From 8vmb6jy02 at sneakemail.com Wed Sep 1 05:24:53 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Tue Aug 31 23:30:11 2004 Subject: [SpamCop-List] Re: Spam subject: Your internet sites are viewable by others! In-Reply-To: References: Message-ID: Eric wrote: > Well, duh! > Damn, who knew eh? -- Sean From windsorfoxNOSPAM at cox.net Wed Sep 1 00:21:51 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 1 00:25:07 2004 Subject: [SpamCop-List] Re: Kiddy Porno is back... In-Reply-To: References: Message-ID: Doug Thegarden wrote: > David Butler wrote: > >> Re: http://lol-review.hk.st/ (Administrator of network hosting website >> referenced in spam) >> To: kyeung@hkcix.com (Notes) >> To: cmwu#hkcix.com@devnull.spamcop.net (Notes) >> >> (see my notes in .routing for report correction >> Links to about three dozen HC kiddy porno, yuck >> >> http://66.195.126.34:8000/view.php?44 >> >> HOSTING APPEARS TO BE dimenoc.com, Using best contacts >> abuse@hostdime.com, >> they lease the space from Time Warner >> >> abuse@twtelecom.net >> >> > > Send it to http://www.iwf.org.uk who seem to be pretty hot on getting > this stuff shut down. > > Doug Obviously, as of now 11:26 8-31 it's daid. From 8vmb6jy02 at sneakemail.com Wed Sep 1 06:20:54 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Wed Sep 1 00:25:12 2004 Subject: [SpamCop-List] Re: For The Hunters - A RSG link In-Reply-To: References: Message-ID: Glenn Daniels wrote: > "JV" wrote in message > >>The Hunters NG server seems to be experiencing a DOS or some such >>unfortunate event. > Seems okay now. > > > ============================================================================ > ===================== > >>www.cashforclicks.com = [ 69.20.5.164 ] root web page (403 compliant) = download.owncasino.com (a comment yes but relevant). >> Domain Name: CASHFORCLICKS.COM >> Administrative Contact: >> Khokholkov Vlad vlad@email.com >> >> 2193 Commonwealth Ave 313 >> Brighton MA 02135 >> US >> 678 348 5003 >> Technical Contact: >> Khokholkov Vlad vlad@email.com >> >> 2193 Commonwealth Ave 313 >> Brighton MA 02135 >> US >> 678 348 5003 >> Record last updated 08-07-2003 12: 11: 52 AM >> Record expires on 09-28-2005 >> Record created on 03-30-2001 >> Domain servers in listed order: >> NS1.FRESHSTARTNET.COM >> NS2.FRESHSTARTNET.COM >> NS3.FRESHSTARTNET.COM > NS1.FRESHSTARTNET.COM 69.20.5.167 NS2.FRESHSTARTNET.COM 69.20.5.165 NS3.FRESHSTARTNET.COM 69.20.5.164 A Rackspace range (they have real US hosting now?) 69.20.0.0/17 Hmmmmmm Nameservers! (Something of a tangled web but this groups are a tangled web, data from nameservers for this group links back to lots of things). Nameservers are good! NS3.FRESHSTARTNET.COM 69.20.5.164 Trying that on http returned Forbidden You don't have permission to access / on this server. Apache/1.3.28 Server at download.owncasino.com Port 80 owncasino.com hmmm familiar! c:\>whois owncasino.com Whois Server Version 1.3 Domain Name: OWNCASINO.COM Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Whois Server: whois.directnic.com Referral URL: http://www.directnic.com Name Server: NS1.NEXTSTART.NET Name Server: NS2.NEXTSTART.NET Status: ACTIVE Updated Date: 15-jan-2004 Creation Date: 22-jan-2000 Expiration Date: 22-jan-2005 Registrant: Vlad K 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Domain Name: OWNCASINO.COM Administrative Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Technical Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Record last updated 08-15-2003 12:56:58 PM Record expires on 01-22-2005 Record created on 04-05-2001 Domain servers in listed order: NS1.NEXTSTART.NET 209.133.47.10 < madbonus.com NS2.NEXTSTART.NET 212.100.232.243 < ns2.ecashpay.com From cashforclicks.com c:\>whois freshstartnet.com (no host must be a nameserver domain only). Registrant: Vlad K 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Domain Name: FRESHSTARTNET.COM Administrative Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Technical Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Record last updated 08-05-2003 07:04:22 AM Record expires on 08-05-2005 Record created on 08-05-2003 Domain servers in listed order: NS1.FRESHSTARTNET.COM 69.20.5.167 NS2.FRESHSTARTNET.COM 69.20.5.165 NS3.FRESHSTARTNET.COM 69.20.5.164 c:\>whois nextstart.net Registrant: Intellect Businesses, Ltd 37 Corina Way Palo Alto, CA 94303 US 877 777 1916 Domain Name: NEXTSTART.NET Administrative Contact: Wilder, Hubert tal48@hotmail.com 37 Corina Way Palo Alto, CA 94303 US 877 777 1916 Technical Contact: Wilder, Hubert tal48@hotmail.com 37 Corina Way Palo Alto, CA 94303 US 877 777 1916 Record last updated 12-19-2003 04:14:39 AM Record expires on 08-05-2005 Record created on 08-05-2003 Domain servers in listed order: NS1.NEXTSTART.NET 209.133.47.10 NS2.NEXTSTART.NET 212.100.232.243 nslookup 209.133.47.10 Canonical name: madbonus.com Addresses: 209.133.47.10 09/01/04 04:49:57 dns 212.100.232.243 nslookup 212.100.232.243 Canonical name: ns2.ecashpay.com Addresses: 212.100.232.243 (See below) c:\>whois madbonus.com madbonus.com Registrant: Oyster Commerce, Ltd 63 Grange Road Sale, Cheshire M33 6RZ GB 44 870 224 8800 Domain Name: MADBONUS.COM Administrative Contact: Marco, Michelle domains@oystercommerce.com 63 Grange Road Sale, Cheshire M33 6RZ GB 44 870 224 8800 Technical Contact: Marco, Michelle domains@oystercommerce.com 63 Grange Road Sale, Cheshire M33 6RZ GB 44 870 224 8800 Record last updated 08-14-2003 07:08:41 AM Record expires on 09-11-2005 Record created on 09-11-2002 Domain servers in listed order: NS1.NEXTSTART.NET 209.133.47.10 NS2.NEXTSTART.NET 212.100.232.243 209.133.47.10 netblock belongs to about.com 09/01/04 04:49:57 dns 212.100.232.243 nslookup 212.100.232.243 Canonical name: ns2.ecashpay.com Addresses: 212.100.232.243 c:\>whois ecashpay.com Registrant: Vlad K 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Domain Name: ECASHPAY.COM Administrative Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Technical Contact: Khokholkov, Vlad vlad@email.com 2193 Commonwealth Ave, #313 Brighton, MA 02135 US 678 348 5003 Record last updated 08-07-2003 08:02:39 AM Record expires on 09-06-2005 Record created on 09-06-2002 Domain servers in listed order: NS1.FRESHSTARTNET.COM 69.20.5.167 NS2.FRESHSTARTNET.COM 69.20.5.165 NS3.FRESHSTARTNET.COM 69.20.5.164 Can't recall how I came up with NEXTSTART.NETthat led to madbonus.com but it was just from that CASHFORCLICKS.COM whois and a few whois lookups (didn't even google I don't think). Oh I remember now whois owncasino.com nameservers (from http visit to 69.20.5.164). Weird..... Undeniably all related though and why is rackspace (UK and US) hosting and about.com linked in (about.com netblock being used as nameservice perhaps 0wned though). Interesting.... -- Sean From windsorfoxNOSPAM at cox.net Wed Sep 1 00:28:07 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 1 00:30:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: References: Message-ID: emf wrote: > I am a little worried. For a week now I haven't received any spam, while > I used to receive about 10 a day! What could have happened? -Eustace They're holding it and will send it all at once on a Sat. once a month... From wb8tyw at qsl.network Wed Sep 1 02:05:30 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Sep 1 01:10:02 2004 Subject: [SpamCop-List] Re: Port scans In-Reply-To: References: Message-ID: N. Miller wrote: > In article , Graeme Leith says... > >>With the advent of port knocking, these tools cannot reliably tell you >>if your firewall is doing its job. A full scan can show all ports as >>closed, but the correct knock sequence will open a specific port for a >>period of time to allow the cracker back into the box. > > Could you elaborate? If the port is closed, then there is no service > listening on that port. A closed port means that no service is admitting to listening on that port. Accessing a closed port can still trigger an action on a host. > How can an external application clock data through > latches which have no local application ready to clock the latches? The > clock cycles are not controlled from the WAN side. Are they? A port is a software construct. A closed port just means that nothing acknowledged a packet addressed to a port according to the expected protocols. Graeme is correct that if a box is owned, it may not be detectable by an external security scan of the machine for open ports. That is why network administrators use ethernet sniffers. At my former employer, several of them were on continuous duty listening for anything out of the ordinary. If something happened, they froze their trace buffer and alerted humans to investigate. If a spammer wants to move any volume of data, a commercial ethernet sniffer should be able to set off an alert. And OpenVMS systems with TCPIP services running will set off alerts when someone decides to run a port scan on them as their default configuration. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Wed Sep 1 02:19:11 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Sep 1 01:20:03 2004 Subject: [SpamCop-List] Re: Port scans In-Reply-To: References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: N. Miller wrote: > > The only way to crack a port is if there is an application listening on it. Applications do not really "listen" on ports. They register with the network stack for packets with a specific port ID to be routed to them. They can also request that the network stack start them up when a packet with a specified port ID shows up. But the network stack that does the routing is software and can be replaced by a cracker if they find their way into a machine. > I am trying to find evidence of a way to crack a closed port. I have not > found any, nor have I had anybody who thinks that a closed port is > vulnerable prove it. It depends on the coding of the port dispatcher in that case. > If closed ports could be cracked, stealth would be no > good, because the exploit that can get past a closed port can get past a > stealth port. Yes. > The only difference between closed and stealthed is whether > the prober gets packets returned for packets sent. Yes. Of course some people think it is more fun to leave the ports open, but teergrube them instead. Unfortunately my broadband supplier requires me to leave my ports closed, as offering services is prohibited. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Wed Sep 1 02:25:24 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Sep 1 01:30:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: <4134443F.1060606@spamcop.net> References: <4134443F.1060606@spamcop.net> Message-ID: Anony Mouse wrote: > emf wrote: > >> I am a little worried. For a week now I haven't received any spam, >> while I used to receive about 10 a day! What could have happened? >> -Eustace In my case, it appears that my broadband supplier has hired a competent network security person that is taking steps to prevent spammers from harassing their paying customers by putting in DNSbls. > Arrested maybe... Maybe. But still am getting occasional reports from misconfigured virus scanners or virms pretending to be a misconfigured virus scanner. I can not tell which as Mozilla could not decode the attachment that was supposed to be the original message, and it did not appear to be a .ZIP file. Spammers running out of unlisted open proxies? -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Wed Sep 1 14:58:01 2004 From: nobody at spamcop.net (TimeLord) Date: Wed Sep 1 09:00:04 2004 Subject: [SpamCop-List] Re: Reciprocal Links References: Message-ID: "Mike B" wrote in message news:ch3g7a$g10$1@news.spamcop.net... > I think reciprocal links is also a way to spoof a site's popularity in > Google. The more sites that have links to yours, the higher Google ranks > your site. Some other factors included as well, but that is the main > outline. > > Mike B Yup, thats seems about right. On my sites, the higher the pagerank, the more link requests I get :-) Kev From eddie at eddie.web Wed Sep 1 13:19:41 2004 From: eddie at eddie.web (eddie) Date: Wed Sep 1 12:20:05 2004 Subject: [SpamCop-List] Re: Spam subject: Your internet sites are viewable by others! References: Message-ID: On Tue, 31 Aug 2004 10:27:23 -0700, Eric scratched out the following: > Well, duh! they finally figured that one out :) Next they'll find out that it gets dark at night From eddie at eddie.web Wed Sep 1 13:23:16 2004 From: eddie at eddie.web (eddie) Date: Wed Sep 1 12:25:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: On Wed, 01 Sep 2004 01:25:24 -0400, John E. Malmberg scratched out the following: snip > > Spammers running out of unlisted open proxies? > I think the SP2 is doing two things: First, it's simply killing some boxes making the users start from scratch this means that they will have to get the viruses all over again which will take some time Second, for those boxes on which SP2 actually installs, most of the malware will at least become apparent and the idiots will finally realize they are being used. I have noticed a drop in spam from zombies over the last few weeks and more from the old-fashioned open servers, etc. But just give them time and "They'll be baaaaackkkk" :) From glnews030922 at highspot.net Wed Sep 1 18:40:39 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Sep 1 12:40:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: References: <4134443F.1060606@spamcop.net> Message-ID: eddie wrote: > I think the SP2 is doing two things: > First, it's simply killing some boxes making the users start from scratch > this means that they will have to get the viruses all over again which > will take some time Around 20 minutes for a freshly installed XP machine if you believe recent news reports. Downloading and installing SP2 takes longer than this. Unless they have a HW firewall or install a software one before connecting to the net, chances are that they'll be 0wn3d before SP2 gets applied. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From nobody at nowhere.invalid Wed Sep 1 19:43:48 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Sep 1 12:45:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: On Wed, 01 Sep 2004 12:23:16 -0400, eddie coughed into spamcop and left this in : > this means that they will have to get the viruses all over again which > will take some time Oooooh - at least 20 seconds... > Second, for those boxes on which SP2 actually installs, most of the > malware will at least become apparent and the idiots will finally realize > they are being used. Of the "idiot" variety of Windows luser, how many do you think just click on "OK" in dialog boxes without reading the text, just to make the thing go away? Close to 100% IMO. They will not be informed that they're being cyberf*cked. > I have noticed a drop in spam from zombies over the last few weeks and > more from the old-fashioned open servers, etc. Want some of mine? I've got plenty here... -- Steve Shin, n. : a device for finding furniture in the dark. From nobody at spamcop.net Wed Sep 1 13:50:21 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 1 12:55:02 2004 Subject: [SpamCop-List] Re: An attempted unsolicitated connection by someone I just looked up? References: <87acwb4ymo.fsf@ursine.dyndns.org> Message-ID: Technomage Hawke wrote: > Still, one must ask why such a company is being run from such a ritzy > area? How about also from a home (a quarter million dollar home at > that). A $250,000 house is considered "ritzy" now? And in/on a golf course? I think you dropped a zero...... From nobody at spamcop.net Wed Sep 1 19:05:20 2004 From: nobody at spamcop.net (John McLusky) Date: Wed Sep 1 13:10:03 2004 Subject: [SpamCop-List] 'Looks like a bounce' Message-ID: Hi, I'm getting a flood of virus rejects from one particular server, and tried parsing the header to see who I could contact about it. Unfortunately, the parser doesn't let me manually parse a 'bounced' mail (where Return-Path: is <>). A suggestion - allow parsing of bounces as long as a body is not provided. John. From eddie at eddie.web Wed Sep 1 14:29:16 2004 From: eddie at eddie.web (eddie) Date: Wed Sep 1 13:30:04 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: On Wed, 01 Sep 2004 17:40:39 +0100, Graeme Leith scratched out the following: snip > Around 20 minutes for a freshly installed XP machine if you believe recent > news reports. Downloading and installing SP2 takes longer than this. > Unless they have a HW firewall or install a software one before connecting > to the net, chances are that they'll be 0wn3d before SP2 gets applied. Yes, that's a major failure on MS part - if XP were a car, it would have been recalled for safety reasons. The only real way to do it is to order the CD update and do a clean install of XP and then SP2 from scratch. Not many will do that. My only hope is that the machines get corrupted enough that they can't even do a recovery and have to take it to a professional. A real one. Still, for whatever reason, I have noticed a slight dropoff in zombie-delivered spam. From baloo at ursine.dyndns.org Wed Sep 1 12:10:38 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 1 14:15:04 2004 Subject: [SpamCop-List] Re: An attempted unsolicitated connection by someone I just looked up? References: <87acwb4ymo.fsf@ursine.dyndns.org> Message-ID: <87y8jtq2qp.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technomage Hawke writes: > Still, one must ask why such a company is being run from such a ritzy area? > How about also from a home (a quarter million dollar home at that). Hmm, either you're lowballing the land value or land is dirt cheap there. Getting a nice place in a nice neighborhood near a golf course usually sets people back $450,000 for a fixer-upper round here... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNhCgUzgNqloQMwcRAuNVAKCTz2w2nwjdczmIry4zBv5DIoocXACfUsL/ 4nWnv3vosaNJ1JqmgD85ZAs= =ggxK -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Wed Sep 1 12:12:57 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 1 14:15:09 2004 Subject: [SpamCop-List] Re: Port scans References: Message-ID: <87u0uhq2mu.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John E. Malmberg" writes: > N. Miller wrote: >> In article , Graeme Leith says... >> >>> With the advent of port knocking, these tools cannot reliably tell >>> you if your firewall is doing its job. A full scan can show all >>> ports as closed, but the correct knock sequence will open a >>> specific port for a period of time to allow the cracker back into >>> the box. >> Could you elaborate? If the port is closed, then there is no service >> listening on that port. > > A closed port means that no service is admitting to listening on that > port. Accessing a closed port can still trigger an action on a host. Yeah, unless your implementation is broken, an ICMP Connection Refused response. > Graeme is correct that if a box is owned, it may not be detectable by > an external security scan of the machine for open ports. But that's just security through obscurity and not a real fix. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNhEpUzgNqloQMwcRAgXGAJwJ2/2NgSWxzHhevrMvA/azh9p4kgCgiS1L McOl9Scicm9Bgc7tjw7t8Ig= =49qx -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Wed Sep 1 12:14:59 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 1 14:15:11 2004 Subject: [SpamCop-List] Re: Port scans References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: <87n009q2jg.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John E. Malmberg" writes: > N. Miller wrote: >> The only way to crack a port is if there is an application listening >> on it. > > Applications do not really "listen" on ports. They register with the > network stack for packets with a specific port ID to be routed to > them. They can also request that the network stack start them up when > a packet with a specified port ID shows up. > > But the network stack that does the routing is software and can be > replaced by a cracker if they find their way into a machine. In which case, stealthed ports would not protect you from this, either. > Of course some people think it is more fun to leave the ports open, > but teergrube them instead. Now that's where you can run into problems: Accepting the connection. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNhGjUzgNqloQMwcRAiThAKDlervyZIAQLjMGevgc6oURe4q4wQCgxA6Y ZkeEVzC3RKxE6joMi9ry9cc= =cV4U -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Wed Sep 1 12:18:18 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 1 14:20:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: <87isaxq2dx.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graeme Leith writes: > eddie wrote: > >> I think the SP2 is doing two things: >> First, it's simply killing some boxes making the users start from scratch >> this means that they will have to get the viruses all over again which >> will take some time > > Around 20 minutes for a freshly installed XP machine if you believe > recent news reports. Downloading and installing SP2 takes longer than > this. Unless they have a HW firewall or install a software one before > connecting to the net, chances are that they'll be 0wn3d before SP2 > gets applied. But who in their right mind runs Windows on a hostile network to begin with? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNhJqUzgNqloQMwcRAh5RAJ0eDE4ML0vgDqY5hlPMEz/JZimO0wCeIJVY VYOw3ppGYd3+DF2T/Yv1wZ4= =mUdt -----END PGP SIGNATURE----- From porpoise1954 at yahoo.co.uk Wed Sep 1 20:28:17 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Sep 1 14:30:05 2004 Subject: [SpamCop-List] Re: Port scans References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: "N. Miller" wrote in message news:MPG.1b9ef38527d9284498973f@news.spamcop.net... > In article , Porpoise says... > > > I'd rather be in a position where the would-be perpetrators can't see the > > port (think it's not there) and so don't waste time and effort trying to > > break into it than them get a reject code (thereby knowing that it exists) > > and then spend time and effort possibly finding a way in. (What the eye > > doesn't see, the heart doesn't grieve over). > > The only way to crack a port is if there is an application listening on it. > I am trying to find evidence of a way to crack a closed port. I have not > found any, nor have I had anybody who thinks that a closed port is > vulnerable prove it. If closed ports could be cracked, stealth would be no > good, because the exploit that can get past a closed port can get past a > stealth port. The only difference between closed and stealthed is whether > the prober gets packets returned for packets sent. That is my understanding too.... > > -- > Norman > ~Win dain a lotica, En vai tu ri, Si lo ta > ~Fin dein a loluca, En dragu a sei lain > ~Vi fa-ru les shutai am, En riga-lint From user at domain.invalid Wed Sep 1 23:03:49 2004 From: user at domain.invalid (user@domain.invalid) Date: Wed Sep 1 17:05:22 2004 Subject: [SpamCop-List] Netscape Spamming me Message-ID: <41363935.4020002@domain.invalid> Hi Everyone I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open my mail window Netscape downloads an advert from Netscape into it. So each time I go to get my mail I get a new Netscape advert advertising something new from a 3rd party company. This is very annoying. I cannot find a way of stopping it in preferences or needless to say on the Netscape site. Does anyone know anything about this or how to stop it? Thank you for your help Regards Neil From eddie at eddie.web Wed Sep 1 18:11:20 2004 From: eddie at eddie.web (eddie) Date: Wed Sep 1 17:15:02 2004 Subject: [SpamCop-List] Re: Netscape Spamming me References: <41363935.4020002@domain.invalid> Message-ID: On Wed, 01 Sep 2004 22:03:49 +0100, user scratched out the following: > Hi Everyone > > I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open my > mail window Netscape downloads an advert from Netscape into it. So each > time I go to get my mail I get a new Netscape advert advertising something > new from a 3rd party company. > > This is very annoying. I cannot find a way of stopping it in preferences > or needless to say on the Netscape site. > > Does anyone know anything about this or how to stop it? > > Thank you for your help > > Regards > > Neil I have a G5 and I downloaded and am using Mozilla. I suggest removing Netscape and installing the latest Mozilla browser. No popups, no ads, nothing but good smooth browsing. From user\" at domain.invalid>" Thu Sep 2 00:12:12 2004 From: user\" at domain.invalid>" ( Rolf) Date: Wed Sep 1 17:15:05 2004 Subject: [SpamCop-List] Re: Port scans In-Reply-To: References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: John E. Malmberg wrote: > Applications do not really "listen" on ports. They register with the > network stack for packets with a specific port ID to be routed to them. > They can also request that the network stack start them up when a > packet with a specified port ID shows up. Can you elaborate about having the stack startup an application on traffic for a particular ID? I was under the impression that normal TCP/IP stacks do not implement remote activation but that the process needs to register (listen) before messages can be routed to it. > But the network stack that does the routing is software and can be > replaced by a cracker if they find their way into a machine. If you know the stack and would know for instance a buffer overflow exploit for that stack then yes you could attack it directly from a remote location. Otherwise you first need to get into the machine before you can manipulate the stack. Rolf From cyberc at bwn.org.uk Wed Sep 1 23:41:27 2004 From: cyberc at bwn.org.uk (cyberc) Date: Wed Sep 1 17:40:02 2004 Subject: [SpamCop-List] Emailed spam does not report Message-ID: I just changed from using the web site to report spam to forwarding the spam as an attachment. I now have logged on to find that I have loads of unreported spam - none of my forwarded spam has been reported. Does this mean I have to log on as well as froward the email?? B From porpoise1954 at yahoo.co.uk Wed Sep 1 23:41:32 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Sep 1 17:45:03 2004 Subject: [SpamCop-List] Re: Emailed spam does not report References: Message-ID: "cyberc" wrote in message news:ch5fhr$2h8$1@news.spamcop.net... > I just changed from using the web site to report spam to forwarding the spam > as an attachment. I now have logged on to find that I have loads of > unreported spam - none of my forwarded spam has been reported. > > Does this mean I have to log on as well as froward the email?? > > B > > After you forward the spam you have to logon to the site and send the reports. From tmcgraw at spamcop.net Wed Sep 1 15:49:26 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Sep 1 17:50:02 2004 Subject: [SpamCop-List] Re: Netscape Spamming me References: <41363935.4020002@domain.invalid> Message-ID: <413643E6.1000207@spamcop.net> user@domain.invalid wrote: > > I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open > my mail window Netscape downloads an advert from Netscape into it. So > each time I go to get my mail I get a new Netscape advert advertising > something new from a 3rd party company. > > This is very annoying. I cannot find a way of stopping it in preferences > or needless to say on the Netscape site. > > Does anyone know anything about this or how to stop it? It sounds like you signed up for their free Web mail. From MikeE at ster.invalid Wed Sep 1 15:55:33 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 1 18:00:02 2004 Subject: [SpamCop-List] Re: Emailed spam does not report References: Message-ID: cyberc wrote: > I just changed from using the web site to report spam to forwarding > the spam as an attachment. I now have logged on to find that I have > loads of unreported spam - none of my forwarded spam has been > reported. > > Does this mean I have to log on as well as froward the email?? Yes. That is, forwarding as an attachment /successfully/ is 'equivalent to' pasting the item into the webparser and clicking 'process spam'. Similarly, there is another step after that one, the step in which you are presented the result of the parse so that you can check or uncheck to notify results - the approval process of the notify. Until that step is completed, any spam submitted remains unreported. You should have received an email in which SC sez it is ready to process your spam and it gives you a link to click and has a copy of the spam headers When you click on that link you can see the parse results and 'send spam reports now' or 'preview' or 'cancel' - just like the result when you submit via webparser. Forwarding as attachment is just another way to get the spam into the parser, with some additional things which can go wrong; so emailing spam to the parser unsuccessfully is much /worse/ than submitting to the webparser. -- Mike Easter kibitzer, not SC admin From user at domain.invalid Thu Sep 2 01:11:45 2004 From: user at domain.invalid (user@domain.invalid) Date: Wed Sep 1 18:05:02 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: <413643E6.1000207@spamcop.net> References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> Message-ID: Tim McGraw wrote: > user@domain.invalid wrote: > >> >> I downloaded Netscape 7 for Apple Mac a few days ago. Every time I >> open my mail window Netscape downloads an advert from Netscape into >> it. So each time I go to get my mail I get a new Netscape advert >> advertising something new from a 3rd party company. >> >> This is very annoying. I cannot find a way of stopping it in >> preferences or needless to say on the Netscape site. It is very simple. Edit / Preferences / Mail and Newsgroups -> deselect Mail start page or enter your desired url address of a web page or news page that will be loaded in that section. From nobody at spamcop.net Thu Sep 2 11:34:07 2004 From: nobody at spamcop.net (Anony Mouse) Date: Wed Sep 1 18:35:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: <41364E5F.80707@spamcop.net> John E. Malmberg wrote: > Anony Mouse wrote: My spam has disappeared... One spam that traces to one of these two Russians in the last four days... Ibragimov Ruslan Alexey Panov I guess news takes a while to travel to Russia. I have no doubt the authorities have moved against the recidivist gang that I have been unable to stop. I have linked Panov to what I call the Webfinity spam gang... I am not sure but I think Webfinity is at the top of the gang which includes Ralsky, Drew Auman (The Bulk Club) and many others. Anyway it is good to have a clear inbox for a change and I look forward to spammies next move... Certainly if they keep doing what they do (Using infected machines) they will be arrested in due course. Thanks must go to the ACA in Australia who have been conducting investigations into my pet gang and passing info on to the FTC. I received a request from the ACA to pass all my evidence on to the FTC a while ago. It is certainly good not to have to spend several hours a day investigating and providing preliminary evidence to the authorities. From kenbrody at spamcop.net Wed Sep 1 19:34:03 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Sep 1 18:40:02 2004 Subject: [SpamCop-List] Re: Netscape Spamming me References: <41363935.4020002@domain.invalid> Message-ID: <41364E5B.966DE766@spamcop.net> user@domain.invalid wrote: > > Hi Everyone > > I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open > my mail window Netscape downloads an advert from Netscape into it. So > each time I go to get my mail I get a new Netscape advert advertising > something new from a 3rd party company. > > This is very annoying. I cannot find a way of stopping it in preferences > or needless to say on the Netscape site. > > Does anyone know anything about this or how to stop it? I don't know if it can be considered "spam", as you probably agreed to it somewhere within the license agreement. However... On my old Netscape (4.76 for Windows), I simply start in "offline" mode, and my e-mail window either shows the last message I looked at, or it is empty. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From windsorfoxNOSPAM at cox.net Wed Sep 1 20:01:46 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 1 20:05:06 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: <41363935.4020002@domain.invalid> References: <41363935.4020002@domain.invalid> Message-ID: user@domain.invalid wrote: > Hi Everyone > > I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open > my mail window Netscape downloads an advert from Netscape into it. So > each time I go to get my mail I get a new Netscape advert advertising > something new from a 3rd party company. > > This is very annoying. I cannot find a way of stopping it in preferences > or needless to say on the Netscape site. > > Does anyone know anything about this or how to stop it? > > Thank you for your help > > Regards > > Neil > You gave your email address to AOL???!! From windsorfoxNOSPAM at cox.net Wed Sep 1 20:02:57 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 1 20:05:09 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: References: <41363935.4020002@domain.invalid> Message-ID: eddie wrote: > > I have a G5 and I downloaded and am using Mozilla. > I suggest removing Netscape and installing the latest Mozilla browser. No > popups, no ads, nothing but good smooth browsing. I don't. I prefer Netscape. Also no pop-ups and no ads. Unless you put your email address where it doesn't belong. From windsorfoxNOSPAM at cox.net Wed Sep 1 20:04:29 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 1 20:05:12 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: <41364E5B.966DE766@spamcop.net> References: <41363935.4020002@domain.invalid> <41364E5B.966DE766@spamcop.net> Message-ID: Kenneth Brody wrote: > I don't know if it can be considered "spam", as you probably agreed to > it somewhere within the license agreement. > > However... > > On my old Netscape (4.76 for Windows), I simply start in "offline" mode, > and my e-mail window either shows the last message I looked at, or it is > empty. > I've used it for years and just upgraded to 7.2 and get no mail form Netscape. From gruvin_nz at hotmail.com Thu Sep 2 13:14:09 2004 From: gruvin_nz at hotmail.com (Bryan) Date: Wed Sep 1 20:15:03 2004 Subject: [SpamCop-List] IMHO SpamCop are utterly IRRESPONSIBLE Message-ID: Hi. Well, I'm sure SpamCops receives a LOT of complaints from people that were unfairly, and in some case idiotically blocked. I present here what I feel is the single most STUPID thing SpamCop have done to date. We host some 50 client's Websites on a virtual server. Therefore, every client essentailly shares the same IP. Fine. So one client writes a PHP script, sends a bunch of spam and gets our IP blocked so now all our clients are blocked. THAT'S FINE. I have no complaint there. That's life. It's fair. BUT WAIT!! A client, let's say bob@foo.bar, sits at home and sends a few E-mails to his contact list using MS Outlook Express. Naturally his reply address is bob@foo.bar. Now, ONE of the E-mails accidentally has the wrong address (or something) or maybe not even that, but the Wally at the other end complains that he has been spammed when, in fact, he hasn't. But let us say it really WAS spam. So SpamCop, doing their best to help out, looks at the message. Hmmm... it claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! NOT! Firstly, who the hell says Bob wasn't FAKING his reply address? Secondly, the mail never even came from 1.2.3.4!! It came via some person claiming to be Bob's ISP, via their Dial-up. Thirdly, what about the other 50 clients of ours who happen to reside at 1.2.3.4 who had nothing to do with this? They are now losing business and clients because people at SpamCop, despite being upstanding and honest individuals are behaving like a bunch of idiots? I smell a class action law suite in the wind! It is now clear to me how to very easily get anyone I want blocked on SpamCop's database. All I have to do is send a few blatant spams via a borrowed dial-up account with my From: and Reply-To: addressed set to the victim I want blocked. (Not that I would, of course!) SpamCop! You are incredibly INEPT and IRRESPONSIBLE in your actions here! This issue is set to explode in your face. You are likely to be facing class action law suites some time very soon if you don't fix this nonsense! I have carefully recorded evidence and have three separate witnesses that this is EXACTLY what SpamCop have done. You can NOT convince us otherwise, and you sure wont convince a judge. Look! Everyone HATES spam, not least of all my self. But you can't go around erroneously blocking innocent parties like this! (Reply address spam filtered via HotMail. So don't bother. But you can call me on +64 21 933 393 if you like.) From wb8tyw at qsl.network Wed Sep 1 21:27:05 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Sep 1 20:30:04 2004 Subject: [SpamCop-List] Re: Port scans In-Reply-To: References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: Rolf wrote: > John E. Malmberg wrote: > > Can you elaborate about having the stack startup an application on > traffic for a particular ID? By "network stack" or "TCP/IP stack" I am referring to the collection of programs and libraries that make up the TCP/IP implementation, not the stack register of a machine and the memory it points to. RPC dispatchers for objects. Instead of having the object in core, it is dynamically activated based on what the request is. This can be also be done as a layer above the TCPIP network by a an application that is listening. The OpenVMS implmementation of SAMBA SMBD works that way. An incomming connection goes to the TCPIP service dispatcher, and the service dispacher runs a script or an executable to start up an instance of the program and hands off the connection to that instance. Then it goes back to listen for another connection. In other cases, an application does all of it's own management of the incoming connections. It can either be started as a daemon and listen it self, or have the service dispatcher start it on demand. If the daemon stops from an error, or because it has been idle too long, the service dispatcher will restart it on the next request for the port. This saves virtual memory. > I was under the impression that normal TCP/IP stacks do not implement > remote activation but that the process needs to register (listen) before > messages can be routed to it. What is normal? I am ignorant of many of the ways of *NIX, but it appears that the inetd will listen on a port and will start a process on demand from a connection in some cases, and it also appears to know of processes that it should always start up on specific ports and make sure that they are running. Object brokers are available cross platforms with various capabilities. Microsoft Windows has registry bindings that control things and what appears to be several dispatchers that can start tasks. >> But the network stack that does the routing is software and can be >> replaced by a cracker if they find their way into a machine. > > If you know the stack and would know for instance a buffer overflow > exploit for that stack then yes you could attack it directly from a > remote location. Otherwise you first need to get into the machine before > you can manipulate the stack. That is correct. As above, I am referring to "network stack" as the stack of programs and routines that make up the program, not any of the stack registers of the CPU. Note that the easiest way to compromise a system is either to phish a password or spoof a privileged user into running malware, as neither method needs much skill. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Wed Sep 1 20:38:24 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Sep 1 20:40:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > > Well, I'm sure SpamCops receives a LOT of complaints from people that were > unfairly, and in some case idiotically blocked. I present here what I feel > is the single most STUPID thing SpamCop have done to date. and some people are just foolish. From Merlyn at Spamcop.net Wed Sep 1 21:45:18 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Sep 1 20:50:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > Hi. > > Well, I'm sure SpamCops receives a LOT of complaints from people that were > unfairly, and in some case idiotically blocked. I present here what I feel > is the single most STUPID thing SpamCop have done to date. > > We host some 50 client's Websites on a virtual server. Therefore, every > client essentailly shares the same IP. Fine. So one client writes a PHP > script, sends a bunch of spam and gets our IP blocked so now all our clients > are blocked. THAT'S FINE. I have no complaint there. That's life. It's fair. > > BUT WAIT!! [lots of useless rants and cartoonies snipped] What is a person like you with no knowledge of how the internet works doing running a server? The only thing in the Spamcop blocklist is IP numbers of the originating server. Spamcop does not look at _ANY_ email addresses. Email addresses are to easily forged. The only thing reliable is the IP addy from where the email came from. If you host spammers then you deserve to be blocked. Next, there in no lawsuit anyone can bring upon Spamcop. Spamcop does not block anything, the people who the email was being sent to blocked it or their ISP blocked it based upon reports of misuse. Why am I even trying to explain this to someone who comes in here ranting without any knowledge of how anything works. No wonder you are blocked. You know so little and you know it so fluently. The only thing that smells around here is burnt spammer. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From user\" at domain.invalid>" Thu Sep 2 03:45:52 2004 From: user\" at domain.invalid>" ( Rolf) Date: Wed Sep 1 20:50:07 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: Bryan wrote: You should really research the facts before making blatantly false claims. > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! Spamcops parser doesn't use the sender email address, not the From: nor the Reply:. It uses the IP addresses from the Received: lines up to the last IP address/DNS name it can safely trace. It is not very easy to spoof that! > Firstly, who the hell says Bob wasn't FAKING his reply address? See above. The reply, nor de sender email address has any meaning whatsover in determining what IP address should be reported and added to the block list. > Secondly, the mail never even came from 1.2.3.4!! It came via some person > claiming to be Bob's ISP, via their Dial-up. Then there would be an according Received: line in the headers. And this line will be picked up by the parser and used to determine who to report. > Thirdly, what about the other 50 clients of ours who happen to reside at > 1.2.3.4 who had nothing to do with this? They are now losing business and > clients because people at SpamCop, despite being upstanding and honest > individuals are behaving like a bunch of idiots? Their bad. What about the millions of potential spam victims being bombed by this single spam kid or even just irresponsible user with a zombied box on your network of 50 users? Should all those million people endure that spam because you would like to secure the business of your users while ignoring a potential spam problem rather than being made aware of it and taking proper measures? > It is now clear to me how to very easily get anyone I want blocked on > SpamCop's database. All I have to do is send a few blatant spams via a > borrowed dial-up account with my From: and Reply-To: addressed set to the > victim I want blocked. (Not that I would, of course!) You would get the IP address of the borrowed dialup account on the block list and some reports send to the according ISP which in the case of a responsible ISP even might revoke the service to the user you borrowed the dialup account from. But the actual Reply-To: and From: addresses are completely ignored by the SpamCop parser. > This issue is set to explode in your face. You are likely to be facing class > action law suites some time very soon if you don't fix this nonsense! There is nothing to fix. You know you really sound more and more like a typical spammer. > I have carefully recorded evidence and have three separate witnesses that > this is EXACTLY what SpamCop have done. You can NOT convince us otherwise, > and you sure wont convince a judge. Yes indeed, spoken like a true spammer! > Look! Everyone HATES spam, not least of all my self. But you can't go around > erroneously blocking innocent parties like this! Instead of ranting like this you should have gone on the main site of Spamcop and read about what to do if you got onto a blocklist or received a report. You would have seen that writing to the deputies at spamcom.net might be a solution if you are really so innocent as you say you are. Or you could have read through past postings here of other people complaining wrongly about SpamCop doing bad and illegal things and the answers they got in explaining to them how SpamCop works, what it does and what it doesn't. From nobody at devnull.spamcop.net Wed Sep 1 21:58:35 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Wed Sep 1 21:00:04 2004 Subject: [SpamCop-List] Re: What to do? References: Message-ID: "Glenn Daniels" wrote in message news:ch37b8$3b4$1@news.spamcop.net... > "Steve Gilder" wrote in message > > "Glenn Daniels" wrote in message > > > "Steve Gilder" wrote in message [snip] > > Was hoping someone would post the link to the commonly used > expressions. I've lost track of the link. Usually when one posts a > ROFLOL funny, is courtesy to put [C&C] first in the subject line. > That way, before I read it, I know to secure the coffee cup and > put the cat out of my lap. Otherwise, the cat takes a fright and > bolts, throwing the coffee at the monitor and down into the > keyboard. Somehow, the *What to do. What to do?* just > hit a ticklish spot. Brought back my reaction to first one I > got like yours: I took disproportionate offense, but it > seemed you found a healthier perspective. > > Laughter is the best medicine. > > Thanks, > Glenn > > Sorry but I'd didn't think it would cause that kind of reaction. The *What to do. What to do?* should have been in quotes (it came from an old commercial) I will put C&C when appropriate but sometimes I say things that others think are funny when I'm being serious. ROFLOL is topped by ROFLMAO, which is topped by ROFLMAOWTIME, which is topped by ROFLMAOWTIMEHMS - nothing funnier than that. Laughter and kisses makes everything better. Steve From user\" at domain.invalid>" Thu Sep 2 04:04:18 2004 From: user\" at domain.invalid>" ( Rolf) Date: Wed Sep 1 21:10:05 2004 Subject: [SpamCop-List] Re: Port scans In-Reply-To: References: <871xhoaba6.fsf@ursine.dyndns.org> Message-ID: John E. Malmberg wrote: > By "network stack" or "TCP/IP stack" I am referring to the collection of > programs and libraries that make up the TCP/IP implementation, not the > stack register of a machine and the memory it points to. I understood the same here although maybe in a more limited scope, like the socket interface and the underlaying transport layer implementations. > RPC dispatchers for objects. Instead of having the object in core, it > is dynamically activated based on what the request is. This can be also > be done as a layer above the TCPIP network by a an application that is > listening. > > The OpenVMS implmementation of SAMBA SMBD works that way. An incomming > connection goes to the TCPIP service dispatcher, and the service > dispacher runs a script or an executable to start up an instance of the > program and hands off the connection to that instance. Then it goes > back to listen for another connection. I see, you are talking here over transport layers above TCP/IP. Besides SMBD you could also talk about DCOM (which is based on DCE) or many others. I was thinking in terms of simple TCP/IP sockets and I don't think they would support something like this. >> I was under the impression that normal TCP/IP stacks do not implement >> remote activation but that the process needs to register (listen) >> before messages can be routed to it. > > What is normal? Anything resembling a Berkeley socket interface including for instance Winsock. I could imagine that someone might develop it's own flawor directly with configuration tables to actually launch a specific process by traffic on a specific port. > I am ignorant of many of the ways of *NIX, but it appears that the inetd > will listen on a port and will start a process on demand from a > connection in some cases, and it also appears to know of processes that > it should always start up on specific ports and make sure that they are > running. Yes, inetd can be used for that as far as I know. It is a service above TCP/IP though and it does know about processes to startup by its configuration file which you have to setup (and which seemed not that easy to me last time I looked at it). > Object brokers are available cross platforms with various capabilities. > > Microsoft Windows has registry bindings that control things and what > appears to be several dispatchers that can start tasks. Well, as far as remote process invocation I'm not aware of much other things than DCOM. Not sure how you would activate a non running process over SMBD although that might be possible. Things like NetDDE, or TCP/IP through Winsock need the receiving (server) process already running in memory before you can communicate with them. From tmcgraw at spamcop.net Wed Sep 1 19:29:37 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Sep 1 21:30:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: <41367781.8060008@spamcop.net> Bryan wrote: > Hi. Hi. > Well, I'm sure SpamCops receives a LOT of complaints from people that were > unfairly, and in some case idiotically blocked. I present here what I feel > is the single most STUPID thing SpamCop have done to date. The only complaints around here come from spammers. > We host some 50 client's Websites on a virtual server. Therefore, every > client essentailly shares the same IP. Fine. So one client writes a PHP > script, sends a bunch of spam and gets our IP blocked so now all our clients > are blocked. THAT'S FINE. I have no complaint there. That's life. It's fair. Okay. > BUT WAIT!! Okay. > A client, let's say bob@foo.bar, sits at home and sends a few E-mails to his > contact list using MS Outlook Express. Naturally his reply address is > bob@foo.bar. Now, ONE of the E-mails accidentally has the wrong address (or > something) or maybe not even that, but the Wally at the other end complains > that he has been spammed when, in fact, he hasn't. But let us say it really > WAS spam. Irrelevant. Only the person who received that email would know whether it was spam. That's not for you to decide or for bob@foo.bar to decide. > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! "From:" header is irrelevant and is not even considered. > NOT! Why should the Internet be the recipient of all your shit? > Firstly, who the hell says Bob wasn't FAKING his reply address? Irrelevant. > Secondly, the mail never even came from 1.2.3.4!! It came via some person > claiming to be Bob's ISP, via their Dial-up. Then 1.2.3.4 would not have been blocked. Bob's ISP would be blocked. > Thirdly, what about the other 50 clients of ours who happen to reside at > 1.2.3.4 who had nothing to do with this? They are now losing business and > clients because people at SpamCop, despite being upstanding and honest > individuals are behaving like a bunch of idiots? See: collateral damage. Happens all the time. Why? The Internet doesn't want all of Bob's shit. > I smell a class action law suite in the wind! See: cartooney. Prepare to be blocked simply because you are an idiot. > It is now clear to me how to very easily get anyone I want blocked on > SpamCop's database. All I have to do is send a few blatant spams via a > borrowed dial-up account with my From: and Reply-To: addressed set to the > victim I want blocked. (Not that I would, of course!) That's not how spamcop works. The "From:" header is irrelevant and is not even considered. > SpamCop! You are incredibly INEPT and IRRESPONSIBLE in your actions here! You have verified that the system is working. > This issue is set to explode in your face. You are likely to be facing class > action law suites some time very soon if you don't fix this nonsense! More proof that the system is working. > I have carefully recorded evidence and have three separate witnesses that > this is EXACTLY what SpamCop have done. You can NOT convince us otherwise, > and you sure wont convince a judge. Hollow claims. > Look! Everyone HATES spam, not least of all my self. But you can't go around > erroneously blocking innocent parties like this! No proof. Hollow claims. > (Reply address spam filtered via HotMail. So don't bother. But you can call > me on +64 21 933 393 if you like.) Bryan J. Rentoul bryan@conquestsys.com From 8vmb6jy02 at sneakemail.com Thu Sep 2 03:36:37 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Wed Sep 1 21:40:03 2004 Subject: [SpamCop-List] [C&C] RE: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: [Snip: ludicriously funny naivety and 4 day old limp lettuce leaf-like cart00ney]. Godamn that was funny. Best laugh I had all day. PS Bryan. Oh and netiquette requires a C&C warning if the contents of a post are likely to cause 'splorfing' of coffee and startling of furry friends. -- Sean From nobody at spamcop.net Wed Sep 1 22:48:15 2004 From: nobody at spamcop.net (Ellen) Date: Wed Sep 1 21:50:02 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > Hi. > > > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! > > snipping The parser *ignores* the from, the reply-to, the envelope sender, forged helo's and other easily forgeable information in the headers. If you would like to calm down and either say what you think has happened to you/your server either here or by emailing me at deputies@spamcop.net I would be happy to try to figure out what the problem is. Ellen SpamCop From Spam_N_Scams_Reporter at yahoo.netorcom Wed Sep 1 21:01:19 2004 From: Spam_N_Scams_Reporter at yahoo.netorcom (Spam N Scams Reporter) Date: Wed Sep 1 23:05:16 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: <41363935.4020002@domain.invalid> References: <41363935.4020002@domain.invalid> Message-ID: user@domain.invalid wrote: > Hi Everyone > > I downloaded Netscape 7 for Apple Mac a few days ago. Every time I open > my mail window Netscape downloads an advert from Netscape into it. So > each time I go to get my mail I get a new Netscape advert advertising > something new from a 3rd party company. > > This is very annoying. I cannot find a way of stopping it in preferences > or needless to say on the Netscape site. > > Does anyone know anything about this or how to stop it? > > Thank you for your help > > Regards > > Neil > I think what possibly may be happening is that you are reading the title bar, which will read Netscape, Internet Explorer, Mozilla Firefox, etc. depending on the browser you are using. You are receiving popups. Getting rid of the spyware on your computer will help. From eddie at eddie.web Thu Sep 2 01:12:13 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 2 00:15:13 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: On Thu, 02 Sep 2004 12:14:09 +1200, Bryan scratched out the following: snip First, spamcop is singular, so your subject rant should read, SpamCop is, not are. > Well, I'm sure SpamCops receives a LOT of complaints from people that were > unfairly, and in some case idiotically blocked. I present here what I feel > is the single most STUPID thing SpamCop have done to date. Usually only from roasted spammers. Again it's SpamCop has, not have. SC is singular. I am starting to get a hint about you > > We host some 50 client's Websites on a virtual server. snip clients' is better, but who is counting? > A client, let's say bob@foo.bar, sits at home and sends a few E-mails to > his contact list using MS Outlook Express. Why Outlook Express? Why not a chicken (very inside American joke) > So SpamCop, doing their best to help out, looks at the message. Hmmm... > it claims to be from bob@foo.bar. So we simply look up foo.bar's IP > address and we find 1.2.3.4. Great! Let's block 1.2.3.4. What good > people we are! SpamCop, doing its best, not their. We are one! Spamcop does not care what the return address is. You, as a technical professional (LOL) should know that. SC parses the header and determines the IP address of the sender. Didn't you learn that in IT school? > NOT! Not? That's so 20th century I will ignore it. > Firstly, who the hell says Bob wasn't FAKING his reply address? Who cares. Read the above line. > Secondly, the mail never even came from 1.2.3.4!! It came via some > person claiming to be Bob's ISP, via their Dial-up. Then the dialup IP address would be listed as the spammer. > Thirdly, what about the other 50 clients of ours who happen to reside at > 1.2.3.4 who had nothing to do with this? They are now losing business > and clients because people at SpamCop, despite being upstanding and > honest individuals are behaving like a bunch of idiots? That's your problem for being cheap about assigning the same IP to 50 people. Think about the old one rotten apple saw. > I smell a class action law suite in the wind! I smell roasted spammer. Just get in line after the big boys. > > > It is now clear to me how to very easily get anyone I want blocked on > SpamCop's database. All I have to do is send a few blatant spams via a > borrowed dial-up account with my From: and Reply-To: addressed set to > the victim I want blocked. (Not that I would, of course!) SpamCop doesn't block anyone. If you sent spam you would be on the list, not the person whose address you illegally forged, although they might be informed that you are forging their address and they might sue you. Cartooney joke. > SpamCop! You are incredibly INEPT and IRRESPONSIBLE in your actions > here! Here, we can accept the "you" since it can be used as a singular or plural. You lucked out here. > This issue is set to explode in your face. You are likely to be facing > class action law suites some time very soon if you don't fix this > nonsense! BOOM!! > I have carefully recorded evidence and have three separate witnesses > that this is EXACTLY what SpamCop have done. You can NOT convince us > otherwise, and you sure wont convince a judge. Good, witnesses are always needed for a cartooney. And you left out the apostrophe in wont which makes wont a different word - it means habit which doesn't fit in your sentence. You may get sued for making a mockery of the English language. > Look! Everyone HATES spam, not least of all my self. But you can't go > around erroneously blocking innocent parties like this! NO, Wrong again. Spammers love spam and spamvertized websites love spam. Again, Spamcop does not block. SC just puts bad boys on their naughty list. Oh, it's myself, not my self. You just gave yourself away totally. > > (Reply address spam filtered via HotMail. So don't bother. But you can > call me on +64 21 933 393 if you like.) I don't have any spare change. Thanks for the fun. If you need a good lawyer you can call me at 555 555-1212 and tell them joe sent you. From eddie at eddie.web Thu Sep 2 01:14:21 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 2 00:15:23 2004 Subject: [SpamCop-List] Re: Netscape Spamming me References: <41363935.4020002@domain.invalid> Message-ID: On Wed, 01 Sep 2004 19:02:57 -0500, WindsorFox[SS] scratched out the following: snip > > I don't. I prefer Netscape. Also no pop-ups and no ads. Unless you > put your email address where it doesn't belong. to each his own. I was just offering my experience on my G5 OSX. Mozilla is almost as good as Safari in some respects, but Safari doesn't have NGs built in. From nobody at devnull.spamcop.net Thu Sep 2 00:36:10 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 2 00:40:03 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: References: <41363935.4020002@domain.invalid> Message-ID: WindsorFox[SS] wrote: > eddie wrote: > > >> >> I have a G5 and I downloaded and am using Mozilla. >> I suggest removing Netscape and installing the latest Mozilla browser. No >> popups, no ads, nothing but good smooth browsing. > > > I don't. I prefer Netscape. Also no pop-ups and no ads. Unless you put > your email address where it doesn't belong. Yeah, I use Netscape 7.1, and I don't get pop ups or anything. It's all in how you set up Netscape to work. From nobody at devnull.spamcop.net Thu Sep 2 01:13:01 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 2 01:15:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: Bryan wrote: > A client, let's say bob@foo.bar, sits at home and sends a few E-mails to his > contact list using MS Outlook Express. Naturally his reply address is > bob@foo.bar. Now, ONE of the E-mails accidentally has the wrong address (or > something) or maybe not even that, but the Wally at the other end complains > that he has been spammed when, in fact, he hasn't. But let us say it really > WAS spam. > > > > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! SpamCop doesn't block IP addresses based on the from address due to the easily forged nature of the "from" field. If you had done your research properly, you'd know that. > Firstly, who the hell says Bob wasn't FAKING his reply address? And your point is? What difference does it make that "Bob" forges the address when SpamCop determines the spam's origin based on the IP in the received addres, NOT some IP based on a forged "from" address. > Secondly, the mail never even came from 1.2.3.4!! It came via some person > claiming to be Bob's ISP, via their Dial-up. Once again, your point is? SpamCop can properly detect where the spam came from? > Thirdly, what about the other 50 clients of ours who happen to reside at > 1.2.3.4 who had nothing to do with this? They are now losing business and > clients because people at SpamCop, despite being upstanding and honest > individuals are behaving like a bunch of idiots? > > > > I smell a class action law suite in the wind! I smell a cartooney legal threat in the wind! Next time you think it would be a cute idea to run around throwing a temper tantrum without researching the facts, you might want to rethink that idea since you've only succeeding in making a complete fool of yourself here. A lawyer would just laugh in your face for trying to sue SpamCop over your own misunderstanding of how SpamCop actually works. Considering you can't even be bothered to properly research how SpamCop works, I hardly think YOU are in any position to call anyone else an idiot. If anyone is behaving like an idiot, it's you! > It is now clear to me how to very easily get anyone I want blocked on > SpamCop's database. All I have to do is send a few blatant spams via a > borrowed dial-up account with my From: and Reply-To: addressed set to the > victim I want blocked. (Not that I would, of course!) No, you wouldn't be able to do that, because SpamCop would correctly pick out YOUR IP address and get YOU in trouble with your ISP for it. > SpamCop! You are incredibly INEPT and IRRESPONSIBLE in your actions here! YOU are incredibly INEPT and IRRESPONSIBLE for making false accusations against SpamCop without bothering to understand how SpamCop actually works. > This issue is set to explode in your face. Looks like your little temper tantrum exploded in your own face. > You are likely to be facing class > action law suites some time very soon if you don't fix this nonsense! Please explain exactly how anyone could possibly sue SpamCop based on your false information about how SpamCop actually works. Considering that SpamCop finds the e-mail's origin based on the receiving IP address and NOT the forged "from" field, you wouldn't be able to successfully sue SpamCop. > I have carefully recorded evidence and have three separate witnesses that > this is EXACTLY what SpamCop have done. Um, you mean "SpamCop has" not "SpamCop have." You might want to drop the poor attempt at speaking in Ebonics. > You can NOT convince us otherwise, That's only because you are behaving ignorantly and didn't properly research the situation before blathering on with false accusations in a public forum. > and you sure wont convince a judge. You're wrong about that. > Look! Everyone HATES spam, not least of all my self. But you can't go around > erroneously blocking innocent parties like this! SpamCop DOESN'T "go around erroneously blocking innocent parties." You might want to look up the word "libel" in the dictionary because you are guilty of libel with your false claims here. > (Reply address spam filtered via HotMail. So don't bother. But you can call > me on +64 21 933 393 if you like.) Don't be a coward. Try coming back to the newsgroup to read replies yourself. Please do tell us about the lawyer laughing in your face over your attempts to file false claims. Thanks for the laugh and congratulations of making a complete ass out of yourself for no good reason. -Cat SpamCop user, not an admin From flippetyfloo at fake.com Thu Sep 2 00:25:20 2004 From: flippetyfloo at fake.com (RandallW) Date: Thu Sep 2 02:25:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > Hi. > > > I smell a class action law suite in the wind! > > This issue is set to explode in your face. You are likely to be facing class > action law suites some time very soon if you don't fix this nonsense! > A class action law 'suite'? How much does it cost to rent one of these? From gezgin at spamcop.net Thu Sep 2 10:55:42 2004 From: gezgin at spamcop.net (Gezgin) Date: Thu Sep 2 03:00:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "RandallW" wrote > A class action law 'suite'? How much does it cost to rent > one of these? Depends on whether your lawyer is fixed-fee, takes a percentage, or is pro-bono... ;-) -- Bob Kanyak's Doghouse http://www.kanyak.com From tdy at blackhole.invalid Thu Sep 2 01:03:04 2004 From: tdy at blackhole.invalid (N. Miller) Date: Thu Sep 2 03:05:08 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: In article , Bryan says... > BUT WAIT!! Marketoon talk. Here it all the time on those sleazy, late night "vegetator" ads. > I smell a class action law suite in the wind! Is there a spammer's dictionary somewhere? I see this all the time when spammers start ranting; 'frea speach', 'law suite'...what is it? Do they teach special spam spell skills in spam school? