From cnwykab02 at sneakemail.com Wed Dec 1 00:23:42 2004 From: cnwykab02 at sneakemail.com (Warre) Date: Tue Nov 30 18:25:04 2004 Subject: [SpamCop-List] Re: I'm glad this is not my provider... In-Reply-To: References: Message-ID: Steven Maesslein wrote: > Not that I'm defending skynet.be in any way, but you did conveniently > snip out information on *who* did not do the stuff in the remarks and > *who* will not act on complaints. > > More detailed information is: > > (snip) > > So, what this is saying is that the RIPE PoC for this netblock, > ripe/at\skynet.bet, is not the address to contact for network > problems, peering and net-abuse. noc, peering and abuse *are*. > > Please get your facts straight. > Whoops, my bad. I actually spotted this in a newsgroup and copy-pasted it, adding the link to the RIPE lookup afterwards. Sorry about this, I should have read the whole whois lookup more carefully. BTW, the newsgroup I'm talking about is named kotnet.absurd ;) From ric.gates at bigsleep.org Wed Dec 1 02:27:58 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Nov 30 21:30:06 2004 Subject: [SpamCop-List] Re: help References: <41AC90B5.521FC1CC@darkfantastique.com> Message-ID: On 30 Nov 2004 Mike Easter entered spamcop and left news:coi70f$3an$1@news.spamcop.net: > uh oh, I see autoresponders in here: > Practically all mail servers have some type of autoresponder available, it's often as easy as checking a box and typing up a message (in sendmail it's basically just an alias pointing to a text file). I always talk people out of using it, in fact I don't even think it's installed so it doesn't even work (unless I do it). But it really isn't a problem if the account has good spam filtering, and I'd never use it on public accounts, like "sales", but for individual accounts. I guess what I'm saying is that just the fact that autoresponders are available is insignificant. -- | Ric | From ric.gates at bigsleep.org Wed Dec 1 02:56:05 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Nov 30 22:00:04 2004 Subject: [SpamCop-List] Re: Reports to "dev/null" References: Message-ID: On 30 Nov 2004 Derek T entered spamcop and left news:coifr0$9t5$1@news.spamcop.net: > yes, it helps to feed the blocklist and so keeps the IP listed. The > reason is usually that the admin has told spamcop that it doesn't care > about spam spewing from hir servers, is not going to do anything about > it and doesn't want to be notified. the more this sort of pondscum are > blocklisted the better so keep reporting! > Not necesarily that they don't care, but that they don't need any more reports or it's not the correct abuse address. And in some cases abuse forwards reports to spammers. -- | Ric | From JEst at Xpppp.ney Wed Dec 1 00:14:22 2004 From: JEst at Xpppp.ney (JEst) Date: Wed Dec 1 00:15:05 2004 Subject: [SpamCop-List] Re: discoverhongkong.com References: Message-ID: "Tim McGraw" wrote in message news:cojinu$1bf$1@news.spamcop.net... > discoverhongkong.com appears to be a legit site registered to the Hong > Kong Tourism Board. No .sightings in Google Groups. > > I have been on board with travelocity for 3+ years and never received > anything but the price alerts I asked for. If you told them when you > signed up that you would accept email from their "partners" then it's > not spam. You might want to check your travelocity preferences. I believe it comes with a pre-existing involvement with Preview Travel. I probably got enveloped in the envelope of the Travelocity take over. Thank you for your feed back. From bar_n0ne at hotmail.com Wed Dec 1 11:19:15 2004 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 1 02:20:19 2004 Subject: [SpamCop-List] Two tier rates in Spam country? Message-ID: looks like the hana-fools/drools, cnc-nic-net and chinanet are implementing tiered rates for bulletprrof vs just scammy/spammy sites. I'm getting a lot of cut and paste this link spam from them Of course I am happy to oblige From somewhat at odds.tld Wed Dec 1 08:18:19 2004 From: somewhat at odds.tld (Derek T) Date: Wed Dec 1 03:20:03 2004 Subject: [SpamCop-List] Re: Reports to "dev/null" In-Reply-To: References: Message-ID: Blammo wrote: > Not necesarily that they don't care, but that they don't need any more > reports or it's not the correct abuse address. And in some cases abuse > forwards reports to spammers. > none of which are excluded by my 'usually' :-) From MikeE at ster.invalid Wed Dec 1 00:43:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 1 03:45:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Mike Easter wrote: > Dar wrote: >> Lycos Offers Spam-Server Attack Program > > Lycos spamvampiring >From Slashdot: An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Dec 1 01:30:50 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Wed Dec 1 04:35:03 2004 Subject: [SpamCop-List] Re: Phish For A Phisher :-) In-Reply-To: References: Message-ID: Gezgin wrote: >>>> scary stuff.. what does he plan on doing? getting people's >>>> paypal info? >>> >>> More likely making a complete fool of himself on the net. >>> Though I am a bit puzzled that the site is still up. It >>> certainly must have been reported many times already. >> >> It's hosted in Uruguay. Think they give a $hit..? > > "They" may not but I would have thought that PayPal could have > afforded to send in a Black Helicopter (TM) or two... PayPal is now owned by eBay, who certainly do *not* give a shit. Just look at what they did to Billpoint... -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From ric.gates at bigsleep.org Wed Dec 1 09:54:28 2004 From: ric.gates at bigsleep.org (Blammo) Date: Wed Dec 1 04:56:15 2004 Subject: [SpamCop-List] Re: Reports to "dev/null" References: Message-ID: On 01 Dec 2004 Derek T entered spamcop and left news:cojuo4$898$1@news.spamcop.net: > none of which are excluded by my 'usually' :-) > Lazy eyes, must be all that spam I've been sorting through lately ;-) -- | Ric | From dave at fastwire.co.uk Wed Dec 1 11:41:04 2004 From: dave at fastwire.co.uk (Dave Harpur) Date: Wed Dec 1 06:40:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Mike Easter" wrote: ..."You don't stop a bad thing by being bad yourself," I totally agree with Mike's sentiment, and who is going to launch a dDOS on legal "Can-Spam" compliant organisations, for example. There would definitely be a lawsuit there, though to whisper that they would spam... well! This sort of gratuitous tat would, if allowed to flourish, would at-best merely shift the annoyance of spam to excessive internet traffic at the further expense of net bandwidth. Utterly stupid and ridiculous. DH From NoBody at SpamCop.net Wed Dec 1 11:52:40 2004 From: NoBody at SpamCop.net (Bodger) Date: Wed Dec 1 06:55:03 2004 Subject: [SpamCop-List] Should I aggree with my ISP? Message-ID: Received this from my ISP this morning. Dear Customer, Warning: in four days' time, you will lose the ability to send emails unless you make a simple change to your email program settings. Why do you need to do this? As part of a worldwide initiative aimed at reducing junk email (spam) and email viruses, all email providers are switching to what is known as 'authenticated SMTP'. SMTP stands for Simple Mail Transfer Protocol, which enables the sending of email. Authentication is a method of identifying the origin of emails that stops emails being sent anonymously. Most nuisance emails (spam) are sent from people on unauthenticated email. By removing the ability to send email without authentication, spam should be substantially reduced. Making this change is simple - what to do All you need to do is switch on 'SMTP authentication', usually by ticking a box called 'My server requires authentication' in your email program settings. End ====================================== Question What will be the net effect of these changes? From bar_n0ne at hotmail.com Wed Dec 1 16:17:05 2004 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 1 07:20:02 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: "Bodger" wrote in message news:cokb9m$f8e$1@news.spamcop.net... > Received this from my ISP this morning. > > Dear Customer, > > Warning: in four days' time, you will lose the ability to send > emails unless you make a simple change to your email program > settings. > > SNIP > > All you need to do is switch on 'SMTP authentication', usually > by ticking a box called 'My server requires authentication' in > your email program settings. > > > End > ====================================== > > > Question > What will be the net effect of these changes? The net effect for you is you may continue to send mail through their servers. The next effect is that those without mail accounts at that ISP can not use their (The ISP's) servers to send mail. Unless they know an account name and Password of course. It should be much easier also to whack a mail abuser, at the moment probably the ISP would have to do some detective work, comparing server logs, and connection logs to determine who is abusing their servers whenever it occurs. It makes it inconvenient for a buddy to bring their laptop and send mail through your connection and ISP I'm sure others will weigh in soon too Basically though, just as you "sign in" to recieve mail with an ID and password, the same will be demanded to send mail. Don;t worry, you won't notice as your mail client will probably cache and reuse the password after the first mail transaction until the next time you exit the program. From wb8tyw at qsl.network Wed Dec 1 07:58:55 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Dec 1 08:00:04 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? In-Reply-To: References: Message-ID: <6uOdnUByrtCSXTDcRVn-vg@adelphia.com> Bodger wrote: > Received this from my ISP this morning. > As part of a worldwide initiative aimed at reducing junk email > (spam) and email viruses, all email providers are switching to > what is known as 'authenticated SMTP'. SMTP stands for Simple > Mail Transfer Protocol, which enables the sending of email. > Authentication is a method of identifying the origin of emails > that stops emails being sent anonymously. Translation: A few critical networks that your ISP's customers need to send mail to will start blocking your ISP's main mail servers at the first sign of viruses or multi-hop spam that comes through them. It then takes several hours or days to get these blocks removed while your ISP has to handle complaints from their users. > Most nuisance emails (spam) are sent from people on > unauthenticated email. By removing the ability to send email > without authentication, spam should be substantially reduced. Only a small amount of spam will be reduced by this. Most viruses will be stopped by this. > Making this change is simple - what to do > > All you need to do is switch on 'SMTP authentication', usually > by ticking a box called 'My server requires authentication' in > your email program settings. > Strong recommendation, especially if you are running a platform vulnerable to malware. Set up a default e-mail account that does not point to a reachable e-mail server. It adds an extra step that you must change the sender when sending e-mail, but that is only one extra mouse action for Mozilla or Outlook Express. Malware, and other programs, including web pages that attempt to use your e-mail program to send mail will lose their ability to do so with out your knowledge. > Question > What will be the net effect of these changes? E-mail from your ISP is less likely to be refused by some networks. Your ISP is less likely to end up on blocking lists, especially if they have also blocked port 25 outgoing for unregistered mail servers. Your ISP will have lower operating costs. Spammers and virus writers will have a harder time stealing resources from them to spam other networks. If you use an external mail server then you should make sure that it is using SMTP-AUTH on the alternate port (IIRC) 587. I have noticed reports on usenet that an increasing number of ISPs are blocking port 25 for residential broadband connections, some with out notice. So even if port 25 works now, I would strongly recommend making sure that you can use port 587 instead for mail servers other than your ISP. Based on other media reports, the implication is such blocks seem to be put in place because one of the other larger networks either stopped accepting any e-mail from their IP space or threatened to do so. And in the case that was most visible in the media, the blocked ISP complaints about how unfair it was did not do any good to get the e-mail accepted again. Only that ISP making sure that no spam came out of their I.P. space got the e-mail accepted again. -John wb8tyw@qsl.network Personal Opinion Only From bar_n0ne at hotmail.com Wed Dec 1 17:40:12 2004 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 1 08:45:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <6uOdnUByrtCSXTDcRVn-vg@adelphia.com> Message-ID: "John E. Malmberg" wrote in message news:6uOdnUByrtCSXTDcRVn-vg@adelphia.com... > Bodger wrote: > > Received this from my ISP this morning. > > > > > Based on other media reports, the implication is such blocks seem to be > put in place because one of the other larger networks either stopped > accepting any e-mail from their IP space or threatened to do so. > > And in the case that was most visible in the media, the blocked ISP > complaints about how unfair it was did not do any good to get the e-mail > accepted again. Only that ISP making sure that no spam came out of > their I.P. space got the e-mail accepted again. > > -John > wb8tyw@qsl.network > Personal Opinion Only John, are you speaking of the Telia/AOL thing a while back? Or something more recent? From nobody at spamcop.net Wed Dec 1 08:48:20 2004 From: nobody at spamcop.net (Pop) Date: Wed Dec 1 08:50:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Dar" wrote in message news:coj00g$l4l$1@news.spamcop.net... | Yahoo News: | | Lycos Offers Spam-Server Attack Program | | http://tinyurl.com/5u469 | | Looks like Lycos will do just about anything to get onto just one more machine: I'd almost bet that most of the downloaders are spam-infested and ignorant of how to avoid it - the same ones spammers target, in fact. Only, well, it won't take long to get around that; OK, next? Pop From Windrider6 at SpamCop.net Wed Dec 1 13:56:55 2004 From: Windrider6 at SpamCop.net (Bruce A. Johnson) Date: Wed Dec 1 09:00:05 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: "Bodger" wrote on 2004-Dec-01 in news:cokb9m$f8e$1 @news.spamcop.net: > > > All you need to do is switch on 'SMTP authentication', usually > by ticking a box called 'My server requires authentication' in > your email program settings. > I see a problem with that already with my e-mail program (Eudora). In using SpamCop mail, I have the POP server set for SpamCop, and the SMTP server is my ISP. Eudora allows only one login name. I have to use my SpamCop ID as the login name so the POP will work, but if I then set the Authentication for the SMTP, my ISP rejects the e-mail, becuase it is the wrong login name. - Bruce A. Johnson in Hardisty, Alberta, Canada - Windrider6@SpamCop.net From dkona7b02 at sneakemail.com Wed Dec 1 10:23:33 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Wed Dec 1 10:23:39 2004 Subject: [SpamCop-List] Re: Multiple Personalities in Eudora, was: Should I aggree with my ISP? In-Reply-To: References: Message-ID: <3.0.5.32.20041201102333.00fd4100@loki.fstrf.org> I am not quite sure what you are saying here but Eudora certainly allows more than one login name!!! I have several "personalities" that I use to pop my mail from several different sources using different usernames and passwords. It all works fine. Just hold down the key when you go to send a message or respond to one and you get a list of your personalities to choose from. The email is then routed out through whichever personality you set using that username and password. I am using this feature to send this from Eudora, as a matter of fact. This personality set my name to Spam Hater and my return address as my sneakemail one to prevent retribution... At 01:56 PM 12/1/2004 +0000, Bruce A. Johnson typed: >I see a problem with that already with my e-mail program (Eudora). > >In using SpamCop mail, I have the POP server set for SpamCop, and the SMTP >server is my ISP. Eudora allows only one login name. I have to use my >SpamCop ID as the login name so the POP will work, but if I then set the >Authentication for the SMTP, my ISP rejects the e-mail, becuase it is the >wrong login name. From kenbrody at spamcop.net Wed Dec 1 10:10:43 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 1 10:25:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: <41ADDEF3.72A3EDA0@spamcop.net> Berny wrote: > > "Bodger" wrote in message > news:cokb9m$f8e$1@news.spamcop.net... > > Received this from my ISP this morning. > > > > Dear Customer, [... ISP is going to require AUTH SMTP to send e-mail ...] > > Question > > What will be the net effect of these changes? > > The net effect for you is you may continue to send mail through their > servers. > > The next effect is that those without mail accounts at that ISP can not use > their (The ISP's) servers to send mail. [...] > Basically though, just as you "sign in" to recieve mail with an ID and > password, the same will be demanded to send mail. Don;t worry, you won't > notice as your mail client will probably cache and reuse the password after > the first mail transaction until the next time you exit the program. Check with your ISP as to whether or not they will expose your "real" e-mail address or username in the transmitted headers. Some SMTP servers will add a header line to the outgoing e-mail which includes the username used to authenticate yourself. (Which makes it easy for the ISP to track down a spammer, but exposes your "true" address to anyone who looks at the headers.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Wed Dec 1 10:18:20 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 1 10:25:07 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <6uOdnUByrtCSXTDcRVn-vg@adelphia.com> Message-ID: <41ADE0BC.A1AFCDB0@spamcop.net> "John E. Malmberg" wrote: [...] > I have noticed reports on usenet that an increasing number of ISPs are > blocking port 25 for residential broadband connections, some with out > notice. So even if port 25 works now, I would strongly recommend making > sure that you can use port 587 instead for mail servers other than your ISP. [...] Optimum Online recently did that. (Without notice, unless you consider something on their own web page about it "notice".) I had been using (with permission) my old dialup ISP's SMTP server, using AUTH SMTP on port 25, because Optimum Online's servers were blacklisted by many places that I needed to send to. This, of course, caused me all sorts of problems as I could no longer avoid using Optimum Online's blacklisted servers. (My old dialup ISP doesn't have anything on port 587.) However, I can tell you that, since they blocked outgoing port 25 several months ago, they are no longer blocked by most of the people I need to send to. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Wed Dec 1 10:22:41 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 1 10:25:09 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: <41ADE1C1.24D682E0@spamcop.net> "Bruce A. Johnson" wrote: [... AUTH SMTP ...] > I see a problem with that already with my e-mail program (Eudora). > > In using SpamCop mail, I have the POP server set for SpamCop, and the SMTP > server is my ISP. Eudora allows only one login name. I have to use my > SpamCop ID as the login name so the POP will work, but if I then set the > Authentication for the SMTP, my ISP rejects the e-mail, becuase it is the > wrong login name. See for how to get around this with Eudora 6. Note, however, that I was never able to get this to work properly on my wife's system. The point became moot when Optimum Online started blocking outgoing port 25 and I had to use their servers instead of my old dialup ISP's servers (which weren't blacklisted), so I stopped trying. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From porpoise1954 at yahoo.co.uk Wed Dec 1 16:20:51 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 1 11:25:02 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: "Berny" wrote in message news:cokco3$g2q$1@news.spamcop.net... > > "Bodger" wrote in message > news:cokb9m$f8e$1@news.spamcop.net... >> Received this from my ISP this morning. >> >> Dear Customer, >> >> Warning: in four days' time, you will lose the ability to send >> emails unless you make a simple change to your email program >> settings. >> >> SNIP >> >> All you need to do is switch on 'SMTP authentication', usually >> by ticking a box called 'My server requires authentication' in >> your email program settings. >> >> >> End >> ====================================== >> >> >> Question >> What will be the net effect of these changes? > > The net effect for you is you may continue to send mail through their > servers. > > The next effect is that those without mail accounts at that ISP can not > use > their (The ISP's) servers to send mail. > > Unless they know an account name and Password of course. <> > > Basically though, just as you "sign in" to recieve mail with an ID and > password, the same will be demanded to send mail. Don;t worry, you won't > notice as your mail client will probably cache and reuse the password > after > the first mail transaction until the next time you exit the program. Hmmm..... It's been like that here for years.... I'd have thought it was already like that most places these days. I guess I was wrong... ;-) Seems pretty fundamental though that you should have to authenticate to send as well as receive, otherwise your account is open to abuse (as has been happening obviously). I'm amazed it's taken them so long to implement such a simple measure......?? From porpoise1954 at yahoo.co.uk Wed Dec 1 16:26:05 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 1 11:30:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:41ADDEF3.72A3EDA0@spamcop.net... > Berny wrote: > > Check with your ISP as to whether or not they will expose your "real" > e-mail address or username in the transmitted headers. Some SMTP > servers will add a header line to the outgoing e-mail which includes > the username used to authenticate yourself. (Which makes it easy for > the ISP to track down a spammer, but exposes your "true" address to > anyone who looks at the headers.) Ummm.... Isn't that the point? Why would I want to send an email to someone and them not know it was legitimately from me. I wouldn't be able to spam very easily then - which, of course is the whole point of the excercise. In the same way, I don't accept calls from people who don't allow their number to be displayed. (If you know me, there's no need for you to hide your number - if you don't know me then why are you calling me? And if it's a legitimate call, there's no need for you to hide your number; same with email). From me at privacy.net Wed Dec 1 16:55:08 2004 From: me at privacy.net (Paul Sawyer) Date: Wed Dec 1 12:00:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Dave Harpur" wrote in news:cokag0$elg$1@news.spamcop.net: > > "Mike Easter" wrote: > > ..."You don't stop a bad thing by being bad yourself," > > > I totally agree with Mike's sentiment, and who is going to launch a > dDOS on legal "Can-Spam" compliant organisations, for example. There > would definitely be a lawsuit there, though to whisper that they would > spam... well! > > This sort of gratuitous tat would, if allowed to flourish, would > at-best merely shift the annoyance of spam to excessive internet > traffic at the further expense of net bandwidth. > > Utterly stupid and ridiculous. > > DH And the spammers would spin the increased hits as how effective their spamming is, so... more spam! -- From ric.gates at bigsleep.org Wed Dec 1 20:02:57 2004 From: ric.gates at bigsleep.org (Blammo) Date: Wed Dec 1 15:05:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: On 01 Dec 2004 Porpoise entered spamcop and left news:cokrcg$pmf$1@news.spamcop.net: > > "Kenneth Brody" wrote in message > news:41ADDEF3.72A3EDA0@spamcop.net... >> Berny wrote: >> >> Check with your ISP as to whether or not they will expose your "real" >> e-mail address or username in the transmitted headers. Some SMTP >> servers will add a header line to the outgoing e-mail which includes >> the username used to authenticate yourself. (Which makes it easy for >> the ISP to track down a spammer, but exposes your "true" address to >> anyone who looks at the headers.) > > Ummm.... Isn't that the point? Why would I want to send an email to > someone and them not know it was legitimately from me. I wouldn't be > able to spam very easily then - which, of course is the whole point of > the excercise. In the same way, I don't accept calls from people who > don't allow their number to be displayed. (If you know me, there's no > need for you to hide your number - if you don't know me then why are > you calling me? And if it's a legitimate call, there's no need for you > to hide your number; same with email). > > > I think that everyone should have to authenticate. For one, most usernames are already in the eMail address anyway, if not it should be in the return- path so that bounces go to the actual sender (not the "From"). That's my opinion anyway, and it's easy to spot any "return-path" or X-Envelope-From header for munging. It seems the most logical way to validate outgoing mail. -- | Ric | From tdy at blackhole.invalid Wed Dec 1 12:04:26 2004 From: tdy at blackhole.invalid (N. Miller) Date: Wed Dec 1 15:05:08 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: In article , Porpoise says... > "Kenneth Brody" wrote in message > news:41ADDEF3.72A3EDA0@spamcop.net... > > Berny wrote: > > Check with your ISP as to whether or not they will expose your "real" > > e-mail address or username in the transmitted headers. Some SMTP > > servers will add a header line to the outgoing e-mail which includes > > the username used to authenticate yourself. (Which makes it easy for > > the ISP to track down a spammer, but exposes your "true" address to > > anyone who looks at the headers.) > Ummm.... Isn't that the point? Why would I want to send an email to someone > and them not know it was legitimately from me. I wouldn't be able to spam > very easily then - which, of course is the whole point of the excercise. In > the same way, I don't accept calls from people who don't allow their number > to be displayed. (If you know me, there's no need for you to hide your > number - if you don't know me then why are you calling me? And if it's a > legitimate call, there's no need for you to hide your number; same with > email). Not exactly the point. It is entirely possible to authenticate to an SMTP server without that server displaying your email address. As an SBC Yahoo! DSL Service customer I have a choice of SMTP AUTH servers. I don't use the normal "smtp.pacbell.yahoo.com" server precisely because it reveals my username. I use "smtpauth.flash.net" instead. The relevant header line looks like this: > Received: from aosake.net (dialup-4.246.21.159.Dial1.SanJose1.Level3.net [4.246.21.159]) > (authenticated bits=0) > by ylpvm25.prodigy.net (8.12.10 auth mps linux/8.12.10) with ESMTP id iB1JgprC029681; > Wed, 1 Dec 2004 14:42:54 -0500 -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From hee.haw at jack.ass Wed Dec 1 16:31:06 2004 From: hee.haw at jack.ass (Dwayne Conyers) Date: Wed Dec 1 16:35:03 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: "WazoO" wrote in message news:cntoqj$j87$1@news.spamcop.net... > "Dwayne Conyers" wrote in message > news:cntjqs$fgi$1@news.spamcop.net... >> I opened an account on mail.com and it got flooded with so many spams >> that >> my 6mb storage filled up faster than I could empty it. >> >> I started reporting spam using their "this is spam" option that reports > the >> spam (after forcing you to view five advertisements). >> >> I guess I reported so many spam their solution was to unceremoniously > delete >> my account without even a "fare thee well." >> >> Those free mail accounts are worth every penny, aren't they? > > Don't know the "rest of the story" .... having spam show up on > day one does carry the suggestion that the "name" for that > account wasn't particularly chosen for spam-resistance. Prolly not... but then again when I got a cable modem at home the day my account was assigned there were 80 spams sitting there waiting to be deleted. > > "reporting" (?) to the tune of 6Meg a day also carries some > possibilities of some mistakes being made .... Well, considering that the mails were for drugs rhyming with "Niagara" and "See Alice" and for explicit NC-17 or XXX content... all of which writhe with misspellings... hidden text (in font size 1 or white color font on white background) and web bugs... I would say there were no mistakes in the items reported. -- I Shave With Occams Razor http://www.dwacon.com From hee.haw at jack.ass Wed Dec 1 16:33:12 2004 From: hee.haw at jack.ass (Dwayne Conyers) Date: Wed Dec 1 16:35:06 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: "Blammo" wrote in message news:Xns95A9B99107335blammo@216.154.195.61... > On 22 Nov 2004 Dwayne Conyers entered spamcop and left > news:cntjqs$fgi$1@news.spamcop.net: > >> I started reporting spam using their "this is spam" option that >> reports the spam (after forcing you to view five advertisements). >> > > I had an account there before they had the pop-unders, they used to have > free forwarding. they were acquired (I forget who by), started charging > for > forwarding, and on top of that added the pop-under advertising. The > advertising didn't bother me so much (other than the fact that everytime > you hit delete an ad pops up), but I complained about them being > pop-UNDERS > which I really hate, but they didn't seem to understand that I wasn't > complaining about the ads but the fact that they are hidden. They said I > could pay to get rid of the ads or they could cancel my account. Hah, I > never did cancel it. I have two pop-up blockers running simultaneously plus ad killing thanks to ZoneAlarm so I had a relatively ad-free experience. I had to eventually turn off the pop-up blocker sound effects. I'd go into the site and it would sound like the soundtrack to a Warner Bros cartoon "ping... ping... pi-pi-pi-piiing..." ------ If you were to realize how powerful your thoughts are you would never have a negative thought again www.dwacon.com From hee.haw at jack.ass Wed Dec 1 16:35:31 2004 From: hee.haw at jack.ass (Dwayne Conyers) Date: Wed Dec 1 16:35:07 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: "Pop" wrote in message news:co01m0$42a$1@news.spamcop.net... > The OP probably picked a username that was recently agandoned; > because it was being spammed so heavily - happens all the time > when you dn't pick a spam safe name. I didn't think magma.lava *at* volcanomail *dot* com would be very obvious to spammers -- but I suppose I have been proven wrong. I now use a 30-character name with lots of dots, dashes and underscores for my free blocking account. -- During the Passion of the Christ A Naked Boy was running around http://www.cafeshops.com/powerpress From porpoise1954 at yahoo.co.uk Wed Dec 1 22:47:05 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 1 17:50:02 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: "N. Miller" wrote in message news:MPG.1c17c3a7d5adcdf7989779@news.spamcop.net... > In article , Porpoise says... > >> "Kenneth Brody" wrote in message >> news:41ADDEF3.72A3EDA0@spamcop.net... >> > Berny wrote: > > > Not exactly the point. It is entirely possible to authenticate to an SMTP > server without that server displaying your email address. As an SBC Yahoo! > DSL Service customer I have a choice of SMTP AUTH servers. I don't use the > normal "smtp.pacbell.yahoo.com" server precisely because it reveals my > username. I use "smtpauth.flash.net" instead. The relevant header line > looks > like this: > >> Received: from aosake.net (dialup-4.246.21.159.Dial1.SanJose1.Level3.net >> [4.246.21.159]) >> (authenticated bits=0) >> by ylpvm25.prodigy.net (8.12.10 auth mps linux/8.12.10) with ESMTP id >> iB1JgprC029681; >> Wed, 1 Dec 2004 14:42:54 -0500 So, if (for some reason) you were to send me an email, are you saying I wouldn't be able to determine who it was from? If that were the case, I wouldn't accept it - which brings me back to my previous point: I (and I suspect *most* people) want to *know* who an email is from before I'm going to accept/read it. The whole *point* of it is to prevent people from using aliases.... or other people just using the server even though they're not legitimate users. From dfm2a3l0t2 at spymac.com Wed Dec 1 18:38:26 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Wed Dec 1 18:40:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: In article , "Mike Easter" wrote: > From Slashdot: > > An anonymous reader writes "Lycos, shortly after producing a screen > saver to fight spammers using a DoS-style attack appears to have been > hacked. Attempting to download the screen saver from lycos results in > this message 'Yes, attacking spammers is wrong, you know this, you > shouldn't be doing it. Your ip address and request have been logged and > will be reported to your ISP for further action.' Or maybe it's just a > joke -- can you ever tell?" > http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 I downloaded it before the hacking. If anybody wants it and doesn't want to take the chance with the Lycos site, e-mail me. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From David1 at suescornerweb.com Wed Dec 1 18:50:30 2004 From: David1 at suescornerweb.com (David 1) Date: Wed Dec 1 18:55:03 2004 Subject: [SpamCop-List] Re: spamcop@imaphost.com In-Reply-To: References: Message-ID: Mike Easter wrote: > Jay Marble (394041) wrote: > >>Who is this third party and where can I find information on them. > > > imaphost = cyveillance > > I don't know if Graeme Leith is here right now, so I'll try to stand in > for him. His sig sez: > > > Evidence shows Cyveillance abuse internet resources. > I recommend unchecking their box in SpamCop reports. > Cyveillance are part of the problem. > They are not part of the solution. > > > As a consequence of that sig, the question frequently arises about why > he sez that. In response to that question, he has answered: > > > Cyveillance have a robot that trawls through web sites looking for > stolen intellectual property. The robot ignores the robots.txt > exclusion protocol, originates from IP addresses that don't reverse > lookup to Cyveillance and tries to look like an ordinary user by > spoofing its user agent. > > The robots.txt (defacto) standard is used amongst other purposes to stop > robots getting stuck in dynamic pages and to stop robots generating > costs for people who pay for their web services by the amount of data > they transfer. By ignoring it, Cyveillance are seeking to make a profit > by exploiting resources that other people pay for, much like spammers > do. > > Cyveillance could avoid abusing peoples servers by sending people to > look at pages that robots are banned from. Of course this would > increase their costs, just like spammers costs would increase by using > ethical mailing practices. Cyveillance, like spammers, choose to ignore > peoples wishes in order to make their money. > > If you run a web site, you may want to grep your logs for visits from > 63. 148.99.224/27 & 65.118.41.192/27. You may also want to firewall > those addresses if you find that they have been abusing your resources > for their profit. > > If you look back to the June and July 2003 archives for the main SpamCop > newsgroup, you'll see quite a bit of discussion on the matter. > http://news.spamcop.net/pipermail/spamcop-list/ > > There are more ethical companies that perform the same service, such as > NameProtect, who identify their bot and obey the robots.txt protocol. > Their robot is perfectly welcome on my sites. Cyveillance are > firewalled whenever I find them. > > Julian (as is his right) has decided that Cyveillance are a good thing. > Quite a few people think otherwise and there is no warning on the > SpamCop site as to the abuses Cyveillance get up to. So I just leave > the sig there in an attempt to warn any newbies who drop by the > newsgroups. > > >>I'm interested to know why they collect the spam information from >>SpamCop.net. > > > Cyveillance is in the business of figuring out ways to profit from > information they get wherever they get it. They must feel that it is in > the best interests of them and their clients to be sniffing in the tons > of spam which SC reporters report and permit them to 3rd party. > > Cyveillance and Julian have been 'challenged' or questioned on the > issue, and many do not think that the imaphost is a good 3rd party to be > checking, and those people may elect to configure to leave 3rd parties > unchecked by default instead of checked. > > Cyveillance didn't do a good job here of responding to the questions > which they were asked. > Thank you for sending this, I just this minute changed my settings, actually I had kind of quit using SC, didn't see the point but I guess I'm back to using it again. Heck I got 20 megs I paid for David 1 From Merlyn at Spamcop.net Wed Dec 1 18:50:54 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Dec 1 18:55:06 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Mike Easter" wrote in message news:cok066$93h$1@news.spamcop.net... > Mike Easter wrote: >> Dar wrote: >>> Lycos Offers Spam-Server Attack Program >> >> Lycos spamvampiring > > From Slashdot: > > An anonymous reader writes "Lycos, shortly after producing a screen > saver to fight spammers using a DoS-style attack appears to have been > hacked. Attempting to download the screen saver from lycos results in > this message 'Yes, attacking spammers is wrong, you know this, you > shouldn't be doing it. Your ip address and request have been logged and > will be reported to your ISP for further action.' Or maybe it's just a > joke -- can you ever tell?" > http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 > > -- Why does everyone think this is a Lycos site??? A whois gives: canonical name makelovenotspam.com. addresses 213.115.182.123 Starring Ltd AB Kungsgatan 6 Stockholm, 111 43 SE Is this Lycos???? 213.115.182.123: inetnum: 213.115.182.64 - 213.115.182.127 netname: BB-CUST-STARRING descr: advertising company Is this Lycos???? Is this another Trojan now on hundreds of thousands of computers???? Call me paranoid but something smells fishy here. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From spamcop at oitc.com Wed Dec 1 19:05:24 2004 From: spamcop at oitc.com (spamcop) Date: Wed Dec 1 19:10:03 2004 Subject: [SpamCop-List] baseurl references Message-ID: RE http://www.spamcop.net/sc?id=z698305946zc5b0a9a430bb0914a4d5119d0b637908z SC misses baseurl references From nobody at spamcop.net Thu Dec 2 00:50:56 2004 From: nobody at spamcop.net (me-no-no) Date: Wed Dec 1 19:55:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Merlyn" wrote in message news:collcu$blh$1@news.spamcop.net... > "Mike Easter" wrote in message > news:cok066$93h$1@news.spamcop.net... >> Mike Easter wrote: >> joke -- can you ever tell?" http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 > Why does everyone think this is a Lycos site??? > > A whois gives: > canonical name makelovenotspam.com. > addresses 213.115.182.123 > > Starring Ltd AB > Kungsgatan 6 > Stockholm, 111 43 > SE > Is this Lycos???? > > 213.115.182.123: > inetnum: 213.115.182.64 - 213.115.182.127 > netname: BB-CUST-STARRING > descr: advertising company > > Is this Lycos???? > > Is this another Trojan now on hundreds of thousands of computers???? > > Call me paranoid but something smells fishy here. I would say working "on behalf of" Lycos i.e.corporate.starring.se [213.115.182.70] http://corporate.starring.se/content/about.jsp They seem to have deceived quite a lot of official news sites, if that's not the case :-) http://news.google.co.uk/news?hl=en&lr=&scoring=d&tab=gn&ie=UTF-8&q=Lycos+Screensaver&btnG=Search+News or http://tinyurl.com/5nfet No official condemnation over the past few days from Lycos either - To the contrary according to many news reports. Ciao Meno From nobody at spamcop.net Thu Dec 2 01:07:20 2004 From: nobody at spamcop.net (me-no-no) Date: Wed Dec 1 20:10:02 2004 Subject: [SpamCop-List] "Money Mule" twist Message-ID: Yet another Phisher MM twist :-) http://221.2.162.21:9121/bannerdrive/viewHome.html Even got the audacity to use the Lincoln Hospital, Bronx NY as their "Registered Office: 234 East 149th Street Bronx, NY 10451 USA Customer Call Center:UK: +1-603-719-1355 9am - 6pm UK time Fax:UK: +1-603-719-1355" Hi! bannerDrive is an online payment services provider. Using e-wallet technology and access to a global banking and payment network. bannerDrive enables online Shoppers and Merchants to make and receive secure, economical and efficient payments for goods and services via a variety of payment methods. We plan to push up sales therefore we search for a sales representatives in USA and United Kingdom. Why you should try this work: 1. You don't need any special knowledge in the field of finance or sales 2. No special membership are incurred 3. This work will take about two hour per day and is not tiresome 4. This is an in-house job 5. You can make good money with us, $2000-4000 per month. Ref: Money Mule info:- http://www.banksafeonline.org.uk/what_mule.html Ciao Meno From Merlyn at Spamcop.net Wed Dec 1 20:41:07 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Dec 1 20:45:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "me-no-no" wrote in message news:colot6$e10$1@news.spamcop.net... > "Merlyn" wrote in message > news:collcu$blh$1@news.spamcop.net... >> "Mike Easter" wrote in message >> news:cok066$93h$1@news.spamcop.net... >>> Mike Easter wrote: >>> joke -- can you ever tell?" > http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 > >> Why does everyone think this is a Lycos site??? >> >> A whois gives: >> canonical name makelovenotspam.com. >> addresses 213.115.182.123 >> >> Starring Ltd AB >> Kungsgatan 6 >> Stockholm, 111 43 >> SE > >> Is this Lycos???? [snipped] >> Call me paranoid but something smells fishy here. > > I would say working "on behalf of" Lycos i.e.corporate.starring.se > [213.115.182.70] > http://corporate.starring.se/content/about.jsp > > They seem to have deceived quite a lot of official news sites, if that's > not the case :-) > http://news.google.co.uk/news?hl=en&lr=&scoring=d&tab=gn&ie=UTF-8&q=Lycos+Screensaver&btnG=Search+News > or > http://tinyurl.com/5nfet > > No official condemnation over the past few days from Lycos either - To the > contrary according to many news reports. > I agree, one of my sites has links to a boatload of news articles about it. I would just think that if Lycos is the actual owner it would show in the Whois instead of an advertising company. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Thu Dec 2 01:58:59 2004 From: nobody at spamcop.net (me-no-no) Date: Wed Dec 1 21:00:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Merlyn" wrote in message news:colrrj$g66$1@news.spamcop.net... > "me-no-no" wrote in message >>> Why does everyone think this is a Lycos site??? >>> A whois gives: >>> canonical name makelovenotspam.com. >>> addresses 213.115.182.123 >>> Starring Ltd AB >>> Kungsgatan 6 >>> Stockholm, 111 43 >>> SE >> >>> Is this Lycos???? > > [snipped] > >>> Call me paranoid but something smells fishy here. >> >> I would say working "on behalf of" Lycos i.e.corporate.starring.se >> [213.115.182.70] >> http://corporate.starring.se/content/about.jsp >> >> They seem to have deceived quite a lot of official news sites, if that's >> not the case :-) >> http://news.google.co.uk/news?hl=en&lr=&scoring=d&tab=gn&ie=UTF-8&q=Lycos+Screensaver&btnG=Search+News >> or >> http://tinyurl.com/5nfet >> >> No official condemnation over the past few days from Lycos either - To >> the contrary according to many news reports. >> > I agree, one of my sites has links to a boatload of news articles about > it. > > I would just think that if Lycos is the actual owner it would show in the > Whois instead of an advertising company. It looks like they outsourced this "Pandora`s Box" to starring.se - in order to keep it well away from their (Lycos) corporate servers - in the event of it all backfiring on them :-) Ciao Meno From nobody at spamcop.net Wed Dec 1 18:06:58 2004 From: nobody at spamcop.net (Dar) Date: Wed Dec 1 21:10:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: > >> Call me paranoid but something smells fishy here. > > > > I would say working "on behalf of" Lycos i.e.corporate.starring.se > > [213.115.182.70] > > http://corporate.starring.se/content/about.jsp > > > > They seem to have deceived quite a lot of official news sites, if that's > > not the case :-) > > http://news.google.co.uk/news?hl=en&lr=&scoring=d&tab=gn&ie=UTF-8&q=Lycos+Screensaver&btnG=Search+News > > or > > http://tinyurl.com/5nfet > > > > No official condemnation over the past few days from Lycos either - To the > > contrary according to many news reports. > > > > > I agree, one of my sites has links to a boatload of news articles about it. > > I would just think that if Lycos is the actual owner it would show in the > Whois instead of an advertising company. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided For whatever it's worth, the link *is* advertised on the main site: http://www.lycos.de/ The link is to: http://www.lycos.de/makelovenotspam/ but clicking on the link from there, you get a Flash popup. Dar From nospam at nospam.org Thu Dec 2 03:40:28 2004 From: nospam at nospam.org (geo_splash_12) Date: Wed Dec 1 21:45:04 2004 Subject: [SpamCop-List] Re: I'm glad this is not my provider... In-Reply-To: References: Message-ID: Warre wrote: > Whois lookup for one of Belgium's largest broadband providers: Correction: this is only a part of skynet.be, which is really spans a much larger range in the ip space. Evidence: http://www.senderbase.org/search?searchString=skynet.be > > % This is the RIPE Whois tertiary server. > % The objects are in RPSL format. > % > % Rights restricted by copyright. > % See http://www.ripe.net/db/copyright.html > > inetnum: 194.78.149.0 - 194.78.149.255 > netname: SKY-2277522 > descr: SKY-1175721 > country: BE > admin-c: AC4927-RIPE > tech-c: SN2068-RIPE > rev-srv: ns1.skynet.be > ... > remarks: ------------------------------------------- > remarks: Network problems to: noc@skynet.be > remarks: Peering requests to: peering@skynet.be > remarks: Abuse notifications to: abuse@skynet.be > remarks: - I did *not* hack your computer > remarks: - I did *not* send you SPAM or virus > remarks: - I will *not* read your abuse complaints > remarks: ------------------------------------------- > > Guess which is the only SBL-listed ISP in Belgium... > > If you want to see for yourself: > http://tinyurl.com/55zce -- And your Chinese exchange student asks: what does it mean "I'm busy". Location 51 57'N 4 28'E From ric.gates at bigsleep.org Thu Dec 2 03:20:48 2004 From: ric.gates at bigsleep.org (Blammo) Date: Wed Dec 1 22:25:04 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: On 01 Dec 2004 Dwayne Conyers entered spamcop and left news:cold5k$5t8$1@news.spamcop.net: > Prolly not... but then again when I got a cable modem at home the day my > account was assigned there were 80 spams sitting there waiting to be > deleted. > Your account was born pregnant! Before it was activated it was aborting them. -- | Ric | From ric.gates at bigsleep.org Thu Dec 2 03:27:16 2004 From: ric.gates at bigsleep.org (Blammo) Date: Wed Dec 1 22:30:02 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: On 01 Dec 2004 Dwayne Conyers entered spamcop and left news:cold9i$5vc$1@news.spamcop.net: > I have two pop-up blockers running simultaneously plus ad killing > thanks to ZoneAlarm so I had a relatively ad-free experience. > > I had to eventually turn off the pop-up blocker sound effects. I'd go > into the site and it would sound like the soundtrack to a Warner Bros > cartoon "ping... ping... pi-pi-pi-piiing..." > You know I saw that crap that ZoneAlarm was doing, and it really pissed me off. Mozilla and Firefox don't need any of that, and the web-bug blocker really screws up some sites. But there's no way to enable it for only IE, which is about the only browser that needs it (well maybe Communicator). I discussed the web-bug-bug with support but they were completely oblivious, I'm not impressed at all. Using Mozilla for some time now and I no longer notice pop-ups at all, unless they are actually needed for some reason. -- | Ric | From nobody at xyzzy.claranet.de Thu Dec 2 06:34:19 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Dec 2 00:35:04 2004 Subject: [SpamCop-List] Re: baseurl references References: Message-ID: <41AEA95B.64DF@xyzzy.claranet.de> spamcop wrote: > http://www.spamcop.net/sc?id=z698305946zc5b0a9a430bb0914a4d5119d0b637908z > SC misses baseurl references Not when I look at it, it found gatheringproducttesters.info Bye, Frank From nobody at xyzzy.claranet.de Thu Dec 2 06:55:41 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Dec 2 01:05:02 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: Message-ID: <41AEAE5D.46F1@xyzzy.claranet.de> Bodger wrote: > Question > What will be the net effect of these changes? Minimal to zero. SMTP AUTH has nothing to do with "enforced submission rights", if you're authenticated you can still forge your MAIL FROM. SMTP AUTH PLAIN or LOGIN over a normal connection (no SSL / TLS) is not much better than SMTP-after- POP, and worse than SMTP-after-APOP. SMTP AUTH in addition to RADIUS may help to confuse trojaned boxes if they try to spam using the official relay of the ISP. You really need it for roaming users _or_ "enforced submission rights". In the case of _and_ SMTP AUTH works also, but then SMTP-after-POP would be not much worse. I've just lost an account with SMTP-after-POP _and_ "enforced submission rights". Bad for me, because my old MUA does not support SMTP AUTH. Bad for the world at large, because I'm now using another account with another MUA with SMTP AUTH but _without_ "enforced submission rights": Of course I screwed up and sent MAIL FROM: via this provider. They accepted it, but it was forged, my real address at this provider is different. With the old account that was impossible, they rejected it. In other words, SMTP AUTH alone is almost useless. Bye, Frank From skiwi at spamcop.net Wed Dec 1 22:39:50 2004 From: skiwi at spamcop.net (sk1w1) Date: Thu Dec 2 01:40:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: me-no-no wrote: > Is this for real ?? (courtesy heise.de) 26.11.2004 16:43 > > Lycos users are to attack spammers > In its campaign "Make Love, Not Spam", Lycos Europe is now sending a very > special screen saver to its users. This program for Windows or MacOS > constantly visits websites for which spam has been sent. "The more users > download and use the screen saver, the lower the performance of the sites > sending out the spam, and the greater the costs for the operators," Lycos > explained..............http://www.heise.de/english/newsticker/news/53697 > Ciao > Meno Hitting the mass media... e.g., today's www.smh.com.au reprinted from the Guardian - which is presumably why they list http://www.lycos.co.uk as the 'download site'... Refinement of Spam Vampire concept I guess (http://www.hillscapital.com/antispam/) Wonder how many users after signing up will get there service threatened / cut by their own ISP for 'denial of service' reasons... and/or ISPs start charging for 'excessive' download volumes... ---- My prediction of next piece of malware - hijacking of the Lycos et al software to 'attack' other sites such as Spamcop, Spamhaus, etc! ---- Mind you, if I asked 'nice', do you think Lycos UK would direct all attempts for a few days at cears.com, etc over there in BR? :-) From devnull at devnull.devnull Thu Dec 2 10:38:21 2004 From: devnull at devnull.devnull (Anty Spam) Date: Thu Dec 2 03:50:08 2004 Subject: [SpamCop-List] Re: Phish For A Phisher :-) References: Message-ID: "me-no-no" wrote in message news:coanji$k61$1@news.spamcop.net... > Interesting - Phisher forgot to chmode to stop peaking :-) > http://146.83.5.15/.paypal/ > > Ciao > Meno > Hmm : Uruguay Maybe an engineering student is taking "SPAM & SCAM 101" for bonus credits. Especially with all the activities of this kind from South Amercian countries ...:-) Cheers From porpoise1954 at yahoo.co.uk Thu Dec 2 09:57:28 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 2 05:00:54 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Merlyn" wrote in message news:collcu$blh$1@news.spamcop.net... > "Mike Easter" wrote in message > news:cok066$93h$1@news.spamcop.net... >>>> http://it.slashdot.org/it/04/12/01/0250244.shtml?tid=111&tid=218 >> >> -- > > Why does everyone think this is a Lycos site??? > > A whois gives: > canonical name makelovenotspam.com. > addresses 213.115.182.123 > > Starring Ltd AB > Kungsgatan 6 > Stockholm, 111 43 > SE > > Is this Lycos???? > > 213.115.182.123: > inetnum: 213.115.182.64 - 213.115.182.127 > netname: BB-CUST-STARRING > descr: advertising company > > Is this Lycos???? > > Is this another Trojan now on hundreds of thousands of computers???? > > Call me paranoid but something smells fishy here. Now, it's funny you should say that because I was starting towards a similar conclusion........ I've gone all over the Lycos site, and there's no reference to this screensaver whatsoever. AFAICS. From David1 at suescornerweb.com Thu Dec 2 05:18:48 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 2 05:20:13 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... In-Reply-To: References: Message-ID: Blammo wrote: > On 01 Dec 2004 Dwayne Conyers entered spamcop and left > news:cold9i$5vc$1@news.spamcop.net: > > >>I have two pop-up blockers running simultaneously plus ad killing >>thanks to ZoneAlarm so I had a relatively ad-free experience. >> >>I had to eventually turn off the pop-up blocker sound effects. I'd go >>into the site and it would sound like the soundtrack to a Warner Bros >>cartoon "ping... ping... pi-pi-pi-piiing..." >> > > > You know I saw that crap that ZoneAlarm was doing, and it really pissed me > off. Mozilla and Firefox don't need any of that, and the web-bug blocker > really screws up some sites. But there's no way to enable it for only IE, > which is about the only browser that needs it (well maybe Communicator). > I discussed the web-bug-bug with support but they were completely > oblivious, I'm not impressed at all. > > Using Mozilla for some time now and I no longer notice pop-ups at all, > unless they are actually needed for some reason. I do have to say since I switched to FireFox about a month or so ago I've been really happy, there have only been 2 sites I've had to open & both of those were financial. You get this little line on top of your screen that tells you it blocked & a link to allow it. I don't know if sound is optional or not but I never hear nothing & that suits me just fine. David 1 From porpoise1954 at yahoo.co.uk Thu Dec 2 12:22:09 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 2 07:25:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41AEAE5D.46F1@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:41AEAE5D.46F1@xyzzy.claranet.de... > Bodger wrote: > >> Question >> What will be the net effect of these changes? > > Of course I screwed up and sent MAIL FROM: via > this provider. They accepted it, but it was forged, my real > address at this provider is different. With the old account > that was impossible, they rejected it. > > In other words, SMTP AUTH alone is almost useless. Bye, Frank > Maybe I'm missing something here, but I think your missing the point of *auth.smtp*. It's primary purpose is so that you have to login to the smtp server to send mail, in the same way that you have to login to the pop server to retrieve your incoming mail, thereby, stopping unauthorised use of the smtp server by people who don't actually have an account. As long as you have a valid username and password to login, it shouldn't make any difference what email you give as the return address. (As long as it's a valid one of course). Without that, anyone would be able to send mail from that server (this is how most of the forged From: stuff is actually sent - which is why the slow ISPs/hosts are now getting their act together with this. There is also the distinction to be made between ISP and hosting. Our ISP has nothing to do with our hosting company - and, therefore, nothing to do with our email. So, our logins for the two are entirely seperate issues (Even with always-on broadband there *is* still a login). This is one of the issues related to forms on webpages; you have to be careful that the script is external to the page so that someone cannot exploit any information relating to the processing of the form data (such as the login details for the email account - if the form data is emailed somewhere). From porpoise1954 at yahoo.co.uk Thu Dec 2 12:26:54 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 2 07:30:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41AEAE5D.46F1@xyzzy.claranet.de> Message-ID: "Porpoise" wrote in message news:con1f8$6q1$2@news.spamcop.net... > > > Maybe I'm missing something here, but I think your missing the point of Sh*t! yes! I did it your honour! I plead guilty as charged! It should have been "you're". ;-) Half asleep. From dkona7b02 at sneakemail.com Thu Dec 2 10:43:31 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Dec 2 10:43:35 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: <3.0.5.32.20041202104331.00f81a20@loki.fstrf.org> What I am wondering is which sites are on the attack list?? The article I read mentioned SpamCop as the source, but SpamCop only lists email injection sites, not SPAMvertisers... So, does that mean the screen saver is going after all the zombie boxes that are spewing out the SPAM itself or do they have access to some hidden list of SPAMvertisers that we report? At 10:39 PM 12/1/2004 -0800, sk1w1 typed: >snip< >Wonder how many users after signing up will get there service threatened >/ cut by their own ISP for 'denial of service' reasons... and/or ISPs >start charging for 'excessive' download volumes... From ric.gates at bigsleep.org Thu Dec 2 16:37:50 2004 From: ric.gates at bigsleep.org (Blammo) Date: Thu Dec 2 11:40:02 2004 Subject: [SpamCop-List] Re: One way to deal with the spam problem... References: Message-ID: On 02 Dec 2004 David 1 entered spamcop and left news:comq54$2o7$1@news.spamcop.net: > I don't know if > sound is optional or not but I never hear nothing & that suits me just > fine. I'm pretty sure it is, I actually use an old plugin called Yamaha MIDPLUG for XG. You need one or all of Macromedia Shockwave Flash, Quicktime (which will play audio as well), and optionally Windows Media Player Plug-in. Type about:plugins into location to see the list. Actually many sites use the MS tag BGSOUND which only works in MSIE as far as I know. Some sites use Flash sound, and you can get an extension that will disable Flash until you click it, which is nice since Flash doesn't give you any audio controls. MidPlug is a little awkward, but I like it because it's very similar to the old LiveAudio plugin. If anyone wants it I'll post a link. -- | Ric | From beanta at slu.edu Thu Dec 2 10:38:39 2004 From: beanta at slu.edu (Thomas Bean) Date: Thu Dec 2 11:55:07 2004 Subject: [SpamCop-List] SC Parser misses URLs w/ bogus embedded HTML tags Message-ID: I have been encountering spam e-mails lately that have bogus HTML tags embedded throughout the text/html section. The spammer has evidently discovered that this will confuse the SpamCop parser. This is a recent example (from reportid 1304805196): http://211.158.15.61/vb/ The actual spamvertised URL is http://211.158.15.61/vb/ In my e-mail client, the bogus tags do not show up as displayable text in the URL; however, the resulting URL is non-clickable (the spammer precedes the URL with instructions to copy and paste the URL into a browser). Is this a common spammer trick? Is there any way to get SC to report these sites without munging the message text (which is against SC rules)? Is there any formal process in place to submit suggestions for improvements to the parser? From MikeE at ster.invalid Thu Dec 2 08:53:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 11:55:13 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Spam Hater wrote: > What I am wondering is which sites are on the attack list?? The > article I read mentioned SpamCop as the source, but SpamCop only > lists email injection sites, not SPAMvertisers... SC 'publishes' spamvertisers on the stats page^1, which is helpful to scrapers such as surbl^2 which list them in their own blocklist. > So, does that mean > the screen saver is going after all the zombie boxes that are spewing > out the SPAM itself No. > or do they have access to some hidden list of > SPAMvertisers that we report? Not hidden, see below. Maybe they use some subset of the surbl. They also claim to actually check for themselves if their targetted sites are 'really' spamvertiser sites. ^1 frontpage http://www.spamcop.net/spamstats.shtml Spamvertised Web Sites http://www.spamcop.net/w3m?action=inprogress;type=www ^2 SURBL - Spam URI Realtime Blocklists sc.surbl.org - SpamCop message-body URI domains "Scripts which power the database and SURBL creation grab data from SpamCop's "Spamvertised Web Sites" web page every couple minutes or so, then merge new entries and expire the data so that it's never more than 4 days old." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 2 08:58:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 12:00:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Thomas Bean wrote: > This is a recent example (from reportid 1304805196): The best way to post a demonstration of a spamcop parse for discussion is to parse the item, copy the tracking url from the top section, and then send or cancel the parse. The context is like this: Here is your TRACKING URL - it may be saved for future reference: spamcop.net/sc?id=z698550180za357f3a3dcfb7167cafed942287fbf56z -- Mike Easter kibitzer, not SC admin From ric.gates at bigsleep.org Thu Dec 2 17:32:10 2004 From: ric.gates at bigsleep.org (Blammo) Date: Thu Dec 2 12:35:04 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: On 02 Dec 2004 Thomas Bean entered spamcop and left news:conh46$fvl$1@news.spamcop.net: > Is there any way to get SC to report these > sites without munging the message text (which is against SC rules)? If you open a second SpamCop window so you can get the Submit Spam form you can paste the URL in and parse it. This will give you an eMail address to ad to the user notification. I'm pretty sure you need a paid account to get the User Notify option. -- | Ric | From nobody at spamcop.net Thu Dec 2 11:43:45 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 2 12:40:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Spam Hater" wrote in message news:mailman.23.1102002215.4572.spamcop-list@news.spamcop.net... > What I am wondering is which sites are on the attack list?? The article I > read mentioned SpamCop as the source, but SpamCop only lists email > injection sites, not SPAMvertisers... So, does that mean the screen saver > is going after all the zombie boxes that are spewing out the SPAM itself > or do they have access to some hidden list of SPAMvertisers that we > report? > They have no access to any hidden lists -- there are no hidden lists :-) There is the listing on the stats page of urls that are currently being reported from spam reports. http://www.spamcop.net/w3m?action=inprogress;type=www That page, and all the stats pages, are publicly available resources. I do not know if they (whoever they are) are using that page or not. Let me add that the first we heard about this tool/screensaver thing was reading anti-spam lists/forums the same as everyone else. Ellen From dkona7b02 at sneakemail.com Thu Dec 2 12:52:44 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Dec 2 12:53:38 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags In-Reply-To: References: Message-ID: <3.0.5.32.20041202125244.00f80f40@loki.fstrf.org> Where did you see a rule that says munging the message text is forbidden?? AFAIK, you can munge anything you wish in order to hide references to yourself in a SPAM item. If the SPAMmer includes a bogus URL of the form www.yourdomain.com I personally don't think there is anything wrong with simply removing the entire reference. That would be a case of under reporting which shouldn't upset the apple cart at all. It is the same as simply unclicking the checkmark next to the report for that website after the parse. The only time munging is not an option is when an ISP specifically refuses munged reports. Are you sure you are not confusing this with the "no material changes" rule? That only applies to cases where changing a header item might cause SpamCop to misidentify the sender... On 02 Dec 2004 Thomas Bean wrote: > Is there any way to get SC to report these > sites without munging the message text (which is against SC rules)? From beanta at slu.edu Thu Dec 2 11:50:00 2004 From: beanta at slu.edu (Thomas Bean) Date: Thu Dec 2 12:55:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Sorry, here is the tracking URL: http://www.spamcop.net/sc?id=z698535436z3e5e148442ca867247174028607d3131z --Thomas "Mike Easter" wrote in message news:conhi1$geo$1@news.spamcop.net... > Thomas Bean wrote: > > This is a recent example (from reportid 1304805196): > > The best way to post a demonstration of a spamcop parse for discussion > is to parse the item, copy the tracking url from the top section, and > then send or cancel the parse. > > The context is like this: > > Here is your TRACKING URL - it may be saved for future reference: > spamcop.net/sc?id=z698550180za357f3a3dcfb7167cafed942287fbf56z > > > -- > Mike Easter > kibitzer, not SC admin > From beanta at slu.edu Thu Dec 2 11:51:12 2004 From: beanta at slu.edu (Thomas Bean) Date: Thu Dec 2 12:55:08 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Good idea. I do have a paid account, so I will try that. "Blammo" wrote in message news:Xns95B3611921B4Eblammo@216.154.195.61... > On 02 Dec 2004 Thomas Bean entered spamcop and left > news:conh46$fvl$1@news.spamcop.net: > > > Is there any way to get SC to report these > > sites without munging the message text (which is against SC rules)? > > If you open a second SpamCop window so you can get the Submit Spam form you > can paste the URL in and parse it. This will give you an eMail address to > ad to the user notification. > I'm pretty sure you need a paid account to get the User Notify option. > > -- > | Ric > | From cnwykab02 at sneakemail.com Thu Dec 2 18:57:08 2004 From: cnwykab02 at sneakemail.com (Warre) Date: Thu Dec 2 13:00:04 2004 Subject: [SpamCop-List] Re: I'm glad this is not my provider... In-Reply-To: References: Message-ID: geo_splash_12 wrote: > Warre wrote: > >> Whois lookup for one of Belgium's largest broadband providers: > > > Correction: this is only a part of skynet.be, which is really spans a > much larger range in the ip space. Evidence: > > http://www.senderbase.org/search?searchString=skynet.be > I know. My mistake. See my previous post... From SpamNScamsReporter# at gmail#.com# Thu Dec 2 10:09:35 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Thu Dec 2 13:10:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: sk1w1 wrote: > me-no-no wrote: > >> Is this for real ?? (courtesy heise.de) 26.11.2004 16:43 >> > > Wonder how many users after signing up will get there service threatened > / cut by their own ISP for 'denial of service' reasons... and/or ISPs > start charging for 'excessive' download volumes... > > ---- > > My prediction of next piece of malware - hijacking of the Lycos et al > software to 'attack' other sites such as Spamcop, Spamhaus, etc! > > ---- > > Mind you, if I asked 'nice', do you think Lycos UK would direct all > attempts for a few days at cears.com, etc over there in BR? :-) Here's a forwarded message to list. Long, but with a SpamCop reference. Is this what might be slowing down SpamCop's servers? It also shows targets of the screen saver. ----- Forwarded message from "Hannigan, Martin" ----- > From: "Hannigan, Martin" > To: nanog list > Subject: RE: How many backbones here are filtering the makelovenotspam screensaver site? > Date: Thu, 2 Dec 2004 10:28:26 -0500 > > > > -----Original Message----- > > From: Lionel [mailto:nop@alt.net] > > Sent: Thursday, December 02, 2004 8:40 AM > > To: Hannigan, Martin > > Cc: nanog list > > Subject: Re: How many backbones here are filtering the makelovenotspam screensaver site? > > > > > > On Thu, 2 Dec 2004 08:27:38 -0500 , "Hannigan, Martin" > > wrote: > > > > >> > Hosted on a cablemodem? Tch, tch, how the mighty have fallen > > > > > > > > >The blocks are widespread. > > > > > >The reports of hackers are incorrect. The blackholes are > > what is stopping > > >them. > > > > What amazing efficiency. I can't help but wonder if these > > same providers > > are as quick at blackholing spamsite hosts, or blocking the zombies on > > their user networks from spewing spam on port 25? > > If you tied all the spammers into a few controllers, you see it happen > immediately. > > I've been following the news reports on this. Here's a quick summary > of "what I know" without making any judgement or opinion: > > > - The lycos screensaver campaign activated Tuesday > - Major networks began activating blocks > - When the controllers can't be reached, the clients die off > - If screensaver is active when controllers die, it runs > off the current target list. > - If screensaver deactivates, then activates, it can't > contact the servers and tells the user it's "off the internet" > (I can't verify the veracity of the update process i.e. if it > will die while active) > - Blocks started going up early Wednesday morning > - The press began reporting hackers due to an apparentdefacement > being seen by many users. What they actually saw was the banner of > an ISP that had blackholed the traffic and redirected port > 80 to a notice. > - Lycos moved their application to a hosting facility with bigger pipes > - Target sites began using redirects sending the traffic back > to Lycos > - Press reports are coming out today regarding the blackholes > - SpamCop is the source of the target list via a page that is public > off of the SpamCop site (SpamCop is does not appear to have complicity) > - The effectiveness of the blackholes is rising > - There are a reported 100K clients downloaded. Less than you would > expect due to the voluminous press coverage. Probably a result of > the blackhole activity as well. > > I'm really not sure if Lycos knows about the blackholes at > this point as the press has been reporting "hackers" all the while. > If you think it's hacked, check the route. > > Here's some operational data captured via ethereal > > The target list generated by the botnet controller: > > GET > /xml/69426058014054/94772079193788/35264029467456/12122010129438/CONFIG_2865 > 2023942308.xml HTTP/1.1 > Referer: > http://backend.makelovenotspam.com/xml/69426058014054/94772079193788/3526402 > 9467456/12122010129438/CONFIG_28652023942308.xml > x-flash-version: 7,0,19,0 > User-Agent: Shockwave Flash > Host: backend.makelovenotspam.com > Cache-Control: no-cache > > HTTP/1.1 200 OK > Server: Resin/2.1.14 > Content-Type: text/xml; charset=UTF-8 > Content-Length: 2889 > Connection: close > Date: Thu, 02 Dec 2004 15:22:00 GMT > > > domain="myshopinternetcompany.com" > url="http://myshopinternetcompany.com/?e=aa5100" bytes="357460680" > hits="2572309" percentage="100" responsetime01="498" responsetime02="0" > location="BR" /> url="http://grlswaiting4u.com/" bytes="206765667" hits="1488797" > percentage="100" responsetime01="11866" responsetime02="0" location="US" > /> url="http://1stwebsitetheyourshop.com/?e=aa5100" bytes="317867325" > hits="2288427" percentage="100" responsetime01="507" responsetime02="0" > location="BR" /> url="http://cheap-r-x.com/" bytes="355920802" hits="2565612" > percentage="100" responsetime01="787" responsetime02="0" location="CN" > /> url="http://www.hlplmanhds.biz/" bytes="317590861" hits="2269503" > percentage="100" responsetime01="785" responsetime02="0" location="CN" > /> url="http://r.vtm.homewo.com/" bytes="367630639" hits="2248424" > percentage="100" responsetime01="5542" responsetime02="0" location="CN" > /> url="http://www.incentiverewardcenter.com/xg_reg.htm?SID=ab9ee352c3402bdc858 > e5540b887d28a--landing_page=1--show=zip--=--p=92375--c=5411-toys250_720_emc- > -catalog_id=14--a=--affil=5408--subid=1" bytes="1028999994" hits="6992693" > percentage="-144200" responsetime01="1442" responsetime02="-1" location="US" > /> url="http://www.macromed.ws/" bytes="742958780" hits="5063804" > percentage="100" responsetime01="1212" responsetime02="0" location="RU" > /> url="http://www.curdom.com/" bytes="734756904" hits="4831221" > percentage="46" responsetime01="2134" responsetime02="4541" location="CN" > /> url="http://www.bacbwefds.info/" bytes="422036604" hits="2463679" > percentage="100" responsetime01="3375" responsetime02="0" location="CN" > /> value="http://backend.makelovenotspam.com/xml" /> name="interval-diagram" value="10000" /> value="10000" /> name="refresh-xml" value="1200000" /> /> value="http://backend.makelovenotspam.com/report" /> name="average-percentage" value="100.0" /> value="143003829363" /> name="downloads" value="103803" /> /> > > > Here's what they appear to receiving a lot as a result: > > IN`TS > . > > 501 Method Not Implemented > >

Method Not Implemented

>

<makeLOVEnotSPAM>IN`TS</makeLOVEnotSPAM> to /index.html not > supported.
