest of the world. That they were too > > clueless to read the complaint before acting on it is immaterial, that > > is simply wilful negligence. > > Actually, I suspect they were clueless enough not to take any action at > all but instead send a standard response :) Doesn't matter, they have made a public confession here. A hard thing to undo in court. at the very least embarrassing. From nobody at spamcop.net Mon Apr 5 11:10:05 2004 From: nobody at spamcop.net (Ellen) Date: Mon Apr 5 10:25:02 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: "Technomage" wrote in message news:pan.2004.04.05.11.46.04.802884@127.0.0.1... > I sent nearly 90 spam reports into spamcop last night (6 hours ago, in > fact), I have yet to receive one confirmation of this event, period. > > Normally, I see such confirmation within 3 minutes of initial send, but > not tonight!. > > I would like someone to look into this for me as soon as possible. I would > hate to have my reports go unanswered because of a problem no one knew > about. > > Technomage Hawke > > Technomage-Hawke(at)cox(dot)net > -- Thanks -- sent to Julian Ellen From redford_stone at INVERSE_OF_COLDmail.com Mon Apr 5 15:35:54 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Apr 5 10:40:08 2004 Subject: [SpamCop-List] Re: Hillarious Cartooney.. "PETITION FOR REDRESS OF GRIEVANCE EMAIL" References: Message-ID: "Technomage" wrote in news:pan.2004.04.05.12.11.40.571229@127.0.0.1: > I got 1 word to say: HUH?!?!?!?! > > The legalize was cute, eh? :-) From STEVE at cashmans.fsnet.co.uk Mon Apr 5 16:47:52 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Mon Apr 5 10:50:13 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. burns: China: ENDSLES.COM, stifyems.com,DNS: name-okk.com, name-ok.com; Teleglobe: SURERXSOURCE.COM, SURERXMED.COM,DNS: HEALTHEVOLVING.COM,RXTECHSOLUTIONS.COM, ONLINEHEALTHNET.COM,BETTERMDPERFORMANCE.COM,HEATLHSTATUSNOW.COM,GREATWEL References: <4022475E.1913@xyzzy.claranet.de> Message-ID: "Karl-Josef Ziegler" wrote in message > > Teleglobe branch: > > Domain Name: SURERXSOURCE.COM 66.110.74.150 > Kelker Holdings Limited > 2-4 Arch.Makarios 111 Avenue > Capital Centre, 9th Floor > Nicosia > NI > CY > 1505 > Domain servers in listed order: > NS1.HEALTHEVOLVING.COM > NS1.ONLINEHEALTHNET.COM > NS1.BETTERMDPERFORMANCE.COM > NS1.RXTECHSOLUTIONS.COM > NS1.HEATLHSTATUSNOW.COM > NS1.GREATWELLNESSINC.COM > Record created on 2004-03-17 15:52:06.967 > Database last updated on 2004-03-29 09:52:21.28 > Domain Expires on 2005-03-17 15:52:06.967 > > > Domain Name: SURERXMED.COM 66.110.74.150 > Registrant: > Kelker Holdings Limited > 2-4 Arch.Makarios 111 Avenue > Capital Centre, 9th Floor > Nicosia > NI > CY > 1505 > Domain servers in listed order: > NS1.HEALTHEVOLVING.COM > NS1.ONLINEHEALTHNET.COM > NS1.BETTERMDPERFORMANCE.COM > NS1.RXTECHSOLUTIONS.COM > NS1.HEATLHSTATUSNOW.COM > NS1.GREATWELLNESSINC.COM > Record created on 2004-03-17 15:52:02.293 > Database last updated on 2004-03-29 09:52:06.937 > Domain Expires on 2005-03-17 15:52:02.293 Please contact minforeign1@cytanet.com.cy Cypriot Ministry of Foreign Affairs From nobody at spamcop.net Mon Apr 5 11:48:44 2004 From: nobody at spamcop.net (indigo) Date: Mon Apr 5 10:50:22 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: Robert Taylor wrote: > > I guess it is clear that I am opposed to censorship, gross or subtle. > It seems to me that our Constitution, with its Bill of Rights, > guarantees us the prerogative to say or write anything we please It certainly (apparently) gives Oprah these rights, but (the FCC) won't allow Howard Stern to replay Oprah's show on *his* show....... From nobody at spamcop.net Mon Apr 5 11:51:20 2004 From: nobody at spamcop.net (indigo) Date: Mon Apr 5 10:55:02 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: Marjolein Katsma wrote: > But what you describe there is not "nudity" - and partner preference > has nothing to do with it either. Nudity, of and by itself, cannot be > considered porn - sexual activities might be. Tell that to the folks who get arrested for "child pornography" for taking pictures of their 3-4 year old children playing in the bathtub......(no, I'm not making that up). From nobody at spamcop.net Mon Apr 5 11:56:37 2004 From: nobody at spamcop.net (Pop Rivet) Date: Mon Apr 5 11:00:04 2004 Subject: [SpamCop-List] Re: Comcast strikes again! In-Reply-To: References: Message-ID: caroljean52 wrote: ... > Guess what I just discovered: > > Comcast will not let me forward spam to the FTC or the FDA! > ... I might be able to do something with that information: Exactly HOW do they prevent you from forwarding to those address, which addresses did you use, and are there any error or other message numbers associated with the refusal to let you forward them? Why did you specify "forward" as opposed to "send"? Can you Send to them if it is not a forward? TIA Pop From rwcs at spamcop.net Mon Apr 5 11:57:51 2004 From: rwcs at spamcop.net (Bob Wheatley) Date: Mon Apr 5 11:00:31 2004 Subject: [SpamCop-List] Filters for SC Mail Message-ID: I would like to know how to "filter" the chronic SPAMMERs from my SC "Held Mail". After a zillion complaints these people still find it necessary to inform me of their wonderful products 5 times a day. No amount of complaining is going to stop them and the filters in "check mail" don't seem to work for the "held mail". I joined SC to help rid myself of the clutter of SPAM, and I don't better things to do with my time to spend it dealing with the chronic cases. What can SC offer? Bob From eddie at eddie.web Mon Apr 5 11:59:33 2004 From: eddie at eddie.web (eddie) Date: Mon Apr 5 11:00:36 2004 Subject: [SpamCop-List] slowness is good for the spammers Message-ID: In the morning, recently, it takes me 5 minutes for SC to process each piece of spam - and this is if everything goes smoothly. When I get a "no links found" after waiting 5 minutes, I then have to manually process the spam that SC fails to parse properly and if it takes several submissions to get it right, that could mean nearly 15 minutes for one single piece of spam. Then, if I get the "Gateway Timeout" all bets are off. Now, because of SC's method of only processing each piece of held mail once, I have to manually list all the processed, partially processed and unprocessed spams and keep track of them. Sometimes I think about just deleting the entire stack of spam and admitting that we are losing the war. I haven't done this yet, but I am getting near that point. Usually, in the evenings, SC runs fast, as usual, but my spam load is there in the morning and I really don't want to spend my first hour parsing, tagging and manually processing spam. That's what SC is supposed to do 24/7. What's going on? All I see is the same message about knowing about this problem and investigating it. From fsdedbe02 at sneakemail.com Mon Apr 5 16:10:52 2004 From: fsdedbe02 at sneakemail.com (Roman) Date: Mon Apr 5 11:15:03 2004 Subject: [SpamCop-List] Question concerning nameservers for medicalfhtjk.com Message-ID: Hello In investating a spam I received I noticed that in the whois of spamvertised domain (medicalfhtjk.com), the nameservers are defined as ns9.lifesmile.biz, ns4.lifesmile.biz and ns6.lifesmile.biz. A check on the whois information of lifesmile.biz showed that the domain is already inactive due to invalid whois info. It seems to be inactive since 04. December 2003 (last update of lifesmile whois info), but the mentioned nameservers still resolve (for example ns9 resolves to 220.175.8.20) How is that possible,and what can one do ? I would think that after 3 month the DNS information should have propagated to the relevant DNS servers. Both mentioned domains were registered with joker.com. Thanks and regards Roman From nobody at spamcop.net Mon Apr 5 16:13:50 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 11:15:13 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Berny (bar_n0ne@hotmail.com) wrote in news:c4rpd6$p3t$1@news.spamcop.net: >> Actually, I suspect they were clueless enough not to take any action at >> all but instead send a standard response :) > > Doesn't matter, they have made a public confession here. A hard thing to > undo in court. at the very least embarrassing. No they didn't make any sort of public confession. The OP quoted from a mail they sent here - that's something *completely* different. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 12:21:57 2004 From: nobody at spamcop.net (Pop Rivet) Date: Mon Apr 5 11:25:03 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Spam Pop (nobody@spamcop.net) wrote in news:c4kf0n$nb3$1 > @news.spamcop.net: > > >>http://www.zedo.com/zedo/company/press/20020610-wired.jsp > ... > > Oh. If you _allow_ them to open a separate window, of course. But why > would you? > > Sounds like author Chris Anderson has never used a decent browser - or > even an undecent browser with a decent popup stopper. > > Why are you so quick to criticize and denigrate anyone who doesn't use what YOU use, and who doesn't know the things that YOU think YOU know? Are you really so myopic as to think that you are the only one who knows the correct answers when in fact many of your observations are crass and even derogatory? Don't your scruples ever make you twinge that you can profess there is only one answer, yours, when in fact, there are many, and in many cases you do not posess all of the information to make such judgements? You have changed in the last few months. From nobody at spamcop.net Mon Apr 5 16:34:28 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 11:35:03 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:40715245.2D70 @xyzzy.claranet.de: > Yes. BTW, with some difficulties I was able to start Netscape > 4.x for this survey, and that did the trick. OTOH, on my side > of this survey all I got were essentially two pages, each page > with a big form. Not one dependency between different points > of the survey, so there was _no_ reason to use JavaScript (or > rather JS better than JS 1.1) in this survey. I agree: nothing more is needed than a (pre)validation of required fields completed. (Although *if* you use XHTML, you probably need a later version of JavaScript to be compatible with that - but that's a technical requirement rather than a functional one.) And such a check is a nice (usability) 'extra' in JavaScript as the same check _should_ be done on the server anyway, but without JS available you need an extra feedback mechanism (design development) in case of errors. (Meaning: a developer can be "lazy" by requiring JavaScript.) > Just two method="post" forms in plain XHTML 1.0 could handle > the input side of this survey (the XHTML subset also known in > HTML 3.2, buttons only within forms, the works). Yup. Plain and simple forms. (But better in XHTML, even if it's the same elements.) > It's probably still interesting to collect and later evaluate > the input, and present the results, but nothing required more > than HTML 2.0 + tables for the input. No tables needed - even that is presentation only; recommended for usability though. But if you *do* use tables it makes the need for accessibility code more pressing, by (at least) adding label tags to tie fields to their prompts; and you'd need extra markup for data tables as well. > No idea. But collecting and evaluating method="post" input > can't be too difficult, It's probably less simple if question > 4 depends on the answer to question 3, i.e. if you have some > kind of control flow. There's a "bit" more to it than that but you get the idea. :) Merely *collecting* data from a form isn't all there is to a polling system: you also need the facilities to actually design and define the data needed, for one or more polls, and the part that (after collection) actually stores it all, preferably in a database (which also needs to be designed, created, and capable of storing *all* data of *all* polls, created, active, inactive, for one or more poll "takers"). > And you couldn't outsource the text input evaluation, only > Ellen / Julian / etc. would understand our "ad 9" comments in > question 7 mentioning newsgroups... ;-) You did that too, then? Good. > Assuming that anybody reads the text input at all. I go on the assumption there's no deed to *design* those questions when the responses are not going to be read. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 09:51:46 2004 From: nobody at spamcop.net (Chris) Date: Mon Apr 5 11:55:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: References: Message-ID: Technomage wrote: > I sent nearly 90 spam reports into spamcop last night (6 hours ago, in > fact), I have yet to receive one confirmation of this event, period. > > Normally, I see such confirmation within 3 minutes of initial send, but > not tonight!. > > I would like someone to look into this for me as soon as possible. I would > hate to have my reports go unanswered because of a problem no one knew > about. I too sent a bunch of spam yesterday and never received one confirmation email. However, I tried sending from another email address that was NOT my cox.net account and it went through very quickly. I'm guessing that cox is either having problems delivering email (not likely as other emails seem to be going through NOT addressed to spamcop) or they are filtering/holding emails sent to spamcop.net. I have also noted very slow forwarding to spamcop from cox.net also. I've hit report a few times and the reporting period had expired which could only be because cox had been holding the emails in the queue for a few days. CKH From SpamCop at pantheus.com Mon Apr 5 09:52:03 2004 From: SpamCop at pantheus.com (Pantheus) Date: Mon Apr 5 11:55:19 2004 Subject: [SpamCop-List] wtf now ct-abuse@sprint.net does not wish to receive user-copied reports. Message-ID: ct-abuse@sprint.net does not wish to receive user-copied reports. ct-abuse@sprint.net does not wish to receive user-copied reports. ct-abuse@sprint.net does not wish to receive user-copied reports Not that they did a damn thing about them, anyway. But these are NOT user chosen addresses, but check boxes which have always been default to checked and still are. No user action involved except hitting send. Tracking is lost, but this may find it. Submitted: Mon 05 Apr 2004 08:44:05 AM PDT -0700: Buy Generic Phentermine, Generic Viagra & More With NO PRESCRIPTION! seefvenu... * 860609612 ( http://grocer.secrtmeds.com/gp/default.asp?id=1... ) To: postmaster@cta.cq.cn * 860609599 ( http://eft.secrtmeds.com/gp/default.asp?id=10045 ) To: postmaster@cta.cq.cn * 860609593 ( http://astonish.secrtmeds.com/er/er.asp?folder=gp ) To: postmaster@cta.cq.cn -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From nobody at spamcop.net Mon Apr 5 09:55:20 2004 From: nobody at spamcop.net (Chris) Date: Mon Apr 5 12:00:05 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: References: Message-ID: I also want to point out that my wife has a free account at SC also. The same thing has been happening with her account (I get all the confirmation emails and get to click the report button). She reported quite a few yesterday (Sunday) also and none of them went through when sent from her cox.net email account. She never did try an alternate email address like I am doing now. CKH From nobody at spamcop.net Mon Apr 5 16:56:45 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 12:00:16 2004 Subject: [SpamCop-List] Re: Australian spam References: Message-ID: spamcop (spamcop@oitc.com) wrote in news:BC96D4E2.2C8F%spamcop@oitc.com: > The Aussie government wants to know about since they have a new > antiSpam law. Since SC knows when the souce (or a relay) if the spam > comes from AU and if a spamvertized website is on a AU CIDR block, > Maybe SC should forward spam reports to the two reporting addresses > listed on the Gov website: > > http://www.aca.gov.au/consumer_info/spam/ Excellent! I've immediately added it to the 'General spam and country-specific reporting addresses' section of the Spam Reporting Addresses - see http://banspam.javawoman.com/report3/gen1.html This allows manual reports and paying reporters can also easily add the appropriate address with a SpamCop report. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 13:17:40 2004 From: nobody at spamcop.net (indigo) Date: Mon Apr 5 12:20:02 2004 Subject: [SpamCop-List] Re: Thank You, SpamCop !! References: Message-ID: Martin J. Lutterman wrote: We've all bought stuff on the > Internet that turned out to be either useless or unnecessary... Uhm, no *we* all haven't.....no wonder you were drowning under spam......sounds like you actually bought some spamvertised crap ..... From nobody at spamcop.net Mon Apr 5 13:32:14 2004 From: nobody at spamcop.net (Ellen) Date: Mon Apr 5 12:35:04 2004 Subject: [SpamCop-List] Re: wtf now ct-abuse@sprint.net does not wish to receive user-copied reports. References: Message-ID: "Pantheus" wrote in message news:pan.2004.04.05.15.52.02.425977@pantheus.com... > ct-abuse@sprint.net does not wish to receive user-copied reports. > ct-abuse@sprint.net does not wish to receive user-copied reports. > ct-abuse@sprint.net does not wish to receive user-copied reports > Panic not -- I just set this to no reports about 10 minutes before you posted -- gee nothing goes unnoticed for long does it :-) Sprint needs reports turned off for a while while they investigate some problems and so I turned them off. Nothing nefarious here and they will be turned back on when the problems are resolved. And no I don't know why the system is saying user-copied reports. Ellen From nobody at spamcop.net Mon Apr 5 17:40:45 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 12:45:17 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: Pop Rivet (nobody@spamcop.net) wrote in news:c4rtii$vso$1 @news.spamcop.net: > Why are you so quick to criticize and denigrate anyone who doesn't > use what YOU use, > and who doesn't know the things that YOU think YOU know? I'm not "quick". I just expect IT journalists to know their business and not tell people "there is no escape" when there is, and was even a few years ago. Not just a single product either. No one has to use what I use; I'm merely induicating that products are and _were_ available even at teh time the article was written. There's is such a thing as 'research'. Looks like not much of it was done for this article. > You have changed in the last few months. No I haven't. I never had much patience with bad journalism. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From RobertTaylor at SpamCop.net Mon Apr 5 14:11:53 2004 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Apr 5 13:15:03 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: In news:c4rrlh$sh1$1@news.spamcop.net, indigo sent: > Robert Taylor wrote: >> >> I guess it is clear that I am opposed to censorship, gross or subtle. >> It seems to me that our Constitution, with its Bill of Rights, >> guarantees us the prerogative to say or write anything we please > > It certainly (apparently) gives Oprah these rights, but (the FCC) won't > allow Howard Stern to replay Oprah's show on *his* show....... Since I have never seen either show (yes, *never* --I gave away 3 TV-Sets in 1990 and have congratulated myself almost daily ever since**) I can't comment specifically on this case, but it sounds absurd on the face of it (IIUC). It's not surprising, though, given recent onslaughts by the various "decency-brigades" in our midst that seem to multiply while we sleep. "The price of liberty is eternal vigilance", as someone once remarked (I think--close, anyway). Cold comfort in these parlous times; but that's where we are, folks. So /watch/ it! Our rights are still there, in black and white and in countless decisions over the decades; we only have to insist that they be observed. Not easy, perhaps, but necessary. Otherwise, it's 1984^3! (Of course, it's unfortunate, as someone else has remarked, that the people with the greatest freedom of speech in our world are the people who own the mass media. But, what the hell; we do what we can.) [Topic_drift(n) out of bounds: Out.] (**) N.b.: No TV-snobbery here; I just simply don't have the time to watch all the stuff I'd /like/ to watch! Regards, -- Robert eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm (1506 nix nix - Dizzy Gillespie, foo Mgr.) From nobody at spamcop.net Mon Apr 5 14:27:55 2004 From: nobody at spamcop.net (indigo) Date: Mon Apr 5 13:30:03 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: Robert Taylor wrote: > In news:c4rrlh$sh1$1@news.spamcop.net, > indigo sent: > > > Robert Taylor wrote: > > > > > > I guess it is clear that I am opposed to censorship, gross or > > > subtle. It seems to me that our Constitution, with its Bill of > > > Rights, guarantees us the prerogative to say or write anything we > > > please > > > > It certainly (apparently) gives Oprah these rights, but (the FCC) > > won't allow Howard Stern to replay Oprah's show on *his* show....... > > Since I have never seen either show (yes, *never* --I gave away 3 > TV-Sets in 1990 and have congratulated myself almost daily ever > since**) I can't comment specifically on this case, but it sounds > absurd on the face of it (IIUC). It's not surprising, though, given > recent onslaughts by the various "decency-brigades" in our midst that > seem to multiply while we sleep. It is patently absurd, but it's worse than that actually. The Bush crowd has a hard-on for Howard now the he has spoken out against the current administration on his radio show, so they're pushing the FCC to get him off the air. Separate "decency" rules for separate broadcast personalities. Effing arrogant hypocrites. From usenet1 at DE.LETE.THISljvideo.com Mon Apr 5 18:36:52 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Mon Apr 5 13:40:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <40705A43.5050806@spamcop.net> Message-ID: Waiving the right to remain silent, Tim McGraw said: > Larry Jandro wrote: >> Waiving the right to remain silent, "Mike Easter" >> said: >> >>>Empty BCC line in header. SC can't parse the body if there's >>>an empty BCC line. >> >> What the he!! good is Spamcop's reporting system if one needs >> to manually correct the email's headers..? >> >> Only dedicated geeks understand headers. Wasn't that supposed >> to be the purpose of the parser - to do the work for the >> AVERAGE user..? > > Q: Do you believe this is spamcop's "fault"? Or the spammer's? I know that a year or so ago, Spamcop had no problems finding links in the body. Then, it got "improved" to the point that reporting now requires an understanding of headers and manual "fixing." -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From rmu93awSPAMB02 at sneakemail.com Mon Apr 5 13:42:51 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Mon Apr 5 13:45:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? In-Reply-To: References: <40705A43.5050806@spamcop.net> Message-ID: Larry Jandro wrote: > [snip] >>Q: Do you believe this is spamcop's "fault"? Or the spammer's? > > I know that a year or so ago, Spamcop had no problems finding links > in the body. Including "links" that *shouldn't* have been found. > Then, it got "improved" to the point that reporting now > requires an understanding of headers and manual "fixing." I agree to a point. The parser is now less tolerant of RFC ignorant mail servers - as it should be. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From eddie at eddie.web Mon Apr 5 14:53:57 2004 From: eddie at eddie.web (eddie) Date: Mon Apr 5 13:55:04 2004 Subject: [SpamCop-List] "no data/too much data" AFTER parsing Message-ID: I don't understand this one. The spam is normal size and it parses properly. When I click the report button, I get the "no data/too much data" error page. I am past the submission part, where I would expect this kind of error message. Is it the spam itself or another SC glitch? This problem plus the molasses processor is really making SC less than satisfactory. I have posted the spam in .spam under the subject of: "no data/too much data" Remember, the error comes AFTER the parse, which works properly, ignoring the slowness. From eddie at eddie.web Mon Apr 5 14:57:55 2004 From: eddie at eddie.web (eddie) Date: Mon Apr 5 14:00:05 2004 Subject: [SpamCop-List] Re: "no data/too much data" AFTER parsing References: Message-ID: On Mon, 05 Apr 2004 13:53:57 -0400, eddie wrote: > I don't understand this one. there are some long lines which may be causing the problem - I have deleted the spam without reporting it. Score one more for the bad guys. Are they figuring it out and working around the system? From usenet1 at DE.LETE.THISljvideo.com Mon Apr 5 18:59:11 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Mon Apr 5 14:00:15 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? References: <4071472C.1BD1@xyzzy.claranet.de> Message-ID: Waiving the right to remain silent, "Mike Easter" said: > I don't know why this is a different kind of problem for BCC > than it would be for, say, an empty CC: line. Maybe I'll tinker > with that as an experiment and see if SC barfs on that. All well and good, but why has this any effect on locating URLs in the BODY..? -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From jseymour at spamcop.net Mon Apr 5 12:06:22 2004 From: jseymour at spamcop.net (Jim Seymour) Date: Mon Apr 5 14:10:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? In-Reply-To: References: <40705A43.5050806@spamcop.net> Message-ID: Spambo wrote: > I agree to a point. The parser is now less tolerant of RFC > ignorant mail servers - as it should be. I disagree. Spamcop should be *more* tolerant of RFC violations. It's primary goal should be to accept any message for reporting that the typical mail server accepts - even if they are non-compliant. -- Jim Seymour. I do not work for Spamcop, I did not write pflogsumm, and I never wrote for PC Magazine. From baloo at ursine.ca Mon Apr 5 12:07:37 2004 From: baloo at ursine.ca (Paul Johnson) Date: Mon Apr 5 14:20:03 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> <87wu4vuu56.fsf@ursine.ca> Message-ID: <87u0zywb6e.fsf@ursine.ca> "Frog Prince" writes: > "Paul Johnson" > > | > | > Comcast will not let me forward spam to the FTC or the FDA! > | > | > | > | Get a commercial account, run a mail server. That's how I solved that > | > | one before it got started. > | > > | > Isn't a commercial account much more expensive? > | > | Yeah, but that's what's nice about having roommates to chip in. > > Since my room mate is my wife the money may come from a different pocket but > still the same pair of pants. > > Aside from a higher bill what are the other advantages to a commercial cable > account? I ask (we're on Charter) as there may be some real advantage to us. > FWIW trying to get an accurate answer out of Charter Sales is much more > difficult than getting straight answers out of tech support. More bandwidth...not a lot else. Still cheaper than most anybody else for the bandwidth. -- Paul Johnson From nobody at spamcop.net Mon Apr 5 12:14:31 2004 From: nobody at spamcop.net (TheWanderer) Date: Mon Apr 5 14:20:22 2004 Subject: [SpamCop-List] Not from Africa.. Message-ID: Mrs. Luisa Estrada Metro-Manila Philippines 3rd April 2004 email:estrada_l2003@sify.com(respond here) Dear Friend, My name is LUISA ESTRADA,The wife of Mr. JOSEPH ESTRADA, the former President of Philippines located in the South East Asia. My husband was recently impeached from office by a backed uprising of mass demonstrators and the Senate. My husband is presently in jail and facing trial on charges of corruption, embezzlement, and the mysterious charge of plunder which might lead to death sentence. The present government is forcing my husband out of Manila to avoid demonstration by his supporter. During my husband's regime as president of Philippin! e, I realized some reasonable amount of money from various deals that I successfully executed. I have plans to invest this money for my children's future on real estate and industrial production. My husband is not aware of this because I wish to do it secretly for now.before my husband was impeached, I secretly siphoned the sum of30 ,000,000 million USD (Thirty million United states dollars) out of Philippines and deposited the money with a security firm that transports valuable goods and consignments through diplomatic means. I am contacting you because I want you to go to the security company and claim the money on my behalf since I have declared that the consignment belong to my foreign business partner. You shall also be required to assist me in investment in your country. I hope to trust you as a God fearing person who will not sit on this money when you claim it, rather assist me properly, I expect you! to declare what percentage of the total money you will take for yo ur assistance. When I receive your positive response I will let you know where the security company is and the payment pin code to claim the money which is very important. For now, let all our communication is by e-mail because my line are right now connected to the Philippines Telecommunication Network services. Please also send me your telephone and fax number. I will ask my son contact you to give you more details on after i have received a response from you. Thank you and God bless you and family. LUISA ESTRADA From rmu93awSPAMB02 at sneakemail.com Mon Apr 5 14:38:40 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Mon Apr 5 14:40:03 2004 Subject: [SpamCop-List] Re: Why doesn't SC find this spammer's address? In-Reply-To: References: <40705A43.5050806@spamcop.net> Message-ID: Jim Seymour wrote: > Spambo wrote: > >> I agree to a point. The parser is now less tolerant of RFC >> ignorant mail servers - as it should be. > > I disagree. Spamcop should be *more* tolerant of RFC violations. IMO if an admin isn't willing to set up his/her server to be in compliance with the appropriate RFCs then that admin is part of the problem, not part of the solution. > It's primary goal should be to accept any message for reporting that the > typical mail server accepts - even if they are non-compliant. If you know how to 'teach' the parser to determine whether an inconsistency is due to incompetence of a server's setup, user errors (such as full headers and rendered HTML body submissions), intentional manipulation of the headers by malicious users, or dirty spammer tricks (header forgeries, for example) I'm sure the knowledge would be welcomed by Julian. Until Julian can come up with this "magic pill" the primary goal should be *accuracy* and no reports generated to any abuse department that the parser isn't 'reasonably sure' should be a recipient. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From mrichter at cpl.net Mon Apr 5 12:53:15 2004 From: mrichter at cpl.net (Mike Richter) Date: Mon Apr 5 14:55:02 2004 Subject: [SpamCop-List] Re: Not from Africa.. References: Message-ID: <4071AB1B.10709@cpl.net> TheWanderer wrote: > Mrs. Luisa Estrada > Metro-Manila > Philippines > 3rd April 2004 > email:estrada_l2003@sify.com(respond here) > > Dear Friend, > > My name is LUISA ESTRADA,The wife of Mr. JOSEPH ESTRADA, the former > President of Philippines located in the South East Asia. Spam belongs in the .spam newsgroup; an excerpt here makes some sense in this case, but not the whole thing, please. FYI: This morning, I go a "419" nominally from South Korea. That's a new source for me, but I've seen Estrada for some time (and in multiple copies). Mike -- mrichter@cpl.net http://www.mrichter.com/ From nobody at spamcop.net Mon Apr 5 21:16:53 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 16:20:13 2004 Subject: [SpamCop-List] Re: Ebay Con Spam References: <5657-406762B7-190@storefull-3212.bay.webtv.net> Message-ID: indigo (nobody@spamcop.net) wrote in news:c4rrqd$sv5$1@news.spamcop.net: > Tell that to the folks who get arrested for "child pornography" for > taking pictures of their 3-4 year old children playing in the > bathtub......(no, I'm not making that up). I know you're not making that up. I consider myself privileged not to live in a country where such insane things can happen, even in the name of the law. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From dms at zetnet.co.uk Mon Apr 5 22:20:11 2004 From: dms at zetnet.co.uk (Donna Smillie) Date: Mon Apr 5 16:25:03 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: On Mon, 5 Apr 2004 15:13:50 +0000 (UTC), Marjolein Katsma wrote: >Berny (bar_n0ne@hotmail.com) wrote in news:c4rpd6$p3t$1@news.spamcop.net: > >>> Actually, I suspect they were clueless enough not to take any action at >>> all but instead send a standard response :) >> >> Doesn't matter, they have made a public confession here. A hard thing to >> undo in court. at the very least embarrassing. > >No they didn't make any sort of public confession. The OP quoted from a >mail they sent here - that's something *completely* different. Have to agree here. While *I* know that what I quoted in my original post was taken verbatim from the reply they sent me, I suspect the post itself would not be accepted as evidence of anything in a court of law. :-) As it happens, there's a thread in NANAE about Limelight, and it appears they have been sending out *exactly* the same reply to other abuse reports about 419 scam emails. Clueless, couldn't care less or complicit? Hard to tell. Whatever way you look at it though, it doesn't reflect well on them, and I wouldn't want to do business with them. I wish there was some way of taking them and their openly criminal customer(s) to court. But at the moment, I have no evidence that either is based in the UK, which makes it difficult. And there are so many 419 scam emails floating around that the police in the UK are now only interested in receiving details if there is a more concrete contact point than an email address (unless one has been foolish enough to get sucked in and lose money to these criminals of course). Donna From nobody at spamcop.net Mon Apr 5 21:28:04 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 16:30:03 2004 Subject: [SpamCop-List] Re: Not from Africa.. References: Message-ID: TheWanderer (nobody@spamcop.net) wrote in news:c4s7ol$evp$1 @news.spamcop.net: > Mrs. Luisa Estrada > Metro-Manila > Philippines > 3rd April 2004 > email:estrada_l2003@sify.com(respond here) Since you don't give actual headers, it's not at all sure it's not from Africa. Where these 419 scams "say" they're from is very often not where they're really from. But since 419'ers now resort to using trojaned proxies like any other spammer, it's much harder to see where it really was sent from. The only thing you can be pretty sure of is that it's usually not the country they claim it's from. (I have a 419 scam supposedly from Hong Kong, looking for a stand-in to claim the inheritance of a non-existant someone who supposedly died in a plane crash in China, sent from Africa; and that's an oldie!) Spammers lie - and so do 419'ers, only more. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From me at privacy.net Mon Apr 5 17:09:32 2004 From: me at privacy.net (Frog Prince) Date: Mon Apr 5 16:30:16 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> <87wu4vuu56.fsf@ursine.ca> <87u0zywb6e.fsf@ursine.ca> Message-ID: "Paul Johnson" wrote in message news:87u0zywb6e.fsf@ursine.ca... | "Frog Prince" writes: | | > "Paul Johnson" | > | > | > | > Comcast will not let me forward spam to the FTC or the FDA! | > | > | | > | > | Get a commercial account, run a mail server. That's how I solved that | > | > | one before it got started. | > | > | > | > Isn't a commercial account much more expensive? | > | | > | Yeah, but that's what's nice about having roommates to chip in. | > | > Since my room mate is my wife the money may come from a different pocket but | > still the same pair of pants. | > | > Aside from a higher bill what are the other advantages to a commercial cable | > account? I ask (we're on Charter) as there may be some real advantage to us. | > FWIW trying to get an accurate answer out of Charter Sales is much more | > difficult than getting straight answers out of tech support. | | More bandwidth...not a lot else. Still cheaper than most anybody else | for the bandwidth. I get (officially) 3K down and 256 up in practice a lot less for $40 per month. How does the compare with what you're getting? I called Charter and no one has a clue about anything 'commercial'. I did get one that gave me a quote 'around $1000 per month but again no idea of bandwidth in either direction. (T1 can be had for $500-600 per month in parts of WNC but that's through 3rd party resellers.) From me at privacy.net Mon Apr 5 17:11:35 2004 From: me at privacy.net (Frog Prince) Date: Mon Apr 5 16:30:30 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> Message-ID: "Marjolein Katsma" < | | > Yes. BTW, with some difficulties I was able to start Netscape | > 4.x for this survey, and that did the trick. OTOH, on my side | > of this survey all I got were essentially two pages, each page | > with a big form. Not one dependency between different points | > of the survey, so there was _no_ reason to use JavaScript (or | > rather JS better than JS 1.1) in this survey. | | I agree: nothing more is needed than a (pre)validation of required | fields completed. (Although *if* you use XHTML, you probably need a | later version of JavaScript to be compatible with that - but that's a | technical requirement rather than a functional one.) | | And such a check is a nice (usability) 'extra' in JavaScript as the same | check _should_ be done on the server anyway, but without JS available | you need an extra feedback mechanism (design development) in case of | errors. (Meaning: a developer can be "lazy" by requiring JavaScript.) | | > Just two method="post" forms in plain XHTML 1.0 could handle | > the input side of this survey (the XHTML subset also known in | > HTML 3.2, buttons only within forms, the works). | | Yup. Plain and simple forms. (But better in XHTML, even if it's the same | elements.) | | > It's probably still interesting to collect and later evaluate | > the input, and present the results, but nothing required more | > than HTML 2.0 + tables for the input. | | No tables needed - even that is presentation only; recommended for | usability though. But if you *do* use tables it makes the need for | accessibility code more pressing, by (at least) adding label tags to tie | fields to their prompts; and you'd need extra markup for data tables as | well. | | > No idea. But collecting and evaluating method="post" input | > can't be too difficult, It's probably less simple if question | > 4 depends on the answer to question 3, i.e. if you have some | > kind of control flow. | | There's a "bit" more to it than that but you get the idea. :) Merely | *collecting* data from a form isn't all there is to a polling system: | you also need the facilities to actually design and define the data | needed, for one or more polls, and the part that (after collection) | actually stores it all, preferably in a database (which also needs to be | designed, created, and capable of storing *all* data of *all* polls, | created, active, inactive, for one or more poll "takers"). | | > And you couldn't outsource the text input evaluation, only | > Ellen / Julian / etc. would understand our "ad 9" comments in | > question 7 mentioning newsgroups... ;-) | | You did that too, then? Good. | | > Assuming that anybody reads the text input at all. | | I go on the assumption there's no deed to *design* those questions when | the responses are not going to be read. | For the paid surbscrivers the user name pass word fo the unpaid the forward to email address. The results could be weigh against the total usage. i;e heavy user gets more consideration casual less. From me at privacy.net Mon Apr 5 17:21:01 2004 From: me at privacy.net (Frog Prince) Date: Mon Apr 5 16:30:38 2004 Subject: [SpamCop-List] Re: Obscenity: [ WAS Ebay Con Spam] References: <5657-406762B7-190@storefull-3212.bay.webtv.net> <406F3452.3080309@spamcop.net> Message-ID: "indigo" | > > It certainly (apparently) gives Oprah these rights, but (the FCC) | > > won't allow Howard Stern to replay Oprah's show on *his* show....... | > | > Since I have never seen either show (yes, *never* --I gave away 3 | > TV-Sets in 1990 and have congratulated myself almost daily ever | > since**) I can't comment specifically on this case, but it sounds | > absurd on the face of it (IIUC). It's not surprising, though, given | > recent onslaughts by the various "decency-brigades" in our midst that | > seem to multiply while we sleep. | | It is patently absurd, but it's worse than that actually. The Bush crowd has | a hard-on for Howard now the he has spoken out against the current | administration on his radio show, so they're pushing the FCC to get him off | the air. Separate "decency" rules for separate broadcast personalities. | Effing arrogant hypocrites. | I have no use for Stern and don;t watch Ohpra but an greatly concerned about all rights abuses under Bush and co. From nobody at spamcop.net Mon Apr 5 21:46:05 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 16:50:03 2004 Subject: [SpamCop-List] Re: Seems you can now opt in to receive 419 scam emails... References: Message-ID: Donna Smillie (dms@zetnet.co.uk) wrote in news:bhe370125sut02d9upff75en5os3d70qqk@4ax.com: > As it happens, there's a thread in NANAE about Limelight, and it > appears they have been sending out *exactly* the same reply to other > abuse reports about 419 scam emails. Heh, doesn't surprise me. Call it gut feeling, but somehow that little paragraph you quoted sounded a little too "routine" to me. Really; I don't follow NANAE! > I wish there was some way of taking them and their openly criminal > customer(s) to court. But at the moment, I have no evidence that > either is based in the UK, which makes it difficult. And there are so > many 419 scam emails floating around that the police in the UK are now > only interested in receiving details if there is a more concrete > contact point than an email address (unless one has been foolish > enough to get sucked in and lose money to these criminals of course). That's a pity. A real email address (used as dropbox) is the start of a real trail that could be followed. The 419 scams *depend* on providing real contact point, which will be either a real phone number, or a real email address (often in the body - not whatever is mentioned in the From or Reply-To) - or both. The person picking up the phone may not be the sender of the spam (or an attorney), but *will* be part of the gang or employed by them. Thus, when reporting 419 scams, I *always* add a report to abuse@ the provider of the dropbox email address, urging them to close the criminal's account(s). Then again, it seems that before the Dutch police arrested 52 here recently, chello.nl had actually been "cooperating" by *not* closing down any accounts, to provide the police with more of a trail; still the start of such trails need to be reported... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From pete at heypete.com Mon Apr 5 14:54:27 2004 From: pete at heypete.com (Pete Stephenson) Date: Mon Apr 5 16:55:04 2004 Subject: [SpamCop-List] [C&C] Fun with spammers! Message-ID: Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. It's stories like these that makes me wish I ran an internet cafe. :) http://www.linux.ie/pipermail/ilug/2004-April/013049.html -- Pete Stephenson HeyPete.com From Merlyn at Spamcop.net Mon Apr 5 18:03:31 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Apr 5 17:05:03 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Pete Stephenson" wrote in message news:pete-D27352.13542705042004@news.cesmail.net... > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > It's stories like these that makes me wish I ran an internet cafe. :) > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > I got a chuckle out of that one also Pete! I sure would like to know what was on that card...... -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Mon Apr 5 22:29:27 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 17:30:02 2004 Subject: [SpamCop-List] Decode 8859-1 subject? Message-ID: Anyone know of an online tool somewhere where a subject like =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= can be decoded? (Given that it's 8859-1 it should be perfectly readable when decoded - I just don't know how to do it). An instalable script (PHP, Perl) would be fine, too. I just want to know what the subject is so I can maybe add a reporting address. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 22:36:16 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 17:40:02 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> Message-ID: Frog Prince (me@privacy.net) wrote in news:c4sfip$nd1$4@news.spamcop.net: > For the paid surbscrivers the user name pass word fo the unpaid the > forward to email address. I'm not sure which part of my post you're responding to here - or even if your'e just tagging it to a post to add something without responding... IOW, you lost me. > The results could be weigh against the total usage. i;e > heavy user gets more consideration casual less. That could be a _very_ bad idea: happy users could be using the system more, unhappy users less - you'd want to hear their responses loud and clear so you can turn them into happy users rather than downplay what may be the reason they're not happy about. Unless you really want a bias towards happy users, and ignore the unhappy ones, of course. Surveys and polls form a really fun branch of applied statistics. But then I'm biased because I had some formal schooling in statistics. ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From michel_bourgois at hotmail.com Tue Apr 6 00:38:27 2004 From: michel_bourgois at hotmail.com (Michel) Date: Mon Apr 5 17:40:21 2004 Subject: [SpamCop-List] Silent reports Message-ID: Hello, I don't understand what's going on. It seems that Spamcop has changed its operation mode. I've no longer any checkbox to click into. All the complain addresses are labeled "silent report". All reports are /dev/nulled. What does all that mean ? Is there anything that changed in the way Spamcop deals with the spam reports ? Usually with every chinese spam, I had loads of addresses to complain to. Now only 3. I'm afraid I report my spam for nothing. Plus, before changing my unique spamcop email address to report to, I had no acknowledgement from Spamcop at all, one week long. Is there anything personal against me or what ? Any ideas ? Regards. From rmu93awSPAMB02 at sneakemail.com Mon Apr 5 17:45:02 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Mon Apr 5 17:45:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Anyone know of an online tool somewhere where a subject like > > =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= > > can be decoded? (Given that it's 8859-1 it should be perfectly readable > when decoded - I just don't know how to do it). An instalable script (PHP, > Perl) would be fine, too. I just want to know what the subject is so I can > maybe add a reporting address. Do you have Mozilla? If so you can simply put the entire line (equal signs at both ends included) into the Subject line of a blank message composition and then save it to your "Drafts" folder. Open your "Drafts" folder and the Subject will be shown decoded. At least this works for me. It *may* work similarly with other email clients as well. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From nobody at spamcop.net Mon Apr 5 23:17:18 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 18:20:05 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: Pete Stephenson (pete@heypete.com) wrote in news:pete- D27352.13542705042004@news.cesmail.net: > http://www.linux.ie/pipermail/ilug/2004-April/013049.html "He's asked his name and is told that he might like to come down for a chat in the local station. He says his wallet and ID are in the booth, so he walks in, rips a USB memory stick from the side of his laptop, tries to swallow it and makes a run for it." What a yummy juicy story! Best 419 bust report I've read in ages! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Mon Apr 5 16:17:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 18:20:22 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Spambo wrote: > Marjolein Katsma wrote: > >> Anyone know of an online tool somewhere where a subject like >> >> =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= OE converts to: Order today and get Overnight Shipping! > Do you have Mozilla? If so you can simply put the entire line (equal > signs at both ends included) into the Subject line of a blank message > composition and then save it to your "Drafts" folder. Open your > "Drafts" folder and the Subject will be shown decoded. > > At least this works for me. It *may* work similarly with other > email clients as well. Spambo's method or a derivative thereof works for OE as well. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 5 16:22:33 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 18:25:09 2004 Subject: [SpamCop-List] Re: Silent reports References: Message-ID: Michel wrote: > I've no longer any checkbox to click into. All > the complain addresses are labeled "silent report". All reports are > /dev/nulled. What does all that mean ? You have morphed into a mole. "Register as a "mole"? What's this?" -- http://www.spamcop.net/fom-serve/cache/373.html -- What is "mole" reporting? > Is there > anything personal against me or what ? > > Any ideas ? It's probably not personal. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 5 19:20:46 2004 From: nobody at spamcop.net (Anti-Spam) Date: Mon Apr 5 18:25:20 2004 Subject: [SpamCop-List] Re: Silent reports References: Message-ID: "Michel" wrote in message news:c4sjml$rra$1@news.spamcop.net... > Hello, > > I don't understand what's going on. It seems that Spamcop has changed its > operation mode. I've no longer any checkbox to click into. All the complain > addresses are labeled "silent report". All reports are /dev/nulled. What > does all that mean ? Is there anything that changed in the way Spamcop deals > with the spam reports ? Usually with every chinese spam, I had loads of > addresses to complain to. Now only 3. I'm afraid I report my spam for > nothing. > > Plus, before changing my unique spamcop email address to report to, I had no > acknowledgement from Spamcop at all, one week long. Is there anything > personal against me or what ? > > Any ideas ? If you just changed your spamcop submission address by re-registering, you probably (accidentally) selected "mole" reporting mode. This is for people who don't want to sent reports to the web sites' service providers, but just want to contribute to the SC block list (if you're concerned that spammers may still trace your e-mail address even after SC's munging.) Try re-registering again, but may sure you don't check the "mole reporting" option box. -- .sig Non-functional spambait addr: for34@qxqezhobhonp.net (generated by Webpoison) From nobody at spamcop.net Mon Apr 5 18:35:14 2004 From: nobody at spamcop.net (Cat) Date: Mon Apr 5 18:35:16 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: (top posting corrected) Eric Johannsen wrote: > "Mike Easter" wrote in message > news:c4i9ft$70j$1@news.spamcop.net... >>If you post a tracker, usually you will not need to post a complete >>spam. You should not post spams in this group spamcop or .help, these >>are for discussing spams. If a spam 'needs' to be posted somewhere >>instead of or in addition to the tracker, it should only be posted in >>the newsgroup .spam. > What's the reason for not posting spam here, if the intent of the post is to > discuss that specific spam? Well, first, if you read the posting rules on the forum page before posting here, you'll see where it says to only post spam in .spam and discuss it here. If people have to waste time digging through post after post of spam just to find real discussion, that's a waste of time. Also, we all get enough spam of our own without having to see yours in a place where we are promised a spam free environment. > I saw posts in spamcop.spam stating that that > is the wrong place for any discussion - so figured I would post here to ask > about the parse results I was seeing. Next time before you "figure" you'll do something, please read the posting rules first. > If I post a question about spam here > and just have the spam example as a "PS" to the question, it does not add > any additional posts to this list compared to if I post the question here > and the spam itself in a related news group. Not complaining, just > confused. No, but it does add spam that people should not have had to see in a place that is supposed to be spam free. Also, your habit of top posting and not limiting quoting makes it hard to follow the conversation. The preferred method of netiquette is to snip out any quoting that you aren't addressing and post your comments below each point you are replying to. This makes it much easier to follow. Often, people will just ignore posts where the reply is top posted and/or posts where people don't snip the unnecessary parts. From not at home.today Tue Apr 6 00:34:46 2004 From: not at home.today (Ant) Date: Mon Apr 5 18:40:16 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: "Marjolein Katsma" wrote... > Anyone know of an online tool somewhere where a subject like > > =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= > > can be decoded? (Given that it's 8859-1 it should be perfectly readable > when decoded - I just don't know how to do it). An instalable script (PHP, > Perl) would be fine, too. I just want to know what the subject is so I can > maybe add a reporting address. It's base64 when you remove "=?iso-8859-1?b?" from the start, and "?=" from the end. What's left translates to: Order today and get Overnight Shipping! This is useful, also for other encodings: http://www.ericphelps.com/scripting/samples/Decode.htm It uses vbscript, so requies IE. However if you save the page, you can run the functions off-line. From nobody at spamcop.net Mon Apr 5 18:38:41 2004 From: nobody at spamcop.net (Cat) Date: Mon Apr 5 18:40:25 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: Cat wrote: > If people have to waste time digging through post after > post of spam just to find real discussion, that's a waste of time. Oops, that was redundant. I meant that if people have to waste time digging through post after post of spam to find real discussion that they may just give up on the newsgroup and not try to find answers to their problems next time. From nobody at spamcop.net Mon Apr 5 18:44:46 2004 From: nobody at spamcop.net (Cat) Date: Mon Apr 5 18:45:03 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Pop Rivet wrote: Stop morphing to escape everyone's killfiles, troll. From nobody at spamcop.net Mon Apr 5 23:50:26 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 18:55:12 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Spambo (rmu93awSPAMB02@sneakemail.com) wrote in news:c4sjue$s69$1 @news.spamcop.net: > Do you have Mozilla? If so you can simply put the entire line (equal > signs at both ends included) into the Subject line of a blank message > composition and then save it to your "Drafts" folder. Open your > "Drafts" folder and the Subject will be shown decoded. Hmmm - I have Mozilla but with the email bits not installed. I'll remember that though. I'm not quite ready yet to switch to whatever-the- separate-mail-client-is-called (too late to be able to remember the name...). > At least this works for me. It *may* work similarly with other > email clients as well. My Eudora (an old version, admittedly) doesn't do anything with it; newer versions never seemed worth the upgrade price, so I don't know what they can do in that respect. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 18:54:58 2004 From: nobody at spamcop.net (Cat) Date: Mon Apr 5 18:55:22 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Pop Rivet (nobody@spamcop.net) wrote in news:c4rtii$vso$1 > @news.spamcop.net: > > >>Why are you so quick to criticize and denigrate anyone who doesn't >>use what YOU use, >> and who doesn't know the things that YOU think YOU know? > There's is such a thing as 'research'. Looks like not much of it was > done for this article. I agree. If the writer of the article doesn't bother to research properly, he's just passing on bad advice to people who don't otherwise know better. He could have easily researched ways to get rid of pop ups. Instead, he's just telling people they're stuck with it. >>You have changed in the last few months. > > > No I haven't. I never had much patience with bad journalism. I don't have much patience with bad journalism either. I'm majoring in broadcasting in college, and if I had churned out that sort of incorrect, unresearched fluff in any of my newswriting classes, I would not get a very good grade. It's a shame so many journalists are taught how to do the job right in school, yet they graduate and either don't care to do the research or ignore rules of ethics in newswriting that they were taught in school. From nobody at spamcop.net Mon Apr 5 23:55:19 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 19:00:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4slum$aq$1 @news.spamcop.net: > Order today and get Overnight Shipping! I'd give it 80% that that is an "online pharmacy" ;-) Nice little thread - excellently fulfilled my goal of learn something every day: I learned! Thanks all. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 00:03:54 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 19:05:03 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: Cat (nobody@spamcop.net) wrote in news:c4so3i$5ej$1@news.spamcop.net: >> No I haven't. I never had much patience with bad journalism. > > I don't have much patience with bad journalism either. I'm majoring in > broadcasting in college, and if I had churned out that sort of > incorrect, unresearched fluff in any of my newswriting classes, I > would not get a very good grade. It's a shame so many journalists are > taught how to do the job right in school, yet they graduate and either > don't care to do the research or ignore rules of ethics in newswriting > that they were taught in school. Veering way off-topic here - but could it be education rather than newswriting classes? I had teachers at primary school who *taught* us to question rather than simply accept things as given; and admonished us specifically that teachers (and generally "authorities") don't know everything either, and can be wrong. Maybe that lesson didn't stick with everyone, but it certainly stuck with me. I'm no journalist (or even a writer) but it seems to me a basic skill for a journalist would be to know how to question. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 5 20:06:12 2004 From: nobody at spamcop.net (Pop Rivet) Date: Mon Apr 5 19:10:04 2004 Subject: [SpamCop-List] Re: X-10 success story - In-Reply-To: References: Message-ID: Cat wrote: > Pop Rivet wrote: > > > > Stop morphing to escape everyone's killfiles, troll. > I know it's way too short and won't satisfy, but go screw yourself. I never have and never will morph. You not only don't know what you are talking about, but you are an inane idiot on top of everything. When you speak, I bet your uranus moves, doesn't it? If you don't like it, ignore it. If you can't ignore it, get help. If you can't get help, try for a skin transplant so that you no longer jump out of it for no reason, even when no one speaks to you. Someplace, you must have a zipper partly open. Flame away fart; I only return what I find. Do you realize that you can see the stars on a sunny afternoon if you are located at the bottom of a deep well? I don't killfile. But I am "cool" enough to say "nah, that's not worth reading" or even the opposite, when I look at a thread. Even if I don't like the author, it might still have something relevant to say. If things bothered me like they apparently do you, I'd probably have a problem too, but, well, let's call it being reasonable and realistic. Life's too short to let the liver quiver constantly. Hmm, that's all the cliche references I can think of for now - hth. Pop From nobody at spamcop.net Tue Apr 6 00:07:27 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 19:10:19 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: 32123 (32123 @ spamcop . net) wrote in news:c4slhn$v0h$1@news.spamcop.net: > In Perl, I use the following line to decode these: Thanks to Ant's reply I found I already "have" a ready-made tool, but I'm saving this bit for when I want to roll my own bit of code. Thanks! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 00:14:43 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 5 19:15:04 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Ant (not@home.today) wrote in news:c4smul$36h$1@news.spamcop.net: > It's base64 when you remove "=?iso-8859-1?b?" from the start, and "?=" > from the end. What's left translates to: Order today and get Overnight > Shipping! Bingo! I do have http://www.opinionatedgeek.com/DotNet/Tools/Base64Decode/Default.aspx loaded permanently when reporting and reasoned it would probably be base64 but tried pasting in the full string; it told me it couldn't do anything with it. Just getting the part between the last two question marks does the trick. (Yeah, I must read up on base64...) OK, so now I know *how* to use the tool I already "have" (also mentioned here, of course) for this. Excellent. > This is useful, also for other encodings: > http://www.ericphelps.com/scripting/samples/Decode.htm > > It uses vbscript, so requies IE. Bookmarked - but I use Mozilla normally these days. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Mon Apr 5 17:16:18 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 19:20:04 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Marjolein Katsma wrote: > Mike Easter >> Order today and get Overnight Shipping! > > I'd give it 80% that that is an "online pharmacy" ;-) 80%? What's wrong with the www.buyovernightrx.com clue? BTW that url resolves but doesn't have a port 80. GET Fetching http://www.buyovernightrx.com/ Socket Error Addresses: 211.162.108.118 Port 80 error: timed out -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 5 20:21:54 2004 From: nobody at spamcop.net (Pop Rivet) Date: Mon Apr 5 19:25:03 2004 Subject: [SpamCop-List] Unsolicited Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: Cat wrote: > (top posting corrected) === Have to wonder why it's so important to you that you actually have to correct a posting because it isn't to your liking; you do that a lot. > > Eric Johannsen wrote: > > > "Mike Easter" wrote in message > > news:c4i9ft$70j$1@news.spamcop.net... > > >>If you post a tracker, usually you will not need to post a complete > >>spam. You should not post spams in this group spamcop or .help, these > >>are for discussing spams. If a spam 'needs' to be posted somewhere > >>instead of or in addition to the tracker, it should only be posted in > >>the newsgroup .spam. === A less whiny response would be: Please post spam in .spam only and then use this (or the relevant) newsgroup to discuss and/or ask questions. It isn't clear here what you mean by "tracker". > > > >> What's the reason for not posting spam here, if the intent of the post >> is to >> discuss that specific spam? > > > Well, first, if you read the posting rules on the forum page before > posting here, you'll see where it says to only post spam in .spam and > discuss it here. If people have to waste time digging through post after > post of spam just to find real discussion, that's a waste of time. Also, > we all get enough spam of our own without having to see yours in a place > where we are promised a spam free environment. === Posting a spam in the wrong group is NOT being SPAMMED! > >> I saw posts in spamcop.spam stating that that >> is the wrong place for any discussion - so figured I would post here >> to ask >> about the parse results I was seeing. > > > Next time before you "figure" you'll do something, please read the > posting rules first. === Well, at least you squeezed in a "please" this time even if you didn't mean it, considering the initial content of that sentence. Your comment and apparent attitude do very little to remedy a situation that could easily have been a win-win attempt on your part as opposed to your adversarial stance. > >> If I post a question about spam here >> and just have the spam example as a "PS" to the question, it does not add >> any additional posts to this list compared to if I post the question here >> and the spam itself in a related news group. Not complaining, just >> confused. > > > No, but it does add spam that people should not have had to see in a > place that is supposed to be spam free. === Spam free? Do you mean he spammed? I don't THINK so! What he didn't do is read the FAQ, which really isn't all that well pointed out as you come into the site. An experienced person would know to read the FAQs but ... what have you done to determine if this is an honest violation or a purposeful neglect of the preferences? > > Also, your habit of top posting and not limiting quoting makes it hard > to follow the conversation. The preferred method of netiquette is to > snip out any quoting that you aren't addressing and post your comments > below each point you are replying to. This makes it much easier to > follow. Often, people will just ignore posts where the reply is top > posted and/or posts where people don't snip the unnecessary parts. === It would seem to me that you are more interested in correcting netiquette than you are helping this person out an any way. Once you get everyone chased away, then you'll have the whole place to yourself, won't you? > Pop From nobody at spamcop.net Mon Apr 5 20:24:43 2004 From: nobody at spamcop.net (R. P. McCormick) Date: Mon Apr 5 19:25:24 2004 Subject: [SpamCop-List] Re: Question concerning nameservers for medicalfhtjk.com References: Message-ID: > In investating a spam I received I noticed that in the whois of > spamvertised domain (medicalfhtjk.com), the nameservers are defined as > ns9.lifesmile.biz, ns4.lifesmile.biz and ns6.lifesmile.biz. > A check on the whois information of lifesmile.biz showed that the > domain is already inactive due to invalid whois info. It seems to > be inactive since 04. December 2003 (last update of lifesmile whois info), > but the mentioned nameservers still resolve (for example ns9 resolves to > 220.175.8.20) > > How is that possible,and what can one do ? I would think that after 3 month > the DNS information should have propagated to the relevant DNS servers. Don't have time to check right now ... but its most likely "glue" ... its possible that the authoritative servers for the domain in question have both the nx?.lifesmile.biz name AND IP address ... so although the lifesmile.biz domain may have been invalidated, if the IP addresses are also being given out in authoritative lookups - then answers can be had (for medicalfhtjk.com). Do an nslookup and set your server to the IP ADDRESS that should be authoritative for that domain ... or ask one of the root servers and see what they respond with. From nobody at spamcop.net Mon Apr 5 20:25:07 2004 From: nobody at spamcop.net (Pop Rivet) Date: Mon Apr 5 19:30:03 2004 Subject: [SpamCop-List] Unsolicited Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: Cat wrote: > Cat wrote: > >> If people have to waste time digging through post after post of spam >> just to find real discussion, that's a waste of time. > > > Oops, that was redundant. I meant that if people have to waste time > digging through post after post of spam to find real discussion that > they may just give up on the newsgroup and not try to find answers to > their problems next time. > By george, I think you've almost got it! Only you don't know it, do you? It won't be the ng folks give up on; it'll be the likes of you they give up on; ignoring the ng will simply be a by-product. If nothing else, this banter will provide some with entertainment. Pop From MikeE at ster.invalid Mon Apr 5 17:33:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 19:35:03 2004 Subject: [SpamCop-List] Re: Unsolicited Re: Header that Spamcop can not parse References: Message-ID: Pop Rivet wrote: > "Mike Easter" >> If you post a tracker, usually you will not need to post a >> complete spam. > It isn't clear here what you mean by > "tracker". If you look at the original post you will see I posted an example of a tracker at the very beginning of the post you cited. Mike Easter wrote: > Here's a good way to show this: > > www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z > > If you click that tracker you will see the headers and the parse > results. -- Mike Easter kibitzer, not SC admin From nospam-news at johannsen.us Mon Apr 5 17:51:38 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Mon Apr 5 19:55:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Personally I get more turned off by forum nazis than by new posters missing a posting rule :-) Eric "Cat" wrote in message news:c4smuj$36a$1@news.spamcop.net... > (top posting corrected) > > Eric Johannsen wrote: > > > "Mike Easter" wrote in message > > news:c4i9ft$70j$1@news.spamcop.net... > > >>If you post a tracker, usually you will not need to post a complete > >>spam. You should not post spams in this group spamcop or .help, these > >>are for discussing spams. If a spam 'needs' to be posted somewhere > >>instead of or in addition to the tracker, it should only be posted in > >>the newsgroup .spam. > > > > > What's the reason for not posting spam here, if the intent of the post is to > > discuss that specific spam? > > Well, first, if you read the posting rules on the forum page before > posting here, you'll see where it says to only post spam in .spam and > discuss it here. If people have to waste time digging through post after > post of spam just to find real discussion, that's a waste of time. Also, > we all get enough spam of our own without having to see yours in a place > where we are promised a spam free environment. > > > I saw posts in spamcop.spam stating that that > > is the wrong place for any discussion - so figured I would post here to ask > > about the parse results I was seeing. > > Next time before you "figure" you'll do something, please read the > posting rules first. > > > If I post a question about spam here > > and just have the spam example as a "PS" to the question, it does not add > > any additional posts to this list compared to if I post the question here > > and the spam itself in a related news group. Not complaining, just > > confused. > > No, but it does add spam that people should not have had to see in a > place that is supposed to be spam free. > > Also, your habit of top posting and not limiting quoting makes it hard > to follow the conversation. The preferred method of netiquette is to > snip out any quoting that you aren't addressing and post your comments > below each point you are replying to. This makes it much easier to > follow. Often, people will just ignore posts where the reply is top > posted and/or posts where people don't snip the unnecessary parts. > From nospam-news at johannsen.us Mon Apr 5 17:58:04 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Mon Apr 5 20:00:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Here's an interesting twist: I just noticed that the message, as displayed by OE, actually starts with the line: by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 That is, some parts of the message that one would expect to be part of the header, are actually displayed as part of the message body. Everything starting with that line, to the end of the message, is shown as part of the body. Eric "Mike Easter" wrote in message news:c4p6dh$5mt$1@news.spamcop.net... > Bo Briggs wrote: > > Did you copy/paste Eric's original post to get that parse? > > www.spamcop.net/sc?id=z384392588z359d6c36134d7803b2f08cd307fc8ba2z > > Oh, I get it. I only 'looked at' the information at the tracker and its > 'derivative' "View entire message" - I didn't 'look at' what he pasted > into the ng message [since it wasn't supposed to be here ;-) ] > > Now that I re-examine the spam he put in here, I see that it is > different from the spam which the parser worked. > > You are correct, what he /posted/ contains the missing "Received: (from > www@localhost)" > > and results in what you posted below. > > > When I do it (and fix up the double line spacing and indents), I get > > this: > > > http://www.spamcop.net/sc?id=z389840749za410ee9402b26b6316f6ecf4560eabdc > z > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Mon Apr 5 18:00:30 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 20:05:03 2004 Subject: [SpamCop-List] Re: Unsolicited Re: Header that Spamcop can not parse References: Message-ID: Pop Rivet wrote: >> > "Mike Easter" >> If you post a tracker, usually you will not need to post a >> complete spam. You should not post spams in this group spamcop >> or .help, these are for discussing spams. If a spam 'needs' to >> be posted somewhere instead of or in addition to the tracker, it >> should only be posted in the newsgroup .spam. > === A less whiny response would be: Please > post spam in .spam only and then use this > (or the relevant) newsgroup to discuss > and/or ask questions. Do I understand this to mean that the 'blunt' guy is sounding whiny? Hmm. I'll have to learn how to speak more 'directly' without sugar-coating it. :-/ [is there a better sardonic grimace?] -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 5 18:06:39 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 5 20:10:03 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Eric Johannsen wrote: > Here's an interesting twist: > > I just noticed that the message, as displayed by OE, actually starts > with the line: > > by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 > > That is, some parts of the message that one would expect to be part > of the header, are actually displayed as part of the message body. > Everything starting with that line, to the end of the message, is > shown as part of the body. I'm still unclear about some things. Is the usual situation that the spams you examine that are routed like that one are 'normal' and not 'spaced out' like we are discussing? That is, is this issue a 'freak' occurence or a repetitive one? For mails that come like that. The normal situation is that headerlines have no empty lines in them. When an empty line is encountered, that is the end of the header and the beginning of the body of the mail. The actual 'description' from an smtp point of view might be much more elaborate, but I'm trying to describe it as I 'see' it in 'proper' headers in OE's message source. The last 'opinion' I had on this was that the spam item was getting 'mangled' in transit. -- Mike Easter kibitzer, not SC admin From not at home.today Tue Apr 6 02:44:49 2004 From: not at home.today (Ant) Date: Mon Apr 5 20:50:16 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: "Marjolein Katsma" wrote... > Ant (not@home.today) wrote in news:c4smul$36h$1@news.spamcop.net: > [...] Just getting the part between the last two question > marks does the trick. (Yeah, I must read up on base64...) > > OK, so now I know *how* to use the tool I already "have" (also > mentioned here, of course) for this. Excellent. Great :) [...] >> It uses vbscript, so requies IE. > > Bookmarked - but I use Mozilla normally these days. It's worth looking at the code. The routines are commented (and with a little ASCII diagram), so you can see how base64 works. From mythosmanor at hotmail.com Mon Apr 5 19:43:48 2004 From: mythosmanor at hotmail.com (Chuck) Date: Mon Apr 5 21:50:03 2004 Subject: [SpamCop-List] too many links, but all have same root domain Message-ID: full spam is over in spamcop.spam under message with much the same subject Here's a link to spamcop's attempt to parse the spam http://www.spamcop.net/sc?id=z393263167z908ea819e538e4203e3d6f170ea5ed18z I can understand too many links in some cases, but it seems to me that in two cases I've seen, it should still attempt to parse the links and report.. 1) as in this one where all the links are just variations on a theme (especially if they resolve to the same IP address, which is the case for three out of three links I tested in the above spam) 2) where most of the links don't even resolve (as in one's I've seen where all the bogus links didn't even have a ."Dot-Something" on the end.. (I mean they didn't even TRY to look like a URL Their form was like http://pumba or http://dargo From mike.carrington at comcast.net Mon Apr 5 21:17:45 2004 From: mike.carrington at comcast.net (pbdb) Date: Mon Apr 5 22:20:24 2004 Subject: [SpamCop-List] Slloooowwwwwww Message-ID: Re. "System slow - 2nd update A relatively trivial problem has been linked to the morning slowness. We feel confident that the problem is now solved." While I'm glad SC got over the morning sickness, it' so painfully slow that I'm just blowing a lot of stuff off, right now and "Delete"ing it because I can't afford the time. How 'bout a status report on things?!!? Thanks much! tmp From nobody at xyzzy.claranet.de Tue Apr 6 05:26:06 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 5 22:35:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: <4072153E.31C6@xyzzy.claranet.de> Marjolein Katsma wrote: > I must read up on base64... For headers the B or b in =?something?B?gibberish?= stands for Base64. The only other alternative is q or Q (that's for Quoted printable). The something in =?something?B?gibberish?= can be any charset plus optionally a language tag introduced by *, but you won't find that very often today: =?us-ascii*de?Q?Hallo_Welt?= (it's for speech synthesizers etc.). If you plan to write or adopt a script: The base64 part is simple, but handling UTF-8 results could be difficult (not in the following example, that's just the output of one of my own scripts, I use it when I'm tired of useless Latin-0 subjects): Subject: =?UTF-8?B?QyAuICBJICAuICBBICAuICBMICAuIEkgIC4gUw==?= Bye, Frank From gmccx at notvalid.com Mon Apr 5 23:48:09 2004 From: gmccx at notvalid.com (gmccx) Date: Mon Apr 5 22:50:01 2004 Subject: [SpamCop-List] Re: Comcast strikes again! In-Reply-To: References: Message-ID: caroljean52 wrote: > Guess what I just discovered: > > Comcast will not let me forward spam to the FTC or the FDA! > I send spam to those agencies from my Comcast account nearly every day. And some of them include abuse@comcast in the addressing. I've not had anything bounce yet. -- George http://people.delphiforums.com/gmcc From a at all.addresses.on.cdrom.are.invalid.aaa Tue Apr 6 00:43:08 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Mon Apr 5 23:45:04 2004 Subject: [SpamCop-List] Re: Comcast strikes again! In-Reply-To: References: Message-ID: gmccx wrote: > caroljean52 wrote: > >> Guess what I just discovered: >> >> Comcast will not let me forward spam to the FTC or the FDA! >> > I send spam to those agencies from my Comcast account nearly every day. > And some of them include abuse@comcast in the addressing. I've not > had anything bounce yet. The FDA appears to reject some base64 encoded spams. -John wb8tyw@qsl.network Personal Opinion Only From nobody at xyzzy.claranet.de Tue Apr 6 06:42:51 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 5 23:45:23 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> Message-ID: <4072273B.3A69@xyzzy.claranet.de> Marjolein Katsma wrote: > Although *if* you use XHTML, you probably need a later > version of JavaScript to be compatible with that AFAIK no, but you already caught me with a dubious href="#" ;-) For my pages all I need are onload and onclick event handlers, and one line... ...should define the language of on-whatever scripts. The same idea as for inline style= attribute (I don't plan to use inline style attributes, don't worry. ;-) If there are _serious_ incompatibilities between JavaScript 1.1 and say ECMA-script, then that could be interesting. So far I create my pages on the assumption that JavaScript 1.1 is more or less a proper subset of ECMA-script. And I use it only for very special situations (see ). TTBOMK XHTML doesn't insist on a special language or even on a language version for DOM resp. style sheets. In theory I could use JSS (Netscape 4.x) or LSS (a Lynxism) instead of CSS, or I could use XSLT, if that's the name. Therefore JS 1.1 for event handlers should be okay, and at least it isn't VB. > a developer can be "lazy" by requiring JavaScript. Yes, and the server is also lazy, JS runs on the client system. [NGs mentioned in question 7] > You did that too, then? Good. Plus problems with the FAQ-o-MATIC, the missing bug tracking, and some minor points, sure, that's why I asked "is it really _that_ important". These issues are not exactly new, but if it helps to get Julian's .plan file for SC organized, why not. > I go on the assumption there's no deed to *design* those > questions when the responses are not going to be read. In some surveys (not in this one) I'm under the impression that only machine readable stuff is really wanted, and free form input fields are only meant as an distraction for participants not satified by the foreseen choices. Bye, Frank From barkerjr at none.nil Tue Apr 6 00:48:56 2004 From: barkerjr at none.nil (BarkerJr) Date: Mon Apr 5 23:50:02 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: > > I sent nearly 90 spam reports into spamcop last night (6 hours ago, in > > fact), I have yet to receive one confirmation of this event, period. > > I'm guessing that cox is either having problems delivering email (not > likely as other emails seem to be going through NOT addressed to > spamcop) or they are filtering/holding emails sent to spamcop.net. Maybe they're all just queued. By the way, how do you send from a different server? I thought Cox blocked that. From nobody at spamcop.net Mon Apr 5 23:55:48 2004 From: nobody at spamcop.net (Cat) Date: Tue Apr 6 00:00:10 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: (top posting corrected AGAIN) Eric Johannsen wrote: > "Cat" wrote in message > news:c4smuj$36a$1@news.spamcop.net... >>Also, your habit of top posting and not limiting quoting makes it hard >>to follow the conversation. The preferred method of netiquette is to >>snip out any quoting that you aren't addressing and post your comments >>below each point you are replying to. This makes it much easier to >>follow. Often, people will just ignore posts where the reply is top >>posted and/or posts where people don't snip the unnecessary parts. >> > > Personally I get more turned off by forum nazis than by new posters missing > a posting rule :-) > > Eric Then don't complain because no one cares to help you the next time you post a question to the newsgroup. Asking you to post inline and snip unnecessary quoting is not being a "forum nazi." It's just a simple rule of netiquette for newsgroup posting. Go here for netiquette rules regarding inline posting and snipping: http://www.river.com/users/share/etiquette/ See # 1 and 2 specifically All I asked was for you to stop the obnoxious top posting. When you choose to top post and not snip, that shows that you don't think your comments are important enough to be read. Continuing to insist on top posting will just land you in a lot of killfiles, which could mean your posts will be ignored by many people who could have helped you. Top posting and not snipping is lazy, and it sends the message that your posts aren't worth reading. Geez, you'd think someone was holding a gun to your head demanding that you murder your family instead of a simple request to be polite and use inline snipped posting to keep the conversation in order. If you don't want to be nice enough to post inline and snip, don't expect anyone else here to be nice enough to waste time trying to understand the context of your top posted unsnipped replies. See more below. g. n i y o n n a d n a d r a w k c a b s i g n i t s o p p o T From bcs1 at spamcop.net Tue Apr 6 01:06:22 2004 From: bcs1 at spamcop.net (Bill) Date: Tue Apr 6 00:10:03 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Pete Stephenson" wrote in message news:pete-D27352.13542705042004@news.cesmail.net... > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > It's stories like these that makes me wish I ran an internet cafe. :) > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > > -- eheh BRAVOOOOOO!!!! Hey PETE! Bill From bcs1 at spamcop.net Tue Apr 6 01:07:00 2004 From: bcs1 at spamcop.net (Bill) Date: Tue Apr 6 00:10:13 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Merlyn" wrote in message news:c4shj3$prc$1@news.spamcop.net... > "Pete Stephenson" wrote in message > news:pete-D27352.13542705042004@news.cesmail.net... > > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > > > It's stories like these that makes me wish I ran an internet cafe. :) > > > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > > > > I got a chuckle out of that one also Pete! > > I sure would like to know what was on that card...... > > -- > Hiya Merlyn! LTNS Bill From baloo at ursine.ca Mon Apr 5 23:32:51 2004 From: baloo at ursine.ca (Paul Johnson) Date: Tue Apr 6 01:50:04 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> <87wu4vuu56.fsf@ursine.ca> <87u0zywb6e.fsf@ursine.ca> Message-ID: <874qrxllh8.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Frog Prince" writes: > I get (officially) 3K down and 256 up in practice a lot less for $40 > per month. How does the compare with what you're getting? You gave no scale on those speeds, so I don't know where you're coming from. Your SI needs help... http://ursine.ca/jargon/html/Q/quantifiers.html I get 8Mb/sec in, 1Mb/sec out. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAckEDUzgNqloQMwcRAlMaAJ9blrSdGQU8cKjpteeGJaJFFHj8pACgt/Yl PsE4e0Gr0kBIaWnrPv9AwTs= =FbJP -----END PGP SIGNATURE----- From baloo at ursine.ca Mon Apr 5 23:37:48 2004 From: baloo at ursine.ca (Paul Johnson) Date: Tue Apr 6 01:50:31 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: <87zn9pk6oj.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marjolein Katsma writes: > Anyone know of an online tool somewhere where a subject like > > =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= > > can be decoded? (Given that it's 8859-1 it should be perfectly readable > when decoded - I just don't know how to do it). ISO-8859-1 and -15 are the most common English-language character sets outside of the anacrhonistic ASCII that Microsoft, particularly in the US, is stuck on. You're seeing it decoded. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAckIsUzgNqloQMwcRAtJpAKDI3w7mPzlPHbHrdnySrHFj9SPFowCgwtpz Z9MlTPz4zwcVqjujhn85hHA= =55GV -----END PGP SIGNATURE----- From nobody at spamcop.net Tue Apr 6 08:53:17 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Tue Apr 6 03:55:13 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c4spc7$7t1$1 @news.spamcop.net: >> I'd give it 80% that that is an "online pharmacy" ;-) > > 80%? What's wrong with the www.buyovernightrx.com clue? BTW that url > resolves but doesn't have a port 80. Yeah, yeah. I meant guessing from the subject *alone*! Sound like you confirmed my guess ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 08:55:00 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Tue Apr 6 03:55:34 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Ant (not@home.today) wrote in news:c4suie$e9n$1@news.spamcop.net: >>> It uses vbscript, so requies IE. >> >> Bookmarked - but I use Mozilla normally these days. > > It's worth looking at the code. The routines are commented (and with > a little ASCII diagram), so you can see how base64 works. Ah, good point. I can at least read VBscript (can't write it); but reading code should tell me enuogh. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 09:01:42 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Tue Apr 6 04:05:02 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: <4072153E.31C6@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:4072153E.31C6 @xyzzy.claranet.de: > For headers the B or b in =?something?B?gibberish?= stands > for Base64. The only other alternative is q or Q (that's > for Quoted printable). > > The something in =?something?B?gibberish?= can be any charset > plus optionally a language tag introduced by *, but you won't > find that very often today: =?us-ascii*de?Q?Hallo_Welt?= (it's > for speech synthesizers etc.). Ah, that helps. Is there document (like an RFC) where I can read up on how these a built up? > Subject: =?UTF-8?B?QyAuICBJICAuICBBICAuICBMICAuIEkgIC4gUw==?= Opinionated Geek did that one nicely ;-) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 09:28:39 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Tue Apr 6 04:30:04 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> <4072273B.3A69@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:4072273B.3A69 @xyzzy.claranet.de: > For my pages all I need are onload and onclick event handlers, > and one line... > > > > ...should define the language of on-whatever scripts. Yup. Well, the *default* language. You can still use somethnig else as well, as long as you specify that language where it occurs ;-) > If there are _serious_ incompatibilities between JavaScript 1.1 > and say ECMA-script, then that could be interesting. So far I > create my pages on the assumption that JavaScript 1.1 is more > or less a proper subset of ECMA-script. And I use it only for > very special situations (see ). Well, I'm far from a JavaScript expert, but I think 1.1 needs a name attribute to "address" some elements. And to have it work with an "id" attribute you need a later version. No tim eto test now, but I ran into something like that once. ECMA script is probably more in the "id" camp, but I know even less of that... The whole script thing is a bit of a grey area, with no proper formal standards to be found. One reason I don't like to use it. > TTBOMK XHTML doesn't insist on a special language or even on a > language version for DOM resp. style sheets. No, but name attributes are deprecated (except for form fields to create name=value pairs), so you can't use them in XHTML 1.0 strict, or in XHTML 1.1 (which essentially _is_ strict). >> a developer can be "lazy" by requiring JavaScript. > > Yes, and the server is also lazy, JS runs on the client system. Not if you *add* JavaScript to make a form more usable for those who can use it! And that's about the only way I will use it anyway... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Tue Apr 6 09:32:29 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Tue Apr 6 04:35:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: <4072153E.31C6@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:4072153E.31C6 @xyzzy.claranet.de: > Subject: =?UTF-8?B?QyAuICBJICAuICBBICAuICBMICAuIEkgIC4gUw==?= Well, I'll be ... I just got a mail with a subject in that format (UTF-8 and all) - a very legit mail, too: a post to a mailing list I'm subscribed to! And now I can read it. :) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From kjz at despammed.com Tue Apr 6 12:22:15 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Apr 6 05:25:19 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. uses: sw3eds.com, DNS: name-ok.com, name-okk.com In-Reply-To: References: Message-ID: Al's Chinese branch: 'Zhang jun' is now 'Gui Fang Huang'. Domain name: sw3eds.com 221.5.250.123 Registrant Contact: wes de Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn DNS: ns0.name-ok.com 219.153.1.179 ns1.name-okk.com 202.104.234.73 Created: 2004-04-03 Expires: 2005-04-03 Domain name: 32ased5.com 202.106.127.112 Registrant Contact: wes de Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn Created: 2004-04-03 Expires: 2005-04-03 Domain Name:name-okk.com Billing Contact: Huang GuiFang Huang GuiFang #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Liaoning 113006 China tel: 86 413 7480040 fax: 86 413 7480040 huangjack1@126.com Registration Date: 2004-03-27 Update Date: 2004-03-27 Expiration Date: 2005-03-27 Domain Name: NAME-OK.COM Registrant: Huang Gui Fang Huang Gui Fang (huangjack1@126.com) #101 Unit 1 NO.4 Century Garden , Long cheng Str. Fu shun null,113006 CN Tel. +86.4137480040 Creation Date: 25-Mar-2004 Expiration Date: 25-Mar-2005 From hsct at spamcop.net Tue Apr 6 22:08:20 2004 From: hsct at spamcop.net (Spam eater) Date: Tue Apr 6 07:15:03 2004 Subject: [SpamCop-List] New Spam Software!!! Send 750,000 per hour! Message-ID: http://swank.pisem.net brand new spam software sends up to 750,000 spams per hour! amazing. only $9.99 while stocks last! hurry before you miss out on this amazing piece of crap made in visual basic!! icq 155795487 swank for more info!! swank@swankcash.com From nobody at spamcop.net Tue Apr 6 10:09:06 2004 From: nobody at spamcop.net (Firewoman) Date: Tue Apr 6 09:10:11 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Pete Stephenson" wrote in message news:pete-D27352.13542705042004@news.cesmail.net... > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > It's stories like these that makes me wish I ran an internet cafe. :) > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > > -- > Pete Stephenson > HeyPete.com Two snaps up from this reviewer! Fantastic story, spam with an international flavor |:-) "The usual panicked thoughts kick in... "Have I fiddled with something which has left us as an open relay?", "Has our server been cracked?", "Have I been sleep-spamming again?". " **splorf** Now to go clean up the coffee..... From mike.carrington at comcast.net Tue Apr 6 08:12:15 2004 From: mike.carrington at comcast.net (pbdb) Date: Tue Apr 6 09:15:02 2004 Subject: [SpamCop-List] Ssllloooooooowwwwwwwwwwww phase II Message-ID: Sorry but your "Morning Sickness" isn't over yet, either! tmp From nobody at spamcop.net Tue Apr 6 11:00:03 2004 From: nobody at spamcop.net (Anti-Spam) Date: Tue Apr 6 10:05:05 2004 Subject: [SpamCop-List] Feature Suggestion Message-ID: Don't know if this has been suggested before, but how about a checkbox (and maybe a text box) to send a copy of the spam to SpamCop itself (i.e. Julian?) to indicate that you think there may have been an error parsing the spam, or locating links, or something. Of course, default off, and maybe only accessible in "technical" mode (i.e. advanced users). It might also give a better statistical basis for determining what is getting by the parser. -- .sig Non-functional spambait addr: week64@exhtrqtcpsewiglqye.com (generated by Webpoison) From MikeE at ster.invalid Tue Apr 6 08:13:10 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 6 10:15:03 2004 Subject: [SpamCop-List] Re: Feature Suggestion References: Message-ID: Anti-Spam wrote: > Don't know if this has been suggested before, but how > about a checkbox (and maybe a text box) to send a copy > of the spam to SpamCop itself (i.e. Julian?) to indicate > that you think there may have been an error parsing the > spam, or locating links, or something. Of course, default > off, and maybe only accessible in "technical" mode (i.e. > advanced users). It might also give a better statistical > basis for determining what is getting by the parser. The deputies would probably like it best if there were a 'filter' like the newsgroup which could 'kick things around' and then they would be the next filter in determining what went on beyond them. That way they can look at the newsgroups however they want to. I think they feel an obligation to answer mail. Apparently the deputies get a lot of mail even without much exposure of their address. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Apr 6 16:28:07 2004 From: nobody at spamcop.net (Neil Taylor) Date: Tue Apr 6 10:30:03 2004 Subject: [SpamCop-List] mailhosts - NTLWorld uses more server than it lists Message-ID: My home e-mail is on NTLWorld. I've identified work and home addys to SpamCop's "mailhosts" and got confirmation messages.... However, NTLWorld is using more servers than it admits. I get messages from servers at NTL other than the ones listed. When I go through the mailhosts identification process, just before "proceed" in the sequence, when I've given my ntlworld.com address, SpamCop identifies smtpin.ntlworld.com as the server to send the test to. Fine. After the confirmation, SpamCop lists: ntlworld.com, mta02-svc.ntlworld.com, mta03-svc.ntlworld.com, mta04-svc.ntlworld.com, mta05-svc.ntlworld.com, mta06-svc.ntlworld.com, mta07-svc.ntlworld.com, pop.ntlworld.com, smtp.ntlworld.com, smtpin.ntlworld.com as hosts... However, I also get messages where NTL has routed the message through eg: mta08-svc.ntlworld.com 62.253.162.48. Another not listed is mta01-svc.ntlworld.com 62.253.162.41 I can't get SpamCop to automatically recognize mta08 etc if NTL won't list it to SpamCop... is there any manual system to add additional hosts to SpamCop? From MikeE at ster.invalid Tue Apr 6 08:50:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 6 10:55:02 2004 Subject: [SpamCop-List] Re: mailhosts - NTLWorld uses more server than it lists References: Message-ID: Neil Taylor wrote: > I can't get SpamCop to automatically recognize mta08 etc if NTL won't > list it to SpamCop... is there any manual system to add additional > hosts to SpamCop? In reading other people's posts on this subject, I gather that the 'anticipation' of a problem on such an account isn't actually very likely to happen; and that it only matters if the parse fails. If the parse fails and breaks the chain prematurely, then you are supposed to do something. Else, you're OK. Also, don't be quick reporting. Here's a post from Ellen containing general information from Julian: From: "Ellen" Newsgroups: spamcop, spamcop.help, spamcop.mail, spamcop.routing Subject: Mailhosts and Quick Reporting Date: Tue, 23 Mar 2004 17:32:05 -0500 Message-ID: and one from Ellen, altho' slightly different than your qx, you get the idea: From: "Ellen" Newsgroups: spamcop.help Subject: Re: Mailhosts configuration: Multiple service providers: How? Date: Sun, 4 Apr 2004 14:47:12 -0400 Message-ID: Ellen wrote: > I sent this to Julian but the thing to do is to parse a few spams > sent to each of those addresses *not* using quick submit or of you > are a SC email customer not using the "submit as spam" button and > look at the technical details -- if the system is recognizing your > servers/hosts then it is OK. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Apr 6 11:54:28 2004 From: nobody at spamcop.net (Ellen) Date: Tue Apr 6 11:05:50 2004 Subject: [SpamCop-List] Re: Feature Suggestion References: Message-ID: "Anti-Spam" wrote in message news:c4uda5$mji$1@news.spamcop.net... > Don't know if this has been suggested before, but how > about a checkbox (and maybe a text box) to send a copy > of the spam to SpamCop itself (i.e. Julian?) to indicate > that you think there may have been an error parsing the > spam, or locating links, or something. Of course, default > off, and maybe only accessible in "technical" mode (i.e. > advanced users). It might also give a better statistical > basis for determining what is getting by the parser. > noooooooooooooooooooooo nooooooooooooooooooooooo -- seriously if there is a checkbox people will check it just cause it is there -- trust me on this! As Mike says it is really better to mention the problem, here as a certain number of the problems, aren't problems and the discussion in the newsgroups is very helpful to us. Or the tracking url can be mailed to us but I will tell you we are getting heaps of mail so we are a bit behind. Ellen From nobody at spamcop.net Tue Apr 6 11:56:07 2004 From: nobody at spamcop.net (Ellen) Date: Tue Apr 6 11:06:04 2004 Subject: [SpamCop-List] Re: mailhosts - NTLWorld uses more server than it lists References: Message-ID: "Neil Taylor" wrote in message news:c4uepo$oa8$1@news.spamcop.net... > My home e-mail is on NTLWorld. > I've identified work and home addys to SpamCop's "mailhosts" and got > confirmation messages.... > However, NTLWorld is using more servers than it admits. I get messages > from servers at NTL other than the ones listed. When I go through the > mailhosts identification process, just before "proceed" in the sequence, > when I've given my ntlworld.com address, SpamCop identifies > smtpin.ntlworld.com > as the server to send the test to. Fine. After the confirmation, SpamCop > lists: > ntlworld.com, mta02-svc.ntlworld.com, mta03-svc.ntlworld.com, > mta04-svc.ntlworld.com, mta05-svc.ntlworld.com, mta06-svc.ntlworld.com, > mta07-svc.ntlworld.com, pop.ntlworld.com, smtp.ntlworld.com, > smtpin.ntlworld.com > > as hosts... However, I also get messages where NTL has routed the > message through eg: mta08-svc.ntlworld.com 62.253.162.48. > Another not listed is mta01-svc.ntlworld.com 62.253.162.41 > > > I can't get SpamCop to automatically recognize mta08 etc if NTL won't > list it to SpamCop... is there any manual system to add additional hosts > to SpamCop? Please mail this along with your registered SC email address so we can look at your mailhosts record to deputies spamcop.net Ellen From bruno.de.grauwe at spamcop.net Tue Apr 6 18:36:22 2004 From: bruno.de.grauwe at spamcop.net (Bruno De Grauwe) Date: Tue Apr 6 11:40:02 2004 Subject: [SpamCop-List] Spam dissappeared? Message-ID: Hi, I used to receive about 40 spammails every day. Saterday, I only received 9; sunday, 3 and today (until now) only one! I've been a member of SC for about 6 months and I submitted every report. Could I be released from spam or is there another reason? BDG From mljohns at iname.com Tue Apr 6 10:47:22 2004 From: mljohns at iname.com (Myron Johnson) Date: Tue Apr 6 12:50:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: I use a Cox.net email account (in Phoenix) and I'm not getting any responses from the SpamCop system. I only started reporting to SpamCop three days ago, and the responses quit coming on the second day. For now, I've given up trying to report my (significant quantities of) spam. Myron "SpamCop Admin" wrote in message news:0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com... > Technomage wrote: > > >-I sent nearly 90 spam reports into spamcop last night (6 hours ago, in > >-fact), I have yet to receive one confirmation of this event, period. > > There are several Cox users complaining. > > The spam is getting here in good order, and I know the system is > sending the responses, even though they may be delayed by system > overload. Outgoing mail takes a back seat to spam processing. The > responses are not bouncing. > > I'm beginning to suspect that Cox is trashing our responses. > > - Don - From nobody at spamcop.net Tue Apr 6 13:10:12 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Apr 6 13:15:15 2004 Subject: [SpamCop-List] Re: Spam dissappeared? References: Message-ID: "Bruno De Grauwe" wrote in message news:c4uiok$sga$1@news.spamcop.net... > Hi, > > I used to receive about 40 spammails every day. Saterday, I only received 9; > sunday, 3 and today (until now) only one! I've been a member of SC for about > 6 months and I submitted every report. Could I be released from spam or is > there another reason? > spam seems to go in waves for no particular reason. I bet that there will be at least one post who will offer you theirs. Just rejoice on the days when there is none! Miss Betsy From nobody at spamcop.net Tue Apr 6 14:13:44 2004 From: nobody at spamcop.net (Ellen) Date: Tue Apr 6 13:15:35 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: "Myron Johnson" wrote in message news:c4umu3$1fb$1@news.spamcop.net... > I use a Cox.net email account (in Phoenix) and I'm not getting any responses > from the SpamCop system. I only started reporting to SpamCop three days ago, > and the responses quit coming on the second day. For now, I've given up > trying to report my (significant quantities of) spam. > > Myron > Ok I am talking to cox about this -- right now what I am looking for is a sample of one of those emails -- with complete headers that I can send to them. If anyone has one handy please send the whole thing with headers to deputies spamcop.net -- I know y'all can supply this faster than I can set up another account, look for a spam, email it to the sytem .... TIA Ellen From nobody at spamcop.net Tue Apr 6 14:22:07 2004 From: nobody at spamcop.net (Ellen) Date: Tue Apr 6 13:25:03 2004 Subject: [SpamCop-List] Never mind Re: ATTN Deputies: problems with getting confirmation reports References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: "Ellen" wrote in message news:c4uoh6$325$1@news.spamcop.net... > > Ok I am talking to cox about this -- right now what I am looking for is a > sample of one of those emails -- with complete headers that I can send to > them. If anyone has one handy please send the whole thing with headers to > deputies spamcop.net -- I know y'all can supply this faster than I can > set up another account, look for a spam, email it to the sytem .... > Ok I got a copy -- thanks Ellen From nobody at spamcop.net Tue Apr 6 13:21:04 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Apr 6 13:25:15 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: "Eric Johannsen" wrote in message news:c4srea$amh$1@news.spamcop.net... > Personally I get more turned off by forum nazis than by new posters missing > a posting rule :-) Cat graciously reminds new posters that posters in this forum prefer 'inline' posting and snipping. Some have forgotten; some don't realize it is the custom here; some don't know the difference or why. These people are generally grateful for the hint. However, unfortunately some are just know-it-alls who are inconsiderate of other people and so argue that top posting is better or continue to top post. I guess Mike Easter is really interested in your problem because he is still replying to you. Ordinarily he gives up on top posters because it is 'unnatural' for a discussion to begin at the top and difficult to follow arguments. Miss Betsy From MikeE at ster.invalid Tue Apr 6 11:28:29 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 6 13:30:14 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: Miss Betsy wrote: > I guess Mike Easter is really interested in your problem because he is > still replying to you. Ordinarily he gives up on top posters because > it is 'unnatural' for a discussion to begin at the top and difficult > to follow arguments. Ha! Sometimes I prefer to tackle some issues one item at a time. Other times I would prefer to change the issue. -- Mike Easter kibitzer, not SC admin From usenet1 at DE.LETE.THISljvideo.com Tue Apr 6 18:58:50 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Tue Apr 6 14:00:04 2004 Subject: [SpamCop-List] Re: Spam dissappeared? References: Message-ID: Waiving the right to remain silent, "Bruno De Grauwe" said: > I used to receive about 40 spammails every day. Saterday, I only > received 9; sunday, 3 and today (until now) only one! I've been > a member of SC for about 6 months and I submitted every report. > Could I be released from spam or is there another reason? You got lucky for a few hours. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From tdy at blackhole.aosake.net Tue Apr 6 14:58:35 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Tue Apr 6 17:00:20 2004 Subject: [SpamCop-List] Re: Spam dissappeared? References: Message-ID: In article , bruno.de.grauwe@spamcop.net says... > I used to receive about 40 spammails every day. Saterday, I only received 9; > sunday, 3 and today (until now) only one! I've been a member of SC for about > 6 months and I submitted every report. Could I be released from spam or is > there another reason? Your spam obviously has been misdirected to me. Please take it back. I have seen the most prolific amount of spam since just before Christmas. Oh, wait; it is just before Easter! I'll bet the spammers are trying to cash in on the Holidays. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Wed Apr 7 00:06:52 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 6 17:10:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: <40731BEC.611E@xyzzy.claranet.de> Myron Johnson wrote: > the responses quit coming on the second day. For now, I've > given up trying to report my (significant quantities of) > spam. While Ellen checks this you can still report submitted spam - even if the responses are lost on their way to you. Simply login to your account and use the "report now" link. If you've forgotten your personal URL click on any old link, SC won't allow you to report it again, but at the end of the page there's a "report now" link for the pending reports, Bye, Frank From johnl at spamcop.net Tue Apr 6 22:10:34 2004 From: johnl at spamcop.net (JohnL) Date: Tue Apr 6 17:15:03 2004 Subject: [SpamCop-List] Re: Feature Suggestion References: Message-ID: "Ellen" scribbled in news:c4ugsv$qbr$1 @news.spamcop.net: > but I will tell you we are getting heaps of mail so we are a bit behind. > So then, you don't want any "Hi There" Emails??? From nobody at xyzzy.claranet.de Wed Apr 7 00:16:46 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 6 17:20:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: <87zn9pk6oj.fsf@ursine.ca> Message-ID: <40731E3E.6835@xyzzy.claranet.de> Paul Johnson wrote: > the anacrhonistic ASCII that Microsoft, particularly in the > US, is stuck on. M$ invented i18n some time before there was an eviron(5) man page in POSIX enironments. M$ was also the first major vendor supporting UniCode in its operating systems. There's nothing wrong with us-ascii, you used it in your article. Bye, Frank From nobody at xyzzy.claranet.de Wed Apr 7 00:35:37 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 6 17:40:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: <4072153E.31C6@xyzzy.claranet.de> Message-ID: <407322A9.619B@xyzzy.claranet.de> Marjolein Katsma wrote: > Is there document (like an RFC) where I can read up on > how these a built up? For headers it's RfC 2047 (part 3 of MIME, you probably have to check some details in the 1st part RfC 2045, too). Language tags in MIME headers are in another RfC (> 3000). IANA registers some lanuage tags (i-default, en-gb-oed, and others), but generally they are taken from ISO 639. =?windows-1252*i-klingon?Q?spammers_die?= ;-) Bye, Frank From tdy at blackhole.aosake.net Tue Apr 6 15:45:17 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Tue Apr 6 17:50:17 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: In article , MikeE@ster.invalid says... > Spambo wrote: > > Marjolein Katsma wrote: > >> Anyone know of an online tool somewhere where a subject like > >> =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= > OE converts to: > Order today and get Overnight Shipping! > > Do you have Mozilla? If so you can simply put the entire line (equal > > signs at both ends included) into the Subject line of a blank message > > composition and then save it to your "Drafts" folder. Open your > > "Drafts" folder and the Subject will be shown decoded. > > At least this works for me. It *may* work similarly with other > > email clients as well. > Spambo's method or a derivative thereof works for OE as well. Seems to be dependent upon how MSOE is configured? It didn't work in one Identity, but it did in another. My CJK program can sometimes display the proper words; like this: "=?UNKNOWN?Q?S=E5ve_75_%_o=F1?=" medication cost, becomes "S?ve_75_%_o? medication cost" when set to Chinese Auto Simplified. Japanese Auto-Detect didn't work for this one, though. Another example, this time base64 instead of Quoted Printable: "=?windows-1251?B?RS1tYWkxIGNvb21wYTFnbg==?=", becomes "E-mail coompa1gn" when set to Japanese Auto-Detect, or Chinese Auto Simplified. Alas, it doesn't seem to work at all for Marjolein's example. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Wed Apr 7 01:33:22 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 6 18:40:11 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> <4072273B.3A69@xyzzy.claranet.de> Message-ID: <40733032.6D33@xyzzy.claranet.de> Marjolein Katsma wrote: > You can still use somethnig else as well, as long as you > specify that language where it occurs ;-) Does Mozilla support any other language ? If it's only VB I can't use it, I have no VB on my system. Anyway, JS isn't too bad as scripting language, only the missing features in old versions like "my" JS 1.1 are a pain for developers. > I think 1.1 needs a name attribute to "address" some > elements. Yes, if you want to do something with forms. In one case where I really wanted the script to run on my system I had to fix this. It was about MD5 message digests, and I was just testing MD5 in Rexx and needed a 2nd opinion. There was unfortunately another 1.1 problem, but the sources are very interesting: > ECMA script is probably more in the "id" camp AFAIK the latest official version. They send it to you on two CD ROMs with PDF documents of all ECMA standards, free. > name attributes are deprecated As long as it's allowed (in transitional XHTML) and required by legacy browsers, I'd use it for compatibility. And my favourite browser is old. It's not exactly the same problem as size= or face= in , this stuff is really useless, or at least my browsers incl. Lynx can handle and . In some cases like replacing name= by id= or by or by a corresponding style the W3C broke working software, that wasn't very clever. Many strict XHTML rules make sense for me, and in theory I could use these rules in new pages working with almost any browser, e.g. the new rule to have content only between block level elements. But in practice I need transitional rules for compatibility, and then the validator accepts content anywhere, sigh... :-( > XHTML 1.1 (which essentially _is_ strict). Yes, using modules instead of a flat DTD. Plus minor points like not allowing without href= URL. Bye, Frank From MikeE at ster.invalid Tue Apr 6 16:55:49 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 6 19:00:06 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: N. Miller wrote: > MikeE@ster.invalid says... >> OE converts to: >> Order today and get Overnight Shipping! >> Spambo's method or a derivative thereof works for OE as well. > > Seems to be dependent upon how MSOE is configured? It didn't work in > one Identity, but it did in another. > Alas, it doesn't seem to work at all for Marjolein's example. The way I did it was to paste the item into a new [I forget, mail or news item] subject and then copy that to drafts. Then, I opened the item [it didn't convert in the folder view of the subject] and it was converted in the - whatever you call that view editing or reading an item. My default encoding everywhere I can think of that that is selected is Western European ISO. [Tools/ Options/ Read tab/ Fonts button.] -- Mike Easter kibitzer, not SC admin From skiwi+newsgroups at spamcop.net Tue Apr 6 17:01:43 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Tue Apr 6 19:05:03 2004 Subject: [SpamCop-List] [media] "Junk email laws apply" Message-ID: I will believe it when I see it... The ACA is in Telstra's pocket to an extent, and Telstra is "all mouth" ------------ http://smh.com.au/articles/2004/04/05/1081017085876.html "Hard-core spammers will be the main target when Australia's communications watchdog begins to enforce anti-spam legislation from Saturday. While penalties of $1.1 million a day will be reserved for prolific spammers, most complaints about spamming will be treated with a simple phone call, according to the Australian Communications Authority. The ACA's focus will be on compliance, says Anti-Spam team manager Anthony Wing. "We are really targeting, in the first instance, the hard-core spammers," he says..." From spam at me.badd Tue Apr 6 17:38:17 2004 From: spam at me.badd (SpamCop User) Date: Tue Apr 6 19:40:03 2004 Subject: [SpamCop-List] Re: Spam dissappeared? References: Message-ID: "Bruno De Grauwe" wrote in message news:c4uiok$sga$1@news.spamcop.net... > Hi, > > I used to receive about 40 spammails every day. Saterday, I only received 9; > sunday, 3 and today (until now) only one! I've been a member of SC for about > 6 months and I submitted every report. Could I be released from spam or is > there another reason? > > BDG > > Hmm... Lets see. What is your email address? From skiwi+newsgroups at spamcop.net Tue Apr 6 19:23:26 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Tue Apr 6 21:25:15 2004 Subject: [SpamCop-List] Courtesy of /., "Spam, the Phenomenon" Message-ID: http://www.colinfahey.com/spam_topics/spam_the_phenomenon.htm Not a bad overview - /. submitter's blurb is ""Spam: The Phenomenon is a detailed analysis of spam: products, scams, viruses, obfuscation methods, etc. Failed, and doomed-to-fail, methods of blocking spam are described. A general solution is proposed that does not: invade privacy, perform wide censorship or blacklisting, or involve payment and cooperation with corporations (beyond the transport and storage of data)." However, I liked the /. editors link to http://www.craphound.com/spamsolutions.txt :-) From newspamtrap at aol.com Wed Apr 7 03:56:23 2004 From: newspamtrap at aol.com (Trappaspam) Date: Tue Apr 6 22:00:03 2004 Subject: [SpamCop-List] Nigerian '419' scammer sent to prison [Media] Message-ID: April 05 2004 by Will Sturgeon. Turns out he wasn't really the widow of General Sani Abacha... A Nigerian conman who tricked people into handing over money and personal data in expectation of receiving a huge windfall has been sentenced to 20 months in prison by a Welsh court..... http://www.silicon.com/software/security/0,39024655,39119780,00.htm or http://tinyurl.com/3cmgs Looks like the vermin are all over the British Isles and getting caught too :-) (See earlier topic thread in this ng " [C&C] Fun with spammers! " Regs Jon NS From newspamtrap at aol.com Wed Apr 7 04:03:03 2004 From: newspamtrap at aol.com (Trappaspam) Date: Tue Apr 6 22:05:10 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Firewoman" wrote in message news:c4u9ut$jkt$1@news.spamcop.net... > "Pete Stephenson" wrote in message > news:pete-D27352.13542705042004@news.cesmail.net... > > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > > > It's stories like these that makes me wish I ran an internet cafe. :) > > > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > > > > -- > > Pete Stephenson > > HeyPete.com > > Two snaps up from this reviewer! Fantastic story, spam with an > international flavor |:-) Hope this guy gets at least the same, as the scum 419er they just sentenced, over the water in Wales !! See new media .spamcop topic "Nigerian '419' scammer sent to prison". Regs Jon NS From newspamtrap at aol.com Wed Apr 7 04:11:44 2004 From: newspamtrap at aol.com (Trappaspam) Date: Tue Apr 6 22:15:03 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: "Trappaspam" wrote in message news:c4vngo$5uq$1@news.spamcop.net... > > "Pete Stephenson" wrote in message > > news:pete-D27352.13542705042004@news.cesmail.net... > > > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > > > > > It's stories like these that makes me wish I ran an internet cafe. :) > > > > > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > > > > > > -- > > > Pete Stephenson > > > HeyPete.com > > > > Two snaps up from this reviewer! Fantastic story, spam with an > > international flavor |:-) > > Hope this guy gets at least the same, as the scum 419er they just sentenced, > over the water in Wales !! > See new media .spamcop topic "Nigerian '419' scammer sent to prison". > > Regs > Jon NS Interestingly, as a follow up to my own post, I`ve just noticed "At the time of his arrest Okoeguale was based in Ireland where he was living with his wife and children" So maybe, this actually turns out to be more of a closer *family* connection, than I at first realised. - Hmmm ? Regs Jon NS From nobody at spamcop.net Wed Apr 7 01:23:12 2004 From: nobody at spamcop.net (Chris) Date: Wed Apr 7 03:25:13 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: References: Message-ID: BarkerJr wrote: >>>I sent nearly 90 spam reports into spamcop last night (6 hours ago, in >>>fact), I have yet to receive one confirmation of this event, period. >> >>I'm guessing that cox is either having problems delivering email (not >>likely as other emails seem to be going through NOT addressed to >>spamcop) or they are filtering/holding emails sent to spamcop.net. > > > Maybe they're all just queued. By the way, how do you send from a different > server? I thought Cox blocked that. > > They do block ports 25 and 26. I have a couple servers so I have smtp running on port 27 just for me. :-) Works great.... CKH From nobody at spamcop.net Wed Apr 7 01:27:30 2004 From: nobody at spamcop.net (Chris) Date: Wed Apr 7 03:30:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: SpamCop Admin wrote: > Technomage wrote: > > >>-I sent nearly 90 spam reports into spamcop last night (6 hours ago, in >>-fact), I have yet to receive one confirmation of this event, period. > > > There are several Cox users complaining. > > The spam is getting here in good order, and I know the system is > sending the responses, even though they may be delayed by system > overload. Outgoing mail takes a back seat to spam processing. The > responses are not bouncing. > > I'm beginning to suspect that Cox is trashing our responses. > > - Don - Actually, any spam I'm sending through cox isn't being delivered or is being delivered after a day or 2. I can report spam through cox, keep logging in to report it but it's not there. However, if I report it through my own server, I get the response and the spam is there ready to be reported. I think cox is just trashing it. Other emails are going through fine, just not to spamcop. CKH From STEVE at cashmans.fsnet.co.uk Wed Apr 7 09:54:43 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Wed Apr 7 03:55:12 2004 Subject: [SpamCop-List] Freeserve Anti spam software Message-ID: Freeserve in the UK have introduced an anti-spam system - Great news. BUT it only catches about 3% of the spam. Still they have tried bless 'em. 'pedantic and tetchy responders need not reply' Steve From nobody at spamcop.net Wed Apr 7 09:24:11 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 04:25:03 2004 Subject: [SpamCop-List] Re: Courtesy of /., "Spam, the Phenomenon" References: Message-ID: Skiwi (skiwi+newsgroups@spamcop.net) wrote in news:c4vl6e$2et$1 @news.spamcop.net: > http://www.colinfahey.com/spam_topics/spam_the_phenomenon.htm I've just been reading the article (someone else drew my attention to it and /.) - and I see some major flaws in it (I didn't read *all* comments on /. but didn't see these concerns mentioned there (yet?): - He mentions the possibility that spams can carry viruses (theoretically possible but I've never seen any) but fails to recognize that viruses are now used expressly to open up proxies for spammers to use - That he misses this entirely becomes clear whe he discusses blacklisting: he's talking about how blacklisting domains registered by spammers won't work, and generally about 'blacklisting' and 'spammers domains' as if most blacklists would list domains or IP addresses of spamvertized sites (most black lists don't do that); he entirely misses that blacklisting open proxies _is_ effective for the simple reason that these machines don't have any business sending out spam (or any email at all); one step further (and he never gets that far) is to blacklist all dynamically-assigned IP addresses. - He gives an example of how Yahoo! tries to thwart spammers signing up for accounts by scripting, by showing an image that supposedly only "humans" can decipher, but fails to note this effectively classifies people with visual impairments as "non-human". I'm not sure if Yahoo! has a way for people with such impairments to sign up, but that's not the point: the author of the article fails to see there is even a problem: he refers to the use of a "generic human-skill challenge" while it's painfully obvious he doesn't realize this isn't all that "generic" - he discusses only how it can be "compomised", not how it filters out fellow humans that just happen not to possess the supposedly "generic" skill required. - That he misses this problem entirely also becomes clear when he discusses giving out an email address on a web page, stating that the "code" that should accompany it (in his proposed solution) should preferably be presented in an image. (He also misses that for the large majority of people publishing content no web pages, the technology to convert a "code" into an "image of that code" simply isn't available.) - Other techniques to prevent email addresses from being harvested in the first place don't even get a mention. My summary: well-intentioned, ill-informed. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Wed Apr 7 09:37:14 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 04:40:02 2004 Subject: [SpamCop-List] Re: How many comments can you make? :-) References: <406E83C3.6EA1@xyzzy.claranet.de> <406F9042.7A30@xyzzy.claranet.de> <4070020F.65C@xyzzy.claranet.de> <40715245.2D70@xyzzy.claranet.de> <4072273B.3A69@xyzzy.claranet.de> <40733032.6D33@xyzzy.claranet.de> Message-ID: Frank Ellermann (nobody@xyzzy.claranet.de) wrote in news:40733032.6D33 @xyzzy.claranet.de: >> You can still use somethnig else as well, as long as you >> specify that language where it occurs ;-) > > Does Mozilla support any other language ? If it's only VB > I can't use it, I have no VB on my system. Anyway, JS isn't > too bad as scripting language, only the missing features in > old versions like "my" JS 1.1 are a pain for developers. Mozilla is a fairly open architecture - one could create a plugin to support another scripting language (Python, for example, to stay out of the MS camp :)). HTML itself will allow any scripting language at all - it's not limited to JS and VBS (see teh standard, it actually has examples for other scripting languages). Possibly not useful for the "open web" but *very* useful for in-house web applications. >> I think 1.1 needs a name attribute to "address" some >> elements. > > Yes, if you want to do something with forms. In one case > where I really wanted the script to run on my system I had > to fix this. It was about MD5 message digests, and I was > just testing MD5 in Rexx and needed a 2nd opinion. There > was unfortunately another 1.1 problem, but the sources are > very interesting: No, I was specifically referring to *other* elenments than form control elements. As far as I know older JavaScript has problems addresses those elements by id rather than name. >> ECMA script is probably more in the "id" camp > > AFAIK the latest official version. They send it to you on > two CD ROMs with PDF documents of all ECMA standards, free. Really? URL? I'd be interested but could never find anything useful on their site. (Can't imagine why the standard *isn't* on their site anyway - if you have a standard to promote, make it as widely accessible as possible; and PDF is *not* the way to do that either.) >> name attributes are deprecated > > As long as it's allowed (in transitional XHTML) and required > by legacy browsers, I'd use it for compatibility. I don't. I've made the transition already. We can't endlessly be in transitional mode, some people have to take the next step. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From AWalsh at jersey Wed Apr 7 10:50:00 2004 From: AWalsh at jersey (Adrian) Date: Wed Apr 7 04:50:48 2004 Subject: [SpamCop-List] SpamCop is Fallible Message-ID: Hi, I moved our system over to a new server on Friday and when I came back to work on Monday I noticed emails going through our server. The old version of the software had "relay off" by default, but the new version didn't and I didn't check it. Anyway. From Saturday through to Monday morning some chinese bloke at ip 61.173.105.33 was sending emails through my system. I switched off the relay and advised as many of the companies as I could find of the problem and asked them to retest the server to show it was now locked. The report today on Spamcop says that we are still blocked and have been sending spam for 4.4 days. This is totally wrong as the longest it could have been open is from Saturday am to Monday am which in my books is 2.0 days. Where do they get this information from? are they actually CHECKING or if someone opens an email next week or next month, is it still going to say that we are spamming due to them receiving that email a month late? Our site is a legitimate business site and this happened through an oversight on my part. Now we can't reply to customers and we are being held down due to Spamcop not having the decency to check that their records are correct. From nobody at spamcop.net Wed Apr 7 10:13:43 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 05:15:27 2004 Subject: [SpamCop-List] Que!? Message-ID: "gMorpher Inc. is providing Web based dynamic service invocations. You need no more than a Web browser and a WSDL to start a tour." What are "dynamic service invocations" and what is "a WSDL"? http://www.spamcop.net/sc?id=z395798453ze7c5eb108ebd98305d8cd6ca4b1b8e9bz -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From kjz at despammed.com Wed Apr 7 13:00:13 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Wed Apr 7 06:05:26 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. uses: bjw3q.com, SURERXPALACE.COM, SURERXMED.COM,SURERXSOURCE.COM; MOREMDWELLNESS.COM,HEALTHEVOLVING.COM,ONLINEHEALTHNET.COM, HEATLHSTATUSNOW.COM, BETTERMDPERFORMANCE.COM, RXTECHSOLUTIONS.COM In-Reply-To: References: Message-ID: Chinese branch: Domain name: bjw3q.com 61.233.138.19 Registrant Contact: huang gui fang Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn DNS: ns0.name-ok.com ns1.name-okk.com 202.104.234.73 Created: 2004-04-03 Expires: 2005-04-03 Teleglobe branch: all hosted at 66.110.74.160 (NetNexus). Typical for Al is his strange sort of humor: Sure-RX-Palace, Sure-RX-Med, Sure-RX-Source. Bulletproof spamhosting at NetNexus and upstream provider Teleglobe also doesn't react? Domain Name: SURERXPALACE.COM 66.110.74.160 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Record created on 2004-03-17 15:52:03.263 Database last updated on 2004-04-05 09:58:34.123 Domain Expires on 2005-03-17 15:52:03.263 Domain Name: SURERXMED.COM 66.110.74.160 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Record created on 2004-03-17 15:52:02.293 Database last updated on 2004-04-05 09:58:30.407 Domain Expires on 2005-03-17 15:52:02.293 Domain Name: SURERXSOURCE.COM 66.110.74.160 Registrant: Kelker Holdings Limited 2-4 Arch.Makarios 111 Avenue Capital Centre, 9th Floor Nicosia NI CY 1505 Record created on 2004-03-17 15:52:06.967 Database last updated on 2004-04-05 09:58:45.513 Domain Expires on 2005-03-17 15:52:06.967 Domain servers in listed order: NS1.MOREMDWELLNESS.COM NS1.HEALTHEVOLVING.COM NS1.ONLINEHEALTHNET.COM NS1.HEATLHSTATUSNOW.COM NS1.BETTERMDPERFORMANCE.COM NS1.RXTECHSOLUTIONS.COM From nobody at spamcop.net Wed Apr 7 06:28:59 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Apr 7 06:30:02 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50fbq$u51$1@news.spamcop.net... > Hi, > I moved our system over to a new server on Friday and when I came back to > work on Monday I noticed emails going through our server. > > The old version of the software had "relay off" by default, but the new > version didn't and I didn't check it. Anyway. From Saturday through to > Monday morning some chinese bloke at ip 61.173.105.33 was sending emails > through my system. > > I switched off the relay and advised as many of the companies as I could > find of the problem and asked them to retest the server to show it was now > locked. > I am sorry for your troubles. It is really irresponsible for the software makers to not put "relay off" by default. > The report today on Spamcop says that we are still blocked and have been > sending spam for 4.4 days. This is totally wrong as the longest it could > have been open is from Saturday am to Monday am which in my books is 2.0 > days. I am not quite sure where that number comes from. I have never paid much attention to the statistics. > Where do they get this information from? are they actually CHECKING or if > someone opens an email next week or next month, is it still going to say > that we are spamming due to them receiving that email a month late? I do know the answer to this one. Reporters cannot report spam if it is more than 3 days old. > Our site is a legitimate business site and this happened through an > oversight on my part. Now we can't reply to customers and we are being held > down due to Spamcop not having the decency to check that their records are > correct. > The spamcop blocklist is unique because it is entirely automatic. IP addresses are added to the list when spam is reported coming from that IP address and that allows ISP's to stop spam runs in progress (if they get the spamcop reports). The IP address 'ages' off the blocklist when spam stops being reported. I don't quite understand the process, but the longest it remains on the blocklist after spam has stopped is 48 hours. Since I do not run a server, I have never read all the instructions to an ISP that carefully. It appears that you can reply to spamcop via the links in the spamcop report that you should have received. Have you replied to spamcop via the various links? I know that occasionally in reports, there is a notation that the ISP has resolved the problem. Unfortunately, in some instances, ISP's do not get reports. IMHO, this is a mistake although I understand the reason for it (spammers have been using spamcop reports to figure out ways to get around the blocklist). If you did not receive a report, you can email deputies spamcop.net. They can tell you more about the status of your IP address. You may have to call or fax your customers until your IP address ages off the blocklist. Try to think of it as one of the disadvantages of email - outages happen for different reasons - a storm, a backhoe, a glitch in the software. You should have a backup plan in place. Because of the spamcop bl, many people did not receive the spam that went through your servers all weekend. That's a positive that makes this particular outage not so negative. Miss Betsy not spamcop admin, just an almost new internet user From kjz at despammed.com Wed Apr 7 13:43:39 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Wed Apr 7 06:45:02 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. uses: CHOICERXVALUE.COM; DNS:MOREMDWELLNESS.COM,HEALTHEVOLVING.COM,ONLINEHEALTHNET.COM, HEATLHSTATUSNOW.COM, BETTERMDPERFORMANCE.COM, RXTECHSOLUTIONS.COM In-Reply-To: References: Message-ID: And Al has also another server at NetNexus: 66.110.74.150 Wasn't this 'John Marsh' email contact used before for spam operations? Registrant: Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US 00000 Gibraltar Registered through: International Global Media Domain Name: CHOICERXVALUE.COM 66.110.74.150 Created on: 13-Feb-04 Expires on: 13-Feb-05 Last Updated on: 29-Mar-04 Administrative Contact: Marsh, John jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US 00000 Gibraltar 9542549014 Fax -- Technical Contact: Marsh, John jmarsh05051966@hotmail.com Global Media Holdings Suite 23 Portland House Glacis Rd Outside US, Outside US 00000 Gibraltar 9542549014 Fax -- Domain servers in listed order: NS1.HEALTHEVOLVING.COM NS1.ONLINEHEALTHNET.COM NS1.BETTERMDPERFORMANCE.COM NS1.RXTECHSOLUTIONS.COM NS1.HEATLHSTATUSNOW.COM NS1.GREATWELLNESSINC.COM From nobody at spamcop.net Wed Apr 7 12:54:45 2004 From: nobody at spamcop.net (TimeLord) Date: Wed Apr 7 06:55:03 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: Message-ID: "Steve Cashman" wrote in message news:c50bvu$qql$1@news.spamcop.net... > Freeserve in the UK have introduced an anti-spam system - Great news. BUT it > only catches about 3% of the spam. Still they have tried bless 'em. > > 'pedantic and tetchy responders need not reply' > > Steve > > I know some of these freeserve users well, and can only presume that with a catch rate of 3%, caught spam must have been outweighed by 'false positives' Kev From nobody at spamcop.net Wed Apr 7 08:27:15 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 07:40:15 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50fbq$u51$1@news.spamcop.net... > Hi, > > > > I moved our system over to a new server on Friday and when I came back to > work on Monday I noticed emails going through our server. > > > > The report today on Spamcop says that we are still blocked and have been > sending spam for 4.4 days. This is totally wrong as the longest it could > have been open is from Saturday am to Monday am which in my books is 2.0 > days. > > > > Where do they get this information from? are they actually CHECKING or if > someone opens an email next week or next month, is it still going to say > that we are spamming due to them receiving that email a month late? > > Without knowing your IP I can't answer any of your questions. If you don't wish to reveal it publicly and you do wish to have your questions answered, you can write to deputies@spamcop.net Ellen From AWalsh at jersey Wed Apr 7 13:51:13 2004 From: AWalsh at jersey (Adrian) Date: Wed Apr 7 07:55:20 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: SpamCop is much too slow and for legitimate errors such as ours this may be causing thousands of pounds in lost business AND IS UNACCEPTABLE as there is no email to send an urgent request to. Within SpamCops pages it says "If you have recently closed an open relay, check to see if it is listed with www.ordb.org (off site link). If it is listed, ask for a re-test. Once ordb has certified your relay as secure, return to http://spamcop.net/bl.shtml to expedite the removal of your server from the list. Or just wait the 48 hours and it will be delisted automatically" and here is a result from http://www.ordb.org Queue status for 212.9.XX.XXX (212.9.XX.XXX) Last added to the queue by: 212.9.XX.XXX Last added to the queue at: 2004-04-05 14:50 GMT The server explicitly rejected all probes, and has been deemed secure by the ORDB testing engine As you can see, removed from the List early Monday afternoon yet SpamCop says we are "CONSTANTLY SENDING SPAM" (now up to 4.5 days). there are 2 hours 35 mins before the 48 hours are up. "Miss Betsy" wrote in message news:c50ku6$2ri$1@news.spamcop.net... Since I do not run a server, I have never read all the instructions to an ISP that carefully. It appears that you can reply to spamcop via the links in the spamcop report that you should have received. Not Received a SpamCop Report Unfortunately, in some instances, ISP's do not get reports. IMHO, this is a mistake although I understand the reason for it (spammers have been using spamcop reports to figure out ways to get around the blocklist). If you did not receive a report, you can email deputies spamcop.net. They can tell you more about the status of your IP address. A mistake? You could ruin a company by your "Mistake" what will you say "ooops"? And where is this email address information on the website? (since I didn't get a report) and also make sure that those blocked can actually post to it from a blocked address much like root at proxyscan2.isomedia.com who tell you where to email, but bounce it because you are on the blacklist. You may have to call or fax your customers until your IP address ages off the blocklist. Try to think of it as one of the disadvantages of email - outages happen for different reasons - a storm, a backhoe, a glitch in the software. You should have a backup plan in place. This is unacceptable. You are starting to sound like Micro$oft did with the big blue screen, an undocumented feature. A Backup Plan you say. Oh Yes, We have a backup Server. but it goes out the same IP Address, so its blocked as well. Because of the spamcop bl, many people did not receive the spam that went through your servers all weekend. That's a positive that makes this particular outage not so negative. And what about the thousands that spamcop has lost us since we were officially OFF THE LIST on MONDAY, and still on SpamCops list WEDNESDAY. Is that a POSITIVE?. How many businesses that this could happen to would see that as a poitive, and many may loose more than a couple of thousand GBP a day? As I said at the beginning. This Spamlist is too late, IMHO it should be blacklisted and people forwarded to a real list such as ordb.org which actually works. Miss Betsy not spamcop admin, just an almost new internet user From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 12:52:16 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 07:55:46 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: "Trappaspam" wrote in news:c4vn47$5c9$1@news.spamcop.net: > April 05 2004 by Will Sturgeon. > Turns out he wasn't really the widow of General Sani Abacha... > > A Nigerian conman who tricked people into handing over money and > personal data in expectation of receiving a huge windfall has been > sentenced to 20 months in prison by a Welsh court..... > > http://www.silicon.com/software/security/0,39024655,39119780,00.htm > or > http://tinyurl.com/3cmgs > > Looks like the vermin are all over the British Isles and getting > caught too >:-) > (See earlier topic thread in this ng " [C&C] Fun with spammers! " > > Regs > Jon NS > > > Isn't interesting how these guys are becoming more prolific in recent months? There is another article on silicon.com about how some of these 419ers are turning to telemarketing as a viable option to execute these scams. (Aparently they believe that calling on the phone would make it sound more "genuine" rather than going through bulk email.) From nobody at spamcop.net Wed Apr 7 23:18:41 2004 From: nobody at spamcop.net (Petzl) Date: Wed Apr 7 08:20:04 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: <13s7701ukjdkd8hd9hd283bgsd8hdl307f@4ax.com> On Wed, 7 Apr 2004 11:52:16 +0000 (UTC), Redstone wrote: >Isn't interesting how these guys are becoming more prolific in recent >months? There is another article on silicon.com about how some of >these 419ers are turning to telemarketing as a viable option to >execute these scams. (Aparently they believe that calling on the >phone would make it sound more "genuine" rather than going through >bulk email.) Not sure if "telemarking" is taking off everywhere or just here? I just get details and then tell them "I hope you have good police protection" (I have listed my number as not to be telemaketed). It seems to work by the way The cartoon below I thought funny? (about Nigerian Spam) http://ars.userfriendly.org/cartoons/?id=20040402 Petzl -- Only the Irish Leprignomes have remained aloof and their family heritage remains pure and unconfused. Gnome watchers believe that the reason for this stems from the unfortunate events that led to their expulsion from the peat bogs of Ireland in the late 1700s. It is thought that the ambitious Leprignomes encroached on the territorial boundaries of the intellectually superior Leprechauns. The Grand Legislature of Leprechauns banished the ringleaders of this audacious uprising to Australia. As a parting gesture they cast such a powerful spell on the Leprignomes that, even today, they remain too shy to associate with other gnome species. From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 08:34:36 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 08:35:07 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Adrian wrote: > SpamCop is much too slow and for legitimate errors such as ours this may be causing thousands of pounds in lost business AND IS UNACCEPTABLE as there is no email to send an urgent request to. Right. The *inept* postmaster, who allowed his mail server to abuse others, thinks he has the right to define what are acceptable defenses for those who don't wish to be victimized by his incompetence. I've taken the liberty to permanently firewall 212.9.31.0/24, 212.67.202.0/24 and *.jerseyoffice.com > [drivelectomy] -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From nobody at spamcop.net Wed Apr 7 13:58:38 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 09:00:05 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: Redstone (redford_stone@INVERSE_OF_COLDmail.com) wrote in news:Xns94C4315C1C196lumbercartel@216.154.195.61: > Isn't interesting how these guys are becoming more prolific in recent > months? There is another article on silicon.com about how some of > these 419ers are turning to telemarketing as a viable option to > execute these scams. They've always been prolofic in adapting to the most effective means of communication...I wish I had kept the letters I received in the late 1980's :) Still, I'm not sure I've heard of them using the phone before - do you have a URL for that article? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From STEVE at cashmans.fsnet.co.uk Wed Apr 7 15:06:20 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Wed Apr 7 09:05:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Spambo" wrote in message news:c50sgs$9f2$2@news.spamcop.net... > Adrian wrote: > > > SpamCop is much too slow and for legitimate errors such as ours this may be causing thousands of pounds in lost business AND IS UNACCEPTABLE as there is no email to send an urgent request to. > > Right. The *inept* postmaster, who allowed his mail server to > abuse others, thinks he has the right to define what are acceptable > defenses for those who don't wish to be victimized by his > incompetence. > > I've taken the liberty to permanently firewall 212.9.31.0/24, > 212.67.202.0/24 and *.jerseyoffice.com > > > [drivelectomy] > > > -- > Just a SpamCop newsgroup participant, not an admin or employee of > SpamCop or related domains. > Ok so the guy made a mistake - does that stop him ever having help? The tone of a lot of the 'help' these days is the 'experts' having abusing the normal every day users. Give the guy a break. 'wingnuts need not respond' Steve From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 09:12:03 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 09:15:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Steve Cashman wrote: > [snip] > > The tone of a lot of the 'help' these days is the 'experts' having abusing > the normal every day users. Give the guy a break. spamcop.help is ----> that way. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From AWalsh at jersey Wed Apr 7 15:13:48 2004 From: AWalsh at jersey (Adrian) Date: Wed Apr 7 09:15:14 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Inept? Did you read all of this or not? We upgraded a server, added software which had been added before and in all previous versions had the relay automatically closed. BUT this is not the point. Accepted that the relay was open, and that we were put on a list for not being careful. But NOT accepted is the time it takes SpamCop to update its lists. If we had been blacklisted when it was found and unlisted within 12 hours of not having the relay open, then I could accept this as a useful program and would heartily recomend it. HOWEVER, we were put on the list AFTER the relay was closed (so it didn't stop any spam getting pushed through our servers) and we were only taken off the list in the last hour. Feel free to permenantly firelwall the ip. I could do without people like you as a customer, and for your information, moving over all the SQL servers, users, firewalls re-writing the accounts database And installing a new mailserver, for a department of 1 some things will get overlooked. What do you expect me to be GOD? "Spambo" wrote in message news:c50sgs$9f2$2@news.spamcop.net... > Adrian wrote: > > > SpamCop is much too slow and for legitimate errors such as ours this may be causing thousands of pounds in lost business AND IS UNACCEPTABLE as there is no email to send an urgent request to. > > Right. The *inept* postmaster, who allowed his mail server to > abuse others, thinks he has the right to define what are acceptable > defenses for those who don't wish to be victimized by his > incompetence. > > I've taken the liberty to permanently firewall 212.9.31.0/24, > 212.67.202.0/24 and *.jerseyoffice.com > > > [drivelectomy] > > > -- > Just a SpamCop newsgroup participant, not an admin or employee of > SpamCop or related domains. > From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 09:23:19 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 09:25:02 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Adrian wrote: > Inept? Did you read all of this or not? We upgraded a server, added software > which had been added before and in all previous versions had the relay > automatically closed. BUT this is not the point. A competent admin would have ensured that his server was properly configured *before* connecting it to the Internet. Spammers CAN, and DO, find open relays (and open proxies) within a matter of minutes of them going online. > [snip] -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 14:25:20 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 09:30:30 2004 Subject: [SpamCop-List] Re: Courtesy of /., "Spam, the Phenomenon" References: Message-ID: Marjolein Katsma wrote in news:Xns94C469D3B810Bhomesitehelp@216.154.195.61: > > - That he misses this entirely becomes clear whe he discusses > blacklisting: he's talking about how blacklisting domains > registered by spammers won't work, and generally about > 'blacklisting' and 'spammers domains' as if most blacklists would > list domains or IP addresses of spamvertized sites (most black > lists don't do that); he entirely misses that blacklisting open > proxies _is_ effective for the simple reason that these machines > don't have any business sending out spam (or any email at all); > one step further (and he never gets that far) is to blacklist all > dynamically-assigned IP addresses. > The majority of users use their ISP's own SMTP server. Blocking port 25 would not be a bother to these users. Though I do know users (ala Indigo) who needs to have that port open for "business only". But that can be arranged on a per-user basis. > - He gives an example of how Yahoo! tries to thwart spammers > signing up for accounts by scripting, by showing an image that > supposedly only "humans" can decipher, but fails to note this > effectively classifies people with visual impairments as > "non-human". I'm not sure if Yahoo! has a way for people with such > impairments to sign up, but that's not the point: the author of > the article fails to see there is even a problem: he refers to the > use of a "generic human-skill challenge" while it's painfully > obvious he doesn't realize this isn't all that "generic" - he > discusses only how it can be "compomised", not how it filters out > fellow humans that just happen not to possess the supposedly > "generic" skill required. > There is also a way around this too. By grabbing the image, one could construct a program to "disassemble" the image and running the raw 24-bit data through equations (Fourier Transforms anyone?) to reconstruct a pattern which it could match to a particular letter or word. This is quite a bit more complex, but not impossible particularly with the way processing power is growing nearly exponentially with each passing year. > > - Other techniques to prevent email addresses from being harvested > in the first place don't even get a mention. > > > My summary: well-intentioned, ill-informed. > I still think that outright heavy jailterms is one way of putting spammers in their place. I see spammers like sex offenders. Once they start, they don't stop. Anyone will recall Dr. Fatburn and Scelson's comments of leaving spamming, but end up going right back to it. I wouldn't be surprised if that punk Wallace (remember this SOB?) ends up having a relapse. Also, there is no such thing as complete anonyminity since the money HAS to go somewhere. Follow the money and it will lead you to the spammer sooner or later. From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 14:27:57 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 09:31:02 2004 Subject: [SpamCop-List] Re: [media] "Junk email laws apply" References: Message-ID: Skiwi wrote in news:c4vcso$oon$1@news.spamcop.net: > I will believe it when I see it... The ACA is in Telstra's pocket > to an extent, and Telstra is "all mouth" > > They should be working towards fixing those open proxies as well. (Now if Comcrap, SpamRunner, SUX-Internet would get their act together too.) From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 14:29:04 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 09:31:08 2004 Subject: [SpamCop-List] Re: Spam dissappeared? References: Message-ID: "Bruno De Grauwe" wrote in news:c4uiok$sga$1@news.spamcop.net: > Hi, > > I used to receive about 40 spammails every day. Saterday, I only > received 9; sunday, 3 and today (until now) only one! I've been a > member of SC for about 6 months and I submitted every report. > Could I be released from spam or is there another reason? > > BDG > > Are you using anything to filter your email? If not, then it is simply the calm before the storm. Batten down 'dem hatches. From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 14:30:40 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 09:35:04 2004 Subject: [SpamCop-List] Re: Ssllloooooooowwwwwwwwwwww phase II References: Message-ID: "pbdb" wrote in news:c4uaba$k4p$1 @news.spamcop.net: > Sorry but your "Morning Sickness" isn't over yet, either! > tmp > > > I've taken up reporting at night. (Have a feeling that a WHOLE bunch of irrate folks have taken up the spamming first thing in the morning.) From AWalsh at jersey Wed Apr 7 15:48:05 2004 From: AWalsh at jersey (Adrian) Date: Wed Apr 7 09:50:06 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: As I mentioned "BUT this is not the point" Its all well and good having the time and resources to do things properly, but I was given less than a week from blank PC's to sort all this out (and I am not talking about just setting up an email server which you could do easily in a day). It HAD to be online by Friday or my job was at stake. Which option would you take. Try to get it all done and keep your job or delay it and loose your job. With a young family, my option is to be able to provide for them, this does not make me incompetent, it only means that you have an easy job. Forgetting that though. Main Crux is the Time it takes to go on and off a list as mentioned in the previous posts. If you want to you can continue calling me incompetent, but I know what I am able to do, and generally I do this professionally and without incident, obviously you have never made a mistake, so please throw the fist stone. "Spambo" wrote in message news:c50vc8$cor$1@news.spamcop.net... > Adrian wrote: > > > Inept? Did you read all of this or not? We upgraded a server, added software > > which had been added before and in all previous versions had the relay > > automatically closed. BUT this is not the point. > > A competent admin would have ensured that his server was properly > configured *before* connecting it to the Internet. Spammers CAN, > and DO, find open relays (and open proxies) within a matter of > minutes of them going online. > > > [snip] From Merlyn at Spamcop.net Wed Apr 7 10:48:05 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Apr 7 09:50:32 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50fbq$u51$1@news.spamcop.net... > Hi, > > > > I moved our system over to a new server on Friday and when I came back to > work on Monday I noticed emails going through our server. > [snipped] No one knows anything without an IP number. It does not matter if you think your site is legitimate or not because no one cares. No one is blocking your site. If they are blocking anything they are blocking an IP number that has been sending spam. Everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes. If you want assistance then post the IP number. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 15:05:33 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 10:10:30 2004 Subject: [SpamCop-List] OH PUHLEEZE PETEY! ;-D References: Message-ID: Pete Stephenson wrote in news:pete- D27352.13542705042004@news.cesmail.net: > Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. > > It's stories like these that makes me wish I ran an internet cafe. :) > > http://www.linux.ie/pipermail/ilug/2004-April/013049.html > You can't beat the antics of Ebola Monkey Man! 419 felching at its best! http://www.ebolamonkeyman.com/ :-D :-D From AWalsh at jersey Wed Apr 7 16:11:31 2004 From: AWalsh at jersey (Adrian) Date: Wed Apr 7 10:15:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Hi I am aware of how it works, What am unhappy with is the fact that the lists are so slow to update. The IP was put on AFTER the fault was fixed, and only removed this afternoon (fault fixed Monday AM GMT). Other lists had us off by Monday Afternoon, so why does SpamCop Add me AFTER the fix and take till today to remove it? I hate SPAM as much as anyone and can sympathise totally, but the list in this instance protected no-one as the IP was added after the relay was closed. If spamcop had a faster list, then yes this would be a useful excercise, but as it is its virtually useless. If all the emails thet were relayed through our server had been sent to you, using spamcop you would have received all of them, later on when I close the relay and send an appology email, you would not receive it as this one email would have been blocked. The whole point of this is the speed of the lists. SpamCop list is virtually useless on all but the relays that are left open for the purpose of spamming and if the Spammers start to change the relays every 2-3 days, then ALL Spam will get through to you. Our Relay was open Saturday Morning to Monday Morning, When I closed it I checked to see if we were blacklisted, and we were not bl on SpamCop. Only later did we get bl (once the problem was fixed). A relay Test should happen from spamcop on the receipt of the first spam report and should be blocked on an open relay, likewise there should be a page to request a check to confirm that it has been closed so that it can come off the bl list the same day. This is not the case at the present time. "Merlyn" wrote in message news:c510ql$enn$1@news.spamcop.net... > "Adrian" wrote in message > news:c50fbq$u51$1@news.spamcop.net... > > Hi, > > > > > > > > I moved our system over to a new server on Friday and when I came back to > > work on Monday I noticed emails going through our server. > > > > > [snipped] > > No one knows anything without an IP number. It does not matter if you think > your site is legitimate or not because no one cares. No one is blocking > your site. If they are blocking anything they are blocking an IP number > that has been sending spam. Everyone is tired of receiving mortgage quotes, > penis enlargement, breast enhancement, weight loss, nude 40 year old teenage > sluts, Viagra, vacation, lottery, prescription drug, business opportunities, > genealogical, university degrees, gambling, get rich quick, MLM, pyramid > schemes, Web Cams, Russian brides, work from home, stock scams, pirated > software and everything else that is force fed into our inboxes. > > If you want assistance then post the IP number. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided > > From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 10:12:01 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 10:15:20 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Merlyn wrote: > [snip] > > If you want assistance then post the IP number. It is *probably* 212.9.31.121 http://www.spamcop.net/w3m?action=checkblock&ip=212.9.31.121 -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From Kilgallen at SpamCop.net Wed Apr 7 10:12:54 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:15:32 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: <23KmQ9pCvQE6@eisner.encompasserve.org> In article , "Adrian" writes: > I switched off the relay and advised as many of the companies as I could > find of the problem and asked them to retest the server to show it was now > locked. > > > > The report today on Spamcop says that we are still blocked and have been > sending spam for 4.4 days. This is totally wrong as the longest it could > have been open is from Saturday am to Monday am which in my books is 2.0 > days. > Our site is a legitimate business site and this happened through an > oversight on my part. Now we can't reply to customers and we are being held > down due to Spamcop not having the decency to check that their records are > correct. For my part, I have no sympathy regarding day counting for a mail server (not a "site", by the way) that was an open relay. From Kilgallen at SpamCop.net Wed Apr 7 10:14:49 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:15:38 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Miss Betsy" writes: > It is really irresponsible for the > software makers to not put "relay off" by default. Another analysis is that is irresponsible for email server operators to buy from those software makers. From Kilgallen at SpamCop.net Wed Apr 7 10:16:56 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:20:02 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: <3rXFj8DCTbGj@eisner.encompasserve.org> In article , "Adrian" writes: > This is a multi-part message in MIME format. > > ------=_NextPart_000_006A_01C41C9F.0566AF90 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable The quoted material above was all extraneous and there were 8135 more bytes at the end which I have excised for the sake of brevity. Please do not post MIME in newsgroups or mailing lists that do not specifically permit it. If the documentation that came with your software is unclear regarding the method for avoiding MIME creation, contact your software vendor. > SpamCop is much too slow and for legitimate errors such as ours this may = > be causing thousands of pounds in lost business AND IS UNACCEPTABLE as = > there is no email to send an urgent request to. What about the email (address) for sending an urgent report ? Didn't the appropriate abuse address get SpamCop reports ? From Kilgallen at SpamCop.net Wed Apr 7 10:19:21 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:20:19 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Adrian" writes: > Inept? Did you read all of this or not? We upgraded a server, added software > which had been added before and in all previous versions had the relay > automatically closed. Then you should take the matter up with your software vendor. If your automobile is belching deep black smoke (in my state), it will not get an inspection sticker. From nobody at spamcop.net Wed Apr 7 15:19:47 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 10:20:26 2004 Subject: [SpamCop-List] Re: Courtesy of /., "Spam, the Phenomenon" References: Message-ID: Redstone (redford_stone@INVERSE_OF_COLDmail.com) wrote in news:Xns94C44122EA14Dlumbercartel@216.154.195.61: > The majority of users use their ISP's own SMTP server. Blocking port > 25 would not be a bother to these users. Though I do know users (ala > Indigo) who needs to have that port open for "business only". But > that can be arranged on a per-user basis. Exactly - and that usually (sensibly) would be a fix IP address, not a dynamically-assigned one. My main access provider actually allows running a mail server to all ADSL clients, business or not - but all ADSL clients have a fixed IP address. > There is also a way around this too. By grabbing the image, one could > construct a program to "disassemble" the image and running the raw > 24-bit data through equations (Fourier Transforms anyone?) to > reconstruct a pattern which it could match to a particular letter or > word. This is quite a bit more complex, but not impossible > particularly with the way processing power is growing nearly > exponentially with each passing year. I'm not disputing there's a way around it (that's what he says, too). My criticism is that he fails to grasp that the method discriminates against humans that don't possess the alleged "generic" skill that humans are supposed to possess. (Precisely the criticism a blind user here recently voiced about the SC web forums!!) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From Kilgallen at SpamCop.net Wed Apr 7 10:20:19 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:25:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Adrian" writes: > As I mentioned "BUT this is not the point" > > > > Its all well and good having the time and resources to do things properly, > but I was given less than a week from blank PC's to sort all this out (and I > am not talking about just setting up an email server which you could do > easily in a day). It HAD to be online by Friday or my job was at stake. Your company's failure to schedule does not make your failure to avoid sending spam an emergency for the rest of us. From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 15:20:21 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 10:25:18 2004 Subject: [SpamCop-List] Re: verio, etal, the ostrich and munging References: Message-ID: "Bob W." wrote in news:responseguard-E90BDB.21204605042004@news.cesmail.net: >> I have only recently seen afew spamvertised websites hosted by >> verio, they disappeared after a few days. >> >> I think their hat is a lot whiter now > > It might be more accurate to say "a slightly lighter shade of very > dark grey." > > > Don't fool yourself guys.. cut the brightness even further than that. From nobody at spamcop.net Wed Apr 7 15:20:57 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 10:25:29 2004 Subject: [SpamCop-List] Forging headers - newbie style Message-ID: http://www.spamcop.net/sc?id=z396576623z149b4d099e585ff8ba87ed7559b14509z Oops. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Wed Apr 7 08:33:04 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 10:35:04 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: Marjolein Katsma wrote: > http://www.spamcop.net/sc?id=z396576623z149b4d099e585ff8ba87ed7559b14509 z > > Oops. One of these days I'm going to have to get my hands on some ratware and see what it looks like. -- Mike Easter kibitzer, not SC admin From julian at mehnle.net Wed Apr 7 17:37:44 2004 From: julian at mehnle.net (Julian Mehnle) Date: Wed Apr 7 10:40:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Adrian wrote: > Hi I am aware of how it works, What am unhappy with is the fact that the > lists are so slow to update. The IP was put on AFTER the fault was fixed, > and only removed this afternoon (fault fixed Monday AM GMT). Obviously, you are NOT aware of how it works. Time ----------1----------2----------3----------> If between points in time #1 and #2 your server relayed spam, some people received your spam. At #2 you closed the relay. Between #2 and #3 the people who received the spam that has been relayed through your server decided to report the spam, so your server got blacklisted between #2 and #3, which is after #2, i.e. after you fixed the problem. Shit happens. > Other lists had us off by Monday Afternoon, so why does SpamCop Add me > AFTER the fix and take till today to remove it? Because DE-listing is NOT automatic if you want it to happen before the standard 48h automatic delisting period. SpamCop is not other lists. > I hate SPAM as much as anyone and can sympathise totally, but the list in > this instance protected no-one as the IP was added after the relay was > closed. SpamCop couldn't possibly know this. Because there wasn't actually an open relay problem with your server, but *you* were the spammer. I'm not saying that you were. But SpamCop cannot know this. SpamCop cannot even know if your system actually had an open relay problem, because SpamCop itself does not do relay testing. > If spamcop had a faster list, then yes this would be a useful > excercise, but as it is its virtually useless. Personally, I find SpamCop very useful nonetheless. Your mileage may vary. So what? > SpamCop list is virtually useless on all but the relays that > are left open for the purpose of spamming No, SpamCop also blocks relays that are not "open" by definition. > and if the Spammers start to change the relays every > 2-3 days, then ALL Spam will get through to you. No, because the SpamCop blacklist usually reacts very quickly, much quicker than 2-3 days. From Kilgallen at SpamCop.net Wed Apr 7 10:40:50 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 7 10:45:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Adrian" writes: > Hi I am aware of how it works, What am unhappy with is the fact that the > lists are so slow to update. The IP was put on AFTER the fault was fixed, > and only removed this afternoon (fault fixed Monday AM GMT). Other lists had > us off by Monday Afternoon, so why does SpamCop Add me AFTER the fix and > take till today to remove it? Email propagation is slow, due to the amount of spam out there. > blocked. The whole point of this is the speed of the lists. SpamCop list is > virtually useless on all but the relays that are left open for the purpose > of spamming and if the Spammers start to change the relays every 2-3 days, > then ALL Spam will get through to you. Except that from administrators who take more caution in the future to ensure they do not have an open relay. From nobody at spamcop.net Wed Apr 7 10:51:20 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Apr 7 10:55:05 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c51258$g7h$1@news.spamcop.net... > Hi I am aware of how it works, What am unhappy with is the fact that the > lists are so slow to update. The IP was put on AFTER the fault was fixed, > and only removed this afternoon (fault fixed Monday AM GMT). Other lists had > us off by Monday Afternoon, so why does SpamCop Add me AFTER the fix and > take till today to remove it? I don't think that the bl posts in 'realtime' - I have seen several people wonder why an IP address is not listed when they have reported it and IIRC, the answer is that the page you see is delayed. The IP address is on the bl. Also, in a previous post you said that you had not gotten a report. IMHO, it defeats the purpose of the scbl to stop spam in progress, not to send reports. (Not that it would have done you any good because you didn't come to work until Monday) I know that you are upset over the whole situation, but do try to look at as "just one of those things that happen" I hope that you have emailed the deputies. It may not be as bad as you thought. Also, a back up server doesn't help you if a storm cuts your connectivity either. If you do not have any other contact with some of your customers, then I believe there are other ways of going around a blocked server. Not being technically fluent, I can't tell you what they are. I do hope that everything gets worked out soon for you. Although I don't run a server, I have often been in a situation where it was all my fault (though if there weren't criminals and idiots to begin with, I wouldn't have had to deal the situation at all). I once locked myself out in a snowstorm with no coat when I was new in the neighborhood and didn't know anyone. I know that sounds minor compared to what you are going through, but it's the only one I can think of without getting into a 'long story' Miss Betsy From MikeE at ster.invalid Wed Apr 7 08:58:58 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 11:00:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Adrian" > A > relay Test should happen from spamcop on the receipt of the first > spam report and should be blocked on an open relay, likewise there > should be a page to request a check to confirm that it has been > closed so that it can come off the bl list the same day. This is not > the case at the present time. Unfortunately, only the deputies can now see the 'evidence' of the headers of the spams, but it may be useful for you to understand how SC works. SC does not 'normally' list open relays or test open relays. ordb does that. SC is designed to list *source* IPs 'behind' open relays. During the SC parse, ideally it would parse thru' the open relay to the source IP and send the open relay IP to the relay tester like ordb. The only way it would list the open relay would be if it 'tripped' on the parse and broke the chain prematurely, or if the open relay were misconfigured and failed to provide a source IP in its trace Received line. It is common for SC to trip on a parse with a 'new' or unfamiliar relay. Historically, SC is an unusually 'frisky' bl which lists source IPs very quickly. It also 'makes mistakes' in its header parses. It is designed to be completely 'automatic' - humans usually add nor subtract IPs from the list, and unlike some blocklists which allow you to simply submit the IP and it gets delisted - or to submit a relay and it gets tested and delisted - the SC algorithm is so 'forgiving' by automatic removal when the spam stops that the automatic removal takes care of problems. 48 hours is sorta like being in the 'penalty box' in hockey. You allow spam, you pay. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 7 09:00:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 11:05:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Spambo wrote: > It is *probably* 212.9.31.121 > http://www.spamcop.net/w3m?action=checkblock&ip=212.9.31.121 That's what /I/ figgered. That's the mx for jerseyoffice and its been listed and off. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 7 16:00:46 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Apr 7 11:05:15 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: "caroljean52" wrote in news:c4n1cl$50d$1@news.spamcop.net: > Carol > Seattle USA > > DSL is out of the question? From STEVE at cashmans.fsnet.co.uk Wed Apr 7 17:12:10 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Wed Apr 7 11:10:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50fbq$u51$1@news.spamcop.net... with the emails servers being fundamental to the systems these days I have installed a back-up dialup system to cover ISP outages and disaster recovery scenarios. When this latest problem blows over give it a whirl. It is cheap and fast to install and at least keeps the business running if you get problems. Steve From JohnJBurnessAT at ieeDOT.org Wed Apr 7 17:20:20 2004 From: JohnJBurnessAT at ieeDOT.org (John J. Burness) Date: Wed Apr 7 11:25:23 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] In-Reply-To: References: Message-ID: Trappaspam wrote: > April 05 2004 by Will Sturgeon. > Turns out he wasn't really the widow of General Sani Abacha... > > A Nigerian conman who tricked people into handing over money and personal > data in expectation of receiving a huge windfall has been sentenced to 20 > months in prison by a Welsh court..... > > http://www.silicon.com/software/security/0,39024655,39119780,00.htm > or > http://tinyurl.com/3cmgs > > Looks like the vermin are all over the British Isles and getting caught too > :-) > (See earlier topic thread in this ng " [C&C] Fun with spammers! " > > Regs > Jon NS > > They're a bit late with that news!!! Try:- http://news.bbc.co.uk/1/hi/wales/north_west/3594043.stm It was also posted here 3 days ago!! Regards, John From MikeE at ster.invalid Wed Apr 7 09:29:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 11:30:04 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Mike Easter wrote: > - humans usually add nor > subtract IPs from the list, and unlike some blocklists which allow > you to simply submit the IP and it gets delisted - or to submit a > relay and it gets tested and delisted - omission error. - humans usually /neither/ add nor subtract IPs from the list, actually, humans *never* add IPs to the list. Sometimes they delist. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Apr 7 12:26:36 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 11:35:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50upb$bsh$1@news.spamcop.net... > Inept? Did you read all of this or not? We upgraded a server, added software > which had been added before and in all previous versions had the relay > automatically closed. BUT this is not the point. > > Accepted that the relay was open, and that we were put on a list for not > being careful. But NOT accepted is the time it takes SpamCop to update its > lists. If we had been blacklisted when it was found and unlisted within 12 > hours of not having the relay open, then I could accept this as a useful > program and would heartily recomend it. HOWEVER, we were put on the list > AFTER the relay was closed (so it didn't stop any spam getting pushed > through our servers) and we were only taken off the list in the last hour. > Once again -- what is the IP? I cannot look at the database and see if there is problem without it. If you write to deputies@spamcop.net as I said earlier I can look at the specific details and discuss them with you. Ellen SpamCop From nobody at spamcop.net Wed Apr 7 12:30:30 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 11:35:15 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C4A6501991Dhomesitehelp@216.154.195.61... > http://www.spamcop.net/sc?id=z396576623z149b4d099e585ff8ba87ed7559b14509z > > Oops. > > >From March 29th -- posted in my blog: Baby spammer forgets to rtfm .... Received: from handicraftsmen.mail.dickson.com ([%CUSTOM_IP]) by penguin (optimal SMTP Server) with SMTP id PWCSJPS-0005[10 for ; Mon, 29 Mar 2004 11:18:05 -0200 Received: from [%CUSTOM_IP] by decontrol.mail.gunfire.com via HTTP; Mon, 29 Mar 2004 11:09:05 -0200 Ellen From pete at heypete.com Wed Apr 7 09:37:45 2004 From: pete at heypete.com (Pete Stephenson) Date: Wed Apr 7 11:40:03 2004 Subject: [SpamCop-List] Re: OH PUHLEEZE PETEY! ;-D References: Message-ID: In article , Redstone wrote: > You can't beat the antics of Ebola Monkey Man! > > > 419 felching at its best! > > > http://www.ebolamonkeyman.com/ "Site Temporarily Disabled This site has been temporarily disabled. If you are the owner of the site, please contact customer care." -- Pete Stephenson HeyPete.com From mike.carrington at comcast.net Wed Apr 7 10:29:18 2004 From: mike.carrington at comcast.net (pbdb) Date: Wed Apr 7 11:50:03 2004 Subject: [SpamCop-List] Re: Ssllloooooooowwwwwwwwwwww phase II References: Message-ID: OK. Thanks. > > I've taken up reporting at night. (Have a feeling that a WHOLE bunch of > irrate folks have taken up the spamming first thing in the morning.) > > > From newspamtrap at aol.com Wed Apr 7 18:17:37 2004 From: newspamtrap at aol.com (trappaspam) Date: Wed Apr 7 12:20:29 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: Marjolein Katsma" wrote in message news:Xns94C4985B38DAhomesitehelp@216.154.195.61... > Redstone (redford_stone@INVERSE_OF_COLDmail.com) wrote in > news:Xns94C4315C1C196lumbercartel@216.154.195.61: > > > Isn't interesting how these guys are becoming more prolific in recent > > months? There is another article on silicon.com about how some of > > these 419ers are turning to telemarketing as a viable option to > > execute these scams. > > They've always been prolofic in adapting to the most effective means of > communication...I wish I had kept the letters I received in the late > 1980's :) > > Still, I'm not sure I've heard of them using the phone before - do you > have a URL for that article? http://www.silicon.com/software/security/0,39024655,10005989,00.htm Regs Jon NS From nobody at spamcop.net Wed Apr 7 17:47:11 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 12:50:03 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: Mike Easter (MikeE@ster.invalid) wrote in news:c513f6$ile$1 @news.spamcop.net: > One of these days I'm going to have to get my hands on some ratware and > see what it looks like. I have a nice spambot proggie; does a lot of VERY suspicious things while scanning, such as looking up all sorts of Registry keys. Interested? ;-) (I downloaded the trial since it was the first one I noted that claimed to handle obfuscation tricks, to see what it did... not that I was impressed, except by the dodgy stuff going on in the background...) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Wed Apr 7 17:48:40 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 12:50:33 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: Ellen (nobody@spamcop.net) wrote in news:c516ts$n0g$2@news.spamcop.net: > Baby spammer forgets to rtfm .... Yeah - but _this_ FM is much more complicated. ;-) Where's your blog then? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Wed Apr 7 17:51:21 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 12:55:04 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: Larry Kilgallen (Kilgallen@SpamCop.net) wrote in news:XkCPk7KoQAZy@eisner.encompasserve.org: > irresponsible for email server operators to buy from those software > makers Most email server operators don't buy - their (possibly iresponsible) bosses do, or _their_ bosses... -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From me at privacy.net Wed Apr 7 13:48:41 2004 From: me at privacy.net (Frog Prince) Date: Wed Apr 7 12:55:20 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" | Inept? Did you read all of this or not? We upgraded a server, added software | which had been added before and in all previous versions had the relay | automatically closed. BUT this is not the point. | | Accepted that the relay was open, and that we were put on a list for not | being careful. But NOT accepted is the time it takes SpamCop to update its | lists. If we had been blacklisted when it was found and unlisted within 12 | hours of not having the relay open, then I could accept this as a useful | program and would heartily recommend it. HOWEVER, we were put on the list | AFTER the relay was closed (so it didn't stop any spam getting pushed | through our servers) and we were only taken off the list in the last hour. | | Feel free to permanently firewall the ip. I could do without people like | you as a customer, and for your information, moving over all the SQL | servers, users, firewalls re-writing the accounts database And installing a | new mailserver, for a department of 1 some things will get overlooked. What | do you expect me to be GOD? | | "Spambo" wrote in message | news:c50sgs$9f2$2@news.spamcop.net... | > Adrian wrote: | > | > > SpamCop is much too slow and for legitimate errors such as ours this may | be causing thousands of pounds in lost business AND IS UNACCEPTABLE as there | is no email to send an urgent request to. I don't have a dog in this fight but look carefully at what you posted. You screwed up and allowed abuse for hours (days?) that the rest of the world had to endure. Now you're P.O.ed because the rest of the world took offense, blocked the problem and did not react quickly enough once you fixed your end. From your point of view the rest of the world is wrong because you screwed up? BTW I'm glade you're so good and sucessful that you don't need customers. Keep up the good work and eventually you may no longer have that problem From me at privacy.net Wed Apr 7 13:53:27 2004 From: me at privacy.net (Frog Prince) Date: Wed Apr 7 12:55:28 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" | As I mentioned "BUT this is not the point" | | Its all well and good having the time and resources to do things properly, | but I was given less than a week from blank PC's to sort all this out (and I | am not talking about just setting up an email server which you could do | easily in a day). It HAD to be online by Friday or my job was at stake. | Which option would you take. Try to get it all done and keep your job or | delay it and loose your job. With a young family, my option is to be able to | provide for them, this does not make me incompetent, it only means that you | have an easy job. | | Forgetting that though. Main Crux is the Time it takes to go on and off a | list as mentioned in the previous posts. If you want to you can continue | calling me incompetent, but I know what I am able to do, and generally I do | this professionally and without incident, obviously you have never made a | mistake, so please throw the fist stone. Never enough time to do it right but always time to do it over. Am I ever glade you don't pack parachutes. As to never making mistakes that's not the issue here. You might invest in some time on people skills (hint your screw up is not the world's problem) and you will find the world much more willing to help. From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 12:55:08 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 13:00:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Ellen wrote: > [snip] > > Once again -- what is the IP? I cannot look at the database and see if there > is problem without it. If you write to deputies@spamcop.net as I said > earlier I can look at the specific details and discuss them with you. Ellen, can you say when 212.9.31.121 was delisted? -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From nobody at spamcop.net Wed Apr 7 18:59:19 2004 From: nobody at spamcop.net (John McLusky) Date: Wed Apr 7 13:00:15 2004 Subject: [SpamCop-List] Re: Que!? References: Message-ID: Marjolein Katsma wrote: > "gMorpher Inc. is providing Web based dynamic service invocations. > You need no more than a Web browser and a WSDL to start a tour." > > What are "dynamic service invocations" and what is "a WSDL"? > > http://www.spamcop.net/sc?id=z395798453ze7c5eb108ebd98305d8cd6ca4b1b8e9bz Web Services stuff - where an application can call a function by visiting a web page. WSDL (Web Services Description Language if I remember correctly) is part of this equation. John. From nobody at spamcop.net Wed Apr 7 18:00:14 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 13:05:02 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: trappaspam (newspamtrap@aol.com) wrote in news:c519il$pv6$1 @news.spamcop.net: > http://www.silicon.com/software/security/0,39024655,10005989,00.htm Thanks! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Wed Apr 7 18:12:12 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 13:15:03 2004 Subject: [SpamCop-List] Re: Que!? References: Message-ID: John McLusky (nobody@spamcop.net) wrote in news:c51c17$ta8$1@news.spamcop.net: >> What are "dynamic service invocations" and what is "a WSDL"? >> >> http://www.spamcop.net/sc? id=z395798453ze7c5eb108ebd98305d8cd6ca4b1b8e >> 9bz > > Web Services stuff - where an application can call a function by > visiting a web page. > > WSDL (Web Services Description Language if I remember correctly) is > part of this equation. Yes, I know what "WSDL" is - but what is _a_ WSDL?? That, in combination with "dynamic service invocations" (also weird vocabulary if it _is_ about web services) is what threw me off balance. I would have believed "web services using WSDL" (are there any non- dynamic web services??) - not the terms they actually use. I suspect it's just a ploy to advertize something else - whatever that is. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Wed Apr 7 19:33:28 2004 From: nobody at spamcop.net (John McLusky) Date: Wed Apr 7 13:35:03 2004 Subject: [SpamCop-List] Re: Que!? References: Message-ID: Marjolein Katsma wrote: > > Yes, I know what "WSDL" is - but what is _a_ WSDL?? That, in > combination with "dynamic service invocations" (also weird vocabulary > if it _is_ about web services) is what threw me off balance. Perhaps a WSDL file hosted on a server somewhere :-) > I would have believed "web services using WSDL" (are there any non- > dynamic web services??) - not the terms they actually use. > > I suspect it's just a ploy to advertize something else - whatever that > is. Most likely. John. From Merlyn at Spamcop.net Wed Apr 7 14:35:08 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Apr 7 13:40:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c51258$g7h$1@news.spamcop.net... > Hi I am aware of how it works, What am unhappy with is the fact that the > lists are so slow to update. The IP was put on AFTER the fault was fixed, > and only removed this afternoon (fault fixed Monday AM GMT). Other lists had > us off by Monday Afternoon, so why does SpamCop Add me AFTER the fix and > take till today to remove it? [Snipped] If it were up to me you would be listed forever. You have a very poor manner when it comes to asking for help. Well lets check: [jerseyoffice.com has 2 MX records smtp.easydns.com.(5) smtp.jerseyoffice.com.(4)] Resolved jerseyoffice.com to 212.67.202.137 Blocklists jerseyoffice.com (212.67.202.137) is in: BLARSBL Blars Block List: block.blars.org -> 127.1.0.32 (That's not good) UUINTRUDERS local bl at Uppsala University: intruders.docs.uu.se -> 127.0.0.2 Query bl.spamcop.net - 212.67.202.137 DNS error: 212.67.202.137 is 212.67.202.137 but 212.67.202.137 has no DNS information 212.67.202.137 not listed in bl.spamcop.net SpamCop has no record of this system * No reverse DNS Resolved smtp.jerseyoffice.com to 212.9.31.121 Blocklists smtp.jerseyoffice.com (212.9.31.121)is in: None Query bl.spamcop.net - 212.9.31.121 212.9.31.121 is user121.busdsl3.jtibs.net 212.9.31.121 not listed in bl.spamcop.net Since SpamCop started counting, this system has been reported about 20 times by less than 10 users. It has been sending mail consistently for at least 4.7 days. In the past 2.7 days, it has been listed once for a total of 2.3 days In the past week, this system has: Been detected sending mail to spam traps Been witnessed sending mail about 170 times This one was listed but it has been off the list for a while. I will not check the easydns for you as you can do that for yourself. You are not listed by Spamcop but probably by hundreds of administrators that read this group due to your very poor attitude. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From tdy at blackhole.aosake.net Wed Apr 7 11:46:03 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Wed Apr 7 13:50:17 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Adrian" says... > What do you expect me to be GOD? Nope. What do you expect SpamCop to be God? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.aosake.net Wed Apr 7 11:57:54 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Wed Apr 7 14:00:08 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: In article , "Adrian" says... > Our site is a legitimate business site and this happened through an > oversight on my part. Now we can't reply to customers and we are being held > down due to Spamcop not having the decency to check that their records are > correct. Look at who is calling SpamCop "fallible". Fortunately, the SpamCop listing will age out automatically. FWIW, even SpamCop recommends only tagging messages with the SCBL. That is how I use it. I even tried SPEWS, but none of my incoming spam ever made it that far down the DNSBL list I use. Your rant was somewhat entertaining, but not entirely productive. You blew it, paid a price, but it appears that it has already blown over. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From gezgin at spamcop.net Wed Apr 7 22:14:21 2004 From: gezgin at spamcop.net (Gezgin) Date: Wed Apr 7 14:15:10 2004 Subject: [SpamCop-List] How does Yahoo do it? Message-ID: I have a Yahoo email account that I use for--uh--special purposes. Yahoo has a feature called "SpamGuard" (http://help.yahoo.com/help/us/mail/spam/spam-08.html) which, if activated, shunts spam into a "bulk mail" folder. I check this folder from time to time before emptying it but... and here's the weird thing: I've never seen a "false positive". Never once has a legitimate email to my Yahoo address been sent to the "bulk mail" folder. Never once. And no, I don't employ any filters; neither have I defined any "whitelisted" addresses for this account. How does Yahoo do it? Why can't SpamCop do it? -- Bob Kanyak's Doghouse http://kanyak.com From nospam-news at johannsen.us Wed Apr 7 13:42:53 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Wed Apr 7 15:45:23 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: This is the only spam that ever had this issue on my system. Usually I just cut-and-paste the entire message source (with headers) into Spamcop and go about my merry way. I was intrigued as to why this one did not parse, which is what led me to discover this news group. Eric "Mike Easter" wrote in message news:c4ssak$bp8$1@news.spamcop.net... > Eric Johannsen wrote: > > Here's an interesting twist: > > > > I just noticed that the message, as displayed by OE, actually starts > > with the line: > > > > by isaacsmail.com (8.10.2/8.10.2) with ESMTP id J87Gz024176729 > > > > That is, some parts of the message that one would expect to be part > > of the header, are actually displayed as part of the message body. > > Everything starting with that line, to the end of the message, is > > shown as part of the body. > > I'm still unclear about some things. Is the usual situation that the > spams you examine that are routed like that one are 'normal' and not > 'spaced out' like we are discussing? That is, is this issue a 'freak' > occurence or a repetitive one? For mails that come like that. > > The normal situation is that headerlines have no empty lines in them. > When an empty line is encountered, that is the end of the header and the > beginning of the body of the mail. > > The actual 'description' from an smtp point of view might be much more > elaborate, but I'm trying to describe it as I 'see' it in 'proper' > headers in OE's message source. > > The last 'opinion' I had on this was that the spam item was getting > 'mangled' in transit. > > -- > Mike Easter > kibitzer, not SC admin > From nospam-news at johannsen.us Wed Apr 7 13:53:32 2004 From: nospam-news at johannsen.us (Eric Johannsen) Date: Wed Apr 7 15:55:33 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse References: Message-ID: > Then don't complain because no one cares to help you the next time you > post a question to the newsgroup. Asking you to post inline and snip > unnecessary quoting is not being a "forum nazi." It's just a simple rule > of netiquette for newsgroup posting. Asking is not an issue at all, but your mannerism violates many rules of proper ettiquite. I do not know if "netiquette" has something to say about the proper way to interact with new members of a community (I am only a very occasional visitor to online communities), but the rules of cultural ettiquite, established over thousands of years, do. You came at me with terminology that I'm not familiar with in an aggressive manner. Rather than just politely explaining the issue, you chose to prop your own ego in a manner not unlike a playground bully picking on a foreign kid for being different. The good news is, I finally understand the point you were trying to make. This really doesn't belong in a spam discussion, so I'm finished with this thread. From nobody at devnull.spamcop.net Wed Apr 7 21:58:47 2004 From: nobody at devnull.spamcop.net (Martin) Date: Wed Apr 7 16:00:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Adrian" wrote in message news:c50upb$bsh$1@news.spamcop.net... > Inept? Did you read all of this or not? We upgraded a server, added software > which had been added before and in all previous versions had the relay > automatically closed. BUT this is not the point. > > Accepted that the relay was open, and that we were put on a list for not > being careful. But NOT accepted is the time it takes SpamCop to update its > lists. If we had been blacklisted when it was found and unlisted within 12 > hours of not having the relay open, then I could accept this as a useful > program and would heartily recomend it. HOWEVER, we were put on the list > AFTER the relay was closed (so it didn't stop any spam getting pushed > through our servers) and we were only taken off the list in the last hour. > Think yourself lucky you wasnt listed on SORBS otherwise you would have to pay first to get de-listed, just accept you made a mistake and that it will come off all in good time, your not really in a position to rant and rave. Learn the lesson to be more careful in future, your mistake probably led to many thoughsands of people being spammed. Martin From noone at nowhere.com Wed Apr 7 14:24:38 2004 From: noone at nowhere.com (noone@nowhere.com) Date: Wed Apr 7 16:25:04 2004 Subject: [SpamCop-List] Mailhosts--how long does it take? Message-ID: <070420041324385050%noone@nowhere.com> I just embarked on using Mailhosts. I registered my "normal" address and another which is forwarded to it (at rcn.com). However, spamcop hasn't "accepted" the addresses after about 4 hours. How long does it take for them to be accepted? Right now, it appears that if I were to report a spam, I would be reporting myself, so I won't do that. Spamcop believes that the mail was injected at one of my hosts, and not upstream. A From nobody at spamcop.net Wed Apr 7 16:38:18 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 16:55:22 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Spambo" wrote in message news:c51bpc$sis$1@news.spamcop.net... > Ellen wrote: > > > [snip] > > > > Once again -- what is the IP? I cannot look at the database and see if there > > is problem without it. If you write to deputies@spamcop.net as I said > > earlier I can look at the specific details and discuss them with you. > > Ellen, can you say when 212.9.31.121 was delisted? > Is that the IP? It delisted 4/7/2004 5:31:01 AM -0400 The newest/last spam was received 4/5/2004 5:27:10 AM -0400 and it delisted 48 hours after that. The first spam was received 4/4/04 Ellen From nobody at spamcop.net Wed Apr 7 16:40:09 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 16:55:42 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C4BF5BDDD84homesitehelp@216.154.195.61... > > Where's your blog then? > > It's over on livejournal.com and rarely written in -- actually I think that's the last entry. Ellen From nobody at spamcop.net Wed Apr 7 16:47:36 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 16:55:49 2004 Subject: [SpamCop-List] Re: How does Yahoo do it? References: Message-ID: "Gezgin" wrote in message news:c51gdu$3bs$1@news.spamcop.net... > I have a Yahoo email account that I use for--uh--special purposes. Yahoo has > a feature called "SpamGuard" > (http://help.yahoo.com/help/us/mail/spam/spam-08.html) which, if activated, > shunts spam into a "bulk mail" folder. I check this folder from time to time > before emptying it but... and here's the weird thing: I've never seen a > "false positive". Never once has a legitimate email to my Yahoo address been > sent to the "bulk mail" folder. Never once. And no, I don't employ any > filters; neither have I defined any "whitelisted" addresses for this > account. > > How does Yahoo do it? > > Why can't SpamCop do it? Well the false positives or not depends can depened heavily on your mix. Sounds like your yahoo account gets spam and whatever those "special uses" mails are. I have 2 SC mail accounts -- one gets asked for marketing foo -- some from real big companies and more from itty bitty ones sending to niche audiences -- plus spam. It has a false positive about once every couple of weeks, it uses all the lists and SA. The other gets personal mail and maillist mail -- the lists all happen to be lists with a lot of international participants. That account runs behind minimal lists and SA and not much else and has false positivies about once every couple of days ... So FP is very dependent on your mix of mail IMO. Ellen From nobody at spamcop.net Wed Apr 7 22:01:06 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 17:05:03 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: Ellen (nobody@spamcop.net) wrote in news:c51pid$cod$2@news.spamcop.net: >> Where's your blog then? >> >> > > It's over on livejournal.com and rarely written in -- actually I think > that's the last entry. Gosh - I was serious, but if you want to hide it, just say so. ;-) A Google for: Ellen spam site:livejournal.com gives me nothing useful (63 hits that doen't seem to fit). What am I looking for, if anything? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From tmcgraw at spamcop.net Wed Apr 7 15:06:14 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 7 17:10:05 2004 Subject: [SpamCop-List] Re: Richter on "The Daily Show"! References: <406A489F.6070609@spamcop.net> Message-ID: <40746D46.3060506@spamcop.net> This is now on the Comedy Central site, but you'll need the latest version of RealPlayer. There's also a 20 second AmEx/Seinfeld promo at the beginning: http://tinyurl.com/2kl9t Veiled reference to the Lumber Cartel... worthwhile! From nobody at spamcop.net Wed Apr 7 22:08:31 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Wed Apr 7 17:10:18 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: Ellen (nobody@spamcop.net) wrote in news:c516ts$n0g$2@news.spamcop.net: > Baby spammer forgets to rtfm .... just in: "your federal express tracking number is %RANDOM_WORD" is there a whole new batch of babies, or what? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From tmcgraw at spamcop.net Wed Apr 7 15:15:26 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 7 17:20:03 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: Message-ID: <40746F6E.9070007@spamcop.net> Steve Cashman wrote: > > 'pedantic and tetchy responders need not reply' Steve, baby, you forgot "wingnuts"! From tmcgraw at spamcop.net Wed Apr 7 15:17:31 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 7 17:20:17 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: <40746FEB.4020609@spamcop.net> Steve Cashman wrote: > > 'wingnuts need not respond' In case you missed it in an earlier thread, Mr. Cashman is referring to me, Tim McGraw, your resident .spamcop ng wingnut. God bless 'em. From winelight at spamcop.net Wed Apr 7 23:23:47 2004 From: winelight at spamcop.net (Andrew Ward) Date: Wed Apr 7 17:25:03 2004 Subject: [SpamCop-List] Re: Nigerian '419' scammer sent to prison [Media] References: Message-ID: I'm quoting from someone else who is quoting a spokesman for the US Embassy in Lagos "He says they intercepted as many as /six a day/ American nationals entering Lagos for the purpose of handing over large sums of money in cash to "contacts" they had met by e-mail. He said that they (the Embassy officials) interview each one and advise them about the prevalence of 419 fraud, but almost all of them insist that their case "is different", that they know all about the fraudsters but this is a genuine business transaction, that they really are going to collect lots of money eventually (with an undertone that they are smarter than their contacts), and one or two get very offended that the embassy is trying to interfere with their constitutional rights. Several a week insist on going ahead with their plan to give money to their contacts. He suggested that the embassy wasn't all that sympathetic when some of the same people later visit the embassy to complain that they've been robbed or otherwise duped ... " Andrew Ward From rmu93awSPAMB02 at sneakemail.com Wed Apr 7 17:33:31 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Wed Apr 7 17:35:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Ellen wrote: > [snip] >>Ellen, can you say when 212.9.31.121 was delisted? > > Is that the IP? It delisted 4/7/2004 5:31:01 AM -0400 The newest/last spam > was received 4/5/2004 5:27:10 AM -0400 and it delisted 48 hours after that. > The first spam was received 4/4/04 I assume that it is the IP, based on the fact that the IP is the primary MX for the domain that the OP used in his return address and the IP was a first time listing that occured during the time period under discussion. Of course, this also assumes that they didn't have a second IP listed that the OP didn't mention. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From nobody at spamcop.net Wed Apr 7 18:14:46 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 17:40:03 2004 Subject: [SpamCop-List] Re: Forging headers - newbie style References: Message-ID: "Marjolein Katsma" wrote in message news:Xns94C4EA27FC869homesitehelp@216.154.195.61... > Ellen (nobody@spamcop.net) wrote in news:c51pid$cod$2@news.spamcop.net: > > > > It's over on livejournal.com and rarely written in -- actually I think > > that's the last entry. > > Gosh - I was serious, but if you want to hide it, just say so. ;-) > um well I don't think I want to post that publicly -- but you can write to me and I'll tell you -- not that I have said anything interesting in it :-) E From nobody at spamcop.net Wed Apr 7 18:16:45 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 17:40:20 2004 Subject: [SpamCop-List] Re: Mailhosts--how long does it take? References: <070420041324385050%noone@nowhere.com> Message-ID: wrote in message news:070420041324385050%noone@nowhere.com... > I just embarked on using Mailhosts. I registered my "normal" address > and another which is forwarded to it (at rcn.com). However, spamcop > hasn't "accepted" the addresses after about 4 hours. How long does it > take for them to be accepted? > > Right now, it appears that if I were to report a spam, I would be > reporting myself, so I won't do that. Spamcop believes that the mail > was injected at one of my hosts, and not upstream. > > A It can take a few hours -- and you are correct don't report spam while you are in the process. If you don't get the probes in the next few hours send your registered email address to deputies@spamcop.net and I will look at it -- the usual caveat, we are behind on the mail so the response will not be instantaneous but we are doing our best. Ellen From MikeE at ster.invalid Wed Apr 7 15:48:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 17:50:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> Message-ID: Tim McGraw wrote: > In case you missed it in an earlier thread, Mr. Cashman is referring > to me, Tim McGraw, your resident .spamcop ng wingnut. > > God bless 'em. That subthread generated a whole new thread in news.newusers.questions about how talkaboutnetwork does its 'business'. Not about you being a wingnut, tho' ;-) -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Wed Apr 7 16:05:34 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 7 18:10:04 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> Message-ID: <40747B2E.4090005@spamcop.net> Mike Easter wrote: > Tim McGraw wrote: > >>In case you missed it in an earlier thread, Mr. Cashman is referring >>to me, Tim McGraw, your resident .spamcop ng wingnut. >> >>God bless 'em. > > That subthread generated a whole new thread in news.newusers.questions > about how talkaboutnetwork does its 'business'. > > Not about you being a wingnut, tho' ;-) No Mike, it seems that reputation precedes me ;) What *is* Cashman's point, anyway? And why doesn't he correct his own spelling errors (tetchy)? From MikeE at ster.invalid Wed Apr 7 16:36:29 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 18:40:22 2004 Subject: [SpamCop-List] Re: Spammer's IP? References: <9bs870pi4eavb32skecrah9r21gkh0enjb@4ax.com> Message-ID: Spambo wrote: > Jim Thompson wrote: > Not sure what the problem is/was, but when I parsed the headers > SC pegged 80.109.206.149 as the source. www.spamcop.net/sc?id=z397298504z916232dd768dccdd54f779975302c1f8z Abbreviated summary of Received: lines *comment from oceanus.host4u.net (209.150.128.31) by mailgate.cesmail.net *serves you from (chello080109206149.6.graz.surfer.at [80.109.206.149]) by oceanus.host4u.net *source line from 160.128.36.4 by 80.109.206.149 *bogusline If SC broke the parse chain prematurely at the oceanus relay, it was from 'immaturity' - once it got to know it better, it trusted it to be a server. It sees it this way now: 209.150.128.31 found host 209.150.128.31 = oceanus.host4u.net (cached) host oceanus.host4u.net (checking ip) = 209.150.128.31 Possible spammer: 209.150.128.31 Received line accepted Relay trusted (209.150.128.31) -- Mike Easter kibitzer, not SC admin From thegreatone at example.com Wed Apr 7 16:39:24 2004 From: thegreatone at example.com (Jim Thompson) Date: Wed Apr 7 18:40:46 2004 Subject: [SpamCop-List] Re: Spammer's IP? References: <9bs870pi4eavb32skecrah9r21gkh0enjb@4ax.com> Message-ID: <5o09701slb47i16h7ebei9tttuo6qk0vtt@4ax.com> On Wed, 7 Apr 2004 15:36:29 -0700, "Mike Easter" wrote: >spamcop> > >Spambo wrote: >> Jim Thompson wrote: > >> Not sure what the problem is/was, but when I parsed the headers >> SC pegged 80.109.206.149 as the source. > >www.spamcop.net/sc?id=z397298504z916232dd768dccdd54f779975302c1f8z > > Abbreviated summary of Received: lines *comment > from oceanus.host4u.net (209.150.128.31) by mailgate.cesmail.net >*serves you > from (chello080109206149.6.graz.surfer.at [80.109.206.149]) by >oceanus.host4u.net *source line > from 160.128.36.4 by 80.109.206.149 *bogusline > >If SC broke the parse chain prematurely at the oceanus relay, it was >from 'immaturity' - once it got to know it better, it trusted it to be a >server. It sees it this way now: > >209.150.128.31 found >host 209.150.128.31 = oceanus.host4u.net (cached) >host oceanus.host4u.net (checking ip) = 209.150.128.31 >Possible spammer: 209.150.128.31 >Received line accepted >Relay trusted (209.150.128.31) Thanks, "kibitzer" !-) ...Jim Thompson -- From MikeE at ster.invalid Wed Apr 7 16:55:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 7 19:00:21 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> Message-ID: Tim McGraw wrote: >>> In case you missed it in an earlier thread, Mr. Cashman is referring >>> to me, Tim McGraw, your resident .spamcop ng wingnut. > What *is* Cashman's point, anyway? And why doesn't he correct his own > spelling errors (tetchy)? I'm not necessarily a good one to ask what is someone else's head - sometimes I don't even know what is going on inside my own! And certainly my point of view is different from many, so my 'theory' on something might be completely outawhack, but I'll give it a shot, and then Steve can have his own sayso. First, remember that Steve wasn't the one who first 'initiated' the wingnut remark about you, it was actually Munger Joe over in alt.spam -- it was just that Steve was trying to make a point about something and brought up that alt.spam thread which had been 'plagiarized'^1 over in talkabout to make his point. Next, the context that the wingnut remark was made in this thread might very well have not been directed toward you [this time] -- because his beef was with 'beating up on' correspondents in the ng, which you usually don't do. So, maybe he was aiming his 'advice' at some other wingnuts; exactly which ones [if not you] he will have to clarify on his own. ^1 in my opinion, giving a thread of conversation a different name and making it look like it is happening in a webforum instead of the nntp newsgroup where it did occur is *not* the same thing as 'archiving' it -- Mike Easter kibitzer, not SC admin From baloo at ursine.ca Wed Apr 7 16:48:56 2004 From: baloo at ursine.ca (Paul Johnson) Date: Wed Apr 7 19:05:03 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: Message-ID: <878yh7jtev.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Steve Cashman" writes: > Freeserve in the UK have introduced an anti-spam system - Great news. BUT it > only catches about 3% of the spam. Still they have tried bless 'em. So what's the point? SpamAssassin is free software and it catches *far* more spam than 3%. Freeserve's time could have been better spent adapting SpamAssassin for their uses. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdIVYUzgNqloQMwcRAmaAAJ9Yyribh3eZcNxkoLUmjSvhGVV/fgCdE2Z3 KsgeoZDnmbG2oquEdfOvnUc= =ooVR -----END PGP SIGNATURE----- From baloo at ursine.ca Wed Apr 7 16:52:47 2004 From: baloo at ursine.ca (Paul Johnson) Date: Wed Apr 7 19:05:24 2004 Subject: [SpamCop-List] Re: Courtesy of /., "Spam, the Phenomenon" References: Message-ID: <874qrvjt8g.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marjolein Katsma writes: > - He mentions the possibility that spams can carry viruses > (theoretically possible but I've never seen any) but fails to > recognize that viruses are now used expressly to open up proxies for > spammers to use Looking at the headers from mail my server has rejected at SMTP-time, I doubt many would have made it past the spam check anyway. If you want to reject viruses the right way, feel free to use my solution. http://ursine.ca/~baloo/clamd-exiscan.txt > - He gives an example of how Yahoo! tries to thwart spammers signing > up for accounts by scripting, by showing an image that supposedly > only "humans" can decipher, but fails to note this effectively > classifies people with visual impairments as "non-human". And for that reason, I wonder how long it will be before someone sues Yahoo for not being ADA compliant in the US. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdIZCUzgNqloQMwcRAvCmAJwIXGFot4HrQ79fTFiZDDzTQAbCwQCgwAHM O17c32BilMI0TZP04i+YqEk= =oaP5 -----END PGP SIGNATURE----- From baloo at ursine.ca Wed Apr 7 16:56:17 2004 From: baloo at ursine.ca (Paul Johnson) Date: Wed Apr 7 19:05:32 2004 Subject: [SpamCop-List] Re: Courtesy of /., "Spam, the Phenomenon" References: Message-ID: <87zn9niei6.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Redstone writes: > The majority of users use their ISP's own SMTP server. Blocking port > 25 would not be a bother to these users. Though I do know users (ala > Indigo) who needs to have that port open for "business only". But > that can be arranged on a per-user basis. I'm not sure that's exactly a good solution. What if the user is better than the ISP is, but can't afford better hosting? I'm not the only person in that boat... - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdIcVUzgNqloQMwcRApQ4AJ4miyEF54ajdGXkzKhm64waPOTiKACgwLIz QVsVHSY35jXhV0a0f7V+/hQ= =r88t -----END PGP SIGNATURE----- From baloo at ursine.ca Wed Apr 7 16:58:41 2004 From: baloo at ursine.ca (Paul Johnson) Date: Wed Apr 7 19:05:40 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: <87vfkbiee6.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Redstone writes: > "caroljean52" wrote in > news:c4n1cl$50d$1@news.spamcop.net: > > >> Carol >> Seattle USA >> >> > > > DSL is out of the question? DSL on a good day doesn't hold a flame to cable on a bad day in the northwest, there's no comparison. Why deal with the crappy telcos when you don't have to? - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdIehUzgNqloQMwcRAtuAAJ0fmvvmRD81BR0OcG82YVypyK5dPACglxbB gaeJ/zpnaWa52WvbFvs4V5E= =a6VV -----END PGP SIGNATURE----- From noone at nowhere.com Wed Apr 7 17:17:12 2004 From: noone at nowhere.com (noone@nowhere.com) Date: Wed Apr 7 19:20:11 2004 Subject: [SpamCop-List] Re: Mailhosts--how long does it take? References: <070420041324385050%noone@nowhere.com> Message-ID: <070420041617126330%noone@nowhere.com> It's been 8 hours. Luckily a nearly spam-free 8 hours, so I don't feel guilty not reporting spam. I'll send you a note via email. Thx A = In article , Ellen wrote: > It can take a few hours -- and you are correct don't report spam while you > are in the process. If you don't get the probes in the next few hours send > From mljohns at iname.com Wed Apr 7 17:32:13 2004 From: mljohns at iname.com (Myron Johnson) Date: Wed Apr 7 19:35:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: Well, you can still count me in with a Cox problem. In five days of sending SpamCop reports, I only got proper replies on the first day (Sunday, as I recall). Since then, I've gotten three replies from SpamCop out of, perhaps, ten Spam reports sent. Also, a SpamCop authorization email arrived successfully, when I tried resetting my authorization code (thinking that was the problem). Online submissions work fine, but there are too timeconsuming. In the meantime, I've received about 70 spam emails, so there's nothing wrong with Cox's mailserver! Myron "Technomage" wrote in message news:pan.2004.04.07.14.49.59.830600@127.0.0.1... > > It wouldn't be a bad idea to get an actual figure of the number of cox.net > users having this problem (number and possible city/state locations (no > addresses)). The more information we can present to cox.net, the greater > the chance they will be able to find and correct the problem. From mljohns at iname.com Wed Apr 7 17:38:06 2004 From: mljohns at iname.com (Myron Johnson) Date: Wed Apr 7 19:40:02 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: BTW....I want to thank the SpamCop developers and deputies for their efforts. I run an Exchange Server for our small company, and my co-workers were getting VERY upset about the amount of spam they've been receiving. It's obvious, too, that Microsoft's Outlook 2003 filter is basically junk. I've had GREAT luck with K9 filtering my POP accounts, but it doesn't help with an Exchange Server. Anyway, I set up a connection filter for bl.spamcop.net on our Exchange Server a week ago and the results have been great! I also added CBL on Saturday. Very little spam has been getting through and we haven't had any (known) issues with false positives. Thanks, all! Myron "Myron Johnson" wrote in message news:c5231u$nnt$1@news.spamcop.net... > > In the meantime, I've received about 70 spam emails, so there's nothing > wrong with Cox's mailserver! > > Myron From nobody at spamcop.net Wed Apr 7 20:01:56 2004 From: nobody at spamcop.net (Cat) Date: Wed Apr 7 20:05:03 2004 Subject: [SpamCop-List] Re: How does Yahoo do it? In-Reply-To: References: Message-ID: Gezgin wrote: > I have a Yahoo email account that I use for--uh--special purposes. Yahoo has > a feature called "SpamGuard" > (http://help.yahoo.com/help/us/mail/spam/spam-08.html) which, if activated, > shunts spam into a "bulk mail" folder. I check this folder from time to time > before emptying it but... and here's the weird thing: I've never seen a > "false positive". Never once has a legitimate email to my Yahoo address been > sent to the "bulk mail" folder. Never once. And no, I don't employ any > filters; neither have I defined any "whitelisted" addresses for this > account. My Yahoo bulk folder traps legitimate mail somewhat regularly for some reason. I also get some spam in my regular inbox. I don't know how or why Yahoo gets this backward. From nobody at spamcop.net Wed Apr 7 21:41:30 2004 From: nobody at spamcop.net (Spam Pop) Date: Wed Apr 7 20:45:05 2004 Subject: [SpamCop-List] Re: X-10 success story - References: Message-ID: "Cat" wrote in message news:c4snge$4hn$1@news.spamcop.net... > Pop Rivet wrote: > > > > Stop morphing to escape everyone's killfiles, troll. > I didn't write that. Pop From nobody at spamcop.net Wed Apr 7 18:46:06 2004 From: nobody at spamcop.net (Ray) Date: Wed Apr 7 20:50:03 2004 Subject: [SpamCop-List] Mailhost config for catch-all addy. Message-ID: Sorry if this has been addressed elsewhere but there are many mailhost threads here and I can't bear wading through them as well as the unusable (IMHO) web forum to find the answer to a simple, possibly stupid question. For a domain I own the e-mail addy I POP also catches all mail sent to any address at that domain. Do I need to do the mailhost set up for all the addresses that spammers use to send me thier spew (i.e., webmaster at mydomain.com, info at mydomain.com, contacts...blah blah blah)? The set-up for the addy I POP succeeded when configured but when parsing spams some of the new messages that show up make me wonder if everything is as it is supposed to be. Thanks! Ray From nobody at spamcop.net Wed Apr 7 21:10:13 2004 From: nobody at spamcop.net (WazoO) Date: Wed Apr 7 21:15:03 2004 Subject: [SpamCop-List] Re: Mailhost config for catch-all addy. References: Message-ID: "Ray" wrote in message news:nobody-037EAA.17460507042004@news.cesmail.net... > Sorry if this has been addressed elsewhere but there are many mailhost > threads here and I can't bear wading through them as well as the > unusable (IMHO) web forum to find the answer to a simple, possibly > stupid question. I've been accused of a lot of things, but that doesn't bother me at all. Yes, your question has been answered a number of times in both these newsgroups and in the Forums. So, sorry, why the hell do you feel the need to start yet another thread, while mentioning that you just don't feel the need to read any of them? From nobody at spamcop.net Wed Apr 7 19:13:05 2004 From: nobody at spamcop.net (Ray) Date: Wed Apr 7 21:15:25 2004 Subject: [SpamCop-List] Re: Mailhost config for catch-all addy. References: Message-ID: In article , "WazoO" wrote: > "Ray" wrote in message > news:nobody-037EAA.17460507042004@news.cesmail.net... > >[snip my orginal question] > > I've been accused of a lot of things, but that doesn't bother > me at all. Yes, your question has been answered a number > of times in both these newsgroups and in the Forums. So, > sorry, why the hell do you feel the need to start yet another > thread, while mentioning that you just don't feel the need to > read any of them? > > After looking at some 30 messages in different threads and reading the last 5 pages in the web forum I did not see addressed. Thanks alot for nothing. From nobody at spamcop.net Wed Apr 7 22:28:18 2004 From: nobody at spamcop.net (Ellen) Date: Wed Apr 7 21:30:02 2004 Subject: [SpamCop-List] Re: Mailhost config for catch-all addy. References: Message-ID: "Ray" wrote in message news:nobody-037EAA.17460507042004@news.cesmail.net... > Sorry if this has been addressed elsewhere but there are many mailhost > threads here and I can't bear wading through them as well as the > unusable (IMHO) web forum to find the answer to a simple, possibly > stupid question. > > For a domain I own the e-mail addy I POP also catches all mail sent to > any address at that domain. > > Do I need to do the mailhost set up for all the addresses that spammers > use to send me thier spew (i.e., webmaster at mydomain.com, info at > mydomain.com, contacts...blah blah blah)? > > The set-up for the addy I POP succeeded when configured but when parsing > spams some of the new messages that show up make me wonder if everything > is as it is supposed to be. > No one mailhost setup id sufficient assuming that the mail travels thru the same ISP/set of servers for all the addresses. For example on my mailhosts setup I have the same thing -- mail to a domain I own with a bunch of valid addresses and then all the catchall addresses that spammers cheerfully make up and I only needed the one mailhost entry. However if you have *any* strange looking parses please send the tracking url along with your registered SC email address and we will look at them. One of the interesting things I discovered when I set up mailhosts for the SC account mentioned above was I discovered an email box forwarding to my domain that I had totally forgotten about -- it was set up about 3 years ago and hasn't been used for the last 2 as far as I knew but lo and behold the randon spam was still showing up there :-) Ellen From nobody at spamcop.net Wed Apr 7 19:52:32 2004 From: nobody at spamcop.net (Ray) Date: Wed Apr 7 21:55:05 2004 Subject: [SpamCop-List] Re: Mailhost config for catch-all addy. References: Message-ID: In article , "Ellen" wrote: > "Ray" wrote in message > news:nobody-037EAA.17460507042004@news.cesmail.net... > >[snip my original question] > > > [snip Ellens answer] > up and I only needed the one mailhost entry. However if you have *any* > strange looking parses please send the tracking url along with your > registered SC email address and we will look at them. Once I get used to the new messages from the parser I'll be able to better know if they are indeed strange. > > One of the interesting things I discovered when I set up mailhosts for the > SC account mentioned above was I discovered an email box forwarding to my > domain that I had totally forgotten about -- it was set up about 3 years ago > and hasn't been used for the last 2 as far as I knew but lo and behold the > randon spam was still showing up there :-) I have a feeling I might run across a similar situation. Thanks Ellen! Your the best! From nobody at spamcop.net Wed Apr 7 23:52:52 2004 From: nobody at spamcop.net (Cat) Date: Wed Apr 7 23:55:22 2004 Subject: [SpamCop-List] Re: Header that Spamcop can not parse In-Reply-To: References: Message-ID: Eric Johannsen wrote: >>Asking you to post inline and snip >>unnecessary quoting is not being a "forum nazi." It's just a simple rule >>of netiquette for newsgroup posting. > > > Asking is not an issue at all, but your mannerism violates many rules of > proper ettiquite. I fail to see what was wrong with the way I replied. I very calmly and simply explained to you why top posting and not snipping makes posts hard to read. If you felt attacked over that, then that's just ridiculous. I'm assuming you're a fully grown adult, which means that people here should not be expected to hold your hand and explain every little thing to you in some nauseatingly sweet manner that one would use to talk to a toddler. > I do not know if "netiquette" has something to say about > the proper way to interact with new members of a community (I am only a very > occasional visitor to online communities), but the rules of cultural > ettiquite, established over thousands of years, do. I still fail to see what was rude about explaining why your posts were hard to follow and why continuing to top post and not snip after being asked to stop is a quick way to get your posts ignored. > You came at me with terminology that I'm not familiar with in an aggressive > manner. Apparently, you're not talking about the post I wrote or you just don't understand simple English. There was no "unfamiliar terminology" there. I'm repasting the part I'm assuming you're addressing below: "Also, your habit of top posting and not limiting quoting makes it hard to follow the conversation. The preferred method of netiquette is to snip out any quoting that you aren't addressing and post your comments below each point you are replying to. This makes it much easier to follow. Often, people will just ignore posts where the reply is top posted and/or posts where people don't snip the unnecessary parts." I just simply stated facts in the nicest way possible. If that was your idea of rude and aggressive, then you must really have a hard time in the world. I can't help but wonder if you bite someone's head off claiming that person was rude to you just for smiling at you and saying hi. I think you're being unnecessarily paranoid to claim I was rude and aggressive toward you just for a simple, polite request for you to snip and post inline. If you're talking about "Next time before you 'figure' you'll do something, please read the posting rules first" then you shouldn't complain that people reprimanded you for that when the forum page clearly states that spam should not be posted here. My complaint with your original comment on that was that the forum page lists the "no spam posting except in .spam" rule, yet you still decided to post the spam here anyway. Some of us have been around SpamCop for several years, so we've seen a lot of excuses from people for why they blatantly ignore the "no spam posting" rule. No one (except maybe those who ignore the "no spam posting" rule) wants to have to dig through endless amounts of spam posts in the wrong group just to find actual discussion. > Rather than just politely explaining the issue, you chose to prop > your own ego in a manner not unlike a playground bully picking on a foreign > kid for being different. In no way did I "prop (my) own ego in a manner not unlike a playground bully." If I wanted to bully you about it, I would have replied with something like "knock off the top posting and not snipping, you obnoxious twit!" Instead, I gave you a rational and polite explanation for why top posting and not snipping makes a post hard to follow. > The good news is, I finally understand the point you were trying to make. That's good then. That's all I was trying to explain to you in the first place, but you chose to call names and make false accusations in return, which was extremely unnecessary. From mljohns at iname.com Thu Apr 8 00:02:28 2004 From: mljohns at iname.com (Myron Johnson) Date: Thu Apr 8 02:05:12 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: As of 8:00 pm (MST), April 7, 2004, my Cox.net email account is receiving SpamCop Autoresponder Reports again! Yeah! Myron From SpamMeAndDie at noway.com Thu Apr 8 03:39:35 2004 From: SpamMeAndDie at noway.com (Vain) Date: Thu Apr 8 02:40:03 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <87y8pcl793.fsf@ursine.ca> <87wu4vuu56.fsf@ursine.ca> Message-ID: "Paul Johnson" wrote in message news:87wu4vuu56.fsf@ursine.ca... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "Frog Prince" writes: > > > "Paul Johnson" > > | > > | > Comcast will not let me forward spam to the FTC or the FDA! > > | > > | Get a commercial account, run a mail server. That's how I solved that > > | one before it got started. > > > > Isn't a commercial account much more expensive? > > Yeah, but that's what's nice about having roommates to chip in. > > - -- > Paul Johnson How about getting of Comcast all together and going to an ISP that doesn't harbor a million spammers. Over half my spam comes from people on their network (or people using an open proxy or unsecured SMTP on their network). I hate these guys with a passion that I used to reserve for murderers and child molesters. The world would be a better place if they went bankrupt, so honest people, at least, should just stop giving them money. From asterix at no_where.net Thu Apr 8 10:14:51 2004 From: asterix at no_where.net (Asterix) Date: Thu Apr 8 03:15:18 2004 Subject: [SpamCop-List] Any way to beat these dodgers (med spams)? Message-ID: <1gbx2mj.1berw5x102jkv6N%asterix@no_where.net> The latest way to dodge Spamcop's parser: Instead of supplying clickable URL:s the spammer writes: Please copy and paste this link into your browser healthypractise.biz or Please copy and paste this link into your browser keepinghealthy.biz followed by: For phone orders please call us at 1-415-462-2965 or 1-646-837-0772 (Monday - Saturday, 09:30AM to 10:00PM EST) These are online pharnacy spams. BTW: Are these drug dealers actually legal in the US ? From tmcgraw at spamcop.net Thu Apr 8 01:19:18 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 8 03:20:04 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> Message-ID: <4074FCF6.5000909@spamcop.net> Mike Easter wrote: > Tim McGraw wrote: > >>In case you missed it in an earlier thread, Mr. Cashman is referring >>to me, Tim McGraw, your resident .spamcop ng wingnut. > >>What *is* Cashman's point, anyway? And why doesn't he correct his own >>spelling errors (tetchy)? > > > > Next, the context that the wingnut remark was made in this thread might > very well have not been directed toward you [this time] -- because his > beef was with 'beating up on' correspondents in the ng, which you > usually don't do. So, maybe he was aiming his 'advice' at some other > wingnuts; exactly which ones [if not you] he will have to clarify on > his own. His link to the "Tim McGraw is a real wingnut" thread was a direct response to one of my posts and it contained *only* that link. Furthermore, he never did provide enough details in the thread where it was mentioned for anyone to provide a helpful answer to his question, which is perplexing because he has made some good posts. As far as "beating up on" correspondents in this ng I reserve my flagellation for people who are truly deserving or have questionable motives. When proven wrong I believe the record will show that I have humbly apologized. Lastly, I believe he means to imply that you are the "pendantic and tetchy" one, but there's less evidence to support that than the "wingnut" business. The troll meter is running. From nobody at spamcop.net Thu Apr 8 08:43:39 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Thu Apr 8 03:45:19 2004 Subject: [SpamCop-List] Re: Any way to beat these dodgers (med spams)? References: <1gbx2mj.1berw5x102jkv6N%asterix@no_where.net> Message-ID: Asterix (asterix@no_where.net) wrote in news:1gbx2mj.1berw5x102jkv6N% asterix@no_where.net: > The latest way to dodge Spamcop's parser: > > Instead of supplying clickable URL:s the spammer writes: > > Please copy and paste this link into your browser > healthypractise.biz I've seen a few, too. What I do (if I notice) is look up the domain in abuse.net and add the abuse addy (or default postmaster) as user-defined address on the report. Of course you can do that only if you're a paying reporter or SC mail user; the alternative is to lookup the abuse and report manually. Whether they care, is another matter - but that's true for URLs SC does find as well. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Thu Apr 8 09:57:17 2004 From: nobody at spamcop.net (TimeLord) Date: Thu Apr 8 04:00:03 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: <878yh7jtev.fsf@ursine.ca> Message-ID: "Paul Johnson" wrote in message news:878yh7jtev.fsf@ursine.ca... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > So what's the point? SpamAssassin is free software and it catches > *far* more spam than 3%. Freeserve's time could have been better > spent adapting SpamAssassin for their uses. I agree - we brought similar in a few weeks ago, and it's over 99.9% effective, handling about 500 junk items a day (sorry SC, better than here) Kev From STEVE at cashmans.fsnet.co.uk Thu Apr 8 10:13:01 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 04:15:10 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> <4074FCF6.5000909@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:4074FCF6.5000909@spamcop.net... > Mike Easter wrote: > > Tim McGraw wrote: > > > >>In case you missed it in an earlier thread, Mr. Cashman is referring > >>to me, Tim McGraw, your resident .spamcop ng wingnut. > > Not my words at all Tim, as you know. But then again you did not follow the Freeserve / Wanadoo spammer thread either. > >>What *is* Cashman's point, anyway? My point was Ok so the guy made a mistake - does that stop him ever having help? (meaning that the guy made a mistake, does that stop him from having help) sorry I thought that that was self evident. The tone of a lot of the 'help' these days is the 'experts' having abusing the normal every day users. Give the guy a break (Meaning that the tone of a lot of the help from the 'experts' is abusive, and that the guy should be given a break) sorry again I thought that this was self evident. And why doesn't he correct his own > >>spelling errors (tetchy)? So what is the OFFICIAL spamcop spelling of tetchy? > > > > > > > > Next, the context that the wingnut remark was made in this thread might > > very well have not been directed toward you [this time] -- because his > > beef was with 'beating up on' correspondents in the ng, which you > > usually don't do. So, maybe he was aiming his 'advice' at some other > > wingnuts; exactly which ones [if not you] he will have to clarify on > > his own. Aimed at any wingnut that impresses their own slant on things and ignores the original request for help, but as they say if the cap fits...... From STEVE at cashmans.fsnet.co.uk Thu Apr 8 10:27:43 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 04:30:04 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: <878yh7jtev.fsf@ursine.ca> Message-ID: "Paul Johnson" wrote in message news:878yh7jtev.fsf@ursine.ca... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "Steve Cashman" writes: > > > Freeserve in the UK have introduced an anti-spam system - Great news. BUT it > > only catches about 3% of the spam. Still they have tried bless 'em. > > So what's the point? SpamAssassin is free software and it catches > *far* more spam than 3%. Freeserve's time could have been better > spent adapting SpamAssassin for their uses. > Freeserve have appologised for the poor catch rate and 'promised' it will get better over the next few days. Steve > - -- > Paul Johnson > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFAdIVYUzgNqloQMwcRAmaAAJ9Yyribh3eZcNxkoLUmjSvhGVV/fgCdE2Z3 > KsgeoZDnmbG2oquEdfOvnUc= > =ooVR > -----END PGP SIGNATURE----- From STEVE at cashmans.fsnet.co.uk Thu Apr 8 10:30:31 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 04:30:20 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: <40746F6E.9070007@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:40746F6E.9070007@spamcop.net... > Steve Cashman wrote: > > > > 'pedantic and tetchy responders need not reply' > > Steve, baby, you forgot "wingnuts"! Grow up From baloo at ursine.ca Thu Apr 8 02:39:21 2004 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 8 04:46:45 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: <878yh7jtev.fsf@ursine.ca> Message-ID: <87n05m6eyu.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "TimeLord" writes: > "Paul Johnson" wrote in message > news:878yh7jtev.fsf@ursine.ca... >> So what's the point? SpamAssassin is free software and it catches >> *far* more spam than 3%. Freeserve's time could have been better >> spent adapting SpamAssassin for their uses. > > I agree - we brought similar in a few weeks ago, and it's over 99.9% > effective, handling about 500 junk items a day (sorry SC, better than here) I think the true beauty of my setup is that it rejects virus-infected mail at SMTP (instead of the truly obnoxious bounce-it-after-accepting routine the commercial guys use to advertise their products), as well as allow for each user to have their own spamassassin configuration. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdQ+7UzgNqloQMwcRAmqfAJ0edBugAY//Mb2G9qhHS3fdMJjFAgCfVyct 9/tdp/FgjWMGsk2mEN5fQlc= =cMvh -----END PGP SIGNATURE----- From kjz at despammed.com Thu Apr 8 12:01:10 2004 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Thu Apr 8 05:05:47 2004 Subject: [SpamCop-List] Re: today Ralsky, Inc. uses: oiuytt.com, kjhbvf.com; NEW DNS: opaldomain.com, opldomain.com In-Reply-To: References: Message-ID: Chinese branch: Domain name: oiuytt.com 221.5.250.123 Registrant Contact: huangf guifang Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn DNS: ns0.opaldomain.com 219.153.1.180 ns1.opldomain.com 202.104.234.73 Created: 2004-04-05 Expires: 2005-04-05 Domain name: kjhbvf.com 202.106.127.112 Registrant Contact: huangf guifang Gui Fang Huang huangjack1@126.com +86.4137480040 fax: +86.4137480040 #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district Fu shun Lian Ning 118000 cn DNS: ns0.opaldomain.com ns1.opldomain.com Created: 2004-04-05 Expires: 2005-04-05 Domain Name: opaldomain.com Expiry Date: 31-Mar-2005 Days Left for Expiry: 357 Record Creation Date: 31-Mar-2004 Domain Status: Active Domain servers in listed order: No NameServers Defined. RegistrantContact Details Name Huang Gui Fang Company Huang Gui Fang Email Address huangjack1@126.com Address #101 Unit 1 NO.4 Century Garden , Long cheng Str. City Fu shun State null Zip 113006 Domain Name:opldomain.com Administrative Contact: Huang GuiFang Huang GuiFang #101 Unit 1 NO.4 Century Garden , Long cheng Str. Shun Cheng district fushun Liaoning 113006 China tel: 86 413 7480040 fax: 86 413 7480040 huangjack1@126.com Registration Date: 2004-04-01 Update Date: 2004-04-01 Expiration Date: 2005-04-01 Primary DNS: ns1.opldomain.com 202.104.234.73 Secondary DNS: ns0.opaldomain.com From redford_stone at INVERSE_OF_COLDmail.com Thu Apr 8 10:10:43 2004 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Apr 8 05:15:27 2004 Subject: [SpamCop-List] Re: OH PUHLEEZE PETEY! ;-D References: Message-ID: Pete Stephenson wrote in news:pete- BBB888.08374507042004@news.cesmail.net: > > "Site Temporarily Disabled > > This site has been temporarily disabled. If you are the owner of the > site, please contact customer care." > Wha? It was just working this morning. Went beyond the bandwidth limit? From gezgin at spamcop.net Thu Apr 8 13:11:28 2004 From: gezgin at spamcop.net (Gezgin) Date: Thu Apr 8 05:15:53 2004 Subject: [SpamCop-List] "I refuse to bother hostmaster@nic.ad.jp." Message-ID: http://tinyurl.com/2rwpr How come? -- Bob Kanyak's Doghouse http://kanyak.com From MikeE at ster.invalid Thu Apr 8 03:48:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 8 05:50:05 2004 Subject: [SpamCop-List] Re: "I refuse to bother hostmaster@nic.ad.jp." References: Message-ID: Gezgin wrote: > http://tinyurl.com/2rwpr If you paste the link to a tracker that has 'member' in it, I can convert it to a non-member and use it. If you paste a tinied link to a member tracker, I can't get my 'hands on it' to convert it. Either tiny the non-member configuration of the tracker or paste your 'normal' member link without tiny-ing it. Or, I'm out of the question. -- Mike Easter kibitzer, not SC admin From gezgin at spamcop.net Thu Apr 8 13:51:21 2004 From: gezgin at spamcop.net (Gezgin) Date: Thu Apr 8 05:55:04 2004 Subject: [SpamCop-List] Re: "I refuse to bother hostmaster@nic.ad.jp." References: Message-ID: "Mike Easter" wrote in message news:c53752$vt4$1@news.spamcop.net... > If you paste the link to a tracker that has 'member' in it, I can > convert it to a non-member and use it. If you paste a tinied link to a > member tracker, I can't get my 'hands on it' to convert it. I didn't know that... Thanks for pointing it out, Mike. Here's the accessible link: http://tinyurl.com/2ughg -- Bob Kanyak's Doghouse http://kanyak.com From MikeE at ster.invalid Thu Apr 8 04:01:40 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 8 06:05:04 2004 Subject: [SpamCop-List] Re: "I refuse to bother hostmaster@nic.ad.jp." References: Message-ID: Gezgin wrote: > Here's the accessible link: > http://tinyurl.com/2ughg This is about 133.5.223.154 rDNS kikai6.med.kyushu-u.ac.jp at Kyushu U., probably the medical - SC doesn't have the 'capacity' to lookup a 'good' addy and the nic.ad.jp is the registrar itself. But the capacity is there: a. [Network Number] 133.5.0.0 b. [Network Name] KITE g. [Organization] Kyushu University m. [Administrative Contact] FM370JP n. [Technical Contact] DI031JP n. [Technical Contact] KO3068JP n. [Technical Contact] YK1737JP One can look up all of those handles in whois.nic.ad.jp whois -h whois.nic.ad.jp fm370jp ... a. [JPNIC Handle] FM370JP c. [Last, First] Matsuo, Fumihiro d. [E-Mail] matsuo@i.kyushu-u.ac.jp a. [JPNIC Handle] DI031JP c. [Last, First] Ikeda, Daisuke d. [E-Mail] daisuke@cc.kyushu-u.ac.jp a. [JPNIC Handle] KO3068JP c. [Last, First] Okamura, Koji d. [E-Mail] oka@ec.kyushu-u.ac.jp a. [JPNIC Handle] YK1737JP c. [Last, First] Kasahara, Yoshiaki d. [E-Mail] kasahara@nc.kyushu-u.ac.jp I would use those, since there isn't a reg'd addy at abuse.net whois -h whois.abuse.net kyushu-u.ac.jp ... No abuse address is registered with abuse.net -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Apr 8 08:46:27 2004 From: nobody at spamcop.net (R. P. McCormick) Date: Thu Apr 8 07:50:09 2004 Subject: [SpamCop-List] Re: Any way to beat these dodgers (med spams)? References: <1gbx2mj.1berw5x102jkv6N%asterix@no_where.net> Message-ID: Can't find any listings for either phone number ... > For phone orders please call us at 1-415-462-2965 Handled by CLEC Focal Communications Corp of CA. Rate Centre is San Rafael. Switch is SNFECALNDS0. > or 1-646-837-0772 Handled by CLEC Focal Communications Corp of NY. Rate Centre is NWYRCYZN01. Switch is NYCMNYQODS1. Was not familiar with Focal ... http://www.focal.com >> Focal is a national telecommunications provider with a unique >> blend of stellar service and innovative voice and data solutions >> for enterprises, carriers and resellers. >> Focal serves 23 major U.S. markets, offering customers >> a single solution for all their communications needs, >> from coast to coast. >> Corvis Corporation to Acquire Focal Communications http://www.corvis.com Corvis owns Broadwing Communications Looks like this spammer has connections on both sides of North America and may be using the same reseller to get telco services (which may include Internet connectivity). From STEVE at cashmans.fsnet.co.uk Thu Apr 8 14:00:31 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 08:00:06 2004 Subject: [SpamCop-List] Re: Any way to beat these dodgers (med spams)? References: <1gbx2mj.1berw5x102jkv6N%asterix@no_where.net> Message-ID: "Asterix" wrote in message news:1gbx2mj.1berw5x102jkv6N%asterix@no_where.net... > These are online pharnacy spams. > BTW: Are these drug dealers actually legal in the US ? No, but the government has so far taken the hid your head in the sand option. Still it looks as though things may change soon http://www.cnn.com/2004/HEALTH/03/01/bush.drug.policy.ap/ From tim at kyologic.com Thu Apr 8 08:58:30 2004 From: tim at kyologic.com (Tim Neudecker) Date: Thu Apr 8 08:00:22 2004 Subject: [SpamCop-List] MailHosts and Forwarding Mail Message-ID: <1gbwzg8.12465q6h1b12wN%tim@kyologic.com> Hi all, Quick question for those in the "know." I have been using the new "MailHosts" feature for about 2 weeks now. I needed some help setting it up at first as it incorrectly parsed a couple of my mail servers. But I think those issues are all worked out now :-) It appears to be working very well. I have several email accounts that forward to one of two main accounts, these two main accounts are filtered by spamcop via the "POP Hack", I had to use the POP hack because if I forwarded these accounts to my spamcop account for filtering, I would consistently report my own servers. I one thing I hate about the POP hack is the 15minute delay it puts on my email. Now that MailHosts knows all my mail servers, can I return to forwarding mail to spam cop instead of POPing it? Can I safely use quick report then without the risk of reporting my servers? Thanks for the help, Tim -- Tim Neudecker tim@kyologic.com From asterix at no_where.net Thu Apr 8 15:18:38 2004 From: asterix at no_where.net (Asterix) Date: Thu Apr 8 08:15:20 2004 Subject: [SpamCop-List] Re: Any way to beat these dodgers (med spams)? References: <1gbx2mj.1berw5x102jkv6N%asterix@no_where.net> Message-ID: <1gbxh0r.3zrvnp15xmnnkN%asterix@no_where.net> R. P. McCormick wrote: > Can't find any listings for either phone number ... > > > For phone orders please call us at 1-415-462-2965 > > Handled by CLEC Focal Communications Corp of CA. > Rate Centre is San Rafael. Switch is SNFECALNDS0. > > > > or 1-646-837-0772 > > Handled by CLEC Focal Communications Corp of NY. > Rate Centre is NWYRCYZN01. Switch is NYCMNYQODS1. > > Was not familiar with Focal ... > http://www.focal.com Interesting - might as well lart them, too... BTW - this smells a Ralsky operation, right ? ... From nobody at spamcop.net Thu Apr 8 08:57:04 2004 From: nobody at spamcop.net (Ellen) Date: Thu Apr 8 09:00:05 2004 Subject: [SpamCop-List] Re: Mailhost config for catch-all addy. References: Message-ID: "Ray" wrote in message news:nobody-4AABD3.18523207042004@news.cesmail.net... > In article , > Once I get used to the new messages from the parser I'll be able to > better know if they are indeed strange. > > > > > One of the interesting things I discovered when I set up mailhosts for the > > SC account mentioned above was I discovered an email box forwarding to my > > domain that I had totally forgotten about -- it was set up about 3 years ago > > and hasn't been used for the last 2 as far as I knew but lo and behold the > > randon spam was still showing up there :-) > > I have a feeling I might run across a similar situation. > > Thanks Ellen! > Your the best! yw E From nobody at spamcop.net Thu Apr 8 09:03:44 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Apr 8 09:00:28 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Steve Cashman" wrote in message news:c50u86$b7r$1@news.spamcop.net... > > > Ok so the guy made a mistake - does that stop him ever having help? > > The tone of a lot of the 'help' these days is the 'experts' having abusing > the normal every day users. Give the guy a break. > I have observed that posters often set the tone for the kinds of replies they get. Obviously (in 20-20 hindsight) the poster was just upset and possibly the trenchant comments helped him to gain perspective. The 'soft' approach that I used didn't seem to help at all (and was never answered). spamcop.help and the web forum are supposed to be the places where people go for help if they want polite, help desky replies. If they come to spamcop ng, they can expect to have whatever advice they get, dished out without frills such as tact and sympathy, but probably expert advice. I have noticed that admins often are fine with that. Ordinary users often get upset. Miss Betsy From STEVE at cashmans.fsnet.co.uk Thu Apr 8 15:21:40 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 09:20:02 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Miss Betsy" wrote in message news:c53ica$9jq$1@news.spamcop.net... > "Steve Cashman" wrote in message > news:c50u86$b7r$1@news.spamcop.net... > > > > > Ok so the guy made a mistake - does that stop him ever having > help? > > > > The tone of a lot of the 'help' these days is the 'experts' > having abusing > > the normal every day users. Give the guy a break. > > > > I have observed that posters often set the tone for the kinds of > replies they get. > > Obviously (in 20-20 hindsight) the poster was just upset and > possibly the trenchant comments helped him to gain perspective. > The 'soft' approach that I used didn't seem to help at all (and was > never answered). > > spamcop.help and the web forum are supposed to be the places where > people go for help if they want polite, help desky replies. If > they come to spamcop ng, they can expect to have whatever advice > they get, dished out without frills such as tact and sympathy, but > probably expert advice. I have noticed that admins often are fine > with that. Ordinary users often get upset. > > Miss Betsy > > A voice of reason, but bad manners are still bad manners. As far as I am concerned I want to stop spammers, I had thought that that was the purpose of spamcop. It is not helpful if someone needs to vent some psychological problem by blowing off at others, or trying to score points over guys asking for help. There are probably anger management forums that they can join. Let us keep it out of here. From nobody at spamcop.net Thu Apr 8 09:32:17 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Apr 8 09:30:16 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: "Steve Cashman" wrote in message news:c53jgu$apb$1@news.spamcop.net... > A voice of reason, but bad manners are still bad manners. Well, yes, it seems like bad manners to those of us who don't inhabit their world. Once, in spamcop.help, which is supposed to be polite, a really long exchange with lots of sarcasm and opinionated posts were made on both sides with several other people like you and me trying to calm the discussion down and being ignored, ended with the original poster saying, "Boy, this was a good discussion." Do jump in when it seems that the poster is NOT an admin, particularly if they have not read the directions and gone to spamcop.help or the web forum where politeness IS the norm. This is the only newsgroup I am familiar with, but I understand that it is tame compared to usenet which many of the regular posters are familiar with. >As far as I am > concerned I want to stop spammers, I had thought that that was the purpose > of spamcop. I think the poster will always check to see if the relays are open in the future and that will stop spam. His mistake didn't. Miss Betsy From nobody at spamcop.net Thu Apr 8 10:43:08 2004 From: nobody at spamcop.net (Ellen) Date: Thu Apr 8 09:50:05 2004 Subject: [SpamCop-List] Re: MailHosts and Forwarding Mail References: <1gbwzg8.12465q6h1b12wN%tim@kyologic.com> Message-ID: "Tim Neudecker" wrote in message news:1gbwzg8.12465q6h1b12wN%tim@kyologic.com... > Hi all, > > Quick question for those in the "know." > > I have been using the new "MailHosts" feature for about 2 weeks now. I > needed some help setting it up at first as it incorrectly parsed a > couple of my mail servers. But I think those issues are all worked out > now :-) > > It appears to be working very well. I have several email accounts that > forward to one of two main accounts, these two main accounts are > filtered by spamcop via the "POP Hack", I had to use the POP hack > because if I forwarded these accounts to my spamcop account for > filtering, I would consistently report my own servers. I one thing I > hate about the POP hack is the 15minute delay it puts on my email. > > Now that MailHosts knows all my mail servers, can I return to forwarding > mail to spam cop instead of POPing it? Can I safely use quick report > then without the risk of reporting my servers? > If the pop hack is picking up the hosts automatically and you have *not* added them explicitly to your mailhosts config then no you cannot return to forward unless you add them. Once you start to add new hosts do not report any spam until you have received the probe emails *and* returned them **and** gotten confirmations that they have been added. If you have a problem adding them write to deputies spamcop.net with mailhosts somewhere in the subject line, include your registered SC email address. Ellen From rmu93awSPAMB02 at sneakemail.com Thu Apr 8 10:23:18 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Thu Apr 8 10:25:14 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible In-Reply-To: References: Message-ID: Miss Betsy wrote: > [snip] > > I think the poster will always check to see if the relays are open > in the future and that will stop spam. His mistake didn't. Exactly. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From nobody at spamcop.net Thu Apr 8 09:37:01 2004 From: nobody at spamcop.net (Stanley P. Miller) Date: Thu Apr 8 11:40:27 2004 Subject: [SpamCop-List] Spamcup automatic Spamcop reporting Message-ID: <48sa70tr5lfldscold06s2trt7ukb5ksq3@4ax.com> Has anyone here looked at this project? Spamcup is a tool for automatic Spamcop reporting. It performs the same actions as if you were to report spam to spamcop.net with a Web browser, but from the commandline. http://toniw.iki.fi/index.cgi/projects/projects-spamcup http://freshmeat.net/projects/spamcup/ From tmcgraw at spamcop.net Thu Apr 8 09:39:00 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 8 11:41:09 2004 Subject: [SpamCop-List] Re: Freeserve Anti spam software References: <40746F6E.9070007@spamcop.net> Message-ID: <40757214.5010703@spamcop.net> Steve Cashman wrote: > "Tim McGraw" wrote in message > news:40746F6E.9070007@spamcop.net... >>Steve Cashman wrote: >> >>>'pedantic and tetchy responders need not reply' >> >>Steve, baby, you forgot "wingnuts"! > > Grow up Announcing who may reply to your posts is an immature position, my friend. From tmcgraw at spamcop.net Thu Apr 8 09:39:17 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 8 11:41:20 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> <4074FCF6.5000909@spamcop.net> Message-ID: <40757225.4010205@spamcop.net> Steve Cashman wrote: > "Tim McGraw" wrote in message > news:4074FCF6.5000909@spamcop.net... >> >>In case you missed it in an earlier thread, Mr. Cashman is referring >>to me, Tim McGraw, your resident .spamcop ng wingnut. >> > Not my words at all Tim, as you know. So, after answering your questions what was the point of posting this link? -------- Original Message -------- Subject: Re: With friends like SpamCop, who needs spammer? Date: Thu, 1 Apr 2004 11:49:38 +0100 From: "Steve Cashman" Newsgroups: spamcop Tim I am trying both to help and to get help here. Please do not be so pedantic and tetchy. http://www.talkaboutspam.com/group/alt.spam/messages/89674.html From tmcgraw at spamcop.net Thu Apr 8 09:39:22 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 8 11:41:28 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: Message-ID: <4075722A.2060109@spamcop.net> Steve Cashman wrote: > > It is not helpful if someone needs to vent some psychological problem by > blowing off at others, or trying to score points over guys asking for help. Your questions were politely answered. So what was the point of posting this link? -------- Original Message -------- Subject: Re: With friends like SpamCop, who needs spammer? Date: Thu, 1 Apr 2004 11:49:38 +0100 From: "Steve Cashman" Newsgroups: spamcop Tim I am trying both to help and to get help here. Please do not be so pedantic and tetchy. http://www.talkaboutspam.com/group/alt.spam/messages/89674.html From STEVE at cashmans.fsnet.co.uk Thu Apr 8 18:12:40 2004 From: STEVE at cashmans.fsnet.co.uk (Steve Cashman) Date: Thu Apr 8 12:15:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> <4074FCF6.5000909@spamcop.net> <40757225.4010205@spamcop.net> Message-ID: Tim Read the posts. You answered NOTHING No more discussion From MikeE at ster.invalid Thu Apr 8 10:38:19 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 8 12:40:03 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <4075722A.2060109@spamcop.net> Message-ID: Tim McGraw wrote: > Your questions were politely answered. So what was the point of > posting this link? > -------- Original Message -------- > Tim > I am trying both to help and to get help here. Please do not be so > pedantic and tetchy. > > http://www.talkaboutspam.com/group/alt.spam/messages/89674.html That is /not/ the place to read, which is only the isolated Munger Joe comment. The place to read is here, which shows the original location and context of his comment. http://snipurl.com/5fve That snurl shows the googleup of the thread in alt.spam instead of an isolated post in talkabout. The other place to read would be here: http://news.spamcop.net/pipermail/spamcop-list/2003-December/066524.html - that is the archive of the spamcop thread - Subject: Parse riddle - which shows the dialog engaged by Tim that Munger Joe read to say wingnut. Presumably. Munger Joe didn't actually cite, but that thread is the 'corresponding' spamcop thread to the alt.spam thread. In that thread there was no poster 'criticizing' going on. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Thu Apr 8 10:46:50 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 8 12:50:02 2004 Subject: [SpamCop-List] Re: SpamCop is Fallible References: <40746FEB.4020609@spamcop.net> <40747B2E.4090005@spamcop.net> <4074FCF6.5000909@spamcop.net> <40757225.4010205@spamcop.net> Message-ID: <407581FA.9080907@spamcop.net> Steve Cashman wrote: > Tim > Read the posts. You answered NOTHING > No more discussion The record shows I answered your questions and, where more information was needed, you ignored the requests. From tim at kyologic.com Thu Apr 8 13:55:00 2004 From: tim at kyologic.com (Tim Neudecker) Date: Thu Apr 8 13:00:03 2004 Subject: [SpamCop-List] Re: MailHosts and Forwarding Mail References: <1gbwzg8.12465q6h1b12wN%tim@kyologic.com> Message-ID: <1gbxd34.1tow1wi1cegzv4N%tim@kyologic.com> I have added all of my mail hosts and they have all been accepted (after a bit of tweaking by Julian). So is it safe for me to turn off the POP hack and forward my accounts to my spamcop account for filtering, so that i can by pass the 15 minute delay involved with the POP hack? Tim Ellen wrote: > "Tim Neudecker" wrote in message > news:1gbwzg8.12465q6h1b12wN%tim@kyologic.com... > > Hi all, > > > > Quick question for those in the "know." > > > > I have been using the new "MailHosts" feature for about 2 weeks now. I > > needed some help setting it up at first as it incorrectly parsed a > > couple of my mail servers. But I think those issues are all worked out > > now :-) > > > > It appears to be working very well. I have several email accounts that > > forward to one of two main accounts, these two main accounts are > > filtered by spamcop via the "POP Hack", I had to use the POP hack > > because if I forwarded these accounts to my spamcop account for > > filtering, I would consistently report my own servers. I one thing I > > hate about the POP hack is the 15minute delay it puts on my email. > > > > Now that MailHosts knows all my mail servers, can I return to forwarding > > mail to spam cop instead of POPing it? Can I safely use quick report > > then without the risk of reporting my servers? > > > > If the pop hack is picking up the hosts automatically and you have *not* > added them explicitly to your mailhosts config then no you cannot return to > forward unless you add them. Once you start to add new hosts do not report > any spam until you have received the probe emails *and* returned them > **and** gotten confirmations that they have been added. If you have a > problem adding them write to deputies spamcop.net with mailhosts > somewhere in the subject line, include your registered SC email address. > > Ellen -- Tim Neudecker tim@kyologic.com From nobody at spamcop.net Thu Apr 8 14:46:19 2004 From: nobody at spamcop.net (Ellen) Date: Thu Apr 8 13:50:13 2004 Subject: [SpamCop-List] Re: MailHosts and Forwarding Mail References: <1gbwzg8.12465q6h1b12wN%tim@kyologic.com> <1gbxd34.1tow1wi1cegzv4N%tim@kyologic.com> Message-ID: "Tim Neudecker" wrote in message news:1gbxd34.1tow1wi1cegzv4N%tim@kyologic.com... > I have added all of my mail hosts and they have all been accepted (after > a bit of tweaking by Julian). So is it safe for me to turn off the POP > hack and forward my accounts to my spamcop account for filtering, so > that i can by pass the 15 minute delay involved with the POP hack? > > Tim > Send your registered email address to me at deputies spamcop.net and also tell me what the accounts are that you are going to take down from pop and change to forward. Ellen From dave at stevens.com Thu Apr 8 15:36:54 2004 From: dave at stevens.com (J.D. Stevens) Date: Thu Apr 8 15:40:09 2004 Subject: [SpamCop-List] Re: Mailhosts and Quick Reporting In-Reply-To: References: Message-ID: Ellen wrote: > **********From Julian ********* > > When a user first starts to add a mailhost (they click on add new host), a > flag "noquick" gets set in their account. > > When they submit spam using VER from the held mail page, the quick report > option is nonexistant and is replaced with the text "Quick reporting > prohibited - see mailhosts menu item". > > When they submit spam using Jeff's "report as spam" or they forward spam > to the quick submit address, they receive back the normal reply as if they > had done a regular submit. Included in that reply is this text: > "Quick reporting is prohibited until mailhost configuration is verified. > > Please report some spam received at each of your mail accounts manually, > check the results carefully. When you are satisfied, use the mailhosts > menu item to re-enable your quick reporting function." > > When users are in this mode, they can visit the mailhosts page from the > main menu and see this " > Remove quick-reporting prohibition > If you are sure your mailhost configuration is working correctly, you > may lift the ban on quick reporting here. Please ensure it does work > by manually submitting and checking the spam report before sending it. > Do not proceed unless the spam report appears to work correctly (does > not identify your own service provider as the spam source). > " > > And finally, on the "you must agree" add-mailhost page, I've added this > paragraph: " > SpamCop will initially prohibit "quick reports" (available to > SpamCop email users) from your account. > When you have tested reporting spam from all your mailhosts, you will > be allowed to end this prohibition. Please double-check all your spam > reports until you are satisfied that SpamCop correctly understands your > configuration." > > I intend to keep this basic functionality beyond the beta period. It will > be SOP for anyone adding mailhosts going forward. > > In addition, users who have successfully configured all mailhosts they > have tried to configure do not have to re-confirm. However, usres who > still have partially-configured mailhosts were imported, so they do have > to confirm before they can do any more quick reports. > > -=Julian=- > > > I see no indication of "Quick Reporting Disable." On the mailhosts page, I see no option to enable quick reporting. I've checked with Netscape 7.1 and IE 6.0. I have mailhosts configured. Regular reporting is working well. I'm able to filter locally (my PostFix server) with SpamAssassin, send offending messages to my SC account where ALL is held. I have done standard reporting for several messages to verify that parsing is working and I'm not reporting myself. The Quick Report option is there, but when I review "Recent Reports," everything that was chosen for "Quick Reporting" is listed as "No report filed." What should I do from here? Dave From dave at stevens.com Thu Apr 8 15:52:25 2004 From: dave at stevens.com (J.D. Stevens) Date: Thu Apr 8 15:55:18 2004 Subject: [SpamCop-List] Re: Mailhosts and Quick Reporting In-Reply-To: References: Message-ID: <4075AD79.6090508@stevens.com> J.D. Stevens wrote: > > > Ellen wrote: > >> **********From Julian ********* >> >> When a user first starts to add a mailhost (they click on add new >> host), a >> flag "noquick" gets set in their account. >> >> When they submit spam using VER from the held mail page, the quick report >> option is nonexistant and is replaced with the text "Quick reporting >> prohibited - see mailhosts menu item". >> >> When they submit spam using Jeff's "report as spam" or they forward spam >> to the quick submit address, they receive back the normal reply as if >> they >> had done a regular submit. Included in that reply is this text: >> "Quick reporting is prohibited until mailhost configuration is verified. >> >> Please report some spam received at each of your mail accounts manually, >> check the results carefully. When you are satisfied, use the mailhosts >> menu item to re-enable your quick reporting function." >> >> When users are in this mode, they can visit the mailhosts page from the >> main menu and see this " >> Remove quick-reporting prohibition >> If you are sure your mailhost configuration is working correctly, you >> may lift the ban on quick reporting here. Please ensure it does work >> by manually submitting and checking the spam report before sending it. >> Do not proceed unless the spam report appears to work correctly (does >> not identify your own service provider as the spam source). >> " >> >> And finally, on the "you must agree" add-mailhost page, I've added this >> paragraph: " >> SpamCop will initially prohibit "quick reports" (available to >> SpamCop email users) from your account. >> When you have tested reporting spam from all your mailhosts, you will >> be allowed to end this prohibition. Please double-check all your spam >> reports until you are satisfied that SpamCop correctly understands your >> configuration." >> >> I intend to keep this basic functionality beyond the beta period. It >> will >> be SOP for anyone adding mailhosts going forward. >> >> In addition, users who have successfully configured all mailhosts they >> have tried to configure do not have to re-confirm. However, usres who >> still have partially-configured mailhosts were imported, so they do have >> to confirm before they can do any more quick reports. >> >> -=Julian=- >> >> >> > > I see no indication of "Quick Reporting Disable." > > On the mailhosts page, I see no option to enable quick reporting. I've > checked with Netscape 7.1 and IE 6.0. > > I have mailhosts configured. Regular reporting is working well. I'm able > to filter locally (my PostFix server) with SpamAssassin, send offending > messages to my SC account where ALL is held. I have done standard > reporting for several messages to verify that parsing is working and I'm > not reporting myself. > > The Quick Report option is there, but when I review "Recent Reports," > everything that was chosen for "Quick Reporting" is listed as "No report > filed." > > What should I do from here? > > Dave > Ah! I was too impatient. When I checked again, the reports had been submitted with "Quick Reporting." It appears that thing are working properly. I never saw the "Allow Quick Reporting" option, but it appears that is no longer a problem for me. It looks like a combo of mailhosts, SpamAssassin, procmailrc filtering/forwarding, and quick reporting may save me LOTS of time in reporting spam. Dave From newspamtrap at aol.com Thu Apr 8 23:52:36 2004 From: newspamtrap at aol.com (Trappaspam) Date: Thu Apr 8 17:55:19 2004 Subject: [SpamCop-List] Poor Old Jessica :-) [Media] Message-ID: *NOT* :-) U.S. woman joins brother as 'spam' defendant By Andy Sullivan REUTERS 1:30 p.m. April 7, 2004 WASHINGTON - The family that spams together, stands together - stands trial, that is, according to charges filed Wednesday.... http://www.signonsandiego.com/news/computing/20040407-1330-tech-spam-virginia.html or http://tinyurl.com/3x78v Couldn`t help humming "It's a Family Affair", in a smug sorta way, whilst reading this. :-) Regs Jon NS From VROYLUAKAPCX at spammotel.com Thu Apr 8 19:20:33 2004 From: VROYLUAKAPCX at spammotel.com (Johnnie) Date: Thu Apr 8 18:25:03 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: "Redstone" wrote in message news:Xns94C451504764Alumbercartel@216.154.195.61... > DSL is out of the question? For me, it is. I would get 256K or so download vs. 3200K for cable. Also, no matter how evil Comcast is, they can't be 1/1,000 as evil as Verizon. From nobody at spamcop.net Thu Apr 8 18:49:45 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Apr 8 20:50:16 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: "Trappaspam" wrote in message news:c54hjj$9eh$1@news.spamcop.net... > *NOT* :-) > U.S. woman joins brother as 'spam' defendant By Andy Sullivan > REUTERS 1:30 p.m. April 7, 2004 > WASHINGTON - The family that spams together, stands together - stands trial, > that is, according to charges filed Wednesday.... > http://www.signonsandiego.com/news/computing/20040407-1330-tech-spam-virginia.html > or > http://tinyurl.com/3x78v > > Couldn`t help humming "It's a Family Affair", in a smug sorta way, whilst > reading this. :-) Goodness! Don't even go to that site.you get spammed to death there also. From a at all.addresses.on.cdrom.are.invalid.aaa Thu Apr 8 22:10:21 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Thu Apr 8 21:15:27 2004 Subject: [SpamCop-List] SBL14424 anyone have a batphone to spamhaus? Message-ID: It appears that the spammer listed by SBL14424 has aquired a new netblock around 64.132.217.217. http://www.spamcop.net/w3m?action=checkblock&ip=64.132.217.217 Not even an attempt to comply with the can-spam law. -John wb8tyw@qsl.network Personal Opinion Only From newspamtrap at aol.com Fri Apr 9 03:59:13 2004 From: newspamtrap at aol.com (Trappaspam) Date: Thu Apr 8 22:00:03 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: "TheWanderer" wrote in message news:c54rvl$j7f$1@news.spamcop.net... > > "Trappaspam" wrote in message > news:c54hjj$9eh$1@news.spamcop.net... > > *NOT* :-) > > U.S. woman joins brother as 'spam' defendant By Andy Sullivan > > REUTERS 1:30 p.m. April 7, 2004 > > WASHINGTON - The family that spams together, stands together - stands > trial, > > that is, according to charges filed Wednesday.... > > > http://www.signonsandiego.com/news/computing/20040407-1330-tech-spam-virginia.html > > or > > http://tinyurl.com/3x78v > > > > Couldn`t help humming "It's a Family Affair", in a smug sorta way, whilst > > reading this. :-) > > Goodness! Don't even go to that site.you get spammed to death there also. ??? Hmm - Am I missing something ? - Care to elaborate ? Regs Jon NS From jdelasaux at inlynx.com Thu Apr 8 20:08:37 2004 From: jdelasaux at inlynx.com (John DeLasaux) Date: Thu Apr 8 22:10:03 2004 Subject: [SpamCop-List] what does this mean? Message-ID: Recently, SP seems to have changed. When I report, there is a long list of report boxes, but when it is processed, only one report goes out, apparently to SP and no one else: "/dev/null'ing report for mole@devnull.spamcop.net" Am I doing something wrong ... is SP refusing to really hit the spammer with a report ... the whole thing looks so "dull". What does that report mean, or do ... anything? JohnD From nobody at spamcop.net Thu Apr 8 22:46:57 2004 From: nobody at spamcop.net (WazoO) Date: Thu Apr 8 22:50:03 2004 Subject: [SpamCop-List] Re: what does this mean? References: Message-ID: "John DeLasaux" wrote in message news:c550gu$ndn$1@news.spamcop.net... > Recently, SP seems to have changed. When I report, there is a long list of > report boxes, but when it is processed, only one report goes out, apparently > to SP and no one else: Who what is SP? > "/dev/null'ing report for mole@devnull.spamcop.net" > > Am I doing something wrong ... is SP refusing to really hit the spammer with > a report ... the whole thing looks so "dull". > > What does that report mean, or do ... anything? Having to assume that you are talking about a SpamCop report, this means that you've somehow managed to turn into a "mole" reporter. http://www.spamcop.net/fom-serve/cache/373.html From nobody at spamcop.net Fri Apr 9 14:33:09 2004 From: nobody at spamcop.net (Petzl) Date: Thu Apr 8 23:35:15 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: <316c705v4ve01jpbo4mupr8gvnkudic79e@4ax.com> On Thu, 8 Apr 2004 18:20:33 -0400, "Johnnie" wrote: > >"Redstone" wrote in message >news:Xns94C451504764Alumbercartel@216.154.195.61... >> DSL is out of the question? > >For me, it is. I would get 256K or so download vs. 3200K for cable. Also, >no matter how evil Comcast is, they can't be 1/1,000 as evil as Verizon. > Comcast for me rivals and surpasses china as a spam source Not arguing with present reasoning that Cable is the way to go if available (and price) I cannot see why Comcast cannot at least attempt to address their spam problem. Ideally increasing charges to those Ip's that spam Once people are given an incentive to secure their computers it will happen and ComCast would make even more money in the mean time Petzl -- Only the Irish Leprignomes have remained aloof and their family heritage remains pure and unconfused. Gnome watchers believe that the reason for this stems from the unfortunate events that led to their expulsion from the peat bogs of Ireland in the late 1700s. It is thought that the ambitious Leprignomes encroached on the territorial boundaries of the intellectually superior Leprechauns. The Grand Legislature of Leprechauns banished the ringleaders of this audacious uprising to Australia. As a parting gesture they cast such a powerful spell on the Leprignomes that, even today, they remain too shy to associate with other gnome species. From nobody at spamcop.net Thu Apr 8 22:18:20 2004 From: nobody at spamcop.net (Chris) Date: Fri Apr 9 00:20:21 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: References: Message-ID: <4076240C.40602@spamcop.net> Myron Johnson wrote: > Well, you can still count me in with a Cox problem. In five days of sending > SpamCop reports, I only got proper replies on the first day (Sunday, as I > recall). Since then, I've gotten three replies from SpamCop out of, > perhaps, ten Spam reports sent. Also, a SpamCop authorization email arrived > successfully, when I tried resetting my authorization code (thinking that > was the problem). Online submissions work fine, but there are too > timeconsuming. > > In the meantime, I've received about 70 spam emails, so there's nothing > wrong with Cox's mailserver! > > Myron I got my last confirmation report from spamcop Sunday afternoon from forwarding spam through my cox.net email address. Haven't got any since. However, I will test it by sending 8 attached spams through my cox address and through my own mail server and when using my mail server, I get the confirmation reports within a few minutes. This is telling me that cox isn't sending email to spamcop. If my emails were addressed elsewhere they go through. Someone was saying earlier it's because of a filter. If so, they are idiots. The block ports 25 and 26 then scan outgoing email for spam/viruses and block it. Meanwhile they let all the crap come in and be delivered. CKH From tdy at blackhole.aosake.net Thu Apr 8 22:23:09 2004 From: tdy at blackhole.aosake.net (N. Miller) Date: Fri Apr 9 00:25:03 2004 Subject: [SpamCop-List] Re: How does Yahoo do it? References: Message-ID: In article , gezgin@spamcop.net says... > I have a Yahoo email account that I use for--uh--special purposes. Yahoo has > a feature called "SpamGuard" > (http://help.yahoo.com/help/us/mail/spam/spam-08.html) which, if activated, > shunts spam into a "bulk mail" folder. I check this folder from time to time > before emptying it but... and here's the weird thing: I've never seen a > "false positive". Never once has a legitimate email to my Yahoo address been > sent to the "bulk mail" folder. Never once. And no, I don't employ any > filters; neither have I defined any "whitelisted" addresses for this > account. > How does Yahoo do it? > Why can't SpamCop do it? Odd. I have seen numerous false positives with SpamGuard. In my experience, SpamGuard is running about 96%. That is the same level of success I had with Bayesian filter proxies. I am also having a problem with false negatives; spam reaching the Inbox instead of the Bulk Mail folder. My client won't leave messages on the server, so I have no way to train SpamGuard by use of the "Spam" button, or the "This is not spam" button. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tmcgraw at spamcop.net Thu Apr 8 23:48:46 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 9 01:50:12 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: <316c705v4ve01jpbo4mupr8gvnkudic79e@4ax.com> Message-ID: <4076393E.6070009@spamcop.net> Petzl wrote: > > Comcast for me rivals and surpasses china as a spam source > > Not arguing with present reasoning that Cable is the way to go if > available (and price) > > I cannot see why Comcast cannot at least attempt to address their spam > problem. Ideally increasing charges to those Ip's that spam > > Once people are given an incentive to secure their computers it will > happen and ComCast would make even more money in the mean time Two words: AOL lawsuit. *That* would get Comcast's attention. From tmcgraw at spamcop.net Thu Apr 8 23:52:14 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 9 01:55:03 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: <40763A0E.6060306@spamcop.net> TheWanderer wrote: > "Trappaspam" wrote in message > news:c54hjj$9eh$1@news.spamcop.net... > >>http://tinyurl.com/3x78v >> > > Goodness! Don't even go to that site.you get spammed to death there also. Worked fine here. No pop-ups just standard banner crap. I have little quarrel with paid advertising, particularly when it supports free content. From nobody at spamcop.net Fri Apr 9 07:38:56 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 02:40:04 2004 Subject: [SpamCop-List] Re: what does this mean? References: Message-ID: WazoO (nobody@spamcop.net) wrote in news:c552r4$p7c$1@news.spamcop.net: > Having to assume that you are talking about a > SpamCop report, this means that you've somehow > managed to turn into a "mole" reporter. > http://www.spamcop.net/fom-serve/cache/373.html In which case, for a free account to go from "mole" reporting to "normal" reporting: - Clear your cache and history - Delete your Spamcop cookies - Close your browser (all windows, and all programs using a built-in browser window if your browser is IE) - Then sign up for a new account using a *different* email address and make sure you don't indicate mole reporting. If you don't use a different email address, you'll get your old "mole" settings back. That's (obviously) a bug, but the only way to get around it is to use a different email address to sign up as you did when signing up for mole reporting. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 9 00:40:10 2004 From: nobody at spamcop.net (TheWanderer) Date: Fri Apr 9 02:45:03 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: "Trappaspam" wrote in message news:c55021$ms9$1@news.spamcop.net... > "TheWanderer" wrote in message > news:c54rvl$j7f$1@news.spamcop.net... > > > > "Trappaspam" wrote in message > > news:c54hjj$9eh$1@news.spamcop.net... > > > *NOT* :-) > > > U.S. woman joins brother as 'spam' defendant By Andy Sullivan > > > REUTERS 1:30 p.m. April 7, 2004 > > > WASHINGTON - The family that spams together, stands together - stands > > trial, > > > that is, according to charges filed Wednesday.... > > > > > > http://www.signonsandiego.com/news/computing/20040407-1330-tech-spam-virginia.html > > > or > > > http://tinyurl.com/3x78v > > > > > > Couldn`t help humming "It's a Family Affair", in a smug sorta way, > whilst > > > reading this. :-) > > > > Goodness! Don't even go to that site.you get spammed to death there also. > > ??? Hmm - Am I missing something ? - Care to elaborate ? Only a few hundred pop-ups if you use IE. > Regs > Jon NS > > From Knagsted at warmmail.com Fri Apr 9 10:14:01 2004 From: Knagsted at warmmail.com (Knagsted) Date: Fri Apr 9 03:15:16 2004 Subject: [SpamCop-List] No body, no recipient - ? Message-ID: Increasingly I receive empty messages like the one below. They do not have any message, neither are they addressed to me or to anyone else. When forwarded to SPAMCOP I get an answer that the body is missing.... What is the idea and how do they reach me, without any address? Sus Full Header: Return-Path: Received: from appleton2.uni2.net (appleton2.uni2.net [129.142.244.12]) by ting.uni2.net (8.11.6/8.11.6) with ESMTP id i38KLJN19307; Thu, 8 Apr 2004 22:21:19 +0200 Received: from ppp-205.pool-123.spbnit.ru (ppp-205.pool-123.spbnit.ru [212.48.201.205]) by appleton2.uni2.net (8.12.6/8.12.6) with SMTP id i38KKxO7004619; Thu, 8 Apr 2004 22:21:03 +0200 Date: Thu, 8 Apr 2004 22:20:59 +0200 From: UIMJJZY@linuxmail.org Message-Id: <200404082021.i38KKxO7004619@appleton2.uni2.net> Status: U Received: from recife.mail.arrival.com ([38.32.220.255]) by penguin (gibson SMTP Server) with SMTP id K[7 X-UNI2-MailScanner-Information: See www.mailscanner.info for information X-UNI2-MailScanner: Found to be clean X-UNI2-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.565, required 5, BAYES_50 0.00, MSGID_FROM_MTA_HEADER 0.70, NO_REAL_NAME 0.16, RCVD_IN_DYNABLOCK 2.60, RCVD_IN_SORBS 0.10) X-UNI2-MailScanner-SpamScore: sss X-Filter-Result: Probability: 0%, Threshold: 30% IP 212.48.201.205: IP range : 212.48.201.0 - 212.48.201.255 Infos : The national international telephone branch of the open Infos : joint-stock company Infos : " St.Petersburg telephone network " Infos : 3/5,Bolshaya Morskaya str.191186 St.