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at nowhere.invalid Thu Sep 2 10:04:20 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 2 03:05:12 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: On Thu, 2 Sep 2004 12:14:09 +1200, Bryan coughed into spamcop and left this in : > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! Bzzzzzzt. Wrong answer. Thank you for playing, now get lost. SC looks at the IP address from which the spam came and totally ignores any e-mail addresses in the spam. What the hell are you doing running a server anyway with your evident lack of knowledge of how this "Innernet" thingy works? -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From nobody at nowhere.invalid Thu Sep 2 10:06:17 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 2 03:10:02 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: On Wed, 1 Sep 2004 23:25:20 -0700, RandallW coughed into spamcop and left this in : >> I smell a class action law suite in the wind! >> >> This issue is set to explode in your face. You are likely to be facing > class >> action law suites some time very soon if you don't fix this nonsense! >> > > A class action law 'suite'? How much does it cost to rent one of these? Will you be needing the bow-tie es well, sir? -- Steve Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. From user at domain.invalid Thu Sep 2 10:22:48 2004 From: user at domain.invalid (user@domain.invalid) Date: Thu Sep 2 04:25:03 2004 Subject: [SpamCop-List] Problem Solved - Netscape Spamming me References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> Message-ID: <4136D858.1000102@domain.invalid> Hi Not sure who sent this advice, but thank you very much for the information. I followed your advice and I do not get the ads any more Thanks again :-) Regards Neil > > It is very simple. Edit / Preferences / Mail and Newsgroups -> deselect > Mail start page or enter your desired url address of a web page or news > page that will be loaded in that section. From user at domain.invalid Thu Sep 2 10:25:03 2004 From: user at domain.invalid (user@domain.invalid) Date: Thu Sep 2 04:30:02 2004 Subject: [SpamCop-List] Problem Solved - Netscape Spamming me References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> Message-ID: <4136D8DF.2070605@domain.invalid> Hi Not sure who sent this advice, but thank you very much for the information. I followed your advice and I do not get the ads any more Thanks again :-) Regards Neil > > It is very simple. Edit / Preferences / Mail and Newsgroups -> deselect > Mail start page or enter your desired url address of a web page or news > page that will be loaded in that section. From MikeE at ster.invalid Thu Sep 2 02:44:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 2 04:46:14 2004 Subject: [SpamCop-List] Re: Problem Solved - Netscape Spamming me References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> <4136D858.1000102@domain.invalid> Message-ID: user@domain.invalid wrote: > Not sure who sent this advice, but thank you very much for the > information. I followed your advice and I do not get the ads any more >> >> It is very simple. Edit / Preferences / Mail and Newsgroups -> >> deselect Mail start page or enter your desired url address of a web >> page or news page that will be loaded in that section. Original thread query: NNTP-Posting-Host: host217-137-16-38.no-dns-yet.ntli.net - signing Neil Advice above: NNTP-Posting-Host: bsn-77-22-218.dsl.siol.net also calling hirself user@domain.invalid - sometimes also signing T or TK Since that user@domain.invalid 'handle' was already being used by T/TK before Neil user@domain.invalid posted here, I suggest that you Neil user@domain.invalid call yourself something different. I also suggest that T or TK user@domain.invalid sign more consistently until we get this little duplication worked out. -- Mike Easter kibitzer, not SC admin From user\" at domain.invalid>" Thu Sep 2 11:46:06 2004 From: user\" at domain.invalid>" ( Rolf) Date: Thu Sep 2 04:50:06 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: Steven Maesslein wrote: >>A class action law 'suite'? How much does it cost to rent one of these? > > Will you be needing the bow-tie es well, sir? Or would that be already furnished and on which level? From huggenberger at init7.net Thu Sep 2 12:15:43 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Thu Sep 2 05:20:21 2004 Subject: [SpamCop-List] Question regarding the 48 Hours... Message-ID: Our Mailserver IP has been listed for 2.4 days. And it's only listed at bl.spamcop.net. How can we get sure, that our IP will be removed within the next hours/days/weeks? Cheers Marco From nobody at nowhere.invalid Thu Sep 2 12:56:06 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 2 06:00:02 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... References: Message-ID: On Thu, 02 Sep 2004 11:15:43 +0200, Marco Huggenberger coughed into spamcop and left this in : > Our Mailserver IP has been listed for 2.4 days. > > And it's only listed at bl.spamcop.net. > > How can we get sure, that our IP will be removed within the next > hours/days/weeks? By stopping spam from flowing from it. It will be delisted automatically no more than 48 hours AFTER THE Spam STOPS FLOWING. -- Steve Notice spotted in a field: THE FARMER ALLOWS WALKERS TO CROSS THE FIELD FOR FREE, BUT THE BULL CHARGES From huggenberger at init7.net Thu Sep 2 13:29:48 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Thu Sep 2 06:30:06 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Hi Steve Steven Maesslein schrieb: > By stopping spam from flowing from it. > It will be delisted automatically no more than 48 hours AFTER THE Spam > STOPS FLOWING. There is no open (visible) issue that I can stop, maybee this is an error. Error finding reportid for 213.144.x.x / 12327xx 213.144.x.x: found reportid , spamid but when I click on: "[show report]" or "show" the only message i get is: "Cannot find spam for reportid 0" or "No input". I'm willing to fix any problem on my side, but if I cannot see any problems I won't be able to correct them, ergo I will never be delisted?! Any hints?! Cheers Marco From wb8tyw at qsl.network Thu Sep 2 08:48:03 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Sep 2 07:50:17 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Marco Huggenberger wrote: > There is no open (visible) issue that I can stop, maybee this is an error. > > Error finding reportid for 213.144.x.x / 12327xx > 213.144.x.x: found reportid , spamid but when I click on: > "[show report]" or "show" the only message i get is: > > "Cannot find spam for reportid 0" or "No input". > > I'm willing to fix any problem on my side, but if I cannot see any > problems I won't be able to correct them, ergo I will never be > delisted?! Any hints?! Specific advice will require the exact I.P. address listed, so that the other readers of this forum can look it up on the various internet databases. If spam samples can be found, then sometimes they will also reveal what the problem is. If your I.P. is listed solely for spamtrap hits, or not other data can be found, then for specific help, you need to write to deputies(at)spamcop.net The current most likely reasons for a real mail server to be listed in an approximate order of probability based on what has been reported in these forums. 1. Weak password exploit. Spammer has guessed a password on the system. Less likely variant, Spammer has phished a password of one of your users. 2. Mail server is abusively bouncing spam and viruses to their forged addresses, or giving them out of office notices. Or even worse is sending virus detected notices to the forged addresses. Human spamcop.net reporters are not allowed to report such things, but spamtraps may be different. In these cases, only spam traps are shown. Out of Office or Vacation messages from voice-mail or e-mail are the electronic equivalent to a pile of newspapers in front of a house. Companies have been bilked out of cash by scammers this way. 3. A trojan has infected the machine and a spammer has full remote control of it. 4. The server is configured as an open relay. The http://dsbl.org/programs can be used to perform comprehensive tests on your network. -John wb8tyw@qsl.network Personal Opinion Only From huggenberger at init7.net Thu Sep 2 15:13:47 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Thu Sep 2 08:15:03 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Hi John John E. Malmberg schrieb: > Specific advice will require the exact I.P. address listed, so that the > other readers of this forum can look it up on the various internet > databases. If spam samples can be found, then sometimes they will also > reveal what the problem is. That's great, but > If your I.P. is listed solely for spamtrap hits, or not other data can > be found, then for specific help, you need to write to > deputies(at)spamcop.net In the meantime I received a message from spamcop, telling me, that the server sent his last spam 45 hours ago and will be removed within the next three hours if no more spam is announced on this host. > The current most likely reasons for a real mail server to be listed in > an approximate order of probability based on what has been reported in > these forums. > 1. Weak password exploit. Spammer has guessed a password on the system. > Less likely variant, Spammer has phished a password of one of your users. > 2. Mail server is abusively bouncing spam and viruses to their forged > addresses, or giving them out of office notices. Or even worse is > sending virus detected notices to the forged addresses. > Human spamcop.net reporters are not allowed to report such things, but > spamtraps may be different. In these cases, only spam traps are shown. > Out of Office or Vacation messages from voice-mail or e-mail are > the electronic equivalent to a pile of newspapers in front of a > house. Companies have been bilked out of cash by scammers this > way. > 3. A trojan has infected the machine and a spammer has full remote > control of it. > 4. The server is configured as an open relay. That was our reason, we call it 4.1: The mailserver is used as 'smarthost' from different customers, where we cannot control if they update their mailsystem. I think we have to change this policy very soon :-( > The http://dsbl.org/programs can be used to perform comprehensive tests > on your network. Thanks for your detailed information about this issue. Cheers Marco From Merlyn at Spamcop.net Thu Sep 2 09:27:00 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Sep 2 08:30:03 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: "Dima" wrote in message news:ch6s8t$bl2$1@news.spamcop.net... > > I solve problem with spam tow day ago (31.8.2004), and I do not understand > why my IP (81.17.131.242) still in stop list > Did you read the listing: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam about 10 times in the past week Spam is still being reported from that machine. It will come off the list 48 hours "after" the "last" spam report. Senderbase shows in the last day mail from that server is up 1,836%, so the problem couldn't have been fixed two days ago. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From root at sofar-plus.com.ua Thu Sep 2 16:38:38 2004 From: root at sofar-plus.com.ua (Dima) Date: Thu Sep 2 08:45:03 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: maybe I something do not understand but statistic http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=81.17.131.24 2 do not change by 30.08.2004 and for to day From bjtexas at hotmale.com Thu Sep 2 08:50:44 2004 From: bjtexas at hotmale.com (BJ) Date: Thu Sep 2 08:55:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > > A client, let's say bob@foo.bar, sits at home and sends a few > E-mails to his contact list using MS Outlook Express. > Naturally his reply address is bob@foo.bar. Now, ONE of the > E-mails accidentally has the wrong address (or something) or > maybe not even that, but the Wally at the other end complains > that he has been spammed when, in fact, he hasn't. But let us > say it really WAS spam. > > > > So SpamCop, doing their best to help out, looks at the > message. Hmmm... it claims to be from bob@foo.bar. So we > simply look up foo.bar's IP address and we find 1.2.3.4. > Great! Let's block 1.2.3.4. What good people we are! > What is a clueless ass like you doing running a server. The blocklist don't work that way. 1) It uses traceable IP address and not email addresses. 2) It takes more than one complaint. > > NOT! > > > > Firstly, who the hell says Bob wasn't FAKING his reply > address? > See response above. Clueless... > > Secondly, the mail never even came from 1.2.3.4!! It came via > some person claiming to be Bob's ISP, via their Dial-up. > See response above, clueless... > > Thirdly, what about the other 50 clients of ours who happen to > reside at 1.2.3.4 who had nothing to do with this? They are > now losing business and clients because people at SpamCop, > despite being upstanding and honest individuals are behaving > like a bunch of idiots? > > > > I smell a class action law suite in the wind! > Do you know what a cart00ny is? > > It is now clear to me how to very easily get anyone I want > blocked on SpamCop's database. All I have to do is send a few > blatant spams via a borrowed dial-up account with my From: and > Reply-To: addressed set to the victim I want blocked. (Not > that I would, of course!) > Your clueless... > > > This issue is set to explode in your face. You are likely to > be facing class action law suites some time very soon if you > don't fix this nonsense! > Double cart00ney... You know there are blocklist specifically for cart00nies > > I have carefully recorded evidence and have three separate > witnesses that this is EXACTLY what SpamCop have done. You can > NOT convince us otherwise, and you sure wont convince a judge. > Triple Cart00ny... hope a lot of admins see this. You do know about private blocklists don't you. Many of them are the IPs go in and never come out. > > Look! Everyone HATES spam, not least of all my self. But you > can't go around erroneously blocking innocent parties like > this! > Your obviously not an innocent party.... enjoy being blocked forever. From root at sofar-plus.com.ua Thu Sep 2 16:49:31 2004 From: root at sofar-plus.com.ua (Dima) Date: Thu Sep 2 08:55:05 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: my second ip was remove but statistic do not changed http://cbl.abuseat.org/lookup.cgi?ip=193.111.16.139 "Dima" ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:ch6s8t$bl2$1@news.spamcop.net... > > I solve problem with spam tow day ago (31.8.2004), and I do not understand > why my IP (81.17.131.242) still in stop list > > > From root at sofar-plus.com.ua Thu Sep 2 17:00:35 2004 From: root at sofar-plus.com.ua (Dima) Date: Thu Sep 2 09:05:03 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: And once more ask every one do not send and receive mail by one hour I do not see any smtp or pop3 traffic by tcpdump From MikeE at ster.invalid Thu Sep 2 07:36:11 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 2 09:40:05 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... References: Message-ID: Marco Huggenberger wrote: > In the meantime I received a message from spamcop, telling me, that > the server sent his last spam 45 hours ago and will be removed within > the next three hours if no more spam is announced on this host. That must be all about 213.144.129.5 rDNS mx1.init7.net which seems to be 'quiet' at senderbase; ie the activity is normal now, but the SCbl listing hasn't yet gone away. What about 213.144.128.48 rDNS kolibri.init7.net ? which is not currently listed in the SCbl, but has reports, and whose senderbase activity is 'outawhack' Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 3.7 18012% Last 30 d 2.6 1071% Average 1.5 Use monospace font for columns What about the other mx 212.55.195.90 rDNS ns2.init7.net ? which /is/ currently listed in the SCbl 212.55.195.90 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Listing History It has been listed for 2.0 days. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Sep 2 11:32:14 2004 From: nobody at spamcop.net (Firewoman) Date: Thu Sep 2 10:35:14 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Bryan" wrote in message news:ch5okh$bfa$1@news.spamcop.net... > Hi. Hi. Hard to get a clue when you don't give one first, so, taking a wild guess from where you posted from..... host port54-158-215.adsl.maxnet.co.nz (checking ip) = 210.54.158.215 host 210.54.158.215 = port54-158-215.adsl.maxnet.co.nz (cached) No recent reports, no history available Wow. "One person" sure did a lot of damage. http://groups.google.com/groups?scoring=d&q=maxnet.co.nz+group:*abuse* Per SenderBase: Addresses in ADSL Pools for Maxnet used to send email: 202.89.58.234 wlg11-port106.jetstart.maxnet.co.nz ( 202.89.58.234 not listed in bl.spamcop.net ) 202.89.58.208 wlg11-port80.jetstart.maxnet.co.nz ( 202.89.58.208 not listed in bl.spamcop.net ) Report on IP address: 202.89.58.234 Last 30 days 1032% increase Report on IP address: 202.89.58.208 Last 30 days 1071% increase I don't think I'm going to look at all the other IP's listed in SenderBase, but you might want to. You're right, it looks like it was irresponsible to list such a spammy IP and not consider including the entire range! It's always better to be educated about your opponent, and especially about what you'd like to complain about, BEFORE tossing your "lawsuite" threats around. You might want to do a search on "cartooney" and see what else you can find. :) Have a nice day. /just a subscriber. my opinions, not my employers. statistics from senderbase.org and spamcop.net From nobody at devnull.spamcop.net Thu Sep 2 11:48:57 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Sep 2 11:50:18 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: "Dima" wrote in message news:ch74b2$hlq$1@news.spamcop.net... > maybe I something do not understand but statistic > http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=81.17.131.24 > 2 do not change by 30.08.2004 and for to day Line wrap problem? 81.17.131.24 is not the same as 81.17.131.242 Try going to this link instead; http://www.senderbase.org/?sb=1&searchBy=ipaddress&searchString=81.17.131.242 Currently showing; Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.2 1836% Last 30 days 4.0 953% Average 2.9 From nobody at devnull.spamcop.net Thu Sep 2 11:51:49 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Sep 2 11:55:03 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: "Dima" wrote in message news:ch74vk$i90$1@news.spamcop.net... > my second ip was remove but statistic do not changed > http://cbl.abuseat.org/lookup.cgi?ip=193.111.16.139 and again, in this case, try going to this link; http://www.senderbase.org/search?searchString=193.111.16.139 Currently showing; Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.4 10067% Last 30 days 3.4 1071% Average 2.4 From eddie at eddie.web Thu Sep 2 13:33:48 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 2 12:35:09 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: On Thu, 02 Sep 2004 09:55:42 +0300, Gezgin scratched out the following: > "RandallW" wrote > >> A class action law 'suite'? How much does it cost to rent one of these? > > Depends on whether your lawyer is fixed-fee, takes a percentage, or is > pro-bono... > ;-) now let's leave Bono out of this. He has his moments, but overall he's OK :) From nobody at spamcop.net Thu Sep 2 12:14:00 2004 From: nobody at spamcop.net (Ellen) Date: Thu Sep 2 12:55:04 2004 Subject: [SpamCop-List] Re: remove References: Message-ID: "Dima" wrote in message news:ch6s8t$bl2$1@news.spamcop.net... > > I solve problem with spam tow day ago (31.8.2004), and I do not understand > why my IP (81.17.131.242) still in stop list > > > IP 81.17.131.242 has delisted. Ellen SpamCop From nobody at devnull.spamcop.net Thu Sep 2 15:11:49 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 2 15:15:18 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: BJ wrote: > Your clueless... > Your obviously not an innocent party.... enjoy being blocked > forever. You mean to say YOU'RE, not YOUR. YOUR is a possessive pronoun and not an acceptable shortening of YOU ARE. YOU'RE means YOU ARE. Sorry, I just had to say something since it looks better if you don't have major grammar mistakes like that when you're pointing out someone else's stupidity. From toni.kranjec--- at siol.net Thu Sep 2 23:31:31 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Thu Sep 2 16:25:07 2004 Subject: [SpamCop-List] Re: Problem Solved - Netscape Spamming me In-Reply-To: References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> <4136D858.1000102@domain.invalid> Message-ID: >>Not sure who sent this advice, but thank you very much for the >>information. I followed your advice and I do not get the ads any more Glad I could help! Regards from Slovenia! From MikeE at ster.invalid Thu Sep 2 14:40:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 2 16:45:06 2004 Subject: [SpamCop-List] Re: Problem Solved - Netscape Spamming me References: <41363935.4020002@domain.invalid> <413643E6.1000207@spamcop.net> <4136D858.1000102@domain.invalid> Message-ID: ToniK wrote: > Glad I could help! Regards from Slovenia! Thanx for solving the handle/nym duplication situation. -- Mike Easter kibitzer, not SC admin From asterix at no_where.net Thu Sep 2 23:42:06 2004 From: asterix at no_where.net (Asterix) Date: Thu Sep 2 16:45:19 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: <1gji9sk.vaxqvm1doiw74N%asterix@no_where.net> Bryan wrote: > > So SpamCop, doing their best to help out, looks at the message. Hmmm... it > claims to be from bob@foo.bar. So we simply look up foo.bar's IP address and > we find 1.2.3.4. Great! Let's block 1.2.3.4. What good people we are! Nope - they don't parse email addys any more, and as far as I know they *never* parsed the alleged sender's addy. From redball at mindspring.com Thu Sep 2 17:17:46 2004 From: redball at mindspring.com (Trish Roberts-Miller) Date: Thu Sep 2 17:09:58 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: <41378DFA.5020002@mindspring.com> spamcop-list-request@news.spamcop.net wrote: Message: 12 Date: Thu, 02 Sep 2004 14:11:49 -0500 From: Cat Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE To: spamcop-list@news.spamcop.net Message-ID: Content-Type: text/plain; charset=us-ascii; format=flowed BJ wrote: >> Your clueless... > > >> Your obviously not an innocent party.... enjoy being blocked >> forever. > > You mean to say YOU'RE, not YOUR. YOUR is a possessive pronoun and not an acceptable shortening of YOU ARE. YOU'RE means YOU ARE. Sorry, I just had to say something since it looks better if you don't have major grammar mistakes like that when you're pointing out someone else's stupidity. ==== That isn't a grammar mistake. It's a spelling error. (And the word isn't "shortening," but "contraction." And people rarely make "grammar mistakes"--what is commonly called a "grammar" mistake is actually much more often a usage error.) -- Trish Roberts-Miller redball@mindspring.com "Just one face card, and one ace, Put my game back in play." (Tom Verlaine) http://www.cwrl.utexas.edu/~robertsmiller/homepage.html From spamcop at oitc.com Thu Sep 2 19:54:02 2004 From: spamcop at oitc.com (spamcop) Date: Thu Sep 2 18:55:20 2004 Subject: [SpamCop-List] Missed phishing url Message-ID: See http://www.spamcop.net/sc?id=z639451454ze8617f9cfce7069559e9af059dcb7c0ez Tom From nobody at devnull.spamcop.net Thu Sep 2 20:12:06 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Thu Sep 2 19:15:04 2004 Subject: [SpamCop-List] Re: [C&C] RE: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: "Sean W" wrote in message > [Snip: ludicriously funny naivety and 4 day old limp lettuce leaf-like > cart00ney]. > > Godamn that was funny. Best laugh I had all day. > > > PS Bryan. > Oh and netiquette requires a C&C warning if the contents of a post are > likely to cause 'splorfing' of coffee and startling of furry friends. > > -- > Sean I brrreeezed by your post myself. Appreciated your POV and moved on. I saw the OP post as comic, but not really hysterically so: not that he did not really work hard to get all bollixed up and backwards to himself, just that there is a time in early childhood for clowns. Then we "grow up" and and convince ourselves that they are not funny. Then later still we look back and remember: They really, really /were/ funny: we just forgot how to laugh. OTOH, Bryan really needed the [C&C] in the subject line. Without it he really seems to have lost the audience. Next time, Bryan, be sure to do the [C&C] so people will know: Pay ATTENTION to THIS!!! THIS is FREEKING SEEERIOUS!!! Spam subject of the day: Honorable mention goes to this item for abuse of trademarks category: " MS Project 2003 Professional update elusive" heh heh heh... Glenn From MikeE at ster.invalid Thu Sep 2 17:19:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 2 19:20:04 2004 Subject: [SpamCop-List] Re: Missed phishing url References: Message-ID: spamcop wrote: www.spamcop.net/sc?id=z639451454ze8617f9cfce7069559e9af059dcb7c0ez Resolving link obfuscation http://221.6.105.59/index.php host 221.6.105.59 (getting name) no name Re: http://221.6.105.59/index.php (Administrator of network hosting website referenced in spam) postmaster#cnc-noc.net@devnull.spamcop.net abuse@cnc-noc.net -- Mike Easter kibitzer, not SC admin From ande at worldnet.att.net Thu Sep 2 20:01:13 2004 From: ande at worldnet.att.net (Overton Anderson) Date: Thu Sep 2 20:05:03 2004 Subject: [SpamCop-List] My Reports Using My Real Name??? Message-ID: My spam reports are apparently sent using my real name; I found this out recently when a legit ISP responded to me using my cesmail address but to me in my name. Is there a way to conceal my name on spam reports without muddling up my name when I use cesmail.net to send email? Thanks! From eddie at eddie.web Fri Sep 3 00:12:49 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 2 23:15:20 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: On Thu, 02 Sep 2004 16:17:46 -0500, Trish Roberts-Miller scratched out the following: snip > That isn't a grammar mistake. It's a spelling error. > Sometimes bad "grammer" is a spelling error. :) Sorry 'bout that :) From game at wst.net.cn Fri Sep 3 15:00:25 2004 From: game at wst.net.cn (wuwei) Date: Fri Sep 3 01:55:21 2004 Subject: [SpamCop-List] 202.102.2.84 is now with ESMTP Message-ID: 202.102.2.84 is now with ESMTP,no Open Relay any more. Pls remove from ur list.Thanks. From MikeE at ster.invalid Fri Sep 3 00:21:49 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 02:25:04 2004 Subject: [SpamCop-List] Re: 202.102.2.84 is now with ESMTP References: Message-ID: wuwei wrote: > 202.102.2.84 is now with ESMTP,no Open Relay any more. Pls remove > from ur list.Thanks. Listed in many spam databases, including spews, which will be much harder to get off than SCbl.. Also has no rDNS. 202.102.2.28 no rDNS also listed in SCbl. Also very active recently at senderbase: Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.1 7023% Last 30d 3.2 663% Average 2.3 -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Sep 3 03:27:13 2004 From: nobody at devnull.spamcop.net (Cat) Date: Fri Sep 3 03:30:11 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: Trish Roberts-Miller wrote: > You mean to say YOU'RE, not YOUR. YOUR is a possessive pronoun and not > an acceptable shortening of YOU ARE. YOU'RE means YOU ARE. Sorry, I just > had to say something since it looks better if you don't have major > grammar mistakes like that when you're pointing out someone else's > stupidity. > > ==== > > That isn't a grammar mistake. It's a spelling error. > > (And the word isn't "shortening," but "contraction." And people rarely > make "grammar mistakes"--what is commonly called a "grammar" mistake is > actually much more often a usage error.) Sounds like you're being a bit nitpicky there. :-P I know what a contraction is, but to get the point across, I said "shortening." "Your" can't be a contraction, so that's why I called it a shortening of "you are" since "you're" is the contraction. I'll have to go with Eddie on this one and say bad spelling can be a grammar error, especially with misuse of things like your/you're. P.S. Your reply didn't attribute the >> correctly, so it looks like you added the part that I said instead of quoting it. From nobody at devnull.spamcop.net Fri Sep 3 04:19:20 2004 From: nobody at devnull.spamcop.net (Cat) Date: Fri Sep 3 04:20:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: Trish Roberts-Miller wrote: > spamcop-list-request@news.spamcop.net wrote: > You mean to say YOU'RE, not YOUR. YOUR is a possessive pronoun and not > an acceptable shortening of YOU ARE. YOU'RE means YOU ARE. Sorry, I just > had to say something since it looks better if you don't have major > grammar mistakes like that when you're pointing out someone else's > stupidity. > > ==== > > That isn't a grammar mistake. It's a spelling error. > > (And the word isn't "shortening," but "contraction." And people rarely > make "grammar mistakes"--what is commonly called a "grammar" mistake is > actually much more often a usage error.) Sounds like you're being a bit nitpicky there. :-P I know what a contraction is. To get the point across, I said "shortening" since people misuse "your" because they don't seem to think of it in the correct contraction form of "you're." "Your" isn't a contraction, so that's why I called it a shortening of "you are" since "you're" is the contraction. I'll have to go with Eddie on this one and say bad spelling can be a grammar error, especially with misuse of things like your/you're. P.S. Your reply didn't attribute the >> correctly, so it looks like you wrote the part that I said instead of quoting it. From huggenberger at init7.net Fri Sep 3 11:44:21 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Fri Sep 3 04:46:32 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Hi Mike Mike Easter schrieb: > That must be all about 213.144.129.5 rDNS mx1.init7.net which seems to be > 'quiet' at senderbase; ie the activity is normal now, but the SCbl > listing hasn't yet gone away. Now we have: 213.144.129.5 not listed in bl.spamcop.net > What about 213.144.128.48 rDNS kolibri.init7.net ? which is not > currently listed in the SCbl, but has reports, and whose senderbase > activity is 'outawhack' 213.144.128.48 listed in bl.spamcop.net (127.0.0.2) but we removed/stoped the SMTP Service on this machine 2 days ago. > What about the other mx 212.55.195.90 rDNS ns2.init7.net ? which /is/ > currently listed in the SCbl > 212.55.195.90 listed in bl.spamcop.net (127.0.0.2) > Causes of listing > System has sent mail to SpamCop spam traps in the past week (spam traps > are secret, no reports or evidence are provided by SpamCop) 212.55.195.90 listed in bl.spamcop.net (127.0.0.2), but I removed all mails comming from kolibri.init7.net, this mx is our backup mx for mx1. Will contact spamcop again. Thanks for your input. Cheers Marco From ng.fjxrp at jondh.me.uk Fri Sep 3 11:07:30 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Fri Sep 3 05:11:07 2004 Subject: [SpamCop-List] Heads up: bug with Quick Reporting? Message-ID: Hi all I may get a telling off in here for using quick reporting -- one or two NG regulars who have pointed out that this is risky are quite right -- notwithstanding I believe I may have found an SC bug. I have an home-grown Outlook util that adds items of spam one at a time as attachments into an e-mail and sends it off to my quick-reporting address. These e-mails are added to my Sent Items folder so I can examine them. One particular item in my Outbox has some Received: lines that read thus: Received: from mail.bbb.co.uk ([212.248.233.182]) by cv-mail.corp.bbb.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id RZQ3JL5Q; Fri, 3 Sep 2004 06:53:56 +0100 Received: from adsl-68-94-47-11.dsl.rcsntx.swbell.net (unverified [68.94.47.11]) by MAIL.bbb.co.uk (Content Technologies SMTPRS 4.3.14) with SMTP id for ; Fri, 3 Sep 2004 06:56:23 +0100 And when I receive the report back from SpamCop, which has reported my own on-site mail server, the same lines read thus: Received: from mail.bbb.co.uk ([212.248.233.182]) by cv-mail.corp.bbb.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id RZQ3JL5Q; Fri, 3 Sep 2004 06:53:56 +0100 Received: from adsl-68-94-47-11.dsl.rcsntx.swbell.net (unverified [68.94.47..11]) by MAIL.bbb.co.uk (Content Technologies SMTPRS 4.3.14) with SMTP id for ; Fri, 3 Sep 2004 06:56:23 +0100 IMHO when the spam left my Outbox, the likely spammer IP address of 68.94.47.11 was fine, and when it got to SpamCop, it had another dot inserted into it, thus erroneously reporting my own server. This has happened once before, and on that occasion I believe it to be a fault with our server mis-recording the IP. However I no longer believe that to be the case and think that SC somewhere has inadvertently added stuff to my report. Any thoughts, anyone? Many thanks. I'm on sc at jondh dot me dot uk if a deputy wants to get in touch. Jon -- Please don't mail ng.fjxrp@jondh.me.uk as it is a spamtrap. From Technomage-hawke at 127.0.0.1 Fri Sep 3 04:01:01 2004 From: Technomage-hawke at 127.0.0.1 (Technomage Hawke) Date: Fri Sep 3 06:05:14 2004 Subject: [SpamCop-List] Re: An attempted unsolicitated connection by someone I just looked up? References: <87acwb4ymo.fsf@ursine.dyndns.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 indigo wrote: > > > Technomage Hawke wrote: >> Still, one must ask why such a company is being run from such a ritzy >> area? How about also from a home (a quarter million dollar home at >> that). > > A $250,000 house is considered "ritzy" now? And in/on a golf course? I > think you dropped a zero...... nope. you have to remember, this is phoenix. the only million dollar homes here are in "oarasite valley". that place is in north glendale. Technomage Hawke - -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBOEDdIAMHofu6NcwRAm55AKCJGMU6RplsfbNJrQ5ub08hshDFAgCfbQFU t1+YzbfrIWj0XWBXYxtHekI= =NU43 -----END PGP SIGNATURE----- From Technomage-hawke at 127.0.0.1 Fri Sep 3 04:04:55 2004 From: Technomage-hawke at 127.0.0.1 (Technomage Hawke) Date: Fri Sep 3 06:05:31 2004 Subject: [SpamCop-List] Re: An attempted unsolicitated connection by someone I just looked up? References: <87acwb4ymo.fsf@ursine.dyndns.org> <87y8jtq2qp.fsf@ursine.dyndns.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Technomage Hawke writes: > >> Still, one must ask why such a company is being run from such a ritzy >> area? How about also from a home (a quarter million dollar home at that). > > Hmm, either you're lowballing the land value or land is dirt cheap > there. Getting a nice place in a nice neighborhood near a golf course > usually sets people back $450,000 for a fixer-upper round here... > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (GNU/Linux) > > iD8DBQFBNhCgUzgNqloQMwcRAuNVAKCTz2w2nwjdczmIry4zBv5DIoocXACfUsL/ > 4nWnv3vosaNJ1JqmgD85ZAs= > =ggxK > -----END PGP SIGNATURE----- Property values aren't the real problem. its the taxes and the other "cost of living" expenses that take a bite out of you. Also, you have to consider, thats north glendale (not exactly on the top ten places to live list). the only places around here with .5 million dollar and above are located in scottsdale and "parasite valley". Then again, there is the phoenix country club located in central phoenix. other than that, you'd be lucky if you could sell a place here for 150k. Technomage Hawke p. btw, I live in the chicano end of town (83rd ave near mcdowell). we get gang bangs all day and night. drive by shootings are not uncommon. Around here, your safet WITH a gun than without. - -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBOEHHIAMHofu6NcwRAo9TAJ9EWuywoqkKCPGZu9xq73/GnzwZ/gCglWks Ncgmx+nJbpDRs5JWbxAsems= =9KGI -----END PGP SIGNATURE----- From nobody at spamcop.net Fri Sep 3 08:28:17 2004 From: nobody at spamcop.net (Ellen) Date: Fri Sep 3 07:35:02 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... References: Message-ID: "Marco Huggenberger" wrote in message news:ch9at8$g00$1@news.spamcop.net... > > 213.144.128.48 listed in bl.spamcop.net (127.0.0.2) but we > removed/stoped the SMTP Service on this machine 2 days ago. > > There are spams continuing to come thru this IP -- the latest was less than 30 minutes ago. Ellen SpamCop From redball at mindspring.com Fri Sep 3 07:55:02 2004 From: redball at mindspring.com (Trish Roberts-Miller) Date: Fri Sep 3 07:55:05 2004 Subject: [SpamCop-List] Re: SpamCop-List Digest, Vol 44, Issue 8 Message-ID: <20278886.1094212503434.JavaMail.root@wamui08.slb.atl.earthlink.net> [quoted material below] Date: Fri, 03 Sep 2004 02:27:13 -0500 From: Cat Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE To: spamcop-list@news.spamcop.net Message-ID: Content-Type: text/plain; charset=us-ascii; format=flowed Trish Roberts-Miller wrote: > You mean to say YOU'RE, not YOUR. YOUR is a possessive pronoun and not > an acceptable shortening of YOU ARE. YOU'RE means YOU ARE. Sorry, I just > had to say something since it looks better if you don't have major > grammar mistakes like that when you're pointing out someone else's > stupidity. > > ==== > > That isn't a grammar mistake. It's a spelling error. > > (And the word isn't "shortening," but "contraction." And people rarely > make "grammar mistakes"--what is commonly called a "grammar" mistake is > actually much more often a usage error.) Sounds like you're being a bit nitpicky there. :-P I know what a contraction is, but to get the point across, I said "shortening." "Your" can't be a contraction, so that's why I called it a shortening of "you are" since "you're" is the contraction. I'll have to go with Eddie on this one and say bad spelling can be a grammar error, especially with misuse of things like your/you're. P.S. Your reply didn't attribute the >> correctly, so it looks like you added the part that I said instead of quoting it. ========== You still aren't getting the joke, are you? (I have a feeling Eddie was joking, too. In case he wasn't, I'll try to be more clear--you used the wrong words in a post in which you were taking someone to task for using the wrong word. It's that grammer flamme thang.) [There are various problems with reading this group in mailing list form--one of them is that it doesn't get the markers right for quoted material, so I just put in a line between the quoted material and mine.] Trish Roberts-Miller redball@mindspring.com "Since 1840 the president's manhood has always been a question, his manly resolve, firmness, courage, and power equated with the capacity for violence, military virtues, and a plain-living style that avoided cultivated refinement and civility." (Kimmel) http://www.cwrl.utexas.edu/~robertsmiller/homepage.html From huggenberger at init7.net Fri Sep 3 15:33:48 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Fri Sep 3 08:35:04 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Hi Ellen Ellen schrieb: >>213.144.128.48 listed in bl.spamcop.net (127.0.0.2) but we >>removed/stoped the SMTP Service on this machine 2 days ago. > There are spams continuing to come thru this IP -- the latest was less than > 30 minutes ago. Last message was sent at: Aug 31 16:38:29 in /var/log/mail/mail.log, can you send me more details about this case? abuse@init7.net Thanks! Cheers Marco From MikeE at ster.invalid Fri Sep 3 06:34:13 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 08:35:12 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: Jon (spamtrap) wrote: > IMHO when the spam left my Outbox, the likely spammer IP address of > 68.94.47.11 was fine, and when it got to SpamCop, it had another dot > inserted into it, thus erroneously reporting my own server. That would definitely be a bad bug, especially in the quick system. It is hard to imagine why or how the parser could introduce spurious IP dots, for quick reporters or otherwise. One also wonders about what the frequency of such an event is. You would think that with the millions of reports per week, that if there were a repeatable causative mechanism that it would be seen and reported more often. However, 'holding' the evidence in your hand is pretty solid. The other opportunity for something spurious to creep in would be here: > I have > an home-grown Outlook util that adds items of spam one at a time as > attachments into an e-mail and sends it off to my quick-reporting > address. -- Mike Easter kibitzer, not SC admin From huggenberger at init7.net Fri Sep 3 15:48:07 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Fri Sep 3 08:50:03 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Marco Huggenberger schrieb: > Last message was sent at: Aug 31 16:38:29 in /var/log/mail/mail.log, can > you send me more details about this case? abuse@init7.net Thanks! Hmm, I've checked the mailqueue again on ns2.init7.net which still accepts mails from kolibri.init7.net, and I found a external host which is sending mails with the name kolibri.init7.net. I added this host to the access list. Thanks for your reply. Cheers Marco From MikeE at ster.invalid Fri Sep 3 06:55:52 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 09:00:03 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... References: Message-ID: Marco Huggenberger wrote: > Ellen schrieb: >>> 213.144.128.48 listed in bl.spamcop.net (127.0.0.2) but we >>> removed/stoped the SMTP Service on this machine 2 days ago. >> There are spams continuing to come thru this IP -- the latest was >> less than 30 minutes ago. > > Last message was sent at: Aug 31 16:38:29 in /var/log/mail/mail.log, > can you send me more details about this case? abuse@init7.net Thanks! Port 80 proxy abuse for smtp injection doesn't get entered in the mail.log. Evidence of port 80 abusable condition for smtp injection: http://dsbl.org/listing?ip=213.144.128.48 There may be other insecurities as well; it's like mice, when you see one, that doesn't mean that's all there is. Senderbase activity: Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 3.4 5338% Last 30d 2.7 1079% Average 1.7 -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Fri Sep 3 15:42:32 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Sep 3 09:45:15 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: "Cat" wrote in message news:ch99e8$enb$1@news.spamcop.net... > Trish Roberts-Miller wrote: > > > spamcop-list-request@news.spamcop.net wrote: > <> > > > > That isn't a grammar mistake. It's a spelling error. > > > > (And the word isn't "shortening," but "contraction." And people rarely > > make "grammar mistakes"--what is commonly called a "grammar" mistake is > > actually much more often a usage error.) > > Sounds like you're being a bit nitpicky there. :-P Yabut...... Isn't that what you're (your, yor, yore) supposed to do with nits? > > I know what a contraction is. To get the point across, I said > "shortening" since people misuse "your" because they don't seem to think > of it in the correct contraction form of "you're." "Your" isn't a > contraction, so that's why I called it a shortening of "you are" since > "you're" is the contraction. I'll have to go with Eddie on this one and > say bad spelling can be a grammar error, especially with misuse of > things like your/you're. My wife had contractions the other day - but it was nothing to do with grammar. I think it was the milkman (sorry, milkperson). > > P.S. Your reply didn't attribute the >> correctly, so it looks like you > wrote the part that I said instead of quoting it. > >> >> >> >> that's my bit From huggenberger at init7.net Fri Sep 3 16:51:05 2004 From: huggenberger at init7.net (Marco Huggenberger) Date: Fri Sep 3 09:55:03 2004 Subject: [SpamCop-List] Re: Question regarding the 48 Hours... In-Reply-To: References: Message-ID: Hi Mike Mike Easter schrieb: > Port 80 proxy abuse for smtp injection doesn't get entered in the > mail.log. Evidence of port 80 abusable condition for smtp injection: > http://dsbl.org/listing?ip=213.144.128.48 Puah! Thanks for pointing me to that, that brings me to the httpd.conf where I found a "mod_proxy" without any RewriteRules on it (!). I checked the http-logs where I saw a lot of very ugly requests on that machine. Should be stopped now. Thanks! Cheers Marco From ng.fjxrp at jondh.me.uk Fri Sep 3 17:24:58 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Fri Sep 3 11:25:10 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: > > IMHO when the spam left my Outbox, the likely spammer IP address of > > 68.94.47.11 was fine, and when it got to SpamCop, it had another dot > > inserted into it, thus erroneously reporting my own server. > > That would definitely be a bad bug, especially in the quick system. > > It is hard to imagine why or how the parser could introduce spurious IP > dots, for quick reporters or otherwise. One also wonders about what the > frequency of such an event is. You would think that with the millions of > reports per week, that if there were a repeatable causative mechanism > that it would be seen and reported more often. I agree, it is puzzling. > However, 'holding' the evidence in your hand is pretty solid. > > The other opportunity for something spurious to creep in would be here: > > > I have > > an home-grown Outlook util that adds items of spam one at a time as > > attachments into an e-mail and sends it off to my quick-reporting > > address. [grin] Thanks Mike. I see your point, but... once an e-mail is sent by my utility, it is copied into the outbox *by Outlook* as if I had composed and sent it manually. On that basis I am convinced that the problem lies after the quick mail leaves my inbox and before SpamCop displays it on-screen. *Admins*: is there a way that the mail as received by spamcop can be examined? I can forward a copy of the quick report to you, which will demonstrate that I reported it correctly (of course it could corrupt at several points along the way before it gets to SC). Many thanks. Jon From nobody at spamcop.net Fri Sep 3 12:42:25 2004 From: nobody at spamcop.net (Firewoman) Date: Fri Sep 3 11:45:02 2004 Subject: [SpamCop-List] Spamcop v. Spam "King" - IT'S OVER! Message-ID: http://www.clickz.com/news/article.php/3403421 " The parties will issue a joint press release on Friday confirming the settlement has been reached. Both have agreed not to make further comments. " From eddie at eddie.web Fri Sep 3 13:53:17 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 12:55:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: On Fri, 03 Sep 2004 14:42:32 +0100, Porpoise scratched out the following: snip > My wife had contractions the other day - but it was nothing to do with > grammar. I think it was the milkman (sorry, milkperson). > snap It may have something to do with gramma, though. :) From porpoise1954 at yahoo.co.uk Fri Sep 3 18:59:19 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Sep 3 13:00:05 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: "eddie" wrote in message news:pan.2004.09.03.16.53.16.282000@eddie.web... > On Fri, 03 Sep 2004 14:42:32 +0100, Porpoise scratched out the following: > > snip > > My wife had contractions the other day - but it was nothing to do with > > grammar. I think it was the milkman (sorry, milkperson). > > > snap > It may have something to do with gramma, though. :) Droopie-drawers...?? From nobody at devnull.spamcop.net Fri Sep 3 13:18:52 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 3 13:20:02 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: "Jon (spamtrap)" wrote in message news:cha2cb$1vp$1@news.spamcop.net... > > *Admins*: is there a way that the mail as received by spamcop can be > examined? I can forward a copy of the quick report to you, which will > demonstrate that I reported it correctly (of course it could corrupt at > several points along the way before it gets to SC). Why not simply CC: the same output copy to another address and look at it yourself? From baloo at ursine.dyndns.org Fri Sep 3 10:08:53 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 3 13:30:04 2004 Subject: [SpamCop-List] Re: 202.102.2.84 is now with ESMTP References: Message-ID: <87sm9zpc6i.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "wuwei" writes: > 202.102.2.84 is now with ESMTP,no Open Relay any more. Pls remove from ur > list. Don't ask, it's not necissary. http://www.spamcop.net/bl.shtml explains how it works. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOJcVUzgNqloQMwcRAtiVAKCJ2/g3FeBGa4kIqn2aCOwnHbTthwCguluX qqJOzLUVZhHJWkYI+WmFIIM= =yTHR -----END PGP SIGNATURE----- From 8vmb6jy02 at sneakemail.com Fri Sep 3 19:28:54 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Fri Sep 3 13:30:09 2004 Subject: [SpamCop-List] ITD Media Spamhaus Redirection System (SBL18919) Message-ID: I note today that ITD media's itdmedia.com (kiteflyinover.com, saltwatercolo.com, prizebucksinemail.net etc) redirector system has now been dealt with by spamcop's parser. I was just going to raise this issue myself. This spamhaus is providing a spam redirection service through their spamvertised site(s) E.g. http://prizebucksinemail.net/t/10/212/47829759/396 redirects to http://www.yourinterestsbyemail.com/sites/freeforme/index.php Well Spamcop now parses those redirections and comes up with the redirected site (as well as the original spamvertised site which means they get double LARTED as they spamvertise *two* sites). Good work Spamcop. They are onto their third 'redirector' domain since I started getting their spew (about a month). Obviously one of spammy's better ideas. *NOT* All sites appear to be on webhostplus (becoming/are a major spamhaus? http://www.spamcop.net/w3m?action=checkblock&ip=prizebucksinemail.net or http://tinyurl.com/56u5m not often you see lists like that). Hosting a ROSKO spammer will do that for you I guess, this one being: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL18919 or http://tinyurl.com/3hw88 -- Sean From nobody at spamcop.net Fri Sep 3 14:39:37 2004 From: nobody at spamcop.net (indigo) Date: Fri Sep 3 13:40:02 2004 Subject: [SpamCop-List] Re: An attempted unsolicitated connection by someone I just looked up? References: <87acwb4ymo.fsf@ursine.dyndns.org> Message-ID: Technomage Hawke wrote: > > > > A $250,000 house is considered "ritzy" now? And in/on a golf > > course? I think you dropped a zero...... > > nope. you have to remember, this is phoenix. the only million dollar > homes here are in "oarasite valley". > > that place is in north glendale. > By golly, you're right! Amazing. Average new home cost in 2003 was only $147,000. Guess I'm jaded based on where I live.....the average single family home cost in the state of Maryland in June 2004 was $300,300! From nobody at spamcop.net Fri Sep 3 14:45:29 2004 From: nobody at spamcop.net (indigo) Date: Fri Sep 3 13:50:07 2004 Subject: [SpamCop-List] Re: Spamcop v. Spam "King" - IT'S OVER! References: Message-ID: Bob W. wrote: > > Even if it's the case that "nobody paid anybody anything", I'd like to > know if Spammy paid for SpamCop's/Ironport's legal fees for defending > against this harassment. > Doesn't sound like it..... http://lawsuite.word-to-the-wise.com/srannounce.txt Sept 1, 2004 Westminster, CO- OptinRealBig.com, LLC has settled the litigation commenced by Optinrealbig.com against SpamCop on April 29, 2004. In its complaint, Optinrealbig alleged damages under various causes of action including defamation and unfair trade practice claims based upon the operation of SpamCop's spam reporting service. On June 25, 2004, United States District Judge Saundra Brown Armstrong of the United States District Court for the Northern District of California denied the Plaintiff's Motion for Preliminary Injunction, finding among other things that SpamCop is subject to immunity under 230 of the Communications Decency Act. ****Under the terms of the settlement, neither party has admitted any wrongdoing or liability.***** Additionally, SpamCop's website and reporting policies will remain unchanged, as will Optinrealbig.com's business practices and emailing methodologies. The terms of the settlement are otherwise confidential. From MikeE at ster.invalid Fri Sep 3 12:02:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 14:05:03 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: WazoO wrote: > "Jon (spamtrap)" >> *Admins*: is there a way that the mail as received by spamcop can be >> examined? > > Why not simply CC: the same output copy to another address and > look at it yourself? It seems like such a bizarre and unlikely event that one would have to do 'a bunch' in order to get it to happen. But, that would be the/a way to do it -- and I wonder what would be the meaning of finding a dot event in the parser and not in the alternate address -- or, perhaps of finding a dot event in the alternate address and not the parser -- or of rarely finding the dot event in both -- to say nothing of doing several thousand and finding no dot events in either. And, what shall we make of the fact that this is not the first report of such a dot event occurring /somewhere/ -- caused by a server or the parser or something? Shall the finger of suspicion be pointed at the parser 'automatically'? After all, the parser starts 'munching on' the item; ie changing it rather than just 'reading' it. It is reading and rewriting the spam and headers from the gitgo. -- Mike Easter kibitzer, not SC admin From Hostmaster at Video2Video.Com Fri Sep 3 13:10:06 2004 From: Hostmaster at Video2Video.Com (Peter Leftwich) Date: Fri Sep 3 15:10:17 2004 Subject: [SpamCop-List] Cyveillance conspiracy theory Message-ID: <3784.208.247.148.12.1094238606.squirrel@webmail.alienwebshop.com> I wonder if Cyveillance is harvesting SpamCop.Net reports to identify patterns in the spamming world. From these trends, spammers should be able to write better [evolving] spams that get past Bayesian and other learning filters. Along these lines, a spammer could [and they probably do] study the list of tests/rules that SpamAssassin performs, and learn how to write more successful (inbox-deliverable) spam messages. What's your opinion or conspiracy theory?? -- Peter Leftwich, President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039, USA http://Www.Video2Video.Com From spamcop at oitc.com Fri Sep 3 16:16:57 2004 From: spamcop at oitc.com (spamcop) Date: Fri Sep 3 15:20:02 2004 Subject: [SpamCop-List] Missed url Message-ID: See http://www.spamcop.net/sc?id=z640931363zd812a5785ebbab257a1a5adfac67ef0az From spamcop at oitc.com Fri Sep 3 16:18:01 2004 From: spamcop at oitc.com (spamcop) Date: Fri Sep 3 15:20:06 2004 Subject: [SpamCop-List] Spamcop missed qp part of multipart using eudora workaround Message-ID: See http://www.spamcop.net/sc?id=z640491054z5ce92be76a465ac9d6dc34db24da2330z From eddie at eddie.web Fri Sep 3 16:35:09 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 15:35:07 2004 Subject: [SpamCop-List] Re: Cyveillance conspiracy theory References: Message-ID: On Fri, 03 Sep 2004 12:10:06 -0700, Peter Leftwich scratched out the following: > I wonder if Cyveillance is harvesting SpamCop.Net reports to identify > patterns in the spamming world. From these trends, spammers should be > able to write better [evolving] spams that get past Bayesian and other > learning filters. > > Along these lines, a spammer could [and they probably do] study the list > of tests/rules that SpamAssassin performs, and learn how to write more > successful (inbox-deliverable) spam messages. > > What's your opinion or conspiracy theory?? First, if true, it's not working. 100% of my spam falls into my report bucket - none into my inbox. Secondly, I don't have tinfoil under my hat :) How about this one: Maybe it's a conspiracy by spamcop to stay in business??? If the spam stopped, SC would fold up. Then there is the virus conspiracy - that the AV companies support the viruskiddies so that they can sell their AV wares. I am a scientist - I need hard data and proof. I leave conspiracy theories to politicians and other alien life. From daffy at intelligencia.com Fri Sep 3 20:38:17 2004 From: daffy at intelligencia.com (Sebastian Di Mateo) Date: Fri Sep 3 15:40:02 2004 Subject: [SpamCop-List] Reporting email addresses and websites hosting material Message-ID: Hello. Every time I parse a spam message in SpamCop, I check the message manually for email reply addresses and img tags for material used in composing the offending message. I then report this incidents to the respective abuse depts, obtaining very good results against spammers. However, it's time consuming, and I lost a couple of reports because of the 4-address restriction at user-copied reports limitation. Is there a way of instructing SpamCop service to do this for me? From nobody at devnull.spamcop.net Fri Sep 3 17:09:04 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Fri Sep 3 16:10:03 2004 Subject: [SpamCop-List] gandi.net - Legal Advice Message-ID: I have been receiving NDRs as a result of spammers using my domain name in the From of the spam At least they have not been using valid names so no one has gotten an NDR for a spam they did not send. I have been recording these and I now have 5 that have been doing this: 24-7-RXMEDS.COM GORXMEDS.BIZ BASICRXMEDS.COM GETCHEAPRXPILLS.BIZ MORECHEAPRX.BIZ I would like to LART these people and I decided to also go after the name server host, too. In 2 of the 5 cases the name servers are: ns5.autonameservers.com ns6.realdnssystem.com These domains are registered at gandi.net. Now for the legal advice part: The whois from gandi has this: "Access and use restricted pursuant to French law on personal data. Copy of whole or part of the data without permission from GANDI is strictly forbidden." Does this mean I can't use the info to LART the name server host because I would have to copy the email address of the domain owner into the LART? Thanks in advance. From wb8tyw at qsl.network Fri Sep 3 16:09:30 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Sep 3 16:10:09 2004 Subject: [SpamCop-List] Re: Cyveillance conspiracy theory References: Message-ID: In article , "Peter Leftwich" writes: > > What's your opinion or conspiracy theory?? If they are doing anything other than looking for trademark/copyright infringments, as stated, it is more likely that they are using the data to sell I.P. addresses to be blocked by corporate network filters and firewalls. Getting a feed from spamcop.net allows them to identify such sites quickly. The spamcop.net blocking list is far too agressive for many, but if the raw data is used with other sources, it can be used to help block porn sites and other things that spamcop.net may not care about. I have heard of a company paying what would be a large chunk of my salary for a service that does nothing but supply them with a router ACL list to keep employees from overloading the network downloading music from floating servers, which are possibly open proxies. Think of it, how many users would notice if at their company that none of the I.P. addresses that the spam URLs resolve to could be reached from their computers? -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Fri Sep 3 14:09:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 16:10:14 2004 Subject: [SpamCop-List] Re: Spamcop missed qp part of multipart using eudora workaround References: Message-ID: spamcop wrote: www.spamcop.net/sc?id=z640491054z5ce92be76a465ac9d6dc34db24da2330z Who knows what the result would've been if it hadn't been first 'hacked' by Eudora and then 're-hacked' by spamcop. I'm certainly not inspired to figger it out. In my opinion, SC should forget about Eudora and Outlook hacks and just stop supporting them with a body parse, just the headers for source. After all, the original spambody has already been 'destroyed' - making something up to report is pretty bogus. IMO, of course. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Sep 3 14:16:12 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 16:20:03 2004 Subject: [SpamCop-List] Re: Missed url References: Message-ID: spamcop wrote: www.spamcop.net/sc?id=z640931363zd812a5785ebbab257a1a5adfac67ef0az Nope. Resolving link obfuscation http://ozvftkxd.dgnclih.info/?dtff9ae5bbe.pddrmewemy host 61.141.32.196 (getting name) no name Re: http://ozvftkxd.dgnclih.info/?dtff9ae5bbe.pddrm... (Administrator of network hosting website referenced in spam) ct-abuse@sprint.net ipadm@gddc.com.cn postmaster#chinanet.cn.net@devnull.spamcop.net anti-spam@chinanet.cn.net -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Sep 3 17:17:37 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Fri Sep 3 16:20:07 2004 Subject: [SpamCop-List] Re: [C&C] Cyveillance conspiracy theory References: Message-ID: "eddie" wrote in message news:pan.2004.09.03.19.35.07.965000@eddie.web... > On Fri, 03 Sep 2004 12:10:06 -0700, Peter Leftwich scratched out the > following: [snip] > Secondly, I don't have tinfoil under my hat :) > How about this one: > Maybe it's a conspiracy by spamcop to stay in business??? > If the spam stopped, SC would fold up. > Then there is the virus conspiracy - that the AV companies support the > viruskiddies so that they can sell their AV wares. > I am a scientist - I need hard data and proof. I leave conspiracy > theories to politicians and other alien life. [adjusting my tinfoil] Wait! You mean the spammers and viruskiddies are NOT alien life??? From nobody at nowhere.invalid Sat Sep 4 00:20:38 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 3 17:25:21 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: Message-ID: On Fri, 3 Sep 2004 16:09:04 -0400, Steve Gilder coughed into spamcop and left this in : > "Access and use restricted pursuant to French law on personal data. Copy of > whole or part of the data without permission from GANDI is strictly > forbidden." > > Does this mean I can't use the info to LART the name server host because I > would have to copy the email address of the domain owner into the LART? Do you care? What *are* the chances of them going after you for using the PUBLICLY AVAILABLE data (if French privacy laws were that strict they wouldn't publish the data in the first place, ? la Nominet UK) in order to report abuse? Scr*w the spam-supporting idiots. -- Steve Always the dullness of the fool is the whetstone of the wits. -- William Shakespeare, "As You Like It" From UseTheReplyToField at crazyhat.net Fri Sep 3 16:59:57 2004 From: UseTheReplyToField at crazyhat.net (DevilsPGD) Date: Fri Sep 3 18:00:06 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: In message "Porpoise" wrote: >My wife had contractions the other day - but it was nothing to do with >grammar. I think it was the milkman (sorry, milkperson). I'd probably stick with "milkman" on that one. -- If at first you do succeed, try not to look astonished. From porpoise1954 at yahoo.co.uk Sat Sep 4 00:02:58 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Sep 3 18:05:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: "DevilsPGD" wrote in message news:chapgt$krj$1@news.spamcop.net... > In message "Porpoise" > wrote: > > >My wife had contractions the other day - but it was nothing to do with > >grammar. I think it was the milkman (sorry, milkperson). > > I'd probably stick with "milkman" on that one. > > Some might stick one on that milkman....... > -- > If at first you do succeed, try not to look astonished. From MikeE at ster.invalid Fri Sep 3 16:05:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 18:10:03 2004 Subject: [SpamCop-List] QuizYourFriends.com Message-ID: See spam from my 'friend' in .spam under 'spamyourfriends dot com' Interesting business model - altho' I haven't investigated its functionality very much yet because I haven't felt like letting its javascript mess with me - nor have I clicked it permission to spam me, so I also haven't seen my friend's quiz. Apparently the idea is to create a meme 'spamvirus' by enticing people to 'quiz' their friends, resulting in an ever widening circle of people giving out their friends' email addresses in order to... I created a quiz for you on QuizYourFriends.com! Click on the link below to take my quiz: ...and then you confirm your email addy which is built into the link. You also give them permission to spam you by so clicking according to their non-privacy spamming and unsubscribe optout agreement warning connected to the link at the bottom of the spam/mail. The various obnoxious elements of that non-privacy agreement are too numerous to mention, but it can be seen here without any javascript enabled http://www.quizyourfriends.com/privacy.html In my opinion, I can spamcop report this item even if my friend 'sanctioned' the mailing by giving them my addy. Just because he told them they could spam me doesn't mean they had /my/ permission. If you look at the item in .spam, you can see that even tho' my friend's name appeared in the From: - his address didn't, nor was it sourced from him - but he was clearly a participant. -- Mike Easter kibitzer, not SC admin From magnus at gol.com Sat Sep 4 08:30:40 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 18:35:02 2004 Subject: [SpamCop-List] Who the hell gave spamcop the right? Message-ID: So we have a self styled police here. Who the hell gave spamcop the right to filter out peoples mails. I can't send mails to America now due to the fact that my ISP mail server got on the list. That is not my fault is it. You americans, sue their arses off. Lard asses. From MikeE at ster.invalid Fri Sep 3 16:46:32 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 18:50:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Magnus Back wrote: > So we have a self styled police here. You are mistaken about the functionality of spamcop. It serves as a parsing and reporting tool for reporters reporting spam to the providers for spamsources and spamvertisers. It sells a spamfiltering mail service. It maintains a very dynamic list of IP addresses associated with reported spamsources with the aforementioned tool. > Who the hell gave spamcop the right to filter out peoples mails. Spamcop 'filters' no mails. Those who subscribe to its mail service have their mail /tagged/ and sorted according to their own guidelines for defending themselves against spam. > I can't send mails to America now due to the fact that my ISP mail > server got on the list. If you server is listed in the spamcop blocklist of IP addresses, some providers may be using that blocklist of spamsource IP addresses to block or tag or filter mail. That could affect the receipt of your mail by recipients whose providers choose to use that spam defense. > That is not my fault is it. If you are running a server, you have a responsibility to avoid and prevent spam coming from your server, and to 'police' any mistaken listings of your server on any of the many many scores of blocklists created in the war against spam. If you name the IP in question, someone might help you figure out what you might have become listed somewhere. -- Mike Easter kibitzer, not SC admin From fred558 at bobames.com Sat Sep 4 01:52:20 2004 From: fred558 at bobames.com (Bob Ames) Date: Fri Sep 3 18:55:06 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: <4138F5A4.1080404@bobames.com> Magnus Back wrote: > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. You should educate your ISP as to how to stop spam from being sent by their network, so you'll be able to start sending Emails again. Or change ISP's. It's really that simple. Have a nice day! Bob (use bob at this domain to reach me) Don't Send Any Email To: From pete at heypete.com Fri Sep 3 16:54:53 2004 From: pete at heypete.com (Pete Stephenson) Date: Fri Sep 3 18:55:13 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: [posted and emailed] In article , Magnus Back wrote: > So we have a self styled police here. In a very limited way. The internet is a global network of privately-owned (i.e. companies and universities) publicly-owned (i.e. state-run universities, government, military, etc.) networks. There nobody "in charge" of the internet -- every network is free to administer their own systems as they see fit. In this case, SpamCop uses the reports of its users to filter mail to SpamCop's own users. SpamCop also makes a copy, in the form of a DNS-based list, of IP addresses that it currently regards as sending spam. Other system administrators are able to, *on their own free will*, utilize the list provided by SpamCop to tag, filter, reject, or do any number of other actions to incoming email. Nobody is *forcing* anybody to use SpamCop's list -- the systems that are blocking your messages have specifically elected to do so based on their own free will and choice. > Who the hell gave spamcop the right to filter out peoples mails. All the users of SpamCop's service and those who elect to use the SpamCop DNSbl to filter mail on their own private servers. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. I very much doubt that *all* of America is using the SpamCop DNSbl to filter mail. Perhaps several of the systems that provide mail for your recipients, yes, but not *all* of the country. > That is not my fault is it. I'm not sure. Are you a spammer? If so, then it is indeed your fault. More than likely, a spammer is using the same mail systems as you do (perhaps another customer on your ISP is a spammer) and has sullied the good name of your ISP. If the ISP takes prompt action and disconnects the spammer and causes the spam to cease, the system should be automatically de-listed in a day or so. If the spam continues from the system, it will remain listed until it no longer meets SpamCop's listing criteria (available at http://spamcop.net/bl.shtml) > You americans, sue their arses off. I'm quite happy leaving my arse unsued at this moment in time. > Lard asses. While I do need to lose a little bit of weight, I would not describe myself as a "lard ass". I hope this message is of some assistance for you. If you were to provide the precise error message that you get while attempting to send mail to the systems that are presently blocking you I may be able to offer some more assistance. Cheers! -- Pete Stephenson HeyPete.com From MikeE at ster.invalid Fri Sep 3 17:10:57 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 19:15:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Magnus Back wrote: domain gol.com, nntp cts.ne.jp > my ISP mail > server got on the list. I can't find anything for gol's mx, and I can't find anything for cts mx/es. There are a lot of listings for the various cts IP's and amany of them are in spamcop, but I haven't found a server 219.103.106.6 listed in bl.spamcop.net [spamtraps & reporters] 210.191.134.117 listed in bl.spamcop.net " " 210.191.157.68 listed in bl.spamcop.net and so forth -- Mike Easter kibitzer, not SC admin From Alexis at NotBob.frop Fri Sep 3 20:14:30 2004 From: Alexis at NotBob.frop (Alexis) Date: Fri Sep 3 19:15:07 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: "Magnus Back" wrote in message news:charav$mr9$1@news.spamcop.net... > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. X-Trace: news.spamcop.net 1094250656 23401 219.103.111.166 (3 Sep 2004 22:30:56 GMT) inetnum: 219.96.0.0 - 219.127.255.255 netname: JPNIC-NET-JP descr: Japan Network Information Center JOHN ASHCROFT OUR <<<>> HE TOLD US BLOCK EVERYTHING FROM THE GODLESS HEATHERN ----JAPANESE! ANOINT YOUR HEAD IN OIL AND ***REPENT*** NOW! !!!! JESUS LOVE ONLY AMERICAN LARD LONG TIME!!!!!!! ifIwereagoodmanI'dtalkwithyoumorETHETRILATERNALCOMMISSION0WNZZZYOOOOoftenth anId oIfIweretosleepIcoulddreamIfIwereafraidIcouldhideIfIgoinsanePleasedon'tputy ourwiresinmybrain From Alexis at NotBob.frop Fri Sep 3 20:23:12 2004 From: Alexis at NotBob.frop (Alexis) Date: Fri Sep 3 19:25:03 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: Message-ID: "Steve Gilder" wrote in message news:chaj10$fon$1@news.spamcop.net... > I have been receiving NDRs as a result of spammers using my domain name in > the From of the spam At least they have not been using valid names so no one > has gotten an NDR for a spam they did not send. > > I have been recording these and I now have 5 that have been doing this: > > 24-7-RXMEDS.COM > GORXMEDS.BIZ > BASICRXMEDS.COM > GETCHEAPRXPILLS.BIZ > MORECHEAPRX.BIZ > > I would like to LART these people and I decided to also go after the name > server host, too. In 2 of the 5 cases the name servers are: > > ns5.autonameservers.com > ns6.realdnssystem.com > > These domains are registered at gandi.net. > > Now for the legal advice part: > > The whois from gandi has this: > > "Access and use restricted pursuant to French law on personal data. Copy of > whole or part of the data without permission from GANDI is strictly > forbidden." > > Does this mean I can't use the info to LART the name server host because I > would have to copy the email address of the domain owner into the LART? > > Thanks in advance. Gandi, being accepted as a registrar from ICANN, must give implicit permission for their WHOIS data to be usable by anyone that needs it. HTH -Alexis, refraining from any more Monty Python French invader quotes From magnus at gol.com Sat Sep 4 09:25:56 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 19:30:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Sorry guys. I was a bit upset there for a while and didn't really check how this works. I have sent a mail to my ISP asking them to sort this out but perhaps they cannot since it seems it's not their server. See traceroute below. What worries me is not so much that some of my outgoing emails get caught but the fact that some incoming emails are deflected as well. This is an example of a mail that got caught (email adress is changed). The original message was received at Sat, 4 Sep 2004 07:15:31 +0900 (JST) from vsso21.asp.home.ne.jp [203.165.10.42] ? ?----- The following addresses had permanent fatal errors ----- ? ? (reason: 553 Blocked - see http://www.spamcop.net/bl.shtml?203.165.10.105) ? ?----- Transcript of session follows ----- ... while talking to mx1.moses.com.: >>> RCPT To: <<< 451 Blocked - see http://www.spamcop.net/bl.shtml?203.165.10.105 ... Deferred: 451 Blocked - see http://www.spamcop.net/bl.shtml?203.165.10.105 ... while talking to mx1.monsterlabs.com.: >>> RCPT To: <<< 553 Blocked - see http://www.spamcop.net/bl.shtml?203.165.10.105 550 5.1.1 ... User unknown I did a traceroute and it doesn't look like the offending server belongs to my ISP. How do you find out who owns vsso21.asp.home.ne.jp? traceroute to vsso21.asp.home.ne.jp (203.165.10.42), 30 hops max, 38 byte packets ?1 ?rasmus.xxx.xxx (192.168.0.1) ?0.631 ms ?0.229 ms ?0.154 ms ?2 ?x.cts.ne.jp (219.103.xxx.x) ?7.885 ms ?11.061 ms ?22.958 ms ?3 ?219.103.96.99 (219.103.96.99) ?13.558 ms ?9.480 ms ?7.788 ms ?4 ?r1-0409.shinjuku.net.bbx.ad.jp (218.40.50.117) ?8.279 ms ?10.448 ms ?9.647 ms ?5 ?d48i074.bbx.ad.jp (218.40.48.74) ?8.610 ms ?20.781 ms ?10.368 ms ?6 ?218.40.49.46 (218.40.49.46) ?9.503 ms ?9.425 ms ?21.252 ms ?7 ?bb-ge-4-0-1000M.cr1.nrt1.asianetcom.net (202.147.1.178) ?9.014 ms ?9.402 ms ?12.586 ms ?8 ?bb-pos-0-0-2488M.gw2.nrt1.asianetcom.net (202.147.0.206) ?8.922 ms ?9.767 ms ?10.627 ms ?9 ?Home.asianetcom.net (203.192.149.214) ?10.048 ms ?11.086 ms ?12.907 ms 10 ?fr2-g1-1.s-kddi1.home.ne.jp (203.165.0.70) ?10.200 ms ?10.010 ms ?42.483 ms 11 ?r1-atm1-0-1.bcdc.home.ne.jp (203.165.10.70) ?12.712 ms ?14.918 ms ?10.225 ms 12 ?vsso21.asp.home.ne.jp (203.165.10.42) ?10.462 ms ?15.219 ms ?17.423 ms Cheers, Magnus From nobody at devnull.spamcop.net Fri Sep 3 19:31:30 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 3 19:35:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: "Magnus Back" wrote in message news:charav$mr9$1@news.spamcop.net... > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. Try taking a look at the FAQ, especially the "Why am I Blocked" section .. found at http://forum.spamcop.net/forums/index.php? From nobody at spamcop.net Fri Sep 3 19:39:42 2004 From: nobody at spamcop.net (Tom) Date: Fri Sep 3 19:40:03 2004 Subject: [SpamCop-List] Re: [C&C] RE: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: On Thu, 02 Sep 2004 02:36:37 +0100, Sean W <8vmb6jy02@sneakemail.com> wrote: >[Snip: ludicriously funny naivety and 4 day old limp lettuce leaf-like >cart00ney]. > >Godamn that was funny. Best laugh I had all day. > >PS Bryan. >Oh and netiquette requires a C&C warning if the contents of a post are >likely to cause 'splorfing' of coffee and startling of furry friends. Splorf? Now that's a mowf-ful. LOL It amazes me how many people took this spammer seriously. But then, we haven't had as good a laugh in a long, long time. From eddie at eddie.web Fri Sep 3 20:40:43 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 19:45:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 07:30:40 +0900, Magnus Back scratched out the following: > So we have a self styled police here. Who the hell gave spamcop the right > to filter out peoples mails. I can't send mails to America now due to the > fact that my ISP mail server got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. Mr. Lard asses Isn't Lard asses your name? It seems that's how you signed your post. I think I spell more fried smamboy here. And is smells like, like, like, VICTORY! I presume you don't speak English, so I won't critique your abysmal grammar and spelling. Spamcop doesn't filter email. ISPs do. And your ISP has been caught spamming. We filter out your ISP's email so it won't reach my mailbox. I don't want your spam. If your ISP is a spammer, then get a better ISP. You are getting close to a cartooney here, so be careful. From eddie at eddie.web Fri Sep 3 20:42:09 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 19:45:07 2004 Subject: [SpamCop-List] Re: [C&C] Cyveillance conspiracy theory References: Message-ID: On Fri, 03 Sep 2004 16:17:37 -0400, Steve Gilder scratched out the following: snip > > [adjusting my tinfoil] Wait! You mean the spammers and viruskiddies are > NOT alien life??? whoops, you got me there. But they've been around so long, like lawyers and other pond scum that I keep forgetting. :) From nobody at devnull.spamcop.net Fri Sep 3 20:42:44 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Sep 3 19:45:14 2004 Subject: [SpamCop-List] Re: [C&C] Cyveillance conspiracy theory References: Message-ID: "Steve Gilder" wrote in message [...] > > [adjusting my tinfoil] Wait! You mean the spammers and viruskiddies are NOT > alien life??? > LOL, thanks for the [C&C], I was wondering how you/anyone could respond rationally to eddie's prize! Big thanks to both of you. Glenn From MikeE at ster.invalid Fri Sep 3 17:46:40 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 19:50:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Magnus Back wrote: > I have sent a mail to my ISP asking them to sort this out but perhaps > they cannot since it seems it's not their server. Yes it is. > See traceroute > below. A tracert or traceroute is a tool of limited usefulness sometimes. > What worries me is not so much that some of my outgoing emails get > caught but the fact that some incoming emails are deflected as well. No; a listing of your provider's server's IP in the SCbl leads to trouble with your outgoing mail getting blocked by your recipient's server's usage of that list as a spam defense. Not any trouble with incoming mail. > The original message was received at Sat, 4 Sep 2004 07:15:31 +0900 > (JST) from vsso21.asp.home.ne.jp [203.165.10.42] That vsso IP is what is telling you about what comes below. > > (reason: 553 Blocked - see > http://www.spamcop.net/bl.shtml?203.165.10.105) That griffin's server [namely mx1.monsterlabs.com] doesn't want the mail because 203.165.10.105 rDNS smtp12.asp.home.ne.jp is SCbl listed, and you can follow that link to see the 'why'. >How do you find out who owns vsso21.asp.home.ne.jp? vsso's IP is up yonder 203.165.10.42 inetnum: 203.165.0.0 - 203.165.127.255 netname: ATHOME-JP That netblock is also the block of the listed smtp server. The link above sez: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) Listing History In the past 15.4 days, it has been listed 2 times for a total of 5.3 days The causes of hitting spamtraps are many. Some of them can cause a server to be listed 'by accident' -- but only a deputy can look at spamtrap evidence. Here's an example of a spam in sightings which came thru' that output server http://groups.google.com/groups?q=203.165.10.105&hl=en&lr=&ie=UTF-8&c2coff=1&selm=20040903184335.GA2354%40blars.org&rnum=1 If SC parses that spam which was relayed by the output server at a time when it is unfamiliar with the output server as a relay, it might name the output as the source instead of the source behind the output. Since it was in a spamtrap, a human wouldn't see it until you start talking about it here. So, you could have an output server listed 'by spamtrap' -- which many of us find undesirable because of the collateral damage. -- Mike Easter kibitzer, not SC admin From baloo at ursine.dyndns.org Fri Sep 3 17:34:41 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 3 19:50:09 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: <87acw7vsdq.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Magnus Back writes: > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. Spamcop only filters mail for users whose email address ends in spamcop.net. If you get a bounce message claiming otherwise, you should talk to the postmaster of that site that sent the bounce message, as *they* are the people responsible for your mail being blocked, not Spamcop (and they're being irresponsible by blaming others for their choices). > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. I take it GOL is your country's idiot bin, like AOL is here? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOP+TUzgNqloQMwcRAvfGAJ9LNA7VScz516+xaNXOgipiuhUfgwCg4Y6D KF+AQbWCk0fHtoD5Gqym1qo= =7WiI -----END PGP SIGNATURE----- From MikeE at ster.invalid Fri Sep 3 18:00:30 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 20:05:04 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Mike Easter wrote: > Here's an example of a spam in sightings which came thru' that output > server www.spamcop.net/sc?id=z641266690z0026cf7ff7d67e9f6ce95fd18953ee68z which shows SC /now/ parsing successfully past that output server to the source IP behind it... from (smtp12.asp.home.ne.jp [203.165.10.105]) by renig.nat.blars.org *relay output from (smtp1.chukai.ne.jp [210.156.16.137]) by mxo22.asp.home.ne.jp *internal handling from yahoo.com (pc1840.chukai.ne.jp [210.156.25.70] by smtp1.chukai.ne.jp *sourceline, http proxy port 14368 ...but it would be possible for the parser to break that chain at the topline and name the output server as the source IP. Some of us feel that incorrectly naming output servers as source IPs is bad for collateral damage reasons; but if there is a lot of spam coming thru' the server, it is more likely that an IP won't be removed until the spam stops. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Fri Sep 3 20:06:27 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Fri Sep 3 20:15:05 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: I used to know a Rasmus who worked at NETO.... Is this you? In any case, someone else on the cable modem network you are on is spamming, and that's got all of you who use that mail server in trouble. The Spamcop report shows that 203.165.10.104, 203.165.10.105, 203.165.10.106 & 203.165.10.107 all have been sending spam to addresses known as spamtraps. Spamtraps are "cloaked" email addresses that are set up on a server and do nothing. When a spammer comes along and spams AK-47 style, where they send a gigantic volume of mail that can be created only by combining every possible set of characters into account IDs - and email one of these accounts - it's usually a very reliable report. That particular spam has been spotted off and on since April of 2004. History is at http://groups.google.com/groups?q=(44)+233-4669&hl=en&lr=&ie=UTF-8&scoring=d &start=0&sa=N The spamvertised site is here : http://www.nbc.net.ua/ That server has web access to its mail system, and if I had to guess - I'll bet that the others in the neighborhood are of the same build image and have the same vulnerabilities. Please suggest to your provider to implement the same fix across the board if so. From baloo at ursine.dyndns.org Fri Sep 3 17:57:56 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 3 20:15:09 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: <87sm9yvraz.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Magnus Back writes: > Sorry guys. > > I was a bit upset there for a while and didn't really check how this works. > > I have sent a mail to my ISP asking them to sort this out but perhaps they > cannot since it seems it's not their server. See traceroute below. > ? ?----- The following addresses had permanent fatal errors ----- > > ? ? (reason: 553 Blocked - see > http://www.spamcop.net/bl.shtml?203.165.10.105) Your ISP didn't block your mail, either. You need to talk to postmaster@griffintechnology.com. > I did a traceroute and it doesn't look like the offending server belongs to > my > ISP. How do you find out who owns vsso21.asp.home.ne.jp? Traceroute only tells you how packets are getting to vsso21.asp.home.ne.jp. If you want to see who owns the host, look up the IP using host, then use whois using the ISP to get the owner and contact info. Host and whois are not included in windows, but are shipped by default with pretty much everything else in existence. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOQUEUzgNqloQMwcRAlS5AKCQ8mjz/18eGzNK5yMKwGKFvHYG2ACfY9V+ PZXEcYJRngVm4gKIsf9CL8I= =BPXn -----END PGP SIGNATURE----- From magnus at gol.com Sat Sep 4 10:13:48 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 20:15:15 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Mike Easter wrote: > Magnus Back wrote: >> What worries me is not so much that some of my outgoing emails get >> caught but the fact that some incoming emails are deflected as well. > > No; a listing of your provider's server's IP in the SCbl leads to > trouble with your outgoing mail getting blocked by your recipient's > server's usage of that list as a spam defense. Not any trouble with > incoming mail. > I gave my mail address to a person at griffintechnology so he could mail me back and that resulted in the same thing. He got exactly the same type of message as I got and the mail did not reach me. From tmcgraw at spamcop.net Fri Sep 3 18:16:33 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Sep 3 20:20:03 2004 Subject: [SpamCop-List] Re: Cyveillance conspiracy theory References: Message-ID: <41390961.6020507@spamcop.net> Peter Leftwich wrote: > I wonder if Cyveillance is harvesting SpamCop.Net reports to > identify patterns in the spamming world. From these trends, > spammers should be able to write better [evolving] spams that get > past Bayesian and other learning filters. > > Along these lines, a spammer could [and they probably do] study the > list of tests/rules that SpamAssassin performs, and learn how to > write more successful (inbox-deliverable) spam messages. > > What's your opinion or conspiracy theory?? Cyveillance is a cover for AQ. http://zapatopi.net/afdb.html HTH. HAND. From magnus at gol.com Sat Sep 4 10:22:42 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 20:25:05 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Dear eddie. Yes my idiotic placement of the words "Lard asses" was funny. However, your Bush style critique of my spelling and grammar doesn't fly, does it. Magnus eddie wrote: > On Sat, 04 Sep 2004 07:30:40 +0900, Magnus Back scratched out the > following: > >> So we have a self styled police here. Who the hell gave spamcop the right >> to filter out peoples mails. I can't send mails to America now due to the >> fact that my ISP mail server got on the list. >> That is not my fault is it. >> >> You americans, sue their arses off. >> >> >> Lard asses. > > Mr. Lard asses > Isn't Lard asses your name? It seems that's how you signed your post. > I think I spell more fried smamboy here. And is smells like, like, like, > VICTORY! > > I presume you don't speak English, so I won't critique your abysmal > grammar and spelling. > Spamcop doesn't filter email. ISPs do. And your ISP has been caught > spamming. We filter out your ISP's email so it won't reach my mailbox. > I don't want your spam. If your ISP is a spammer, then get a better ISP. > You are getting close to a cartooney here, so be careful. From MikeE at ster.invalid Fri Sep 3 18:24:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 3 20:25:10 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Magnus Back wrote: > Mike Easter wrote: > >> Magnus Back wrote: >>> What worries me is not so much that some of my outgoing emails get >>> caught but the fact that some incoming emails are deflected as well. >> >> No; a listing of your provider's server's IP in the SCbl leads to >> trouble with your outgoing mail getting blocked by your recipient's >> server's usage of that list as a spam defense. Not any trouble with >> incoming mail. >> > > I gave my mail address to a person at griffintechnology so he could > mail me back and that resulted in the same thing. He got exactly the > same type of message as I got and the mail did not reach me. I can only 'talk about' the analysis of the delivery notification I can see. What you showed was the result of the mx for griffin refusing the mail from your output server. If you want to talk about some server on your end refusing the mail from griffin's server, you'll have to post something like that if your friend sent you a copy of it somehow. Otherwise you haven't seen it. griffin's mx/es are mx1.moses.com & mx1.monsterlabs.com - neither of which are listed on the SCbl - but that doesn't mean that the output servers for griffin aren't listed on the SCbl or some other dnsbl. -- Mike Easter kibitzer, not SC admin From magnus at gol.com Sat Sep 4 10:28:24 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 20:30:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Hi Rick. I'm not the same person. Rasmus is the name of my son (and one of my computers). Thanks for the info below. I will send it on to my ISP. Cheers, Magnus Rick Carlton wrote: > I used to know a Rasmus who worked at NETO.... Is this you? > > In any case, someone else on the cable modem network you are on is > spamming, and that's got all of you who use that mail server in trouble. > > The Spamcop report shows that 203.165.10.104, 203.165.10.105, > 203.165.10.106 & 203.165.10.107 all have been sending spam to addresses > known as spamtraps. > > Spamtraps are "cloaked" email addresses that are set up on a server and do > nothing. When a spammer comes along and spams AK-47 style, where they > send a gigantic volume of mail that can be created only by combining every > possible set of characters into account IDs - and email one of these > accounts - it's usually a very reliable report. > > That particular spam has been spotted off and on since April of 2004. > History is at > http://groups.google.com/groups?q=(44)+233-4669&hl=en&lr=&ie=UTF-8&scoring=d > &start=0&sa=N > > The spamvertised site is here : http://www.nbc.net.ua/ > > That server has web access to its mail system, and if I had to guess - > I'll bet that the others in the neighborhood are of the same build image > and have > the same vulnerabilities. Please suggest to your provider to implement > the same fix across the board if so. From agent01413 at my-deja.com Fri Sep 3 19:32:16 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Fri Sep 3 20:35:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: [posted and mailed] Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that Magnus Back had this to say on 03 Sep 2004: > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. Spamcop's customers whose mailboxes spamcop is protecting > I can't send mails to America now due to the fact that my ISP mail server > got on the list. neither can the spammers whom your ISP plays host to. That makes my inbox cleaner > That is not my fault is it. yes it is. If you didnt choose your ISP, who did? when the spam stops, the listing goes away. it is up to your ISP to make the spam stop. > > You americans, sue their arses off. if you're suit happy, do it yourself. meanwhile, I personally block anyone whose solution to network outages is litigation -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From agent01413 at my-deja.com Fri Sep 3 19:46:58 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Fri Sep 3 20:50:04 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that "Bryan" had this to say on 01 Sep 2004: [rest of the BS snipped] > I smell a class action law suite in the wind! > that isn't a "law suite" you smell. You're downwind of yourself. > This issue is set to explode in your face. You are likely to be facing > class action law suites some time very soon if you don't fix this > nonsense! > hee hee. http://lawsuite.word-to-the-wise.com/ If Richter couldn't beat them, and Waggoner couldn't beat them, do you really think someone as illiterate as you has a chance? > > > I have carefully recorded evidence and have three separate witnesses > that this is EXACTLY what SpamCop have done. You can NOT convince us > otherwise, and you sure wont convince a judge. > 1) Judge already ruled. Spamcop is protected by CDA 2) So am I. 47 USC 230 "otherwise objectionable" and all that 3) people who threaten "law suites" are "otherwise objectionable" 4) I just blocked maxnet.co.nz on my servers. Sue me too. 5) "law suites" - you wouldn't happen to know someone named Ron Ritzman,do you? Only people trying to do parodies poking fun at stupid spammers use that misspelling. I don't really think that you're an illiterate moron - you are just trying to play one on the Internet for entertainment purposes. "Law suite" is just too obvious though. -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From glnews030922 at highspot.net Sat Sep 4 02:48:35 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Fri Sep 3 20:50:14 2004 Subject: [SpamCop-List] Re: Cyveillance conspiracy theory In-Reply-To: References: Message-ID: Peter Leftwich wrote: > What's your opinion or conspiracy theory?? Cyveillance is known to cause cancer in the state of California. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From agent01413 at my-deja.com Fri Sep 3 19:48:57 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Fri Sep 3 20:50:18 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that eddie had this to say on 02 Sep 2004: > now let's leave Bono out of this. He has his moments, but overall he's > OK :) > Actually, he's dead. Ran into a tree. -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From nobody at devnull.spamcop.net Fri Sep 3 20:53:17 2004 From: nobody at devnull.spamcop.net (Cat) Date: Fri Sep 3 20:55:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: Socks the white house cat wrote: > Someday in the distant future, archeologists digging thru the ruins of > spamcop will discover that eddie had this to say on > 02 Sep 2004: > > > >>now let's leave Bono out of this. He has his moments, but overall he's >>OK :) >> > > > Actually, he's dead. Ran into a tree. He was probably talking about U2's Bono. ;-) From glnews030922 at highspot.net Sat Sep 4 02:56:52 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Fri Sep 3 21:00:04 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: Socks the white house cat wrote: > Someday in the distant future, archeologists digging thru the ruins of > spamcop will discover that eddie had this to say on > 02 Sep 2004: > > > >>now let's leave Bono out of this. He has his moments, but overall he's >>OK :) >> > > > Actually, he's dead. Ran into a tree. Yeah. Unfortunately, he didn't run into the tree before he got the Mickey Mouse Protection Act passed. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From Merlyn at Spamcop.net Fri Sep 3 22:00:57 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Fri Sep 3 21:05:05 2004 Subject: [SpamCop-List] Re: QuizYourFriends.com References: Message-ID: "Mike Easter" wrote in message news:chapqg$le9$1@news.spamcop.net... > See spam from my 'friend' in .spam under 'spamyourfriends dot com' > > Interesting business model - altho' I haven't investigated its > functionality very much yet because I haven't felt like letting its > javascript mess with me - nor have I clicked it permission to spam me, so > I also haven't seen my friend's quiz. > > Apparently the idea is to create a meme 'spamvirus' by enticing people to > 'quiz' their friends, resulting in an ever widening circle of people > giving out their friends' email addresses in order to... [snipped] Your right I hate the business model. In fact I will not give anyone the chance because I just entered them into my blocklist. Many will think it isn't spam but you already know how I feel about this kind of crap :-) Lart it and forget it. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at devnull.spamcop.net Fri Sep 3 21:01:23 2004 From: nobody at devnull.spamcop.net (Cat) Date: Fri Sep 3 21:05:13 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: Magnus Back wrote: (Top posting corrected) >>Mr. Lard asses >>Isn't Lard asses your name? It seems that's how you signed your post. >>I think I spell more fried smamboy here. And is smells like, like, like, >>VICTORY! >> >>I presume you don't speak English, so I won't critique your abysmal >>grammar and spelling. >>Spamcop doesn't filter email. ISPs do. And your ISP has been caught >>spamming. We filter out your ISP's email so it won't reach my mailbox. >>I don't want your spam. If your ISP is a spammer, then get a better ISP. >>You are getting close to a cartooney here, so be careful. > Dear eddie. > > Yes my idiotic placement of the words "Lard asses" was funny. I'm definitely not a lard ass. :-P Your original post did sound cartooney though. > However, your Bush style critique of my spelling and grammar doesn't fly, > does it. While we're talking about grammar, you should have put a question mark at the end of that. Top posting and not snipping doesn't fly either, because it makes it harder to understand the context of your posts. See #6 at http://linux.sgms-centre.com/misc/netiquette.php and #1 and #2 at http://www.river.com/users/share/etiquette/ for more on newsgroup posting netiquette. From Merlyn at Spamcop.net Fri Sep 3 22:05:05 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Fri Sep 3 21:10:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: "Magnus Back" wrote in message news:charav$mr9$1@news.spamcop.net... > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. > > You americans, sue their arses off. > ha ha ha ha ha ha Another spanked spammer from Japan Network Information Center ha ha ha ha ha ha Your entire ISP is blocked on our routers, they don't even get to our sites or mail. ha ha ha ha ha ha sue me ha ha ha ha ha ha too funny......... ha ha ha ha ha ha ROTFLMAO -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From rcarlton at spamcop.net Fri Sep 3 21:09:38 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Fri Sep 3 21:15:02 2004 Subject: [SpamCop-List] Re: QuizYourFriends.com References: Message-ID: On 9/3/04 5:05 PM, in article chapqg$le9$1@news.spamcop.net, "Mike Easter" wrote: > See spam from my 'friend' in .spam under 'spamyourfriends dot com' > > Interesting business model - altho' I haven't investigated its > functionality very much yet because I haven't felt like letting its > javascript mess with me - nor have I clicked it permission to spam me, so > I also haven't seen my friend's quiz. > > Apparently the idea is to create a meme 'spamvirus' by enticing people to > 'quiz' their friends, resulting in an ever widening circle of people > giving out their friends' email addresses in order to... > > I created a quiz for you on QuizYourFriends.com! > Click on the link below to take my quiz: Well, Tatusko, the owner of the domain is in the abrasives business.... Looks like it's abrasives in all respects - social and industrial. From nobody at spamcop.net Sat Sep 4 03:52:46 2004 From: nobody at spamcop.net (I Hate Spam) Date: Fri Sep 3 21:55:12 2004 Subject: [SpamCop-List] Deputies Problems with the site Message-ID: Is spamcop under attack again. I keep getting got sigalarm, taking too long to process, aborted http://mailsc.spamcop.net/spamgraph.shtml?spamstats also shows all reporting down to almost zero. Regards From eddie at eddie.web Fri Sep 3 22:54:45 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 21:55:25 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 09:22:42 +0900, Magnus Back scratched out the following: > Dear eddie. > > Yes my idiotic placement of the words "Lard asses" was funny. > > However, your Bush style critique of my spelling and grammar doesn't fly, > does it. > > Magnus > No, it's my Kerry/Dean style of critique, Mr. Lard. I guess you can't tell the difference where you are. I rarely use a Bush style. And don't top-post. It's another thing we don't take lightly here. Inline or bottom posting only. I am sure others will let you know about that, too. From x at x.com Fri Sep 3 23:02:16 2004 From: x at x.com (Neal B. Scott) Date: Fri Sep 3 22:05:03 2004 Subject: [SpamCop-List] Re: Deputies Problems with the site References: Message-ID: I'm getting the sigalarm too... "I Hate Spam" wrote in message news:chb752$3p0$1@news.spamcop.net... > Is spamcop under attack again. > > I keep getting got sigalarm, taking too long to process, aborted > > http://mailsc.spamcop.net/spamgraph.shtml?spamstats also shows all reporting > down to almost zero. > > Regards > > From magnus at gol.com Sat Sep 4 12:25:53 2004 From: magnus at gol.com (Magnus Back) Date: Fri Sep 3 22:30:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Eddie, I post top, bottom, middle or pretty much where I want thank you very much. "Bush style": Falsification of truths to suit your own needs. Well go figure. And yes from pretty much anywhere in the world we can see and feel the difference between Republicans and Democrats. But to be honest it is like making a choice between Coke and Pepsi. In the US you seem to see it as a big difference but seen from the outside it won't matter much. Surface, arrogance, bickering but no content (and what is worse, few people cares). Magnus eddie wrote: > On Sat, 04 Sep 2004 09:22:42 +0900, Magnus Back scratched out the > following: > >> Dear eddie. >> >> Yes my idiotic placement of the words "Lard asses" was funny. >> >> However, your Bush style critique of my spelling and grammar doesn't fly, >> does it. >> >> Magnus >> > No, it's my Kerry/Dean style of critique, Mr. Lard. I guess you can't > tell the difference where you are. I rarely use a Bush style. > And don't top-post. It's another thing we don't take lightly here. Inline > or bottom posting only. I am sure others will let you know about that, > too. From nobody at devnull.spamcop.net Fri Sep 3 23:27:52 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Sep 3 22:30:07 2004 Subject: [SpamCop-List] Re: Deputies Problems with the site References: Message-ID: "Neal B. Scott" wrote in message > I'm getting the sigalarm too... > > "I Hate Spam" wrote in message > > Is spamcop under attack again. > > > > I keep getting got sigalarm, taking too long to process, aborted > > > > http://mailsc.spamcop.net/spamgraph.shtml?spamstats also shows all > reporting > > down to almost zero. > > > > Regards > > Got sigalarm earlier, now timing out connecting to server. Has the smell of love about it. A little too much attention for SC from somewhere. Hope they have good records on some of the where, as it may source from Spamsylvania by way of spamsourcing equipment already badly in need of repair. Just a little more reason for the FTC to lean on the ISP's who protect their interests in their pet open proxies. I like to see the brighter side of things (Alexis knows the source). Glenn From nobody at devnull.spamcop.net Fri Sep 3 22:42:29 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 3 22:45:03 2004 Subject: [SpamCop-List] Re: Deputies Problems with the site References: Message-ID: "I Hate Spam" wrote in message news:chb752$3p0$1@news.spamcop.net... > Is spamcop under attack again. > > I keep getting got sigalarm, taking too long to process, aborted > > http://mailsc.spamcop.net/spamgraph.shtml?spamstats also shows all reporting > down to almost zero. Notifies have been sent out. This is the start of a long week-end in the U.S., so there may be some delay in response. From baloo at ursine.dyndns.org Fri Sep 3 21:00:34 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 3 23:10:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: <878ybqagbx.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Magnus Back writes: > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. OK, well, go learn to quote. http://learn.to/quote/ Top posting is nearly universally considered harmful. > "Bush style": Falsification of truths to suit your own needs. > Well go figure. Like you have been? > And yes from pretty much anywhere in the world we can see and feel > the difference between Republicans and Democrats. > But to be honest it is like making a choice between Coke and Pepsi. Yeah, we've got a gimpy two-party system that more or less needs to be torn down and started fresh. Or better yet, handed back to the UK. Not that it has anything to do with your misplaced blame or lack of comprehension of the common flow of written language. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOS/SUzgNqloQMwcRAn5LAKC/OFCXhpkxxxyxJ2Zr/SLVllrKNgCfeJcJ RsBWh628BtA8vbCWpAxw74M= =Bik2 -----END PGP SIGNATURE----- From someone at invaild.not Fri Sep 3 23:14:08 2004 From: someone at invaild.not (John Lurker) Date: Fri Sep 3 23:15:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: "Magnus Back" wrote in message news:chb942$5ok$1@news.spamcop.net... > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. http://linux.sgms-centre.com/misc/netiquette.php Glad to see lack of manners is a universal trait... From eddie at eddie.web Sat Sep 4 00:41:11 2004 From: eddie at eddie.web (eddie) Date: Fri Sep 3 23:45:04 2004 Subject: [SpamCop-List] Re: Deputies Problems with the site References: Message-ID: On Sat, 04 Sep 2004 02:52:46 +0100, I Hate Spam scratched out the following: > Is spamcop under attack again. > > I keep getting got sigalarm, taking too long to process, aborted > > http://mailsc.spamcop.net/spamgraph.shtml?spamstats also shows all > reporting down to almost zero. > > Regards I got a message I have never seen before when submitting spam. Service Unavailable - Zero size object The server is temporarily unable to service your request. Please try again later. Well, it's been quiet for a while and this is a big weekend. From ben.de+SCnews at spamcop.net Fri Sep 3 22:04:17 2004 From: ben.de+SCnews at spamcop.net (Ben) Date: Sat Sep 4 00:05:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: eddie wrote: > On Thu, 02 Sep 2004 16:17:46 -0500, Trish Roberts-Miller scratched out the > following: >>That isn't a grammar mistake. It's a spelling error. > Sometimes bad "grammer" is a spelling error. :) Anyone ever consult the "Chicago Manual of Style?" It is a fine reference on writing with the American version of the English language. From ben.de+SCnews at spamcop.net Fri Sep 3 22:25:26 2004 From: ben.de+SCnews at spamcop.net (Ben) Date: Sat Sep 4 00:30:03 2004 Subject: [SpamCop-List] IMHO SpamCop is utterly responsible and reliable. Message-ID: I know SpamCop receives complaints from people that were fairly and in some cases automatically blocked. I, during my day job, do some mail system administration at a big company. We purchase the SpamCop RBL along with a few others. The RBLs which the company voluntarily subscribes is almost as good as sliced bread. I?ve seen days where the first RBL, SpamCop, filters as many as 85-kilo-spams a day. All that with only a couple false positives a month! And those almost always turn out to be valid as there was a security problem at the senders? servers; and they were spamming due to open relay, infection, or misconfiguration, etc. Without services in which recipients may subscribe to such as SpamCop; I would be deluged with complaints that people are getting too much (junk) mail. Remember - we the system providers have the right to protect our private property from any sort of traffic. If that means using RBL services to block messages then so-be-it. There may be some wheat in with the chaff but nothing is going to be perfect. It is easier to deal with the odd one or two complaints a month of people who think should not have had their mail (usually for a reason) blocked then the 20 a day form people who are getting a tonne of dirty spam. P.S. I believe that the notation buried in the SpamCop help that says that SpamCop should not be used in a production environment is either outdated or wrong. I think that the SpamCop RBL is now a must for the corporate production environment.(Or is that there as a "legal disclaimer?") P.P.S Sorry if I am being an anti-troll; but the whiners need some cheese. P.P.P.S. Yeah, I've said this all before... From nobody at spamcop.net Sat Sep 4 16:09:09 2004 From: nobody at spamcop.net (Petzl) Date: Sat Sep 4 01:10:02 2004 Subject: [SpamCop-List] Re: IMHO SpamCop is utterly responsible and reliable. References: Message-ID: On Fri, 03 Sep 2004 21:25:26 -0700, Ben wrote: It is no opinion but a statement of fact SpamCop is the best blocklist to use on the planet IMO The only smarter move is to then accept email from only whitelisted IP's such as listed by "Bonded Sender" www.bondedsender.org This whitelist is free (and a must have for removing false positives) For those that wish to use the whitelist that onlly uses double opt-in use plus.bondedsender.org Please see configuration page for ISP's at www.bondedsender.org and substitute "plus.bondedsender.org" for "bondedsender.org" Petzl -- SECURE YOUR COMPUTER NOW!! KEEP WINDOWS UPDATED http://v4.windowsupdate.microsoft.com/en/default.asp "AVG 6.0 Free Edition" Anti-Virus Check your computer for "Spy Bots" (free) & Good firewall for windows(free version available) Block spamvertised websites (free. A must for Parents) From windsorfoxNOSPAM at cox.net Sat Sep 4 01:12:43 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:15:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE In-Reply-To: References: Message-ID: WazoO wrote: > "Bryan" wrote in message > news:ch5okh$bfa$1@news.spamcop.net... > >>Well, I'm sure SpamCops receives a LOT of complaints from people that were >>unfairly, and in some case idiotically blocked. I present here what I feel >>is the single most STUPID thing SpamCop have done to date. > > > and some people are just foolish. > > "Goob" is the word that was in my head. From windsorfoxNOSPAM at cox.net Sat Sep 4 01:18:58 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:20:03 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: References: <41363935.4020002@domain.invalid> Message-ID: eddie wrote: > On Wed, 01 Sep 2004 19:02:57 -0500, WindsorFox[SS] scratched out the > following: > > snip > >> I don't. I prefer Netscape. Also no pop-ups and no ads. Unless you >>put your email address where it doesn't belong. > > > to each his own. I was just offering my experience on my G5 OSX. > Mozilla is almost as good as Safari in some respects, but Safari doesn't > have NGs built in. Isn't Safari a Mozilla based app??? From windsorfoxNOSPAM at cox.net Sat Sep 4 01:20:11 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:20:14 2004 Subject: [SpamCop-List] Re: Netscape Spamming me In-Reply-To: References: <41363935.4020002@domain.invalid> Message-ID: Cat wrote: > WindsorFox[SS] wrote: > >> eddie wrote: >> >> >>> >>> I have a G5 and I downloaded and am using Mozilla. >>> I suggest removing Netscape and installing the latest Mozilla >>> browser. No >>> popups, no ads, nothing but good smooth browsing. >> >> >> >> I don't. I prefer Netscape. Also no pop-ups and no ads. Unless you >> put your email address where it doesn't belong. > > > Yeah, I use Netscape 7.1, and I don't get pop ups or anything. It's all > in how you set up Netscape to work. > 7.2 adds a Google like bar to the setup except it's Netscape search only. There is a way to change it to / add Google though. From windsorfoxNOSPAM at cox.net Sat Sep 4 01:29:43 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:30:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: Magnus Back wrote: > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. Is it just me or has the stupidity quotient risen exponetially in the last month or so? From windsorfoxNOSPAM at cox.net Sat Sep 4 01:34:39 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:35:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: eddie wrote: > On Sat, 04 Sep 2004 09:22:42 +0900, Magnus Back scratched out the > following: > > >>Dear eddie. >> >>Yes my idiotic placement of the words "Lard asses" was funny. >> >>However, your Bush style critique of my spelling and grammar doesn't fly, >>does it. >> >>Magnus >> > > No, it's my Kerry/Dean style of critique, Mr. Lard. I guess you can't > tell the difference where you are. I rarely use a Bush style. > And don't top-post. It's another thing we don't take lightly here. Inline > or bottom posting only. I am sure others will let you know about that, too. Shouldn't that be "Mr. Ass" ?? From windsorfoxNOSPAM at cox.net Sat Sep 4 01:35:54 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Sep 4 01:40:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: Magnus Back wrote: > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. More proof you're an idiot. > > "Bush style": Falsification of truths to suit your own needs. > Well go figure. > That's Kerry style. > And yes from pretty much anywhere in the world we can see and feel > the difference between Republicans and Democrats. > But to be honest it is like making a choice between Coke and Pepsi. > In the US you seem to see it as a big difference but seen from the outside > it won't matter much. > Surface, arrogance, bickering but no content (and what is worse, few people > cares). > > Magnus > Kind of the way we fell about your complaint against Spamcop because you are clueless as to how it works. Perhapse you shoul ask Algore.... From eddie at eddie.web Sat Sep 4 02:41:36 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 4 01:45:04 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 11:25:53 +0900, Magnus Back scratched out the following: > Eddie, I post top, bottom, middle or pretty much where I want thank you > very much. Me too, I post anywhere for people like you > "Bush style": Falsification of truths to suit your own needs. Well go > figure. >>> However, your Bush style critique of my spelling and grammar doesn't >>> fly, does it. so if you can figure it out >then you don't mind if > And yes from pretty much anywhere in the world we can see and feel the > difference between R I post wherever I want to post >Republicans and Democrats. But to be honest it is like it's OK by me. > making a choice betw since I can do what I "feel" too. > Coke and Pepsi. In the US you seem to see it as a maybe we should all jsut post wherever we "feel" like posting, eh? > big difference but seen from the outside it won't matter much. yeah, whatever goes. Just post anywhere > Surface, arrogance, bickering but no content (and what is worse, few > people cares). let the stupid reader figure it out > > Magnus > > > eddie wrote: something somewhere but it's hard to see it >> On Sat, 04 Sep 2004 09:22:42 +0900, Magnus Back scratched out the >> following: >> >> No, it's my Kerry/Dean style of critique, Mr. Lard. I guess you can't >> tell the difference where you are. I rarely use a Bush style. And don't >>> Dear eddie. >>> >>> Yes my idiotic placement of the words "Lard asses" was funny. >>> >>> However, your Bush style critique of my spelling and grammar doesn't >>> fly, does it. >>> >>> Magnus >>> >> top-post. It's another thing we don't take lightly here. Inline or >> bottom posting only. I am sure others will let you know about that, too. From eddie at eddie.web Sat Sep 4 02:46:46 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 4 01:50:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 00:35:54 -0500, WindsorFox[SS] scratched out the following: > Magnus Back wrote: > >> Eddie, I post top, bottom, middle or pretty much where I want thank you >> very much. > > More proof you're an idiot. > > >> "Bush style": Falsification of truths to suit your own needs. Well go >> figure. >> >> > That's Kerry style. > > Kind of the way we fell about your complaint against Spamcop > because you are clueless as to how it works. Perhapse you shoul ask > Algore.... Mr. Lard did, which is why he posted here. Lard Ass posted here before he posted there, and he posts top before he posts bottom. I wonder how Lard gets anything done. Lard builds a house roof first and turns his computer off before he uses it. I think the term Lard Ass is very meaningful, knowing where the expression comes from. From eddie at eddie.web Sat Sep 4 02:52:02 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 4 01:55:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 11:25:53 +0900, Magnus Back scratched out the following: > Eddie, I post top, bottom, middle or pretty much where I want thank you > very much. Well then anyone can do > "Bush style": Falsification of truths to suit your own needs. Well go > figure. the same thing >> On Sat, 04 Sep 2004 09:22:42 +0900, Magnus Back scratched out the >> following: >> >>> Dear eddie. >>> >>> Yes my idiotic placement of the words "Lard asses" was funny. >>> >>> However, your Bush style critique of my spelling and grammar doesn't >>> fly, does it. >>> >>> Magnu >>> >> No, it's my Kerry/Dean style of critique, Mr. Lard. I guess you can't >> tell the difference where you are. I rarely use a Bush style. And don't > And yes from pretty much anywhere in the world we can see and feel the and stick their post in > difference between Republicans and Democrats. But to be honest it is wherever they want > like making a choice between Coke and Pepsi. In the US you seem to see and let the stupid reader figure > it as a big difference but seen from the outside it won't matter much. it out, eh? > Surface, arrogance, bickering but no content (and what is worse, few Anarchists should keep > people cares). to > Magnus themsleves > > > eddie wrote: > s >> top-post. It's another thing we don't take lightly here. Inline or >> bottom posting only. I am sure others will let you know about that, too. From 8vmb6jy02 at sneakemail.com Sat Sep 4 08:05:15 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Sat Sep 4 02:10:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: WindsorFox[SS] wrote: > Magnus Back wrote: > >> So we have a self styled police here. >> Who the hell gave spamcop the right to filter out peoples mails. >> I can't send mails to America now due to the fact that my ISP mail server >> got on the list. That is not my fault is it. >> >> You americans, sue their arses off. >> >> >> Lard asses. > > > > Is it just me or has the stupidity quotient risen exponetially in > the last month or so? Are you sure you want me to answer that? :-p -- Sean From Martin.Edwards5 at btinternet.com Sat Sep 4 09:15:54 2004 From: Martin.Edwards5 at btinternet.com (Martin Edwards) Date: Sat Sep 4 03:10:37 2004 Subject: [SpamCop-List] Re: Spam Processing is Down In-Reply-To: References: Message-ID: SpamCop Admin wrote: > The IT guys have been paged to fix the problem. Hopefully, it will be > something simple. > > - Don - Ok here 08.05 GMT, a but slow. From UseTheReplyToField at crazyhat.net Sat Sep 4 02:34:51 2004 From: UseTheReplyToField at crazyhat.net (DevilsPGD) Date: Sat Sep 4 03:35:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: In message "WindsorFox[SS]" wrote: > Is it just me or has the stupidity quotient risen exponetially >in the last month or so? Maybe Moris really is leaving and the others are filling in? -- Power corrupts. Absolute power is kind of neat. From baloo at ursine.dyndns.org Sat Sep 4 01:42:20 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Sep 4 03:50:02 2004 Subject: [SpamCop-List] Netiquette resources References: Message-ID: <87zn46lbtv.fsf_-_@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "John Lurker" writes: > "Magnus Back" wrote in message > news:chb942$5ok$1@news.spamcop.net... >> Eddie, I post top, bottom, middle or pretty much where I want thank you > very >> much. > > http://linux.sgms-centre.com/misc/netiquette.php > Glad to see lack of manners is a universal trait... That's going in my wiki now. I'm starting a top-posting node... http://ursine.dyndns.org/cgi-bin/wiki.pl?TopPosting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOXHcUzgNqloQMwcRAnwbAJ9Ga28kRGE90i0Th5G6IxpfL9+xEQCgu3wf N3gKoVe+mmD1YkNZmKk3hPI= =mYDi -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Sat Sep 4 01:43:49 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Sep 4 03:50:11 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: <87vfeulbre.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "WindsorFox[SS]" writes: > Is it just me or has the stupidity quotient risen exponetially in > the last month or so? As the dumbest users(aol) get smarter, we might soon start seeing the September cycle again. Might be able to turn the page to October, 1993 already... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOXI1UzgNqloQMwcRAvGjAJ9kxxD+E7jTJjFy7Sg2jwc8oUhtjwCfdtH6 EZ+YzYfadKYS/+LHntfUVRM= =71RF -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Sat Sep 4 01:44:58 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Sep 4 03:50:18 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: <87r7pilbph.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "WindsorFox[SS]" writes: > Magnus Back wrote: > >> Eddie, I post top, bottom, middle or pretty much where I want thank you very >> much. > > More proof you're an idiot. > >> "Bush style": Falsification of truths to suit your own needs. Well >> go figure. > > That's Kerry style. No, no. That's perfect Bush wagging-the-dog-to-cover-complete-lack-of- domestic-and-social-policy style. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOXJ6UzgNqloQMwcRAg1fAJ9FN3bobrqTK7/C9f7CeUZDmzDTHwCdFekK ayHcUztD98DZK9InVm3klwI= =uDNR -----END PGP SIGNATURE----- From nobody at devnull.spamcop.net Sat Sep 4 05:24:04 2004 From: nobody at devnull.spamcop.net (Cat) Date: Sat Sep 4 05:25:22 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: Magnus Back wrote: > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. Sorry, but if you're going to insist on still top posting AND being rude about it, don't expect anyone here to bother to help you or to take you seriously. Now, you can either be nice and stop the obnoxious top posting and actually get some help for your problem, or you can keep up this intentinallly obnoxious habit of top posting and not get any help at all. From nobody at nowhere.invalid Sat Sep 4 14:13:14 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Sep 4 07:15:07 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 11:25:53 +0900, Magnus Back coughed into spamcop and left this in : > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. When in Rome do as the Romans do. Or end up in the arena with the pussy cats, with the chains around you, not them. Round here, inline posting is the norm. Top-posting and not trimming are frowned upon. Your comment above is pretty much like going to the swimming pool, pissing in it and screaming "I piss pretty much where I want, TYVM." -- Steve You can't block a port with software that runs on the same machine where the attacks are aimed. That's like trying to stop bullets by shoving Kevlar up your backside. By the time the bullet hits the Kevlar, the damage has been done. -- Morely 'Spam is theft' Dotes in NANAE, 13-AUG-2003 From nobody at nowhere.invalid Sat Sep 4 14:16:01 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Sep 4 07:20:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 01:34:51 -0600, DevilsPGD coughed into spamcop and left this in : > Maybe Moris really is leaving and the others are filling in? Oh please, not that! We (tinw) haven't seen that blathering idiot round here yet, so let's keep it that way, okay? -- Steve Exclusive dedication to necessitous chores without interludes of hedonistic diversion renders John a hebetudinous fellow. From eddie at eddie.web Sat Sep 4 12:44:25 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 4 11:45:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: On Sat, 04 Sep 2004 07:05:15 +0100, Sean W scratched out the following: > WindsorFox[SS] wrote: > >> Magnus Back wrote: >> >>> So we have a self styled police here. Who the hell gave spamcop the >>> right to filter out peoples mails. I can't send mails to America now >>> due to the fact that my ISP mail server got on the list. That is not my >>> fault is it. >>> >>> You americans, sue their arses off. >>> >>> >>> Lard asses. >> >> >> >> Is it just me or has the stupidity quotient risen exponetially in >> the last month or so? > > Are you sure you want me to answer that? :-p first you would have to have Mr. Lard Ass define the word exponetially it's a close-but-no-cigar kind of word. Perhaps Mr Ass is from the Bush school of word-making??? From eddie at eddie.web Sat Sep 4 12:50:18 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 4 11:55:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: <87r7pilbph.fsf@ursine.dyndns.org> Message-ID: On Sat, 04 Sep 2004 00:44:58 -0700, Paul Johnson scratched out the following: snip >> That's Kerry style. > > No, no. That's perfect Bush wagging-the-dog-to-cover-complete-lack-of- > domestic-and-social-policy style. As I recall, Wag the Dog was a Clinton movie, not a Bush movie. Clinton's Bosnia episode was so good, covering up the blue dress thing. It was so effective that he had it made into a movie. However, Mars Attacks was a far better movie, with a great Nicholson/Clinton. Ack Ack. From agent01413 at my-deja.com Sat Sep 4 11:33:49 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Sat Sep 4 12:35:02 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that Magnus Back had this to say on 03 Sep 2004: > Eddie, I post top, bottom, middle or pretty much where I want thank > you very much. > and I plonk top posters using the 100 day plonk featuer of xnews. I figure I wont miss much from someone's posts in their first 100 days on the internet. if they are still here when the plonk expires, either they've learned enough to be contributing members of the society and are no longer clueless top posters, or they've gone away, or I make the plonk permanent. xnews is nice that way. -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From agent01413 at my-deja.com Sat Sep 4 11:39:57 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Sat Sep 4 12:40:02 2004 Subject: [SpamCop-List] Re: IMHO SpamCop is utterly responsible and reliable. References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that Ben had this to say on 03 Sep 2004: > P.S. I believe that the notation buried in the SpamCop help that says > that SpamCop should not be used in a production environment is either > outdated or wrong. I think that the SpamCop RBL is now a must for the > corporate production environment.