>

> > > > ----- End forwarded message ----- From beanta at slu.edu Thu Dec 2 12:10:05 2004 From: beanta at slu.edu (Thomas Bean) Date: Thu Dec 2 13:15:04 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Not according to the FAQ (http://www.spamcop.net/fom-serve/cache/283.html): SpamCop FAQ : SpamCop Parsing and Reporting Service : Rules - everybody read! : Material changes to spam "SpamCop does what it does and doesn't do for a reason. Do not make any material changes to spam before submitting or parsing which may cause SpamCop to find a link, address or URL it normally would not, by design, find." I don't see any mention of this only applying in cases that might cause a misidentification of the sender. Am I interpreting this too strictly/literally? In my case, the spammer was not using a bogus URL, there were simply bogus HTML tags inserted between characters in the URL that prevented the SC parser from recognizing it. "Spam Hater" wrote in message news:mailman.24.1102010019.4572.spamcop-list@news.spamcop.net... > Where did you see a rule that says munging the message text is > forbidden?? AFAIK, you can munge anything you wish in order to hide > references to yourself in a SPAM item. If the SPAMmer includes a > bogus URL of the form www.yourdomain.com I personally don't think > there is anything wrong with simply removing the entire reference. > That would be a case of under reporting which shouldn't upset the > apple cart at all. It is the same as simply unclicking the checkmark > next to the report for that website after the parse. The only time > munging is not an option is when an ISP specifically refuses munged > reports. > > Are you sure you are not confusing this with the "no material > changes" rule? That only applies to cases where changing a > header item might cause SpamCop to misidentify the sender... > > On 02 Dec 2004 Thomas Bean wrote: > > > Is there any way to get SC to report these > > sites without munging the message text (which is against SC rules)? > From SpamNScamsReporter# at gmail#.com# Thu Dec 2 10:12:31 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Thu Dec 2 13:15:06 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: Spam Hater wrote: > What I am wondering is which sites are on the attack list?? The article I > read mentioned SpamCop as the source, but SpamCop only lists email > injection sites, not SPAMvertisers... So, does that mean the screen saver > is going after all the zombie boxes that are spewing out the SPAM itself > or do they have access to some hidden list of SPAMvertisers that we > report? > > At 10:39 PM 12/1/2004 -0800, sk1w1 typed: > > >>snip< >>Wonder how many users after signing up will get there service threatened >>/ cut by their own ISP for 'denial of service' reasons... and/or ISPs >>start charging for 'excessive' download volumes... Here is what seems to be the target list. > Here's some operational data captured via ethereal > > The target list generated by the botnet controller: > > GET > /xml/69426058014054/94772079193788/35264029467456/12122010129438/CONFIG_2865 > 2023942308.xml HTTP/1.1 > Referer: > http://backend.makelovenotspam.com/xml/69426058014054/94772079193788/3526402 > 9467456/12122010129438/CONFIG_28652023942308.xml > x-flash-version: 7,0,19,0 > User-Agent: Shockwave Flash > Host: backend.makelovenotspam.com > Cache-Control: no-cache > > HTTP/1.1 200 OK > Server: Resin/2.1.14 > Content-Type: text/xml; charset=UTF-8 > Content-Length: 2889 > Connection: close > Date: Thu, 02 Dec 2004 15:22:00 GMT > > > domain="myshopinternetcompany.com" > url="http://myshopinternetcompany.com/?e=aa5100" bytes="357460680" > hits="2572309" percentage="100" responsetime01="498" responsetime02="0" > location="BR" /> url="http://grlswaiting4u.com/" bytes="206765667" hits="1488797" > percentage="100" responsetime01="11866" responsetime02="0" location="US" > /> url="http://1stwebsitetheyourshop.com/?e=aa5100" bytes="317867325" > hits="2288427" percentage="100" responsetime01="507" responsetime02="0" > location="BR" /> url="http://cheap-r-x.com/" bytes="355920802" hits="2565612" > percentage="100" responsetime01="787" responsetime02="0" location="CN" > /> url="http://www.hlplmanhds.biz/" bytes="317590861" hits="2269503" > percentage="100" responsetime01="785" responsetime02="0" location="CN" > /> url="http://r.vtm.homewo.com/" bytes="367630639" hits="2248424" > percentage="100" responsetime01="5542" responsetime02="0" location="CN" > /> url="http://www.incentiverewardcenter.com/xg_reg.htm?SID=ab9ee352c3402bdc858 > e5540b887d28a--landing_page=1--show=zip--=--p=92375--c=5411-toys250_720_emc- > -catalog_id=14--a=--affil=5408--subid=1" bytes="1028999994" hits="6992693" > percentage="-144200" responsetime01="1442" responsetime02="-1" location="US" > /> url="http://www.macromed.ws/" bytes="742958780" hits="5063804" > percentage="100" responsetime01="1212" responsetime02="0" location="RU" > /> url="http://www.curdom.com/" bytes="734756904" hits="4831221" > percentage="46" responsetime01="2134" responsetime02="4541" location="CN" > /> url="http://www.bacbwefds.info/" bytes="422036604" hits="2463679" > percentage="100" responsetime01="3375" responsetime02="0" location="CN" > /> value="http://backend.makelovenotspam.com/xml" /> name="interval-diagram" value="10000" /> value="10000" /> name="refresh-xml" value="1200000" /> /> value="http://backend.makelovenotspam.com/report" /> name="average-percentage" value="100.0" /> value="143003829363" /> name="downloads" value="103803" /> /> > > From nobody at devnull.spamcop.net Thu Dec 2 12:31:01 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Dec 2 13:35:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags In-Reply-To: References: Message-ID: (Top posting fixed) Thomas Bean wrote: > "Mike Easter" wrote in message > news:conhi1$geo$1@news.spamcop.net... >>The context is like this: >> >>Here is your TRACKING URL - it may be saved for future reference: >>spamcop.net/sc?id=z698550180za357f3a3dcfb7167cafed942287fbf56z > Sorry, here is the tracking URL: > > http://www.spamcop.net/sc?id=z698535436z3e5e148442ca867247174028607d3131z Please don't top post. It gets the conversation out of order and makes it harder to understand the context of your posts because people have to scroll up and down to understand what you're saying or replying to. Notice how Mike Easter replied inline below each quoted point and snipped out the rest. Inline posting keeps the conversation in a logical order. See #6 at http://linux.sgms-centre.com/misc/netiquette.php and #1 and #2 at http://www.river.com/users/share/etiquette/ for more snipping and inline posting netiquette. -Cat SpamCop user, not an admin From MikeE at ster.invalid Thu Dec 2 10:46:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 13:50:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Thomas Bean wrote: > Sorry, here is the tracking URL: spamcop.net/sc?id=z698535436z3e5e148442ca867247174028607d3131z In this example, not only does SC fail to find the spamvertised payload because of the construction, but the 'evidence' of the body content only has 'value' when rendered. One of the values of manual reporting is to be able to handle particular items 'easily' when the SC method doesn't suffice. The way I would report that with my 'standard' manual template, which has the entire original complete headers + unrendered spambody, would be to also include the rendered version just above that section. I would also pay attention to where that notify would be going. 211.158.15.61 no rDNS whois.apnic.net inetnum: 211.158.0.0 - 211.158.31.255 descr: Chongqing BoardBand Networks Co.,Ltd. which is listed in multiple db/s including sbl as the /17 and spews as 1, 211.158.0.0 - 211.158.31.255, cqnet.com.cn (extremexxxfootage.com) those are both huge blocks, indicating total unresponsiveness; so simply reporting to the unresponisve .cn provider isn't going to do anygood at all. So, now that we've gone to the trouble of figuring that SC can't notify, we would also have to go to additional trouble to assess the upstream adjacencies of the unresponsive provider; which is likely to turn out very glum. The ASN is AS17774 Upstream Adjacent AS list AS9817 ETNSBBNETWORK Guangdong Belton Telecommunications Technology Development Co.,Ltd. support@etns.net abuse@gblx.net postmaster@elephanttalk.com postmaster@etns.net (for etns.net) AS9929 CNCNET-CN China Netcom Corp. tech-group@china-netcom.com daihy@china-netcom.com postmaster@china-netcom.com cncsummary@special.abuse.net (for china-netcom.com) So, it isn't a very happy picture, but at least you would have done a thorough job of notifying the 'appropriate' upstreams. You would tell them about the unresponsiveness of the provider vis the spews and spamhaus listings in about 1 line. -- Mike Easter kibitzer, not SC admin From dkona7b02 at sneakemail.com Thu Dec 2 14:00:19 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Dec 2 14:00:26 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags In-Reply-To: References: Message-ID: <3.0.5.32.20041202140019.01606620@loki.fstrf.org> Yes, I believe you are being too strict in your interpretation... Material changes, as defined, are only those that will cause the parser to change its mind about who to report. Taking out spurious noise in the SPAM body shouldn't cause any change in the parsers processing along those lines so it shouldn't be considered a "material" change in my opinion... At 12:10 PM 12/2/2004 -0600, Thomas Bean typed: >Not according to the FAQ (http://www.spamcop.net/fom-serve/cache/283.html): > > SpamCop FAQ : SpamCop Parsing and Reporting Service : Rules - everybody >read! : Material changes to spam > > "SpamCop does what it does and doesn't do for a reason. Do not make any >material changes to spam before submitting or parsing which may cause >SpamCop to find a link, address or URL it normally would not, by design, >find." > >I don't see any mention of this only applying in cases that might cause a >misidentification of the sender. Am I interpreting this too >strictly/literally? > >In my case, the spammer was not using a bogus URL, there were simply bogus >HTML tags inserted between characters in the URL that prevented the SC >parser from recognizing it. > >"Spam Hater" wrote >> Where did you see a rule that says munging the message text is >> forbidden?? AFAIK, you can munge anything you wish in order to hide >> references to yourself in a SPAM item. If the SPAMmer includes a >> bogus URL of the form www.yourdomain.com I personally don't think >> there is anything wrong with simply removing the entire reference. >> That would be a case of under reporting which shouldn't upset the >> apple cart at all. It is the same as simply unclicking the checkmark >> next to the report for that website after the parse. The only time >> munging is not an option is when an ISP specifically refuses munged >> reports. >> >> Are you sure you are not confusing this with the "no material >> changes" rule? That only applies to cases where changing a >> header item might cause SpamCop to misidentify the sender... >> >> On 02 Dec 2004 Thomas Bean wrote: >> >> > Is there any way to get SC to report these >> > sites without munging the message text (which is against SC rules)? From PossumTrot at dont.spam.me Thu Dec 2 10:56:22 2004 From: PossumTrot at dont.spam.me (Possum Trot) Date: Thu Dec 2 14:05:03 2004 Subject: [SpamCop-List] FTC Endorses Bounty for Spammers Message-ID: The U.S. Federal Trade Commission has given its endorsement to a plan that would reward insiders for information leading to the arrest and conviction of people or companies that produce spam. http://tinyurl.com/4qytq From MikeE at ster.invalid Thu Dec 2 11:06:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 14:10:04 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: oops, I left out the notifies for AS17774 Mike Easter wrote: > 211.158.15.61 no rDNS > whois.apnic.net > inetnum: 211.158.0.0 - 211.158.31.255 > descr: Chongqing BoardBand Networks Co.,Ltd. whois -h whois.abuse.net cqnet.com.cn ... postmaster@cqnet.com.cn abuse@cnc-noc.net (for cqnet.com.cn) I believe in including the unresponsive provider in the same notify that I'm copying to its upstream adjacencies. Sometimes it is motivating. The fact that cnc-noc is in the abuse.net reg is a 'good sign' [not really great, but something 'postive' amidst the gloom]. > The ASN is AS17774 > Upstream Adjacent AS list -- Mike Easter kibitzer, not SC admin From please_reply_to_newsgroup at something.com Thu Dec 2 19:10:03 2004 From: please_reply_to_newsgroup at something.com (Paul D) Date: Thu Dec 2 14:10:06 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow References: Message-ID: Hi Everyone I'm afraid the problem hasn't become any better. Is anyone able to make any progress with this, or will I have to stop using the service? This would eb a shame. Thanks Paul From SpamNScamsReporter# at gmail#.com# Thu Dec 2 11:50:59 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Thu Dec 2 14:55:03 2004 Subject: [SpamCop-List] Re: Phish For A Phisher :-) In-Reply-To: References: Message-ID: Gezgin wrote: > "Taurolyon" <---------------------------@spamcop.net> wrote > >>> Interesting - Phisher forgot to chmode to stop peaking :-) >>> http://146.83.5.15/.paypal/ > > >> scary stuff.. what does he plan on doing? getting people's paypal info? > > > More likely making a complete fool of himself on the net. Though I am a > bit puzzled that the site is still up. It certainly must have been > reported many times already. > The site no longer resolves for me. From Merlyn at Spamcop.net Thu Dec 2 14:58:52 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 2 15:00:03 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: "Possum Trot" wrote in message news:cononi$mdp$1@news.spamcop.net... > The U.S. Federal Trade Commission has given its endorsement to a plan that > would reward insiders for information leading to the arrest and conviction > of people or companies that produce spam. > > http://tinyurl.com/4qytq Old News: September 17, 2004 -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From MikeE at ster.invalid Thu Dec 2 12:34:39 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 15:35:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Thomas Bean wrote: > The actual spamvertised URL is http://211.158.15.61/vb/ > Is there any way to get SC to report > these sites No. If you are a free reporter you can manually notify. If you are a paid reporter you can add additional notify addresses to a spamcop report. But, you can't materially change the spamitem to cause SC to find something it wouldn't. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 2 12:38:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 15:40:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Blammo wrote: > Thomas Bean >> Is there any way to get SC to report these >> sites without munging the message text (which is against SC rules)? > > If you open a second SpamCop window so you can get the Submit Spam > form you can paste the URL in and parse it. This will give you an > eMail address to ad to the user notification. > I'm pretty sure you need a paid account to get the User Notify option. What Ric is describing there is how to get SC to provide you with the notify address/es so that a paid reporter can add those to the notifies. He isn't talking about making a 'surreptitious' spamchange to get SC to notify something it didn't find. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 2 12:42:32 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 15:45:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Restructuring this to counteract two topposters. >Thomas Bean wrote: >> Is there any way to get SC to report these >> sites without munging the message text (which is against SC rules)? Spam Hater wrote: > Where did you see a rule that says munging the message text is > forbidden?? Helping SC find something is a material change. > AFAIK, you can munge anything you wish in order to hide > references to yourself in a SPAM item. If the SPAMmer includes a > bogus URL of the form www.yourdomain.com I personally don't think > there is anything wrong with simply removing the entire reference. Removing references to yourself isn't the same thing as helping SC find something. > Are you sure you are not confusing this with the "no material > changes" rule? That only applies to cases where changing a > header item might cause SpamCop to misidentify the sender... Body changes are a problem as well - when they cause SC to find something it wouldn't have. There isn't an appropriate body change to help SC find this item we are talking about. Making a body change to exclude your own address is OK. Making a body change such as putting in an url isn't OK. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 2 12:44:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 15:45:08 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Spam Hater wrote: > Yes, I believe you are being too strict in your interpretation... > Material changes, as defined, are only those that will cause the > parser to change its mind about > who to report. Taking out spurious noise in the SPAM body shouldn't > cause any change in the parsers processing along those lines so it > shouldn't be considered a "material" change in my opinion... What you are arguing about, namely removing your name or address from the body isn't 'germane' to this discussion. We are talking about a condition in which the parser doesn't find the url which the reporter knows about and wants to notify for. You aren't talking about what /we/ are talking about. -- Mike Easter kibitzer, not SC admin From dkona7b02 at sneakemail.com Thu Dec 2 16:12:39 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Dec 2 16:12:44 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags In-Reply-To: References: Message-ID: <3.0.5.32.20041202161239.01688008@loki.fstrf.org> First up, where do you see an argument??? The point I was making, in this ongoing discussion, is about munging. The usual use of munging is to remove or alter identifying references to yourself. According to the rules, this is perfectly acceptable. Taken a step further, I believe it can apply to any extra bits of nonsense the SPAMmer may have filled the SPAM with to try to confuse the reader (or the parser). As we constantly tell people, just about anything can be used to identify you, so why not extra HTML tags? I have seen SPAM with all sorts of extra bogus tags. When viewed normally, they just don't show up. If you try to look at the raw source, i.e.. if you are trying to track down the SPAMmer, then all the extra gibberish just confuses things and helps hide his tracks. I haven't seen SPAM like that since my company started filtering our mail, but back when I did, I ran a script on it to automagically remove all the nonsense before ever even submitting it. I wasn't doing so in an effort to force the parser to find something it shouldn't, just to make the SPAM legible so those getting the report would be better able to parse it themselves. I never once received a complaint from anyone that I had altered the original or that the parser had misidentified the culprits... At 12:44 PM 12/2/2004 -0800, Mike Easter typed: >What you are arguing about, namely removing your name or address from >the body isn't 'germane' to this discussion. We are talking about a >condition in which the parser doesn't find the url which the reporter >knows about and wants to notify for. > >You aren't talking about what /we/ are talking about. > >Spam Hater wrote: >> Yes, I believe you are being too strict in your interpretation... >> Material changes, as defined, are only those that will cause the >> parser to change its mind about >> who to report. Taking out spurious noise in the SPAM body shouldn't >> cause any change in the parsers processing along those lines so it >> shouldn't be considered a "material" change in my opinion... From nobody at spamcop.net Thu Dec 2 16:19:31 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 2 16:20:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: ... | | For whatever it's worth, the link *is* advertised on the main site: | http://www.lycos.de/ The link is to: http://www.lycos.de/makelovenotspam/ | but clicking on the link from there, you get a Flash popup. | | Dar | | WHERE? I searched the Main Site page's code, plus turned a crawler loose and neither turned up anything even close to that URL. Clicking on the URL gets nothing. I submit you're either trojanized, trolling, or lying or passing on info you haven't verified? What you see in the explorer bar isn't necessarily the actual site you are at, you know. Regards, Pop From A_No_Spam_Haumer at gmx.net Thu Dec 2 22:42:01 2004 From: A_No_Spam_Haumer at gmx.net (Anton Haumer) Date: Thu Dec 2 16:45:04 2004 Subject: [SpamCop-List] SC's Website Message-ID: <41AF8C29.791C9B94@gmx.net> What the hell is going on with www.spamcop.net ? Since today : my login (expires in one week) is forgotten after some submissions my preferred text size is forgotten from one visit to the next Problems with the website/system? Toni From pete at heypete.com Thu Dec 2 13:41:51 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 2 16:45:08 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: In article , "Merlyn" wrote: > Old News: ...but still good news. :) -- Pete Stephenson HeyPete.com From Merlyn at Spamcop.net Thu Dec 2 16:45:37 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 2 16:50:03 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: "Pete Stephenson" wrote in message news:pete-7DE4D9.13415102122004@news.cesmail.net... > In article , > "Merlyn" wrote: > >> Old News: > > ...but still good news. :) > I agree Pete :-) Pete, I have some interesting info for ya!!!!!!!!! Should I use the support email or something else? -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From pete at heypete.com Thu Dec 2 13:47:49 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 2 16:50:07 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: In article , "Pop" wrote: > WHERE? I searched the Main Site page's code, plus turned a > crawler loose and neither turned up anything even close to that > URL. http://www.lycos.co.uk/ mentions it, though the makelovenotspam.com website appears to be down. -- Pete Stephenson HeyPete.com From MikeE at ster.invalid Thu Dec 2 13:48:42 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 16:50:15 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: Spam Hater wrote: > First up, where do you see an argument??? 'We' were explaining to Thomas that there wasn't a way that he could change the spam's body content so that in the item being discussed, namely spamcop.net/sc?id=z698535436z3e5e148442ca867247174028607d3131z that the 'missing' link which he knows about from rendering, namely http://211.158.15.61/vb/ could be 'spamcop reported' in response to his original question: Thomas Bean wrote: > Is there any way to get SC to report > these sites without munging the message text (which is against SC > rules)? The very /first/ thing you said in a topposted reply to that above post of his was this: Spam Hater wrote: > Where did you see a rule that says munging the message text is > forbidden?? Which definitely looks like a discussion or disagreement with what he said. You are now trying to say that you weren't rebutting what he said, but starting a different subthread within the original thread in which your subthread is /really/ about mungeing or removing references to your own name or address. If you would post inline so that your remarks are directly underneath exactly what you are talking about, neither you nor the other posters who try to engage in a conversation with your and others will be confused. I think you got confused earlier because a thought came into your head and then you wanted to type it, and what you were typing and talking about wasn't the same thing as the rest of us were talking about. That is a very common problem with topposting and not trimming and contextualizing. If you want to say that I'm confused and you aren't, that's all right with me too; but in either case, topposting is contributing to the confusion condition. -- Mike Easter kibitzer, not SC admin From me at privacy.net Thu Dec 2 21:49:22 2004 From: me at privacy.net (Michael R N Dolbear) Date: Thu Dec 2 16:50:20 2004 Subject: [SpamCop-List] Easynet.co.uk null route a Trojaned DSL customer Message-ID: <01c4d8b7$6c15cf80$LocalHost@default> In reply to a spamcop complaint that dsl-212-135-217-67.dsl.easynet.co.uk (212.135.217.67) is an open proxy (Sat, Nov 27, 2004 at 03:52:46AM) Easynet Abuse Team replied 02 December 2004 00:49 This incident arose as a result of a machine on our customer's network having become compromised by a Trojan horse program, which then allowed unscrupulous bulk emailers to install an insecure open proxy server on the machine in question, without our customer's knowledge, authorisation or permission. ... All attempts to contact our customer concerning this incident having failed, we have now raised an Operations ticket with a request to null route the IP address concerned in order to disconnect it from the Internet and to put an end to the abuse. This will be actioned within the next few hours. The null route will not be removed until such time as our customer is able to assure us that the vulnerability has been secured. -- Mike D From michael.spamcop at michaellefevre.com Thu Dec 2 21:51:28 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Thu Dec 2 16:55:02 2004 Subject: [SpamCop-List] Re: Why do people spam? References: Message-ID: Stewart Gordon wrote: > Michael Lefevre wrote: > >> I don't see how it's of benefit to everyone. Letting the spam through the >> first stage and then bouncing it means you're generating a large number of >> messages (which isn't nice for the receiving machine), and then sending >> them to forged addresses, which certainly isn't a benefit for the owners >> of the forged addresses. > > > It would address the bounce using an algorithm that tracks down the real > sender, rather than the standard 'just use the From header' approach. As far as I know, there isn't an algorithm that can find a working email address for the human being that was responsible for sending the spam. Spamcop is about as good as you can get in that direction, which is finding an address for someone responsible for the network which the real sender used - that's not the same thing, and it's not accurate enough to trust automatically in most cases. > I guess an alternative would be a system whereby the SMTP server calls > the police and then returns an error code after a while (or maybe even > leaves the operation to time out). I don't imagine any police would appreciate a computer phoning them up and giving an automated report of unauthorised computer access. It's a pretty hard task to get any police interested in far more serious computer crimes. -- Michael From SpamNScamsReporter# at gmail#.com# Thu Dec 2 14:06:04 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Thu Dec 2 17:10:02 2004 Subject: [SpamCop-List] Re: SC's Website In-Reply-To: <41AF8C29.791C9B94@gmx.net> References: <41AF8C29.791C9B94@gmx.net> Message-ID: Anton Haumer wrote: > What the hell is going on with www.spamcop.net ? > > Since today : > my login (expires in one week) is forgotten after some submissions > my preferred text size is forgotten from one visit to the next > > Problems with the website/system? > > Toni Check to see if you're accepting cookies from SC. Brian From dkona7b02 at sneakemail.com Thu Dec 2 17:10:41 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Dec 2 17:10:47 2004 Subject: [SpamCop-List] Re: Easynet.co.uk null route a Trojaned DSL customer In-Reply-To: <01c4d8b7$6c15cf80$LocalHost@default> Message-ID: <3.0.5.32.20041202171041.0166ded0@loki.fstrf.org> It is always nice to see a responsible ISP in action... Something strikes me as a bit odd though. In the first paragraph they claim a Trojan horse took over the machine and did so "without our customer's knowledge, authorisation or permission." Yet first thing they admit in the second paragraph is that they have not been able to contact said customer... How can they claim the customer had no knowledge if they haven't even talked with them about it? Kudos to them if they actually follow through with the null routing! At 09:49 PM 12/2/2004 +0000, Michael R N Dolbear typed: >In reply to a spamcop complaint that >dsl-212-135-217-67.dsl.easynet.co.uk (212.135.217.67) is an open proxy >(Sat, Nov 27, 2004 at 03:52:46AM) > >Easynet Abuse Team replied 02 December 2004 00:49 > >This incident arose as a result of a machine on our customer's network >having become compromised by a Trojan horse program, which then allowed >unscrupulous bulk emailers to install an insecure open proxy server on >the machine in question, without our customer's knowledge, >authorisation or permission. >... >All attempts to contact our customer concerning this incident having >failed, we have now raised an Operations ticket with a request to >null route the IP address concerned in order to disconnect it from >the Internet and to put an end to the abuse. This will be actioned >within the next few hours. The null route will not be removed until >such time as our customer is able to assure us that the vulnerability >has been secured. From A_No_Spam_Haumer at gmx.net Thu Dec 2 23:23:09 2004 From: A_No_Spam_Haumer at gmx.net (Anton Haumer) Date: Thu Dec 2 17:25:04 2004 Subject: [SpamCop-List] Re: SC's Website References: <41AF8C29.791C9B94@gmx.net> Message-ID: <41AF95CD.D2DF94E9@gmx.net> Spam N Scams Reporter wrote: > > Anton Haumer wrote: > > What the hell is going on with www.spamcop.net ? > > > > Since today : > > my login (expires in one week) is forgotten after some submissions > > my preferred text size is forgotten from one visit to the next > > > > Problems with the website/system? > > > > Toni > > Check to see if you're accepting cookies from SC. > > Brian Yes I do accept cookies from SC, of course. Yesterday everthing worked fine. I didn't change anything. Today - strange behaviour ... Toni From pete at heypete.com Thu Dec 2 14:48:28 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 2 17:50:03 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: In article , "Merlyn" wrote: > I agree Pete :-) > > Pete, I have some interesting info for ya!!!!!!!!! Oooh. :) > Should I use the support email or something else? pete@heypete.com has been, is, and likely will remain (as long as technically possible) valid. support@ and all the other @heypete.com address all forward to me. :-P -- Pete Stephenson HeyPete.com From nobody at spamcop.net Thu Dec 2 17:43:59 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 2 18:05:02 2004 Subject: [SpamCop-List] Re: SC's Website References: <41AF8C29.791C9B94@gmx.net> <41AF95CD.D2DF94E9@gmx.net> Message-ID: -- "Anton Haumer" wrote in message news:41AF95CD.D2DF94E9@gmx.net... > > Yes I do accept cookies from SC, of course. > Yesterday everthing worked fine. > I didn't change anything. > Today - strange behaviour ... > > Toni Try deleting the cookie, closing the browser and then opening it and logging back in again. Ellen From Merlyn at Spamcop.net Thu Dec 2 18:14:15 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 2 18:15:02 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: Just sent! -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From mfkmek820 at yahoo.com Thu Dec 2 16:09:53 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 2 20:15:03 2004 Subject: [SpamCop-List] Re: SC Parser misses URLs w/ bogus embedded HTML tags References: Message-ID: "Spam Hater" wrote in message news:mailman.26.1102021965.4572.spamcop-list@news.spamcop.net... > First up, where do you see an argument??? > > The point I was making, in this ongoing discussion, is about munging. The > usual use of munging is to remove or alter identifying references to > yourself. > According to the rules, this is perfectly acceptable. Taken a step > further, > I believe it can apply to any extra bits of nonsense the SPAMmer may > have filled the SPAM with to try to confuse the reader (or the parser). As > we constantly tell people, just about anything can be used to identify > you, > so why not extra HTML tags? I have seen SPAM with all sorts of extra > bogus tags. When viewed normally, they just don't show up. If you try to > look at the raw source, i.e.. if you are trying to track down the SPAMmer, > then all the extra gibberish just confuses things and helps hide his > tracks. > I haven't seen SPAM like that since my company started filtering our mail, > but back when I did, I ran a script on it to automagically remove all the > nonsense before ever even submitting it. I wasn't doing so in an effort > to > force the parser to find something it shouldn't, just to make the SPAM > legible so those getting the report would be better able to parse it > themselves. I never once received a complaint from anyone that I had > altered the original or that the parser had misidentified the culprits... I am with you. I don't know why SC can't have a top-notch parser like you are talking about. Fred K From nobody at spamcop.net Thu Dec 2 19:37:36 2004 From: nobody at spamcop.net (Tom) Date: Thu Dec 2 20:40:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: <1ogvq0d1mo8tclhldi9feg38qmbpoitari@4ax.com> On Thu, 2 Dec 2004 09:57:28 -0000, Porpoise wrote: >> Is this another Trojan now on hundreds of thousands of computers???? >> >> Call me paranoid but something smells fishy here. > >Now, it's funny you should say that because I was starting towards a similar >conclusion........ I've gone all over the Lycos site, and there's no >reference to this screensaver whatsoever. AFAICS. A couple of things... First, this is not Lycos in the U.S. It is Lycos Europe and if they have various offices (i.e., Lycos in the UK, Lycos in Germany, etc.), then it may be up to each office as to whether they announced the tool on that site. Tom From nobody at spamcop.net Thu Dec 2 19:41:47 2004 From: nobody at spamcop.net (Tom) Date: Thu Dec 2 20:45:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: On Mon, 29 Nov 2004 03:51:40 -0000, me-no-no wrote: >Lycos users are to attack spammers My initial thoughts were that using something like this was akin to stooping to the same level as the spamvertisers. But, after reaching today's article in eweek*, I'm beginning to think this is more like Ratting on a Rat or Turning the Lights On. The legal issue remains - whether this is really legal or not - and until we see a court case allowing this to be used, I certainly am not going to employ it on any of my systems. But if it is declared legal, especially here in the United States, then I think this will prove to be one truly useful tool to use against spammers. *The bottom line that I drew from the article in eWeek was that the tool was taking down the sites it was hitting, but needed some fine tuning to get it to allow 5% bandwidth free... Of course, it may be that the straw for some of these sites is 10% and the 5% is still killing the site/server. From nobody at devnull.spamcop.net Fri Dec 3 10:56:51 2004 From: nobody at devnull.spamcop.net (Patto) Date: Thu Dec 2 21:00:03 2004 Subject: [SpamCop-List] Re: SC's Website In-Reply-To: <41AF8C29.791C9B94@gmx.net> References: <41AF8C29.791C9B94@gmx.net> Message-ID: Anton Haumer wrote: > What the hell is going on with www.spamcop.net ? > > Since today : I had to login, which was previously always done automatically. After that, when pasting spam to the website, I get this message *Please wait - subscribe to remove this delay*. What is this new gimmick? Trying to discourage users from using SC? From tmcgraw at spamcop.net Thu Dec 2 17:57:05 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 2 21:00:06 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: Tom wrote: > On Mon, 29 Nov 2004 03:51:40 -0000, me-no-no wrote: > >>Lycos users are to attack spammers > > > > The legal issue remains - whether this is really legal or not - and > until we see a court case allowing this to be used, I certainly am not > going to employ it on any of my systems. > > But if it is declared legal, especially here in the United States, > then I think this will prove to be one truly useful tool to use > against spammers. ...or a worthy competitor. From eatmy at grits.com Thu Dec 2 19:13:32 2004 From: eatmy at grits.com (Jeff) Date: Thu Dec 2 21:15:03 2004 Subject: [SpamCop-List] make love not spam Message-ID: Anybody see this yet? http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html From eatmy at grits.com Thu Dec 2 19:14:56 2004 From: eatmy at grits.com (Jeff) Date: Thu Dec 2 21:15:08 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Jeff" wrote in message news:cooi49$9e2$1@news.spamcop.net... > Anybody see this yet? > http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html OOPS! I guess so. It's under a different subject. sorry... From MikeE at ster.invalid Thu Dec 2 18:47:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 21:50:14 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: >> Anybody see this yet? >> http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html > > OOPS! I guess so. It's under a different subject. sorry... Actually, it is a pretty dynamic subject right now so there are going to be a lot of articles and commentary various places including multiple slashdot articles. Here's a recent quote from one of the many articles which arise on googlenews 'Lycos' search. "I would have to characterize it as an astonishingly stupid idea," said John Levine, co-chair of the Internet Research Task Force's Antispam Research Group. http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,97990p2,00.html I think I like that quote the best so far, but I'm still looking for some more juicy ones. For individuals to surreptitiously pursue some kind of antispam vigilantism is one thing; then to promote that activity in antispam groups is another thing but not so 'good' or healthy; but for a 'corporate' entity to openly promote it and foster and pursue it is dumbsh*t, as we say in Texas and a few other 'opensource' language places. -- Mike Easter kibitzer, not SC admin From eatmy at grits.com Thu Dec 2 19:47:34 2004 From: eatmy at grits.com (Jeff) Date: Thu Dec 2 21:50:34 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Pop" wrote in message news:coki2q$jea$1@news.spamcop.net... > | > | > Looks like Lycos will do just about anything to get onto just one > more machine: They've got my support! From eatmy at grits.com Thu Dec 2 19:58:58 2004 From: eatmy at grits.com (Jeff) Date: Thu Dec 2 22:00:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Mike Easter" wrote in message news:cook38$aii$1@news.spamcop.net... > Actually, it is a pretty dynamic subject right now so there are going to > be a lot of articles and commentary various places including multiple > slashdot articles. > > Here's a recent quote from one of the many articles which arise on > googlenews 'Lycos' search. > > "I would have to characterize it as an astonishingly stupid idea," said > John Levine, co-chair of the Internet Research Task Force's Antispam > Research Group. > http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801 ,97990p2,00.html > > > I think I like that quote the best so far, but I'm still looking for > some more juicy ones. > > For individuals to surreptitiously pursue some kind of antispam > vigilantism is one thing; then to promote that activity in antispam > groups is another thing but not so 'good' or healthy; but for a > 'corporate' entity to openly promote it and foster and pursue it is > dumbsh*t, as we say in Texas and a few other 'opensource' language > places. > > -- > Mike Easter > kibitzer, not SC admin Well, I guess I'm incredibly stupid then. Since I'm such an idiot, I guess I might as well participate and download the screensaver. From MikeE at ster.invalid Thu Dec 2 19:18:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 22:20:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: > Well, I guess I'm incredibly stupid then. Since I'm such an idiot, I > guess I might as well participate and download the screensaver. There's been a lot of discussion about individual approaches, such as spamvampire; and SV fans [and similar] who choose to attack as vigilantes are 'on their own' as vigilantes typically are. Each vigilante strategy should consider hir own IP's 'mischief' and vulnerability. Some vigilantes are wise to be more surreptitious than open and attack via some kind of proxy; and while doing so, should be aware of any of their own abuses. That is, if you abuse from your own IP, then you can get into trouble with your provider. If you are going to be more cautious and abuse from some other proxified IP then you should be sure that you aren't abusing the proxy. That is, if you /care/ about who is being abused and whose ox is being gored -- or how to do proper 'risk management' for evil doing. Abuse isn't so simple as all of that. Don't be dumber than a spammer. -- Mike Easter kibitzer, not SC admin From pete at heypete.com Thu Dec 2 19:18:37 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 2 22:20:09 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: In article , "Jeff" wrote: > Anybody see this yet? > http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html Yup. I still can't quite wrap my brain around how abuse of someone else's private property (and the abuse of the intervening network carriers) can be construed as "Make Love". Another, somewhat more technical, question I've been having relates to backbone carriers and datacenters. For instance, my site (heypete.com) is hosted at Hurricane Electric's Fremont, CA facility. Although it's only allocated 25Gb/month of transfer, it *is* on a burstable 100Mps port so that my site would continue to function normally if Slashdotted (though I might need to pay for the overage in traffic later). Pushing 95Mbps of data (somehow Lycos says they can throttle the attack so as to leave 5% of the site's available bandwidth left) is not a small event. Even being on a high-capacity switched network, it would certainly raise some alarms. Having multiple spammy sites (and it's rare to find major facilities that don't have at least one, even if they're nuked quickly) at one facility attracting the wrath of the Lycos MLNS system could cause significant slowdowns and network problems for other, perfectly legitimate sites who are also hosted there. This is unlikely, of course, but still possible. I think the concept is ethically flawed and is not good for the internet infrastructure. -- Pete Stephenson HeyPete.com From MikeE at ster.invalid Thu Dec 2 19:36:19 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 22:40:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Pete Stephenson wrote: > I think the concept is ethically flawed and is not good for the > internet infrastructure. Well put. The individual vigilante, 'me against that spamvertiser' who is careful to not do harm to some innocent, is on slightly more 'secure' ground or rather slippery or icy slope while using quality mountain climbing gear, of fighting abuse with abuse - 'because it's there'. The massive 'hanging crowd' mentality, prone to burn down towns, douse/drown witches, and all manner of unholy activities akin to hanging the accused, gets real nutsy -- and altho' the analogies fall apart somewhat in the application to the internet; all kinds of /other/ evildo start arising and unfolding. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 2 19:50:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 22:55:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Mike Easter wrote: > The individual vigilante, 'me against that spamvertiser' > The massive 'hanging crowd' mentality, Or, said another way, messing with the analogies... There's a lot of difference between the courageous individual well trained to climb mountains who risks life and limb to do so -- and the reckless feckless careening and stampeding crowd who kills others in some kind of insanely inspired 'sportsmanship' riot against the opposition. In between there, we have careless inept wannabe unskilled mountain climbers who cause loss of life to other human and animal mountain saviors, and 'harmless' noisy fans who only split the eardrums and spill beer on their neighbors. And all manner of harmless and harmful critters in between the extremes and the inbetweens. Somewhere there needs to be a good understanding of the responsibility and ramifications of any activity. Some people pick things up and pull the trigger with no concept of what they are holding. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Fri Dec 3 04:57:39 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Dec 2 23:00:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41AEAE5D.46F1@xyzzy.claranet.de> Message-ID: <41AFE433.75F9@xyzzy.claranet.de> Porpoise wrote: > It should have been "you're". ;-) Half asleep. LOL. Otherwise if you're saying that SMTP AUTH is better than an open relay, then that's of course true, but hardly "new" - the OP was informed that SMTP AUTH is a "new" feature. There are other forms of user authentication like RADIUS or SMTP-after-POP. The latter has its drawbacks, but it's still possible to get it right even without SMTP AUTH. It's pure hype to say that SMTP AUTH is a "new" magic wand against spam. Bye, Frank From eatmy at grits.com Thu Dec 2 21:27:43 2004 From: eatmy at grits.com (Jeff) Date: Thu Dec 2 23:30:01 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Mike Easter" wrote in message news:coolti$bsi$1@news.spamcop.net... > > There's been a lot of discussion about individual approaches, such as > spamvampire; and SV fans [and similar] who choose to attack as > vigilantes are 'on their own' as vigilantes typically are. > > Each vigilante strategy should consider hir own IP's 'mischief' and > vulnerability. Some vigilantes are wise to be more surreptitious than > open and attack via some kind of proxy; and while doing so, should be > aware of any of their own abuses. > > That is, if you abuse from your own IP, then you can get into trouble > with your provider. If you are going to be more cautious and abuse from > some other proxified IP then you should be sure that you aren't abusing > the proxy. That is, if you /care/ about who is being abused and whose > ox is being gored -- or how to do proper 'risk management' for evil > doing. > > Abuse isn't so simple as all of that. Don't be dumber than a spammer. Wow, I'm stupid AND an abuser. I'm dumber than a spammer. I guess I can't get much dumber than that. If I were as smart as you, I'd leave the spammers alone. But I'm an idiot, so I might as well play the part and run the screensaver. I'm so STUPID! From mele at enia.net Thu Dec 2 23:41:42 2004 From: mele at enia.net (Melvin C. Etheridge) Date: Thu Dec 2 23:45:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Seems to be working.... http://news.com.com/Lycos+Europes+zombie+campaign+downs+two+sites/2100-7349_3-5474963.html "Jeff" wrote in message news:cookpg$b1e$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:cook38$aii$1@news.spamcop.net... >> Actually, it is a pretty dynamic subject right now so there are going to >> be a lot of articles and commentary various places including multiple >> slashdot articles. >> >> Here's a recent quote from one of the many articles which arise on >> googlenews 'Lycos' search. >> >> "I would have to characterize it as an astonishingly stupid idea," said >> John Levine, co-chair of the Internet Research Task Force's Antispam >> Research Group. >> > http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801 > ,97990p2,00.html >> >> >> I think I like that quote the best so far, but I'm still looking for >> some more juicy ones. >> >> For individuals to surreptitiously pursue some kind of antispam >> vigilantism is one thing; then to promote that activity in antispam >> groups is another thing but not so 'good' or healthy; but for a >> 'corporate' entity to openly promote it and foster and pursue it is >> dumbsh*t, as we say in Texas and a few other 'opensource' language >> places. >> >> -- >> Mike Easter >> kibitzer, not SC admin > > Well, I guess I'm incredibly stupid then. Since I'm such an idiot, I > guess > I might as well participate and download the screensaver. > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.804 / Virus Database: 546 - Release Date: 11/30/2004 From MikeE at ster.invalid Thu Dec 2 20:48:50 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 2 23:50:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: > Wow, I'm stupid AND an abuser. I'm dumber than a spammer. I guess I > can't get much dumber than that. If I were as smart as you, I'd > leave the spammers alone. But I'm an idiot, so I might as well play > the part and run the screensaver. I'm so STUPID! You invite commentary on an article and a behvior and then overreact about anything negative said about it. There are probably a lot of different kinds of adjectives for all of that, but it looks like you are choosing your own, so go for it. I was trying to provide some cautions about your own vulnerabilities in that approach as well as the negative philosophical considerations. Your debating style of hyperbole and exaggeration coupled with an imaginary strawman of nonexistent ad hominem attack isn't very convincing or persuasive to me If you think I'm supposed to say that I haven't called you an idiot or stupid or an abuser or dumb yet, you are correct. I haven't yet. -- Mike Easter kibitzer, not SC admin From mele at enia.net Thu Dec 2 23:50:32 2004 From: mele at enia.net (Melvin C. Etheridge) Date: Thu Dec 2 23:55:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: or maybe not...... http://www.fool.com/News/mft/2004/mft04120213.htm "Melvin C. Etheridge" wrote in message news:cooqqb$f2a$1@news.spamcop.net... > Seems to be working.... > > http://news.com.com/Lycos+Europes+zombie+campaign+downs+two+sites/2100-7349_3-5474963.html > > > "Jeff" wrote in message > news:cookpg$b1e$1@news.spamcop.net... >> >> "Mike Easter" wrote in message >> news:cook38$aii$1@news.spamcop.net... >>> Actually, it is a pretty dynamic subject right now so there are going to >>> be a lot of articles and commentary various places including multiple >>> slashdot articles. >>> >>> Here's a recent quote from one of the many articles which arise on >>> googlenews 'Lycos' search. >>> >>> "I would have to characterize it as an astonishingly stupid idea," said >>> John Levine, co-chair of the Internet Research Task Force's Antispam >>> Research Group. >>> >> http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801 >> ,97990p2,00.html >>> >>> >>> I think I like that quote the best so far, but I'm still looking for >>> some more juicy ones. >>> >>> For individuals to surreptitiously pursue some kind of antispam >>> vigilantism is one thing; then to promote that activity in antispam >>> groups is another thing but not so 'good' or healthy; but for a >>> 'corporate' entity to openly promote it and foster and pursue it is >>> dumbsh*t, as we say in Texas and a few other 'opensource' language >>> places. >>> >>> -- >>> Mike Easter >>> kibitzer, not SC admin >> >> Well, I guess I'm incredibly stupid then. Since I'm such an idiot, I >> guess >> I might as well participate and download the screensaver. >> >> > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.804 / Virus Database: 546 - Release Date: 11/30/2004 > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.804 / Virus Database: 546 - Release Date: 11/30/2004 From eatmy at grits.com Thu Dec 2 22:12:43 2004 From: eatmy at grits.com (Jeff) Date: Fri Dec 3 00:15:50 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Mike Easter" wrote in message news:coor7k$f9c$1@news.spamcop.net... > > You invite commentary on an article and a behvior and then overreact > about anything negative said about it. There are probably a lot of > different kinds of adjectives for all of that, but it looks like you are > choosing your own, so go for it. I was trying to provide some cautions > about your own vulnerabilities in that approach as well as the negative > philosophical considerations. Thank you. I and the rest of the intellectually bankrupt vigilantes appreciate your philanthropy. May the blessings of the wealthy spammers be upon you. > > Your debating style of hyperbole and exaggeration coupled with an > imaginary strawman of nonexistent ad hominem attack isn't very > convincing or persuasive to me Probably because you're so much smarter than I am. > > If you think I'm supposed to say that I haven't called you an idiot or > stupid or an abuser or dumb yet, you are correct. I haven't yet. How could I ever think such a thing? WOW, I must be even stupider than I realized. Perhaps if I run that screensaver on every computer I have access to, I might be able to purge all that stupidity out of my system and return to the path tolerance and acceptance. I need strength and guidance. PLEASE HELP ME! From MikeE at ster.invalid Thu Dec 2 21:32:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 00:35:04 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: > I need > strength and guidance. PLEASE HELP ME! Okay. I recommend that you divest yourself of the Lycos strategy, which is going to have a lot of problems, eg those put forth in the previous post by Melvin. http://www.fool.com/News/mft/2004/mft04120213.htm Lycos' Love Leashed "the black holes are: (1) preventing users from accessing the MLNS download site and (2) preventing MLNS from working even if it has been downloaded and installed successfully. The black holes will accomplish the latter by cutting MLNS off from its source of information about the URLs it's supposed to be counterattacking -- effectively blinding the program so that it cannot see whom it is supposed to be "shooting" at. In other words, Lycos Europe's users can install the MLNS screen saver -- but it will not actually do anything for them or anything against suspected spammers." Then, if you are deadset on vigilantism, go visit the SpamVampire site... http://www.hillscapital.com/antispam/ : What is SpamVampire? ... but you should also do some reading about it. I recommend putting 'spamvampire' into google and reading the articles in nanae. Here's one From: (Vernon Schryver) Newsgroups: news.admin.net-abuse.email Date: Thu, 28 Oct 2004 18:19:04 -0600 (MDT) Message-ID: news:cls29o$1blq$1@calcite.rhyolite.com or http://snipurl.com/b299 There are far far better forms of vigilantism and spamfighting than lycos screensaver or spamvampire or its siblings' abuse. Why don't you get into teergrubing/honeypotting instead? How about jackpot? http://jackpot.uk.net/ Jackpot Mailswerver -- Mike Easter kibitzer, not SC admin From eatmy at grits.com Thu Dec 2 22:58:23 2004 From: eatmy at grits.com (Jeff) Date: Fri Dec 3 01:00:38 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Mike Easter" wrote in message news:cootoi$h0j$1@news.spamcop.net... > Why don't you get into teergrubing/honeypotting instead? How about > jackpot? Because I'm STUPID!!!! That other stuff requires more brains than I have. The screensaver is simple and PERFECT for stupid people like me. It runs itself! From nobody at devnull.spamcop.net Fri Dec 3 15:18:19 2004 From: nobody at devnull.spamcop.net (Patto) Date: Fri Dec 3 01:20:19 2004 Subject: [SpamCop-List] Re: Rolex Replica SPAM In-Reply-To: References: Message-ID: Patto wrote: > ... > The hoster is Intelig Telecomunicacoes (http://www.intelignet.com.br/), > owned by Holdco Participacoes, owned by JVCO Participacoes, owned by > Telecom Entity Participacoes, owned by Sprint International Holding. > Talk about bulletproof hosting... Well, maybe it wasn't *that* bulletproof - http://www.onlinereplicastore.com/ has moved to China [219.138.7.171]. From MikeE at ster.invalid Thu Dec 2 22:21:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 01:25:04 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: > "Mike Easter" >> Why don't you get into teergrubing/honeypotting instead? How about >> jackpot? > > Because I'm STUPID!!!! That other stuff requires more brains than I > have. The screensaver is simple and PERFECT for stupid people like > me. It runs itself! Ah, so. The psychology of lemminghood! I'm beginning to understand. Let me look around. "They will even deny that which they see with their own eyes. They are victims of a psychological affliction known as 'the lemming effect.' Lemmings are small rodents who have been known to follow each other as they charge to their deaths into raging rivers or off of cliffs. Cyclical explosions in population do occasionally induce lemmings to attempt to migrate to areas of lesser population density. When such a migration occurs, some lemmings die by falling over cliffs or drowning in lakes or rivers. These deaths are not deliberate "suicide" attempts, however, but accidental deaths resulting from the lemmings' venturing into unfamiliar territories and being crowded and pushed over dangerous ledges. In fact, when the competition for food, space, or mates becomes too intense, lemmings are much more likely to kill each other than to kill themselves. Just because it is easier to be a lemming rushing toward the cliff than to look around and find some food or a nice-looking lady lemming doesn't mean that cliffjumping is really a good idea. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 2 22:33:26 2004 From: nobody at spamcop.net (Dar) Date: Fri Dec 3 01:35:04 2004 Subject: [SpamCop-List] Message Body - What to block? Message-ID: See same subject in spam. I give up -- I can find nothing in the message body to block. I can, using ">t" or "p>", cause the message to go to spam@, instead of the client, but there's nothing I can find to be filtered and deleted in Outlook Express either -- for fear of losing valid email. ameritech is not the only culprit, so it does no good to block the IP. Any ideas? Dar From pete at heypete.com Thu Dec 2 22:35:43 2004 From: pete at heypete.com (Pete Stephenson) Date: Fri Dec 3 01:40:05 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: In article , "Mike Easter" wrote: > For individuals to surreptitiously pursue some kind of antispam > vigilantism is one thing; then to promote that activity in antispam > groups is another thing but not so 'good' or healthy; but for a > 'corporate' entity to openly promote it and foster and pursue it is > dumbsh*t, as we say in Texas and a few other 'opensource' language > places. Considering there are no "authorities" on the internet, there cannot be vigilantes. Lycos is more than welcome to DDoS systems on their own network. I can throw 100Mbps of data around on my LAN at home and cripple any system here. My property, my rules. This is the same logic and moral high ground used by anti-spammers -- they are defending their own systems and email boxes through both passive (DNSbl, filtering, etc.) and active (reporting to ISPs) means. Note that the active means do not counter abuse with abuse. It's one thing to complain to a person in authority about spam. It's similar to take local actions such as using DNSbls, filtering, blocking IP addresses, etc. to protect one's own system. It's completely another thing to abuse someone else's system, no matter what the content or reasoning. -- Pete Stephenson HeyPete.com From A_No_Spam_Haumer at gmx.net Fri Dec 3 08:04:43 2004 From: A_No_Spam_Haumer at gmx.net (Anton Haumer) Date: Fri Dec 3 02:05:04 2004 Subject: [SpamCop-List] Re: SC's Website References: <41AF8C29.791C9B94@gmx.net> <41AF95CD.D2DF94E9@gmx.net> Message-ID: <41B0100B.DA6E7355@gmx.net> Ellen schrieb: > > -- > > "Anton Haumer" wrote in message > news:41AF95CD.D2DF94E9@gmx.net... > > > > Yes I do accept cookies from SC, of course. > > Yesterday everthing worked fine. > > I didn't change anything. > > Today - strange behaviour ... > > > > Toni > > Try deleting the cookie, closing the browser and then opening it and logging > back in again. > > Ellen Thanks Ellen I did so -> same as before. Fortunately after a restart -> normal behaviour! Toni From MikeE at ster.invalid Thu Dec 2 23:16:13 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 02:20:04 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: Dar wrote: > See same subject in spam. > > I give up -- I can find nothing in the message body to block. > I can, using ">t" or "p>", cause the message to go to spam@, instead > of the client, but there's nothing I can find to be filtered and > deleted in Outlook Express either -- for fear of losing valid email. > > ameritech is not the only culprit, so it does no good to block the IP. > > Any ideas? I don't much like to work on message bodies. I would rather tighten up my sources or something. What are we talking about here? Are you using something like SA or SP that can do regexp or what? SA would have some kind of special rule for that weird html. Just as an offhand observation, it is supposed to be multipart alternative and it is txt/html, but I'm sure that SA has some kind of specialty rules for that crazy construction. I can't do anything smart with the source: Abbreviated Received lines *comment from cox-internet.com (adsl-68-72-171-128.dsl.chcgil.ameritech.net [68.72.171.128]) by dar2.robust.net *sourceline from ([106.76.194.226]) by sdl1-s68.nmqhshsxcw@cox-internet.com *bogusline from ([34.120.25.106]) by make.nmqhshsxcw@cox-internet.com *bogusline >From a human point of view, right away you know when there is such a bogus helo, that nothing else is going to be good. Someone should make a filter about /that/. 68.72.171.128 rDNS adsl-68-72-171-128.dsl.chcgil.ameritech.net listed in sorbs, psbl, moensted, njabl, and others for dynamic If you are a server, it should be easy enough to catch it coming in because of the dynamic source; if you are an enduser using something like SpamPal, you have to be careful about finding a dynamic in the headers. -- Mike Easter kibitzer, not SC admin From richard at zuidhofRemove.nl Fri Dec 3 14:05:44 2004 From: richard at zuidhofRemove.nl (Richard Zuidhof) Date: Fri Dec 3 08:10:04 2004 Subject: [SpamCop-List] Re: Message Body - What to block? In-Reply-To: References: Message-ID: Dar wrote: > See same subject in spam. > > I give up -- I can find nothing in the message body to block. > I can, using ">t" or "p>", cause the message to go to spam@, instead > of the client, but there's nothing I can find to be filtered and > deleted in Outlook Express either -- for fear of losing valid email. > > ameritech is not the only culprit, so it does no good to block the IP. Try filtering mails containing urls that have their domains listed at multi.surbl.org (See www.surbl.org). Richard From fred558 at bobames.com Fri Dec 3 14:17:13 2004 From: fred558 at bobames.com (Bob Ames) Date: Fri Dec 3 08:20:02 2004 Subject: [SpamCop-List] BBCNEWS: Freeze on anti-spam campaign Message-ID: Lycos apparently has stopped with the origanized Vampiring. Or at least is no longer allowing new downloads of the Vampire software... It's only a matter of time now... Big surprise, it turns out that Vampiring is Not A Good Thing After All(tm). :-) http://news.bbc.co.uk/1/hi/technology/4065751.stm -- Bob Ames - Use bob at this domain to reach me "Reporting spam is a long term solution, not a way to get rid of spam for yourself." Miss Betsy, Regular SpamCop.net User DO NOT send any Email to From MikeE at ster.invalid Fri Dec 3 05:24:10 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 08:25:03 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: Richard Zuidhof wrote: > Dar wrote: >> See same subject in spam. >> >> I give up -- I can find nothing in the message body to block. >> I can, using ">t" or "p>", cause the message to go to spam@, instead >> of the client, but there's nothing I can find to be filtered and >> deleted in Outlook Express either -- for fear of losing valid email. >> >> ameritech is not the only culprit, so it does no good to block the >> IP. > > Try filtering mails containing urls that have their domains listed at > multi.surbl.org (See www.surbl.org). I don't think the link www.excutivemforbasforexp.biz can be found in there without rendering it. Something is screwed up about that anyway; it doesn't resolve and it isn't registered at neulevel. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Dec 3 09:39:40 2004 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Dec 3 09:40:02 2004 Subject: [SpamCop-List] Re: BBCNEWS: Freeze on anti-spam campaign In-Reply-To: References: Message-ID: Bob Ames wrote: > > Lycos apparently has stopped with the origanized Vampiring. > Here's another link from the page you cited that shows the effects (calls it a DDoS!): http://news.netcraft.com/archives/2004/12/01/spam_sites_crippled_by_lycos_screensaver_ddos.html From porpoise1954 at yahoo.co.uk Fri Dec 3 15:11:07 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 3 10:15:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41AEAE5D.46F1@xyzzy.claranet.de> <41AFE433.75F9@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:41AFE433.75F9@xyzzy.claranet.de... > Porpoise wrote: > >> It should have been "you're". ;-) Half asleep. > > LOL. Otherwise if you're saying that SMTP AUTH is better than > an open relay, then that's of course true, but hardly "new" - > the OP was informed that SMTP AUTH is a "new" feature. > > There are other forms of user authentication like RADIUS or > SMTP-after-POP. The latter has its drawbacks, but it's still > possible to get it right even without SMTP AUTH. It's pure > hype to say that SMTP AUTH is a "new" magic wand against spam. Ahh..... I see.... I think we're basically in agreement here. I was kinda making the point that it was nothing new too.... We've had it here as long as I can remember. I don't think any *one* thing is going to provide all the answers, but the more holes that can be filled, the fewer opportunitites for abuse.. :) From puoti at inwind.it Fri Dec 3 18:14:56 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Fri Dec 3 12:20:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: You can get the client from http://www003.portalis.it/115/download/MLNS_screensaver_en.exe The backed server is off-line, but you can get the screen saver in the mean time. From puoti at inwind.it Fri Dec 3 18:18:32 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Fri Dec 3 12:20:07 2004 Subject: [SpamCop-List] Re: BBCNEWS: Freeze on anti-spam campaign In-Reply-To: References: Message-ID: > Or at least is no longer allowing new downloads of the Vampire > software... It's only a matter of time now... Big surprise, > it turns out that Vampiring is Not A Good Thing After All(tm). > :-) my spamvampire http://www003.portalis.it/115/SpamVampire.html download link for lycos software http://www003.portalis.it/115/download/MLNS_screensaver_en.exe I bet no spammer will get my site down :) Ivan. From puoti at inwind.it Fri Dec 3 18:28:50 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Fri Dec 3 12:30:03 2004 Subject: [SpamCop-List] Re: BBCNEWS: Freeze on anti-spam campaign In-Reply-To: References: Message-ID: > http://www003.portalis.it/115/download/MLNS_screensaver_en.exe Updated link: http://www003.portalis.it/115/download/MLNS_screensaver_en.zip Ivan. From puoti at inwind.it Fri Dec 3 18:31:26 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Fri Dec 3 12:35:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: > http://www003.portalis.it/115/download/MLNS_screensaver_en.exe Updates link: http://www003.portalis.it/115/download/MLNS_screensaver_en.zip From PossumTrot at dont.spam.me Fri Dec 3 09:43:45 2004 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Dec 3 12:50:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Ellen, and all, The article says that the targets for the attack are obtained from SPAMCOP.COM, not our SPAMCOP.NET. "Ellen" wrote in message news:conju8$i8p$1@news.spamcop.net... > > "Spam Hater" wrote in message > news:mailman.23.1102002215.4572.spamcop-list@news.spamcop.net... >> What I am wondering is which sites are on the attack list?? The article >> I >> read mentioned SpamCop as the source, but SpamCop only lists email >> injection sites, not SPAMvertisers... So, does that mean the screen >> saver >> is going after all the zombie boxes that are spewing out the SPAM itself >> or do they have access to some hidden list of SPAMvertisers that we >> report? >> From David1 at suescornerweb.com Fri Dec 3 12:54:20 2004 From: David1 at suescornerweb.com (David 1) Date: Fri Dec 3 12:55:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: > > "Ellen" wrote in message > news:conju8$i8p$1@news.spamcop.net... > >>"Spam Hater" wrote in message >>news:mailman.23.1102002215.4572.spamcop-list@news.spamcop.net... >> >>>What I am wondering is which sites are on the attack list?? The article >>>I >>>read mentioned SpamCop as the source, but SpamCop only lists email >>>injection sites, not SPAMvertisers... So, does that mean the screen >>>saver >>>is going after all the zombie boxes that are spewing out the SPAM itself >>>or do they have access to some hidden list of SPAMvertisers that we >>>report? >>> > > > Possum Trot wrote: > Ellen, and all, > > The article says that the targets for the attack are obtained from > SPAMCOP.COM, not our SPAMCOP.NET. > Humm, I thought that .net & .com spamcop were one & the same. David 1 From nobody at spamcop.net Fri Dec 3 10:45:52 2004 From: nobody at spamcop.net (Dar) Date: Fri Dec 3 13:50:03 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: > What are we talking about here? Are you using something like SA or SP > that can do regexp or what? I can block by domain and/or IP. joinemailoffers.info and/or 204.9.23.82, for example. Many domains/IPs I can't block for obvious reasons, comcast, earthlink, AOL, etc., but I can block by subject or message body. Blocking by domain/IP means the spam never makes it any further. Blocking by subject/message body means it goes to a spam email address and those, I must monitor manually. When I check spam email, I have IE filters in place which deletes two thirds of it. The above applies to all users on all servers. In the case of Ameritech, I tend to not block IP for fear of valid email not getting through. Dar From nobody at spamcop.net Fri Dec 3 10:49:30 2004 From: nobody at spamcop.net (Dar) Date: Fri Dec 3 13:50:08 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: > > What are we talking about here? Are you using something like SA or SP > > that can do regexp or what? > > I can block by domain and/or IP. > > joinemailoffers.info and/or 204.9.23.82, for example. > > Many domains/IPs I can't block for obvious reasons, comcast, > earthlink, AOL, etc., but I can block by subject or message body. > > Blocking by domain/IP means the spam never makes it any further. > > Blocking by subject/message body means it goes to a spam email > address and those, I must monitor manually. When I check spam > email, I have IE filters in place which deletes two thirds of it. > > The above applies to all users on all servers. > > In the case of Ameritech, I tend to not block IP for fear of > valid email not getting through. > > Dar P.S. In the case of this particular email, I blocked ">t" and "p>" which causes it to go to spam for monitoring. I believe I must learn to live with it and be satisfied with the fact it isn't making it to my clients. I think I simply wanted to vent in that the number of spams like this are increasing. From Merlyn at Spamcop.net Fri Dec 3 14:01:47 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Fri Dec 3 14:05:03 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: "Dar" wrote in message news:coqcg0$d16$1@news.spamcop.net... >> > What are we talking about here? Are you using something like SA or SP >> > that can do regexp or what? >> >> I can block by domain and/or IP. >> >> joinemailoffers.info and/or 204.9.23.82, for example. >> >> Many domains/IPs I can't block for obvious reasons, comcast, >> earthlink, AOL, etc., but I can block by subject or message body. >> >> Blocking by domain/IP means the spam never makes it any further. >> >> Blocking by subject/message body means it goes to a spam email >> address and those, I must monitor manually. When I check spam >> email, I have IE filters in place which deletes two thirds of it. >> >> The above applies to all users on all servers. >> >> In the case of Ameritech, I tend to not block IP for fear of >> valid email not getting through. >> >> Dar > > P.S. In the case of this particular email, I blocked ">t" and "p>" > which causes it to go to spam for monitoring. > > I believe I must learn to live with it and be satisfied with the > fact it isn't making it to my clients. I think I simply wanted to > vent in that the number of spams like this are increasing. > Don't you have the option to tag only using blocklists then you can redirect to a special folder using the tag. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Fri Dec 3 11:07:13 2004 From: nobody at spamcop.net (Dar) Date: Fri Dec 3 14:10:02 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: > >> > What are we talking about here? Are you using something like SA or SP > >> > that can do regexp or what? > >> > >> I can block by domain and/or IP. > >> > >> joinemailoffers.info and/or 204.9.23.82, for example. > >> > >> Many domains/IPs I can't block for obvious reasons, comcast, > >> earthlink, AOL, etc., but I can block by subject or message body. > >> > >> Blocking by domain/IP means the spam never makes it any further. > >> > >> Blocking by subject/message body means it goes to a spam email > >> address and those, I must monitor manually. When I check spam > >> email, I have IE filters in place which deletes two thirds of it. > >> > >> The above applies to all users on all servers. > >> > >> In the case of Ameritech, I tend to not block IP for fear of > >> valid email not getting through. > >> > >> Dar > > > > P.S. In the case of this particular email, I blocked ">t" and "p>" > > which causes it to go to spam for monitoring. > > > > I believe I must learn to live with it and be satisfied with the > > fact it isn't making it to my clients. I think I simply wanted to > > vent in that the number of spams like this are increasing. > > > > Don't you have the option to tag only using blocklists then you can redirect > to a special folder using the tag. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided On the Windows servers, yes. On the UNIX servers, no. From tdy at blackhole.invalid Fri Dec 3 11:56:21 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Dec 3 15:00:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: In article , Porpoise says... > "N. Miller" wrote in message > news:MPG.1c17c3a7d5adcdf7989779@news.spamcop.net... > > In article , Porpoise says... > >> "Kenneth Brody" wrote in message > >> news:41ADDEF3.72A3EDA0@spamcop.net... > >> > Berny wrote: > > Not exactly the point. It is entirely possible to authenticate to an SMTP > > server without that server displaying your email address. As an SBC Yahoo! > > DSL Service customer I have a choice of SMTP AUTH servers. I don't use the > > normal "smtp.pacbell.yahoo.com" server precisely because it reveals my > > username. I use "smtpauth.flash.net" instead. The relevant header line > > looks like this: > >> Received: from aosake.net (dialup-4.246.21.159.Dial1.SanJose1.Level3.net > >> [4.246.21.159]) > >> (authenticated bits=0) > >> by ylpvm25.prodigy.net (8.12.10 auth mps linux/8.12.10) with ESMTP id > >> iB1JgprC029681; > >> Wed, 1 Dec 2004 14:42:54 -0500 > So, if (for some reason) you were to send me an email, are you saying I > wouldn't be able to determine who it was from? Of course you can determine "who it is from". Assuming that you know that I use an email address in the aosake.net domain, what does it matter that it came from an SBC authenticated server in the prodigy.net domain? > If that were the case, I > wouldn't accept it - which brings me back to my previous point: I (and I > suspect *most* people) want to *know* who an email is from before I'm going > to accept/read it. The whole *point* of it is to prevent people from using > aliases.... or other people just using the server even though they're not > legitimate users. No person who isn't authorized to use an SMTP AUTH server is able to, unless the server security is poor. The sole purpose of SMTP AUTH is to ensure that the person using the server is authorized to use the server. In most cases (barring a password crack; MSFT servers are prone to this, especially) the person using an SMTP AUTH server is a legitimate user of that server. If you want to know who the sender is before accepting the email, set up a "white list", and only accept email from people whom you know. An email address is, necessarily, an "alias". Unless you were lucky enough to be the first on your block to put your actual name on an email address. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Fri Dec 3 12:09:01 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Dec 3 15:10:02 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41AEAE5D.46F1@xyzzy.claranet.de> Message-ID: In article <41AEAE5D.46F1@xyzzy.claranet.de>, Frank Ellermann says... > I've just lost an account with SMTP-after-POP _and_ "enforced > submission rights". Bad for me, because my old MUA does not > support SMTP AUTH. Bad for the world at large, because I'm > now using another account with another MUA with SMTP AUTH but > _without_ "enforced submission rights": > Of course I screwed up and sent MAIL FROM: via > this provider. They accepted it, but it was forged, my real > address at this provider is different. With the old account > that was impossible, they rejected it. > In other words, SMTP AUTH alone is almost useless. Ah. I think I see what you want. You want the domain name of the sender to match the domain name of the user. IOW, you don't want me to use "smtp.pacbell.yahoo.com" to send email from my "pacbell.net" email account because "pacbell.net" is not the same as "yahoo.com". Never mind that SBC owns the "pacbell.net" domain, and has a contract with Yahoo! to supply SMTP email service to their "pacbell.net" domain customers; if I send email from my "pacbell.net" account, it MUST use a "pacbell.net" domain SMTP server from a "pacbell.net" IP address. Plays havoc SBC customers because some will use SMTP servers in the "prodigy.net" domain (any SBC "pacbell.net" account, that hasn't migrated to the SBC Yahoo! system will have email going through "prodigy.net" SMTP servers), others (who have migrated) will have email going through "yahoo.com" server, which are located in Yahoo! ISP space. Or something like that. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Fri Dec 3 12:12:01 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Dec 3 15:15:02 2004 Subject: [SpamCop-List] Re: SC's Website References: <41AF8C29.791C9B94@gmx.net> Message-ID: In article , Patto says... > Anton Haumer wrote: > > What the hell is going on with www.spamcop.net ? > > Since today : > I had to login, which was previously always done automatically. After > that, when pasting spam to the website, I get this message *Please wait > - subscribe to remove this delay*. > What is this new gimmick? Trying to discourage users from using SC? I am an SC user, and I always get the "subscribe to remove this delay" message. I always assumed that meant, "pay". So this is a problem with the paid accounts? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Fri Dec 3 12:29:18 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Dec 3 15:30:05 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: In article , Melvin C. Etheridge says... > "Jeff" wrote in message > news:cookpg$b1e$1@news.spamcop.net... > > "Mike Easter" wrote in message > > news:cook38$aii$1@news.spamcop.net... > >> For individuals to surreptitiously pursue some kind of antispam > >> vigilantism is one thing; then to promote that activity in antispam > >> groups is another thing but not so 'good' or healthy; but for a > >> 'corporate' entity to openly promote it and foster and pursue it is > >> dumbsh*t, as we say in Texas and a few other 'opensource' language > >> places. > > Well, I guess I'm incredibly stupid then. Since I'm such an idiot, I > > guess I might as well participate and download the screensaver. > Seems to be working.... > http://news.com.com/Lycos+Europes+zombie+campaign+downs+two+sites/2100-7349_3-5474963.html Spamvertised sites come and go. Some spammers burn through domains like a kid burns through his Halloween candy. Lycos hasn't done squat to stop the spammers because they change domains more often than Imelda Marcos changed shoes. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Fri Dec 3 12:34:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 15:35:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Possum Trot wrote: > The article says that the targets for the attack are obtained from > SPAMCOP.COM, not our SPAMCOP.NET. That has to be an error. Spamcop.com doesn't have anything to do with spamvertised site publication. I also suspect that Lycos.uk didn't get it 'directly' from spamcop.net stats page either, but instead used the sc.surbl list, and then subselected from that, if they were 'overseeing' and choosing the targets which they had visited. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Dec 3 15:39:15 2004 From: nobody at spamcop.net (Ellen) Date: Fri Dec 3 15:40:04 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Possum Trot" wrote in message news:coq8r7$ap3$1@news.spamcop.net... > Ellen, and all, > > The article says that the targets for the attack are obtained from > SPAMCOP.COM, not our SPAMCOP.NET. > > Net and com are completely different -- we are net and have nothing to do with com. Ellen From e.schrama_NOSPAM at NOSPAM_hccnet.nl Fri Dec 3 21:38:40 2004 From: e.schrama_NOSPAM at NOSPAM_hccnet.nl (geo_splash_12) Date: Fri Dec 3 15:40:12 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: Jeff wrote: > Anybody see this yet? > http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html > > Lycos' screensaver attacking websites that generate spew is like poking a 600 pound Grizzly bear sleeping in your backyard with a pointy stick. Not a very smart idea. From tdy at blackhole.invalid Fri Dec 3 12:49:18 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Dec 3 15:50:03 2004 Subject: [SpamCop-List] Re: Message Body - What to block? References: Message-ID: In article , Dar says... > > What are we talking about here? Are you using something like SA or SP > > that can do regexp or what? > I can block by domain and/or IP. > joinemailoffers.info and/or 204.9.23.82, for example. > Many domains/IPs I can't block for obvious reasons, comcast, > earthlink, AOL, etc., but I can block by subject or message body. > Blocking by domain/IP means the spam never makes it any further. > Blocking by subject/message body means it goes to a spam email > address and those, I must monitor manually. When I check spam > email, I have IE filters in place which deletes two thirds of it. > The above applies to all users on all servers. > In the case of Ameritech, I tend to not block IP for fear of > valid email not getting through. You are running servers, and accept port 25 connections from SBC users? You may need to change your system. SBC (which includes the ameritech.net domain) has announced port 25 blocking for their customers. Currently only in effect in the swbell.net region (Houston, I believe), and the pacbell.net region (San Luis Obispo, CA), it likely will be extended to all of the SBC domains, including ameritech.net. If you are accepting port 25 email submissions, I recommend looking at RFC 2476, and setting up email submission on port 587 for those of your users whose ISPs implement port 25 blocks. Port 25 blocking is becoming more widespread now that SBC has joined Comcast in the practice. (Yes, I realize that Comcast has not implemented a blanket block; but they do impose blocks on some accounts.) -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From dfm2a3l0t2 at spymac.com Fri Dec 3 18:01:10 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Dec 3 18:05:02 2004 Subject: [SpamCop-List] Re: FTC Endorses Bounty for Spammers References: Message-ID: In article , Pete Stephenson wrote: > "Merlyn" wrote: > > > Old News: > > ...but still good news. :) I'll bet the spammers start turning in each other; they're money-grubbing sleazeballs in the first place, so being rat finks for money would be entirely in character. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From porpoise1954 at yahoo.co.uk Sat Dec 4 00:03:10 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 3 19:05:03 2004 Subject: [SpamCop-List] Re: Should I aggree with my ISP? References: <41ADDEF3.72A3EDA0@spamcop.net> Message-ID: "N. Miller" wrote in message news:MPG.1c1a64c26e495e5598977a@news.spamcop.net... > In article , Porpoise says... > >> "N. Miller" wrote in message >> news:MPG.1c17c3a7d5adcdf7989779@news.spamcop.net... >> > In article , Porpoise says... > >> >> "Kenneth Brody" wrote in message >> >> news:41ADDEF3.72A3EDA0@spamcop.net... > >> >> > Berny wrote: > >> > Not exactly the point. It is entirely possible to authenticate to an >> > SMTP >> > server without that server displaying your email address. As an SBC >> > Yahoo! >> > DSL Service customer I have a choice of SMTP AUTH servers. I don't use >> > the >> > normal "smtp.pacbell.yahoo.com" server precisely because it reveals my >> > username. I use "smtpauth.flash.net" instead. The relevant header line >> > looks like this: > >> >> Received: from aosake.net >> >> (dialup-4.246.21.159.Dial1.SanJose1.Level3.net >> >> [4.246.21.159]) >> >> (authenticated bits=0) >> >> by ylpvm25.prodigy.net (8.12.10 auth mps linux/8.12.10) with ESMTP id >> >> iB1JgprC029681; >> >> Wed, 1 Dec 2004 14:42:54 -0500 > >> So, if (for some reason) you were to send me an email, are you saying I >> wouldn't be able to determine who it was from? > > Of course you can determine "who it is from". Assuming that you know that > I > use an email address in the aosake.net domain, what does it matter that it > came from an SBC authenticated server in the prodigy.net domain? > >> If that were the case, I >> wouldn't accept it - which brings me back to my previous point: I (and I >> suspect *most* people) want to *know* who an email is from before I'm >> going >> to accept/read it. The whole *point* of it is to prevent people from >> using >> aliases.... or other people just using the server even though they're not >> legitimate users. > > No person who isn't authorized to use an SMTP AUTH server is able to, > unless > the server security is poor. The sole purpose of SMTP AUTH is to ensure > that > the person using the server is authorized to use the server. In most cases > (barring a password crack; MSFT servers are prone to this, especially) the > person using an SMTP AUTH server is a legitimate user of that server. I think that's what I just sed..... > > If you want to know who the sender is before accepting the email, set up a > "white list", and only accept email from people whom you know. An email > address is, necessarily, an "alias". Unless you were lucky enough to be > the > first on your block to put your actual name on an email address. > > -- > Norman > ~Win dain a lotica, En vai tu ri, Si lo ta > ~Fin dein a loluca, En dragu a sei lain > ~Vi fa-ru les shutai am, En riga-lint From Kilgallen at SpamCop.net Fri Dec 3 20:17:23 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Dec 3 21:20:03 2004 Subject: [SpamCop-List] Combining spam genres Message-ID: Your Christian [Pre]scription Med-ic-ation(s) source From nobody at spamcop.net Fri Dec 3 21:12:10 2004 From: nobody at spamcop.net (Tom) Date: Fri Dec 3 22:15:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: On Thu, 02 Dec 2004 17:57:05 -0800, Tim McGraw wrote: >> But if it is declared legal, especially here in the United States, >> then I think this will prove to be one truly useful tool to use >> against spammers. > >...or a worthy competitor. That's the one hitch in all of this and one of the reasons I didn't jump on the bandwagon. Who is to say that Lycos Europe is doing all that is advertised by the media? While I'm encouraged by the report, I still have reservations on the legality and the ethics behind such a move. The idea that it could be misused is a problem that faces any vigilante squad... From nobody at spamcop.net Fri Dec 3 21:22:11 2004 From: nobody at spamcop.net (Tom) Date: Fri Dec 3 22:25:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: On Thu, 2 Dec 2004 22:21:24 -0800, Mike Easter wrote: >> Because I'm STUPID!!!! That other stuff requires more brains than I >> have. The screensaver is simple and PERFECT for stupid people like >> me. It runs itself! > >Ah, so. The psychology of lemminghood! I'm beginning to understand. >Let me look around. I think Jeff has a point, Mike. The real success (maybe?) is because it is simple and easy. The problem of course, is that there are ways to blind it (as you've already mentioned). The other problem is that we don't know what else it is doing, like reporting back to Lycos Europe what is on your computer. It may be nothing more than spyware sending lots of personal information it gleans from your computer on to the spammers... My initial reaction was not to stoop to vigilante action and then giving it some more thought (and reading your posts), I'm beginning to think this could be a real red herring... I think I'd find it more appealing if it had someone behind it like the FTC and if we could go to the FTC site and find information on it. Aside from articles in various newsgroups, blogs, and magazines, has anyone like Spamcop (Ellen has already weighed in) or CAUCE commented on: 1 - its legitimacy and 2 - its legality? From nobody at spamcop.net Fri Dec 3 21:30:47 2004 From: nobody at spamcop.net (Tom) Date: Fri Dec 3 22:35:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: <5ib2r0taksrdcal286pg7d6b5altmmibff@4ax.com> On Thu, 02 Dec 2004 19:18:37 -0800, Pete Stephenson wrote: >I think the concept is ethically flawed and is not good for the internet >infrastructure. Okay, I'm going to play DA on this (Devil's Advoate)... There are two LEO-sponsored activities that seem (at least on the surface) somewhat the same as what Lycos Europe is doing with software. One program has been around a long, long time and is generally called "Rat on a Rat," meaning turning in people for committing crimes. Bounty Hunting comes to mind, since there is usually a reward for such activity (it isn't large, but it does exist). The second program is relatively new, but again, it is similar in that it is supported by many LEOs. It is known by various names, but generally invovlves "Turning on the Lights" in order to expose drug dealing activities (which usually take place in dark places). So how does the Lycos Europe thing work? By supposedly "turning on the lights" on spamvertised web sites by sending "throttled" hits to them, increasing their bandwidth requirements... Now, what's the ethical difference between these programs (if any)? From nobody at spamcop.net Fri Dec 3 21:36:42 2004 From: nobody at spamcop.net (Tom) Date: Fri Dec 3 22:40:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: <8tb2r0t0daondcelfjnd6dnu7l07fc90i6@4ax.com> On Thu, 2 Dec 2004 19:50:05 -0800, Mike Easter wrote: >Somewhere there needs to be a good understanding of the responsibility >and ramifications of any activity. Some people pick things up and pull >the trigger with no concept of what they are holding. I really don't disagree, Mike. But what if some governmental agency (of your choice) backed this as a "good thing"? For instance, suppose the EU endorsed the activity? We still have the problem of the exposed fire alarm that is where some kid out for a lark will pull and bring the fire brigade... But aside from that problem, and the general ethics of the situation... If the EU said, by all means, everyone load up the screensaver and Lycos Europe, beef up your site, go for it! Now what? From eatmy at grits.com Fri Dec 3 20:53:33 2004 From: eatmy at grits.com (Jeff) Date: Fri Dec 3 22:55:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Mike Easter" wrote in message news:cop0l5$imn$1@news.spamcop.net... > > Ah, so. The psychology of lemminghood! I'm beginning to understand. > Let me look around. > > > "They will even deny that which they see with their own eyes. They are > victims of a psychological affliction known as 'the lemming effect.' > > Lemmings are small rodents who have been known to follow each other as > they charge to their deaths into raging rivers or off of cliffs. > > Cyclical explosions in population do occasionally > induce lemmings to attempt to migrate to areas of lesser population > density. When such a migration occurs, some lemmings die by falling over > cliffs or drowning in lakes or rivers. These deaths are not deliberate > "suicide" attempts, however, but accidental deaths resulting from the > lemmings' venturing into unfamiliar territories and being crowded and > pushed over dangerous ledges. purpose, if you ask me: ME> > > In fact, when the competition for food, space, > or mates becomes too intense, lemmings are much more likely to kill each > other than to kill themselves. > > > Just because it is easier to be a lemming rushing toward the cliff than > to look around and find some food or a nice-looking lady lemming doesn't > mean that cliffjumping is really a good idea. > > -- > Mike Easter > kibitzer, not SC admin > LEMMING POWER!!!!! WOOOOOOOOOOOO HOOOOOOOOOOOOO!!!!!! From MikeE at ster.invalid Fri Dec 3 19:57:31 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 3 23:00:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Jeff wrote: > LEMMING POWER!!!!! WOOOOOOOOOOOO HOOOOOOOOOOOOO!!!!!! Ha! -- Mike Easter kibitzer, not SC admin From dickeycranium at hotmail.com Sat Dec 4 01:19:20 2004 From: dickeycranium at hotmail.com (Morpheus) Date: Sat Dec 4 01:25:02 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Possum Trot" wrote in message news:coq8r7$ap3$1@news.spamcop.net... > Ellen, and all, > > The article says that the targets for the attack are obtained from > SPAMCOP.COM, not our SPAMCOP.NET. > > > "Ellen" wrote in message > news:conju8$i8p$1@news.spamcop.net... > > > > "Spam Hater" wrote in message > > news:mailman.23.1102002215.4572.spamcop-list@news.spamcop.net... > >> What I am wondering is which sites are on the attack list?? The article > >> I > >> read mentioned SpamCop as the source, but SpamCop only lists email > >> injection sites, not SPAMvertisers... So, does that mean the screen > >> saver > >> is going after all the zombie boxes that are spewing out the SPAM itself > >> or do they have access to some hidden list of SPAMvertisers that we > >> report? > >> > > One second here if I may peeps. Doesn't spamcop.net also have and maintain a blacklist as well. Out of sheer habit for dot coms, isn't it possible that the article meant spamcop.net rather than spamcop.com? Thank you From MikeE at ster.invalid Fri Dec 3 22:40:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 4 01:45:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Morpheus wrote: > One second here if I may peeps. Doesn't spamcop.net also have and > maintain a blacklist as well. Out of sheer habit for dot coms, isn't > it possible that the article meant spamcop.net rather than > spamcop.com? /This/ is spamcop.net. It/ this service/ maintains/publishes spamvertisers. Spamcop.com is /not/ this spamcop. Also it does /not/ publish spamvertisers. If the article sed spamcop.com, it must've meant spamcop.net. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Dec 4 19:50:17 2004 From: nobody at devnull.spamcop.net (brewman) Date: Sat Dec 4 01:50:03 2004 Subject: [SpamCop-List] Re: make love not spam - I prefer another method References: Message-ID: "N. Miller" wrote in message news:MPG.1c1a6c74a81c70f98977d@news.spamcop.net... > Spamvertised sites come and go. Some spammers burn through domains > like a > kid burns through his Halloween candy. Lycos hasn't done squat to > stop the > spammers because they change domains more often than Imelda Marcos > changed > shoes. Well, after months of reporting spam and not making a dent in the spam I received (several dozen a day), I got myself an uncapped ADSL line (2 actually, but that's another story) and started using SpamVampire on the spamvertised site, passing through to the REAL site and ignoring any zombies; I think it unfair to attack a zombied machine whose bandwidth the spammer isn't paying for anyway. I either prefix their domain name or appending the image url with (almost) DoNotSpam.brycom.cX.nX. I also add bits like "If you leave me alone then I leave you alone". I also rummage around the site looking for large images (no, not using IE!) that SpamVampire likes. Within a month my spam had reduced to a trickle (most days nothing arrives). I don't mean spam passing the filters, I mean *NO SPAM* to my domain for days on end. It's worked so well that I've started applying it to my email addresses not at my domain. Within a few days - spam stops! I started off sucking between 100MB & 500 MB a site (lots of sites initially). Now I get so few spam that I usually suck at least 1GB a site. The more spam someone sends, the more I suck. Usually I choose to stop sucking before they stop me; it only takes a few hours to suck 1GB, even using a PII Win98 machine (yes, it's all firewalled). Would I use the Make Love Not War method? No; it's too impersonal. I want to be in control. I finally feel as if I'm getting somewhere - no, got somewhere - in my personal battle against spam. Is SpamVampire abuse? I know that that's been debated, and I don't intend to open it again now, but I just want to say that using it worked for me. -- Brewman Brewman.SpamCop@brycom.cX.nX which really ends with dot co dot nz From bar_n0ne at hotmail.com Sat Dec 4 12:05:00 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 4 03:10:04 2004 Subject: [SpamCop-List] Re: make love not spam - I prefer another method References: Message-ID: "brewman" wrote in message news:cormji$8b2$1@news.spamcop.net... > "N. Miller" wrote in message > news:MPG.1c1a6c74a81c70f98977d@news.spamcop.net... > > Spamvertised sites come and go. Some spammers burn through domains > > like a > > kid burns through his Halloween candy. Lycos hasn't done squat to > > stop the > > spammers because they change domains more often than Imelda Marcos > > changed > > shoes. > > Well, after months of reporting spam and not making a dent in the spam > I received (several dozen a day), I got myself an uncapped ADSL line > (2 actually, but that's another story) and started using SpamVampire > on the spamvertised site, passing through to the REAL site and > ignoring any zombies; I think it unfair to attack a zombied machine > whose bandwidth the spammer isn't paying for anyway. > > SNIPPED Well, If I had the skills, I would use trojanned machines to DDOS spamvertizers. My volume of spam is to the point of a DDOS on my mail accounts. I no longer sympathise with the compromised machine owners. If they get cut off by their ISP's and clean up their hosts all the better. If they simply stay cut off that's fine too., one less spam delivery vector. And No don't tell me about filters, having to poke through the Sh*te folder to find false positives is no improvement on poking through my inbox ,which, with my filters and whitelists, is now better than 99.95% spam.only. Spamcop mail is not an option for me, due to security policy my corporate accounts cannot be forwarded or retrieved by SC. From dickeycranium at hotmail.com Sat Dec 4 04:37:06 2004 From: dickeycranium at hotmail.com (Morpheus) Date: Sat Dec 4 04:40:14 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: "Mike Easter" wrote in message news:corm5i$7up$1@news.spamcop.net... > Morpheus wrote: > > One second here if I may peeps. Doesn't spamcop.net also have and > > maintain a blacklist as well. Out of sheer habit for dot coms, isn't > > it possible that the article meant spamcop.net rather than > > spamcop.com? > > /This/ is spamcop.net. It/ this service/ maintains/publishes > spamvertisers. > > Spamcop.com is /not/ this spamcop. Also it does /not/ publish > spamvertisers. > > If the article sed spamcop.com, it must've meant spamcop.net. > > -- > Mike Easter > kibitzer, not SC admin > Pretty much my point was it not? From David1 at suescornerweb.com Sat Dec 4 07:15:20 2004 From: David1 at suescornerweb.com (David 1) Date: Sat Dec 4 07:20:20 2004 Subject: [SpamCop-List] Re: make love not spam - I prefer another method In-Reply-To: References: Message-ID: Berny wrote: > "brewman" wrote in message > news:cormji$8b2$1@news.spamcop.net... > >>"N. Miller" wrote in message >>news:MPG.1c1a6c74a81c70f98977d@news.spamcop.net... >> >>>Spamvertised sites come and go. Some spammers burn through domains >>>like a >>>kid burns through his Halloween candy. Lycos hasn't done squat to >>>stop the >>>spammers because they change domains more often than Imelda Marcos >>>changed >>>shoes. >> >>Well, after months of reporting spam and not making a dent in the spam >>I received (several dozen a day), I got myself an uncapped ADSL line >>(2 actually, but that's another story) and started using SpamVampire >>on the spamvertised site, passing through to the REAL site and >>ignoring any zombies; I think it unfair to attack a zombied machine >>whose bandwidth the spammer isn't paying for anyway. >> >>SNIPPED > > > Well, If I had the skills, I would use trojanned machines to DDOS > spamvertizers. > > My volume of spam is to the point of a DDOS on my mail accounts. I no longer > sympathise with the compromised machine owners. If they get cut off by their > ISP's and clean up their hosts all the better. If they simply stay cut off > that's fine too., one less spam delivery vector. > > And No don't tell me about filters, having to poke through the Sh*te folder > to find false positives is no improvement on poking through my inbox ,which, > with my filters and whitelists, is now better than 99.95% spam.only. > > Spamcop mail is not an option for me, due to security policy my corporate > accounts cannot be forwarded or retrieved by SC. > > What about MailWasher, seems to work for me & because it is usually spam cop compatible (usually for the last week I haven't been able to send to sc) the learning filter actually works real good & since it's on your machine that should take care of your Corp. Problem???????? David 1 From bar_n0ne at hotmail.com Sat Dec 4 16:41:04 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 4 07:45:03 2004 Subject: [SpamCop-List] Re: make love not spam - I prefer another method References: Message-ID: "David 1" wrote in message news:cos9or$imq$1@news.spamcop.net... > > SNIP > > Spamcop mail is not an option for me, due to security policy my corporate > > accounts cannot be forwarded or retrieved by SC. > > > > > What about MailWasher, seems to work for me & because it is usually spam > cop compatible (usually for the last week I haven't been able to send to > sc) the learning filter actually works real good & since it's on your > machine that should take care of your Corp. Problem???????? > David 1 My filters already do that sweeping away my real mail to various folders, and leaving me with an Inbox full of spam (almost) I still have to check the Inbox for "false positives". For Filtering I simply want my mailserver to reject spam. based on DURBLS, that way legitimate senders can know their mail wasn't delivered, and hopefully why. Then I can report the rest leisurely. I think the only thing that will clean spam is Denial of services to clients from spammy systems. (ie rejecting their mails etc.) So far it hasn't happened much except for one or two well known instances. From rwmarbleAT at yahooDOT.com Sat Dec 4 09:43:59 2004 From: rwmarbleAT at yahooDOT.com (I'm_a_victim) Date: Sat Dec 4 09:45:02 2004 Subject: [SpamCop-List] Why won't this work? Message-ID: By viewing the full header I can normally identify the originator of spam and trace the owner of that URL to some ISP ( usually China, Russia, Italy, Germany or England location) . So now I have something like 64.234.123.123 I provide this specific URL to a Spam collector program. Once the spam collector program, which requires one of the new human readable letter sequences as verification receives say 100 complaints from 100 different individuals that URL is put on a black list. If the header is scanned by a gate keeper of all email entering the US and 100% of all email originating from that URL is blocked for 90 days this would effectively shut down that URL. Some big ISP's that make a living off of spam such as ChinaNet would soon find that they have to use other URL's and would eventually run out of available ID's. If an ISP discovers that none of it's customers can send email it would probably not have any customers so the ISP would be forced to stop accepting spammers as customers. OK so this sounds simple to me but is not being done. Can someone tell me the problem? real e-mail rwmarble at yahoo dot com From devnull at devnull.devnull Sat Dec 4 17:11:39 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sat Dec 4 10:20:02 2004 Subject: [SpamCop-List] Mail to Yesnic Message-ID: I suggest now is time to mail similar complaints to Yesnic. Mail address as per ICANN is info@yesnic.com Cheers ================================ Dear Yesnic Staff I am starting off the procedure as per ICANN guidelines to resolve the issue of your non-compliance in repsponding to WHOIS complaints as submitted via ICANN's Whois Data Problem Report System, as found at http://wdprs.internic.net/ The domains as listed below have been reported via this mechanism, but the issues surrounding these domains has not yet been actioned or resolved. I would like to refer you to your registrar agreement whereby you are obliged to action such reports. This actioning is essential to the stability of the internet at large. I would appear that it has in fact become well known that Yesnic does not action these reports and are fast becoming a haven for parties that do not wish to comply to ICANN's whois policy. A search via various newsgroups related to network abuse prooves this. As for myself, I feel it is fast becoming a waste of time. This does however require an explanation from Yesnic. Also, based on the widespread abuse of your clients, this mail is being posted on the vrious newsgroups where this is pertinent. The following domains were reported by myself and are still incorrect and/or active. Note this is in fact all the domains I have reported that were not actioned: Domain: yayshop.com Submitted: 2004/07/01 13:08:08 Domain: g0get.com Submitted: 2004/07/16 16:19:23 Domain: easydatingoffers.com Submitted: 2004/07/23 19:39:50 Domain: namedservers.com Submitted: 2004/07/23 19:43:56 Domain: medoadk.com Submitted: 2004/07/29 15:13:23 Domain: oasbmedsw.com Submitted: 2004/07/29 15:22:46 Domain: qikcakmeds.com Submitted: 2004/07/29 15:28:35 Domain: medsabqh.com Submitted: 2004/08/01 13:15:30 Domain: asfdhnmeds.com Submitted: 2004/08/01 14:58:33 Domain: 111rx.com Submitted: 2004/08/01 16:34:43 Domain: hotsweetsingles.com Submitted: 2004/08/02 14:12:04 Domain: adsakdau.com Submitted: 2004/08/08 13:32:36 Domain: bombahakcx.com Submitted: 2004/08/15 15:45:02 Domain: kquwbajdfh.com Submitted: 2004/08/29 16:53:06 Domain: polarrate.net Submitted: 2004/10/25 14:12:27 Domain: moretgauge.net Submitted: 2004/11/29 16:08:10 Awaiting you reply. Thank you From devnull at devnull.devnull Sat Dec 4 17:49:03 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sat Dec 4 11:00:04 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Jeff" wrote in message news:cooi49$9e2$1@news.spamcop.net... > Anybody see this yet? > http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html > > Is it not interesting that these exact domains have bad WHOIS ? Maybe that is why no abuse reports will be forthcoming ? Just thinking ....:-) Cheers E From devnull at devnull.devnull Sat Dec 4 17:52:49 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sat Dec 4 11:05:03 2004 Subject: [SpamCop-List] Re: Easynet.co.uk null route a Trojaned DSL customer References: <01c4d8b7$6c15cf80$LocalHost@default> Message-ID: "Michael R N Dolbear" wrote in message news:01c4d8b7$6c15cf80$LocalHost@default... > In reply to a spamcop complaint that > dsl-212-135-217-67.dsl.easynet.co.uk (212.135.217.67) is an open proxy > (Sat, Nov 27, 2004 at 03:52:46AM) > > Easynet Abuse Team replied 02 December 2004 00:49 SNIP > All attempts to contact our customer concerning this incident having > failed Hmmm, bad WHOIS ? Just thinking ...;-) E From mrichter at cpl.net Sat Dec 4 10:17:54 2004 From: mrichter at cpl.net (Mike Richter) Date: Sat Dec 4 13:20:02 2004 Subject: [SpamCop-List] Re: Why won't this work? In-Reply-To: References: Message-ID: I'm_a_victim wrote: > By viewing the full header I can normally identify the originator of spam > and trace the owner of that URL to some ISP ( usually China, Russia, Italy, > Germany or England location) . > So now I have something like 64.234.123.123 > I provide this specific URL to a Spam collector program. > Once the spam collector program, which requires one of the new human > readable letter sequences as verification receives say 100 complaints from > 100 different individuals that URL is put on a black list. > If the header is scanned by a gate keeper of all email entering the US and > 100% of all email originating from that URL is blocked for 90 days this > would effectively shut down that URL. > Some big ISP's that make a living off of spam such as ChinaNet would soon > find that they have to use other URL's and would eventually run out of > available ID's. > If an ISP discovers that none of it's customers can send email it would > probably not have any customers so the ISP would be forced to stop accepting > spammers as customers. > > OK so this sounds simple to me but is not being done. Can someone tell me > the problem? Posted by a (mostly) happy SpamCop user, not an official. It's a different protocol for listing; its only uniqueness is "all email entering the US". Now, who would man the gate and who would run the verification program are minor problems - as in unsolvable. Heck, there's no way to tell what is "entering the U.S." since U.S. ISPs are used by international subscribers. (Cf. hotmail, yahoo, ...) Other problems: getting spamees to report; dealing with a concerted effort to shut down an innocent sending IP address by unpleasant folks (such as spammers); ... Less problematic (but still unworkable): nuke all spamhaus IP addresses. The problem there is you, SpamCop and I may do that, but they still get through to most of those to whom they're addressed. Mike -- mrichter@cpl.net http://www.mrichter.com/ From mfkmek820 at yahoo.com Sat Dec 4 09:33:20 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sat Dec 4 13:35:03 2004 Subject: [SpamCop-List] How can this be? Message-ID: Hey you guys that have graduated from Spam 105, could you tell me what is wrong with this picture? This mail was never sent from IP 80.96.118.176. Regards, DAinet Technical team ----- Original Message ----- From: "Spam Hater" <1305635226@reports.spamcop.net> To: Sent: Friday, December 03, 2004 4:42 PM Subject: [SpamCop (80.96.118.176) id:1305635226][Norton AntiSpam] >[ SpamCop V1.389 ] > This message is brief for your comfort. Please use links below for > details. > > Email from 80.96.118.176 / Fri, 03 Dec 2004 08:42:25 -0600 > http://www.spamcop.net/w3m?i=z1305635226zaa565c0b07d8bee54fd5a67e82aa36bcz Thanks Fred K From SpamNScamsReporter# at gmail#.com# Sat Dec 4 12:21:47 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Sat Dec 4 15:25:02 2004 Subject: [SpamCop-List] SC timeouts when reporting Message-ID: SC has been slow again this morning, with some reports not going through without resending. Fortunately, I'm doing other things and not just sitting here waiting for the page to load. Brian From mfkmek820 at yahoo.com Sat Dec 4 11:39:28 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sat Dec 4 15:45:04 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "geo_splash_12" wrote in message news:coqiso$huf$1@news.spamcop.net... > Jeff wrote: >> Anybody see this yet? >> http://www.cnn.com/2004/TECH/internet/12/02/anti.spamvigi.ap/index.html >> >> > > Lycos' screensaver attacking websites that generate spew is like poking a > 600 pound Grizzly bear sleeping in your backyard with a pointy stick. Not > a very smart idea. But millions of pointy sticks will prevail....... Fred K From SpamNScamsReporter# at gmail#.com# Sat Dec 4 12:48:03 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Sat Dec 4 15:50:02 2004 Subject: [SpamCop-List] Re: SC timeouts - Never Mind In-Reply-To: References: Message-ID: Spam N Scams Reporter wrote: > SC has been slow again this morning, with some reports not going through > without resending. Fortunately, I'm doing other things and not just > sitting here waiting for the page to load. > > Brian I'm just multi-tasking a little tooooo much. I had been uploading an 18 MB file in the background and I'm not sure if that was done before I had the slow down. Probably not. Brian From nobody at spamcop.net Sat Dec 4 16:12:02 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Dec 4 16:10:02 2004 Subject: [SpamCop-List] Re: Why won't this work? References: Message-ID: "I'm_a_victim" wrote in message news:cosifg$nga$1@news.spamcop.net... > By viewing the full header I can normally identify the originator of spam > and trace the owner of that URL to some ISP ( usually China, Russia, Italy, > Germany or England location) . > So now I have something like 64.234.123.123 > I provide this specific URL to a Spam collector program. > Once the spam collector program, which requires one of the new human > readable letter sequences as verification receives say 100 complaints from > 100 different individuals that URL is put on a black list. > If the header is scanned by a gate keeper of all email entering the US and > 100% of all email originating from that URL is blocked for 90 days this > would effectively shut down that URL. > Some big ISP's that make a living off of spam such as ChinaNet would soon > find that they have to use other URL's and would eventually run out of > available ID's. > If an ISP discovers that none of it's customers can send email it would > probably not have any customers so the ISP would be forced to stop accepting > spammers as customers. > > OK so this sounds simple to me but is not being done. Can someone tell me > the problem? That is a description of what spamcop does except that it is only the IP address of the sender of the spam that is listed. There is also a list of spamvertized URL's to filter on that someone else has started, I believe. The main problem is that ISP's don't want to deal with email senders on that IP address who are not sending spam, but whose email gets blocked also. It is nonsensical since the sending end is the only place that spammers can be effectively stopped and any responsible person who is using email should choose a responsible ISP to send their email. But many ISP's just want to keep their customers happy and don't take the time to explain why they can't get email from their sister, mother, child, favorite Yahoo group and that they should complain to the *sender* and the sender's ISP. Instead ISP's use content filters to try and cut down the amount of spam that people receive and encourage people to use whitelists so that if they do use a block, then people still receive email from that IP address and so don't complain to the people (the other users of that IP address where the spammer is) so no one is responsible for the spam mess. OTOH, there are enough people using it so that responsible people can find an ISP who is responsible enough to both prevent spammers and to use blocklists. And it is hampering the spammers enough so that they are resorting to trojanizing computers to send their spew. Miss Betsy From Kilgallen at SpamCop.net Sat Dec 4 15:33:32 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 4 16:35:02 2004 Subject: [SpamCop-List] Re: How can this be? References: Message-ID: <1eXKXT0LnDoI@eisner.encompasserve.org> In article , "Fred K" writes: > Hey you guys that have graduated from Spam 105, could you tell me what is > wrong with this picture? > > This mail was never sent from IP 80.96.118.176. >> Email from 80.96.118.176 / Fri, 03 Dec 2004 08:42:25 -0600 >> http://www.spamcop.net/w3m?i=z1305635226zaa565c0b07d8bee54fd5a67e82aa36bcz That page has a link called "Show how SpamCop traced this message" which shows the SpamCop logic. You should be specific regarding where you think that logic is faulty. From Merlyn at Spamcop.net Sat Dec 4 16:38:45 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Sat Dec 4 16:40:03 2004 Subject: [SpamCop-List] Re: How can this be? References: Message-ID: "Fred K" wrote in message news:cosvu5$vbe$1@news.spamcop.net... > Hey you guys that have graduated from Spam 105, could you tell me what is > wrong with this picture? > > This mail was never sent from IP 80.96.118.176. > > Regards, > DAinet Technical team > > ----- Original Message ----- > From: "Spam Hater" <1305635226@reports.spamcop.net> > To: > Sent: Friday, December 03, 2004 4:42 PM > Subject: [SpamCop (80.96.118.176) id:1305635226][Norton AntiSpam] > > >>[ SpamCop V1.389 ] >> This message is brief for your comfort. Please use links below for >> details. >> >> Email from 80.96.118.176 / Fri, 03 Dec 2004 08:42:25 -0600 >> http://www.spamcop.net/w3m?i=z1305635226zaa565c0b07d8bee54fd5a67e82aa36bcz > What makes you think it didn't come from there? BTW: You know the whole PLUSNET-ADVERTISING-SRL 80.96.118.0 - 80.96.119.255 is listed in SPEWS. According to Senderbase mail from that IP was up 823% yesterday. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Sat Dec 4 18:08:26 2004 From: nobody at spamcop.net (Pop) Date: Sat Dec 4 18:10:03 2004 Subject: [SpamCop-List] Piracy at Microsoft gone? Message-ID: Anyone know if Piracy-AT-microsoft-DOT-com (or NET for that matter) has gone away? I sent one to COM, it bounced, so I followed up with one to COM and NET both; all bounced back. ------------ This is the Postfix program at host mxb.MY ISP I'm sorry to have to inform you that your message ... ... delete your own text from the attached returned message. The Postfix program : connect to microsoft.net[207.46.130.108]: Connection timed out ----------------- Not a big deal, just wondered if I screwed up or missed something. Pop From TJLWBECGSGWU at spammotel.com Sat Dec 4 23:21:55 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Sat Dec 4 18:25:02 2004 Subject: [SpamCop-List] Re: Piracy at Microsoft gone? References: Message-ID: <8dh4r0h6m9fsq2c974cmtca0uvs2bfuuon@4ax.com> On Sat, 4 Dec 2004 18:08:26 -0500, "Pop" wrote: >Anyone know if Piracy-AT-microsoft-DOT-com (or NET for that >matter) has gone away? I sent one to COM, it bounced, so I >followed up with one to COM and NET both; all bounced back. >... >: connect to microsoft.net[207.46.130.108]: >Connection > timed out >----------------- > >Not a big deal, just wondered if I screwed up or missed >something. piracy@microsoft.com is up according to http://www.dnsstuff.com/tools/mail.ch?domain=piracy%40microsoft.com although it did time out on one of the six servers tested. microsoft.net has no MX DNS record, so not too surprising that one didn't work. -- Mat. From nobody at spamcop.net Sat Dec 4 17:36:51 2004 From: nobody at spamcop.net (RW) Date: Sat Dec 4 18:40:02 2004 Subject: [SpamCop-List] Re: Piracy at Microsoft gone? References: Message-ID: "Pop" wrote in message news:cotg16$939$1@news.spamcop.net... > ------------ > This is the Postfix program at host mxb.MY ISP > I'm sorry to have to inform you that your message ... Looks like a network problem, not that the address doesn't exist. The address probably still exists, you just couldn't connect to the server. Richard From puoti at inwind.it Sun Dec 5 01:13:22 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 4 19:15:03 2004 Subject: [SpamCop-List] Re: Piracy at Microsoft gone? In-Reply-To: References: Message-ID: I send lots of reports to them, a couple bounced but all seems to be ok now. Ivan. From zypher at spamcop.net Sat Dec 4 18:35:45 2004 From: zypher at spamcop.net (Ron B.) Date: Sat Dec 4 19:40:03 2004 Subject: [SpamCop-List] Re: Mail to Yesnic References: Message-ID: On Sat, 04 Dec 2004 17:11:39 +0200, Anty Spam wrote: > Awaiting you reply. > > Thank you Don't hold your breath! From mfkmek820 at yahoo.com Sat Dec 4 16:25:42 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sat Dec 4 20:30:02 2004 Subject: [SpamCop-List] Re: How can this be? References: Message-ID: "Merlyn" wrote in message news:cotap5$5vt$1@news.spamcop.net... > "Fred K" wrote in message > news:cosvu5$vbe$1@news.spamcop.net... >> Hey you guys that have graduated from Spam 105, could you tell me what >> is wrong with this picture? >> >> This mail was never sent from IP 80.96.118.176. >Regards, DAinet Technical team> >> >> ----- Original Message ----- >> From: "Spam Hater" <1305635226@reports.spamcop.net> >> To: >> Sent: Friday, December 03, 2004 4:42 PM >> Subject: [SpamCop (80.96.118.176) id:1305635226][Norton AntiSpam] >> >> >>>[ SpamCop V1.389 ] >>> This message is brief for your comfort. Please use links below for >>> details. >>> >>> Email from 80.96.118.176 / Fri, 03 Dec 2004 08:42:25 -0600 >>> http://www.spamcop.net/w3m?i=z1305635226zaa565c0b07d8bee54fd5a67e82aa36bcz >> > > > What makes you think it didn't come from there? > > BTW: You know the whole PLUSNET-ADVERTISING-SRL 80.96.118.0 - > 80.96.119.255 is listed in SPEWS. > > According to Senderbase mail from that IP was up 823% yesterday. I was wondering why the ISP sent that reply through SC. Ok, what you are saying: The denial message is phony because they are a spammy ISP? Fred K From MikeE at ster.invalid Sat Dec 4 17:32:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 4 20:35:03 2004 Subject: [SpamCop-List] Re: How can this be? References: Message-ID: Fred K wrote: > Hey you guys that have graduated from Spam 105, could you tell me > what is wrong with this picture? Well, I don't know if I graduated, but I'll take a look. > This mail was never sent from IP 80.96.118.176. > > Regards, > DAinet Technical team I disagree. Message-ID: Bob W. wrote: > The thing is the address being spammed in all three cases was formerly > someone else's. Unfortunately, the man has been dead for more than > eight years. Why would any spammer ever remove an address from a list? With the possible very rare exception of troublesome anti-/s that is. "Hello, would you like to buy this list of 50 million addresses?" "Sure." "Oh, by the way, about 80% of them are dead [addresses, people, domains, whatever] already, but I don't know which ones those are." "It's not a problem. Doesn't matter to me." "Okey dokey, here ya' go" -- Mike Easter kibitzer, not SC admin From none at domain.invalid Sat Dec 4 22:06:50 2004 From: none at domain.invalid (Anonymous) Date: Sun Dec 5 01:10:02 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: "Bob W." wrote in message news:responseguard-07BB76.20564604122004@news.cesmail.net... > I've been append-spammed by two large organizations within the last two > weeks. First it was (and still is) the Smithsonian. CheetahMail handles > the delivery. Can you describe what append-spamming is? I've never heard that term before. Thanks. From flippetyfloo at fake.com Sun Dec 5 01:09:01 2004 From: flippetyfloo at fake.com (RandallW) Date: Sun Dec 5 04:10:19 2004 Subject: [SpamCop-List] Wiltel.com Message-ID: Anyone getting spam to their Hotmail accounts where the spam origin AND host of spamvertised sites is Wiltel.com? From bar_n0ne at hotmail.com Sun Dec 5 13:32:36 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Dec 5 04:40:03 2004 Subject: [SpamCop-List] Re: Wiltel.com References: Message-ID: "RandallW" wrote in message news:couj7a$sgc$1@news.spamcop.net... > Anyone getting spam to their Hotmail accounts where the spam origin AND host > of spamvertised sites is Wiltel.com? Not to hotmail, but a few weeks ago I was on my corporate accounts, LARTED and griped about it here and elsewhere and it stoppped. I guess I was list washed. Too bad, I thought they had cleaned up their spammers. I get almost no spam on Hotmail. From bar_n0ne at hotmail.com Sun Dec 5 13:39:14 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Dec 5 04:40:08 2004 Subject: [SpamCop-List] Re: Wiltel.com References: Message-ID: "RandallW" wrote in message news:couj7a$sgc$1@news.spamcop.net... > Anyone getting spam to their Hotmail accounts where the spam origin AND host > of spamvertised sites is Wiltel.com? Not to hotmail, but a few weeks ago I was on my corporate accounts, LARTED and griped about it here and elsewhere and it stoppped. I guess I was list washed. Too bad, I thought they had cleaned up their spammers. I get almost no spam on Hotmail. From David1 at suescornerweb.com Sun Dec 5 09:16:12 2004 From: David1 at suescornerweb.com (David 1) Date: Sun Dec 5 09:20:02 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. In-Reply-To: References: Message-ID: Anonymous wrote: > "Bob W." wrote in message > news:responseguard-07BB76.20564604122004@news.cesmail.net... > >> I've been append-spammed by two large organizations within the last two >> weeks. First it was (and still is) the Smithsonian. CheetahMail handles >> the delivery. > > > Can you describe what append-spamming is? I've never heard that term > before. Thanks. > Looking forward to this answer myself David 1 From nobody at spamcop.net Sun Dec 5 11:18:51 2004 From: nobody at spamcop.net (Pop) Date: Sun Dec 5 11:20:03 2004 Subject: [SpamCop-List] Re: Piracy at Microsoft gone? References: Message-ID: Huh, it's still gone for me this morning. But, the whole net's sloooowwww, this morning, so maybe it's weather somewhere pulling stuff apart. Thanks for the comebacks; appreciate it. If I'm paitent enough, I can get to the URLs now at least, but it's ng to try to use them. I'll try again Monday - Regards, Pop "Ivan Leo Puoti" wrote in message news:cotjsc$bcj$1@news.spamcop.net... |I send lots of reports to them, a couple bounced but all seems to be ok now. | | Ivan. From michael.spamcop at michaellefevre.com Sun Dec 5 16:20:51 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Sun Dec 5 11:25:02 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: David 1 wrote: > Anonymous wrote: >> "Bob W." wrote in message >> news:responseguard-07BB76.20564604122004@news.cesmail.net... >> >>> I've been append-spammed by two large organizations within the last two >>> weeks. First it was (and still is) the Smithsonian. CheetahMail handles >>> the delivery. >> >> >> Can you describe what append-spamming is? I've never heard that term >> before. Thanks. >> > Looking forward to this answer myself Basically, it involves taking a list of names (and addresses or whatever else) that a company already has, and then attaching email addresses (which the "appender" may have been collected from elsewhere, or created using standard patterns, or whatever) to them. So, if a company has a record for a Fred Johnson who lives in California, and the appender has record of a Fred Johnson with an address in California, they would attach the email address from their record onto the company's record for that person. Of course, the trouble is that one or other of the databases may be inaccurate or out of date, or there may just be multiple people with similar names/addresses/whatever so information for different people will be matched together incorrectly. The quality of the resulting information will be lower than the quality of the data they started with, which probably wouldn't have been all that great. If they then email the resulting list, they'll end up hitting a whole number of email addresses that are not correct. It is (according to some, at least) possible to do this without spamming, if the appender gets explicit permission from the owner of the email address before they pass it on. A description of the service from someone that does it is at: http://www.experian.com/products/email_append.html You can find more by doing a google search for "email append". -- Michael From eatmy at grits.com Sun Dec 5 11:34:45 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 13:35:21 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: I've left my computer running all night for the past few days with the MLNS screensaver running. I think I'll start leaving it on all day too while I'm at work. And all the idle computers in my building will be running it as well. "Mike Easter" wrote in message news:corcj8$2k5$1@news.spamcop.net... > Jeff wrote: > > LEMMING POWER!!!!! WOOOOOOOOOOOO HOOOOOOOOOOOOO!!!!!! > > Ha! > > -- > Mike Easter > kibitzer, not SC admin From nobody at spamcop.net Sun Dec 5 13:05:43 2004 From: nobody at spamcop.net (RW) Date: Sun Dec 5 14:10:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Jeff" wrote in message news:covkc0$fim$1@news.spamcop.net... > I've left my computer running all night for the past few days with the > MLNS > screensaver running. I think I'll start leaving it on all day too while > I'm > at work. And all the idle computers in my building will be running it as > well. I'm not sure it's even doing anything. Since the service was suspended I would imagine you are no longer being fed URLs. You should also check where your service provider stands on this issue. Most have denounced the whole idea, not in support of spammers but as a good Netizen, don't fight abuse with abuse, etc. They also have to pay for that bandwidth you are using. Most service providers have provisions in the AUPs regarding this type of misuse, meaning you could find wire cutters coming towards your line. Richard From eatmy at grits.com Sun Dec 5 12:35:06 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 14:35:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "RW" wrote in message news:covm65$gt0$1@news.spamcop.net... > > You should also check where your service provider stands on this issue. > Most have denounced the whole idea, not in support of spammers but as a good > Netizen, don't fight abuse with abuse, etc. They also have to pay for that > bandwidth you are using. > > Most service providers have provisions in the AUPs regarding this type of > misuse, meaning you could find wire cutters coming towards your line. It would be nice if they also had provisions for spammers who abuse their system, but they don't. My service provider is also paying for the millions of spam email they have to process daily, but I don't see them cutting off the spammers in any way. They've ignored all my complaints and they're never going to take any action against the spammers, nor are they going to block incoming spam. If they prefer to cut off a paying customer and keep the spammers, they can go right ahead and do it. Nothing I can do about it. From eatmy at grits.com Sun Dec 5 12:40:22 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 14:45:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "RW" wrote in message news:covm65$gt0$1@news.spamcop.net... > > I'm not sure it's even doing anything. Since the service was suspended I > would imagine you are no longer being fed URLs. Amazing how quickly the anti-spammers are stopped while the spammers run free, isn't it? I'm starting to wonder if I'm on the wrong side. Perhaps I should begin studying the profitability of becoming a spammer. I'd have all kinds of laws and ISPs protecting me. From nobody at spamcop.net Sun Dec 5 16:14:52 2004 From: nobody at spamcop.net (Pop) Date: Sun Dec 5 16:15:02 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: Michael Lefevre" wrote in message news:covch3$amu$1@news.spamcop.net... | David 1 wrote: | > Anonymous wrote: | >> "Bob W." wrote in message | >> news:responseguard-07BB76.20564604122004@news.cesmail.net... | >> | >>> I've been append-spammed by two large organizations within the last two ... | | It is (according to some, at least) possible to do this without spamming, | if the appender gets explicit permission from the owner of the email | address before they pass it on. | | A description of the service from someone that does it is at: | http://www.experian.com/products/email_append.html | You can find more by doing a google search for "email append". | | -- | Michael Well, I'll be damned. Experian, of all people! I used them once a couple years ago for something I was selling - their after-market support is dismal and totally unresponsive. Like they say about power and corruption ... . I wonder who else is doing this? I DO have to say though, that it's still spam if it lands in MY inbox, and if there was any doubt, which there wasn't, it was cemented by the following copied from their site: ---------------- "We collect opt-out requests We return your customer file with appended deliverable email addresses and opt out flags." ------------------- Spam is spam, is spam ... shades of Monty Python! I havent' seen one of these yet, but when I do I'll be sure to not use SC to report it so I can go to extremely extreme prejudice mode. It would even be worth using my congress critter's online forms to send to them. This deserves to get into print somehow; think I'll go see what I can dig up. Anyone else done that yet? No sense reinventing the wheel. Regards, Pop From nobody at spamcop.net Sun Dec 5 16:16:12 2004 From: nobody at spamcop.net (Pop) Date: Sun Dec 5 16:20:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "RW" wrote in message news:covm65$gt0$1@news.spamcop.net... | "Jeff" wrote in message | news:covkc0$fim$1@news.spamcop.net... | > I've left my computer running all night for the past few days with the | > MLNS | > screensaver running. I think I'll start leaving it on all day too while | > I'm | > at work. And all the idle computers in my building will be running it as | > well. | | I'm not sure it's even doing anything. Since the service was suspended I | would imagine you are no longer being fed URLs. | | You should also check where your service provider stands on this issue. | Most have denounced the whole idea, not in support of spammers but as a good | Netizen, don't fight abuse with abuse, etc. They also have to pay for that | bandwidth you are using. | | Most service providers have provisions in the AUPs regarding this type of | misuse, meaning you could find wire cutters coming towards your line. | | Richard | | Not to mention a lawsuit. From nobody at spamcop.net Sun Dec 5 16:20:31 2004 From: nobody at spamcop.net (Pop) Date: Sun Dec 5 16:25:02 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Jeff" wrote in message news:covnt5$hrk$1@news.spamcop.net... | "RW" wrote in message | news:covm65$gt0$1@news.spamcop.net... | > ... | > Most service providers have provisions in the AUPs regarding this type of | > misuse, meaning you could find wire cutters coming towards your line. | | It would be nice if they also had provisions for spammers who abuse their | system, but they don't. My service provider is also paying for the millions | of spam email they have to process daily, but I don't see them cutting off | the spammers in any way. They've ignored all my complaints and they're | never going to take any action against the spammers, nor are they going to | block incoming spam. If they prefer to cut off a paying customer and keep | the spammers, they can go right ahead and do it. Nothing I can do about it. ... True enough in too many places: That's why it's worth a few minutes to pick a good ISP and stick with them and support them as much as possible. My ISP will deny they use blocklists, scan for viruses, and do anything at all about spam, but guess what? They actually do all that, IFF you climb the techie ladder far enoug to talk to someone that knows what the words mean. And, they're pretty danged good at it too! Naturally the less travelled paths still let some spam thru, but it's a pleasure to have them working for me. If it sounds like I work for them, I do not; but I DO work WITH them! Regards, & done bragging, Pop From eatmy at grits.com Sun Dec 5 14:34:13 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 16:35:06 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Pop" wrote in message news:covtql$li4$1@news.spamcop.net... > > Not to mention a lawsuit. Good. As soon as they do that, I'll go to the local news station and newspapers and do an interview denouncing my ISP for suing the customer while protecting the spammers. I know it won't do any good, but I'll do it anyway. From David1 at suescornerweb.com Sun Dec 5 16:39:50 2004 From: David1 at suescornerweb.com (David 1) Date: Sun Dec 5 16:40:04 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: Jeff wrote: > "Pop" wrote in message > news:covtql$li4$1@news.spamcop.net... > > >>Not to mention a lawsuit. > > > > Good. As soon as they do that, I'll go to the local news station and > newspapers and do an interview denouncing my ISP for suing the customer > while protecting the spammers. I know it won't do any good, but I'll do it > anyway. > > Actually it might if done right & with some #s & some proof to back it up, In other words do the reporters job for them & make verification easy on them. They might blow it up as a David & Goliath if hard news is slow. David 1 From me at privacy.net Sun Dec 5 16:56:37 2004 From: me at privacy.net (Frog Prince) Date: Sun Dec 5 17:00:07 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Pop" | | Not to mention a lawsuit. With a jury trial what's the odds of a conviction? From eatmy at grits.com Sun Dec 5 15:46:17 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 17:50:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Frog Prince" wrote in message news:cp0072$nal$1@news.spamcop.net... > > "Pop" > | > | Not to mention a lawsuit. > > With a jury trial what's the odds of a conviction? Pretty high, I'd say. Anti-spammers are hated even more than spammers. This group is evidence of that. From tlsimpson at citlink.net Sun Dec 5 18:23:38 2004 From: tlsimpson at citlink.net (Terry Simpson) Date: Sun Dec 5 18:25:03 2004 Subject: [SpamCop-List] LARTED? Message-ID: What is LARTED? Thanks! From TMHRVMFWREVN at spammotel.com Sun Dec 5 23:21:58 2004 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sun Dec 5 18:30:05 2004 Subject: [SpamCop-List] Re: SC timeouts - Never Mind References: Message-ID: "Spam N Scams Reporter" wrote in message news:cot7qe$451$1@news.spamcop.net... > Spam N Scams Reporter wrote: > > SC has been slow again this morning, with some reports not going through > > without resending. Fortunately, I'm doing other things and not just > > sitting here waiting for the page to load. > > > > Brian > > I'm just multi-tasking a little tooooo much. > > I had been uploading an 18 MB file in the background and I'm not sure if > that was done before I had the slow down. Probably not. > > Brian No, I'm getting Gateway Time Out errors "The proxy server did not receive a timely response from the upstream server." In all the years of surfing I've never seen this error before, Page Not available, OK, but, not this one. Now it's getting as far as parsing, but, not as far as showing who it's to report to or the report now button. Rob From nobody at devnull.spamcop.net Sun Dec 5 17:38:19 2004 From: nobody at devnull.spamcop.net (Cat) Date: Sun Dec 5 18:40:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Terry Simpson wrote: > What is LARTED? > > Thanks! http://www.acronymfinder.com Also, Google is your friend. A simple search of the word LART on Google comes up with several web sites giving you a definition. From TMHRVMFWREVN at spammotel.com Sun Dec 5 23:35:56 2004 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sun Dec 5 18:45:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... > What is LARTED? > > Thanks! Losers Attitude Rearrangement Therapy From TMHRVMFWREVN at spammotel.com Sun Dec 5 23:40:46 2004 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sun Dec 5 18:45:09 2004 Subject: [SpamCop-List] Re: SC timeouts - Never Mind References: Message-ID: "Rob" wrote in message news:cp05f0$qt9$1@news.spamcop.net... > > "Spam N Scams Reporter" wrote in message > news:cot7qe$451$1@news.spamcop.net... > > Spam N Scams Reporter wrote: > > > SC has been slow again this morning, with some reports not going through > > > without resending. Fortunately, I'm doing other things and not just > > > sitting here waiting for the page to load. > > > > > > Brian > > > > I'm just multi-tasking a little tooooo much. > > > > I had been uploading an 18 MB file in the background and I'm not sure if > > that was done before I had the slow down. Probably not. > > > > Brian > > No, I'm getting Gateway Time Out errors "The proxy server did not receive a > timely response from the upstream server." > > In all the years of surfing I've never seen this error before, Page Not > available, OK, but, not this one. > > Now it's getting as far as parsing, but, not as far as showing who it's to > report to or the report now button. > > Rob > > After taking 40 minutes to finally report one spam then the site looking as if it had finally given up the ghost I was about to give up for the night myself...then it suddenly sprang back into life quicker that ever. Something must have got fixed :-) Rob From pete at heypete.com Sun Dec 5 15:44:24 2004 From: pete at heypete.com (Pete Stephenson) Date: Sun Dec 5 18:45:15 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: In article , "Terry Simpson" wrote: > What is LARTED? http://www.retrologic.com/jargon/L/LART.html Luser Attitude Readjustment Tool. 1. n. In the collective mythos of scary devil monastery, this is an essential item in the toolkit of every BOFH. The LART classic is a 2x4 or other large billet of wood usable as a club, to be applied upside the head of spammers and other people who cause sysadmins more grief than just naturally goes with the job. Perennial debates rage on alt.sysadmin.recovery over what constitutes the truly effective LART; knobkerries, automatic weapons, flamethrowers, and tactical nukes all have their partisans. Compare clue-by-four. 2. v. To use a LART. Some would add ³in malice², but some sysadmins do prefer to gently lart their users as a first (and sometimes final) warning. 3. interj. Calling for one's LART, much as a surgeon might call ³Scalpel!². 4. interj. [rare] Used in flames as a rebuke. ³LART! LART! LART!² -- Pete Stephenson HeyPete.com From mfkmek820 at yahoo.com Sun Dec 5 14:47:26 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 5 18:50:02 2004 Subject: [SpamCop-List] Re: SC timeouts - Never Mind References: Message-ID: "Rob" wrote in message news:cp05f0$qt9$1@news.spamcop.net... > > > Now it's getting as far as parsing, but, not as far as showing who it's to > report to or the report now button. > > Rob Too much traffic from makelovenotspam and spam colliding on the net. We better terminate the lovenotspam crowd so that the spam can again flow freely. Fred K From mfkmek820 at yahoo.com Sun Dec 5 14:55:06 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 5 19:00:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Cat" wrote in message news:cp0650$rhi$1@news.spamcop.net... > Also, Google is your friend. A simple search of the word LART on Google > comes up with several web sites giving you a definition. Ah but alas, the poor person wanted a simple definition of lart as it is used here. Following the kind brush-off by cat leads one on an adventure and after doing it I a gave up weeding through numerous definitions that do not clearly define the term as it seems to be used in this NG. Fred K P.S. If I was sure as to what it means I would tell. From puoti at inwind.it Mon Dec 6 01:02:46 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 5 19:05:03 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: The lycos screensaver isn't working at the moment, in the mean time you can use this page instead http://www003.portalis.it/115/spammustdie.html Ivan. From eatmy at grits.com Sun Dec 5 17:32:30 2004 From: eatmy at grits.com (Jeff) Date: Sun Dec 5 19:35:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: COOL! I'll run anything I can get my hands on and leave it running as long as possible! Thanks! "Ivan Leo Puoti" wrote in message news:cp07kn$sor$1@news.spamcop.net... > The lycos screensaver isn't working at the moment, in the mean time you > can use this page instead > http://www003.portalis.it/115/spammustdie.html > > Ivan. From baloo at ursine.dyndns.org Sun Dec 5 16:59:06 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sun Dec 5 20:00:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <1102294783.600602@ursine.dyndns.org> Terry Simpson wrote: > What is LARTED? Look it up, it's in the Jargon File. http://ursine.dyndns.org/Jargon:LART -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From nobody at spamcop.net Sun Dec 5 19:55:12 2004 From: nobody at spamcop.net (RW) Date: Sun Dec 5 21:00:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Jeff" wrote in message news:covush$m82$1@news.spamcop.net... > "Pop" wrote in message > news:covtql$li4$1@news.spamcop.net... > >> >> Not to mention a lawsuit. > > > Good. As soon as they do that, I'll go to the local news station and > newspapers and do an interview denouncing my ISP for suing the customer > while protecting the spammers. I know it won't do any good, but I'll do > it > anyway. That isn't the fear. The fear is a) the spammer or b) legit customers on the targeted server suing your service provider for allowing their network to be used in a ddos against their server. I don't argue spam is costing your ISP (and hence you) a fortune. We are extremely lucky broadband is still a very competitive market and these cost increases haven't been passed on to the consumer -- yet. We do need a few more ISPs taking the big five route and suing the persistant spammers. Unfortunately few can afford to spend the millions necessary to collect nothing, knowing the spammers will simply slither out from under a different rock to spin their game again. Richard From nobody at spamcop.net Sun Dec 5 20:02:09 2004 From: nobody at spamcop.net (RW) Date: Sun Dec 5 21:05:03 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: "Ivan Leo Puoti" wrote in message news:cp07kn$sor$1@news.spamcop.net... > The lycos screensaver isn't working at the moment, in the mean time you > can use this page instead > http://www003.portalis.it/115/spammustdie.html > > Ivan. Not that I'm condoning it, but having multiple windows open would hit them harder. You also have to make sure you aren't running through your ISP's proxy, otherwise you'll just be reloading off the proxy and not touching the website's bandwidth. Richard From MikeE at ster.invalid Sun Dec 5 18:31:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 5 21:35:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: Fred K wrote: > "Cat" >> Also, Google is your friend. A simple search of the word LART on >> Google comes up with several web sites giving you a definition. > > Ah but alas, the poor person wanted a simple definition of lart as it > is used here. Some people are into spoonfeeding the hapless or uninformed, while others would rather show them the way to get information, including some dirty work. > Following the kind brush-off by cat leads one on an > adventure and after doing it I a gave up weeding through numerous > definitions that do not clearly define the term as it seems to be > used in this NG. And therein lies the 'educational' process. It's just like troubleshooting. The hours you spend chasing the wrong ponies are all part of the overall process that lead to the greater wisdom based on all experiences in the longrun. While there is some 'education' in being pointed to exactly the right page without superfluous effort, the /extra/ effort shows you/the novice/ pathways which will/might be invaluable in some future effort, and are certainly valuable in teaching one some pathways and experiences that don't work very well. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Mon Dec 6 03:30:46 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 5 21:40:03 2004 Subject: [SpamCop-List] Re: How can this be? References: Message-ID: <41B3C456.5B92@xyzzy.claranet.de> Fred K wrote: > could you tell me what is wrong with this picture? [...] > [Norton Spam] http://groups.google.com/groups?q=author%3A@symantec.invalid From MikeE at ster.invalid Sun Dec 5 18:46:39 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 5 21:50:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: Terry Simpson wrote: > What is LARTED? IMO The term has lost its relevance and should be considered pass? - that particular word looks to me like p a s s then [e acute]. That is, once upon a time, a notify had some 'impact' -- the notify would 'affect' the spammer adversely; but no more. Nowadays, a 'luser attitude readjustment tool' is instead a rather ineffectual notify, which isn't a 'clue by four' upside the head of the spammer at all. The spammer is laughing all the way to the bank and the spam reporter is only pretending to be 'larting' The spam reporter isn't actually swinging a cluebyfour, and the spammer therefore isn't getting 'larted'. So the term should be dead and buried. In its current iteration it is an 'embarassment' - a notion of times gone by, as far as I'm concerned. It is all jivetalk 'jargon' which doesn't have the same meaning which it once did. It implies a power or significance greater than a typical notify deserves. IMO. -- Mike Easter kibitzer, not SC admin From mfkmek820 at yahoo.com Sun Dec 5 17:55:27 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 5 22:00:16 2004 Subject: [SpamCop-List] Re: How can this be? References: <41B3C456.5B92@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:41B3C456.5B92@xyzzy.claranet.de... > Fred K wrote: > >> could you tell me what is wrong with this picture? > [...] >> [Norton Spam] > > http://groups.google.com/groups?q=author%3A@symantec.invalid > Could you please tell me what I am supposed to look for on that page. Fred K From nobody at xyzzy.claranet.de Mon Dec 6 04:34:51 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 5 22:40:01 2004 Subject: [SpamCop-List] Re: How can this be? References: <41B3C456.5B92@xyzzy.claranet.de> Message-ID: <41B3D35A.32AC@xyzzy.claranet.de> Fred K wrote: > Could you please tell me what I am supposed to look for > on that page. You're supposed to identify "symantec" and "norton" in mail as synonyms for "FUBAR" and "clueless user". In your case they apparently "protect" their abuse@ mailbox with a tool claiming to identify spam, and in fact your spam report was about spam. Game over, tilt, report it to the deputies@SC Bye, Frank From tdy at blackhole.invalid Sun Dec 5 19:45:58 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 5 22:50:02 2004 Subject: [SpamCop-List] Re: Why won't this work? References: Message-ID: In article , I'm_a_victim says... > If the header is scanned by a gate keeper of all email entering the US... There is no such thing. There can be no such thing; at least not until the U.S. Government takes over the U.S. part of the Internet. Companies like TWT and SBC "own"[1] the U.S. government, so that will never happen. [1] As in making significant political contributions to legislators who will, in turn, act on legislation which favors them over competition. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sun Dec 5 19:48:38 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 5 22:50:09 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: In article , Anonymous says... > "Bob W." wrote in message > news:responseguard-07BB76.20564604122004@news.cesmail.net... > > I've been append-spammed by two large organizations within the last two > > weeks. First it was (and still is) the Smithsonian. CheetahMail handles > > the delivery. > Can you describe what append-spamming is? I've never heard that term > before. Thanks. Could it be that the OP was referring to "epending"? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sun Dec 5 19:53:39 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 5 22:55:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: In article , Mike Easter says... > Terry Simpson wrote: > > What is LARTED? > IMO > The term has lost its relevance and should be considered pass? - that > particular word looks to me like p a s s then [e acute]. In other words, contemporary notifies have no impact. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Sun Dec 5 23:14:18 2004 From: nobody at spamcop.net (Tom) Date: Mon Dec 6 00:15:02 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: On Sun, 5 Dec 2004 18:31:01 -0800, Mike Easter wrote: >While there is some 'education' in being pointed to exactly the right >page without superfluous effort, the /extra/ effort shows you/the >novice/ pathways which will/might be invaluable in some future effort, >and are certainly valuable in teaching one some pathways and experiences >that don't work very well. Boy, Mike, but you use big words Commenting on some of your snipped stuff, I'm of the opinion that there is a time for each approach. Usually, when I run across something that I don't have a clue on, I just wait to see if someone else is floating in the same boat as I... and then I get the answer without looking stupid or drawing negative comments. I agree, by the way, with your assessment (at least, partially), but sometimes prefer the clue-by-four route... From nobody at spamcop.net Sun Dec 5 23:16:50 2004 From: nobody at spamcop.net (Tom) Date: Mon Dec 6 00:20:02 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: On Sun, 5 Dec 2004 19:53:39 -0800, N. Miller wrote: >> The term has lost its relevance and should be considered pass? - that >> particular word looks to me like p a s s then [e acute]. > >In other words, contemporary notifies have no impact. Except to build black/block lists. Which is why to sooner you can report spam to the time it was delievered, the better. From David1 at suescornerweb.com Mon Dec 6 00:43:17 2004 From: David1 at suescornerweb.com (David 1) Date: Mon Dec 6 00:45:07 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Tom wrote: > On Sun, 5 Dec 2004 19:53:39 -0800, N. Miller wrote: > > >>>The term has lost its relevance and should be considered pass? - that >>>particular word looks to me like p a s s then [e acute]. >> >>In other words, contemporary notifies have no impact. > > > Except to build black/block lists. > > Which is why to sooner you can report spam to the time it was > delievered, the better. > My avg. According to spam cop usually runs between 2 - 5 hours, is that considered ok??? David 1 From nobody at spamcop.net Sun Dec 5 21:52:23 2004 From: nobody at spamcop.net (Dar) Date: Mon Dec 6 00:55:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: > > "Cat" wrote in message > > Also, Google is your friend. A simple search of the word LART on Google > > comes up with several web sites giving you a definition. > "Fred K" wrote in message > Ah but alas, the poor person wanted a simple definition of lart as it is > used here. Following the kind brush-off by cat leads one on an adventure and > after doing it I a gave up weeding through numerous definitions that do not > clearly define the term as it seems to be used in this NG. > > Fred K > P.S. If I was sure as to what it means I would tell. Or, as I used to tell my children, "If I *tell* you how it's spelled, you'll forget. If you look it up, you're more likely to remember." In the case of *Google is your friend*, there's always the possibility of even *more* you'll learn in the process. If may not be specific to your original question, but what's wrong with that? Learning is learning and that's never a bad thing. I've already forgotten what the term LARTED means. Dar From nobody at devnull.spamcop.net Mon Dec 6 00:40:53 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Dec 6 01:45:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pete Stephenson wrote: > In article , > "Terry Simpson" wrote: > > >>What is LARTED? > > > http://www.retrologic.com/jargon/L/LART.html > > Luser Attitude Readjustment Tool. You were supposed to show him how to look it up on his own. :-P From nobody at devnull.spamcop.net Mon Dec 6 00:48:08 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Dec 6 01:50:02 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Mike Easter wrote: > Fred K wrote: >>Ah but alas, the poor person wanted a simple definition of lart as it >>is used here. My point was that people should learn to look it up. I was always taught "If you don't know the answer, look it up" when I was a kid. It taught me how to research things and how to think for myself instead of having everyone hand me all the answers. Then if I still can't find the answer, I'll ask. > Some people are into spoonfeeding the hapless or uninformed, while > others would rather show them the way to get information, including some > dirty work. Agreed. I think people get too lazy and don't want to do any work for themselves and instead expect other people to spoon feed them all the time. >>Following the kind brush-off by cat leads one on an Note to Frank: That's Cat with a capital C, and it wasn't a brush off. I showed him how to look up information on his own. Seriously, when the answers to things like that can be found through a simple Google search of the term, people shouldn't ask them here. From SpamNScamsReporter# at gmail#.com# Sun Dec 5 22:51:29 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Mon Dec 6 01:55:04 2004 Subject: [SpamCop-List] Re: SC timeouts - Never Mind In-Reply-To: References: Message-ID: Rob wrote: > "Spam N Scams Reporter" wrote in message > news:cot7qe$451$1@news.spamcop.net... > >>Spam N Scams Reporter wrote: >> >>>SC has been slow again this morning, with some reports not going through >>>without resending. Fortunately, I'm doing other things and not just >>>sitting here waiting for the page to load. >>> >>>Brian >> >>I'm just multi-tasking a little tooooo much. >> >>I had been uploading an 18 MB file in the background and I'm not sure if >>that was done before I had the slow down. Probably not. >> >>Brian > > > No, I'm getting Gateway Time Out errors "The proxy server did not receive a > timely response from the upstream server." > > In all the years of surfing I've never seen this error before, Page Not > available, OK, but, not this one. > > Now it's getting as far as parsing, but, not as far as showing who it's to > report to or the report now button. > > Rob > > I was running into that somewhat frequently, which was the reason for my original post. Then I realized that this time may have been due to me uploading a 17 MB database file. I don't know if it was or not. I have a fairly fast connection. Brian From vincehoran at gmail.com Mon Dec 6 11:56:46 2004 From: vincehoran at gmail.com (Vince Horan) Date: Mon Dec 6 06:56:50 2004 Subject: [SpamCop-List] Did Clara Net abuse all its customers today? Message-ID: In my pile of mails from overnight were a few dumbers auto-responding to viruses. Nothing unusual about that, other than when I looked at the original header, there was no mention of any of my domains. The reply address was annlist@clara.net. As a few more of these poured in, also directed to annlist@clara.net, it became apparent that this was publically exploitable way of emailing Clara Net customers. A call the Clara Net found they were aware of the problem and had shut it down. Thanks Clara Net. From michael.spamcop at michaellefevre.com Mon Dec 6 12:39:01 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Mon Dec 6 07:40:03 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: Pop wrote: > Michael Lefevre" wrote in > message news:covch3$amu$1@news.spamcop.net... [snip] >| A description of the service from someone that does it is at: >| http://www.experian.com/products/email_append.html >| You can find more by doing a google search for "email append". > > Well, I'll be damned. Experian, of all people! I used them once > a couple years ago for something I was selling - their > after-market support is dismal and totally unresponsive. Like > they say about power and corruption ... . > > I wonder who else is doing this? Abacus/Doubleclick Omnipoint I'm sure there are others that whose names would be familiar... -- Michael From puoti at inwind.it Mon Dec 6 14:40:39 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 6 08:45:03 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: > Not that I'm condoning it, but having multiple windows open would hit them > harder. It won't, you'll use the same bandwidth. If anyone sees that only part of his bandwidth is being used, let me know and I'll add more spamvertised sites. Ivan. From bar_n0ne at hotmail.com Mon Dec 6 17:53:51 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 6 08:55:02 2004 Subject: [SpamCop-List] who is pdlweb@yahoo.com (3d party interested)? Message-ID: seeing them a lot lately on my Rx spams for *.abbey1eater.com. Also looks like someone is using yahoo for commercial purposes. From puoti at inwind.it Mon Dec 6 15:05:10 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 6 09:10:03 2004 Subject: [SpamCop-List] Want to get to a spammer? Message-ID: I've got a spam in russian spamvertising some sort of event, a physical address is given, I take no responsibility if someone turns up to the event and beats up the organizer :) http://www.spamcop.net/sc?id=z699774522z227efe462e0c7c11f6502a15111aa39bz;action=display Babelfish translation The palace of the culture Of mIITa, the club of amateurs KVN "perchbox" propose to your attention NEW-YEAR IDEA for the children and schoolboys "MAN- SPIDER AGAINST Ram- Yagi". Captivating adventures occur in the magic fairytale scaffolding. Dark forces headed by the ram Of yagoy want to prevent good new-year history. Insidious concept and ominous intrigues could be carried out, if not super-hero. New-year musical fairy tale with the specials-effect, the splendid suits and the amusing jokes will be interesting not only to children, but also to their parents. Holiday will begin already in the foyer of the palace of the culture, where the heroes of the fairy tales caught the fancy by it and cartoons will meet the children. And, of course, it will not manage without the surprises and the new-year magic. New-year idea is passed daily from 25 December through 09 January (10:30, 13:00, 15:30). With the address: m. is novoslobodskaya, Novosushchevskiy alley, house 6, the palace of the culture Of mIITa. Duration of play - 1 hour. Interludes in fir tree - 30 minutes. Cost of one entrance ticket with the gift - 180 rubles, the cost of one entrance ticket for the parents - 90 rubles (payment with available and by clearing order). On questions of the acquisition of tickets be turned on the telephones: 973-35-52, 973-49-90 (from 9:00 to 22:00) is possible the delivery of tickets. Passage: m. is novoslobodskaya, is Mendeleyev's, is Belorussian, tr. ? 19, to the stoppage: &.tsuot;DK Of mIITa&.tsuot;. Gotovtes' to become rukovoditelem&.tsuot;. a similar type it reached to me pleasure. I showed, who here owner, it decided to send personal representative, emissary of peace, for negotiations c From puoti at inwind.it Mon Dec 6 15:08:07 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 6 09:10:10 2004 Subject: [SpamCop-List] gdeter@ns.cr does NOT bounce. Message-ID: This address does not bounce, please stop devnulling. From ng.fjxrp at jondh.me.uk Mon Dec 6 14:27:49 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Mon Dec 6 09:30:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: > "Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... > > What is LARTED? > > Thanks! To all ... IMHO this sounded like a perfectly reasonable question. Yes, it can be looked up on Google, but Terry chose a much more sociable method - and asked real people. Yet sometimes respondents prefer to get snippy - which reflects badly on the rest of us. Netiquette isn't about being rude to people - AFAIK anyway - it is a method which helps us all to get along in our virtual environment. Most of us wouldn't abuse a co-worker and accuse them of wanting "spoonfeeding" if they approached us at our desk to ask a (possibly obvious) question - so why do we do it when we are online? Apologies all - I have just seen too much unnecessary unhelpfulness in this NG to not say anything. Anyway, have a nice day all :o) Jon -- Please don't mail ng.fjxrp@jondh.me.uk as it is a spamtrap. From nospam at nospam.org Mon Dec 6 17:12:55 2004 From: nospam at nospam.org (geo_splash_12) Date: Mon Dec 6 11:15:02 2004 Subject: [SpamCop-List] SPAMCOP down? Message-ID: No response here at 17:10 MET, but ping seems to work, is the web server down? -- And your Chinese exchange student asks: what does it mean "I'm busy". Location 51 57'N 4 28'E From Kilgallen at SpamCop.net Mon Dec 6 10:25:57 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Dec 6 11:30:07 2004 Subject: [SpamCop-List] Re: Want to get to a spammer? References: Message-ID: In article , Ivan Leo Puoti writes: > I've got a spam in russian spamvertising some sort of event, a physical > address is given, I take no responsibility if someone turns up to the > event and beats up the organizer :) Even if you have promoted violence in response to a joe job ? From nobody at spamcop.net Mon Dec 6 11:58:44 2004 From: nobody at spamcop.net (Ellen) Date: Mon Dec 6 12:10:04 2004 Subject: [SpamCop-List] Re: who is pdlweb@yahoo.com (3d party interested)? References: Message-ID: "Berny" wrote in message news:cp1o9k$ph5$1@news.spamcop.net... > seeing them a lot lately on my Rx spams for *.abbey1eater.com. > > Also looks like someone is using yahoo for commercial purposes. > > > IP? full spamvertized url? No way I can even attempt to answer your question without that information. Ellen From nobody at devnull.spamcop.net Mon Dec 6 11:50:34 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Dec 6 12:55:03 2004 Subject: [SpamCop-List] Re: gdeter@ns.cr does NOT bounce. References: Message-ID: "Ivan Leo Puoti" wrote in message news:cp1p5t$qg9$1@news.spamcop.net... > This address does not bounce, please stop devnulling. Can you guarantee that this ISP is not bouncing e-mail from SpamCop? From David1 at suescornerweb.com Mon Dec 6 12:52:46 2004 From: David1 at suescornerweb.com (David 1) Date: Mon Dec 6 12:55:14 2004 Subject: [SpamCop-List] Re: gdeter@ns.cr does NOT bounce. In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > This address does not bounce, please stop devnulling. um could it be that a program like Mailwasher is bouncing it ???? At the users request. From David1 at suescornerweb.com Mon Dec 6 13:34:37 2004 From: David1 at suescornerweb.com (David 1) Date: Mon Dec 6 13:35:03 2004 Subject: [SpamCop-List] sc Black listed Message-ID: I posted the following knowing that one of the folks there would tell me what to do with it one way or the other so after an answer I'll post it here. ************************ Look, I'm new, I dont' know where to go with this or if it's even worth it so I'll just throw it the source out here & leave it up to those that know what to do to do something with it if needed # spamcop is fucked up spamcop.net 554 blocked dom We are sorry, but we cannot accept any more guaranteed 100% nonsense misdirected and false spamcop reports. Matter referred to Julian Haight, but he cannot fix spamcop reporting without breaking other features he considers more important. See Taken from http://www.river.com/ops/spam/bad-domains.txt It was the last entry at the time I posted this. I found it while I was doing a scam search on something else. David 1 From tmcgraw at spamcop.net Mon Dec 6 13:10:37 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Dec 6 16:15:02 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Jon (spamtrap) wrote: >>"Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... >> >>What is LARTED? >> >>Thanks! > > I just read the entire thread and thought the only rude post was by Fred K. From kenbrody at spamcop.net Mon Dec 6 15:47:17 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 6 16:15:14 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <41B4C555.8EC4D206@spamcop.net> Cat wrote: > > Mike Easter wrote: > > Fred K wrote: > > > > >>Ah but alas, the poor person wanted a simple definition of lart as it > >>is used here. > > My point was that people should learn to look it up. I was always taught > "If you don't know the answer, look it up" when I was a kid. It taught > me how to research things and how to think for myself instead of having > everyone hand me all the answers. Then if I still can't find the answer, > I'll ask. Or, as I like to say, "I'm trying to teach them to fish". > > Some people are into spoonfeeding the hapless or uninformed, while > > others would rather show them the way to get information, including some > > dirty work. > > Agreed. I think people get too lazy and don't want to do any work for > themselves and instead expect other people to spoon feed them all the time. Although acronymfinder is a better choice for this particular task, Google for both "lart" and "larted" bring relevent pages as the third ranking entry for each search. I'm not sure how much weeding needs to be done to find the "right" answer. [...] -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Mon Dec 6 15:48:57 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 6 16:15:20 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <41B4C5B9.8D629AF5@spamcop.net> Dar wrote: [...] > I've already forgotten what the term LARTED means. Actually, I think it's more accurately "LARTed", as "LART" is the acronym, and "ed" is the suffix to make it past tense. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Mon Dec 6 16:14:29 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 6 16:15:28 2004 Subject: [SpamCop-List] Re: sc Black listed References: Message-ID: <41B4CBB5.BF5DDB19@spamcop.net> David 1 wrote: [...] > # spamcop is fucked up > spamcop.net 554 blocked dom We are sorry, but we cannot accept any > more guaranteed 100% nonsense misdirected and false spamcop reports. > Matter referred to Julian Haight, but he cannot fix spamcop reporting > without breaking other features he considers more important. See > > > Taken from http://www.river.com/ops/spam/bad-domains.txt > > It was the last entry at the time I posted this. I found it while I was > doing a scam search on something else. I though SpamCop can be told "I don't want any reports", and they'll automatically be /dev/null'ed? I'd love to know what sort of "guaranteed 100% nonsense misdirected and false spamcop reports" this person gets? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From tmcgraw at spamcop.net Mon Dec 6 13:15:30 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Dec 6 16:20:04 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? In-Reply-To: References: Message-ID: Possum Trot wrote: > Ellen, and all, > > The article says that the targets for the attack are obtained from > SPAMCOP.COM, not our SPAMCOP.NET. The article at http://www.heise.de/english/newsticker/news/53697 says "SpamCop" and links to spamcop.net But as we all know by now, this program has ben suspended indefinitely by Lycos. From Merlyn at Spamcop.net Mon Dec 6 16:20:31 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Dec 6 16:25:04 2004 Subject: [SpamCop-List] Re: sc Black listed References: Message-ID: "David 1" wrote in message news:cp28nu$5ce$2@news.spamcop.net... >I posted the following knowing that one of the folks there would tell me >what to do with it one way or the other so after an answer I'll post it >here. > ************************ > Look, I'm new, I dont' know where to go with this or if it's even worth it > so I'll just throw it the source out here & leave it up to those that > know what to do to do something with it if needed > > # spamcop is fucked up > spamcop.net 554 blocked dom We are sorry, but we cannot accept any more > guaranteed 100% nonsense misdirected and false spamcop reports. Matter > referred to Julian Haight, but he cannot fix spamcop reporting without > breaking other features he considers more important. See > > > Taken from http://www.river.com/ops/spam/bad-domains.txt > > It was the last entry at the time I posted this. I found it while I was > doing a scam search on something else. They should just add themselves to their own BOFH List. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From MikeE at ster.invalid Mon Dec 6 14:09:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 6 17:10:03 2004 Subject: [SpamCop-List] Re: sc Black listed References: Message-ID: David 1 wrote: > I posted the following knowing that one of the folks there would tell > me what to do with it one way or the other so after an answer I'll > post it here. > http://www.river.com/ops/nospam/ river's nospam page explains that their users can choose one of 6 levels of spamblocking. The first level is/ could be/ very sensible, except for the fact that it is extremely outdated. Its intention is to use dnsbl/s to block open smtp relays and proxies which is a good idea. That would be a good thing to block, but over half of the dnsbl/s chosen are way outawhack because they don't exist anymore, so that is evidence that either river doesn't know what they are doing, or this is actually an old outdated page of no relevance. Since my search for a link to the page shows it to appear to being currently used or referred to, I have to assume there is some kind of currently operational functionality there. > Taken from http://www.river.com/ops/spam/bad-domains.txt Unfortunately, the very next level up starts getting even more stupid. Not only does it add some more old outdated lists, such as two more from easynet whose functions have gone over to a different blocklister, but then it adds domain blocking, which is generally way dumb, and it appears that their netblock list is also pretty dumb. It is the domainblocking that includes spamcop. Surprisingly, they /claim/ that the next level up, which adds spews and tons of freemail provider domainnames in addition to the other both bad and outdated choices is both their default and most popular method. When I try to find my way to river's 'front page' - if they are functioning as an ISP or some other kinds of mailservice provider - I don't have much luck. They are in netrack.net's blockspace. I would have to hear from someone who is actually a river mail user to believe that the river MX, which is mail.river.com DNS 206.168.117.188 actually functions like that. The poster who is posting in sightings and 'referring' to the river pages above is unfortunately not posting to sightings properly, since he doesn't post the full headers of the spam. Doh! The poster who is citing those pages in nanae and sightings is Richard Johnson, who uses a whirlpool.river.com address in his From; so apparently the page is getting stamped onto spam, and the 2 MXes for whirlpool are different from river, but in the same netblock. -- Mike Easter kibitzer, not SC admin From spamcop at oitc.com Mon Dec 6 18:22:18 2004 From: spamcop at oitc.com (spamcop) Date: Mon Dec 6 18:25:08 2004 Subject: [SpamCop-List] 3rd party suspect Message-ID: RE: http://www.spamcop.net/sc?id=z699944393zfb471cc9c9d73d688c524882956fa215z Has Re: http://jngo.net/y.z?l=https://secure.directtrac... (Third party interested in spamvertized web site) To: spamcop@us.jangomail.com (Notes) Well jangomail.com is owned by Ajay Goel who looks awefully fishy to me (http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2149) Organization: Silicomm Corporation Ajay Goel 5335 Far Hills Avenue, Suite 222 Dayton, OH 45429 US Phone: 9374358122 Fax..: 6306044082 Email: ajay@silicomm.com Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: JANGOMAIL.COM Created on..............: Fri, Sep 20, 2002 Expires on..............: Thu, Sep 20, 2007 Record last updated on..: Fri, Apr 16, 2004 Administrative Contact: Silicomm Corporation Ajay Goel 5335 Far Hills Avenue, Suite 222 Dayton, OH 45429 US Phone: 9374358122 Fax..: 6306044082 Email: ajay@silicomm.com Technical Contact, Zone Contact: Register.Com Domain Registrar 575 8th Avenue - 11th Floor New York, NY 10018 US Phone: 902-749-2701 Fax..: 902-749-5429 Email: domain-registrar@register.com Domain servers in listed order: DNS2.SILICOMM.COM 64.56.108.182 NS0.DNSMADEEASY.COM 63.219.151.3 NS1.DNSMADEEASY.COM 69.10.137.166 NS3.DNSMADEEASY.COM 64.246.42.123 From TMHRVMFWREVN at spammotel.com Mon Dec 6 23:32:36 2004 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Mon Dec 6 18:35:02 2004 Subject: [SpamCop-List] Re: SPAMCOP down? References: Message-ID: "geo_splash_12" wrote in message news:cp20e8$vf9$1@news.spamcop.net... > No response here at 17:10 MET, but ping seems to work, is the web server > down? > > -- > And your Chinese exchange student asks: what does it mean "I'm busy". > Location 51 57'N 4 28'E Not quite down. It's very slow, taking me 10+ mins to get half way through a parse then it fails. Same as yesterday about the same time. From TMHRVMFWREVN at spammotel.com Mon Dec 6 23:43:33 2004 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Mon Dec 6 18:45:03 2004 Subject: [SpamCop-List] Re: SPAMCOP down? References: Message-ID: "Rob" wrote in message news:cp2q76$h5l$1@news.spamcop.net... > > "geo_splash_12" wrote in message > news:cp20e8$vf9$1@news.spamcop.net... > > No response here at 17:10 MET, but ping seems to work, is the web server > > down? > > > > -- > > And your Chinese exchange student asks: what does it mean "I'm busy". > > Location 51 57'N 4 28'E > > Not quite down. It's very slow, taking me 10+ mins to get half way through > a parse then it fails. Same as yesterday about the same time. > > After about 45 mins it returned to normal. Seems to have happened same time two nights in a row. From MikeE at ster.invalid Mon Dec 6 15:47:18 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 6 18:50:03 2004 Subject: [SpamCop-List] Re: Lycos DDos Screensaver ? References: Message-ID: Tim McGraw wrote: > The article at http://www.heise.de/english/newsticker/news/53697 says > "SpamCop" and links to spamcop.net The spamcop statement in that article isn't at all accurate. It sez: "Currently, Lycos is waging war against the notorious spammers blacklisted at Spamcop." where 'Spamcop' links to http://www.spamcop.net/ When, in fact, the spamvertisers which were being targetted were not /blacklisted at spamcop/ at all, since SC doesn't blacklist spamvertisers, but simply posts them on the stats page -- and those spamsource IPs, which /are/ blacklisted by the SCbl, are *not* the targets of the now defunct MLNS screensaver. Poorly written articles are a pain. -- Mike Easter kibitzer, not SC admin From eatmy at grits.com Mon Dec 6 17:40:15 2004 From: eatmy at grits.com (Jeff) Date: Mon Dec 6 19:45:08 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: GIMME GIMME GIMME!!! "Ivan Leo Puoti" wrote in message news:cp1nid$p0e$1@news.spamcop.net... > > Not that I'm condoning it, but having multiple windows open would > hit them > > harder. > > It won't, you'll use the same bandwidth. If anyone sees that only part > of his bandwidth is being used, let me know and I'll add more > spamvertised sites. > > Ivan. From nobody at spamcop.net Mon Dec 6 18:26:16 2004 From: nobody at spamcop.net (Dar) Date: Mon Dec 6 21:30:05 2004 Subject: [SpamCop-List] Spammer Software Message-ID: I'm finding conflicting answers to this question: Can spammer software spider database generated web pages? I have concern for a listing of Chamber of Commerce members on a local web site. I've smacked two Chamber members who were caught spamming other members one by one, but what about the pros? Dar From nobody at spamcop.net Mon Dec 6 21:17:34 2004 From: nobody at spamcop.net (Ellen) Date: Mon Dec 6 21:35:02 2004 Subject: [SpamCop-List] Re: 3rd party suspect References: Message-ID: "spamcop" wrote in message news:BDDA53DA.EF2E%spamcop@oitc.com... > RE: > http://www.spamcop.net/sc?id=z699944393zfb471cc9c9d73d688c524882956fa215z > > Has Re: http://jngo.net/y.z?l=https://secure.directtrac... (Third party > interested in spamvertized web site) > To: spamcop@us.jangomail.com (Notes) > > Well jangomail.com is owned by Ajay Goel who looks awefully fishy to me > (http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2149) > > Organization: > Silicomm Corporation > Ajay Goel > 5335 Far Hills Avenue, Suite 222 > Dayton, OH 45429 > US > Phone: 9374358122 > Fax..: 6306044082 > Email: ajay@silicomm.com > > Registrar Name....: Register.com > Registrar Whois...: whois.register.com > Registrar Homepage: http://www.register.com > > Domain Name: JANGOMAIL.COM > > Created on..............: Fri, Sep 20, 2002 > Expires on..............: Thu, Sep 20, 2007 > Record last updated on..: Fri, Apr 16, 2004 > > Administrative Contact: > Silicomm Corporation > Ajay Goel > 5335 Far Hills Avenue, Suite 222 > Dayton, OH 45429 > US > Phone: 9374358122 > Fax..: 6306044082 > Email: ajay@silicomm.com > > Technical Contact, Zone Contact: > Register.Com > Domain Registrar > 575 8th Avenue - 11th Floor > New York, NY 10018 > US > Phone: 902-749-2701 > Fax..: 902-749-5429 > Email: domain-registrar@register.com > > Domain servers in listed order: > > DNS2.SILICOMM.COM 64.56.108.182 > NS0.DNSMADEEASY.COM 63.219.151.3 > NS1.DNSMADEEASY.COM 69.10.137.166 > NS3.DNSMADEEASY.COM 64.246.42.123 > I'm sorry but I do not see anything about jangomail or Ajay Goel at your rosko reference other than this line: *AntiSpews.org identified as Ajay Goel (Silicomm Corporation, WangoMail). which appears to be a link to google (gah what did google do to newgroups) and after looking at 20 or so posts in that thread I don't see any "identification" -- if you want to point me at the exact post I would be happy to look at it. Ellen From nobody at spamcop.net Tue Dec 7 07:12:33 2004 From: nobody at spamcop.net (nospam) Date: Mon Dec 6 22:15:17 2004 Subject: [SpamCop-List] Re: who is pdlweb@yahoo.com (3d party interested)? References: Message-ID: in article cp23h8$1t6$1@news.spamcop.net, Ellen at nobody@spamcop.net wrote on 12/6/04 8:58 PM: > > > "Berny" wrote in message > news:cp1o9k$ph5$1@news.spamcop.net... >> seeing them a lot lately on my Rx spams for *.abbey1eater.com . >> >> Also looks like someone is using yahoo for commercial purposes. >> >> >> > > IP? full spamvertized url? No way I can even attempt to answer your question > without that information. > > Ellen > > That is an interested 3d party for spamvertized URLS, among them: http://(various random strings -hence the "*").abbey1eater.com From MikeE at ster.invalid Mon Dec 6 19:14:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 6 22:15:43 2004 Subject: [SpamCop-List] Re: 3rd party suspect References: Message-ID: Ellen wrote: > (gah what did google > do to newgroups) Ain't 'dat 'de troof! Slashdotters to campaign for the old googlegroups < /. cite follows> "[...] Unfortunately, as of December 5th, Google Groups Beta is back and you can't get to the original (wonderful) Google Groups anymore. Be sure to share your opinion with Google." However, not to be 'daunted', searching google groups on 'google groups' and also seeing that 'everyone' hates the new googlegroups beta -- I found a Brit sed [and so far it is still true] that the old google groups is still available at google.co.uk. -- Mike Easter kibitzer, not SC admin From baloo at ursine.dyndns.org Mon Dec 6 19:33:52 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Mon Dec 6 22:45:03 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: <1102390991.339034@ursine.dyndns.org> Dar wrote: > I'm finding conflicting answers to this question: Can spammer software > spider database generated web pages? I have concern for a listing of > Chamber of Commerce members on a local web site. I've smacked two > Chamber members who were caught spamming other members one by one, > but what about the pros? You answered your own question. The answer is yes, spammer's software can spider through database generated web pages. However, on the flip side of the coin, any kind of munging (be it copy protection on CDs or munging email addresses) is considered harmful as it only hinders legitimate use while doing *ZERO* to stop illegitimate use. Just as DVD copy protection and region encoding was rendered irrelevant by a single, nearly 40-year-old UNIX command and regionless drives, email munging has long since been rendered stupid as it hinders the ability of real people to quickly and easily send you an email while doing nothing to slow down the spammers with automated demungers. Address-specific arguments: http://www.interhack.net/pubs/munging-harmful/ -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Mon Dec 6 19:35:58 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Mon Dec 6 22:45:10 2004 Subject: [SpamCop-List] Re: sc Black listed References: Message-ID: <1102390992.283602@ursine.dyndns.org> David 1 wrote: > I posted the following knowing that one of the folks there would tell me > what to do with it one way or the other so after an answer I'll post it > here. > ************************ > Look, I'm new, I dont' know where to go with this or if it's even worth > it so I'll just throw it the source out here & leave it up to those > that know what to do to do something with it if needed You posted what you need to know already. > # spamcop is fucked up > spamcop.net 554 blocked dom We are sorry, but we cannot accept any > more guaranteed 100% nonsense misdirected and false spamcop reports. > Matter referred to Julian Haight, but he cannot fix spamcop reporting > without breaking other features he considers more important. See > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That's where you need to go for more information about this problem, not Spamcop. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Mon Dec 6 19:38:41 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Mon Dec 6 22:45:17 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <1102390992.772592@ursine.dyndns.org> Jon (spamtrap) wrote: >> "Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... >> >> What is LARTED? >> >> Thanks! > > To all ... IMHO this sounded like a perfectly reasonable question. Yes, it > can be looked up on Google, but Terry chose a much more sociable method - > and asked real people. Yet sometimes respondents prefer to get snippy - > which reflects badly on the rest of us. Asking a question that is 1) Already answered in the archives, 2) is posted on the web, and 3) Google is capable of finding 1 and 2, then it's *not* sociable, it's antisocial. > Netiquette isn't about being rude to people - AFAIK anyway - it is a > method which helps us all to get along in our virtual environment. Most of > us wouldn't abuse a co-worker and accuse them of wanting "spoonfeeding" if > they approached us at our desk to ask a (possibly obvious) question - so > why do we do it when we are online? Not all of us are doomed to work among the clueless, please don't assume everyone else is forced to, either. It's patronizing and makes you look bad. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From nobody at spamcop.net Mon Dec 6 19:43:17 2004 From: nobody at spamcop.net (Dar) Date: Mon Dec 6 22:45:21 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: > I'm finding conflicting answers to this question: Can spammer software > spider database generated web pages? I have concern for a listing of > Chamber of Commerce members on a local web site. I've smacked two > Chamber members who were caught spamming other members one by one, > but what about the pros? > > Dar On second thought, this is not an appropriate question for this group. Please forgive me. From nobody at spamcop.net Mon Dec 6 19:56:20 2004 From: nobody at spamcop.net (Dar) Date: Mon Dec 6 23:00:02 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: > > I'm finding conflicting answers to this question: Can spammer software > > spider database generated web pages? I have concern for a listing of > > Chamber of Commerce members on a local web site. I've smacked two > > Chamber members who were caught spamming other members one by one, > > but what about the pros? > > You answered your own question. The answer is yes, spammer's software can > spider through database generated web pages. However, on the flip side of > the coin, any kind of munging (be it copy protection on CDs or munging > email addresses) is considered harmful as it only hinders legitimate use > while doing *ZERO* to stop illegitimate use. Just as DVD copy protection > and region encoding was rendered irrelevant by a single, nearly 40-year-old > UNIX command and regionless drives, email munging has long since been > rendered stupid as it hinders the ability of real people to quickly and > easily send you an email while doing nothing to slow down the spammers with > automated demungers. > > Address-specific arguments: > http://www.interhack.net/pubs/munging-harmful/ > > -- > Paul Johnson > baloo@ursine.dyndns.org > http://ursine.dyndns.org/ Thanks for the education. This is a tough one for me. I can protect my own hosting clients listed in this database, but I can't protect the other 99% who are listed. The one member who abused simply went through and clicked on each email address and began sending a separate email to each member (I caught him before he made it very far down the list). Otherwise, I've noticed no *other* spam has been sent to my 10 or so clients listed there and thought perhaps any harvesting may have to be done manually. From mfkmek820 at yahoo.com Mon Dec 6 19:50:18 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Mon Dec 6 23:55:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Jon (spamtrap)" wrote in message news:cp1q9r$ral$1@news.spamcop.net... >> "Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... >> >> What is LARTED? >> >> Thanks! > And after reading this thread through, and having looked it up before myself, the action "I LARTED so and so" is still not clear to me. Does that mean a SC report, or some separate complaint to some ISP et. al., through emails, phone calls, snailmail etc. Fred k From nobody at spamcop.net Mon Dec 6 22:56:47 2004 From: nobody at spamcop.net (John Anderson) Date: Tue Dec 7 00:00:03 2004 Subject: [SpamCop-List] Re: SPAMCOP down? References: Message-ID: "Rob" wrote in message news:cp2q76$h5l$1@news.spamcop.net... Not quite down. It's very slow, taking me 10+ mins to get half way through a parse then it fails. Same as yesterday about the same time. >>>>>>..... I am glad that my spam level is down to one spam every 3 months! . From tmcgraw at spamcop.net Mon Dec 6 20:57:12 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 00:00:10 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Fred K wrote: > Jon wrote: >>>"Terry Simpson" wrote: >>> >>>What is LARTED? >>> >>>Thanks! >> > And after reading this thread through, and having looked it up before > myself, the action "I LARTED so and so" is still not clear to me. Does that > mean a SC report, or some separate complaint to some ISP et. al., through > emails, phone calls, snailmail etc. > Fred k An email directly from the spam victim to the party responsible. Mine are very short, often merely: "You have an open proxy at . Please take corrective action. Thank you." A LART is exclusively manual, else you would not need pages like http://multilinguallart.spamblocked.com From nobody at xyzzy.claranet.de Tue Dec 7 05:59:49 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 7 00:05:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <41B538C5.3FD5@xyzzy.claranet.de> Cat wrote: > Mike Easter wrote: >> Fred K wrote: > [...] > Note to Frank: Fred, IIRC there was no "Frank" in this thread until now ;-) From tmcgraw at spamcop.net Mon Dec 6 21:05:46 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 00:10:02 2004 Subject: [SpamCop-List] Re: Spammer Software In-Reply-To: References: Message-ID: Dar wrote: > > Thanks for the education. This is a tough one for me. I can protect my > own hosting clients listed in this database, but I can't protect the > other 99% who are listed. The one member who abused simply went through > and clicked on each email address and began sending a separate email to > each member (I caught him before he made it very far down the list). Sticky wicket you've got there. It is, after all, the Chamber of Commerce. You can't expect everyone to be clued re: proper way to network and understanding of netiquette. If you can set up email addresses @yourchamberURL it could be offered as a benefit membership. If you can set up a listserv strictly for networking that could also be listed under benefit of membership. Even Yahoo Groups is feasible for smaller groups. Some here will disagree, but it works great for our dog park group. From tmcgraw at spamcop.net Mon Dec 6 21:10:57 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 00:15:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: <41B538C5.3FD5@xyzzy.claranet.de> References: <41B538C5.3FD5@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Cat wrote: > > Fred, IIRC there was no "Frank" in this thread until now ;-) We have clearance Clarence. Roger, Roger. What's our vector Victor? From nobody at spamcop.net Mon Dec 6 21:39:49 2004 From: nobody at spamcop.net (Dar) Date: Tue Dec 7 00:45:03 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: > Dar wrote: > > > > Thanks for the education. This is a tough one for me. I can protect my > > own hosting clients listed in this database, but I can't protect the > > other 99% who are listed. The one member who abused simply went through > > and clicked on each email address and began sending a separate email to > > each member (I caught him before he made it very far down the list). > Tim McGraw wrote: > Sticky wicket you've got there. It is, after all, the Chamber of > Commerce. You can't expect everyone to be clued re: proper way to > network and understanding of netiquette. Well, there's a notice at the top of the default page now: Chamber Members Notice: Sending unsolicited commercial email to other members ( spamming ) is strictly forbidden! You risk losing your own listing here. > If you can set up email addresses @yourchamberURL it could be offered as > a benefit membership. That's an excellent idea, but not too feasible in my situation. This is actually a *town* web site and there are so many email addresses set up for town officials, I simply don't have the time to set up and maintain email addresses, even forwarding email addresses, for all the Chamber members as well. > If you can set up a listserv strictly for > networking that could also be listed under benefit of membership. Even > Yahoo Groups is feasible for smaller groups. Some here will disagree, > but it works great for our dog park group. If they wish to network, they attend Chamber meetings. Most of the members, I promise, don't want to be bothered by other members and their spam type email. This is a very small town in Washington State with a total population of approximately 6,500 maybe. There are members who do business outside of our 2.1 square mile town, but for the most part, most every member of the Chamber knows most every other member of the Chamber. The listings on the site are primarily for generating business from the general population, one air force base, one army base, and the local area outside of town. Dar From nobody at spamcop.net Mon Dec 6 21:42:51 2004 From: nobody at spamcop.net (Dar) Date: Tue Dec 7 00:45:10 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: Mostly, to do with my original question, I was hoping spammers (non members) couldn't harvest email addresses from database generated web pages using software. I realize anyone can get to them manually, I was just hoping the spammer software wouldn't work. Dar From mfkmek820 at yahoo.com Mon Dec 6 20:47:52 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Tue Dec 7 00:50:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Tim McGraw" wrote in message news:cp3d79$t1q$1@news.spamcop.net... > Fred K wrote: >> Jon wrote: >>>>"Terry Simpson" wrote: >>>> >>>>What is LARTED? >>>> >>>>Thanks! > An email directly from the spam victim to the party responsible. Mine are > very short, often merely: "You have an open proxy at . Please take > corrective action. Thank you." > > A LART is exclusively manual, else you would not need pages like > http://multilinguallart.spamblocked.com > How simple and to the point.It is probably the answer that should have been given as a direct reply to Terry's question. Instead it took 23 responses.. Thank you Fred k From tmcgraw at spamcop.net Mon Dec 6 21:52:56 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 00:55:03 2004 Subject: [SpamCop-List] Re: Spammer Software In-Reply-To: References: Message-ID: Dar wrote: >>Tim McGraw wrote: > >>If you can set up email addresses @yourchamberURL it could be offered as >>a benefit membership. >> >>If you can set up a listserv strictly for >>networking that could also be listed under benefit of membership. Even >>Yahoo Groups is feasible for smaller groups. Some here will disagree, >>but it works great for our dog park group. > > If they wish to network, they attend Chamber meetings. That's what I thought. > This is a very small town in Washington State That's what I thought. Secure access is probably out of the question too. An autoack to a request for the database? At least then the boilerplate could include the "Members Notice." From tmcgraw at spamcop.net Mon Dec 6 22:07:17 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 01:10:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Fred K wrote: > Tim McGraw wrote: > >>An email directly from the spam victim to the party responsible. Mine are >>very short, often merely: "You have an open proxy at . Please take >>corrective action. Thank you." >> >>A LART is exclusively manual, else you would not need pages like >>http://multilinguallart.spamblocked.com > > How simple and to the point.It is probably the answer that should have been > given as a direct reply to Terry's question. Instead it took 23 responses.. At least no one responded STFW, which is the typicaly ng guff. What is so hard about putting "what is a lart" in Google? Tip: use the quote marks. > Thank you You're welcome. Have you ever worked somewhere and the customers ask the same questions over and over and over again? And the answer is typically as inane, like "over by the sign that says ____," where blank is the thing they asked about. LART is in some spam FAQs, like http://www.spamfaq.net/terminology.shtml#lart From nobody at spamcop.net Mon Dec 6 22:26:19 2004 From: nobody at spamcop.net (Dar) Date: Tue Dec 7 01:30:03 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: > >>Tim McGraw wrote: > > > >>If you can set up email addresses @yourchamberURL it could be offered as > >>a benefit membership. > >> > >>If you can set up a listserv strictly for > >>networking that could also be listed under benefit of membership. Even > >>Yahoo Groups is feasible for smaller groups. Some here will disagree, > >>but it works great for our dog park group. > > > > If they wish to network, they attend Chamber meetings. > > That's what I thought. > > > This is a very small town in Washington State > > That's what I thought. > > Secure access is probably out of the question too. > > An autoack to a request for the database? At least then the boilerplate > could include the "Members Notice." Good suggestion, but I think I'll let it go and see what happens from here on. The "Members Notice" is added in such a way that it shows up at the top of any/all database generated pages. I'm hoping it's only the old "there's one (or two) in every bunch" who is stupid enough to spam in this manner. And, hopefully, the notice is obvious enough to prevent spamming (from member to members) in the future. Thanks, Tim. I was very nervous after posting the original message for fear it was an out of order subject. Thanks for responding in an intelligent and non-controversial manner -- sincerely. Dar From SpamNScamsReporter# at gmail#.com# Mon Dec 6 23:06:30 2004 From: SpamNScamsReporter# at gmail#.com# (Spam N Scams Reporter) Date: Tue Dec 7 02:10:09 2004 Subject: [SpamCop-List] Humor: A 419er that can't spell his name correctly Message-ID: All I require is your honest co-operation to enable us see this business through. I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law. Get in touch with me through my email address (raysithole@myway.com) and my mobile phone number (234-803-419-8035)so that we can proceed. Sincerely yours, Barrister Raymond Sithole Esq. From nobody at devnull.spamcop.net Tue Dec 7 01:36:57 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 02:40:27 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: <41B538C5.3FD5@xyzzy.claranet.de> References: <41B538C5.3FD5@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Cat wrote: >>Note to Frank: > > > Fred, IIRC there was no "Frank" in this thread until now ;-) Heh, oops! Don't know why, but I read that as Frank K for some reason instead of Fred K. From bar_n0ne at hotmail.com Tue Dec 7 11:44:33 2004 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 7 02:45:06 2004 Subject: [SpamCop-List] Re: who is pdlweb@yahoo.com (3d party interested)? -sites References: Message-ID: "nospam" wrote in message news:BDDB0861.12E07%nobody@spamcop.net... > in article cp23h8$1t6$1@news.spamcop.net, Ellen at nobody@spamcop.net wrote > on 12/6/04 8:58 PM: > > "Berny" wrote in message > > news:cp1o9k$ph5$1@news.spamcop.net... > >> seeing them a lot lately on my Rx spams for *.abbey1eater.com . > > SNIP > > IP? full spamvertized url? No way I can even attempt to answer your question > > without that information. > That is an interested 3d party for spamvertized URLS, among them: > > http://(various random strings -hence the "*").abbey1eater.com > and Re: http://auriferous6tabernacle.com/?nwk=4wah&... (Third party interested in spamvertized web site) To: pdlweb@yahoo.com (Notes) From nobody at devnull.spamcop.net Tue Dec 7 01:50:09 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 02:55:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Jon (spamtrap) wrote: > To all ... IMHO this sounded like a perfectly reasonable question. Yes, it > can be looked up on Google, but Terry chose a much more sociable method - > and asked real people. Yet sometimes respondents prefer to get snippy - > which reflects badly on the rest of us. > > Netiquette isn't about being rude to people There was absolutely nothing rude or snippy about my reply. I simply showed him how to look it up on his own, which would teach him good research habits for the future. Like someone else said, this was something that could have been easily looked up. Maybe you and Fred should consider not being so overly sensitive and stop expecting everyone else to hold your hands through life. In some forums, people will just reply with the FAQ link and let the person go read that. This is sometimes done here, and LiveJournal.com's support forum also does the same thing, just replying with the FAQ link when it's something easily found there. Just using LiveJournal as a similar example, I see support requests there all the time that should never even have been asked if the person had done a quick search of their very user friendly FAQ. Now maybe SpamCop's FAQ isn't quite so user friendly, but the definition of LART is something that can be easily be found without contributing to the other 80,000 times it's been asked about here. From nobody at devnull.spamcop.net Tue Dec 7 01:55:14 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 03:00:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Tim McGraw wrote: > Fred K wrote: > >> Tim McGraw wrote: >> >>> An email directly from the spam victim to the party responsible. Mine >>> are very short, often merely: "You have an open proxy at . >>> Please take corrective action. Thank you." >>> >>> A LART is exclusively manual, else you would not need pages like >>> http://multilinguallart.spamblocked.com >> >> >> How simple and to the point.It is probably the answer that should have >> been given as a direct reply to Terry's question. Instead it took 23 >> responses.. Um, no. It required only one reply. Didn't someone else here use the fishing analogy? If you give a man a fish, he'll eat for a day. If you teach a man to fish, he'll eat for a lifetime. I just don't understand why some people expect everyone else to do their thinking for them and then get all upset when they're shown how to think for themselves. > At least no one responded STFW, which is the typicaly ng guff. > > What is so hard about putting "what is a lart" in Google? Tip: use the > quote marks. I'm guessing laziness and refusal to think for themselves. > Have you ever worked somewhere and the customers ask the same questions > over and over and over again? And the answer is typically as inane, like > "over by the sign that says ____," where blank is the thing they asked > about. Good explanation. From David1 at suescornerweb.com Tue Dec 7 03:14:16 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 7 03:15:14 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Cat wrote: > Jon (spamtrap) wrote: > > > >> To all ... IMHO this sounded like a perfectly reasonable question. >> Yes, it >> can be looked up on Google, but Terry chose a much more sociable method - >> and asked real people. Yet sometimes respondents prefer to get snippy - >> which reflects badly on the rest of us. >> >> Netiquette isn't about being rude to people > > > > > There was absolutely nothing rude or snippy about my reply. I simply > showed him how to look it up on his own, which would teach him good > research habits for the future. Like someone else said, this was > something that could have been easily looked up. > > > Maybe you and Fred should consider not being so overly sensitive and > stop expecting everyone else to hold your hands through life. In some > forums, people will just reply with the FAQ link and let the person go > read that. This is sometimes done here, and LiveJournal.com's support > forum also does the same thing, just replying with the FAQ link when > it's something easily found there. Just using LiveJournal as a similar > example, I see support requests there all the time that should never > even have been asked if the person had done a quick search of their very > user friendly FAQ. Now maybe SpamCop's FAQ isn't quite so user friendly, > but the definition of LART is something that can be easily be found > without contributing to the other 80,000 times it's been asked about here. Ok, this is another stupid question your probably not going to like but let me start off I do understand that your an old timer tired of the same old questions that you asked "Prolly" when you were a newbe & to be honest about it I was going to ask that same question but that person beat me to it. So to help me learn a heck of a lot more a lot faster why don't you give me that link(s) to what ever faq & other searchable info we have ( note the only place I've ever been to sc before coming here was the button to make a donation (ie: buy MEGS(FUEL)whatever) & I click the link when I get the email that it's ready for me to go hit the next couple of buttons so that's my association with SC. Now if you will baby me & hand me those link(s) that I need to get the job done then for what ever it's worth to you since you don't know me I'll give you my word that for a period of NO less then 3 months starting from the time I receive the links. I will personally answer every newbie question that I catch & if I don't catch it you have my full permission to chew me out publicly, also email me with the subject that I missed the question & I will answer the question asap so that you don't have to mess with it except for correcting me when I miss read something & screw it up. Again I'm new here & don't know whats going on. & Maybe I'm out of line & somebody is going to do a killfile on me (whatever the hell that is)BUT Man you folks are hard on us new folks BUT I do understand that some of you folks don't want to baby feed us. That I really do But the fact remains that your always going to have new folks asking the same damn questions no mater how many places you post it because some of us are just babies. So with all that said the offer is there up to you to say yes or no or just ignore me like IMHO you should do with the newbie questions if you don't want to deal with them. Again For the record I do understand how you feel & I'm not saying you are wrong in any way shape or form, I've been there & done that myself. I'm just trying to say if something is wrong & you don't want to deal with us then don't, from what I've seen of this group someone will. Eventually. David 1 From nobody at devnull.spamcop.net Tue Dec 7 02:49:17 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 03:55:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: David 1 wrote: > Ok, this is another stupid question your probably not going to like but > let me start off I do understand that your an old timer tired of the > same old questions that you asked "Prolly" when you were a newbe & to be > honest about it I was going to ask that same question but that person > beat me to it. Actually, I never asked simple questions like "what is LART?" Like I said in another post, I look for answers on my own first. Then if I still can't find it, I'll ask. And while we're on the subject of learning things, *your* is a possessive pronoun and not to be used to mean *you are*. *You're* means *you are*. When you mix *your* and *you're*, it changes the whole meaning of what you're trying to say. I hope you won't mind that I commented on that, but it's meant to help. > So to help me learn a heck of a lot more a lot faster why > don't you give me that link(s) to what ever faq & other searchable info > we have ( note the only place I've ever been to sc before coming here > was the button to make a donation (ie: buy MEGS(FUEL)whatever) & I click > the link when I get the email that it's ready for me to go hit the next > couple of buttons so that's my association with SC. > Now if you will baby me & hand me those link(s) that I need to get the > job done then for what ever it's worth to you since you don't know me > I'll give you my word that for a period of NO less then 3 months > starting from the time I receive the links. Huh? That was a bit too awkwardly worded, and you're being a bit vague as to what you want answered at the moment. I gave the original poster a link to a place where the answer to his question could be found, and also pointed him to Google where the answer is easily found by typing into a search engine. I did this to show him the tools needed to quickly research smaller, easily found answers. If someone asks a question, and someone else replies with the link to the related FAQ, that certainly sounds exactly like what I did by posting the Acronym Finder link and pointing him to Google search. > I will personally answer > every newbie question that I catch & if I don't catch it you have my > full permission to chew me out publicly, also email me with the subject > that I missed the question & I will answer the question asap so that you > don't have to mess with it except for correcting me when I miss read > something & screw it up. I'm not really sure what the above quoted part has to do with anything. > Again I'm new here & don't know whats going on. & Maybe I'm out of line > & somebody is going to do a killfile on me (whatever the hell that > is)BUT Man you folks are hard on us new folks BUT I do understand that > some of you folks don't want to baby feed us. That I really do But the > fact remains that your always going to have new folks asking the same > damn questions no mater how many places you post it because some of us > are just babies. So with all that said the offer is there up to you to > say yes or no or just ignore me like IMHO you should do with the newbie > questions if you don't want to deal with them. Yes or no to what? There's a difference between asking a legitimate question about how SpamCop works and asking something like a word definition. I was always taught that if you don't know the meaning of a word, look it up. > Again For the record I do understand how you feel & I'm not saying you > are wrong in any way shape or form, I've been there & done that myself. > I'm just trying to say if something is wrong & you don't want to deal > with us then don't, from what I've seen of this group someone will. > Eventually. > David 1 This had nothing to do with not wanting to deal with anyone. He asked a question, and I answered it pointing him to two places where he could easily find the answer. I don't understand why you're getting so upset about this. I actually showed him where to find the answer, to which most reasonable people would respond with "Thanks for showing me that." It's not like I said "go away and stop asking stupid questions." People shouldn't be spoon fed. People should learn how to think for themselves and not be so opposed to learning how to think. It sounds to me like a small few people in this thread are just looking for excuses to complain about something for no good reason. From bar_n0ne at hotmail.com Tue Dec 7 14:28:53 2004 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 7 05:30:21 2004 Subject: [SpamCop-List] Re: who is pdlweb@yahoo.com (3d party interested)? spammer me thinks References: Message-ID: Berny" wrote in message news:cp3n14$3ef$1@news.spamcop.net... > > "nospam" wrote in message > news:BDDB0861.12E07%nobody@spamcop.net... > > in article cp23h8$1t6$1@news.spamcop.net, Ellen at nobody@spamcop.net > wrote > > on 12/6/04 8:58 PM: > > > "Berny" wrote in message > > > news:cp1o9k$ph5$1@news.spamcop.net... > > >> seeing them a lot lately on my Rx spams for *.abbey1eater.com . > > > SNIP > > > IP? full spamvertized url? No way I can even attempt to answer your > question > > > without that information. > > That is an interested 3d party for spamvertized URLS, among them: > > > > http://(various random strings -hence the "*").abbey1eater.com > > > and > Re: http://auriferous6tabernacle.com/?nwk=4wah&... (Third party interested > in spamvertized web site) > To: pdlweb@yahoo.com (Notes) I did some giggling and found this in NANAE: http://groups.google.ca/groups?q=pdlweb&hl=en&lr=&selm=200411241428.iAOEShVQ024977%40NanasPost&rnum=1 sorry I don't know how to unwrap it for you. but it appears pdlweb@yahoo.com is Gold Toe Investments, a spammer, more clever people than I can interpret the POST I'm sure , I'd LART yahoo manually for commercial use of their mail but they always treat any missives of that nature from me as if I'm complaining about spam from that account. And they correctly point out that it didn't originate there. From hwolfe at spamcop.net Tue Dec 7 06:00:03 2004 From: hwolfe at spamcop.net (Herb Wolfe) Date: Tue Dec 7 07:05:03 2004 Subject: [SpamCop-List] false positives/negatives Message-ID: Lately, the last few weeks or so, it seems a lot of messages have been marked wrong by spamcop. I've had a couple of messages slip through, and then sometimes a dozen or more similar, if not identical messages, that are marked spam. I have also had a few marked spam, that I don't know why they are, that accidentally get reported before I can whitelist them. I get hundreds of pieces of mail daily, and it isn't possible to look at each and every one. Can someone offer an explanation or advice? ~herb From nobody at spamcop.net Tue Dec 7 07:22:56 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 07:25:02 2004 Subject: [SpamCop-List] Re: Humor: A 419er that can't spell his name correctly References: Message-ID: "Spam N Scams Reporter" wrote in message news:cp3kpm$24f$3@news.spamcop.net... | All I require is your honest co-operation to enable us see this business | through. I guarantee that this will be executed under a legitimate | arrangement that will protect you from any breach of the law. Get in | touch with me through my email address (raysithole@myway.com) and my | mobile phone number (234-803-419-8035)so that we can proceed. | | Sincerely yours, | | Barrister Raymond Sithole Esq. ?? I must be using my blind eye today: I can't find the spelling problem?? Pop From crappy.trappy at ntlworld.com Tue Dec 7 12:27:50 2004 From: crappy.trappy at ntlworld.com (Tim) Date: Tue Dec 7 07:30:04 2004 Subject: [SpamCop-List] Re: Humor: A 419er that can't spell his name correctly In-Reply-To: References: Message-ID: Pop wrote: > ?? I must be using my blind eye today: I can't find the > spelling problem?? > > Pop > > There is a missing 'H' as in Raymond Shithole Esq. Very appropriate for this kind of moron. From me at privacy.net Tue Dec 7 07:29:41 2004 From: me at privacy.net (Frog Prince) Date: Tue Dec 7 07:30:10 2004 Subject: [SpamCop-List] Re: Spammer Software References: Message-ID: "Dar" | If they wish to network, they attend Chamber meetings. Most of the | members, I promise, don't want to be bothered by other members and | their spam type email. This is a very small town in Washington State | with a total population of approximately 6,500 maybe. There are members | who do business outside of our 2.1 square mile town, but for the most | part, most every member of the Chamber knows most every other member | of the Chamber. The listings on the site are primarily for generating | business from the general population, one air force base, one army | base, and the local area outside of town. We have a similar 'problem' here in Western NC. Small town with a number of small business. Going public with an email addy is a risk. If you want the good business you have to live with the 5% of the population that does not have hemorrhoids (i.e. perfect A** H***s) We've handled the problem by giving notice that if you break the UCE rule your email messages to any and all will be blocked for up to one month on the first abuse 3 months on the second and permanently on a third. That said we also set up a members only mail list with two options. (that the members can subscribe or not as they see fit) that lets any member post general info/discussions on one list and their self promotions on the second. The first is used effectively the second is busiest around April 1st of every year. FWIW I set each new member on moderate until they get the idea of how the system works. FP back channel communications via brother_rabbit @ hotmail.com From wb8tyw at qsl.network Tue Dec 7 08:17:28 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Dec 7 08:20:02 2004 Subject: [SpamCop-List] Re: false positives/negatives In-Reply-To: References: Message-ID: <9KGdnR8P3N71MCjcRVn-uw@adelphia.com> Herb Wolfe wrote: > Lately, the last few weeks or so, it seems a lot of messages have been > marked wrong by spamcop. I've had a couple of messages slip through, and > then sometimes a dozen or more similar, if not identical messages, that > are marked spam. I have also had a few marked spam, that I don't know > why they are, that accidentally get reported before I can whitelist > them. I get hundreds of pieces of mail daily, and it isn't possible to > look at each and every one. Can someone offer an explanation or advice? That is normal behavior for the Agressive spamcop.net blocking list. The spamcop.net blocking list only acts on I.P. addresses of what it's members and internal spamtraps report as spam. As spammers are using new spam sources, or waiting for spamcop.net listings to expire, spam will always get through if you only use the spamcop.net list. Also, for many of us, once a spam source gets listed on the one of the other major DNSbls, we never see any more spam from it to report to keep it on the spamcop.net blocking list. Also the spamcop.net list tries not to list the output of a multihop relay, so spam will get through from there. And when members or the parser make an error, sometimes a real mail source will get reported and listed. And sometimes a real mail source will get compromised and start spewing spam. In addition, some mailservers or users are misconfigured to abusively auto-respond to the forged addresses found in spam or viruses. This will cause those mail servers to get listed by spamcop.net spamtraps. And about once a year or so, some user of a mail server comes up with a great idea to write a script to automatically report and confirm everything their local spam filter considers spam. Invariably they make an error in the programming and end up getting their own mail server listed. When a real mail server gets listed, it seems that several members to not take time to confirm that they are actually reporting spam, so as long as it is listed, new reports will be continually generated to keep it listed. So spamcop.net is not a perfect solution. If a source is listed by the spamcop.net blocking list, there is a very high chance of it being spam, but not absolute. -John wb8tyw@qsl.net Personal Opinion Only From Merlyn at Spamcop.net Tue Dec 7 08:19:40 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Dec 7 08:20:10 2004 Subject: [SpamCop-List] Re: false positives/negatives References: Message-ID: "Herb Wolfe" wrote in message news:cp4603$c90$1@news.spamcop.net... > Lately, the last few weeks or so, it seems a lot of messages have been > marked wrong by spamcop. I've had a couple of messages slip through, and > then sometimes a dozen or more similar, if not identical messages, that > are marked spam. I have also had a few marked spam, that I don't know why > they are, that accidentally get reported before I can whitelist them. I > get hundreds of pieces of mail daily, and it isn't possible to look at > each and every one. Can someone offer an explanation or advice? > Spamcop does not automatically report any spam. You have to do the reporting. Are you blindly reporting innocent victims? -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at devnull.spamcop.net Tue Dec 7 07:22:18 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Dec 7 08:25:02 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "David 1" wrote in message news:cp3op2$502$1@news.spamcop.net... > > So to help me learn a heck of a lot more a lot faster why > don't you give me that link(s) to what ever faq & other searchable info > we have ( note the only place I've ever been to sc before coming here > was the button to make a donation (ie: buy MEGS(FUEL)whatever) & I click > the link when I get the email that it's ready for me to go hit the next > couple of buttons so that's my association with SC. > Now if you will baby me & hand me those link(s) that I need to get the > job done then for what ever it's worth to you since you don't know me > I'll give you my word that for a period of NO less then 3 months > starting from the time I receive the links. I will personally answer > every newbie question that I catch & if I don't catch it you have my > full permission to chew me out publicly, also email me with the subject > that I missed the question & I will answer the question asap so that you > don't have to mess with it except for correcting me when I miss read > something & screw it up. With a promise like that ..... I'll give you two links .... Login in to "your" www.spamcop.net page ... hit Help .... http://forum.spamcop.net/forums/index.php? holds a FAQ that contains all the above plus a whole lot more in a single-page access-point format. From please_reply_to_newsgroup at something.com Tue Dec 7 13:25:54 2004 From: please_reply_to_newsgroup at something.com (Paul D) Date: Tue Dec 7 08:30:03 2004 Subject: [SpamCop-List] SpamCop Painfully Slow 2 Message-ID: It's disappointing that I've had no more feedback to my other post. Isn't there anything that anyone can do? Thanks Paul From nobody at spamcop.net Tue Dec 7 08:27:10 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:30:10 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Cat" wrote in message news:cp0650$rhi$1@news.spamcop.net... | Terry Simpson wrote: | > What is LARTED? | > | > Thanks! | | http://www.acronymfinder.com | | Also, Google is your friend. A simple search of the word LART on Google | comes up with several web sites giving you a definition. Good answer - coulda taken a moment to 'splain it's a luser attitude ... though. I would have. But, it's informative and easy to understand. Pop From nobody at spamcop.net Tue Dec 7 08:33:13 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:35:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Pete Stephenson" wrote in message news:pete-522EA0.15442405122004@news.cesmail.net... | In article , | "Terry Simpson" wrote: | | > What is LARTED? | | http://www.retrologic.com/jargon/L/LART.html | | Luser Attitude Readjustment Tool. | | 1. n. In the collective mythos of scary devil monastery, this is an | essential item in the toolkit of every BOFH. The LART classic is a 2x4 | or other large billet of wood usable as a club, to be applied upside the | head of spammers and other people who cause sysadmins more grief than | just naturally goes with the job. Perennial debates rage on | alt.sysadmin.recovery over what constitutes the truly effective LART; | knobkerries, automatic weapons, flamethrowers, and tactical nukes all | have their partisans. Compare clue-by-four. | | 2. v. To use a LART. Some would add ³in malice², but some sysadmins | do prefer to gently lart their users as a first (and sometimes final) | warning. | | 3. interj. Calling for one's LART, much as a surgeon might call | ³Scalpel!