-Petersburg Country : Russian Federation (RU) Abuse E-mail : ir@spbnit.ru Source : RIPE 129.142.244.12 is my own internet-provider. From nobody at spamcop.net Fri Apr 9 08:54:21 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 03:55:15 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: TheWanderer (nobody@spamcop.net) wrote in news:c54rvl$j7f$1@news.spamcop.net: > Goodness! Don't even go to that site.you get spammed to death there > also. Don't know about being "spammed" but try this for alternative sources: search Google News for "Va. Arrests Third Person in Spam Dragnet". At least Washington Post should come up, and by following the Google link no regsitration is necessary. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From MikeE at ster.invalid Fri Apr 9 02:12:12 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 9 04:15:05 2004 Subject: [SpamCop-List] Re: No body, no recipient - ? References: Message-ID: Knagsted wrote: > What is the idea and how do they reach me, without any address? I don't know the answer to what is the idea, but the 'simplest' way to understand the no address condition, without getting into the 'envelope' concept is for you to understand a function of your own mail user agent, the BCC. Any mail, spam or otherwise, can be addressed to various recipients in the BCC, which works just like To: and CC: except that the various recipients in the BCC are not displayed to each other, as if BCC meant 'blind(ed) carbon copy'. That part is 'left behind' before the recipient gets the item. This is a very valuable and useful function and should be used by 'normal' mails being sent to multiple people who don't know each other, such as a "Christmas" letter. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 9 12:06:37 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 07:10:11 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Here's a more complicated example: Subject: =?windows-1251?B?MS0+yu7t6vPw5e3y+1/z5uVf5+Dq4Ofg6+g8LUNnWWFEaFlLS3c4WUhR?= =?windows-1251?B?UU9CQWdZQlVzYUJBZz0=?= Looks like it consists of *two* strings, each separately encoded. Correct? But neither seems to deliver anything "sensible" when plugged into http://www.opinionatedgeek.com/DotNet/Tools/Base64Decode/Default.aspx What am I missing now? -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From bjtexas at hotmale.com Fri Apr 9 09:43:47 2004 From: bjtexas at hotmale.com (BJ) Date: Fri Apr 9 09:45:17 2004 Subject: [SpamCop-List] Re: Comcast strikes again! References: Message-ID: Johnnie wrote: > Also, no matter how evil Comcast is, they can't be > 1/1,000 as evil as Verizon. Comcast == Spamcast... largest spam source in my logs. BJ From creinsch at kdna.org Fri Apr 9 07:51:23 2004 From: creinsch at kdna.org (Chuck) Date: Fri Apr 9 09:55:23 2004 Subject: [SpamCop-List] 451 qq trouble creating files in queue (#4.3.0) Message-ID: Hello: My submissions were returned this morning with the following error. What's up? Could not deliver message to the following recipient(s): Failed Recipient: submit.xxxxxxxxxxxxxxx@spam.spamcop.net Reason: Remote host said: 451 qq trouble creating files in queue (#4.3.0) From kenbrody at spamcop.net Fri Apr 9 10:53:29 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Apr 9 10:00:13 2004 Subject: [SpamCop-List] Another "truth in advertising" subject Message-ID: <4076AAD9.26DB7863@spamcop.net> Here's another one of those humorous "truth in advertising" subjects: Important: deceit Get a Diploma without the hassle! -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody at spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From nobody at devnull.spamcop.net Sat Apr 10 01:00:02 2004 From: nobody at devnull.spamcop.net (nobody@devnull.spamcop.net) Date: Fri Apr 9 10:00:23 2004 Subject: [SpamCop-List] Ripper Rita - Maximum of $1.1 million per day fines for Aussie Spammers Message-ID: Finally the Australian Government got off its butt. Fines come into play from tonight (10th April 2004). You can bet I'll be watching the parser for Aussie addresses in future - like a hawk! AUS$1.1 million a day - that should pacify most Aussie spammers! Details below .... http://www.aca.gov.au/consumer_info/spam/consumerinformation.htm Regards, Hughy. -- I can be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ _______________________________________ Australia's anti-spam law - the Spam Act 2003 Under the Spam Act 2003 it is illegal to send, or cause to be sent, 'unsolicited commercial electronic messages' that have an Australian link. A message has an 'Australian link' if it either originates or was commissioned in Australia, or originates overseas but has been sent to an address accessed in Australia. The Spam Act covers electronic messages - emails, mobile phone text messages (SMS), multimedia messaging (MMS) and instant messaging (iM) - of a commercial nature. However, the Act does not cover voice or fax telemarketing. The legislation sets out penalties of up to $1.1 million a day for repeat corporate offenders. the Spam Act 2003 the Spam (Consequential Amendments) Act 2003 How can I tell if it's spam? To comply with Australia's spam laws, a commercial electronic message must meet the following conditions. Any message sent to you that doesn 't meet all three of these conditions is defined as spam: Consent - it must be sent with your consent. You may give express consent, or consent may be inferred from your conduct and 'existing business or other relationships' Identify - it must contain accurate information about the person or organisation that authorised the sending of the message Unsubscribe - it must contain a functional 'unsubscribe' facility to allow you to opt out from receiving messages from that source in the future A spam message is not necessarily sent out in 'bulk' to numerous addresses - under Australian law, a single electronic message can also be considered spam. From dommanno at netscape.net Fri Apr 9 11:08:39 2004 From: dommanno at netscape.net (D.F. Manno) Date: Fri Apr 9 10:10:03 2004 Subject: [SpamCop-List] How to check out cable Internet provider? Message-ID: I'm considering signing up with Road Runner in Philadelphia for cable internet service. Before I do so, I'd like to find out if it's on any blocklists or has a bad reputation regarding spam. I don't want to sign up with RR and then not have my e-mail go through. How do I check RR out? TIA -- D.F. Manno dommanno@netscape.net "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." (Benjamin Franklin) From MikeE at ster.invalid Fri Apr 9 08:34:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 9 10:35:04 2004 Subject: [SpamCop-List] Re: How to check out cable Internet provider? References: Message-ID: D.F. Manno wrote: > I'm considering signing up with Road Runner in Philadelphia for cable > internet service. Before I do so, I'd like to find out if it's on any > blocklists or has a bad reputation regarding spam. I don't want to > sign up with RR and then not have my e-mail go through. > > How do I check RR out? You will hear some beefs about RR, but it isn't 'horrible'. RR's 'problem' is a smaller version of what is wrong with comcast, their security 'system' isn't able to keep up with 'business' as their cable modem users become trojanized and are spam sources. However, typically the trojanized boxen don't use the RR smtp, so RR generally keeps its output servers off of lists; just like spews keeps comcast's output servers off of its list while listing over 10 million comcast IPs because of the problem described. I 'abandoned' a San Diego RR account in favor of an EL earthlink service partly because I was aggravated about how they handled being notified about RR sources of spam, but more because I was disappointed in how my 'local' [which became Orange County plus San Diego County] newsservice was being handled. In San Diego, like Philadelphia, RR is a Time Warner service, and as such, TW offers their cable modem service to me via AOL, EL, or RR. So, I was able to choose EL instead of RR. EL handles its news completely differently than RR did, and for some reason doesn't have the same problem taking care of its security business like RR did. I have no idea why that is. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 9 15:51:07 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 10:55:03 2004 Subject: [SpamCop-List] Re: Another "truth in advertising" subject References: <4076AAD9.26DB7863@spamcop.net> Message-ID: Kenneth Brody (kenbrody@spamcop.net) wrote in news:4076AAD9.26DB7863 @spamcop.net: > Important: deceit LOL! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From usenet1 at DE.LETE.THISljvideo.com Fri Apr 9 17:20:42 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Fri Apr 9 12:25:18 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: Waiving the right to remain silent, "TheWanderer" said: > Only a few hundred pop-ups if you use IE. No popups if you use Popup Stopper. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From skiwi+newsgroups at spamcop.net Fri Apr 9 10:27:48 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Fri Apr 9 12:30:03 2004 Subject: [SpamCop-List] Re: Ripper Rita - Maximum of $1.1 million per day fines for Aussie Spammers In-Reply-To: References: Message-ID: nobody@devnull.spamcop.net wrote: > Finally the Australian Government got off its butt. > > Fines come into play from tonight (10th April 2004). You can bet I'll > be watching the parser for Aussie addresses in future - like a hawk! > > AUS$1.1 million a day - that should pacify most Aussie spammers! > > Details below .... > http://www.aca.gov.au/consumer_info/spam/consumerinformation.htm Is the $1.1 million before or after the firm telephone call? I will believe it if it ever happens... From nobody at spamcop.net Fri Apr 9 18:47:28 2004 From: nobody at spamcop.net (John McLusky) Date: Fri Apr 9 12:50:03 2004 Subject: [SpamCop-List] Re: How to check out cable Internet provider? References: Message-ID: Mike Easter wrote: > > You will hear some beefs about RR, but it isn't 'horrible'. Heh, my major beef about RR is that I can't email abuse@rr.com because my ISP is on their own block list. Fair enough, block me from sending to their customers, but don't block me from alerting them about their own security/abuse problems... John. From not at home.today Fri Apr 9 18:48:26 2004 From: not at home.today (Ant) Date: Fri Apr 9 12:55:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: "Marjolein Katsma" wrote... > Here's a more complicated example: > > Subject: =?windows-1251?B?MS0+yu7t6vPw5e3y+1/z5uVf5+Dq4Ofg6+g8LUNnWWFEaFlLS3c4WUhR?= > =?windows-1251?B?UU9CQWdZQlVzYUJBZz0=?= > > Looks like it consists of *two* strings, each separately encoded. Correct? Yup. > But neither seems to deliver anything "sensible" when plugged into > http://www.opinionatedgeek.com/DotNet/Tools/Base64Decode/Default.aspx > > What am I missing now? Translates to this: 1->Êîíêóðåíòû_óæå_çàêàçàëè<-CgYaDhYKKw8YHQ QOBAgYBUsaBAg= The bit between 1-> and <- looks like Russian when I create an email subject from it with OE. The two strings appear as one line. It renders something like this: KOHkypeHTbl_y*e_3aka3anN where * is like an x with a vertical bar, and the last 2 letters (nN) are in fact Pi and a backwards N respectively. The rest of it doesn't yield to further base64 analysis. From baloo at ursine.ca Fri Apr 9 12:27:54 2004 From: baloo at ursine.ca (Paul Johnson) Date: Fri Apr 9 14:35:04 2004 Subject: [SpamCop-List] Re: How to check out cable Internet provider? References: Message-ID: <87brm1atw5.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John McLusky" writes: > Mike Easter wrote: >> >> You will hear some beefs about RR, but it isn't 'horrible'. > > Heh, my major beef about RR is that I can't email abuse@rr.com because my > ISP is on their own block list. > > Fair enough, block me from sending to their customers, but don't block me > from alerting them about their own security/abuse problems... I think everything in rr.com is listed in rfc-ignorant.org because not everybody can email abuse and postmaster. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdussUzgNqloQMwcRAv48AJ9bGM58sLOgs6Gi2kKfQxsmrDdSRQCgizV9 8vvn8vH9OCYYPnQHKbUsuWE= =5EAO -----END PGP SIGNATURE----- From nobody at devnull.spamcop.net Fri Apr 9 20:40:38 2004 From: nobody at devnull.spamcop.net (Graeme Hewson) Date: Fri Apr 9 14:45:05 2004 Subject: [SpamCop-List] Unable to set up mailhosts for CIX Message-ID: SpamCop is unable to set up mailhosts for me, saying the email sample appears to traverse more than one domain (which is true). I have an email account with CIX, and part of the service is spam filtering, which is done by another provider. Here's a simplified list of the headers for mail sent to me. I've numbered the Received: headers for reference. 5 Received: from technetium.cix.co.uk ([194.153.0.53]) by schroedinger.zen.co.uk for xxxxx@zen.co.uk 4 Received: from jsmx1.nse.co.uk (jsmx1.nse.co.uk [217.18.80.65]) by technetium.cix.co.uk for xxxxx@cix.conferencing.co.uk 3 Received: from envelope-address@sample.com by jsmx1.nse.co.uk X-Originally-To: 2 Received: from mta03.mx.cix.co.uk (212.241.168.133) by mx-clust1.junkscreen.com 1 Received: from helo-name ([xx.xx.xx.xx]) by mta03.mx.cix.co.uk At 1, CIX receives the mail and sends it to junkscreen.com for spam filtering. The host at 3 is still within Junkscreen, even though the domain is nse.co.uk. At 4, Junkscreen sends the message back to CIX, and at 5 CIX sends the message to my account at Zen. I started setting up mailhosts with my Zen account (xxxxx@zen.co.uk). No problem there. Next, I tried to set up xxxxx@cix.junkscreen.com. Note, this isn't my real address, but it's the address known by Junkscreen (see the X-Originally-To: header). I thought Junkscreen at 2 might only accept mail from CIX, but it happily accepted SpamCop's probe mail. The path, then, was SpamCop-2-3-4-5. I returned this mail to SpamCop, which sent back a message saying it had encountered errors. At this point I've deleted my Zen address from SpamCop. What should I do now? I thought about clicking on the link to request a waiver, but I didn't know if I'd have an opportunity to provide an explanation. Graeme Hewson From nobody at spamcop.net Fri Apr 9 15:42:52 2004 From: nobody at spamcop.net (kram) Date: Fri Apr 9 14:45:21 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: In pete-D27352.13542705042004@news.cesmail.net 'Twas Pete Stephenson, surely, that opined: || Wow, this sysadmin in Ireland had a ton of fun with this 419 spammer. || || It's stories like these that makes me wish I ran an internet cafe. :) || || http://www.linux.ie/pipermail/ilug/2004-April/013049.html || "Have I been sleep-spamming again?" ROFL I understand now. We (tinw) *all* sleep-spam......the enemy is us (tinu) :-) -- kk == Computers are useless. They can only give you answers. Pablo Picasso (1881 - 1973) From nobody at spamcop.net Fri Apr 9 19:58:01 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 15:00:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Ant (not@home.today) wrote in news:c56kai$cf3$1@news.spamcop.net: >> What am I missing now? > > Translates to this: > > 1->ÒŒ¡ˆ¢Ð†¡•–_¢‘†_‡…ˆ…‡…‰Š<-CgYaDhYKKw8YHQ > QOBAgYBUsaBAg= > > The bit between 1-> and <- looks like Russian when I create an email > subject from it with OE. The two strings appear as one line. > > It renders something like this: > > KOHkypeHTbl_y*e_3aka3anN > > where * is like an x with a vertical bar, and the last 2 letters (nN) > are in fact Pi and a backwards N respectively. > > The rest of it doesn't yield to further base64 analysis. Thanks for confirming I was on the right track and there were indeed two strings... and I did think it would be Russian. Oh, and if your strings look different now that's because Xnews doesn't handle "foreign" characters well. OK - so we conclude it's two Russian (cyrillic) strings? Not very useful (for classifying the spam) but I was confused by the presense of two separately--encoded strings. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 9 20:01:30 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 15:05:03 2004 Subject: [SpamCop-List] Re: [C&C] Fun with spammers! References: Message-ID: kram (nobody@spamcop.net) wrote in news:c56qr6$i1t$1@news.spamcop.net: > I understand now. We (tinw) *all* sleep-spam......the enemy is us > (tinu) :-) That, too. But I also sleep-subscribe to bunches of mailing lists and newsletters. (At least I did, once ;-)) -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Fri Apr 9 17:33:58 2004 From: nobody at spamcop.net (Ellen) Date: Fri Apr 9 16:40:02 2004 Subject: [SpamCop-List] Re: Unable to set up mailhosts for CIX References: Message-ID: "Graeme Hewson" wrote in message news:c56qn6$hvk$1@news.spamcop.net... > > At this point I've deleted my Zen address from SpamCop. What should I > do now? I thought about clicking on the link to request a waiver, but I > didn't know if I'd have an opportunity to provide an explanation. > > Go ahead and add the host back in and click to request a waiver -- I'll get the waiver request and if it doesn't make sense to me I'll email you. Other wise I will get it fixed up and you will get an email saying that the zen address has been added successfully. Ellen From nobody at xyzzy.claranet.de Sat Apr 10 00:10:12 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 9 17:15:03 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: <40771134.3F01@xyzzy.claranet.de> Marjolein Katsma wrote: > *two* strings, each separately encoded. Correct? Yes. The encoding works for words (as defined for the header, e.g. not for addresses in From / To / CC) If the source is "aaa bbb ccc" you can encode all of it or single words or some words. It's about line lengths, if header lines with encoded words are longer than 78 (??? see RfC) characters, then they have to be folded into two (or even more) lines. So you could get something like... Subject: =?us-ascii?Q?aaa?= bbb =?us-ascii?Q?ccc?= ...corresponding to Subject: aaa bbb ccc If encoded words directly follow each other as in... Subject: =?us-ascii?Q?xxx?= =?us-ascii?Q?yyy?= ...then the space is removed resulting in xxxyyy Headers are very critical, and therefore they invented something working with very old software insisting on line length 78 + (check the 78, I'm lazy ;-) > But neither seems to deliver anything "sensible" IIRC windows-1251 is a variant of Latin-2 (like 1252 and Latin-1, more printable characters), and Latin-2 is for cyrillic stuff. And for spammers trying to sell... =?windows-1251?Q?viagra?= (a curse in all charsets ;-) Bye, Frank From cnwykab02 at sneakemail.com Sat Apr 10 00:48:38 2004 From: cnwykab02 at sneakemail.com (Warre) Date: Fri Apr 9 17:50:04 2004 Subject: [SpamCop-List] Re: Another "truth in advertising" subject In-Reply-To: <4076AAD9.26DB7863@spamcop.net> References: <4076AAD9.26DB7863@spamcop.net> Message-ID: Kenneth Brody wrote: > Here's another one of those humorous "truth in advertising" subjects: > > Important: deceit Get a Diploma without the hassle! > "My job sucks!" (Before advertising some work-at-home pyramid scheme) Well, if he doesn't like spamming, i think there are plenty of job opportunities with McDonalds for this guy... From jseymour at spamcop.net Fri Apr 9 16:11:39 2004 From: jseymour at spamcop.net (Jim Seymour) Date: Fri Apr 9 18:15:02 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? In-Reply-To: References: Message-ID: Marjolein Katsma wrote: > Anyone know of an online tool somewhere where a subject like > > =?iso-8859-1?b?T3JkZXIgdG9kYXkgYW5kIGdldCBPdmVybmlnaHQgU2hpcHBpbmch?= I'd been meaning to write a decoder for this kind of thing so that I could more easily identify spams in VER. Your posting (and the subsequent discussion) finally got me off my butt and I did it... Here's a stand-alone perl program that I'm using in a procmail rule to convert encoded Subjects before I forward the message along to Spamcop: http://thentao.com/decodesubject.pl If anybody sees anything wrong with this program or wants to suggest improvements, feel free to drop me an email... Naturally, no warranty express or implied. Use at your own risk. Your mileage may vary. Professional driver on a controlled course. etc. -- Jim Seymour. I do not work for Spamcop, I did not write pflogsumm, and I never wrote for PC Magazine. From nobody at spamcop.net Sat Apr 10 00:08:34 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Fri Apr 9 19:10:12 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: Jim Seymour (jseymour@spamcop.net) wrote in news:c5772o$tr5$1 @news.spamcop.net: > Here's a stand-alone perl program that I'm using in a procmail rule to > convert encoded Subjects before I forward the message along to Spamcop: > http://thentao.com/decodesubject.pl Thanks, I've downloaded it. Will have a good look later! -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From DONOTSPAMpeterpepper at NOSPAMbizwax.com Fri Apr 9 19:42:36 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Fri Apr 9 19:45:03 2004 Subject: [SpamCop-List] Whitelist item blocked? Why? Message-ID: Occasionally some domains I have specified in my whitelist get blocked and I never seem to understand why. I had one blocked the other day and I still can't figure out why. Maybe someone can enlighten me. :) I have the following domain in my whitelist: upons.com I am under the assumption that ANY email address ending in "upons.com" within the SENDER or FROM fields will be whitelisted and slip through. It was held instead. I then started looking at all the IPs in the message header just in case "upons.com" hired the wrong company to send out their bulk mail. Within the header, SC said it checked the following IPs: 192.168.1.105 216.154.195.36 192.168.1.101 209.51.140.252 216.243.67.88 216.243.67.153 The email was sent on April 9, 2004. yet according to SC, none of the IPs above have been listed in a very long time. I have experienced this with the following whitelisted domains as well: easymonitor.com cj.com I am at a loss. Why did this email get held? PP From MikeE at ster.invalid Fri Apr 9 17:45:04 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 9 19:50:03 2004 Subject: [SpamCop-List] Re: Whitelist item blocked? Why? References: Message-ID: Peter Pepper wrote: > I am under the assumption that ANY email address ending in "upons.com" > within the SENDER or FROM fields will be whitelisted and slip > through. It was held instead. I don't know anything about spamcop's mail, but a whitelist is supposed to work its rule first and then stop processing anymore rules. -- Mike Easter kibitzer, not SC admin From newspamtrap at aol.com Sat Apr 10 02:15:29 2004 From: newspamtrap at aol.com (Trappaspam) Date: Fri Apr 9 20:20:02 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: "TheWanderer" wrote in message news:c55ggp$6i2$1@news.spamcop.net... > http://www.signonsandiego.com/news/computing/20040407-1330-tech-spam-virginia.html > > > > or > > > > http://tinyurl.com/3x78v > > > > > > > > Couldn`t help humming "It's a Family Affair", in a smug sorta way, > > whilst > > > > reading this. :-) > > > > > > Goodness! Don't even go to that site.you get spammed to death there > also. > > > > ??? Hmm - Am I missing something ? - Care to elaborate ? > > Only a few hundred pop-ups if you use IE. Seems like you`ve got a non-standard browser, adware or something nasty installed on your system. Using IE 6.0 2800 bog standard settings with no pop-up blockers. - Not one single pop-up did I get, this time - or before the original post - Nor others apparently ? - Methinks some local system investigation might be appropriate on your part :-( In addition I total agree with Tim McGraw's sentiments - quote "I have little quarrel with paid advertising, particularly when it supports free content." Regs Jon NS From DONOTSPAMpeterpepper at NOSPAMbizwax.com Fri Apr 9 20:26:28 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Fri Apr 9 20:30:04 2004 Subject: [SpamCop-List] Re: Whitelist item blocked? Why? References: Message-ID: "Mike Easter" wrote in message news:c57cia$37r$1@news.spamcop.net... > Peter Pepper wrote: > > I am under the assumption that ANY email address ending in "upons.com" > > within the SENDER or FROM fields will be whitelisted and slip > > through. It was held instead. > > I don't know anything about spamcop's mail, but a whitelist is supposed > to work its rule first and then stop processing anymore rules. > > -- > Mike Easter > kibitzer, not SC admin > Yeah, I agree with your comments about how a whitelist is supposed to work. And I am using SC's mail and whitelist feature. But it doesn't seem to work consistently as some whitelisted items get through and some do not. Since the mail headers on this item mention IPs were checked and listed, I thought it was probably a good idea to check the status of the IPs, too. PP From gezgin at spamcop.net Sat Apr 10 08:34:46 2004 From: gezgin at spamcop.net (Gezgin) Date: Sat Apr 10 00:35:18 2004 Subject: [SpamCop-List] "No body provided, check format of submission" Message-ID: Here's an example: http://tinyurl.com/yvm8j I had one like this during the week, two on Friday, and eight this morning (Saturday). Let's see what tomorrow brings. -- Bob Kanyak's Doghouse http://kanyak.com From nobody at xyzzy.claranet.de Sat Apr 10 08:43:00 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 10 01:45:10 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: <40778964.3009@xyzzy.claranet.de> Jim Seymour wrote: > a stand-alone perl program that I'm using in a procmail rule Interesting, but unfortunately I'm a perl-analphabet. Do you get Subject:text instead of Subject:text ? And does your B64 decoder handle = resp. == at the end ? Test example: Subject: =?us-ascii?B?b3RwLW1kNSAxMjMga2UxMjM0IGV4dA==?= Stolen from RfC 2444, the string is "otp-md5 123 ke1234 ext". Bye, Frank From mljohns at iname.com Fri Apr 9 23:49:05 2004 From: mljohns at iname.com (Myron Johnson) Date: Sat Apr 10 01:50:03 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: "Myron Johnson" wrote in message news:c52ptj$hk9$1@news.spamcop.net... > As of 8:00 pm (MST), April 7, 2004, my Cox.net email account is receiving > SpamCop Autoresponder Reports again! > Yeah! > Myron Whoops. Spoke too soon. After a day of behaving, it's stopped working again. My spam reports are getting from me to Cox to SpamCop, but NONE of the autoreplies are ever arriving back here. I'm able to go to "old reporting pages" to verify my spam reports. Myron From jseymour at spamcop.net Sat Apr 10 00:16:53 2004 From: jseymour at spamcop.net (Jim Seymour) Date: Sat Apr 10 02:20:29 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? In-Reply-To: <40778964.3009@xyzzy.claranet.de> References: <40778964.3009@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Interesting, but unfortunately I'm a perl-analphabet. Not sure I know what that is - and I'm not sure I wanna know... :-) > Do you get Subject:text instead of Subject:text ? Ah yes. Thank you. I had a hard-coded space in the regexp. That's fixed now. > And does your B64 decoder handle = resp. == at the end ? Yup. > Test example: > > Subject: =?us-ascii?B?b3RwLW1kNSAxMjMga2UxMjM0IGV4dA==?= > > Stolen from RfC 2444, the string is "otp-md5 123 ke1234 ext". That line becomes: X-Original-Subject: =?us-ascii?B?b3RwLW1kNSAxMjMga2UxMjM0IGV4dA==?= Subject: otp-md5 123 ke1234 ext It also handles Quoted-printable encoding as well as Base64, multiple encoded segments, and Subject lines that span multiple lines. At least, it's supposed to... I haven't tested it exhaustively... -- Jim Seymour. I do not work for Spamcop, I did not write pflogsumm, and I never wrote for PC Magazine. From nobody at spamcop.net Sat Apr 10 09:23:00 2004 From: nobody at spamcop.net (John McLusky) Date: Sat Apr 10 03:25:22 2004 Subject: [SpamCop-List] Re: How to check out cable Internet provider? References: <87brm1atw5.fsf@ursine.ca> Message-ID: Paul Johnson wrote: > > I think everything in rr.com is listed in rfc-ignorant.org because not > everybody can email abuse and postmaster. Actually, only postmaster is listed, and the evidence file is a bit odd for that one. According to their requirements for the 'postmaster' zone, using an RBL isn't actually a candidate for listing (which is a shame). I can't see any mention for abuse@. John. From nobody at spamcop.net Sat Apr 10 21:22:52 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sat Apr 10 04:46:02 2004 Subject: [SpamCop-List] Re: Australian spam References: Message-ID: <4077AEDC.7030206@spamcop.net> Marjolein Katsma wrote: > spamcop (spamcop@oitc.com) wrote in news:BC96D4E2.2C8F%spamcop@oitc.com: > > >>The Aussie government Has had a moritorium on prosecuting spammers which expires on the 12th of April according to Mike Van Essen. As the Hawian poster says... Lart em Dano. From nobody at spamcop.net Sat Apr 10 21:41:19 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sat Apr 10 04:47:26 2004 Subject: [SpamCop-List] Peter Francis-MacRea 456med.com lifesmile.biz Message-ID: <4077B32F.9050106@spamcop.net> Thanks for the spam run with my email address in the from field. Always nice to know what he is up to... Peter Francis-MacRea. Meds spammer. Trojaned machine hijacker. Know to host trojan payloads on his web sites. Probably knows who is writing these trojans. Certainly has a list of infected machines that are fresh. In other words not already on xbl's. EyeFive affiliate spammer and most likely associate of former???? Australian spammer Mike Van Essen (Who assures me he is out of the business). Suspected reader of this forum. I don't know what other purpose using a known anti-spammers email address in the from field of a limited spam run is meant for other than to send a message. Is it meant to intimidate or is MacRea just an idiot? What are the return rates on a spam run... I had about five servers notify me of invalid addresses or that the message was blocked because it was thought to be spam. Any thoughts on this subject. From nobody at spamcop.net Sat Apr 10 21:52:38 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sat Apr 10 04:56:03 2004 Subject: [SpamCop-List] Robert Soloway NIM Message-ID: <4077B5D6.1000103@spamcop.net> I see Robert is still very active despite the CAN-SPAM act. He certainly does not identify himself properly in his spams. Same same from him to a webmaster account I maintain and collect. Advertising spam services. Click to Email Your Web Site to 27 MILLION PEOPLE www.emailadvertising.biz I wish he would pick better colours for his spam... I am getting sick of the Yellow theme. This webmaster account does not get much spam at all... Cable filter spam that I have associated with Juan Garavaglia in the past... Are Robert and Juan friends? At least Robert was nice enough to wash my email address from his list... Oh and Juan to... Now how did I contact Robert before or shall I just close the webmaster account. :) From nobody at devnull.spamcop.net Sat Apr 10 20:07:10 2004 From: nobody at devnull.spamcop.net (nobody@devnull.spamcop.net) Date: Sat Apr 10 05:10:58 2004 Subject: [SpamCop-List] Re: Ripper Rita - Maximum of $1.1 million per day fines for Aussie Spammers References: Message-ID: "Skiwi" wrote in message news:c56iu4$b10$1@news.spamcop.net... > Is the $1.1 million before or after the firm telephone call? > > I will believe it if it ever happens... I know what you mean, but I think that Australia is *very* serious about eliminating spammers that are physically located here. A number of my suppliers have emailed me in the last couple of weeks, asking that I notify them immediately if their price lists, special deals, promo stuff aren't welcome! Sure, they're legit and I whitelisted them long ago - but it's really encouraging to see these people so worried about the new laws. Suggests the spammers might be on the run in Australia! I can't wait to report my first Aussie spammer to the ACA, but I haven't seen a single Aussie spam come in yet. I normally get around 250 (from all sources) a day now. If anybody else has received any Oz spams since 0001 on the 10/4/2004, here is a direct web site report entry to the Government agency responsible for getting 'em: http://www.aca.gov.au/secure/complaint_form.htm If preferred, the email address for reporting is: reportingspam@aca.gov.au Regards, Hughy. -- I can be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ From nobody at xyzzy.claranet.de Sat Apr 10 13:37:09 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 10 06:40:09 2004 Subject: [SpamCop-List] Re: Peter Francis-MacRea 456med.com lifesmile.biz References: <4077B32F.9050106@spamcop.net> Message-ID: <4077CE55.4434@xyzzy.claranet.de> Anony Mouse wrote: > Any thoughts on this subject. See | I have a sort-of vague suspicion that the spammers... some of | them at least, have now taken to the practice of sending out | their spams _always_ with forged return addresses that belong | to anti-spammers. Not my brilliant idea, but I got next to no bounces some weeks ago, and about 1000 per day for the last three weeks. And that on a (virtual) domain protected by SPF, the spammer is stupid. Bye, Frank From nobody at spamcop.net Sat Apr 10 08:45:08 2004 From: nobody at spamcop.net (Ellen) Date: Sat Apr 10 08:50:48 2004 Subject: [SpamCop-List] COX was Re: ATTN Deputies: problems with getting confirmation reports References: Message-ID: . > > Can someone over on here (deputy, staff, etc) please give cox.net > administration a TELEPHONE CALL? I have made my point as clearly as > possible to tier 1 and tier 2 tech support, but it looks as though there > needs to be some high-level interaction at the administrative level to get > this problem squared away. > OK there is no one to call until Monday morning :-( But if everyone who is having a COX problem will email deputies spamcop.net with details *including* your SC email address and your geographical location -- put COX in the subject line so we can corral them all in one place. *Also* if it suddenly starts working again over the weekend please make sure to let me know. Cox made major changes in their mailservers last weekend and I am sure that they have been working bugs out all week so I am not totally surprised that there are problems. Ellen From brendan at brendantownsend.com Sat Apr 10 15:24:18 2004 From: brendan at brendantownsend.com (Brendan Townsend) Date: Sat Apr 10 09:25:26 2004 Subject: [SpamCop-List] Re: Robert Soloway NIM References: <4077B5D6.1000103@spamcop.net> Message-ID: Exerpt from his spam site, modified appropriately (with something they don't mention)... COMPARISON OF INTERNET ADVERTISING METHODS: ( A ) A 1/20 Page Targeted Web Site Banner Ad to 10 Million People on the Internet can cost you about $100,000. ( B ) A 1 Page Targeted Direct Mail Advertisement to 1 Million People through the Postal Service can cost you about $250,000. ( C ) A 50 Page Targeted Broadcast Email Advertisement with Color & Pictures to 50 Million People through the Internet is "Free" (to the tune of $100 or more - charged by us so we win regardless), AND WILL GET YOUR SPAM-SUPPORTIVE NAME, TRADEMARK AND PRODUCT UTTERLY DESPISED AMONG THE OVERWHELMING MAJORITY. ...Which advertising method sounds most appealing to you? LOL! "Anony Mouse" wrote in message news:4077B5D6.1000103@spamcop.net... > I see Robert is still very active despite the CAN-SPAM act. > > He certainly does not identify himself properly in his spams. > > Same same from him to a webmaster account I maintain and collect. > > Advertising spam services. > > Click to Email Your Web Site > to 27 MILLION PEOPLE > > www.emailadvertising.biz > > I wish he would pick better colours for his spam... > I am getting sick of the Yellow theme. > > This webmaster account does not get much spam at all... > > Cable filter spam that I have associated with Juan Garavaglia in the > past... Are Robert and Juan friends? > > At least Robert was nice enough to wash my email address from his > list... Oh and Juan to... Now how did I contact Robert before or shall I > just close the webmaster account. :) > From DONOTSPAMpeterpepper at NOSPAMbizwax.com Sat Apr 10 09:53:00 2004 From: DONOTSPAMpeterpepper at NOSPAMbizwax.com (Peter Pepper) Date: Sat Apr 10 09:55:11 2004 Subject: [SpamCop-List] Our ISP allows us and our customers to send bulk email Message-ID: I just rec'd a credit card phishing spam for the domain "strongsite.us". The name servers for this domain referenced "CHEAPBPHOSTING.COM". See the FAQ for this China-based spam-friendly ISP . . . "How can you ensure my site will not get shut down? Our ISP allows us and our customers to send bulk email. They will never shut us down due to complaints. Most other so-called "bulletproof" hosting providers cannot guarantee this." http://cheapbphosting.com/policies.htm PP From nobody at devnull.spamcop.net Sat Apr 10 16:55:33 2004 From: nobody at devnull.spamcop.net (Jimbo) Date: Sat Apr 10 11:00:23 2004 Subject: [SpamCop-List] Advice needed! Message-ID: Guys, I have a mail address which I used OK for years, up to a couple of weeks back. Then I started getting bounces of spam that was being sent out using my email address. I looked at the bounces and found that they all came from either a Chinese or Indian site, both of which were selling viagra and other medications, and which had no email address that I could redirect their crap to.....big surprise there! Any good ideas as to how I can identify who the %$?*& is that is using my address would be good, I'm told there may be information in the mail that can be used to identify the origin of the spam....whatever, any help will be greatly appreciated Thanks Jimbo From nobody at spamcop.net Sat Apr 10 12:28:03 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Apr 10 12:25:21 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: "Jimbo" wrote in message news:c591t6$596$1@news.spamcop.net... > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! This is a common tactic of spammers to use forged email addresses in the From. Idiot ISP's and clueless users of products like Mailwasher then accept the emails (instead of rejecting them at the server), and instead of "bouncing" them to the proper place, send them to the innocent From. You can complain to the person who bounced the message to you that they are aiding and abetting spammers by bouncing the spam. You cannot report them thru spamcop, though you can parse the headers and find the proper addresses. > Any good ideas as to how I can identify who the %$£*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated There is almost nothing that you can do to stop the spammer from using your email address. However, no one with any sense thinks that you have anything to do with the spam. Miss Betsy From nobody at spamcop.net Sat Apr 10 13:26:01 2004 From: nobody at spamcop.net (Spam Pop) Date: Sat Apr 10 12:30:06 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: The ONLY thing you can do is determine where THAT particular email came from, which may or may not be the spammer. Go to www.spamcop.net (careful, .NET, not .COM). There you'll find you can paste spam code into a window and hit Parse, after which it will make suggestions as to where you might address complaints. NOTE: It's just a tool, not a psychic. It's VG at telling you which partso f the headers are forged, and G to VG at locating the actuall sources. After the parse, grab the info you want, click Cancel, and go put your complaint together. Sorry, I don't know Mozilla so can 't tell you how to extract the spam code; you'll have to figure that out from another source. "Jimbo" wrote in message news:c591t6$596$1@news.spamcop.net... > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! > > Any good ideas as to how I can identify who the %$£*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated > > Thanks > Jimbo > From MikeE at ster.invalid Sat Apr 10 10:26:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 10 12:30:32 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: Jimbo wrote: > I started getting bounces of spam that was being > sent out using my email address. Very common problem. > I looked at the bounces and found > that they all came from either a Chinese or Indian site, both of > which were selling viagra and other medications, and which had no > email address that I could redirect their crap to.....big surprise > there! 'they all came from' is vague here. Generally spam has some kind of source and some kind of 'payload' or spamvertised site, and a bogus From, in this case yours. > Any good ideas as to how I can identify who the %$?*& is that is using > my address Not actually, assuming your spam items are typical of most. > I'm told there may be information in the > mail that can be used to identify the origin of the spam.... Spam can be identified as to 'source' - in which the item is tracked to where it was first 'injected' into the smtp system. Unfortunately, the general case these days is that that 'injector' is an open proxy or other insecure 'box' or computer. So you are left to notify the provider for that insecure entity, who might not do very much about it. The actual spammer who abused the insecure system is 'hidden' from detection. It is very very highly unlikely that you will find the provider for the actual perpetrator of 'your' From forgery. -- Mike Easter kibitzer, not SC admin From Merlyn at Spamcop.net Sat Apr 10 14:05:18 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Sat Apr 10 13:10:30 2004 Subject: [SpamCop-List] Re: Our ISP allows us and our customers to send bulk email References: Message-ID: "Peter Pepper" wrote in message news:c58u6b$dh$1@news.spamcop.net... > I just rec'd a credit card phishing spam for the domain "strongsite.us". The > name servers for this domain referenced "CHEAPBPHOSTING.COM". See the FAQ > for this China-based spam-friendly ISP . . . > > "How can you ensure my site will not get shut down? > > Our ISP allows us and our customers to send bulk email. They will never shut > us down due to complaints. Most other so-called "bulletproof" hosting > providers cannot guarantee this." > > http://cheapbphosting.com/policies.htm > Well, just block all of China and you will not have to worry about it. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From usenet1 at DE.LETE.THISljvideo.com Sat Apr 10 19:28:30 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Sat Apr 10 14:30:04 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: Waiving the right to remain silent, "Gezgin" said: > Here's an example: http://tinyurl.com/yvm8j > > I had one like this during the week, two on Friday, and eight > this morning (Saturday). Let's see what tomorrow brings. I'm also getting lots of "bodyless" spam. Just put something like, (Idiot spammer forgot to include spam message.) in the body area and LART away. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From mrwizard at tele-net.net Sat Apr 10 13:38:19 2004 From: mrwizard at tele-net.net (MrWizard) Date: Sat Apr 10 15:40:29 2004 Subject: [SpamCop-List] Puzzled about Spamcop policy Message-ID: I just received a report from Spamcop regarding purported spam from one of my users. In checking out the report, it looks like a SINGLE instance of someone receiving a message sent by that user's computer, due to a Netsky.N virus infection. (The user has been contacted and told to get their system cleaned.) Doesn't Spamcop use any filtering in their reports to determine if the reported message actually IS spam? Viral infections are a reality of life on the Internet, and no one is 100% immune. Many (if not most) users are not as aware as we here are of the viral and worm dangers that can affect their systems, and can inadvertently be the source of an unwanted message. Although unfortunate, this is a far cry from the deliberate flooding of inboxes with pitches, scams and the like. It would seem to me that Spamcop's (and the reporter's) credibility is diminished by the failure to differentiate between true spam and unintentional emails. (In this case, I can assure you that it was unintentional. The user is a little old grandma type (approx 70 years old), whom I have known almost all my life. She simply was not aware that her system had been compromised.) I cringe to think that we could be at risk of being blacklisted due to a user who picked up a virus. I challenge any one of the ISP's using this list to give me a 100% guarantee that none of their users machines has or will ever send out a virus in an email without the user knowing it has happened. I implore the users of this list to contact Spamcop themselves, and request that this aspect of their reporting be modified to reflect these realities. (Possibly to require multiple complaints over a period of time to put someone on the blacklist. Although this may presently be the policy -- I haven't seen any specifics regarding what it actually takes to be put on the blacklist.) We appreciate knowing that the user may have a virus, and having the opportunity to help them get it cleaned up. Just don't put us under the threat of blacklisting for inadvertent occurrences. Respectfully, R. Menesini --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.655 / Virus Database: 420 - Release Date: 4/8/2004 From MikeE at ster.invalid Sat Apr 10 13:48:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 10 15:50:02 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: MrWizard wrote: > I just received a report from Spamcop regarding purported spam from > one of my users. In checking out the report, it looks like a SINGLE > instance of someone receiving a message sent by that user's computer, > due to a Netsky.N virus infection. (The user has been contacted and > told to get their system cleaned.) If you look around the SC website, you'll see that an algorithm^1 is employed to measure spam against 'traffic' [estimated] to try to avoid low incidences of spam [not virus propagations] causing listings. > Doesn't Spamcop use any filtering in their reports to determine if the > reported message actually IS spam? Reporters are instructed^2 to not report anything that has to do with viral propagations and the algorithm is supposed to catch such attempts to report ["Viruses are not spam and must not be reported using SpamCop."] > Although this may > presently be the policy -- I haven't seen any specifics regarding > what it actually takes to be put on the blacklist.) ^1 What is on the list? http://www.spamcop.net/fom-serve/cache/297.html ^2 What do I need to know to get started reporting spam? http://www.spamcop.net/fom-serve/cache/125.html -- Mike Easter kibitzer, not SC admin From rmu93awSPAMB02 at sneakemail.com Sat Apr 10 15:51:14 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Sat Apr 10 15:55:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy In-Reply-To: References: Message-ID: MrWizard wrote: > [snip] > > Doesn't Spamcop use any filtering in their reports to determine if the > reported message actually IS spam? [snip] First, virus emails *ARE* "unsolicited", "bulk", and (obviously) "email". They fit the definition of "spam" in every sense and they truly *ARE* "spam". With that being said, SpamCop doesn't permit the sending of spam reports for virus related spams however the parser is not perfect and some things slip through once in a while. If you want to complain about the report then follow the link in the spam report for more information (however, IMO, your time would be better spent installing software to prevent viruses from even leaving your mail server. If no viruses leave your server then no one would be able to report them as spam, now would they?). -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From tmcgraw at spamcop.net Sat Apr 10 14:40:42 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Apr 10 16:45:21 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <40785BCA.9020506@spamcop.net> MrWizard wrote: > I just received a report from Spamcop regarding purported spam from one of > my users. In checking out the report, it looks like a SINGLE instance of > someone receiving a message sent by that user's computer, due to a Netsky.N > virus infection. (The user has been contacted and told to get their system > cleaned.) Then I think you would agree that receiving a spamcop report about spam sent from a user's computer on your network is a good thing. > Doesn't Spamcop use any filtering in their reports to determine if the > reported message actually IS spam? Viral infections are a reality of life > on the Internet, and no one is 100% immune. Many (if not most) users are > not as aware as we here are of the viral and worm dangers that can affect > their systems, and can inadvertently be the source of an unwanted message. > Although unfortunate, this is a far cry from the deliberate flooding of > inboxes with pitches, scams and the like. The sole purpose of viruses these days is to hijack machines. I think you would agree that the more - and more quickly - that viruses can be quashed is a good thing. > It would seem to me that Spamcop's (and the reporter's) credibility is > diminished by the failure to differentiate between true spam and > unintentional emails. (In this case, I can assure you that it was > unintentional. The user is a little old grandma type (approx 70 years old), > whom I have known almost all my life. She simply was not aware that her > system had been compromised.) As other posters answered, viruses are not reportable as spam via spamcop. spamcop relies on human users probably more than any other blocklist. Unfortunately that means more errors occur. > I cringe to think that we could be at risk of being blacklisted due to a > user who picked up a virus. I challenge any one of the ISP's using this > list to give me a 100% guarantee that none of their users machines has or > will ever send out a virus in an email without the user knowing it has > happened. spamcop listings fall off the blacklist after 48 hours with no spam reports. If a machine inside a network has a virus that the network owner does not take steps to quash, then that IP# deserves to be listed. This is how spamcop users keep their inboxes free of spam. > I implore the users of this list to contact Spamcop themselves, and request > that this aspect of their reporting be modified to reflect these realities. > (Possibly to require multiple complaints over a period of time to put > someone on the blacklist. Although this may presently be the policy -- I > haven't seen any specifics regarding what it actually takes to be put on the > blacklist.) IP#s cannot be added to the blocklist unless more than two users report it. As for modifying the way spamcop works, I wouldn't hold my breath. > We appreciate knowing that the user may have a virus, and having the > opportunity to help them get it cleaned up. Just don't put us under the > threat of blacklisting for inadvertent occurrences. How is one to tell an "inadvertant occurrence" from an intended one? Or a "white hat" network from a "black hat" one? It's impossible. From jgw321 at hotmail.com Sat Apr 10 23:37:00 2004 From: jgw321 at hotmail.com (JG Weston) Date: Sat Apr 10 17:40:16 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: In article , Spam Pop wrote: > Sorry, I don't know Mozilla so can 't tell you how to extract the spam > code; you'll have to figure that out from another source. Select message and then click menu item View/Message Source (or hit Ctrl[U]) to display the whole message source. Select Menu Item Edit/Select All (or hit Ctrl[A]) then copy to clipboard with Ctrl[C]. Good for Mozilla 1.5 at least. JG. From nobody at spamcop.net Sat Apr 10 18:09:41 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Apr 10 18:15:16 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: "MrWizard" wrote in message news:c59ifc$pis$1@news.spamcop.net... > We appreciate knowing that the user may have a virus, and having the > opportunity to help them get it cleaned up. Just don't put us under the > threat of blacklisting for inadvertent occurrences. There is no threat of blacklisting. The blocklist is entirely automatic - IP addresses where spam has been reported from go (according the algorithym) on the list; when spam stops, they drop off the list. In the case of reporter error (in this case a reporter missed seeing a virus - not so difficult sometimes when one is processing a lot of spam - and somehow spamcop did not either catch that it was a virus or the reporter again was not paying attention and ignored the warning), the deputies can remove a listing. That is the only time the blocklist is 'adjusted.' Reporters can be fined or suspended for making reporting errors. However, didn't you just plead for mercy because you inadvertently allowed a virus to come from your network? Just mark it up to the never-ending problems the spammers are causing us. Miss Betsy From windsorfoxNOSPAM at cox.net Sat Apr 10 19:22:05 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Apr 10 19:20:05 2004 Subject: [SpamCop-List] Not getting confirmation emails Message-ID: It seems if I forward 18 spam emails I only get back 5 or 6 email reports. Are things so busy right now that the system can not keep up or has something possibly gone wrong on my end? From nobody at devnull.spamcop.net Sun Apr 11 11:17:56 2004 From: nobody at devnull.spamcop.net (nobody@devnull.spamcop.net) Date: Sat Apr 10 20:20:16 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: "Larry Jandro" wrote in message news:Xns94C774C511BC3larryathome@216.154.195.61... > I'm also getting lots of "bodyless" spam. Just put something like, > (Idiot spammer forgot to include spam message.) in the body area and > LART away. I'm also receiving quite a few and think there are too many (and it's now been for too long), to be a spammers mistake. Yet, other than an analysis of what bounces, it's difficult to see why a spammer would want to send them. I wonder if there's a common characteristic in the source? Maybe one or more ISP's somewhere are taking matters into their own hands and removing the bodies of the spam? Perhaps for some obscure reason this is easier for the ISP, rather than trying to shut them down or not forwarding the spam in the first place. Unlikely I know. I think the reason will become apparent, sooner or later. Regards, Hughy -- I can be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ From anti.spam at dont.spam Sun Apr 11 03:21:08 2004 From: anti.spam at dont.spam (D Smythe) Date: Sat Apr 10 20:20:48 2004 Subject: [SpamCop-List] Re: Our ISP allows us and our customers to send bulk email References: Message-ID: "Merlyn" wrote in message news:c599gn$dug$1@news.spamcop.net... > "Peter Pepper" wrote in message > news:c58u6b$dh$1@news.spamcop.net... > > I just rec'd a credit card phishing spam for the domain "strongsite.us". > The > > name servers for this domain referenced "CHEAPBPHOSTING.COM". See the FAQ > > for this China-based spam-friendly ISP . . . > > > > "How can you ensure my site will not get shut down? > > > > Our ISP allows us and our customers to send bulk email. They will never > shut > > us down due to complaints. Most other so-called "bulletproof" hosting > > providers cannot guarantee this." > > > > http://cheapbphosting.com/policies.htm > > > > > Well, just block all of China and you will not have to worry about it. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided > > Maybe the only way. The real irony is the host is strong on privacy! Just more abuse of services. Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Visit: http://www.namecheap.com/ Domain name: CHEAPBPHOSTING.COM Registrant Contact: WhoisGuard WhoisGuard Protected (v66w8lj34x.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd Westchester, CA 90045 US Administrative Contact: WhoisGuard WhoisGuard Protected (v66w8lj34x.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd Westchester, CA 90045 US Technical Contact: WhoisGuard WhoisGuard Protected (v66w8lj34x.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd Westchester, CA 90045 US Billing Contact: WhoisGuard WhoisGuard Protected (v66w8lj34x.