(Or is that there as a "legal > disclaimer?") I'm using it quite happily in a production environment as well, thank you. I tracked stats for awhile a couple of months ago. SORBS and my local filters actually refused more mail, but I still find Spamcop valuable. I do recommend to clients that they include persistent high volume spam sources in the local access file to cut down on the bandwidth of queries, so 200/8 and 203/8 never gets queried against dnsbl's, for instance. -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From me at axelsiebert.de Sat Sep 4 23:03:37 2004 From: me at axelsiebert.de (Axel Siebert) Date: Sat Sep 4 16:05:23 2004 Subject: [SpamCop-List] Why only IP Whois and not Domain Whois? Message-ID: I have searched the spamcop site, the forum and this group, but I couldn't find an answer to the following question: Why does SpamCop only send reports to the ISP responsible for the IP address which a spamvertised site resolves to, and no reports to the registrar of the domain? Isn't it equally important that, say, cheapviagra.biz doesn't resolve anymore and that the server behind it gets shut off? Cheers, Axel From tmcgraw at spamcop.net Sat Sep 4 14:27:51 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Sep 4 16:30:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop are utterly IRRESPONSIBLE References: <200409021645.1c2Yst38x3Nl3oX0@new.mail.atl.earthlink.net> Message-ID: <413A2547.9090903@spamcop.net> Ben wrote: > eddie wrote: >> On Thu, 02 Sep 2004 16:17:46 -0500, Trish Roberts-Miller scratched out the >> following: >> >>> That isn't a grammar mistake. It's a spelling error. >> >> Sometimes bad "grammer" is a spelling error. :) > > Anyone ever consult the "Chicago Manual of Style?" It is a fine > reference on writing with the American version of the English language. That's fine for books. Though a ng is not the Web, I recommend http://webstyleguide.com From MikeE at ster.invalid Sat Sep 4 14:36:31 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Sep 4 16:40:03 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: Axel Siebert wrote: > Why does SpamCop only send reports to the ISP responsible for the IP > address which a spamvertised site resolves to, and no reports to the > registrar of the domain? The 'traditional' notifies for a spam are based on 'source' and 'spam support' - where source used to represent notifying the provider for the actual spammer, but now more typically represent notification of a provider re insecurity, and support represents provision of webspace to a spamvertiser. In addition, spamcop's design is based on its 'algorithmic' condition and its ability to use its algorithms to 'read' spam headers and spambodies to determine the IP of the source and the spamvertiser and then automate using the whois to determine notify addresses. Traditionally the registrars for a domain name haven't been notified because they aren't 'directly' involved in the spam or the spam support business. There is no good law against spamming, nor in being the registrant of a domain name which is being spamvertised and or not being spamvertised. That is, each 'link' to the offense of spam is more tenuous than the one before. Whereas on the one hand, holding a spam in your hand is a good sign that you were spammed and therefore the /source/ of that spam is a direct issue; the fact that a site is being spamvertised in the spam doesn't actually /prove/ that the /spamvertiser/ sent the spam in a 'court of law' - but it is simply 'implied' by the fact that the spamvertiser has something to gain from the spam. Just as if the rich widow's spouse gets bumped off by a contract murder doesn't prove she contracted it. The fact that blocklists such as spews choose to 'punish' providers for spamvertisers by listing them doesn't mean that anyone would be able to successfully prosecute some kind of case or tort against a provider for a spamvertiser. So, even the webprovider for a spamvertiser is a tenuous relationship to the spam 'event' -- and in fact, spamcop is involved in the 'business' of making a list of spam *sources* not spamvertiser providers. It simply does the spamvertiser providers the courtesy of telling them about spamitems; and if they don't want to hear about it, they don't have to. Now, moving a step further away from the actual process of 'performing' spamming comes the domain name provider. It is not even necessarily true or a rule that a domainname registrar have any terms of service against the domain name being involved in spamvertising. It is also exceedingly difficult to automate the process of looking up the notification of the registrant, because of the myriad of formats involved in domainname registration. And, even more importantly, the spamcop notification process for domain registration would be just as 'toothless' as the notification of the webspace provider for spamvertising > Isn't it equally important that, say, cheapviagra.biz doesn't resolve > anymore and that the server behind it gets shut off? The business of spamfighting takes many forms. SpamCop notification processes are just one of those forms. The business of 'attacking' the domainname registration or the nameservice is a completely different process and separate from what spamcop is about. There are many people who are involved in spamcop notifications as well as domainname registrar notifications about bogosity in the registration; and also tracking down how the nameservice is handled - which is sometimes very bizarre and obscure. Those processes do not lend themselves to spamcop style automation or algorithms at all. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Sat Sep 4 14:38:25 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Sep 4 16:40:11 2004 Subject: [SpamCop-List] SPAM-HIGH, SPAM-MED, SPAM-LOW Message-ID: <413A27C1.30002@spamcop.net> Anyone else getting any of these? They haven't been seen in the wild. Does it have anything to do with Richter ya think? From hjalmis at bredband.net Sun Sep 5 00:14:50 2004 From: hjalmis at bredband.net (GÖRAN HJALMARSSON) Date: Sat Sep 4 17:15:03 2004 Subject: [SpamCop-List] Mer spam Message-ID: Det har inte blívit bätrre med spam sen jag började med det här. Jag får mer och mer spam varje dag. Fy fan för alla spam!! Göran From masfjorden at spamcop.net Sun Sep 5 00:30:25 2004 From: masfjorden at spamcop.net (helge) Date: Sat Sep 4 17:35:03 2004 Subject: [SpamCop-List] Re: Mer spam In-Reply-To: References: Message-ID: <413A33F1.3050104@spamcop.net> G?RAN HJALMARSSON wrote: > Det har inte bl?vit b?trre med spam sen jag b?rjade med det h?r. > > Jag f?r mer och mer spam varje dag. Jeg f?r ogs? mer og mer spam; spesielt var det ille i begynnelsen, da jeg var uforsiktig og ?pnet spam online. > Fy fan f?r alla spam!! St?ttet But this is is a newsgroup for people who have two things in common: they all hate spam like you say you do, and they all communicate in English. Neither Swedish nor Norwegian are popular languages here. Would you consider writing your message in English too? > G?ran helge From UseTheReplyToField at crazyhat.net Sat Sep 4 16:43:05 2004 From: UseTheReplyToField at crazyhat.net (DevilsPGD) Date: Sat Sep 4 17:45:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: In message Steven Maesslein wrote: >> Maybe Moris really is leaving and the others are filling in? > >Oh please, not that! We (tinw) haven't seen that blathering idiot round >here yet, so let's keep it that way, okay? I was thinking globally, not just this one group -- But good point. -- Whenever I feel blue, I start breathing again. From nobody at spamcop.net Sun Sep 5 11:26:05 2004 From: nobody at spamcop.net (Anony Mouse) Date: Sat Sep 4 18:30:02 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: Message-ID: <413A40FD.7030609@spamcop.net> Steve Gilder wrote: Attack Gandi full on... I do... They are a scummy spam supporting registrar. They have no problem at all ignoring ICANN policy... Of note is there willingness to provide email addresses@gandi so that spammy can avoid having their domains closed due to false email addresses. I have laid a formal complaint with ICANN over the practise but others need to do the same... From nobody at devnull.spamcop.net Sat Sep 4 20:02:20 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 4 19:05:08 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: <413A40FD.7030609@spamcop.net> Message-ID: "Anony Mouse" wrote in message news:413A40FD.7030609@spamcop.net... > Steve Gilder wrote: > > > Attack Gandi full on... I do... > They are a scummy spam supporting registrar. > > They have no problem at all ignoring ICANN policy... > > Of note is there willingness to provide email addresses@gandi so that > spammy can avoid having their domains closed due to false email addresses. > > I have laid a formal complaint with ICANN over the practise but others > need to do the same... > >From other posts I assumed Gandi to be a spam supporting registrar much like RGNames, etc. I guess if they want to come after me, let them. If you are who I think you are, you will understand that I will be doing a mini-LART with an ICANN followup ala xdiscount99@hotmail.com/Jeniper Jin Thanks Mr. Mouse From baloo at ursine.dyndns.org Sat Sep 4 17:00:25 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Sep 4 19:05:24 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: <87r7pilbph.fsf@ursine.dyndns.org> Message-ID: <87llfpod12.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 eddie writes: > On Sat, 04 Sep 2004 00:44:58 -0700, Paul Johnson scratched out the > following: > > snip >>> That's Kerry style. >> >> No, no. That's perfect Bush wagging-the-dog-to-cover-complete-lack-of- >> domestic-and-social-policy style. > > As I recall, Wag the Dog was a Clinton movie, not a Bush movie. I'm talking about the concept in general, which isn't president-specific. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBOkkJUzgNqloQMwcRAiugAKCnAWlcNj8kNcXPWGIPRx1/zXnrNwCfULcW kyskmJRHtG6Y/dM3bBkNzvI= =OkSA -----END PGP SIGNATURE----- From dfm2a3l0t2 at spymac.com Sat Sep 4 20:15:30 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Sep 4 19:15:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: In article , Magnus Back wrote: > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. And people who say that find themselves in many killfiles, thank you very much. -- I'm D.F. Manno, and I don't approve of George Bush's message. From UseTheReplyToField at crazyhat.net Sat Sep 4 18:51:38 2004 From: UseTheReplyToField at crazyhat.net (DevilsPGD) Date: Sat Sep 4 19:55:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: In message Magnus Back wrote: >Who the hell gave spamcop the right to filter out peoples mails. I did. Well, on my server anyway. Me, and every other mail server administrator who tire of spam give spamcop the right to filter mail on behalf of our users. Of course, it's not really spamcop that filters our mail, on my server *I* filter mail, I just use spamcop's advice when I decide what to accept and what to nuke. -- Sticks and stones may break my bones, but improperly spelled insults merely amuse me. From nobody at devnull.spamcop.net Sat Sep 4 21:23:13 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 4 20:25:03 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Mike Easter" wrote in message news:chd900$t4q$1@news.spamcop.net... > Axel Siebert wrote: [snip] > > Now, moving a step further away from the actual process of 'performing' > spamming comes the domain name provider. It is not even necessarily true > or a rule that a domainname registrar have any terms of service against > the domain name being involved in spamvertising. > [snip] > > > Isn't it equally important that, say, cheapviagra.biz doesn't resolve > > anymore and that the server behind it gets shut off? > > The business of spamfighting takes many forms. SpamCop notification > processes are just one of those forms. The business of 'attacking' the > domainname registration or the nameservice is a completely different > process and separate from what spamcop is about. There are many people > who are involved in spamcop notifications as well as domainname registrar > notifications about bogosity in the registration; and also tracking down > how the nameservice is handled - which is sometimes very bizarre and > obscure. Those processes do not lend themselves to spamcop style > automation or algorithms at all. > > -- > Mike Easter > kibitzer, not SC admin > Although I agree with you about the complexity of automating the whois processing in SC, I am not so sure about your statement concering the processes not lending themselves to SC algorithms. In addition, some of what you said needs clarification. First, after spending several hours reading thru the ICANN Registrar Accreditation Agreement (see: http://www.icann.org/registrars/ra-agreement-17may01.htm) which does not qualify me as an expert, I found that one thing ICANN requires of accredited registrars is a contract with Registered Name (Domain Name) owner. The agreement is very specific about what information the Registrar must have from the owner. There are two sections that important: 3.2.1 and 3.3.1. The main and I think most important is 3.3.1.7 where it states *The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name*. I think the e-mail address is important because in my limited experience the e-mail is more frequently inaccurate than not. The next important section is 3.7.7 where it states *Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar including at least the following provisions:* where it talks about the Registrant's requirements for keeping their info up-to-date and the Registrar's actions that can be taken if it is not. Specifically, in 3.7.7.2 it says *A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration*. I think this must have caused a lot of Registrar complaints because ICANN issued an advisory on 3 April 2003 titled *Registrar Advisory Concerning the "15-day Period" in Whois Accuracy Requirements" at: http://www.icann.org/announcements/advisory-03apr03.htm. The purpose of this advisory according to ICANN is to *assist ICANN-accredited registrars in understanding what has been referred to as the "15-day period" relating to Whois data-accuracy requirements*. It also talks about what "permits the registrar to cancel a domain-name registration". Although I think the advisory is wishy-washy in spots, the advisory states *the appropriate course of conduct for a registrar that does not receive a response from a customer with inaccurate data varies depending on a variety of factors - including the materiality and severity of the inaccuracy, the customer's past conduct with respect to correcting inaccuracies, the extent of harm to third parties, etc*. The *materiality and severity of the inaccuracy* is up to the Registrar but the 24 Domain Names registered to a Jeniper Jin with inaccurate e-mail addresses that I have identified seems to me to be pretty material. To me, the *harm to third parties* means me. I had to put up with the spam, it used up my system resources, I spent my time reporting it and LARTing to a Registrar (RGNames) that probably deleted my e-mail. I am also sure that others, many others have been harmed similarly. Whew, sorry about that I started to rant. Now to my point. Based on all the above, it seems to me that SC should undertake what ever things it can automate reporting to Registrars because they do not have to do anything until they are notified of a whois inaccuracy. An assumption of an inaccuracy will be right more often than not. ICANN also needs to be involved in this so they can follow up with the Registrar to make sure the Registrar is following its contractual obligations in the ICANN Registrar Accreditation Agreement. One other item and I am done. I actually sent ICANN a CC on my e-mail to RGNames titled *Formal notification of inaccuracies in Registrant's Information*. the response from ICANN was: *Hello, and thank you for your message. You have sent a message to an email address at ICANN. Unfortunately, we collect a tremendous amount of spam, and we have been forced to implement protective measures. In order to process your message we need to confirm that it came from a real email address. * [snip] Based on the, It seems to me ICANN is ripe for getting involved in the fight if they are not already. From MikeE at ster.invalid Sat Sep 4 18:58:47 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Sep 4 21:00:03 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: Steve Gilder wrote: > "Mike Easter" wrote in message >> Now, moving a step further away from the actual process of >> 'performing' spamming comes the domain name provider. It is not >> even necessarily true or a rule that a domainname registrar have any >> terms of service against the domain name being involved in >> spamvertising. >> The business of spamfighting takes many forms. SpamCop notification >> processes are just one of those forms. The business of 'attacking' >> the domainname registration or the nameservice is a completely >> different process and separate from what spamcop is about. There >> are many people who are involved in spamcop notifications as well as >> domainname registrar notifications about bogosity in the >> registration; and also tracking down how the nameservice is handled >> - which is sometimes very bizarre and obscure. Those processes do >> not lend themselves to spamcop style automation or algorithms at all. > First, after spending several hours reading thru the ICANN Registrar > Accreditation Agreement (see: > The agreement is very specific about what information > the Registrar must have from the owner. > requirements for keeping their info up-to-date and the Registrar's > actions that can be taken if it is not. > states *the appropriate course of conduct for a registrar that does > not receive a response from a customer with inaccurate data > it seems to me that SC should undertake what ever > things it can automate reporting to Registrars > ICANN also needs to be involved in this I would summarize your points by saying that ICANN insists that the registrars are required by their ICANN relationship to maintain accurate registrant information. I agree with that point, and that ICANN invites the 'public' to notify registrars via ICANN [internic] of inaccurate registration information. In fact, many registrars will not accept such notification 'directly' to them, but insist that it be provided to them via the ICANN intermediary, who allegedly follows up on each such issue. That being said; realize that none of that sez anything *directly* about /spam/. The fact of the matter is that spam simply 'triggers' some interested spammee to examine the registration information for a spamvertised domain. And, /that/ being said, realize that none of /that/ has anything to do with spamcop's purpose or mechanisms of notifying providers for spamsources and spamvertisers. I think. That is, I further think that all notification of providers is recommended by both ICANN and the various registrars to take place through ICANN via internic, which does not accept this submission in the form of an email.-- see http://wdprs.internic.net/ Whois Data Problem Report System -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Sep 4 19:07:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Sep 4 21:10:03 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: Mike Easter wrote: > That is, I further think that all notification of providers is > recommended by both ICANN and the various registrars to take place > through ICANN via internic, which does not accept this submission in > the form of an email.-- see http://wdprs.internic.net/ Whois Data > Problem Report System s/providers/registrars/ I further think that notification of registrars is.... ICANN and many registrars want registrars to be notified of inaccurate information via the internic website and some registrars will accept no such notification 'directly' SpamCop has no such facility or capacity to determine inaccurate registrant information nor to submit information to a webform, including one which starts with entering the domain and the name and email address of the submitter. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sat Sep 4 21:29:34 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Sep 4 21:30:03 2004 Subject: [SpamCop-List] Re: IMHO SpamCop is utterly responsible and reliable. References: Message-ID: In article , Ben writes: > P.S. I believe that the notation buried in the SpamCop help that says that > SpamCop should not be used in a production environment is either outdated > or wrong. If you actually found such wording, please specify where. What I find at http://mailsc.spamcop.net/bl.shtml is the words: This system and most other spam-filtering systems should not be used in a production environment where legitimate email _must_ be delivered. Which is certainly true. From nobody at devnull.spamcop.net Sat Sep 4 23:33:47 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 4 22:45:15 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Mike Easter" wrote in message news:chdors$945$1@news.spamcop.net... > Mike Easter wrote: > > That is, I further think that all notification of providers is > > recommended by both ICANN and the various registrars to take place > > through ICANN via internic, which does not accept this submission in > > the form of an email.-- see http://wdprs.internic.net/ Whois Data > > Problem Report System > > s/providers/registrars/ > > I further think that notification of registrars is.... > > ICANN and many registrars want registrars to be notified of inaccurate > information via the internic website and some registrars will accept no > such notification 'directly' > > SpamCop has no such facility or capacity to determine inaccurate > registrant information nor to submit information to a webform, including > one which starts with entering the domain and the name and email address > of the submitter. > > > > -- > Mike Easter > kibitzer, not SC admin > Sorry to everyone in addition to Mike for my tirade above. I was really angry because I had received more spam that included spamvertised sites registered to one Jeniper Jin using additional domain names I now have to add to my list. I'm going to nail that *slughead (from GoldenEye)*. I agree with your points. However, it might be appropriate for SC enter into an agreement with ICANN for ICANN to receive reports of *Registered Names* ordered by Registrar for them to follow up on. I believe that ICANN then be able to very quickly identify Registrars responsible for ICANNs spam problem. This would help ICANN as well as the rest of us From nobody at devnull.spamcop.net Sun Sep 5 00:06:28 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 4 23:10:02 2004 Subject: [SpamCop-List] [C&C] Spam subject Message-ID: One I got today: Subject: never considered this form of advertising? I can't decide if the punctuation is wrong (?=!) or if an extra letter was added. I am inclined to agree with the former. LOL From bar_n0ne at hotmail.com Sun Sep 5 08:52:32 2004 From: bar_n0ne at hotmail.com (Berny) Date: Sat Sep 4 23:55:02 2004 Subject: [SpamCop-List] where Charley didn't, Frances succeeded Message-ID: A Huge wave of spam and "clearance sales" these past few days, and now, just a trickle of spam. Since I get a couple of hundred a day I think it might even be significant. Hope everyone else gets a respite too. From none at domain.invalid Sat Sep 4 23:40:29 2004 From: none at domain.invalid (Anonymous) Date: Sun Sep 5 01:40:21 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Steve Gilder" wrote in message news:chdue4$cm5$1@news.spamcop.net... > I agree with your points. However, it might be appropriate for SC enter into > an agreement with ICANN for ICANN to receive reports of *Registered Names* > ordered by Registrar for them to follow up on. I believe that ICANN then be > able to very quickly identify Registrars responsible for ICANNs spam > problem. This would help ICANN as well as the rest of us Oh, I can tell you which Registrar is responsible for most of the spam problem... NameBay. The largest spammers have registered most of their sites through NameBay, because they know NameBay is unresponsive to LART's. I'm tracking a spammer with 243 known domains and 1363 active websites, almost all of them registered through NameBay. This spammer accounts for approximately 11% of spam worldwide. NameBay's been sent report after report about the inaccurate registration information, about how the websites are being used for illegal purposes, about how through their inaction they are contributing to organized crime, but still NameBay does nothing. ICANN needs to shut NameBay down. From MikeE at ster.invalid Sun Sep 5 00:37:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 02:40:04 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: Anonymous wrote: > Oh, I can tell you which Registrar is responsible for most of the > spam problem... NameBay. The largest spammers have registered > most of their sites through NameBay, because they know NameBay is > unresponsive to LART's. > > I'm tracking a spammer with 243 known domains and 1363 active > websites, almost all of them registered through NameBay. This > spammer accounts for approximately 11% of spam worldwide. > NameBay's been sent report after report about the inaccurate > registration information, about how the websites are being used > for illegal purposes, about how through their inaction they are > contributing to organized crime, but still NameBay does nothing. > > ICANN needs to shut NameBay down. As far as I know, there is nothing in the ICANN-registrar agreement which has anything to do with illegal activity or organized crime much less the situation about spamming. The only condition in that agreement that I know about is that the registrar has to maintain accurate contact information. It isn't likely that ICANN will have anything to do with the oversight of the accuracy of that contact information unless the registrar is notified via the ICANN internic online form process, and I don't think it is likely at all that ICANN cares anything about spam or the enforcement of behavior of the activities of the websites of domainnames. That is, ICANN can't force a registrar to perform in some way which isn't stipulated in the ICANN registrar agreement which Steve posted a link to and which isn't described in ICANN's own responsibilities. A registrar isn't required by ICANN to do anything about spamming; and ICANN isn't in the 'business' of doing anything about spamming or even illegal activity. -- Mike Easter kibitzer, not SC admin From ob1db at NOSPAM.spamcop.net Sun Sep 5 04:40:45 2004 From: ob1db at NOSPAM.spamcop.net (David Butler) Date: Sun Sep 5 03:45:16 2004 Subject: [SpamCop-List] Spamcop using invalid contact for suntrust phishing scam Message-ID: Spamcop sez: Tracking link: https://internetbanking.suntrust.com No recent reports, no history available Resolves to 167.181.31.85 Routing details for 167.181.31.85 [refresh/show] Cached whois for 167.181.31.85 : hostmaster@suntrust.com Using abuse net on hostmaster@suntrust.com No abuse net record for suntrust.com Using default postmaster contacts postmaster@suntrust.com postmaster@suntrust.com bounces (145 sent : 73 bounces) Using postmaster#suntrust.com@devnull.spamcop.net for statistical tracking. but ARIN shows: IP-Whois 167.181.46.21: (ARIN/STSC)[Cached] [whois.arin.net] OrgName: SunTrust Service Corporation OrgID: SSC-67 Address: 250 Piedmont Ave. City: Atlanta StateProv: GA PostalCode: 30308 Country: US NetRange: 167.181.0.0 - 167.181.255.255 CIDR: 167.181.0.0/16 NetName: STSC NetHandle: NET-167-181-0-0-1 Parent: NET-167-0-0-0-0 NetType: Direct Assignment NameServer: NS1.SUNTRUST.COM NameServer: NS2.SUNTRUST.COM Comment: RegDate: 1993-09-09 Updated: 2003-05-22 TechHandle: ST79-ARIN TechName: Hostmaster, Steve TechPhone: +1-404-588-8698 TechEmail: hostmaster#suntrust.com As well as Internic:Domain Name: SUNTRUST.COM Administrative Contact, Technical Contact: SunTrust Banks, Inc. (IT139-ORG) hostmaster#SUNTRUST.COM 250 Piedmont Avenue MC4070 Atlanta, GA 30308 US (404)588-8698 fax: (404)588-7909 Record expires on 24-May-2006. Record created on 23-May-1995. Database last updated on 5-Sep-2004 03:00:51 EDT. Domain servers in listed order: NS1.SUNTRUST.COM 167.181.12.68 NS2.SUNTRUST.COM 167.181.247.10Why does SC do this ? I see it a lot when there is no valid Abuse.net contact: SC replaces a valid Hostmaster with a known invalid and non-working "postmaster" or simliar.I will manually LART fraud_prevention@suntrust.com, hostmaster@suntrust.com, abuse@suntrust.comDavid From MikeE at ster.invalid Sun Sep 5 01:54:15 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 03:55:03 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: David Butler wrote: > Spamcop sez: > > Tracking link: https://internetbanking.suntrust.com What is the purpose of notifying suntrust about the suntrust phish? That 'link' you post is the bogus one. In a typical suntrust phish, that link is what 'shows' in the html rendering, but 'underneath' is one of the popular phishing sites, such as http://65.39.147.57/suite/login.htm It would be better to post the tracker to talk about how the phish should be notified, rather than the eternal difference between what arin lists for the tech contact and what abuse.net has or doesn't have reg'd and what SC does with that. -- Mike Easter kibitzer, not SC admin From hjalmis at bredband.net Sun Sep 5 12:24:24 2004 From: hjalmis at bredband.net (GÖRAN HJALMARSSON) Date: Sun Sep 5 05:25:21 2004 Subject: [SpamCop-List] Spam fighter Message-ID: It hasn`t get any better whit spam this year. I have bought spamfighter and fought that I shouldn´t get any more spam- but what happen- It have incresed a lot. I got very angry and tired. Why shall i bougth i program who make it worse??? Göran Hjalmarsson Växjö Sweden From MikeE at ster.invalid Sun Sep 5 08:11:31 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 10:15:16 2004 Subject: [SpamCop-List] Re: Spam fighter References: Message-ID: GÖRAN HJALMARSSON wrote: > It hasn`t get any better whit spam this year. The general trend of spam has been and will continue to be to increase. > I have bought spamfighter and fought that I shouldn´t get any more > spam- but what happen- It have incresed a lot. No, you were mistaken. There's nothing about filtering spam that contributes to spam decreasing. I believe that insecure spam opening and reading and other forms of insecure spam handling can increase your spam. By filtering your spam and using other techniques which decrease insecure spam handling, you can avoid that cause of increased spam. I'm not familiar at all with the application Spamfighter so I went to read about it. I would not be choosing the free Spamfighter and I would not be choosing the pay Spamfighter for my filtering needs. The free Spamfighter tags your mail. The pay Spamfighter costs annually for the service and isn't sufficiently configurable for my tastes. > I got very angry and tired. It is important to manage your mail and your spam in a way that is comfortable, non-frustrating, and convenient. For most people that would be to automatically separate their good mail from their bad mail with a good filter and to delete all of the spam unopened and unread. For others, it is satisfying to report their spam through a system that contributes to their own filtration. An example of a free, multilingual, well supported and powerful spamfilter is SpamPal. You can use SP in conjunction with SpamCop's blocklist as part of its filtering system. You can contribute to that blocklist by being a spamcop reporter. Another way to filter your mail would be to use the spamcop mail system. > Why shall i bougth i program who make it worse??? I doubt if your spamfighter problem made your spamproblem worse. It just didn't make it any better. It got worse all by itself. -- Mike Easter kibitzer, not SC admin From Alexis at NotBob.frop Sun Sep 5 12:12:00 2004 From: Alexis at NotBob.frop (Alexis) Date: Sun Sep 5 11:15:03 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: <413A40FD.7030609@spamcop.net> Message-ID: "Steve Gilder" wrote in message news:chdhhv$3po$1@news.spamcop.net... > > "Anony Mouse" wrote in message > news:413A40FD.7030609@spamcop.net... > > Steve Gilder wrote: > > > > > > Attack Gandi full on... I do... > > They are a scummy spam supporting registrar. > > > > They have no problem at all ignoring ICANN policy... > > > > Of note is there willingness to provide email addresses@gandi so that > > spammy can avoid having their domains closed due to false email addresses. > > > > I have laid a formal complaint with ICANN over the practise but others > > need to do the same... > > > > From other posts I assumed Gandi to be a spam supporting registrar much like > RGNames, etc. I guess if they want to come after me, let them. > > If you are who I think you are, you will understand that I will be doing a > mini-LART with an ICANN followup ala xdiscount99@hotmail.com/Jeniper Jin > > Thanks Mr. Mouse > Gandi used to be very bad about not responding. They do have a cool new website now for reporting invalid WHOIS data to them- http://rip.gandi.net/index-en.html It works very well for me. They even go farther than other registrars and shut down not only the domain I report, but all other domains with the same bad data. Sadly, they still don't care if their domains are in spams. If you get a response to LARTS, please let us know. From Alexis at NotBob.frop Sun Sep 5 12:29:05 2004 From: Alexis at NotBob.frop (Alexis) Date: Sun Sep 5 11:30:03 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Steve Gilder" wrote in message news:chdm9j$7au$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:chd900$t4q$1@news.spamcop.net... > > Axel Siebert wrote: > [snip] > > ICANN Registrar Accreditation Agreement. > > One other item and I am done. I actually sent ICANN a CC on my e-mail to > RGNames titled *Formal notification of inaccuracies in Registrant's > Information*. the response from ICANN was: > > *Hello, and thank you for your message. > You have sent a message to an email address at ICANN. Unfortunately, we > collect a tremendous amount of spam, and we have been forced to implement > protective measures. In order to process your message we need to confirm > that it came from a real email address. * > [snip] > > Based on the, It seems to me ICANN is ripe for getting involved in the fight > if they are not already. > In that response, it says you need to reply to their email to confirm it is you, plus go to the URL they provide to confirm it. I do that with each one or I'm sure they'll toss it. I too have sent notices of inaction from RG Names- hopefully someone will wake up about them if there are enough complaints. I have seen some registrars wake up after I report them to ICANN. From daffy at intelligencia.com Sun Sep 5 16:29:30 2004 From: daffy at intelligencia.com (Sebastian Di Mateo) Date: Sun Sep 5 11:30:11 2004 Subject: [SpamCop-List] Reporting email addresses and websites hosting material References: Message-ID: nntp://news.spamcop.net/spamcop/ Hello. Every time I parse a spam message in SpamCop, I check the message manually for email reply addresses and img tags for material used in composing the offending message. I then report this incidents to the respective abuse depts, obtaining very good results against spammers. However, it's time consuming, and I lost a couple of reports because of the 4-address restriction at user-copied reports limitation. Is there a way of instructing SpamCop service to do this for me? [spamcop] From Alexis at NotBob.frop Sun Sep 5 12:38:52 2004 From: Alexis at NotBob.frop (Alexis) Date: Sun Sep 5 11:40:02 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Mike Easter" wrote in message news:chdobn$8ll$1@news.spamcop.net... > Steve Gilder wrote: > > "Mike Easter" snip > > That is, I further think that all notification of providers is > recommended by both ICANN and the various registrars to take place > through ICANN via internic, which does not accept this submission in the > form of an email.-- see http://wdprs.internic.net/ Whois Data Problem > Report System > > > > -- > Mike Easter > kibitzer, not SC admin > Some domains are not reportable through the webform, like .tv domains- they must be reported some other way, and the registrar is supposed to accept those reports. I was reading through some minutes taken of an ICANN meeting and was amazed at all the wasted time on minutiae and virtually no attention paid to the spam problem. All the talk of inaccurate WHOIS data focused on the registrars whining about removing the requirement for accurate WHOIS data. They want all the perks of being a registrar and none of the responsibility/work involved in it. Unbelievable. From MikeE at ster.invalid Sun Sep 5 09:59:16 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 12:00:03 2004 Subject: [SpamCop-List] Re: gandi.net - Legal Advice References: <413A40FD.7030609@spamcop.net> Message-ID: Alexis wrote: > Gandi used to be very bad about not responding. They do have a cool > new website > now for reporting invalid WHOIS data to them- > http://rip.gandi.net/index-en.html > > It works very well for me. They even go farther than other registrars > and shut down not only > the domain I report, but all other domains with the same bad data. Housekeeping comment. I see alternating shortlines with normal lines, suggesting that either longlines were wrapped by the newsagent, or the editing was done using some manual CR/s. Altho' I have a 3rd party addon to reformat others' awkward lines for me, your alternating shortlines don't resolve. Take a look at one of your messages such as news://news.spamcop.net/chfac6$et2$1@news.spamcop.net and see if that's really the way you want your lines to wrap. The same condition can also be seen in chfbc6$fr9$1@news.spamcop.net and chfbui$gh0$1@news.spamcop.net -- Mike Easter kibitzer, not SC admin From lennart at devnull.spamcop.net Sun Sep 5 20:07:37 2004 From: lennart at devnull.spamcop.net (Who knows) Date: Sun Sep 5 13:10:03 2004 Subject: [SpamCop-List] Re: More spam (was: Mer spam) References: <413A33F1.3050104@spamcop.net> Message-ID: On Sat, 04 Sep 2004 23:30:25 +0200, helge wrote: >G?RAN HJALMARSSON wrote: >> Det har inte bl?vit b?trre med spam sen jag b?rjade med det h?r. >> >> Jag f?r mer och mer spam varje dag. > >Jeg f?r ogs? mer og mer spam; spesielt var det ille i begynnelsen, da >jeg var uforsiktig og ?pnet spam online. > >> Fy fan f?r alla spam!! > >St?ttet >But this is is a newsgroup for people who have two things in common: >they all hate spam like you say you do, and they all communicate in >English. Neither Swedish nor Norwegian are popular languages here. Would >you consider writing your message in English too? >> G?ran > >helge Just keep on fighting back guys! As long as you are not a mole they will find out how you are and the amount of spam will decrease. I started using SC about three weeks ago with about 30 spams a day and now I'm down to less than one a day. Just wondering what the spammers are up to next . . . . Lennart From edt at infinet.com Sun Sep 5 14:34:05 2004 From: edt at infinet.com (Ed Thompson) Date: Sun Sep 5 13:35:04 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: On Sun, 05 Sep 2004 00:54:15 -0700, Mike Easter wrote: > David Butler wrote: >> Spamcop sez: >> >> Tracking link: https://internetbanking.suntrust.com > > What is the purpose of notifying suntrust about the suntrust phish? That > 'link' you post is the bogus one. In a typical suntrust phish, that link > is what 'shows' in the html rendering, but 'underneath' is one of the > popular phishing sites, such as http://65.39.147.57/suite/login.htm > > It would be better to post the tracker to talk about how the phish should > be notified, rather than the eternal difference between what arin lists > for the tech contact and what abuse.net has or doesn't have reg'd and > what SC does with that. I would like to believe that any business that has spoofed email sent to their customers would be interested in knowing about it. And I would hope they would be interested in doing something about it. Especially financial institutions. Most of these phished sites, now have a problem with their customers. How do consumers know what is a legitimate communication? Somehow they need to overcome that. Currently, on average, I get one or more Citbank, Ebay, Suntrust, PayPal, US Bank, PayPal, etc. phishes per day and the rate seems to be increasing. I do not know how these business can sit back and expect this stuff to go away. -- Ed Thompson edt@infinet.com From agent01413 at my-deja.com Sun Sep 5 13:20:22 2004 From: agent01413 at my-deja.com (Socks the white house cat) Date: Sun Sep 5 14:25:06 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: Someday in the distant future, archeologists digging thru the ruins of spamcop will discover that DevilsPGD had this to say on 04 Sep 2004: > In message Magnus Back > wrote: > >>Who the hell gave spamcop the right to filter out peoples mails. > > I did. > > Well, on my server anyway. Me, and every other mail server > administrator who tire of spam give spamcop the right to filter mail on > behalf of our users. > > Of course, it's not really spamcop that filters our mail, on my server > *I* filter mail, I just use spamcop's advice when I decide what to > accept and what to nuke. > sort of like using Roger Ebert's advice on movies to see, or Consumer Reports to decide which hybrid to buy, or my local LUG to decide which flavor of linux to install -- I AM SPEWS (SLAPP PREVENTION ELECTRONIC WHITENOISE SYSTEM) "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." George W. Bush 8/5/04 From MikeE at ster.invalid Sun Sep 5 12:40:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 14:40:03 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: Ed Thompson wrote: > Mike Easter wrote: >> David Butler wrote: >>> Spamcop sez: >>> >>> Tracking link: https://internetbanking.suntrust.com >> >> What is the purpose of notifying suntrust about the suntrust phish? >> That 'link' you post is the bogus one. In a typical suntrust phish, >> that link is what 'shows' in the html rendering, but 'underneath' is >> one of the popular phishing sites, such as >> http://65.39.147.57/suite/login.htm >> >> It would be better to post the tracker to talk about how the phish >> should be notified, rather than the eternal difference between what >> arin lists for the tech contact and what abuse.net has or doesn't >> have reg'd and what SC does with that. > > > I would like to believe that any business that has spoofed email sent > to their customers would be interested in knowing about it. And I > would hope they would be interested in doing something about it. > Especially financial institutions. The fact of the matter is that most do /not/ want to hear about it, and in any case, SpamCop's report is not the appropriate vehicle. As a general rule, the optimal strategy for determining what to do about a particular phish is to check at antiphishing or Marjolein's site for a link to the particular institution's site, and then to visit the site in question for what to do about the particular item in question. In the case of Suntrust, their instructions are here: http://www.suntrust.com/alert/index.asp?promo=024-GEN-STI&campaign=GENSTI01&vendor=11 and those instructions are typical for many others -- they don't want to hear about it unless the person is actually a scammed suntrust customer. Some of them are willing to accept new or unique spam items which haven't been previously reported and displayed at their site; but since Glenn didn't post a tracker to the actual example, we can't say if this one is unique or new. In any case, it is not appropriate to submit a spamcop report to what would be termed an 'innocent bystander'. The framework of the spamcop report is to be notifying a spamvertiser, which suntrust is not in this case. Suntrust's site is an IB. The person who wants to notify suntrust about the phish should properly investigate how to do that. It isn't in the form of a spamcop report. > Most of these phished sites, now have a problem with their customers. > How do consumers know what is a legitimate communication? Somehow > they need to overcome that. Ideally everyone would have spamfilters separating their spam from their good mail, and the phish would likely be in the spam folder. > Currently, on average, I get one or more Citbank, Ebay, Suntrust, > PayPal, US Bank, PayPal, etc. phishes per day and the rate seems to > be increasing. I do not know how these business can sit back and > expect this stuff to go away. Those entities all give their customers instructions for managing the scams and phises; but it is definitely a problem. -- Mike Easter kibitzer, not SC admin From masfjorden at spamcop.net Sun Sep 5 21:42:29 2004 From: masfjorden at spamcop.net (helge) Date: Sun Sep 5 14:45:03 2004 Subject: [SpamCop-List] Re: Spam fighter In-Reply-To: References: Message-ID: G?RAN HJALMARSSON wrote: > It hasn`t get any better whit spam this year. > I have bought spamfighter and fought that I shouldn?t get any more spam- but > what happen- It have incresed a lot. > I got very angry and tired. > Why shall i bougth i program who make it worse??? > > G?ran Hjalmarsson V?xj? Sweden You have probably read Mike Easter's reply, and Mike is always worth listening to. I used to get very angry too, and did all the foolish things that one shouldn't do (because they lead to more, not less spam), like opening spam when online, unsubscribing etc. When I started using SpamCop two years ago, I exposed my mail address in the newsgroup and other groups - like you did - and got more spam as a result. The spam problem is increasing for most of us, and no easy solution exists. Mike Easter mentions Spampal as a way of not having to see the spam at all. Another solution is to pay 30 dollars a year to get a spamcop mail account, see http://www.spamcop.net/ and especially http://mail.spamcop.net/individuals.php . I have used that for more than a year, and normally it puts 98% of spam in my 'held mail' folder. (Now I get 400-500 spams a week, and 6-8 spams leaks through to my inbox). The best thing is you don't even have to look at the held mail after the first month or so. By that time you have been able to whitelist your legal mail (sometimes SpamCop makes errors by holding good mail) If in addition you want to turn your anger into something constructive, you may start reporting spam through SpamCop too. Someone has to report to make the blocklists efficient and up to date. If you want to want to write to me p? svenska, use the address hhasselg /at/ spamcop.net (for /at/ use @) helge From MikeE at ster.invalid Sun Sep 5 12:44:18 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 14:45:10 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: Mike Easter wrote: >>> David Butler wrote: > since Glenn didn't post a tracker Oops. s/Glenn/David/ David didn't post a tracker. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Sep 5 12:52:34 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 14:55:04 2004 Subject: [SpamCop-List] Re: Spam fighter References: Message-ID: helge wrote: > Mike Easter mentions Spampal as a way of not having to see the > spam at all. Another solution is to pay 30 dollars a year to get a > spamcop mail account, I'm always forgetting to mention spamcop mail; this time I was a good boy ;-) Mike Easter wrote: > Another way to filter your mail would be to use the spamcop mail > system. But you did it better with the links. -- Mike Easter kibitzer, not SC admin From vr at myrealbox.com Sun Sep 5 15:05:31 2004 From: vr at myrealbox.com (Vadim Rapp) Date: Sun Sep 5 15:10:05 2004 Subject: [SpamCop-List] Identity Fraud leads to legitimate site, how come? Message-ID: Hello: an emails comes in yesterday: citibank is asking to verify/confirm the identity at the conveniently provided link, or else the account will be suspended. Usual business. The relevant HTML in the email is ======== Please click here to confirm your bank account records. ======== I go to the link, and it forwards to www.citibank.com, a legitimate site. However, whois of the citibank-usa.net shows it as registered to a private party in Italy. So, I'm just curious, how does it all work? The version that Citibank has already contacted the domain owner in Italy and convinced her to forward to the real citibank is possible, but hardly believable, isn't it? regards From nobody at devnull.spamcop.net Sun Sep 5 16:27:32 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Sep 5 15:30:02 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: "Mike Easter" wrote in message > Mike Easter wrote: > >>> David Butler wrote: > > > since Glenn didn't post a tracker > > Oops. s/Glenn/David/ > > David didn't post a tracker. > No problem Mike. Actually, I figured you might have had my name and my screwup on your mind. Easy to understand how thoughts can get tangled up. Happens to me... Cheers, Glenn From mrichter at cpl.net Sun Sep 5 13:31:19 2004 From: mrichter at cpl.net (Mike Richter) Date: Sun Sep 5 15:35:03 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? In-Reply-To: References: Message-ID: Vadim Rapp wrote: > Hello: > > an emails comes in yesterday: citibank is asking to verify/confirm the > identity at the conveniently provided link, or else the account will be > suspended. Usual business. The relevant HTML in the email is > > ======== > Please href="http://www.citibank-usa.net/signin/citifi/scripts/login2/index.html" > target="_blank">click here to confirm your bank account records. > ======== > > > I go to the link, and it forwards to www.citibank.com, a legitimate site. > > However, whois of the citibank-usa.net shows it as registered to a > private party in Italy. > > So, I'm just curious, how does it all work? The version that Citibank > has already contacted the domain owner in Italy and convinced her to > forward to the real citibank is possible, but hardly believable, isn't it? > > regards It is credible to me. They could have threatened trademark violation as well as action against whatever scam may have been attempted. Or they may have had the ISP pull the site, replacing it with the forwarding page. Another possibility is that information is captured in forwarding. Mike -- mrichter@cpl.net http://www.mrichter.com/ From MikeE at ster.invalid Sun Sep 5 13:36:34 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 15:40:03 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: Message-ID: Vadim Rapp wrote: > Hello: > > an emails comes in yesterday: citibank is asking to verify/confirm the > identity at the conveniently provided link, or else the account will > be suspended. Usual business. The relevant HTML in the email is > > ======== > Please href="http://www.citibank-usa.net/signin/citifi/scripts/login2/index.html " > target="_blank">click here to confirm your bank account records. > ======== Rather than trying to describe a spamitem, you can effectively 'post' the equivalent of the whole thing by submitting it to the spamcop parser and parsing it; then, after the parse copy the tracker from the top of the page and cancel the reports. Then you can post the tracker here, which will take up only part of a line and give us access to the entire and exact thing you received. If you need to munge some information, you can munge anything in something you are going to cancel that you want to. There are no items in sightings of that particular phish, and the citibank website's descriptions of other phishes doesn't fit exactly what you are describing here. Consequently, you may want to enable your browser's javascript so that you can see whatall citibank has to say about notifying them at emailspoof@citigroup.com and how to send a copy of the item with the subject unchanged. http://www.citibank.com/us/index.htm [needs javascript] > However, whois of the citibank-usa.net shows it as registered to a > private party in Italy. Actually the site is hosted in .it, but the registrant's alleged address is a US one, in Berkley MI [correct spelling & zip] > So, I'm just curious, how does it all work? The version that Citibank > has already contacted the domain owner in Italy and convinced her to > forward to the real citibank is possible, but hardly believable, > isn't it? I would want to see the context and the structure of the link more definitively, such as posting the tracker. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Sep 5 15:39:25 2004 From: nobody at devnull.spamcop.net (Cat) Date: Sun Sep 5 15:40:11 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? In-Reply-To: References: Message-ID: Mike Easter wrote: > Consequently, you may want to enable your browser's javascript so that > you can see whatall citibank has to say about notifying them at > emailspoof@citigroup.com and how to send a copy of the item with the > subject unchanged. The problem with that is they have a spam filter that bounces any e-mail containing spam so that it defeats the purpose of having a notify address. I've tried sending to them just like they ask, and it bounces. From MikeE at ster.invalid Sun Sep 5 13:43:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 5 15:45:04 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: Message-ID: Cat wrote: > Mike Easter wrote: > > > >> Consequently, you may want to enable your browser's javascript so >> that you can see whatall citibank has to say about notifying them at >> emailspoof@citigroup.com and how to send a copy of the item with the >> subject unchanged. > > > > The problem with that is they have a spam filter that bounces any > e-mail containing spam so that it defeats the purpose of having a > notify address. I've tried sending to them just like they ask, and it > bounces. You gotta figger than anyplace that makes you enable javascript to even /see/ its front page doesn't have all of their oars in the water. Actually, I didn't incrementally loosen up my security to find out exactly what was the least they needed, figgering that there was so much evidence that the webmaster didn't know how to do anything without javascript that that was probably going to be it. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Sep 5 16:03:22 2004 From: nobody at devnull.spamcop.net (Cat) Date: Sun Sep 5 16:05:07 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? In-Reply-To: References: Message-ID: Mike Easter wrote: > Cat wrote: >>The problem with that is they have a spam filter that bounces any >>e-mail containing spam so that it defeats the purpose of having a >>notify address. I've tried sending to them just like they ask, and it >>bounces. > > > You gotta figger than anyplace that makes you enable javascript to even > /see/ its front page doesn't have all of their oars in the water. > > Actually, I didn't incrementally loosen up my security to find out > exactly what was the least they needed, figgering that there was so much > evidence that the webmaster didn't know how to do anything without > javascript that that was probably going to be it. Hehe, I even sent them an e-mail asking exactly how they expected me to notify them of spam scams when they bounce anything containing spam. I got an auto ack "thanks for e-mailing us" reply, but no one ever bothered to follow up with an explanation of their silliness or offer to fix it. From masfjorden at spamcop.net Sun Sep 5 23:05:15 2004 From: masfjorden at spamcop.net (helge) Date: Sun Sep 5 16:10:03 2004 Subject: [SpamCop-List] Re: Spam fighter In-Reply-To: References: Message-ID: Mike Easter wrote: > helge wrote: > >>Mike Easter mentions Spampal as a way of not having to see the >>spam at all. Another solution is to pay 30 dollars a year to get a >>spamcop mail account, > > > I'm always forgetting to mention spamcop mail; this time I was a good > boy ;-) > > Mike Easter wrote: > >>Another way to filter your mail would be to use the spamcop mail >>system. > > > But you did it better with the links. > Sorry, my reading was at fault :-) helge From dannyg at dannyg.com Sun Sep 5 15:09:40 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Sun Sep 5 17:10:20 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? In-Reply-To: <200409051945.i85JjC8S040383@dannyg.com> Message-ID: on 9/5/04 12:45 PM, spamcop-list-request@news.spamcop.net wrote: > I go to the link, and it forwards to www.citibank.com, a legitimate site. > So, I'm just curious, how does it all work? I've seen a lot of this, but the specific exploit might vary from phisher to phisher. Typically when you see the legit URL in the browser's Address bar (assuming you've patched IE for the hex 01 spoofing business), prior to redirecting the main browser window to the legit site, the phisher opens a popup window with a form whose action leads to the phisher's data collection machine. If you have popup blocking, you won't see this window. The popups, BTW, can be insidious in that some open with no window chrome, and supply their own chrome as downloadable images, including a fake Address box showing the legit URL--to turn on its ear the false guidance provided by some antiphishers to rely on the Address field URL to know if the page displayed is sourced properly. I turned off popup blocking on Mozilla to view and inspect one of these things. Up comes a window that looks very much like a Windows XP presentation of IE6, with a legit-looking URL in the "Address" field and a form for my private data. Of course, I use a Mac/Mozilla, and the XP/IE6 chrome, y'know, just didn't look right. :-) Danny http://www.dannyg.com From kenbrody at spamcop.net Sun Sep 5 18:01:29 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sun Sep 5 17:15:03 2004 Subject: [SpamCop-List] George Bush quote (was Re: Who the hell gave spamcop the right?) References: Message-ID: <413B7EA9.A640332D@spamcop.net> Socks the white house cat wrote: [...] > "Our enemies are innovative and resourceful, and so are we. They never stop > thinking about new ways to harm our country and our people, and neither do > we." > George W. Bush 8/5/04 Tough to dispute that one, when it's right on the White House website: http://www.whitehouse.gov/news/releases/2004/08/20040805-3.html -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From kenbrody at spamcop.net Sun Sep 5 18:07:19 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sun Sep 5 17:15:13 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: Message-ID: <413B8007.D4F13162@spamcop.net> Vadim Rapp wrote: > > Hello: > > an emails comes in yesterday: citibank is asking to verify/confirm the > identity at the conveniently provided link, or else the account will be > suspended. Usual business. The relevant HTML in the email is > > ======== > Please href="http://www.citibank-usa.net/signin/citifi/scripts/login2/index.html" > target="_blank">click here to confirm your bank account records. > ======== > > I go to the link, and it forwards to www.citibank.com, a legitimate site. [...] The URL above will popup a window on top of the real citibank.com page. The popup is on citibank-usa.net's site. Either you have popups disabled, so never saw the popup, or you fell for the trick, and didn't realize the popup wasn't really Citibank's. This is an attempt by phishers to get around the "make sure the address bar shows [our domain name] to verify that it's our site". Here's the source of the above URL. Note the meta "REFRESH" tag which takes you to the real citibank.com site. Note, too, the "onLoad" attribute of the tag, which causes the phisher's popup to appear. ========== Welcome to Citibank ========== The popup is http://www.citibank-usa.net/signin/citifi/scripts/login2/verify.html -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From nobody at devnull.spamcop.net Sun Sep 5 18:41:24 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 5 17:45:02 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Alexis" wrote in message news:chfbc6$fr9$1@news.spamcop.net... > "Steve Gilder" wrote in message > news:chdm9j$7au$1@news.spamcop.net... > > > > "Mike Easter" wrote in message > > news:chd900$t4q$1@news.spamcop.net... > > > Axel Siebert wrote: [snip] > > In that response, it says you need to reply to their email to confirm it is > you, plus go to > the URL they provide to confirm it. I do that with each one or I'm sure > they'll toss it. I did both. > > I too have sent notices of inaction from RG Names- hopefully someone will > wake up > about them if there are enough complaints. > > I have seen some registrars wake up after I report them to ICANN. > > I hope my experience is similar. From nobody at devnull.spamcop.net Sun Sep 5 18:59:04 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 5 18:00:02 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Mike Easter" wrote in message news:chec6j$m3k$1@news.spamcop.net... > Anonymous wrote: [snip] > > As far as I know, there is nothing in the ICANN-registrar agreement which > has anything to do with illegal activity or organized crime much less the > situation about spamming. The only condition in that agreement that I > know about is that the registrar has to maintain accurate contact > information. > I believe that is the point. Maintaining accurate contact information is manditory in the Registrar Agreement with ICANN. After all, Al Capone went to jail for Tax evasion not for illegal or criminal activity or spam. > It isn't likely that ICANN will have anything to do with the oversight of > the accuracy of that contact information unless the registrar is notified > via the ICANN internic online form process, and I don't think it is > likely at all that ICANN cares anything about spam or the enforcement of > behavior of the activities of the websites of domainnames. That is, > ICANN can't force a registrar to perform in some way which isn't > stipulated in the ICANN registrar agreement which Steve posted a link to > and which isn't described in ICANN's own responsibilities. > I beg to differ. ICANN can force a Registrar to correct inaccurate information. ICANN can give the Registrar 15 days (ironic: it is the same amount of time a Registrar can give to a Registered Name owner to correct the inaccuracy) to correct their breach of contract before ICANN can terminate the Agreement. In fact, the Advisory I refered to in my post above states: *Under this guidance, ICANN reviews registrar compliance based on a standard of reasonable conduct by the registrar in the circumstances. Where, for example, a registrar appears to "to routinely ignore reports of inaccurate and incomplete contact data in its Whois database", ICANN has taken enforcement action by presenting the registrar a formal notice of breach. See Letter from Louis Touton to Bruce Beckwith (3 September 2002). Where such a notice of breach is presented, subsection 5.3.4 of the Registrar Accreditation Agreement gives the registrar 15 working days to cure the breach before proceedings to terminate the accreditation can proceed. This 15-working-day period, however, is a different one than the 15-calendar-day period after which cancellation of a registration becomes possible under a registration agreement due to a customer's failure to respond to the registrar's inquiry about Whois inaccuracies* I think this is clear. ICANN can and has taken action. > A registrar isn't required by ICANN to do anything about spamming; and > ICANN isn't in the 'business' of doing anything about spamming or even > illegal activity. > Again, this is true. However, ICANN is being affected by spam and getting them involved may not be possible but, I think, it is worth a try. > > -- > Mike Easter > kibitzer, not SC admin > > From nobody at devnull.spamcop.net Sun Sep 5 19:16:36 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 5 18:20:03 2004 Subject: [SpamCop-List] Re: Spam fighter References: Message-ID: "helge" wrote in message news:chfmmh$ocm$1@news.spamcop.net... > GÖRAN HJALMARSSON wrote: > > It hasn`t get any better whit spam this year. > > I have bought spamfighter and fought that I shouldn´t get any more spam- but > > what happen- It have incresed a lot. > > I got very angry and tired. > > Why shall i bougth i program who make it worse??? > > > > Göran Hjalmarsson Växjö Sweden > > You have probably read Mike Easter's reply, and Mike is always worth > listening to. Absolutely. > > I used to get very angry too, and did all the foolish things that one > shouldn't do (because they lead to more, not less spam), like opening > spam when online, unsubscribing etc. When I started using SpamCop two > years ago, I exposed my mail address in the newsgroup and other groups - > like you did - and got more spam as a result. > My experience exactly. SC should have a strong statement about what can happen if you post here with your correct email address. However, Now I am fighting back. Sometimes I wish I never started but then I get some more spam and... well the fight goes on. [snip] > If in addition you want to turn your anger into something constructive, > you may start reporting spam through SpamCop too. Someone has to report > to make the blocklists efficient and up to date. Total agreement > > If you want to want to write to me på svenska, use the address > hhasselg /at/ spamcop.net (for /at/ use @) > > helge Join in the fight, Göran. Just know that it will most likely get worse before it get better. Also, be careful what information you reveal to the slug-like spammers. From not at home.today Mon Sep 6 00:36:35 2004 From: not at home.today (Ant) Date: Sun Sep 5 18:40:02 2004 Subject: [SpamCop-List] Re: Spamcop using invalid contact for suntrust phishing scam References: Message-ID: "Ed Thompson" wrote... > I would like to believe that any business that has spoofed email sent to > their customers would be interested in knowing about it. And I would hope > they would be interested in doing something about it. Especially financial > institutions. > > Most of these phished sites, now have a problem with their customers. How > do consumers know what is a legitimate communication? Somehow they need to > overcome that. I was clearing out some paperwork yesterday, and found some advice from a bank I use. They say never respond to unsolicited emails or give out your PIN, which is often what the phisher wants. I don't use internet banking facilities, but I presume if they need to advise you of an account problem they will write a letter. From bensc at rflatnospam.com.invalid Mon Sep 6 00:50:12 2004 From: bensc at rflatnospam.com.invalid (spuds) Date: Sun Sep 5 18:50:03 2004 Subject: [SpamCop-List] Re: This message looks like a bounce, will not report. Do notreport bounces as spam! In-Reply-To: References: Message-ID: spuds wrote: > Ellen wrote: > >> "spuds" wrote in message >> news:chcemq$76h$1@news.spamcop.net... >> >>> "This message looks like a bounce, will not report. Do not report >>> bounces as spam!" >>> >>> OK, I realise where these 'bounce reports' come from and why. Over the >>> several years I've been using Spamcop I've avoided submitting them as >> >> >> Spam. >> >>> A thought came into my head after receiving ten of them this morning - >>> why not report them as spam. I don't want these emails, they're nothing >>> to do with me, having to download them steals some of my bandwidth and >>> if the mailservers that generate the 'bounce reports' bothered to >>> interrogate the headers correctly, they'd know damn well that the >>> original incorrectly addressed email didn't come from the given from >>> address. >>> >>> Any thoughts on this? >>> >>> Cheers - Ben >> >> >> Not all network setups can -- for various reasons -- immediately reject >> during the SMTP transaction and do delayed rejection or bounces. While >> annoying they are part of the standard functioning of email on the >> internet. >> This is not to say that they aren't annoying but none the less they >> are not >> spam and not reportable using SpamCop. So you need to let that >> thought go >> and not report them. >> >> Ellen >> > > My point is that if Spamcop's servers can identify that they're > bounces, then the receiving mailservers should be able to do so also. > Everyone knows that incorrect/misleading email addresses are always > used in the From field in spam emails, so these bounce messages will > never be of any use to the recipient. - ie. the recipient can't do > anything about the incorrectly addressed spam and therefore, the > bounce messages are annoying. > > Network setups should be used that does allow badly addressed spam to > be handled correctly. If network administrators start receiving large > numbers of complaints about these bounce messages, then maybe they'll > review which network setup they'll use in the future and we'll all > benefit. A bit like how complaining about spam helps persuade > some/most ISPs to take steps against the spammers. > > I'm not saying that bounce messages should be reported via the > existing Spamcop spam reporting system - just that perhaps additional > functionality could be added to Spamcop, such that network > administrators are gently informed that many/most bounce messages are > unwanted, useless and annoying, and that enhancements to their network > setup would allow them to eliminate them. > > This is a suggestion to Spamcop I guess. I hate spam and I don't want > to see it or emails that are the result of it in my Inbox. > > Cheers - Ben > see above for my suggestion re: Spamcop going a little further in preventing our inboxes from being polluted by spam and the results of spam..... any feedback from Spamcop appreciated. we pay you $45 per year and there are alternatives. From eddie at eddie.web Sun Sep 5 20:22:31 2004 From: eddie at eddie.web (eddie) Date: Sun Sep 5 19:25:02 2004 Subject: [SpamCop-List] Re: where Charley didn't, Frances succeeded References: Message-ID: On Sun, 05 Sep 2004 07:52:32 +0400, Berny scratched out the following: > A Huge wave of spam and "clearance sales" these past few days, and now, > just a trickle of spam. Since I get a couple of hundred a day I think it > might even be significant. Hope everyone else gets a respite too. Maybe the power outage in Boca is the reason? From me at privacy.net Sun Sep 5 21:00:50 2004 From: me at privacy.net (Frog Prince) Date: Sun Sep 5 20:05:02 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: Message-ID: "Cat" | | >>The problem with that is they have a spam filter that bounces any | >>e-mail containing spam so that it defeats the purpose of having a | >>notify address. I've tried sending to them just like they ask, and it | >>bounces. | > | > | > You gotta figger than anyplace that makes you enable javascript to even | > /see/ its front page doesn't have all of their oars in the water. | > | > Actually, I didn't incrementally loosen up my security to find out | > exactly what was the least they needed, figgering that there was so much | > evidence that the webmaster didn't know how to do anything without | > javascript that that was probably going to be it. | | Hehe, I even sent them an e-mail asking exactly how they expected me to | notify them of spam scams when they bounce anything containing spam. I | got an auto ack "thanks for e-mailing us" reply, but no one ever | bothered to follow up with an explanation of their silliness or offer to | fix it. Send a message to investor relations asking them if they are so /dump as a rock/ with handling security why should one consider investing money in their operation? Might might not get a response but I can almost guarantee that someone with the board of directors will get a copy. From nobody at devnull.spamcop.net Sun Sep 5 20:08:34 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Sep 5 20:10:02 2004 Subject: [SpamCop-List] Re: Spam fighter References: Message-ID: "Steve Gilder" wrote in message news:chg385$2ro$1@news.spamcop.net... > > My experience exactly. SC should have a strong statement about what can > happen if you post here with your correct email address. Try http://www.spamcop.net/forum.shtml .. look for the bold words "Security note:" From nobody at devnull.spamcop.net Sun Sep 5 21:26:51 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 5 20:30:03 2004 Subject: [SpamCop-List] Re: Spam fighter References: Message-ID: "WazoO" wrote in message news:chg9q2$7np$1@news.spamcop.net... > "Steve Gilder" wrote in message > news:chg385$2ro$1@news.spamcop.net... > > > > My experience exactly. SC should have a strong statement about what can > > happen if you post here with your correct email address. > > Try http://www.spamcop.net/forum.shtml .. look for the bold > words "Security note:" > > I definitely read it when first getting into the newsgroups but, as a newbie, did not understand the significance. I totally underestimated the spammers and how slimey they are. Thus my statement for a *strong statement*. Maybe a separate paragraph with examples of what could happen if you use your real e-mail address. Just a suggestion. From UseTheReplyToField at crazyhat.net Sun Sep 5 21:19:05 2004 From: UseTheReplyToField at crazyhat.net (DevilsPGD) Date: Sun Sep 5 22:20:08 2004 Subject: [SpamCop-List] Re: George Bush quote (was Re: Who the hell gave spamcop the right?) References: <413B7EA9.A640332D@spamcop.net> Message-ID: In message <413B7EA9.A640332D@spamcop.net> Kenneth Brody wrote: >> "Our enemies are innovative and resourceful, and so are we. They never stop >> thinking about new ways to harm our country and our people, and neither do >> we." >> George W. Bush 8/5/04 > >Tough to dispute that one, when it's right on the White House website: > > http://www.whitehouse.gov/news/releases/2004/08/20040805-3.html It's funny because it's true! -- UNIX Sex {look;find;talk;grep;touch;finger;find;flex;unzip;mount;workbone; fsck;yes;gasp;fsck;yes;eject;umount;makeclean;zip;split;done;exit} From bar_n0ne at hotmail.com Mon Sep 6 09:54:19 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Sep 6 00:55:16 2004 Subject: [SpamCop-List] Re: where Charley didn't, Frances succeeded References: Message-ID: eddie" wrote in message news:pan.2004.09.05.23.22.30.729000@eddie.web... > On Sun, 05 Sep 2004 07:52:32 +0400, Berny scratched out the following: > > > A Huge wave of spam and "clearance sales" these past few days, and now, > > just a trickle of spam. Since I get a couple of hundred a day I think it > > might even be significant. Hope everyone else gets a respite too. > > Maybe the power outage in Boca is the reason? Whatever, it seems the power is back on. :( From bar_n0ne at hotmail.com Mon Sep 6 10:23:56 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Sep 6 01:25:04 2004 Subject: [SpamCop-List] Attn Deputies: something wierd in the help forum Message-ID: in the web based forum "help" the second topic "Bozos not comiong back" seems to have been "hijacked" in some way and redirects to an automobile sales site. Other topics i have looked at appear to be OK , but I only looked at a couple of them From Merlyn at Spamcop.net Mon Sep 6 02:30:25 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 6 01:35:02 2004 Subject: [SpamCop-List] Re: Attn Deputies: something wierd in the help forum References: Message-ID: "Berny" wrote in message news:chgs9d$k3m$1@news.spamcop.net... > in the web based forum "help" the second topic "Bozos not comiong back" > seems to have been "hijacked" in some way and redirects to an automobile > sales site. > > Other topics i have looked at appear to be OK , but I only looked at a > couple of them > Works just fine for me. No re-direct. Is your browser hijacked???? -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From bar_n0ne at hotmail.com Mon Sep 6 10:50:54 2004 From: bar_n0ne at hotmail.com (Berny) Date: Mon Sep 6 01:55:14 2004 Subject: [SpamCop-List] Re: Attn Deputies: something wierd in the help forum References: Message-ID: "Merlyn" wrote in message news:chgslh$kgk$1@news.spamcop.net... > "Berny" wrote in message > news:chgs9d$k3m$1@news.spamcop.net... > > in the web based forum "help" the second topic "Bozos not comiong back" > > seems to have been "hijacked" in some way and redirects to an automobile > > sales site. > > > > Other topics i have looked at appear to be OK , but I only looked at a > > couple of them > > > > > Works just fine for me. No re-direct. > > Is your browser hijacked???? > > -- > > Regards, > Merlyn I don't know, I cleared history and temproary internet files and ,now, yes, it looks fine, BTW clicking on the last (and only post in that thread at the time) did work fine. From me at axelsiebert.de Mon Sep 6 11:52:21 2004 From: me at axelsiebert.de (Axel Siebert) Date: Mon Sep 6 04:56:11 2004 Subject: [SpamCop-List] Bug in spamcop http server Message-ID: Hi, when submitting spam through the html form, my browser sends the POST request with the HTTP header item "Expect: 100-continue" if the spam is bigger than 10 KB. This is a way of checking that the receiving server really wants so much data, instead of potentially sending it in vain. Quoting RFC 2616: - Upon receiving a request which includes an Expect request-header field with the "100-continue" expectation, an origin server MUST either respond with 100 (Continue) status and continue to read from the input stream, or respond with a final status code. The origin server MUST NOT wait for the request body before sending the 100 (Continue) response. The latter is precisely what spamcop does: It responds nothing, and after a certain delay the browser assumes that the server doesn't support 100-continue and sends the data, and *then* spamcop sends the 100 (Continue) response, naturally confusing the browser. Please fix. If the appropriate spamcop people are not usually reading this, then I would be glad if someone could advise me where to send the above instead. Axel From ng.fjxrp at jondh.me.uk Mon Sep 6 11:05:50 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Mon Sep 6 05:10:55 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: > "Jon (spamtrap)" wrote in message > news:cha2cb$1vp$1@news.spamcop.net... > > > > *Admins*: is there a way that the mail as received by spamcop can be > > examined? I can forward a copy of the quick report to you, which will > > demonstrate that I reported it correctly (of course it could corrupt at > > several points along the way before it gets to SC). > > Why not simply CC: the same output copy to another address and > look at it yourself? I could do that, although I have no reason to believe that what would be received at a cc'ed address would be different from the mail that has been sent and subsequently stored in Sent items. Perhaps I will do that so that when (not if) the problem reoccurs I have more evidence -- but notwithstanding I am convinced that the mail is leaving my computer ok. Either my mailserver is corrupting the mail (perhaps due to the mail item containing several identically named attachments?) or SC is injecting the dot somewhere. [confused] From ng.fjxrp at jondh.me.uk Mon Sep 6 11:12:55 2004 From: ng.fjxrp at jondh.me.uk (Jon (spamtrap)) Date: Mon Sep 6 05:15:15 2004 Subject: [SpamCop-List] Re: Heads up: bug with Quick Reporting? References: Message-ID: "Mike Easter" wrote in message news:chabk4$9me$1@news.spamcop.net... > WazoO wrote: > > "Jon (spamtrap)" > >> *Admins*: is there a way that the mail as received by spamcop can be > >> examined? > > > > Why not simply CC: the same output copy to another address and > > look at it yourself? > > It seems like such a bizarre and unlikely event that one would have to do > 'a bunch' in order to get it to happen. > > But, that would be the/a way to do it -- and I wonder what would be the > meaning of finding a dot event in the parser and not in the alternate > address -- or, perhaps of finding a dot event in the alternate address > and not the parser -- or of rarely finding the dot event in both -- to > say nothing of doing several thousand and finding no dot events in > either. > > And, what shall we make of the fact that this is not the first report of > such a dot event occurring /somewhere/ -- caused by a server or the > parser or something? Shall the finger of suspicion be pointed at the > parser 'automatically'? After all, the parser starts 'munching on' the > item; ie changing it rather than just 'reading' it. It is reading and > rewriting the spam and headers from the gitgo. > > -- > Mike Easter > kibitzer, not SC admin > Cheers Mike. As per WazoO's suggestion I have added in a cc address on a different server for my reports. Also, I have modified my code to ensure that each spam attachment in my report e-mail to SC has a unique name -- previously each was labelled as 'spam.txt' -- even though I don't think this *ought* to pose a problem for either my mail server or SpamCop. We'll see... incidentally this is a relatively new problem. First occurance was on 10 August and more recently on 3 September. Perhaps a recent bug fix introduced a new issue in the SC parsing code? Thanks Jon From MikeE at ster.invalid Mon Sep 6 03:22:30 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 6 05:25:03 2004 Subject: [SpamCop-List] Re: Bug in spamcop http server References: Message-ID: Axel Siebert wrote: > when submitting spam through the html form, my browser sends the POST > request with the HTTP header item "Expect: 100-continue" if the spam > is bigger than 10 KB. This is a way of checking that the receiving > server really wants so much data, instead of potentially sending it > in vain. I don't really want to debate the RFC point you are making, but to present the issue from another perspective. Almost everyone is going to submit a big spam to the parser 'as is'. My experience with that is that the parser truncates it as it wishes, performs its parse, presents its report or cancel options, and that's the end of the problem. Maybe that isn't the same thing as rfc2616 sez, but it certainly does work. Maybe it's a better form of 'correspondence' than 'expect 100 continue' - in this specific application. -- Mike Easter kibitzer, not SC admin From magnus at gol.com Mon Sep 6 20:53:18 2004 From: magnus at gol.com (Magnus Back) Date: Mon Sep 6 06:55:06 2004 Subject: [SpamCop-List] Tiresome Message-ID: Hello again, wise men of spamcop. I wonder how I should go about in this case. I have problems sending emails out of Japan since one operator constantly gets it's servers into the spamcop list (AtHome Japan Network). Since the servers don't belong to my ISP they don't care. It's just that most of my emails get's "routed" through the AtHome servers for some reason. So now I, the individual user, have to contact individual providers to get my emails through. Today it is some other ?%&%?% server being blocked of course. (203.165.10.104, 203.165.10.106 etc) ... and this is the answer I got from my ISP. Dear Mr. Back, I just checked the link you had included which says that the IP address is not currently listed. However, it's not even one of GOL's IP addresses. It belongs to AtHome Japan Network Operations Centre, so it would be them you would need to contact in case the same thing was to happen again. Kind Regards, Feren Technical Support Fusion GOL Customer Center http://www.gol.com/support Email: supporte@gol.com Phone: 0120-987-800 If this continues I will of course have to stop using email!? Perhaps the spamcop software could be improved to filter on originating IP address and not the adress of a server in the middle?? Or does the athome server change originating IP? I await your wise comments. Magnus From nobody at devnull.spamcop.net Mon Sep 6 07:04:36 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 07:05:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Magnus Back wrote: > > > Hello again, wise men of spamcop. You forgot to address women. Please do not assume that the only people who post here or work for SpamCop are all men. One of SpamCop's deputies is a women, and many of the regular posters (including me) are women. That's really sexist and exclusionary to only direct your comments and questions to the men in the newsgroup. I wonder why you seem to think women are not involved in any aspect of SpamCop. From nobody at spamcop.net Mon Sep 6 08:08:52 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 6 07:25:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Magnus Back" wrote in message news:chhfce$2jg$1@news.spamcop.net... > > > Hello again, wise men of spamcop. > > I wonder how I should go about in this case. > > I have problems sending emails out of Japan since one operator constantly > gets it's servers into the spamcop list (AtHome Japan Network). > Since the servers don't belong to my ISP they don't care. > It's just that most of my emails get's "routed" through the AtHome servers > for some reason. > > So now I, the individual user, have to contact individual providers to get > my emails through. > > Today it is some other ¤%&%¤% server being blocked of course. > (203.165.10.104, 203.165.10.106 etc) > Thanks -- I fixed the problem. Let me know if you see it again. Ellen From MikeE at ster.invalid Mon Sep 6 08:08:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 6 10:10:26 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Ellen wrote: > "Magnus Back" >> Today it is some other ¤%&%¤% server being blocked of course. >> (203.165.10.104, 203.165.10.106 etc) > > Thanks -- I fixed the problem. Let me know if you see it again. There are a lot of those things from 203.165.10.100 - .113 - the mxi, mxo, and smtp families. -- Mike Easter kibitzer, not SC admin From magnus at gol.com Tue Sep 7 00:37:47 2004 From: magnus at gol.com (Magnus Back) Date: Mon Sep 6 10:40:14 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Magnus Back wrote: > >> >> >> Hello again, wise men of spamcop. > > > > > You forgot to address women. Please do not assume that the only people > who post here or work for SpamCop are all men. One of SpamCop's deputies > is a women, and many of the regular posters (including me) are women. > That's really sexist and exclusionary to only direct your comments and > questions to the men in the newsgroup. I wonder why you seem to think > women are not involved in any aspect of SpamCop. Well Cat, last time I posted in this forum no women showed wisdom. :-P Joke aside, I just used it as an expression, like the three wise men. That's all. Nothing to write home about. Btw, what do you hope to gain by your post?? From r_buecheler at hotmail.com Mon Sep 6 10:51:36 2004 From: r_buecheler at hotmail.com (Robi) Date: Mon Sep 6 10:40:28 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Magnus Back wrote: > > > > > > > Hello again, wise men of spamcop. > > > > > You forgot to address women. Please do not assume that the only people > who post here or work for SpamCop are all men. One of SpamCop's deputies > is a women, and many of the regular posters (including me) are women. > That's really sexist and exclusionary to only direct your comments and > questions to the men in the newsgroup. I wonder why you seem to think > women are not involved in any aspect of SpamCop. Cat, I understand your POV, but I think he used "wise men" as an "expression". At least he didn't use "wise guys" ;-) Remember, there's always a small man in a Woman and there are small men in Women. I've heard women say "hi guys" when entering a room full of other women. There's nothing sexist about it. I have never heard the expression "wise women", but that doesen't mean that women aren't wise or that there aren't any wise women around. OTOH "wise men" doesn't mean that men are wise ;o) JMNSHO -- Robi From 3f04ux402 at sneakemail.com Mon Sep 6 11:55:36 2004 From: 3f04ux402 at sneakemail.com (3f04ux402@sneakemail.com) Date: Mon Sep 6 11:10:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: In article , r_buecheler@hotmail.com says... > I have never heard the expression "wise women", All the women I asked about that said it's because it would be grammatically redundant. 8-) -- Doug From D.Gray at picture.oscar.wilde Mon Sep 6 18:56:48 2004 From: D.Gray at picture.oscar.wilde (Dorian Gray) Date: Mon Sep 6 13:00:19 2004 Subject: [SpamCop-List] Re: Ivan Drozdof is a notorious russian spammer - how can I report him? Message-ID: I don't read alt.stop.spamming, but this was the only relevant hit on groups.google for Drozdof (my motives for searching become clear in my post below), and I thought the readers of this ng might be interested in my reply there (note I haven't cross-posted): "Dag Rune Gjellesvik" wrote in message news:... > Hi, > I receive two spam mails daily that passes almost all spam filters. They are > porn spam, ads for a new site every day, and a new web adress. All domain > names are registered on > > Drozdof, Ivan ivan@drozdof-ivan.com > Gorskaya street, 4, 12 > Saint Petersburg, ru 189510 > RU > +7.8412451864 > <...> > He is a criminal - and others have been jailed for less. Who can I report > him to? Can I report russians to american authorities? You could open a free reporting account at spamcop.net and report there. I also started getting spam yesterday with a spamvertised .com website registered to that guy. However the URLs have long customer identifying codes, and my code is identical to the one used in many spams that I used to get, with the same formatting/layout, spamvertising .org domains registered to: Sergey Katchenko PO BOX 52134 Moscow Russia So either these two guys are working together, or are one-and-the-same person. Whether either name is actually correct is questionable...? Cheers. From usenet1 at DE.LETE.THISljvideo.com Mon Sep 6 18:09:13 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Mon Sep 6 13:10:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > You forgot to address women. Please do not assume that the only > people who post here or work for SpamCop are all men. One of > SpamCop's deputies is a women, and many of the regular posters > (including me) are women. That's really sexist and exclusionary > to only direct your comments and questions to the men in the > newsgroup. I wonder why you seem to think women are not involved > in any aspect of SpamCop. Oh, for Christ's sake... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From D.Gray at picture.oscar.wilde Mon Sep 6 19:31:24 2004 From: D.Gray at picture.oscar.wilde (Dorian Gray) Date: Mon Sep 6 13:35:15 2004 Subject: [SpamCop-List] Re: Ivan Drozdof is a notorious russian spammer - how can I report him? References: Message-ID: In article , Dorian Gray wrote: <...> > "Dag Rune Gjellesvik" wrote in message > news:... <...> > > Drozdof, Ivan ivan@drozdof-ivan.com > > Gorskaya street, 4, 12 > > Saint Petersburg, ru 189510 > > RU > > +7.8412451864 > > > <...> > > He is a criminal - and others have been jailed for less. Who can I report > > him to? Can I report russians to american authorities? > <...> > with the same formatting/layout, spamvertising .org domains > registered to: > > Sergey Katchenko > PO BOX 52134 > Moscow > Russia > > So either these two guys are working together, or are one-and-the-same > person. Whether either name is actually correct is questionable...? Correction: I just re-checked those .org domains, viz.: lopikranius.org fakilafapinatos.org gknentiloas.org katanataropikas.org poilskeyfans.org halepoley.org postfallshotels.org snowfallstudios.org hostofall.org postfallsproperties.org directionasios.org incpostfalls.org waterfallhost.org (see my post of 1 July) and the registrant has been changed from "Sergey Katchenko" to "Ivan Drozdof". So they *are* the same person, or might as well be treated as such. Cheers. From idont at thinkso.com Mon Sep 6 12:30:05 2004 From: idont at thinkso.com (Jeff) Date: Mon Sep 6 14:35:04 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: We did. If you don't like it, GO FUCK YOURSELF! "Magnus Back" wrote in message news:charav$mr9$1@news.spamcop.net... > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail server > got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. From 8vmb6jy02 at sneakemail.com Mon Sep 6 21:27:33 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Mon Sep 6 15:30:06 2004 Subject: [SpamCop-List] Re: Ivan Drozdof is a notorious russian spammer - how can I report him? In-Reply-To: References: Message-ID: Dorian Gray wrote: > In article , > Dorian Gray wrote: > > <...> > >>"Dag Rune Gjellesvik" wrote in message >>news:... > > <...> > >>>Drozdof, Ivan ivan@drozdof-ivan.com >>> Gorskaya street, 4, 12 >>> Saint Petersburg, ru 189510 >>> RU >>> +7.8412451864 >>> >> >><...> >> >>>He is a criminal - and others have been jailed for less. Who can I report >>>him to? Can I report russians to american authorities? >> > <...> > >>with the same formatting/layout, spamvertising .org domains >>registered to: >> >>Sergey Katchenko >>PO BOX 52134 >>Moscow >>Russia >> >>So either these two guys are working together, or are one-and-the-same >>person. Whether either name is actually correct is questionable...? > > > Correction: I just re-checked those .org domains, viz.: > > lopikranius.org > fakilafapinatos.org > gknentiloas.org > katanataropikas.org > poilskeyfans.org > halepoley.org > postfallshotels.org > snowfallstudios.org > hostofall.org > postfallsproperties.org > directionasios.org > incpostfalls.org > waterfallhost.org > > (see my post of 1 July) > > and the registrant has been changed from "Sergey Katchenko" to "Ivan > Drozdof". So they *are* the same person, or might as well be treated as > such. > > Cheers. Funny I was just reading about something and up pops this here. Ivo Ottavio Reali Camargo http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19140 and http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Ivo%20Ottavio%20Reali%20Camargo Lots of mentions of Phil Doroff / Five Elements when it comes to related domains. Spammers stick together sometimes (as someone recently said, it's because of their coatings :-p ) I just posted a list of 527 domains a while ago on the hunters news server (doesn't seem to have appeared yet). All hosted on one IP (along with the DNS servers). 211.158.15.58 This spammer/group have masses of domains (maybe even 10s of 1000s). news://hunters.mydatasecurity1st.com (may) take you there. -- Sean From nobody at xyzzy.claranet.de Tue Sep 7 00:38:42 2004 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Sep 6 17:40:17 2004 Subject: [SpamCop-List] Re: My Reports Using My Real Name??? References: Message-ID: <413CD8E2.222A@xyzzy.claranet.de> Overton Anderson wrote: > Is there a way to conceal my name on spam reports without > muddling up my name when I use cesmail.net to send email? Have you tested "full name" on the "preferences" page ? Bye, Frank From nobody at spamcop.net Tue Sep 7 00:47:37 2004 From: nobody at spamcop.net (John McLusky) Date: Mon Sep 6 18:50:14 2004 Subject: [SpamCop-List] Spam Subject Message-ID: Well... it explains why there's such a discount! Subject: Hug.e savi_ngs on all sof.tw.are titles antiquated From nobody at spamcop.net Mon Sep 6 19:48:21 2004 From: nobody at spamcop.net (Miss Betsy) Date: Mon Sep 6 19:50:14 2004 Subject: [SpamCop-List] Re: This message looks like a bounce, will not report. Do not report bounces as spam! References: Message-ID: "spuds" wrote in message news:chg52c$47n$1@news.spamcop.net... > > This is a suggestion to Spamcop I guess. I hate spam and I don't want > > to see it or emails that are the result of it in my Inbox. > see above for my suggestion re: Spamcop going a little further in > preventing our inboxes from being polluted by spam and the results of > spam..... The parser software is incredibly difficult to maintain, apparently. Many people have wanted both a 'Bouncecop' and a 'VirusCop' (which is even more worthwhile IMHO). But Julian has never expanded spamcop to include either of those. You can use the parser to find the correct abuse address, cancel the report, and send a report yourself to the proper abuse desk. > > any feedback from Spamcop appreciated. we pay you $45 per year and there > are alternatives. Please let me know what alternative to spamcop there is that finds the proper abuse address for you. Miss Betsy From not at home.today Tue Sep 7 03:32:55 2004 From: not at home.today (Ant) Date: Mon Sep 6 21:40:14 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Robi" wrote... [snip] > I have never heard the expression "wise women", [...] I believe a wise woman is another name for a witch. I'm thinking good witches here. From nobody at devnull.spamcop.net Mon Sep 6 23:18:55 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Mon Sep 6 22:20:23 2004 Subject: [SpamCop-List] Apologies in advance for old news... Message-ID: Probably nothing four million plus SpamCop.net users did not already know, but I found this article worth the read by way of validation (no java, milk or cookies required): http://www.computerworld.com/securitytopics/security/story/0%2C10801%2C95501%2C00.html?SKC=news95501 Apologies if it has been previously posted. If it has been, well, I missed it. Glenn From nobody at devnull.spamcop.net Mon Sep 6 23:26:10 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 23:30:04 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Magnus Back wrote: > Well Cat, > last time I posted in this forum no women showed wisdom. :-P See, that's a big part of why I had a problem with it. I guess you think big ol' bad spammers just aren't something women should worry our pretty little heads about? From the tone of your posts, you make it sound like the reply from Ellen, a SpamCop deputy, at the bottom of this thread wasn't good enough for you since she's a woman. > Joke aside, I just used it as an expression, like the three wise men. > That's all. Nothing to write home about. > > Btw, what do you hope to gain by your post?? Just pointing out that it's no longer an acceptable practice in modern society to automatically assume you're only addressing men. If you know anything about business etiquette, you'd know better. Your post came across with a tone as if you think you're only dealing with men in this newsgroup or that replies from women are unwelcome. Often if you write a letter to any business, addressing it to "Dear Sir" without considering the person receiving your letter might be a woman, your letter will just end up in the trash without any attempt to address whatever issue you're writing about. From nobody at devnull.spamcop.net Mon Sep 6 23:36:36 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 23:40:02 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Robi wrote: > Cat, I understand your POV, but I think he used "wise men" as an "expression". > At least he didn't use "wise guys" ;-) > Remember, there's always a small man in a Woman and there are small men in Women. > I've heard women say "hi guys" when entering a room full of other women. > > There's nothing sexist about it. I have never heard the expression "wise women", > but that doesen't mean that women aren't wise or that there aren't any wise women > around. OTOH "wise men" doesn't mean that men are wise ;o) > > JMNSHO Sorry, but it IS sexist because it suggests that the original poster either only wants input from male readers of the newsgroup or male admins/deputies. It's just like others who start with "Dear Sirs" or "Gentlemen." Like I said in a previous reply, it would look extremely bad and most likely get your correspondence ignored if you do that in the business world. I find it offensive because greetings like that suggest that the original poster/letter writer doesn't think women would be reading or in a position to answer. From nobody at devnull.spamcop.net Mon Sep 6 23:38:37 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 23:40:11 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, Cat > said: > > >>You forgot to address women. Please do not assume that the only >>people who post here or work for SpamCop are all men. One of >>SpamCop's deputies is a women, and many of the regular posters >>(including me) are women. That's really sexist and exclusionary >>to only direct your comments and questions to the men in the >>newsgroup. I wonder why you seem to think women are not involved >>in any aspect of SpamCop. > > > Oh, for Christ's sake... And your point is? Sorry, but it's offensive to automatically assume you're only dealing with men in a situation. From nobody at devnull.spamcop.net Mon Sep 6 23:47:16 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 23:50:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Magnus Back wrote: > Well Cat, > last time I posted in this forum no women showed wisdom. :-P See, that's a big part of why I had a problem with it. I guess you think big ol' bad spammers just aren't something women should worry our pretty little heads about and that we should just stick to things typically thought of as "women's work"? From the tone of your posts, you make it sound like the reply from Ellen, a SpamCop deputy, at the bottom of this thread wasn't good enough for you since she's a woman. > Joke aside, I just used it as an expression, like the three wise men. That's all. Nothing to write home about. > > Btw, what do you hope to gain by your post?? Just pointing out that it's no longer an acceptable practice in modern society to automatically assume you're only addressing men. If you know anything about business etiquette, you'd know better. Your post came across with a tone as if you think you're only dealing with men in this newsgroup or that replies from women are unwelcome. Often if you write a letter to any business, addressing it to "Dear Sir" without considering the person receiving your letter might be a woman, your letter will just end up in the trash without any attempt to address whatever issue you're writing about. From nobody at devnull.spamcop.net Mon Sep 6 23:48:47 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 6 23:50:12 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Robi wrote: > Cat, I understand your POV, but I think he used "wise men" as an "expression". > At least he didn't use "wise guys" ;-) > Remember, there's always a small man in a Woman and there are small men in Women. > I've heard women say "hi guys" when entering a room full of other women. > > There's nothing sexist about it. I have never heard the expression "wise women", > but that doesen't mean that women aren't wise or that there aren't any wise women > around. OTOH "wise men" doesn't mean that men are wise ;o) > > JMNSHO Sorry, but it IS sexist because it suggests that the original poster either only wants input from male readers of the newsgroup or male admins/deputies. It's just like others who start with "Dear Sirs" or "Gentlemen." Like I said in another reply, it would look extremely bad and most likely get your correspondence ignored if you do that in the business world. I find it offensive because greetings like that suggest that the original poster/letter writer doesn't think women would be reading or in a position to answer. From mrichter at cpl.net Mon Sep 6 23:50:09 2004 From: mrichter at cpl.net (Mike Richter) Date: Tue Sep 7 01:50:03 2004 Subject: [SpamCop-List] Re: Apologies in advance for old news... In-Reply-To: References: Message-ID: Glenn Daniels wrote: > Probably nothing four million plus SpamCop.net users > did not already know, but I found this article worth > the read by way of validation (no java, milk or cookies > required): > > http://www.computerworld.com/securitytopics/security/story/0%2C10801%2C95501%2C00.html?SKC=news95501 > > Apologies if it has been previously posted. If it has been, > well, I missed it. IMHO, no apologies needed if you provide its date (30 August) and head: Organized Crime Invades Cyberspace Once the work of vandals, viruses and other malware are now being launched by criminals looking for profits. Mike -- mrichter@cpl.net http://www.mrichter.com/ From usenet1 at DE.LETE.THISljvideo.com Tue Sep 7 06:52:37 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 01:55:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > Larry J. wrote: > >> Waiving the right to remain silent, Cat >> said: >> >> >>>You forgot to address women. Please do not assume that the only >>>people who post here or work for SpamCop are all men. One of >>>SpamCop's deputies is a women, and many of the regular posters >>>(including me) are women. That's really sexist and exclusionary >>>to only direct your comments and questions to the men in the >>>newsgroup. I wonder why you seem to think women are not >>>involved in any aspect of SpamCop. >> >> >> Oh, for Christ's sake... > > And your point is? Sorry, but it's offensive to automatically > assume you're only dealing with men in a situation. My point, like some others also explained to you, is that he used a generic term. He didn't mean to belittle women, and there was no reason for you to launch your little PC attack on him. Grow some skin. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From usenet1 at DE.LETE.THISljvideo.com Tue Sep 7 06:55:04 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 02:00:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > I find it offensive because greetings like that suggest > that the original poster/letter writer doesn't think women would > be reading or in a position to answer. Would suggest to YOU, because most people don't spend their day nit- picking others for bullshit political correctness when nothing of the sort was intended. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at devnull.spamcop.net Tue Sep 7 02:17:14 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 02:20:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > My point, like some others also explained to you, is that he used a > generic term. He didn't mean to belittle women, and there was no > reason for you to launch your little PC attack on him. That has nothing to do with PC, and I certainly wasn't attacking him. That was hardly a generic term. It's really kind of sad that you view respect toward women as only a PC thing, but I guess that explains why you're behaving like some neanderthal with a 1950s mentality. Don't get your panties in a wad just because you can't handle the fact that women aren't all submitting to some 1950s June Cleaver stereotype. > Grow some skin. Grow some manners and respect. Maybe people should start referring to you as Ma'am or Mrs. J all the time, and we'll see how you like that. From porpoise1954 at yahoo.co.uk Tue Sep 7 09:44:46 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 03:50:19 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chjjp4$om9$1@news.spamcop.net... > Larry J. wrote: > > > > > My point, like some others also explained to you, is that he used a > > generic term. He didn't mean to belittle women, and there was no > > reason for you to launch your little PC attack on him. > > That has nothing to do with PC, and I certainly wasn't attacking him. > That was hardly a generic term. It's really kind of sad that you view > respect toward women as only a PC thing, but I guess that explains why > you're behaving like some neanderthal with a 1950s mentality. Don't get > your panties in a wad just because you can't handle the fact that women > aren't all submitting to some 1950s June Cleaver stereotype. > > > Grow some skin. > > Grow some manners and respect. Maybe people should start referring to > you as Ma'am or Mrs. J all the time, and we'll see how you like that. > My god! What a load of .......... Remember the bible? ISTR it was 3 wise MEN I don't recall it saying anything about 3 wise women. If it had, then maybe he would have used the expression wise women. So if we'd been talking football, by your logic, he should have said 3 wise tennis players. DUH! PC women drive me nuts... NATURE made men and women - and, amazing, there *are* differences, or have you not done any comparisons in the mirror or whatever. Get a life! From nobody at devnull.spamcop.net Tue Sep 7 04:49:43 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Sep 7 03:50:35 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message > Larry J. wrote: > > > > > My point, like some others also explained to you, is that he used a > > generic term. He didn't mean to belittle women, and there was no > > reason for you to launch your little PC attack on him. > > That has nothing to do with PC, and I certainly wasn't attacking him. > That was hardly a generic term. It's really kind of sad that you view > respect toward women as only a PC thing, but I guess that explains why > you're behaving like some neanderthal with a 1950s mentality. Don't get > your panties in a wad just because you can't handle the fact that women > aren't all submitting to some 1950s June Cleaver stereotype. > > > Grow some skin. > > Grow some manners and respect. Maybe people should start referring to > you as Ma'am or Mrs. J all the time, and we'll see how you like that. > FWIW, as a military officer, I don't recall being given any option in the matter. By Act of Congress a woman becomes "Sir" in accordance with the rank and uniform without respect to other considerations. It is considered a great offense to address a female officer in any way that reflects some biological or political familiarity. It is simply disrespectful. I knowingly and respectfully address any correspondence to anyone as I may owe the deference as Sir. It is not only your right and privelege, it is also your sole province and responsibility to give meaning to anything I communicate. My words are simply my words but that you grant them meaning or devalue them. Let us consider this: had OP spilled such words as "Wise Persons of SpamCop", we should then have all had cause to flame hir for failing to [C&C] hir submission. Unless and until I have reason to know differently, Magnus Back /is/ a woman. S/he has as much right to address the group as if s/he is "just one of the guys" as any of us other women do. Just because s/he articulates like a Sargeant does not tell me that s/he is biologically or politically anything. But had s/he opened with "Wise Persons of SpamCop" I would have known right away that s/he meant only to offer up further foolishness and not be getting on with the business s/he wanted to present to the group. And s/he would have owed me a keyboard. Glenn From tdy at blackhole.invalid Tue Sep 7 02:13:54 2004 From: tdy at blackhole.invalid (N. Miller) Date: Tue Sep 7 04:15:03 2004 Subject: [SpamCop-List] Re: George Bush quote (was Re: Who the hell gave spamcop the right?) References: <413B7EA9.A640332D@spamcop.net> Message-ID: In article , DevilsPGD says... > In message <413B7EA9.A640332D@spamcop.net> Kenneth Brody > wrote: > >> "Our enemies are innovative and resourceful, and so are we. They never stop > >> thinking about new ways to harm our country and our people, and neither do > >> we." > >> George W. Bush 8/5/04 > >Tough to dispute that one, when it's right on the White House website: > > http://www.whitehouse.gov/news/releases/2004/08/20040805-3.html > It's funny because it's true! It can be read two ways, you know; your way, and my way. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From porpoise1954 at yahoo.co.uk Tue Sep 7 10:13:46 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 04:15:14 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chjb2o$iq5$4@news.spamcop.net... > Robi wrote: > > > > > Cat, I understand your POV, but I think he used "wise men" as an "expression". > > At least he didn't use "wise guys" ;-) > > Remember, there's always a small man in a Woman and there are small men in Women. > > I've heard women say "hi guys" when entering a room full of other women. > > > > There's nothing sexist about it. I have never heard the expression "wise women", > > but that doesen't mean that women aren't wise or that there aren't any wise women > > around. OTOH "wise men" doesn't mean that men are wise ;o) > > > > JMNSHO > > Sorry, but it IS sexist No. It's you that's *making* it sexist. BIG difference. Even if he was *explicitly* adressing his comments to men only, that is his free choice. That does not make him sexist. That's like syaing *only* women should enter the "women's" toilets................. That's sexist. > because it suggests that the original poster > either only wants input from male readers of the newsgroup or male > admins/deputies. Which is his free democratic right. Again, that does make him sexist. Just as it doesn't make someone racist just because they don't happen to have any chinese friends or whatever..... > It's just like others who start with "Dear Sirs" That is the correct address for a body corporate. You can't put "Dear company" > or > "Gentlemen." Like I said in another reply, it would look extremely bad > and most likely get your correspondence ignored if you do that in the > business world. I find it offensive because greetings like that suggest > that the original poster/letter writer doesn't think women would be > reading or in a position to answer. No it doesn't. That's the point - it isn't being sexist, it's just using the universally accepted method of addressing corporate mail. It's onl;y people like you that *read* sexism into these things. > From nobody at devnull.spamcop.net Tue Sep 7 06:34:31 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Sep 7 05:35:19 2004 Subject: [SpamCop-List] Re: Apologies in advance for old news... References: Message-ID: "Mike Richter" wrote in message > Glenn Daniels wrote: > > > Probably nothing four million plus SpamCop.net users > > did not already know, but I found this article worth > > the read by way of validation (no java, milk or cookies > > required): > > > > http://www.computerworld.com/securitytopics/security/story/0%2C10801%2C95501%2C00.html?SKC=news95501 > > > > Apologies if it has been previously posted. If it has been, > > well, I missed it. > > IMHO, no apologies needed if you provide its date (30 August) and head: > > Organized Crime Invades Cyberspace > Once the work of vandals, viruses and other malware are now being > launched by criminals looking for profits. > > Mike > Well... I am surely in your debt for the assist. Dare to offer an opinion on whether you found the reading worthy of your time? If only as a validation of what you already knew to be the case? Again, thanks much, Glenn From turan.fe at web.de Tue Sep 7 12:36:35 2004 From: turan.fe at web.de (Turan Fettahoglu) Date: Tue Sep 7 05:40:02 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: Message-ID: > I go to the link, and it forwards to www.citibank.com, a legitimate site. I got several similar phishing e-mails with the links apparently showing the legitimate bank homepage, even with HTML switched off. Open the HTML source code (right-click, -->Properties, -->Details, -->Source code). There you can see that the shown link is NOT the link where you are being redirected. Sorry, but I cannot post an example. The banks probably got hundreds of complaints, so I would not expect an answer to everybody who warned his bank. Best regards Turan From porpoise1954 at yahoo.co.uk Tue Sep 7 11:48:25 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 05:50:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Porpoise" wrote in message news:chjqkm$u26$1@news.spamcop.net... > > "Cat" wrote in message > news:chjb2o$iq5$4@news.spamcop.net... > > Robi wrote: > > > > > > > > > Cat, I understand your POV, but I think he used "wise men" as an > "expression". > > > At least he didn't use "wise guys" ;-) > > > Remember, there's always a small man in a Woman and there are small men > in Women. > > > I've heard women say "hi guys" when entering a room full of other women. > > > > > > There's nothing sexist about it. I have never heard the expression "wise > women", > > > but that doesen't mean that women aren't wise or that there aren't any > wise women > > > around. OTOH "wise men" doesn't mean that men are wise ;o) > > > > > > JMNSHO > > > > Sorry, but it IS sexist > > No. It's you that's *making* it sexist. BIG difference. Even if he was > *explicitly* adressing his comments to men only, that is his free choice. > That does not make him sexist. That's like syaing *only* women should enter > the "women's" toilets................. That's sexist. > > > > because it suggests that the original poster > > either only wants input from male readers of the newsgroup or male > > admins/deputies. > > Which is his free democratic right. Again, that does Of course, that should have been doesn't........... > make him sexist. Just > as it doesn't make someone racist just because they don't happen to have any > chinese friends or whatever..... > > > It's just like others who start with "Dear Sirs" > > That is the correct address for a body corporate. You can't put "Dear > company" > > > or > > "Gentlemen." Like I said in another reply, it would look extremely bad > > and most likely get your correspondence ignored if you do that in the > > business world. I find it offensive because greetings like that suggest > > that the original poster/letter writer doesn't think women would be > > reading or in a position to answer. > > No it doesn't. That's the point - it isn't being sexist, it's just using the > universally accepted method of addressing corporate mail. It's onl;y people > like you that *read* sexism into these things. > > > > > From bar_n0ne at hotmail.com Tue Sep 7 14:50:25 2004 From: bar_n0ne at hotmail.com (Berny) Date: Tue Sep 7 05:55:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Porpoise" wrote in message news:chjqkm$u26$1@news.spamcop.net... > > "Cat" wrote in message > news:chjb2o$iq5$4@news.spamcop.net... > > Robi wrote: and other snipped posters wrote. Sheesh, this is a place to ask questions about spam, not discuss TIRESOME subjects such as PC, grammar and sexism, spam is tiresome enough all on it's own. aside: Cat, I used to like your posts, but I haven't seen one that wasn't about these topics and Top/Bottom posting for so long that I don't look at them any more. You're getting more strident and you seem to have lost your sense of humour. From bensc at rflatnospam.com.invalid Tue Sep 7 12:25:16 2004 From: bensc at rflatnospam.com.invalid (spuds) Date: Tue Sep 7 06:25:04 2004 Subject: [SpamCop-List] Re: This message looks like a bounce, will not report. Do notreport bounces as spam! In-Reply-To: References: Message-ID: Miss Betsy wrote: > "spuds" wrote in message > news:chg52c$47n$1@news.spamcop.net... > > >>>This is a suggestion to Spamcop I guess. I hate spam and I > don't want >>>to see it or emails that are the result of it in my Inbox. >> >>see above for my suggestion re: Spamcop going a little further in >>preventing our inboxes from being polluted by spam and the > results of >>spam..... > > > The parser software is incredibly difficult to maintain, > apparently. Many people have wanted both a 'Bouncecop' and a > 'VirusCop' (which is even more worthwhile IMHO). But Julian has > never expanded spamcop to include either of those. You can use the > parser to find the correct abuse address, cancel the report, and > send a report yourself to the proper abuse desk. > > >>any feedback from Spamcop appreciated. we pay you $45 per year > and there >>are alternatives. > > > Please let me know what alternative to spamcop there is that finds > the proper abuse address for you. > > Miss Betsy > Bouncecop and Viruscop would be great, particularly if they were integrated with Spamcop. I don't know what else can give the correct abuse address - what I meant was alternatives as far as keeping spam and the results of spam out of one's inbox. Cheers - Ben From someone at invaild.not Tue Sep 7 07:25:14 2004 From: someone at invaild.not (John Lurker) Date: Tue Sep 7 07:25:17 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chjjp4$om9$1@news.spamcop.net... >> Larry J. wrote: > > My point, like some others also explained to you, is that he used a > > generic term. He didn't mean to belittle women, and there was no > > reason for you to launch your little PC attack on him. > > That has nothing to do with PC, and I certainly wasn't attacking him. > That was hardly a generic term. It's really kind of sad that you view > respect toward women as only a PC thing, but I guess that explains why > you're behaving like some neanderthal with a 1950s mentality. Don't get > your panties in a wad just because you can't handle the fact that women > aren't all submitting to some 1950s June Cleaver stereotype. If I recall correctly the English language lacks certain gender neutral phrases. Hasn't the masculine tense been used quite correctly when gender is unknown or even mixed? I would think that the guy deserves some slack. I would think double slack might be in order if English isn't his first language. From me at privacy.net Tue Sep 7 08:26:21 2004 From: me at privacy.net (Frog Prince) Date: Tue Sep 7 07:30:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Glenn Daniels" | FWIW, as a military officer, I don't recall being given any option in | the matter. By Act of Congress a woman becomes "Sir" in accordance | with the rank and uniform without respect to other considerations. It is | considered a great offense to address a female officer in any way | that reflects some biological or political familiarity. I'm not aware of that law/tradition/practice (likely after my time), do you have any links? From nobody at spamcop.net Tue Sep 7 07:37:29 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Sep 7 07:40:02 2004 Subject: [SpamCop-List] Re: This message looks like a bounce, will not report. Do not report bounces as spam! References: Message-ID: "spuds" wrote in message news:chk25h$4n4$1@news.spamcop.net... > I don't know what else can give the correct abuse address - what I meant > was alternatives as far as keeping spam and the results of spam out of > one's inbox. If what you are interested in is keeping spam out of your inbox, the most effective way is to change your email address to one that is alphanumeric and then be careful where you use that email address on the internet. For online purchases and registrations, use an alternate email address (either something like a Hotmail account or a sneakemail address that you can abandon if it starts getting a lot of spam because the person you entrusted your email address to passed it on.) If, for some reason, you do not want to change your email address, then it is true that you can use some sort of filtering device. I believe that Mailwasher also offers filtering based on IP address. Since they also offer the 'bounce' feature, many people who have been annoyed by bounces will not use Mailwasher. However, you still have to look through your 'held' mail for false positives if you don't want to lose an email and you have to wait until someone reports a spam run to block by IP address. I believe that most virus progams now will delete any emails that contain viruses so that you never see them in your inbox. Any content filtering method will also filter out legitimate bounce messages. I don't use the spamcop email service myself, but I understand that it does a pretty good job of filtering out spam and viruses. An alternative would probably not be much better, though different, in the ability to filter. I am not sure about the cost, but I believe spamcop email service has a very reasonable cost. I expect there is a way to set your filtering options to filter out bounces just as there would be in other systems. OTOH, I don't believe there is another reporting service for ordinary end users. Your complaint was about the ability to report 'bounces' Unless you learn to read headers yourself, there is no alternative to report bounces. Miss Betsy From michael.spamcop at michaellefevre.com Tue Sep 7 13:54:11 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Tue Sep 7 08:55:22 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: Monty wrote: > On Sat, 4 Sep 2004 23:37:24 -0700, "Mike Easter" wrote: > >>A registrar isn't required by ICANN to do anything about spamming; and >>ICANN isn't in the 'business' of doing anything about spamming or even >>illegal activity. > > In a civilised society it is the duty of every citizen to help fight illegal > activity. ICANN and registrars are "citizens" in that respect too. If illegal > activity is drawn to their attention they have a duty to act on the information. Indeed. But the issue here is with the generalities - if you draw it to their attention by sending an email with details of the domain and the illegal activity and some way of establishing the credibility of yourself and your report, then they'd probably be in trouble if they didn't act. On the other hand, if they get hundreds of emails each day which give vague information about potentially unlawful activities, they don't necessarily have a duty to actually go out and look for it. -- Michael From porpoise1954 at yahoo.co.uk Tue Sep 7 14:57:26 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 09:00:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Frog Prince" wrote in message news:chk5uc$7m8$1@news.spamcop.net... > > "Glenn Daniels" > > | FWIW, as a military officer, I don't recall being given any option in > | the matter. By Act of Congress a woman becomes "Sir" in accordance > | with the rank and uniform without respect to other considerations. It is > | considered a great offense to address a female officer in any way > | that reflects some biological or political familiarity. > > I'm not aware of that law/tradition/practice (likely after my time), do you > have any links? > > > I suspect this thread should be moved to .social From vrapp at polyscience.com Tue Sep 7 10:29:09 2004 From: vrapp at polyscience.com (Vadim Rapp) Date: Tue Sep 7 10:30:23 2004 Subject: [SpamCop-List] Re: Identity Fraud leads to legitimate site, how come? References: <413B8007.D4F13162@spamcop.net> Message-ID: Hello Kenneth: You wrote on Sun, 05 Sep 2004 17:07:19 -0400: KB> The URL above will popup a window on top of the real citibank.com page. KB> The popup is on citibank-usa.net's site. KB> Either you have popups disabled, so never saw the popup, or you fell KB> for the trick, and didn't realize the popup wasn't really Citibank's. indeed - I did not see the popup. Now I understand their trick. Not a bad idea. Much thanks! The sad part of it is that obviously clever people, capable of these things, apparently can only find the application for their talents in scamming, while the corporations hire politically correct idiots who build spam filters on the way of spam reports, and program their computers to respond with idiotic "thank you" to anyone. Vadim From roli at shlink.ch Tue Sep 7 17:34:14 2004 From: roli at shlink.ch (Roli) Date: Tue Sep 7 10:35:02 2004 Subject: [SpamCop-List] Finding the reason why we are on the blacklist Message-ID: Hello We as a ISP realized, that we are on the spamcop blacklist. But we don't know why!! Thanks for help From Merlyn at Spamcop.net Tue Sep 7 11:54:04 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Sep 7 10:55:03 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: "Roli" wrote in message news:chkgrg$jpk$1@news.spamcop.net... > Hello > We as a ISP realized, that we are on the spamcop blacklist. > But we don't know why!! > Thanks for help > I am sorry to inform you all of our psychics are on vacation this week. So for the rest of us non ESP gifted persons we will need a block message or an IP to be able to lookup the problem. If you are talking about 217.148.0.19 217.148.0.19 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) Listing History In the past 918.0 days, it has been listed 3 times for a total of 9.0 days There are many reasons you could be listed: 1. spamming 2. Insecure list signups that do not use "confirmed" opt-in 3. autoresponses to "From" addresses. 4. autoresponses from Antivirus programs that send replies to the "From" address. 5. autoresponses for Vacation, out of office and various other things sent to the "From" address 6. Trojans and virus 7. Hacking - poor security on your machine There are many more which I am not going to get into. Autoresponses make no sense in this day and age of spam as most spam and virus has a forged from address which only causes innocent victims to receive more junk! -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From usenet1 at DE.LETE.THISljvideo.com Tue Sep 7 15:54:40 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 10:55:11 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > That has nothing to do with PC, and I certainly wasn't attacking > him. That was hardly a generic term. It's really kind of sad > that you view respect toward women as only a PC thing, but I > guess that explains why you're behaving like some neanderthal > with a 1950s mentality. Don't get your panties in a wad just > because you can't handle the fact that women aren't all > submitting to some 1950s June Cleaver stereotype. Pot-Kettle-Black. Now, who's tossing out stereotypes..? Methinks the lady doth protest too much. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at spamcop.net Tue Sep 7 10:56:16 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Sep 7 11:00:04 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: "Roli" wrote in message news:chkgrg$jpk$1@news.spamcop.net... > Hello > We as a ISP realized, that we are on the spamcop blacklist. > But we don't know why!! > Thanks for help > In order for anyone to help you find out why you are on the scbl, you will have to give the IP address of the server you think is blocked. The reason that the server is blocked is because either a reporter has received spam and reported it or you are sending spam, automatic responses to viruses, or 'bouncing' undeliverable email to spamtraps. There is a small chance of an error on the part of a reporter. If you do not allow spammers to operate, and do not use any kind of automatic responses or receive emails and then send an undeliverable message, the chances are that there is a compromised computer on your network that is sending spam unbeknownst to you. I believe that if you look at your logs on other ports than the typical email port, you may find suspicious activity if that is the case. Post back with more details and perhaps someone can help you. Miss Betsy From nobody at devnull.spamcop.net Tue Sep 7 12:10:39 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 11:15:04 2004 Subject: [SpamCop-List] Re: Apologies in advance for old news... References: Message-ID: "Glenn Daniels" wrote in message news:chjvam$22r$1@news.spamcop.net... > "Mike Richter" wrote in message > > Glenn Daniels wrote: > > [snip] > > > > Organized Crime Invades Cyberspace > > Once the work of vandals, viruses and other malware are now being > > launched by criminals looking for profits. > > > > Mike > > > > Well... I am surely in your debt for the assist. Dare to offer an > opinion on whether you found the reading worthy of your time? > If only as a validation of what you already knew to be the case? > > Again, thanks much, > Glenn > > I found it worth my time. Thank You, Glenn From r_buecheler at hotmail.com Tue Sep 7 11:16:06 2004 From: r_buecheler at hotmail.com (Robi) Date: Tue Sep 7 11:15:15 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Magnus Back wrote: > > > >> Well Cat, >> last time I posted in this forum no women showed wisdom. :-P > > See, that's a big part of why I had a problem with it. I guess you think > big ol' bad spammers just aren't something women should worry our pretty > little heads about and that we should just stick to things typically > thought of as "women's work"? From the tone of your posts, you make it > sound like the reply from Ellen, a SpamCop deputy, at the bottom of this > thread wasn't good enough for you since she's a woman. Cat, take a chill pill (I'll get bashed for mentioning "pill" ;-). 