². | | 4. interj. [rare] Used in flames as a rebuke. ³LART! LART! LART!² | | -- | Pete Stephenson | HeyPete.com Hey, Pete, even better response. A little advanced for a neophyte (BOFH, etc.), but ... it is inclusive. You always have informative posts. From nobody at spamcop.net Tue Dec 7 08:35:11 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:40:02 2004 Subject: [SpamCop-List] Re: LARTED? References: <1102294783.600602@ursine.dyndns.org> Message-ID: "Paul Johnson" wrote in message news:1102294783.600602@ursine.dyndns.org... | Terry Simpson wrote: | | > What is LARTED? | | Look it up, it's in the Jargon File. | http://ursine.dyndns.org/Jargon:LART | | -- | Paul Johnson | baloo@ursine.dyndns.org | http://ursine.dyndns.org/ Fully functional and informative links, stated a little tersely but nothing improper here. Pop From nobody at spamcop.net Tue Dec 7 08:37:06 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:40:13 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Mike Easter" wrote in message news:cp0h6d$2v9$1@news.spamcop.net... | Terry Simpson wrote: | > What is LARTED? | | IMO | | The term has lost its relevance and should be considered passé - that | particular word looks to me like p a s s then [e acute]. | | That is, once upon a time, a notify had some 'impact' -- the notify | would 'affect' the spammer adversely; but no more. | | Nowadays, a 'luser attitude readjustment tool' is instead a rather | ineffectual notify, which isn't a 'clue by four' upside the head of the | spammer at all. The spammer is laughing all the way to the bank and the | spam reporter is only pretending to be 'larting' | | The spam reporter isn't actually swinging a cluebyfour, and the spammer | therefore isn't getting 'larted'. So the term should be dead and | buried. In its current iteration it is an 'embarassment' - a notion of | times gone by, as far as I'm concerned. | | It is all jivetalk 'jargon' which doesn't have the same meaning which it | once did. It implies a power or significance greater than a typical | notify deserves. | | IMO. | | -- | Mike Easter | kibitzer, not SC admin | Woof, an additional bit of excellent prose bringing the subject pretty well up to date. I always look forward to Mike E's replies. Pop From nobody at spamcop.net Tue Dec 7 08:38:12 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:40:20 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "N. Miller" wrote in message news:MPG.1c1d77a2b1d6c83b989781@news.spamcop.net... In article , Mike Easter says... > Terry Simpson wrote: > > What is LARTED? > IMO > The term has lost its relevance and should be considered > passé - that > particular word looks to me like p a s s then [e acute]. In other words, contemporary notifies have no impact. ... Purpose of this reply not evident to me. Kind of OT. Pop From nobody at spamcop.net Tue Dec 7 08:40:03 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:40:24 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "David 1" wrote in message news:cp0reb$8tj$1@news.spamcop.net... | Tom wrote: | > On Sun, 5 Dec 2004 19:53:39 -0800, N. Miller wrote: | > | > | >>>The term has lost its relevance and should be considered passé - that | >>>particular word looks to me like p a s s then [e acute]. | >> | >>In other words, contemporary notifies have no impact. | > | > | > Except to build black/block lists. | > | > Which is why to sooner you can report spam to the time it was | > delievered, the better. | > | My avg. According to spam cop usually runs between 2 - 5 hours, is that | considered ok??? | David 1 This one went unanswered as the thread was abandoned, is OT to the OP's question, and could have easily been answered by: Yeah, that's not bad at all, actually. My time is stuck around 12 hours, "pretty good" per SC's magic spokes-code. Pop From nobody at spamcop.net Tue Dec 7 08:44:22 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 08:45:06 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | > What is LARTED? | > | > Thanks! | | To all ... IMHO this sounded like a perfectly reasonable question. Yes, it | can be looked up on Google, but Terry chose a much more sociable method - | and asked real people. Yet sometimes respondents prefer to get snippy - | which reflects badly on the rest of us. | | Netiquette isn't about being rude to people - AFAIK anyway - it is a method | which helps us all to get along in our virtual environment. Most of us | wouldn't abuse a co-worker and accuse them of wanting "spoonfeeding" if they | approached us at our desk to ask a (possibly obvious) question - so why do | we do it when we are online? | | | | Apologies all - I have just seen too much unnecessary unhelpfulness in this | NG to not say anything. Anyway, have a nice day all :o) | | Jon ... I agree with you 100%. I shouldn't be doing this I know, and I'll almost surely be flamed for it, but you are absolutely correct in your assessment. Too many folk with too much time on their hands putting in too many rude & crude jibes just gets everyone's liver in a quiver. I'm glad they're around now and then though; lets me vent without venting at/to "good" people. Pop From nobody at devnull.spamcop.net Tue Dec 7 08:11:52 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Dec 7 09:15:02 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: "Paul D" wrote in message news:cp4b12$fec$1@news.spamcop.net... > It's disappointing that I've had no more feedback to my other post. > Isn't there anything that anyone can do? My recollection was that you solved your speed issues by adding in some data to your Hosts file, pointing to another server. On the flip side is that there aren't a ton load of others posting with the same problem, so have you troubleshot everything at your end or between you and the SpamCop/Akamai server in question? From nobody at spamcop.net Tue Dec 7 06:42:08 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 7 09:30:10 2004 Subject: [SpamCop-List] Re: who is pdlweb@yahoo.com (3d party interested)? -sites References: Message-ID: "Berny" wrote in message news:cp3n14$3ef$1@news.spamcop.net... > > "nospam" wrote in message > news:BDDB0861.12E07%nobody@spamcop.net... > > in article cp23h8$1t6$1@news.spamcop.net, Ellen at nobody@spamcop.net > wrote > > on 12/6/04 8:58 PM: > > > "Berny" wrote in message > > > news:cp1o9k$ph5$1@news.spamcop.net... > > >> seeing them a lot lately on my Rx spams for *.abbey1eater.com . > > > SNIP > > > IP? full spamvertized url? No way I can even attempt to answer your > question > > > without that information. > > That is an interested 3d party for spamvertized URLS, among them: > > > > http://(various random strings -hence the "*").abbey1eater.com > > > and > Re: http://auriferous6tabernacle.com/?nwk=4wah&... (Third party interested > in spamvertized web site) > To: pdlweb@yahoo.com (Notes) > > Thanks Ellen From nobody at spamcop.net Tue Dec 7 06:45:19 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 7 09:30:29 2004 Subject: [SpamCop-List] Re: 3rd party suspect References: Message-ID: "Mike Easter" wrote in message news:cp3761$oo9$1@news.spamcop.net... > > > However, not to be 'daunted', searching google groups on 'google groups' > and also seeing that 'everyone' hates the new googlegroups beta -- I > found a Brit sed [and so far it is still true] that the old google > groups is still available at google.co.uk. > > Let's hope it stays there altho I suspect it won't .... E From ng.fjxrp at jondh.me.uk Tue Dec 7 14:46:38 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Tue Dec 7 09:50:02 2004 Subject: [SpamCop-List] Re: LARTED? References: <1102390992.772592@ursine.dyndns.org> Message-ID: > > Netiquette isn't about being rude to people - AFAIK anyway - it is a > > method which helps us all to get along in our virtual environment. Most of > > us wouldn't abuse a co-worker and accuse them of wanting "spoonfeeding" if > > they approached us at our desk to ask a (possibly obvious) question - so > > why do we do it when we are online? > > Not all of us are doomed to work among the clueless, please don't assume > everyone else is forced to, either. It's patronizing and makes you look > bad. No-one is forced to come to this NG, but if you do choose to join in then you can expect to deal with some newbies. I'd suggest it was part and parcel of making this service accessible to everyone. It is not reasonable to label people as patronising or clueless because they are not experienced sysadmins. Still, I am happy to agree to disagree -- hence this is my last post in this thread. Jon From johnl at spamcop.net Tue Dec 7 14:59:04 2004 From: johnl at spamcop.net (JohnL) Date: Tue Dec 7 10:00:03 2004 Subject: [SpamCop-List] Re: 3rd party suspect References: Message-ID: "Ellen" wrote in news:cp4ehh$ia7$2@news.spamcop.net: > > "Mike Easter" wrote in message > news:cp3761$oo9$1@news.spamcop.net... >> >> >> However, not to be 'daunted', searching google groups on 'google groups' >> and also seeing that 'everyone' hates the new googlegroups beta -- I >> found a Brit sed [and so far it is still true] that the old google >> groups is still available at google.co.uk. >> >> > Let's hope it stays there altho I suspect it won't .... > > E > > > The old one is also at http://groups.google.ca/ From Merlyn at Spamcop.net Tue Dec 7 10:36:52 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Dec 7 10:40:02 2004 Subject: [SpamCop-List] [article] Mild C&C Message-ID: Cat earns degree, spammers get busted. Rule #3 in action: http://www.cbsnews.com/stories/2004/12/07/tech/main659418.shtml -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From sache at grignon.inra.fr Tue Dec 7 17:26:20 2004 From: sache at grignon.inra.fr (Ivan Sache) Date: Tue Dec 7 11:25:04 2004 Subject: [SpamCop-List] Re: Humor: A 419er that can't spell his name correctly References: Message-ID: <41B5D9AB.11706391@grignon.inra.fr> Hi, Tim wrote: > There is a missing 'H' as in Raymond Shithole Esq. > > Very appropriate for this kind of moron. As usual, 419ers try to look legitimate. Sithole seems to be a fairly common name in South Africa and neighbouring countries. One of the most "prolific" South African serial-killers, Moses Sithole, was sentenced to more than 4000 years in jail. I guess Raymond S*ithole was his brilliant defender. Raymond Sithole seems to be an "experienced" 419er, spamming at least since September 2004. Regards -- Ivan Sache From nobody at spamcop.net Tue Dec 7 11:37:00 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 11:40:02 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Fred K" wrote in message news:cp07b0$sk1$1@news.spamcop.net... | | "Cat" wrote in message | news:cp0650$rhi$1@news.spamcop.net... | | > Also, Google is your friend. A simple search of the word LART on Google | > comes up with several web sites giving you a definition. | | Ah but alas, the poor person wanted a simple definition of lart as it is | used here. Following the kind brush-off by cat leads one on an adventure and | after doing it I a gave up weeding through numerous definitions that do not | clearly define the term as it seems to be used in this NG. | | Fred K | P.S. If I was sure as to what it means I would tell. | After a moment's thought, I would have to agree with Fred's assessment, in view of the apparent newness of the OP. Though OT for OP, it's a totally logical conclusion. Pop From nobody at spamcop.net Tue Dec 7 11:51:00 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 11:55:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Mike Easter" wrote in message news:cp0g94$29d$1@news.spamcop.net... | Fred K wrote: | > "Cat" | | >> Also, Google is your friend. A simple search of the word LART on | >> Google comes up with several web sites giving you a definition. | > | > Ah but alas, the poor person wanted a simple definition of lart as it | > is used here. | | Some people are into spoonfeeding the hapless or uninformed, while | others would rather show them the way to get information, including some | dirty work. True enough, but ... do you know that the OP fits into that category? What makes you think OP fits the category of wanting to be spoonfed etc.? Maybe I missed something. If it's just an assumption without benefit of any substantiation, then IMO you kibitzed from the wrong side. | | > Following the kind brush-off by cat leads one on an | > adventure and after doing it I a gave up weeding through numerous | > definitions that do not clearly define the term as it seems to be | > used in this NG. That one I don't understand. Cat (not "cat") didn't brush anything off, did provide a viable lead, albeit with too much of an assumption of prior knowledge or experience by the OP. IMO, anyway. | | And therein lies the 'educational' process. It's just like | troubleshooting. The hours you spend chasing the wrong ponies are all | part of the overall process that lead to the greater wisdom based on all | experiences in the longrun. Yup, you got that right! But(t) ... why should a newbie without experience yet, who is putting in those hours and making a question to this ng part of it, be greeted with the likes of some of these comments? Each and every one of us (excepting maybe me!) had to be led by the hand to at least be shown where the coffee pot was, how to make the coffee, and where the toilet was. It's silly and unproductive to let a newbie wander around aimlessly, I agree, but there are needs to get pointed in the right direction. Heck, you don't even know if that poster knows who/what/where Google is. And especially since it's the only search engine ever mentioned on this group and others, the context can be all wrong. Like Google says spammed on ... xxx threads, etc.. I just consider it silly to not lend a helping hand while also showing the newbie where to verify the information he was given, plus learn a lot more. Perception is 99.999% of reality for most folks. | | While there is some 'education' in being pointed to exactly the right | page without superfluous effort, the /extra/ effort shows you/the | novice/ pathways which will/might be invaluable in some future effort, | and are certainly valuable in teaching one some pathways and experiences | that don't work very well. I have to disagree with most/all/some of that on some points/areas/issues/comments. If one's experience to date is search engines such as myfilters, mysearch, Ayahoo, Eeee123, and such, statements such as you encourage here don't seem to add anything of value to the OP. | | -- | Mike Easter | kibitzer, not SC admin | Yup, fer shure! Pop PS - what's SS? I've seen a "not SS admin before, too. You should know, right? If you're thinking Sam Spade, you're wrong. --- Sometimes when I have nothing to say, I guess I DO say it after all! From nobody at spamcop.net Tue Dec 7 11:52:25 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 11:55:16 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Tom" wrote in message news:igq7r05unkknceu399b55cn07nt5n038r9@4ax.com... | On Sun, 5 Dec 2004 18:31:01 -0800, Mike Easter wrote: | | >While there is some 'education' in being pointed to exactly the right | >page without superfluous effort, the /extra/ effort shows you/the | >novice/ pathways which will/might be invaluable in some future effort, | >and are certainly valuable in teaching one some pathways and experiences | >that don't work very well. | | Boy, Mike, but you use big words | | Commenting on some of your snipped stuff, I'm of the opinion that | there is a time for each approach. Usually, when I run across | something that I don't have a clue on, I just wait to see if someone | else is floating in the same boat as I... and then I get the answer | without looking stupid or drawing negative comments. | | I agree, by the way, with your assessment (at least, partially), but | sometimes prefer the clue-by-four route... Too logical to even comment on. Err, uhh, is it? ummm ... Guess it is! Pop From nobody at spamcop.net Tue Dec 7 12:02:04 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:05:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Cat" wrote in message news:cp0vc5$bh5$1@news.spamcop.net... | Mike Easter wrote: | > Fred K wrote: | | | | >>Ah but alas, the poor person wanted a simple definition of lart as it | >>is used here. | | My point was that people should learn to look it up. I was always taught | "If you don't know the answer, look it up" when I was a kid. It taught | me how to research things and how to think for myself instead of having | everyone hand me all the answers. Then if I still can't find the answer, | I'll ask. Reasonable, but(t) ... is that also how you learned to tie your shoes? Were you just forced to go read about how to do it? I agree that very often the answer is right there in front of us if we'll just look in the right cubby in front of us, but ... what's wrong with the courtesy of a simplified, short answer and instead of "go look it up", a comment on how/where to look for the info? Those two courtesies are lacking in many of these OT posts. Even mine, right here! | | > Some people are into spoonfeeding the hapless or uninformed, while | > others would rather show them the way to get information, including some | > dirty work. | | Agreed. I think people get too lazy and don't want to do any work for | themselves and instead expect other people to spoon feed them all the time. Agreed, for "some people". How did the OP get tossed into that category though? If there's any validation of that sort of evidence, it was artfully neglected. If you don't feel like giving a civil answer, why not just shut the hell up and leave it for someone with more than one brain cell? | | >>Following the kind brush-off by cat leads one on an | | Note to Frank: | That's Cat with a capital C, and it wasn't a brush off. I showed him how | to look up information on his own. Seriously, when the answers to things | like that can be found through a simple Google search of the term, | people shouldn't ask them here. The following Google response is recent as of about 30 seconds ago: ------------------- "Your search - "LARTED" -LARTed -larted - did not match any documents. Suggestions: - Make sure all words are spelled correctly. - Try different keywords. - Try more general keywords. - Try fewer keywords. Also, you can try Google Answers for expert help with your search." --------------------- Gee, what'd I do wrong? I used the Advanced Search and everything! Why in hell do these guys think it's so obvious on this Google place? If you answer that, be prepared to be ignored! Pop From nobody at spamcop.net Tue Dec 7 12:06:08 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:10:04 2004 Subject: [SpamCop-List] Re: LARTED? References: <41B4C555.8EC4D206@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:41B4C555.8EC4D206@spamcop.net... | Cat wrote: | > | > Mike Easter wrote: | > > Fred K wrote: | > | > | > | > >>Ah but alas, the poor person wanted a simple definition of lart as it | > >>is used here. | > | > My point was that people should learn to look it up. I was always taught | > "If you don't know the answer, look it up" when I was a kid. It taught | > me how to research things and how to think for myself instead of having | > everyone hand me all the answers. Then if I still can't find the answer, | > I'll ask. | | Or, as I like to say, "I'm trying to teach them to fish". But it's pretty useless of they die of starvation before they can get their line baited. | | > > Some people are into spoonfeeding the hapless or uninformed, while | > > others would rather show them the way to get information, including some | > > dirty work. | > | > Agreed. I think people get too lazy and don't want to do any work for | > themselves and instead expect other people to spoon feed them all the time. Oh, now it's just "people"? What happened to "some people"? And who appointed you to be the teacher? Or is it that old saw, those who can, do, and those who can't ... . | | Although acronymfinder is a better choice for this particular task, | Google for both "lart" and "larted" bring relevent pages as the third | ranking entry for each search. I'm not sure how much weeding needs to | be done to find the "right" answer. Mike Easter gave the most finite/accurate/current definition of what the OP wanted to know. And he's a kibitzer! Why is he about the only one that gets it 100%? I may disagree with Mike on a few things, but(t) ... he's seldom wrong/rude/crude/silly. Lots of other posters here are/were/will be. ... Pop From nobody at spamcop.net Tue Dec 7 12:12:28 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:15:02 2004 Subject: [SpamCop-List] Re: LARTED? References: <41B4C555.8EC4D206@spamcop.net> Message-ID: ... | Although acronymfinder is a better choice for this particular task, ... Huh? What the hell is an "acronymfinder" and how do I make or get one? Is that like a stud finder? Battery operated? What? Oh, by the way, for anyone's interested, I found lots of web sites with names like Acronym this and Acronym that - not ALL of them had LARTED in them, but some did. The first three didn't. Hmm, wonder if that's because they weren't about spam or email or web sites? Probably not. I did find it in one, but it didn't have anything to do with spam, Spamcop, or email even! Hmm, now, I wonder ... maybe there's a better search engine than Electronics Daily or the Federal Digest acronym lists? Those are the ones I started with. Pop From nobody at spamcop.net Tue Dec 7 12:14:02 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:15:11 2004 Subject: [SpamCop-List] Re: LARTED? References: <41B538C5.3FD5@xyzzy.claranet.de> Message-ID: "Cat" wrote in message news:cp3mmj$33m$1@news.spamcop.net... | Frank Ellermann wrote: | > Cat wrote: | | | | >>Note to Frank: | > | > | > Fred, IIRC there was no "Frank" in this thread until now ;-) | | Heh, oops! Don't know why, but I read that as Frank K for some reason | instead of Fred K. | Oh boy! 20 spam from a Nigerian chamber of commerce for you! Don't EVER make that mistake again, you hear? Or I'll wish a Ralsky curse upon your circuit boards! ;-]- Pop From nobody at spamcop.net Tue Dec 7 12:19:55 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:20:03 2004 Subject: [SpamCop-List] Waaayyyyyy OT Re: LARTED? References: Message-ID: ... | | I've already forgotten what the term LARTED means. | | Dar | | Sigggghhhhh, that's because there is no such accepted word as "LARTED". Now, there IS a LART, a LARTed, and at least a larted, but no LARTED. I know, because I did just like you; I looked it up. Google got zero hits . You remind me of the little, non-English speaking kid sitting in a corner crying because he couldn't find "telefone" in the dictionary. I think it was a collegiate dictionary of his sister's if I recall correctly, and he HAD to have that answer since the teacher insisted on it for the next day's class, or he'd get an F. Serves him right, doesn't it? Stupid kid, can't even know how to spell a word so he can look it up to see how to spell it! Boy, is he dumb! Pop From nobody at spamcop.net Tue Dec 7 12:20:50 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:25:03 2004 Subject: [SpamCop-List] Re: LARTED? References: <41B4C5B9.8D629AF5@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:41B4C5B9.8D629AF5@spamcop.net... | Dar wrote: | [...] | > I've already forgotten what the term LARTED means. | | Actually, I think it's more accurately "LARTed", as "LART" is the | acronym, and "ed" is the suffix to make it past tense. ... INTELLIGENCE! I found intelligence! Or is that INTELligence? Hmmmm, wish I speaked englich reel guud. Pop From nobody at spamcop.net Tue Dec 7 12:22:39 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:25:14 2004 Subject: [SpamCop-List] Re: LARTED? References: <1102294783.600602@ursine.dyndns.org> Message-ID: ... | > What is LARTED? | | Look it up, it's in the Jargon File. ... Oh! A "jargon" file! I dunno what that is, but I've wasted all this time trying to build an acronim finder! Or was that ackronym? Or, ahh, the heck with it! How do I find a "jargon" file, and what is it? Pop From nobody at spamcop.net Tue Dec 7 12:23:36 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:25:20 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Mike Easter" wrote in message news:cp0h6d$2v9$1@news.spamcop.net... | Terry Simpson wrote: | > What is LARTED? | | IMO | | The term has lost its relevance and should be considered passé - that | particular word looks to me like p a s s then [e acute]. | | That is, once upon a time, a notify had some 'impact' -- the notify | would 'affect' the spammer adversely; but no more. | | Nowadays, a 'luser attitude readjustment tool' is instead a rather | ineffectual notify, which isn't a 'clue by four' upside the head of the | spammer at all. The spammer is laughing all the way to the bank and the | spam reporter is only pretending to be 'larting' | | The spam reporter isn't actually swinging a cluebyfour, and the spammer | therefore isn't getting 'larted'. So the term should be dead and | buried. In its current iteration it is an 'embarassment' - a notion of | times gone by, as far as I'm concerned. | | It is all jivetalk 'jargon' which doesn't have the same meaning which it | once did. It implies a power or significance greater than a typical | notify deserves. | | IMO. | | -- | Mike Easter | kibitzer, not SC admin | Interesting. Even timely. Omigosh, and informative! What's going on here? Pop From nobody at spamcop.net Tue Dec 7 12:24:29 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:25:25 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: In other words, contemporary notifies have no impact. ... "contemporary notifies " have -great- impact; which ones were you refereing to? Pop From nobody at spamcop.net Tue Dec 7 12:31:02 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:35:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | | To all ... IMHO this sounded like a perfectly reasonable question. Yes, it | can be looked up on Google, but Terry chose a much more sociable method - | and asked real people. Yup, there are a few of those "types" on here. Actually, it's not bad compared to some other groups, but ... it's a lot worse than it used to be. We always have to put up with these ding-danged social types - isn't that just great? I like people - I like sociable types. So sue me, I mean, spam me; I'm sociable myself (most of the time), so I'm also one of "those" kind that makes these anti-socials so liver quivery. Anti-spam does # antisocial, in case no one noticed! Yet sometimes respondents prefer to get snippy - | which reflects badly on the rest of us. In a way, but it actually reflects worse on the newsgroup, especially an unmoderated one such as this. NIH comes out of the woodwork every once in awhile here; it's been worse, it's been a lot better. Just stick around; the personality of the group varies greatly over time - join in when you see a good swing in the right direction if the naysayers and narcissists bug you. | | Netiquette isn't about being rude to people - AFAIK anyway - it is a method | which helps us all to get along in our virtual environment. Most of us | wouldn't abuse a co-worker and accuse them of wanting "spoonfeeding" if they | approached us at our desk to ask a (possibly obvious) question - so why do | we do it when we are online? | | Amen. And that was no rant. Maybe a soapbox . Pop From nobody at spamcop.net Tue Dec 7 12:32:40 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:35:15 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Tim McGraw" wrote in message news:cp2hsd$b0p$1@news.spamcop.net... | Jon (spamtrap) wrote: | >>"Terry Simpson" wrote in message news:cp05b7$qle$1@news.spamcop.net... | >> | >>What is LARTED? | >> | >>Thanks! | > | > | | I just read the entire thread and thought the only rude post was by Fred K. | Same here, and I pretty much agree with you. It's amazing how many livers can quiver over the silliest things sometimes. It takes all kinds though, or the worl' wouldn't whirl. Pop From nobody at spamcop.net Tue Dec 7 12:34:07 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:35:19 2004 Subject: [SpamCop-List] Re: LARTED? References: <1102390992.772592@ursine.dyndns.org> Message-ID: ... | | Not all of us are doomed to work among the clueless, please don't assume | everyone else is forced to, either. It's patronizing and makes you look | bad. | | -- | Paul Johnson ... It makes -who- look bad? And it patronizes -who-? Wow, speaking of clueless... . Pop From nobody at spamcop.net Tue Dec 7 12:40:04 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:40:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | What is so hard about putting "what is a lart" in Google? Tip: use the | quote marks. Not a thing. IFF you know who/what/where Google is, and remember it exists and get a little experience with it. YOU even had to be taught some things before you understood it "all", or think you do anyway. | | > Thank you | | You're welcome. | | Have you ever worked somewhere and the customers ask the same questions | over and over and over again? And the answer is typically as inane, like | "over by the sign that says ____," where blank is the thing they asked | about. ... Yup! That's called many things, like Retail Sales, Auctioneering, betting windows, aww heck, most of the world when one's unfamilair on one side, and lacks interpersonal skills on the other or both sides. Yes, that's what I said: in-ter-per-son-al skills. Some people here need some. Seminars are available; check 'em out. Pop From nobody at spamcop.net Tue Dec 7 12:44:07 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:45:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | >> | >> How simple and to the point.It is probably the answer that should have | >> been given as a direct reply to Terry's question. Instead it took 23 | >> responses.. | | | Um, no. It required only one reply. RIGHT! Didn't someone else here use the | fishing analogy? YES If you give a man a fish, he'll eat for a day. MAYBE LONG ENOUGH TO LEARN TO FISH, EVEN! If you | teach a man to fish, he'll eat for a lifetime. ONLY IF HE LIVES LONG ENOUGH TO FISH! I'm sure glad I never had you for a mentor! I know, so are you - you're above all that aren't you? I just don't understand | why some people expect everyone else to do their thinking for them ACTUALLY, I DO, IN SEVERAL SPECIFIC CASES. and | then get all upset when they're shown how to think for themselves. MAYBE THAT'S THE CONDESCENDING, IRRITATED SOUNDING, RUDE, CRUDE, INACCURATE, AND SILLINESS THAT SOME PORTRAY. Like, uhh, you do? | | > At least no one responded STFW, which is the typicaly ng guff. CHECKED OUT THE JARGON FILE, EH? Guud fer u! ... Pop From nobody at spamcop.net Tue Dec 7 12:48:47 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 12:50:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: | | | There was absolutely nothing rude or snippy about my reply. Actually, there "absolutely" was something rude or snippy about your reply; it's like the "beauty is in the eye of the beholder" thing, but I know only your opinion counts, so ... I simply | showed him how to look it up on his own, VERY SIMPLY. And without supporting detail. Just a toss & run. which would teach him good | research habits for the future. YOU DON'T KNOW THAT HE DOESN'T ALREADY HAVE THOSE HABITS. IN FACT, YOU KNOW NOTHING ABOUT THE OP. But you certainly prefer to ASSume plenty! ... | | Maybe you and Fred should consider not being so overly sensitive and MAYBE YOU SHOULD ACQUIRE MORE IN THE AREA OF INTERPERSONAL SKILLS. | stop expecting everyone else to hold your hands through life. ... Another ASSumption without provocation/support/detail/thoughtfulness/social skills. Pop From puoti at inwind.it Tue Dec 7 18:52:02 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Tue Dec 7 12:55:04 2004 Subject: [SpamCop-List] Re: Want to get to a spammer? In-Reply-To: References: Message-ID: > Even if you have promoted violence in response to a joe job ? I didn't promote it, I explicitly said I take no responsibility for anything, and the spammer is welcome to sue me. Ivan. From nobody at spamcop.net Tue Dec 7 12:55:12 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 13:00:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | | Again For the record I do understand how you feel & I'm not saying you | are wrong in any way shape or form, I've been there & done that myself. | I'm just trying to say if something is wrong & you don't want to deal | with us then don't, from what I've seen of this group someone will. | Eventually. | David 1 EGGzactly! The neuron-challenged are plentiful enough here, but they're outnumbered/outpowered/out weaponized by those with actual interpersonal skills and social abilities. One should always put on their thickest skin before going to nearly any newsgroup and if faceless zombie's opinions and words upset you, then it's time to think more about a moderated forum where the class of people is more similar to your liking. This is a Good Group, with significantly dedicated and active participants who have the experience of many behind them and are willing to share that for the greater good. You have an excellent attitude - and you even demonstrate social skills. Keep up the good work! Pop From puoti at inwind.it Tue Dec 7 18:54:17 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Tue Dec 7 13:00:11 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: Spammers have started rejecting connections from the spamvampire in certain conditions, to avoid this go to my home page http://ivanleo.spedia.net and look for the anti spam link toward the top of the page. Ivan. From nobody at spamcop.net Tue Dec 7 13:05:01 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 13:05:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | | And while we're on the subject of learning things, *your* is a Ooooohh, Cat can get to be quite a little bass turd, eh? That's a good little snippet of attitude followed by condescending platitude. How to win friends and influence people: piss them off first with unsolicited "help", then tell them it's for their own good. Uh, HUH! ... Drivel flushed. I'm finally at the end of the thread, don't think I'll bother to Get Headers again! Seriously, it's been fun going down through all these 32 posts I think it was. If I left you out, that's only because you made sense and I couldn't think of anything to say, so I moved on. Or you might have left me speechless! Seriously folks, it's been fun. Don't think I'll have to do this again for a good month now! Pop PS - Oh, and I'll only debate -some- intelligent posts now I've had my fix. Flame away, folks, if you feel you must. I only debate things I am interested in. And for God's sake get ON TOPIC! S'long From nobody at spamcop.net Tue Dec 7 14:05:29 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 7 14:10:06 2004 Subject: [SpamCop-List] Re: 3rd party suspect References: Message-ID: "JohnL" wrote in message news:Xns95B85138877BAjohnlspamcopnet@216.154.195.61... > > The old one is also at > http://groups.google.ca/ We can chase it around from country to country! E From dannyg at dannyg.com Tue Dec 7 12:15:43 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Tue Dec 7 15:15:58 2004 Subject: [SpamCop-List] Lycos.com 24h turnaround In-Reply-To: <200412071735.iB7HZRgF068233@dannyg.com> Message-ID: Within the last week Lycos.com (not the DDoSing one) has twice converted a report of Anglefire spamvertising abuse into a terminated account within 24 hours (two separate accounts). I think that's pretty good for a big outfit. Submission form located at: Danny http://www.dannyg.com http://www.spamwars.com From no_spam at no.spam.com Tue Dec 7 21:15:20 2004 From: no_spam at no.spam.com (mdes) Date: Tue Dec 7 15:20:03 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: Paul D wrote: > It's disappointing that I've had no more feedback to my other post. > Isn't there anything that anyone can do? > > Thanks > Paul I sent 3 reports (6-dec 8:56, 7-dec 9:23 and 7-dec 20:43), and I received no mail from SpamCop for reporting :( The last received report followed my mail on 5-dec 16:26. I know there are problems with the SpamCop server, but for 1.5 day ! Michel. ps: All times in GMT+1 From nobody at devnull.spamcop.net Tue Dec 7 14:48:19 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Dec 7 15:50:04 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: "mdes" wrote in message news:cp533e$2c0$1@news.spamcop.net... > > I sent 3 reports (6-dec 8:56, 7-dec 9:23 and 7-dec 20:43), and I received no mail from SpamCop for reporting :( > The last received report followed my mail on 5-dec 16:26. > > I know there are problems with the SpamCop server, but for 1.5 day ! And have you done any troubleshooting? Logging in on a www.spamcop.net page for instance? Are there reports waiting there to "Report Now" ... is there an indication that e-mail to your registered e-mail account has been bouncing ... have you checked the FAQ over in the web-based Forum area that has a few entries dealing with missed/lost/delayed e-mail ... did your ISP start a new filtering process .... on and on ... From nobody at devnull.spamcop.net Tue Dec 7 14:56:06 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 16:00:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > ... > | > | And while we're on the subject of learning things, *your* is a > > Ooooohh, Cat can get to be quite a little bass turd, eh? Personal attacks are rude, uncalled-for, and only make you look immature. That's > a good little snippet of attitude followed by condescending > platitude. How to win friends and influence people: piss them > off first with unsolicited "help", then tell them it's for their > own good. Uh, HUH! As if your own condescending attitude was needed. Seems more like you specifically chose the childish route of "I'd rather attack Cat for no good reason" judging by your replies to several of my posts. Your posts came across as less about wanting to be helpful to newbies and more about attacking someone whose posts you don't like. Since you seem hell-bent on calling someone else rude, typing with your caps lock stuck on like you did in several replies to my post is rude. Don't get your panties in such a wad just because everyone doesn't coddle you and sugar coat everything they say to you. You obviously had nothing positive to contribute to this discussion, since you resorted to verbal attacks and criticisms. You might want to count to 10, take a few deep breaths, and ask yourself why you feel the need to get all worked up over something this small. From nobody at devnull.spamcop.net Tue Dec 7 15:01:11 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 16:05:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: <41B4C555.8EC4D206@spamcop.net> Message-ID: Pop wrote: > ... > | Although acronymfinder is a better choice for this particular > task, > ... > Huh? What the hell is an "acronymfinder" and how do I make or > get one? Is that like a stud finder? Battery operated? What? Go back to my original post in this thread, and you'll find your answer to "what is acronymfinder?" From nobody at devnull.spamcop.net Tue Dec 7 15:13:07 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 16:20:08 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > "Cat" wrote in message > news:cp0vc5$bh5$1@news.spamcop.net... > | Mike Easter wrote: > | > Fred K wrote: > | > | > | > | >>Ah but alas, the poor person wanted a simple definition of > lart as it > | >>is used here. > | > | My point was that people should learn to look it up. I was > always taught > | "If you don't know the answer, look it up" when I was a kid. It > taught > | me how to research things and how to think for myself instead > of having > | everyone hand me all the answers. Then if I still can't find > the answer, > | I'll ask. > > Reasonable, but(t) ... is that also how you learned to tie your > shoes? Were you just forced to go read about how to do it? I > agree that very often the answer is right there in front of us if > we'll just look in the right cubby in front of us, but ... what's > wrong with the courtesy of a simplified, short answer and instead > of "go look it up", a comment on how/where to look for the info? > Those two courtesies are lacking in many of these OT posts. Even > mine, right here! Not a reasonable analogy since shoe tying is a physical activity and word definitions are trivial things that can be looked up on their own. Same with web site FAQs. In a good FAQ section, you can find the answers to most things without ever having to bother the support people. Unfortunately, SpamCop isn't known for being the best FAQ. Some things are easily searchable in it, but others are either hard to find or aren't explained well enough. > > | > | > Some people are into spoonfeeding the hapless or uninformed, > while > | > others would rather show them the way to get information, > including some > | > dirty work. > | > | Agreed. I think people get too lazy and don't want to do any > work for > | themselves and instead expect other people to spoon feed them > all the time. > > Agreed, for "some people". How did the OP get tossed into that > category though? If there's any validation of that sort of > evidence, it was artfully neglected. If you don't feel like > giving a civil answer, why not just shut the hell up and leave it > for someone with more than one brain cell? Because the term LART could have easily been plugged into any search engine. I also gave him the acronymfinder link, which is very helpfull for thse things. Considering how you followed me around this particular thread just to attack and nitpick every little thing I've said, maybe you should follow your own advice and shut the hell up if you can't be civil and leave it for someone with more than one brain cell. Don't be such a hypocrite. > The following Google response is recent as of about 30 seconds > ago: > ------------------- > "Your search - "LARTED" -LARTed -larted - did not match any > documents. > > Suggestions: > - Make sure all words are spelled correctly. > - Try different keywords. > - Try more general keywords. > - Try fewer keywords. > Also, you can try Google Answers for expert help with your > search." > --------------------- > Gee, what'd I do wrong? I used the Advanced Search and > everything! Why in hell do these guys think it's so obvious on > this Google place? > > If you answer that, be prepared to be ignored! Ignored? Gee, I wonder why. Maybe it's because you don't want to realize that you were wrong. A search of the word LART comes up with plenty of links explaining what it is. Anyone with two brain cells to rub together should be smart enough to drop the ed and look it up in present tense form. From nobody at spamcop.net Tue Dec 7 13:20:27 2004 From: nobody at spamcop.net (Dar) Date: Tue Dec 7 16:25:03 2004 Subject: [SpamCop-List] Online School That Gave Cat an MBA Is Sued Message-ID: HARRISBURG, Pa. - The Pennsylvania attorney general's office Monday sued an online university for allegedly selling bogus academic degrees - including an MBA awarded to a cat. http://tinyurl.com/5m42d From nobody at devnull.spamcop.net Tue Dec 7 15:19:21 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Dec 7 16:25:12 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > "Mike Easter" wrote in message > news:cp0g94$29d$1@news.spamcop.net... > | Fred K wrote: > | > "Cat" > | > | >> Also, Google is your friend. A simple search of the word > LART on > | >> Google comes up with several web sites giving you a > definition. > | > > | > Ah but alas, the poor person wanted a simple definition of > lart as it > | > is used here. > | > | Some people are into spoonfeeding the hapless or uninformed, > while > | others would rather show them the way to get information, > including some > | dirty work. > > True enough, but ... do you know that the OP fits into that > category? What makes you think OP fits the category of wanting > to be spoonfed etc.? Maybe I missed something. If it's just an > assumption without benefit of any substantiation, then IMO you > kibitzed from the wrong side. > > | > | > Following the kind brush-off by cat leads one on an > | > adventure and after doing it I a gave up weeding through > numerous > | > definitions that do not clearly define the term as it seems > to be > | > used in this NG. > > That one I don't understand. Cat (not "cat") didn't brush > anything off, did provide a viable lead, albeit with too much of > an assumption of prior knowledge or experience by the OP. IMO, > anyway. Ok, so you say this as if you understood my original reply and thought it was just fine. Then you chased me around the rest of the thread and nitpicked every little thing I said. I didn't do anything with an assumption of prior knowledge of experience. I gave the OP the acronym finder link and also pointed him to a search engine. Anyone who's been on the internet more than a day knows what Google is. Certainly, anyone who can figure out how to get to a newsgroup would know such basic knowledge as what Google is. From porpoise1954 at yahoo.co.uk Tue Dec 7 22:24:34 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 7 17:30:05 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Cat" wrote in message news:cp56sh$5ej$1@news.spamcop.net... > Anyone who's been on the internet more than a day knows what Google is. > Certainly, anyone who can figure out how to get to a newsgroup would know > such basic knowledge as what Google is. Ermm....... Wots a google? Is it like a Beagle? From David1 at suescornerweb.com Tue Dec 7 18:03:13 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 7 18:05:02 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: WazoO wrote: > "David 1" wrote in message > news:cp3op2$502$1@news.spamcop.net... > >> So to help me learn a heck of a lot more a lot faster why >>don't you give me that link(s) to what ever faq & other searchable info >>we have ( note the only place I've ever been to sc before coming here >>was the button to make a donation (ie: buy MEGS(FUEL)whatever) & I click >>the link when I get the email that it's ready for me to go hit the next >>couple of buttons so that's my association with SC. >>Now if you will baby me & hand me those link(s) that I need to get the >>job done then for what ever it's worth to you since you don't know me >>I'll give you my word that for a period of NO less then 3 months >>starting from the time I receive the links. I will personally answer >>every newbie question that I catch & if I don't catch it you have my >>full permission to chew me out publicly, also email me with the subject >>that I missed the question & I will answer the question asap so that you >>don't have to mess with it except for correcting me when I miss read >>something & screw it up. > > > With a promise like that ..... I'll give you two links .... > Login in to "your" www.spamcop.net page ... hit Help .... > http://forum.spamcop.net/forums/index.php? holds a FAQ that > contains all the above plus a whole lot more in a single-page > access-point format. > > Message saved, Promise will be kept I miss one just let me know David 1 From nobody at spamcop.net Tue Dec 7 18:18:32 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 18:20:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: ... | > | > That one I don't understand. Cat (not "cat") didn't brush | > anything off, did provide a viable lead, albeit with too much of | > an assumption of prior knowledge or experience by the OP. IMO, | > anyway. | | | Ok, so you say this as if you understood my original reply and thought "as if"? There you go ASSuming again. You need help with reading comprehension. | it was just fine. Then you chased me around the rest of the thread and Nope, didn't chase you. There you were at every turn, right square in front of me. | nitpicked every little thing I said. No, not "every little thing" you said. You need help with reading comprehension. I didn't do anything with an | assumption of prior knowledge of experience. Then I guess you're claiming to be clairvoyant? So, uhhh, you KNEW those WAGs to be accurate? Methinks though dost protest too much. Oh, sorry; you don't know what that means either, do you? I gave the OP the acronym | finder link and also pointed him to a search engine. Exactly: You gave him "acronumfinder" and then presented a different, unrelated link to "acronymfinder". There is no such thing as "acronymfinder". Anyone who's been | on the internet more than a day knows what Google is. Off the top of my head, I can name EIGHT PEOPLE WHO DON'T KNOW WHAT GOOGLE IS, WHO HAVE BEEN ON THE NET A LOT LONGER THAN "a day"! And, in a month or so, that number will be higher. You must have an incredibly small or select (as in you think it's superior) support group, eh? Don't you have ANY friends who aren't online addicts? There's more to the world than this limited neighborhood, you know. Or maybe you don't know. Certainly, anyone | who can figure out how to get to a newsgroup would know such basic | knowledge as what Google is. OH? And how do you make that leap of faith? THREE PEOPLE I can think of at this moment, received their computers WITH newsgroups all set up and ready to go. There were even some subscribed groups already. You have an incredibly limited world I'm afraid, and are really cheating yourself by being so narcissistic and attempting unsuccessful condescension. You're trying, but only to those who have to be close to you, thankfully. You really need to get out for a breath of actual oxygen sometime soon. If I really wanted to nitpick you, I'd still be writing the original entertainment notes I was making. Some people like you make it boring though; don't think you have anything worth entertainment anymore; you used it all up. Thanks again, Pop From nobody at spamcop.net Tue Dec 7 18:41:23 2004 From: nobody at spamcop.net (Pop) Date: Tue Dec 7 18:45:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Cat" wrote in message news:cp55gv$443$1@news.spamcop.net... | Pop wrote: | > ... | > | | > | And while we're on the subject of learning things, *your* is a | > | > Ooooohh, Cat can get to be quite a little bass turd, eh? | | Personal attacks are rude, uncalled-for, and only make you look immature. Yes, they do "make you look immature": You should stop. | | That's | > a good little snippet of attitude followed by condescending | > platitude. How to win friends and influence people: piss them | > off first with unsolicited "help", then tell them it's for their | > own good. Uh, HUH! | | As if your own condescending attitude was needed. No, I don't have a condescendig attitude at all. What I have is impatience with socially-challenged frumpets who know their limitations but ignore them. My opinion of most people who participated in this thread is magnitudes higher than yours is/was for any posting you responded to. Actually, you didn't respond; you whined and complained like a 5 year old. | | Seems more like you specifically chose the childish route of "I'd rather | attack Cat for no good reason" Nope, I had a reason for posting what I posted. I didn't keep track of WHO made dumb/smart comments, I just gave my opinion, joining the silly fracass that had already been started and which could go no lower than it already was. Obviously you are not a party to the line of thought that says there are no dumb questions, except for the ones which aren't asked. You jumped on a single poster and lumped him/her into a one size fits all derogatory laden spiel of actual trash, a couple of times. FWIW, I guessed that you would be the first one to bother to cry foul and I was right. You need to improve your reading comprehension. judging by your replies to several of my | posts. Your posts came across as less about wanting to be helpful to | newbies and more about attacking someone whose posts you don't like. Ahh, you noticed!! It wasn't that I didn't like the posts, it's that you were a hell of a lot less than helpful to the OP and should have kept your lips pressed against whatevery you took them away from in order to make those responses. Posting for the sake of posting is silly. Also pretty dumb. Posting to show off you knowledge, or lack thereof, is even sillier. You need to look around for the troll-group; you'll be much less happy there and thus probably a lot happier. No, I didn't mis-speak; I said what I meant. I also meant what I said. | Since you seem hell-bent on calling someone else rude, typing with your | caps lock stuck on like you did in several replies to my post is rude. FIRST OF ALL, MY CAPS LOCK KEY WASN'T "stuck" ON, IT WAS TURNED ON, SPECIFICALLY FOR THAT ONE POST. NO ONE IS MAKING YOU READ IT; IF YOU ARE UNHAPPY WITH IT, DON'T READ IT. IT'S THAT SIMPLE. BUT, IN REALITY, IT MADE YOU HAPPY, DIDN'T IT? yES, IT DID. aDMIT IT NOW: i KNOW IT MADE YOU HAPPY. rIGHT? oK. i SEE. eNOUGH, i GUESS, FOR THIS ONE. itspisserslikeyouthatkeeppeoplefrombeingabletolearnbecauseyoupissthemoffbeforetheygetachancetolearnanythinguseful,butthenthatsyourintentisntit? | | Don't get your panties in such a wad just because everyone doesn't dON'T JUDGE OTHERS BY YOURSELF. nOT ALL REAL MEN WEAR PANTIES LIKE YOU DO. oR DON'T YOU KNOW THE DIFFERENCE? yOU KNOW, AS SOON AS YOU LET SOMEONE ON A NG KNOW WHAT PISSES YOU OFF, YOU ARE SIMPLY ASKING FOR MORE OF IT, DON'T YOU? | coddle you and sugar coat everything they say to you. You obviously had | nothing positive to contribute to this discussion, Oh, but I did, ether-breath. I contributed a positive opinion of your opinions which were of little to no value due to their presentation. since you resorted to | verbal attacks and criticisms. You don't like getting back what you dished out, do you? Think about that. Too late! You already thought about it! You might want to count to 10, take a few | deep breaths, and ask yourself why you feel the need to get all worked | up over something this small. I'm not worked up. Are you? I'm simply making statements about you concerning your actions and how they went off topic, ignored the poster technically and socially, displayed poor to no etiquette, and quivered your own liver into an earthquake by the sound of you. The correct response for you would have been to just ignore all of it. Or plonk me. I certainly wouldn't care. It's only the unthinking and inexperienced who get mad on newsgroups. I'm the type that gives back what I get, that's all, and I'd seen enough of your drivel to feel that you deserved to get a little of it back. That's all. No animosity, no hard feelings, no hate, not even a dislike, though I think I'm glad you're not a neighbor. Or, is that glad that your not a neighbor? There, I gave you something else to do. There are four other little mysteries hidden in my posts for you to find if you want the challenge. Well, I grow weary of your little challenges. That's one of three responses I expected to receive - we'll see if the others come in. But, like I said, I'm weary of this; time to move on to something with legitimate interest and maybe even on topic. See ya in the next realm! Pop From David1 at suescornerweb.com Tue Dec 7 18:42:23 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 7 18:45:21 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 In-Reply-To: References: Message-ID: Paul D wrote: > It's disappointing that I've had no more feedback to my other post. > Isn't there anything that anyone can do? > > Thanks > Paul > > I'm trying to check on this keep getting server to busy , soon as I find out I'll let you know From MikeE at ster.invalid Tue Dec 7 15:44:48 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 7 18:45:30 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: David 1 wrote: > Paul D wrote: >> It's disappointing that I've had no more feedback to my other post. >> Isn't there anything that anyone can do? > I'm trying to check on this keep getting server to busy , soon as I > find out I'll let you know I'll go dig up a dozen spams and chunk them at the webparser and let you know. -- Mike Easter kibitzer, not SC admin From David1 at suescornerweb.com Tue Dec 7 18:50:15 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 7 18:55:04 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > "David 1" wrote in message > news:cp0reb$8tj$1@news.spamcop.net... > | Tom wrote: > | > On Sun, 5 Dec 2004 19:53:39 -0800, N. Miller wrote: > | > > | > > | >>>The term has lost its relevance and should be considered > pass? - that > | >>>particular word looks to me like p a s s then [e acute]. > | >> > | >>In other words, contemporary notifies have no impact. > | > > | > > | > Except to build black/block lists. > | > > | > Which is why to sooner you can report spam to the time it was > | > delievered, the better. > | > > | My avg. According to spam cop usually runs between 2 - 5 hours, > is that > | considered ok??? > | David 1 > > This one went unanswered as the thread was abandoned, is OT to > the OP's question, and could have easily been answered by: > > Yeah, that's not bad at all, actually. My time is stuck around > 12 hours, "pretty good" per SC's magic spokes-code. > > Pop > > Thank you much David 1 From MikeE at ster.invalid Tue Dec 7 15:53:12 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 7 18:55:16 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: Mike Easter wrote: > David 1 wrote: >> Paul D wrote: >>> It's disappointing that I've had no more feedback to my other post. >>> Isn't there anything that anyone can do? > >> I'm trying to check on this keep getting server to busy , soon as >> I find out I'll let you know > > I'll go dig up a dozen spams and chunk them at the webparser and let > you know. Just over 4 min per dozen, just before 4 PM PST [UTC -0800] That includes a little time for me to scan them for 'interest', and put into the webparser by hand one at a time. -- Mike Easter kibitzer, not SC admin From David1 at suescornerweb.com Tue Dec 7 19:07:01 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 7 19:10:08 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > .... > | > | Again For the record I do understand how you feel & I'm not > saying you > | are wrong in any way shape or form, I've been there & done that > myself. > | I'm just trying to say if something is wrong & you don't want > to deal > | with us then don't, from what I've seen of this group someone > will. > | Eventually. > | David 1 > > EGGzactly! The neuron-challenged are plentiful enough here, but > they're outnumbered/outpowered/out weaponized by those with > actual interpersonal skills and social abilities. One should > always put on their thickest skin before going to nearly any > newsgroup and if faceless zombie's opinions and words upset you, > then it's time to think more about a moderated forum where the > class of people is more similar to your liking. > > This is a Good Group, with significantly dedicated and active > participants who have the experience of many behind them and are > willing to share that for the greater good. > > You have an excellent attitude - and you even demonstrate social > skills. Keep up the good work! > > Pop > > Thank you again I think From not at home.today Wed Dec 8 00:11:52 2004 From: not at home.today (Ant) Date: Tue Dec 7 19:15:06 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: "Pop" wrote: [snip] > Well, I grow weary of your little challenges. That's one of > three responses I expected to receive - we'll see if the others > come in. But, like I said, I'm weary of this; time to move on to > something with legitimate interest and maybe even on topic. I'm thinking about posting my Spamcop mini "hall of fame". Both yourself and Cat are in it ;) From MikeE at ster.invalid Tue Dec 7 16:15:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 7 19:15:17 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: Mike Easter wrote: > Just over 4 min per dozen, just before 4 PM PST [UTC -0800] According to the stats page, at about 7 PM EST [UTC - 0500] SC is processing about 4 spams/sec, 240/min, 14,400/hr, which would be on track for 345,600/d or projected more than a couple of million a week. The graphic doesn't show any reduction of activity at http://www.spamcop.net/spamgraph.shtml?spamstats -- Mike Easter kibitzer, not SC admin From eatmy at grits.com Tue Dec 7 19:59:06 2004 From: eatmy at grits.com (Jeff) Date: Tue Dec 7 22:00:04 2004 Subject: [SpamCop-List] Re: make love not spam References: Message-ID: Ok, I tried it. I get a bunch of x'd out images and a ton of load errors. "Ivan Leo Puoti" wrote in message news:cp4qq7$rlk$2@news.spamcop.net... > Spammers have started rejecting connections from the spamvampire in > certain conditions, to avoid this go to my home page > http://ivanleo.spedia.net > and look for the anti spam link toward the top of the page. > > Ivan. From nobody at spamcop.net Tue Dec 7 20:25:08 2004 From: nobody at spamcop.net (Dar) Date: Tue Dec 7 23:30:04 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: Perhaps it's time to take this over to social or let it go? Dar From tmcgraw at spamcop.net Tue Dec 7 20:33:19 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 7 23:35:02 2004 Subject: [SpamCop-List] Re: BBCNEWS: Freeze on anti-spam campaign In-Reply-To: References: Message-ID: Bob Ames wrote: > > Lycos apparently has stopped with the origanized Vampiring. > > Or at least is no longer allowing new downloads of the Vampire > software... It's only a matter of time now... Big surprise, > it turns out that Vampiring is Not A Good Thing After All(tm). > :-) Fake Lycos screensaver harbours Trojan "Virus writers have begun distributing their wares in emails that pose as Lycos's abandoned 'Make love not spam' screensaver." http://www.theregister.co.uk/2004/12/07/fake_lycos_screensaver_trojan From nobody at devnull.spamcop.net Tue Dec 7 23:24:03 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Dec 8 00:30:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > | Personal attacks are rude, uncalled-for, and only make you look > immature. > > Yes, they do "make you look immature": You should stop. Since I didn't start anything, there's nothing to stop. You're just trying to be argumentitive for no good reason. I have better things to do with my time than to waste it sinking to your level of childishness. You're behaving like a troll. From mfkmek820 at yahoo.com Tue Dec 7 20:51:50 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Wed Dec 8 00:55:03 2004 Subject: [SpamCop-List] What is munged in this report? Message-ID: SC says earthlink.net does not accept munged report. I reported it using the "Forward as attachment" method, did not even look at it. That leads me to suspicion something is goofy in the header as I recieved it.. But I am not educated enough to figure out what I am looking for. Spam Header Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z700352933z1a87e9b7037f69973f1cb4b536b05cf4z Skip to Reports Report Spam to: Using abuse#abuse.earthlink.net@devnull.spamcop.net for statistical tracking. Re: 65.110.130.254 (Administrator of network where email originates) no Javascript = no confirmation = no report To: abuse@abuse.earthlink.net (refuses munged reports) (Notes) Fred k From nobody at devnull.spamcop.net Tue Dec 7 23:57:05 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Dec 8 01:00:02 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: References: Message-ID: Pop wrote: > | Personal attacks are rude, uncalled-for, and only make you look immature. > > Yes, they do "make you look immature": You should stop. Since I didn't start anything, there's nothing to stop. You're just trying to be argumentitive for no good reason. I have better things to do with my time than to waste it sinking to your level of childishness. You're behaving like a troll. I've been a regular in the SpamCop newsgroups for several years, and I've learned that there's always going to be a small handfull of people in the group that are going to whine and complain about how people reply to others no matter how many other people either agreed with the post or said the same thing in their own replies. I'm not going to waste my time and energy caring what a small few petty whiners have to say. It's really kind of sad and pathetic that some people have nothing better to do with their time than to wait around for someone else to disagree with a post then follow along jumping on that person like a pack of wolves. You're caving into the "follow the crowd like sheep" mentality. From zypher at spamcop.net Wed Dec 8 00:04:52 2004 From: zypher at spamcop.net (Ron B.) Date: Wed Dec 8 01:05:02 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: On Tue, 07 Dec 2004 20:51:50 -0900, Fred K wrote: > SC says earthlink.net does not accept munged report. I reported it using > the "Forward as attachment" method, did not even look at it. That leads me > to suspicion something is goofy in the header as I recieved it.. But I am > not educated enough to figure out what I am looking for. > > Spam Header > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z700352933z1a87e9b7037f69973f1cb4b536b05cf4z > Skip to Reports > > Report Spam to: > Using abuse#abuse.earthlink.net@devnull.spamcop.net for statistical > tracking. > Re: 65.110.130.254 (Administrator of network where email originates) > no Javascript = no confirmation = no report > To: abuse@abuse.earthlink.net (refuses munged reports) (Notes) > > > Fred k To: x From MikeE at ster.invalid Tue Dec 7 22:06:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 01:10:13 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: Fred K wrote: > SC says earthlink.net does not accept munged report. I reported it > using the "Forward as attachment" method, did not even look at it. > That leads me to suspicion something is goofy in the header as I > recieved it.. But I am not educated enough to figure out what I am > looking for. There isn't anything wrong with your submit/forward. The 'standard' or default SC configuration for you is to munge reports in the standard SC munge; which is to convert addresses in the To or CC or Received lines into 'x' -- but your reporting preferences can have 3 options, obscure [or munge], leave intact [don't munge], or mole report. > Spam Header > Here is your TRACKING URL - it may be saved for future reference: spamcop.net/sc?id=z700352933z1a87e9b7037f69973f1cb4b536b05cf4z > Skip to Reports > > Report Spam to: > Using abuse#abuse.earthlink.net@devnull.spamcop.net for statistical > tracking. > Re: 65.110.130.254 (Administrator of network where email originates) > no Javascript = no confirmation = no report > To: abuse@abuse.earthlink.net (refuses munged reports) (Notes) Most likely you are configured to munge you address. If the standard munge is used, EL doesn't want to receive the report and it will be handled 'internally' - ie the report will count, but EL won't get a copy of the report that their user was a source 65.110.130.254 rDNS user-10mt0nu.cable.mindspring.com is listed in a number of blocklists including SCbl & cbl so it is probably a trojan. If you click to report the spam to EL, then SC will unmunge or demunge your report to them. -- Mike Easter kibitzer, not SC admin From avoozl at spamcop.net Tue Dec 7 22:08:56 2004 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Wed Dec 8 01:10:23 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: You know.. I've often wondered why EL refuses spamcop.net reports that are munged... You'd think they'd want to clean up their network if they have spammers using it. Chris "Mike Easter" wrote in message news:cp65km$pdf$1@news.spamcop.net... > Fred K wrote: >> SC says earthlink.net does not accept munged report. I reported it >> using the "Forward as attachment" method, did not even look at it. >> That leads me to suspicion something is goofy in the header as I >> recieved it.. But I am not educated enough to figure out what I am >> looking for. > > There isn't anything wrong with your submit/forward. > > The 'standard' or default SC configuration for you is to munge reports > in the standard SC munge; which is to convert addresses in the To or CC > or Received lines into 'x' -- but your reporting preferences can have 3 > options, obscure [or munge], leave intact [don't munge], or mole report. > >> Spam Header >> Here is your TRACKING URL - it may be saved for future reference: > spamcop.net/sc?id=z700352933z1a87e9b7037f69973f1cb4b536b05cf4z >> Skip to Reports >> >> Report Spam to: >> Using abuse#abuse.earthlink.net@devnull.spamcop.net for statistical >> tracking. >> Re: 65.110.130.254 (Administrator of network where email originates) >> no Javascript = no confirmation = no report >> To: abuse@abuse.earthlink.net (refuses munged reports) (Notes) > > Most likely you are configured to munge you address. If the standard > munge is used, EL doesn't want to receive the report and it will be > handled 'internally' - ie the report will count, but EL won't get a copy > of the report that their user was a source 65.110.130.254 rDNS > user-10mt0nu.cable.mindspring.com is listed in a number of blocklists > including SCbl & cbl so it is probably a trojan. > > If you click to report the spam to EL, then SC will unmunge or demunge > your report to them. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at xyzzy.claranet.de Wed Dec 8 07:29:31 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 8 01:35:03 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: <41B69F4B.3DCA@xyzzy.claranet.de> Cat wrote: > A search of the word LART comes up with plenty of links > explaining what it is. Anyone with two brain cells to rub > together should be smart enough to drop the ed and look it > up in present tense form. Google used to do this for you, but maybe I confuse it with singular vs. plural. OTOH if I type in "larted" the _second_ hit is a page with the title "what is LARTed". "define:larted" fails, but "define:lart" works, that should be good enough for simple acronyms. Some ways to access the jargon file: http://dict.org gopher://dict.org:2628/?DEFINE%20*%20LART The latter won't work on a "secure" IE, because M$ decided that the fastest way to "fix" this feature was to remove it, but it is possible to reenable it in the registry. There are of course newer versions of the jargon file than the 2001 dict.org copy, faqs.org has a copy, and the newest is apparently http://www.catb.org/~esr/jargon/ (it's hard to tell which jargon file is "the" jargon file). http://www.catb.org/~esr/jargon/html/L/LART.html http://www.catb.org/~esr/jargon/html/X/xyzzy.html The xyzzy entry is incomplete, they removed a broken link, and my proposal to fix it didn't make it yet, for another xyzzy story see http://www.rickadams.org/adventure/c_xyzzy.html My "SC on topic" indicator says "zero", is this correct ? Bye. From nobody at devnull.spamcop.net Wed Dec 8 00:43:32 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Dec 8 01:50:03 2004 Subject: [SpamCop-List] Re: LARTED? In-Reply-To: <41B69F4B.3DCA@xyzzy.claranet.de> References: <41B69F4B.3DCA@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Cat wrote: > > >>A search of the word LART comes up with plenty of links >>explaining what it is. Anyone with two brain cells to rub >>together should be smart enough to drop the ed and look it >>up in present tense form. > > > Google used to do this for you, but maybe I confuse it with > singular vs. plural. OTOH if I type in "larted" the _second_ > hit is a page with the title "what is LARTed". > > "define:larted" fails, but "define:lart" works, that should be > good enough for simple acronyms. Some ways to access the jargon > file: http://dict.org > > gopher://dict.org:2628/?DEFINE%20*%20LART > > The latter won't work on a "secure" IE, because M$ decided that > the fastest way to "fix" this feature was to remove it, but it > is possible to reenable it in the registry. Figures that IE would screw that up. I had been using Netscape for a long time but finally switched over to Firefox within the past few weeks. I haven't tried the "define:" string with it though. I just typed "lart" and came up with a bunch of sites. > There are of course newer versions of the jargon file than the > 2001 dict.org copy, faqs.org has a copy, and the newest is > apparently http://www.catb.org/~esr/jargon/ (it's hard to tell > which jargon file is "the" jargon file). > > http://www.catb.org/~esr/jargon/html/L/LART.html > http://www.catb.org/~esr/jargon/html/X/xyzzy.html Heh, I think I have the jargon file link around somewhere. The sites you posted along with acronymfinder.com are all good sites. I don't know why some people get so upset over being shown a new web site for information. From mfkmek820 at yahoo.com Tue Dec 7 23:14:19 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Wed Dec 8 03:15:04 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: "Mike Easter" wrote in message news:cp65km$pdf$1@news.spamcop.net... > Fred K wrote: > > If you click to report the spam to EL, then SC will unmunge or demunge > your report to them. > > -- > Mike Easter > kibitzer, not SC admin > Thanks Mike, I did not go to the preference for advanced users, since I consider myself still wet behind the ears as far as spam and it's intricacies is concerned. I guess the default is munged for a new account. 1. Now that I look at it, do you recommend the "mole" setting? I remember about some site in Italy that was talked about. It had an open list of spam reports and their email addresses. 2.Also the tracking numbers I had figured that before. Could that be root of the complaint I have heard from others that they think reporting spam begets more spam? Myself I use yahoo account to LART some ISP's and toy with 419 scammers. I do not get any spam there. Fred k From MikeE at ster.invalid Wed Dec 8 00:34:34 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 03:35:02 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: Fred K wrote: > I guess the default is munged for a new account. Yes, I think that. > 1. Now that I look at it, do you recommend the "mole" setting? No. Unless you feel uncomfortable about those who are notified getting the normally SC 'trivially' munged report -- whereas a trivially munged report munges the 'obvious' address of the recipient. Those who would be moles are uncomfortable with the fact that it is possible to encode the identity of the recipient into the spam in 'occult' or obscure or invisible ways, spaces between the letters, encrypted junk content. The only way a person can eliminate all possibility that the notified addressees can 'decrypt' the contents of the spam itself, which is included with the report, is to eliminate the notified addressees getting any report at all. That is the mole report. The 'problem' with the mole report is that currently it does not count for anything. Or, much of anything. Most importantly, unlike a 'regular' report, it doesn't count toward the SCbl. So, you might consider it to be a 'non-report' report. > I remember about some site in Italy that was talked about. It had an > open list of spam reports and their email addresses. Currently SC does not notify those dudes. > 2.Also the tracking numbers I had figured that before. Could that be > root of the complaint I have heard from others that they think > reporting spam begets more spam? I have my own theory or philosophy of how reporting spam can possibly beget more spam. My theory is that some small subset of people/reporters handle their spam 'badly' in the interest of making spamcop reports. If a person handles spam insecurely [opening spam insecurely, eg] then their bad spam handling causes them to get more spam than they would get if they handled their spam securely. Or didn't handle it at all. So, insecure spam handling in order to make SC reports will/can cause more spam than no spam handling, including insecure. > Myself I use yahoo account to LART some ISP's and toy with 419 > scammers. I do not get any spam there. For years I manually notified from a spammed addy with no mungeing without repercussions; I don't consider the type of notifying that I did to cause that spammed and unmunged reporting address trouble. 'Toying' with scammers and spammers is a sport some people play. I consider spamfighting a sport and an educational tool. There are many nuances to some sports, and some of the nuances are dangerous. -- Mike Easter kibitzer, not SC admin From Windrider6 at SpamCop.net Wed Dec 8 11:44:10 2004 From: Windrider6 at SpamCop.net (Bruce A. Johnson) Date: Wed Dec 8 06:45:05 2004 Subject: [SpamCop-List] Wanted: A new statistic Message-ID: I was thinking that it would be good to have a statistic giving the percentage of spam to the total e-mail delivered to SpamCop e-mail users. While it would be great to provide this statistic for each user, a conglomerated statistic of all users would be a good indicator of the average percentage of e-mail that is spam on the Internet. - Bruce A. Johnson in Hardisty, Alberta, Canada - Windrider6@SpamCop.net From firewoman at default.domain.not.available Wed Dec 8 08:54:18 2004 From: firewoman at default.domain.not.available (Firewoman) Date: Wed Dec 8 08:55:03 2004 Subject: [SpamCop-List] Re: [article] Mild C&C References: Message-ID: "Merlyn" wrote in message news:cp4imj$l0n$1@news.spamcop.net... > Cat earns degree, spammers get busted. > > Rule #3 in action: > http://www.cbsnews.com/stories/2004/12/07/tech/main659418.shtml My cats would like to know, in addition to the MBA, do they offer degrees in vocational agriculture (for mousing and catnip purposes only!)? From bar_n0ne at hotmail.com Wed Dec 8 18:12:33 2004 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 8 09:15:02 2004 Subject: [SpamCop-List] Re: [article] Mild C&C References: Message-ID: "Firewoman" wrote in message news:cp711u$8ug$1@news.spamcop.net... > "Merlyn" wrote in message > news:cp4imj$l0n$1@news.spamcop.net... > > Cat earns degree, spammers get busted. > > > > Rule #3 in action: > > http://www.cbsnews.com/stories/2004/12/07/tech/main659418.shtml > > My cats would like to know, in addition to the MBA, do they offer degrees in > vocational agriculture (for mousing and catnip purposes only!)? and when I read Merlins post, I thought it would be an article about Cat. From ube_never at YAHOO.COM Wed Dec 8 09:56:52 2004 From: ube_never at YAHOO.COM (R. Asby Dragon) Date: Wed Dec 8 12:55:04 2004 Subject: [SpamCop-List] Strangeness? SC "not resolving" working URLs heavily today. Message-ID: So far today: 4 out of 8 submiisions have come back as "Cannot Resolve" the spamvertised URL; but I can open them here. All of them are CN hosted sites. They *are* "slow to open"; looks like things aren't well on the routing. Is it possible that the spammers (or possibly the hosts) are blocking requests from known Spamcop IP addresses ? Or has somebody at SC set the "resolve" time too short to see these? If needed; can post the sites/tracking info and such later. -- -- I'm personally in favor of finding some way to make Robert A. Heinlein's corpse "President Forever" and making it mandatory that any public official memorizes "The Notebooks of Lazarus Long" . --R. Asby Dragon From mfkmek820 at yahoo.com Wed Dec 8 08:54:56 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Wed Dec 8 13:00:03 2004 Subject: [SpamCop-List] No access to reported spam Message-ID: As of 12:30pm 12/7/04, I cannot access my spam reports to send them. Both via links in the email and directly from the SC.net site. Fred k From MikeE at ster.invalid Wed Dec 8 10:07:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 13:10:04 2004 Subject: [SpamCop-List] Re: Strangeness? SC "not resolving" working URLs heavily today. References: Message-ID: R. Asby Dragon wrote: > So far today: > 4 out of 8 submiisions have come back as "Cannot Resolve" the > spamvertised URL; but I can open them here. All of them are CN > hosted sites. They *are* "slow to open"; looks like things aren't > well on the routing. > > Is it possible that the spammers (or possibly the hosts) are blocking > requests from known Spamcop IP addresses ? Or has somebody at SC set > the "resolve" time too short to see these? In the past, the most common condition of those which the poster can resolve and SC can't is that the nameservice is a bit of a mess; or rather, quite a bit of a mess. 'We' can only see how bad the nameservice is according to our own resolvers, other resolvers we might access elsewhere, and the resolving 'analysis' tools somewhere like dnsstuff. Weird and pokey nameservice /might/ also choose to block the nameservice to spamcop. The only way to talk about a specific site resolution condition is by posting it. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 8 13:33:49 2004 From: nobody at spamcop.net (indigo) Date: Wed Dec 8 13:35:02 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: Dar wrote: > Perhaps it's time to take this over to social Hell no! or let it go? > Hell yes! From nobody at devnull.spamcop.net Wed Dec 8 12:47:52 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Dec 8 13:50:03 2004 Subject: [SpamCop-List] Re: No access to reported spam References: Message-ID: "Fred K" wrote in message news:cp7f5s$hjo$1@news.spamcop.net... > As of 12:30pm 12/7/04, I cannot access my spam reports to send them. Both > via links in the email and directly from the SC.net site. A lot of ground covered there, but so few details. Does one assume that you can log into a www.spamcop.net page? Have you talked to you ISP to see if some new filtering went into effect yesterday? Does "past history" show anything out of the ordinary? Just a few things to look at ... From puoti at inwind.it Wed Dec 8 20:01:35 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Wed Dec 8 14:05:02 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: > Ok, I tried it. I get a bunch of x'd out images and a ton of load errors. I know about this, to fix it please save the page to your local hard drive and open it from your hard drive, and it will work again. I hope to soon find a better solution. In the mean time the spammer have started using my address as "From" in spams, so they obviously don't like me, unfortunately for them with my web mail client it took me less than 20 seconds to delete 200+ bounces, so if the spammers are reading my message is bring it on :-) Ivan. From MikeE at ster.invalid Wed Dec 8 12:05:59 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 15:10:04 2004 Subject: [SpamCop-List] Re: mailing list question References: Message-ID: This could/should be in spamcop or spamcop.help; I'm choosing spamcop. >From a 'housekeeping' point of view, your message is posted to the wrong newsgroup here, so I'm going to make my reply go to spamcop.spam and spamcop and f/ups to my post be in spamcop. M2 wrote: > I administer a small domain which includes a couple of mailing lists. > However I am not an expert and I need a little advice. Like many we > have been errantly reported in the past but it has always been > cleared up. Our list has been in operation as a part of a real time > social group for many years and is completely legitimate. Any mailing list runs certain dangers of being reported as spam. Some mailing lists are very poorly created and managed; while other reports are 'purely' the fault of the subscriber. > We received spamcop bounces on two subscribers recently against one > of our lists, while all other messages sent out by the list delivered > fine to other subscribers. Then this repeated on 7 more messages with > the identical result. Checking our IP against these bounces reveals > our list's IP is NOT on the spamcop block list. Whats up? The best way to talk about a particular bounce or reject is to examine the 'content' or parts of the bounce/reject, not to try to describe it. Spamcop doesn't bounce anything. Spamcop is a parsing reporting service, a spamsource blocklist maintainer, and a mail service which provides spam filtering and reporting services for its subscribers. Many mail providers provide spam filtering/blocking services for their clients, and a great many of them use various blocklists, including spamcop's to aid them. Most servers provide useful information in the delivery notification information. > The reason I am writing is because the two addresses which bounced via > spamcop belong to two subscribers who have a reputation for being > disruptive within our group. Perhaps this is coincidence but my > concern is that they are maliciously reporting our posts to spamcop > even though they are subscribers. Some spamcop reporters behave badly or errantly. They can get in trouble for that and/or be fined or banned. > Does the fact that only these two > subscribers received spamcop bounces while all others delivered, and > while we were not on the spamcop list, indicate the possibility that > they are engaging in malicious reporting to disrupt our list? Without having more details it would be impossible to guess; but my instinct would say 'no' -- but it is very easy to challenge or rebut an errant or mistaken report in which your mail is being reported as a spamsource. > How can > I determine if this is the case? No other messages have been > interrupted and no other subscribers' mail has generated these > bounces. > > One of the bounce messages appears below. I will post additional info > as necessary. > nitro57@classicnet.net > Delivery failed > 554 Service unavailable; Client host [68.95.78.35] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?68.95.78.35 That IP is currently not scbl listed - nor listed in other db/s. Only a deputy can dig up some old history. If a spam sourced at that IP were spamcop reported, the notify from SC would go to sbc-abuse@sbc.com - but if you are the administrator for epsi.net, you could register with abuse.net to be notified about epsi abuses, and you could request SC to also notify you for anything pertaining to that arin registered netblock whois -h whois.arin.net 68.95.78.35 ... SBC Internet Services 68.88.0.0 - 68.95.255.255 Comment: Contact abuse@swbell.net for policy abuse issues. EPSI.net 68.95.78.0 - 68.95.78.255 Comment: For Policy Abuse issues, contact: abuse@swbell.net whois -h whois.abuse.net epsi.net ... No abuse address is registered with abuse.net Complaints should go to abuse@ (the domain) with copies to postmaster@ (the domain) (Including a suggestion that they register with abuse.net, by emailing update@abuse.net might be a good idea too) > nitro57@classicnet.net > Delivery failed > 554 Service unavailable; Client host [68.95.78.35] blocked using > bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?68.95.78.35 That delivery failure notice may have been accurate and correct at the time; or occasionally someone uses a blocklist and sets it up wrong and the information is misleading. This information is almost a week old. It may have been listed at that time. If you were getting the notifies for spams from your server, you would be able to tell what's going on better. -- Mike Easter kibitzer, not SC admin From puoti at inwind.it Wed Dec 8 21:05:15 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Wed Dec 8 15:10:13 2004 Subject: [SpamCop-List] Re: make love not spam In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > > Ok, I tried it. I get a bunch of x'd out images and a ton of load > errors. > > I know about this, to fix it please save the page to your local hard > drive and open it from your hard drive, and it will work again. > I hope to soon find a better solution. The page is working correctly again, if you have problems write to me, my address is puoti@inwind.it Ivan. From tmcgraw at spamcop.net Wed Dec 8 13:03:31 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Dec 8 16:05:03 2004 Subject: [SpamCop-List] Re: mailing list question In-Reply-To: References: Message-ID: Mike Easter wrote: > > No discussion of mailing list administration is complete without two words: best practices. http://www.mail-abuse.com/an_listmgntgdlines.html I sometimes include that link in manual LARTS where I have been forge-subscribed by a non confirmed-opt-in system. From nobody at nowhere.invalid Thu Dec 9 00:16:13 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 8 18:20:03 2004 Subject: [SpamCop-List] [C&C] Spammy mixes up diet pills and mortgages Message-ID: Those "fat" m0rtgage payments are unhealthy.... Lose a little weight from your "fat" m0rtgage payments. [url to spamvertised site] The 60 second refinance diet plan. -- Steve BOFH excuse #387: Your computer's union contract is set to expire at midnight From nobody at spamcop.net Wed Dec 8 19:57:42 2004 From: nobody at spamcop.net (PeterJ) Date: Wed Dec 8 20:00:03 2004 Subject: [SpamCop-List] PayPal mssg NOT spam Message-ID: Just curious on people's thoughts regarding valid PayPal emails...is it common for SpamCop reporters to accidentally report them because they are so rare? See full message source of a legitimate PayPal email (received today)posted in .spam with same subject as this post. The source is munged, Z = my full name and Y = my email address. This email was blocked by the SpamCop BL when my SpamCop email account received it for me, however my bayesian filtering (by POPFile) corrected the mistake and moved it to my inbox. One thing I have noticed about bayesian filtering, it is very good at determining the difference between phishes and valid emails. To the point of being uncanny. Is PayPal getting a bum rap because they rarely mail people and are clearly outnumbered by phishes or is something else going on? PeterJ From nobody at spamcop.net Wed Dec 8 19:17:43 2004 From: nobody at spamcop.net (Tom) Date: Wed Dec 8 20:20:13 2004 Subject: [SpamCop-List] Re: LARTED? References: Message-ID: On Mon, 06 Dec 2004 00:43:17 -0500, David 1 wrote: >> Which is why the sooner you can report spam to the time it was >> delievered, the better. >> >My avg. According to spam cop usually runs between 2 - 5 hours, is that >considered ok??? Not bad. If you can get it out with "0" hours, that's ideal, mostly because it means it might get blocked before the spam run has completed. Still two to five hours assures that the spam is really spam because the more that report a particular run, the better the chance is that the IP will be listed (if it isn't already in a listed block). Even then, by reporting an already listed IP, it stays listed. From MikeE at ster.invalid Wed Dec 8 17:18:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 20:20:57 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: PeterJ wrote: > Just curious on people's thoughts regarding valid PayPal emails...is > it common for SpamCop reporters to accidentally report them because > they are so rare? There are paypal phishes and there are paypal spams and their are wanted paypal mails or mailing list promotions > See full message source of a legitimate PayPal email (received > today)posted in .spam with same subject as this post. The source is > munged, Z = my full name and Y = my email address. A better way to show an item is to parse it, save the tracker, cancel the report and post the tracker here like this: www.spamcop.net/sc?id=z700639788zd9620738ea38430253ba7a141b661fb9z That particular tracker isn't as good as a tracker of the original 'unbent' item would've been -- where 'bent' refers to the undesirable EOL wrapping introduced by newsreader posting wraps. > This email was blocked by the SpamCop BL when my SpamCop email account > received it for me, however my bayesian filtering (by POPFile) > corrected the mistake and moved it to my inbox. One thing I have > noticed about bayesian filtering, it is very good at determining the > difference between phishes and valid emails. To the point of being > uncanny. The item was caught by SC because the IP is listed in the SCbl. That means that reporters have been reporting spams from that IP. That means either that they are mistaken, and they wanted PayPal to be sending them mail, or agreed to it, or that PP is sending people promotional mail they consider spam. That IP is also listed in a bl called spam cannibal, which I don't understand yet. > Is PayPal getting a bum rap because they rarely mail people and are > clearly outnumbered by phishes or is something else going on? Perhaps you are a subscriber to that PP 'newsletter' promotion - perhaps PP doesn't handle its newsletter mailing list optimally - perhaps other SC reporters are reporting their newsletters mistakenly - perhaps they aren't. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 8 17:24:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 20:25:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: Mike Easter wrote: > There are paypal phishes and there are paypal spams and their are > wanted paypal mails or mailing list promotions << I dunno. Get me a beer while you're up, OK? Tnx. >> -- Mike Easter's alterego and alteralterego From nobody at devnull.spamcop.net Wed Dec 8 19:26:58 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Dec 8 20:30:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam In-Reply-To: References: Message-ID: PeterJ wrote: > Is PayPal getting a bum rap because they rarely mail people and are > clearly outnumbered by phishes or is something else going on? Something else is going on. I have a PayPal account with my e-mail notifications set so that the only communication I should receive from PayPal is e-mail regarding payment notifications. I specifically made sure that all other e-mail notifications were unchecked. Today, PayPal ignored my account preferences and sent their newsletter to me. PayPal is outright guilty of spamming people who never asked to receive their newsletters. From nobody at spamcop.net Wed Dec 8 20:42:02 2004 From: nobody at spamcop.net (Ellen) Date: Wed Dec 8 20:45:02 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: "PeterJ" wrote in message news:cp87u7$1r3$1@news.spamcop.net... > Just curious on people's thoughts regarding valid PayPal emails...is it > common for SpamCop reporters to accidentally report them because they > are so rare? > Well there are 19 reports from 19 people in the last week and a large number of those are from the last 24 hours with the same subject line dealing with paypal shops so I think this is more than a case of accidental. Ellen From mfkmek820 at yahoo.com Wed Dec 8 16:57:03 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Wed Dec 8 21:00:02 2004 Subject: [SpamCop-List] Re: No access to reported spam References: Message-ID: "WazoO" wrote in message news:cp7i8o$jk6$1@news.spamcop.net... > "Fred K" wrote in message > news:cp7f5s$hjo$1@news.spamcop.net... >> As of 12:30pm 12/7/04, I cannot access my spam reports to send them. Both >> via links in the email and directly from the SC.net site. > > A lot of ground covered there, but so few details. Does one > assume that you can log into a www.spamcop.net page? Have > you talked to you ISP to see if some new filtering went into > effect yesterday? Does "past history" show anything out > of the ordinary? Just a few things to look at ... Well, other web pages and my emails worked fine. I was talking about clicking on the link in the email, and the "Report now" on the SC webpage. Either way I got the old server not found. Other links on SC webpage worked as advertised. This went on for 30'. Then I had to go somewhere. Now it is ok as of 5PM EST. Fred k From nobody at spamcop.net Wed Dec 8 21:13:52 2004 From: nobody at spamcop.net (PeterJ) Date: Wed Dec 8 21:15:04 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam In-Reply-To: References: Message-ID: Thanks Ellen, Cat, and Mike, It appears the email I am referring to is definitely not a PayPal phish, but instead PayPal is not honoring user notification settings. I guess whether people report this email using SpamCop, by manual report, or "wait and see" is what will determine the immediate outcome (with regards to the SpamCop BL.) Thanks for the info. I definitely do not remember ever having an issue with PayPal sending me email inappropriately in the past...definitely not going to help their reputation much. Off to check my PayPal "notification" settings. PeterJ From nobody at spamcop.net Wed Dec 8 21:27:07 2004 From: nobody at spamcop.net (PeterJ) Date: Wed Dec 8 21:30:02 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam In-Reply-To: References: Message-ID: > Off to check my PayPal "notification" settings. > Well, turns out that my "notification" settings were as Cat described, set to only email me when a payment is made/received and such. I did notice this at the bottom of PayPal's notification page: *PayPal reserves the right to contact our users regarding important product or policy announcements. I think it is a stretch to qualify PayPal's recent ", See the Great Deals at PayPal Shops" emails in this category. It is not a policy announcement, but perhaps could be very weakly argued a "product announcement." My guess is they will continue to get reported and I PayPal should seriously consider elaborating on the caveat above. PeterJ From nobody at spamcop.net Wed Dec 8 21:44:40 2004 From: nobody at spamcop.net (PeterJ) Date: Wed Dec 8 21:45:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam In-Reply-To: References: Message-ID: Ok, last response to myself. I guess I find this intriguing and I am beginning to wonder if PayPal my have a leg to stand on given that clause in my previous post where they reserve the right to contact you regarding changes to the product and policies. Below is a relevant snipped section from PayPal's privacy info (found here >> http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside ** Our Contacts with PayPal Customers We communicate with users on a regular basis via e-mail to provide requested services, and we also communicate by phone to resolve customer complaints or investigate suspicious transactions. We use your e-mail address to confirm your opening of a PayPal account, to send you notice of payments that you send or receive through PayPal (including referral payments described below), to send information about important changes to our products and services, and to send notices and other disclosures required by law. Generally, users cannot opt out of these communications, but they will be primarily informational in nature rather than promotional. We also use your e-mail address to send you other types of communications that you can control, including the PayPal Periodical newsletter, auction tips, customer surveys and notice of special third-party promotions. You can choose whether to receive some, all or none of these communications when you complete the registration process, or at any time thereafter, by logging in to your account on the PayPal Web site and changing your preferences in the Profile page of the My Account tab. You can also change your choices at any time through the same procedure. In connection with independent audits of our financial statements and operations, the auditors may seek to contact a sample of our customers to confirm that our records are accurate. However, these auditors cannot use personally identifiable information for any secondary purposes. ** It is the last sentence of the first paragraph that makes me wonder... PeterJ From MikeE at ster.invalid Wed Dec 8 19:24:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 8 22:25:08 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: PeterJ wrote: > *PayPal reserves the right to contact our users regarding important > product or policy announcements. > > I think it is a stretch to qualify PayPal's recent ", > See the Great Deals at PayPal Shops" emails in this category. It behooves PP to not screwup -- to just send the appropriate notifications when appropriate and to only send their promotional newsletters to those who want them. Not only does it besmirch the reputation of PP which is trying to be a 'merchant' and have some 'brandname' integrity to be spammish; but it also gets their IP onto blocklists and interferes with the effectiveness of the distribution for not only those who want the newsletters, but also some other PP communications which might be desired by the people who are blockling the spamming IP. So, unlike the 'typical' spammer who has all kinds of strategies to distribute their spam and avoid blocklists, if a 'legitimate' business gets its email distribution lists screwed up, it has very bad consequences for them. One good thing about the SCbl is that it is so dynamic -- if the spamming or rather spam reporting - stops, then the SCbl listing goes away automatically. One disadvantage of being listed is that the listing itself has a tendency to perpetuate or prolong, people who find an item spamtagged are more likely to report it than if it had not been so tagged. So being listed begets being listed by spamcop mailusers and some similars. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 9 07:52:02 2004 From: nobody at spamcop.net (nospam) Date: Wed Dec 8 22:55:02 2004 Subject: [SpamCop-List] Re: Strangeness? SC "not resolving" working URLs heavily today. References: Message-ID: in article cp7fs5$i4c$1@news.spamcop.net, Mike Easter at MikeE@ster.invalid wrote on 12/8/04 10:07 PM: > R. Asby Dragon wrote: >> So far today: >> 4 out of 8 submiisions have come back as "Cannot Resolve" the >> spamvertised URL; but I can open them here. All of them are CN >> hosted sites. They *are* "slow to open"; looks like things aren't >> well on the routing. >> >> Is it possible that the spammers (or possibly the hosts) are blocking >> requests from known Spamcop IP addresses ? Or has somebody at SC set >> the "resolve" time too short to see these? > > In the past, the most common condition of those which the poster can > resolve and SC can't is that the nameservice is a bit of a mess; or > rather, quite a bit of a mess. > > 'We' can only see how bad the nameservice is according to our own > resolvers, other resolvers we might access elsewhere, and the resolving > 'analysis' tools somewhere like dnsstuff. > > Weird and pokey nameservice /might/ also choose to block the nameservice > to spamcop. > > The only way to talk about a specific site resolution condition is by > posting it. I've been having the same problem, but it seems to be a kind of pokiness, If I "View original Mail" and then return to the parser they usually resolve on the second, and sometimes 3d try. Makes reporting spamvertized sites a pain though. Interestingly the frequency of this occurrence has jumped since that Lycos screensaver hit the news, so I keep wondering if it's the cause or coincidence. I have to admit, If it were that I'd like my spamvertized sites to show up on the recent sites page. :). After all ist not as if the haha - net cnc-noc, crc or chinanet are doing anything with their spamsites, other than helping their clients cycle through names to avoid milters. From ube_never at YAHOO.COM Wed Dec 8 22:24:55 2004 From: ube_never at YAHOO.COM (R. Asby Dragon) Date: Thu Dec 9 01:20:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: "PeterJ" wrote in message news:cp8cd0$589$1@news.spamcop.net... > Thanks Ellen, Cat, and Mike, > > It appears the email I am referring to is definitely not a PayPal phish, > but instead PayPal is not honoring user notification settings. I guess > whether people report this email using SpamCop, by manual report, or > "wait and see" is what will determine the immediate outcome (with > regards to the SpamCop BL.) Thanks for the info. I definitely do not > remember ever having an issue with PayPal sending me email > inappropriately in the past...definitely not going to help their > reputation much. Off to check my PayPal "notification" settings. Think "Ebay'ed" ; same company now. From nobody at devnull.spamcop.net Thu Dec 9 01:52:35 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Dec 9 02:55:12 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam In-Reply-To: References: Message-ID: PeterJ wrote: > Well, turns out that my "notification" settings were as Cat described, > set to only email me when a payment is made/received and such. I did > notice this at the bottom of PayPal's notification page: I wonder why they decided to start ignoring account preferences. That was definitely very unprofessional on their part. > I think it is a stretch to qualify PayPal's recent ", > See the Great Deals at PayPal Shops" emails in this category. It is not > a policy announcement, but perhaps could be very weakly argued a > "product announcement." My guess is they will continue to get reported > and I PayPal should seriously consider elaborating on the caveat above. I sent a manual complaint to PayPal's upstream, which came up as glbx.net (Global Crossing) when I ran it through SpamCop. I wasn't sure whether it would be considered acceptable to send a SpamCop complaint on this one since I am a PayPal user but didn't subscribe to their newsletter, so that's why I canceled the report and sent a manual complaint. I also complained to PayPal about this through their contact page and asked why they ignored my preferences. From little at pussy.com Thu Dec 9 01:12:15 2004 From: little at pussy.com (Tha King) Date: Thu Dec 9 04:10:08 2004 Subject: [SpamCop-List] access Message-ID: http://secure.ibill.com/cgi-win/ccard/rscookie.exe?RevShareID=glantern&returnto=http://www.wow-videos.com From little at pussy.com Thu Dec 9 01:13:52 2004 From: little at pussy.com (Tha King) Date: Thu Dec 9 04:10:17 2004 Subject: [SpamCop-List] s'more Message-ID: http://signups.triplexcash.com/hit.php?w=105565&s=25&p=2 From no_spam at no.spam.com Thu Dec 9 10:38:20 2004 From: no_spam at no.spam.com (mdes) Date: Thu Dec 9 04:40:09 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: WazoO wrote: > "mdes" wrote in message > news:cp533e$2c0$1@news.spamcop.net... >> >> I sent 3 reports (6-dec 8:56, 7-dec 9:23 and 7-dec 20:43), and I >> received > no mail from SpamCop for reporting :( >> The last received report followed my mail on 5-dec 16:26. >> >> I know there are problems with the SpamCop server, but for 1.5 day ! > > And have you done any troubleshooting? Logging in on a > www.spamcop.net page for instance? Are there reports > waiting there to "Report Now" ... is there an indication > that e-mail to your registered e-mail account has been > bouncing ... have you checked the FAQ over in the > web-based Forum area that has a few entries dealing > with missed/lost/delayed e-mail ... did your ISP start > a new filtering process .... on and on ... You should better have replied: "See FAQ at http://forum.spamcop.net/forums/index.php?showtopic=1848" From no_spam at no.spam.com Thu Dec 9 11:03:06 2004 From: no_spam at no.spam.com (mdes) Date: Thu Dec 9 05:05:45 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: mdes wrote: > WazoO wrote: >> "mdes" wrote in message >> news:cp533e$2c0$1@news.spamcop.net... >>> >>> I sent 3 reports (6-dec 8:56, 7-dec 9:23 and 7-dec 20:43), and I >>> received >> no mail from SpamCop for reporting :( >>> The last received report followed my mail on 5-dec 16:26. >>> >>> I know there are problems with the SpamCop server, but for 1.5 day ! >> >> And have you done any troubleshooting? Logging in on a >> www.spamcop.net page for instance? Are there reports >> waiting there to "Report Now" ... is there an indication >> that e-mail to your registered e-mail account has been >> bouncing ... have you checked the FAQ over in the >> web-based Forum area that has a few entries dealing >> with missed/lost/delayed e-mail ... did your ISP start >> a new filtering process .... on and on ... > > You should better have replied: "See FAQ at > http://forum.spamcop.net/forums/index.php?showtopic=1848" But, in my preferences, there is no button to reset the bounce flag :( http://forum.spamcop.net/forums/index.php?showtopic=1848 says: | 3. If your login is successful, then (also noted in the above FAQ) | the issue may simply be that for some reason, your e-mail address | has been flagged as having bounced. Once flagged, SpamCop will | not waste any more time trying to send anything to that address. | Look through your settings here, looking for the option to reset this | flag by cicking on the _button_. From nobody at spamcop.net Thu Dec 9 06:30:44 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Dec 9 06:30:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: "PeterJ" wrote in message news:cp8d5s$5nb$1@news.spamcop.net... > > > Off to check my PayPal "notification" settings. > > > > Well, turns out that my "notification" settings were as Cat described, > set to only email me when a payment is made/received and such. I did > notice this at the bottom of PayPal's notification page: > > > *PayPal reserves the right to contact our users regarding important > product or policy announcements. > > > I think it is a stretch to qualify PayPal's recent ", > See the Great Deals at PayPal Shops" emails in this category. It is not > a policy announcement, but perhaps could be very weakly argued a > "product announcement." My guess is they will continue to get reported > and I PayPal should seriously consider elaborating on the caveat above. I had to use Paypal to buy something on line. It very definitely said I didn't have to have a paypal account in order to use my credit card. I don't need paypal and did not set up an account. And I got the email. So I can't even check my preferences because I don't have an account. Miss Betsy From hwolfe at spamcop.net Thu Dec 9 05:49:13 2004 From: hwolfe at spamcop.net (Herb Wolfe) Date: Thu Dec 9 06:50:03 2004 Subject: [SpamCop-List] Re: false positives/negatives In-Reply-To: References: Message-ID: Herb Wolfe wrote: > Lately, the last few weeks or so, it seems a lot of messages have been > marked wrong by spamcop. I've had a couple of messages slip through, and > then sometimes a dozen or more similar, if not identical messages, that > are marked spam. I have also had a few marked spam, that I don't know > why they are, that accidentally get reported before I can whitelist > them. I get hundreds of pieces of mail daily, and it isn't possible to > look at each and every one. Can someone offer an explanation or advice? > > ~herb It looks like my only option is to change raise the Spamassassin filter level, letting more junk come through, to avoid legit email getting marked as spam. It would be nice if there was an option to whitelist a sender that did get through the filter, so that they don't get marked as spam in a later message, which has been my problem lately. From nobody at xyzzy.claranet.de Thu Dec 9 15:00:27 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Dec 9 09:05:12 2004 Subject: [SpamCop-List] Re: What is munged in this report? References: Message-ID: <41B85A7B.21F8@xyzzy.claranet.de> Fred K wrote: > I did not go to the preference for advanced users, since I > consider myself still wet behind the ears as far as spam and > it's intricacies is concerned. The "advanced" stuff is rather harmless, see Mike's answer. You could select "always unmunged". If you have JavaScript enabled in your browser (and _that_ is dangerous), then you don't need this option, you can decide it on a case by case base. I simply use the default ("munged") and only switch to "unmunged" in cases like the German Nazi spam (earthlink is the hoster of many Nazi sites) when I'm very annoyed. You could select "3rd party reports default off". I really considered it, the private eye digging through my spam is a royal PITA, but OTOH I'm a "free" reporter, and Julian needs cash for his service. Therefore I kept the "default on". Finally there's the "screen name", which is in fact the name used in your spam reports. Anonymous cowards can do whatever they like, I used my name. So far no spammers tried to kill me, but YMMV. SpamCop reports are not directly about getting less spam. They help others to fight spam (white hats evaluating SC reports, or mailers using the SC black list, or SURBL listing spamvertized URLs, or SpamAssassin using SCBL and SURBL, etc.) Mike's description of a sport was nice, maybe a fox hunt, and we're the bloodhounds. Bye, Frank From spamcopdeputy at cox.net Thu Dec 9 08:31:40 2004 From: spamcopdeputy at cox.net (Andy P. Jung) Date: Thu Dec 9 09:35:03 2004 Subject: [SpamCop-List] Viagra Cialis Spam Message-ID: Would forwarding Viagra spam to Pfizer get them to go after those bastards for trademark infringement? The same applies to Cialis. How about Microsoft on pirated software Spam? -- Andy P. Jung Metairie, Louisiana U.S.A. (Home of Senator Elect David Vitter) http://www.JungWorld.com/ To reply via e-mail, please visit my web site. From MikeE at ster.invalid Thu Dec 9 07:17:43 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 10:20:02 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: Miss Betsy wrote: > I had to use Paypal to buy something on line. It very definitely > said I didn't have to have a paypal account in order to use my > credit card. I don't need paypal and did not set up an account. > And I got the email. So I can't even check my preferences because > I don't have an account. PayPal may be adopting the 'congressional' attitude as voiced in 'you can spam' act, that if the spam is can spam compliant then it is legal and they should be doing it. The latest salvo in the legal mainsleaze spam experience. I guess you should unsubscribe ;-) ... that's what your congresscritters and their pals at the DMA think. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 9 07:30:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 10:35:02 2004 Subject: [SpamCop-List] Re: false positives/negatives References: Message-ID: Herb Wolfe wrote: > It would be nice if there was an option to whitelist a sender that did > get through the filter, so that they don't get marked as spam in a > later message, which has been my problem lately. Disclaimer: I've never seen the inside of spamcop mail, I just know what I read on the 'outside' around here and the forum information There is an option to whitelist a sender; and a whitelisted sender rule 'should' be configured to disregard any rules after that, and there's also the issue of the order of the rules. Here's a forum entry for Q: None of my personal filters are working. http://forum.spamcop.net/forums/index.php?showtopic=2321 -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Dec 9 09:52:16 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Dec 9 10:55:02 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: "mdes" wrote in message news:cp97uq$kuu$1@news.spamcop.net... > > > > You should better have replied: "See FAQ at > > http://forum.spamcop.net/forums/index.php?showtopic=1848" Noting that this one item was just one of the "look at this" list I started with. But glad I included one that held the key. > But, in my preferences, there is no button to reset the bounce flag :( > > http://forum.spamcop.net/forums/index.php?showtopic=1848 says: > | 3. If your login is successful, then (also noted in the above FAQ) > | the issue may simply be that for some reason, your e-mail address > | has been flagged as having bounced. Once flagged, SpamCop will > | not waste any more time trying to send anything to that address. > | Look through your settings here, looking for the option to reset this > | flag by cicking on the _button_. Can't really help you there, as I don't use the e-mail thing. However, noting that at the bottom of that FAQ entry, it says; [Edited by Wazoo 2004/06/19 to include Navigatr1's experience with the bounce flag.] There's been a lot of changes to the web-page layout since then. If you find the "right thing" to flip the flag, I'll be glad to update that FAQ entry with a better / current description. From kchuplis at nospamalltel.net Thu Dec 9 10:27:21 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 11:25:02 2004 Subject: [SpamCop-List] Why am I being blocked!!!!!!!! Message-ID: I have one list I have been on and also a University I TEACH FOR and today I am getting my mail back as undeliverable due to SPAM COP. This is making me EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, really, angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP besides this forum and THAT is making me MORE angry. Please, someone from your admin REPLY. Extremely disgruntled Karen Chuplis From dfm2a3l0t2 at spymac.com Thu Dec 9 11:37:21 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Dec 9 11:40:03 2004 Subject: [SpamCop-List] Re: Viagra Cialis Spam References: Message-ID: In article , "Andy P. Jung" wrote: > Would forwarding Viagra spam to Pfizer get them to go after those bastards > for trademark infringement? The same applies to Cialis. How about Microsoft > on pirated software Spam? I don't know about the drug companies, but Micro$oft wants the software spam. If you're in the U.S., forward it to: piracy@microsoft.com -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From somewhat at odds.tld Thu Dec 9 16:40:19 2004 From: somewhat at odds.tld (Derek T) Date: Thu Dec 9 11:45:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Karen wrote: > I have one list I have been on and also a University I TEACH FOR and today I > am getting my mail back as undeliverable due to SPAM COP. This is making me > EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, really, > angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of > disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP > besides this forum and THAT is making me MORE angry. Please, someone from > your admin REPLY. > > Extremely disgruntled > Karen Chuplis > > please post the IP of the server you allege is 'blocked' then we might be of some help. o/w please post the whole text of the rejection message. You will find help aplenty here: http://forum.spamcop.net/forums/index.php?showforum=3 From mfkmek820 at yahoo.com Thu Dec 9 07:57:18 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 9 12:10:04 2004 Subject: [SpamCop-List] Re: s'more References: Message-ID: "Tha King" wrote in message news:cp94n3$inm$1@news.spamcop.net... > http://signups.triplexcash.com/hit.php?w=105565&s=25&p=2 > Are we being spammed? I think so Fred k From no_spam at no.spam.com Thu Dec 9 18:04:38 2004 From: no_spam at no.spam.com (mdes) Date: Thu Dec 9 12:10:13 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: WazoO wrote: > "mdes" wrote in message > news:cp97uq$kuu$1@news.spamcop.net... >>> >>> You should better have replied: "See FAQ at >>> http://forum.spamcop.net/forums/index.php?showtopic=1848" > > Noting that this one item was just one of the "look at this" list > I started with. But glad I included one that held the key. > >> But, in my preferences, there is no button to reset the bounce flag >> :( >> >> http://forum.spamcop.net/forums/index.php?showtopic=1848 says: >>> 3. If your login is successful, then (also noted in the above FAQ) >>> the issue may simply be that for some reason, your e-mail address >>> has been flagged as having bounced. Once flagged, SpamCop will >>> not waste any more time trying to send anything to that address. >>> Look through your settings here, looking for the option to reset >>> this flag by cicking on the _button_. > > Can't really help you there, as I don't use the e-mail thing. > However, noting that at the bottom of that FAQ entry, it says; > [Edited by Wazoo 2004/06/19 to include Navigatr1's experience with the > bounce flag.] > > There's been a lot of changes to the web-page layout since > then. If you find the "right thing" to flip the flag, I'll be > glad to update that FAQ entry with a better / current > description. --- >If you find the "right thing" Does anybody has an idea to find it in http://www.spamcop.net/mcgi?action=showadvanced ? Not me :( From mfkmek820 at yahoo.com Thu Dec 9 08:12:55 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 9 12:15:03 2004 Subject: [SpamCop-List] Minor SC change Message-ID: At some convenient time I request consideration for a minor change. When I paste an address in the window for SC to resolve, often it comes back with more than one address. If I copy, lets say 2 addys that were given, and paste into the user report window, only the first one shows up in the window. I believe that is caused by the CR/LF between the addys. Why not put multiple addys in one line with a comma seperator. This would then allow pasting of up to the four addys into the user report window without having to do a workaround. Fred k From kchuplis at nospamalltel.net Thu Dec 9 11:47:32 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 12:45:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Derek T" wrote in message news:cp9v58$26r$1@news.spamcop.net... > Karen wrote: > > I have one list I have been on and also a University I TEACH FOR and today I > > am getting my mail back as undeliverable due to SPAM COP. This is making me > > EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, really, > > angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of > > disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP > > besides this forum and THAT is making me MORE angry. Please, someone from > > your admin REPLY. > > > > Extremely disgruntled > > Karen Chuplis > > > > > please post the IP of the server you allege is 'blocked' then we might > be of some help. o/w please post the whole text of the rejection message. > > You will find help aplenty here: > > http://forum.spamcop.net/forums/index.php?showforum=3 Here are the ones I got back today: This is the Postfix program at host duck.inebraska.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program : host a.mx.saintleo.edu[199.44.215.33] said: 591 your host [199.184.119.13] is blacklisted by bl.spamcop.net - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) And This is the Postfix program at host duck.inebraska.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program : host a.mx.saintleo.edu[199.44.215.33] said: 591 your host [199.184.119.13] is blacklisted by bl.spamcop.net - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) : host a.mx.saintleo.edu[199.44.215.33] said: 591 your host [199.184.119.13] is blacklisted by bl.spamcop.net - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO And This is the Postfix program at host duck.inebraska.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program : host imagicomm.com[128.121.220.147] said: 553 5.3.0 Rejected - see http://spamcop.net/bl.shtml? 199.184.119.13 (in reply to MAIL FROM command) From MikeE at ster.invalid Thu Dec 9 09:53:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 12:55:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: 199.184.119.13 rDNS duck.inebraska.com output server SCbl listed, no other listings. I predict out of office autoresponders hitting spamtraps. Let's see what Ellen sez. -- Mike Easter kibitzer, not SC admin From spamcop at bas.kookt.nl Thu Dec 9 18:55:47 2004 From: spamcop at bas.kookt.nl (basalk) Date: Thu Dec 9 13:00:02 2004 Subject: [SpamCop-List] Re: Viagra Cialis Spam References: Message-ID: "Andy P. Jung" schreef in bericht news:cp9nk5$t9v$1@news.spamcop.net... > Would forwarding Viagra spam to Pfizer get them to go after those bastards > for trademark infringement? I read in a webnews article somewhere that Pfitzer wants to sue Viagra spammers. They did not need the actual spam it said. Today I read that 60% of all email is spam (at least) so I guess most spammers have the email adress of Pfitzer and spam them too. Bas --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 8-12-2004 From nobody at spamcop.net Thu Dec 9 13:01:48 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 9 13:05:03 2004 Subject: [SpamCop-List] Re: Minor SC change References: Message-ID: "Fred K" wrote in message news:cpa13d$3sa$1@news.spamcop.net... | At some convenient time I request consideration for a minor change. | When I paste an address in the window for SC to resolve, often it comes back | with more than one address. If I copy, lets say 2 addys that were given, and | paste into the user report window, only the first one shows up in the | window. I believe that is caused by the CR/LF between the addys. Why not put | multiple addys in one line with a comma seperator. This would then allow | pasting of up to the four addys into the user report window without having | to do a workaround. | | Fred k | | It looks like you're talking about OE6? If so, how are you doing the copy operation? I often copy that way when I manually LART and have no problem with it. Sometimes the cr/lf -looks- funny because the cr/lf's carry into the address window and it becomes a column of addresses instead of on one row/line, but they still work fine and are interpreted properly by the mail client when I click Send. Maybe you're not noticing they're in a column instead of in a row? Or have I misunderstood? Just my guess Pop From baloo at ursine.dyndns.org Thu Dec 9 10:06:27 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 13:10:04 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: <1102615588.26282@ursine.dyndns.org> Karen wrote: > I have one list I have been on and also a University I TEACH FOR and today > I am getting my mail back as undeliverable due to SPAM COP. Read more carefully. They're being blocked by those site administrators, they're just failing to set their own reject message taking blame for their own actions. Spamcop didn't have anything to do with your message being blocked. > This is making > me EXCEPTIONALLY CROSS. Direct it to postmaster@, not us. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From nobody at spamcop.net Thu Dec 9 13:06:43 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 9 13:10:13 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Mike Easter" wrote in message news:cpa3eg$59l$1@news.spamcop.net... ... | I predict out of office autoresponders hitting spamtraps. | ... Dumb question: Spamtraps never send mail; how would an auto-responder send mail to a spamtrap? Just curious what I'm missing, Pop From nobody at spamcop.net Thu Dec 9 13:12:47 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 9 13:15:03 2004 Subject: [SpamCop-List] Re: PayPal mssg NOT spam References: Message-ID: "Mike Easter" wrote in message news:cp9qa6$uuj$1@news.spamcop.net... ... | ... that's what your congresscritters and their pals at the DMA think. | | -- | Mike Easter | kibitzer, not SC admin Please, watch your language! "congresscritters" and "DMA"! Man, how rude! 16 and 3 letter utterences are unappreciated by some sensitive folk. I hate to say so, but your comment just makes way too much sense of a logical, expected outcome that only those (place crude words here) could think they were useful. It's one of those "only a mother could love.." situations. Hmm, am I becoming a copy-kibitizer? Oh, jeez! Nah, I wouldn't ... uhhh, errrr, ... . Pop From mfkmek820 at yahoo.com Thu Dec 9 09:13:01 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 9 13:15:12 2004 Subject: [SpamCop-List] Re: Minor SC change References: Message-ID: "Pop" wrote in message news:cpa3uc$5oo$1@news.spamcop.net... > > "Fred K" wrote in message > news:cpa13d$3sa$1@news.spamcop.net... > | At some convenient time I request consideration for a minor > change. > It looks like you're talking about OE6? If so, how are you doing > the copy operation? I often copy that way when I manually LART > and have no problem with it. Sometimes the cr/lf -looks- funny > because the cr/lf's carry into the address window and it becomes > a column of addresses instead of on one row/line, but they still > work fine and are interpreted properly by the mail client when I > click Send. Maybe you're not noticing they're in a column > instead of in a row? > Or have I misunderstood? > > Just my guess > > Pop I have no problem in the OE window. The problem is on the SC "User report" window only. Fred k From nobody at spamcop.net Thu Dec 9 10:19:21 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 13:20:02 2004 Subject: [SpamCop-List] How long should nag screen nag? Message-ID: How long should one have to wait for the nag screen? It keeps presenting " click reload if this page does not refresh automatically in 7 seconds. " Well it does keep refreshing every 7 seconds, but keeps displaying " click reload if this page does not refresh automatically in 7 seconds. " This goes on for 5 minutes before the results are presented. I use M$ Outlook so I have to report indvidual spams and they are growing daily. I do not have all day to report 10 messages. From nobody at spamcop.net Thu Dec 9 10:24:09 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 13:25:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: "Paul Johnson" wrote in message news:1102615588.26282@ursine.dyndns.org... > Karen wrote: > >> I have one list I have been on and also a University I TEACH FOR and >> today >> I am getting my mail back as undeliverable due to SPAM COP. > > Read more carefully. They're being blocked by those site administrators, > they're just failing to set their own reject message taking blame for > their > own actions. Spamcop didn't have anything to do with your message being > blocked. > HUH?? host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) That is not spamcp??? >> This is making >> me EXCEPTIONALLY CROSS. > > Direct it to postmaster@, not us. > > -- > Paul Johnson > baloo@ursine.dyndns.org > http://ursine.dyndns.org/ From pete at heypete.com Thu Dec 9 10:22:38 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 13:25:12 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , "Pop" wrote: > Dumb question: Spamtraps never send mail; how would an > auto-responder send mail to a spamtrap? It wouldn't, but it's possible that a third party might get infected with a virus, the virus spews out mail to the auto-responder with a "From" address forging the address of the spamtrap. The auto-responding system replies to the message, not knowing it's sending to a spamtrap and the spamtrap then lists the auto-responding system. I get gobs of bounce messages and "You're infected with a virus!"[1] messages that purport to be from me but are mere forgeries. > Just curious what I'm missing, Hope this helps. [1] I run Mac OS X and Red Hat Linux. Both systems have updated anti-virus software on them. The odds of me having any of the viruses described in the error messages (every single one being a Windows virus) are nil. Stupid software. -- Pete Stephenson HeyPete.com From pete at heypete.com Thu Dec 9 10:25:10 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 13:30:05 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: In article , "TheWanderer" wrote: > HUH?? > > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - > contact your IT or > ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) > > That is not spamcp??? It is indeed, however SpamCop is not intercepting the mail to block it. Rather, the site administrator (presumably saintleo.edu) is utilizing SpamCop's list to help filter incoming mail. The responsibility of how SpamCop's list is used lies solely with the administrator using SpamCop's list. SpamCop is not interposing itself into anyone's email communications (with the exception of paying customers of SpamCop's email services) -- the administrator of the receiving system is responsible. Cheers! -- Pete Stephenson HeyPete.com From TJLWBECGSGWU at spammotel.com Thu Dec 9 18:27:00 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Thu Dec 9 13:30:15 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: On Thu, 9 Dec 2004 13:06:43 -0500, "Pop" wrote: >"Mike Easter" wrote in message >news:cpa3eg$59l$1@news.spamcop.net... >... >| I predict out of office autoresponders hitting spamtraps. >... > >Dumb question: Spamtraps never send mail; how would an >auto-responder send mail to a spamtrap? The same way you might receive bounces and such for mail you never sent: a spambot or worm used your address as the return path. -- Mat. From nobody at spamcop.net Thu Dec 9 13:32:39 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 9 13:35:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Pete Stephenson" wrote in message news:pete-F556F1.10223809122004@news.cesmail.net... | In article , "Pop" | wrote: | | > Dumb question: Spamtraps never send mail; how would an | > auto-responder send mail to a spamtrap? | | It wouldn't, but it's possible that a third party might get infected | with a virus, the virus spews out mail to the auto-responder with a | "From" address forging the address of the spamtrap. | | The auto-responding system replies to the message, not knowing it's | sending to a spamtrap and the spamtrap then lists the auto-responding | system. | | I get gobs of bounce messages and "You're infected with a virus!"[1] | messages that purport to be from me but are mere forgeries. | | > Just curious what I'm missing, | | Hope this helps. | | [1] I run Mac OS X and Red Hat Linux. Both systems have updated | anti-virus software on them. The odds of me having any of the viruses | described in the error messages (every single one being a Windows virus) | are nil. Stupid software. | | -- | Pete Stephenson | HeyPete.com Duh! Thanks. Kind of obvious now. Like I said, dumb question! -;'-]. Pop From David1 at suescornerweb.com Thu Dec 9 13:36:51 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 13:40:03 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 In-Reply-To: References: Message-ID: mdes wrote: > WazoO wrote: > >>"mdes" wrote in message >>news:cp533e$2c0$1@news.spamcop.net... >> >>>I sent 3 reports (6-dec 8:56, 7-dec 9:23 and 7-dec 20:43), and I >>>received >> >>no mail from SpamCop for reporting :( >> >>>The last received report followed my mail on 5-dec 16:26. >>> >>>I know there are problems with the SpamCop server, but for 1.5 day ! >> >>And have you done any troubleshooting? Logging in on a >>www.spamcop.net page for instance? Are there reports >>waiting there to "Report Now" ... is there an indication >>that e-mail to your registered e-mail account has been >>bouncing ... have you checked the FAQ over in the >>web-based Forum area that has a few entries dealing >>with missed/lost/delayed e-mail ... did your ISP start >>a new filtering process .... on and on ... > > > You should better have replied: "See FAQ at http://forum.spamcop.net/forums/index.php?showtopic=1848" > > & added to my collection I thank you David 1 From nobody at spamcop.net Thu Dec 9 13:35:38 2004 From: nobody at spamcop.net (Pop) Date: Thu Dec 9 13:40:15 2004 Subject: [SpamCop-List] Re: Minor SC change References: Message-ID: "Fred K" wrote in message news:cpa4mb$6dp$1@news.spamcop.net... | | "Pop" wrote in message | news:cpa3uc$5oo$1@news.spamcop.net... | > | > "Fred K" wrote in message | > news:cpa13d$3sa$1@news.spamcop.net... | > | At some convenient time I request consideration for a minor | > change. ... | > Or have I misunderstood? | > | > Just my guess | > | > Pop | I have no problem in the OE window. The problem is on the SC "User report" | window only. | | Fred k ... Ah! I see; sorry for the bw waste. Pop From nobody at spamcop.net Thu Dec 9 10:39:15 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 13:40:20 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: "Pete Stephenson" wrote in message news:pete-FE6778.10251009122004@news.cesmail.net... > In article , > "TheWanderer" wrote: > >> HUH?? >> >> host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - >> contact your IT or >> ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) >> >> That is not spamcp??? > > It is indeed, however SpamCop is not intercepting the mail to block it. > Rather, the site administrator (presumably saintleo.edu) is utilizing > SpamCop's list to help filter incoming mail. > > The responsibility of how SpamCop's list is used lies solely with the > administrator using SpamCop's list. > Yes but it is spamcop who makes the list. > SpamCop is not interposing itself into anyone's email communications > (with the exception of paying customers of SpamCop's email services) -- > the administrator of the receiving system is responsible. > > Cheers! > > -- > Pete Stephenson > HeyPete.com From David1 at suescornerweb.com Thu Dec 9 13:41:47 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 13:45:08 2004 Subject: [SpamCop-List] Re: false positives/negatives In-Reply-To: References: Message-ID: Mike Easter wrote: > Herb Wolfe wrote: > >>It would be nice if there was an option to whitelist a sender that did >>get through the filter, so that they don't get marked as spam in a >>later message, which has been my problem lately. > > > Disclaimer: I've never seen the inside of spamcop mail, I just know > what I read on the 'outside' around here and the forum information > > There is an option to whitelist a sender; and a whitelisted sender rule > 'should' be configured to disregard any rules after that, and there's > also the issue of the order of the rules. > > Here's a forum entry for Q: None of my personal filters are working. > http://forum.spamcop.net/forums/index.php?showtopic=2321 > Thank You for that answer David 1 From 9ucs5y001 at sneakemail.com Thu Dec 9 10:40:42 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Thu Dec 9 13:45:21 2004 Subject: [SpamCop-List] Feature request: Blocking List tab added to main member (cookie logon) page Message-ID: The non-logged-in home page has it and I use it almost as much as the "Report Spam" tab*. Can it be added to the member page as well? In addition, moving "Mailhosts" to the "Preferences" page would be fine as well--I very rarely need to go there and it just wastes space. The order I would like to see is: _____________ _______________ ______________ ____________ _____________ | Report Spam | | Blocking List | | Past Reports | | Statistics | | Preferences | Thanks, DS * I take perverse pleasure in checking to see if I am the first or second reporter on an IP address. :) From pete at heypete.com Thu Dec 9 10:43:27 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 13:45:26 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: In article , "TheWanderer" wrote: > Yes but it is spamcop who makes the list. So? I can make a list of the license plates of cars that have cut me off in traffic and publish it. If someone were to take that list and slash the tires of cars with those license plates, would you blame me for slashing the tires? Surely not -- you'd blame the person with the knife. SpamCop merely publishes a list of IP addresses that meet criteria listed on its website. If someone, like this particular school, would like to refuse mail outright from listed systems, that's their choice. Many use the SpamCop list to simply "tag" spam so that end-users can filter it with their mail client while others use it to refuse mail outright. What people do with SpamCop's list is their own responsibility. -- Pete Stephenson HeyPete.com From David1 at suescornerweb.com Thu Dec 9 13:45:19 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 13:45:32 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Derek T wrote: > Karen wrote: > >> I have one list I have been on and also a University I TEACH FOR and >> today I >> am getting my mail back as undeliverable due to SPAM COP. This is >> making me >> EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, >> really, >> angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of >> disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP >> besides this forum and THAT is making me MORE angry. Please, someone from >> your admin REPLY. >> >> Extremely disgruntled >> Karen Chuplis >> >> > please post the IP of the server you allege is 'blocked' then we might > be of some help. o/w please post the whole text of the rejection message. > > You will find help aplenty here: > > http://forum.spamcop.net/forums/index.php?showforum=3 thank you for pointing me here, today has been a good day David 1 From TJLWBECGSGWU at spammotel.com Thu Dec 9 18:47:56 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Thu Dec 9 13:50:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: On Thu, 9 Dec 2004 10:39:15 -0800, "TheWanderer" wrote: >"Pete Stephenson" wrote in message >news:pete-FE6778.10251009122004@news.cesmail.net... > >> The responsibility of how SpamCop's list is used lies solely with the >> administrator using SpamCop's list. > >Yes but it is spamcop who makes the list. Yes but spammers lie, spammers share space with non-spammers, and SpamCop and its users make mistakes. A SpamCop listing is a good indicator of spamminess, not a guarantee. -- Mat. From mfkmek820 at yahoo.com Thu Dec 9 09:50:10 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 9 13:55:04 2004 Subject: [SpamCop-List] Trustwatch Message-ID: Neat add on to IE, to let you know if the website is good, unverified or verified as bad http://www.trustwatch.com/ Fred K From 9ucs5y001 at sneakemail.com Thu Dec 9 10:52:03 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Thu Dec 9 13:55:13 2004 Subject: [SpamCop-List] What does "(SIMPLE)" mean in the report history log? Message-ID: For instance, on this page: http://www.spamcop.net/mcgi?action=showhistory;slice=issueid;val=12136825 It seems to be something new in the last month or so and I probably missed something germane to this somewhere on the website or in the fine FAQ. Thanks in advance, DS From dannyg at dannyg.com Thu Dec 9 10:56:57 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Thu Dec 9 13:58:41 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: <200412091830.iB9IUIdw089387@dannyg.com> Message-ID: on 12/9/04 10:30 AM, spamcop-list-request@news.spamcop.net wrote: > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - There should be a concerted effort on the part of BL suppliers to educate their subscribing ISPs to word their bounces/rejects in a way that is informative rather than accusatory. I'm sure a lot of folks getting these things have no idea what a BL is or how admins use them. How could such a person draw a conclusion _other_ than some BL is doing the actual blocking when the message is like the one above? Then s/he comes here (commonly with a bundle of exclamation points) and is told, just the opposite. Even more confusion. Danny http://www.dannyg.com http://www.spamwars.com From Merlyn at Spamcop.net Thu Dec 9 13:56:03 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 9 14:00:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Karen" wrote in message news:cp9u3t$1kh$1@news.spamcop.net... >I have one list I have been on and also a University I TEACH FOR and today >I > am getting my mail back as undeliverable due to SPAM COP. This is making > me > EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, > really, > angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of > disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP > besides this forum and THAT is making me MORE angry. Please, someone from > your admin REPLY. > > Extremely disgruntled > Karen Chuplis > Spamcop did not block your email. The administrator of the system you sent your email to blocked you. 199.184.119.13 = duck.inebraska.com which is also http://webmail.inebraska.com/ Have your Administrator at inebraska.com find the culprit on their system. I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes. If you want to get angry then get angry at the spammers that have created this situation and almost made email unusable. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Thu Dec 9 13:54:20 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 14:00:14 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Mike Easter" wrote in message news:cpa3eg$59l$1@news.spamcop.net... > 199.184.119.13 rDNS duck.inebraska.com > output server > > SCbl listed, no other listings. > > I predict out of office autoresponders hitting spamtraps. > > Let's see what Ellen sez. > Ellen sez: I spent some time on the phone with the ISP yesterday and they are aware of the problem which is, mostly, that their C/R system is beating up the spamtraps. Ellen From pete at heypete.com Thu Dec 9 10:57:53 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 14:00:20 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , "Merlyn" wrote: > nude 40 year old teenage sluts Do I even want to know how that could possibly remotely possible? On second thought, I'd prefer not to. -- Pete Stephenson HeyPete.com From nobody at spamcop.net Thu Dec 9 11:05:21 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 14:05:03 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "Fred K" wrote in message news:cpa6pc$94v$1@news.spamcop.net... > Neat add on to IE, to let you know if the website is good, unverified or > verified as bad > http://www.trustwatch.com/ Only IE? The world does not revolve around IE as M$ would hoped it would when it put the globe circling around IE some time ago. TW > > Fred K > > > > From please_reply_to_newsgroup at something.com Thu Dec 9 19:29:50 2004 From: please_reply_to_newsgroup at something.com (Paul D) Date: Thu Dec 9 14:30:04 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: Hello all! Thank you again for your replies. There is a *possibility* that my problem may be caused by BlackIce running on my machine. I haven't had enough spam lately to completely test this theory, but I will certainly let you know my findings in due course. Thank you for the work you've done to investigate the issues, especially Mike. Kind regards Paul From kchuplis at nospamalltel.net Thu Dec 9 13:37:46 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 14:35:07 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: "Paul Johnson" wrote in message news:1102615588.26282@ursine.dyndns.org... > Karen wrote: > > > I have one list I have been on and also a University I TEACH FOR and today > > I am getting my mail back as undeliverable due to SPAM COP. > > Read more carefully. They're being blocked by those site administrators, > they're just failing to set their own reject message taking blame for their > own actions. Spamcop didn't have anything to do with your message being > blocked. > > > This is making > > me EXCEPTIONALLY CROSS. > > Direct it to postmaster@, not us. > > -- > Paul Johnson > baloo@ursine.dyndns.org > http://ursine.dyndns.org/ I've directed it to both. Of course, directing it at the postmaster of the site that blocked me just bouces back. And I've talked to the list minder, they say they can't do anything. So I guess "nobody is to blame". Bleh. Whatever. From kchuplis at nospamalltel.net Thu Dec 9 13:38:51 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 14:35:25 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: "Pete Stephenson" wrote in message news:pete-FE6778.10251009122004@news.cesmail.net... > In article , > "TheWanderer" wrote: > > > HUH?? > > > > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - > > contact your IT or > > ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) > > > > That is not spamcp??? > > It is indeed, however SpamCop is not intercepting the mail to block it. > Rather, the site administrator (presumably saintleo.edu) is utilizing > SpamCop's list to help filter incoming mail. > > The responsibility of how SpamCop's list is used lies solely with the > administrator using SpamCop's list. > > SpamCop is not interposing itself into anyone's email communications > (with the exception of paying customers of SpamCop's email services) -- > the administrator of the receiving system is responsible. > > Cheers! So I have to *phone* them and try to find the right person to talk to since they are blocking. It's a vicious circle. From spamcop at 1bigthink.com Thu Dec 9 14:54:08 2004 From: spamcop at 1bigthink.com (spamcop) Date: Thu Dec 9 14:52:53 2004 Subject: [SpamCop-List] Re: Trustwatch In-Reply-To: References: Message-ID: <6.1.2.0.0.20041209145247.0a186738@mx.1bigthink.com> At 02:05 PM 12/9/2004, you wrote: > > Neat add on to IE, to let you know if the website is good, unverified or > > verified as bad > > http://www.trustwatch.com/ > >Only IE? The world does not revolve around IE as M$ would hoped it would >when it put the globe circling around IE some time ago. > >TW Agreed! The world is drifting away from IE. It's now time to write compliant HTML, not M$ HTML. G -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com -------------- next part -------------- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.807 / Virus Database: 549 - Release Date: 12/7/2004 From tmcgraw at spamcop.net Thu Dec 9 11:53:53 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 9 14:55:04 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: <1102615588.26282@ursine.dyndns.org> Message-ID: TheWanderer wrote: > Pete Stephenson wrote: >>TheWanderer wrote: >> >>>host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - >>>contact your IT or >>>ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) >>> >>>That is not spamcp??? >> >>It is indeed, however SpamCop is not intercepting the mail to block it. >> >> > > Yes but it is spamcop who makes the list. But it is 199.184.119.13 that is abusing the Internet, hence the need for spamcop to make a list. From kchuplis at nospamalltel.net Thu Dec 9 13:59:08 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 14:55:16 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Merlyn" wrote in message news:cpa743$9e8$1@news.spamcop.net... > "Karen" wrote in message > news:cp9u3t$1kh$1@news.spamcop.net... > >I have one list I have been on and also a University I TEACH FOR and today > >I > > am getting my mail back as undeliverable due to SPAM COP. This is making > > me > > EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, > > really, > > angry over this. I have done NOTHING and yet SPAM COP is causing a LOT of > > disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP > > besides this forum and THAT is making me MORE angry. Please, someone from > > your admin REPLY. > > > > Extremely disgruntled > > Karen Chuplis > > > > Spamcop did not block your email. > > The administrator of the system you sent your email to blocked you. > > 199.184.119.13 = duck.inebraska.com which is also > http://webmail.inebraska.com/ > > Have your Administrator at inebraska.com find the culprit on their system. > > I think you would agree with me that everyone is tired of receiving mortgage > quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old > teenage sluts, Viagra, vacation, lottery, prescription drug, business > opportunities, genealogical, university degrees, gambling, get rich quick, > MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, > pirated software and everything else that is force fed into our inboxes. > > If you want to get angry then get angry at the spammers that have created > this situation and almost made email unusable. > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided > I use a delete key. Much less frustrating than being blocked with legititmate business. As I noted before, since I cannot contact the school by email (because am blocked) I now have to take time out to call and track down someone. To each his own. I would rather have to delete spam than waste my time doing this. From tmcgraw at spamcop.net Thu Dec 9 11:54:43 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 9 14:55:21 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Danny Goodman wrote: > > There should be a concerted effort on the part of BL suppliers to educate > their subscribing ISPs to word their bounces/rejects in a way that is > informative rather than accusatory. I'm sure a lot of folks getting these > things have no idea what a BL is or how admins use them. How could such a > person draw a conclusion _other_ than some BL is doing the actual blocking > when the message is like the one above? Then s/he comes here (commonly with > a bundle of exclamation points) and is told, just the opposite. Even more > confusion. Done - to death - on nanae. From tmcgraw at spamcop.net Thu Dec 9 11:55:25 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 9 15:00:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: <1102615588.26282@ursine.dyndns.org> Message-ID: Karen wrote: > > So I have to *phone* them and try to find the right person to talk to since > they are blocking. Ah, the telephone. I remember it well. From kchuplis at nospamalltel.net Thu Dec 9 14:00:42 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 15:00:15 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Danny Goodman" wrote in message news:mailman.30.1102618721.4572.spamcop-list@news.spamcop.net... > on 12/9/04 10:30 AM, spamcop-list-request@news.spamcop.net wrote: > > > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - > > > There should be a concerted effort on the part of BL suppliers to educate > their subscribing ISPs to word their bounces/rejects in a way that is > informative rather than accusatory. I'm sure a lot of folks getting these > things have no idea what a BL is or how admins use them. How could such a > person draw a conclusion _other_ than some BL is doing the actual blocking > when the message is like the one above? Then s/he comes here (commonly with > a bundle of exclamation points) and is told, just the opposite. Even more > confusion. > > > Danny > http://www.dannyg.com > http://www.spamwars.com > > I think that is what angers me the most. I had to bop all over figuring out what spamcop does etc. wasting my time. I will stop posting here because it is also taking time, but it is the only place I could find on the site where I might actually ask a question. From tmcgraw at spamcop.net Thu Dec 9 11:58:41 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 9 15:00:22 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Karen wrote: > > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. To each his own. I would rather have to delete spam than waste > my time doing this. With all due respect, some people receive more email than they can hit the delete key all day with all the time in the world. The fault seems to be your email provider's challenge/response system, which is sending email to addresses that never communicated with any other email address nor signed up to receive anything. In other words, your provider is abusing the Internet. We (tinw) don't like that. From tmcgraw at spamcop.net Thu Dec 9 11:59:48 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 9 15:00:28 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Karen wrote: > > I think that is what angers me the most. I had to bop all over figuring out > what spamcop does etc. wasting my time. I will stop posting here because it > is also taking time, but it is the only place I could find on the site where > I might actually ask a question. You got answers, too. Maybe not the ones you wanted, but there ya go. From Merlyn at Spamcop.net Thu Dec 9 15:06:13 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 9 15:10:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Karen" wrote in message news:cpaah1$c8o$1@news.spamcop.net... > [snipped] > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and > track > down someone. To each his own. I would rather have to delete spam than > waste > my time doing this. You don't have to use the delete key as much as others. Your administration uses it's challenge response system to refuse the spam and then then sent it to/spam another innocent victim that never sent it or asked for it. Your clueless ISP is part of the problem. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Thu Dec 9 15:07:31 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 15:10:13 2004 Subject: [SpamCop-List] Re: What does "(SIMPLE)" mean in the report history log? References: Message-ID: "DS" <9ucs5y001@sneakemail.com> wrote in message news:cpa6si$968$1@news.spamcop.net... > For instance, on this page: > http://www.spamcop.net/mcgi?action=showhistory;slice=issueid;val=12136825 > > It seems to be something new in the last month or so and I probably missed > something germane to this somewhere on the website or in the fine FAQ. > > Thanks in advance, > DS > It's other reports that don't count towards the bl. It is newish. Ellen From baloo at ursine.dyndns.org Thu Dec 9 12:17:15 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 15:20:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: <1102623435.559771@ursine.dyndns.org> Karen wrote: > I've directed it to both. Of course, directing it at the postmaster of the > site that blocked me just bouces back. Oh, I'm sorry. Sounds like the postmaster of the site that you're trying to send to is not only shifting the blame for his actions, but appears to be ignorant or incompetent, to boot. Sites are never supposed to reject mail for postmaster. > And I've talked to the list minder, > they say they can't do anything. So I guess "nobody is to blame". Bleh. No, the postmaster of the site you are trying to send to is always going to be responsible for mail rejected by that site, whether or not they're willing to take responsibility for their actions. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Thu Dec 9 12:18:32 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 15:20:12 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: <1102623512.419743@ursine.dyndns.org> Karen wrote: > I would rather have to delete spam > than waste my time doing this. Switch to an ISP that does not spam, and takes immediate action against customers that do, then. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From nobody at spamcop.net Thu Dec 9 15:20:10 2004 From: nobody at spamcop.net (indigo) Date: Thu Dec 9 15:25:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: Karen wrote: > I've directed it to both. Of course, directing it at the postmaster > of the site that blocked me just bouces back. And I've talked to the > list minder, they say they can't do anything. So I guess "nobody is > to blame". Bleh. Whatever. Surely someone is to blame -- but it's *your* IT group for using a challenge/response system in a lame attempt to control spam. From nobody at spamcop.net Thu Dec 9 15:20:46 2004 From: nobody at spamcop.net (indigo) Date: Thu Dec 9 15:25:16 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: Pete Stephenson wrote: > In article , > "Merlyn" wrote: > > > nude 40 year old teenage sluts > > Do I even want to know how that could possibly remotely possible? > > On second thought, I'd prefer not to. Dog years? ;-) From baloo at ursine.dyndns.org Thu Dec 9 12:22:20 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 15:25:22 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: <1102623740.802039@ursine.dyndns.org> TheWanderer wrote: > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - > contact your IT or > ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) > > That is not spamcp??? Not in the slightest. This is a portion of a bounce message that was set by the postmaster of the site that sent it that (improperly) blames Spamcop for mail rejected by their server. They need to stop mentioning Spamcop in their reject messages, it misleads people to believe that Spamcop had anything to do with that site's decision to use the BL as sole basis to reject messages. Nothing could be further from the truth: Spamcop advises against using the BL as terms for rejection. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Thu Dec 9 12:24:06 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 15:25:28 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: <1102623847.79918@ursine.dyndns.org> TheWanderer wrote: >> The responsibility of how SpamCop's list is used lies solely with the >> administrator using SpamCop's list. >> > > Yes but it is spamcop who makes the list. But Spamcop tells you *not* to use the list for rejection purposes. It's not spamcop's fault some postmasters refuse to heed that warning, then blame Spamcop for rejecting mail. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From nobody at spamcop.net Thu Dec 9 12:33:50 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 15:35:07 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "spamcop" wrote in message news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... > At 02:05 PM 12/9/2004, you wrote: >> > Neat add on to IE, to let you know if the website is good, unverified >> > or >> > verified as bad >> > http://www.trustwatch.com/ >> >>Only IE? The world does not revolve around IE as M$ would hoped it would >>when it put the globe circling around IE some time ago. >> >>TW > > Agreed! The world is drifting away from IE. > > It's now time to write compliant HTML, not M$ HTML. Well... An application like that would work off of Active X controls which only IE has and nobody else because it is M$ technology and insecure > > G > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > http://www.sng.ecs.soton.ac.uk/mailscanner/ > Configuration by Glenn Parsons dnsadmin-at-1bigthink.com > > -------------------------------------------------------------------------------- > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.807 / Virus Database: 549 - Release Date: 12/7/2004 > From nobody at spamcop.net Thu Dec 9 15:31:50 2004 From: nobody at spamcop.net (indigo) Date: Thu Dec 9 15:35:20 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: Fred K wrote: > Neat add on to IE, to let you know if the website is good, unverified > or verified as bad > http://www.trustwatch.com/ > > Fred K If'n ya ask me, it doesn't work. I plugged in http://signups.triplexcash.com/ from that spam "S'more" and trustwatch sez" "TrustWatch has checked that the site has been Verified by a Trusted Third Party and is not listed on the TrustWatch 'blacklists' of disreputable sites." Yeah. Right. From David1 at suescornerweb.com Thu Dec 9 15:44:47 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 15:45:05 2004 Subject: [SpamCop-List] Re: Trustwatch In-Reply-To: References: Message-ID: spamcop wrote: > At 02:05 PM 12/9/2004, you wrote: > >> > Neat add on to IE, to let you know if the website is good, >> unverified or >> > verified as bad >> > http://www.trustwatch.com/ >> >> Only IE? The world does not revolve around IE as M$ would hoped it would >> when it put the globe circling around IE some time ago. >> >> TW > > > Agreed! The world is drifting away from IE. > > It's now time to write compliant HTML, not M$ HTML. > > G > > > ------------------------------------------------------------------------ > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.807 / Virus Database: 549 - Release Date: 12/7/2004 I've been trying, got another editor that tells me which commands & stuff is IE only & I been staying away form them. David 1 From David1 at suescornerweb.com Thu Dec 9 15:49:02 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 15:50:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Karen wrote: > "Merlyn" wrote in message > news:cpa743$9e8$1@news.spamcop.net... > >>"Karen" wrote in message >>news:cp9u3t$1kh$1@news.spamcop.net... >> >>>I have one list I have been on and also a University I TEACH FOR and > > today > >>>I >>>am getting my mail back as undeliverable due to SPAM COP. This is making >>>me >>>EXCEPTIONALLY CROSS. I have contacted their admins, but I am really, >>>really, >>>angry over this. I have done NOTHING and yet SPAM COP is causing a LOT > > of > >>>disruption in my life and yet, I CANNOT FIND A WAY TO CONTACT SPAMCOP >>>besides this forum and THAT is making me MORE angry. Please, someone > > from > >>>your admin REPLY. >>> >>>Extremely disgruntled >>>Karen Chuplis >>> >> >>Spamcop did not block your email. >> >>The administrator of the system you sent your email to blocked you. >> >>199.184.119.13 = duck.inebraska.com which is also >>http://webmail.inebraska.com/ >> >>Have your Administrator at inebraska.com find the culprit on their system. >> >>I think you would agree with me that everyone is tired of receiving > > mortgage > >>quotes, penis enlargement, breast enhancement, weight loss, nude 40 year > > old > >>teenage sluts, Viagra, vacation, lottery, prescription drug, business >>opportunities, genealogical, university degrees, gambling, get rich quick, >>MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock > > scams, > >>pirated software and everything else that is force fed into our inboxes. >> >>If you want to get angry then get angry at the spammers that have created >>this situation and almost made email unusable. >> >>-- >> >>Regards, >>Merlyn >> >>A Spamcop advocate >>No emails this account is for newsgroups only >>People demand freedom of speech to make up for the freedom of thought > > which > >>they avoided >> > > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. To each his own. I would rather have to delete spam than waste > my time doing this. > > I get up to 3k a day of it so you just come on over here & delete each & every one of them for me ok, I get this spam cause a lot of my business is on the web & all those wonderful robots & crawlers & the like just keep feeding my addy to them. Spam Cop helps shut some of them down & that's 100 or so less that I have to deal with so your right to each his own but someone might want to look at the bigger picture. From David1 at suescornerweb.com Thu Dec 9 15:52:17 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 15:55:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Tim McGraw wrote: > Karen wrote: > >> >> I think that is what angers me the most. I had to bop all over >> figuring out >> what spamcop does etc. wasting my time. I will stop posting here >> because it >> is also taking time, but it is the only place I could find on the site >> where >> I might actually ask a question. > > > You got answers, too. > > Maybe not the ones you wanted, but there ya go. > LOL, it's been real hard for me to be nice so I just been keeping my mouth shut talking about being a part of the problem from lack of knowledge. David 1 From pete at heypete.com Thu Dec 9 12:56:03 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 16:00:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , Tim McGraw wrote: > With all due respect, some people receive more email than they can > hit the delete key all day with all the time in the world. *raises hand* My record is 500,000 per day. That was before I got DDoS'ed. -- Pete Stephenson HeyPete.com From David1 at suescornerweb.com Thu Dec 9 15:58:12 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 16:00:14 2004 Subject: [SpamCop-List] Re: Trustwatch In-Reply-To: References: Message-ID: TheWanderer wrote: > "spamcop" wrote in message > news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... > >>At 02:05 PM 12/9/2004, you wrote: >> >>>>Neat add on to IE, to let you know if the website is good, unverified >>>>or >>>>verified as bad >>>>http://www.trustwatch.com/ >>> >>>Only IE? The world does not revolve around IE as M$ would hoped it would >>>when it put the globe circling around IE some time ago. >>> >>>TW >> >>Agreed! The world is drifting away from IE. >> >>It's now time to write compliant HTML, not M$ HTML. > > > Well... > > An application like that would work off of Active X controls which only IE > has and nobody else because it is M$ technology and insecure > > > >>G >> >>-- Snip HEY thanks for that answer I've been wondering about that ever since I started using Firefox, That's ok FireFox has a work around for that & from what I hear M$ doesn't like it. David 1 From pete at heypete.com Thu Dec 9 12:59:39 2004 From: pete at heypete.com (Pete Stephenson) Date: Thu Dec 9 16:00:20 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: In article , "Karen" wrote: > So I have to *phone* them and try to find the right person to talk to > since they are blocking. It's a vicious circle. Not so! You could simply use an email address from a system not blocked (say a Yahoo!, Hotmail, or other freemail account) to inquire. Indeed, many providers "whitelist" addresses that people in blocked networks can still contact. For instance, abuse@heypete.com and postmaster@heypete.com are both "whitelisted" so even senders that would normally be blocked are still permitted to send mail so they can clarify any problems. This may or may not apply in this case. Email is not a time-critical service with no guarantee of delivery. It works well most of the time, but you seem to be treating it like it's something that must _always_ work, which it's not. Cheers! -- Pete Stephenson HeyPete.com From MikeE at ster.invalid Thu Dec 9 13:19:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 16:20:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: Karen wrote: > I think that is what angers me the most. I had to bop all over > figuring out what spamcop does etc. wasting my time. I will stop > posting here because it is also taking time, but it is the only place > I could find on the site where I might actually ask a question. The players in the scenario are: - your mail provider which uses C/R^1 as some part of its antispam strategy - your mail recipients which use the SCbl^2 as some part of their antispam strategy As a result of ^1, your provider's output IP became SCbl listed and your mail was blocked. SpamCop's role in the scenario is sensible. ^2 SpamCop SC is a free and paid parsing and reporting service which also maintains the SCbl, a dynamic blocklist of spamsources. It also provides a spamfiltering and tagging service for its mail clients. Part of the mechanism for SC reports is its spamtraps, which are addresses which have never been used or published, and which should only receive spam, no legitimate mail. Any mail which hits the spamtraps is automatically parsed for its source IP and that IP is counted toward the SCbl. ^1 C/R or challenge response is a system which accepts mail for delivery and then 'turns around' and creates a newmail addressed to the From to demand that From do something to facilitate its mail being /really/ delivered. This is an abusive way of handling spam, because spam is made of innocent bystanders' addresses in the From -- so the abusive challenge system is sending mails to innocent bystanders about mail they never sent. In this case, your provider's C/R system sent its abusive mail to the spamcop spamtraps, causing your provider's IP address to become listed in the SCbl Your mail recipients who were using the SCbl did a good thing by bouncing the mail directly back to the sending IP. That is a much healthier response for spam management than what your mail provider did, which is to accept spam and then send abusive mails to the bogus Froms. As a result of the 'healthy' use of the SCbl, hopefully your mail provider will mend its ways and stop sending abusive challenges and start managing its spam problems in a healthier more effective and less abusive way. Challenges are a bad way to manage wanted mail and they are a very bad way to manage unwanted mail. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 9 13:29:46 2004 From: nobody at spamcop.net (TheWanderer) Date: Thu Dec 9 16:30:02 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "David 1" wrote in message news:cpae62$fsb$3@news.spamcop.net... > TheWanderer wrote: >> "spamcop" wrote in message >> news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... >> >>>At 02:05 PM 12/9/2004, you wrote: >>> >>>>>Neat add on to IE, to let you know if the website is good, unverified >>>>>or >>>>>verified as bad >>>>>http://www.trustwatch.com/ >>>> >>>>Only IE? The world does not revolve around IE as M$ would hoped it would >>>>when it put the globe circling around IE some time ago. >>>> >>>>TW >>> >>>Agreed! The world is drifting away from IE. >>> >>>It's now time to write compliant HTML, not M$ HTML. >> >> >> Well... >> >> An application like that would work off of Active X controls which only >> IE has and nobody else because it is M$ technology and insecure >> >> >> >>>G >>> >>>-- > Snip > HEY thanks for that answer I've been wondering about that ever since I > started using Firefox, That's ok FireFox has a work around for that & from > what I hear M$ doesn't like it. > David 1 I was not aware of that. I have to look into that, though most Active X Control applications for IE are there for data mining nad snooping It would be nice if SC would make a plugin for different email clients to make it easier to report spam. From porpoise1954 at yahoo.co.uk Thu Dec 9 21:25:41 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 9 16:30:15 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Pop" wrote in message news:cpa47j$5vs$1@news.spamcop.net... > "Mike Easter" wrote in message > news:cpa3eg$59l$1@news.spamcop.net... > ... > | I predict out of office autoresponders hitting spamtraps. > | > ... > > Dumb question: Spamtraps never send mail; how would an > auto-responder send mail to a spamtrap? > > Just curious what I'm missing, > > Pop > > Because From: addresses in spams are invariably forged. From mfkmek820 at yahoo.com Thu Dec 9 12:28:15 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Thu Dec 9 16:30:21 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "indigo" wrote in message news:cpacnm$evh$1@news.spamcop.net... > If'n ya ask me, it doesn't work. I plugged in > http://signups.triplexcash.com/ from that spam "S'more" and trustwatch > sez" > > "TrustWatch has checked that the site has been Verified by a Trusted Third > Party and is not listed on the TrustWatch 'blacklists' of disreputable > sites." > > Yeah. Right. It is a BETA version. Did you provide the above as feedback? Fred k From MikeE at ster.invalid Thu Dec 9 13:34:10 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 16:35:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: Karen wrote: > I think that is what angers me the most. I had to bop all over > figuring out what spamcop does etc. wasting my time. I will stop > posting here because it is also taking time, but it is the only place > I could find on the site where I might actually ask a question. And another thing about 'figuring it out', where the figuring out is you trying to find out what /your/ mail provider did *wrong* to cause your mail recipient's /provider/ to block your mail provider's IP address from sending them mail because it was in a spamsource blocklist. Karen wrote: > : host imagicomm.com[128.121.220.147] said: 553 > 5.3.0 Rejected - see http://spamcop.net/bl.shtml? 199.184.119.13 (in > reply to MAIL FROM command) where that link leads to information about the listing. The spamcop site has numerous other informational pages, such as http://www.spamcop.net/fom-serve/cache/357.html or #357 SpamCop FAQ : SpamCop Blocking List information : If my IP is listed, does it mean I am a spammer or my ISP hosts spammers? and links to other pages such as 'How can I be de-listed?' #298 and a whole section for abuse desks and administrators, whose role you are partially assuming with your interest in solving the problem, 'I have been falsely and/or maliciously accused of spamming, what can I do?' #167 'How can I contact a real person about this?' #91 -- where each of those #s is a URL in the SC faq. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Thu Dec 9 21:33:27 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 9 16:40:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Pete Stephenson" wrote in message news:pete-0098B6.10575309122004@news.cesmail.net... > In article , > "Merlyn" wrote: > >> nude 40 year old teenage sluts > > Do I even want to know how that could possibly remotely possible? Come now ;-) Have you never heard of plastic (sic) surgeons? From porpoise1954 at yahoo.co.uk Thu Dec 9 21:48:22 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 9 16:50:03 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "Fred K" wrote in message news:cpa6pc$94v$1@news.spamcop.net... > Neat add on to IE, to let you know if the website is good, unverified or > verified as bad > http://www.trustwatch.com/ > > Fred K The problem with ideas like this is that only those sites that pay them will be listed as "Trusted Sites" so they are of very limited use. The best/safest way of rating sites is the same as "real" shops - word of mouth/personal experience. From porpoise1954 at yahoo.co.uk Thu Dec 9 21:49:25 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 9 16:55:04 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "spamcop" wrote in message news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... > At 02:05 PM 12/9/2004, you wrote: >> > Neat add on to IE, to let you know if the website is good, unverified >> > or >> > verified as bad >> > http://www.trustwatch.com/ >> >>Only IE? The world does not revolve around IE as M$ would hoped it would >>when it put the globe circling around IE some time ago. >> >>TW > > Agreed! The world is drifting away from IE. > > It's now time to write compliant HTML, not M$ HTML. > HTML is not the problem. From porpoise1954 at yahoo.co.uk Thu Dec 9 21:50:28 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 9 16:55:18 2004 Subject: [SpamCop-List] Re: Trustwatch References: Message-ID: "TheWanderer" wrote in message news:cpacmn$ev8$1@news.spamcop.net... > > "spamcop" wrote in message > news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... >> At 02:05 PM 12/9/2004, you wrote: >>> > Neat add on to IE, to let you know if the website is good, unverified >>> > or >>> > verified as bad >>> > http://www.trustwatch.com/ >>> >>>Only IE? The world does not revolve around IE as M$ would hoped it would >>>when it put the globe circling around IE some time ago. >>> >>>TW >> >> Agreed! The world is drifting away from IE. >> >> It's now time to write compliant HTML, not M$ HTML. > > Well... > > An application like that would work off of Active X controls which only IE > has and nobody else because it is M$ technology and insecure > Yes..... and that's not HTML From nobody at nowhere.invalid Thu Dec 9 22:54:15 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 9 16:55:24 2004 Subject: [SpamCop-List] Re: Viagra Cialis Spam References: Message-ID: On Thu, 9 Dec 2004 18:55:47 +0100, basalk coughed into spamcop and left this in : > Today I read that 60% of all email is spam (at least) At least. Varies from 60% to 80% here. 65% so far today. 69.27% so far this month. > so I guess most spammers have the email adress of Pfitzer and spam > them too. Equally likely is that Pfizer (no 't' in there - nitpick) also has an extensive array of spam traps which collect plenty of \/|@9r@ spam. -- Steve What exactly does buildworld build anyway? If it really does build the world then there's the mother of all bug reports to file somewhere! From nobody at nowhere.invalid Thu Dec 9 22:56:29 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 9 17:00:04 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: On Thu, 9 Dec 2004 13:54:20 -0500, Ellen coughed into spamcop and left this in : > Ellen sez: I spent some time on the phone with the ISP yesterday and > they are aware of the problem which is, mostly, that their C/R system > is beating up the spamtraps. Good. Let them stay listed until they switch off the C/R auto-abuse system. -- Steve If everybody doesn't want it, nobody gets it. From nobody at nowhere.invalid Thu Dec 9 23:06:36 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 9 17:10:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: On Thu, 9 Dec 2004 13:59:08 -0600, Karen coughed into spamcop and left this in : > I use a delete key. You are extremely lucky to have little enough spam to make using the delete key an option. Maybe your e-mail admins are using DBSBLs like bl.spamcop.net to weed out enough of the spam to keep the volume down. If it weren't for DNSBLs used on ly own MTA (which serves about 6 e-mail accounts) the users here would have to JHD on anything between 500 and 1000 pieces of spam every day. Most of them would land in *my* inbox since my e-mail addresses are the ones that were plastered all over the 'Net before the exponential rise in the volume of spam floating around. > To each his own. I would rather have to delete spam than waste my time > doing this. I don't think you would. Honestly. -- Steve Real programmers don't grumble about the disadvantages of Cobol when they don't know any other language. From kchuplis at nospamalltel.net Thu Dec 9 16:29:22 2004 From: kchuplis at nospamalltel.net (Karen) Date: Thu Dec 9 17:25:03 2004 Subject: [SpamCop-List] The rest of the story Message-ID: Well, this was the response from the ISP on this machine (note: I do not have a choice on this particular machine of what provider) just incase you are curious. So no one wants to do anything basically. : SpamCop is blacklisting us because some of our users have software called TMDA that will block all mail and send a challenge to the sender. Well, in this case the sender is a spammer who has falisfied the email to make it look like it's coming from a different address, and they are putting in the address of some of SpamCop's spam traps. When our users' challenge mail goes to that spam trap, it automatically marks it as spam coming from our server. Now, we have spoken with SpamCop but they are unable or unwilling to exempt us from this. They know we aren't spamming, yet they still can't do anything. Apparently they don't have a whitelist, and their system is all automated so they can't do anything. From Merlyn at Spamcop.net Thu Dec 9 17:33:42 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 9 17:35:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: "Karen" wrote in message news:cpajan$l2t$1@news.spamcop.net... > Well, this was the response from the ISP on this machine (note: I do not > have a choice on this particular machine of what provider) just incase you > are curious. So no one wants to do anything basically. : > > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. Well, in this case the sender is a spammer who has falisfied > the email to make it look like it's coming from a different address, > and they are putting in the address of some of SpamCop's spam traps. > When our users' challenge mail goes to that spam trap, it automatically > marks it as spam coming from our server. > > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. They know we aren't spamming, yet they still > can't do anything. Apparently they don't have a whitelist, and their > system is all automated so they can't do anything. > Most of all the spam sent has an invalid "From" or "Return-to" address. If you return spam those addresses it is being sent to either someone who doesn't exist or someone who _DID NOT_ send it. It does not go back to the spammer. This is very wrong. Anyone who does this deserves to be blocked forever for abuse. You need an education on how email works. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From MikeE at ster.invalid Thu Dec 9 14:40:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 17:40:04 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: Karen wrote: > Well, this was the response from the ISP on this machine (note: I do > not have a choice on this particular machine of what provider) just > incase you are curious. So no one wants to do anything basically. : > > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. If a provider allows its users to use abusive so-called spam defenses, which would include such activities as sending challenges to innocent Froms and also such activities as sending bogus bounces to innocent Froms, such as MailWasher can do, then that provider is going to find itself blocklisted by a lot more problematic blocklists than spamcop's. > Well, in this case the sender is a spammer who has falisfied > the email to make it look like it's coming from a different address, Doh! Hello inebraska.com! Knock knock on your little pinhead. *ALL* [or almost all] spam has bogus Froms. Did you [where you is who is talking to you at inebraska] just fall off the turnip truck, or what? > and they are putting in the address of some of SpamCop's spam traps. > When our users' challenge mail goes to that spam trap, it > automatically marks it as spam coming from our server. Which means that inebraska shouldn't be letting its users do abusive activities thru' its server. I wonder how long it is going to take them to figure that out. > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. No blocklist makes 'exemptions' or whitelists for spamsources or other similar abusive behaviors. The recipient provider is in a position to whitelist things. How much flexibility they have in that regard depends on how they are configured. The problem is with inebraska permitting an abusive software system usage by its users. > They know we aren't spamming, yet they still > can't do anything. Apparently they don't have a whitelist, and their > system is all automated so they can't do anything. There are 'things' that the deputy can do to try to help them out, but where is the part where inebraska is doing what it should be doing to stop its abusive behavior. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Thu Dec 9 23:51:33 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 9 17:55:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: On Thu, 9 Dec 2004 16:29:22 -0600, Karen coughed into spamcop and left this in : > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. They know we aren't spamming But that's precisely the point. If there's a C/R system set up on a machine then that machine *will* spam. > yet they still can't do anything. And I hope they never will! > Apparently they don't have a whitelist, and their > system is all automated so they can't do anything. Furthermore, it's working as designed. No reason to change it. -- Steve To err is human, to forgive is divine -- but to forget it altogether is humane. From David1 at suescornerweb.com Thu Dec 9 17:54:50 2004 From: David1 at suescornerweb.com (David 1) Date: Thu Dec 9 17:55:14 2004 Subject: [SpamCop-List] Re: Trustwatch In-Reply-To: References: Message-ID: TheWanderer wrote: > "David 1" wrote in message > news:cpae62$fsb$3@news.spamcop.net... > >>TheWanderer wrote: >> >>>"spamcop" wrote in message >>>news:mailman.31.1102621973.4572.spamcop-list@news.spamcop.net... >>> >>> >>>>At 02:05 PM 12/9/2004, you wrote: >>>> >>>> >>>>>>Neat add on to IE, to let you know if the website is good, unverified >>>>>>or >>>>>>verified as bad >>>>>>http://www.trustwatch.com/ >>>>> >>>>>Only IE? The world does not revolve around IE as M$ would hoped it would >>>>>when it put the globe circling around IE some time ago. >>>>> >>>>>TW >>>> >>>>Agreed! The world is drifting away from IE. >>>> >>>>It's now time to write compliant HTML, not M$ HTML. >>> >>> >>>Well... >>> >>>An application like that would work off of Active X controls which only >>>IE has and nobody else because it is M$ technology and insecure >>> >>> >>> >>> >>>>G >>>> >>>>-- >> >>Snip >>HEY thanks for that answer I've been wondering about that ever since I >>started using Firefox, That's ok FireFox has a work around for that & from >>what I hear M$ doesn't like it. >>David 1 > > > I was not aware of that. I have to look into that, though most Active X > Control applications for IE are there for data mining nad snooping > > It would be nice if SC would make a plugin for different email clients to > make it easier to report spam. > > > It's that "open link in IE" ext. That Firefox has. & Yes since I stopped using mailwasher & only using T-bird, that is the only thing that I truly miss, but forwarding as an attachment works to I guess. I'm lazy. David 1 From baloo at ursine.dyndns.org Thu Dec 9 15:15:20 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Dec 9 18:20:30 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: <1102634120.559231@ursine.dyndns.org> Karen wrote: > Well, this was the response from the ISP on this machine (note: I do not > have a choice on this particular machine of what provider) just incase you > are curious. So no one wants to do anything basically. : Sounds like high time to move to someplace you have choice. > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. This is why challenge-response systems are considered harmful. Get your ISP to stop using it. > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. They know we aren't spamming, yet they still > can't do anything. Apparently they don't have a whitelist, and their > system is all automated so they can't do anything. Probably unwilling. Why should spamcop change when the problem is caused by a misbehaving ISP? -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From MikeE at ster.invalid Thu Dec 9 15:23:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 18:25:04 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: Karen wrote: > Well, this was the response from the ISP on this machine > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. That is a very disingenuous response, since it is inebraska which is /promoting/ such an abusive function -- that reply acts like the user just dreamed it up all by hirself. >From the website: http://www.inebraska.com/ Anti-Spam, Anti-Virus Tools Important Anti-virus weaponry is more important than ever. We offer the Postini service for $1/month, and our subscribers have found it very helpful in reducing the amount of spam and the number of virus-infected pieces of mail they download. To learn more about this terrific service, see our Postini page. TMDA -- Tagged Message Delivery Agent -- will let you filter out virtually *all* spam by employing what is known as an "approved list" approach. If someone is on your list of approved senders, you get their mail. If not, MailAgent holds delivery of their mail until they have indicated they're not spammers. This is a great way to keep objectionable junk mail from reaching your children's mailboxes, for example. To learn more about this service, see our MailAgent information. With either Postini or MailAgent, you retain total privacy, you control all filtering, and you log in to a much tidier email box. The 'MailAgent' system which inebraska is 'promoting' is *awful* in that it does absolutely *NO* spam filtering -- it is a 100% whitelist [minus blacklist] system. That means that 100% of the spam which is sent to that mailbox is challenged. That is incredibly stupid. There are many different ways to institute a system which uses whitelists, but if you challenge essentially everything which isn't whitelisted, you are going to spend your life on blocklists. And, as a further 'motivation' for inebraska to promote this stupid system, they are making the users pay a small monthly fee of $1 for it. The only good think I can think of is that for the same price they also offer a sane filtering system, their postini, which doesn't use such an asinine challenge system. -- Mike Easter kibitzer, not SC admin From devnull at devnull.devnull Fri Dec 10 01:33:13 2004 From: devnull at devnull.devnull (Anty Spam) Date: Thu Dec 9 18:45:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Karen" wrote in message news:cpaah1$c8o$1@news.spamcop.net... > > "Merlyn" wrote in message > news:cpa743$9e8$1@news.spamcop.net... > > "Karen" wrote in message > > news:cp9u3t$1kh$1@news.spamcop.net... > > >I have one list I have been on and also a University I TEACH FOR and ... Snip .... > > I think you would agree with me that everyone is tired of receiving > mortgage > > quotes, penis enlargement, breast enhancement, weight loss, nude 40 year > old > > teenage sluts, Viagra, vacation, lottery, prescription drug, business > > opportunities, genealogical, university degrees, gambling, get rich quick, > > MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock > scams, > > pirated software and everything else that is force fed into our inboxes. .... snip ..... > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. To each his own. I would rather have to delete spam than waste > my time doing this. > > Karen While I understand your frustration, I would like to ask if you have children? If so, what are they doing with spams? I shut down a beastiality site in 48 hrs after my daughter got something very unsavoury items in her mail , where spam filters did not help. This site helped. I had traces etc I could forward. Hard proof from other unconnected victims.... Let us not thow out the baby with the bath water. Since you can connect to the internet, I suggest a fee mail address as a life saver back door enabling you to communicate via mail. Also, the mechanism of email has no guarantee of delivery, many things can and do go wrong. In this case your institution's staff "misconfiguring" the C/R system. There are many more examples. Anyway, being an academic as you state, I suggest you research the topic more thoroughly before passing judgement. The people on this list are extremely helpful and is part of a major mechanism that actually allows you to "normally" receive mails. The internet has limited bandwidth and resources. Spammers will hog all these, allowing hardly any mails (if any) to pass, including yours, if there are not mechanisms to stop them. Spamcop.net is a recognised leader in this field in supplying statistics. Incidentally, your IT staff's attempt at the C/R system is also an acknowledgement of the exact issue Spmacop is controlling to a large extent. If the C/R system worked, you would have never had to hit the delete key and would also be receiving mail .... Blame the spammers and only them. Best regards E From devnull at devnull.devnull Fri Dec 10 01:40:15 2004 From: devnull at devnull.devnull (Anty Spam) Date: Thu Dec 9 18:50:03 2004 Subject: [SpamCop-List] Re: Viagra Cialis Spam References: Message-ID: "Andy P. Jung" wrote in message news:cp9nk5$t9v$1@news.spamcop.net... > Would forwarding Viagra spam to Pfizer get them to go after those bastards > for trademark infringement? The same applies to Cialis. How about Microsoft > on pirated software Spam? > > > -- > Andy P. Jung > Metairie, Louisiana U.S.A. > (Home of Senator Elect David Vitter) > http://www.JungWorld.com/ > > To reply via e-mail, please visit my web site. > > Actually once took the time to look up the legal/relations department of each drug company for the "generics" spam . In the spams the show the real vs generic. There were quite a few, but zip, njado, niks, nothing, zero, null ...... replies. No thank you even. Did the same with the knock-off Rolex spam. Reaction was good. (see previous thread) I suggest this tactic as a test with each product. But if no reaction is received, don't spam the patent holder :-) Cheers E From nobody at spamcop.net Thu Dec 9 18:51:39 2004 From: nobody at spamcop.net (Miss Betsy) Date: Thu Dec 9 18:50:15 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: You probably won't see this because you seem to think it is a waste of time, but being from a University, you probably do understand about being responsible for certain things in society - recycling is a good example. The only way to control spam is for the *sender* to choose (or demand) responsible and competent internet email providers. You do not have to use the email that your internet connection provider offers. You can use a web email service. There is a saying "The lack of prior planning on your part does not constitute a crisis on my part." (or something like that) The point is that if you choose not to know enough about email to choose responsible and competent providers, then it's your problem, not blocklist users' problem if your email doesn't reach its destination. Miss Betsy From MikeE at ster.invalid Thu Dec 9 16:06:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 19:10:05 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: Anty Spam wrote: > While I understand your frustration, I would like to ask if you have > children? If so, what are they doing with spams? One of the problems here is that the very provider who is causing the problem by sending challenges and getting itself blocklisted which leads to recipient providers refusing Karen's mail is ballyhooing/hyping their 'ingenious' [sarcasm] solution to children getting spams - their mailagent/challenge system. The problem isn't that there is something wrong with the effectiveness of whitelisting for really stopping spam; the problem is that of challenging the spam. That's the part that inebraska doesn't 'get'. http://www.inebraska.com/mailagent/ Internet Nebraska President, Steve Reichenbach, set up MailAgent filtering for his gradeschool-aged children. "The logs indicate that the filter is blocking nearly nearly 20 spam messages per day --- many of them ads for sexually explicit Web sites. Since the filter was installed, not a single such message has made its way into their mailbox. The MailAgent filter has worked perfectly at protecting my children from such objectionable email." -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 9 18:59:52 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 19:15:08 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: "Mike Easter" wrote in message news:cpamp6$nr0$1@news.spamcop.net... > > > The 'MailAgent' system which inebraska is 'promoting' is *awful* in that > it does absolutely *NO* spam filtering -- it is a 100% whitelist [minus > blacklist] system. That means that 100% of the spam which is sent to > that mailbox is challenged. That is incredibly stupid. There are many > different ways to institute a system which uses whitelists, but if you > challenge essentially everything which isn't whitelisted, you are going > to spend your life on blocklists. > > And, as a further 'motivation' for inebraska to promote this stupid > system, they are making the users pay a small monthly fee of $1 for it. > The only good think I can think of is that for the same price they also > offer a sane filtering system, their postini, which doesn't use such an > asinine challenge system. > Small correction -- I believe the C/R system is free but the postini is the one that is $1/mth. Ellen From Kilgallen at SpamCop.net Thu Dec 9 18:16:09 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Dec 9 19:20:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: In article , "Karen" writes: > Well, this was the response from the ISP on this machine (note: I do not > have a choice on this particular machine of what provider) just incase you > are curious. So no one wants to do anything basically. : > > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. Right there, the ISP is lying. It is not sending a challenge to the sender, it is sending a challenge to whatever random email address the spammer provided in the message. Thus, the ISP is spamming innocent people. > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. They know we aren't spamming, yet they still > can't do anything. The point is, the ISP _is_ spamming. They do not deserve to be exempted. Unsolicited Bulk Email is the definition of spam, and the ISP admits they are sending it. From MikeE at ster.invalid Thu Dec 9 16:20:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 19:25:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: Ellen wrote: > "Mike Easter" >> And, as a further 'motivation' for inebraska to promote this stupid >> system, they are making the users pay a small monthly fee of $1 for >> it. The only good think I can think of is that for the same price >> they also offer a sane filtering system, their postini, which >> doesn't use such an asinine challenge system. >> > > Small correction -- I believe the C/R system is free but the postini > is the one that is $1/mth. Internet Nebraska Provides Second Junk Email Protection Method For a $1 monthly fee* per email account, Internet Nebraska will set up your mail to be filtered by the Tagged Message Delivery Agent -- we call it the MailAgent. http://www.inebraska.com/mailagent/ That's from that same page I was citing earlier where the prez thinks mailagent is the greatest because it is 'perfect' whereas postini isn't because some spam can slip thru' to the little children. No wonder the tech people at inebraska are 'stuck' with mailagent if the prez thinks it is great. Furrfu. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 9 16:30:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 19:35:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: Mike Easter wrote: > No wonder the tech people at inebraska are 'stuck' with mailagent if > the prez thinks it is great. Furrfu. And, on top of everything else, to add insult to injury, the TMDA faq page cites SpamCop as an example of a system using challenge response, harkening back to the very dark ages.... http://tmda.net/faq.cgi?req=all#1.9 1.9. Are there any other TMDA-like systems available? -- item #8 -- SpamCop Email (commercial service). -- Mike Easter kibitzer, not SC admin From me at privacy.net Thu Dec 9 19:45:57 2004 From: me at privacy.net (Frog Prince) Date: Thu Dec 9 20:00:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Ellen" | > output server | > | > SCbl listed, no other listings. | > | > I predict out of office autoresponders hitting spamtraps. | > | > Let's see what Ellen sez. | > | | Ellen sez: I spent some time on the phone with the ISP yesterday and they | are aware of the problem which is, mostly, that their C/R system is beating | up the spamtraps. | | Ellen And they propose to do exactly what to fix the problem? From devnull at devnull.devnull Fri Dec 10 02:57:03 2004 From: devnull at devnull.devnull (Anty Spam) Date: Thu Dec 9 20:10:04 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Mike Easter" wrote in message news:cpap9f$pkp$1@news.spamcop.net... > Anty Spam wrote: > > While I understand your frustration, I would like to ask if you have > > children? If so, what are they doing with spams? SNIP > Karen's mail is ballyhooing/hyping their > 'ingenious' [sarcasm] solution to children getting spams - their > mailagent/challenge system. The problem isn't that there is something > wrong with the effectiveness of whitelisting for really stopping spam; > the problem is that of challenging the spam. That's the part that > inebraska doesn't 'get'. > Agreed 101% In a perfect world with valid headers the mail protocols works as advertised. By spammers injecting fraudulent headers & a bending of the intended mail usage = chaos. > > http://www.inebraska.com/mailagent/ Internet Nebraska President, Steve > Reichenbach, set up MailAgent filtering for his gradeschool-aged > children. "The logs indicate that the filter is blocking nearly nearly > 20 spam messages per day --- many of them ads for sexually explicit Web > sites. Since the filter was installed, not a single such message has > made its way into their mailbox. The MailAgent filter has worked > perfectly at protecting my children from such objectionable email." A bit like saying "It is okay for rapists, pedophiles etc etc to run around on the streets, but I have a bodygaurd for my child. So all is OK.". The ostrich syndrome. This does not address the base of the problem - stopping activity at the source, like a cop slamming cuffs on the perpetrator. But then again we should remember that all these commercial solutions have a profit motive with a big white brush. (Halo's gowing cheap over Christmas period at less 10% :-) If we could BL all spam sources and everybody buys into useing them, spam as we know it would be non existent. Like cops catching all the criminals. Unfortunately this is the real world ... And maybe the extremely harrased and busy Karen should ask why so many people actually give up their own time to report spam vs deleting it. Why http://wdprs.internic.net/ exists ? Why I am sitting here at 02H50 local time working and doing this. After today Karen can not plead ignorance. From what she is saying she has dealings with a school (where the problem started - her mail to the school). As such spam is now also part of "her" problem. Sad, but that is how we all start. A spam that should not have arrived. Anyways, received about 30 ICANN follow up's to check .....:-) Cheers E From MikeE at ster.invalid Thu Dec 9 17:20:11 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 20:20:04 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: Frog Prince wrote: > And they propose to do exactly what to fix the problem? C/R devotees are very very enamored of a system based on whitelisting because it is so 'powerful' it can stop /all/ of the spam. Then, they have this 'little problem' about what to do with what isn't whitelisted. Typically the whitelist evaluation goes on after the mail has been accepted. What to do, what to do.... Inebraska adopted the C/R MailAgent system secondarily after they already had a postini. The postini is more trouble because it simply puts everything which isn't whitelisted and fails to pass body filters into a quarntined suspect folder. The postini makes some kind of rules you can adjust about body content. But, you still have to manage this quarantine place completely on your own and you still are going to get some spams unquarantined of course. Providers are always upset when the clients are complaining too loudly about spams getting thru. Especially the kiddies getting p0rn spams. That's why EL has its high setting for its spamblocker. The spamblocker 'suspects' everything that isn't blocked by the 'normal' spamfilter or whitelisted. Then you have to have a way to deal with suspect, one option being challenging. Fortunately EL can turn challenges off. -- Mike Easter kibitzer, not SC admin From me at privacy.net Thu Dec 9 20:38:16 2004 From: me at privacy.net (Frog Prince) Date: Thu Dec 9 20:45:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Mike Easter" wrote in message news:cpatjo$stv$1@news.spamcop.net... | Frog Prince wrote: | > And they propose to do exactly what to fix the problem? | | C/R devotees are very very enamored of a system based on whitelisting | because it is so 'powerful' it can stop /all/ of the spam. | | Then, they have this 'little problem' about what to do with what isn't | whitelisted. Typically the whitelist evaluation goes on after the mail | has been accepted. | | What to do, what to do.... | | Inebraska adopted the C/R MailAgent system secondarily after they | already had a postini. The postini is more trouble because it simply | puts everything which isn't whitelisted and fails to pass body filters | into a quarntined suspect folder. The postini makes some kind of rules | you can adjust about body content. But, you still have to manage this | quarantine place completely on your own and you still are going to get | some spams unquarantined of course. Providers are always upset when the | clients are complaining too loudly about spams getting thru. Especially | the kiddies getting p0rn spams. | | That's why EL has its high setting for its spamblocker. The spamblocker | 'suspects' everything that isn't blocked by the 'normal' spamfilter or | whitelisted. Then you have to have a way to deal with suspect, one | option being challenging. Fortunately EL can turn challenges off. I'm up on those issues. I'm curious if *they* gave Ellen any indications about what *they* plan to do to address the problem that *they* have acknowledged having with the C/R process. From wb8tyw at qsl.network Thu Dec 9 21:04:19 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Dec 9 21:05:03 2004 Subject: [SpamCop-List] Re: Viagra Cialis Spam In-Reply-To: References: Message-ID: basalk wrote: > "Andy P. Jung" schreef in bericht > news:cp9nk5$t9v$1@news.spamcop.net... > >>Would forwarding Viagra spam to Pfizer get them to go after those bastards >>for trademark infringement? > > > I read in a webnews article somewhere that Pfitzer wants to sue Viagra > spammers. They did not need the actual spam it said. Today I read that 60% > of all email is spam (at least) so I guess most spammers have the email > adress of Pfitzer and spam them too. > Bas I suspect that this is an attempt to get people to bounce their spam to Pfizer to DDOS their mail server. All Pfizer has to do to get evidence is open a few e-mail accounts around the internet on services that do not have effective spam filtering. > --- Outgoing news posts are certified Virus Free. Plain text postings can not carry a virus, and none are known to infect OpenVMS anyway. From wb8tyw at qsl.network Thu Dec 9 21:29:51 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Dec 9 21:30:25 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Karen wrote: > "Merlyn" wrote in message > > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. To each his own. I would rather have to delete spam than waste > my time doing this. That option would cost one of my e-mail providers over $6,000 per month in additional bandwidth charges at the current rate of spam. That cost would have to passed on to their users, and it would raise costs to the point that it would put them out of business. You may pay a fixed rate for your internet access, but a medium to large mail server pays a metered rate based on how much mail goes through. If your postal mail was charged the way that e-mail is, it would cost you almost nothing to send a package of any size. To receive a letter or a package, all you would get is the zip+4 code of the sender before you agreed to pay the postage due charges in full, no matter what they would be. You would not get to know who the sender was, or how much the you will have to pay, or even if the package was desirable. Using DNSbls to reject spam from spammers and mail servers with clueless administrators is needed to cut the cash costs of operating a large mail server. The challenge response system is both the most expensive way of dealing with spam, and it is the one that is most likely to cause you to miss getting critical legitimate e-mails. Most services that send out automatic e-mails will not respond to challenges, and there is no way in advance to determine what address that they will send from. And as you have discovered, a challenge response system that send e-mail challenges is one of the fastest way to get a mail server on the various blocking lists. It is likely that even after it is disabled, that you will find that many major networks have stopped accepting e-mail from that server. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Thu Dec 9 21:35:00 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Dec 9 21:40:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: <3KGdnQ_FW-rIliTcRVn-qA@adelphia.com> Mike Easter wrote: > Frog Prince wrote: > >>And they propose to do exactly what to fix the problem? > > C/R devotees are very very enamored of a system based on whitelisting > because it is so 'powerful' it can stop /all/ of the spam. It also stops all mail from automatic mailing services, which can be critical notices from domain registrars, banks, schools and such. It is impossible to whitelist the services in advance because many of them employ 3rd party mailers that send things out under a different domain name. -John wb8tyw@qsl.network Personal Opinion Only From dfm2a3l0t2 at spymac.com Thu Dec 9 21:37:39 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Dec 9 21:40:13 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , Pete Stephenson wrote: > "Merlyn" wrote: > > > nude 40 year old teenage sluts > > Do I even want to know how that could possibly remotely possible? > > On second thought, I'd prefer not to. Female versions of Dick Clark? -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From dfm2a3l0t2 at spymac.com Thu Dec 9 21:40:32 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Dec 9 21:45:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , "Karen" wrote: > As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. No, you don't. Use a free, Web-based mail system to e-mail the school. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Thu Dec 9 18:58:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 9 22:00:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: D.F. Manno wrote: > Female versions of Dick Clark? Some parts of Dick Clark are finally getting a little old, namely the blood vessels in his head. He is currently hospitalized for what some are calling a mild or minor stroke; present neurologic deficits unknown. -- Mike Easter kibitzer, not SC admin From hwolfe at spamcop.net Thu Dec 9 21:59:00 2004 From: hwolfe at spamcop.net (Herb Wolfe) Date: Thu Dec 9 23:00:04 2004 Subject: [SpamCop-List] Re: false positives/negatives In-Reply-To: References: Message-ID: Mike Easter wrote: > Herb Wolfe wrote: > >>It would be nice if there was an option to whitelist a sender that did >>get through the filter, so that they don't get marked as spam in a >>later message, which has been my problem lately. > > > Disclaimer: I've never seen the inside of spamcop mail, I just know > what I read on the 'outside' around here and the forum information > > There is an option to whitelist a sender; and a whitelisted sender rule > 'should' be configured to disregard any rules after that, and there's > also the issue of the order of the rules. > > Here's a forum entry for Q: None of my personal filters are working. > http://forum.spamcop.net/forums/index.php?showtopic=2321 > I should have been a bit more clear. From the inbox screen, there should be that option. Select a message and whitelist sender, like in the held mail screen. I do have filters set up for two of the busier e-mail lists, after seeing messages in my held mail. Those are ones where I have to filter on the "To:" field, rather than on the sender. Oddly enough, after I raised the requirements for spamassassin to mark something as spam, a message from a list I am on, gets marked as spam. From nobody at spamcop.net Thu Dec 9 23:36:32 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 23:45:05 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Frog Prince" wrote in message news:cpav2o$tvl$1@news.spamcop.net... > > > I'm up on those issues. I'm curious if *they* gave Ellen any indications > about what *they* plan to do to address the problem that *they* have > acknowledged having with the C/R process. > > I have no idea what they plan to do, if anything. We pretty much agreed to disagree. People who use C/R systems just love them of course and they don't want to hear that they are selfishly shifting their spam problem onto other people. The bottom line is -- their users like C/R; the ISP finds it works for them. Of course they do not like being blocklisted. They are going to have to make a decision as to whether the blocklisting outweighs the benefit they and their users see in continuing to have C/R. Of course they could send all the challenges thru a separate IP which would, I guess, solve the problem of their users having their outbound mails bounced altho some "legit" C/R's might not be delivered FSVO legit. Ellen From nobody at spamcop.net Thu Dec 9 23:38:26 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 23:45:23 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: "Mike Easter" wrote in message news:cpaq44$qio$1@news.spamcop.net... > > Internet Nebraska Provides Second Junk Email Protection Method > For a $1 monthly fee* per email account, Internet Nebraska will set up > your mail to be filtered by the Tagged Message Delivery Agent -- we call > it the MailAgent. > http://www.inebraska.com/mailagent/ > > mea culpa -- I missed that. Ellen From nobody at spamcop.net Thu Dec 9 23:39:48 2004 From: nobody at spamcop.net (Ellen) Date: Thu Dec 9 23:45:29 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: "Mike Easter" wrote in message news:cpaqmi$qqf$1@news.spamcop.net... > > And, on top of everything else, to add insult to injury, the TMDA faq > page cites SpamCop as an example of a system using challenge response, > harkening back to the very dark ages.... > > http://tmda.net/faq.cgi?req=all#1.9 1.9. Are there any other TMDA-like > systems available? > -- item #8 -- SpamCop Email (commercial service). > !! How long has it been since we stopped that? 3 years? longer? Ellen From wb8tyw at qsl.network Fri Dec 10 00:09:42 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Dec 10 00:10:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! In-Reply-To: References: Message-ID: Ellen wrote: > "Frog Prince" wrote in message > news:cpav2o$tvl$1@news.spamcop.net... >> >>I'm up on those issues. I'm curious if *they* gave Ellen any indications >>about what *they* plan to do to address the problem that *they* have >>acknowledged having with the C/R process. >> > > I have no idea what they plan to do, if anything. We pretty much agreed to > disagree. People who use C/R systems just love them of course and they don't > want to hear that they are selfishly shifting their spam problem onto other > people. The bottom line is -- their users like C/R; the ISP finds it works > for them. Of course they do not like being blocklisted. They are going to > have to make a decision as to whether the blocklisting outweighs the benefit > they and their users see in continuing to have C/R. Of course they could > send all the challenges thru a separate IP which would, I guess, solve the > problem of their users having their outbound mails bounced altho some > "legit" C/R's might not be delivered FSVO legit. They could also change the system to send the challenge via a SMTP 550 rejection text. That way no innocent victims would get the backscatter. Of course that does not solve the problem that they are no longer getting a lot of legitimate mail that they specifically requested because automatic mailers will not answer challenges. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Fri Dec 10 19:22:51 2004 From: nobody at spamcop.net (Anony Mouse) Date: Fri Dec 10 01:25:03 2004 Subject: [SpamCop-List] thebulkclub.com Message-ID: <41B940BB.3070203@spamcop.net> whois thebulkclub.com Whois Server Version 1.3 Domain Name: THEBULKCLUB.COM Registrar: REGISTER.COM, INC. Whois Server: whois.register.com Referral URL: http://www.register.com Name Server: NS0000.4AMDNS.COM.DIRECTIDELETEDDOMAIN.COM Name Server: NSEURO.ITUAE.COM Status: REGISTRAR-HOLD Updated Date: 05-oct-2004 Creation Date: 29-aug-2002 Expiration Date: 29-aug-2005 Organization: register.com Unpaid Names Department-R 575 Eighth Avenue New York, NY 10018 US Phone: 212-798-9200 Fax..: 212-594-9876 Email: admin@register.com From salvisberg at spamcop.net Fri Dec 10 08:09:30 2004 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Fri Dec 10 02:05:23 2004 Subject: [SpamCop-List] Surge of fales positives -- be careful with quick reporting! Message-ID: Hi, This morning I have a sudden surge of false positives. For years I've occasionally had one or two per day, and this morning there are eight of them, all from different sources that regularly send me email, and which used to come through just fine only yesterday. I know how the system works, and I'm adding them to my whitelist now. It's just odd, and if people aren't careful with quick reporting, we'll have a mess... Hans From MikeE at ster.invalid Fri Dec 10 03:28:51 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 06:30:20 2004 Subject: [SpamCop-List] Re: thebulkclub.com References: <41B940BB.3070203@spamcop.net> Message-ID: Anony Mouse wrote: > whois thebulkclub.com > Status: REGISTRAR-HOLD dns thebulkclub.com No DNS for this address dns www.thebulkclub.com No DNS for this address http://snipurl.com/b9fe Results 1 - 10 of about 50 for "thebulkclub.com" group:news.admin.net-abuse.email. For example: ----------- ------------ From: John Nagle Subject: Re: New spammer bulletin board discovered - spamforum.biz Message-ID: <8%f7d.22927$QJ3.6922@newssvr21.news.prodigy.com> Date: Fri, 01 Oct 2004 16:56:36 GMT Spamforum.biz seems to have disappeared from DNS. "specialham.com" is gone, as is "thebulkclub.com" and some of the other spammer boards. But see "http://www.samair.ru/documents/forum-56.html": An amusing bit of info from that board: The infamous SendSafe (http://www.send-safe.com/scanner.php) which looks for open proxies, then uses them to spam, turns out to have a hidden "feature". The unregistered version apparently scans for open proxies, then sends the list of open proxies to SendSafe, which then apparently resells them. The spammer ecosystem is worth exploring. There's a whole world out there, waiting to be arrested. John Nagle ------------ ----------- -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Fri Dec 10 13:01:38 2004 From: nospam at nospam.org (geo_splash_12) Date: Fri Dec 10 07:05:23 2004 Subject: [SpamCop-List] Re: Surge of fales positives -- be careful with quick reporting! In-Reply-To: References: Message-ID: Hans Salvisberg wrote: > Hi, > > This morning I have a sudden surge of false positives. For years I've > occasionally had one or two per day, and this morning there are eight of > them, all from different sources that regularly send me email, and which > used to come through just fine only yesterday. > > I know how the system works, and I'm adding them to my whitelist now. It's > just odd, and if people aren't careful with quick reporting, we'll have a > mess... > > Hans > > Occasionally this happens with news digests. -- And your Chinese exchange student asks: what does it mean "I'm busy". Location 51 57'N 4 28'E From me at privacy.net Fri Dec 10 08:17:49 2004 From: me at privacy.net (Frog Prince) Date: Fri Dec 10 08:30:13 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: "Ellen" | > | > I'm up on those issues. I'm curious if *they* gave Ellen any indications | > about what *they* plan to do to address the problem that *they* have | > acknowledged having with the C/R process. | > | > | | I have no idea what they plan to do, if anything. We pretty much agreed to | disagree. People who use C/R systems just love them of course and they don't | want to hear that they are selfishly shifting their spam problem onto other | people. The bottom line is -- their users like C/R; the ISP finds it works | for them. Of course they do not like being blocklisted. They are going to | have to make a decision as to whether the blocklisting outweighs the benefit | they and their users see in continuing to have C/R. Of course they could | send all the challenges thru a separate IP which would, I guess, solve the | problem of their users having their outbound mails bounced altho some | "legit" C/R's might not be delivered FSVO legit. Ok thanks, I guess it was too much to expect that they would learn something from the exercise. From spamcop at bas.kookt.nl Fri Dec 10 14:48:33 2004 From: spamcop at bas.kookt.nl (basalk) Date: Fri Dec 10 08:50:03 2004 Subject: [SpamCop-List] Lycos ends his anti spam screensaver Message-ID: On wikinews: Lycos Europe ended its anti-spam operation "Make Love Not Spam." The company's spokesperson made a statement that it was planned to be a temporal campaign to raise people's awareness. The operation draw criticism from security experts and others from its beginning. Other troubles broke out on the way. The company started distributing a screensaver on November 29 on makelovenotspam.com. When the program is installed, the computer in its inactive time sent HTTP requests to spammers' servers. It was to raise the running cost of those servers. Lycos coordinated those requests, by choosing targets from a list of candidates generated by organizations like Spamcom.com, and monitoring the effect to keep server under heavy load but alive. The program received criticism from security experts since its beginning. Some, such as Steve Linford, director of a non-profit anti-spam organization SpamHaus, and Graham Cluley, a senior technology consultant of Sophos, pointed out that lowering the moral standard to fight against spammers was not a good choice. Wheather it was legal to attack the servers was a topic of discussion because it resembled Distributed Denial of Service attacks, or DDoS, except that Lycos does not completely shut down the target server. Other troubles came along. First, the next day the campaign was launched, there was an alleged takeover of the web site's top page by a cracker. The page was replaced with a warning against the use of the screensaver, according to a screenshot sent via email to a Finnish security firm F-Secure. The Lycos spokesperson said that screenshot was a hoax, there was no trace of intrusion in the server log, and site was unavailable simply due to a high demand. Some ISPs blocked the traffic to Locos-Europe, or the requests generated by the screensaver. Next, one of the targeted sites redirected the traffic all to the Lycos' server, making Lycos a target. Although it was reported that Lycos' server was immune from the attack, Lycos subsequently stopped the distribution of the program, on the December 3rd, and asked visitors to "stay tuned." It did not come back, but statements were made to announce its ending. Afterwards, a virus email disguised to be the anti-spam screensaver appeared. F-Secure reported it on Monday, the 6th. When its attachment (a zip file) is clicked, it self-extracts and installs a trojan horse that monitors keystrokes to steal passwords, bank account, and other important information. By the end of the campaign, the software was downloaded more than 100,000 times. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 9-12-2004 From smjg_1998 at yahoo.com Fri Dec 10 14:54:50 2004 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Fri Dec 10 09:55:04 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver In-Reply-To: References: Message-ID: So, what's happened now? I noticed it didn't seem to be working on my machine, but thought it was a firewall or proxy problem at my end. So Lycos has switched off its server? And is this mainly because: - it was costing them too much to run? - they weren't sure if it was legal? - they weren't sure if it was moral? - they feared spammers would get back at them? - spammers really did start to get back at them? As I go to the site now, it's nothing but a single page displaying the logo. Any idea what that's supposed to mean? Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From smjg_1998 at yahoo.com Fri Dec 10 15:18:02 2004 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Fri Dec 10 10:20:03 2004 Subject: [SpamCop-List] Re: Trustwatch In-Reply-To: References: Message-ID: Fred K wrote: > Neat add on to IE, to let you know if the website is good, unverified or > verified as bad > http://www.trustwatch.com/ Classic case of a FAQ it doesn't answer: "When will the TrustWatch toolbar be available for other browsers? The TrustWatch toolbar is only available for Internet Explorer for the moment. The implementation of the TrustWatch toolbar with other browsers will be developed in the future." But at least it isn't blatant nonsense like another FAQ unanswer I've seen. The only form of reputability it seems to mention is treating personal information with respect. Not to mention: - whether software distributed on the site is safe to run - whether the site is what you've been led to think and not a porn site or something (this would only be useful if it prompts you before taking you in and/or displaying the images....) .... Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From MikeE at ster.invalid Fri Dec 10 09:22:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 12:25:03 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: basalk wrote: Content-Type: multipart/alternative; X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 Content-Type: text/html; You are posting to a newsgroup in html. You should configure to post to all newsgroups in plaintext. In OE that configuration is in Tools/ Options/ Send/ News Sending Format section - check plaintext, not html. > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.805 / Virus Database: 547 - Release Date: 9-12-2004 This AVG trailer should be turned off in my opinion. Besides, it doesn't really make any sense being put on a newsgroup message that doesn't have an attachment. If you were going to configure AVG to put it on anything, it would only be on mail with attachments; but overall off would be even better. See AVG control center advanced settings for certification configuration. -- Mike Easter kibitzer, not SC admin From spamcop at bas.kookt.nl Fri Dec 10 18:35:53 2004 From: spamcop at bas.kookt.nl (basalk) Date: Fri Dec 10 12:40:04 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: "Mike Easter" schreef in bericht > You are posting to a newsgroup in html. You should configure to post to > all newsgroups in plaintext. In OE that configuration is in Tools/ > Options/ Send/ News Sending Format section - check plaintext, not html. > >> --- >> Outgoing mail is certified Virus Free. >> Checked by AVG anti-virus system (http://www.grisoft.com). >> Version: 6.0.805 / Virus Database: 547 - Release Date: 9-12-2004 > > This AVG trailer should be turned off in my opinion. Besides, it > doesn't really make any sense being put on a newsgroup message that > doesn't have an attachment. If you were going to configure AVG to put > it on anything, it would only be on mail with attachments; but overall > off would be even better. > > See AVG control center advanced settings for certification > configuration. > > -- > Mike Easter > kibitzer, not SC admin > Mike, Maybe your're right about the AVG, tho I wouldn't want to send any virii to newsgroups, but the HTML tag is needed for my most important newsgroup. Without using the option posting images can only be as attachement and not seen by other visitor's, they asked me to keep the option on, so I do, and at the rare occasion that I post here, I might forget to turn it off, so my excuse in advance. Bas --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.805 / Virus Database: 547 - Release Date: 9-12-2004 From dauyeung at hotmail.com Fri Dec 10 12:46:41 2004 From: dauyeung at hotmail.com (Dave) Date: Fri Dec 10 12:50:02 2004 Subject: [SpamCop-List] NDR Recorders Message-ID: Hello, I am receiving over 60k DNS blacklisted emails per day. My mail server is sending out NDR's for each one of them. Will excessive NDR emails have me blacklisted by SpamCop? Thanks, DAve From Merlyn at Spamcop.net Fri Dec 10 12:56:34 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Fri Dec 10 13:00:03 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: "Dave" wrote in message news:cpcne2$vu1$1@news.spamcop.net... > Hello, > I am receiving over 60k DNS blacklisted emails per day. My > mail server is sending out NDR's for each one of them. Will excessive NDR > emails have me blacklisted by SpamCop? > If you send the to the "From" or "Reply-To" address it will get you listed in every blocklist on the internet. If you do this you are spamming innocent victims as the "From" and "Reply-To" addresses are usually forged in spam. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From wb8tyw at qsl.network Fri Dec 10 13:04:48 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Dec 10 13:05:03 2004 Subject: [SpamCop-List] Re: NDR Recorders In-Reply-To: References: Message-ID: Dave wrote: > Hello, > > I am receiving over 60k DNS blacklisted emails per day. My mail > server is sending out NDR's for each one of them. Will excessive NDR emails > have me blacklisted by SpamCop? I am just a spamcop.net user, as are most of the responders here. If your server is using SMTP rejects, then it will not have a problem. If you are sending NDRs to the forged addresses found in spam and e-mail, it is likely that your mail server will not only end up in the spamcop.net DNSbl, but it will also end up in many others, including private ones. There was a recent thread on News.admin.net-abuse.blocklisting about SPAMHAUS.ORG listing a sight specifically because they were sending NDRs to known spam and viruses. While I do not know for sure, it looks like spamhaus.org is used far more than the spamcop.net blocking list. Also it has been reported here that AOL has stated on the SPAM-L mailing list that they are converting their systems to only use SMTP rejects because they recognize that it is more abusive than a courtesy to generate a new NDR for an undeliverable mail. It is against the rules for human spamcop.net reporters to report such bounces. It appears that the spamtraps operated by spamcop.net have different rules. Spamcop.net is not the only DNSbl that uses spamtraps. If you send a NDR to some of the other spamtraps being operated, it may take quite a bit of work to get your server removed. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Fri Dec 10 10:06:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 13:10:03 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: Dave wrote: > I am receiving over 60k DNS blacklisted emails per day. > My mail server is sending out NDR's for each one of them. Will > excessive NDR emails have me blacklisted by SpamCop? That isn't clear. Do you mean that your server is rejecting from blocklisted IPs during the transaction, ie 5xx/ing the transaction altogether? If that were true, you wouldn't be sending out any 'NDRs' at all, which would be just fine. If you are accepting the spams and then 'turning around' and creating a newmail 'NDR' addressed to the From or some derivative thereof -- that would be very very bad and your server will be quickly blocklisted all over the place. -- Mike Easter kibitzer, not SC admin From baloo at ursine.dyndns.org Fri Dec 10 10:06:17 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Dec 10 13:10:15 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: <1102701977.716920@ursine.dyndns.org> Mike Easter wrote: > basalk wrote: > Content-Type: multipart/alternative; > X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 > > Content-Type: text/html; > > You are posting to a newsgroup in html. You should configure to post to > all newsgroups in plaintext. In OE that configuration is in Tools/ > Options/ Send/ News Sending Format section - check plaintext, not html. Even better: Get a real newsreader. I suggest Mozilla Thunderbird. It's hard to go wrong with open source. >> --- >> Outgoing mail is certified Virus Free. >> Checked by AVG anti-virus system (http://www.grisoft.com). >> Version: 6.0.805 / Virus Database: 547 - Release Date: 9-12-2004 > > This AVG trailer should be turned off in my opinion. Besides, it > doesn't really make any sense being put on a newsgroup message that > doesn't have an attachment. If you were going to configure AVG to put > it on anything, it would only be on mail with attachments; but overall > off would be even better. AVG defaults to adding it's tag to everything in OE and Outlook. Why? I don't know. It's only useful as an advertisement, since it is possible for a virus to get attached along the way (though it requires message interception or supercession.), making the "certification" totally meaningless anyway. Grisoft could better it's reputtaion by not giving people false sense of security. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Fri Dec 10 10:08:34 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Dec 10 13:10:22 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: <1102702114.677570@ursine.dyndns.org> basalk wrote: > Maybe your're right about the AVG, tho I wouldn't want to send any virii > to newsgroups, but the HTML tag is needed for my most important newsgroup. > Without using the option posting images can only be as attachement and not > seen by other visitor's, they asked me to keep the option on, so I do, and > at the rare occasion that I post here, I might forget to turn it off, so > my excuse in advance. You could get a newsreader that does what you need it to do, which is set text or HTML on a per-message or per-group basis. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Fri Dec 10 10:01:26 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Dec 10 13:35:03 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: <1102703536.702459@ursine.dyndns.org> Dave wrote: > I am receiving over 60k DNS blacklisted emails per day. My mail > server is sending out NDR's for each one of them. Will excessive NDR > emails have me blacklisted by SpamCop? It depends. Is your mail server rejecting these messages with an SMTP response, or accepting the message, then sending a bounce after the fact based on the From header? If it's at SMTP-time, no worries, the offending system got the message whether they wanted it or not. If it's not, then you probably will eventually get listed. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From tmcgraw at spamcop.net Fri Dec 10 12:47:53 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Dec 10 15:50:03 2004 Subject: [SpamCop-List] Tricking the sc date? Message-ID: These two emails arrived in my inbox within the last hour as all but the initial header shows. Could it be a spammy trick? BTW, I use mailhosts, if that makes a difference. http://www.spamcop.net/sc?id=z701242402z62c3f5a690bf313709ba1fc67ca2b371z http://www.spamcop.net/sc?id=z701242403z834f1d977008809f9ec3de2338d73419z Oddly, I did actually receive the same email from the same forged sender on Dec. 5. From me at privacy.net Fri Dec 10 17:32:58 2004 From: me at privacy.net (Frog Prince) Date: Fri Dec 10 17:45:03 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: "basalk" | Mike, | Maybe your're right about the AVG, tho I wouldn't want to send any virii to | newsgroups, but the HTML tag is needed for my most important newsgroup. | Without using the option posting images can only be as attachement and not | seen by other visitor's, they asked me to keep the option on, so I do, and | at the rare occasion that I post here, I might forget to turn it off, so my | excuse in advance. | Bas | Since you're posting so infrequently here go to the top of the message and click on Format and select Plain Text before you send. From please_reply_to_newsgroup at something.com Fri Dec 10 23:32:36 2004 From: please_reply_to_newsgroup at something.com (Paul D) Date: Fri Dec 10 18:35:04 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: BINGO! This is what is causing the problem: http://www.iss.net/security_center/reference/2002555.html#remedies Although the icon that Spamcop uses is nice, do you think the Spamcop guys would have a look at the icon to see if there is anything they can do to simplify it? Now that I know the cause of the issue, I could solve it for myself, but I'm sure there will be other users in the future who will come up against this problem. Hence, I feel a better approach would be to solve it at the source if at all possible. What do you think? Paul From MikeE at ster.invalid Fri Dec 10 15:49:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 18:50:02 2004 Subject: [SpamCop-List] Re: Tricking the sc date? References: Message-ID: Tim McGraw wrote: > These two emails arrived in my inbox within the last hour as all but > the initial header shows. > > Could it be a spammy trick? I don't think it is a spammy trick. I think the EL server that the mindspring source IP used held the item for 5 days. I haven't figured out yet the oddball EL service - that isn't a normal EL pathway for the 'average' mindspringer to be sending it, ie that is an atypical EL smtp service. > BTW, I use mailhosts, if that makes a difference. No, assuming that the 'expected' path is that host is for it to go aol => spamcop. spamcop.net/sc?id=z701242402z62c3f5a690bf313709ba1fc67ca2b371z spamcop.net/sc?id=z701242403z834f1d977008809f9ec3de2338d73419z Both of those say: by mailgate.cesmail.net Fri by air-xb01.mail.aol.com Fri by rly-xb05.mx.aol.com Fri by corpgate0.mail.atl.earthlink.net Fri from user-38lcon0.dialup.mindspring.com ([209.86.98.224] helo=biz) by emory.mail.atl.earthlink.net Sun > Oddly, I did actually receive the same email from the same forged > sender on Dec. 5. The content of the spams is about an ebay seller's product and promotes shopjimbos.homestead.com which is verio, but it also has a 'strange' This is an advertisement from timetolaugh.info. In order to opt-out from further e-mails from timetolaugh.info, please reply to shopjimbos@hotmail.com with "REMOVE" in subject. which can be seen in a current sightings, and in various 'iterations' such as subdomains and alternate spellings. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 10 16:10:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 19:15:04 2004 Subject: [SpamCop-List] Re: SpamCop Painfully Slow 2 References: Message-ID: Paul D wrote: > BINGO! This is what is causing the problem: > http://www.iss.net/security_center/reference/2002555.html#remedies I'm not clear on what you are saying as regards what that page is saying. That page is saying there is a signature that pertains to a 'favorites icon' which has a suspicious format - ie HTTP_Favorites_Icon_Overflow > Although the icon that Spamcop uses is nice, do you think the Spamcop > guys would have a look at the icon to see if there is anything they > can do to simplify it? Are you saying that the spamcop favorites icon has a suspicious format? > Now that I know the cause of the issue, I could solve it for myself, > but I'm sure there will be other users in the future who will come up > against this problem. Hence, I feel a better approach would be to > solve it at the source if at all possible. > > What do you think? The link provided is very old and pertains to issues about IE5; some of the links are so old they don't work right anymore. I'm not clear about what your point is as regards what this thread subject and the principle commentator to that subject are saying. What this thread is about is your not having had any responses to another thread about painfully slow, but the last time I had any understanding of what you were talking about I tho't it was concluded that somehow the geographical akamai service was poor for you and that if you put in the 'good' geographical IP that I was using that the slowness disappeared. Since that other thread, I haven't had any concept of what you are talking about; including this issue about the old suspicious favorites icon overflow bug problem. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 10 16:25:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 19:30:03 2004 Subject: [SpamCop-List] Re: Tricking the sc date? References: Message-ID: Mike Easter wrote: > The content of the spams is about an ebay seller's product and > promotes shopjimbos.homestead.com which is verio, but it also has a > 'strange' > > This is an advertisement from timetolaugh.info. Besides the timetolaugh 'line' - it also has a promotion for paypal that looks like paypal is running some kind of affiliates program. First, the spamsubject promotes paypal: Subject: Accept credit card payments online with PayPal!"PAY NO MONTHLY FEES" Second, a 'portion' of the payload spambody promotes paypal and that's the part that looks like an affiliate would 'get something' if you signed up with paypal... Accept credit card payments online with PayPal! "PAY NO MONTHLY FEES" When you signup for PayPal, you can start accepting card payments instantly. As the world's number one online payment service, PayPal is the fastest way to open your doors to over 40 million member accounts worldwide. Best of all, it's completely free to sign up! To sign up or learn more, click here: https://www.paypal.com/us/mrb/pal=MTUJ2T8QPUQDA ...so I'm saying that 'pal=MTUJ2T8QPUQDA' part looks to me like affiliate credit. So, I'm also saying that we are seeing paypal spamming their products from an earlier thread, and now it looks like we are seeing the effect of some kind of paypal affiliates program. I went to the paypal site, but I haven't been able to find an affiliate perq or 'bennie' from or for their merchants or buyer or seller programs. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 10 16:38:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 10 19:40:03 2004 Subject: [SpamCop-List] Re: Tricking the sc date? References: Message-ID: Mike Easter wrote: > ...so I'm saying that 'pal=MTUJ2T8QPUQDA' part looks to me like > affiliate credit. Aha! Seller Tools - Business Resources As a payment tools provider, how can I get MRB referral credit without requiring my customers to sign up for PayPal? You can get credit for your referrals by inserting your personalized referral code into Website Payment buttons (Buy Now, PayPal Shopping Card, Subscriptions, and Donations). Visit the MRB page on the website: https://www.paypal.com/mrb-intro Log in to your PayPal account Make note of the characters following "pal=" (ex: pal = "VV7GMLR24FXJJ"). In this case "VV7GMLR24FXJJ" would be your MRB referral code Add the variable "mrb=" and your referral code to any Website Payments button Your customer who uses the Website Payment button does not need to have a PayPal Account, and you will get MRB credit. https://www.paypal.com/us/cgi-bin/webscr?cmd=_help-ext&leafid=98961&answer_id=1934221 found in paypal help searching on 'pal' Plus, underneath that answer it sez: Other questions in this section What is the Merchant Referral Bonus? Earn up to $100.00 USD for each new Merchant or Business PayPal referral! You will receive your first $10.00 USD when the Business or Merchant you refer: Signs up Verifies their Business or Premier Account, and Sells $1,000.00 USD in products or services. Each month thereafter, you will receive additional bonus payments when the Business or Merchant you refer continues to sell using PayPal, up to $100.00 USD for each referral in the first six months the merchant has a PayPal Account. -- Mike Easter kibitzer, not SC admin From 9ucs5y001 at sneakemail.com Fri Dec 10 20:46:27 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Fri Dec 10 23:50:02 2004 Subject: [SpamCop-List] Re: What does "(SIMPLE)" mean in the report history log? References: Message-ID: "Ellen" wrote in message news:cpabd4$dfm$1@news.spamcop.net... > > It's other reports that don't count towards the bl. It is newish. Pardon my asking, but of what use is that other than clogging up the database with reports that didn't really matter, at least externally? DS From ben.de+SCnews at spamcop.net Fri Dec 10 21:10:02 2004 From: ben.de+SCnews at spamcop.net (Ben) Date: Sat Dec 11 00:10:03 2004 Subject: [SpamCop-List] Dubious or legit? Claim of "Can Spam" Complience. Message-ID: Humm.. I actually got a spam that 'appeared' to be in compliance with the "Can Spam" act. At the tail of the spam they had a section that said "US Can Spam Compliance" where they posted a postal address of both the company being advertised and the company who was spamming for a fee; a phone number, a FAX number, their "Customer Service" email address and a web address for "removal." Probably dubious but it appeared that they were trying to comply. Since it was sent to my throwaway Hotmail account (knowing better) I still tried their removal link. It claimed and promised that no more "offers" will be sent to that address, although it will take 48 to 72 hours to process the request. It is the first time in a year I have seen an attempt to even look like they were at least trying. From tmcgraw at spamcop.net Fri Dec 10 21:26:06 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Dec 11 00:30:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Ben wrote: > > Probably dubious but it appeared that they were trying to comply. > Since it was sent to my throwaway Hotmail account (knowing better) > I still tried their removal link. It claimed and promised that no more > "offers" will be sent to that address, although it will take 48 to > 72 hours to process the request. You should never be forced to unsubscribe from a list you never subscribed to in the first place. Most believe "unsub" links are a scam - even if the original sender never emails you again, they often sell your address as "live" to many other spammers. From wb8tyw at qsl.network Sat Dec 11 00:31:18 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 00:35:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Ben wrote: > Humm.. > > I actually got a spam that 'appeared' to be in compliance with > the "Can Spam" act. At the tail of the spam they had a section > that said "US Can Spam Compliance" where they posted a postal > address of both the company being advertised and the company who > was spamming for a fee; a phone number, a FAX number, their > "Customer Service" email address and a web address for "removal." I am not a lawyer, nor do I play one on TV. Besides the contact information, can-spam has other requirements. One is that the headers, routing information, and such must not be misleading. It also may require that the sender not use misleading subjects or misleading sending address. And I seem to recall that they are not allowed to harvest e-mail addresses from the internet or purchase them from someone else who has harvested them. In short, the are very few ways that they can legitimately have your e-mail address to spam and still be in compliance. And then there are very few networks that are not in sbl.spamhaus.org that will allow a spammer to operate, and the only way to get around the sbl.spamhaus.org is to use an open proxy or an open relay, or otherwise have "misleading" headers. -John wb8tyw@qsl.network Personal Opinion Only From skiwi at spamcop.net Fri Dec 10 21:42:19 2004 From: skiwi at spamcop.net (sk1w1) Date: Sat Dec 11 00:45:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Ben wrote: > >> Humm.. >> >> I actually got a spam that 'appeared' to be in compliance with >> the "Can Spam" act. At the tail of the spam they had a section >> that said "US Can Spam Compliance" where they posted a postal >> address of both the company being advertised and the company who >> was spamming for a fee; a phone number, a FAX number, their >> "Customer Service" email address and a web address for "removal." > > > I am not a lawyer, nor do I play one on TV. > > Besides the contact information, can-spam has other requirements. [snip] Also, the use of BLs is in compliance with 'Can Spam' - or more specifically, isn't not in compliance (if that makes sense?) :-) That is, have no qualms reporting the a-hole if you didn't sign up for the crap! For those in the US there is an inherent right to a freedom of speech but no compliance that anyone has to listen! :-) Yeah, yeah, I know that spam is not a freedom of speech issue according to the courts (sic?) - its a *simile*! :-) From agent01413 at my-deja.com Sat Dec 11 00:11:45 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Sat Dec 11 02:10:02 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: [posted and mailed] Pausing only once for breath, "Karen" said: [addresses munged by me, not by original poster] > > : host a.mx.saintleo.edu[199.44.215.33] > said: 591 your host [199.184.119.13] is blacklisted by bl.spamcop.net > - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply > to RCPT TO command) > > : host a.mx.saintleo.edu[199.44.215.33] > said: 591 your host [199.184.119.13] is blacklisted by bl.spamcop.net > - contact your IT or ISP - copy to blacklist@saintleo.edu. (in reply > to RCPT TO first, as a spammer, i want to thank you for including the valid addresses of your correspondents at saintleo in your post to facilitate my harvesting them and spamming them more. I know that the people who asked you for your IPA only needed your IPA, but your decision to seek revenge on those who refused your traffic by posting their addresses on usenet mean more spam targets for me. again, thank you. not really, but if you ever did that to an address on my domain your block would be permanent because you aren't safe around a computer. I see spam in my logs originating from your IPA 199.184.119.13 advertising prescription drugs. The list is valid. Given your demonstrated carelessness, my immediate suspicion is viruses. -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "The day Microsoft makes something that doesn't suck is probably the day that they start making vacuum cleaners."--Doc in alt.privacy From ric.gates at bigsleep.org Sat Dec 11 09:54:39 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sat Dec 11 04:55:53 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On 10 Dec 2004 sk1w1 entered spamcop and left news:cpe1bs$pko$1@news.spamcop.net: > That is, have no qualms reporting the a-hole if you didn't sign up for > the crap! > > For those in the US there is an inherent right to a freedom of speech > but no compliance that anyone has to listen! :-) Yeah, yeah, I > know that spam is not a freedom of speech issue according to the courts > (sic?) - its a *simile*! :-) > No, you are right. But I don't think it's really a freedom of speech issue. If I have a publically posted address, they can send junk to it, but I am under no obligation to accept it. On the other hand if they use a dictionary attack to try to discover an address, that is abusive and should be treated as such. Most spam attempts are abusive, misleading or excessive and should be treated as a public nuisance - like a stinky drunk puking in the street, or AOL ads ;-) . -- | Ric | From ric.gates at bigsleep.org Sat Dec 11 09:57:50 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sat Dec 11 05:00:17 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On 11 Dec 2004 Blammo entered spamcop and left news:Xns95BC13903FCCEblammo@216.154.195.61: > like a stinky drunk puking in the street Actually, a lot more like a stinky drunk pounding on your front door begging for change. -- | Ric | From nobody at nowhere.invalid Sat Dec 11 11:01:24 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Dec 11 05:05:38 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On Sat, 11 Dec 2004 09:54:39 +0000 (UTC), Blammo coughed into spamcop and left this in : > ...and should be treated as a public nuisance - like a stinky drunk > puking in the street, or AOL ads ;-) . s/ads/CDROMs/ Now, that's a public nuisance! -- Steve If it jams --- force it. If it breaks, it needed replacing anyway. From ric.gates at bigsleep.org Sat Dec 11 10:14:12 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sat Dec 11 05:15:52 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: On 09 Dec 2004 Ellen entered spamcop and left news:cpb9i3$58v$1@news.spamcop.net: > I have no idea what they plan to do, if anything. We pretty much > agreed to disagree. People who use C/R systems just love them of > course and they don't want to hear that they are selfishly shifting > their spam problem onto other people. The bottom line is -- their > users like C/R; the ISP finds it works for them. So their solution to abuse is more abuse. Any way you slice it, C/R is abusive, just like spam. -- | Ric | From puoti at inwind.it Sat Dec 11 12:05:03 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 06:10:03 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver In-Reply-To: References: Message-ID: You can use this page instead http://www003.portalis.it/115/SpamVampire.html Ivan. From gordon at usenet2.hostroute.co.uk Sat Dec 11 11:15:30 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 06:20:03 2004 Subject: [SpamCop-List] AOL: Client TOS Notification Message-ID: We have started receiving these to an address we do nut use for abuse issues. It is the address which is the admin contact for the domain our server host names are based on. Whats worse is that instead of sending one (like Spamcop does) they send one for each time someone clicks onthe "report spam" button in AOL. One incident on the 7th has so far resulted in over 1000 of these emails from AOL. As far as I am concerned these messages from AOL are spam. We never gave them that address or permission to mail it. We did not ask to receive thousands of these messages. In anay case all web hosts have the same probnlems with insecure PHP scripts being used to send spam. Short of disabling mail() there is not much we can do other than stop the spam once it starts. I am still getting AOL reports for the incedent on the 7th and this is now 4 days later so the reports are of no value at all. From pete+usenet at heypete.com Sat Dec 11 04:03:04 2004 From: pete+usenet at heypete.com (Pete Stephenson) Date: Sat Dec 11 07:05:04 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: In article , "Gordon Hudson" wrote: > It is the address which is the admin contact for the domain our server host > names are based on. Do you have a contact address listed with http://www.abuse.net/ for your domain(s)? I'm not sure about AOL's system, but I do know that SpamCop utilizes the abuse.net system to get appropriate contact information. If it fails to find a listing there, it falls back to domain contacts. > In anay case all web hosts have the same probnlems with insecure PHP scripts > being used to send spam. Not so. There are some, but if you have up-to-date versions of PHP and appropriate protective measures in place the problems can be repaired. There are tens of thousands of web hosts out there that support PHP, and a tiny, tiny fraction of the spam I receive is sent from them. Keep your systems patched, up-to-date, and as secure as you can make them and the problem will all but disappear. As for the AOL issue, try asking on the SPAM-L mailing list (Google for it). There's an AOL mail administrator who is frequently involved on the list. He's a Good Guy(tm) and does some great work. Cheers! -- Pete Stephenson HeyPete.com From puoti at inwind.it Sat Dec 11 13:07:55 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 07:10:03 2004 Subject: [SpamCop-List] 202.102.230.36 Message-ID: The IP 202.102.230.36 is hosting dozens of sites, only accepts connections to the various domain names it hosts, and is obviously being used by a spam gang. The chinese ISP hosting it appears to have no intention of closing it down. The spammers have set up a system to prevent spamvampire connections, so instead of putting up a web page, I'm posting an html page here as an attachment. I'm quite sure most spam reporters here get spam from these guys, and I'm also quite sure that even a billion reports a day won't make much difference, so if you want to take some serious action to stop these guys, you can run the attached page, just save it to your hard drive and open it with any browser. Before any nice guys start saying that it may be spyware or some other s**t, I invite anyone that wants to to check out the source. If enough people run this page, we will give the spammers a nice surprise when they get their ISP bill, and if they disappear into thin air instead of paying the ISP will learn not to trust spammers. Ivan. From MikeE at ster.invalid Sat Dec 11 04:39:31 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 07:40:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: From: Ivan Leo Puoti Lines: 451 Content-Type: multipart/mixed; Content-Type: text/plain; Content-Type: text/html; Prevent spammers from making a profit This page requires JavaScript and a W3C DOM capable browser. The spammers must be making you nuts/crazy! What are you thinking about? This is not an appropriate place [Hello! this is a newsgroup!] to be posting this zany idea. I'll be very surprised if you don't get into trouble over this. Ivan Leo Puoti wrote: > The IP 202.102.230.36 is hosting dozens of sites, only accepts connections to the various domain names it hosts, and is obviously being used by a spam gang. The chinese ISP hosting it appears to have no intention of closing it down. The spammers have set up a system to prevent spamvampire connections, so instead of putting up a web page, I'm posting an html page here as an attachment. I'm quite sure most spam reporters here get spam from these guys, and I'm also quite sure that even a billion reports a day won't make much difference, so if you want to take some serious action to stop these guys, you can run the attached page, just save it to your hard drive and open it with any browser. Before any nice guys start saying that it may be spyware or some other s**t, I invite anyone that wants to to check out the source. If enough people run this page, we will give the spammers a nice surprise when they get their ISP bill, and if they disappear into thin air instead of paying the ISP will learn not to trust spammers. Prevent spammers from making a profit Please enjoy the image gallery as long as you like. You can minimize the window and let it run all day long. This modified version of The Lad Vampire is attacking spammer's servers- 24 hours / 7 days a week! The whole time this page is running on your machine you are stealing bandwidth from these web sites, and this makes spam hosting more expensive and less profitable. If hosting costs go up enough, they will go out of business. You can leave this page open all the time when your connection is idle, for example if you're connected 24/7 you could leave this page open all night. Healthy: The script has few or no problems loading this image. The image is reloaded 15 seconds after a failed load attempt. Suffering: The image failed to load at least 5 times in a row. The website may have been suspended but maybe the server is just down or overloaded. The image is reloaded approx. 45 minutes after a failed load attempt. Dead: The image failed to load 8 times in a row. The website is supposed to be dead and the script does not try to reload the image any more. If you are sure the status shown is incorrect you may override it by using the radio buttons above. -- Mike Easter kibitzer, not SC admin From puoti at inwind.it Sat Dec 11 14:14:08 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 08:20:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > The spammers must be making you nuts/crazy! Yes, they are. > What are you thinking > about? My message should be quite clear. > This is not an appropriate place [Hello! this is a newsgroup!] > to be posting this zany idea. Newsgroups are used to communicate and discuss over ideas, no? > I'll be very surprised if you don't get into trouble over this. I bet I won't, but for now I'll wait and see. Just trying to do something that actually makes a difference. Ivan. From puoti at inwind.it Sat Dec 11 14:14:41 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 08:20:13 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: BTW maybe you shouldn't leave the whole message you're replying to in replies. Ivan. From MikeE at ster.invalid Sat Dec 11 05:32:07 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 08:35:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Ivan Leo Puoti wrote: > BTW maybe you shouldn't leave the whole message you're replying to in > replies. I figgered that sooner or later your original message is going to be gone, and then people would have a hard time figuring out what we are talking about. In fact, I would encourage you to cancel it yourself. If you want to provide a weblink to something you would like to request for someone to copy and run that is a completely different thing than posting it here where someone opens the html 'unwittingly' and insecurely. The SC admin has some remote responsibility for what is going on on the newsserver, and this isn't usenet at large. SC isn't promoting vampiring or html posting especially with javascript running. And there are many 'unwary' newsgroup posters whose configuration may be sufficiently loose or insecure that you induce or 'force' to run 'your' [because you posted it] javascript to do 'your' wishes [because the reader of the post didn't write the script] to perform what most of the people reading around here consider to be an abusive activity. Also, there are 438 domains being hosted at that IP. Do you know what they all are? -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Dec 11 17:40:08 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 11 08:45:01 2004 Subject: [SpamCop-List] Re: Strangeness? SC "not resolving" working URLs heavily today. References: Message-ID: "nospam" wrote in message news:BDDDB4A2.12E8B%nobody@spamcop.net... > in article cp7fs5$i4c$1@news.spamcop.net, Mike Easter at MikeE@ster.invalid > wrote on 12/8/04 10:07 PM: > > > R. Asby Dragon wrote: > >> So far today: > >> 4 out of 8 submiisions have come back as "Cannot Resolve" the > >> spamvertised URL; but I can open them here. All of them are CN > >> hosted sites. They *are* "slow to open"; looks like things aren't > >> well on the routing. well it's getting real bad today, I've given up trying to reparse also as that seems to take forever, (if i "View entire message" and go back it takes about 2 minutes to come back, and moreoften than not still w/o linls resolved. Strangely sometimes they'll resolve one time and a few minutes later not, as if SC is not cacheing any more, or there is a too short timeout in SC's local cache of DNS names also I see more and more pains being taken by spammers to prevent link resolution, the most extreme being one hotmail specialist who has everything in C&P this URL into your browser now. I don't understand why, they're hosted on bulletproof servers, cnc-noc hanafo etc. I think there must be some good commercial Miltering software out there that is tagging onto spamvertized URLS that they are trying to get around. I can't imagine any other reason. The hosters don't have a record of caring, quite the contrary. From Kilgallen at SpamCop.net Sat Dec 11 07:55:16 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 11 09:00:04 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: In article , Pete Stephenson writes: > As for the AOL issue, try asking on the SPAM-L mailing list (Google for > it). There's an AOL mail administrator who is frequently involved on the > list. He's a Good Guy(tm) and does some great work. And he has posted many times about the mechanism for getting AOL to stop all "backscatter" to your IP address, just like SpamCop allows ISPs to control what reports they get. From puoti at inwind.it Sat Dec 11 15:08:13 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 09:10:03 2004 Subject: [SpamCop-List] 202.102.230.36 Message-ID: Moved posting to http://www003.portalis.it/115/202.102.230.36.html Ivan. From puoti at inwind.it Sat Dec 11 15:08:50 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 09:15:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > Also, there are 438 domains being hosted at that IP. Do you know what > they all are? No, but do I care? Ivan. From nobody at spamcop.net Sat Dec 11 00:26:40 2004 From: nobody at spamcop.net (Ellen) Date: Sat Dec 11 09:15:15 2004 Subject: [SpamCop-List] Re: What does "(SIMPLE)" mean in the report history log? References: Message-ID: "DS" <9ucs5y001@sneakemail.com> wrote in message news:cpdu32$nh9$1@news.spamcop.net... > > > Pardon my asking, but of what use is that other than clogging up the > database with reports that didn't really matter, at least externally? Well they don't matter if you are just looking at that page for BL info but they are used or being evaluated for use in other ways and that is a convenient place to put the count ... Ellen From puoti at inwind.it Sat Dec 11 15:11:47 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 09:15:22 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > In fact, I would encourage you to cancel it yourself. If you want to > provide a weblink to something you would like to request for someone to > copy and run that is a completely different thing than posting it here > where someone opens the html 'unwittingly' and insecurely. OK, I've done that. Ivan. From MikeE at ster.invalid Sat Dec 11 06:25:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 09:30:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Ivan Leo Puoti wrote: >> Also, there are 438 domains being hosted at that IP. Do you know >> what they all are? > No, but do I care? If you 'take down' the webserver as a result of excessive activity and if the webserver is serving numerous innocent websites, then you've 'hurt' the innocent non-spamvertised websites. You might consider that analogous to spews hurting innocent bystanders who are clients of spam supporting providers, but there are people who are concerned about that spews innocent bystander effect as well. In this case, this particular IP /isn't/ spews listed, altho' it is spamhaus listed as the single IP. So, you are targetting an IP which is not only not spews listed, but is only listed as a single IP as opposed to a block by spamhaus. Also, it isn't a spamhaus rokso either. So, you think you know about some 'spam gang' you are targetting - but really you are just upset because your own spamvampiring is being blocked. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Dec 11 06:27:11 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 09:30:13 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Ivan Leo Puoti wrote: > Moved posting to http://www003.portalis.it/115/202.102.230.36.html Thanks. I think it is better to do it that way. If you want to promote it, you could put the link down in your sig and thus 'mention it' every time you post. -- Mike Easter kibitzer, not SC admin From puoti at inwind.it Sat Dec 11 15:43:15 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 09:45:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > If you 'take down' the webserver as a result of excessive activity and > if the webserver is serving numerous innocent websites, then you've > 'hurt' the innocent non-spamvertised websites. > > You might consider that analogous to spews hurting innocent bystanders > who are clients of spam supporting providers, but there are people who > are concerned about that spews innocent bystander effect as well. In > this case, this particular IP /isn't/ spews listed, altho' it is > spamhaus listed as the single IP. So, you are targetting an IP which is > not only not spews listed, but is only listed as a single IP as opposed > to a block by spamhaus. Also, it isn't a spamhaus rokso either. > > So, you think you know about some 'spam gang' you are targetting - but > really you are just upset because your own spamvampiring is being > blocked. You're welcome to send the the domain names of non spam related sites, if there are any, and I'll reconsider my decision. Ivan. From gordon at usenet2.hostroute.co.uk Sat Dec 11 14:43:52 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 09:50:03 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Pete Stephenson" wrote in message news:pete+usenet-C904DF.04030411122004@news.cesmail.net... > In article , > "Gordon Hudson" wrote: > >> It is the address which is the admin contact for the domain our server >> host >> names are based on. > > Do you have a contact address listed with http://www.abuse.net/ for your > domain(s)? Yes. AOL are using the admin email address for the domain the Ip reolves to. I have now received a batch of 30 for an incident in mid November. This is basically spam as all it is the original spam attached to an empty email with no explanation of why it is being sent to us. I am probably just going to block AOL's IP's at our mail serve ror further back at the routers. > Not so. There are some, but if you have up-to-date versions of PHP and > appropriate protective measures in place the problems can be repaired. > There are tens of thousands of web hosts out there that support PHP, and > a tiny, tiny fraction of the spam I receive is sent from them. > > Keep your systems patched, up-to-date, and as secure as you can make > them and the problem will all but disappear. Nope, wont work. Customer signs up with stolen card. uses the mail() function to send spam. We find him, but in the 2 hours ince he has flooded us with spam. We could disable the mail() function but would lose all our customers. All of those hosts you quote will have exactly the same problem. From gordon at usenet2.hostroute.co.uk Sat Dec 11 14:44:43 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 09:50:13 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Larry Kilgallen" wrote in message news:iuv4XYBbRT+D@eisner.encompasserve.org... > In article , Pete > Stephenson writes: > >> As for the AOL issue, try asking on the SPAM-L mailing list (Google for >> it). There's an AOL mail administrator who is frequently involved on the >> list. He's a Good Guy(tm) and does some great work. > > And he has posted many times about the mechanism for getting AOL > to stop all "backscatter" to your IP address, just like SpamCop > allows ISPs to control what reports they get. Blocking their IP's will work. In any case, we get a single spamcop report for each incident and they are not weeks old, useful and not intrusive. From MikeE at ster.invalid Sat Dec 11 06:49:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 09:50:21 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Ivan Leo Puoti wrote: > You're welcome to send the the domain names of non spam related sites, > if there are any, and I'll reconsider my decision. Most of them look pretty spammy; I'll stick them all over in the ng .spam so they won't clutter up space here. -- Mike Easter kibitzer, not SC admin From gordon at usenet2.hostroute.co.uk Sat Dec 11 14:52:46 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 09:55:02 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Gordon Hudson" wrote in message news:cpf171$cj1$1@news.spamcop.net... > > "Pete Stephenson" wrote in message > news:pete+usenet-C904DF.04030411122004@news.cesmail.net... >> In article , >> "Gordon Hudson" wrote: >> >>> It is the address which is the admin contact for the domain our server >>> host >>> names are based on. >> >> Do you have a contact address listed with http://www.abuse.net/ for your >> domain(s)? > > Yes. > AOL are using the admin email address for the domain the Ip reolves to. > I have now received a batch of 30 for an incident in mid November. > > This is basically spam as all it is the original spam attached to an empty > email with no explanation of why it is being sent to us. > I am probably just going to block AOL's IP's at our mail serve ror further > back at the routers. > > > >> Not so. There are some, but if you have up-to-date versions of PHP and >> appropriate protective measures in place the problems can be repaired. >> There are tens of thousands of web hosts out there that support PHP, and >> a tiny, tiny fraction of the spam I receive is sent from them. >> >> Keep your systems patched, up-to-date, and as secure as you can make >> them and the problem will all but disappear. > > > Nope, wont work. > Customer signs up with stolen card. > uses the mail() function to send spam. > We find him, but in the 2 hours ince he has flooded us with spam. > > We could disable the mail() function but would lose all our customers. > > All of those hosts you quote will have exactly the same problem. Let me clarify. I think AOL are mailbombing me to try and put pressur eon me to stop spammers. It certainly vomes across liek that and I am treating it as an abuse issue. Certainly the messages are of no value. Here is a header from the latest reported spam: Received: from karcam11 by server2.dedicateduk.com with local (Exim 4.43) id 1CXBrR-0002H6-LH; Thu, 25 Nov 2004 05:08:05 +0000 25th November? Get real. That has no value as a spam report. That issue was reolved within a couple of hours of the event. Its just a mail bombing. If I did that to AOL they would report me to my ISP. From MikeE at ster.invalid Sat Dec 11 06:55:33 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 10:00:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Ivan Leo Puoti Date: Sat, 11 Dec 2004 15:43:15 +0000 NNTP-Posting-Date: Sat, 11 Dec 2004 14:44:46 +0000 (UTC) Your clock doesn't have the correct timezone/offset, so you're showing time in the future; ie you're 'fast'. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Sat Dec 11 09:55:17 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 10:00:13 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: <-7qdnaEVv9TIlybcRVn-rw@adelphia.com> Steven Maesslein wrote: > On Sat, 11 Dec 2004 09:54:39 +0000 (UTC), Blammo coughed into spamcop > and left this in : > >>...and should be treated as a public nuisance - like a stinky drunk >>puking in the street, or AOL ads ;-) . > > s/ads/CDROMs/ > > Now, that's a public nuisance! Now if unsoliticed CD-ROMs were re-writable, then that would be a different story. Most of my in-use floppies at home were mailed to me by various ISPs. -John wb8tyw@qsl.network Personal Opinion Only From puoti at inwind.it Sat Dec 11 16:00:16 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 10:05:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > Your clock doesn't have the correct timezone/offset, so you're showing > time in the future; ie you're 'fast'. My clock appears to show both the correct time and time zone. Anyway I haven't checked all the domains but I think the spammers are just running the server, registering domains and pointing them to the server, the hoster is so spam friendly they can just register domain names without ever having to change host. They are probably paying a lot for the server, but considering I'm getting spam from them every other minute, I'm not very inclined to stop out of political correctness, they are DDoSing my email servers, so I'm just giving them some of their own medicine. Ivan. From rwmarbleAT at yahooDOT.com Sat Dec 11 10:23:21 2004 From: rwmarbleAT at yahooDOT.com (I'm_a_victim) Date: Sat Dec 11 10:25:03 2004 Subject: [SpamCop-List] Re: Why won't this work? References: Message-ID: "Miss Betsy" wrote in message news:cot92m$4sr$1@news.spamcop.net... > > OTOH, there are enough people using it so that responsible people > can find an ISP who is responsible enough to both prevent spammers > and to use blocklists. > And it is hampering the spammers enough so that they are resorting > to trojanizing computers to send their spew. > Well I understand the replies. My problem is that I am running our of available "blocks". I use Yahoo and there are only 200 blocks available. I am rapidly filling them up. My blocking spam is no incentive for an ISP that hosts a spammer to stop the spam. I would think that many US based ISP would be interested in blocking the 60 - 80% of the traffic that is spam. We are rapidly approaching the point where people will stop using email because of all the crap coming from the spammers. If a foreign spammer ISP isn't interested enough to shut down the spammer then shut 100% of all email for a week or 2 or more on repeated violations. from all domains from that ISP. The legit customers would complain and probably start switching ISP. If enough customers switched that would be the incentive for the ISP to actually shut down / off the spammers. Oh well thanks for replies. From wb8tyw at qsl.network Sat Dec 11 10:26:09 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 10:30:02 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification In-Reply-To: References: Message-ID: Gordon Hudson wrote: > "Pete Stephenson" wrote in message > news:pete+usenet-C904DF.04030411122004@news.cesmail.net... > >> >>Keep your systems patched, up-to-date, and as secure as you can make >>them and the problem will all but disappear. > > Nope, wont work. > Customer signs up with stolen card. If this is on the web, are you verifying that the signup is not from an I.P. address that is already on an open proxy or sbl-xbl.spamhaus.org, bl.spamcop.net list? The only signups that you will get from those addresses will be fraudulent. > uses the mail() function to send spam. > We find him, but in the 2 hours ince he has flooded us with spam. > > We could disable the mail() function but would lose all our customers. Rate limit the amount of mail to 10 recipients delivered per day until for the first few days, then slowly ramp up the amount of mail allowed. Or find some other means to verify that the credit card is not stolen. And do not allow mail to be sent from any known open proxy or I.P. address found in sbl-xbl.spamhaus.org or in spamcop.net. > All of those hosts you quote will have exactly the same problem. Then they not only end up on the public blocking lists, they also end up on the private blocking lists. 2 hours is way too long to allow a spam run. My inboxes for the past three months has been being hit with bursts of Advance Fee Scams and 419 scams from "insecure" web mailers. They seem to be coming from only a small number of networks. By looking at the timestamps, it appears that it takes them 2 hours to get 1/2 way through the alphabet. So it appears that most networks know how to prevent their web mail services from being used by spammers. -John wb8tyw@qsl.network Personal Opinion Only From puoti at inwind.it Sat Dec 11 16:29:02 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 10:35:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: > Most of them look pretty spammy; I'll stick them all over in the ng > .spam so they won't clutter up space here. I'm now in the process of selecting all cheap OEM sites from the domains and sending them on to the software corporations. I think they are quite US spammers, for reasons you can very easily work out from some of the sites, and as soon as they get my email within hours the vendors will gather enough proof to get the spammers convicted to a trillion years of prison and a quadrillion dollars of fines, and that is the end of possibilities of legal threats from the spammers. This should also protect anybody helping me from prosecution, because as soon as the spammers show themselves they will become very busy running from the law and will have no time to waste with spam fighters. Ivan. From wb8tyw at qsl.network Sat Dec 11 11:05:15 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 11:10:02 2004 Subject: [SpamCop-List] Re: Why won't this work? In-Reply-To: References: Message-ID: I'm_a_victim wrote: > > Well I understand the replies. My problem is that I am running our of > available "blocks". I use Yahoo and there are only 200 blocks available. I > am rapidly filling them up. It is easy to find examples of spam blocking and filtering that do not work. It is also easy to find examples of spam blocking and filtering that do work. Unfortunately the ones that do not work well are the most popular for the following reasons: 1. The ones that work are free, or low cost, so they do not buy advertising in the trade press, or put products on the shelf at the computer stores. 2. The ones that work give instant feedback to real senders if their message was blocked by mistake. This makes any errors visible. When a real message is blocked by a service that tags or quarantines spam, in most cases neither the sender or the recipient knows. 3. Most of ones that work do not allow per-user's exemption or setting, and if they are working properly they do not need it. Having a per-user customization generally indicates an acknowledgment that the filter method is too flawed to be trusted. 4. The ones that work require that the sending ISP fix the problem for their users to send e-mail. This is considered unfair by some because it punishes the ISP's customer. Back when spamcop.net evidence was more readily available, in the cases I looked up from complaints in this forum generally showed that that the ISP's that told their customers that they did not know why the block was in place had been receiving reports for about 1 week before the threshold got high enough to cause a block. The network staff that I used to work with would be embarrassed if it took them more than 2 minutes to isolate a problem system on the network, and that was with out automatic systems. > My blocking spam is no incentive for an ISP that hosts a spammer to stop the > spam. That is because the service you mentioned is apparently not blocking spam. They are apparently accepting it, and either tagging it or blackholing it it. Neither provides any feedback to spam supporting networks. Both allow spam supporting networks to mix spam and real e-mail from the same mail servers. Reporting your spam through spamcop.net causes many mail servers to consider not accepting spam from that I.P. address. Also please go read the FAQ http://www.spews.org. > I would think that many US based ISP would be interested in blocking the > 60 - 80% of the traffic that is spam. We are rapidly approaching the point > where people will stop using email because of all the crap coming from the > spammers. They are not because apparently the people that are paying attention to the profit and loss at the ISP are not looking at a line item for how much it is costing them. If they did, they would use effective spam blocking. However they have a small but vocal customer base that thinks that all spam blocking is evil because of the small risk it could block a real message by mistake. What these vocal customers and these ISPs do not realize is that statistically by allowing the spam into the mail server to begin with, they are increasing the chances that real e-mail will get silently lost. For mail servers that refuse e-mail from spam and virus sources, I see only a small number of users asking questions about why a block was in place so a message was refused, and that issue gets a quick answer. From the mail servers that try to sort spam by content and individual preferences, I see lots of reports of servers being unexpectedly down, and mail being lost. > If a foreign spammer ISP isn't interested enough to shut down the spammer > then shut 100% of all email for a week or 2 or more on repeated violations. My main postmasters will not remove the block until given a reason by one of their customers, and it does not take two violations to get on that block. For some countries, 1 spam report gets at least a /24 (256 addresses in layman's terms) blocked. > from all domains from that ISP. The legit customers would complain and > probably start switching ISP. If enough customers switched that would be the > incentive for the ISP to actually shut down / off the spammers. There are ISPs that do that. AOL.COM is one that will put in a domain wide block from an ISP that allows spam. That is known because it was in the media. The blocked ISP complained for 48 hours that it was unreasonable and impractical for them to solve the problem. After about 72 hours of the block, the blocked ISP discovered that it was practical to fix the problem and did so. > Oh well thanks for replies. The issue is not that it can not be done, it is that your ISP either does not understand how much extra it is costing them to accept spam from known spam sources, or they do not care as long as they can pass the added cost on to their customers. And it may be that their customers are not aware of how much of their ISP bill is going to pay for the costs incurred for allowing spam into the mail server, and how much less reliable it makes the mail server. In the "LOUNGE" section of the web forum for spamcop.net, there is a pinned topic on the "cost of spam". What you need to do is learn about the costs of spam, and get the other users of your ISP aware. One of the key things missing from the U.S. CAN-SPAM law is some incentive to punish an ISP that is either knowingly allowing a spammer to violate the CAN-SPAM law, or by their inaction is allowing spammers to route through an insecure system on their network. A full service ISP should be able to shut down the spew from a compromised computer in far less than one hour. The worst case for other networks should be one business day. If you are in the U.S. call your congress person on the phone and ask them why those provisions are not present. Get all your friends and neighbors to also call. Using the phone ties up their staffers, so they have to pay more attention. E-mails and letters can sit in a queue ignored until a bed-bug response is sent. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Sat Dec 11 11:17:03 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 11:20:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: >> Most of them look pretty spammy; I'll stick them all over in the ng >> .spam so they won't clutter up space here. > > > I'm now in the process of selecting all cheap OEM sites from the domains > and sending them on to the software corporations. The last time I was getting lots of spam from them it appeared that the web sites were being hosted on trojaned machines, and so were some of the DNS servers. The system was basically spam-vampire and DDOS proof as it was constantly jumping from I.P. address to I.P. address. If you trace back the domain name to it's domain server domain, you will probably find a common pattern, and that DNS is only hosting the spammer sites. The domains that are used to reference the web sites are through aways, The spammer has already countered your tactic by assuming that those domains will be blocked by spam filters within 72 hours of the spam run. After that they are discarded. The domain servers though are used over and over again. They appeared to be adding a new domain server domain every 2 months. If you want to cause them the most problems, get the domain for the domain name servers canceled. It makes all their current domains inaccessible until they recover. It seems to take the spammer at least 2 days to discover that their domain name server is gone, and then it seems to take them at least several days to get a new one set up. Before you get the domain name server domain shutdown, get a list of the spammer domains on it. After the domain name server domain is shutdown, then you can go after the throw-away domains for target practice. Good hunting. -John wb8tyw@qsl.network Personal Opinion Only From puoti at inwind.it Sat Dec 11 17:28:34 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 11:35:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: > If you want to cause them the most problems, get the domain for the > domain name servers canceled. And how can I do that? Also hanaro must know that the server is used by spammers, it's somewhat unlikely they don't approve it. Ivan. From puoti at inwind.it Sat Dec 11 17:29:45 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 11:35:14 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (Direct download link) In-Reply-To: References: Message-ID: To download the anti-202.102.230.36 spamvampire follow this link http://www003.portalis.it/115/download/202.102.230.36.zip Ivan. From gordon at usenet2.hostroute.co.uk Sat Dec 11 16:34:59 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 11:40:03 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "John E. Malmberg" wrote in message news:RZqdnd5RBo0PjCbcRVn-hA@adelphia.com... > If this is on the web, are you verifying that the signup is not from an > I.P. address that is already on an open proxy or sbl-xbl.spamhaus.org, > bl.spamcop.net list? The only signups that you will get from those > addresses will be fraudulent. Yes we do all of that. We have lots of fraud screening in place. December is our peak period for this sort of thing with the 25th being the biggest day of the year. Those two incidents came from non blacklisted IP's. >> uses the mail() function to send spam. >> We find him, but in the 2 hours ince he has flooded us with spam. >> >> We could disable the mail() function but would lose all our customers. > > Rate limit the amount of mail to 10 recipients delivered per day until for > the first few days, then slowly ramp up the amount of mail allowed. > Or find some other means to verify that the credit card is not stolen. Can't be done with the number of customers we have. In any scaleable or manageable way. > And do not allow mail to be sent from any known open proxy or I.P. address > found in sbl-xbl.spamhaus.org or in spamcop.net. > >> All of those hosts you quote will have exactly the same problem. > > Then they not only end up on the public blocking lists, they also end up > on the private blocking lists. We are not on any blocking lists (or at least rarely) > 2 hours is way too long to allow a spam run. > > My inboxes for the past three months has been being hit with bursts of > Advance Fee Scams and 419 scams from "insecure" web mailers. They seem to > be coming from only a small number of networks. > By looking at the timestamps, it appears that it takes them 2 hours to get > 1/2 way through the alphabet. > > So it appears that most networks know how to prevent their web mail > services from being used by spammers. Obviously we are crap. I get the message. The problem is that we are very large and as a reult we will get more spammers than most web hosts. AOL are mailbombing me. Thats the end of the story as far as I am concerned. Another 100 since this morning for incidents more than 5 days ago. One report is sufficient. From gordon at usenet2.hostroute.co.uk Sat Dec 11 16:40:14 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 11:45:03 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Gordon Hudson" wrote in message news:cpf7nc$h77$1@news.spamcop.net... > > "John E. Malmberg" wrote in message > news:RZqdnd5RBo0PjCbcRVn-hA@adelphia.com... > >> If this is on the web, are you verifying that the signup is not from an >> I.P. address that is already on an open proxy or sbl-xbl.spamhaus.org, >> bl.spamcop.net list? The only signups that you will get from those >> addresses will be fraudulent. > > > Yes we do all of that. > We have lots of fraud screening in place. > December is our peak period for this sort of thing with the 25th being the > biggest day of the year. > > Those two incidents came from non blacklisted IP's. > >>> uses the mail() function to send spam. >>> We find him, but in the 2 hours ince he has flooded us with spam. >>> >>> We could disable the mail() function but would lose all our customers. >> >> Rate limit the amount of mail to 10 recipients delivered per day until >> for the first few days, then slowly ramp up the amount of mail allowed. >> Or find some other means to verify that the credit card is not stolen. > > Can't be done with the number of customers we have. > In any scaleable or manageable way. > >> And do not allow mail to be sent from any known open proxy or I.P. >> address found in sbl-xbl.spamhaus.org or in spamcop.net. >> >>> All of those hosts you quote will have exactly the same problem. >> >> Then they not only end up on the public blocking lists, they also end up >> on the private blocking lists. > > > We are not on any blocking lists (or at least rarely) > >> 2 hours is way too long to allow a spam run. >> >> My inboxes for the past three months has been being hit with bursts of >> Advance Fee Scams and 419 scams from "insecure" web mailers. They seem >> to be coming from only a small number of networks. >> By looking at the timestamps, it appears that it takes them 2 hours to >> get 1/2 way through the alphabet. >> >> So it appears that most networks know how to prevent their web mail >> services from being used by spammers. > > Obviously we are crap. > I get the message. > > The problem is that we are very large and as a reult we will get more > spammers than most web hosts. > > AOL are mailbombing me. > Thats the end of the story as far as I am concerned. > > Another 100 since this morning for incidents more than 5 days ago. > > One report is sufficient. Actually there are a few things you can do: Run PHP in safe mode to prevent some abuse, but most customers can't write or install code that works in safe mode. e.g. most forum software will not work in safe mode. The mail() function runs as user nobody so rate limiting is inappropriate as it would affect all users. You cna run phpexec but this is prone to problems and customers cannot code within those confines either. basically preventing access to mail() is the only way to stop it. From mrichter at cpl.net Sat Dec 11 08:43:24 2004 From: mrichter at cpl.net (Mike Richter) Date: Sat Dec 11 11:45:15 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Ben wrote: > Humm.. > > I actually got a spam that 'appeared' to be in compliance with > the "Can Spam" act. At the tail of the spam they had a section > that said "US Can Spam Compliance" where they posted a postal > address of both the company being advertised and the company who > was spamming for a fee; a phone number, a FAX number, their > "Customer Service" email address and a web address for "removal." > > Probably dubious but it appeared that they were trying to comply. > Since it was sent to my throwaway Hotmail account (knowing better) > I still tried their removal link. It claimed and promised that no more > "offers" will be sent to that address, although it will take 48 to > 72 hours to process the request. > > It is the first time in a year I have seen an attempt to even > look like they were at least trying. IMHO, it is irrelevant. Spam is unwelcome even if it is legal. There are many legal activities which are considered improper - loud conversation at a play, for example. The perpetrator may be advised of his error or even removed from that environment for impropriety even if the law does not prohibit his action. SC identifies and publishes sources of misbehavior; it is not involved in enforcement of law. Mike -- mrichter@cpl.net http://www.mrichter.com/ From usenet1 at DE.LETE.THISljvideo.com Sat Dec 11 16:57:11 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Dec 11 12:00:36 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: Waiving the right to remain silent, "Mike Easter" said: > Ivan Leo Puoti wrote: > >>> Also, there are 438 domains being hosted at that IP. Do you >>> know what they all are? > >> No, but do I care? > > If you 'take down' the webserver as a result of excessive > activity and if the webserver is serving numerous innocent > websites, then you've 'hurt' the innocent non-spamvertised > websites. Anything emanating from that IP range is worth blocking. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From 9ucs5y001 at sneakemail.com Sat Dec 11 09:15:15 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Sat Dec 11 12:20:02 2004 Subject: [SpamCop-List] Re: What does "(SIMPLE)" mean in the report history log? References: Message-ID: "Ellen" wrote in message news:cpev8c$b2m$1@news.spamcop.net... > Well they don't matter if you are just looking at that page for BL info > but > they are used or being evaluated for use in other ways and that is a > convenient place to put the count ... > Good nuff for me. Thanks Ellen. Dan From wb8tyw at qsl.network Sat Dec 11 12:17:08 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Dec 11 12:20:18 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: >> If you want to cause them the most problems, get the domain for the >> domain name servers canceled. > And how can I do that? The typical way is to prove that the contact information is not valid. In some cases they use an invalid e-mail account, or such use of an e-mail account for commercial service is a violation of TOS. So the first step is to get the e-mail account cancelled, and once it is cancelled the contact information for the domain is no longer valid. > Also hanaro must know that the server is used by spammers, it's somewhat > unlikely they don't approve it. It is questionable if they even look at the abuse reports. -John wb8tyw@qsl.network Personal Opinion Only From SpamCopNews.5.myspamgobbler at spamgourmet.com Sat Dec 11 09:23:52 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Sat Dec 11 12:25:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Ben wrote: > Humm.. > > I actually got a spam that 'appeared' to be in compliance with > the "Can Spam" act. At the tail of the spam they had a section > that said "US Can Spam Compliance" where they posted a postal > address of both the company being advertised and the company who > was spamming for a fee; a phone number, a FAX number, their > "Customer Service" email address and a web address for "removal." > > Probably dubious but it appeared that they were trying to comply. > Since it was sent to my throwaway Hotmail account (knowing better) > I still tried their removal link. It claimed and promised that no more > "offers" will be sent to that address, although it will take 48 to > 72 hours to process the request. > > It is the first time in a year I have seen an attempt to even > look like they were at least trying. One way to know is to unsubscribe with an account at spamgourmet.com or something similar. You can create an address for each that will allow you to know when that address is spammed. Such as companyIunsubscrbefrom.5.username at spamgourmet dot com An example is my address in the header of this message. spamgourmet will then forward any replies to your specified address for the number that you specify in the address (5 in this example). After 5 replies, the email/spam is eaten and you never see any more unless you choose to change it. Brian From puoti at inwind.it Sat Dec 11 18:27:27 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 12:30:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: >>> If you want to cause them the most problems, get the domain for the >>> domain name servers canceled. > > >> And how can I do that? > > > The typical way is to prove that the contact information is not valid. > > In some cases they use an invalid e-mail account, or such use of an > e-mail account for commercial service is a violation of TOS. So the > first step is to get the e-mail account cancelled, and once it is > cancelled the contact information for the domain is no longer valid. Who have I got to contact to get anything done about the whois info (That is what you are talking about, right?)? Ivan. From porpoise1954 at yahoo.co.uk Sat Dec 11 17:31:40 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 11 12:35:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: <-7qdnaEVv9TIlybcRVn-rw@adelphia.com> Message-ID: "John E. Malmberg" wrote in message news:-7qdnaEVv9TIlybcRVn-rw@adelphia.com... > Steven Maesslein wrote: >> On Sat, 11 Dec 2004 09:54:39 +0000 (UTC), Blammo coughed into spamcop >> and left this in : >> >>>...and should be treated as a public nuisance - like a stinky drunk >>>puking in the street, or AOL ads ;-) . >> >> s/ads/CDROMs/ >> >> Now, that's a public nuisance! > > Now if unsoliticed CD-ROMs were re-writable, then that would be a > different story. Most of my in-use floppies at home were mailed to me by > various ISPs. Cor! Didn't think you could even still get floppies these days (and what you *can* get are so unreliable and you can fit bugger all on them anyway, that they're a total waste of time - it's actually become so uneconomical to manufacture them, the manufacturers can't be bothered). A bootable CD/DVD is far more useful. (and reliable). From nobody at spamcop.net Sat Dec 11 21:35:19 2004 From: nobody at spamcop.net (nospam) Date: Sat Dec 11 12:40:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: in article p92dnYD17rkItibcRVn-pA@adelphia.com, John E. Malmberg at wb8tyw@qsl.network wrote on 12/11/04 9:17 PM: > Ivan Leo Puoti wrote: >>> If you want to cause them the most problems, get the domain for the >>> domain name servers canceled. > >> And how can I do that? > > The typical way is to prove that the contact information is not valid. > > In some cases they use an invalid e-mail account, or such use of an > e-mail account for commercial service is a violation of TOS. So the > first step is to get the e-mail account cancelled, and once it is > cancelled the contact information for the domain is no longer valid. > >> Also hanaro must know that the server is used by spammers, it's somewhat >> unlikely they don't approve it. > > It is questionable if they even look at the abuse reports. Of course they know. they cluster their spammers and their DNS to minimize blocking and damage to non spammer clientel. From MikeE at ster.invalid Sat Dec 11 09:44:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 12:45:04 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: Ivan Leo Puoti wrote: > Who have I got to contact to get anything done about the whois info > (That is what you are talking about, right?)? The strategy that John is talking about is to find the domain registration for the nameservice; in the case of two of the domains your vampire was attacking, their nameservices are NS1.HCKDNC.COM NS2.HCKDNC.COM and the reg for hckdnc is: whois -h whois.domainsite.com hckdnc.com ... Domain Name: hckdnc.com Registrar: Spot Domain LLC Name Servers: ns1.hckdnc.com ns2.hckdnc.com REGISTRANT CONTACT INFO ADMINISTRATIVE CONTACT INFO TECHNICAL CONTACT INFO BILLING CONTACT INFO Bolocco Milk Raul Guillermo Bolocco mennelande 2201 Cordoba, Sevilla 41013 ES Phone: 954232323 Phone Code: 34 Spain Fax: Email Address: rgbwnnr@jazzfree.com Then, if you can find a vulnerability in there, you would notify SpotDomain thru' internic to 'motivate' them. jazzfree's mail is handled by mx.ya.com and if you test the MX it will say it will accept the addy and it will also accept a bogus addy, so you would have to actual send a mail to see if it bounces -- but if it does, then that is good evidence that the eml addy is no good. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Dec 11 09:46:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 12:50:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: Ivan Leo Puoti Date: Sat, 11 Dec 2004 18:27:27 +0000 NNTP-Posting-Date: Sat, 11 Dec 2004 17:28:59 +0000 (UTC) I still say your clock is wrong. It is not yet 18:27 UTC. I'm posting this at 17:45 UTC. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sat Dec 11 17:48:11 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 11 12:55:02 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Gordon Hudson" wrote in message news:cpf7nc$h77$1@news.spamcop.net... > > "John E. Malmberg" wrote in message > news:RZqdnd5RBo0PjCbcRVn-hA@adelphia.com... > <> > > Can't be done with the number of customers we have. > In any scaleable or manageable way. Well, given that 1and1 are the biggest in Europe with several million customer sites (and a sizeable portion of the European backbone), they seem to manage it just fine. >> >> My inboxes for the past three months has been being hit with bursts of >> Advance Fee Scams and 419 scams from "insecure" web mailers. They seem >> to be coming from only a small number of networks. >> By looking at the timestamps, it appears that it takes them 2 hours to >> get 1/2 way through the alphabet. >> >> So it appears that most networks know how to prevent their web mail >> services from being used by spammers. > > Obviously we are crap. > I get the message. > > The problem is that we are very large and as a reult we will get more > spammers than most web hosts. See above. From Merlyn at Spamcop.net Sat Dec 11 12:55:00 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Sat Dec 11 12:55:14 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: "Ivan Leo Puoti" wrote in message news:cpev4c$apt$2@news.spamcop.net... >> Also, there are 438 domains being hosted at that IP. Do you know what >> they all are? > No, but do I care? > > Ivan. I agree. I block the entire range: 202.0.0.0 - 202.255.255.255 -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From puoti at inwind.it Sat Dec 11 19:03:38 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 13:10:04 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: > The strategy that John is talking about is to find the domain > registration for the nameservice; How would I normally do this? > Then, if you can find a vulnerability in there, you would notify > SpotDomain thru' internic to 'motivate' them. jazzfree's mail is > handled by mx.ya.com and if you test the MX it will say it will accept > the addy and it will also accept a bogus addy, so you would have to > actual send a mail to see if it bounces -- but if it does, then that is > good evidence that the eml addy is no good. Will, apparently it is... what now? Return-Path: <> Received: from smtp0.libero.it (193.70.192.33) by ims10a.libero.it (7.0.036.1) id 41B9BD3500049ACE for puoti@inwind.it; Sat, 11 Dec 2004 19:02:54 +0100 Received: by smtp0.libero.it (7.0.027-DD01) id 40C733600124DA96 for puoti@inwind.it; Sat, 11 Dec 2004 19:02:59 +0100 From: Mail Delivery Service Subject: Delivery Status Notification To: puoti@inwind.it Date: Sat, 11 Dec 2004 19:02:59 +0100 Message-ID: <40C733600124DA95@smtp0.libero.it> MIME-Version: 1.0 Content-Type: Multipart/Report; report-type=delivery-status; boundary="========/40C733600124DA94/smtp0.libero.it" This multi-part MIME message contains a Delivery Status Notification. If you can see this text, your mail client may not be able to understand MIME formatted messages or DSNs (see RFC 2045 through 2049 for general MIME information and RFC 1891 through 1894 for DSN specific information). --========/40C733600124DA94/smtp0.libero.it Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit - These recipients of your message have been processed by the mail server: rgbwnnr@jazzfree.com; Relayed --========/40C733600124DA94/smtp0.libero.it Content-Type: Message/Delivery-Status Original-Envelope-ID: Received: from libero.it (172.16.1.90) by smtp0.libero.it (7.0.027-DD01) id 40C733600124DA94 for rgbwnnr@jazzfree.com; Sat, 11 Dec 2004 19:02:59 +0100 Date: Sat, 11 Dec 2004 19:02:59 +0100 Message-Id: Subject: hello MIME-Version: 1.0 X-Sensitivity: 3 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable From: "Ivan Leo Puoti" To: "rgbwnnr" Disposition-Notification-To: "Ivan Leo Puoti" X-XaM3-API-Version: 4.1 (B27) X-type: 0 X-SenderIP: 62.123.51.9 --========/40C733600124DA94/smtp0.libero.it-- From MikeE at ster.invalid Sat Dec 11 10:14:40 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 13:15:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: Ivan Leo Puoti wrote: >> The strategy that John is talking about is to find the domain >> registration for the nameservice; > How would I normally do this? I did that for the two I'm talking about by using whois.internic.net on the domainnames [I forget, the 123rx or something and another similar in your vampire] - and I got the nameservers either from internic or from whoever the domain registrar was given by internic. That was what I showed before. I'll do that in more detail in another post. >> have to actual send a mail to see if it bounces -- but if it does, >> then that is good evidence that the eml addy is no good. > Will, apparently it is... > what now? Then you would go to the internic place to report bad information. Internic passes it on to the actual domainregistrar but is supposed to oversee it http://www.internic.net/ To report incomplete or inaccurate Registrar Whois data, please visit the new Whois Data Problem Report System. http://wdprs.internic.net/ > To: "rgbwnnr" -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Dec 11 10:24:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 13:25:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: Mike Easter wrote: > Ivan Leo Puoti wrote: >>> The strategy that John is talking about is to find the domain >>> registration for the nameservice; > >> How would I normally do this? > > I did that for the two I'm talking about by using whois.internic.net > on the domainnames [I forget, the 123rx or something and another > similar in your vampire] - and I got the nameservers either from > internic or from whoever the domain registrar was given by internic. > That was what I showed before. I'll do that in more detail in > another post. Targets: the-rxsite.com & 123-RX.COM whois -h whois.internic.net the-rxsite.com ... Domain Name: THE-RXSITE.COM Registrar: YESNIC CO. LTD. Whois Server: whois.yesnic.com Referral URL: http://www.yesnic.com Name Server: NS1.HCKDNC.COM Name Server: NS2.HCKDNC.COM whois -h whois.internic.net 123-rx.com ... Domain Name: 123-RX.COM Registrar: YESNIC CO. LTD. Whois Server: whois.yesnic.com Referral URL: http://www.yesnic.com Name Server: NS1.HCKDNC.COM Name Server: NS2.HCKDNC.COM whois -h whois.internic.net hckdnc.com ... Domain Name: HCKDNC.COM Registrar: SPOT DOMAIN LLC DBA DOMAINSITE.COM Whois Server: whois.domainsite.com Referral URL: http://www.domainsite.com Name Server: NS1.HCKDNC.COM Name Server: NS2.HCKDNC.COM whois -h whois.domainsite.com hckdnc.com ... -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Sat Dec 11 10:42:38 2004 From: skiwi at spamcop.net (sk1w1) Date: Sat Dec 11 13:45:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Sat, 11 Dec 2004 09:54:39 +0000 (UTC), Blammo coughed into spamcop > and left this in : > > >>...and should be treated as a public nuisance - like a stinky drunk >>puking in the street, or AOL ads ;-) . > > > s/ads/CDROMs/ > > Now, that's a public nuisance! Whatever happened to that campaign by those two guys to collect literally a truck load of AOL CDs, score them with a box knife so they couldn't be used, and then drive across to AOL headquarters and dump them on the front steps? From MikeE at ster.invalid Sat Dec 11 10:53:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 13:55:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: sk1w1 wrote: > Whatever happened to that campaign by those two guys to collect > literally a truck load of AOL CDs, score them with a box knife so they > couldn't be used, and then drive across to AOL headquarters and dump > them on the front steps? More than a truckload; the plan is for a million, which would stack 3x the Empire State bldg. http://www.nomoreaolcds.com/ -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Dec 11 14:16:28 2004 From: nobody at spamcop.net (Miss Betsy) Date: Sat Dec 11 14:15:03 2004 Subject: [SpamCop-List] Re: Why won't this work? References: Message-ID: "I'm_a_victim" wrote in message news:cpf3d8$ed4$1@news.spamcop.net... > > "Miss Betsy" wrote in message > news:cot92m$4sr$1@news.spamcop.net... > > > > OTOH, there are enough people using it so that responsible people > > can find an ISP who is responsible enough to both prevent spammers > > and to use blocklists. > > And it is hampering the spammers enough so that they are resorting > > to trojanizing computers to send their spew. > > > > > Well I understand the replies. My problem is that I am running our of > available "blocks". I use Yahoo and there are only 200 blocks available. I > am rapidly filling them up. > My blocking spam is no incentive for an ISP that hosts a spammer to stop the > spam. We are talking about blocklists that work at the server level. > I would think that many US based ISP would be interested in blocking the > 60 - 80% of the traffic that is spam. We are rapidly approaching the point > where people will stop using email because of all the crap coming from the > spammers. Read the recent 'Why am I blocked!!!!!!!!' thread to see why ISPs do not use the blocklists. Too many people are too impatient and don't care about others, but only that 'they' have been inconvenienced and don't listen to rational arguments. Miss Betsy From TJLWBECGSGWU at spammotel.com Sat Dec 11 20:06:15 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Sat Dec 11 15:10:12 2004 Subject: [SpamCop-List] Re: Strangeness? SC "not resolving" working URLs heavily today. References: Message-ID: On Sat, 11 Dec 2004 17:40:08 +0400, "Berny" wrote: >I think there must be some good commercial Miltering software out there that >is tagging onto spamvertized URLS that they are trying to get around. spamassassin 3.x checks against the http://surbl.org blacklists, which are fed indirectly by SpamCop reports. Given the wide use of spamassassin, and the high scores it assigns to surbl hits by default, there's a great incentive to spammers to avoid having their sites reported, even if they're running on "bulletproof" hosts. -- Mat. From MikeE at ster.invalid Sat Dec 11 12:09:57 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 15:10:40 2004 Subject: [SpamCop-List] Italian time References: Message-ID: I don't know /why/ some linux users have such a hard time dealing with UTC offsets. Not them personally, but their OS and machine configuration. All of Italy is in the UTC +1 or CET or Central European Time, which means that its local clocks are set 1 hour east of UTC which is 1 hour earlier than UTC. If you want to configure yourself to run/think/act on UTC, that's fine, but then you shouldn't have any offset and your own clock should say UTC time not local. If you want to run on local Italian time or CET ie UTC +0100 then your clock should be set an hour earlier than UTC and your offset should be +0100 meaning 1 hour east. ------------------- Mike Easter wrote: > Ivan Leo Puoti > Date: Sat, 11 Dec 2004 15:43:15 +0000 > NNTP-Posting-Date: Sat, 11 Dec 2004 14:44:46 +0000 (UTC) > Your clock doesn't have the correct timezone/offset, so you're showing > time in the future; ie you're 'fast'. ------------------- Ivan Leo Puoti wrote: > My clock appears to show both the correct time and time zone. ------------------- Mike Easter wrote: > Ivan Leo Puoti > Date: Sat, 11 Dec 2004 18:27:27 +0000 > NNTP-Posting-Date: Sat, 11 Dec 2004 17:28:59 +0000 (UTC) > > I still say your clock is wrong. It is not yet 18:27 UTC. I'm > posting this at 17:45 UTC. -- Mike Easter kibitzer, not SC admin From mfkmek820 at yahoo.com Sat Dec 11 11:18:26 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sat Dec 11 15:20:03 2004 Subject: [SpamCop-List] WhoisGuard Protected Message-ID: Visit: http://www.namecheap.com/ Domain name: get-a-low-rate.com Registrant Contact: WhoisGuard WhoisGuard Protected 04e76404fff748c3af04b21f7eb0f9f7.protect@whoisguard.com First time I have seen that term. Google did not com up with an answer. Can anyone tell what it means Fred k From baloo at ursine.dyndns.org Sat Dec 11 12:32:52 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Dec 11 15:35:04 2004 Subject: [SpamCop-List] Re: Italian time References: Message-ID: <1102797172.214939@ursine.dyndns.org> Mike Easter wrote: > I don't know /why/ some linux users have such a hard time dealing with > UTC offsets. It comes from Windows and inattention. Windows is retarded in that it truly doesn't understand UTC and offsets, so when you install an OS that does (ie: anything else), your clock and timezone are instantly wrong. Blame Microsoft, not Linux. Windows has it backwards and our Italian friend is inattentive. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Fri Dec 10 10:01:26 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Dec 11 15:35:25 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: <1102797179.896698@ursine.dyndns.org> Dave wrote: > I am receiving over 60k DNS blacklisted emails per day. My mail > server is sending out NDR's for each one of them. Will excessive NDR > emails have me blacklisted by SpamCop? It depends. Is your mail server rejecting these messages with an SMTP response, or accepting the message, then sending a bounce after the fact based on the From header? If it's at SMTP-time, no worries, the offending system got the message whether they wanted it or not. If it's not, then you probably will eventually get listed. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From TJLWBECGSGWU at spammotel.com Sat Dec 11 20:34:01 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Sat Dec 11 15:40:04 2004 Subject: [SpamCop-List] Re: WhoisGuard Protected References: Message-ID: On Sat, 11 Dec 2004 11:18:26 -0900, "Fred K" wrote: > Visit: http://www.namecheap.com/ > Domain name: get-a-low-rate.com > Registrant Contact: > WhoisGuard > WhoisGuard Protected >04e76404fff748c3af04b21f7eb0f9f7.protect@whoisguard.com > >First time I have seen that term. Google did not com up with an answer. Can >anyone tell what it means Try googling within the site ("site:www.namecheap.com whoisguard"). Looks like a forwarding service to conceal contacts' real e-mail addresses, much like spammotel, sneakemail, and other such services. -- Mat. From MikeE at ster.invalid Sat Dec 11 12:39:14 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 15:40:16 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > It comes from Windows and inattention. Windows is retarded in that > it truly doesn't understand UTC and offsets, so when you install an > OS that does (ie: anything else), your clock and timezone are > instantly wrong. > > Blame Microsoft, not Linux. Windows has it backwards and our Italian > friend is inattentive. I don't understand what you mean. Are you referring to the fact that if your offset is +0100 and you are east of UTC then your local time is 1 hour /less/ or earlier than UTC, or what? And, if I'm PST and my offset is -0800, then I should /add/ 8 hours to my local time to find out UTC -- is that what you mean? Altho' that convention seems a little screwy or backward and confusing, that isn't a 'Windows' convention. The description of the offset 'nomenclature' is very standard. -- Mike Easter kibitzer, not SC admin From gordon at usenet2.hostroute.co.uk Sat Dec 11 21:11:03 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 16:15:04 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Porpoise" wrote in message news:cpfc1d$kja$1@news.spamcop.net... > > "Gordon Hudson" wrote in message > news:cpf7nc$h77$1@news.spamcop.net... >> >> "John E. Malmberg" wrote in message >> news:RZqdnd5RBo0PjCbcRVn-hA@adelphia.com... >> > > <> >> >> Can't be done with the number of customers we have. >> In any scaleable or manageable way. > > Well, given that 1and1 are the biggest in Europe with several million > customer sites (and a sizeable portion of the European backbone), they > seem to manage it just fine. No they don't, they actually do have the same problems. I am taling about two incidents in two months both lasting two hopurs out of 30,000 sites hosted One of which is now getting me mailbombed by AOL. Over 400 notifications in the past 4 hours Latest one for the incident on: Thu, 25 Nov These notification are spam. They serve no other function that n aggrivation to us and they are unwelcome. From gordon at usenet2.hostroute.co.uk Sat Dec 11 21:17:05 2004 From: gordon at usenet2.hostroute.co.uk (Gordon Hudson) Date: Sat Dec 11 16:20:04 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: "Gordon Hudson" wrote in message news:cpfnt0$skj$1@news.spamcop.net... > > "Porpoise" wrote in message > news:cpfc1d$kja$1@news.spamcop.net... >> >> "Gordon Hudson" wrote in message >> news:cpf7nc$h77$1@news.spamcop.net... >>> >>> "John E. Malmberg" wrote in message >>> news:RZqdnd5RBo0PjCbcRVn-hA@adelphia.com... >>> >> >> <> >>> >>> Can't be done with the number of customers we have. >>> In any scaleable or manageable way. >> >> Well, given that 1and1 are the biggest in Europe with several million >> customer sites (and a sizeable portion of the European backbone), they >> seem to manage it just fine. > > No they don't, they actually do have the same problems. > > I am taling about two incidents in two months both lasting two hopurs out > of 30,000 sites hosted > One of which is now getting me mailbombed by AOL. > Over 400 notifications in the past 4 hours > Latest one for the incident on: > > Thu, 25 Nov > > These notification are spam. > They serve no other function that n aggrivation to us and they are > unwelcome. I have set up our mail server to bounce them to postmaster@aol.com with a message that we do not accept spam reportes older than 48 hours. Interestingly they are all coming to our secondary mail server. None have come via our primary. Where have I seen that tactic before? From nobody at devnull.spamcop.net Sat Dec 11 15:20:13 2004 From: nobody at devnull.spamcop.net (Cat) Date: Sat Dec 11 16:25:03 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver In-Reply-To: References: Message-ID: basalk wrote: > Mike, > Maybe your're right about the AVG, tho I wouldn't want to send any virii to > newsgroups, but the HTML tag is needed for my most important newsgroup. > Without using the option posting images can only be as attachement and not > seen by other visitor's, they asked me to keep the option on, so I do, and > at the rare occasion that I post here, I might forget to turn it off, so my > excuse in advance. > Bas Yeah, but this is a plain text only newsgroup, so you'll have to change that. Also, the word "visitors" is plural, not possessive, so I'm not sure why you rationalized that it needed an apostrophe. Plural words do not have apostrophes in them. From tmcgraw at spamcop.net Sat Dec 11 13:21:57 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Dec 11 16:25:18 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification In-Reply-To: References: Message-ID: Gordon Hudson wrote: > John E. Malmberg wrote: > >>Rate limit the amount of mail to 10 recipients delivered per day until for >>the first few days, then slowly ramp up the amount of mail allowed. >>Or find some other means to verify that the credit card is not stolen. > > Can't be done with the number of customers we have. > In any scaleable or manageable way. You fail to explain why you cannot do this when other ISPs do. > AOL are mailbombing me. > Thats the end of the story as far as I am concerned. Did you try writing postmaster@aol.com? From MikeE at ster.invalid Sat Dec 11 13:24:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 16:25:25 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: Gordon Hudson wrote: > These notification are spam. > They serve no other function that n aggrivation to us and they are > unwelcome. You can 'call' them what you want and you can 'manage' them how you want, but around here the important thing is that they are *not* spamcop reportable, so don't be getting confused about that. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Dec 11 14:19:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 17:20:02 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > Mike Easter wrote: > >> I don't know /why/ some linux users have such a hard time dealing >> with UTC offsets. > our Italian > friend is inattentive. So, if his 'system' wants to 'think' in UTC, which is my understanding of /n/x underpinnings, how/where is he supposed to set up some kind of environmental variable or something so that when his Mozilla stamps what time it thinks it is editing his msg for posting the Date: field that it doesn't put in Italian time attached to UTC offset of 0000? I wonder if he has to configure that in Mozilla itself, or if there is some general place like etc/localtime or what? -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sat Dec 11 14:55:44 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Sat Dec 11 17:55:02 2004 Subject: [SpamCop-List] Re: WhoisGuard Protected In-Reply-To: References: Message-ID: Fred K wrote: > Visit: http://www.namecheap.com/ > Domain name: get-a-low-rate.com > Registrant Contact: > WhoisGuard > WhoisGuard Protected > 04e76404fff748c3af04b21f7eb0f9f7.protect@whoisguard.com I realize that traceroutes are of modest use at best. Still, this one shows a few interesting hops. | 19 | | 200.157.21.110 | 200-157-21-110.intelignet.com.br | 20 | | 69.6.9.129 | noname.wholesalebandwidth.com | 21 | | 200.157.21.112 | www.get-a-low-rate.com (which opens up as x-mas-gifts.com, 100% genuine perfect replicas, natch) From baloo at ursine.dyndns.org Sat Dec 11 15:12:21 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Dec 11 18:15:03 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> Message-ID: <1102806742.65290@ursine.dyndns.org> Mike Easter wrote: > Paul Johnson wrote: >> Mike Easter wrote: >> >>> I don't know /why/ some linux users have such a hard time dealing >>> with UTC offsets. > >> our Italian >> friend is inattentive. > > So, if his 'system' wants to 'think' in UTC, which is my understanding > of /n/x underpinnings, how/where is he supposed to set up some kind of > environmental variable or something so that when his Mozilla stamps what > time it thinks it is editing his msg for posting the Date: field that it > doesn't put in Italian time attached to UTC offset of 0000? You're supposed to define a system-wide default timezone with tzconfig as root (the system clock is still set UTC and time is translated to that TZ), and individual users can set their personal timezones with tzconfig (but not as root) as well (which will change the timezone translation for the individual user, but the system timezone still needs to be set right). I'm fairly sure tzconfig is universal and not a Debian-specific command, though if I'm wrong, go RTFM or STFW. I only support Debian. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From baloo at ursine.dyndns.org Sat Dec 11 15:15:41 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Dec 11 18:20:03 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> Message-ID: <1102806947.33647@ursine.dyndns.org> Mike Easter wrote: > Paul Johnson wrote: >> It comes from Windows and inattention. Windows is retarded in that >> it truly doesn't understand UTC and offsets, so when you install an >> OS that does (ie: anything else), your clock and timezone are >> instantly wrong. >> >> Blame Microsoft, not Linux. Windows has it backwards and our Italian >> friend is inattentive. > > I don't understand what you mean. Are you referring to the fact that if > your offset is +0100 and you are east of UTC then your local time is 1 > hour /less/ or earlier than UTC, or what? One hour greater than UTC. It appears our Italian friend is +0100, and his system's clock is set to +0100, but his timezone is set to UTC, which is making his clock wrong no matter how you look at it. > And, if I'm PST and my offset > is -0800, then I should /add/ 8 hours to my local time to find out > UTC -- is that what you mean? Yup. > Altho' that convention seems a little screwy or backward and confusing, > that isn't a 'Windows' convention. Well, it is in the fact that Windows sets the clock to local time and the timezone setting is mostly useless. Different users can't have different timezones, and you have to screw around with any other OS you may have installed to work around the fact that Windows clock management is utterly broken and needs a total rewrite, looking at the rest of the world as an example of how to manage a clock properly. Windows handles the clock very counterintuitively, and it is a stumbling block for people leaving Windows. -- Paul Johnson baloo@ursine.dyndns.org http://ursine.dyndns.org/ From MikeE at ster.invalid Sat Dec 11 15:29:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 18:30:04 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> <1102806742.65290@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > You're supposed to define a system-wide default timezone with > tzconfig as root (the system clock is still set UTC and time is > translated to that TZ), and individual users can set their personal > timezones with tzconfig (but not as root) as well (which will change > the timezone translation for the individual user, but the system > timezone still needs to be set right). Tnx. > I'm fairly sure tzconfig is universal and not a Debian-specific > command, though if I'm wrong, go RTFM or STFW. I only support Debian. Debian has scored some huge coups lately; all kinds of MEPIS stuff, great behavior with AMD64, apt-get sounds like the one -- distro watch has a nice little fresh Debian roundup http://distrowatch.com/?newsid=02149#0 ... there's even a 'Debian Women: Geek feminists in action' [NewsForge] which might not be your cupatea ;-) -- Mike Easter kibitzer, not SC admin From puoti at inwind.it Sun Dec 12 00:32:11 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 18:35:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: > http://www.internic.net/ To report incomplete or inaccurate Registrar > Whois data, please visit the new Whois Data Problem Report System. > http://wdprs.internic.net/ starting off as a real person with an email addy> > >>To: "rgbwnnr" As I've said emails to this address are sucsesfully relayed. Ivan. From puoti at inwind.it Sun Dec 12 00:33:28 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sat Dec 11 18:35:17 2004 Subject: [SpamCop-List] Re: Italian time In-Reply-To: <1102806947.33647@ursine.dyndns.org> References: <1102797172.214939@ursine.dyndns.org> <1102806947.33647@ursine.dyndns.org> Message-ID: > One hour greater than UTC. It appears our Italian friend is +0100, and his > system's clock is set to +0100, but his timezone is set to UTC, which is > making his clock wrong no matter how you look at it. I had set the wqrong time zone, it should be fixed now. Ivan. From Kilgallen at SpamCop.net Sat Dec 11 17:46:37 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 11 18:50:03 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: In article , "Gordon Hudson" writes: >> Keep your systems patched, up-to-date, and as secure as you can make >> them and the problem will all but disappear. > > > Nope, wont work. > Customer signs up with stolen card. > uses the mail() function to send spam. > We find him, but in the 2 hours ince he has flooded us with spam. So your business model is flawed. You need to require proof of identity or not accept credit cards for the initial payment. You are harboring spammers. From Kilgallen at SpamCop.net Sat Dec 11 17:48:25 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 11 18:50:17 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: In article , "Gordon Hudson" writes: > I think AOL are mailbombing me to try and put pressur eon me to stop > spammers. So what have you done to stop the stolen credit card technique you describe ? Rate-limiting outbound mail from new customers should also work. As it is, your system is a very attractive one for the spammers to use. From Kilgallen at SpamCop.net Sat Dec 11 17:49:32 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 11 18:50:25 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: <3nzolbaAnERO@eisner.encompasserve.org> In article , "Gordon Hudson" writes: >> Rate limit the amount of mail to 10 recipients delivered per day until for >> the first few days, then slowly ramp up the amount of mail allowed. >> Or find some other means to verify that the credit card is not stolen. > > Can't be done with the number of customers we have. > In any scaleable or manageable way. Then you have too many customers for your available infrastructure. Your business model is broken in today's world. From MikeE at ster.invalid Sat Dec 11 16:29:30 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 19:30:03 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> <1102806947.33647@ursine.dyndns.org> Message-ID: Ivan Leo Puoti wrote: > I had set the wqrong time zone, it should be fixed now. Date: Sun, 12 Dec 2004 00:33:28 +0100 NNTP-Posting-Date: Sat, 11 Dec 2004 23:33:29 +0000 (UTC) Thanks Ivan; see how those guys 'match up' now [altho' it's a little tricky moving back and forth between the days, they are copasetic.]. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Dec 11 16:35:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 19:40:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: Ivan Leo Puoti wrote: >>> To: "rgbwnnr" > As I've said emails to this address are sucsesfully relayed. Oops. Silly me. I just glanced at that stuff and tho't it was a bounce. Doh. However, a successful 'relay' could actually be the same thing I saw when I tested it and the MX said it would accept it. Actually, I don't know the similarities or differences between what you posted and what I saw with my smtp tester. It has been long enough now that if there were going to be a bounce of a 'real mail', it seems like it would've bounced. -- Mike Easter kibitzer, not SC admin From dannyg at dannyg.com Sat Dec 11 17:26:16 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Sat Dec 11 20:26:23 2004 Subject: [SpamCop-List] Re: Italian time In-Reply-To: <200412112040.iBBKeSvv094624@dannyg.com> Message-ID: Mike Easter wrote: > All of Italy is in the UTC +1 or CET or Central European Time, which > means that its local clocks are set 1 hour east of UTC which is 1 hour > earlier than UTC. I think you mean that CET is 1 hour _later_ than UTC. Danny http://www.dannyg.com http://www.spamwars.com From MikeE at ster.invalid Sat Dec 11 17:41:09 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 20:45:03 2004 Subject: [SpamCop-List] Re: Italian time References: Message-ID: Danny Goodman wrote: > Mike Easter wrote: >> All of Italy is in the UTC +1 or CET or Central European Time, which >> means that its local clocks are set 1 hour east of UTC which is 1 >> hour earlier than UTC. > > I think you mean that CET is 1 hour _later_ than UTC. Yes. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Dec 12 02:32:23 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 11 21:35:04 2004 Subject: [SpamCop-List] Re: Italian time References: <1102797172.214939@ursine.dyndns.org> <1102806947.33647@ursine.dyndns.org> Message-ID: "Mike Easter" wrote in message news:cpg3cf$4be$1@news.spamcop.net... > Ivan Leo Puoti wrote: >> I had set the wqrong time zone, it should be fixed now. > > Date: Sun, 12 Dec 2004 00:33:28 +0100 > NNTP-Posting-Date: Sat, 11 Dec 2004 23:33:29 +0000 (UTC) > > Thanks Ivan; see how those guys 'match up' now [altho' it's a little > tricky moving back and forth between the days, they are copasetic.]. > > -- > Mike Easter > kibitzer, not SC admin > Except! Oh my god! They're a second adrift........ must be a windoze thing ;-) (Although I've never had any problems with the windoze clock/time zones - it's always been pretty intuitive to me, can't see what the problem is there....) From porpoise1954 at yahoo.co.uk Sun Dec 12 02:39:23 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 11 21:45:03 2004 Subject: [SpamCop-List] Re: Italian time References: Message-ID: "Mike Easter" wrote in message news:cpg7iq$6m3$1@news.spamcop.net... > Danny Goodman wrote: >> Mike Easter wrote: >>> All of Italy is in the UTC +1 or CET or Central European Time, which >>> means that its local clocks are set 1 hour east of UTC which is 1 >>> hour earlier than UTC. >> >> I think you mean that CET is 1 hour _later_ than UTC. > > Yes. > If UTC is GMT then Italy is 1 hour earlier. From MikeE at ster.invalid Sat Dec 11 18:50:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 11 21:55:03 2004 Subject: [SpamCop-List] Re: Italian time References: Message-ID: Porpoise wrote: > "Mike Easter" >> Danny Goodman wrote: >>> Mike Easter wrote: >>>> All of Italy is in the UTC +1 or CET or Central European Time, >>>> which means that its local clocks are set 1 hour east of UTC which >>>> is 1 hour earlier than UTC. >>> >>> I think you mean that CET is 1 hour _later_ than UTC. >> >> Yes. >> > > If UTC is GMT then Italy is 1 hour earlier. Which makes the time number bigger. In time nomenclature bigger means 'later'. So Italy localtime begins 1 hour earlier which makes their localtime later than UTC, ie 'bigger' number. Get it? The sooner your time begins the earlier it gets later. I misspoke earlier, so we are going to make it really nasty now. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sat Dec 11 18:56:38 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Sat Dec 11 21:55:14 2004 Subject: [SpamCop-List] Re: WhoisGuard Protected In-Reply-To: References: Message-ID: Rick Carlton wrote: > I realize that traceroutes are of modest use at best. Still, this one > shows a few interesting hops. > > | 19 | | 200.157.21.110 | 200-157-21-110.intelignet.com.br > | 20 | | 69.6.9.129 | noname.wholesalebandwidth.com > | 21 | | 200.157.21.112 | www.get-a-low-rate.com > > (which opens up as x-mas-gifts.com, 100% genuine perfect replicas, natch) More slime in the 'box....spamvertizing www.help-us-help-you.net, which lives at the same IP (and routing including Scott Richter) as above. From porpoise1954 at yahoo.co.uk Sun Dec 12 03:24:17 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 11 22:30:05 2004 Subject: [SpamCop-List] Re: Italian time References: Message-ID: "Mike Easter" wrote in message news:cpgblh$92m$1@news.spamcop.net... > Porpoise wrote: >> "Mike Easter" >>> Danny Goodman wrote: >>>> Mike Easter wrote: >>>>> All of Italy is in the UTC +1 or CET or Central European Time, >>>>> which means that its local clocks are set 1 hour east of UTC which >>>>> is 1 hour earlier than UTC. >>>> >>>> I think you mean that CET is 1 hour _later_ than UTC. >>> >>> Yes. >>> >> >> If UTC is GMT then Italy is 1 hour earlier. > > Which makes the time number bigger. In time nomenclature bigger means > 'later'. So Italy localtime begins 1 hour earlier which makes their > localtime later than UTC, ie 'bigger' number. Get it? The sooner your > time begins the earlier it gets later. Listen, if they get to 7.00 an hour before we do then they are earlier because we are an hour "behind" them....... gedit? ;-) > > I misspoke earlier, so we are going to make it really nasty now. > > -- > Mike Easter > kibitzer, not SC admin > From 9ucs5y001 at sneakemail.com Sat Dec 11 20:09:30 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Sat Dec 11 23:10:04 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: "Ivan Leo Puoti" wrote in message news:cpev38$apt$1@news.spamcop.net... > Moved posting to http://www003.portalis.it/115/202.102.230.36.html > FWIW, I have used up about 4GB of bandwidth from them today. The site still appears to be up and running smoothly however. :( DS From SpamCopNews.5.myspamgobbler at spamgourmet.com Sat Dec 11 20:26:49 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Sat Dec 11 23:30:04 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver In-Reply-To: References: Message-ID: Cat wrote: > basalk wrote: > > > >> Mike, >> Maybe your're right about the AVG, tho I wouldn't want to send any >> virii to newsgroups, but the HTML tag is needed for my most important >> newsgroup. Without using the option posting images can only be as >> attachement and not seen by other visitor's, they asked me to keep the >> option on, so I do, and at the rare occasion that I post here, I might >> forget to turn it off, so my excuse in advance. >> Bas > > > Yeah, but this is a plain text only newsgroup, so you'll have to change > that. Also, the word "visitors" is plural, not possessive, so I'm not > sure why you rationalized that it needed an apostrophe. Plural words do > not have apostrophes in them. in the plurals of single letters: There are only three s's in `Christmases'. We have several pg's [paying guests]. We have received four cheques and two IOU's. This house was built in the 1930's. We went to several society do's last year. While out with his third wife he met both of his ex's. I've had yes's for coffee from four people. From ric.gates at bigsleep.org Sun Dec 12 04:31:49 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sat Dec 11 23:35:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: <-7qdnaEVv9TIlybcRVn-rw@adelphia.com> Message-ID: On 11 Dec 2004 Porpoise entered spamcop and left news:cpfb2e$js6$1@news.spamcop.net: > Cor! Didn't think you could even still get floppies these days (and > what you *can* get are so unreliable and you can fit bugger all on > them anyway, that they're a total waste of time - it's actually become > so uneconomical to manufacture them, the manufacturers can't be > bothered). A bootable CD/DVD is far more useful. (and reliable). > I'm making images of all my old floppies, I'll keep a few and throw the rest away. I don't know of any 100% reliable way to keep this old data, other than to just keep backing it up. I have some old Mac floppies that I can't even access with any software I've ever found. -- | Ric | From ric.gates at bigsleep.org Sun Dec 12 04:40:13 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sat Dec 11 23:45:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: On 11 Dec 2004 Mike Easter entered spamcop and left news:cpffm0$nak$1@news.spamcop.net: > More than a truckload; the plan is for a million, which would stack 3x > the Empire State bldg. > > http://www.nomoreaolcds.com/ > That's pretty funny. But what I think is funny is: the last time I installed AOL (for someone else), it dialed up AOL and spent 30 minutes downloading the latest software. So what the hell is on that CD? -- | Ric | From tdy at blackhole.invalid Sat Dec 11 21:23:27 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 12 00:25:03 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: In article , Karen says... > Well, this was the response from the ISP on this machine (note: I do not > have a choice on this particular machine of what provider) just incase you > are curious. So no one wants to do anything basically. : > SpamCop is blacklisting us because some of our users have software > called TMDA that will block all mail and send a challenge to the > sender. Well, in this case the sender is a spammer who has falisfied > the email to make it look like it's coming from a different address, > and they are putting in the address of some of SpamCop's spam traps. > When our users' challenge mail goes to that spam trap, it automatically > marks it as spam coming from our server. > Now, we have spoken with SpamCop but they are unable or unwilling to > exempt us from this. They know we aren't spamming, yet they still > can't do anything. Apparently they don't have a whitelist, and their > system is all automated so they can't do anything. Actually somebody does want to do something. I already have two C/R systems both blocked on my mail server, and set, with client rules, to dump email to accounts on other servers. The client rule doesn't reject the email; it can't. All that rule does is silently drops the email. The moment I get a challenge from your ISP's C/R server, it will be so treated. So, yes, somebody does want to do something; take a proactive position about blocking abusive behavior at the recipient's server, or mailbox. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sat Dec 11 21:40:58 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 12 00:45:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: <1102615588.26282@ursine.dyndns.org> Message-ID: In article , TheWanderer says... > HUH?? > host [199.184.119.13] is blacklisted by ***** bl.spamcop.net ***** - > contact your IT or > ISP - copy to blacklist@saintleo.edu. (in reply to RCPT TO command) > That is not spamcp??? No. That is somebody else using bl.spamcop.net to check incoming email, then block it based on that check. All that SpamCop is doing is responding to a query with a code; how the initiator of that query handles the response is up to the initiator. I use bl.spamcop.net, but my handling is to tag the message, and then use the header line, "X-Blocked-By: SpamCop" to further process the email through rules. What I am doing with the information I get from SpamCop's list is not under SpamCop's control; beyond the fact that they allow me to access their list. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sat Dec 11 21:50:39 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 12 00:55:03 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , indigo says... > Pete Stephenson wrote: > > In article , > > "Merlyn" wrote: > > > nude 40 year old teenage sluts > > Do I even want to know how that could possibly remotely possible? > > On second thought, I'd prefer not to. > Dog years? ;-) http://www.fics.ne.jp/~yamaneko/japanese/gallery/beast/beast009.html Well, okay; that is not really 'inu mimi' ('dog ears'), but 'kitsune mimi' ('fox ears'). -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sat Dec 11 21:52:20 2004 From: tdy at blackhole.invalid (N. Miller) Date: Sun Dec 12 00:55:17 2004 Subject: [SpamCop-List] Re: Why am I being blocked!!!!!!!! References: Message-ID: In article , Karen says... > I use a delete key. Much less frustrating than being blocked with > legititmate business. As I noted before, since I cannot contact the school > by email (because am blocked) I now have to take time out to call and track > down someone. To each his own. I would rather have to delete spam than waste > my time doing this. That is a choice that you have made. Some of use make other choices. Unless you have signed a contract with me whereby I must accept email from you, I am under no obligation to do so. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Sun Dec 12 02:06:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 12 05:10:51 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: Blammo wrote: > That's pretty funny. But what I think is funny is: the last time I > installed AOL (for someone else), it dialed up AOL and spent 30 > minutes downloading the latest software. So what the hell is on that > CD? The latest telnos? -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Sun Dec 12 14:46:50 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 12 08:50:12 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: On Fri, 10 Dec 2004 12:46:41 -0500, Dave coughed into spamcop and left this in : > I am receiving over 60k DNS blacklisted emails per day. My mail > server is sending out NDR's for each one of them. Will excessive NDR > emails have me blacklisted by SpamCop? Quite likely, yes. All it takes is a spammer sending you a spam "from" the address of a SC spam trap, and your NDR will go to that spam trap, thus getting you listed. If you know that the source of an e-mail is blackisted then don't accept the mail in the first place. REJECT it at the SMTP stage, don't BOUNCE it. Under any circumstances. All you will do is contribute to the abuse of/on the 'Net. -- Steve If there are only two shows worth watching, they will be on together. From nobody at nowhere.invalid Sun Dec 12 14:55:32 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 12 09:00:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: On Sat, 11 Dec 2004 06:25:47 -0800, Mike Easter coughed into spamcop and left this in : > If you 'take down' the webserver as a result of excessive activity and > if the webserver is serving numerous innocent websites, then you've > 'hurt' the innocent non-spamvertised websites. Actually, it's *also* the spammers and/or the careless ISP that have harmed the innocent domains. If it weren't for their (in)actions, nobody would be vampiring off them at all. However, I agree 100% that this kind of action is not ethical, and I refuse to take part in it. -- Steve BOFH excuse #351: PEBKAC (Problem Exists Between Keyboard And Chair) From bar_n0ne at hotmail.com Sun Dec 12 18:03:44 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sun Dec 12 09:05:03 2004 Subject: [SpamCop-List] Re: Strangeness? SC "not resolving" working URLs heavily today. -some examples References: Message-ID: "Mathew Hendry" wrote in message news:nijmr05q2b7q3cd1vrsdplgbd6810git77@4ax.com... > On Sat, 11 Dec 2004 17:40:08 +0400, "Berny" wrote: > > >I think there must be some good commercial Miltering software out there that > >is tagging onto spamvertized URLS that they are trying to get around. > > spamassassin 3.x checks against the http://surbl.org blacklists, which are > fed indirectly by SpamCop reports. Given the wide use of spamassassin, and > the high scores it assigns to surbl hits by default, there's a great > incentive to spammers to avoid having their sites reported, even if they're > running on "bulletproof" hosts. > > -- Mat. > Well here's a partial list of "problem" sites: http://www.theseto.com/ http://solomongerdom.com/cheap/?wid=100005 http://hesatosser.com/nomore.html http://projectile.hellobrasileraz.com/?wid=100069 http://celsius.hellobrasileraz.com/nomore.html http://goliath.hellobrasileraz.com/?wid=100069 http://ekequjcnxsm.go4medz.com/cs/?gagabob http://dzcgllcdejb.go4medz.com/rm.php?gagabob http://www.xmaslowrate.com/x/loan2.php?id=d37 http://www.xmaslowrate.com/x/st.html http://frogsaregoodfood.com/indexv.shtml?aa5163 http://frogsaregoodfood.com/please http://ixnohb30lr.bargainbusiness.biz http://bargainbusiness.biz/r http://rightdecision.info/ct/images/top_02.jpg http://fief.rightdecision.info/?bcegjaklmxnoydfhizct http://rightdecision.info/ct/images/top_03.gif http://rightdecision.info/ct/images/top_03.gif http://despondent.rightdecision.info/?bcegjaklmxnoydfhizct http://rightdecision.info/ct/images/top_04.gif http://prevention.rightdecision.info/?bcegjaklmxnoydfhizct http://atchison.rightdecision.info/?bcegjaklmxnoydfhizct http://www.nosleep4me.com/2/vicodin.php?wid=200007 http://www.bestratesfinder.net/x/st.html http://www.scottish.org http://www.nitty.org http://www.em.org http://www.bestratesfinder.net/x/loan2.php?id=3b2 3Dhttp://random.wild-trialz.biz/cheap/?man=3Dshouting 3Dhttp://www.gr8offers.info/in.php?id=3Dshouting http://www.ullgetit.com/promo.php?id=94091 http://www.ullgetit.com/remove.php?id=94091 http://www.degreenight.org.de.truth.charstnd.com/0/p/ http://www.promisedwould.org.de.black.charstnd.com/0/c.html http://see-ifWeHaveYourMedsAvailable.imsodamtired.com/p/sale/ http://www.everynorth.net.wv.nice.magnitudeofborrowing.com I haven't stripped leading or trailing crap, but most of them are basically http://[RANDOM_CRAP].something.TLD/mostly more crap some more that resolve about 50% of the time: http://www.mygcone.info?aid=187 http://the-rxsite.com/soft/ http://the-rxsite.com/rr.php and this one makes SC just about fall over with network failures and time outs, really bizarre, but parsing a spam with this in it was a nightmare, of course maybe it was just coincidental? http://*.rightdecision.info/* (not the actual, see the first list for some of the actual "right-decision" websites BTW, Just what is this 3Dhttp crap? From Kilgallen at SpamCop.net Sun Dec 12 09:02:44 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Dec 12 10:05:26 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: In article , N. Miller writes: > In article , Karen says... >> Now, we have spoken with SpamCop but they are unable or unwilling to >> exempt us from this. They know we aren't spamming, yet they still >> can't do anything. Apparently they don't have a whitelist, and their >> system is all automated so they can't do anything. > > Actually somebody does want to do something. I already have two C/R systems > both blocked on my mail server, and set, with client rules, to dump email to > accounts on other servers. The client rule doesn't reject the email; it > can't. All that rule does is silently drops the email. The moment I get a > challenge from your ISP's C/R server, it will be so treated. So, yes, > somebody does want to do something; take a proactive position about blocking > abusive behavior at the recipient's server, or mailbox. Just for the record, I do the same thing. But after two of us have so testified, I presume others who take that stand against C/R will not bother to post about it. One other thing I do is that if a challenge resulting from spam _does_ make it through to me I make it a point to respond to the challenge so the user who spammed me with their C/R trash will be sure to receive _their_ dose of spam. From ric.gates at bigsleep.org Sun Dec 12 17:45:35 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 12 12:50:21 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: On 12 Dec 2004 Mike Easter entered spamcop and left news:cph56t$nhm$1@news.spamcop.net: > Blammo wrote: >> That's pretty funny. But what I think is funny is: the last time I >> installed AOL (for someone else), it dialed up AOL and spent 30 >> minutes downloading the latest software. So what the hell is on that >> CD? > > The latest telnos? > Why? It dials toll-free. -- | Ric From mfkmek820 at yahoo.com Sun Dec 12 10:16:36 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 12 14:20:04 2004 Subject: [SpamCop-List] IP Addresses Message-ID: If I continually get a Netzky virus attached to an eMail form the same IP, does that IP point to a specific client on a fixed i.e., cable modem, or to a node on the ISP network? Received: from source ([24.237.198.161]) by exprod6mx67.postini.com ([64.18.5.10]) with SMTP; Sun, 12 Dec 2004 02:56:00 -0500 (EST) Date: Sat, 11 Dec 2004 22:56:10 -0900 The techie at my ISP "was not the sharpest knife in the drawer". So I thought I would pose that ? here. Fred k From nobody at devnull.spamcop.net Sun Dec 12 13:36:23 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Dec 12 14:40:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Fred K" wrote in message news:cpi5f9$9im$1@news.spamcop.net... > If I continually get a Netzky virus attached to an eMail form the same IP, > does that IP point to a specific client on a fixed i.e., cable modem, or to > a node on the ISP network? > > Received: from source ([24.237.198.161]) by exprod6mx67.postini.com > ([64.18.5.10]) with SMTP; Sun, 12 Dec 2004 02:56:00 -0500 (EST) > Date: Sat, 11 Dec 2004 22:56:10 -0900 Take it up with the ISP in question. 12/12/04 13:27:20 IP block 24.237.198.161 Trying 24.237.198.161 at ARIN Trying 24.237.198 at ARIN OrgName: GCI Communications, Inc. OrgID: GCOM Address: 2550 Denali St. Address: Suite 1000 City: Anchorage StateProv: AK PostalCode: 99503 Country: US ReferralServer: rwhois://rwhois.gci.net:4321/ NetRange: 24.237.0.0 - 24.237.255.255 CIDR: 24.237.0.0/16 NetName: GCI-ALASKA-1BLK NetHandle: NET-24-237-0-0-1 Parent: NET-24-0-0-0-0 NetType: Direct Allocation NameServer: VANS-1.GCI.NET NameServer: VANS-2.GCI.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1997-10-14 Updated: 2003-12-12 TechHandle: GDA5-ORG-ARIN TechName: GCI IP Administrator TechPhone: +1-907-868-0100 TechEmail: ipadmin@gci.net OrgAbuseHandle: GNS10-ARIN OrgAbuseName: GCI Network Security OrgAbusePhone: +1-907-868-5330 OrgAbuseEmail: security@gci.net OrgNOCHandle: GCNCC-ARIN OrgNOCName: GCI Customer Network Control Center OrgNOCPhone: +1-907-868-0100 OrgNOCEmail: intcncc@gci.net OrgTechHandle: GDA5-ORG-ARIN OrgTechName: GCI IP Administrator OrgTechPhone: +1-907-868-0100 OrgTechEmail: ipadmin@gci.net From MikeE at ster.invalid Sun Dec 12 11:54:37 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 12 14:55:17 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: Blammo wrote: > Mike Easter >> Blammo wrote: >>> That's pretty funny. But what I think is funny is: the last time I >>> installed AOL (for someone else), it dialed up AOL and spent 30 >>> minutes downloading the latest software. So what the hell is on that >>> CD? >> >> The latest telnos? > Why? It dials toll-free. Mine was sortofa wry 'joke' -- but it still could be the 'latest' [newest best deal on the 800] telnos. That is, howabout if AOL shops the various providers regularly for who wants to handle that particular 800 business. I was also just thinking about the 'economics' of the CD mailings. About how they scale. Imagine if you wanted to send, say a dozen of your closest friends 'that kind' of CD; ie one which was 'printed' with your 'stuff' - on the mailer, on the CD, and 'printed' [off a master] containing your digital stuff instead of one-off copied for each. The cost per CD would be huge; in fact, I would be curious about what the real numbers would be. Even the postal rate would be entirely different. But when you do it all in the millions, the cost per item isn't bad at all. Nor the LD telephone update, I guess. -- Mike Easter kibitzer, not SC admin From mfkmek820 at yahoo.com Sun Dec 12 11:07:32 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 12 15:10:04 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "WazoO" wrote in message news:cpi6jn$aak$1@news.spamcop.net... > "Fred K" wrote in message > news:cpi5f9$9im$1@news.spamcop.net... >> If I continually get a Netzky virus attached to an eMail form the same >> IP, >> does that IP point to a specific client on a fixed i.e., cable modem, or > to >> a node on the ISP network? >> >> Received: from source ([24.237.198.161]) by exprod6mx67.postini.com >> ([64.18.5.10]) with SMTP; Sun, 12 Dec 2004 02:56:00 -0500 (EST) >> Date: Sat, 11 Dec 2004 22:56:10 -0900 > > Take it up with the ISP in question. >> > You missed the question. As I said I did. I know who the ISP is also. My question to experts here is still looking for an answer Fred k From David1 at suescornerweb.com Sun Dec 12 15:13:32 2004 From: David1 at suescornerweb.com (David 1) Date: Sun Dec 12 15:15:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] In-Reply-To: References: Message-ID: Mike Easter wrote: > Blammo wrote: > >>Mike Easter >> >>>Blammo wrote: >>> >>>>That's pretty funny. But what I think is funny is: the last time I >>>>installed AOL (for someone else), it dialed up AOL and spent 30 >>>>minutes downloading the latest software. So what the hell is on that >>>>CD? >>> >>>The latest telnos? > > >>Why? It dials toll-free. > > > Mine was sortofa wry 'joke' -- but it still could be the 'latest' > [newest best deal on the 800] telnos. That is, howabout if AOL shops > the various providers regularly for who wants to handle that particular > 800 business. > > I was also just thinking about the 'economics' of the CD mailings. > About how they scale. > > Imagine if you wanted to send, say a dozen of your closest friends 'that > kind' of CD; ie one which was 'printed' with your 'stuff' - on the > mailer, on the CD, and 'printed' [off a master] containing your digital > stuff instead of one-off copied for each. The cost per CD would be > huge; in fact, I would be curious about what the real numbers would be. > Even the postal rate would be entirely different. > > But when you do it all in the millions, the cost per item isn't bad at > all. Nor the LD telephone update, I guess. > you could be right about that, I've been helping a fiend with that aol & that's the first thing it or when you call the service reps do is redo the #s, My client told me for the first 3 years she used the same set of #s & now for the last year they are changing all the time & let me tell you she don't like it! I told her don't worry about it there's nothing you can do about it. One note though, it's not the 800 #s they are using local #S. David 1 From nobody at devnull.spamcop.net Sun Dec 12 15:15:22 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Dec 12 15:20:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Fred K" wrote in message news:cpi5f9$9im$1@news.spamcop.net... > If I continually get a Netzky virus attached to an eMail form the same IP, > does that IP point to a specific client on a fixed i.e., cable modem, or > to a node on the ISP network? > > Received: from source ([24.237.198.161]) by exprod6mx67.postini.com > ([64.18.5.10]) with SMTP; Sun, 12 Dec 2004 02:56:00 -0500 (EST) > Date: Sat, 11 Dec 2004 22:56:10 -0900 > > > The techie at my ISP "was not the sharpest knife in the drawer". So I > thought I would pose that ? here. > > Fred k > Only the IP address owner ISP can give you an answer. I think it is most probably a client. Could be a DSL or cable. I would bet it is NOT a dial up. From MikeE at ster.invalid Sun Dec 12 12:58:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 12 16:00:14 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: I misunderstood the question as well. Fred K wrote: > If I continually get a Netzky virus attached to an eMail form the > same IP, does that IP point to a specific client on a fixed i.e., > cable modem, or to a node on the ISP network? > > Received: from source ([24.237.198.161]) 24.237.198.161 rDNS 161-198-237-24.gci.net is listed at cbl as putting out stuff consistent with being trojan/proxied; but it isn't listed as being in a dynamic netblock, but that doesn't mean that it isn't - ya know whattuh mean? virm propagations typically use their own smtp engine But, you/we can't tell from what we know, ie we're not gci, whether that is a cable, dsl, or telephone user. I guess that is your question, or is your question still something different than I understand? -- Mike Easter kibitzer, not SC admin From devnull at devnull.devnull Sun Dec 12 23:11:31 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sun Dec 12 16:20:04 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: Ben wrote: > > I actually got a spam that 'appeared' to be in compliance with > > the "Can Spam" act. At the tail of the spam they had a section > > that said "US Can Spam Compliance" where they posted a postal > > address of both the company being advertised and the company who > > was spamming for a fee; a phone number, a FAX number, their > > "Customer Service" email address and a web address for "removal." > > > > Probably dubious but it appeared that they were trying to comply. > > Since it was sent to my throwaway Hotmail account (knowing better) > > I still tried their removal link. It claimed and promised that no more > > "offers" will be sent to that address, although it will take 48 to > > 72 hours to process the request. I did an interesting experiment on this. I created a "free" mail acct, unsubscribed it in a so-called CAN SPAM compliant spam. In a approximately 5 months I was receiving anything up to 70 mails a day - all spam from different domains. That proved my suspicions and what all good anti spam pages says . Case (and account) closed. Brian Wrote: > Such as companyIunsubscrbefrom.5.username at spamgourmet dot com > > An example is my address in the header of this message. > > spamgourmet will then forward any replies to your specified address for > the number that you specify in the address (5 in this example). After 5 > replies, the email/spam is eaten and you never see any more unless you > choose to change it. Brian - thx again for a nice tip. I can most definitely see a use for this :-) Cheers E From devnull at devnull.devnull Sun Dec 12 23:48:31 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sun Dec 12 17:00:04 2004 Subject: [SpamCop-List] Re: 202.102.230.36 References: Message-ID: "Ivan Leo Puoti" wrote in message news:cpev38$apt$1@news.spamcop.net... > Moved posting to http://www003.portalis.it/115/202.102.230.36.html > > Ivan. If I select link, i get: "Not enough storage is available to process this command." ?? E From 9ucs5y001 at sneakemail.com Sun Dec 12 13:57:52 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Sun Dec 12 17:00:19 2004 Subject: [SpamCop-List] Munging bug in mail reporting Message-ID: In mail-submitted spam, I am seeing the "To:" lines with the friendly names between the quotes not cleared out, even when they match the email address. Submitting via the web interface seems to clear these names out, at least if they match the name before the "@" in the email address. I think it would be best to always clear them out, regardless of whether they match the name in the email address or not. This would help me out since most of the spam my wife is receiving recently has the format: To: "nobody" Which now requires me to manually copy/paste them into the web interface rather than mailing them. I wouldn't bother much except that they are rarely her name there and are likely other valid email names. In addition, I have seen spam with many "To:" lines instead of a continuation style. I am pretty sure that those are somewhat malformed, but the current munging misses all but the first "To:" line entirely. It would be cool to get those munged properly as well. Thanks for your consideration, DS From puoti at inwind.it Sun Dec 12 23:06:09 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:10:31 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: As the email doesn't bouce, is there anything else I can do? Ivan. From mrichter at cpl.net Sun Dec 12 14:08:09 2004 From: mrichter at cpl.net (Mike Richter) Date: Sun Dec 12 17:10:59 2004 Subject: [SpamCop-List] Re: IP Addresses In-Reply-To: References: Message-ID: Fred K wrote: >>Take it up with the ISP in question. >> > You missed the question. > As I said I did. I know who the ISP is also. My question to experts here is > still looking for an answer > > Fred k Permit me a suggestion as a matter of style. Rather than belittling someone who is trying to assist you, try a phrase such as "Sorry I was not clear" instead of "You missed the question." In fact, the reply was reasonably consistent with the others you have received: only the hosting ISP (for which WazoO's information is helpful) can act on the infection. What none appears to have said explicitly is that the infected machine is likely to be using that IP address. My guess is that they (and you) assumed that a priori. Mike -- mrichter@cpl.net http://www.mrichter.com/ From puoti at inwind.it Sun Dec 12 23:17:26 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:20:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: For the next five days you can use this link http://wpop23.inwind.libero.it/ps4/ps/RMS/downloadAttachment?dd=0BFF1B0123BEE402AC261&td=y&d=inwind.it&a=1&u=puoti&t=d82441257568d1459d10&l=it&s=1102889635505&c=yes by then I hope my ISP will have resolved the problems on the server hosting my site. Ivan. From puoti at inwind.it Sun Dec 12 23:18:41 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:20:19 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (New download link) In-Reply-To: References: Message-ID: For the next five days please use this backup link, by then the main link should be up and running again. http://wpop23.inwind.libero.it/ps4/ps/RMS/downloadAttachment?dd=0BFF1B0123BEE402AC261&td=y&d=inwind.it&a=1&u=puoti&t=d82441257568d1459d10&l=it&s=1102889635505&c=yes Ivan. From devnull at devnull.devnull Mon Dec 13 00:11:31 2004 From: devnull at devnull.devnull (Anty Spam) Date: Sun Dec 12 17:20:26 2004 Subject: [SpamCop-List] Re: WhoisGuard Protected References: Message-ID: "Fred K" wrote in message news:cpfkoi$q9e$1@news.spamcop.net... > Visit: http://www.namecheap.com/ > Domain name: get-a-low-rate.com > Registrant Contact: > WhoisGuard > WhoisGuard Protected > 04e76404fff748c3af04b21f7eb0f9f7.protect@whoisguard.com > > > First time I have seen that term. Google did not com up with an answer. Can > anyone tell what it means > > Fred k > > Hi See http://www.namecheap.com/legal/reg-agreement.asp , Item 21: Paragraph YOUR REPRESENTATIONS & WARRANTIES I think you need to send a mail to abuse@namecheap.com , support@namecheap.com Also include abuse@enom.com and support@enom.com, since in this instance Namecheap is a reseller for Enom.com Also explain you do hold them responsible for any spams, also making them aware of their own AUP for WhoisGaurd. Also, any proof you have for showing that this party has a track record for spamming. That normally does it. The spammer looses his fees for WhoisGaurd and has to resort to bad domain names etc to hide. Then it is http://wdprs.internic.net/ time...:-) Cheers E From puoti at inwind.it Sun Dec 12 23:25:43 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:30:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: For the next five days please use this backup link, by then the main link should be up and running again. http://ps4.libero.it/ps4/ps/RMS/downloadAttachment?dd=0BFF1B0123BEE402AC261&d=inwind.it&a=1&c=yes&u=puoti&l=it&s=1102890289304 Ivan. From puoti at inwind.it Sun Dec 12 23:26:22 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:30:15 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > If I select link, i get: > > "Not enough storage is available to process this command." ?? For the next five days you can use this link http://ps4.libero.it/ps4/ps/RMS/downloadAttachment?dd=0BFF1B0123BEE402AC261&d=inwind.it&a=1&c=yes&u=puoti&l=it&s=1102890289304 by then I hope my ISP will have resolved the problems on the server hosting my site. Ivan. From puoti at inwind.it Sun Dec 12 23:37:56 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 17:40:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 In-Reply-To: References: Message-ID: > FWIW, I have used up about 4GB of bandwidth from them today. I'm using 7.2GBs a day, every day, and the fact that they have gone to the truble of trying to stop me means it does hurt them. Ivan. From dannyg at dannyg.com Sun Dec 12 15:28:18 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Sun Dec 12 18:28:26 2004 Subject: [SpamCop-List] Re: IP Addresses In-Reply-To: <200412122200.iBCM0HDs027299@dannyg.com> Message-ID: Fred K wrote: > If I continually get a Netzky virus attached to an eMail form the same IP, > does that IP point to a specific client on a fixed i.e., cable modem, or to > a node on the ISP network? > > Received: from source ([24.237.198.161]) I see that gci.net promotes broadband access in Alaska (where available), so it's likely that the offending box is a PC connected via cable/DSL. How responsive gci.net will be to your inquiry is anyone's guess. A couple of months ago, I was getting virm from a box coming out of the Los Angeles county government net block (it identified itself by the same machine name in every message, but the IP changed from time to time--probably a laptop). Forwarding a few samples of the headers to the admin there allowed her to find the culprit rather quickly, and I haven't heard a peep since. Would a regional ISP be as responsive? Perhaps. It's worth a try. Danny http://www.dannyg.com http://www.spamwars.com From ric.gates at bigsleep.org Sun Dec 12 23:55:49 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 12 19:00:05 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. [AOL CDs] References: Message-ID: On 12 Dec 2004 Mike Easter entered spamcop and left news:cpi7lc$b0q$1@news.spamcop.net: > > Mine was sortofa wry 'joke' -- but it still could be the 'latest' > [newest best deal on the 800] telnos. That is, howabout if AOL shops > the various providers regularly for who wants to handle that particular > 800 business. > I figured that at first. I don't know about the 800 numbers, but they probably do lease the local numbers from other companies, and the numbers change if they change providers. I doubt they are on the CD. > I was also just thinking about the 'economics' of the CD mailings. > About how they scale. > I looked at an older CD and it contained several versions of AOL totalling 400 some megs and nothing else. Then an AOL 9 disk here contains the AOL version 7, 8 and 9 of the MSIE browser, their AOL tech crap, and a bunch of games that I've never heard of - BLACKHAWKSTRIKER, BLASTERBALL2, etc. in hidden folder btw. Other junk I won't go into, 300+ MB. It's been years since I installed it, but when I did I wondered why I'm waiting around for this when I can connect to many other ISPs in a matter of seconds. AOL just wants everyone to see the AOL logo, even though we are all sick of looking at it. Much like spam, the more they push it the more idiots they find. Not that *everyone* on AOL are idiots ;-) but that's the kind AOL likes. -- | Ric From ric.gates at bigsleep.org Mon Dec 13 00:06:30 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 12 19:10:04 2004 Subject: [SpamCop-List] Re: Munging bug in mail reporting References: Message-ID: On 12 Dec 2004 DS entered spamcop and left news:cpiet1$fhp$1@news.spamcop.net: > In mail-submitted spam, I am seeing the "To:" lines with the friendly > names between the quotes not cleared out, even when they match the > email address. Submitting via the web interface seems to clear these > names out, at least if they match the name before the "@" in the email > address. > I'm sure this has been mentioned before, but I would like to see an option in the preferences where I could add the eMail addresses that I report on. That way the parser could simply look for those and not have to try the fancy routine it's doing now. Though I know that wouldn't work for everyone, since some get mail at anyone@ -- | Ric From 9ucs5y001 at sneakemail.com Sun Dec 12 16:39:27 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Sun Dec 12 19:40:03 2004 Subject: [SpamCop-List] Re: Munging bug in mail reporting References: Message-ID: "Blammo" wrote in message news:Xns95BDA3FBFA109blammo@216.154.195.61... > I'm sure this has been mentioned before, but I would like to see an option > in the preferences where I could add the eMail addresses that I report on. > That way the parser could simply look for those and not have to try the > fancy routine it's doing now. > > Though I know that wouldn't work for everyone, since some get mail at > anyone@ For the spam my wife and I get, it would be far better to remove all the friendly names, as about 90% of them do not have our names in the "To:" line at all. But I see your point too. DS From puoti at inwind.it Mon Dec 13 01:55:48 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Sun Dec 12 20:00:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How smart are these guys?) In-Reply-To: References: Message-ID: The really smart spammers have forgot to switch off directory listing, so now I've updated the spamvampire that now loads an extra 226 images. The updated version is at http://www003.portalis.it/115/download/202.102.230.36.zip Ivan. From wb8tyw at qsl.network Sun Dec 12 20:07:40 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Dec 12 20:10:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > As the email doesn't bouce, is there anything else I can do? See if you can convince the ISP providing the E-MAIL domain that operating a DNS for the sole purpose of supporting spamming is a TOS violation. Some ISPs will terminate the e-mail account. Once you get the e-mail address terminated, then go after the registration. In the mean time, see if you can get the address/phone number verified. When news.admin.net-abuse.email is not under attack, people there can generally help with the detective work. You might be able to get some help on the moderated forum news.admin.net-abuse.blocklisting. Posting in those two places may get spamhaus and spews attention. -John wb8tyw@qsl.network Personal Opinion Only From ric.gates at bigsleep.org Mon Dec 13 02:27:20 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 12 21:30:02 2004 Subject: [SpamCop-List] Re: Munging bug in mail reporting References: Message-ID: On 12 Dec 2004 DS entered spamcop and left news:cpioc0$lmg$1@news.spamcop.net: > For the spam my wife and I get, it would be far better to remove all > the friendly names, as about 90% of them do not have our names in the > "To:" line at all. But I see your point too. > You mean remove everything in the To: header, right? I'm sure that could be done, but really I think that's evidence that it's spam, that and the Cc: header as well. Also if your address is NOT in the To: or if the name there isn't your's, that's evidence as well. The SpamCop parser just guesses at your address, if it knew your address(s) it could do a much better job of munging. But even then it isn't even close to 100% because there are an infinite number of ways a spammer could trace the message. Actually with some mail servers ScamCop can reliably get your address from the top Received header or one of the others like Delivered-To, though those other headers are sometimes added by spamware. I'm not sure which header it relies on to guess your address, I think it tries to match several. But I don't think it ever removes the friendy name unless it exactly matches your address (or what it thinks is your address). -- | Ric From mfkmek820 at yahoo.com Sun Dec 12 17:39:25 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Sun Dec 12 21:40:04 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Mike Easter" wrote in message news:cpibcm$ddq$1@news.spamcop.net... >I misunderstood the question as well. > > I guess that is your question, or is your question still something > different than I understand? My apologies for any anti-socialness in my reply. Yes Mike, GCI is using a mix of cable and dial up. My question to their support was: I have been (for the last 7 days) receiving eMail with the Netzky attachment from the same IP, 24.237.198.16. My question to their support was: Is that the static IP assigned to the infected computer, or does it only point to a cluster of their client computers. After talking to their support person I didn't know the answer, and am hoping one of the experts here would know the answer. Fred k From ric.gates at bigsleep.org Mon Dec 13 02:47:36 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Dec 12 21:50:03 2004 Subject: [SpamCop-List] Re: Munging bug in mail reporting References: Message-ID: On 12 Dec 2004 DS entered spamcop and left news:cpiet1$fhp$1@news.spamcop.net: > In mail-submitted spam, I am seeing the "To:" lines with the friendly > names between the quotes not cleared out, even when they match the > email address. Submitting via the web interface seems to clear these > names out, at least if they match the name before the "@" in the email > address. > Now that I think about that and read that again, I wonder if the parser read the From: line in your eMail? If you forward the eMails from the same address that they were sent to, it may make a difference. I usually do that, but sometimes I get spam to addresses that I never send from. -- | Ric From MikeE at ster.invalid Sun Dec 12 21:12:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 13 00:15:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: Fred K wrote: > Yes Mike, GCI is using a mix of cable and dial up. My question to > their support was: > I have been (for the last 7 days) receiving eMail with the Netzky > attachment from the same IP, 24.237.198.16. My question to their > support was: > Is that the static IP assigned to the infected computer, or does it > only point to a cluster of their client computers. > After talking to their support person I didn't know the answer, and am > hoping one of the experts here would know the answer. Well then we can just put the little pieces together. It is very likely or common that a dialup person would get a different IP 'a lot'. It is very very likely or common that a cable modem person keeps the same IP or is 'reassigned' the same IP over and over and over again, typically for many months at a time. It is actually 'hard' to change your IP if you are a cable modem person; ie the cable modem user's IP is 'dynamically static' as I like to say. So, since this same infected person [IP] keeps spewing out the same virm propagation over 7 days, I would conclude that s/he is a cable modem user. Else s/he would /probably/ get a different IP from time to time when s/he dialsup to connect. Possibly if one did a little research on the particular netsky to see if it has a common port which hangs out so that you could 'see it' being open, you could also research it further, by probing the IP's visible port 'at all hours' to further demonstrate it to be a cable modem, since some cable modem users may leave their equipment on, both cable modem typically and the computer some of them. If we were betting, I would be betting on the cable modem. Someone else would have to take the dialup side of the bet. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 12 21:21:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 13 00:25:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: Fred K wrote: >> Is that the static IP assigned to the infected computer, or does it > only point to a cluster of their client computers. It belongs to the infected computer. In Anchorage AK. -- Mike Easter kibitzer, not SC admin From mfkmek820 at yahoo.com Sun Dec 12 20:34:02 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Mon Dec 13 00:40:02 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Mike Easter" wrote in message news:cpj8st$vf4$1@news.spamcop.net... > Fred K wrote: >>> Is that the static IP assigned to the infected computer, or does it >> only point to a cluster of their client computers. > > It belongs to the infected computer. In Anchorage AK. > Thank you Mike. I have been sending reports to GCI. The infeted eMail stopped for a one day and I thought the ISP got to the owner, but alas it was only for one day. Probably did not use the computer that day, or it could have been cleaned and then reinfected. I don't know bout all that port scanning stuff, but will try to educate myself. Thanks again Fred k From mfkmek820 at yahoo.com Sun Dec 12 20:42:25 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Mon Dec 13 00:45:02 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Mike Easter" wrote in message news:cpj8st$vf4$1@news.spamcop.net... > Fred K wrote: > > It belongs to the infected computer. In Anchorage AK. Mike Other than pinging, and without the ISP doing anything, is there a way I can send a message to the computer to let the owner know? Fred k From nobody at xyzzy.claranet.de Mon Dec 13 07:51:35 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Dec 13 01:55:02 2004 Subject: [SpamCop-List] Re: The rest of the story References: Message-ID: <41BD3BF7.59C9@xyzzy.claranet.de> Larry Kilgallen wrote: > One other thing I do is that if a challenge resulting from spam _does_ > make it through to me I make it a point to respond to the challenge so > the user who spammed me with their C/R trash will be sure to receive > _their_ dose of spam. Earthlink even offers to send short insults to their customers. Bye, Frank From nobody at spamcop.net Mon Dec 13 20:04:45 2004 From: nobody at spamcop.net (Anony Mouse) Date: Mon Dec 13 02:05:02 2004 Subject: [SpamCop-List] Re: WhoisGuard Protected References: Message-ID: <41BD3F0D.9030003@spamcop.net> Anty Spam wrote: I regularly and as a matter of course lay wdprs complaints against spammers domains that use whoisguard. The service breaches ICANN policy. Write to the Senate Judiciary committee about the issue of spammers hidding behind this service and the simple fact it contravenes ICANN policy. From bomarc_com at spam.hotmail.nospam.com.use.spamcop.net Sun Dec 12 23:10:18 2004 From: bomarc_com at spam.hotmail.nospam.com.use.spamcop.net (Dan French) Date: Mon Dec 13 02:15:02 2004 Subject: [SpamCop-List] Deputies: Spamers APPEAR to be sending email to /through spamcop Message-ID: Deputies It appears that spammers are using the "reply" email -- sending it to spamcop, to send spam. This spam *DID* come from ironport.com! Take a look at the reports: http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z From scamper at trisk.com Mon Dec 13 00:18:01 2004 From: scamper at trisk.com (Garen Erdoisa) Date: Mon Dec 13 02:20:03 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop In-Reply-To: References: Message-ID: Dan French wrote: > Deputies > > It appears that spammers are using the "reply" email -- sending it to > spamcop, to send spam. This spam *DID* come from ironport.com! > > Take a look at the reports: Here are some additional trackers with this same sort of abuse I just reported. http://www.spamcop.net/sc?id=z702027010z06c7573f5a0cfe62c8b87d9707013985z http://www.spamcop.net/sc?id=z702027090zf0d9b04c17f58ea2bcac1066cbb9afa5z http://www.spamcop.net/sc?id=z702027093z3d897cbbe9e1c60603539bf56b8714c4z http://www.spamcop.net/sc?id=z702027188z2d570356aa96771ad2fbe17e8771bbb9z http://www.spamcop.net/sc?id=z702027224z63673879f3e4edba0a3848a71baa72f9z From bar_n0ne at hotmail.com Mon Dec 13 11:36:23 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 13 02:40:02 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop-RETALIATION References: Message-ID: "Dan French" wrote in message news:cpjf8q$3kj$1@news.spamcop.net... > Deputies > > It appears that spammers are using the "reply" email -- sending it to > spamcop, to send spam. This spam *DID* come from ironport.com! > > Take a look at the reports: > > http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz > http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z > > I think it's retaliation, I just got about 10 in a couple of minutes also, will post the trackers here shortly. From bar_n0ne at hotmail.com Mon Dec 13 11:59:50 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 13 03:00:06 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop-RETALIATION References: Message-ID: "Berny" wrote in message news:cpjgpr$4kk$1@news.spamcop.net... > > "Dan French" wrote in > message news:cpjf8q$3kj$1@news.spamcop.net... > > Deputies > > > > It appears that spammers are using the "reply" email -- sending it to > > spamcop, to send spam. This spam *DID* come from ironport.com! > > > > Take a look at the reports: > > > > http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz > > http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z > > > > > > I think it's retaliation, I just got about 10 in a couple of minutes also, > will post the trackers here shortly. here they are followed by the "To" report ID they replied to http://www.spamcop.net/sc?id=z702041079z1811f1797ee59449c77d87b54847fbaez 1257079108@reports.spamcop.net http://www.spamcop.net/sc?id=z702041082zc03282ed66414420528cf4f3e73f5cc0z 1258847687@reports.spamcop.net http://www.spamcop.net/sc?id=z702041084zba0dd3adaca23cc9321b2ecb72e1f76bz 547071250@reports.spamcop.net> http://www.spamcop.net/sc?id=z702041087zb1cf3ecc481abe235d04cf0292ca73c6z 868500622@reports.spamcop.net http://www.spamcop.net/sc?id=z702041088z78e50efe1f9a7e46ecd3ad5747a47f03z 833087782@reports.spamcop.net http://www.spamcop.net/sc?id=z702041090z8959cb50a6ca0bf74e652335c9749c72z 812140580@reports.spamcop.net http://www.spamcop.net/sc?id=z702041092z38b6263325723cea848e4e39c0657056z 1255839854@reports.spamcop.net http://www.spamcop.net/sc?id=z702041094zfe2798718ca1ac3064971e42d329274az 583964383@reports.spamcop.net http://www.spamcop.net/sc?id=z702041100zbc7c1e91d345cfb94295b548832db5b6z 466080445@reports.spamcop.net http://www.spamcop.net/sc?id=z702041102z705e209a97a0e979b3c921e9f9a719fdz 1255362236@reports.spamcop.net Sorta goes witn my theory that enlargement spams are mainly for people who gripe about spam. From MikeE at ster.invalid Mon Dec 13 00:07:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 13 03:10:02 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: Fred K wrote: > Other than pinging, and without the ISP doing anything, is there a > way I can send a message to the computer to let the owner know? Not really. I've done it a few times. I used to play that game. You would have to 'get lucky' [as they say] and have the good fortune to see some concomitance of the email address and the IP address of the owner. It sometimes happens. If you have received mail from the someone, then you are able to correlate their IP with their email address by looking at headers of old mail. Also, sometimes people post to a newsgroup and their IP [as a nntp source of a message] will become exposed because of someone copying the entire headers and putting them into the body and it becomes google searchable. If that is also accompanied by a usable email address then you get them 'stuck together'. But mostly it is a giant waste of time. Ideally the provider would be taking care of business and when you notify the provider [I characterize the virus/worm in my notify] they correlate the IP address with the account and notify the account holder that they are propagating such and such and here's how to get sanitized and all that jazz. But, if the provider doesn't take care of business and you don't happen to 'know' who is propagating to you and the IP doesn't googleup, you're just about out of tricks. Like if you knew someone with a gci account in AK and you had received mail from them, you could check it out. -- Mike Easter kibitzer, not SC admin From markhurd at ozemail.com.au Mon Dec 13 19:38:10 2004 From: markhurd at ozemail.com.au (Mark Hurd) Date: Mon Dec 13 04:10:09 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: Dan French wrote: > Deputies > > It appears that spammers are using the "reply" email -- sending it to > spamcop, to send spam. This spam *DID* come from ironport.com! > > Take a look at the reports: > > http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz > http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z Me too: http://www.spamcop.net/sc?id=z702033863zddc8883a38f8c490feb25144e58ca6a0z http://www.spamcop.net/sc?id=z702033867z96986b59c46a81d10fe69cca13118e97z http://www.spamcop.net/sc?id=z702033869z2e78b17b5e491943e483bbb141c37f74z http://www.spamcop.net/sc?id=z702033870zc0890fddaa6a9311d1fa4bc1e640af60z http://www.spamcop.net/sc?id=z702033871z9947ce0b542cee4979f0a668fd37f1a9z Note that almost all were sent via open relays. -- Regards, Mark Hurd, B.Sc.(Ma.) (Hons.) From korhojy at POISSPAMMIThotmail.com Mon Dec 13 11:35:37 2004 From: korhojy at POISSPAMMIThotmail.com (Jyri Korhonen) Date: Mon Dec 13 04:40:45 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: "Dan French" wrote: > It appears that spammers are using the "reply" email -- sending it > to spamcop, to send spam. This spam *DID* come from ironport.com! I got nine of those. SpamCop recognized only one report number: 1258419558 ( 82.48.112.106 ) To: abuse@nic.it The rest gave "Cannot find spam for reportid XXXXXXX", but I'm pretty sure that they went to the same address. 39362582 180663861 430310773 430651902 548527951 709944077 889561256 1051674218 I quick reported all nine and I'm now waiting to see how well the parser can dig the injecting IPs from rather long headers......the Quick reporting data just arrived and it seems that the parser had no problems. Here's one of the tracking URLs: http://www.spamcop.net/sc?id=z702055472z0f0ae4663b626d4cab01d621b56a545fz Hmm. It sent a report to "badreports". I wonder why, because there shouldn't be anything "bad" with this report. From newandrew at rump.dk Mon Dec 13 09:57:21 2004 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Mon Dec 13 05:00:43 2004 Subject: [SpamCop-List] Re: Lycos ends his anti spam screensaver References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, "basalk" mumbled in news:cpc9fh$nhu$1@news.spamcop.net: > On wikinews: > Lycos Europe ended its anti-spam operation "Make Love Not Spam." > The company's spokesperson made a statement that it was planned > to be a temporal campaign to raise people's awareness. > ... > Lycos coordinated those requests, by choosing targets from a list > of candidates generated by organizations like Spamcom.com, and > monitoring the effect to keep server under heavy load but alive. Spamcop.net - not spamcop.com or even spamcom.com - well that site doesn't exist! But why don't people learn that everything does not end with .com?!? ARGH!!! Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From newandrew at rump.dk Mon Dec 13 10:19:18 2004 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Mon Dec 13 05:20:45 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: Even more links here: http://www.spamcop.net/sc?id=z702070698z9def1aa5be1dc4f3b922f94a9abf1717z http://www.spamcop.net/sc?id=z702070701zab0ca228ef9c7e2e8194028db4593f49z http://www.spamcop.net/sc?id=z702070701zab0ca228ef9c7e2e8194028db4593f49z which is just a few of the 50+ spammail I Recieved in my Inbox - SpamAssassin wasn't triggered so they didn't go to my Held Mail! :-( Somebody apparently scooped our report reply addresses and abused them for spamming!!! Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From ric.gates at bigsleep.org Mon Dec 13 10:53:28 2004 From: ric.gates at bigsleep.org (Blammo) Date: Mon Dec 13 05:55:03 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop-RETALIATION References: Message-ID: On 12 Dec 2004 Berny entered spamcop and left news:cpji5p$5bd$1@news.spamcop.net: > Sorta goes witn my theory that enlargement spams are mainly for people > who gripe about spam. > Or the reports domain got entered into the generator by an idiot, or either way he's an idiot. -- | Ric | From nobody at nowhere.invalid Mon Dec 13 12:32:03 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 13 06:35:06 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 02:00:39 -0700, SpamCop Admin coughed into spamcop and left this in : > It looks like a spammer is using a number generator to create reportID > numbers to be used with our @reports.spamcop.net address. Don't forget the "abuse@nic.it" factor. That particular address feeds a mailing list run by the Italian (so-called) anti-spam (wannabe) authorities. Trouble is, that list is crawling with spammers who then spam the "reportid" addresses of SC complainants. I've been receiving spams sent to $REPORTID@reports.spamcop.net for quite a while. Each and every time, $REPORTID is the ID of a report sent to abuse@nic.it. -- Steve If you try to please everybody, nobody will like it. From puoti at inwind.it Mon Dec 13 12:46:23 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 13 06:50:04 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop In-Reply-To: References: Message-ID: > I got nine of those. SpamCop recognized only one report number: > > 1258419558 ( 82.48.112.106 ) To: abuse@nic.it I'm going to phone nic and see what the hell is going on, it seems to me they are helping out the spammers, I'm getting this sort of spam too. Ivan. From nobody at spamcop.net Mon Dec 13 06:49:53 2004 From: nobody at spamcop.net (Miss Betsy) Date: Mon Dec 13 06:50:27 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Fred K" wrote in message news:cpja4p$if$1@news.spamcop.net... > Other than pinging, and without the ISP doing anything, is there a way I can > send a message to the computer to let the owner know? You can try calling on the telephone (I have never gone that far, but I think others have). Also, try to find other email addresses (or an upstream). I always put the name in the subject 'Netsky.p via xxx.xx.xxx.xx' and keep track of the number of times I have notified them. Miss Betsy From puoti at inwind.it Mon Dec 13 12:48:50 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 13 06:50:36 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (The effort is working) In-Reply-To: References: Message-ID: The ping time from my location has gone up of about 120%, so we are making a difference, if you're running the vampire, please keep it going. Ivan. From puoti at inwind.it Mon Dec 13 12:52:26 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 13 06:55:05 2004 Subject: [SpamCop-List] postmaster is away. Message-ID: I sent a complaint and got this message, that implies this guy has 8 months of vacations a year! I will be out of the office starting 11/30/2004 and will not return until 08/07/2005. From gospamming at yourdomain.invalid Mon Dec 13 12:12:14 2004 From: gospamming at yourdomain.invalid (D.Diaz) Date: Mon Dec 13 07:15:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 (How software piracy can provide protection from prosecution) References: Message-ID: "Mike Easter" wrote in news:cpfbkf$k9t$1 @news.spamcop.net: > Bolocco Milk > Raul Guillermo Bolocco > mennelande 2201 > Cordoba, Sevilla 41013 > ES > Phone: 954232323 > Phone Code: 34 Spain > Fax: > Email Address: rgbwnnr@jazzfree.com > > Then, if you can find a vulnerability in there, you would notify > SpotDomain thru' internic to 'motivate' them. > Heh... mennelande 2201 <-- Bogus. That's not even spanish. Cordoba, Sevilla 41013 <-- Bogus. Cordoba is not in Sevilla. Phone: 954232323 <-- Maybe... But I bet it was handmade, too -- Daniel Diaz SpamCop User From ric.gates at bigsleep.org Mon Dec 13 12:20:41 2004 From: ric.gates at bigsleep.org (Blammo) Date: Mon Dec 13 07:25:07 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On 13 Dec 2004 Steven Maesslein entered spamcop and left news:slrncrqvdj.15l.nobody@127.0.0.1: > > Don't forget the "abuse@nic.it" factor. That particular address feeds a > mailing list run by the Italian (so-called) anti-spam (wannabe) > authorities. Trouble is, that list is crawling with spammers who then > spam the "reportid" addresses of SC complainants. > Two of mine are too old to track, and one from Oct 6 was sent to abuse@nic.it, that is rather old. -- | Ric | From nobody at spamcop.net Mon Dec 13 06:45:03 2004 From: nobody at spamcop.net (Ellen) Date: Mon Dec 13 07:25:20 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: "Jyri Korhonen" wrote in message news:cpjnpc$92n$1@news.spamcop.net... > Here's one of the > tracking URLs: > > http://www.spamcop.net/sc?id=z702055472z0f0ae4663b626d4cab01d621b56a545fz > > Hmm. It sent a report to "badreports". I wonder why, because > there shouldn't be anything "bad" with this report. Note that the bad_tracking is for a relaying report for an IronPort IP. The injection report is for the correct IP. Ellen From postm at ster.blorchDOTorg Mon Dec 13 07:28:57 2004 From: postm at ster.blorchDOTorg (Mark K. Bilbo) Date: Mon Dec 13 08:30:11 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 02:00:39 -0700, SpamCop Admin wrote: > The traffic is spam, so it should be reported, but with one caution. > It's important that the spam not be confused with actual replies to our > current reports. Replies to reports aren't spam and shouldn't be > reported. Just got one myself via: 1046833788@reports.spamcop.net Wasn't sure what to do with it at first but I've reported it now. What is it with these idiots? Of all the people *least interested in what spam scum are peddling, it'd be people using services like Spamcop. Spammers aren't just stupid, it's like they're in a contest of stupidity and going for the gold... From NoBody at SpamCop.net Mon Dec 13 13:27:38 2004 From: NoBody at SpamCop.net (Bodger) Date: Mon Dec 13 08:30:32 2004 Subject: [SpamCop-List] Bad reports Message-ID: http://www.spamcop.net/sc?id=z702128582z8308c9833c20aa5a803d67ade3f0b29ez Apparently these jokers are using the munged reporting address to re-spam via spamcop! Or have I got it all wrong - as usual? -- All outgoing mail is scanned with Norton AntiVirus Pro. From ric.gates at bigsleep.org Mon Dec 13 13:29:43 2004 From: ric.gates at bigsleep.org (Blammo) Date: Mon Dec 13 08:30:40 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On 13 Dec 2004 Mark K. Bilbo entered spamcop.help and left news:cpk58q$hgb$1@news.spamcop.net: > Spammers aren't just stupid, it's like they're in a contest of stupidity > and going for the gold... > I'd say we found the gold medal winner. -- | Ric | From bar_n0ne at hotmail.com Mon Dec 13 17:31:01 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 13 08:35:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: "Mark K. Bilbo" wrote in message news:cpk58q$hgb$1@news.spamcop.net... > On Mon, 13 Dec 2004 02:00:39 -0700, SpamCop Admin wrote: > > > The traffic is spam, so it should be reported, but with one caution. > > It's important that the spam not be confused with actual replies to our > > current reports. Replies to reports aren't spam and shouldn't be > > reported. > > Just got one myself via: > > 1046833788@reports.spamcop.net > > Wasn't sure what to do with it at first but I've reported it now. > > What is it with these idiots? Of all the people *least interested in what > spam scum are peddling, it'd be people using services like Spamcop. > Spammers aren't just stupid, it's like they're in a contest of stupidity > and going for the gold.. Probably an enlargement spam? Their little way of retaliating with what they percieve as an insult.. From postm at ster.blorchDOTorg Mon Dec 13 07:56:23 2004 From: postm at ster.blorchDOTorg (Mark K. Bilbo) Date: Mon Dec 13 08:55:10 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 17:31:01 +0400, Berny wrote: > > "Mark K. Bilbo" wrote in message > news:cpk58q$hgb$1@news.spamcop.net... >> On Mon, 13 Dec 2004 02:00:39 -0700, SpamCop Admin wrote: >> >> > The traffic is spam, so it should be reported, but with one caution. >> > It's important that the spam not be confused with actual replies to >> > our current reports. Replies to reports aren't spam and shouldn't be >> > reported. >> >> Just got one myself via: >> >> 1046833788@reports.spamcop.net >> >> Wasn't sure what to do with it at first but I've reported it now. >> >> What is it with these idiots? Of all the people *least interested in >> what spam scum are peddling, it'd be people using services like Spamcop. >> Spammers aren't just stupid, it's like they're in a contest of stupidity >> and going for the gold.. > > Probably an enlargement spam? Their little way of retaliating with what > they percieve as an insult.. Actually it's an "enlaaaregment" spam. I love the way they've had to scramble spellings trying to get around filters. If they have to bastardize the spelling any further than what they're up to now, nobody's going to know what they're selling anyway. (Seems they have a "devjcce" that can gain more inches... I guess that's nice for the "devjcce"... uh... I think?) From devnull at devnull.devnull Mon Dec 13 16:22:20 2004 From: devnull at devnull.devnull (Anty Spam) Date: Mon Dec 13 09:35:05 2004 Subject: [SpamCop-List] Backups.cd down Message-ID: Hi All The Backups.cd site has been removed on free.net, thank to the free.net team. A quick mail to them made it "disappear" :-) Best regards E From bomarc_com at spam.hotmail.nospam.com.use.spamcop.net Mon Dec 13 06:48:01 2004 From: bomarc_com at spam.hotmail.nospam.com.use.spamcop.net (Dan French) Date: Mon Dec 13 09:50:03 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: And more: http://www.spamcop.net/sc?id=z702155118z595ab69618c23c1bce46f38cc430ee5ez http://www.spamcop.net/sc?id=z702155396z4074bfb446cd93dd85a634a44adc5d9fz http://www.spamcop.net/sc?id=z702155741z90684c0f8c50f8f13496976486cbc22az "Dan French" wrote in message news:cpjf8q$3kj$1@news.spamcop.net... > Deputies > > It appears that spammers are using the "reply" email -- sending it to > spamcop, to send spam. This spam *DID* come from ironport.com! > > Take a look at the reports: > > http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz > http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z > From kenbrody at spamcop.net Mon Dec 13 09:45:01 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 13 09:55:07 2004 Subject: [SpamCop-List] Re: Bad reports References: Message-ID: <41BDAAED.9DB7CEED@spamcop.net> Bodger wrote: > > http://www.spamcop.net/sc?id=z702128582z8308c9833c20aa5a803d67ade3f0b29ez > > Apparently these jokers are using the munged reporting address to re-spam > via spamcop! > Or have I got it all wrong - as usual? Nope, you are correct. See the "ReportingID Spam" thread. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Mon Dec 13 06:58:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 13 10:00:03 2004 Subject: [SpamCop-List] Re: Bad reports References: Message-ID: Bodger wrote: spamcop.net/sc?id=z702128582z8308c9833c20aa5a803d67ade3f0b29ez > Apparently these jokers are using the munged reporting address to > re-spam via spamcop! A tracker won't show the spammed addy, the parser replaces the To addy with 'x' > Or have I got it all wrong - as usual? There's a discussion of the problem in .help under Subject: ReportingID Spam -- Mike Easter kibitzer, not SC admin From firewoman at default.domain.not.available Mon Dec 13 10:10:27 2004 From: firewoman at default.domain.not.available (Firewoman) Date: Mon Dec 13 10:15:03 2004 Subject: [SpamCop-List] And Now You Know: The rest of the story References: Message-ID: "Karen" wrote in message news:cpajan$l2t$1@news.spamcop.net... It's quite interesting that when looking at senderbase, inebraska.com IP's show a marked increase in e-mail over the last 30 days (323%, 609%, 570%, 597%) but showing a drastic DECREASE over the last 24 hours? Hrm.... Somethin' funky happenin' in Nebraska! Besides, SC states that the IP being complained about will be delisted in 14 hrs from now. Any bets on how long it will be off before a C/R is once again reported as spam? From devnull at devnull.devnull Mon Dec 13 17:34:48 2004 From: devnull at devnull.devnull (Anty Spam) Date: Mon Dec 13 10:45:03 2004 Subject: [SpamCop-List] Re: Backups.cd down References: Message-ID: "Anty Spam" wrote in message news:cpk91m$k5d$1@news.spamcop.net... > Hi All > > The Backups.cd site has been removed on free.net, thank to the free.net > team. > > A quick mail to them made it "disappear" :-) > > Best regards > > E > ... and then the next spam came referring to backups.cd and down.cd in same mail. For everybody's info: Email addresses for nic.cd are are support@nic.cd and admin@nic.cd :-0 Spammer is real Darwin award material. Anyway, both are on free.net.which the spammer used before they "closed" him down. Now I wonder: Do this still shoot people in Russia ? Regards E From devnull at devnull.devnull Mon Dec 13 17:37:38 2004 From: devnull at devnull.devnull (Anty Spam) Date: Mon Dec 13 10:50:03 2004 Subject: [SpamCop-List] Re: And Now You Know: The rest of the story References: Message-ID: "Firewoman" wrote in message news:cpkbch$lqh$1@news.spamcop.net... > "Karen" wrote in message > news:cpajan$l2t$1@news.spamcop.net... {SNIP} > > Any bets on how long it will be off before a C/R is once again reported as > spam? > Uhhhm ... ... is that inebraska.com or in general ? :-) From dave at dave.com Mon Dec 13 11:45:19 2004 From: dave at dave.com (Dave) Date: Mon Dec 13 11:50:02 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: Do you know how to REJECT it at the SMTP level with Microsoft IIS SMTP? I am using GFI MailEssentials that uses DNS Blacklisting. They report that the message is accepted at the SMTP level then passed to the GFI program. My guess is that this is the reason why my SPAM has increased 3 fold, since I started using their Anti-SPAM software. I have a bad feeling that I will not be able to REJECT it like you suggest. DAve Here is an email from their support desk. ---------------------------- The NDR is sent out when the email has already been received and picked up by MailEssentials and processed. The email is first received by the SMTP server of IIS, which then forwards it to MailEssentials. MailEssentials processes this email and if it is blocked as SPAM the NDR is sent out. For the Mail to be processed by MailEssentials, it has to be first received and accepted by the IIS smtp server. regards Alex Mallia Support department- support@gfi.com ------------------ "Steven Maesslein" wrote in message news:slrncroiua.1lq.nobody@127.0.0.1... > On Fri, 10 Dec 2004 12:46:41 -0500, Dave coughed into spamcop and left > this in : > >> I am receiving over 60k DNS blacklisted emails per day. My mail >> server is sending out NDR's for each one of them. Will excessive NDR >> emails have me blacklisted by SpamCop? > > Quite likely, yes. > > All it takes is a spammer sending you a spam "from" the address of a SC > spam trap, and your NDR will go to that spam trap, thus getting you > listed. > > If you know that the source of an e-mail is blackisted then don't accept > the mail in the first place. REJECT it at the SMTP stage, don't BOUNCE > it. Under any circumstances. All you will do is contribute to the abuse > of/on the 'Net. > > -- > Steve > > If there are only two shows worth watching, they will > be on together. From nobody at nowhere.invalid Mon Dec 13 18:17:13 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 13 12:20:11 2004 Subject: [SpamCop-List] Re: NDR Recorders References: Message-ID: First of all, please don't top-post. On Mon, 13 Dec 2004 11:45:19 -0500, Dave coughed into spamcop and left this in : > Do you know how to REJECT it at the SMTP level with Microsoft IIS SMTP? Never EVER connect any Microsoft server directly to the 'Net. It's a recipe for disaster, as you're seeing right now. Stick a Unix (Linux or FreeBSD are fine) box running a real MTA such as Postfix, Exim or sendmail between the 'Net and your IIS SMTP box (what is that anyway, M$-Exchange or what?). Make sure the local user database is shared via LDAP or something similar so that the Unix MTA knows what local users are set up and can properly reject mail sent to non-existent users. The MTA can use DNSBLs to reject inbound mail from listed sources. Additionally, it can either reject or /dev/null inbound viruses. Furthermore, this initial filtering will cut down on your bandwidth costs (because you're no longer accepting the spam nor are you sending NDRs back to the purported senders of the spam that triggered them). Finally, you'll no longer need MailEssentials. In fact you'll probably find out that you no longer need the Micro$hit software at all, especially as IIS is also a disaster waiting to happen. My own webserver logs are about 80% full of crap related to infected IIS servers trying in turn to infect me. Please do something about this *YESTERDAY*. The "accept then generate a bounce" way of doing things *WILL* get you into trouble. -- Steve BOFH excuse #220: Someone thought The Big Red Button was a light switch From nobody at spamcop.net Mon Dec 13 13:00:56 2004 From: nobody at spamcop.net (Anti-Spam) Date: Mon Dec 13 13:10:09 2004 Subject: [SpamCop-List] Reporting to yahoo or hotmail Message-ID: Is it really worth copying reports to yahoo or hotmail addresses listed as admins for originating mail server (or zombie) or are these just harvester addresses? I have a vague recollection of certain yahoo addresses recurring frequently, although I don't know if it's just the same spam-friendly machine/ISP over and over. (Personally, I've been unchecking these as unreliable.) I suppose these may also be violations of hotmail or yahoo TOS, although I don't know if they'd appreciate the additional notification. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: time@uzgcsgc.com (generated by Webpoison) From wb8tyw at qsl.network Mon Dec 13 12:29:10 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Dec 13 13:30:03 2004 Subject: [SpamCop-List] Re: AOL: Client TOS Notification References: Message-ID: In article , "Gordon Hudson" writes: I assume that you are aware that AOL.COM is one of the largest dialup ISPs in the U.S. if they are not the largest? They cater to the users that are not computer literate. It is quite possible that these users only check their e-mail once a week, and probably will not even look at the date when they hit the report spam function. And unless AOL.COM is sending more spam reports from their users then the amount of spam that you admit came from your network, what you are seeing is backscatter from the incident that you admit to where essentially the spammer on your network mail-bombed AOL.COM, and you stated that this went on for over two hours. Judging from the comments in one of my broadband ISP internal forums by their other customers, every time that there is a multi-hop exploit of the main SMTP servers, or those SMTP servers relay or bounce viruses from a new outbreak, a few other U.S. based ISPs stop accepting mail from those address blocks until the admins at my broadband ISP convince them to remove them. At least two of those ISPs that quickly put up those blocks seems quite popular with a number of vocal users of my broadband ISP. And these are just the ones that managed to find the not well documented internal news groups. >From what it looks like on those forums, just one multi-hop spam run can take over a week to get cleaned up. > I have set up our mail server to bounce them to postmaster@aol.com with a > message that we do not accept spam reportes older than 48 hours. Depending on the wording of the message, AOL may take several actions. Blanket refusing of spam reports older than 24 hours may not get one that your users like once the message reaches a human. If you send them with a ticket number and marked as resolved prior to complaint being received, then they have no justification to be annoyed by your bouncing the old spam reports, and may be willing to negotiate some method of consolidating the reports. Rumor has it that AOL.COM has a representive that monitors the SPAM-L forum, and it may be possible to convince them they should consolidate or rate limit the spam reports from their users. But they may have the same problem that you have, where they can not easily change their systems. As I know nothing of your operation, and only a little about AOL, I have no idea of which of you are bigger. Spammers have changed what is needed to operate a commercial mail server network, and they will be attracted to any ISP that they can make a run through with an unlimited e-mail for even an hour or less. Several ISPs in the U.S. have put rate limiters on their SMTP mail servers just to make them unattractive to spammers, and that was done several years before the spam problem got this bad. This was done to stop multi-hop exploits from zombies and phished passwords, not for new sign-ups. I do not control any mail servers or blocking lists, I can only observe from the reports of others when their mail is rejected by anti-spam and anti-virus measures. In many cases I feel that the rejecting ISP is using improper methods, but I can not control that. I have seen that for some reason, the most costly and least effective incoming spam controls are preferred by many ISPs and their users instead of the ones that can be proven technically and statisticaly to be better and cheaper. So my recomendation is still to see what can be done to prevent that amount of spam to ever come from your network again. Obviously if this only happens a few times a year, then it would be of a lower priority, but in that case you should also be able to ride out the backscatter from when it happens. After all, you can not control what the other networks do, except as to if you will accept packets from them. It also appears that some spammers will target an ISP that has an anti-spam attitude in retaliation. After Earthlink won some court judgements from a spammer, they were attacked with a multi-hop exploit through their main mail servers, which seemed to be targetted specifically at getting those servers on blocking lists. No exact correlation was discovered, but the timing of the incident made it seem unlikely to be a coincidence. Usually spammers avoid multi-hop through an ISP's mail servers because of several reasons, including rate limiting, the output becomes blocked quickly, and the ISP moves quickly to stop the spammer's access and get the blocking removed. The spammers prefer to use open proxies where the ISPs were apparently putting the abuse reports on the low priority queue, and just passing the extra costs on to their customers, unless they find that an ISP is ignoring multi-hop spam. -John wb8tyw@qsl.network Personal Opinion Only From mfkmek820 at yahoo.com Mon Dec 13 09:35:12 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Mon Dec 13 13:40:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: "Mark K. Bilbo" wrote in message news:cpk58q$hgb$1@news.spamcop.net... >> What is it with these idiots? Of all the people *least interested in what > spam scum are peddling, it'd be people using services like Spamcop. > Spammers aren't just stupid, it's like they're in a contest of stupidity > and going for the gold. Ever hear of "revenge" and "up yours" or F^@*k you"? I think that is the message, not the actual idea of getting you to fall for the spamvertized stuff. Fred k From eddie at eddie.web Mon Dec 13 14:44:06 2004 From: eddie at eddie.web (eddie) Date: Mon Dec 13 14:45:24 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 07:28:57 -0600, Mark K. Bilbo scratched out the following: snip > What is it with these idiots? Of all the people *least interested in what > spam scum are peddling, it'd be people using services like Spamcop. > Spammers aren't just stupid, it's like they're in a contest of stupidity > and going for the gold... Most spammers are so stupid they simply don't know it. Does a fish know the water is salty? Just another case of "Been down so long, looks like up to me." Spammers roasting on an open fire ... I like the spamkiddies that write about "gnomic prices" From eddie at eddie.web Mon Dec 13 14:45:46 2004 From: eddie at eddie.web (eddie) Date: Mon Dec 13 14:50:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 09:35:12 -0900, Fred K scratched out the following: snip > Ever hear of "revenge" and "up yours" or F^@*k you"? I think that is the > message, not the actual idea of getting you to fall for the spamvertized > stuff. > > Fred k It's called "Spamkiddy rage." They have lost sight of their goal, which is exactly what we want to happen. From spammers_lie at pobox.com Mon Dec 13 20:17:03 2004 From: spammers_lie at pobox.com (Tom Betz) Date: Mon Dec 13 15:20:21 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: eddie wrote in news:pan.2004.12.13.19.45.46.516000@eddie.web: > On Mon, 13 Dec 2004 09:35:12 -0900, Fred K scratched out the > following: > > snip >> Ever hear of "revenge" and "up yours" or F^@*k you"? I think that is >> the message, not the actual idea of getting you to fall for the >> spamvertized stuff. >> >> Fred k > > It's called "Spamkiddy rage." They have lost sight of their goal, > which is exactly what we want to happen. I only saw one. I suspect more were attempted, but were caught in other traps I have that search the Received headers for listed IP addresses. Doubtless most of these are coming from IP space that is already blocklisted to hell and gone, so very few will get through. I know no more will get through from that Chinese source. From porpoise1954 at yahoo.co.uk Mon Dec 13 21:58:22 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 13 17:05:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: "Mark K. Bilbo" wrote in message news:cpk58q$hgb$1@news.spamcop.net... > On Mon, 13 Dec 2004 02:00:39 -0700, SpamCop Admin wrote: > >> The traffic is spam, so it should be reported, but with one caution. >> It's important that the spam not be confused with actual replies to our >> current reports. Replies to reports aren't spam and shouldn't be >> reported. > > Just got one myself via: > > 1046833788@reports.spamcop.net > > Wasn't sure what to do with it at first but I've reported it now. > > What is it with these idiots? Of all the people *least interested in what > spam scum are peddling, it'd be people using services like Spamcop. > Spammers aren't just stupid, it's like they're in a contest of stupidity > and going for the gold... Probably just trying to be annoying!!!! From nobody at spamcop.net Mon Dec 13 19:37:12 2004 From: nobody at spamcop.net (Miss Betsy) Date: Mon Dec 13 19:35:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: "Porpoise" wrote in message news:cpl3hg$5m1$1@news.spamcop.net... > > What is it with these idiots? Of all the people *least interested in what > > spam scum are peddling, it'd be people using services like Spamcop. > > Spammers aren't just stupid, it's like they're in a contest of stupidity > > and going for the gold... > > Probably just trying to be annoying!!!! I don't think that it is what is happening now (esp. with the ones from italy), but a long time ago, Jim Mertz deliberately spammed the report id of a few spamcop reports. I think that he was looking for a particular reporter, myself. Or maybe verifying reporter addresses. Obviously, they don't care because they are 'bullet proof' or perhaps the lists are for sale to those who are gullible enough to buy them. Miss Betsy From puoti at inwind.it Tue Dec 14 02:31:03 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Dec 13 20:35:03 2004 Subject: [SpamCop-List] 202.102.230.36 update Message-ID: Hello guys, the spammers are now rejecting connections from my IP, I hope from my entire ISP net block. Makes no difference, I can use (multiple) proxies (The philosophy is give them their own medicine), but what this means that if you run my spamvampire for a while they will blacklist your ISP's netblock If enough people will do this they will end up dropping connections from most major ISPs, and from most of their own customers, and will drive themselves out of business :-) If you don't know it the download link for my anti-202.102.230.36 spamvampire is http://www003.portalis.it/115/download/202.102.230.36.zip Ivan. p.s. If you want to go on at them with proxies please try and use proxies in hanaro space. From julian at mehnle.net Tue Dec 14 04:13:00 2004 From: julian at mehnle.net (Julian Mehnle) Date: Mon Dec 13 22:15:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam In-Reply-To: References: Message-ID: Hi SpamCop Admins, Don wrote: > It looks like a spammer is using a number generator to create reportID > numbers to be used with our @reports.spamcop.net address. > > For example, a recent spam was sent to 194356809 @ reports.spamcop.net > and forwarded to a user by us. > > Current reportID numbers are in the 1313340000 range now. You might want to modify the @reports.spamcop.net address scheme in the future so the localparts contain a cryptographic hash not unlike the Sender Rewriting Scheme (SRS) concept[1]. That way, the reports.spamcop.net MX could verify whether a given localpart is genuine, so the localparts would no longer be "guessable" by spammers. Of course this doesn't help against the "abuse@nic.it factor" and other such address leaking problems, but it's better than nothing. References: 1. http://www.libsrs2.org From nobody at nowhere.not Tue Dec 14 05:00:21 2004 From: nobody at nowhere.not (Robert Blair) Date: Tue Dec 14 00:05:06 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: On Mon, 13 Dec 2004 07:18:01 UTC, Garen Erdoisa wrote: > > It appears that spammers are using the "reply" email -- sending it to > > spamcop, to send spam. This spam *DID* come from ironport.com! > > > > Take a look at the reports: > > Here are some additional trackers with this same sort of abuse I just > reported. Occasionally I have received spam sent in reply to spamcop LART. I attribute it to the spammer getting the original spam report and then retaliating with spam. I just reported one yesterday and another today. The funny thing is that todays report had badreports@admin.spamcop.net (refuses to accept this type of report) but it did find the source of the spam and sent a LART. -- Robert Blair From ric.gates at bigsleep.org Tue Dec 14 05:42:08 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 00:45:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: On 12 Dec 2004 Fred K entered spamcop and left news:cpja4p$if$1@news.spamcop.net: > > "Mike Easter" wrote in message > news:cpj8st$vf4$1@news.spamcop.net... >> Fred K wrote: >> >> It belongs to the infected computer. In Anchorage AK. > > Mike > Other than pinging, and without the ISP doing anything, is there a way > I can send a message to the computer to let the owner know? > There's a good chance they don't have the RPC patch installed and you can send them a network message. I don't know how to do it, but it can't be too hard if the spammers can do it. But if your ISP is blocking that port you won't be able to anyway. -- | Ric From ric.gates at bigsleep.org Tue Dec 14 05:53:55 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 00:55:02 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: On 13 Dec 2004 Blammo entered spamcop and left news:Xns95BEDCE481D1Bblammo@216.154.195.61: > I don't know how to do it, but it can't be too hard if the spammers > can do it. net help send -- | Ric From nobody at spamcop.net Tue Dec 14 00:04:56 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 01:05:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On Fri, 10 Dec 2004 21:10:02 -0800, Ben wrote: >I actually got a spam that 'appeared' to be in compliance with >the "Can Spam" act. At the tail of the spam they had a section >that said "US Can Spam Compliance" where they posted a postal >address of both the company being advertised and the company who >was spamming for a fee; a phone number, a FAX number, their >"Customer Service" email address and a web address for "removal." > >Probably dubious but it appeared that they were trying to comply. >Since it was sent to my throwaway Hotmail account (knowing better) >I still tried their removal link. It claimed and promised that no more >"offers" will be sent to that address, although it will take 48 to >72 hours to process the request. > >It is the first time in a year I have seen an attempt to even >look like they were at least trying. Shortly after the CAN-SPAM Act went into affect, I received several compliant mailings. I unsubscribed from all of them and never received another mailing from any. As irritating as it is to unsubscribe (opt-out) from something you never asked for in the first place, that's the way the law is written. Blame your congress critters for the wording... In my experience watching this mess for the past year, I can say that every CAN-SPAM compliant spam has honored the unsubscribe request. Nothing even remotely similar to the ad has been received since. But, that says nothing of the flood of on-going spam that is NOT CAN-SPAM compliant... From nobody at spamcop.net Tue Dec 14 00:05:57 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 01:10:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On Fri, 10 Dec 2004 21:26:06 -0800, Tim McGraw wrote: >You should never be forced to unsubscribe from a list you never >subscribed to in the first place. I agree. However, that's the way the law was written. > >Most believe "unsub" links are a scam - even if the original sender >never emails you again, they often sell your address as "live" to many >other spammers. I suspect this may be the case, especially for those addresses from Florida or Louisiana... From ric.gates at bigsleep.org Tue Dec 14 06:08:35 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 01:10:19 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On 13 Dec 2004 Tom entered spamcop and left news:ad0tr0d7jt8tfu8903knkgk8ks9orkk9pp@4ax.com: > In my experience watching this mess for the past year, I can say that > every CAN-SPAM compliant spam has honored the unsubscribe request. > Nothing even remotely similar to the ad has been received since. > > But, that says nothing of the flood of on-going spam that is NOT > CAN-SPAM compliant... > Suppose: since they don't make any money off you, they make money selling your address. -- | Ric From nobody at spamcop.net Tue Dec 14 00:15:28 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 01:20:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On Sat, 11 Dec 2004 00:31:18 -0500, John E. Malmberg wrote: >Besides the contact information, can-spam has other requirements. True > >One is that the headers, routing information, and such must not be >misleading. Also true. Of those I mentioned, I could detect no spoofing of any kind had taken place. I ran the spam through spamcop and then cancelled it once I realized everything appeared (according to sc's parser) legitimate. > >It also may require that the sender not use misleading subjects or >misleading sending address. Likewise. Nothing was misleading about the e-mail. > >And I seem to recall that they are not allowed to harvest e-mail >addresses from the internet or purchase them from someone else who has >harvested them. Also true. However, some of that was as of the effective date of the law. If you could conclusively proove that an address had been "harvested" (and there were specifics regarding this), then you might have a valid complaint. However, there appears to be some loopholes in that particular area of the law... one being that there is nothing to prevent a spammer from sending spam to a "common" address, such as "info@" > >In short, the are very few ways that they can legitimately have your >e-mail address to spam and still be in compliance. Actually, there are quite a few. While harvesting addresses from a discussion forum like this is harvesting, as is crawling a web site, purchasing addresses from others who have legitimately collected an e-mail address is perfectly legitimate, as long as that site has not received a notice asking the address to be removed. That means that if someone does business with an internet company and provides an e-mail address, not only does the business have the right to send you notices, but they can also sell your address... At least, that's how I understand the law to be written. They cannot do this indefinitely, but they can in the six months following your last contact with them. > >And then there are very few networks that are not in sbl.spamhaus.org >that will allow a spammer to operate, and the only way to get around the >sbl.spamhaus.org is to use an open proxy or an open relay, or otherwise >have "misleading" headers. Those spammers using open relays/proxies are not compliant. Any means by which the sending party obfuscates their address or other required information is a clear violation of the provisions of the Act. From tmcgraw at spamcop.net Mon Dec 13 22:20:53 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 14 01:25:05 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Tom wrote: > Tim McGraw wrote: > >>You should never be forced to unsubscribe from a list you never >>subscribed to in the first place. > > I agree. However, that's the way the law was written. Under the letter of the law of CAN-SPAM, no business can send you something unless you have a prior relationship with them. From nobody at spamcop.net Tue Dec 14 00:20:52 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 01:25:24 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On Sat, 11 Dec 2004 09:23:52 -0800, Spam N Scams Reporter wrote: >One way to know is to unsubscribe with an account at spamgourmet.com or >something similar. You can create an address for each that will allow >you to know when that address is spammed. > I used Snakemail (er, Sneakymail, or whatever it was called) to unsubscribe to the legitimate-looking spam and never once was hit with any followup stuff. I was left with no other conclusion that they sender(s) were complying with the provisions of the Act. That doesn't say that those using that method are compliant now, only that those I unsubscribed from appeared to be compliant. Of course, that didn't stop me from reporting them, either (and I did, in each and every case). From nobody at spamcop.net Tue Dec 14 00:24:51 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 01:25:33 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: <5j1tr05tujbp8i000i8k7dvpbb2jpcnc89@4ax.com> On Sun, 12 Dec 2004 23:11:31 +0200, Anty Spam wrote: >I created a "free" mail acct, unsubscribed it in a so-called CAN SPAM >compliant spam. In a approximately 5 months I was receiving anything up to >70 mails a day - all spam from different domains. > >That proved my suspicions and what all good anti spam pages says . Case (and >account) closed. I don't doubt your experience. In those cases wherein I unsubscribed, I made sure all elements of the e-mail were valid. In other words, I didn't take anyone's word for it (and non of the spam messages claimed CAN-SPAM compliance). My experience suggested that they indeed were paying attention to the law. In each case, the ads looked to be legitimate in more than just the mailing. Whatever product they were pushing also had a ring of legitimacy to it, including its pricing. These were, in my opinion, legitimate mailings for legitimate products. But, there were less than five altogether, so that doesn't say much... From tmcgraw at spamcop.net Mon Dec 13 22:25:40 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 14 01:30:04 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Tom wrote: > Ben wrote: > >>It is the first time in a year I have seen an attempt to even >>look like they were at least trying. > > Shortly after the CAN-SPAM Act went into affect, I received several > compliant mailings. I unsubscribed from all of them and never received > another mailing from any. I receive dozens of "legit" e-newsletters. There was no change in the amount of legitimate mailings in my email box after CAN-SPAM. If a company had never had any business dealings with you they couldn't send you email under the law. > In my experience watching this mess for the past year, I can say that > every CAN-SPAM compliant spam has honored the unsubscribe request. > Nothing even remotely similar to the ad has been received since. But you really wouldn't know if they sold your address, would you? From ric.gates at bigsleep.org Tue Dec 14 06:41:56 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 01:45:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: On 13 Dec 2004 Blammo entered spamcop and