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd Westchester, CA 90045 US Status: registrar-lock Name Servers: ns1.cheapbphosting.com ns2.cheapbphosting.com Creation date: 15 Dec 2003 00:34:31 Expiration date: 15 Dec 2004 00:34:31 From nobody at devnull.spamcop.net Sun Apr 11 11:33:00 2004 From: nobody at devnull.spamcop.net (nobody@devnull.spamcop.net) Date: Sat Apr 10 20:35:02 2004 Subject: [SpamCop-List] Re: Poor Old Jessica :-) [Media] References: Message-ID: "Trappaspam" wrote in message news:c57ebh$4m6$1@news.spamcop.net... > Seems like you`ve got a non-standard browser, adware or something nasty > installed on your system. > Using IE 6.0 2800 bog standard settings with no pop-up blockers. - Not one > single pop-up did I get, this time - or before the original post - Nor > others apparently ? - Methinks some local system investigation might be > appropriate on your part :-( > In addition I total agree with Tim McGraw's sentiments - quote "I have > little quarrel with paid advertising, particularly when it supports free > content." I also have IE 6.0.2800 - and got 3 popups. I have no popup stopper. Perhaps you might have just been lucky getting none? I browse infrequently, so for me, the popups are far, far less annoying than the circa 250 spams that I now receive each day. Regards, Hughy. -- I can be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ From nobody at spamcop.net Sat Apr 10 20:42:00 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Apr 10 20:40:03 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: wrote in message news:c5a2qu$928$1@news.spamcop.net... > > "Larry Jandro" wrote in message > news:Xns94C774C511BC3larryathome@216.154.195.61... > > > I'm also getting lots of "bodyless" spam. Just put something like, > > (Idiot spammer forgot to include spam message.) in the body area and > > LART away. > > I'm also receiving quite a few and think there are too many (and it's > now been for too long), to be a spammers mistake. Yet, other than an > analysis of what bounces, it's difficult to see why a spammer would > want to send them. I wonder if there's a common characteristic in the > source? My $.02 USD is that someone is selling really cheap spamware guaranteed to make you rich. Like all products that make you rich, they may tend to be a little shoddy. Therefore, a *lot* of people have been sucked in to using crap software plus a lot of people are not following what instructions there are. Miss Betsy From nobody at spamcop.net Sat Apr 10 20:45:46 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Apr 10 20:45:03 2004 Subject: [SpamCop-List] Re: Not getting confirmation emails References: Message-ID: "WindsorFox[SS]" wrote in message news:c59veu$6a1$1@news.spamcop.net... > It seems if I forward 18 spam emails I only get back 5 or 6 email > reports. Are things so busy right now that the system can not keep up > or has something possibly gone wrong on my end? That's a good question. If you are getting some back, I would bet that it is something happening on the spamcop end. Miss Betsy From a at all.addresses.on.cdrom.are.invalid.aaa Sat Apr 10 21:43:12 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sat Apr 10 20:45:17 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" In-Reply-To: References: Message-ID: nobody@devnull.spamcop.net wrote: > > I'm also receiving quite a few and think there are too many (and it's > now been for too long), to be a spammers mistake. Yet, other than an > analysis of what bounces, it's difficult to see why a spammer would > want to send them. I wonder if there's a common characteristic in the > source? My suspicion is that the worm sends these out to notify spammy when and where the new open proxy is. It sends them to a lot of people so the true destination will not stand out. -John wb8tyw@qsl.network Personal Opinion Only From tarrall at xxxx.neighborhoodlink.com Sat Apr 10 20:18:38 2004 From: tarrall at xxxx.neighborhoodlink.com (Robert Tarrall) Date: Sat Apr 10 21:20:10 2004 Subject: [SpamCop-List] Anyone monitoring .routing? Message-ID: Just wondering if anyone (from Spamcop) is monitoring spamcop.routing. Haven't seen Ellen or anyone else from Spamcop post a followup or fix a routing issue in the last several days... -Robert Tarrall.- Unix System/Network Admin E.Central/Neighborhood Link From spnewssp at mathom.jp Sun Apr 11 11:47:49 2004 From: spnewssp at mathom.jp (Taro Kawahara) Date: Sat Apr 10 21:50:03 2004 Subject: [SpamCop-List] [spamcop/whois] Is reporting to Japanese ISP done? Message-ID: I'm Japanese, and I wonder reportings to /abuse@ some-japanese-isp.jp/ through spamcop are more ignored than directory manual reporting. At first, spamcop reporting is written in English, not Japanse, so I thought ISP stuffs in Japanse can't read English messages. but, this idea was wrong, I wrote manual reporting in English for test, they responded soon in English... ...And I reviewed reoprted history; http://mailsc.spamcop.net/mcgi?action=showhistory&slice=issueid&val=24476326 (spamcop account needed) I noticed reported fields (To: ... fields) for some Japanese ISPs are blank in report history! for example, Submitted: Sunday, April 11, 2004 09:42:11 +0900: =?ISO-2022-JP?B?GyRCTCQ+NUJ6OS05cCIoS1w1JCRHJVMlOCVNJTkkciRkGyhC?= =?ISO-202... * 882136512 ( ) To: abuse@dip.jp * 882136492 ( 220.247.111.155 ) To: spamcop@imaphost.com * 882136486 ( http://bestmail.dip.jp/ ) To: * 882136484 ( 220.247.111.155 ) To: * 882136481 ( http://bestmail.dip.jp/ ) To: * 882136451 ( 220.247.111.155 ) To: I thought report 220.247.111.155 issues was sent to abuse@ vectant.ne.jp, because vectant.ne.jp's address was displayed when I pushed a "Send report(s) now" button, but.... why 'To: '? Did spamcop sent these reports correctly? No, spamcop didn't, I think. I've looked around another domains where I'm feeling spamcop report ignored, reporting to almost all Japanese ISPs are in trouble. It seems there's some bug living where looking up whois info in Japanese domain, because troubles are restricted in Japanese. Unfortunately, there are large number of trojan sites and open proxies in Japan, spamcop report reaches to Japanese ISP correctly is quite importance. Thank you, -- tarokawa From nobody at devnull.spamcop.net Sun Apr 11 14:13:45 2004 From: nobody at devnull.spamcop.net (nobody@devnull.spamcop.net) Date: Sat Apr 10 23:15:16 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: "John Malmberg" wrote in message news:c5a4b1$afc$1@news.spamcop.net... > My suspicion is that the worm sends these out to notify spammy when and > where the new open proxy is. It sends them to a lot of people so the > true destination will not stand out. That would make sense. The only way to combat this would be to immediately report the blank bodied spam (with the technique that Larry Jandro suggested). That way, the open proxy would (one hopes), be shut down quickly, before the spammer could make much use of it. I'm not sure if Larry's addition to the body is acceptable to spamcop, though. The blank bodied spams are more of a problem than "full bodied" ones that might follow on from a "new" open proxy, (taking more of our time to deal with). Regards, Hughy -- I can be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ From MikeE at ster.invalid Sat Apr 10 21:15:13 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 10 23:20:04 2004 Subject: [SpamCop-List] Re: [spamcop/whois] Is reporting to Japanese ISP done? References: Message-ID: Taro Kawahara wrote: > * 882136481 ( http://bestmail.dip.jp/ ) To: > * 882136451 ( 220.247.111.155 ) To: > > I thought report 220.247.111.155 issues was sent to abuse@ > vectant.ne.jp, because vectant.ne.jp's address was displayed > when I pushed a "Send report(s) now" button, but.... > why 'To: '? > > Did spamcop sent these reports correctly? > No, spamcop didn't, I think. If I just put 220.247.111.155 in isolation into the parser, it advises to report to pm & abuse at vectant. Sometimes it may handle its own reporting as a part of a spam report differently than it advises for notifies when submitted in that way. I would have to construct an artificial spam with the link in the body to test that possible difference in this case. > It seems there's some bug living where looking up whois info > in Japanese domain, because troubles are restricted in > Japanese. There is a common problem with the normal SC method of looking up .jp abuse addresses because of the way the RIR whois.nic.ad.jp displays its results, which is different than arin, apnic, ripe, and others. whois -h whois.nic.ad.jp 220.247.111.155 ... Network Information: a. [Network Number] 220.247.111.0 b. [Network Name] V-FLETS-MAN m. [Administrative Contact] IH010JP n. [Technical Contact] MA2355JP but, nic.ad.jp doesn't display the address of those admin/tech handles. One has to look them up in the RIR as a separate operation. That separate operation isn't normally a part of the spamcop algorithm. whois -h whois.nic.ad.jp ih010jp ... Personal Information: a. [JPNIC Handle] IH010JP c. [Last, First] Harada, Ikuo d. [E-Mail] i.harada@vectant.co.jp g. [Organization] Vectant Japan Corporation whois -h whois.nic.ad.jp ma2355jp ... a. [JPNIC Handle] MA2355JP c. [Last, First] Amarume, Makoto d. [E-Mail] m.amarume@vectant.co.jp Then, SC would normally derive the abuse addresses from the abuse.net reg'd of the domain, but in this case there is no reg'd abuse at abuse.net [Notice the '.co.' in the domainname. whois -h whois.abuse.net vectant.co.jp ... No abuse address is registered with abuse.net However, an alternate strategy is to do the rDNS on the URL's DNS : http://bestmail.dip.jp DNS 220.247.111.155 rDNS wd155.afl6.vectant.ne.jp and then do the abuse.net lookup on the rDNS whois -h whois.abuse.net wd155.afl6.vectant.ne.jp ... abuse@vectant.ne.jp postmaster@vectant.ne.jp (for vectant.ne.jp) In this case, that strategy succeeds where the nic.ad.jp failed because of the difference between the abuse.net lookups on '.ne.' vs '.co.' in the domain name. . > Unfortunately, there are large number of trojan sites and > open proxies in Japan, spamcop report reaches to Japanese ISP > correctly is quite importance. I agree. -- Mike Easter kibitzer, not SC admin From usenet1 at DE.LETE.THISljvideo.com Sun Apr 11 05:28:25 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Sun Apr 11 00:30:33 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: Waiving the right to remain silent, "Miss Betsy" said: > My $.02 USD is that someone is selling really cheap spamware > guaranteed to make you rich. Like all products that make you rich, > they may tend to be a little shoddy. Therefore, a *lot* of people > have been sucked in to using crap software plus a lot of people are > not following what instructions there are. I'm with Miss Betsy. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From usenet1 at DE.LETE.THISljvideo.com Sun Apr 11 05:30:10 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry Jandro) Date: Sun Apr 11 00:35:07 2004 Subject: [SpamCop-List] Re: "No body provided, check format of submission" References: Message-ID: Waiving the right to remain silent, said: > I'm not sure if Larry's > addition to the body is acceptable to spamcop, though. It's always been the procedure recommended by the deputies. -- Larry Jandro - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From jbabbitt at spamcop.net Sat Apr 10 23:23:48 2004 From: jbabbitt at spamcop.net (John Babbitt) Date: Sun Apr 11 01:25:04 2004 Subject: [SpamCop-List] Danger HipTop Gateway Message-ID: Oops, 63.241.65.15 is blacklisted by SpamCop and that's the Danger HipTop aka T-Mobile Sidekick gateway. All SK users are now unable to send email to those who employ the SC BL. Don't think it should be blacklisting a PDA gateway. I'll like to see spammer send 1000's of spam through a PDA over a slow network. :-) -John- From jbabbitt at spamcop.net Sat Apr 10 23:54:33 2004 From: jbabbitt at spamcop.net (John Babbitt) Date: Sun Apr 11 02:00:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: "Spambo" wrote in message news:c59j7h$qfd$1@news.spamcop.net... > in the spam report for more information (however, IMO, your time > would be better spent installing software to prevent viruses from > even leaving your mail server. If no viruses leave your server > then no one would be able to report them as spam, now would they?) Except that the viruses nowadays use their own SMTP engine. So, even if the poor chap installed anti-virus software on his server, it will do no good since infected email are not being routed out through his server. Granted, it could remove the infected email before reaching the user, but not if the user has downloaded from hotmail or POP3 accounts other than his system. However, a better idea may be to simply block outgoing port 25, i.e., make it mandatory that all outgoing email must be routed through his server. I did that for my company and, boy, am I glad I did that because at one point the virus infected one user's computer when the virus was very new, i.e., no innoculation had yet been developed. Most, if not all, of the outgoing email were prevented from going out (the only ones that may have gotten away is if the viruses actually contacted my outgoing mail server, which would have been unlikely). Regards, John From baloo at ursine.ca Sun Apr 11 00:14:59 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 11 02:20:05 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: Message-ID: <87isg7yra4.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John Babbitt" writes: > Oops, 63.241.65.15 is blacklisted by SpamCop and that's the Danger HipTop > aka T-Mobile Sidekick gateway. All SK users are now unable to send email to > those who employ the SC BL. Don't think it should be blacklisting a PDA > gateway. I'll like to see spammer send 1000's of spam through a PDA over a > slow network. :-) It's possible that they actually are spamming, isn't it? - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAeOJjUzgNqloQMwcRAtj+AJ96Jw5SPvYJIeLvsVVCIHKDUtES0wCeKRPT 5nZlBQx/o/vWA0Hc92pXASU= =Aqs0 -----END PGP SIGNATURE----- From nobody at xyzzy.claranet.de Sun Apr 11 09:28:45 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 11 02:30:02 2004 Subject: [SpamCop-List] Re: [spamcop/whois] Is reporting to Japanese ISP done? References: Message-ID: <4078E59D.41D6@xyzzy.claranet.de> Taro Kawahara wrote: > It seems there's some bug living where looking up whois info > in Japanese domain, because troubles are restricted in > Japanese. One problem I'm aware of with the JPNIC whois are its handles: Almost all whois NIC-handles use a syntax like x-AP, x-ARIN, x-AU, x-CKNIC, x-CZ, x-DK, x-DOM, x-FRNIC, etc. but JPNIC uses xJP instead of x-JP. So for scripts trying to analyze whois answers JPNIC is always a special case. In my own script I've even added a special option only for this problem (and the /e option needed to get only english results). But I'm not sure that this is also a problem for SpamCop. Bye, Frank From jbabbitt at spamcop.net Sun Apr 11 00:31:37 2004 From: jbabbitt at spamcop.net (John Babbitt) Date: Sun Apr 11 02:35:03 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: <87isg7yra4.fsf@ursine.ca> Message-ID: "Paul Johnson" wrote in message news:87isg7yra4.fsf@ursine.ca... > "John Babbitt" writes: > > those who employ the SC BL. Don't think it should be blacklisting a PDA > > gateway. I'll like to see spammer send 1000's of spam through a PDA over a > > slow network. :-) > > It's possible that they actually are spamming, isn't it? Well, yes but, boy, it sure would be a lot of work to type a spam message on a SideKick and addressing it to a bunch of people. :-) Not to mention it would be an excellent way for the spammer to lose their SideKick/Phone service, let alone Internet service. :-) And, because they have to have a Social Security Number, verified Credit Card & Driver's License, and sign a contract to sign up for T-Mobile, it's very unlikely the person who sent out a spam, if they really did it, would get away with it, especially when it results in shutting down T-Mobile's SideKick gateway to the Internet. -John- From nobody at xyzzy.claranet.de Sun Apr 11 09:35:47 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 11 02:40:02 2004 Subject: [SpamCop-List] Re: Not getting confirmation emails References: Message-ID: <4078E743.33EF@xyzzy.claranet.de> WindsorFox[SS] wrote: > has something possibly gone wrong on my end? Yes, see the threads about COX in the last days. Bye, Frank From nobody at xyzzy.claranet.de Sun Apr 11 09:48:30 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 11 02:50:02 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <4078EA3E.5A65@xyzzy.claranet.de> MrWizard wrote: > Although unfortunate, this is a far cry from the deliberate > flooding of inboxes with pitches, scams and the like. Indeed, it's _much_ worse. I often get up to 19 worms from the same system in one run, about 1 MB. Therefore these 19 worms cause the same costs (on my side) as about 500 average spam mails. > In this case, I can assure you that it was unintentional. Exactly the same problem as with spam sent from trojaned Win boxes. > She simply was not aware that her system had been > compromised. She probably also "allowed" to send several millions of spams from her system without being aware of it. Maybe she also kills people with her car without being aware of it, because she only wanted to get from A to B, never mind all these funny pedestrians on her way. Bye, Frank From nobody at xyzzy.claranet.de Sun Apr 11 09:58:20 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 11 03:00:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <4078EC8C.4D63@xyzzy.claranet.de> Miss Betsy wrote: > somehow spamcop did not either catch that it was a virus > or the reporter again was not paying attention and ignored > the warning That's AFAIK impossible, if SC identifies a worm then you can't report it (except from a copy to Cy, but this shouldn't be counted as spam report). SC recognizes all "TV" worms (binary executable formats starting with MZ) and ignores "UE" (PK ZIP), IMHO that's a nice feature. Bye, Frank From baloo at ursine.ca Sun Apr 11 00:49:36 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 11 03:05:21 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: <87isg7yra4.fsf@ursine.ca> Message-ID: <87oepzrou7.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John Babbitt" writes: > "Paul Johnson" wrote in message > news:87isg7yra4.fsf@ursine.ca... >> "John Babbitt" writes: >> > those who employ the SC BL. Don't think it should be blacklisting a PDA >> > gateway. I'll like to see spammer send 1000's of spam through a PDA > over a >> > slow network. :-) >> >> It's possible that they actually are spamming, isn't it? > > Well, yes but, boy, it sure would be a lot of work to type a spam message on > a SideKick and addressing it to a bunch of people. :-) No, I mean the provider, not a customer. - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAeOqDUzgNqloQMwcRAlgzAJ0QGLsTuvMGUYJ3x3cYXtI8ASBcpwCguyzn phVF9IKR/vpLK9U/XoFA9cE= =xXyX -----END PGP SIGNATURE----- From nobody at spamcop.net Sun Apr 11 10:12:07 2004 From: nobody at spamcop.net (John McLusky) Date: Sun Apr 11 04:15:15 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: <4078EC8C.4D63@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Miss Betsy wrote: > >> somehow spamcop did not either catch that it was a virus >> or the reporter again was not paying attention and ignored >> the warning > > That's AFAIK impossible, if SC identifies a worm then you can't > report it (except from a copy to Cy, but this shouldn't be > counted as spam report). SC recognizes all "TV" worms (binary > executable formats starting with MZ) and ignores "UE" (PK ZIP), > IMHO that's a nice feature. Unfortunately, that doesn't help in all circumstances. If I receive a virus, my AV scanner strips the executable attachment and replaces it with a text file describing the infection that was removed. SC can't detect these, obviously. I've also heard of mail servers that will strip the virus, so the user just sees an odd 'spam' mail with no suggestion that it ever was a virus. John. From nobody at spamcop.net Sun Apr 11 10:13:54 2004 From: nobody at spamcop.net (John McLusky) Date: Sun Apr 11 04:15:44 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: MrWizard wrote: > > I cringe to think that we could be at risk of being blacklisted due > to a user who picked up a virus. I challenge any one of the ISP's > using this list to give me a 100% guarantee that none of their users > machines has or will ever send out a virus in an email without the > user knowing it has happened. Further to other responses, the only machine that stands any risk of being blacklisted is your user's own machine, not your outgoing mail servers. Many ISPs (think AOL, among others) block dialup ranges anyway, so it's unlikely to make much of a difference. Port 25 blocking is a very, very good thing for residential IP ranges... John. From pete at heypete.com Sun Apr 11 02:27:23 2004 From: pete at heypete.com (Pete Stephenson) Date: Sun Apr 11 04:30:03 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: <87isg7yra4.fsf@ursine.ca> <87oepzrou7.fsf@ursine.ca> Message-ID: In article <87oepzrou7.fsf@ursine.ca>, Paul Johnson wrote: > No, I mean the provider, not a customer. It's doubtful. From my experience with both Danger and T-Mobile, I've never seen mainsleaze spam from either of them. Now that I say that, they'll start spamming right away...or someone will point out an example. Fair enough. :) While on the topic of the HipTop service, does anyone in the Tacoma, Washington area have problems with the data service? I can get voice and SMS messages, but in the last few days the data service has been non-existant. The little "G" next to the signal meter is gone, replaced with only a little telephone. -- Pete Stephenson HeyPete.com From windsorfoxNOSPAM at cox.net Sun Apr 11 04:46:40 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Apr 11 04:46:16 2004 Subject: [SpamCop-List] Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> References: <0ps470lqjgqqcre5i45dnnmk22k7sfaro9@4ax.com> Message-ID: SpamCop Admin wrote: > Technomage wrote: > > >>-I sent nearly 90 spam reports into spamcop last night (6 hours ago, in >>-fact), I have yet to receive one confirmation of this event, period. > > > There are several Cox users complaining. > > The spam is getting here in good order, and I know the system is > sending the responses, even though they may be delayed by system > overload. Outgoing mail takes a back seat to spam processing. The > responses are not bouncing. > > I'm beginning to suspect that Cox is trashing our responses. > > - Don - You can add me to this list now as well. When I send I get back about 1/4 of the amount give or take. From baloo at ursine.ca Sun Apr 11 02:40:47 2004 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 11 04:50:44 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: <87isg7yra4.fsf@ursine.ca> <87oepzrou7.fsf@ursine.ca> Message-ID: <87zn9ihpps.fsf@ursine.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pete Stephenson writes: > In article <87oepzrou7.fsf@ursine.ca>, Paul Johnson > wrote: > >> No, I mean the provider, not a customer. > > It's doubtful. From my experience with both Danger and T-Mobile, I've > never seen mainsleaze spam from either of them. Now that I say that, > they'll start spamming right away...or someone will point out an > example. Fair enough. :) T-Mobile and T-Online are subsidiaries of the same company, and I get a lot of my spam from t-online... - -- Paul Johnson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAeQSPUzgNqloQMwcRAoH7AJ9r/X7Jszhd2T64taZKNL+/4QfnOgCfZwQR CK5Nj6RORW9RZwLiDaqr9uI= =3j/w -----END PGP SIGNATURE----- From nobody at xyzzy.claranet.de Sun Apr 11 13:18:44 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Apr 11 06:20:21 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: <4078EC8C.4D63@xyzzy.claranet.de> Message-ID: <40791B84.789C@xyzzy.claranet.de> John McLusky wrote: > If I receive a virus, my AV scanner strips the executable > attachment and replaces it with a text file describing the > infection that was removed. SC can't detect these, obviously True, but you wouldn't submit this stuff. And as you said, it doesn't really hurt to block dialup IPs. Quite the contrary. SWEN (Gibe-F) is AFAIK the last worm using normal SMTP servers, where blocking could be a bad idea. Bye, Frank From nobody at devnull.spamcop.net Sun Apr 11 13:23:39 2004 From: nobody at devnull.spamcop.net (Jimbo) Date: Sun Apr 11 07:25:16 2004 Subject: [SpamCop-List] Re: Advice needed! In-Reply-To: References: Message-ID: <40792ABB.8000108@devnull.spamcop.net> Guys, Thanks for the advice. I shall give your suggestions a try and see what I can do. Even if it doesn't work (from what you are all saying, I've got a problem, Houston!) I greatly appreciate the time taken to help out Thanks Guys! Jimbo wrote: > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! > > Any good ideas as to how I can identify who the %$?*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated > > Thanks > Jimbo > From nobody at devnull.spamcop.net Sun Apr 11 13:23:58 2004 From: nobody at devnull.spamcop.net (Jimbo) Date: Sun Apr 11 07:25:44 2004 Subject: [SpamCop-List] Re: Advice needed! In-Reply-To: References: Message-ID: <40792ACE.5050706@devnull.spamcop.net> Guys, Thanks for the advice. I shall give your suggestions a try and see what I can do. Even if it doesn't work (from what you are all saying, I've got a problem, Houston!) I greatly appreciate the time taken to help out Thanks Guys! Jimbo wrote: > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! > > Any good ideas as to how I can identify who the %$?*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated > > Thanks > Jimbo > From nobody at devnull.spamcop.net Sun Apr 11 13:24:23 2004 From: nobody at devnull.spamcop.net (Jimbo) Date: Sun Apr 11 07:25:54 2004 Subject: [SpamCop-List] Re: Advice needed! In-Reply-To: References: Message-ID: Guys, Thanks for the advice. I shall give your suggestions a try and see what I can do. Even if it doesn't work (from what you are all saying, I've got a problem, Houston!) I greatly appreciate the time taken to help out Thanks Guys! Jimbo wrote: > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! > > Any good ideas as to how I can identify who the %$?*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated > > Thanks > Jimbo > From MikeE at ster.invalid Sun Apr 11 05:44:16 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 07:45:04 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: Jimbo wrote: A triple! 3 msg id/s, 3 times. Date: Sun, 11 Apr 2004 12:23:39 +0100 Message-ID: <40792ABB.8000108@devnull.spamcop.net> 12:23:58 ID 40792ACE.5050706 12:24:23 ID c5b9t7$9gn$3 -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 11 06:19:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 08:20:05 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: Message-ID: SpamCop Admin wrote: > John Babbitt wrote: >> -Oops, 63.241.65.15 is blacklisted by SpamCop > > I removed 63.241.65.15 from our list. > > It's sending "mailbox is full" autoresponder traffic to our spamtraps. I'm not sure that's not a good reason to be on the list [a user, not an mta], but I understand that it is outside the parameters of spamcop reportable spam. -- Mike Easter kibitzer, not SC admin From droleary.usenet at subsume.com Sun Apr 11 08:41:38 2004 From: droleary.usenet at subsume.com (Doc O'Leary) Date: Sun Apr 11 08:45:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: In article , "MrWizard" wrote: > Doesn't Spamcop use any filtering in their reports to determine if the > reported message actually IS spam? Yes, it does. Unfortunately, spamcop.net policy is to not report the spam if it can get another machine to send more spam (i.e., a virus). The filter that allows virus spam is not perfect, however and sometimes machines are reported and thus kept from sending their virus spam. This pleases many of us. > Viral infections are a reality of life > on the Internet, and no one is 100% immune. Bull. I am 100% immune. I don't even run anti-virus software. As a result, I have almost no idea what spam I get is or isn't the latest Windows virus. > Many (if not most) users are > not as aware as we here are of the viral and worm dangers that can affect > their systems, and can inadvertently be the source of an unwanted message. > Although unfortunate, this is a far cry from the deliberate flooding of > inboxes with pitches, scams and the like. A far cry? It's *worse*, asshole! You're spreading the damage, not just some silly ad. > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.655 / Virus Database: 420 - Release Date: 4/8/2004 If this were true for your systems, why are we even having this discussion? From rmu93awSPAMB02 at sneakemail.com Sun Apr 11 08:52:39 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Sun Apr 11 08:55:04 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy In-Reply-To: References: Message-ID: John Babbitt wrote: > "Spambo" wrote in message > news:c59j7h$qfd$1@news.spamcop.net... > >> in the spam report for more information (however, IMO, your time >> would be better spent installing software to prevent viruses from >> even leaving your mail server. If no viruses leave your server >> then no one would be able to report them as spam, now would they?) > > Except that the viruses nowadays use their own SMTP engine. So, even if the > poor chap installed anti-virus software on his server, it will do no good > since infected email are not being routed out through his server. [snip] So where's the problem? Why shouldn't a machine *known* to be "spamming by virus" be brought to the attention of the ISP that is providing it with connectivity to the Internet? Do we (tinw) just expect the "poor chap" to use his ESP powers to locate infected machines and get the problem fixed? > However, a better idea may be to simply block outgoing port 25, i.e., make > it mandatory that all outgoing email must be routed through his server. [snip] And spam reports about direct-to-MX connections have been responsible for many providers deciding to adopt such policies. A lack of complaints probably isn't going to convince the remainder to change their policies. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From y7pt9001 at sneakemail.com.gov.invalid Sun Apr 11 14:07:24 2004 From: y7pt9001 at sneakemail.com.gov.invalid (Safari) Date: Sun Apr 11 09:10:02 2004 Subject: [SpamCop-List] Re: Decode 8859-1 subject? References: Message-ID: On Fri, 9 Apr 2004 17:48:26 +0100, Ant wrote: ... > It renders something like this: > > KOHkypeHTbl_y*e_3aka3anN > > where * is like an x with a vertical bar, and the last 2 letters (nN) > are in fact Pi and a backwards N respectively. > > The rest of it doesn't yield to further base64 analysis. and babelfish translation says "Competitors already ordered" (I used mutt in UTF8 mode) -- Safari - y7pt9001@sneakemail.com.gov.invalid - Reply-To to reply (remove 'ies') From MikeE at ster.invalid Sun Apr 11 07:12:31 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 09:15:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: This thread turned out to be interesting because of the different spin it put on the situation about spamcop and virus reporting and the 'indications' for a viruscop functionality. We can see how unhappy providers would be about spamcop per se functioning as a virus reporting tool [and blocklist], but we all know how bad unbridled virm propagation and its consequences are. So, should the vcbl be a different list, or simply a different DNS response, ie 127.0.0.3 instead of 127.0.0.2 in the scbl.? ;-) -- Mike Easter kibitzer, not SC admin From rmu93awSPAMB02 at sneakemail.com Sun Apr 11 09:45:21 2004 From: rmu93awSPAMB02 at sneakemail.com (Spambo) Date: Sun Apr 11 09:50:17 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy In-Reply-To: References: Message-ID: Mike Easter wrote: > [snip] > > So, should the vcbl be a different list, or simply a different DNS > response, ie 127.0.0.3 instead of 127.0.0.2 in the scbl.? IMO the answer should be 'a different DNS response' since it would require only one DNS query. -- Just a SpamCop newsgroup participant, not an admin or employee of SpamCop or related domains. From agent01413 at my-deja.com Sun Apr 11 08:54:33 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Sun Apr 11 09:55:02 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that "John Babbitt" had this to say on 10 Apr 2004: > "Spambo" wrote in message > news:c59j7h$qfd$1@news.spamcop.net... >> in the spam report for more information (however, IMO, your time >> would be better spent installing software to prevent viruses from >> even leaving your mail server. If no viruses leave your server >> then no one would be able to report them as spam, now would they?) > > Except that the viruses nowadays use their own SMTP engine. So, even > if the poor chap installed anti-virus software on his server, it will > do no good since infected email are not being routed out through his > server. The mail that came in the door came through that server. He could also block smtp traffic from user IPA's -- officially recognized SPEWS puppet ISO certification and everything I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) From MikeE at ster.invalid Sun Apr 11 07:54:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 09:55:23 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: Spambo wrote: > Mike Easter wrote: >> So, should the vcbl be a different list, or simply a different DNS >> response, ie 127.0.0.3 instead of 127.0.0.2 in the scbl.? > > IMO the answer should be 'a different DNS response' since it would > require only one DNS query. OK by me. Now y'all [Julian & helpers] go fix that up. Maybe make it 127.0.0.1 so the blars type scheme can be used for future expansion and combinations. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Apr 11 16:52:55 2004 From: nobody at spamcop.net (Hans Weber) Date: Sun Apr 11 09:55:32 2004 Subject: [SpamCop-List] Automatic Spamcop reporting from Outlook Express ...? Message-ID: Something available to be added to OE or Outlook that is integrated giving the possibility to send spam without parsing manually or sending as attachment "by hand"? Thank you for any Windows addy! From nobody at spamcop.net Sat Apr 10 18:25:56 2004 From: nobody at spamcop.net (Ellen) Date: Sun Apr 11 10:55:23 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: "MrWizard" wrote in message news:c59ifc$pis$1@news.spamcop.net... > I just received a report from Spamcop regarding purported spam from one of > my users. In checking out the report, it looks like a SINGLE instance of > someone receiving a message sent by that user's computer, due to a Netsky.N > virus infection. (The user has been contacted and told to get their system > cleaned.) > > Doesn't Spamcop use any filtering in their reports to determine if the > reported message actually IS spam? Users are not to report viruses using SpamCop. From time to time someone will report a virus by mistake. Without the IP involved I cannot look at the database to determine exactly what happened here. If you do not wish to post your IP in a public forum you can write to deputies spamcop.net with the IP. Ellen SpamCop Deputy From a at all.addresses.on.cdrom.are.invalid.aaa Sun Apr 11 12:15:19 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sun Apr 11 11:20:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy In-Reply-To: References: Message-ID: Mike Easter wrote: > This thread turned out to be interesting because of the different spin > it put on the situation about spamcop and virus reporting and the > 'indications' for a viruscop functionality. > > We can see how unhappy providers would be about spamcop per se > functioning as a virus reporting tool [and blocklist], but we all know > how bad unbridled virm propagation and its consequences are. > > > So, should the vcbl be a different list, or simply a different DNS > response, ie 127.0.0.3 instead of 127.0.0.2 in the scbl.? A virus-cop DNSbl should have many different codes to indicate how clueless the network operators are that allow the virus to be sent out of their network. 127.0.0.1 Sent a virus directly. 127.0.0.2 Sent a virus multi-hop. 127.0.0.4 Bounces detected viruses 127.0.0.8 Sends useless virus reports 127.0.0.16 Refuses complaints about their scanner/mailserver abuse for content. 127.0.0.32 Non-working role accounts 127.0.0.64 Sent virus report for internal infection. 127.0.0.128 Mail server infected. 127.0.0.256 Responded to abuse report with cartooney I just received a virus report that met: .4 + .8 + .32 + .64. 1 Virus scanner message, followed by 1 Non-deliverable message generated by that network. Non-delivery message clearly indicated that it was an internal user for the network that was infected, but both an external virus warning and bounce was generated. 1 non-deliverable message from the abuse@ mail box not existing generated by the receiving network. Originating network's domain name has "tech" in it. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Sun Apr 11 09:21:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 11:25:03 2004 Subject: [SpamCop-List] Re: Automatic Spamcop reporting from Outlook Express ...? References: Message-ID: Hans Weber wrote: > Something available to be added to OE or Outlook that is integrated > giving the possibility to send spam without parsing manually or > sending as attachment "by hand"? Outlook OL and Outlook Express OE are distinctly different agents. I don't understand how 'automatic' you want this to be. Something which recognizes your spam and emails it automatically without any action on your part? That seems a little extreme. I think you need to be watching over this a little bit. You could put SpamPal in front of OE and have 'all' of your spam in a Junk folder and then select all or a lot of them and forward as attachment, but that would require a couple of mouseclicks and 'human' participation or visualization of spamitems in a folder, followed by the 'oversight' of the spamcop parsing results prior to reporting. Anything you do with OL is going to be fraught with peril, since it 'destroys' the original spam item before storing it - where destroys means changing the body to a MAPI format and detaching the headers, requiring de-mapi-ing and reattaching the now out-of-phase content-type information - but I think it could be done with a few human clicks. SpamPal + OL + Leon Mayne's Outlook SpamCop Reporter^1 + Dmitry Streblechenko's Outlook Redemption objects -- then, what is in the SpamPal Junk folder is 'grabbed' in the folder view, as with OE, and mailed to spamcop using the Reporter. But, it isn't any more or less automatic than what I described above with OE. ^1 Outlook SpamCop Reporter http://www.uea.ac.uk/~l003/olspamcop/ -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 11 09:44:57 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 11:45:04 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <407967F9.6000408@spamcop.net> Mike Easter wrote: > This thread turned out to be interesting because of the different spin > it put on the situation about spamcop and virus reporting and the > 'indications' for a viruscop functionality. > > We can see how unhappy providers would be about spamcop per se > functioning as a virus reporting tool [and blocklist], but we all know > how bad unbridled virm propagation and its consequences are. > > So, should the vcbl be a different list, or simply a different DNS > response, ie 127.0.0.3 instead of 127.0.0.2 in the scbl.? Um, aren't you the guy who says spammers win when you have to look at the subject line and they score more points if you have to look at the message body? And wouldn't all that be required to determine if it's a virus? ;) From tmcgraw at spamcop.net Sun Apr 11 09:47:58 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 11:50:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <407968AE.9060004@spamcop.net> John Malmberg wrote: > > > > A virus-cop DNSbl should have many different codes to indicate how > clueless the network operators are that allow the virus to be sent out > of their network. > > > > 127.0.0.256 Responded to abuse report with cartooney Love it. But you can pretty much rely on SPEWS to block cartooney sources until the heat death of the sun, or something like that :) From tmcgraw at spamcop.net Sun Apr 11 09:50:49 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 11:55:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: <40796959.8040703@spamcop.net> Doc O'Leary wrote: > In article , > "MrWizard" wrote: > > > >>Viral infections are a reality of life >>on the Internet, and no one is 100% immune. > > Bull. I am 100% immune. I don't even run anti-virus software. As a > result, I have almost no idea what spam I get is or isn't the latest > Windows virus. EXCELLENT point. Same here. No AV software and never been infected. > > >>Outgoing mail is certified Virus Free. >>Checked by AVG anti-virus system (http://www.grisoft.com). >>Version: 6.0.655 / Virus Database: 420 - Release Date: 4/8/2004 > > If this were true for your systems, why are we even having this > discussion? Another excellent point. The op thinks it's okay for a machine on his system to infect other 70-year-old "grandma" types. The op also seems to view this ng as a "read only" medium. From MikeE at ster.invalid Sun Apr 11 09:59:37 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 12:00:02 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: <407967F9.6000408@spamcop.net> Message-ID: Tim McGraw wrote: > Um, aren't you the guy who says spammers win when you have to look at > the subject line and they score more points if you have to look at the > message body? And wouldn't all that be required to determine if it's a > virus? ;) ;-) As soon as we get a vcbl, I'll revise my practices and re-examine the scoring system for them. Right now I'm having my provider [supposedly] filter/strip my virms for me. If there were a vcbl, I would turn off my provider virus filter, and they would be landing in my BigMail folder without my laying any eyeballs on them. I always pick up 'live' virms by their Properties, detach them from the mail, put them in their own little folder for characterizing and *then* I exercise my AV [inactive until then] to point at the folder to characterize the virm for reporting. The only points off I get for that operation is the 'tedium' of how long it takes. Alternatively, maybe I could do something with SpamPal to recognize my provider's X-line when it is positive for a virm. -- Mike Easter kibitzer, not SC admin From VROYLUAKAPCX at spammotel.com Sun Apr 11 13:02:08 2004 From: VROYLUAKAPCX at spammotel.com (Johnnie) Date: Sun Apr 11 12:05:07 2004 Subject: [SpamCop-List] Re: reporting spam seems to trigger more spamming References: Message-ID: "Marc" wrote in message news:c4ep1u$tov$1@news.spamcop.net... > > "Johnnie" wrote in message > news:c4ejur$mnt$1@news.spamcop.net... >> "Daniel Chow" wrote in message >> news:dchow-F3E9CC.08302231032004@news.cesmail.net... >> > it seems that the more i report spam the more spam i get. >> > >> > is it possible that abuse@[whicheverISP] is actually a spammer in >> > disguise? >> > >> > what's your input on this? >> >> Definitely. Some ISP's will send your complaint to the spammer, > ostensibly >> to listwash you but I think it is also so they can retaliate. I have > proof >> Exodus does this. I even included a paragraph in my report saying the > must >> not send the info to the spammer but they did anyway. I sent a report to >> them (not using Spamcop) with a unique address that had never been used >> before and a week later started getting spam. > > Strictly speaking, how do you know there is any sort of retaliation > involved? I always imagined that a spammer dealing with a list of several > million email addresses isn't going to get too involved on an individual > basis with anyone, and probably doesn't care one way or another who > reports > and who doesn't. I don't know, but I think seeing an increase or decrease > in > spam following a complaint is more often a coincidence rather than a > response by the spammer. At best it would seem to be in the interest of > the > spammer to listwash the person, assuming the spammer worries about > complaints, or just take it as another indicator that the email address is > valid and therefore sellable to the next spammer. I assume there is retaliation when: 1. My email address is used as the From: address on a million or so pornographic spams 2. Someone reports me to my ISP using a forged email as "proof" that I am a spammer. Both have happened to me over the past year. (no 2 happened twice, once for a HOTMAIL address I had and once to my broadband isp.) From gandalf at ring.net Sun Apr 11 13:37:38 2004 From: gandalf at ring.net (Gandalf Greyham) Date: Sun Apr 11 12:40:18 2004 Subject: [SpamCop-List] Re: COX was Re: ATTN Deputies: problems with getting confirmation reports In-Reply-To: References: Message-ID: >>Can someone over on here (deputy, staff, etc) please give cox.net >>administration a TELEPHONE CALL? I have made my point as clearly as >>possible to tier 1 and tier 2 tech support, but it looks as though there >>needs to be some high-level interaction at the administrative level to get >>this problem squared away. > > Cox made major changes in their mailservers last weekend and I am sure that > they have been working bugs out all week so I am not totally surprised that > there are problems. Unfortunately, I do get the impression, that cable companies (COX, Time Warner, etc.) have no clue as to what to do with the Internet. COX put two of my e-mails on their blacklist, simply because I had the appropriate domains. Also, I used to live in an area where COX was serving Internet, they lost a ton of customers due to their incompetence to check out simple wires and PCMCIA cards. It pain me to say this, but don't put too much hope into this. ;-) From nobody at spamcop.net Sun Apr 11 14:56:59 2004 From: nobody at spamcop.net (Spam Pop) Date: Sun Apr 11 14:00:25 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: "Doc O'Leary" exposed his spammer side, rolled over to show his fecal spasms, and then said: ... > If this were true for your systems, why are we even having this > discussion? He was having "that" discussion because he chose to participate in it, of his own free will and desires. The unspecified and ambiguouis "we" he refers to only specifically includes him. So, uhhh, ... Livers quiver and sphincters ... From nobody at spamcop.net Sun Apr 11 21:30:55 2004 From: nobody at spamcop.net (Hans Weber) Date: Sun Apr 11 14:35:13 2004 Subject: [SpamCop-List] Re: Automatic Spamcop reporting from Outlook Express ...? References: Message-ID: "Mike Easter" schrieb im Newsbeitrag news:c5bnqf$kbr$1@news.spamcop.net... > Hans Weber wrote: > > Something available to be added to OE or Outlook that is integrated > > giving the possibility to send spam without parsing manually or > > sending as attachment "by hand"? Primarily OE is the mainly used agent here. Also if OFFICE is used, OE is usually the mail client. I understand that it is a total different thing. > I don't understand how 'automatic' you want this to be. Something which > recognizes your spam and emails it automatically without any action on > your part? That seems a little extreme. I think you need to be > watching over this a little bit. e.g. marking an eMail, using a specific button and then the other things are automated. May be larting the spammer over own local software giving the evidence to SC. A kind of a decentralised anti-spam software that complains over SC? > You could put SpamPal in front of OE and have 'all' of your spam in a > Junk folder and then select all or a lot of them and forward as > attachment, but that would require a couple of mouseclicks and 'human' > participation or visualization of spamitems in a folder, followed by the > 'oversight' of the spamcop parsing results prior to reporting. So it is not the comfortable thing I am searching for. May be sometimes there is a more convenient software available that can integrate SC in an Windows environment? Thank you, Mike for these details! Very helpful for me! From nobody at spamcop.net Sun Apr 11 16:29:20 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sun Apr 11 16:30:20 2004 Subject: [SpamCop-List] Re: reporting spam seems to trigger more spamming References: Message-ID: "Johnnie" wrote in message news:c5bq5u$mtq$1@news.spamcop.net... > I assume there is retaliation when: > > 1. My email address is used as the From: address on a million or so > pornographic spams > > 2. Someone reports me to my ISP using a forged email as "proof" that I am a > spammer. > > Both have happened to me over the past year. (no 2 happened twice, once for > a HOTMAIL address I had and once to my broadband isp.) > Since you are not the only one whose email address is used as the >From on spam for porn, cheap drugs, brides for sale, snoop everyone's computer, I don't know how you think that you are a particular target. There have been dozens of people upset over this who have posted and it is so common that ISP's generally don't even bother to investigate allegations. If hotmail and your broadband ISP did, I presume that you were able to straighten it out easily. The reporter didn't do it through spamcop obviously (unless you did, yourself, by not looking at the reports - which can happen) since spamcop only looks at IP addresses. If someone else did it, it would not have been a spammer because they, too, know about IP addresses. If they wanted to retailiate, they can send enough spam to close your mailbox and keep it closed. It may have been the same clueless person who happens to be on the same spammer list as you are. You could also be getting nasty emails from other clueless recipients. Many people do get outraged responses as well as bounces from clueless admins. Miss Betsy From nobody at spamcop.net Sun Apr 11 16:33:32 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sun Apr 11 16:30:47 2004 Subject: [SpamCop-List] Re: Automatic Spamcop reporting from Outlook Express ...? References: Message-ID: Quick reporting may be what you are looking for. However, since spamcop occasionally hiccups or you overlook an false positive, you have to read all the reports to make sure you didn't report yourself. I found this just as tedious as clicking the send button. Miss Betsy From MikeE at ster.invalid Sun Apr 11 14:32:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 16:35:02 2004 Subject: [SpamCop-List] Re: Interesting, but for how long? References: Message-ID: D Smythe wrote: > A while back I reported whythe-inetrnet.com as having invalid contact > details in their DNS lookup. (albertgass@europe.com) You may have experience in 'messing with' this particular problem, but I'll just describe how I handle it coming in 'cold' with no experience with the item whatsoever. 217.69.122.104 no rDNS inetnum: 217.69.122.0 - 217.69.122.255 netname: WINET descr: Whythe-Internet customer network admin-c: JD1061-RIPE = admin@whythe-internet.com tech-c: JB2425-RIPE = born@whythe-internet.com whois -h whois.abuse.net whythe-internet.com ... abuse@se.uu.net abuse@mci.com (for whythe-internet.com) but 217.69.122.104 is spews & spamhaus [and others] listed, indicating non-responsiveness, so I would go upstream. They are AS29371 which gives me nothing in Robban. My own tracert sez teletube, which has no reg'd abuse addy. So I would use all of the above + the pm at whythe, along with the changed and notify addies [which I normally don't use] admin@teletube.net + noc@unsx.net + admin@unsx.net + the default teletube pm + another tracert hop which *also* doesn't have reg'd abuse Eurasia Telecom val, noc, and the default pm at eut.ru. That's a total of 12 notifies for me, without even checking with SC to see what is bouncing or not. If I'm notifying 12 addies, it doesn't matter if some of them are bouncing. The 'legitimacy' for those notifies is the absence of any reg'd abuse addresses at the target + the target's unresponsiveness + the absence of reg'd abuse addies at what limited upstream information we have. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Apr 11 21:43:42 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Sun Apr 11 16:45:02 2004 Subject: [SpamCop-List] Re: Anyone monitoring .routing? References: Message-ID: Robert Tarrall (tarrall@xxxx.neighborhoodlink.com) wrote in news:tarrall- 5BA611.19183810042004@news.cesmail.net: > Just wondering if anyone (from Spamcop) is monitoring spamcop.routing. > Haven't seen Ellen or anyone else from Spamcop post a followup or fix a > routing issue in the last several days... In my experience deputies are monitoring .routing but aren't necessarily giving feedback unless additional info is needed. I've posted things there that were clearly folowed up on a few days afterwards; remember that whatever we post will be checked before it leads to changes in the SC system, so there can be a delay. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From anti.spam at dont.spam Sun Apr 11 23:54:46 2004 From: anti.spam at dont.spam (D Smythe) Date: Sun Apr 11 16:55:04 2004 Subject: [SpamCop-List] Re: Interesting, but for how long? References: Message-ID: Hi Thx Mike Cheers D "Mike Easter" wrote in message news:c5ca1v$3n0$1@news.spamcop.net... > D Smythe wrote: > > A while back I reported whythe-inetrnet.com as having invalid contact > > details in their DNS lookup. (albertgass@europe.com) > > You may have experience in 'messing with' this particular problem, but > I'll just describe how I handle it coming in 'cold' with no experience > with the item whatsoever. > > 217.69.122.104 no rDNS > inetnum: 217.69.122.0 - 217.69.122.255 > netname: WINET > descr: Whythe-Internet customer network > admin-c: JD1061-RIPE = admin@whythe-internet.com > tech-c: JB2425-RIPE = born@whythe-internet.com > whois -h whois.abuse.net whythe-internet.com ... > abuse@se.uu.net abuse@mci.com (for whythe-internet.com) > > but 217.69.122.104 is spews & spamhaus [and others] listed, indicating > non-responsiveness, so I would go upstream. They are AS29371 which > gives me nothing in Robban. My own tracert sez teletube, which has no > reg'd abuse addy. So I would use all of the above + the pm at whythe, > along with the changed and notify addies [which I normally don't use] > admin@teletube.net + noc@unsx.net + admin@unsx.net + the default > teletube pm + another tracert hop which *also* doesn't have reg'd abuse > Eurasia Telecom val, noc, and the default pm at eut.ru. > > That's a total of 12 notifies for me, without even checking with SC to > see what is bouncing or not. If I'm notifying 12 addies, it doesn't > matter if some of them are bouncing. The 'legitimacy' for those > notifies is the absence of any reg'd abuse addresses at the target + the > target's unresponsiveness + the absence of reg'd abuse addies at what > limited upstream information we have. > > > -- > Mike Easter > kibitzer, not SC admin > From aaronw at attbi.com Sun Apr 11 15:05:25 2004 From: aaronw at attbi.com (Aaron Williams) Date: Sun Apr 11 17:05:03 2004 Subject: [SpamCop-List] Paying member submission idea. Message-ID: I'm currently a paying member who submits a lot of spam, much of it very soon after it's received. Lately I've been burning through my spam allotment very quickly. Since this is also a service to Spamcop, why not offer a bonus if the spam is "fresh". I.e. if the spam is less than an hour or two old, either don't deduct it from the allotment, or maybe even give a credit. Also, it seems that the amount of space available is decreasing very quickly, which is surprising since most of the spams I'm submitting are only 2-5K in size. I noticed that when my allotment dropped under 1MB it slowed down considerably. -Aaron From tmcgraw at spamcop.net Sun Apr 11 15:18:31 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 17:20:03 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: Message-ID: <4079B627.4050202@spamcop.net> Aaron Williams wrote: > I'm currently a paying member who submits a lot of spam, much of it very > soon after it's received. Lately I've been burning through my spam > allotment very quickly. Since this is also a service to Spamcop, why not > offer a bonus if the spam is "fresh". I.e. if the spam is less than an > hour or two old, either don't deduct it from the allotment, or maybe even > give a credit. It sounds like you're under the old "fuel" system. I believe most paying users are paying $30/year flat rate. You can convert from a fuel system to the flat rate, and remaining fuel counts toward your first annual payment. > Also, it seems that the amount of space available is decreasing very > quickly, which is surprising since most of the spams I'm submitting are > only 2-5K in size. I noticed that when my allotment dropped under 1MB it > slowed down considerably. That is a question perhaps more appropriate in the spamcop.mail ng. You might consider using a mail app local to your computer if it's convenient for you. From nobody at spamcop.net Mon Apr 12 10:45:08 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sun Apr 11 17:45:03 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: <4079BC64.1080503@spamcop.net> Miss Betsy wrote: > "Jimbo" wrote in message > news:c591t6$596$1@news.spamcop.net... > >>Guys, >>I have a mail address which I used OK for years, up to a couple > > of weeks > >>back. Then I started getting bounces of spam that was being sent > > out > >>using my email address. I looked at the bounces and found that > > they all > >>came from either a Chinese or Indian site, both of which were > > selling > >>viagra and other medications, and which had no email address that > > I > >>could redirect their crap to.....big surprise there! > > > This is a common tactic of spammers to use forged email addresses > in the From. Idiot ISP's and clueless users of products like > Mailwasher then accept the emails (instead of rejecting them at the > server), and instead of "bouncing" them to the proper place, send > them to the innocent From. > > You can complain to the person who bounced the message to you that > they are aiding and abetting spammers by bouncing the spam. You > cannot report them thru spamcop, though you can parse the headers > and find the proper addresses. This is standard mail server bahaviour... The bounces he is talking about are ones to non existant email addresses or full mail boxes. Without this mechanism nobody would know what was going on. It is no good complaining to the postmaster@bouncingdomain. I believe you may be getting confused with returned virus infected messages. I.E. Mail server recognises a virus and sends a warning to the from address. These postmasters need informing of acceptable practises. > > > >>Any good ideas as to how I can identify who the %$?