1. he was joking with this comment... --> :-P 2. he said 'last time he posted'... not this time... > >> Joke aside, I just used it as an expression, like the three wise men. ^^^^^^^^^^ there, see, joke. > That's all. Nothing to write home about. >> >> Btw, what do you hope to gain by your post?? > > Just pointing out that it's no longer an acceptable practice in modern > society to automatically assume you're only addressing men. If you know > anything about business etiquette, you'd know better. Your post came > across with a tone as if you think you're only dealing with men in this > newsgroup or that replies from women are unwelcome. Often if you write a > letter to any business, addressing it to "Dear Sir" without considering > the person receiving your letter might be a woman, your letter will just > end up in the trash without any attempt to address whatever issue you're > writing about. My wife asked if you are a homemaker? a stay at home mom? Just curious... You take this way to serious. -- Robi From nobody at spamcop.net Tue Sep 7 09:14:16 2004 From: nobody at spamcop.net (Dar) Date: Tue Sep 7 11:15:20 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Frog Prince" wrote in message news:chk5uc$7m8$1@news.spamcop.net... > > "Glenn Daniels" > > | FWIW, as a military officer, I don't recall being given any option in > | the matter. By Act of Congress a woman becomes "Sir" in accordance > | with the rank and uniform without respect to other considerations. It is > | considered a great offense to address a female officer in any way > | that reflects some biological or political familiarity. > > I'm not aware of that law/tradition/practice (likely after my time), do you > have any links? http://www.writing-business-letters.com/business-letter-format.html Dear Sir or Madam: http://www.benning.army.mil/iobc/customs/helpful_hints.htm Female officers are to be called "ma'am," not "sir." http://www.military-net.com/education/mpdcustoms.html Q. When addressing a female officer, what term is used other than rank? A. Ma'am. In defense of Cat, even if *wise men* was only used as an expression, Magnus Back still wouldn't have used that term if he had considered the fact that women might play a role in this forum. I also believe it to be a slip-up on his part in that he thought only in terms of males responding to his question. Dar From r_buecheler at hotmail.com Tue Sep 7 11:48:45 2004 From: r_buecheler at hotmail.com (Robi) Date: Tue Sep 7 11:50:10 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Robi wrote: > > > >> Cat, I understand your POV, but I think he used "wise men" as an "expression". >> At least he didn't use "wise guys" ;-) >> Remember, there's always a small man in a Woman and there are small men in Women. >> I've heard women say "hi guys" when entering a room full of other women. >> >> There's nothing sexist about it. I have never heard the expression "wise women", >> but that doesen't mean that women aren't wise or that there aren't any wise women >> around. OTOH "wise men" doesn't mean that men are wise ;o) >> >> JMNSHO > > Sorry, but it IS sexist because it suggests that the original poster > either only wants input from male readers of the newsgroup or male > admins/deputies. ok, he greets with |Hello again, wise men of spamcop.| then he continues |I wonder how I should go about in this case.| and ends with |I await your wise comments.| So, if he only want's input from wise men of spamcop, then let him get the input from wise men of spamcop. What's the fuss? Ellen, the Wise Woman (I know, gramatically redundant^2) from spamcop, replied. > It's just like others who start with "Dear Sirs" or > "Gentlemen." Like I said in another reply, it would look extremely bad > and most likely get your correspondence ignored if you do that in the > business world. I find it offensive because greetings like that suggest > that the original poster/letter writer doesn't think women would be > reading or in a position to answer. ok, I get it now... Monty Python - The Life of Brian --[Elsewhere on the stands sit the terrorist organisation the People's Front of Judea. On a higher step sits (left to right) Stan, Reg, and Francis, while below them sits Judith.] JUDITH I do feel, Reg, that any anti-imperialist group like ours must reflect such a divergence of interests within its power base. REG Agreed. Francis? FRANCIS Yeah. I think Judith's point of view is very valid, Reg, provided the movement never forgets that it is the inalienable right of every man... STAN Or woman. FRANCIS ...or woman. To rid himself... STAN Or herself. FRANCIS ...or herself. REG Agreed. FRANCIS Thank you brother. STAN Or sister. FRANCIS ...or sister. Where was I? REG I think you'd finished. FRANCIS Oh, right. REG Furthermore, it is the birthright of every man... STAN Or woman. REG Why don't you shut up about women, Stan. You're putting us off. STAN Women have a perfect right to play a part in our movement, Reg. FRANCIS Why are you always on about women, Stan? STAN I want to be one. REG What? STAN I want to be a woman... from now on I want you all to call me Loretta. REG What??? LORETTA It's my right as a man. JUDITH Well why do you want to be Loretta, Stan? LORETTA I want to have babies. REG You want to have babies? LORETTA It's every man's right to have babies if he wants them. REG But you can't have babies! LORETTA Don't you oppress me. REG I'm not oppressing you, Stan. You haven't got a womb. Where's the fetus going to gestate? You going to keep it in a box? --[Loretta starts crying.] JUDITH Here. I've got an idea. Suppose you agree that he can't actually have babies, not having a womb, which is nobody's fault... not even the Romans', but that he can have the RIGHT to have babies. --[This seems to satisfy him.] FRANCIS Good idea, Judith. We shall fight the oppressors for your right to have babies, brother! ... Sister, sorry. REG What's the point? FRANCIS What? REG What's the point of fighting for his right to have babies when he can't have babies? FRANCIS It is symbolic of our struggle against oppression. REG Symbolic of his struggle against reality. -- Robi From porpoise1954 at yahoo.co.uk Tue Sep 7 17:53:49 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 11:55:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Dar" wrote in message news:chkj8s$n1c$1@news.spamcop.net... > "Frog Prince" wrote in message > news:chk5uc$7m8$1@news.spamcop.net... > > > > "Glenn Daniels" > > > > | FWIW, as a military officer, I don't recall being given any option in > > | the matter. By Act of Congress a woman becomes "Sir" in accordance > > | with the rank and uniform without respect to other considerations. It is > > | considered a great offense to address a female officer in any way > > | that reflects some biological or political familiarity. > > > > I'm not aware of that law/tradition/practice (likely after my time), do > you > > have any links? > > http://www.writing-business-letters.com/business-letter-format.html > Dear Sir or Madam: That's when it is to an individual. When it is to a whole department or company, it is "Dear Sirs". (In this context it is being used collectively). > > http://www.benning.army.mil/iobc/customs/helpful_hints.htm > Female officers are to be called "ma'am," not "sir." > > http://www.military-net.com/education/mpdcustoms.html > Q. When addressing a female officer, what term is used other than rank? > A. Ma'am. > > In defense of Cat, even if *wise men* was only used as an expression, > Magnus Back still wouldn't have used that term if he had considered > the fact that women might play a role in this forum. I also believe > it to be a slip-up on his part in that he thought only in terms of > males responding to his question. > > Dar > > From MikeE at ster.invalid Tue Sep 7 09:55:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 11:55:12 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: FWIW, IMO, etc - my own feelings, as a person who very frequently, but not always, uses gender neutral prounoun neologisms hir and s/he, but try to not go overboard rewriting the English language I try to 'think' when I use a gender specific word which may or not have 'evolved' into a more gender neutral one, and decide whether I want to use that word 'anyway' or not. Examples of a few words I think have taken on a gender neutral flavor in my environment: guys, aviator, fireman, waiter. Words like 'men' are rarely neutral, except in the context of a team, like a 5 man mixed volleyball team. But, you/we males should consider to yourselves, this particular 'shoe fit' example -- if your handle were not gender specific, would you be happy, unhappy, or 'neutral' if I refer to you or yours as 's/he' or 'hir' Also, in sex, race and ethnic issues of 'terminology insensitivity', when we so often think, "If that were me, it wouldn't bother me so much." -- that may be because you haven't walked a mile in those moccasins. All that being said, if I were in an environment in which 'insensitive' remarks were being made, like a male-bashing women's group, I would try to do both/either - ignore insensitive or even mean-spirited remarks or terms, as well as speak up against some others, depending. -- Mike Easter kibitzer, not SC admin From tburns at torcausa.com Tue Sep 7 13:01:30 2004 From: tburns at torcausa.com (Thomas Burns) Date: Tue Sep 7 12:05:02 2004 Subject: [SpamCop-List] Need Help with unlisting Message-ID: Morning everyone.... While trying to troubleshoot an NDR issue this weekend, I left the realy door open. Its closed now. anything I can do about getting an expidited removal? IP: 65.203.79.50 From MikeE at ster.invalid Tue Sep 7 10:11:36 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 12:15:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: posted to .spam and spamcop, f/ups to spamcop JV wrote: > This one includes a solution for ED, free porn and a recipe for a pie. > Where's the software and loan offer? There you go, reading your spam again. Before anyone starts the 'debate' about spamfighters reading spam or not, anyone debating the issue on the side of spamreading has to - describe or assure the security they use while reading spam - roughly approximate what percentage of their spam they read - 'explain' how they decide which spams to read - answer how often they visit a spamvertised site to 'further' satisfy their curiosity or interest - define approximately how often they make additional notifies on the basis of spamreading, and how - answer whether or not they are pledged to never aid or profit a spammer -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 7 13:27:39 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 12:30:03 2004 Subject: [SpamCop-List] What I learned in two weeks Message-ID: First, thanks to everyone that replied to my questions and requests for advice and help. 1. I didn't know shinola about spam, spammers or the lengths they would go to to fill my mailbox with their s**t when I entered the fight. Now I am pretty sure I know shinola but there is a lot more to learn. I hope to continue learing from everyone that have been in the fight longer than me. 2. Don't have thin skin. Some people's responses can be flip (and occasionally very funny). Don't get angry, ask for a clarification or more info. Regular Contributers will help you in ways you never imagined you needed to know. 3. LARTing is important. Although the effort/benefits may seem out of wack (your effort being much greater than the benefits to you), remember that a LART helps everyone not just you. This is what I think the fight is about. 4. DO NOT reveal any email address here that you do not want spam to arrive at. 5. DO NOT reveal any Domain Name(s) here that you do not want spammers to use in their concocted *From:* addresses. 6. DO NOT address your posts to any particular group (men/women). Your posts will be read by anyone who is interested or curious regardless of what group you address your post to. (case in point : Tiresome which is, in fact, getting tiresome.) Special thanks to: Everyone at SC - for putting up with me. Anonymous - the first responder to my first post. I've learned a lot from you. WazoO - seems know where all the information I did/do not know is located in the forums. Mike Easter - someone else said it, but worth listening to. Glenn Daniels - Also worth listening to. Last but certainly not least: Graeme Leith and Ant From Merlyn at Spamcop.net Tue Sep 7 13:33:35 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Sep 7 12:35:02 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Thomas Burns" wrote in message news:chkm0r$q3e$1@news.spamcop.net... > Morning everyone.... > > While trying to troubleshoot an NDR issue this weekend, I left the realy > door open. > > Its closed now. anything I can do about getting an expidited removal? > > IP: 65.203.79.50 You might have closed your relay but are you sure that is what is was? Maybe it could be an SMTP AUTH Hack on your Exchange server version 6.0.6487.0 Either way if it is fixed you listing will be automatically removed up to 48 hours after the last spam report. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From kenbrody at spamcop.net Tue Sep 7 13:34:51 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Sep 7 12:40:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: <413DE32B.3C9EAE18@spamcop.net> Thomas Burns wrote: > > Morning everyone.... > > While trying to troubleshoot an NDR issue this weekend, I left the realy > door open. > > Its closed now. anything I can do about getting an expidited removal? > > IP: 65.203.79.50 BDTDGTTS. Write to deputies-at-spamcop-dot-net and explain what happened and what you did to fix it. (At least I know that worked when I left the door open last year after misconfiguring a new gateway.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From nobody at devnull.spamcop.net Tue Sep 7 13:38:25 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 12:40:12 2004 Subject: [SpamCop-List] Re: Why only IP Whois and not Domain Whois? References: Message-ID: "Michael Lefevre" wrote in message news:chkb1j$bsm$1@news.spamcop.net... > Monty wrote: > > On Sat, 4 Sep 2004 23:37:24 -0700, "Mike Easter" wrote: > > > >>A registrar isn't required by ICANN to do anything about spamming; and > >>ICANN isn't in the 'business' of doing anything about spamming or even > >>illegal activity. > > > > In a civilised society it is the duty of every citizen to help fight illegal > > activity. ICANN and registrars are "citizens" in that respect too. If illegal > > activity is drawn to their attention they have a duty to act on the information. > > Indeed. But the issue here is with the generalities - if you draw it to > their attention by sending an email with details of the domain and the > illegal activity and some way of establishing the credibility of yourself > and your report, then they'd probably be in trouble if they didn't act. > On the other hand, if they get hundreds of emails each day which give > vague information about potentially unlawful activities, they don't > necessarily have a duty to actually go out and look for it. > > -- > Michael Which is exactly why I am advocating concentrating on inaccurate registrant information. A specific problem ICANN can use to get a Registrar to act not a general one or one ICANN has no contractual power over. ICANN could always change their Registrar agreement to cover illegal activity. Anyone got some dynamite? From nobody at spamcop.net Tue Sep 7 10:41:14 2004 From: nobody at spamcop.net (Dar) Date: Tue Sep 7 12:45:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: > > > I'm not aware of that law/tradition/practice (likely after my time), do > > you > > > have any links? > > > > http://www.writing-business-letters.com/business-letter-format.html > > Dear Sir or Madam: > > That's when it is to an individual. When it is to a whole department or > company, it is "Dear Sirs". (In this context it is being used collectively). http://www.fgcu.edu/careers/students/successpacket2.html In any case, avoid potentially offensive salutations like "Dear Gentlemen," or "Dear Sirs." http://www.kanten.com/styleguide/letelem.html When the addressee's name is unknown, several options are available: Ladies and Gentlemen: (or the reverse) Ladies: (all women) Dear Sir or Madam: (or the reverse) Gentlemen: (all men) Dear Friends: Dear Colleagues: Sexist salutations, e.g., Dear Sirs, Gentlemen, etc., are not used. When none of the non-gender alternatives seems appropriate, a simplified letter format (omitting the salutation) may be used. From pete at heypete.com Tue Sep 7 10:45:28 2004 From: pete at heypete.com (Pete Stephenson) Date: Tue Sep 7 12:50:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: In article , "Mike Easter" wrote: > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam Eudora, on Mac OS X, with all the security features turned on and all the phone-home features turned off. Using Outlook or any sort of MSware would be highly unwise. > - roughly approximate what percentage of their spam they read Less than 2%, considering the volume I get. > - 'explain' how they decide which spams to read Ones that have "from" names similar to people I actually know, those that seem to involve my business email, and those that may indeed be legitimate. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest Rarely, if ever. > - define approximately how often they make additional notifies on the > basis of spamreading, and how Very rarely. The volume of spam I receive is so great that I cannot efficiently do this. > - answer whether or not they are pledged to never aid or profit a > spammer I think that much is given, considering how many years I've spent around SpamCop and these forums. ;) While spam is indeed about consent, rather than content, there are a surprising number of non-spam emails that appear to be spammy, and spammy emails that appear to be non-spammy. Sometimes, to determine whether or not one consented to a message, one must read it and determine the content. For those reading this thread, I very much agree with Mike and his above criteria. While one might not have to justify their reading of spam to others in a public fashion, one should at least answer the above questions for themselves. -- Pete Stephenson HeyPete.com From MikeE at ster.invalid Tue Sep 7 10:56:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:00:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: Merlyn wrote: > "Thomas Burns" >> IP: 65.203.79.50 > > You might have closed your relay but are you sure that is what is was? > Maybe it could be an SMTP AUTH Hack on your Exchange server version > 6.0.6487.0 I tho't it was 5.0.2195.6713 -- ie 2000 Also, I don't know how much senderbase 'lags' behind 'reality' - but when I first looked when the thread started it was just about normal, since then it has jumped to 822% for today. And, on a slightly different topic, but re this IP, does anyone know what blars 127.3.0.0 means - it isn't really described at http://www.blars.org/errors/block.html but that IP carries such a listing. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 7 11:02:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:05:04 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: Mike Easter wrote: > And, on a slightly different topic, but re this IP, does anyone know > what blars 127.3.0.0 means - it isn't really described at > http://www.blars.org/errors/block.html but that IP carries such a > listing. nevermind... I found a nanae thread that sez "I asked him directly about this same issue. 127.3.0.0 wasn't noted on his web site, but he told me it was because of previous spamming by folks on our provider's network. We dropped it at that point as none of our clients use his blocklist." -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Sep 7 13:02:05 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Sep 7 13:05:17 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: "Steve Gilder" wrote in message news:chknhr$rnh$1@news.spamcop.net... > First, thanks to everyone that replied to my questions and requests for > advice and help. > 2. Don't have thin skin. Some people's responses can be flip (and > occasionally very funny). Don't get angry, ask for a clarification or more > info. Regular Contributers will help you in ways you never imagined you > needed to know. When I first read this, ITYS 'don't....ask for a clarification' but OSL I think you mean, 'do ask' Nevertheless I love the line 'will help you in ways you never imagined you needed to know.' They are a great group! Miss Betsy another one who only knows a little shinola From kenbrody at spamcop.net Tue Sep 7 13:42:22 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Sep 7 13:05:22 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: <413DE4EE.32B96022@spamcop.net> Mike Easter wrote: > > posted to .spam and spamcop, f/ups to spamcop > > JV wrote: > > This one includes a solution for ED, free porn and a recipe for a pie. > > Where's the software and loan offer? > > There you go, reading your spam again. > > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam Reading it in SpamCop's webmail interface, which won't render HTML unless you explicitly click the link to do so, and then click "message source". Or, if it's already in my "held mail" folder, and the subject happens to catch my eye, I click "preview" which shows the raw text of the e-mail. > - roughly approximate what percentage of their spam they read Less than 1%. > - 'explain' how they decide which spams to read Just something about the subject that catches my eye. Either that, or I think it may be legit for some reason. (ie: "no subject", but the "from" address sounds familiar.) > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest Almost never. > - define approximately how often they make additional notifies on the > basis of spamreading, and how Rarely. > - answer whether or not they are pledged to never aid or profit a > spammer I will never knowingly aid or profit a spammer. ("Knowingly", as there may be times a business is spamming others and I don't know about it.) In my younger days, I would occasionally get a spam for something I was actually looking for. I would respond with something like "I have been looking for a place to buy [whatever], but there are so many choices. Thank you for spamming me, as I can now eliminate you as a candidate." I doubt it made any difference, but I felt better. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From MikeE at ster.invalid Tue Sep 7 11:26:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:30:13 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: So far, I'm hearing Pete and Kenneth entering into the 'discussion' holding a similar point of view to my own, and so we wouldn't have a debate, as they are actually more describing conditions of 'opening' spam which might/should be distinguished from opening spam for the purpose of reading it. Opening spam, in my world, or rather /not/ opening spam, is actually a little 'game' I play with spammers, as if there were a 'scorecard'. Spammers are very much into social engineering of subjects and froms and avoiding filters. The spammer gets points for me 'opening' a spam that I didn't know was a spam, but not for my inspecting the interior of a known spam, of course. However, I might actually intentionally securely open and render a known spam for some special purpose. That doesn't count as points for the spammer. We could go into a more elaborate discussion of scoring, but I've framed this debate more around arguing with people who are more spamreading oriented than the two commentaries so far, so I think I'll illustrate the range which has come into view here: - some kind of actual 'curious' spamreading, which is the focus of my debate with the aforementioned criteria - 'conditions' of spam opening by non-spamreaders, such as described by Pete and Kenneth, and also argued by Landmark over in alt.spam, who gets infuriated with my anti-spamreading or anti-spamopening position or crusade - my anti-spamopening scorekeeping game -- Mike Easter kibitzer, not SC admin From none at domain.invalid Tue Sep 7 11:32:55 2004 From: none at domain.invalid (Anonymous) Date: Tue Sep 7 13:35:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: "Mike Easter" wrote in message news:chkmj3$qp6$1@news.spamcop.net... > - describe or assure the security they use while reading spam I read source code only... I'm good enough with HTML that I can get a good idea what the layout would look like (sans images) just from looking at the source code. Plus, it's easier to pick out links from the source code. > - roughly approximate what percentage of their spam they read 100% > - 'explain' how they decide which spams to read I read each and every one... my hatred for spam and spammers ensures that I'd never respond to any of them, except when I'm contacting the spammer to warn them away from our domain. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest 100% of the time... I visit each spamvertised website in a secured source-code-only browser for evidence gathering and to get the images for SpamVampire. > - define approximately how often they make additional notifies on the > basis of spamreading, and how You'd be amazed how often you can glean additional information from the source code of the spam and the spamvertised website. That's why I always look at them. I almost always find additional LART avenues doing this (whether it be the credit card processing company the spammer is using or an otherwise legitimate website that's been suckered into associating with the spammer). > - answer whether or not they are pledged to never aid or profit a > spammer I go one step further than that pledge... I pledge to cost spammers as much as possible in time, effort and money. I will drain 100 GB of data from each spamvertised website per spam received to run up their hosting costs, I will LART their Registrar, I will LART their web host, I will LART their upstream providers. Right now, I'm data draining the webrider.ru pirated software spammer (softheaven.ws, turbosoft.org), to the tune of 200 GB (I've gotten 24 GB so far). If webrider.ru weren't so spammer-friendly, they wouldn't have the additional traffic... it's their choice to leave the spamvertised websites up after repeated LARTs. If the spammer hadn't spammed our domain (after being told to leave it alone), they wouldn't have to deal with the additional traffic, it's their choice. They were told the consequences of spamming our domain, they made the choice to put up with those consequences. Because of how vicious I am to the spammers' websites, they tend to leave our domain alone... we're back down to 22 spams (and dropping) over the past month for 15 email addresses. The rolling monthly spam receival rate went above 50 for a while there as Leo Kuvayev AKA the Russian Spam Gang thought they could get away with spamming us... his spam gang is so huge that I had to bring in Federal help... due to the fact that he's spewing through trojaned boxen and doing relay raping, as well as selling pirated software and illegal pharmaceuticals, the FBI has officially opened a case against him. I used clues given to me by a person at one of the Registrars to track down Leo Kuvayev and tie him to the Russian Spam Gang spam. But, he quit spamming our domain when I let him know (via one of his personal email addresses) that I knew who he was, where he was, and what he was doing. I'd tried my usual method of sending the LARTs to the registered email addresses for the websites, but that didn't get us listwashed, so I had to take it one step further and track down the guy behind it all. From MikeE at ster.invalid Tue Sep 7 11:35:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:40:04 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: Mike Easter wrote: > However, I might actually > intentionally securely open and render a known spam for some special > purpose. That doesn't count as points for the spammer. BTW - 'to see what's inside' doesn't count as a 'special purpose' - because it can't be distinguished from the behavior of a curious unpledged spamopening spamreader under the 'grip' of the manipulative spammer and who might do anything; curiously clickup the website or buy what is being shilled. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 7 14:40:56 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 13:45:02 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: "Miss Betsy" wrote in message news:chkpir$u1g$1@news.spamcop.net... > > "Steve Gilder" wrote in message > news:chknhr$rnh$1@news.spamcop.net... > > First, thanks to everyone that replied to my questions and requests > for > > advice and help. > > > 2. Don't have thin skin. Some people's responses can be flip (and > > occasionally very funny). Don't get angry, ask for a clarification or > more > > info. Regular Contributers will help you in ways you never imagined > you > > needed to know. > > When I first read this, ITYS 'don't....ask for a clarification' but OSL > I think you mean, 'do ask' Nevertheless I love the line 'will help you > in ways you never imagined you needed to know.' They are a great > group! > > Miss Betsy > another one who only knows a little shinola > > Yes. Of course that is what I meant. The OP would have been clearer if I had said: *Don't get angry. Do ask for...*. Steve p.s. Anyone know what *shinola* (or is it shineola) really is? :-) From MikeE at ster.invalid Tue Sep 7 11:47:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:50:02 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: Anonymous wrote: > "Mike Easter" >> - describe or assure the security they use while reading spam > > I read source code only... > >> - roughly approximate what percentage of their spam they read > > 100% > >> - 'explain' how they decide which spams to read > > I read each and every one... Well, that's not 'reading' - but inspecting. >> - answer how often they visit a spamvertised site to 'further' >> satisfy their curiosity or interest > > 100% of the time... I visit each spamvertised website in a > secured source-code-only browser for evidence gathering and to > get the images for SpamVampire. ..also, I'd call that 'inspecting' rather than 'visiting' >> - define approximately how often they make additional notifies on >> the basis of spamreading, and how > > You'd be amazed how often you can glean additional information > from the source code of the spam and the spamvertised website. > That's why I always look at them. I almost always find additional > LART avenues doing this (whether it be the credit card processing > company the spammer is using or an otherwise legitimate website > that's been suckered into associating with the spammer). > >> - answer whether or not they are pledged to never aid or profit a >> spammer > > I go one step further than that pledge... I pledge to cost > spammers as much as possible in time, effort and money. That is quite the opposite from curious spamreading or website clicking-- but instead is an intensive 'examination' process which extends to the website and beyond. It doesn't involve the 'grip' of the spammer at all. I wouldn't call any of that spamreading or website 'visiting' - but more of extensive inspection or investigation for purposes of exploring and exploiting vulnerabilities. Definitely a position which is more extreme than the vast majority of spamfighters in terms of 'aggressiveness'. -- Mike Easter kibitzer, not SC admin From notspam at alias.hotpop.com Tue Sep 7 11:50:44 2004 From: notspam at alias.hotpop.com (JV) Date: Tue Sep 7 13:55:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] In-Reply-To: References: Message-ID: Mike Easter wrote: > posted to .spam and spamcop, f/ups to spamcop > > JV wrote: > >>This one includes a solution for ED, free porn and a recipe for a pie. >>Where's the software and loan offer? > > > There you go, reading your spam again. > > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam I use the same setup I use for my real work. Fully patched, locked down, Mozilla, text. Snort IDS with custom rules watching all traffic including outbound. Firewalls, DMZ. > - roughly approximate what percentage of their spam they read That's dynamic. Today, 5%. Last week, 1% total. > - 'explain' how they decide which spams to read Obvious phish, abusive, obscure, or occasionally amusing items. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest When I see evidence of an attempt to plant vermin or redirection. > - define approximately how often they make additional notifies on the > basis of spamreading, and how Always, when vermin are involved. I notify the service provider. > - answer whether or not they are pledged to never aid or profit a > spammer Yes, I have so pledged. Anti-spam is not my primary dicipline. Spam is a vector of concern in my real work. :-) From MikeE at ster.invalid Tue Sep 7 11:51:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 13:55:12 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: Steve Gilder wrote: > p.s. Anyone know what *shinola* (or is it shineola) really is? :-) Years ago, when but a lad working in a smalltown 'drugstore' I sold the many varieties of Shinola shoe polish, with the nifty tin container with the attached lid opener, depicted here http://www.packagemuseum.com/exhibits/shinola01/shinola01.htm -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 7 15:09:58 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 14:10:03 2004 Subject: [SpamCop-List] Re: What I learned in two weeks [C&C] References: Message-ID: "Mike Easter" wrote in message news:chkse8$16f$1@news.spamcop.net... > Steve Gilder wrote: > > p.s. Anyone know what *shinola* (or is it shineola) really is? :-) > > Years ago, when but a lad working in a smalltown 'drugstore' I sold the > many varieties of Shinola shoe polish, with the nifty tin container with > the attached lid opener, depicted here > http://www.packagemuseum.com/exhibits/shinola01/shinola01.htm > > -- > Mike Easter > kibitzer, not SC admin > > I guess I should have said: Mike Easter - someone else said it, but worth listening to and a font of information (some of which is obscure and would test a *Jeopardy* contestant) Thanks Mike. I did spell it right. From MikeE at ster.invalid Tue Sep 7 12:19:02 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 14:20:03 2004 Subject: [SpamCop-List] Re: What I learned in two weeks [C&C] References: Message-ID: Steve Gilder wrote: > "Mike Easter" >> Years ago, when but a lad working in a smalltown 'drugstore' I sold >> the many varieties of Shinola shoe polish, with the nifty tin >> container with the attached lid opener, depicted here >> http://www.packagemuseum.com/exhibits/shinola01/shinola01.htm > information (some of which is obscure and would test a *Jeopardy* > contestant) I've been busy searching to find out how long Shinola was around [1924-1968] but I can't find out much more about Bixby's than this.. "This brand of shoe products has become part of American slang and its well-known phase can be heard in conversations throughout the world. Originally Bixby’s produced the Shinola product line and later it was known as "Best Foods" - then it was "Special Products" an affiliate of CPC. Best Foods later merged with Unilever in 2000 to form "Unilever Bestfoods", at the time the largest all cash merger ever." ..and a little blurb about where Bixby's used to be in Indianapolis. There were also some radio programs which were Shinola sponsored which I never heard of. -- Mike Easter kibitzer, not SC admin From baloo at ursine.dyndns.org Tue Sep 7 11:46:07 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Tue Sep 7 14:25:03 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: <87isaqgeg0.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Roli" writes: > We as a ISP realized, that we are on the spamcop blacklist. > But we don't know why!! http://www.spamcop.net/bl.shtml Hope this helps. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBPfPkUzgNqloQMwcRAhtOAKDMvzwq3U9Qk4Ynit0lC7ovJRfqjwCcC0OO CCEexhqZJyTKAbYr4RckfPc= =zPnO -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Tue Sep 7 11:46:57 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Tue Sep 7 14:25:12 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: <87eklegeem.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Thomas Burns" writes: > Its closed now. anything I can do about getting an expidited removal? Don't let it happen again? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBPfQRUzgNqloQMwcRArlUAJ9In1UBUjLNYnz92xK+0VzcxVRsbACg2ujg hKgXTc+qyQ5qphSplKO+3Ao= =gpTe -----END PGP SIGNATURE----- From nobody at spamcop.net Tue Sep 7 14:12:59 2004 From: nobody at spamcop.net (Ellen) Date: Tue Sep 7 14:30:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Thomas Burns" wrote in message news:chkm0r$q3e$1@news.spamcop.net... > Morning everyone.... > > While trying to troubleshoot an NDR issue this weekend, I left the realy > door open. > > Its closed now. anything I can do about getting an expidited removal? > > IP: 65.203.79.50 > > Write to me at deputies spamcop.net and include the IP and the time line for when it was open and when it was closed. Ellen From nobody at devnull.spamcop.net Tue Sep 7 15:37:28 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 14:40:05 2004 Subject: [SpamCop-List] Re: What I learned in two weeks [C&C] References: Message-ID: "Mike Easter" wrote in message news:chku20$2nk$1@news.spamcop.net... > Steve Gilder wrote: > > "Mike Easter" [snip] > I've been busy searching to find out how long Shinola was around > [1924-1968] but I can't find out much more about Bixby's than this.. > > "This brand of shoe products has become part of American slang and its > well-known phase can be heard in conversations throughout the world. > Originally Bixby's produced the Shinola product line and later it was > known as "Best Foods" - then it was "Special Products" an affiliate of > CPC. Best Foods later merged with Unilever in 2000 to form "Unilever > Bestfoods", at the time the largest all cash merger ever." > > ..and a little blurb about where Bixby's used to be in Indianapolis. > > There were also some radio programs which were Shinola sponsored which I > never heard of. > > -- > Mike Easter > kibitzer, not SC admin > > Way more info than I was looking for (I suspected it was a polish but I really just wanted a spelling check) . Sorry Mike but I think you have way too much free time on your hands. ;-p From MikeE at ster.invalid Tue Sep 7 12:50:24 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 14:55:02 2004 Subject: [SpamCop-List] Re: What I learned in two weeks [C&C] References: Message-ID: Steve Gilder wrote: > Sorry Mike but I think you have way too much free time on your hands. > ;-p Right now I'm tweaking the Shinola .jpg so that the print and colors show better and more accurately, getting rid of or obscuring that checkered background, and trying to figger out something clever to do with the graphic. eg, I have a friend who passes various 'bogus' politicially motivated 'tales' to me which I have to straighten him out on, and I think I'll attach the graphic with, "yeah? and in case you didn't recognize it, /this/ is the Shinola." or somesuch. He's not only old enough to recognize a Shinola can, but he ought to be old enough to recognize the unreliability of the tales he's peddling. -- Mike Easter kibitzer, not SC admin From 3f04ux402 at sneakemail.com Tue Sep 7 15:40:26 2004 From: 3f04ux402 at sneakemail.com (3f04ux402@sneakemail.com) Date: Tue Sep 7 15:00:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: > Waiving the right to remain silent, Cat > said: > > Don't get your panties in a wad just > because you can't handle the fact that women aren't all > submitting to some 1950s June Cleaver stereotype. Wally and the Beav respectfully request that you cease and desist from dissin' their mom. Thank you. -- E. Haskell, Esq. From mrichter at cpl.net Tue Sep 7 12:57:13 2004 From: mrichter at cpl.net (Mike Richter) Date: Tue Sep 7 15:00:14 2004 Subject: [SpamCop-List] Re: Apologies in advance for old news... In-Reply-To: References: Message-ID: Glenn Daniels wrote: > Well... I am surely in your debt for the assist. Dare to offer an > opinion on whether you found the reading worthy of your time? > If only as a validation of what you already knew to be the case? > > Again, thanks much, > Glenn You're welcome - it was really to assist others who might not know whether to visit. (I had read the material before, so did not go through it again. I did find it worthwhile.) Mike -- mrichter@cpl.net http://www.mrichter.com/ From porpoise1954 at yahoo.co.uk Tue Sep 7 21:00:44 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 15:05:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Dar" wrote in message news:chkodb$sqq$1@news.spamcop.net... > > > > I'm not aware of that law/tradition/practice (likely after my time), > do > > > you > > > > have any links? > > > > > > http://www.writing-business-letters.com/business-letter-format.html > > > Dear Sir or Madam: > > > > That's when it is to an individual. When it is to a whole department or > > company, it is "Dear Sirs". (In this context it is being used > collectively). > > http://www.fgcu.edu/careers/students/successpacket2.html > In any case, avoid potentially offensive salutations like > "Dear Gentlemen," or "Dear Sirs." Maybe, but that's not English - it's American PC > > http://www.kanten.com/styleguide/letelem.html > When the addressee's name is unknown, several options are available: > Ladies and Gentlemen: (or the reverse) Ladies: (all women) > Dear Sir or Madam: (or the reverse) Gentlemen: (all men) > Dear Friends: Dear Colleagues: > Sexist salutations, e.g., Dear Sirs, Gentlemen, etc., are not used. > When none of the non-gender alternatives seems appropriate, a > simplified letter format (omitting the salutation) may be used. > > From MikeE at ster.invalid Tue Sep 7 13:08:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 15:10:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Dar wrote: > When none of the non-gender alternatives seems appropriate, a > simplified letter format (omitting the salutation) may be used. When you get to thinking about it, a salutation is pretty stupid and meaningless - "Dear Sirs (colon)" - what the hell is that all about? ...to say nothing of such as "Yours truly" or "Sincerely" -- bah! bogus ceremonialism. Junk. Some of our traditional 'structures' need to be re-thought. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Sep 7 21:15:54 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 15:20:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Mike Easter" wrote in message news:chl0v6$5p2$1@news.spamcop.net... > Dar wrote: > > When none of the non-gender alternatives seems appropriate, a > > simplified letter format (omitting the salutation) may be used. > > When you get to thinking about it, a salutation is pretty stupid and > meaningless - "Dear Sirs (colon)" - what the hell is that all about? > > ...to say nothing of such as "Yours truly" or "Sincerely" -- bah! bogus > ceremonialism. Junk. > > Some of our traditional 'structures' need to be re-thought. > > -- > Mike Easter > kibitzer, not SC admin > > Dear Sir, I concur! Yours faithfully, Me From nobody at nowhere.invalid Tue Sep 7 23:18:31 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Sep 7 16:20:17 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: On Tue, 7 Sep 2004 12:08:44 -0700, Mike Easter coughed into spamcop and left this in : > ...to say nothing of such as "Yours truly" or "Sincerely" -- bah! bogus > ceremonialism. Junk. You should see how far the French take it. You simply cannot send off a letter unless it ends in something like: Vous remerciant d'avance pour votre consid?ration, je vous prie d'agr?er, Messieurs, l'expression de mes sentiments les meilleurs. These 2 lines basically boil down to "Thank you in advance. Yours sincerely". -- Steve Television -- a medium. So called because it is neither rare nor well done. -- Ernie Kovacs From tburns at torcausa.com Tue Sep 7 17:22:21 2004 From: tburns at torcausa.com (Thomas Burns) Date: Tue Sep 7 16:25:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: Yes I'm sure. I had relay clicked to allow users....... "Mike Easter" wrote in message news:chkp7g$tj2$1@news.spamcop.net... > Merlyn wrote: >> "Thomas Burns" >>> IP: 65.203.79.50 >> >> You might have closed your relay but are you sure that is what is was? >> Maybe it could be an SMTP AUTH Hack on your Exchange server version >> 6.0.6487.0 > > I tho't it was 5.0.2195.6713 -- ie 2000 > > Also, I don't know how much senderbase 'lags' behind 'reality' - but when > I first looked when the thread started it was just about normal, since > then it has jumped to 822% for today. > > And, on a slightly different topic, but re this IP, does anyone know what > blars 127.3.0.0 means - it isn't really described at > http://www.blars.org/errors/block.html but that IP carries such a > listing. > > -- > Mike Easter > kibitzer, not SC admin > > From tburns at torcausa.com Tue Sep 7 17:33:53 2004 From: tburns at torcausa.com (Thomas Burns) Date: Tue Sep 7 16:35:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: I sent the message. Thanks. I was troubleshooting a problem on my exchange server and LEFT THE RELAY CHECKED TO ALLOW USERS....(I did this friday night/saturday morning 3/4 sept 04) For my over site as a system administrator I should probely be taken out and flogged. (drawing and quartering is a bit much I think) I closed the relay 1st thing this morning (at about 8 AM on the 7th) (when I noticed that my NDR box had over 10000 messages sitting in it. To speed things up (stop spamming) I turned off relay.... and I dumpted the mail queues with NO NDR. All I can say is that I was an IDIOT. my IP is: 65.203.79.50 "Ellen" wrote in message news:chkun8$3k8$1@news.spamcop.net... > > > "Thomas Burns" wrote in message > news:chkm0r$q3e$1@news.spamcop.net... >> Morning everyone.... >> >> While trying to troubleshoot an NDR issue this weekend, I left the realy >> door open. >> >> Its closed now. anything I can do about getting an expidited removal? >> >> IP: 65.203.79.50 >> >> > > Write to me at deputies spamcop.net and include the IP and the time > line for when it was open and when it was closed. > > Ellen > > From kenbrody at spamcop.net Tue Sep 7 17:11:56 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Sep 7 16:35:12 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: <413E160C.ED09D9A1@spamcop.net> Mike Easter wrote: [...] > - some kind of actual 'curious' spamreading, which is the focus of my > debate with the aforementioned criteria > - 'conditions' of spam opening by non-spamreaders, such as described by > Pete and Kenneth, and also argued by Landmark over in alt.spam, who gets > infuriated with my anti-spamreading or anti-spamopening position or > crusade [...] Some subjects just beg to be peeked at, if only for the amusement of seeing what they're hawking. (At least the first time it arrives in your inbox/ held-mail folder.) For example: Sexually outperform anyone in the world! or THE PAPACY IS THE ANTICHRIST THAT IS TRYING TO DESTROY THE LAW OF GOD. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From masfjorden at spamcop.net Tue Sep 7 23:39:20 2004 From: masfjorden at spamcop.net (helge) Date: Tue Sep 7 16:40:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] In-Reply-To: References: Message-ID: Mike Easter skrev: snip > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam When the spam is in my spamcop held mail log (http://mailsc.spamcop.net/reportheld?action=heldlog/) I reckon I can read anything safely. I don't follow links, see below If the spam has got through spamcop's censorship and is in my regular mailbox (mozilla), I disconnect from the internet, open the msg to check whether it is spam, forward to spamcop and move the spamitem to trash before going online again. I hope that is sufficient. > - roughly approximate what percentage of their spam they read Nowadays, after mailhost was introduced, roughly 85 % of my spam is quick-reported. The rest is reported, and if it is not obvious who should be notified in accordance with Marjolein's website, I inspect the spam. Rarely I find it entertaining reading. > - 'explain' how they decide which spams to read see above > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest Never. I have not bothered to find out about secure ways to do it, therefore I don't do it. While I did a lot of foolish things before I discovered spamcop, I believe I have never followed a spam link. > - define approximately how often they make additional notifies on the > basis of spamreading, and how. Always if there is some text element that helps, like notifying adobe/macromedia in addition to microsoft, or finding someting like enlar[ment, not discovered by spamassassin. > - answer whether or not they are pledged to never aid or profit a > spammer Even before I read about the pledge, I never considered buying anything from sources I could not trust. > > -- > Mike Easter > kibitzer, not SC admin > helge From MikeE at ster.invalid Tue Sep 7 14:42:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 16:45:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: <413E160C.ED09D9A1@spamcop.net> Message-ID: Kenneth Brody wrote: > Some subjects just beg to be peeked at, if only for the amusement of > seeing what they're hawking. (At least the first time it arrives in > your inbox/ held-mail folder.) > > For example: > > Sexually outperform anyone in the world! > or > THE PAPACY IS THE ANTICHRIST THAT IS TRYING TO DESTROY THE LAW OF > GOD. Ah, but you are being 'manipulated'. The wary spamfighter with the right kind of 'attitude' and 'backbone' might handle such manipulation and curiosity, but consider.... Suppose the subject examples are 'all you get'. That is, you think 'How clever!. I wonder what's the gig?' -- so you open the spamitem -- only to find, like the nested Russian dolls, that all that's inside is another wrapper, namely a link to the website. Why don't you just go ahead and click on that, too? -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 7 16:42:50 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 16:45:13 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Dar wrote: > http://www.writing-business-letters.com/business-letter-format.html > Dear Sir or Madam: > > http://www.benning.army.mil/iobc/customs/helpful_hints.htm > Female officers are to be called "ma'am," not "sir." > > http://www.military-net.com/education/mpdcustoms.html > Q. When addressing a female officer, what term is used other than rank? > A. Ma'am. I'll keep those for future reference. > In defense of Cat, even if *wise men* was only used as an expression, > Magnus Back still wouldn't have used that term if he had considered > the fact that women might play a role in this forum. I also believe > it to be a slip-up on his part in that he thought only in terms of > males responding to his question. Hey, someone finally gets it. The whole reason I even commented on it was because Magnus didn't seem to consider the possibility of replies from women here. Instead, some people chose to blow things way out of proportion and attack me over it. From nobody at devnull.spamcop.net Tue Sep 7 16:49:04 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 16:50:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: John Lurker wrote: > If I recall correctly the English language lacks certain gender neutral > phrases. You're right about that. > Hasn't the masculine tense been used quite correctly when gender is unknown > or even mixed? No, it's still incorrect. > I would think that the guy deserves some slack. I would think double slack > might be > in order if English isn't his first language. I'll give you credit for at least posting calmly and rationally instead of jumping on the bandwagon to flame me like some others have done. I think Dar's post explained it best, which was the point I was trying to make in the first place. From nobody at devnull.spamcop.net Tue Sep 7 16:52:47 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 16:55:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, Cat > said: > > >>That has nothing to do with PC, and I certainly wasn't attacking >>him. That was hardly a generic term. It's really kind of sad >>that you view respect toward women as only a PC thing, but I >>guess that explains why you're behaving like some neanderthal >>with a 1950s mentality. Don't get your panties in a wad just >>because you can't handle the fact that women aren't all >>submitting to some 1950s June Cleaver stereotype. > > > Pot-Kettle-Black. Now, who's tossing out stereotypes..? I'm only addressing the stereotypes that other people are perpetuating here, so there's no pot-kettle-black. > Methinks the lady doth protest too much. I think everyone who chose to flame me over this were the ones guilty of "protest(ing) too much." From nobody at devnull.spamcop.net Tue Sep 7 16:55:48 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 17:00:02 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Berny wrote: > Cat, I used to like your posts, but I haven't seen one that wasn't about > these topics and Top/Bottom posting for so long that I don't look at them > any more. You're getting more strident and you seem to have lost your sense > of humour. If you haven't been reading my posts lately, then you wouldn't really be qualified to know what I do or don't post about in every post, and you'd know that not all of my posts are about the things that you listed above. From tburns at torcausa.com Tue Sep 7 18:00:25 2004 From: tburns at torcausa.com (Thomas Burns) Date: Tue Sep 7 17:05:04 2004 Subject: [SpamCop-List] Thank you Message-ID: My record is removed. Thank you. I'll do my best to not be an idiot in the future. From MikeE at ster.invalid Tue Sep 7 15:01:57 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 17:05:13 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: <413E160C.ED09D9A1@spamcop.net> Message-ID: Kenneth Brody wrote: > THE PAPACY IS THE ANTICHRIST THAT IS TRYING TO DESTROY THE LAW OF > GOD. BTW -- re that item in .spam. That's an interesting spam in that it is a joejob against Schmuel (Seymour J.) Metz -- that is, it is partially a joejob by putting Metz's website in a prominent position in the spambody, and partially an adventist promotion by an adventist characterized in some detail at Metz's site, which addresses the job issue. http://patriot.net/~shmuel/adventist.joejob.html -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 7 17:09:10 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 17:10:02 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Robi wrote: > So, if he only want's input from wise men of spamcop, then let him get the > input from wise men of spamcop. What's the fuss? > Ellen, the Wise Woman (I know, gramatically redundant^2) from spamcop, replied. Your comments support my reasons for my original complaint, which was that Magnus should have considered the possibility of replies from women or that some people in positions of power at SpamCop (Ellen) are women. My original post was a simple request for the OP to consider that the participants of the newsgroup and people in a position to help him aren't all men. Those who so rudely attacked me over it are the ones who turned it into an unnecessary fuss. P.S. While you're mentioning grammar, "wants" should not have an apostrophe in it. I don't understand why people automatically want to put an apostrophe in every word that ends in S, but that's a whole different discussion that doesn't need to be started here either. From Merlyn at Spamcop.net Tue Sep 7 18:11:08 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Tue Sep 7 17:15:03 2004 Subject: [SpamCop-List] Re: Thank you References: Message-ID: "Thomas Burns" wrote in message news:chl7hd$dgu$1@news.spamcop.net... > My record is removed. Thank you. > > I'll do my best to not be an idiot in the future. > Don't call yourself an idiot, being human is a good thing. Mistakes happen, what counts is you caught it and fixed it immediately. Now you should go after the pondscum that abused your server and bandwidth. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Tue Sep 7 18:30:56 2004 From: nobody at spamcop.net (Firewoman) Date: Tue Sep 7 17:30:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Thomas Burns" wrote in message news:chl5vn$b8m$1@news.spamcop.net... > To speed things up (stop spamming) I turned off relay.... and I dumpted the > mail queues with NO NDR. All I can say is that I was an IDIOT. We all make mistakes, we're all human. At least that's all you did. :) Last weekend I converted our network to DHCP and lost the firewall (which cut off our website to the world). Didn't notice the problem was in the switches (needing hard IP's) until 2 days later. To say I berated and abused myself for it is an understatement. Sometimes learning through experience has its benefits, I'll never make the same mistake again! From porpoise1954 at yahoo.co.uk Tue Sep 7 23:41:20 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 17:45:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chl72o$ct2$1@news.spamcop.net... > Larry J. wrote: > > > Waiving the right to remain silent, Cat > > said: > > > > <> > > > Methinks the lady doth protest too much. > > I think everyone who chose to flame me over this were the ones guilty of > "protest(ing) too much." > I think you are confusing protest with taking the piss. From porpoise1954 at yahoo.co.uk Tue Sep 7 23:43:00 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 7 17:45:16 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chl81g$e5c$1@news.spamcop.net... > Robi wrote: > > > <> > > P.S. While you're mentioning grammar, "wants" should not have an > apostrophe in it. I don't understand why people automatically want to > put an apostrophe in every word that ends in S, but that's a whole > different discussion that doesn't need to be started here either. > Oh yes it does!........ From nobody at devnull.spamcop.net Tue Sep 7 17:50:17 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 17:55:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Robi wrote: > Cat, take a chill pill (I'll get bashed for mentioning "pill" ;-). > 1. he was joking with this comment... --> :-P > 2. he said 'last time he posted'... not this time... > > >>>Joke aside, I just used it as an expression, like the three wise men. > > ^^^^^^^^^^ > there, see, joke. Like I said elswhere, I think Dar's original post in this thread covers pretty much what I was trying to say, but some people chose to blindly flame me for it. Magnus' attitude seemed to be "well, I didn't get any helpful replies from females last time, so I'll just assume that only males will respond and help this time." > My wife asked if you are a homemaker? a stay at home mom? Just curious... No, I'm not, and I don't see why you would think that considering how vocal I am against the June Cleaver stereotype. If I were a stay at home mom, do you really think I would have as much of a problem with the neanderthal attitudes of some of the male members of the newsgroup that a woman's place is at home in the kitchen doing "woman's work"? I'm actually a bit insulted that you'd even think that since you spend enough time in .social to know that I'm not the June Cleaver type who sticks to traditional traditional gender roles. I went to college for the purpose of getting a career, not just to shop for a husband. > You take this way to serious. I'm not taking anything too seriously. The people who flamed me over it are the ones who took it too seriously. I posted a simple politely worded reply, and people chose to flame me over it for no good reason. If you're going to accuse anyone of taking this whole thing too seriously, you should direct your comments to everyone who felt their egos and manhood were being threatened to the point that they attacked me over it. From nobody at devnull.spamcop.net Tue Sep 7 17:53:41 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 17:55:14 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Porpoise wrote: > "Cat" wrote in message > news:chl81g$e5c$1@news.spamcop.net... >>P.S. While you're mentioning grammar, "wants" should not have an >>apostrophe in it. I don't understand why people automatically want to >>put an apostrophe in every word that ends in S, but that's a whole >>different discussion that doesn't need to be started here either. >> > > > Oh yes it does!........ I meant that in the sense that this whole thread has gotten so far off-topic and out of hand for this newsgroup that it all belongs more in .social where topic drift is an art form. :-P From r_buecheler at hotmail.com Tue Sep 7 17:58:51 2004 From: r_buecheler at hotmail.com (Robi) Date: Tue Sep 7 18:15:24 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Robi wrote: > > > >> So, if he only want's [...] > P.S. While you're mentioning grammar, "wants" should not have an > apostrophe in it. you are right, my pinkie was a little bit too trigger happy there :) So, if he only wants... now that looks better. -- Robi From nobody at devnull.spamcop.net Tue Sep 7 18:17:15 2004 From: nobody at devnull.spamcop.net (Cat) Date: Tue Sep 7 18:20:05 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Robi wrote: > Cat wrote: >>P.S. While you're mentioning grammar, "wants" should not have an >>apostrophe in it. > > > you are right, my pinkie was a little bit too trigger happy there :) > > > So, if he only wants... > > now that looks better. You could always argue that your want was in possession of some input. ;-) From MikeE at ster.invalid Tue Sep 7 16:31:58 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 18:35:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Cat wrote: > Robi wrote: >> you are right, my pinkie was a little bit too trigger happy there :) >> >> >> So, if he only wants... >> >> now that looks better. > > You could always argue that your want was in possession of some > input. ;-) Well.... ... since 'want' is also^1 a contraction of 'was not' - or "wa'n't" -- think what we can do. Something like -- "Oops, I accidentally left out one of *wa'n't's* 3 apostrophes!" ^1 http://dictionary.reference.com/search?q=want&db=* [ME: M-W Unabridged free trial section] -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 7 16:35:33 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 18:40:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Mike Easter wrote: > Something like -- "Oops, I accidentally left out one of *wa'n't's* > 3 apostrophes!" That doesn't quite work. Safer leaving out the '3' I accidentally left out one of wa'n't's apostrophes. -- Mike Easter kibitzer, not SC admin From mswift at computerassistance.com Tue Sep 7 17:06:59 2004 From: mswift at computerassistance.com (mjj) Date: Tue Sep 7 19:10:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chjjp4$om9$1@news.spamcop.net... > > Grow some manners and respect. Maybe people should start referring to you > as Ma'am or Mrs. J all the time, and we'll see how you like that. > How about Dear Spamcopper(s), (or other company or functional name) That covers all sexes and singular or plural receivers. I try to avoid the overtly sexist M'am at all costs. M'am and Madam were invented as politesse for the female milk glands. As some marketing joker said "a feature so great they named a species after it" is the opposite of PC in my mind. Talk about reducing a person to an object! Yes, sergeant or captain or general works fine in a military situation MylesJ From nobody at spamcop.net Tue Sep 7 20:34:27 2004 From: nobody at spamcop.net (indigo) Date: Tue Sep 7 19:35:03 2004 Subject: [SpamCop-List] What's going on here? Message-ID: Second spam I've gotten at home that doesn't appear to have a source -- am *I* the source? I'm locked down with Atguard, up to date McAffee viruscan, SpamGuard, SpywareBlaster, and run Spybot and Adaware weekly. These headers below look really, really weird...... Received: from ooth (localhost[127.0.0.1]) by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 +0000 X-Originating-IP: [127.0.0.1] From: "mistyoh7" Reply-To: "mistyoh7" To: x BCC: x Subject: why commute Content-Type: text/plain;charset="iso-8859-1" Date: Tue, 7 Sep 2004 15:15:17 -0400 X-HTMLModify: CLEAN - not modified X-SpamPal: PASS View entire message Parsing header: Received: from ooth (localhost[127.0.0.1]) by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 +0000 127.0.0.1 found host 127.0.0.1 = localhost (cached) localhost is not a hostname 127.0.0.1 discarded No source IP address found, cannot proceed. From not at home.today Wed Sep 8 01:30:25 2004 From: not at home.today (Ant) Date: Tue Sep 7 19:35:12 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: Message-ID: "Mike Easter" wrote... > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam I allow my html spam to render while physically disconnected from the net, after having first checked the raw text for malicious code. > - roughly approximate what percentage of their spam they read All of it, so far. It only requires a quick glance to know if I've seen it before. > - 'explain' how they decide which spams to read See above. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest Never for curiosity about what they may be selling, but sometimes for other investigative purposes. I don't do it by clicking on links in the spam. > - define approximately how often they make additional notifies on the > basis of spamreading, and how That's not why I read it. I'm interested in new scams, and techniques of obfuscation and social engineering. > - answer whether or not they are pledged to never aid or profit a > spammer If I had the time and the bandwidth, I'd probably do what Anonymous does; i.e. actively attack them. From rcarlton at spamcop.net Tue Sep 7 19:48:24 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Tue Sep 7 19:55:05 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: On 9/7/04 6:34 PM, in article chlgbg$p30$1@news.spamcop.net, "indigo" wrote: > Second spam I've gotten at home that doesn't appear to have a source -- am > *I* the source? I'm locked down with Atguard, up to date McAffee viruscan, > SpamGuard, SpywareBlaster, and run Spybot and Adaware weekly. These headers > below look really, really weird...... > > Received: from ooth (localhost[127.0.0.1]) > by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP > id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 +0000 > X-Originating-IP: [127.0.0.1] Looks like Comcast's server in Redwood City's been compromised to me. Is your machine named "ooth" ? From MikeE at ster.invalid Tue Sep 7 17:58:19 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 7 20:00:03 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: indigo wrote: > Second spam I've gotten at home that doesn't appear to have a source > -- am *I* the source? Does that 'ooth' look familiar to you in any way? Like have you named any machine like that? Those are pretty screwy headers - I see others in sightings where that same comcast server generally handled an item and stamped it properly and others where it stamped an item like that when it was being bounced or something. The other thing is that when comcast handles a thing from inside or without a msg id, it typically gives it a comcast msgid. This item has no msgid at all. And, what's that BCC doing in there? Comcast would be the only one you could notify with that. If their server is screwing up its line, the notify would bring it to their attention. > Received: from ooth (localhost[127.0.0.1]) > by rwcrmxc11.comcast.net (rwcrmxc11) -- Mike Easter kibitzer, not SC admin From not at home.today Wed Sep 8 02:04:26 2004 From: not at home.today (Ant) Date: Tue Sep 7 20:05:03 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: "Steve Gilder" wrote... [...] > 2. Don't have thin skin. Some people's responses can be flip (and > occasionally very funny). Don't get angry, [..] That applies to all of Usenet. It's amazing how some people allow themselves to get wound up. > Special thanks to: [...] > Last but certainly not least: Graeme Leith and Ant Ooh, mentioned in despatches :) From usenet1 at DE.LETE.THISljvideo.com Wed Sep 8 02:27:33 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 21:30:20 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > Larry J. wrote: > >> Waiving the right to remain silent, Cat >> said: >> >> >>>That has nothing to do with PC, and I certainly wasn't >>>attacking him. That was hardly a generic term. It's really kind >>>of sad that you view respect toward women as only a PC thing, >>>but I guess that explains why you're behaving like some >>>neanderthal with a 1950s mentality. Don't get your panties in a >>>wad just because you can't handle the fact that women aren't >>>all submitting to some 1950s June Cleaver stereotype. >> >> >> Pot-Kettle-Black. Now, who's tossing out stereotypes..? > > I'm only addressing the stereotypes that other people are > perpetuating here, so there's no pot-kettle-black. > >> Methinks the lady doth protest too much. > > I think everyone who chose to flame me over this were the ones > guilty of "protest(ing) too much." Typical PC'ers response. Blame everyone else, then look around for a messenger to shoot. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From usenet1 at DE.LETE.THISljvideo.com Wed Sep 8 02:28:32 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 21:30:39 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, "Dar" said: > In defense of Cat, even if *wise men* was only used as an > expression, Magnus Back still wouldn't have used that term if he > had considered the fact that women might play a role in this > forum. I also believe it to be a slip-up on his part in that he > thought only in terms of males responding to his question. I would have flamed him for using "Wisepersons." ;-) -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From usenet1 at DE.LETE.THISljvideo.com Wed Sep 8 02:32:11 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Sep 7 21:35:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, "mjj" said: > I try to avoid the overtly sexist M'am at all costs. M'am and > Madam were invented as politesse for the female milk glands. Where the heck did you get that invention..? Literally, it means: ma dame, or, my lady. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at devnull.spamcop.net Wed Sep 8 00:38:36 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 7 23:40:18 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: "Ant" wrote in message news:chliah$r25$1@news.spamcop.net... > "Steve Gilder" wrote... > > [...] > > 2. Don't have thin skin. Some people's responses can be flip (and > > occasionally very funny). Don't get angry, [..] > > That applies to all of Usenet. It's amazing how some people allow > themselves to get wound up. > > > Special thanks to: > [...] > > Last but certainly not least: Graeme Leith and Ant > > Ooh, mentioned in despatches :) > > didn't want to hurt you ears ;-) From nobody at devnull.spamcop.net Wed Sep 8 01:23:54 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Sep 8 01:25:13 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, Cat > said: >>I think everyone who chose to flame me over this were the ones >>guilty of "protest(ing) too much." > > > Typical PC'ers response. Blame everyone else, then look around for > a messenger to shoot. Talk about the pot calling the kettle black. You flamed me for no good reason, then you're trying to put blame on me over your inability to accept that women aren't an inferior being. I'm sorry that women have invaded your so-called "man's world" but stop dragging your knuckles and get over it! From nobody at devnull.spamcop.net Wed Sep 8 01:36:50 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Sep 8 01:40:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, Cat > said: >> I think everyone who chose to flame me over this were the ones >> guilty of "protest(ing) too much." > > > > Typical PC'ers response. Blame everyone else, then look around for a messenger to shoot. Talk about the pot calling the kettle black. You flamed me for no good reason, then you're trying to put blame on me over your inability to accept that women aren't an inferior being. I'm sorry that women have invaded your so-called "man's world" but stop dragging your knuckles and get over it! It's obvious you're only interested in being a troll due to your attacks against me and your pathetic attempts to put the blame for it off on me. From avoozl at spamcop.net Tue Sep 7 23:53:17 2004 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Wed Sep 8 01:55:03 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] References: <413E160C.ED09D9A1@spamcop.net> Message-ID: "Mike Easter" wrote in message news:chl6ej$c04$1@news.spamcop.net... > Ah, but you are being 'manipulated'. The wary spamfighter with the right > kind of 'attitude' and 'backbone' might handle such manipulation and > curiosity, but consider.... > > Suppose the subject examples are 'all you get'. That is, you think 'How > clever!. I wonder what's the gig?' -- so you open the spamitem -- only > to find, like the nested Russian dolls, that all that's inside is another > wrapper, namely a link to the website. Why don't you just go ahead and > click on that, too? > > -- > Mike Easter > kibitzer, not SC admin > Well, you COULD click on the link.. but the way I see it.. If you're not actively paying someone who supports spamming then it really doesn't matter. :) From nobody at spamcop.net Wed Sep 8 00:18:24 2004 From: nobody at spamcop.net (K. Crocker) Date: Wed Sep 8 02:20:02 2004 Subject: [SpamCop-List] Re: George Bush quote (was Re: Who the hell gave spamcop the right?) In-Reply-To: References: <413B7EA9.A640332D@spamcop.net> Message-ID: N. Miller wrote: > In article , DevilsPGD says... > > >>In message <413B7EA9.A640332D@spamcop.net> Kenneth Brody >> wrote: > > >>>>"Our enemies are innovative and resourceful, and so are we. They never stop >>>>thinking about new ways to harm our country and our people, and neither do >>>>we." >>>>George W. Bush 8/5/04 > > >>>Tough to dispute that one, when it's right on the White House website: > > >>> http://www.whitehouse.gov/news/releases/2004/08/20040805-3.html > > >>It's funny because it's true! > > > It can be read two ways, you know; your way, and my way. > Here, here. The thought is completed in the next sentence, which Socks conveniently omitted: "We must never stop thinking about how best to defend our country when we all must always be forward-thinking." Now, his grammar may be deplorable, but the idea is there. From bar_n0ne at hotmail.com Wed Sep 8 12:09:35 2004 From: bar_n0ne at hotmail.com (Berny) Date: Wed Sep 8 03:10:21 2004 Subject: [SpamCop-List] Re: George Bush quote (was Re: Who the hell gave spamcop the right?) References: <413B7EA9.A640332D@spamcop.net> Message-ID: "K. Crocker" wrote in message news:chm86j$d1n$1@news.spamcop.net... > N. Miller wrote: > > > In article , DevilsPGD says... > > > > > >>In message <413B7EA9.A640332D@spamcop.net> Kenneth Brody > >> wrote: > > > > > >>>>"Our enemies are innovative and resourceful, and so are we. They never stop > >>>>thinking about new ways to harm our country and our people, and neither do > >>>>we." > >>>>George W. Bush 8/5/04 > > > SNIPPED > > > > It can be read two ways, you know; your way, and my way. > > > > Here, here. The thought is completed in the next sentence, which Socks > conveniently omitted: "We must never stop thinking about how best to > defend our country when we all must always be forward-thinking." Now, > his grammar may be deplorable, but the idea is there. Ummm, what? I'm pretty good at english but this tidbit looks like it was lifted from the %RANDOM_WORDS fields in a spam,.If it was said, then, what conceivable thought or idea, if any, could this complete or express? By the way I thought I was pretty good at English, but that quotation utterly defeats me. Now if we pretend he was a foreigner speaking an unfamiliar language, we might extrapolate and interpolate some meaning from this, but I think I'd rephrase and confirm if someone said that stuff to me. From nobody at nowhere.invalid Wed Sep 8 12:13:51 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Sep 8 05:15:35 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: On Tue, 7 Sep 2004 16:58:19 -0700, Mike Easter coughed into spamcop and left this in : > Does that 'ooth' look familiar to you in any way? Like have you named > any machine like that? Irrelevant. That's the string that the spamware EHLO'd with so it can't be trusted. -- Steve The only person to get all of his work done by Friday was Robinson Crusoe From me at axelsiebert.de Wed Sep 8 13:10:43 2004 From: me at axelsiebert.de (Axel Siebert) Date: Wed Sep 8 06:15:08 2004 Subject: [SpamCop-List] Re: Bug in spamcop http server References: Message-ID: On Mon, 6 Sep 2004 02:22:30 -0700, Mike Easter wrote: > Axel Siebert wrote: >> when submitting spam through the html form, my browser sends the POST >> request with the HTTP header item "Expect: 100-continue" if the spam >> is bigger than 10 KB. This is a way of checking that the receiving >> server really wants so much data, instead of potentially sending it >> in vain. > > I don't really want to debate the RFC point you are making, but to > present the issue from another perspective. > > Almost everyone is going to submit a big spam to the parser 'as is'. My > experience with that is that the parser truncates it as it wishes, > performs its parse, presents its report or cancel options, and that's the > end of the problem. > > Maybe that isn't the same thing as rfc2616 sez, but it certainly does > work. Maybe it's a better form of 'correspondence' than 'expect 100 > continue' - in this specific application. Yes. However there's no way to setup a browser to *not* use "Expect: 100-continue" for specific sites. A fix would be simple for Spamcop, they could simply ignore the "Expect: 100-continue", instead of sending the "100 Continue", but at a completely wrong time. Axel From MikeE at ster.invalid Wed Sep 8 05:02:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 8 07:05:19 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> Does that 'ooth' look familiar to you in any way? Like have you >> named any machine like that? > > Irrelevant. That's the string that the spamware EHLO'd with so it > can't be trusted. 'We' think that is a spam and the comcast server screwed up with its stamp and that's a spammer helo/ehlo and therefore useless. I am also considering the possibility that the item arose internally, from indigo's own system, because that was part of the initial query. If you send yourself a mail, depending on your mailuser agent and other issues, you might see that your own system uses some kind of identification in its helo, like the name of your computer or your user identity in the mua or similar and that 'name' appears in the 'from' field of your provider's server in the helo position. With my mua, I can't 'control' it directly; it is apparently derived by some registry entry I haven't investigated. However, I can 'recognize' it as familiar. As a part of gathering clues, 'ooth' would be relevant if it were familiar, eg the name of the indigo computer. If it is not familiar, it 'remains' useless and irrelevant. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Sep 8 07:39:11 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Sep 8 07:40:18 2004 Subject: [SpamCop-List] Re: George Bush quote (was Re: Who the hell gave spamcop the right?) References: <413B7EA9.A640332D@spamcop.net> Message-ID: "Berny" wrote in message news:chmb7i$f9c$1@news.spamcop.net... > > "K. Crocker" wrote in message > news:chm86j$d1n$1@news.spamcop.net... > > N. Miller wrote: > > > > > In article , DevilsPGD says... > > > > > > > > >>In message <413B7EA9.A640332D@spamcop.net> Kenneth Brody > > >> wrote: > > > > > > > > >>>>"Our enemies are innovative and resourceful, and so are we. They never > stop > > >>>>thinking about new ways to harm our country and our people, and > neither do > > >>>>we." > > >>>>George W. Bush 8/5/04 > > > > > SNIPPED > > > > > > It can be read two ways, you know; your way, and my way. > > > > > > > Here, here. The thought is completed in the next sentence, which Socks > > conveniently omitted: "We must never stop thinking about how best to > > defend our country when we all must always be forward-thinking." Now, > > his grammar may be deplorable, but the idea is there. > > Ummm, what? I'm pretty good at english but this tidbit looks like it was > lifted from the %RANDOM_WORDS fields in a spam,.If it was said, then, what > conceivable thought or idea, if any, could this complete or express? > > By the way I thought I was pretty good at English, but that quotation > utterly defeats me. > > Now if we pretend he was a foreigner speaking an unfamiliar language, we > might extrapolate and interpolate some meaning from this, but I think I'd > rephrase and confirm if someone said that stuff to me. > BTW, spamcop.social was created to be used when spamcop threads drifted. There are lots of people over there who would love this interchange! Follow ups set to .social Miss Betsy From nobody at spamcop.net Wed Sep 8 11:12:20 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 8 10:15:35 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Rick Carlton wrote: > > Received: from ooth (localhost[127.0.0.1]) > > by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP > > id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 > > +0000 X-Originating-IP: [127.0.0.1] > > Looks like Comcast's server in Redwood City's been compromised to me. > > Is your machine named "ooth" ? Nope. If that server is really hacked, is it worth my time to contact Comcast or am I just pissing in the wind? From nobody at spamcop.net Wed Sep 8 11:14:30 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 8 10:16:15 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Mike Easter wrote: > > The other thing is that when comcast handles a thing from inside or > without a msg id, it typically gives it a comcast msgid. This item > has no msgid at all. And, what's that BCC doing in there? > Dunno about the BCC. Those are the exact headers, there were a bunch of dictionary attack names in the CC list. From support at shlink.ch Wed Sep 8 17:18:05 2004 From: support at shlink.ch (Idefix) Date: Wed Sep 8 10:20:09 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: Our IP is 217.148.0.19 I couldn't find any E.Mail warnings. The only thing I found was a IP with google. We now blocked this IP. What else can we do instead of waiting and hoping? Roli "Miss Betsy" schrieb im Newsbeitrag news:chki6u$lgk$1@news.spamcop.net... > > "Roli" wrote in message > news:chkgrg$jpk$1@news.spamcop.net... > > Hello > > We as a ISP realized, that we are on the spamcop blacklist. > > But we don't know why!! > > Thanks for help > > > > In order for anyone to help you find out why you are on the scbl, you > will have to give the IP address of the server you think is blocked. > > The reason that the server is blocked is because either a reporter has > received spam and reported it or you are sending spam, automatic > responses to viruses, or 'bouncing' undeliverable email to spamtraps. > There is a small chance of an error on the part of a reporter. > > If you do not allow spammers to operate, and do not use any kind of > automatic responses or receive emails and then send an undeliverable > message, the chances are that there is a compromised computer on your > network that is sending spam unbeknownst to you. I believe that if you > look at your logs on other ports than the typical email port, you may > find suspicious activity if that is the case. > > Post back with more details and perhaps someone can help you. > > Miss Betsy > > From support at shlink.ch Wed Sep 8 17:27:51 2004 From: support at shlink.ch (Idefix) Date: Wed Sep 8 10:30:05 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: Yes we are talking about 217.148.0.19. There must be a way to check the cause of listing? We didn't find anything you wrote but are still on this list. Roli "Merlyn" schrieb im Newsbeitrag news:chki2c$l3k$1@news.spamcop.net... > "Roli" wrote in message > news:chkgrg$jpk$1@news.spamcop.net... > > Hello > > We as a ISP realized, that we are on the spamcop blacklist. > > But we don't know why!! > > Thanks for help > > > > > I am sorry to inform you all of our psychics are on vacation this week. So > for the rest of us non ESP gifted persons we will need a block message or an > IP to be able to lookup the problem. > > If you are talking about 217.148.0.19 > 217.148.0.19 listed in bl.spamcop.net (127.0.0.2) > > > Causes of listing > System has sent mail to SpamCop spam traps in the past week (spam traps are > secret, no reports or evidence are provided by SpamCop) > > Additional potential problems > (these factors do not directly result in spamcop listing) > > Listing History > In the past 918.0 days, it has been listed 3 times for a total of 9.0 days > > There are many reasons you could be listed: > 1. spamming > 2. Insecure list signups that do not use "confirmed" opt-in > 3. autoresponses to "From" addresses. > 4. autoresponses from Antivirus programs that send replies to the "From" > address. > 5. autoresponses for Vacation, out of office and various other things sent > to the "From" address > 6. Trojans and virus > 7. Hacking - poor security on your machine > > There are many more which I am not going to get into. > > Autoresponses make no sense in this day and age of spam as most spam and > virus has a forged from address which only causes innocent victims to > receive more junk! > > -- > > Regards, > Merlyn > > A Spamcop advocate > No emails this account is for newsgroups only > People demand freedom of speech to make up for the freedom of thought which > they avoided > > > From nobody at devnull.spamcop.net Wed Sep 8 10:31:14 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Sep 8 10:35:05 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: "Idefix" wrote in message news:chn49e$r8q$1@news.spamcop.net... > Our IP is 217.148.0.19 > I couldn't find any E.Mail warnings. > The only thing I found was a IP with google. We now blocked this IP. > What else can we do instead of waiting and hoping? http://www.spamcop.net/w3m?action=checkblock&ip=217.148.0.19 suggests that reports should have been received by the following (or maybe not, as these addresses don't really look "good"); Parsing input: 217.148.0.19 host 217.148.0.19 = mail.shlink.ch (cached) Reporting addresses: titus.forster@mtf.ch roland.zanella@mtf.ch markus.bruggmann@mtf.ch message@shlink.ch 217.148.0.19 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Listing History In the past 919.0 days, it has been listed 3 times for a total of 10.0 days http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=217.148.0.19 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day .......... 4.6 .... 297% Last 30 days ... 4.3 .... 79% Average ......... 4.0 shows the signs of a compromised system From dkona7b02 at sneakemail.com Wed Sep 8 11:35:36 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Wed Sep 8 10:35:39 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist In-Reply-To: References: Message-ID: <3.0.5.32.20040908103536.00fedf70@loki.fstrf.org> If you go to http://www.spamcop.net/w3m?action=checkblock&ip=217.148.0.19 you can see why you are listed. According to that page, your system has been sending SPAM to SpamTraps. These are accounts that only exist to trap SPAM and have never been used in public. According to Senderbase, http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=217.148.0.19 Your system is sending out 297% more mail over the past day than your average. This is most likely SPAM! SpamCop sends reports about this IP to: titus.forster@mtf.ch roland.zanella@mtf.ch markus.bruggmann@mtf.ch message@shlink.ch If you send email to deputies (at) admin.spamcop.net and give them your IP address and ask them to look at the SpamTraps, they can try to give you a clue as to what is going on with this system. Once you stop the flow of SPAM from your system, it will fall off the blocking list within 48 hours. At 04:18 PM 9/8/2004 +0200, Idefix typed: >Our IP is 217.148.0.19 >I couldn't find any E.Mail warnings. >The only thing I found was a IP with google. We now blocked this IP. >What else can we do instead of waiting and hoping? > >Roli > >"Miss Betsy" schrieb >> >> "Roli" wrote >> > Hello >> > We as a ISP realized, that we are on the spamcop blacklist. >> > But we don't know why!! >> > Thanks for help >> > >> >> In order for anyone to help you find out why you are on the scbl, you >> will have to give the IP address of the server you think is blocked. >> >> The reason that the server is blocked is because either a reporter has >> received spam and reported it or you are sending spam, automatic >> responses to viruses, or 'bouncing' undeliverable email to spamtraps. >> There is a small chance of an error on the part of a reporter. >> >> If you do not allow spammers to operate, and do not use any kind of >> automatic responses or receive emails and then send an undeliverable >> message, the chances are that there is a compromised computer on your >> network that is sending spam unbeknownst to you. I believe that if you >> look at your logs on other ports than the typical email port, you may >> find suspicious activity if that is the case. >> >> Post back with more details and perhaps someone can help you. From MikeE at ster.invalid Wed Sep 8 09:01:27 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 8 11:05:27 2004 Subject: [SpamCop-List] OT Savvis in the news and nanae Message-ID: BBC article from/for the radio program, Steve Linford's post followed by nanae thread, Alif Terranson [ex-Savvis whistleblower] post and thread, Terranson's website - while it lasts if Savvis isn't successful in taking it down Spammers given boot by net host http://news.bbc.co.uk/1/hi/technology/3634572.stm Campaigners against spam on the internet have won a major battle against the world's second largest internet service provider. BBC Radio 4's PM programme From: Steve Linford Newsgroups: news.admin.net-abuse.email Subject: Regarding SAVVIS Date: Wed, 08 Sep 2004 12:51:39 +0100 Organization: The Spamhaus Project Message-ID: From: (Alif Terranson) Newsgroups: news.admin.net-abuse.email Subject: Active Spam Support By Savvis Communications Date: 7 Sep 2004 12:29:02 -0700 Message-ID: <7de9d70d.0409071129.7ed017da@posting.google.com> http://www.savvis.info/ So, if this isn't Savvis, what is it? Click here to find out. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Sep 8 09:11:32 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 8 11:15:04 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: indigo wrote: > Rick Carlton wrote: >> Looks like Comcast's server in Redwood City's been compromised to me. >> >> Is your machine named "ooth" ? > > Nope. If that server is really hacked, is it worth my time to contact > Comcast or am I just pissing in the wind? Yes, you should contact them. I don't know that it is hacked or compromised -- that item could be explained by it simply being misconfigured. You should tell them, provide them with the item, spam notify. The server name currently has the IPs 09/08/04 08:03:21 dns rwcrmxc11.comcast.net Canonical name: rwcrmxc11.comcast.net Addresses: 204.127.198.41 216.148.227.89 neither of which are listed anywhere other than 'anti-comcast' listings or showing any unusual senderbase activity. -- Mike Easter kibitzer, not SC admin From notspam at alias.hotpop.com Wed Sep 8 09:11:53 2004 From: notspam at alias.hotpop.com (JV) Date: Wed Sep 8 11:15:14 2004 Subject: [SpamCop-List] Re: I must share this one [C&C] In-Reply-To: References: Message-ID: Mike Easter wrote: > posted to .spam and spamcop, f/ups to spamcop > > JV wrote: > >>This one includes a solution for ED, free porn and a recipe for a pie. >>Where's the software and loan offer? > > > There you go, reading your spam again. > > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam My normal working setup. Fully patch OS, fully blocked Mozilla. Snort IDS with custom rules monitoring traffic inbound and outbound. Firewalls, working in the DMZ. > - roughly approximate what percentage of their spam they read Most. I read for content, not detail. > - 'explain' how they decide which spams to read Ditto the above. Always if it is phish. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest If I see evidence of an attempt to deliver vermin or if the link is obfuscated. Always if it is phish. > - define approximately how often they make additional notifies on the > basis of spamreading, and how Always when it is phish or there is clear proof of vermin. > - answer whether or not they are pledged to never aid or profit a > spammer > I have so pledged. > -- > Mike Easter > kibitzer, not SC admin > My primary disipline is not anti-spam. Spam is one vector of some problems I deal with in my work. From nobody at spamcop.net Wed Sep 8 11:41:30 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Sep 8 11:45:12 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: "Idefix" wrote in message news:chn4rl$te5$1@news.spamcop.net... > Yes we are talking about 217.148.0.19. > There must be a way to check the cause of listing? > We didn't find anything you wrote but are still on this list. Since spam traps do not produce any reports (because spammers were using the reports to evade the blocklist), the only way to get pointed in the right direction is to email the deputies spamcop dot net. The deputies can see the cause and will tell you where to look. Miss Betsy From nobody at spamcop.net Wed Sep 8 14:29:19 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 8 13:30:20 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Mike Easter wrote: > > Yes, you should contact them. I don't know that it is hacked or > compromised -- that item could be explained by it simply being > misconfigured. You should tell them, provide them with the item, spam > notify. > > The server name currently has the IPs > > 09/08/04 08:03:21 dns rwcrmxc11.comcast.net > Canonical name: rwcrmxc11.comcast.net > Addresses: > 204.127.198.41 > 216.148.227.89 > > neither of which are listed anywhere other than 'anti-comcast' > listings or showing any unusual senderbase activity. Thanks Mike. I wonder if no listings exist because this particular spammer is only spamming within Comcast IP space? From mswift at computerassistance.com Wed Sep 8 11:46:02 2004 From: mswift at computerassistance.com (mjj) Date: Wed Sep 8 13:50:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Larry J." wrote in message news:Xns955DBC620ACA7larryathome@216.154.195.61... > Waiving the right to remain silent, "mjj" > said: > >> I try to avoid the overtly sexist M'am at all costs. M'am and >> Madam were invented as politesse for the female milk glands. > > Where the heck did you get that invention..? > > Literally, it means: ma dame, or, my lady. > Larry, go back farther, ma mam mamma are all words that translate to breast dam means domina madam means dominant female as in bend your knee before her rank, in its original use, so calling someone madam means you are subservient to her You could always take the other tack and agree with those who use it as a contraction for mammon, in which case that is not a good thing to call somebody either, unless you are a misogynist. Myles From nobody at spamcop.net Wed Sep 8 14:53:05 2004 From: nobody at spamcop.net (Ellen) Date: Wed Sep 8 14:30:16 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: "Idefix" wrote in message news:chn49e$r8q$1@news.spamcop.net... > Our IP is 217.148.0.19 > I couldn't find any E.Mail warnings. > The only thing I found was a IP with google. We now blocked this IP. > What else can we do instead of waiting and hoping? > > Roli > This is the IP smarthosting thru you that is sending the spam and is probably a compromised machine: Received: from theteebox.com [217.148.10.232] by mail.shlink.ch There were 2 reports sent to titus.forster@mtf.ch, roland.zanella@mtf.ch, markus.bruggmann@mtf.ch, message@shlink.ch yesterday. Ellen SpamCop From mrcics2000-spamcop-nomail at nomail.yahoo.com Wed Sep 8 14:38:32 2004 From: mrcics2000-spamcop-nomail at nomail.yahoo.com (Mike B) Date: Wed Sep 8 14:40:03 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: "indigo" wrote in message news:chlgbg$p30$1@news.spamcop.net... > Second spam I've gotten at home that doesn't appear to have a source -- am > *I* the source? I'm locked down with Atguard, up to date McAffee viruscan, > SpamGuard, SpywareBlaster, and run Spybot and Adaware weekly. These > headers > below look really, really weird...... > > Received: from ooth (localhost[127.0.0.1]) > by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP > id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 +0000 > X-Originating-IP: [127.0.0.1] > From: "mistyoh7" > Reply-To: "mistyoh7" > To: x > BCC: x I had a similar occurrence on my ISP (AT&T Global Services). It took a while for them to identify and plug the leak, but it is spam being inserted into the server. My suggestion is that you open a problem ticket and make sure you pursue it until it is escalated beyond the initial level of the help(less) desk. Mike B From nobody at spamcop.net Wed Sep 8 15:45:54 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 8 14:50:02 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Mike B wrote: > I had a similar occurrence on my ISP (AT&T Global Services). It took > a while for them to identify and plug the leak, but it is spam being > inserted into the server. My suggestion is that you open a problem > ticket and make sure you pursue it until it is escalated beyond the > initial level of the help(less) desk. > Did you phone in the complaint or email it to abuse@comcast (aka dave null)? From nobody at nowhere.invalid Wed Sep 8 21:55:26 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Sep 8 15:00:06 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: On Wed, 8 Sep 2004 10:46:02 -0700, mjj coughed into spamcop and left this in : > go back farther, ma mam mamma are all words that translate to breast > dam means domina On what planet? Larry's "analysis" is 100% on-the-money. Run along now and catch a clue. -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From nobody at devnull.spamcop.net Wed Sep 8 16:40:13 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Wed Sep 8 15:40:06 2004 Subject: [SpamCop-List] Re: Is this a bounce or a virus? References: Message-ID: "Mike B" wrote in message > Just got a few of these in my in-box. Not sure if it is a real bounce of > spam or a spam disguised to look like a bounce. Puzzling also is the > "delivered-to:" header. Any clarification will be much appreciated. > > http://www.spamcop.net/sc?id=z630582436z43d913e472bce02b1e9dc731659e885az > ;-) Best thing is to stop spamming invalid addresses. Then they won't be bounced back to the apparent sender... How goes it? How long did the "bounces" problem persist? How bad did it get, etc. Glenn From nobody at devnull.spamcop.net Wed Sep 8 16:49:35 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Wed Sep 8 15:50:02 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: "indigo" wrote in message > > Mike B wrote: > > I had a similar occurrence on my ISP (AT&T Global Services). It took > > a while for them to identify and plug the leak, but it is spam being > > inserted into the server. My suggestion is that you open a problem > > ticket and make sure you pursue it until it is escalated beyond the > > initial level of the help(less) desk. > > > > Did you phone in the complaint or email it to abuse@comcast (aka dave null)? > ummm.... It had nothing to do with comcast. A spammer had apparently found a weakness in the mailserver software app that allowed direct injection of hir spew by pretending to /be/ "localhost" although that is not a valid internet IP. For a while, we were getting about five percent of our spam by injection, headers much like yours. I think Mike is saying to talk to your ISP at every possible level until their people find and plug the "hole" allowing the injection expect more untraceable spam. It took attglobal about four months to recognize the problem, about three weeks to discover and patch the hole letting spam leak in... Glenn From nobody at spamcop.net Wed Sep 8 17:35:10 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 8 16:40:03 2004 Subject: [SpamCop-List] Re: What's going on here? References: Message-ID: Glenn Daniels wrote: > ummm.... It had nothing to do with comcast. My bad, although the AT&T abuse desk used to use the same circular file for complaints, didn't they? ;-) From windsorfoxNOSPAM at cox.net Wed Sep 8 17:47:34 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 8 17:50:20 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist In-Reply-To: References: Message-ID: Roli wrote: > Hello > We as a ISP realized, that we are on the spamcop blacklist. > But we don't know why!! > Thanks for help > > DING! And there you go, THAT is why you are on the list... From nobody at spamcop.net Wed Sep 8 18:04:51 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Sep 8 18:05:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Steven Maesslein" wrote in message news:slrncjulcu.3v2.nobody@127.0.0.1... > On Wed, 8 Sep 2004 10:46:02 -0700, mjj coughed into spamcop and left > this in : > > > go back farther, ma mam mamma are all words that translate to breast > > dam means domina > > On what planet? > > Larry's "analysis" is 100% on-the-money. > > Run along now and catch a clue. > > -- > "I don't understand that attitude. Don't we want email that has dancing > bears, cute little videos, musical tunes, animated waving hands, sixty > fonts, and looks like it's been done with crayolas? Good grief, man, > think like a three year old!" > -- Norm Reitzel discussing HTML email mama has nothing to do with breasts. It has to do with the sounds that a baby makes as s/he learns language. Actually the first sounds are 'ah gluh' but ma ma are the next. Since it used to be the mother who was the one closest to the baby, that became the name for 'mother' Da Da comes next. Miss Betsy followups set to .social From windsorfoxNOSPAM at cox.net Wed Sep 8 18:18:32 2004 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Wed Sep 8 18:20:02 2004 Subject: [SpamCop-List] Re: What's going on here? In-Reply-To: References: Message-ID: indigo wrote: > Rick Carlton wrote: > >>>Received: from ooth (localhost[127.0.0.1]) >>> by rwcrmxc11.comcast.net (rwcrmxc11) with SMTP >>> id <20040907191859r1100hpid4e>; Tue, 7 Sep 2004 19:19:00 >>>+0000 X-Originating-IP: [127.0.0.1] >> >>Looks like Comcast's server in Redwood City's been compromised to me. >> >>Is your machine named "ooth" ? > > > Nope. If that server is really hacked, is it worth my time to contact > Comcast or am I just pissing in the wind? > > Probably more like pissing up a rope, but yeah... :p From nobody at spamcop.net Thu Sep 9 11:32:45 2004 From: nobody at spamcop.net (Anony Mouse) Date: Wed Sep 8 18:35:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: <413F888D.3090207@spamcop.net> No he is poking fun at how pathetic you are Cat... I am pretty sure I have done the same or at least felt like doing the same... From nobody at devnull.spamcop.net Wed Sep 8 18:01:22 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Wed Sep 8 20:05:13 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: References: <4134443F.1060606@spamcop.net> Message-ID: > My only hope is that the machines get corrupted enough > that they can't even do a recovery and have to take it > to a professional. A real one. ... and pay real money for a real fix, instead of a few bux to the teenage neighbour kid? Not gonna happen. -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at spamcop.net Wed Sep 8 19:13:06 2004 From: nobody at spamcop.net (nobody@spamcop.net) Date: Wed Sep 8 21:15:14 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Cat wrote: > Berny wrote: > > > >> Cat, I used to like your posts, but I haven't seen one that wasn't about >> these topics and Top/Bottom posting for so long that I don't look at them >> any more. You're getting more strident and you seem to have lost your >> sense >> of humour. > > > If you haven't been reading my posts lately, then you wouldn't really be > qualified to know what I do or don't post about in every post, and you'd > know that not all of my posts are about the things that you listed above. > That's right. Your other recent posts are about drumsticks, beer, and loud noises masquerading as music. Grammar, beer, bars. Not much 'tall related to fighting spam. (And yes, the apostrophe up there is intentional, and is correct.) From nobody at devnull.spamcop.net Wed Sep 8 21:32:04 2004 From: nobody at devnull.spamcop.net (Cat) Date: Wed Sep 8 21:35:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: (Follow-ups to .social) nobody@spamcop.net wrote: > That's right. Your other recent posts are about drumsticks, beer, and > loud noises masquerading as music. Grammar, beer, bars. Not much 'tall > related to fighting spam. > > (And yes, the apostrophe up there is intentional, and is correct.) Considering that you're nitpicking at some of my posts from .social, then those certainly wouldn't be about spam now, would they? I emphasize the word "some" because you obviously picked a small few of my posts that you didn't like and chose to criticize those. Last I checked, I didn't think the .social crowd had to ask your approval for the topics of conversation over there, and you should also remember that talk about spam is forbidden in .social. We talk about whatever we want over there, and if you don't like it, then stay out of .social. If you don't like something I said in .social, take it up with me in .social instead of dragging it into the other newsgroups and use an actual posting name instead of hiding behind nobody@spamcop.net if you want me to actually pay attention to anything you have to say. For now, I'll just choose to ignore your childish personal attacks and insults. From nobody at devnull.spamcop.net Wed Sep 8 19:50:54 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Wed Sep 8 21:55:02 2004 Subject: [SpamCop-List] Re: Cyveillance conspiracy theory In-Reply-To: References: Message-ID: > I don't have tinfoil under my hat Whaddaya mean *under*?? Everybody knows it's to be worn proudly *over* your hat! Just follow the "Quick Instructions For Building An AFDB" on this page, and within scant minutes you can have your very own Alumin(i)um Foil Deflector Beanie: http://zapatopi.net/afdb.html -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at spamcop.net Wed Sep 8 21:27:21 2004 From: nobody at spamcop.net (Don Wannit) Date: Wed Sep 8 23:30:04 2004 Subject: [SpamCop-List] Re: Need Help with unlisting In-Reply-To: <413DE32B.3C9EAE18@spamcop.net> References: <413DE32B.3C9EAE18@spamcop.net> Message-ID: Kenneth Brody wrote: > BDTDGTTS. Er? That's a new one on me. Also a new one on Acronym Finder... -- Don Wannit A paid SpamCop user since 1999 From Kilgallen at SpamCop.net Thu Sep 9 00:17:48 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Sep 9 00:20:03 2004 Subject: [SpamCop-List] Re: Finding the reason why we are on the blacklist References: Message-ID: In article , "Merlyn" writes: > "Roli" wrote in message > news:chkgrg$jpk$1@news.spamcop.net... >> Hello >> We as a ISP realized, that we are on the spamcop blacklist. >> But we don't know why!! >> Thanks for help >> > > > I am sorry to inform you all of our psychics are on vacation this week. Actually, the psychics are working full time on the new SpamCop algorithm of blocking in advance any IP address for which the subsequent complainer will fail to specify the IP address ! From avoozl at spamcop.net Wed Sep 8 22:43:56 2004 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Thu Sep 9 00:45:02 2004 Subject: [SpamCop-List] Re: OT Savvis in the news and nanae References: Message-ID: "Bob W." wrote in message news:responseguard-529260.11534608092004@news.cesmail.net... > Wow... wow... WOW. > > Brilliant stuff! > > It's about time someone finally started publishing the internal memos > that prove that spam hosts are intentionally harboring and profiting > from spammers. > > Let's hope what whistle-blower Alif (hero of the day) says is true about > the SAVVIS NDA not prohibiting him from doing what he's doing. > > -- > ...Bob W. Even if his NDA did.. the cat is out of the bag. Chris From nobody at spamcop.net Thu Sep 9 00:43:29 2004 From: nobody at spamcop.net (Ellen) Date: Thu Sep 9 02:15:12 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: <413DE32B.3C9EAE18@spamcop.net> Message-ID: "Don Wannit" wrote in message news:choiip$eh9$2@news.spamcop.net... > Kenneth Brody wrote: > > > BDTDGTTS. > > > Er? That's a new one on me. Also a new one on Acronym Finder... > > -- > Don Wannit > A paid SpamCop user since 1999 > Should be: BTDTGTTS -- been there, done that, got the T-shirt E From usenet1 at DE.LETE.THISljvideo.com Thu Sep 9 07:24:46 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Sep 9 02:25:05 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, Cat said: > Talk about the pot calling the kettle black. You flamed me for > no good reason, then you're trying to put blame on me over your Horseshit. YOU began flaming the original poster for not subscribing to your PC requirements > inability to accept that women aren't an inferior being. I'm > sorry that women have invaded your so-called "man's world" but Idiot..! I never said or insinuated such a thing. > stop dragging your knuckles and get over it! It's obvious you're > only interested in being a troll due to your attacks against me > and your pathetic attempts to put the blame for it off on me. Find some help, or go seek out an island of Amazons. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From usenet1 at DE.LETE.THISljvideo.com Thu Sep 9 07:29:05 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Sep 9 02:30:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Waiving the right to remain silent, "mjj" said: > Larry, > > go back farther, ma mam mamma are all words that translate to > breast dam means domina Are you making this stuff up as you go along..? The French "ma" (and mon) means my. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at devnull.spamcop.net Thu Sep 9 02:33:46 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 9 02:35:02 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Larry J. wrote: > Find some help, or go seek out an island of Amazons. Your continued attacks on me only make you look more pathetic. You might want to take your own advice and "find some help" and stop making an ass of yourself. I'm sorry you can't accept modern standards of behavior and respect, but get over it and move on! From nobody at spamcop.net Thu Sep 9 00:40:58 2004 From: nobody at spamcop.net (Don Wannit) Date: Thu Sep 9 02:45:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting In-Reply-To: References: <413DE32B.3C9EAE18@spamcop.net> Message-ID: Ellen wrote: > "Don Wannit" wrote in message > news:choiip$eh9$2@news.spamcop.net... > >>Kenneth Brody wrote: >> >> >>>BDTDGTTS. >> >> >>Er? That's a new one on me. Also a new one on Acronym Finder... > > > Should be: BTDTGTTS -- been there, done that, got the T-shirt > Hey, I missed the shirt! From aeiouqwert at netscape.net Thu Sep 9 00:49:00 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 02:50:03 2004 Subject: [SpamCop-List] Guestbook spam Message-ID: Since I saw no subject header including this topic, I thought I'd start one myself. Some of the guestbooks I host are plagued with spammers. I've treated the "symptom" by doing 3 things: 1) All posts go to a guestbook.html file as usual ... but this file is not linked to for public view. Instead, once every day or so, I manually move all legitimate guestbook posts from the guestbook.html file to the public file. 2) If the post is illegitimate (spam), the first thing I do is try to determine whether or not the IP number is static or dynamic. If static, I ban the IP from further access to the domain. If dynamic, I ban the ISP's entire IP-range from further access to the domain. 3) If the post is illegitimate (spam), the second thing I do is send an official complaint to the "abuse" address shown for the IP on ARIN.NET, APNIC.NET, RIPE.NET, LACNIC.NET, or other registrant authority. However, I have noticed that some ISPs don't take my complaints seriously. So, I've decided to "up the ante" and go one step further. Every month, I check raw logs for the site. If I find a 403 error message directed at a guestbook, I know it came from an ISP that didn't take my complaint seriously. And what I do at that point is explained on the "403-FORBIDDEN" error page these would-be spammers see: http://novelhost.net/403.shtml However, this is a rather Draconian approach to guestbook spam. If anyone knows of a kinder/gentler way of dealing with it, please reply. Regards, J. Alec West From baloo at ursine.dyndns.org Thu Sep 9 00:59:22 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Thu Sep 9 03:00:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> Message-ID: <871xhcq65x.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m writes: > ... and pay real money for a real fix, instead of a few bux to the > teenage neighbour kid? Not gonna happen. You must have cheap neighborhood kids. Now that the tech boom is gone, it's hard to pull down the same kind of money fixing PCs that I did in my spare time after school. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBP/9MUzgNqloQMwcRAhSeAKCIpQoBLSVetVQOSaBq1OArXTtYDQCfb+rr WIzy9Fi2/Gnm2Q2THSBGZjo= =f+Dh -----END PGP SIGNATURE----- From nobody at nowhere.invalid Thu Sep 9 11:48:34 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 9 04:51:02 2004 Subject: [SpamCop-List] Re: OT Savvis in the news and nanae References: Message-ID: On Wed, 08 Sep 2004 22:42:55 -0700, Bob W. coughed into spamcop and left this in : > Almost... He still has some memos to post, IIRC. I'm hoping he can get > everything up before SAVVIS can get the site taken down. He ought to put it up on MCI. I'm sure MCI would just *love* to publish information on a whistle-blower for a competitor, and we all know how hard it is to get MCI to take anything down... -- Steve Some marriages are made in heaven, but they all have to be maintained on earth... From MikeE at ster.invalid Thu Sep 9 03:04:28 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 05:06:01 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Just to review the first act of the play for those who came in late. This /particular/ bickering started here... Cat wrote: > Magnus Back wrote: >> >> Hello again, wise men of spamcop. ... which, altho' sexist if you frame it 'men of spamcop' -- might actually be considered 'apologetic' if you were to 're-hear' it as 'hello again, wise (ones)' -- considering that the last time Magnus bombed in, it was of the style Magnus Back wrote: Subject: Who the hell gave spamcop the right? > So we have a self styled police here. > Who the hell gave spamcop the right to filter out peoples mails. > I can't send mails to America now due to the fact that my ISP mail > server got on the list. > That is not my fault is it. > > You americans, sue their arses off. > > > Lard asses. and.... Magnus Back wrote: > Eddie, I post top, bottom, middle or pretty much where I want thank > you very much. ... which probably also didn't set well with a few people. One of the people was a woman, Cat, who sez toward that 'apology' up there .... > You forgot to address women. Please do not assume that the only people > who post here or work for SpamCop are all men. One of SpamCop's > deputies is a women, and many of the regular posters (including me) > are women. That's really sexist and exclusionary to only direct your > comments and questions to the men in the newsgroup. I wonder why you > seem to think women are not involved in any aspect of SpamCop. ... which might seem a little 'shrill' -- unless you consider that it is likely she was still in a bad mood toward Magnus from the previous encounter's posts. And, she didn't bring up the old top-postedness, which Magnus reformed in his tongue in cheek response to Cat's above Magnus Back wrote: > Cat wrote: >> Magnus Back wrote: >>> Hello again, wise men of spamcop. >> >> You forgot to address women. > > Well Cat, > last time I posted in this forum no women showed wisdom. :-P > > Joke aside, I just used it as an expression, like the three wise men. > That's all. Nothing to write home about. Or, someone else might see the earlier scenes in a somewhat different way. But, sometimes when bickering seems to go on and on, it is of some use to take a look at where it got started. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Sep 9 04:15:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 06:20:02 2004 Subject: [SpamCop-List] Re: ROSTIEGROUP Mail Server References: Message-ID: posted to spamcop.mail & spamcop -- f/ups to spamcop Support wrote: > Greetings, Speaking of greetings; there are several important housekeeping issues which need to be addressed before we get to the rest of what is wrong with your post here. - you are posting here in html, not plaintext [Content-Type: text/html] -- Newsgroup posts should /always/ be in plaintext. So should your email be usually, but that is of no concern here. In your newsreader OE you configure to post to news in plaintext in Tools menu/ Options item/ Send tab - News Sending Format - check Plaintext instead of html - you are posting to the wrong newsgroup. This is spamcop.mail which is for discussion of issues which affect those who subscribe to the spamcop mail service. Your issue isn't about the spamcop mail service, but the spamcop blocklist. f/ups set to spamcop > Our mail server seems to be getting black balled by your site. And what mail server would that be? If you want to talk about a spamcop blocklisted item, you have to talk about a specific IP address, which is what blocklists are based on. If you don't name the IP address in question, we go nowhere. You are nntp posting from 207.245.217.254 no rDNS of netblock Allstream. 'Rostiegroup' I have to go lookup to even find out what it's domainname is, rostiegroup.com, whose MX is rostie-mail.rostiegroup.com which is 207.245.217.7 which isn't listed in the SCbl. So, then I have to start trying to be psychic to figger out the problem, perhaps of an output server not an MX. I don't see anything in sightings and senderbase is no help. Nothing pops into my head; so perhaps you should post a copy of whatever kind of blocked mail message you are hearing about. > This > affects several of your customers as there remote employees can not > longer relay through us to their email servers. What do you mean by that, exactly? > Can someone please look into this and resolve it... Resolve what? Exactly? > Jeremy McPherson > RostieGroup Technical Support -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Thu Sep 9 06:49:40 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Sep 9 06:50:21 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: In article , AlecWest writes: > However, I have noticed that some ISPs don't take my complaints > seriously. So, I've decided to "up the ante" and go one step further. > Every month, I check raw logs for the site. If I find a 403 error > message directed at a guestbook, I know it came from an ISP that didn't > take my complaint seriously. And what I do at that point is explained > on the "403-FORBIDDEN" error page these would-be spammers see: > > http://novelhost.net/403.shtml Well done. > However, this is a rather Draconian approach to guestbook spam. If > anyone knows of a kinder/gentler way of dealing with it, please reply. Sorry, you are out of luck. Kinder, gentler ways have been tried with no success. From nobody at spamcop.net Thu Sep 9 11:46:39 2004 From: nobody at spamcop.net (indigo) Date: Thu Sep 9 10:51:00 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, "mjj" > said: > > > Larry, > > > > go back farther, ma mam mamma are all words that translate to > > breast dam means domina > > Are you making this stuff up as you go along..? > > The French "ma" (and mon) means my. Looked to me like he was talking about the Latin basis of the words, not French...... From nobody at spamcop.net Thu Sep 9 09:00:37 2004 From: nobody at spamcop.net (Dar) Date: Thu Sep 9 11:05:04 2004 Subject: [SpamCop-List] multi spam messages with different IP for each Message-ID: I don't get it. I'm receiving spam with the same subject approximately 25 to 30 per day, per subject, but all with different IPs. All advertising the same site: http://4drugs123.com/ The subjects are: Buy cheap Viagra through us Buy Regalis, also known as Superviagra or Cialis Get great prices on medications Get viagra for a great price We sell regalis for an affordable price There were 30 waiting for me this morning, all blocked and rerouted to a spam email address for monitoring. I could maybe block the IPs, but it's never-ending because no two ever come from the same IP and some IPs are static and probably forged. Thirty to begin my day and they will continue to pour in throughout the day. Fancy spammer software that manages to change the originating IP for each and every spam message? >From ernie.arellanovz@info-tech.co.uk Wed Sep 8 23:33:52 2004 Received: from liquidauto.co.za (ip-112.net-81-220-178.nice.rev.numericable.fr [81.220.178.112]) >From k_cappsjv@znet.net.au Thu Sep 9 01:50:03 2004 Received: from linchen.com.tw (cmu-24-35-12-226.mivlmd.cablespeed.com [24.35.12.226]) >From doddds@asl.gg Thu Sep 9 03:14:11 2004 Received: from deepend.com.au (c-24-13-21-6.client.comcast.net [24.13.21.6]) >From clangefy@mail.inet.hr Thu Sep 9 03:16:15 2004 Received: from johnabbott.qc.ca ([221.139.91.84]) >From wmcummins_iz@forprod.csiro.au Thu Sep 9 03:33:41 2004 Received: from rsea.gov.tw (wbar2.lax1-4-8-221-072.dsl-verizon.net [4.8.221.72]) >From eringoldsteinut@actiontravel.co.za Wed Sep 8 23:59:26 2004 Received: from unisys.se (wbar1.wdc2-4-8-137-244.wdc2.dsl-verizon.net [4.8.137.244]) >From carolsimpsonlh@vegvesen.no Wed Sep 8 23:56:35 2004 Received: from pumatec.de (24-178-128-43.cpe.ga.charter.com [24.178.128.43]) From aeiouqwert at netscape.net Thu Sep 9 09:07:30 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 11:10:14 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: Larry Kilgallen wrote: >>http://novelhost.net/403.shtml > > Well done. Thanks. The error message is specifically aimed at ISPs actively participating in the guestbook-spamming process (spam havens) since the other two types wouldn't be bothered to even check it out. However, the page does tell a "wee" fib. I actually DO un-ban IP numbers. When I run my monthly raw-log report, I run the IP numbers garnering 403s past the IP numbers denied in my .htaccess file. If an IP number in the .htaccess file doesn't get a 403 error, I flag it ... and if during the next month's check, it doesn't get a 403 error, I assume the ISP _did_ take my complaint seriously and I'll un-ban the number or range. And of course (grin), I remove the ISP's addresses from the spambot file. Unfortunately, by the time I do that, the damage has probably already been done since I can't remove addresses from databases maintained by spambots (oh well...). So, it's more of a "probation" than a "ban." > Sorry, you are out of luck. Kinder, gentler ways have been tried with > no success. That's what I figured. I once got into an "argument" with an ISP rep who told me my raw-log excerpts were "not enough evidence" of spamming for him to take any action. Fortunately (grin), it _was_ enough evidence to slap his entire IP-range into the "deny-bin" of my .htaccess file ... and add close to a dozen of his administrative email addresses to the spambot file. Ain't I a stinker? Regards, J. Alec From nobody at spamcop.net Thu Sep 9 09:09:38 2004 From: nobody at spamcop.net (Dar) Date: Thu Sep 9 11:10:26 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: P.S. The more than curious part to me is that the spammer is so sure of himself/herself that the text/subject is totally straight forward. It's not D^iscount ge^neric dr^ugs; it's Discount generic drugs. From MikeE at ster.invalid Thu Sep 9 09:13:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 11:15:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: Dar wrote: > I don't get it. I'm receiving spam with the same subject approximately > 25 to 30 per day, per subject, but all with different IPs. All > advertising the same site: http://4drugs123.com/ Same spammer probably - you could easily filter that into Junk. > Fancy spammer software that manages to change the originating IP > for each and every spam message? It's proxy/trojan abuse. Spammer sends a bunch thru' each abused proxy, rotating around which IP to abuse. You get 'one' from each of the abuses. > [81.220.178.112]) > [24.35.12.226]) > [24.13.21.6]) > ([221.139.91.84]) > [4.8.221.72]) > [4.8.137.244]) > [24.178.128.43]) Same MO - modus operandi - for each of those; I checked the top 3, they are all listed in multiple abused proxy/trojan db/s. If you were filtering using those dnsbl/s, such as cbl or dsbl or something which represents similar such as spamhaus, then all of those would be spamidentified and in your Junk folder without even using the body. -- Mike Easter kibitzer, not SC admin From 3f04ux402 at sneakemail.com Thu Sep 9 12:10:54 2004 From: 3f04ux402 at sneakemail.com (3f04ux402@sneakemail.com) Date: Thu Sep 9 11:15:14 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: <413DE32B.3C9EAE18@spamcop.net> Message-ID: In article , nobody@spamcop.net says... > Ellen wrote: > > Should be: BTDTGTTS -- been there, done that, got the T-shirt > > > > Hey, I missed the shirt! > How about the poetic version: "Been There, Done That Got the mug, got the hat." AND if you're one of the first 100 participants, you get a free video of your experience! 