left news:Xns95BEE16076692blammo@216.154.195.61: > On 13 Dec 2004 Tom entered spamcop and left > news:ad0tr0d7jt8tfu8903knkgk8ks9orkk9pp@4ax.com: > >> In my experience watching this mess for the past year, I can say that >> every CAN-SPAM compliant spam has honored the unsubscribe request. >> Nothing even remotely similar to the ad has been received since. >> >> But, that says nothing of the flood of on-going spam that is NOT >> CAN-SPAM compliant... >> > > Suppose: since they don't make any money off you, they make money > selling your address. > But now that I've read your other posts I see what you really mean by "compliant mailings", and I would be reluctant, but might unsubscribe, depending on how I think they got that address in the first place. -- | Ric From nospam at temporaryrelay002.ath.cx Tue Dec 14 07:48:14 2004 From: nospam at temporaryrelay002.ath.cx (Gingko) Date: Tue Dec 14 01:50:06 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: "SpamCop Admin" a écrit dans le message de news: j2mqr0dukvih7suadi9d2g8jfmschk0jj2@4ax.com... > Some users are getting spam via our "report reply" system that > translates the reporting address on SpamCop complaints to the user who > filed the report and then forwards the message to him. > I got about 10 of them since yesterday. What I find very surprising is that I have the "Forward only replies from sentient people" option checked in my Spamcop preferences. Does it mean that the spammer created a robot for answering the "confirmation email" ???? Gingko From nospam at temporaryrelay002.ath.cx Tue Dec 14 08:05:53 2004 From: nospam at temporaryrelay002.ath.cx (Gingko) Date: Tue Dec 14 02:10:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: Another thing : Some of these messages have the "@reports.spamcop.net" replaced by "@" in the "To" field (probably setting the real address in the "Bcc" field). .... but I cannot see the error in the log file of my SMTP server ??? Anyway, I am wondering, in this case, if the chosen ID numbers are always random ? Gingko From web at 3dresearch.com Tue Dec 14 02:08:30 2004 From: web at 3dresearch.com (web@3dresearch.com) Date: Tue Dec 14 02:10:20 2004 Subject: [SpamCop-List] Spammed by Spamcop (?) Message-ID: http://www.spamcop.net/sc?id=z702412369z537524f9cdf99b5203d4ce7f20f6ff95z Perhaps someone from Spamcop would look into this? jd From nobody at spamcop.net Mon Dec 13 23:20:47 2004 From: nobody at spamcop.net (Don Wannit) Date: Tue Dec 14 02:25:02 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Tim McGraw wrote: > Tom wrote: > >> Tim McGraw wrote: >> >>> You should never be forced to unsubscribe from a list you never >>> subscribed to in the first place. >> >> >> I agree. However, that's the way the law was written. > > > Under the letter of the law of CAN-SPAM, no business can send you > something unless you have a prior relationship with them. > I don't think that is correct. As far as I can tell from my repeated (bleary-eyed) reading of the convoluted legal-ese, a prior relationship between sender and recipient automatically exempts the email from sanctions or penalties under CAN-SPAM. A prior relationship is not required, as long as the other provisions of CAN-SPAM are followed (no obfuscation of sender, no fraud, a mechanism to "opt out" from further messages from that exact same sender [yeah, right], etc.) Short form: a business, or anyone, can send spam under CAN-SPAM even if they don't have a prior relationship with you. That's what the name of the law implies :-( But they have to give you a means to tell them that you don't want any subsequent email spam. If they are CAN-SPAM compliant, they won't send it, but their brother, their cousin, their second cousin, their neighbor's son, and their mother-in-law all will be able to send spam to you. Not to mention all the suckers who purchased the CD with your known-live email address on it. Oh, did I forget to mention that the aforementioned brother (and all) need not exist? Just that the spam email needs to be "sent" by them... Their lobbyists kicked our lobbyists' collective ass! [^ apostrophe appropriately applied] -- Don Wannit A paid SpamCop user since 1999 From mfkmek820 at yahoo.com Mon Dec 13 22:34:03 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Tue Dec 14 02:40:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Blammo" wrote in message news:Xns95BEDEE40E799blammo@216.154.195.61... > > net help send Could you elaborate please Fred k From nobody at spamcop.net Tue Dec 14 02:44:30 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Dec 14 02:45:04 2004 Subject: [SpamCop-List] Re: Spammed by Spamcop (?) References: Message-ID: See thread started by SpamCop Admin "ReportingID Spam" Miss Betsy From lefco at spamcop.net Mon Dec 13 23:47:10 2004 From: lefco at spamcop.net (Mike) Date: Tue Dec 14 02:50:03 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: I also have received about a dozen spams sent as replys to LARTS. From tmcgraw at spamcop.net Mon Dec 13 23:48:30 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 14 02:50:15 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Don Wannit wrote: > Tim McGraw wrote: >> Tom wrote: >>> Tim McGraw wrote: >>> >>>> You should never be forced to unsubscribe from a list you never >>>> subscribed to in the first place. >>> >>> I agree. However, that's the way the law was written. >> >> Under the letter of the law of CAN-SPAM, no business can send you >> something unless you have a prior relationship with them. > > I don't think that is correct. As far as I can tell from my repeated > (bleary-eyed) reading of the convoluted legal-ese, a prior relationship > between sender and recipient automatically exempts the email from > sanctions or penalties under CAN-SPAM. A prior relationship is not > required, as long as the other provisions of CAN-SPAM are followed > (no obfuscation of sender, no fraud, a mechanism to "opt out" from > further messages from that exact same sender [yeah, right], etc.) You are entirely correct, and boy was I wrong. > Their lobbyists kicked our lobbyists' collective ass! > [^ apostrophe appropriately applied] According to AP Style, but not Chicago Style :) From gospamming at yourdomain.invalid Tue Dec 14 07:59:46 2004 From: gospamming at yourdomain.invalid (D.Diaz) Date: Tue Dec 14 03:00:02 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Fred K" wrote in news:cpm565$rpc$1@news.spamcop.net: > > "Blammo" wrote in message > news:Xns95BEDEE40E799blammo@216.154.195.61... >> >> net help send > > Could you elaborate please > > Fred k > > net send "message" ...where can be the offender's NetBIOS name or IP address. If your message can get through, net send will end with no error. -- Daniel Diaz SpamCop User From skiwi at spamcop.net Tue Dec 14 00:11:19 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 03:15:27 2004 Subject: [SpamCop-List] yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? Message-ID: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? Educate me! :-) TIA... Greg... From ric.gates at bigsleep.org Tue Dec 14 08:16:12 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 03:20:04 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: On 13 Dec 2004 D.Diaz entered spamcop and left news:Xns95BF5B8CDC186xnddmxn@216.154.195.61: > If your message can get through, net send will end with no error. > Though if it did, they are probably getting plenty of messages already, and their computer would be rebooting every couple minutes, so it's probably not such a great suggestion after all. -- | Ric From mfkmek820 at yahoo.com Mon Dec 13 23:45:50 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Tue Dec 14 03:50:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 update References: Message-ID: "Ivan Leo Puoti" wrote in message news:cplfoo$ds5$1@news.spamcop.net... > > p.s. If you want to go on at them with proxies please try and use proxies > in hanaro space. Interestingly traceroute can't get to the site and spamvampire dies with no downloads and all failures. Fred k From mfkmek820 at yahoo.com Mon Dec 13 23:49:30 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Tue Dec 14 03:55:03 2004 Subject: [SpamCop-List] Re: IP Addresses References: Message-ID: "Blammo" wrote in message news:Xns95BF2DDD156Fblammo@216.154.195.61... > Though if it did, they are probably getting plenty of messages already, > and > their computer would be rebooting every couple minutes, so it's probably > not such a great suggestion after all. Knock on wood, but no virus email today. Maybe just maybe the ISP got to them. Time will tell. Fred k From nobody at nowhere.invalid Tue Dec 14 09:56:47 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 14 04:00:08 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Mon, 13 Dec 2004 07:28:57 -0600, Mark K. Bilbo coughed into spamcop and left this in : > Just got one myself via: > > 1046833788@reports.spamcop.net > > Wasn't sure what to do with it at first but I've reported it now. I've also just noticed that the spammer is evading SC's SpamAssassin scoring by using the whitelisted spamcop@devnull.spamcop.net as the MAIL FROM address in the SMTP envelope, thus making the spam end up with a SA score of about -80 instead of the 20 it'd normally have (and thus get diverted to held mail by those who use the SA scoring for that purpose). -- Steve It is impossible for an optimist to be pleasantly suprised. From mfkmek820 at yahoo.com Mon Dec 13 23:54:37 2004 From: mfkmek820 at yahoo.com (Fred K) Date: Tue Dec 14 04:20:02 2004 Subject: [SpamCop-List] Re: 202.102.230.36 update References: Message-ID: "Fred K" wrote in message news:cpm9eg$v0r$1@news.spamcop.net... > > "Ivan Leo Puoti" wrote in message > news:cplfoo$ds5$1@news.spamcop.net... >> 202.102.230.36 results in 404 error Fred k From porpoise1954 at yahoo.co.uk Tue Dec 14 10:03:35 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 14 05:16:31 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: "Don Wannit" wrote in message news:cpm48h$r44$1@news.spamcop.net... > Tim McGraw wrote: > > Oh, did I forget to mention that the aforementioned brother (and all) > need not exist? Just that the spam email needs to be "sent" by them... > > Their lobbyists kicked our lobbyists' collective ass! > [^ apostrophe appropriately applied] > Is that a "Catism"? From porpoise1954 at yahoo.co.uk Tue Dec 14 10:09:41 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 14 05:18:20 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. References: Message-ID: "Tom" wrote in message news:pn0tr09oei4313hkrn2gepr37v5de5if5f@4ax.com... > On Sat, 11 Dec 2004 00:31:18 -0500, John E. Malmberg wrote: > > > Those spammers using open relays/proxies are not compliant. Any means > by which the sending party obfuscates their address or other required > information is a clear violation of the provisions of the Act. > Of course we have at least one big advantage here...... even if they comply with *your* CAN_SPAM act, we can can still treat them as the vile spam they are because we are not constricted by *your* CAN_SPAM act. Which means as long as they keep sending them to us, we can keep reporting them..... Of course, if they had *any* intelligence, they would *know* that a .co.uk or .co.th or whatever is *not* a US address and that it's therefore pointless sending the spam to that address....... duh! From porpoise1954 at yahoo.co.uk Tue Dec 14 10:15:09 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 14 05:20:04 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? References: Message-ID: "sk1w1" wrote in message news:cpm777$tjq$1@news.spamcop.net... > yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, > etc finds it? > > Educate me! :-) > > TIA... > Greg... works alright here..... maybe your ISP has a block on it? From MikeE at ster.invalid Tue Dec 14 02:58:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 06:00:04 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? References: Message-ID: sk1w1 wrote: > yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual > Route, etc finds it? > > Educate me! :-) I find some very puzzling information at dnsstuff about yea-yea-yea.com First, we watch a strange sequence of its nameservice being both poor and inconsistent. My remarks inserted with DNS Lookup: yea-yea-yea.com A record Generated by www.DNSstuff.com How I am searching: Searching for yea-yea-yea.com A record at b.root-servers.net [192.228.79.201]: Got referral to B.GTLD-SERVERS.NET. [took 96 ms] Searching for yea-yea-yea.com A record at B.GTLD-SERVERS.NET. [192.33.14.30]: Got referral to ns1.gtnlc.com. [took 250 ms] Searching for yea-yea-yea.com A record at ns1.gtnlc.com. [221.5.251.213]: Timed out. Trying again. Searching for yea-yea-yea.com A record at ns1.gtnlc.com. [221.5.251.213]: Timed out. Trying again. Searching for yea-yea-yea.com A record at ns2.gtnlc.com. [222.222.51.108]: Timed out. Trying again. Searching for yea-yea-yea.com A record at ns2.gtnlc.com. [222.222.51.108]: Timed out. Trying again. Searching for yea-yea-yea.com A record at ns2.gtnlc.com. [222.222.51.108]: Timed out. Trying again. Searching for yea-yea-yea.com A record at ns1.gtnlc.com. [202.102.230.36]: Reports yea-yea-yea.com. [took 904 ms] That shows yea's nameservice repetitively timing out over and over again, until the IP of ns1 changes, and then it gives the answer of yea-yea-yea.com Answer: Domain Typ Clas TTL Answer yea-yea-yea.com. A IN 3600 202.102.230.36 yea-yea-yea.com. NS IN 3600 ns1.gtnlc.com. yea-yea-yea.com. NS IN 3600 ns2.gtnlc.com. yea-yea-yea.com. NS IN 3600 ns3.gtnlc.com. ns1.gtnlc.com. A IN 600 61.184.198.53 ns2.gtnlc.com. A IN 600 61.184.198.54 ns3.gtnlc.com. A IN 600 61.141.32.57 Make monospace for columns. Notice that the A records for the gtnlc ns1-3 are in the 61.x family, not the 202 or 222 families. Very strange. The root servers think those A records are different. I think an important player here is ns3, the stealth nameserver. A stealth nameserver is a nameserver that the domain nameservers know about, but the root servers don't. DNS Lookup: ns3.gtnlc.com A record Generated by www.DNSstuff.com How I am searching: Searching for ns3.gtnlc.com A record at g.root-servers.net [192.112.36.4]: Timed out. Trying again. Searching for ns3.gtnlc.com A record at h.root-servers.net [128.63.2.53]: Got referral to h.gtld-servers.net. [took 102 ms] Searching for ns3.gtnlc.com A record at h.gtld-servers.net. [192.54.112.30]: Got referral to ns1.gtnlc.com. [took 51 ms] Searching for ns3.gtnlc.com A record at ns1.gtnlc.com. [202.102.230.36]: Reports ns3.gtnlc.com. [took 1001 ms] Answer: Domain Typ Clas TTL Answer ns3.gtnlc.com. A IN 600 61.141.32.57 gtnlc.com. NS IN 600 ns1.gtnlc.com. gtnlc.com. NS IN 600 ns2.gtnlc.com. gtnlc.com. NS IN 600 ns3.gtnlc.com. ns1.gtnlc.com. A IN 600 61.184.198.53 ns2.gtnlc.com. A IN 600 61.184.198.54 Make monospace for columns. There's that 61.x vs 202.x discrepancy for the nameservice again. You see the same thing for the gtnlc itself. And if you want to see some really bizarre results, go look at the rDNS for 202.102.230.36. The rDNS is achieved by using 36.230.102.202.in-addr.arpa [the reverse IP + in-addr.arpa] and then getting the PTR for that. http://www.dnsstuff.com/tools/ptr.ch?ip=202.102.230.36 Depending upon who you ask, the rDNS for 202.102.230.36 is ns1.gtnlc.com They are doing some really weird stuff with their nameservice. Also see DNS Report for yea-yea-yea.com http://www.dnsreport.com/tools/dnsreport.ch?domain=yea-yea-yea.com -- Mike Easter kibitzer, not SC admin From ric.gates at bigsleep.org Tue Dec 14 11:17:00 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 06:20:30 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On 14 Dec 2004 Steven Maesslein entered spamcop and left news:slrncrtamf.nj.nobody@127.0.0.1: > I've also just noticed that the spammer is evading SC's SpamAssassin > scoring by using the whitelisted spamcop@devnull.spamcop.net as the MAIL > FROM address in the SMTP envelope, thus making the spam end up with a SA > score of about -80 instead of the 20 it'd normally have (and thus get > diverted to held mail by those who use the SA scoring for that purpose). > um, are you looking at X-SpamCop-Return-Path? -- | Ric From David1 at suescornerweb.com Tue Dec 14 06:46:20 2004 From: David1 at suescornerweb.com (David 1) Date: Tue Dec 14 06:50:20 2004 Subject: [SpamCop-List] so do I report this or not Message-ID: Tracking message source: 216.16.80.235: Routing details for 216.16.80.235 [refresh/show] Cached whois for 216.16.80.235 : abuse@iw.net Using abuse net on abuse@iw.net abuse net iw.net = postmaster@iw.net, abuse@iw.net Using best contacts postmaster@iw.net abuse@iw.net ISP has indicated spam will cease; ISP resolved this issue sometime after Tuesday, December 14, 2004 05:34:52 -0500 Message is 0 hours old 216.16.80.235 listed in dnsbl.njabl.org ( 127.0.0.9 ) 216.16.80.235 listed in dnsbl.njabl.org ( 127.0.0.9 ) 216.16.80.235 is an open proxy 216.16.80.235 not listed in query.bondedsender.org 216.16.80.235 not listed in iadb.isipp.com http://www.spamcop.net/sc?id=z702474228zc1cee96c210ba94893359fca8389ad06z From bar_n0ne at hotmail.com Tue Dec 14 15:47:53 2004 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 14 06:50:47 2004 Subject: [SpamCop-List] Re: Strangeness? spam gang(s) has fine tuned look-up delays to avoid SC look up? References: Message-ID: "Berny" wrote in message news:cphj43$v64$1@news.spamcop.net... > > "Mathew Hendry" wrote in message > news:nijmr05q2b7q3cd1vrsdplgbd6810git77@4ax.com... > > On Sat, 11 Dec 2004 17:40:08 +0400, "Berny" wrote: > > > > >I think there must be some good commercial Miltering software out there > that > > >is tagging onto spamvertized URLS that they are trying to get around. > > > > spamassassin 3.x checks against the http://surbl.org blacklists, which are > > fed indirectly by SpamCop reports. Given the wide use of spamassassin, and > > the high scores it assigns to surbl hits by default, there's a great > > incentive to spammers to avoid having their sites reported, even if > they're > > running on "bulletproof" hosts. > > > > -- Mat. > > > Well here's a partial list of "problem" sites: > SNIP my reportable web sites is probably less than 10% now, even refreshing the parse doesn't improve the catch and takes fooooreeeeveeer. Me thinks one or more spam gangs along with their hosters have figured out how to get enough delay to avoid being seen by SC, but not enough to over try the patience of the vicodin addicts with small penises and erectile disfunction looking for small bottles to hang in front of their license plates before they get too many points and lose their drivers license for going through red lights, and really need a cheaper mortgage from China so they can pay for everything they've been ordering. From MikeE at ster.invalid Tue Dec 14 04:37:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 07:40:05 2004 Subject: [SpamCop-List] Re: so do I report this or not References: Message-ID: David 1 wrote: spamcop.net/sc?id=z702474228zc1cee96c210ba94893359fca8389ad06z NO BODY Subject: so do I report this or not I do. I interpret it as a b0rken spam. Just because the spammer didn't do a good job of getting the payload to me doesn't mean that the mail wasn't unwanted and spam. The report will be going to the provider with the open proxy [socks4/5 port 559 recent evidence at dsbl] and maybe the provider will fix it before it spams 'better'. It is also spamcop listed, besides numerous other blocklists. Sometimes proxy spams get 'interrupted' in their process. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Tue Dec 14 06:38:06 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Dec 14 07:40:25 2004 Subject: [SpamCop-List] Re: so do I report this or not References: Message-ID: In article , David 1 writes: > Tracking message source: 216.16.80.235: > Routing details for 216.16.80.235 > [refresh/show] Cached whois for 216.16.80.235 : abuse@iw.net > Using abuse net on abuse@iw.net > abuse net iw.net = postmaster@iw.net, abuse@iw.net > Using best contacts postmaster@iw.net abuse@iw.net > ISP has indicated spam will cease; ISP resolved this issue sometime > after Tuesday, December 14, 2004 05:34:52 -0500 Sometimes, ISP lies. The major purpose of this flag is to prevent the ISP from receiving further reports for a limited amount of time (24 hours?). In the meantime, any reports you file _will_ count toward the SCBL DNSbl. So the question is, are _you_ going to take the ISP's word for this and decline to do anything further that would impeded their spam from going out ? I thought not. From wb8tyw at qsl.network Tue Dec 14 07:50:09 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Dec 14 07:55:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Tom wrote: > On Fri, 10 Dec 2004 21:26:06 -0800, Tim McGraw wrote: > >>You should never be forced to unsubscribe from a list you never >>subscribed to in the first place. > > I agree. However, that's the way the law was written. No, the law only requires the compliant senders to have an unsubscribe link, etc. It does not require that the user use it or that any mail server operator accept the spew. The service that the majority of my e-mail goes through has an official terms of service policy prohibiting unsubscribing from anything that the user did not subscribe to. The operators of that server will instead not accept spam from CAN-SPAM compliant "OPT-OUT" spammers. The CAN-SPAM law does not prohibit reporting CAN-SPAM compliant spam through spamcop.net or to the ISP's designated abuse desk, and does not prohibit DNSbls from listing sources of CAN-SPAM complaint spam. -John wb8tyw@qsl.network Personal Opinion Only From nobody at nowhere.invalid Tue Dec 14 14:20:02 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 14 08:25:10 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On Tue, 14 Dec 2004 11:17:00 +0000 (UTC), Blammo coughed into spamcop and left this in : > um, are you looking at X-SpamCop-Return-Path? No. I'm looking at this, which is inserted by *my* MTA which I trust: Return-Path: And this which is inserted by SC itself: X-SpamCop-Whitelisted: spamcop@devnull.spamcop.net X-Spam-Status: hits=-79.8 tests=FORGED_RCVD_HELO,HTML_10_20,HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,INFO_TLD,LONGWORDS,MIME_BOUND_DD_DIGITS, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF, MSGID_FROM_MTA_HEADER,SARE_OBFUENLARGE,UNIQUE_WORDS,URIBL_SBL, URIBL_SC_SURBL,URIBL_WS_SURBL,USER_IN_WHITELIST_TO version=3.0.0 ^^^^^^^^^^^^^^^^^^^^ SA is *not* running on my own server. -- Steve It is better for civilization to be going down the drain, than to be coming up it. From bomarc_com at spam.hotmail.nospam.com.use.spamcop.net Tue Dec 14 06:38:42 2004 From: bomarc_com at spam.hotmail.nospam.com.use.spamcop.net (Dan French) Date: Tue Dec 14 09:40:23 2004 Subject: [SpamCop-List] Re: Deputies: Spamers APPEAR to be sending email to /through spamcop References: Message-ID: The really annoying thing about these: They come through a Yahoo account. I don't know which technique Yahoo uses to determine if this type of email is spam: so do I report these as spam (to Yahoo) or not?!? If I report this is spam, will Yahoo then report all responses (esp. legitimate ones) as spam? Dan French "Dan French" wrote in message news:cpjf8q$3kj$1@news.spamcop.net... > Deputies > > It appears that spammers are using the "reply" email -- sending it to > spamcop, to send spam. This spam *DID* come from ironport.com! > > Take a look at the reports: > > http://www.spamcop.net/sc?id=z702031253z965a8b0d14b70df5a40458b4c248adcaz > http://www.spamcop.net/sc?id=z702031189zcc045a1d84ed7a3fa51167b35a090fc3z > From skiwi at spamcop.net Tue Dec 14 07:20:46 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 10:25:02 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yetVisual Route, etc finds it? In-Reply-To: References: Message-ID: Porpoise wrote: > "sk1w1" wrote in message > news:cpm777$tjq$1@news.spamcop.net... > >>yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, >>etc finds it? >> >>Educate me! :-) >> >>TIA... >>Greg... > > > works alright here..... maybe your ISP has a block on it? I meant I could 'see' it, but the Spamcop parser could not... sorry... From skiwi at spamcop.net Tue Dec 14 07:32:04 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 10:35:04 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yetVisual Route, etc finds it? In-Reply-To: References: Message-ID: Mike Easter wrote: > sk1w1 wrote: > >>yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual >>Route, etc finds it? >> >>Educate me! :-) > > > I find some very puzzling information at dnsstuff about yea-yea-yea.com > > First, we watch a strange sequence of its nameservice being both poor > and inconsistent. My remarks inserted with [snip] Thanks Mike! - educate me? I think I need to do a crash PhD in Spamology to get all this fully, but am I correct in assuming that this is all on purpose - i.e., they are doing all this so it doesn't quite break for the browsers that the spam recipients might use *but* does for any common tools, the Spamcop parser, etc? - obstification and all that? If yes, why bother? Spamcop URL reports can't be used punitively except by the URL owner's ISP - and the web site is in China so I am guessing their ISP's agent just ignores them... From MikeE at ster.invalid Tue Dec 14 08:35:58 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 11:40:18 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? References: Message-ID: sk1w1 wrote: > am I correct in assuming that > this is all on purpose - i.e., they are doing all this so it doesn't > quite break for the browsers that the spam recipients might use *but* > does for any common tools, the Spamcop parser, etc? - obstification > and all that? I don't know why/how their nameservice got itself into such a condition. It is very puzzling. I'm going to look at it some more today and see if it is still like that. If that were /my/ website/domainname I wouldn't want it to be like that. > If yes, why bother? Spamcop URL reports can't be used punitively > except by the URL owner's ISP - and the web site is in China so I am > guessing their ISP's agent just ignores them... -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 14 08:50:42 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 11:55:04 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? References: Message-ID: Mike Easter wrote: > I don't know why/how their nameservice got itself into such a > condition. It is very puzzling. I'm going to look at it some more > today and see if it is still like that. Now yea-yea-yea.com's nameservice is completely gone, ie unambiguous The roots agree on what the nameservers are, but that nameservice is gone. That is, the gtnlc.com situation is dead. ns1.gtnlc.com = 222.222.222.222 also ns2 At that IP, nothing happens. -- Mike Easter kibitzer, not SC admin From 9ucs5y001 at sneakemail.com Tue Dec 14 09:09:36 2004 From: 9ucs5y001 at sneakemail.com (DS) Date: Tue Dec 14 12:10:03 2004 Subject: [SpamCop-List] Re: 202.102.230.36 update References: Message-ID: "Fred K" wrote in message news:cpmb0j$er$1@news.spamcop.net... > > 202.102.230.36 results in 404 error It still up and running for me. I just downloaded 21.4MB of images. Also, see the new thread: "yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it?" that also has a new domain hosted at the wonderful 202.102.230.36 IP address. DS From ric.gates at bigsleep.org Tue Dec 14 18:33:49 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 13:35:15 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On 14 Dec 2004 Steven Maesslein entered spamcop and left news:slrncrtq42.q7.nobody@127.0.0.1: >> um, are you looking at X-SpamCop-Return-Path? > > No. > > I'm looking at this, which is inserted by *my* MTA which I trust: > > Return-Path: > Well, that is the return path, it did come from spamcop. That Return-Path: is added by vmx?.spamcop.net if you want to know the source, look at the X-SpamCop-Return-Path -- | Ric From mrichter at cpl.net Tue Dec 14 10:40:52 2004 From: mrichter at cpl.net (Mike Richter) Date: Tue Dec 14 13:45:08 2004 Subject: [SpamCop-List] Re: so do I report this or not In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > So the question is, are _you_ going to take the ISP's word for this > and decline to do anything further that would impeded their spam > from going out ? > > I thought not. I don't know - you are proposing punishing a good ISP for trying to do a good thing (terminate a spammer). Assuming that the ISP is telling the truth, he has taken the action he can under the TOS: warning the offender or actually pulling the plug. The problem is that the engine may keep turning for some time after the power is cut and, of course, for much longer if only a warning was issued that time. So the argument is: report again if you believe the ISP to be lying; report again if you suspect that the previous offense was only a warning; do not report if the ISP is credible. My own criterion is the time since the ISP said he was going to fix the problem. If it's long enough given the nature of the spam, I report; if it's too soon (my tolerance for porn is less than for Viagra), I give the ISP the benefit of the doubt. Mike -- mrichter@cpl.net http://www.mrichter.com/ From ric.gates at bigsleep.org Tue Dec 14 18:43:53 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Dec 14 13:45:22 2004 Subject: [SpamCop-List] Re: ReportingID Spam References: Message-ID: On 14 Dec 2004 Steven Maesslein entered spamcop and left news:slrncrtq42.q7.nobody@127.0.0.1: > SA is *not* running on my own server. > But you have a SpamCop mail account? If not I don't know how that got in there because I don't see Spamassassin headers in mine. -- | Ric From eddie at eddie.web Tue Dec 14 14:07:29 2004 From: eddie at eddie.web (eddie) Date: Tue Dec 14 14:10:05 2004 Subject: [SpamCop-List] Spoiled and dissolva ble lozenges for re al someone Message-ID: Truth in spamvertizing? But it gets better: "These tablets are merely like standard tablets but they are specially explicated to be soft and dissolvable under the clapper. The tablets is took up at the oral cavity and gets in the bloodstream straight instead of running through with the tummytum. This effects in a speedy much more mighty outcome which run up to 44 hours! " Leave my clapper out of this, please :) And my tummytum, too. But that mighty outcome sounds interesting From MikeE at ster.invalid Tue Dec 14 13:05:04 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 16:05:03 2004 Subject: [SpamCop-List] Re: so do I report this or not References: Message-ID: Mike Richter wrote: > So the argument is: report again if you believe the ISP to be lying; > report again if you suspect that the previous offense was only a > warning; do not report if the ISP is credible. This is the dsbl report history about the socks4/5 port 559 insecurity evidence Messages from this Host 2004/Sep/25 16:44:56 UTC (view message) socks5 2004/Sep/25 16:44:57 UTC (view message) socks4 2004/Nov/22 16:04:19 UTC (view message) socks4 2004/Dec/09 08:04:45 UTC (view message) socks4 2004/Dec/12 18:34:20 UTC (view message) socks4 This is the cmsa spam history bl.csma.biz listing info Spam and removal history for 216.16.80.235 (times in UTC): Thu Oct 21 19:44:44 2004 Received - Ambien is available now. Great prices cunningham Sun Oct 24 06:41:26 2004 Received - Order Rolex or other Swiss watches online Wed Nov 24 14:58:56 2004 Received - Order Rolex or other Swiss watches online Wed Nov 24 16:15:05 2004 Received - Italian Crafted Rolex from $75 to $275 - Free Ship I would say the provider doesn't get a ride. They need to take care of business better than that. -- Mike Easter kibitzer, not SC admin From PossumTrot at dont.spam.me Tue Dec 14 14:20:57 2004 From: PossumTrot at dont.spam.me (Possum Trot) Date: Tue Dec 14 17:25:27 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: I'd report it every time if I were receiving that spam. Based on the You Can Spam Act, they don't have a leg to stand on. You have no prior business relationship with the spammer, hence any mail from them is spam. IMHO,and IANAL. "Sven Golly" wrote in message news:cpnk7n$q83$1@news.spamcop.net... > Well here's another one for the books. > > When you sign up for a Getty Images (big stock photo agency) account, you > can opt out of promotional emails -- which I did. > > HOWEVER, what they don't tell you unless you read the fine print in their > "Privacy Policy" (which is really a "how we're going to use your info in > ways you never dreamed of" policy), is that they are still free to > disclose your info to third parties. > > When I recently received an email with a "jangomail" source requesting I > take a survey on stock imagery, it looked like yet another spam. I had > never done any business with Jangomail or their customer, Benenson > Strategy Group or disclosed my email to them > > So I filed a spam report. Lo and behold, Jangomail replies that it really > wasn't spam because of above No Privacy Policy. > > Here are the operative parts of Getty's No Privacy Policy... > > How We Use Your Information > The information collected online is stored indefinitely and is used for > various purposes, including processing your transactions, customer > service, product and service development, direct marketing and marketing > analysis, facilitating your use of this website, and customizing your > image selection to your particular interests. The information we collect > may be shared with our subsidiaries, agents, third party content > providers, affiliates, and selected other entities for similar purposes. > For example, when you fill out an online registration form on a Getty > Images website you are automatically registered on a number of Getty > Images visual content provider websites. That is, your user name and > password are carried across these sites, allowing you to use the same > name and password to sign in (although you will still be required to > enter billing information to make purchases on those sites). > > In addition, unless you opt out of receiving promotional materials from > Getty Images, we may notify you of special promotions, new products or > services, or other information that may be of interest. (See Opting Out > section, below.) > > Opting Out > If you do not want to receive promotional information from Getty Images, > you can opt out by un-checking the appropriate box on your online > registration form, or in the event an online registration form is not > available, by notifying your account executive. If you did not opt out > when you registered, and later decide that you are not interested in > receiving this information, you can opt out at any time by sending an > email to sales@gettyimages.com or speaking with your account executive. > Please note that if you opt out of receiving promotional material from > Getty Images, you still may receive such material from our worldwide > subsidiaries, third party content providers, affiliates and other parties > to whom we provide your information in the course of doing business, as > explained above." > > See: > > http://creative.gettyimages.com/source/home/privacy.aspx > > So does anyone else think this may be a violation of even the > pathetically weak CANSPAM?? > > -- > Sven Golly > Trolling as usual > Remove the _ to reply From nobody at spamcop.net Tue Dec 14 16:17:29 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 14 17:50:04 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: "Sven Golly" wrote in message news:cpnk7n$q83$1@news.spamcop.net... > Well here's another one for the books. > > When you sign up for a Getty Images (big stock photo agency) account, you > can opt out of promotional emails -- which I did. > > HOWEVER, what they don't tell you unless you read the fine print in their > "Privacy Policy" (which is really a "how we're going to use your info in > ways you never dreamed of" policy), is that they are still free to > disclose your info to third parties. > > See: > > http://creative.gettyimages.com/source/home/privacy.aspx > > So does anyone else think this may be a violation of even the > pathetically weak CANSPAM?? > No I don't think it's a violation of CAN-SPAM -- the privacy policy is clear that they are going to share your email address with everyone and anyone they chose to share it with. Ellen From nobody at xyzzy.claranet.de Wed Dec 15 00:02:23 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 14 18:05:03 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: <41BF70FF.377@xyzzy.claranet.de> Ellen wrote: > I don't think it's a violation of CAN-SPAM It would be illegal in the EU. > they are going to share your email address with everyone and > anyone they chose to share it with. Of course they are free to publish that they are criminal scum. Bye, Frank From nobody at spamcop.net Tue Dec 14 17:55:06 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 14 18:10:03 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: > > > "Sven Golly" wrote in message > news:cpnk7n$q83$1@news.spamcop.net... > > Well here's another one for the books. > > > > When you sign up for a Getty Images (big stock photo agency) account, you > > can opt out of promotional emails -- which I did. > > > > See: > > > > http://creative.gettyimages.com/source/home/privacy.aspx > > "Possum Trot" wrote in message news:cpnp6d$u7c$1@news.spamcop.net... > I'd report it every time if I were receiving that spam. Based on the You > Can Spam Act, they don't have a leg to stand on. You have no prior business > relationship with the spammer, hence any mail from them is spam. IMHO,and > IANAL. And that would be *wrong* to report those emails because if someone signs up at a website they are supposed to have read the privacy policy and understood it and by signing up they have agreed to it. Please bottom post. From Merlyn at Spamcop.net Tue Dec 14 18:17:40 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Dec 14 18:20:03 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: "Ellen" wrote in message news:cpnrr2$kn$1@news.spamcop.net... > > >> >> >> "Sven Golly" wrote in message >> news:cpnk7n$q83$1@news.spamcop.net... >> > Well here's another one for the books. >> > >> > When you sign up for a Getty Images (big stock photo agency) account, > you >> > can opt out of promotional emails -- which I did. >> > >> > See: >> > >> > http://creative.gettyimages.com/source/home/privacy.aspx >> > > > "Possum Trot" wrote in message > news:cpnp6d$u7c$1@news.spamcop.net... >> I'd report it every time if I were receiving that spam. Based on the You >> Can Spam Act, they don't have a leg to stand on. You have no prior > business >> relationship with the spammer, hence any mail from them is spam. >> IMHO,and >> IANAL. > > > And that would be *wrong* to report those emails because if someone signs > up > at a website they are supposed to have read the privacy policy and > understood it and by signing up they have agreed to it. > > Please bottom post. > I believe there is a fine line there. As far as Spamcop goes that's fine. The third party thingy never ends though. Every spammer sells lists to every other spammer and that's what personal blocklists are made for :-) The way I opt-out is by adding everyone to our blocklists. It works great! -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From tmcgraw at spamcop.net Tue Dec 14 15:53:50 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 14 18:55:04 2004 Subject: [SpamCop-List] [media] Judge rejects Maryland spam law Message-ID: ROCKVILLE, Md. (December 14) -- Judge Durke Thompson has ruled that Maryland's tough anti-spam law is unconstitutional because it seeks to regulate commerce outside the state's borders. http://www.nbc4.com/news/3995205/detail.html From skiwi at spamcop.net Tue Dec 14 15:58:04 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 19:00:04 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yetVisual Route, etc finds it? [another] In-Reply-To: References: Message-ID: sk1w1 wrote: > Mike Easter wrote: > >> sk1w1 wrote: >> >>> yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual >>> Route, etc finds it? >>> >>> Educate me! :-) >> >> >> >> I find some very puzzling information at dnsstuff about yea-yea-yea.com >> >> First, we watch a strange sequence of its nameservice being both poor >> and inconsistent. My remarks inserted with > > > [snip] > > Thanks Mike! - educate me? I think I need to do a crash PhD in Spamology > to get all this fully, but am I correct in assuming that this is all on > purpose - i.e., they are doing all this so it doesn't quite break for > the browsers that the spam recipients might use *but* does for any > common tools, the Spamcop parser, etc? - obstification and all that? > > If yes, why bother? Spamcop URL reports can't be used punitively except > by the URL owner's ISP - and the web site is in China so I am guessing > their ISP's agent just ignores them... and another with the same MO redirtecting to the same site - s-e-x-club.com/ora/enter.php From MikeE at ster.invalid Tue Dec 14 16:00:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 19:05:08 2004 Subject: [SpamCop-List] Re: [media] Judge rejects Maryland spam law References: Message-ID: Tim McGraw wrote: > > Maryland's tough anti-spam law is unconstitutional "Laws in California and Washington were declared unconstitutional on grounds similar to Thompson's ruling in Maryland. However, higher courts overturned those decisions." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 14 16:13:59 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 14 19:15:05 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? [another] References: Message-ID: sk1w1 wrote: > and another with the same MO redirtecting to the same site - > s-e-x-club.com/ora/enter.php Yep, that's the same style flakey nameservice Domain Typ Clas TTL Answer s-e-x-club.com. A IN 3600 202.102.230.36 s-e-x-club.com. NS IN 3600 ns1.97maranga97.biz. s-e-x-club.com. NS IN 3600 ns2.97maranga97.biz. s-e-x-club.com. NS IN 3600 ns3.97maranga97.biz. ns1.97maranga97.biz. A IN 600 61.184.198.53 ns2.97maranga97.biz. A IN 600 61.184.198.54 ns3.97maranga97.biz. A IN 600 61.141.32.57 monofonts for columns. Those are the 'wrong' IPs for those nameservers How I am searching: Searching for s-e-x-club.com A record at i.root-servers.net [192.36.148.17]: Got referral to J.GTLD-SERVERS.NET. [took 50 ms] Searching for s-e-x-club.com A record at J.GTLD-SERVERS.NET. [192.48.79.30]: Got referral to ns2.97maranga97.biz. [took 198 ms] Searching for s-e-x-club.com A record at ns2.97maranga97.biz. [199.17.67.104]: Timed out. Trying again. Searching for s-e-x-club.com A record at ns1.97maranga97.biz. [202.102.230.36]: Reports s-e-x-club.com. [took 501 ms] Those are the 'correct' IPs for those nameservers, the 199 & 202 -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Dec 14 19:26:48 2004 From: nobody at spamcop.net (Tom) Date: Tue Dec 14 20:30:03 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: On Tue, 14 Dec 2004 20:59:35 +0000 (UTC), Sven Golly wrote: >So does anyone else think this may be a violation of even the >pathetically weak CANSPAM?? Unfortunately, I don't think it is. Anyone can do anything with your e-mail address if you give it to them... The pathetic CAN-SPAM act reads in those cases as "I CAN-SPAM Act" From nobody at spamcop.net Tue Dec 14 21:09:36 2004 From: nobody at spamcop.net (Ellen) Date: Tue Dec 14 21:20:21 2004 Subject: [SpamCop-List] Re: 3rd party SPAM via Getty Images References: Message-ID: "Merlyn" wrote in message news:cpnsak$12v$1@news.spamcop.net... > > > > I believe there is a fine line there. As far as Spamcop goes that's fine. > The third party thingy never ends though. Every spammer sells lists to > every other spammer and that's what personal blocklists are made for :-) > > The way I opt-out is by adding everyone to our blocklists. It works great! > Oh I didn't mean to imply that I thought it was a good thing but I do think it is the responsibility of the person signing up to actually read the privacy policy and make an informed decision as to whether to sign up and have their address handed around or not sign up. It is beyind annoying to be bombarded with endless mail. As you say the "trusted vendors and partners" never ends in many cases and you can spend your life unsubbing. I hand out tagged addresses from a domain and then procmail them to reject when I get peeved. Ellen From skiwi at spamcop.net Tue Dec 14 20:10:20 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 23:15:03 2004 Subject: [SpamCop-List] Re: [media] Judge rejects Maryland spam law In-Reply-To: References: Message-ID: Mike Easter wrote: > Tim McGraw wrote: > >>>Maryland's tough anti-spam law is unconstitutional > > > "Laws in California and Washington were declared unconstitutional on > grounds similar to Thompson's ruling in Maryland. However, higher courts > overturned those decisions." In unrelated news - Judge Thompson' penis is bigger, he has a large amount of Nigerian cash (stained black) and he has had his first date with a horny housewife... From skiwi at spamcop.net Tue Dec 14 20:11:49 2004 From: skiwi at spamcop.net (sk1w1) Date: Tue Dec 14 23:15:17 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yetVisual Route, etc finds it? [another] In-Reply-To: References: Message-ID: Mike Easter wrote: > sk1w1 wrote: > >>and another with the same MO redirtecting to the same site - >>s-e-x-club.com/ora/enter.php > > > Yep, that's the same style flakey nameservice [snip] when I told the spammer to rotate, this is not quite what I had in mind... :-( From mrichter at cpl.net Tue Dec 14 21:50:42 2004 From: mrichter at cpl.net (Mike Richter) Date: Wed Dec 15 00:55:18 2004 Subject: [SpamCop-List] Re: so do I report this or not In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Richter wrote: > >>So the argument is: report again if you believe the ISP to be lying; >>report again if you suspect that the previous offense was only a >>warning; do not report if the ISP is credible. > This is the cmsa spam history > > bl.csma.biz listing info > Spam and removal history for 216.16.80.235 (times in UTC): > > Thu Oct 21 19:44:44 2004 Received - Ambien is available now. Great > prices cunningham > Sun Oct 24 06:41:26 2004 Received - Order Rolex or other Swiss > watches online > Wed Nov 24 14:58:56 2004 Received - Order Rolex or other Swiss > watches online > Wed Nov 24 16:15:05 2004 Received - Italian Crafted Rolex from $75 to > $275 - Free Ship > > > I would say the provider doesn't get a ride. They need to take care of > business better than that. I guess I'm more tolerant. A month without a spam report suggests that they shut down the first offenders (though two-plus days between them is suspicious). The second pair are variants from a single spammer, so appear to be one intruder shut down. (The pair also suggests reasonably good reporting.) Nearly four weeks to the next intruder leads me to believe that they're trying to be good guys, so I'd not report. OTOH, it's a personal judgement and I certainly wouldn't gripe if you wanted to inspire them to be quicker. Mike -- mrichter@cpl.net http://www.mrichter.com/ From SpamCopNews.5.myspamgobbler at spamgourmet.com Tue Dec 14 22:01:04 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Wed Dec 15 01:05:03 2004 Subject: [SpamCop-List] A reply from YesNIC Message-ID: Dear Sir, Thank you for contacting YesNIC. We will be in contact with the registrant and ask for the update of its WHOIS information. If the WHOIS information is not updated within the 48 hours time frame, we will hold the domain name and limit the use of it. Thank you. Kind Regards, YesNIC Support ------------ I don't recall hearing from them before. I changed my boilerplate for Whois Data Problem Reports a while back. It now includes the statement "Please deal with this appropriately. I'll check back in a couple of weeks to see, and file a Registrar Problem Report if it hasn't been dealt with." I have been busy with other things lately and haven't filed a report for a couple of weeks, so this is a late response, but at least they possibly are starting to pay attention??? We can only hope. Unfortunately, YesNIC doesn't bother to let me know which domain they are talking about. I guess it's time to look back through all my reports and pick out the YesNIC ones and have a look-see. Brian From nobody at devnull.spamcop.net Wed Dec 15 15:02:30 2004 From: nobody at devnull.spamcop.net (Patto) Date: Wed Dec 15 01:05:17 2004 Subject: [SpamCop-List] Doesn't find any links Message-ID: http://www.spamcop.net/sc?id=z702752620z7b5e7363ed03607f44ab098f0f0ff6f5z Many, many like this over the past few weeks; I don't know why SC isn't resolving any links? http://www.ullgetit.com/ is 221.5.250.105 Whois shows 221.5.128.0-221.5.255.255 to be CNCGroup with a reporting address of abuse@cnc-noc.net SC takes a 20 seconds wait, then proclaims Cannot resolve http://www.ullgetit.com/ No valid email addresses found, sorry! From SpamCopNews.5.myspamgobbler at spamgourmet.com Tue Dec 14 23:00:12 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Wed Dec 15 02:05:19 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Anti-Spam wrote: > Is it really worth copying reports to yahoo or hotmail > addresses listed as admins for originating mail > server (or zombie) or are these just harvester > addresses? I have a vague recollection of certain > yahoo addresses recurring frequently, although I > don't know if it's just the same spam-friendly > machine/ISP over and over. (Personally, I've been > unchecking these as unreliable.) > > I suppose these may also be violations of hotmail > or yahoo TOS, although I don't know if they'd > appreciate the additional notification. > > -- > Bring in the death penalty for repeat spammers. > Non-functional spambait addr: time@uzgcsgc.com > (generated by Webpoison) > I've had consistent success reporting Yahoo and Hotmail addresses used for domain registrations. Maybe it would work for this as well. The report address that I use for Hotmail is MSN Hotmail Technical Support abuse_en_sy at css dot one dot microsoft dot com . I always receive a personal reply from this address. For Yahoo, I haven't found anything better than abuse at yahoo , but they do take care of it, without saying what they actually do. I'm still not certain, after scanning through the TOS for Yahoo a few times, not seeing anything that prohibits using a Yahoo address from being used for this. I always give them evidence that it is a spammy domain. That is usually enough for them to nuke the account. It would take some extra work, but you could somehow use a 'personal' email address (i.e. spamgourmet.com) that will let you know if the address is a harvester. Brian From nobody at spamcop.net Wed Dec 15 00:12:57 2004 From: nobody at spamcop.net (Don Wannit) Date: Wed Dec 15 03:15:09 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: Porpoise wrote: > "Don Wannit" wrote in message > news:cpm48h$r44$1@news.spamcop.net... >>Their lobbyists kicked our lobbyists' collective ass! >> [^ apostrophe appropriately applied] >> > > > > Is that a "Catism"? Isn't that a rather catty comment? Zz's zZ's |\ z _,,,---,,_ /,`.-'`' _ ;-;;,_ |,4- ) )-,_..;\ ( `'_' '---''(_/--' `-'\_) From David1 at suescornerweb.com Wed Dec 15 06:15:51 2004 From: David1 at suescornerweb.com (David 1) Date: Wed Dec 15 06:20:14 2004 Subject: [SpamCop-List] Re: so do I report this or not In-Reply-To: References: Message-ID: Mike Richter wrote: > Mike Easter wrote: > >> Mike Richter wrote: >> snip > I guess I'm more tolerant. A month without a spam report suggests that > they shut down the first offenders (though two-plus days between them is > suspicious). The second pair are variants from a single spammer, so > appear to be one intruder shut down. (The pair also suggests reasonably > good reporting.) Nearly four weeks to the next intruder leads me to > believe that they're trying to be good guys, so I'd not report. > > OTOH, it's a personal judgement and I certainly wouldn't gripe if you > wanted to inspire them to be quicker. > > Mike Copy that, I thought that big red line was a hint from SC that they wanted you to wait but I notice that they still had it checked & ready David 1 From MikeE at ster.invalid Wed Dec 15 04:48:55 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 07:50:10 2004 Subject: [SpamCop-List] Re: Doesn't find any links References: Message-ID: Patto wrote: spamcop.net/sc?id=z702752620z7b5e7363ed03607f44ab098f0f0ff6f5z > > Many, many like this over the past few weeks; I don't know why SC > isn't resolving any links? The problem is with the nameservice for ullgetit. > http://www.ullgetit.com/ is 221.5.250.105 According to the root nameservers, the ns for ullgetit is ns1 & 2 dns30, but according to ns1.dns30.com, the nameservice is ns1 & 2 standardtech, making them stealth. And, if you ask either dns30 for the IP for www, it repetitively times out. Except sometimes it answers. The DNS Report for the domainname is Fail all over the place for the nameservice and the DNS timing is rated as F. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 15 08:54:12 2004 From: nobody at spamcop.net (Spamvireslayer) Date: Wed Dec 15 08:55:02 2004 Subject: [SpamCop-List] Fax spam-what should I do now? Message-ID: I have been getting fax spam (at a business fax) from a certain company who, unlike others, DOES list their website and physical address and phone in the ad-www.strongsys.com. I have emailed them and told them to stop, no response, just more spam. I have filed numerous complaints with the FCC, no response and no action, so when I got another one yesterday, I filed another FCC report, got their WHOIS info from Sam Spade (because the fax was pointing to a website), emailed their contact and their administrative contact at Network Solutions, and copied in the FCC. The company contact info was bad, it bounced (is there a penalty for that?), so I informed Network Solutions of that as well. Network Solutions replied: "On November 1, 1999, a three-judge panel of the U.S. Court of Appeals for the Ninth-Circuit ruled that Network Solutions has no responsibility or duty to police the rights of trademark owners concerning domain names. If the domain owner in question is conducting criminal activity we would ask you to defer to either the police or the proper authorities. Thank you for choosing Network Solutions." And THEN the arseholes had the nerve to send me a customer service survey, which I am tempted to report as spam.....but I won't. If the FCC won't do anything, the web host won't do anything, what else can I do to pressure them into stopping the garbage? From noemail at foo.bar Wed Dec 15 08:11:40 2004 From: noemail at foo.bar (Scott Jordan) Date: Wed Dec 15 09:15:03 2004 Subject: [SpamCop-List] Hotmail spam with non-hotmail return paths Message-ID: Does anyone have any experience with hotmail server spam which does not have a @hotmail.com address in the return path? An example header from several months ago is: Return-Path: Received: from hotmail.com (bay23-f10.bay23.hotmail.com [64.4.22.60]) by for Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 11 Sep 2004 18:24:52 -0700 Received: from 80.179.243.2 by by23fd.bay23.hotmail.msn.com with HTTP; Sun, 12 Sep 2004 01:24:51 GMT X-Originating-IP: [80.179.243.2] X-Originating-Email: [peterwhite@fsbinternationalbankplc.net] X-Sender: peterwhite@fsbinternationalbankplc.net Reply-To: princeyobo2002@yahoo.co.in From: "Prince Yobo" To: peterwhite@fsbinternationalbankplc.net Subject: confidential Date: Sun, 12 Sep 2004 02:24:51 +0100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Sep 2004 01:24:52.0064 (UTC) FILETIME=[4D638E00:01C49867] Hotmail tries to dodge it because it doesn't show a hotmail user as the originator. It's clearly coming from their servers. Moreover, the spammer domain shows that MSN is managing the dns: Domain Name: FSBINTERNATIONALBANKPLC.NET Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Name Server: PDOMNS1.MSN.COM Name Server: PDOMNS2.MSN.COM Status: ACTIVE Updated Date: 09-jul-2004 Creation Date: 09-jul-2004 Expiration Date: 09-jul-2005 Does anyone know what the story on these are? We've seen quite a few. Does anyone know what it takes to get hotmail/msn to address these? Thanks, ScottJ From MikeE at ster.invalid Wed Dec 15 06:14:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 09:15:25 2004 Subject: [SpamCop-List] Re: Fax spam-what should I do now? References: Message-ID: Spamvireslayer wrote: > I have been getting fax spam (at a business fax) from a certain ... called 'junk fax' or junx > company who, unlike others, DOES list their website and physical > address and phone in the ad-www.strongsys.com. I have emailed them > and told them to stop, no response, just more spam. I have filed > numerous complaints with the FCC, no response and no action, so when see the website http://www.junkfax.org/ among many other places > FCC won't do anything, the web host won't do anything, what else can > I do to pressure them into stopping the garbage? There is much better retaliation for junx than spam. If you really want to get into it, you can learn how to successfully sue them in small claims court and get $500 a pop or maybe trebled if you do it right. A pop is per fax item. If you don't want to really get into it yourself, there are attorneys who just *luv* settling with junxers. I used to hang out on a mailing list with anti-junxers, and some of the worst junxyard dogs [meanest, baddest, most successful in court] were non-attorneys who had honed their skills in small claims court. The majority of the mailing list participants were attorneys who like suing and settling with junxers, both the junx advertisers and the junx blasters. You can sue both; the advertiser and the blaster. Very few blast their own. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 15 06:33:51 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 09:35:05 2004 Subject: [SpamCop-List] Re: Hotmail spam with non-hotmail return paths References: Message-ID: Scott Jordan wrote: > Does anyone have any experience with hotmail server spam which does > not have a @hotmail.com address in the return path? My experience in the past has been to not be notifying hotmail about that which you should be notifying msn or microsoft about. They do not share the same abuse desk and they do not pass things on to each other. If you are confused over an issue, send it to all of them. The source IP is 64.4.22.60 rDNS bay23-f10.bay23.hotmail.com whose notify is abuse@microsoft.com The client looks like peterwhite@fsbinternationalbankplc.net fsbinternationalbankplc.net rDNS 65.54.132.254 whose notify is abuse@microsoft.com The other provider is 80.179.243.2 rDNS 80.179.243.2.ispeednet.net notify the .il Abuse-gilat@012.net.il and I would also add abuse@012.net.il & dnsreg@012.net.il and maybe throw in one or two more because of language postmaster@linux.goldenlines.net.il & postmaster@goldenlines.net.il Golden lines is the routing parent for gilat inetnum: 80.179.243.0 - 80.179.243.31 netname: Gilat-ART1822 route: 80.179.128.0/17 descr: Golden Lines I don't think it would hurt to add msn's and hotmail's abuse desks, but I personally think microsoft's is the one, especially since you've determined that hotmail isn't interested abuse@hotmail.com & abuse@msn.com [both doubtful] > Does anyone know what it takes to get hotmail/msn to address these? Get the right desk between hotmail, msn, & microsoft. -- Mike Easter kibitzer, not SC admin From noemail at foo.bar Wed Dec 15 09:02:31 2004 From: noemail at foo.bar (Scott Jordan) Date: Wed Dec 15 10:05:03 2004 Subject: [SpamCop-List] Re: Hotmail spam with non-hotmail return paths References: Message-ID: On Wed, 15 Dec 2004 06:33:51 -0800, Mike Easter wrote: > My experience in the past has been to not be notifying hotmail about > that which you should be notifying msn or microsoft about. They do not > share the same abuse desk and they do not pass things on to each other. > If you are confused over an issue, send it to all of them. > > The source IP is 64.4.22.60 rDNS bay23-f10.bay23.hotmail.com whose > notify is abuse@microsoft.com 10-4. abuse@microsoft.com has never given a first response to these. Some limited testing indicated that microsoft bounces them back to hotmail who claims to have no ownership. In some dialogs, hotmail has freely admitted that their servers sent the spam in the first place. There's been one speculative suggestion that while msn managed clients use the hotmail servers, hotmail doesn't have the authority to address malfeasance on the part of msn managed clients. Again, that's just a theory but it doesn't take a lot of imagination to see that this approach would have commercial benefits for msn. SJ From joegill at removethis Wed Dec 15 10:37:06 2004 From: joegill at removethis (Joe Gill) Date: Wed Dec 15 10:40:03 2004 Subject: [SpamCop-List] Re: United Airlines: Spamming a dead man. References: Message-ID: "Bob W." wrote in message news:responseguard-07BB76.20564604122004@news.cesmail.net... > [Spam in .spam] > Now, two weeks later, United Airlines append-spams me directly. > > The thing is the address being spammed in all three cases was formerly > someone else's. Unfortunately, the man has been dead for more than eight > years. > > EIGHT YEARS. > > While I have a connection at CheetahMail and just LART him, United hit > the address directly, so I LARTed a certain "Rich Perez" at UAL's CRM > domain... and explained how irresponsible email appending is, promising > to send the next LART to their upstream (if they have one). > > The clincher in all three cases is that the spew is *opt-out extortion > spam*. -> > So instead of being responsible, they demand that their recipients opt > out of the unwanted spew. > > Even if they're dead. > > I get the feeling email appending is about to make a very large addition > to the spam flood. > > -- > ...Bob W. I looked at the spam over in the other group and have these observations: 1) It REALLY looks like a member communication for the Frequent Flyer club aka "MileagePlus". 2) Email on MileagePlus is OPT-IN 3) I believe one of these scenarios happened! A) United 'recycled' the MileagePlus number the man WAS using, without fully cleaning out the account info! -or- B) Someone (another family member) recently took a flight on United (or a 'partner' airline), and used that number -or- C) Someone else gave United the wrong number for an upcoming flight and that triggered re-activation of the account. 4) If the email has the MileagePlus account number on it, you can try their web interface at https://www.ua2go.com/ci/Login.jsp I don't think this one is malicious spam, but rather, a system screw-up, or someone using the number again! Signed. Just a member of multiple FF clubs From mrichter at cpl.net Wed Dec 15 08:42:55 2004 From: mrichter at cpl.net (Mike Richter) Date: Wed Dec 15 11:45:06 2004 Subject: [SpamCop-List] Re: A reply from YesNIC In-Reply-To: References: Message-ID: Spam N Scams Reporter wrote: > "Please deal with this appropriately. I'll check back in a couple of > weeks to see, and file a Registrar Problem Report if it hasn't been > dealt with." One suggestion: Do not provide a time frame. "in a couple of weeks" implies lack of discipline, which may inspire the same from them. "I'll check back" is enough to put them on notice and may inspire them to get moving now, not some weeks from now. Mike -- mrichter@cpl.net http://www.mrichter.com/ From SpamCopNews.5.myspamgobbler at spamgourmet.com Wed Dec 15 08:45:29 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Wed Dec 15 11:50:03 2004 Subject: [SpamCop-List] Re: A reply from YesNIC In-Reply-To: References: Message-ID: Mike Richter wrote: > Spam N Scams Reporter wrote: > >> "Please deal with this appropriately. I'll check back in a couple of >> weeks to see, and file a Registrar Problem Report if it hasn't been >> dealt with." > > > One suggestion: Do not provide a time frame. "in a couple of weeks" > implies lack of discipline, which may inspire the same from them. "I'll > check back" is enough to put them on notice and may inspire them to get > moving now, not some weeks from now. > > Mike Good point. I was using that reference because they are 'supposed' to do it within 15 days IIRC. Brian From tmcgraw at spamcop.net Wed Dec 15 09:25:07 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Dec 15 12:30:04 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Spam N Scams Reporter wrote: > Anti-Spam wrote: > >> Is it really worth copying reports to yahoo or hotmail >> addresses listed as admins for originating mail >> server (or zombie) or are these just harvester >> addresses? > > I've had consistent success reporting Yahoo and Hotmail addresses used > for domain registrations. Maybe it would work for this as well. I tried once this year to report a hotmail address being used for domain registration. It happened at just about the same time hotmail outsourced tech support to India. The respondent had absolutely no idea what I was talking about. From tmcgraw at spamcop.net Wed Dec 15 09:32:40 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Dec 15 12:35:02 2004 Subject: [SpamCop-List] Re: so do I report this or not In-Reply-To: References: Message-ID: Mike Richter wrote: > Mike Easter wrote: > > > >> I would say the provider doesn't get a ride. They need to take care of >> business better than that. > > I guess I'm more tolerant. A month without a spam report suggests that > they shut down the first offenders (though two-plus days between them is > suspicious). The second pair are variants from a single spammer, so > appear to be one intruder shut down. (The pair also suggests reasonably > good reporting.) Nearly four weeks to the next intruder leads me to > believe that they're trying to be good guys, so I'd not report. > > OTOH, it's a personal judgement and I certainly wouldn't gripe if you > wanted to inspire them to be quicker. Sounds like an ISP playing whack-a-mole to me. From dfm2a3l0t2 at spymac.com Wed Dec 15 17:38:08 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Wed Dec 15 17:40:03 2004 Subject: [SpamCop-List] New trick? E-mail address in hashbuster text Message-ID: Full text in .spam. > simplicity ignorant coughing artichokes oscillator. diners > disqualify. clement undoes throttling, forfeited morose. animator facaded > pantomime feast embassy. concerns decade Hyman expense. Coffey doubtable > boarded negligible hobbyists audacity!! where was my e-mail address. I haven't seen this before, but of course that doesn't mean it's new. I munged it before putting it through SpamCop, just in case. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From SpamCopNews.5.myspamgobbler at spamgourmet.com Wed Dec 15 15:05:02 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Wed Dec 15 18:05:03 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Tim McGraw wrote: > Spam N Scams Reporter wrote: > >> Anti-Spam wrote: >> >>> Is it really worth copying reports to yahoo or hotmail >>> addresses listed as admins for originating mail >>> server (or zombie) or are these just harvester >>> addresses? >> >> >> I've had consistent success reporting Yahoo and Hotmail addresses used >> for domain registrations. Maybe it would work for this as well. > > > I tried once this year to report a hotmail address being used for domain > registration. > > It happened at just about the same time hotmail outsourced tech support > to India. The respondent had absolutely no idea what I was talking about. > Did you notice the hotmail address that I mentioned using? From tmcgraw at spamcop.net Wed Dec 15 15:07:26 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Dec 15 18:10:04 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Spam N Scams Reporter wrote: > Tim McGraw wrote: >> Spam N Scams Reporter wrote: >>> Anti-Spam wrote: >>> >>>> Is it really worth copying reports to yahoo or hotmail >>>> addresses listed as admins for originating mail >>>> server (or zombie) or are these just harvester >>>> addresses? >>> >>> I've had consistent success reporting Yahoo and Hotmail addresses >>> used for domain registrations. Maybe it would work for this as well. >> >> I tried once this year to report a hotmail address being used for >> domain registration. >> >> It happened at just about the same time hotmail outsourced tech >> support to India. The respondent had absolutely no idea what I was >> talking about. > > Did you notice the hotmail address that I mentioned using? Yup. Not the one I used. I'm not sure how you found that, but abuse at hotmail dot com did (cluelessly) respond. From SpamCopNews.5.myspamgobbler at spamgourmet.com Wed Dec 15 15:15:19 2004 From: SpamCopNews.5.myspamgobbler at spamgourmet.com (Spam N Scams Reporter) Date: Wed Dec 15 18:15:03 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Tim McGraw wrote: > Spam N Scams Reporter wrote: > >> Tim McGraw wrote: >> >>> Spam N Scams Reporter wrote: >>> >>>> Anti-Spam wrote: >>>> >>>>> Is it really worth copying reports to yahoo or hotmail >>>>> addresses listed as admins for originating mail >>>>> server (or zombie) or are these just harvester >>>>> addresses? >>>> >>>> >>>> I've had consistent success reporting Yahoo and Hotmail addresses >>>> used for domain registrations. Maybe it would work for this as well. >>> >>> >>> I tried once this year to report a hotmail address being used for >>> domain registration. >>> >>> It happened at just about the same time hotmail outsourced tech >>> support to India. The respondent had absolutely no idea what I was >>> talking about. >> >> >> Did you notice the hotmail address that I mentioned using? > > > Yup. Not the one I used. I'm not sure how you found that, but abuse at > hotmail dot com did (cluelessly) respond. > Actually, they found me. I received replies from that address so began using it. From tmcgraw at spamcop.net Wed Dec 15 15:21:07 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Dec 15 18:25:02 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: Spam N Scams Reporter wrote: > Tim McGraw wrote: >> Spam N Scams Reporter wrote: >> >>> Did you notice the hotmail address that I mentioned using? >> >> Yup. Not the one I used. I'm not sure how you found that, but abuse at >> hotmail dot com did (cluelessly) respond. >> > Actually, they found me. I received replies from that address so began > using it. Oops. My bad. Just searched - that was the address. I tried to tell them THREE TIMES that there was a whois that used a hotmail contact address and that was a violation of their TOS. Each and every response was, "the spam was not from our member." They had NO idea what I was talking about. From jay at Advertisnet.com Wed Dec 15 18:16:17 2004 From: jay at Advertisnet.com (JHT4) Date: Wed Dec 15 19:20:02 2004 Subject: [SpamCop-List] divulging spammer customer info to spamhaus Message-ID: The last couple days have been quite educational. Although I have been in business as advertisnet.com for 8 years w/o winding up on the RBLs, 2 days ago a serious spammer signed up for a dial up account and began his nasty business... This has happened before of course, and in our area, most of the time the spammers are newbies who have bought into a get rich quick email and dont understand thats its a bad thing until someone tells them so. So, on the 13th this guy signs up, on the 14th we get our first complaint and call him, he does not sound like the innocent user type so we cut his account. But, all is breaking loose in the meantime. Our mail servers loads are spiked, queues are going ballistic, and we dont understand why, or that its connected to the dial up spammer. Finally figure out that spamhaus has blocked us. We were sort of surprised that we received no notice because we are a spamhaus end user. (and yes, it resulted in us blocking mail to ourselves). So we respond to spamhaus that the user has been cut, but they refuse to lift the block until we reword the AUP verbage on our website (www.advertisnet.com) AND disclose the personal information that the spammer signed up with. Once we figured out we were on our own RBL services, we noticed that the spikes and loads were due to this users spam. It took us a little longer to figure out how to remove his backed up outgoing email from our queues, and so now we have a users who sends us an email saying http://maps.vix.com/rbl is blocking us. I cant seem to hit that website from a browser or with a dns lookup on maps.vix.com from http://www.dnsstuff.com. http://www.dnsreport.com shows some trouble there too. So I have 2 questions, 1) spamhaus says all ISPs divulge spammer personal information to them, and I should have no legal worries about doing so. Me, I wonder who could get sued if spamhaus publishes his info and someone goes over to his house and puts him in the hospital. (someone besides me ) We have always made the FBI obtain court orders to get personal info on child porn issues, which has happened about 4 times so far. 2) Has it occurred to the community of ISPs yet that these RBLs are somewhat out of control in the fight against spam? Perhaps it will when these nazis label you a jew and kill most of your email. One footnote, if any readers are still reading this far down, we named our ISP advertisnet.com because we were originally going to do web design, then changed our focus but not our name. If youve seen the name advertisnet before, it was probably because Ive posted to this forum a bit, not in your abuse inbox. We block outbound port 25 on all of our ips except known legit. mail servers. We are currently in the process of moving all dial up users to authenticated outbound email rather than use ip ranges. Sorry for the vent, Jay Teutenberg From nobody at spamcop.net Wed Dec 15 19:56:07 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Dec 15 19:55:03 2004 Subject: [SpamCop-List] Re: Fax spam-what should I do now? References: Message-ID: "Mike Easter" wrote in message news:cppgrh$vtq$1@news.spamcop.net... > If you really want to get into it, you can learn how to successfully sue > them in small claims court and get $500 a pop or maybe trebled if you do > it right. A pop is per fax item. If you don't want to really get into > it yourself, there are attorneys who just *luv* settling with junxers. My boss won't believe me that we could make money at it! I thought that it would be a good part time job for a law student, but the Law School I offered it to, has not contacted me either. I am still keeping them so I can have evidence. Miss Betsy From ben.de+SCnews at spamcop.net Wed Dec 15 17:02:33 2004 From: ben.de+SCnews at spamcop.net (Ben) Date: Wed Dec 15 20:05:03 2004 Subject: [SpamCop-List] Re: Dubious or legit? Claim of "Can Spam" Complience. In-Reply-To: References: Message-ID: I wrote: > Humm.. > > I actually got a spam that 'appeared' [I truncate my own blather] In any case; it still was spam. It was unsolicited which still makes it dubious whether or not they gave their ?contact credentials.? I am not going to call long distance and waste .15 cents to find out. From MikeE at ster.invalid Wed Dec 15 17:47:56 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 20:50:38 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: Just housekeeping the linewraps to make it easier to read JHT4 wrote: The last couple days have been quite educational. Although I have been in business as advertisnet.com for 8 years w/o winding up on the RBLs, 2 days ago a serious spammer signed up for a dial up account and began his nasty business... This has happened before of course, and in our area, most of the time the spammers are newbies who have bought into a get rich quick email and dont understand thats its a bad thing until someone tells them so. So, on the 13th this guy signs up, on the 14th we get our first complaint and call him, he does not sound like the innocent user type so we cut his account. But, all is breaking loose in the meantime. Our mail servers loads are spiked, queues are going ballistic, and we dont understand why, or that its connected to the dial up spammer. Finally figure out that spamhaus has blocked us. We were sort of surprised that we received no notice because we are a spamhaus end user. (and yes, it resulted in us blocking mail to ourselves). So we respond to spamhaus that the user has been cut, but they refuse to lift the block until we reword the AUP verbage on our website (www.advertisnet.com) AND disclose the personal information that the spammer signed up with. Once we figured out we were on our own RBL services, we noticed that the spikes and loads were due to this users spam. It took us a little longer to figure out how to remove his backed up outgoing email from our queues, and so now we have a users who sends us an email saying http://maps.vix.com/rbl is blocking us. I cant seem to hit that website from a browser or with a dns lookup on maps.vix.com from http://www.dnsstuff.com. http://www.dnsreport.com shows some trouble there too. So I have 2 questions, 1) spamhaus says all ISPs divulge spammer personal information to them, and I should have no legal worries about doing so. Me, I wonder who could get sued if spamhaus publishes his info and someone goes over to his house and puts him in the hospital. (someone besides me ) We have always made the FBI obtain court orders to get personal info on child porn issues, which has happened about 4 times so far. 2) Has it occurred to the community of ISPs yet that these RBLs are somewhat out of control in the fight against spam? Perhaps it will when these nazis label you a jew and kill most of your email. One footnote, if any readers are still reading this far down, we named our ISP advertisnet.com because we were originally going to do web design, then changed our focus but not our name. If youve seen the name advertisnet before, it was probably because Ive posted to this forum a bit, not in your abuse inbox. We block outbound port 25 on all of our ips except known legit. mail servers. We are currently in the process of moving all dial up users to authenticated outbound email rather than use ip ranges. Sorry for the vent, Jay Teutenberg -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 15 18:13:07 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 21:15:03 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: JHT4 wrote: > so now we have a users who sends us an email saying > http://maps.vix.com/rbl is blocking us. That's a mistake: "MAPS [SM] hosting agreement with Vixie Enterprises has expired and will not be renewed. As previously announced, the old maps.vix.com zones and other data are no longer supported and are invalid for any purposes." http://west1.mail-abuse.org/oldzones.html > 2) Has it occurred to the community of ISPs yet that these RBLs are > somewhat out of control in the fight against spam? So far, what I'm finding is that Advertisnet is listed in spamhaus SBL21925 as the /24 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21925 -- I have a sneaky suspicion that the listing may timeout in a couple of weeks if things stay clean, but I'm not on the inside track of what goes on at spamhaus. As a general rule, spamhaus is rather conservative, and so figuring out just how the whole /24 got listed is in process. So far I haven't found other listings of consequence. I found one minor one so far for 216.176.166.215 7of4.advertisnet.com -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 15 18:42:43 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 21:45:03 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: JHT4 wrote: > they refuse to > lift the block until we reword the AUP verbage on our website > (www.advertisnet.com) This doesn't look to me like a very good antispam AUP http://www.advertisnet.com/agreement.htm - Advertisnet Internet Services and Customer agree as follows: [...] I looked around for some guidelines; there are some at the links at this set of links http://spamlinks.openrbl.org/prevent-isps.htm -- Anti-Spam Best Practice for ISPs -- Acceptable Use Policies A couple of the many links there are dead, but I looked at this http://www.ripe.net/ripe/docs/spam.html Good Practice for Combating Unsolicited Bulk Email -- For an ISP to be effective in combating UBE, Best Practice is as follows. [...] and this http://www.spamhaus.org/aups.html Acceptable Use Policies ("AUP") -- "Smaller ISPs who have not yet implemented such clauses in their own AUPs will normally find that their upstream has and that they are bound by their upstream's AUP. Spammers now look for smaller ISPs without AUPs or with poor spam clauses." The following are specific anti-spam clauses from the AUPs of well known providers: [...] > AND disclose the personal information that the > spammer signed up with. I don't know exactly what your legal rights and responsibilities are about that, and how they could be 'adjusted' with the AUP. IANAL -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 15 22:13:00 2004 From: nobody at spamcop.net (Pop) Date: Wed Dec 15 22:15:19 2004 Subject: [SpamCop-List] Re: Fax spam-what should I do now? References: Message-ID: "Spamvireslayer" wrote in message news:cppfmj$v64$1@news.spamcop.net... |I have been getting fax spam (at a business fax) from a certain company who, unlike ... JUNK FAX is NOT the same as spam on the internet. There are definite, longstanding rules and penalties for what you describe. Since you know who this is apparently, there may actually be some money in it for you. Or, the sender could find himself sitting in front of bar(s), and not the kind that sell drinks. He is breaking a federal law. Try a Google Search on "junk fax" and then finesse it and you'll find lots of good info. It's not like email spam: it IS illegal. And it's federal law, not state law. If you want to see federal law, try fcc.gov and look for "junk fax"; it's technical to read, but it's there. And, it's expensive for the violator. Pop From MikeE at ster.invalid Wed Dec 15 19:24:40 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 22:25:04 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: Some other listings: Spamtrap evidence list for 216.176.166.220 smtp3.advertisnet.com at psbl; the 50 since Apr 23, only 2 recent http://psbl.surriel.com/listing?ip=216.176.166.220 Also in wsff. 216.176.166.214 mail.advertisnet.com old 2002 listing at dsbl for open smtp relay, as output for input 216.176.166.99 - that should be taken down at http://dsbl.org/removalquery 216.176.166.99 is on some other lists because of that old relaying. 216.176.166.210 smtp.advertisnet.com wsff http://dynamic.rfc1149.net/wsff.phtml -- Mike Easter kibitzer, not SC admin From none at domain.invalid Wed Dec 15 19:28:13 2004 From: none at domain.invalid (Anonymous) Date: Wed Dec 15 22:30:02 2004 Subject: [SpamCop-List] Re: A reply from YesNIC References: Message-ID: "Spam N Scams Reporter" wrote in message news:cpppnb$5dc$1@news.spamcop.net... > Good point. I was using that reference because they are 'supposed' to do > it within 15 days IIRC. I always put "We will continue to track the status of resolution of this issue." in my LARTS, send LARTs that are going to known spam-havens to ICANN, as well, and follow up on a weekly basis. So far, the fact that ICANN is notified right off the bat, and the fact that I keep checking with both the ISP/Registrar and ICANN has shown good results. Of course, ICANN is incredibly slow... I get back feedback forms from them asking about the status of domains I've reported 3-6 months prior. But, I guess that's good in a way, since if that domain is still resolving, the ISP or Registrar is obviously harboring the spammers. As an aside... does anyone have a contact for NameBay? I'm tracking the Russian Spam Gang aka Leo Kuvayev / Vladislav Khokholkov, and so far have found 776 domains associated with them... the great majority of them registered through NameBay. NameBay seems not to be reachable via email, and doesn't remove domains that have obviously falsified information. ICANN seems not to care too much that NameBay isn't doing its job, either. From MikeE at ster.invalid Wed Dec 15 19:50:50 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 22:55:04 2004 Subject: [SpamCop-List] Re: A reply from YesNIC References: Message-ID: Anonymous wrote: > As an aside... does anyone have a contact for NameBay? Namebay Monaco .aero, .biz, .com, .info, .name, .net, .org, .pro http://www.icann.org/registrars/accreditation-qualified-list.html Tel: 377 97 70 61 64 Email: cvitasse@namebay.com Besides oversight by icann, those domain names mean they are also 'overseen' by SITA, NeuLevel, Verisign, PIR, & RegistryPro. Also CORE, I think, from the bunchastuff up there. .aero, (restricted to certain members of the global aviation community) sponsored by Societe Internationale de Telecommunications Aeronautiques SC (SITA) .biz, (restricted to businesses), operated by NeuLevel .com, operated by Verisign Global Registry Services .info, operated by Afilias Limited .name, (restricted to individuals), operated by Global Name Registry .net, operated by Verisign Global Registry Services .org, operated by Public Interest Registry .pro, (restricted to licensed professionals) operated by RegistryPro -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 15 20:17:55 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 15 23:20:04 2004 Subject: [SpamCop-List] Re: A reply from YesNIC References: Message-ID: Mike Easter wrote: > Tel: 377 97 70 61 64 > Email: cvitasse@namebay.com That's Carole Vitasse. Some other names, no other addies came up. Update on attendees for Rome ICANN Meeting Namebay Mathieu Dierstein Namebay Patricia Husson Namebay Carole Vitasse Namebay Eric Lantonnet Namebay Vincent Chavannis Boris Fernandez Namebay Namebay 24 bd Princesse Charlotte - MC 98000 Monaco 00-377-97-70-61-64 Contact: Carole VITASSE cvitasse@namebay.com -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 16 08:45:53 2004 From: nobody at spamcop.net (nospam) Date: Wed Dec 15 23:50:03 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail References: Message-ID: in article cpqgt4$kvo$1@news.spamcop.net, Tim McGraw at tmcgraw@spamcop.net wrote on 12/16/04 3:21 AM: > Spam N Scams Reporter wrote: >> Tim McGraw wrote: >>> Spam N Scams Reporter wrote: >>> >>>> Did you notice the hotmail address that I mentioned using? >>> >>> Yup. Not the one I used. I'm not sure how you found that, but abuse at >>> hotmail dot com did (cluelessly) respond. >>> >> Actually, they found me. I received replies from that address so began >> using it. > > Oops. My bad. Just searched - that was the address. I tried to tell them > THREE TIMES that there was a whois that used a hotmail contact address > and that was a violation of their TOS. Each and every response was, "the > spam was not from our member." They had NO idea what I was talking about. > Same Reply I get every time for this type of TOS violation from BOTH Yahoo and Hotmail. Do you have some special boiler plate that gets the proper attention? From reader at invalid.invalid Thu Dec 16 03:13:40 2004 From: reader at invalid.invalid (Reader) Date: Thu Dec 16 00:15:02 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? [another] References: Message-ID: On Tue, 14 Dec 2004 16:13:59 -0800, Mike Easter wrote: > Yep, that's the same style flakey nameservice > > Domain Typ Clas TTL Answer > s-e-x-club.com. A IN 3600 202.102.230.36 > s-e-x-club.com. NS IN 3600 ns1.97maranga97.biz. > s-e-x-club.com. NS IN 3600 ns2.97maranga97.biz. > s-e-x-club.com. NS IN 3600 ns3.97maranga97.biz. > ns1.97maranga97.biz. A IN 600 61.184.198.53 > ns2.97maranga97.biz. A IN 600 61.184.198.54 > ns3.97maranga97.biz. A IN 600 61.141.32.57 > > monofonts for columns. Those are the 'wrong' IPs for those > nameservers Other DNS tricks pointing at 202.102.230.36, these ones by Cordoba Spain Spam Gang (whois on DNS providers and see Jeff G's post) http://forum.spamcop.net/forums/lofiversion/index.php/t3182.html http://www.spamcop.net/sc?id=z703066805z505e9da65c7b070a89e08c1c3fb4c3d6z Tracking link: http://ogthwsdcrryap.k5medical.com/ No recent reports, no history available Cannot resolve http://ogthwsdcrryap.k5medical.com/ ; <<>> DiG 9.3.0 <<>> @j.gtld-servers.net ogthwsdcrryap.k5medical.com ;; QUESTION SECTION: ;ogthwsdcrryap.k5medical.com. IN A ;; AUTHORITY SECTION: k5medical.com. 172800 IN NS ns1.hckdnc.com. k5medical.com. 172800 IN NS ns2.hckdnc.com. ;; ADDITIONAL SECTION: ns1.hckdnc.com. 172800 IN A 202.102.230.36 ns1.hckdnc.com. 172800 IN A 221.5.251.213 ns2.hckdnc.com. 172800 IN A 219.148.2.27 (dig: couldn't get address for 'ns1.hckdnc.com': not found) (using glue 202.102.230.36) ; <<>> DiG 9.3.0 <<>> @202.102.230.36 ogthwsdcrryap.k5medical.com ;; QUESTION SECTION: ;ogthwsdcrryap.k5medical.com. IN A ;; ANSWER SECTION: ogthwsdcrryap.k5medical.com. 3600 IN A 202.102.230.36 http://www.spamcop.net/sc?id=z703038062z274e90b58da5cf9f40938e896b666fb9z Tracking link: http://www.rqgyy.com/ No recent reports, no history available Cannot resolve http://www.rqgyy.com/ ; <<>> DiG 9.3.0 <<>> @j.gtld-servers.net www.rqgyy.com ;; QUESTION SECTION: ;www.rqgyy.com. IN A ;; AUTHORITY SECTION: rqgyy.com. 172800 IN NS ns1.manzan88.com. rqgyy.com. 172800 IN NS ns2.manzan88.com. ;; ADDITIONAL SECTION: ns1.manzan88.com. 172800 IN A 202.102.230.36 ns1.manzan88.com. 172800 IN A 221.5.251.213 ns2.manzan88.com. 172800 IN A 221.5.251.213 (dig: couldn't get address for 'ns1.manzan88.com': not found) (using glue 202.102.230.36) ; <<>> DiG 9.3.0 <<>> @202.102.230.36 www.rqgyy.com ;; QUESTION SECTION: ;www.rqgyy.com. IN A ;; ANSWER SECTION: www.rqgyy.com. 3600 IN A 202.102.230.36 http://www.spamcop.net/sc?id=z703066589zf802681b6be7de3461563a01fa3b5828z Tracking link: http://www.ohwyohwhy.com/2/vicodin.php?wid=200007 No recent reports, no history available Cannot resolve http://www.ohwyohwhy.com/2/vicodin.php?wid=200007 ; <<>> DiG 9.3.0 <<>> @j.gtld-servers.net www.ohwyohwhy.com ;; QUESTION SECTION: ;www.ohwyohwhy.com. IN A ;; AUTHORITY SECTION: ohwyohwhy.com. 172800 IN NS ns1.peiman.biz. ohwyohwhy.com. 172800 IN NS ns2.peiman.biz. (ns1 seems down, using ns2) ; <<>> DiG 9.3.0 <<>> @ns2.peiman.biz www.ohwyohwhy.com ;; QUESTION SECTION: ;www.ohwyohwhy.com. IN A ;; ANSWER SECTION: www.ohwyohwhy.com. 3600 IN A 202.102.230.36 From wb8tyw at qsl.network Thu Dec 16 00:34:36 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Dec 16 00:35:03 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail In-Reply-To: References: Message-ID: <2MOdnb1_A7Hwg1zcRVn-uA@adelphia.com> nospam wrote: >> >>Oops. My bad. Just searched - that was the address. I tried to tell them >>THREE TIMES that there was a whois that used a hotmail contact address >>and that was a violation of their TOS. Each and every response was, "the >>spam was not from our member." They had NO idea what I was talking about. >> > > Same Reply I get every time for this type of TOS violation from BOTH Yahoo > and Hotmail. Do you have some special boiler plate that gets the proper > attention? When hotmail abuse mis-handles a call, the reply I send goes to the microsoft.com abuse address as a copy. If the spammer is selling pirated copies of Microsoft software, make sure that you mention that. Microsoft then sends an auto-ack saying that I should have sent the request to the hotmail.com, which I reply to stating that hotmail is mishandling the issue. That usually gets a human involved to get the issue fixed, and things tend to improve. Hotmail also sends me surveys for at least 50 percent of the larts that I send to them, and apparently the pay for the abuse employees is heavily dependent on the results of those surveys. I find when I mention that mishandling the call will result in a bad feedback rating for the survey, it is never mishandled. That said, I have not had an issue with Hotmail obviously mishandling an abuse issue in well over a year. Yahoo has also seemed to developed a clue about terminating drop boxes for Nigerian 419 scammers. Of course the lart to them is CC: to the U.S. Secret Service address. So on the whole, I have not had an issue with either ISP's handling of larts. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Thu Dec 16 11:37:05 2004 From: nobody at spamcop.net (nospam) Date: Thu Dec 16 02:40:15 2004 Subject: [SpamCop-List] Re: Reporting to yahoo or hotmail References: <2MOdnb1_A7Hwg1zcRVn-uA@adelphia.com> Message-ID: in article 2MOdnb1_A7Hwg1zcRVn-uA@adelphia.com, John E. Malmberg at wb8tyw@qsl.network wrote on 12/16/04 9:34 AM: > nospam wrote: >>> SNIPPED > U.S. Secret Service address. > > So on the whole, I have not had an issue with either ISP's handling of > larts. I bet they have a message rule set up for your LARTS :) From gospamming at yourdomain.invalid Thu Dec 16 07:49:42 2004 From: gospamming at yourdomain.invalid (D.Diaz) Date: Thu Dec 16 02:50:03 2004 Subject: [SpamCop-List] Re: yea-yea-yea.com/nan/join.php "can't be resolved" - and yet Visual Route, etc finds it? [another] References: Message-ID: Reader wrote in news:pan.2004.12.16.05.13.38.204188@invalid.invalid: > Other DNS tricks pointing at 202.102.230.36, these ones by > Cordoba Spain Spam Gang (whois on DNS providers and see Jeff G's post) > http://forum.spamcop.net/forums/lofiversion/index.php/t3182.html > Maybe it's worth noting that each and every one of those WHOIS registrations is completely bogus. The person names look silly from a spanish point of view, the street names do not exist (and they are silly, too) and Cordoba is not a city in Sevilla's province but the capital city of the neighbour province. There are some totally bogus (impossible in Spain) phone numbers and the other legit-looking ones are probably handmade, too. If they work, they would probably be answered by some random & totally innocent people. -- Daniel Diaz SpamCop User From jay at Advertisnet.com Thu Dec 16 07:44:33 2004 From: jay at Advertisnet.com (JHT4) Date: Thu Dec 16 08:45:18 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: ----- Original Message ----- From: "Mike Easter" Newsgroups: spamcop Sent: Wednesday, December 15, 2004 8:42 PM Subject: Re: divulging spammer customer info to spamhaus > JHT4 wrote: >> they refuse to >> lift the block until we reword the AUP verbage on our website >> (www.advertisnet.com) > > This doesn't look to me like a very good antispam AUP > http://www.advertisnet.com/agreement.htm - Advertisnet Internet > Services and Customer agree as follows: [...] > > I looked around for some guidelines; there are some at the links at > this set of links > http://spamlinks.openrbl.org/prevent-isps.htm -- Anti-Spam Best > Practice for ISPs -- Acceptable Use Policies > > A couple of the many links there are dead, but I looked at this > http://www.ripe.net/ripe/docs/spam.html Good Practice for Combating > Unsolicited Bulk Email -- For an ISP to be effective in combating UBE, > Best Practice is as follows. [...] and this > http://www.spamhaus.org/aups.html Acceptable Use Policies ("AUP") -- > "Smaller > ISPs who have not yet implemented such clauses in their own AUPs will > normally find that their upstream has and that they are bound by their > upstream's AUP. Spammers now look for smaller ISPs without AUPs or with > poor spam clauses." The following are specific anti-spam clauses from > the AUPs of well known providers: [...] Well, of course I dont mind updating our AUPs, I will pass these links to my web guy. In practice, I dont think about AUPs that much. When spammers give us hell every so often, we deal with it without thinking too much about AUP verbage. Ive never had someone threaten to sue me because I cut their account for reasons not backed up in the AUP. I doubt spammers spend alot of time reading it either. >> AND disclose the personal information that the >> spammer signed up with. > > I don't know exactly what your legal rights and responsibilities are > about that, and how they could be 'adjusted' with the AUP. IANAL I dont see tons of ISPs replying to this saying 'we give out user info without court orders all the time with no problem', and its kind of pissed me off that these people try to bully this way, so Im considering putting a web page in our support section that blasts them as irresponsible and route the tech support back to the ISPs who use their bullshit service. There website says De-listing Criteria IPs are removed immediately from the SBL upon receipt of notification from the IP owner (Internet Service Provider) that the spamming activity has been terminated. In the case of known spam gangs however, where listings are often made preemptively based on the gangs past performance and history, an SBL listing will normally remain in place until the gang has been completely removed from the ISPs' network. Where we have a proven working relationship with any Internet Service Provider, the SBL team implicitly trusts the Internet Service Provider's Abuse Manager and will normally remove listings on the Abuse Manager's word. ----------------- We did notify SBL but they did not remove the block. Notice that the spamhaus verbage seems to be contradictory. The first sentance says they will immediately remove the block upon notification. The 2nd paragraph suggests that w/o the 'proven working relationship' the isp will not be trusted. Apparently subscribing to spamhaus and using it to block spam is not enough to be trusted as being on the side of anti-spam. Nowhere does their verbage state that ISPs must disclose spammer information, or any other information. Nor does it state that spamhaus must oversee and approve an ISPs AUP verbage. As far them being conservative, that wasnt my experience. The spammer on our network abused our authenticated outbound mail server 216.176.166.220, blocking our inbound mx machines was not called for. Jay > > -- > Mike Easter > kibitzer, not SC admin > From jay at Advertisnet.com Thu Dec 16 07:45:51 2004 From: jay at Advertisnet.com (JHT4) Date: Thu Dec 16 08:50:04 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: Mike sorry for the linewraps, hopefully this one is better.. ----- Original Message ----- From: "Mike Easter" Newsgroups: spamcop Sent: Wednesday, December 15, 2004 9:24 PM Subject: Re: divulging spammer customer info to spamhaus > Some other listings: > > Spamtrap evidence list for 216.176.166.220 smtp3.advertisnet.com at > psbl; the 50 since Apr 23, only 2 recent > http://psbl.surriel.com/listing?ip=216.176.166.220 Also in wsff. thanks, I requested delisting. > > 216.176.166.214 mail.advertisnet.com old 2002 listing at dsbl for open > smtp relay, as output for input 216.176.166.99 - that should be taken > down at http://dsbl.org/removalquery 216.176.166.99 is on some other > lists because of that old relaying. Dont understand that 'output for input' part, I think .99 was a ded customer ip block from a long time ago, not in use now. requested delisting for .214 and .99 even though I dont care about .99 > > 216.176.166.210 smtp.advertisnet.com wsff > http://dynamic.rfc1149.net/wsff.phtml Dont see anyway to delist from this one. > > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Thu Dec 16 09:14:23 2004 From: nobody at spamcop.net (NilsC) Date: Thu Dec 16 09:15:34 2004 Subject: [SpamCop-List] The parser don't find / resolve "hxxp://www.web-promo-max.com" @ 64.69.100.68 Message-ID: I had 3 emails from them today and The parser did not resolve the links to hxxp://www.web-promo-max.com @ 64.69.100.68. How do I find the abuse address to send a complaint? http://www.spamcop.net/sc?id=z703206703z77838e3ec4cc9be0c3dfbc92243596f4z http://www.spamcop.net/sc?id=z703206704z73beb92b90125efa626c81926789c226z http://www.spamcop.net/sc?id=z703206707z2f918024c0b70d43a9cb80db7afed270z *From: Want 37,500 hits Dying to get website traffic?* the answer to that are _NO_ but I'd like to kill theirs. Thanks for any help Nils From MikeE at ster.invalid Thu Dec 16 07:02:23 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 16 10:05:10 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: JHT4 wrote: > Well, of course I dont mind updating our AUPs, I will pass these links to my web guy. In practice, I dont think about AUPs that much. When spammers give us hell every so often, we deal with it without thinking too much about AUP verbage. Ive never had someone threaten to sue me because I cut their account for reasons not backed up in the AUP. I doubt spammers spend alot of time reading it either. The most common problem I read about in nanae is that providers 'can't' squash some spammer accounts easily for threat of being sued -- which is exactly what the contractual relationship of the AUP is all about. I don't think there is any doubt, from what I've read, that including good antispam verbiage in the AUP is an important part of any good antispam policy; and good antispam policy are essential for the life of a provider. You yourself are concerned about overstepping your legal rights or responsibilities regarding this information business. > De-listing Criteria http://www.spamhaus.org/sbl/sbl-rationale.html > We did notify SBL but they did not remove the block. I read that as there being a continuous spectrum; the worst case scenario is a spamhaven for gangs has no chance; the best is an optimal whitehat provider who gets delisted right away. Your situation is suboptimal because you don't have a good AUP, and some blocklisters have a different idea of your antispamming credentials than you have. My point isn't to argue that with you, just to say that my read on it is that the gray spectrum goes from white to black and you aren't being managed as lily white or coal black. I believe the 'plan' is to let the automatic delisting process work, and my theory is that that might take 2 weeks. I believe that if you had a good AUP so that you could be 'cooperative' about whatever it is that spamhaus wants to know about the spammer without breaking any common rules which a good AUP would permit, that future listings might be taken down quicker. I believe that some listings delist immediately, and some in 2, 5, or 14 days and that you are 14. > As far them being conservative, that wasnt my experience. The spammer > on our network abused our authenticated outbound mail server > 216.176.166.220, blocking our inbound mx machines was not called for. Like I say, I'm not inside the head of the spamhaus workers. Just hearing your side of the story doesn't give enough information about why the apparent immediate reaction was to block the /24 for 2 weeks, if in fact that's the way it is. Maybe they're trying to motivate you to develop a good AUP. I think that would be a good idea completely separate from this particular spamhaus issue. If you don't have a good AUP, then someday in the future you are going to find yourself caught between needing to get rid of some spammer/s, and your attorney telling you that you can't, and then you can't get off lists, and then you can't attract good customers, and then in order to survive you have to get in bed with spammers who can deal with being listed. You don't wnat to get on the slippery slope. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 16 07:12:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 16 10:15:03 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: JHT4 wrote: >> 216.176.166.214 mail.advertisnet.com old 2002 listing at dsbl for >> open smtp relay, as output for input 216.176.166.99 - that should be >> taken down at http://dsbl.org/removalquery 216.176.166.99 is on >> some other lists because of that old relaying. > > Dont understand that 'output for input' part, I think .99 was a ded > customer ip block from a long time ago, not in use now. requested > delisting for .214 and .99 even though I dont care about .99 By 'output for input' I meant that back in 2002, one could smtp transact with .99 and it would accept the mail for relaying and the item would go out the .214. And there's evidence for that. Nowadays there isn't an smtp server or port 25 at .99, or there wasn't when I checked. Even if you don't care about .99, if some spamhaus worker looks around and sees various IPs listed in various places, it makes you look like a gray hat or an 'incompetent' antispam provider. >> 216.176.166.210 smtp.advertisnet.com wsff >> http://dynamic.rfc1149.net/wsff.phtml > > Dont see anyway to delist from this one. One of the problems with getting on lists is that some lists are very hard to get off of. They aren't automatic for delisting and they don't allow the individual to just delist themselves. The more lists you get onto, the more trouble you are going to have getting off of them; and some people use other lists to make their own lists. The moral of that story is to follow as many guidelines as possible to avoid spam coming from your IPs so as to avoid getting listed in the first place. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 16 07:38:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 16 10:40:03 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: JHT4 wrote: > Mike sorry for the linewraps, hopefully this one is better.. Most likely you did your editing with something that introduced linewraps at about 80 or so, and then you pasted it into OE which introduced its own wraps at a shorter line, like low 70s. Or the longer linewraps could've been introduced by you manually while typing into OE, like working on a typewriter in the old days. Native OE is terrible about how it handles some citing and formatting issues. In this case it is likely configured to make a wrap at about 72-74, but if there's 'already' a wrap at 80 then you get shortlines. The first one introduced by OE, the next shortlined one present before OE got to it. I hate shortlines. I'm puzzling over why your headers have the line X-RFC2646: Format=Flowed; Original I don't think I know what causes that configuration for OE right now, but I have a feeling that OE's format flowed isn't the same as the 'standard' format flowed configuration. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 16 08:08:11 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 16 11:10:02 2004 Subject: [SpamCop-List] Re: divulging spammer customer info to spamhaus References: Message-ID: Mike Easter wrote: > I'm puzzling over why your headers have the line > > X-RFC2646: Format=Flowed; Original > > I don't think I know what causes that configuration for OE right now, > but I have a feeling that OE's format flowed isn't the same as the > 'standard' format flowed configuration. I'm barely learning that the OE6 sp2 has some kind of new format flowed 'feature' which is a disaster. As soon as I find out more about where it is configured, I'm sure I'm going to be saying to turn it off. Your OE is X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 16 09:27:32 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 16 12:30:13 2004 Subject: [SpamCop-List] Material change qx Message-ID: Does anyone think it would be a material change to a spam if the body were deleted and replaced with 'body deleted' or somesuch and the spamcop report were /not/ going to a provider who was requesting 'no mungeing'? The idea being to report spamsource only, to include no body for various reasons of efficiency, obscurity, and disinterest in spamcop reporting anything to the spamvertiser provider, typically a spamhaus or spews listed .cn or .kr. The reporter might prefer to notify about the providers for the spamvertiser in some 'non-spamcop' way; since spamcop notifies for spamvertisers only contribute to the sc-surbl anyway. One other current alternative to that would be to submit in the normal fashion and to manually uncheck all of the spamvertiser providers, but that strategy suffers from submitting 'unnecessary' and perhaps undesirable body information to the spamsource provider. Of course, the other side of that argument is that the body information serves as evidence of the spammishness of an item which is contributing to a spamsource listing. Another alternative would be to quickreport, which suffers from the disadvantage of inadequate oversight and still sends body to the spamsource provider. -- Mike Easter kibitzer, not SC admin From sgrayban at no-spam.borgnet.us Thu Dec 16 09:32:20 2004 From: sgrayban at no-spam.borgnet.us (Scott Grayban) Date: Thu Dec 16 12:35:03 2004 Subject: [SpamCop-List] wiltel and unicomp Message-ID: Does anyone know what is going on between Unicomp and Wiltel about the hijacked IP block? Scott reply to sgrayban AT borgnet.us -- I think I am an overnight sensation right now!! From Merlyn at Spamcop.net Thu Dec 16 12:55:19 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Dec 16 13:00:03 2004 Subject: [SpamCop-List] Re: wiltel and unicomp References: Message-ID: "Scott Grayban" wrote in message news:cpsgr5$pqm$1@news.spamcop.net... > Does anyone know what is going on between Unicomp and Wiltel about the > hijacked IP block? > > > > Scott > > reply to sgrayban AT borgnet.us > If you are talking about 209.41.64.0/18 then it has at least been marked Invalid by ARIN even though it is still active. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From agent01413 at my-deja.com Thu Dec 16 11:10:57 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Thu Dec 16 13:10:03 2004 Subject: [SpamCop-List] lottery spam Message-ID: I've started getting a few of those british lottery spams claiming fabulous winnings. Interesting that 8 different people have already reported receiving a notification with the identical ticket number and winning numbers associated with their email address, including such luminaries as Seth Breidbart and Karsten M. Self With the nigerian style 419 spam, I always copied 419.fcd [at] the Secret Service domain usss.treas.gov on my spam reports. Since these are also financial fraud, I thought of reporting them to the same folks, but I got no response to my query to them. What do people think? -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "The day Microsoft makes something that doesn't suck is probably the day that they start making vacuum cleaners."--Doc in alt.privacy From nobody at spamcop.net Thu