*& is that is > > using > >>my address would be good, I'm told there may be information in > > the mail > >>that can be used to identify the origin of the spam....whatever, > > any > >>help will be greatly appreciated > > > There is almost nothing that you can do to stop the spammer from > using your email address. However, no one with any sense thinks > that you have anything to do with the spam. > > Miss Betsy > > From nobody at spamcop.net Mon Apr 12 11:05:20 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sun Apr 11 18:05:05 2004 Subject: [SpamCop-List] Re: Advice needed! References: Message-ID: <4079C120.2080400@spamcop.net> Jimbo wrote: > Guys, > I have a mail address which I used OK for years, up to a couple of weeks > back. Then I started getting bounces of spam that was being sent out > using my email address. Possibly just a fluke. If spammy is using your email address and knows its a working one you will get his trash as well. I looked at the bounces and found that they all > came from either a Chinese or Indian site, both of which were selling > viagra and other medications, and which had no email address that I > could redirect their crap to.....big surprise there! > Sounds like the mail server has been good enough to send you the content. > Any good ideas as to how I can identify who the %$?*& is that is using > my address would be good, I'm told there may be information in the mail > that can be used to identify the origin of the spam....whatever, any > help will be greatly appreciated Follow the spamvertised web site info... whois, dig/nslookup, trace route whois keywords entered into spamhaus rokso search may get em (NIM is an example found in domains registered by Soloway). Do the same with primary and secondary dns. Primary dns is the only one to believe however. Secondary dns may not work or be bogus and requires further investigation to verify. Enter spamvertised web site and dns ip addresses into spamhaus sbl search. Information gleaned from these records may yield a culprit however spamhaus is known to be misleading sometimes. Eventually it all comes out in the wash but in the mean time some ip addresses get assigned to no one or even the wrong spammer. Trace route may yield an upstream that is known in the spamhaus database. Check the identified spammers in the listed ip blocks. There is normally a link at the bottom of the sbl listing that will take you to the service providers record. Google search on keywords found in whois and the mail source can yield information that others have gathered. There are many other resources. Spews for instance. See this thread. Subject: Peter Francis-MacRea 456med.com lifesmile.biz Date: Sat, 10 Apr 2004 20:41:19 +1200 lifesmile is listed on spamhaus. > > Thanks > Jimbo > From tmcgraw at spamcop.net Sun Apr 11 16:15:00 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 18:15:02 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079C120.2080400@spamcop.net> Message-ID: <4079C364.4000101@spamcop.net> Anony Mouse wrote: > > > > Google search on keywords found in whois and the mail source can yield > information that others have gathered. Excellent advice. I might add to choose "Groups" in Google to get nanae-posted info (which is very good). > There are many other resources. Spews for instance. Put spews.org in your browser. From tboyer at spamcop.net Sun Apr 11 19:32:02 2004 From: tboyer at spamcop.net (Tim Boyer) Date: Sun Apr 11 18:35:03 2004 Subject: [SpamCop-List] ct-abuse@sprint.net refuses SpamCop reports Message-ID: <6nhj70tk88ssf08mk8thiodkj3qh8be69v@4ax.com> My Chinanet spams now return this: abuse net crc.net.cn = anti-spam@chinanet.cn.net, mliu@crc.net.cn, postmaster@crc.net.cn, ctsummary@special.abuse.net Using best contacts anti-spam@chinanet.cn.net mliu@crc.net.cn postmaster@crc.net.cn ctsummary@special.abuse.net anti-spam@chinanet.cn.net bounces (142 sent : 100 bounces) Using anti-spam#chinanet.cn.net@devnull.spamcop.net for statistical tracking. ctsummary@special.abuse.net redirects to ct-abuse@sprint.net ct-abuse@sprint.net refuses SpamCop reports I always thought that the whole reason for Sprint's ct-abuse addy was to accept Chinanet reports from SpamCop. Not that it ever did any good, of course... tim -- tboyer@spamcop.net Nothing official, just another Spamcop user From a at all.addresses.on.cdrom.are.invalid.aaa Sun Apr 11 20:16:30 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sun Apr 11 19:20:04 2004 Subject: [SpamCop-List] Re: Advice needed! In-Reply-To: <4079BC64.1080503@spamcop.net> References: <4079BC64.1080503@spamcop.net> Message-ID: Anony Mouse wrote: > Miss Betsy wrote: > >> >> You can complain to the person who bounced the message to you that >> they are aiding and abetting spammers by bouncing the spam. You >> cannot report them thru spamcop, though you can parse the headers >> and find the proper addresses. > > This is standard mail server bahaviour... It is an allowed but abusive behavior that should be discouraged. And negative feedback to the designated abuse addresses will help get this message through. Especially if everyone that gets these abusive bounces complains. It is no longer a courtesy to generate new bounce messages to the alleged senders, it only assists other abusers. > The bounces he is talking about are ones to non existant email addresses > or full mail boxes. Without this mechanism nobody would know what was > going on. They can reject the e-mail with a 4xx code, which will cause a retry at various intervals until either the sending mail server gives up, or someone drains the mail box. Then legitimate senders will get the "bounce" messages generated by their local mail server for either the delivery delay or the non-delivery. And innocent bystanders will not get abused. If the SMTP transaction is completed, and a message can not be delivered, the RFCs need to be revised to strongly recommend that the non-delivery message only be delivered to the postmaster of the I.P. address the message was accepted from. > It is no good complaining to the postmaster@bouncingdomain. It does do good to complain. It has generally worked in most cases to stop the abusive bounces or virus reports from coming to me. They may have special cased my e-mail address (more work for them) or they may have fixed their mail server. The more complaints an abusive server owner gets, the more likely they are to understand that they are doing something that is not good. It has been reported from the SPAM-L mailing list that AOL is converting their systems not to generate abusive bounces. And if something the size of AOL can realize that it is a bad practice, then other networks can learn too. > I believe you may be getting confused with returned virus infected > messages. I.E. Mail server recognises a virus and sends a warning to the > from address. These postmasters need informing of acceptable practises. If I get a non-delivery or virus notice for an e-mail that I did not send, I LART it manually. There was once technical college that was spamming a mailing list with their useless virus detected warnings that would not take the hint. The owner of the mail server operator getting the bogus warnings set the mail server to reject them with 5xx errors. I do not know if they ever fixed their virus scanner. If they did not, then they have a bunch of NDRs piling up on their own mail server. -John wb8tyw@qsl.network Personal Opinion Only From pete at heypete.com Sun Apr 11 17:26:50 2004 From: pete at heypete.com (Pete Stephenson) Date: Sun Apr 11 19:30:03 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: <87isg7yra4.fsf@ursine.ca> <87oepzrou7.fsf@ursine.ca> <87zn9ihpps.fsf@ursine.ca> Message-ID: In article <87zn9ihpps.fsf@ursine.ca>, Paul Johnson wrote: > T-Mobile and T-Online are subsidiaries of the same company, and I get > a lot of my spam from t-online... Perhaps. However, T-Mobile outsources their data service for their Sidekick (aka "HipTop") wireless devices to Danger, Inc., the company who makes the device itself. Also, a scorched-earth policy against different divisions of a company that have nothing to do with each other (T-Online being the German ISP side of T-Mobile, while the issue we're discussing is the American cellular phone company) is not a very reasonable course of action. -- Pete Stephenson HeyPete.com From pete at heypete.com Sun Apr 11 17:28:23 2004 From: pete at heypete.com (Pete Stephenson) Date: Sun Apr 11 19:30:05 2004 Subject: [SpamCop-List] Re: Danger HipTop Gateway References: Message-ID: In article , SpamCop Admin wrote: > It's sending "mailbox is full" autoresponder traffic to our spamtraps. Hmm. Perhaps it's due to viruses forging the spamtrap addresses, and then bombarding the users of T-Mobile's Sidekick service with their virus-laden messages? -- Pete Stephenson HeyPete.com From rvaessen at spamcop.net Sun Apr 11 19:10:02 2004 From: rvaessen at spamcop.net (Robert L. Vaessen) Date: Sun Apr 11 20:10:10 2004 Subject: [SpamCop-List] Configuring mailhosts - In the dark Message-ID: Arrgghh! - I had a feeling that this was going to be difficult. Today I attempted to mailhost configure my spam reporting account. I have over 25 different email addresses (and two domains). Yeah I know it's a lot. No I don't have a good reason for all of them, still I have them. Yes I get email at all of them, and a lot of spam (over 3,800 pieces last month). So I figured I'd wait a while before tackling the Mailhosts configuration. I guess I didn't wait long enough. I've got my spamcop account/mailhost configured. No problems there. Then I started entering my other email addresses. I thought I knew what I was doing, the instructions seemed straightforward enough. I got through 11 of them before I started to suspect a problem. I received all the configuration messages. I've been selecting all (with full headers/raw text showing), clicking forward, and addressing the replies/forwarded configuration messages to the mailhosts configuration address included in the email. I tried forwarding the messages without showing the full header, but switched to the full header/raw text after I noticed that nothing seemed to be happening. I even tried removing the quoting/indenting on the forwarded messages, thinking that the quoting may be causing problems. Still there was no change. Is something supposed to change? I still see only one host configured on my mailhosts page (yes I've reloaded the page). Only my spamcop account/mailhost seems to be configured. Am I supposed to do something other than return the emails I receive? How do I know whether it's working? I've seen/read reassurances that one can back out of the mailhosts configuration/revert back to the standard configuration. How does one do that? Should I revert? How do I know if the configuration emails are making there way back to spamcop? Shouldn't I see more mailhosts show up as I forward the configuration emails? Can someone help me? - Robert Befuddled by the newfangled 'mailhosts' configuration process. From nobody at spamcop.net Sun Apr 11 20:22:15 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sun Apr 11 20:20:03 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: Message-ID: "Aaron Williams" wrote in message news:c5cboc$5nq$1@news.spamcop.net... > I'm currently a paying member who submits a lot of spam, much of it very > soon after it's received. Lately I've been burning through my spam > allotment very quickly. Since this is also a service to Spamcop, why not > offer a bonus if the spam is "fresh". I.e. if the spam is less than an > hour or two old, either don't deduct it from the allotment, or maybe even > give a credit. Excellent suggestion. Miss Betsy From nobody at spamcop.net Sun Apr 11 20:27:57 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sun Apr 11 20:25:03 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: "John Malmberg" wrote in message news:c5cjkf$f31$1@news.spamcop.net... > Anony Mouse wrote: > > Miss Betsy wrote: > > > >> > >> You can complain to the person who bounced the message to you that > >> they are aiding and abetting spammers by bouncing the spam. You > >> cannot report them thru spamcop, though you can parse the headers > >> and find the proper addresses. > > > > This is standard mail server bahaviour... > > It is an allowed but abusive behavior that should be discouraged. And > negative feedback to the designated abuse addresses will help get this > message through. Especially if everyone that gets these abusive bounces > complains. > > It is no longer a courtesy to generate new bounce messages to the > alleged senders, it only assists other abusers. > > > The bounces he is talking about are ones to non existant email addresses > > or full mail boxes. Without this mechanism nobody would know what was > > going on. > > They can reject the e-mail with a 4xx code, which will cause a retry at > various intervals until either the sending mail server gives up, or > someone drains the mail box. > > Then legitimate senders will get the "bounce" messages generated by > their local mail server for either the delivery delay or the > non-delivery. And innocent bystanders will not get abused. > > If the SMTP transaction is completed, and a message can not be > delivered, the RFCs need to be revised to strongly recommend that the > non-delivery message only be delivered to the postmaster of the I.P. > address the message was accepted from. > > > It is no good complaining to the postmaster@bouncingdomain. > > It does do good to complain. It has generally worked in most cases to > stop the abusive bounces or virus reports from coming to me. They may > have special cased my e-mail address (more work for them) or they may > have fixed their mail server. > > The more complaints an abusive server owner gets, the more likely they > are to understand that they are doing something that is not good. > > It has been reported from the SPAM-L mailing list that AOL is converting > their systems not to generate abusive bounces. And if something the > size of AOL can realize that it is a bad practice, then other networks > can learn too. > > > I believe you may be getting confused with returned virus infected > > messages. I.E. Mail server recognises a virus and sends a warning to the > > from address. These postmasters need informing of acceptable practises. > > If I get a non-delivery or virus notice for an e-mail that I did not > send, I LART it manually. > > There was once technical college that was spamming a mailing list with > their useless virus detected warnings that would not take the hint. The > owner of the mail server operator getting the bogus warnings set the > mail server to reject them with 5xx errors. I do not know if they ever > fixed their virus scanner. If they did not, then they have a bunch of > NDRs piling up on their own mail server. > Thank you, John. I just looked at a response you made on the web forum and wanted to send you a thank you there too! You know how to explain what I want to say in technical terms. Miss Betsy From nobody at spamcop.net Sun Apr 11 21:42:25 2004 From: nobody at spamcop.net (Ellen) Date: Sun Apr 11 21:00:03 2004 Subject: [SpamCop-List] Re: ct-abuse@sprint.net refuses SpamCop reports References: <6nhj70tk88ssf08mk8thiodkj3qh8be69v@4ax.com> Message-ID: "Tim Boyer" wrote in message news:6nhj70tk88ssf08mk8thiodkj3qh8be69v@4ax.com... > My Chinanet spams now return this: > > > I always thought that the whole reason for Sprint's ct-abuse addy was > to accept Chinanet reports from SpamCop. Not that it ever did any > good, of course... > > I believe that I posted about this -- they asked us to turn that off temporarily -- I'll check back with them this week to see if it can be turned on. Ellen From nobody at spamcop.net Sun Apr 11 21:52:25 2004 From: nobody at spamcop.net (Ellen) Date: Sun Apr 11 21:00:06 2004 Subject: [SpamCop-List] Re: Configuring mailhosts - In the dark References: Message-ID: "Robert L. Vaessen" wrote in message news:mailman.381.1081728612.20699.spamcop-list@news.spamcop.net... > Arrgghh! - > > I had a feeling that this was going to be difficult. > > Today I attempted to mailhost configure my spam reporting account. I > have over 25 different email addresses (and two domains). Yeah I know > it's a lot. No I don't have a good reason for all of them, still I have > them. Yes I get email at all of them, and a lot of spam (over 3,800 > pieces last month). > Ok I looked at your account -- assuming that we are talking about the one for the address you are posting from. The spamcop mail host is there and that is the only one there. You do not need to register 25 email addresses. One for each domain that your mail passes thru is sufficient. You *do* need to return the full headers and text of the probe mail. What I think is the easiest, unless you know for a fact that a forward includes all headers, is to simply reveal the headers and the text and copy/paste it back into an email and send it to the special address in the email. So far there are no returned probes for your other domains. When the system gets the probes back correctly then you will receive a confirmation message which indicates sucess or an error.. After your receive the confirmation messages and they say the mailhost addition was successful then you can start reporting spam again -- until then you can't. At this point since you probably have a whole collection of probes you can try returning them again making sure that you have full headers and text bodies. To make this somewhat less chaotic start with one domain and let's work thru that one and then go on to the second one. If you can no longer keep straight which probes go with which domains, throw away all the probe messages and do an add for one domain so the system will send new probes. You can write to me at deputies spamcop.net after you return the first set of probes and I will look at your account and see what is happening -- remember to include the email address registered with SC. Ellen From MikeE at ster.invalid Sun Apr 11 19:01:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 21:05:03 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: Let me see; which one of these is easier to read.... ... the one with the 'ugly' shortlines.... "Miss Betsy" wrote in message news:c5cnj3$jou$1@news.spamcop.net... > > "John Malmberg" wrote in > message news:c5cjkf$f31$1@news.spamcop.net... > > Anony Mouse wrote: > > > Miss Betsy wrote: > > > > > >> > > >> You can complain to the person who bounced the message to you > that > > >> they are aiding and abetting spammers by bouncing the spam. > You > > >> cannot report them thru spamcop, though you can parse the > headers > > >> and find the proper addresses. > > > > > > This is standard mail server bahaviour... > > > > It is an allowed but abusive behavior that should be discouraged. > And > > negative feedback to the designated abuse addresses will help get > this > > message through. Especially if everyone that gets these abusive > bounces > > complains. > > > > It is no longer a courtesy to generate new bounce messages to the > > alleged senders, it only assists other abusers. > > > > > The bounces he is talking about are ones to non existant email > addresses > > > or full mail boxes. Without this mechanism nobody would know > what was > > > going on. > > > > They can reject the e-mail with a 4xx code, which will cause a > retry at > > various intervals until either the sending mail server gives up, > or > > someone drains the mail box. > > > > Then legitimate senders will get the "bounce" messages generated > by > > their local mail server for either the delivery delay or the > > non-delivery. And innocent bystanders will not get abused. > > > > If the SMTP transaction is completed, and a message can not be > > delivered, the RFCs need to be revised to strongly recommend that > the > > non-delivery message only be delivered to the postmaster of the > I.P. > > address the message was accepted from. > > > > > It is no good complaining to the postmaster@bouncingdomain. > > > > It does do good to complain. It has generally worked in most > cases to > > stop the abusive bounces or virus reports from coming to me. > They may > > have special cased my e-mail address (more work for them) or they > may > > have fixed their mail server. > > > > The more complaints an abusive server owner gets, the more likely > they > > are to understand that they are doing something that is not good. > > > > It has been reported from the SPAM-L mailing list that AOL is > converting > > their systems not to generate abusive bounces. And if something > the > > size of AOL can realize that it is a bad practice, then other > networks > > can learn too. > > > > > I believe you may be getting confused with returned virus > infected > > > messages. I.E. Mail server recognises a virus and sends a > warning to the > > > from address. These postmasters need informing of acceptable > practises. > > > > If I get a non-delivery or virus notice for an e-mail that I did > not > > send, I LART it manually. > > > > There was once technical college that was spamming a mailing list > with > > their useless virus detected warnings that would not take the > hint. The > > owner of the mail server operator getting the bogus warnings > set the > > mail server to reject them with 5xx errors. I do not know if > they ever > > fixed their virus scanner. If they did not, then they have a > bunch of > > NDRs piling up on their own mail server. > > > > Thank you, John. I just looked at a response you made on the web > forum and wanted to send you a thank you there too! > > You know how to explain what I want to say in technical terms. > > Miss Betsy -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 11 19:02:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 11 21:05:06 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: .... or the one that doesn't have those shortlines. Miss Betsy wrote: > "John Malmberg" wrote in > message news:c5cjkf$f31$1@news.spamcop.net... >> Anony Mouse wrote: >>> Miss Betsy wrote: >>> >>>> >>>> You can complain to the person who bounced the message to you that >>>> they are aiding and abetting spammers by bouncing the spam. You >>>> cannot report them thru spamcop, though you can parse the headers >>>> and find the proper addresses. >>> >>> This is standard mail server bahaviour... >> >> It is an allowed but abusive behavior that should be discouraged. And >> negative feedback to the designated abuse addresses will help get >> this message through. Especially if everyone that gets these >> abusive bounces complains. >> >> It is no longer a courtesy to generate new bounce messages to the >> alleged senders, it only assists other abusers. >> >>> The bounces he is talking about are ones to non existant email >>> addresses or full mail boxes. Without this mechanism nobody would >>> know what was going on. >> >> They can reject the e-mail with a 4xx code, which will cause a retry >> at various intervals until either the sending mail server gives up, >> or someone drains the mail box. >> >> Then legitimate senders will get the "bounce" messages generated by >> their local mail server for either the delivery delay or the >> non-delivery. And innocent bystanders will not get abused. >> >> If the SMTP transaction is completed, and a message can not be >> delivered, the RFCs need to be revised to strongly recommend that the >> non-delivery message only be delivered to the postmaster of the I.P. >> address the message was accepted from. >> >>> It is no good complaining to the postmaster@bouncingdomain. >> >> It does do good to complain. It has generally worked in most cases >> to stop the abusive bounces or virus reports from coming to me. They >> may have special cased my e-mail address (more work for them) or >> they may have fixed their mail server. >> >> The more complaints an abusive server owner gets, the more likely >> they are to understand that they are doing something that is not >> good. >> >> It has been reported from the SPAM-L mailing list that AOL is >> converting their systems not to generate abusive bounces. And if >> something the size of AOL can realize that it is a bad practice, >> then other networks can learn too. >> >>> I believe you may be getting confused with returned virus infected >>> messages. I.E. Mail server recognises a virus and sends a warning >>> to the from address. These postmasters need informing of acceptable >>> practises. >> >> If I get a non-delivery or virus notice for an e-mail that I did not >> send, I LART it manually. >> >> There was once technical college that was spamming a mailing list >> with their useless virus detected warnings that would not take the >> hint. The owner of the mail server operator getting the bogus >> warnings set the mail server to reject them with 5xx errors. I do >> not know if they ever fixed their virus scanner. If they did not, >> then they have a bunch of NDRs piling up on their own mail server. >> > > Thank you, John. I just looked at a response you made on the web > forum and wanted to send you a thank you there too! > > You know how to explain what I want to say in technical terms. > > Miss Betsy -- Mike Easter kibitzer, not SC admin From tboyer at spamcop.net Sun Apr 11 22:48:24 2004 From: tboyer at spamcop.net (Tim Boyer) Date: Sun Apr 11 21:50:04 2004 Subject: [SpamCop-List] Re: ct-abuse@sprint.net refuses SpamCop reports References: <6nhj70tk88ssf08mk8thiodkj3qh8be69v@4ax.com> Message-ID: <6atj70dgcn5crsmhf5jfkv64im2f2fgsj5@4ax.com> On Sun, 11 Apr 2004 20:42:25 -0400, "Ellen" wrote: > >"Tim Boyer" wrote in message >news:6nhj70tk88ssf08mk8thiodkj3qh8be69v@4ax.com... >> My Chinanet spams now return this: >> >> >> I always thought that the whole reason for Sprint's ct-abuse addy was >> to accept Chinanet reports from SpamCop. Not that it ever did any >> good, of course... >> >> > >I believe that I posted about this -- they asked us to turn that off >temporarily -- I'll check back with them this week to see if it can be >turned on. > Thanks - I must have missed your post! tim -- tboyer@spamcop.net Nothing official, just another Spamcop user From tmcgraw at spamcop.net Sun Apr 11 19:59:02 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 22:00:02 2004 Subject: [SpamCop-List] virus notice? or spam? Message-ID: <4079F7E6.5000800@spamcop.net> Subject: Eureka Technology Partners (ETP) Virus scan results -- This e-mail is generated by the Eureka Technology Partners (ETP) mail server to warn you that the e-mail sent by theunknownaddy@aol.com to dons@eol.lk is infected with virus: HTML/IFrame_Exploit*. If you are the sender: ------------------- The scanned e-mail has your address in the header field. Either your computer is infected or someone's computer having your e-mail address in the address book has been infected. Eureka Technology Partners offers a service to protect your computer from viruses. Please contact marketing@eureka.lk for further details. From tmcgraw at spamcop.net Sun Apr 11 20:06:05 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sun Apr 11 22:10:03 2004 Subject: [SpamCop-List] Re: Another good random subject References: <4068AB77.8020206@spamcop.net> Message-ID: <4079F98D.3080506@spamcop.net> get the chick of your dreams blackbody dung elision From a at all.addresses.on.cdrom.are.invalid.aaa Sun Apr 11 23:10:25 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sun Apr 11 22:15:03 2004 Subject: [SpamCop-List] Re: Advice needed! In-Reply-To: References: <4079BC64.1080503@spamcop.net> Message-ID: Mike Easter wrote: > Let me see; which one of these is easier to read.... > > ... the one with the 'ugly' shortlines.... > > > "Miss Betsy" wrote in message > news:c5cnj3$jou$1@news.spamcop.net... > Can you give us some advice on how to configure the respective news clients to automatically format things correctly and automatically? Mozilla is forced to use format=flowed for now. Which means that it wraps at 72 columns. Clients that support format=flowed should expand it to what ever size window they have. There are two bug reports outstanding about this. One to indicate where the difference between a line break and a paragraph break is, and the other to disable format flowed. And the wrapping of messages to replay to and subsequent "rewrap" function behaves differently with each release that I get. -John wb8tyw@qsl.network Personal Opinion Only From a at all.addresses.on.cdrom.are.invalid.aaa Sun Apr 11 23:50:40 2004 From: a at all.addresses.on.cdrom.are.invalid.aaa (John Malmberg) Date: Sun Apr 11 22:55:03 2004 Subject: [SpamCop-List] Re: virus notice? or spam? In-Reply-To: <4079F7E6.5000800@spamcop.net> References: <4079F7E6.5000800@spamcop.net> Message-ID: Tim McGraw wrote: > Subject: Eureka Technology Partners (ETP) Virus scan results Unless you the address identified as sending the virus, and you are actually infected, it sure has convinced me that it is a bad program. In addition, for any notice to be useful, it must contain the original headers to show what machine really sent the virus, and what mail servers actually passed it through. While it seems to be spam, I would doubt that a deputy would say that it is reportable through spamcop.net. A manual lart to the abuse desk that spamcop.net identifies, plus if you can trust the domain that it claims to come from the abuse and postmaster addresses for the source might be in order to point out that their virus scanner configuration is seriously broken and abusing the world, but you already knew that. From a similar case this morning, the "abuse" mailbox bounced as non-existent. I think I will modify my boilerplate for these notifications, that any bounces from this my complaint will be reported to rfc-ignorant.org. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Sun Apr 11 22:10:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 12 00:15:13 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: John Malmberg wrote: > Can you give us some advice on how to configure the respective news > clients to automatically format things correctly and automatically? It is a huge problem and I only know enough to 'rap about' OE, but probably there are others which have the same problems. In the case of OE, the problem is that there is something wrong with every possible line length, and some are worse than others. OE is so bad that it is held up as the classic example of what is wrong - it's the 'poster child'- of ugly shortlines. The problem is that if - let's pick on someone - MB has 'broad shoulders' we'll pick on her - if someone sets their line length kinda short - the thinking being that that way their lines won't 'grow' and get to be so long that someone else's wrap starts making shortlines out of them - then, they 'massacre' whosever lines they are citing because they chop them into shortlines with the wrap. Oh, dear! Let's don't do that. Let's make the line length kinda longer. Uh oh! As soon as someone cites you, then *your* lines get massacred and turned into shortlines. You can't win. In the case of my demonstration for the two items - the demonstration won't actually 'work' quite right for some people who are reading it because they have a fairly good remedy for the example I tried to give for the 'ugly' shortlines. If they are using OE with OE QuoteFix, then the demonstration of the shortlines doesn't quite work, because their QF fixed the problem. Apparently some newsagent editors have some of the 'qualities' of QF built into them, so they don't really need QF as bad as OE needs it. But OE's editor and line wrap configurator, along with some other 'non-compliances' make it the 'ugly duckling' of newsreaders. It is one of the reasons that so many people who already hate MS hate MS and all of its 'minions' who drive around things like OE which tend to 'mess up' newsgroups. OE also has had the problem of how it handles its sig delimiter, which makes /n/x people crazy - along with the other 'general' non-compliances of delimiter management overall. But, back to the issue. An OE person driving around a 'naked' OE in a group of people who are driving OE and other newsreaders, including /n/x ones, can only 'attempt' to remedy the problem of ugly shortlines by configuring their wrap within some fairly narrow range, like 72-74 or so. If they make it shorter they have the first problem we described; if they make it longer, the second. But, no matter what they make it, it is going to fall on its face, either sooner or later. Later would be better, you would think, but neither 'edge' of the strategy assures later over sooner. The most popular alternative, because it is a powerful fix, is to use QuoteFix. But QF is not without its problems. So, the alternatives if you are OE are: don't go far from the 'ideal' line length wrapping and hope for the best; or use QuoteFix and have the problem almost completely solved except for whatever is wrong with QF, and the occasional problem which QF doesn't fix. No doubt that it is a wonderful improvement to native OE. If you have another newsagent that isn't OE, I just don't know how bad your problems are, but you'll probably have to handle them with idealized line length selection. And Phillip, I don't even want to talk about the Quoted Printable 'solution'. That is an ideal solution for a very narrow application environment which doesn't exist here or any other ng/s I know of. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sun Apr 11 23:37:15 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 12 01:40:03 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: <4079B627.4050202@spamcop.net> <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> Message-ID: <407A2B0B.3080005@spamcop.net> SpamCop Admin wrote: >> Tim McGraw wrote: >> You can convert from a fuel system to the flat rate > > That's no longer possible. The two companies are completely separate > now and all accounts have been settled. > > Before the changeover was complete, we could simply adjust the account > between Jeff and Julian to reflect the transfer of funds. Ahhhhh... thank you. Oh well. From nobody at spamcop.net Mon Apr 12 01:08:48 2004 From: nobody at spamcop.net (RW) Date: Mon Apr 12 02:10:02 2004 Subject: [SpamCop-List] Re: Anyone monitoring .routing? References: Message-ID: <407A3270.F86F49CB@spamcop.net> Robert Tarrall wrote: > > Just wondering if anyone (from Spamcop) is monitoring spamcop.routing. > Haven't seen Ellen or anyone else from Spamcop post a followup or fix a > routing issue in the last several days... I haven't been through there in a long time. I know Ellen does cruise through on a more regular basis. Tremendous workload changes on our end has resulted in us taking a lot more information under advisement and working silently in the background. Personal replies are not always provided as there just aren't enough hours in a day. Some changes take seconds or minutes to effect. Others may take days as we search background information and check with 'other experts' in the field. We are working a lot closer than ever with others, making sure a united front is present and the information we gather agrees with and is reflected by other anti-spam co-operatives. As much as possible, we try to make sure we aren't stuck out in left field by ourselves. Richard From nobody at spamcop.net Mon Apr 12 09:24:35 2004 From: nobody at spamcop.net (John McLusky) Date: Mon Apr 12 03:25:03 2004 Subject: [SpamCop-List] Re: virus notice? or spam? References: <4079F7E6.5000800@spamcop.net> Message-ID: John Malmberg wrote: > Tim McGraw wrote: >> Subject: Eureka Technology Partners (ETP) Virus scan results > > Unless you the address identified as sending the virus, and you are > actually infected, it sure has convinced me that it is a bad program. > > In addition, for any notice to be useful, it must contain the original > headers to show what machine really sent the virus, and what mail > servers actually passed it through. > > While it seems to be spam, I would doubt that a deputy would say that > it is reportable through spamcop.net. Seems like a good time to bring this link back: http://www.attrition.org/security/rant/av-spammers.html From JohnJBurnessAT at ieeDOT.org Mon Apr 12 09:54:48 2004 From: JohnJBurnessAT at ieeDOT.org (John J. Burness) Date: Mon Apr 12 04:00:02 2004 Subject: [SpamCop-List] Re: Paying member submission idea. In-Reply-To: <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> References: <4079B627.4050202@spamcop.net> <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> Message-ID: SpamCop Admin wrote: >>- You can convert from a fuel system to the flat rate > > > That's no longer possible. The two companies are completely separate > now and all accounts have been settled. > > Before the changeover was complete, we could simply adjust the account > between Jeff and Julian to reflect the transfer of funds. > > - Don - So does that mean that, if you are on the "Fuel System", you can NOT convert to the "Flat Rate System" under any circumstances?? Regards, John From SPAMSHIELD_plarsen at mail.tele.dk Mon Apr 12 11:26:00 2004 From: SPAMSHIELD_plarsen at mail.tele.dk (Peter Larsen) Date: Mon Apr 12 05:25:03 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: <4079B627.4050202@spamcop.net> <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> Message-ID: <407A5298.43482D7E@mail.tele.dk> SpamCop Admin wrote: >>- You can convert from a fuel system to the flat rate > That's no longer possible. The two companies are completely separate > now and all accounts have been settled. > Before the changeover was complete, we could simply adjust the account > between Jeff and Julian to reflect the transfer of funds. OK, fuel saving already implemented. I was never aware that any other subscription existed. Manual submission of 30+ daily became too much of a chore anyway, so now I submit it only if it makes it past spamihilator. > - Don - Kind regards Peter Larsen -- ******************************************* * My site is at: http://www.muyiovatki.dk * ******************************************* From nobody at spamcop.net Mon Apr 12 06:59:20 2004 From: nobody at spamcop.net (Miss Betsy) Date: Mon Apr 12 07:00:03 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: You have told me about Quotefix before. My solution is generally to snip "ugly" lines (and in fact I missed a bunch of lines I should have snipped anyway) I can't remember why I made short lines. Someone complained and someone told me to make my line shorter and I remember making it as short as possible because of the problem. There is another problem I think with OE that someone has mentioned. While I try to make readable posts, I am afraid downloading another program is way at the bottom of my priority list . I am taking the "broad shoulders" comment as a compliment! Miss Betsy From salvisberg at spamcop.net Mon Apr 12 16:20:33 2004 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Mon Apr 12 09:20:06 2004 Subject: [SpamCop-List] Re: Configuring mailhosts - In the dark References: Message-ID: I had this same problem when I first tried configuring my mailhosts. Robert: I recommend to throw away the probes and delete all mailhosts (except the already configured SpamCop) and start again one at a time. Wait until you see the result of sending back your probe in Mailhost Configuration (either success or failure) before going to the next host. This can take a few minutes or a few hours. Ellen: Maybe you've clarified the instructions in the meantime. I did not fully understand that you also needed full headers, nor did I know whether my email client (Outlook 98) attached full headers, so I tried this: I hit [Forward] and dragged the probe to the new message, resulting in a message that contained body text and partial headers in the body, and supposedly the full message (possibly in an obscure MS format) in the attachment. IAC, this didn't work. You could probably make this process easier by telling people something like "Create a new message, paste the full headers and the unchanged body text of the probe into the body, separated by at least an empty line, and send it to xxxxxxxxx." I suppose everyone can do this. One set of unambiguous short instructions that work for everyone... Hans From salvisberg at spamcop.net Mon Apr 12 16:37:25 2004 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Mon Apr 12 09:35:03 2004 Subject: [SpamCop-List] Mailhost going overboard Message-ID: Ellen, Please look at my configuration. One entry has a ridiculously long list of hosts/domains and relaying IPs that seems to get longer and longer. Most of these hosts/domains and relaying IPs are definitely not part of that provider. Something's wrong there! While I have your attention -- one of my other providers, actually a hosting provider, attaches a header of the form Sender: to every message addressed to account@myhost.com. SC munges any account@myhost.com addresses, but it doesn't munge hosting_account@provider.net. The latter is not an actual email address, but it's still proprietary information that should not be served on a silver platter. Is there anything we can do to improve this? Hans From MikeE at ster.invalid Mon Apr 12 07:58:13 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 12 10:00:04 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: Miss Betsy wrote: > You have told me about Quotefix before. My solution is generally > to snip "ugly" lines (and in fact I missed a bunch of lines I > should have snipped anyway) > > I can't remember why I made short lines. Someone complained and > someone told me to make my line shorter and I remember making it as > short as possible because of the problem. But, that solution causes 'more' [a different kind] of problems. Optimal is better than shorter, but even with optimal there will be a problem You will have less 'problem' with slightly longer lines, with OE, that isn't necessarily so with other agents. > There is another problem > I think with OE that someone has mentioned. While I try to make > readable posts, I am afraid downloading another program is way at > the bottom of my priority list . I wouldn't push anyone into using QF, I think it has some 'slow' memory leak problems that I wish I were rid of instead of compensating for, but I haven't been inclined to break in a different newsreader just yet. > I am taking the "broad shoulders" comment as a compliment! Yes, I tho't you would understand. I was using you as a strawman to talk about 'the problem' OTOH, slightly longer lines would make for less shortlines in your cites ;-) If you make them too long, then it's a different problem. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 12 11:08:15 2004 From: nobody at spamcop.net (GV) Date: Mon Apr 12 10:10:03 2004 Subject: [SpamCop-List] Turn off technical details Message-ID: How do I turn off the technical data output from the spam parser? Please don't tell me Preferences or the "Report Spam" page. It is turned off on both off them. Still for some spams I get full header output and on some others I get nothing and I don't really see a pattern, when either happens. From MikeE at ster.invalid Mon Apr 12 08:16:30 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 12 10:20:02 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: John Malmberg wrote: > Mozilla is forced to use format=flowed for now. Which means that it > wraps at 72 columns. Clients that support format=flowed should expand > it to what ever size window they have. The problem is that the various clients are incompatible with each other in this 'sphere' - which is why I made my remark to Phillip who isn't here about OE's Quoted Printable. The most likely and typical thing is that it is OE which is out of step, because most news agents try to be compliant as much as possible, whereas OE uses MS mentality, namely it develops a way that it thinks is 'better' or good enough or whatever different and tries to force it on the 'community'. If two OE users communicate with each other using their QP, the wrapping works appropriately, wrapping to the window for each other. Other agents don't 'grok' OE QP. Similarly, OE doesn't grok Moz's format flowed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 12 08:29:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 12 10:30:03 2004 Subject: [SpamCop-List] Re: Puzzled about Spamcop policy References: Message-ID: John Malmberg wrote: > A virus-cop DNSbl should have many different codes to indicate how > clueless the network operators are that allow the virus to be sent out > of their network. > > 127.0.0.1 Sent a virus directly. > 127.0.0.2 Sent a virus multi-hop. > 127.0.0.4 Bounces detected viruses > 127.0.0.8 Sends useless virus reports > 127.0.0.16 Refuses complaints about their scanner/mailserver > abuse for content. > 127.0.0.32 Non-working role accounts > 127.0.0.64 Sent virus report for internal infection. > 127.0.0.128 Mail server infected. > 127.0.0.256 Responded to abuse report with cartooney Your plan came up in a conversation in an EL support ng. Karsten M. Self wrote: > Mailing list to which I get admin traffic shows a message apparently > rejected at SMTP time: > > kmself@ix.netcom.com : SMTP error from remote > mailer after end of data: host mx4.earthlink.net [207.217.125.19]: > 554 Message Rejected Due To Virus Found In Attachment The EL server wanted to 554 the propagation after DATA, but the propagator was gone, so 'instead' of a proper rejection, it mails the envelope from that little 'message'. It doesn't quite fit your .4 because the virm wasn't 'bounced' or the .8 [altho' that's pretty close] because it is sortofa rejection rather than a report. I guess I would expand the .8 to include useless rejection notices. As long as we're 'fleshing out' this vcbl ;-) -- Mike Easter kibitzer, not SC admin From salvisberg at spamcop.net Mon Apr 12 18:10:31 2004 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Mon Apr 12 11:10:03 2004 Subject: [SpamCop-List] Re: Mailhost going overboard References: Message-ID: Oops, sorry, the header isn't "Sender:" but Return path: "provider.net" is even listed in my Mailhosts configuration, but SC doesn't munge it. Hans "Hans Salvisberg" wrote in message news:c5e5p9$1ho$1@news.spamcop.net... > While I have your attention -- one of my other providers, actually a hosting > provider, attaches a header of the form > > Sender: > > to every message addressed to account@myhost.com. From sidewinder at spamcop.net Mon Apr 12 17:35:00 2004 From: sidewinder at spamcop.net (Richard Winder) Date: Mon Apr 12 12:35:03 2004 Subject: [SpamCop-List] Re: Turn off technical details References: Message-ID: "GV" wrote in news:c5e7sh$3l6$1@news.spamcop.net: > How do I turn off the technical data output from the spam parser? > Please don't tell me Preferences or the "Report Spam" page. It is > turned off on both off them. Still for some spams I get full header > output and on some others I get nothing and I don't really see a > pattern, when either happens. I noticed this after setting up the new mailhosts config. It seems that in cases where there is a forgery or where all the hosts in the chain are 'known', you get the full treatment regardless of how you have that option set. I expect this is done because you should be double-checking who you're larting in these cases? I'm seeing a lot of 'new faces' popping up after I set my mailhosts, and I'd say about 50% of the spam I've been reporting is now flagged as 'trivial forgery' or 'forgery from open proxy'. Particularly the drug spams. I wonder what kind of results others are seeing? -- -RSW From rlpgbooks at spamcop.net Mon Apr 12 13:46:00 2004 From: rlpgbooks at spamcop.net (John Peacock) Date: Mon Apr 12 12:50:01 2004 Subject: [SpamCop-List] Re: Spamcup automatic Spamcop reporting In-Reply-To: <48sa70tr5lfldscold06s2trt7ukb5ksq3@4ax.com> References: <48sa70tr5lfldscold06s2trt7ukb5ksq3@4ax.com> Message-ID: Stanley P. Miller wrote: > Spamcup is a tool for automatic Spamcop reporting. It performs the > same actions as if you were to report spam to spamcop.net with a Web > browser, but from the commandline. > I've been happily using for some weeks; I've even submitted some patches to make it better. For example, it didn't handle either "ISP has resolved this issue" or handle mole reporting mode. I can start it up in one window and switch back to it every once and a while and give it 'Y' to process messages. However, if you are using the Mailhosts feature, be sure and add all of your possible mail relay servers, since you might not notice that you are reporting your relay server, rather than the actual spamsource or open relay. Spamcup only displays the addresses which will be sent reports, not the detailed trace information (by default). YMMV John From nobody at spamcop.net Mon Apr 12 17:52:06 2004 From: nobody at spamcop.net (Marjolein Katsma) Date: Mon Apr 12 12:55:02 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: <4079B627.4050202@spamcop.net> <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> Message-ID: SpamCop Admin (service@admin.spamcop.net) wrote in news:6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com: >>- You can convert from a fuel system to the flat rate > > That's no longer possible. The two companies are completely separate > now and all accounts have been settled. Except I wish it *were* possible! You once commented that I "didn't report all that much" but I'm paying at a rate of about $5 per month fo rreporting. Why not offer a flat-rate reporting system? $30/yr is fine, $60 more than I can afford. -- Marjolein Katsma - Amsterdam, NL - http://hshelp.com/ Spam reporting addresses: http://banspam.javawoman.com/report3.html Spammers steal resources: they're my enemy. Cyveillance steals resources: they're my enemy. The enemy of my enemy can be my enemy, too. From nobody at spamcop.net Mon Apr 12 13:16:12 2004 From: nobody at spamcop.net (Ellen) Date: Mon Apr 12 13:15:03 2004 Subject: [SpamCop-List] Re: Turn off technical details References: Message-ID: "GV" wrote in message news:c5e7sh$3l6$1@news.spamcop.net... > How do I turn off the technical data output from the spam parser? > Please don't tell me Preferences or the "Report Spam" page. It is > turned off on both off them. Still for some spams I get full header > output and on some others I get nothing and I don't really see a > pattern, when either happens. > Send a tracking url for the tech details being on along with your registered SC email address -- send to deputies spamcop.net Ellen From tmcgraw at spamcop.net Mon Apr 12 11:50:43 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 12 13:55:02 2004 Subject: [SpamCop-List] Re: Paying member submission idea. References: <4079B627.4050202@spamcop.net> <6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com> Message-ID: <407AD6F3.20200@spamcop.net> Marjolein Katsma wrote: > SpamCop Admin (service@admin.spamcop.net) wrote in > news:6d3k709himafa6ahj54gdrkofb7q0m1421@4ax.com: > >>> You can convert from a fuel system to the flat rate >> >>That's no longer possible. The two companies are completely separate >>now and all accounts have been settled. > > Except I wish it *were* possible! You once commented that I "didn't report > all that much" but I'm paying at a rate of about $5 per month fo > rreporting. > > Why not offer a flat-rate reporting system? $30/yr is fine, $60 more than > I can afford. Come in through spamcop.net and it is $30/year. From gezgin at spamcop.net Mon Apr 12 22:15:02 2004 From: gezgin at spamcop.net (Gezgin) Date: Mon Apr 12 14:20:03 2004 Subject: [SpamCop-List] Curious X-lines in spam Message-ID: >From one of today's haul: X-Authentication-Warning: energetic o'er konrad nucleotide X-Mailer: whelp retrovision orphanage This whole business is really starting to get... what? surreal? baroque? -- Bob Kanyak's Doghouse http://kanyak.com From not at home.today Mon Apr 12 20:35:32 2004 From: not at home.today (Ant) Date: Mon Apr 12 14:40:03 2004 Subject: [SpamCop-List] Re: Advice needed! References: <4079BC64.1080503@spamcop.net> Message-ID: "Mike Easter" wrote... > Miss Betsy wrote: >> You have told me about Quotefix before. My solution is generally >> to snip "ugly" lines (and in fact I missed a bunch of lines I >> should have snipped anyway) The problem is that newly quoted lines will not appear broken until the post has been sent. OE does the broken-quote line wrap after you have composed the message. [...] > I wouldn't push anyone into using QF, I think it has some 'slow' memory > leak problems that I wish I were rid of instead of compensating for, but > I haven't been inclined to break in a different newsreader just yet. I wasn't aware of any QF problems. One reason not to start using it. [...] > OTOH, slightly longer lines would make for less shortlines in your cites > ;-) If you make them too long, then it's a different problem. What I do is compose new posts and replies (cut & paste first) in a text editor which tells me the line length, and can reformat to a specific length. I manually fix already-broken or over-long quotes. I restrict new text to be less than 70 chars per line, so OE users with default settings will not break my lines when they quote them. I set OEs automatic wrap to a very large number to prevent it doing any damage to my pre-formatted message. From nobody at devnull.spamcop.net Mon Apr 12 14:44:46 2004 From: nobody at devnull.spamcop.net (Charles) Date: Mon Apr 12 14:50:04 2004 Subject: [SpamCop-List] Do i have to send spam reports manually? Message-ID: Hello all, I apologize if this is a stupid question, but I can't seem to find any info on this. I am a system admin and would like to submit all spam that slips past our current spam filters to SpamCop. For my system it amounts to about 100 messages per day. I have a method of automatically sending all of them to SpamCop via my submission address. However, I am then presented with a series of links that I must click on to complete the process for each message. Is there a better way? Is there some way submit where you do not have to go thro