8-) From Merlyn at Spamcop.net Thu Sep 9 12:15:17 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Sep 9 11:20:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Dar" wrote in message news:chpr6p$k45$1@news.spamcop.net... > I don't get it. I'm receiving spam with the same subject approximately > 25 to 30 per day, per subject, but all with different IPs. All > advertising the same site: http://4drugs123.com/ [snipped] They are using hijacked machines/open proxies/dialups/relays to send their Spew. For more info on this pondscum see: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19309 -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From nobody at spamcop.net Thu Sep 9 11:50:28 2004 From: nobody at spamcop.net (Ellen) Date: Thu Sep 9 11:20:15 2004 Subject: [SpamCop-List] Re: ROSTIEGROUP Mail Server References: Message-ID: "Mike Easter" wrote in message news:chpafe$vt3$1@news.spamcop.net... > > > This > > affects several of your customers as there remote employees can not > > longer relay through us to their email servers. > > What do you mean by that, exactly? > > > Can someone please look into this and resolve it... > > Resolve what? Exactly? > > > Jeremy McPherson > > RostieGroup Technical Support > Hi Mike -- Jeremy and I are now pursuing this in email :-) E From dannyg at dannyg.com Thu Sep 9 09:23:14 2004 From: dannyg at dannyg.com (Danny Goodman) Date: Thu Sep 9 11:23:21 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each In-Reply-To: <200409091510.i89FAUoR015124@dannyg.com> Message-ID: on 9/9/04 8:10 AM, spamcop-list-request@news.spamcop.net wrote: > Fancy spammer software that manages to change the originating IP > for each and every spam message? Nope, it's just spammers exploiting the worldwide army of zombied PCs on cable/dsl networks. (Unfortunately) common practice. Danny http://www.dannyg.com From aeiouqwert at netscape.net Thu Sep 9 09:23:24 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 11:25:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each In-Reply-To: References: Message-ID: Dar wrote: > I don't get it. I'm receiving spam with the same subject approximately > 25 to 30 per day, per subject, but all with different IPs. All > advertising the same site: http://4drugs123.com/ Actually, that sounds normal. If you were a BIG business (and drug retailers are), how many sales reps would you hire to pass on roughly the same spiel? In the _real_ world, most such salespersons get assigned a "territory." In cyberspace, the only "territory" is the world. However (grin), I've often wondered how many spams are lost in "space" during transfers via satellite ... and whether some resident of another planet doesn't get a come-on on their monitor screen for the latest greatest penis-enlargement scenario ... leaving them saying to a friend, "Hey, Flznap, what in the heck in a 'penis' and why would I want to make it bigger?" Back to Earth (grin) ... it's possible the IP numbers have been spoofed. But, if you're a BIG online drug retailer with a couple-hundred spammer employees ... and 20 or 30 of them get booted off their ISP ... so what? There are plenty more where they came from ... and the ones who get the boot will probably just migrate to another ISP and come back to the business anyway if it's profitable enough to them. The "battle against spam" is akin to the "war on terror" ... an uphill battle with no end in sight. You lose some of the battles ... but the victories make it seem worthwhile. Good luck. Regards, J. Alec West From porpoise1954 at yahoo.co.uk Thu Sep 9 17:34:39 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Sep 9 11:40:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "indigo" wrote in message news:chpqcf$j9b$1@news.spamcop.net... > > > Larry J. wrote: > > Waiving the right to remain silent, "mjj" > > said: > > > > > Larry, > > > > > > go back farther, ma mam mamma are all words that translate to > > > breast dam means domina > > > > Are you making this stuff up as you go along..? > > > > The French "ma" (and mon) means my. > > Looked to me like he was talking about the Latin basis of the words, not > French...... > > Yeah..... ma in Thai means come, or horse, or dog - depending on the tone but I don't think he meant that either. I also think he meant the Latin origin - from which also comes mammaries............. From nobody at devnull.spamcop.net Thu Sep 9 12:46:14 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Thu Sep 9 11:50:02 2004 Subject: [SpamCop-List] [C&C] Effective advertising? Would you Message-ID: order from someone whose opening line was: No Persscriptoion is Requjired Disbcreet Ovdernilght Shipuping To Your Dokor and said: 100% Mogney Babck Guaruantee on All Purcahases My thought was: How accurately would they fill my order? From aeiouqwert at netscape.net Thu Sep 9 10:06:52 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 12:10:03 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you In-Reply-To: References: Message-ID: Steve Gilder wrote: > order from someone whose opening line was: > > No Persscriptoion is Requjired > Disbcreet Ovdernilght Shipuping To Your Dokor > > and said: > > 100% Mogney Babck Guaruantee on All Purcahases > > My thought was: How accurately would they fill my order? The grammar used in spam nowadays is atrocious, hehe. Certainly, you'd want to beware of ordering a "penis enlargement" product from them since the might send you a "pannus enlargement" product by mistake ("pannus" being the fold of skin usually removed via "tummy tuck"). Instead of a larger penis, you could end up with a bigger beer-gut (snicker). FWIW, about 2 weeks ago, I received a "phish" type email purporting to be from U.S. Bank. In short, it was an identity-theft attempt ... which I promptly reported to U.S. Bank. But the grammar/spelling used in that post was almost laughable. BTW, they may have caught that particular culprit. The website potential victims were directed to was in the Netherlands ... and the KLPD (Dutch Police) was informed. And yesterday, I got _another_ phish-type email purporting to be from CitiBank. It was more eloquent ... with the website potential victims were directed to being owned by a "swbell.net" (now SBC) baby-ISP with a maildrop address located at a UPS Store (formerly Mailboxes Etc.). Regards, J. Alec West From eddie at eddie.web Thu Sep 9 13:11:26 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 9 12:15:02 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: On Wed, 08 Sep 2004 23:49:00 -0700, AlecWest scratched out the following: snip > However, this is a rather Draconian approach to guestbook spam. If anyone > knows of a kinder/gentler way of dealing with it, please reply. > > Regards, > J. Alec West You can also require the posters to log in and you email them a password. You can decide if their email address looks legit or not, but you also have the additional ability to block them on an individual basis. This has some flaws, but it might be used to supplement your "draconian" solution. You might require the email address, for example, to match their IP, so that they cannot use a throwaway address. This would probably scare off even some legit posters, but it certainly would get rid of a lot of trolls, etc. Just a thought. From nobody at spamcop.net Thu Sep 9 13:14:15 2004 From: nobody at spamcop.net (indigo) Date: Thu Sep 9 12:15:15 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you References: Message-ID: AlecWest wrote: > > > > My thought was: How accurately would they fill my order? > > The grammar used in spam nowadays is atrocious, hehe. On purpose. They're just trying to beat filters by intentionally mis-spelling the words. From nobody at nowhere.invalid Thu Sep 9 19:14:56 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 9 12:15:22 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you References: Message-ID: On Thu, 09 Sep 2004 09:06:52 -0700, AlecWest coughed into spamcop and left this in : > The grammar used in spam nowadays is atrocious, hehe. Certainly, you'd > want to beware of ordering a "penis enlargement" product from them since > the might send you a "pannus enlargement" product by mistake ("pannus" > being the fold of skin usually removed via "tummy tuck"). Instead of a > larger penis, you could end up with a bigger beer-gut (snicker). Subject: M4k3 yo'ur p4nnus c|?s4pp34r DO NOT order this stuff under any circumstances!! :o) -- Steve "I can remember when a good politician had to be 75 percent ability and 25 percent actor, but I can well see the day when the reverse could be true." -- Harry Truman From MikeE at ster.invalid Thu Sep 9 10:15:49 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 12:20:02 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: .spam is for posting spam only, not discussing. spamcop and .help are for discussing, no spam posting allowed. Posted to .spam and spamcop, f/ups to spamcop Uncle Scrooge wrote: > after much research on this matter, i've come to the conclusion that > reporting spam to korean and chinese isps does no good and make in > fact make matters worse. I know of no convincing evidence that spamcop reporting contributes to being spammed [except when accompanied by insecure spamhandling]; and the advantage to making SC reports is that the spamsources contribute to the SCbl and reporting the spamvertised sites contributes to the surbl. The surbl may not be so valuable or powerful, but the scbl is. Spamsources, mostly proxy/trojans, are asian and non-asian. Spamvertisers are more often asian. So, as an alternative to 'regular' reporting, instead of not reporting at all, you could report and uncheck the spamvertised site provider to only feed the scbl. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Thu Sep 9 19:28:39 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Sep 9 12:30:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: On Thu, 9 Sep 2004 16:34:39 +0100, Porpoise coughed into spamcop and left this in : > Yeah..... ma in Thai means come, or horse, or dog - depending on the tone > but I don't think he meant that either. I also think he meant the Latin > origin - from which also comes mammaries............. Nope. It's a possessive pronoun. "Madam", abbreviated sometimes to "Ma'am" comes from the French "Madame", itself meaning "Ma Dame", or "My Lady" (I am fluent in French, BTW). The "Ma" part is derived from Latin and is similar in all Latin-based languages ("mia" in Italian and Spanish, "mea" in Romanian), but also in Russian ("maya") and not far removed in Germanic languages ("meine" in German, "mijne" in Dutch). It has nothing to do with mammaries, which are the characteristic of mammalians, including human beings. -- Steve Why is it that when you transport something by car it's called shipment, but when you transport it by ship it's called cargo? From nobody at devnull.spamcop.net Thu Sep 9 13:30:29 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Thu Sep 9 12:35:04 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you References: Message-ID: "AlecWest" wrote in message news:chpv2m$omd$1@news.spamcop.net... > Steve Gilder wrote: [snip] > > The grammar used in spam nowadays is atrocious, hehe. Certainly, you'd > want to beware of ordering a "penis enlargement" product from them since > the might send you a "pannus enlargement" product by mistake ("pannus" > being the fold of skin usually removed via "tummy tuck"). Instead of a > larger penis, you could end up with a bigger beer-gut (snicker). Bigger beer-gut!?? You can see my beer-gut through that tiny wire?? ;-) > > FWIW, about 2 weeks ago, I received a "phish" type email purporting to be > from U.S. Bank. In short, it was an identity-theft attempt ... which I > promptly reported to U.S. Bank. But the grammar/spelling used in that > post was almost laughable. BTW, they may have caught that particular > culprit. The website potential victims were directed to was in the > Netherlands ... and the KLPD (Dutch Police) was informed. And yesterday, > I got _another_ phish-type email purporting to be from CitiBank. It was > more eloquent ... with the website potential victims were directed to > being owned by a "swbell.net" (now SBC) baby-ISP with a maildrop address > located at a UPS Store (formerly Mailboxes Etc.). > Great work. > Regards, > J. Alec West From nobody at spamcop.net Thu Sep 9 11:20:56 2004 From: nobody at spamcop.net (nobody@spamcop.net) Date: Thu Sep 9 13:25:06 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Cat wrote: > (Follow-ups to .social) > > nobody@spamcop.net wrote: > > > >> That's right. Your other recent posts are about drumsticks, beer, and >> loud noises masquerading as music. Grammar, beer, bars. Not much 'tall >> related to fighting spam. >> >> (And yes, the apostrophe up there is intentional, and is correct.) > > > Considering that you're nitpicking at some of my posts from .social, > then those certainly wouldn't be about spam now, would they? I emphasize > the word "some" because you obviously picked a small few of my posts > that you didn't like and chose to criticize those. Last I checked, I > didn't think the .social crowd had to ask your approval for the topics > of conversation over there, and you should also remember that talk about > spam is forbidden in .social. We talk about whatever we want over there, > and if you don't like it, then stay out of .social. If you don't like > something I said in .social, take it up with me in .social instead of > dragging it into the other newsgroups and use an actual posting name > instead of hiding behind nobody@spamcop.net if you want me to actually > pay attention to anything you have to say. For now, I'll just choose to > ignore your childish personal attacks and insults. > Yeah, right. Any particular reason you redirected followups to .social other than to hide criticism of your online behavior in the main spamcop newsgroup? This has nothing to do with .social. I wrote nothing which in any way implied disapproval nor approval of anything you said in .social -- on the contrary, I am expressing extreme distaste at what you have written of late in the main spamcop newsgroup. To which I am purposely including this reply, and then allowing you to hijack the thread to .social. Any particular reason that a bunch of your postings in the main spamcop newsgroup have suddenly been canceled and deleted from the SC news server? Embarrassed by the online published history? Why is canceling numerous articles all of a sudden over the last 2 days from the same IP address as your NNTP-Posting-Host, as seen in control.cancel? Not saying it's you, maybe it's your cat. Or hamster... Any particular reason why I or anyone else shouldn't just ignore all rants from someone who hides behind a persona of "Cat" and an email address of "nobody"? What the hey gives you any more legitimacy to hide your real name and address than anyone else here? My name is Ben Paul, and I'm no more inclined to reveal my email address nor physical address than you are. What's *your* name? Is "Cat" really on your birth certificate? Get off your high horse. My point is that lately your postings in this group have no real value and make no contribution to discussion of spam fighting; the only thing you have to say (after eliding the attacks) is smalltalk, which properly belongs in .social not here. So then why do you have so many posts here, with so little to say? Do you never listen to yourself? (do you never read what you write?) Just for grins I took a look back at the 160 of your posts which are still online in the main spamcop newsgroup. It is apparent that of your postings since mid-June, 124 or roughly 78% are grammar, top-posting, Hormel trademark, newsgroup redirect or netiquette complaints only. No substantive contribution to the discussion. Nada. Another 19 are "PC" rants such as this entire thread. Yet another 9 are off-topic comments more suitable for .social, but tossed into threads in the main spamcop group. Of the remaining, posts, all but 3 included a gratuitous complaint about grammar or top-posting along with any pertinent comment or contribution to the discussion. Pretty low signal-to-noise ratio exhibited in your postings in the main spamcop newsgroup. Never mind .social, that's all noise anyway, by intent. Mine is not the only voice expressing these sentiments. Instead of lashing back at the various commenters here regarding your posting content and style, you might take a step back and consider the truth in the comments. Nah, not likely. Doesn't fit with the style you've exhibited online. Tiresome, indeed. Sorry, but it's reached the point where I can't just ignore it silently any more. If you can't tell the difference between a personal attack (which this is not) and honest criticism of outwardly observable behavior (i.e. the text contained in your posting history), then there's nothing more to be said. And now, back to our program. From aeiouqwert at netscape.net Thu Sep 9 11:35:03 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 13:35:03 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: eddie wrote: > You can also require the posters to log in and you email them a password. > You can decide if their email address looks legit or not, but you also > have the additional ability to block them on an individual basis. This has > some flaws, but it might be used to supplement your "draconian" solution. > You might require the email address, for example, to match their IP, so > that they cannot use a throwaway address. This would probably scare off > even some legit posters, but it certainly would get rid of a lot of > trolls, etc. > Just a thought. That's a thought ... but I suspect a "password" requirement would leave legitimate posters say, "You've got to be kidding," offending them more than scaring them away. But either way (yours or mine), there will undoubtedly be a few babies thrown out with the bathwater. I just wish there were some other way (sigh). Regards, J. Alec West From MikeE at ster.invalid Thu Sep 9 11:45:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 13:45:16 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: nobody@spamcop.net wrote: > What the hey gives you any more > legitimacy to hide your real name and address than anyone else > here? > > My name is Ben Paul, and I'm no more inclined to reveal my > email address nor physical address than you are. Not to take sides right in the middle of flames licking higher and higher, but just to mention something that I've said in the past here about a 'problem' with the 'plain' nobody@spamcop.net absent any kind of handle attached to it. For various reaons which have to do with what an old faq sed, before it was changed to http://www.spamcop.net/forum.shtml 'you might want to consider configuring your software with a false email address. Please use "nobody@devnull.spamcop.net" if you use a fake address'. the 'address' nobody@spamcop.net is very popular or common. If there is no further identification associated with it, such as From: "Ellen" then there is a problem about getting personas mixed up. I would like to see all of the spamcop 'nobodies' to adopt some kind of persona attached to their addy, such as Ellen or Dar or whoever; not necessarily to expose anything they don't want to, but just to distinguish themselves from each other. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Thu Sep 9 14:47:39 2004 From: eddie at eddie.web (eddie) Date: Thu Sep 9 13:50:04 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: On Thu, 09 Sep 2004 10:35:03 -0700, AlecWest scratched out the following: snip > That's a thought ... but I suspect a "password" requirement would leave > legitimate posters say, "You've got to be kidding," offending them more > than scaring them away. But either way (yours or mine), there will > undoubtedly be a few babies thrown out with the bathwater. I just wish > there were some other way (sigh). If you simply explain, on the website, the reason for creating an "account" I am sure legit posters will understand. Yes, you make them less anonymous, but you have to balance things. If they trust you to use their email addresses only for login purposes, then everything should be OK. There are many websites boards that require a login for exactly that reason. I once had a completely open message board on one of my websites and it lasted for one month. The amount of nut-jobs out there is outstanding. The trolls were a minor annoyance - the perverts and hate-mongers were the main problem. I shut the board down. From aeiouqwert at netscape.net Thu Sep 9 11:47:50 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 13:50:15 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam In-Reply-To: References: Message-ID: This news article may make you feel better about China: http://thewhir.com/marketwatch/chi090704.cfm According to MSNBC, a full 50% of all email with a Chinese source is spam. I doubt seriously whether the Chinese really care whether us Yankees (and others) get spam in their mailboxes. But I do suspect they care a great deal about their Internet infrastructure being abused to such an extent that "legitimate" Chinese Internet providers are bogged down with bandwidth pollution - especially if the spam is pornographic. On my local TV news earlier this week, I heard that China is thinking about imposing "life sentences in prison" to the most aggregious spammers they catch. That sounds pretty serious to me. And, I suspect a sentence in a Chinese prison is more of a deterrent to Chinese spammers than any sentence in a U.S. prison would be to U.S. spammers. Regards, J. Alec West From kenbrody at spamcop.net Thu Sep 9 14:47:33 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Sep 9 14:00:03 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you References: Message-ID: <41409735.3B330EF8@spamcop.net> Steve Gilder wrote: > > order from someone whose opening line was: > > No Persscriptoion is Requjired > Disbcreet Ovdernilght Shipuping To Your Dokor Would _I_? No. But I wouldn't order from a spammer even if they spelled it correctly (assuming it was something I would even want in the first place), so I'm probably not their target audience. > and said: > > 100% Mogney Babck Guaruantee on All Purcahases > > My thought was: How accurately would they fill my order? Perfectly accurately. They would send you the "Vikarga" that you asked for. ;-) And if you complained, I'm sure they'd be happy to send you some mogney. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From aeiouqwert at netscape.net Thu Sep 9 11:58:20 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 14:00:16 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you In-Reply-To: References: Message-ID: indigo wrote: >>>My thought was: How accurately would they fill my order? >> >>The grammar used in spam nowadays is atrocious, hehe. > > On purpose. They're just trying to beat filters by intentionally > mis-spelling the words. Perhaps ... but the phish email purporting to be from U.S. bank put all the text in a GIF file (with a USEMAP reference to the link within). So, there were no filters to beat since nothing was textual ... and still, the grammar was atrocious. I suspect the truth is "a little of both" ... attempts to fool filters coupled with a poor understanding of the English language. Regards, J. Alec West From aeiouqwert at netscape.net Thu Sep 9 12:28:54 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 14:30:03 2004 Subject: [SpamCop-List] P.S. In-Reply-To: References: Message-ID: FWIW, click on the link below to read the capture file I made of the phish mail as it looked in my email folder. The email "internals" were nothing more than a GIF file with a USEMAP reference to the link within. Note the grammar used in the first sentence: http://novelhost.net/phish.gif Regards, J. Alec West From tmcgraw at spamcop.net Thu Sep 9 12:41:42 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Sep 9 14:45:02 2004 Subject: [SpamCop-List] Re: SPAM-HIGH, SPAM-MED, SPAM-LOW References: <413A27C1.30002@spamcop.net> Message-ID: <4140A3E6.8010407@spamcop.net> Tim McGraw wrote: > Anyone else getting any of these? > > They haven't been seen in the wild. > > Does it have anything to do with Richter ya think? Sorry to reply to my own post, but I was flabbergasted no one responded. The evening of 9/3 I started getting spamitems with subjects that began, "SPAM-HIGH," "SPAM-MED" or "SPAM-LOW" They have all the earmarks of Richter spam - same types of subjects otherwise sent to the same email address he has constantly abused for the past three years. I thought this was unusual because the spamcop/IronPort settlement with optinrealbig.com was 9/2. From dkona7b02 at sneakemail.com Thu Sep 9 15:57:51 2004 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Thu Sep 9 14:57:54 2004 Subject: [SpamCop-List] Re: SPAM-HIGH, SPAM-MED, SPAM-LOW In-Reply-To: <4140A3E6.8010407@spamcop.net> References: <413A27C1.30002@spamcop.net> Message-ID: <3.0.5.32.20040909145751.016cce40@loki.fstrf.org> Are you sure the qualifiers "SPAM-HIGH", "SPAM-MED" and "SPAM-LOW" aren't being added by a filter on your side? Maybe your provider is pre-filtering your email and adding those tags to let you know the SPAM probability level? My university account is now being filtered and at first they tacked "SPAM" to the front of each subject line they determined met their criteria. Someone must have complained, because they switched to using an x-line with the raw SPAM score instead. I don't see any use in a SPAMmer letting you know ahead of time that he is SPAMming you. It would be too easy to filter directly to your trash bin. Check with your provider... At 11:41 AM 9/9/2004 -0700, Tim McGraw typed: >Tim McGraw wrote: >> Anyone else getting any of these? >> >> They haven't been seen in the wild. >> >> Does it have anything to do with Richter ya think? > >Sorry to reply to my own post, but I was flabbergasted no one responded. > >The evening of 9/3 I started getting spamitems with subjects that began, >"SPAM-HIGH," "SPAM-MED" or "SPAM-LOW" > >They have all the earmarks of Richter spam - same types of subjects >otherwise sent to the same email address he has constantly abused for >the past three years. > >I thought this was unusual because the spamcop/IronPort settlement with >optinrealbig.com was 9/2. > >_______________________________________________ >SpamCop-List mailing list >SpamCop-List@news.spamcop.net >http://news.spamcop.net/mailman/listinfo/spamcop-list > From nobody at devnull.spamcop.net Thu Sep 9 15:55:37 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Thu Sep 9 15:00:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Dar" wrote in message > I don't get it. I'm receiving spam with the same subject approximately > 25 to 30 per day, per subject, but all with different IPs. All > advertising the same site: http://4drugs123.com/ > > The subjects are: > > Buy cheap Viagra through us > Buy Regalis, also known as Superviagra or Cialis > Get great prices on medications > Get viagra for a great price > We sell regalis for an affordable price > > There were 30 waiting for me this morning, all blocked and rerouted > to a spam email address for monitoring. I could maybe block the IPs, > but it's never-ending because no two ever come from the same IP and > some IPs are static and probably forged. Thirty to begin my day and > they will continue to pour in throughout the day. > > Fancy spammer software that manages to change the originating IP > for each and every spam message? > > > From ernie.arellanovz@info-tech.co.uk Wed Sep 8 23:33:52 2004 > Received: from liquidauto.co.za > (ip-112.net-81-220-178.nice.rev.numericable.fr [81.220.178.112]) > > From k_cappsjv@znet.net.au Thu Sep 9 01:50:03 2004 > Received: from linchen.com.tw (cmu-24-35-12-226.mivlmd.cablespeed.com > [24.35.12.226]) > > From doddds@asl.gg Thu Sep 9 03:14:11 2004 > Received: from deepend.com.au (c-24-13-21-6.client.comcast.net [24.13.21.6]) > > From clangefy@mail.inet.hr Thu Sep 9 03:16:15 2004 > Received: from johnabbott.qc.ca ([221.139.91.84]) > > From wmcummins_iz@forprod.csiro.au Thu Sep 9 03:33:41 2004 > Received: from rsea.gov.tw (wbar2.lax1-4-8-221-072.dsl-verizon.net > [4.8.221.72]) > > From eringoldsteinut@actiontravel.co.za Wed Sep 8 23:59:26 2004 > Received: from unisys.se (wbar1.wdc2-4-8-137-244.wdc2.dsl-verizon.net > [4.8.137.244]) > > From carolsimpsonlh@vegvesen.no Wed Sep 8 23:56:35 2004 > Received: from pumatec.de (24-178-128-43.cpe.ga.charter.com [24.178.128.43]) > I could easily be mistaken when it calls for psychic powers to grasp the intent of the spammer. I have noticed that 4drugs123.com has not resolved for about six days now. The domain is still showing as "Active" at IP 220.249.103.22, but the site is offline and does not redirect. Although one might consider reporting the "spamvendor", I have elected to see the large volume of such spamitems as malicious and deliberate harrassment of a possibly "White Hat" ISP admin who elected to close the site. I really see no value in reporting a site that either does not exist or can't be found. SC also does not resolve the site, but sends the report on the basis of cached data. I feel badly for the admin who must discard millions of bogus complaints for 4drugs123.com, to cull out legitimate complaints. IMO, it is the admin who is the target of the abuse. The abuse is coming from every conceivable direction and the complaints are abusively being funneled through SpamCop.net. I would like to see this stream of bogus complaints funneled to my buddy Dave Null for a second opinion, or disallowed by the parser to begin with. Glenn From Merlyn at Spamcop.net Thu Sep 9 16:13:01 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Thu Sep 9 15:15:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Glenn Daniels" wrote in message news:chq8ua$3k9$1@news.spamcop.net... > > I could easily be mistaken when it calls for psychic powers to > grasp the intent of the spammer. I have noticed that 4drugs123.com > has not resolved for about six days now. The domain is still showing > as "Active" at IP 220.249.103.22, but the site is offline and does not > redirect. > > Although one might consider reporting the "spamvendor", I have > elected to see the large volume of such spamitems as malicious > and deliberate harrassment of a possibly "White Hat" ISP admin > who elected to close the site. I really see no value in reporting > a site that either does not exist or can't be found. SC also does > not resolve the site, but sends the report on the basis of cached > data. > > I feel badly for the admin who must discard millions of bogus > complaints for 4drugs123.com, to cull out legitimate complaints. > IMO, it is the admin who is the target of the abuse. The abuse > is coming from every conceivable direction and the complaints > are abusively being funneled through SpamCop.net. I would > like to see this stream of bogus complaints funneled to my > buddy Dave Null for a second opinion, or disallowed by the > parser to begin with. > 220.249.103.22 - IP hosts 7 Total Domains ... 1 0RDERDRUGS.COM 2 123RX-SHOP.COM 3 4DRUGS123.COM 4 777RXBARGINZ.COM 5 LONELYWIFE.ORG 6 TEENSOLVE.NET 7 WORLDRXDIRECT.BIZ -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From mswift at computerassistance.com Thu Sep 9 13:24:43 2004 From: mswift at computerassistance.com (mjj) Date: Thu Sep 9 15:25:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Porpoise" wrote in message news:chpt7d$mu8$1@news.spamcop.net... > >> >> Larry J. wrote: >> > Waiving the right to remain silent, "mjj" >> > said: >> > >> > > Larry, >> > > >> > > go back farther, ma mam mamma are all words that translate to >> > > breast dam means domina >> > >> > Are you making this stuff up as you go along..? >> > >> > The French "ma" (and mon) means my. >> >> Looked to me like he was talking about the Latin basis of the words, not >> French...... >> >> > > Yeah..... ma in Thai means come, or horse, or dog - depending on the tone > but I don't think he meant that either. I also think he meant the Latin > origin - from which also comes mammaries............. > Yes, Latin, that is why I said to go back further. Sanskrit is matr. Ancient societies did not have large vocabularies. Ma sounds would have been used for many aspects of the female. Dame or My Dame or Madam is an honorific denoting status. It was originally used to tell the listener that this person is not to be treated the same as other women. If sexism is pervasive doesn't it stand to reason that sexism existed before French lace? Who has not heard dame used in a derogatory sense or m'am pronounced in a way that indicates that the person being addressed does not deserve the title? Does everybody accept Spamcopper(s) as a neutral way to address members of this group? Myles From MikeE at ster.invalid Thu Sep 9 13:44:48 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 15:45:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: mjj wrote: > Does everybody accept Spamcopper(s) as a neutral way to address > members of this group? Not addressing the gender neutrality issue, but rather the term 'spamcopper' - which may take on different 'flavors' depending upon which environment it is used. There are some nanae-ites who might look upon spamcoppers as some kind of 'inferior' spamfighter who only knows how to feed a spam to spamcop but doesn't know how to parse a header to save their life and are as apt to report their own provider as something else. Many of the same nanae-ites have also looked upon spamcop's parsing accuracy with disdain, more in the past than the present. There are some ostensibly non-spamming bulk mailers who look upon spamcoppers as a bunch of incompetent anti-s who don't know spam from the mailing list they subscribed to or their other good mail. Around here, spamcopper doesn't take on any negative connotation that I know of, except perhaps the spamcoppers who don't want to be confused with those other spamcoppers up there. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Sep 9 16:51:36 2004 From: nobody at spamcop.net (indigo) Date: Thu Sep 9 15:55:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Mike Easter wrote: > mjj wrote: > > Does everybody accept Spamcopper(s) as a neutral way to address > > members of this group? > > Not addressing the gender neutrality issue, but rather the term > 'spamcopper' - which may take on different 'flavors' depending upon > which environment it is used. > How about "SC NG participants" ? Nah, too long....... From fadedglory at despammed.net Thu Sep 9 15:58:23 2004 From: fadedglory at despammed.net (FadedGlory) Date: Thu Sep 9 16:00:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "indigo" wrote in message news:chqc88$6e2$1@news.spamcop.net... > > > Mike Easter wrote: > > mjj wrote: > > > Does everybody accept Spamcopper(s) as a neutral way to address > > > members of this group? > > > > Not addressing the gender neutrality issue, but rather the term > > 'spamcopper' - which may take on different 'flavors' depending upon > > which environment it is used. > > > > How about "SC NG participants" ? Nah, too long....... > > Why worry about it... I think most of the females that either lurk or post on here are not offended and probably don't even notice until someone decides to make something out of it. FD (a female) From MikeE at ster.invalid Thu Sep 9 14:13:51 2004 From: MikeE at ster.invalid (Mike Easter) Date: Thu Sep 9 16:15:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: indigo wrote: > Mike Easter wrote: >> mjj wrote: >>> Does everybody accept Spamcopper(s) as a neutral way to address >>> members of this group? >> >> Not addressing the gender neutrality issue, but rather the term >> 'spamcopper' - which may take on different 'flavors' depending upon >> which environment it is used. >> > > How about "SC NG participants" ? Nah, too long....... BTW, I'm the same guy who not only uses the term 'spamcoppers' as an 'abbreviation' for 'us'ns' in both friendly and unfriendly environments but also a variety of other terms which have been known to annoy others, doing so in both a friendly and teasing or taunting way. Is that insensitively sensitive? 'Smile when you use that term, pod'ner' "Oh, I see you have some teeth missing ;-) " -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Sep 9 17:15:05 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Thu Sep 9 16:15:17 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Merlyn" wrote in message > "Glenn Daniels" wrote in message > > > > I could easily be mistaken when it calls for psychic powers to > > grasp the intent of the spammer. I have noticed that 4drugs123.com > > has not resolved for about six days now. The domain is still showing > > as "Active" at IP 220.249.103.22, but the site is offline and does not > > redirect. > > > > Although one might consider reporting the "spamvendor", I have > > elected to see the large volume of such spamitems as malicious > > and deliberate harrassment of a possibly "White Hat" ISP admin > > who elected to close the site. I really see no value in reporting > > a site that either does not exist or can't be found. SC also does > > not resolve the site, but sends the report on the basis of cached > > data. > > > > I feel badly for the admin who must discard millions of bogus > > complaints for 4drugs123.com, to cull out legitimate complaints. > > IMO, it is the admin who is the target of the abuse. The abuse > > is coming from every conceivable direction and the complaints > > are abusively being funneled through SpamCop.net. I would > > like to see this stream of bogus complaints funneled to my > > buddy Dave Null for a second opinion, or disallowed by the > > parser to begin with. > > > > 220.249.103.22 - IP hosts 7 Total Domains ... > > 1 0RDERDRUGS.COM > 2 123RX-SHOP.COM > 3 4DRUGS123.COM > 4 777RXBARGINZ.COM > 5 LONELYWIFE.ORG > 6 TEENSOLVE.NET > 7 WORLDRXDIRECT.BIZ > > -- > > Regards, > Merlyn Am I being "blocked"? When I attempt to access http://4drugs123.com or http://220.249.103.22, all I get is 404 compliance. I thought it odd to be seeing so many items for a site that was not even there and it is so for nearly a week already. Thoughts? Glenn From nobody at spamcop.net Thu Sep 9 17:29:11 2004 From: nobody at spamcop.net (indigo) Date: Thu Sep 9 16:30:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Mike Easter wrote: > BTW, I'm the same guy who not only uses the term 'spamcoppers' as an > 'abbreviation' for 'us'ns' in both friendly and unfriendly > environments but also a variety of other terms which have been known > to annoy others, doing so in both a friendly and teasing or taunting > way. No, say it isn't so! Is that insensitively sensitive? > I'm having trouble parsing that....... From nobody at devnull.spamcop.net Thu Sep 9 16:40:57 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 9 16:45:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: nobody@spamcop.net wrote: > Yeah, right. Any particular reason you redirected followups > to .social other than to hide criticism of your online behavior > in the main spamcop newsgroup? This has nothing to do with > .social. You were specifically attacking posts I had made over in .social. Because of that, I set follow-ups over there and also because this thread got so far off topic when you and a few other people with too much time on your hands decided to flame me for no good reason. > I wrote nothing which in any way implied disapproval nor > approval of anything you said in .social -- on the contrary, > I am expressing extreme distaste at what you have written of > late in the main spamcop newsgroup. You specifically brought up posts I had made ONLY in .social, so your argument is weak. > To which I am purposely > including this reply, and then allowing you to hijack the > thread to .social. Since you chose to keep your childish attacks over here, I'm replying over here. > Any particular reason that a bunch of your postings in the > main spamcop newsgroup have suddenly been canceled and deleted > from the SC news server? Embarrassed by the online published history? > Why is canceling numerous articles > all of a sudden over the last 2 days from the same IP address > as your NNTP-Posting-Host, as seen in control.cancel? Not saying > it's you, maybe it's your cat. Or hamster... Sorry to disappoint you, but I wasn't going on some mass cancel. I was just adding more to those posts that I meant to add before but hit "send" too soon or fixing a typo to repost it. People cancel and redo posts all the time. It's not some major controversy, and it's not an attempt to hide anything since all I was doing was adding to the posts or fixing an error. I wasn't aware that I had to ask your permission or explain myself to you. Why don't you go stalk all the other people with canceled posts and harass them until they explain exactly why they canceled their posts? > Any particular reason why I or anyone else shouldn't just ignore > all rants from someone who hides behind a persona of "Cat" and > an email address of "nobody"? What the hey gives you any more > legitimacy to hide your real name and address than anyone else > here? At least I use a posting name and not just the anonymous e-mail address. > My name is Ben Paul, and I'm no more inclined to reveal my > email address nor physical address than you are. What's > *your* name? Is "Cat" really on your birth certificate? > Get off your high horse. I never said you had to reveal your real name, just use some sort of posting name and stop hiding behind only an anonymous e-mail address used by a lot of people. Several people in this newsgroup know my real identity and my real contact information. One person who posts here regularly is even a good friend of mine off-line in person. > My point is that lately your postings in this group have no > real value and make no contribution to discussion of spam > fighting; the only thing you have to say (after eliding the > attacks) is smalltalk, which properly belongs in .social not > here. Like I said, I don't need your approval to post here, and I don't need to justify myself for you when you obviously choose to see only what you want to see. > So then why do you have so many posts here, with so little > to say? Funny you should say that since the only posts from you in the newsgroup are your personal attacks on me. I've been a long time member of this newsgroup. A lot of people have thanked me for my help in the past, and others have agreed with comments I've contributed to other threads when I noticed someone else was having a similar spam problem as me. I don't need to justify myself to you. As far as I can see, you're just some anonymous troll looking for a reason to stir up drama since you've apparently never bothered to contribute to any real spam discussion here. > Mine is not the only voice expressing these sentiments. Instead > of lashing back at the various commenters here regarding your > posting content and style, you might take a step back and > consider the truth in the comments. Considering it's only a small few of you and since the rudest attacks have come from people who rarely contribute much to the newsgroup except to stir up drama and act like trolls, your complaints don't hold much weight with me. > Nah, not likely. Doesn't fit with the style you've exhibited > online. > > Tiresome, indeed. Sorry, but it's reached the point where I > can't just ignore it silently any more. If you can't tell the > difference between a personal attack (which this is not) and > honest criticism of outwardly observable behavior (i.e. the > text contained in your posting history), then there's nothing > more to be said. And now, back to our program. My original post in this thread was not a personal attack, but several busy bodies like you sure went out of your way to attack me over it for no good reason. The only opinions that matter to me in this thread are those who recognized the point I was trying to make with my original post and were mature enough to handle a rational discussion. It's funny how every time the thread dies down, some attention seeking troll like you feels the need to keep it going. I'm almost flattered that you have nothing better to do with your life than to follow me around a newsgroup, but get over yourself! For every one of you losers who has nothing better to do with your time than to criticize me, there are plenty more with whom I get along just fine. Seriously, I'm sick of the childish personal attacks against me in this thread. We're all adults here, yet some of you still carry the mentality of third graders on a playground who relentlessly attack and ridicule anyone you don't like. Grow up and move on! It's really kind of sad that a small few of you have nothing better to do than to follow me around on some sort of witch hunt the way you do. From tmcgraw at spamcop.net Thu Sep 9 15:57:40 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Sep 9 18:00:10 2004 Subject: [SpamCop-List] Re: SPAM-HIGH, SPAM-MED, SPAM-LOW References: <413A27C1.30002@spamcop.net> Message-ID: <4140D1D4.8050700@spamcop.net> Spam Hater wrote: > Are you sure the qualifiers "SPAM-HIGH", "SPAM-MED" and "SPAM-LOW" > aren't being added by a filter on your side? Now why couldn't I have figured that out - that's exactly what happened. No wonder no one responded initially. Duh. From kenbrody at spamcop.net Thu Sep 9 19:10:03 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Sep 9 18:15:03 2004 Subject: [SpamCop-List] Subject of the week? Message-ID: <4140D4BB.E0C76603@spamcop.net> I just got spam with the following subject: Illiterate? Let us Help You How many illiterates read e-mail? (Yes, I know there are plenty of people using e-mail who can't _write_, but "illiterate" includes the inability to _read_ as well.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From me at privacy.net Thu Sep 9 19:25:04 2004 From: me at privacy.net (Frog Prince) Date: Thu Sep 9 18:50:04 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: "AlecWest" wrote in message news:chq47u$u4l$1@news.spamcop.net... | eddie wrote: | | > You can also require the posters to log in and you email them a password. | > You can decide if their email address looks legit or not, but you also | > have the additional ability to block them on an individual basis. This has | > some flaws, but it might be used to supplement your "draconian" solution. | > You might require the email address, for example, to match their IP, so | > that they cannot use a throwaway address. This would probably scare off | > even some legit posters, but it certainly would get rid of a lot of | > trolls, etc. | > Just a thought. | | That's a thought ... but I suspect a "password" requirement would leave | legitimate posters say, "You've got to be kidding," offending them more | than scaring them away. But either way (yours or mine), there will | undoubtedly be a few babies thrown out with the bathwater. I just wish | there were some other way (sigh). As for me I don't register to access (it's just not worth the trouble) as most of those that I did register for ended up selling the addy. From me at privacy.net Thu Sep 9 19:25:59 2004 From: me at privacy.net (Frog Prince) Date: Thu Sep 9 18:50:14 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: "eddie" wrote in message news:pan.2004.09.09.17.47.39.367000@eddie.web... | On Thu, 09 Sep 2004 10:35:03 -0700, AlecWest scratched out the following: | | snip | > That's a thought ... but I suspect a "password" requirement would leave | > legitimate posters say, "You've got to be kidding," offending them more | > than scaring them away. But either way (yours or mine), there will | > undoubtedly be a few babies thrown out with the bathwater. I just wish | > there were some other way (sigh). | | If you simply explain, on the website, the reason for creating an | "account" I am sure legit posters will understand. Not very likely. You will lose more than you gain. From nobody at devnull.spamcop.net Thu Sep 9 18:52:33 2004 From: nobody at devnull.spamcop.net (Cat) Date: Thu Sep 9 18:55:02 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: AlecWest wrote: > However, I have noticed that some ISPs don't take my complaints > seriously. So, I've decided to "up the ante" and go one step further. > Every month, I check raw logs for the site. If I find a 403 error > message directed at a guestbook, I know it came from an ISP that didn't > take my complaint seriously. And what I do at that point is explained > on the "403-FORBIDDEN" error page these would-be spammers see: > > http://novelhost.net/403.shtml > > However, this is a rather Draconian approach to guestbook spam. If > anyone knows of a kinder/gentler way of dealing with it, please reply. I had a similar problem with the comment feature in my online photo album. I've had the photo album for over a year, and I've only had one comment spam. Unfortunately, the spammer's ISP was Comcast, which ignored my complaint. The spammer's web site is still up. I think banning static IPs and IP ranges of the more problematic ones that you kow would not have any legitimate posters may be the best possibility. If you're getting repeats of similar e-mail addresses, maybe also ban those. Other than that, you can't really do anything to prevent it. From nobody at devnull.spamcop.net Thu Sep 9 19:34:42 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Sep 9 19:35:04 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Glenn Daniels" wrote in message news:chqdj9$7jr$1@news.spamcop.net... > > Am I being "blocked"? When I attempt to access http://4drugs123.com Looks like it.... 09/09/04 18:32:06 Browsing http://4drugs123.com Fetching http://4drugs123.com/ ... GET / HTTP/1.1 Host: 4drugs123.com Connection: close HTTP/1.1 200 OK Date: Thu, 09 Sep 2004 23:35:41 GMT Server: Apache/2.0.46 (Red Hat) Accept-Ranges: bytes X-Powered-By: PHP/4.3.2 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 DRUGS DIRECT: CHEAPEST DRUGS ON THE NET From nobody at devnull.spamcop.net Thu Sep 9 20:41:44 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Thu Sep 9 19:45:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Dar" wrote in message news:chpr6p$k45$1@news.spamcop.net... >I don't get it. I'm receiving spam with the same subject approximately > 25 to 30 per day, per subject, but all with different IPs. All > advertising the same site: http://4drugs123.com/ > [snip] > Fancy spammer software that manages to change the originating IP > for each and every spam message? [snip] I have been keeping track of the spams I receive. In my database, I now have 539 spams received from 507 unique IPs. I have 27 IPs that sent multiple spams. The most from one IP was 4. The dups are probably from the same spam sent to multiple addys at my domain but I didn't keep track of what spam went to which addy. I suspect if I did, I would wind up with 507 spams from 507 unique IPs. From wb8tyw at qsl.network Thu Sep 9 21:02:46 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Sep 9 20:05:03 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: AlecWest wrote: > Since I saw no subject header including this topic, I thought I'd start > one myself. Some of the guestbooks I host are plagued with spammers. > I've treated the "symptom" by doing 3 things: > > 1) All posts go to a guestbook.html file as usual ... but this file is > not linked to for public view. Instead, once every day or so, I > manually move all legitimate guestbook posts from the guestbook.html > file to the public file. Are you accepting posts from I.P. addresses known to be controlled by spammers? These should be easy to lookup by querying the various DNSbls. > > http://novelhost.net/403.shtml > > However, this is a rather Draconian approach to guestbook spam. If > anyone knows of a kinder/gentler way of dealing with it, please reply. Look at the DSBL.ORG's removal system and think about variations. On the error page, post the date that the abuse complaint was sent with a URL or e-mail address for the ISP to certify that they have fixed the problem, and then the listing status: 1. The ISP has not responded that they have stopped the abuse. 2. The ISP responded that they have stopped the abuse, but because of past (N) complaints, there will be a (N*N) day delay before the block was removed. (You can be creative there) Or in the case that you are using a DNSbl and local records. You are blocked because this I.P. address is on one that did a port probe, is in bl.spamcop.net, sbl-xbl.spamcop.net, list.dsbl.org, is in spews, is an odd numbered I.P. address on an even numbered day.... -John wb8tyw@qsl.network Personal Opinion Only From completelyfalse at harrykiri.com Fri Sep 10 11:09:59 2004 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Thu Sep 9 20:10:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Glenn Daniels" wrote in message news:chqdj9$7jr$1@news.spamcop.net... > Am I being "blocked"? When I attempt to access http://4drugs123.com > or http://220.249.103.22, all I get is 404 compliance. I see both these sites immediately - I guess you are being blocked. Regards, Hughy -- I can (still) be found at airways underscore electronics at bigpond_d_o_t_c_o_m_ (but I'm dumping Telstra Bigpond, as they are notoriously RFC-Ignorant). From aeiouqwert at netscape.net Thu Sep 9 18:56:51 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Thu Sep 9 21:00:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each In-Reply-To: References: Message-ID: Steve Gilder wrote: > I have been keeping track of the spams I receive. In my database, I now have > 539 spams received from 507 unique IPs. Well, the real eye-opener would be to run those 507 unique IPs past the number registries (arin/apnic/lacnic/ripe/etc.) to see how many of those IP numbers belonged to "unique ISPs". If those 507 IPs all belonged to six or seven ISPs, you'd have distinct ranges you could block. Regards, J. Alec From porpoise1954 at yahoo.co.uk Fri Sep 10 03:04:49 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Sep 9 21:10:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Harry Kiri" wrote in message news:chqrbm$j3l$1@news.spamcop.net... > > "Glenn Daniels" wrote in message > news:chqdj9$7jr$1@news.spamcop.net... > > > Am I being "blocked"? When I attempt to access http://4drugs123.com > > or http://220.249.103.22, all I get is 404 compliance. > > I see both these sites immediately - I guess you are being blocked. I concur. I can still see these sites no problem....... > > Regards, > Hughy > -- > I can (still) be found at airways underscore electronics at > bigpond_d_o_t_c_o_m_ (but I'm dumping Telstra Bigpond, as they are > notoriously RFC-Ignorant). > > > From porpoise1954 at yahoo.co.uk Fri Sep 10 03:15:18 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Sep 9 21:20:02 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "mjj" wrote in message news:chqam1$569$1@news.spamcop.net... > > "Porpoise" wrote in message > news:chpt7d$mu8$1@news.spamcop.net... > > > >> > >> Larry J. wrote: > >> > Waiving the right to remain silent, "mjj" > >> > said: > >> > <> > > Does everybody accept Spamcopper(s) as a neutral way to address members of > this group? No. It might be offensive to PC PCs > > Myles > > > From nobody at devnull.spamcop.net Thu Sep 9 20:42:16 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Thu Sep 9 22:45:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: <871xhcq65x.fsf@ursine.dyndns.org> References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> Message-ID: >> ... and pay real money for a real fix, instead of a >> few bux to the teenage neighbour kid? Not gonna happen. > > You must have cheap neighborhood kids. I live in a cheap neighbourhood. > Now that the tech boom is gone, it's hard to pull down > the same kind of money fixing PCs that I did in my > spare time after school. Tell me about it: I made more money twenty years ago than I do now! -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Thu Sep 9 21:11:14 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Thu Sep 9 23:15:26 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam In-Reply-To: References: Message-ID: > On my local TV news earlier this week, I heard that China > is thinking about imposing "life sentences in prison" to > the most aggregious spammers they catch. *YESSS!!* > That sounds pretty serious to me. Ya think?! -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From gjn91 at email.msn.com Thu Sep 9 23:46:40 2004 From: gjn91 at email.msn.com (gjn91) Date: Thu Sep 9 23:50:03 2004 Subject: [SpamCop-List] RETURN PATH Message-ID: How can my email be used as a retrun path for a email that i have never seen From hee.haw at jack.ass Fri Sep 10 00:50:52 2004 From: hee.haw at jack.ass (DC) Date: Thu Sep 9 23:55:03 2004 Subject: [SpamCop-List] B:EH:UN:G4HER Message-ID: Anyone else getting a barrage of emails titled like the above? This fool seems to be sending from every mail server on the planet... but his spamvertized site is served by kornet.net We have any extra artillery left over from Iraq? One MOAB bomb should take that server out... -- The generation that used acid to escape reality Is now using antacid to deal with reality http://www.dwacon.com From nobody at devnull.spamcop.net Fri Sep 10 01:06:57 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Fri Sep 10 00:10:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "AlecWest" wrote in message news:chqu4a$krm$1@news.spamcop.net... > Steve Gilder wrote: > >> I have been keeping track of the spams I receive. In my database, I now >> have 539 spams received from 507 unique IPs. > > Well, the real eye-opener would be to run those 507 unique IPs past the > number registries (arin/apnic/lacnic/ripe/etc.) to see how many of those > IP numbers belonged to "unique ISPs". If those 507 IPs all belonged to > six or seven ISPs, you'd have distinct ranges you could block. > > Regards, > J. Alec Way ahead of you. I did what you suggest when I was up to 300 and what a big suprise: Korea, China, Japan, Brazil make up over 90% From nobody at spamcop.net Thu Sep 9 22:10:26 2004 From: nobody at spamcop.net (Don Wannit) Date: Fri Sep 10 00:15:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: mjj wrote: > Does everybody accept Spamcopper(s) as a neutral way to address members of > this group? Nobody here 'cept us folks. tinu. [watch out, the folk-music crowd, known as "folkies", might complain about using "folks". As might some parents :] How about requiring all requests for assistance/information to be formatted as a formal business letter with the salutation as the petitioner's choice of: 1- Oh Most Esteemed Experts, 2- Yo! /* oops! not very formal */ 3- Venerable honored persons, 4- Spamu-ga kirai shito, Oh, I forgot -- this is the newsgroup advertised as the place to go for help, and for which posters are admonished to respond politely and with an extra measure of "slack". So the formal letter format is probably not going to fly. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Fri Sep 10 01:12:14 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Fri Sep 10 00:15:19 2004 Subject: [SpamCop-List] Re: RETURN PATH References: Message-ID: "gjn91" wrote in message news:chr801$sl9$1@news.spamcop.net... > How can my email be used as a retrun path for a email that i have never > seen > > A spammer found your address somewhere and used in a phony "From:". There are other threads that talk about this. The MX that bounced the mail back to you should not have but it happens. I think I found one doing the same to me and got him to stop by LARTing him and his ISP. Only time will tell. From nobody at spamcop.net Thu Sep 9 22:17:24 2004 From: nobody at spamcop.net (Don Wannit) Date: Fri Sep 10 00:20:04 2004 Subject: [SpamCop-List] Re: RETURN PATH In-Reply-To: References: Message-ID: gjn91 wrote: > How can my email be used as a retrun path for a email that i have never seen > > Because the sender or return path on an email header is very easy to forge. The design of the email system that is so widespread today dates back quite a while, to a time when the only people who could send or would read email were pretty trusting and trustworthy. Those times are gone. Unfortunately, the design of the email system assumes that people can be trusted. As a result, it's extremely easy for someone to forge an email that looks like it was sent by you, even though it was not. Spammers use this fact many thousands (millions?) of times every day. Perhaps it will change someday. There are some technical proposals which will make it harder to forge email, but don't expect a complete solution any time soon. -- Don Wannit A paid SpamCop user since 1999 From aeiouqwert at netscape.net Thu Sep 9 23:42:42 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Fri Sep 10 01:45:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: > Tell me about it: I made more money twenty years ago than I do now! Well, there's still a market for "geeks" to make good money. In my area, there's a service called "Geeks-A-Knockin'" that markets itself as a friendly neighborhood company employing "nerds." In reality, it's just another consultancy firm that charges big bucks for house calls. And, believe it or not, there's still a niche of people who will pay those big bucks. With all the technical advancements made nowadays, and the fact that our kids grew up in the culture, the big "emerging" market right now is the aging "baby-boomer" market ... a lot of them being technophobes willing to pay through the nose for people/services to "take them by the hand" and lead them through the cyber-world they didn't bother educating themselves about when they were younger. Really ... I am constantly astounded by the MULTITUDES of people willing to pay $21 or $23 a month for AOL dialup service (with dubious benefits such as friendly voices saying, "You've got mail!") when 24/7/365 dialup access can be had for $6.95 a month from Mailaka.net ... or $9.95 a month from a plethora of other dialup ISPs. Sad fact ... some poeple just "need" those dumbed down GUIs to navigate their way through cyberspace. I have a good friend living a few blocks from me who epitomizes this. She has Comcast broadband ... and (sigh) AOL as well. And she's always on AOL because she hasn't yet figured out how to use her Comcast access as a standalone service. I've offered to help her make the "transition" (I'm on Comcast myself) ... but she balks every time. I believe it was P. T. Barnum who said, "In confusion, there is profit." Regards, J. Alec West From nobody at nowhere.invalid Fri Sep 10 11:19:52 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 04:20:17 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: On Thu, 09 Sep 2004 10:47:50 -0700, AlecWest coughed into spamcop and left this in : > On my local TV news earlier this week, I heard that China is thinking > about imposing "life sentences in prison" to the most aggregious > spammers they catch. How odd. The only spammers they seem able to catch are Chinese pr0n spammers... American pill-pushers and mortgage lenders remain amazingly elusive. -- Steve Reporter (to Mahatma Gandhi): "Mr. Gandhi, what do you think of Western civilisation?" Gandhi: "I think it would be a good idea." From nobody at nowhere.invalid Fri Sep 10 11:24:38 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 04:25:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: On Fri, 10 Sep 2004 00:06:57 -0400, Steve Gilder coughed into spamcop and left this in : > Way ahead of you. I did what you suggest when I was up to 300 and what a big > suprise: Korea, China, Japan, Brazil make up over 90% That's close to my own findings: My spam traps have been hit by 1890 individual /24 blocks, which have deposited a total of 2012 turdlets. The top 20 spammiest /24 blocks are: 1) 6 spam(s) - 0.30%, 222.65.100.0/24 2) 4 spam(s) - 0.20%, 65.182.143.0/24 3) 4 spam(s) - 0.20%, 222.65.102.0/24 4) 3 spam(s) - 0.15%, 200.66.98.0/24 5) 3 spam(s) - 0.15%, 222.64.181.0/24 6) 3 spam(s) - 0.15%, 222.65.101.0/24 7) 3 spam(s) - 0.15%, 201.130.205.0/24 8) 3 spam(s) - 0.15%, 200.32.85.0/24 9) 3 spam(s) - 0.15%, 210.20.97.0/24 10) 3 spam(s) - 0.15%, 205.240.194.0/24 {snip} The top 20 spammiest /16 blocks are: 1) 26 spam(s) - 1.29%, 222.65.0.0/16 2) 15 spam(s) - 0.75%, 222.64.0.0/16 3) 11 spam(s) - 0.55%, 201.129.0.0/16 4) 9 spam(s) - 0.45%, 200.171.0.0/16 5) 9 spam(s) - 0.45%, 61.11.0.0/16 6) 9 spam(s) - 0.45%, 168.226.0.0/16 7) 9 spam(s) - 0.45%, 221.140.0.0/16 8) 8 spam(s) - 0.40%, 218.190.0.0/16 9) 7 spam(s) - 0.35%, 221.124.0.0/16 10) 6 spam(s) - 0.30%, 201.128.0.0/16 {snip} The top 20 snottiest /8 blocks are: 1) 157 spam(s), 7.80%, 218.0.0.0/8 2) 148 spam(s), 7.36%, 61.0.0.0/8 3) 129 spam(s), 6.41%, 68.0.0.0/8 <<== Pac Smell / Spameritech ? 4) 129 spam(s), 6.41%, 200.0.0.0/8 5) 124 spam(s), 6.16%, 211.0.0.0/8 6) 124 spam(s), 6.16%, 24.0.0.0/8 <<== Comcast / RR ? 7) 78 spam(s), 3.88%, 221.0.0.0/8 8) 76 spam(s), 3.78%, 222.0.0.0/8 9) 75 spam(s), 3.73%, 220.0.0.0/8 10) 74 spam(s), 3.68%, 219.0.0.0/8 {snip} -- Steve Reporter (to Mahatma Gandhi): "Mr. Gandhi, what do you think of Western civilisation?" Gandhi: "I think it would be a good idea." From user\" at domain.invalid>" Fri Sep 10 12:09:17 2004 From: user\" at domain.invalid>" ( Rolf) Date: Fri Sep 10 05:11:03 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam In-Reply-To: References: Message-ID: Steven Maesslein wrote: >> On my local TV news earlier this week, I heard that China is thinking >>about imposing "life sentences in prison" to the most aggregious >>spammers they catch. > > How odd. The only spammers they seem able to catch are Chinese pr0n > spammers... American pill-pushers and mortgage lenders remain amazingly > elusive. It's a little difficult to kidnap Richter or one of his buddies to put him in a Chinese prison. Don't you think? Not that I would mind, really! But the political implications are to serious that the Chinese would even think about it. From nobody at nowhere.invalid Fri Sep 10 12:21:49 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 05:25:14 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: On Fri, 10 Sep 2004 11:09:17 +0200, Rolf coughed into spamcop and left this in : > It's a little difficult to kidnap Richter or one of his buddies to put > him in a Chinese prison. Don't you think? Not that I would mind, really! > But the political implications are to serious that the Chinese would > even think about it. True. But the point I was making is that the Chinese authorities don't care about spam at all in reality. All they're worried about is pr0n. -- Steve Profanity is the one language all programmers know best. From nobody at nowhere.invalid Fri Sep 10 13:46:51 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 06:50:04 2004 Subject: [SpamCop-List] Time for SC to use a more up-to-date BL for China? Message-ID: The cn.rbl.cluecentral.net is selected in my options, meaning that mail from China coming into my SC mail account should wind up in the Held Mail as most of it does. I got a turdlet from 60.221.35.147: inetnum: 60.220.0.0 - 60.223.255.255 netname: CNCGROUP-SX descr: CNCGROUP Shanxi Province Network descr: China Network Communications Group Corporation descr: No.156,Fu-Xing-Men-Nei Street, descr: Beijing 100031 country: CN It sailed right through the DNSBL. $ host 147.35.221.60.cn.rbl.cluecentral.net Host 147.35.221.60.cn.rbl.cluecentral.net not found: 3(NXDOMAIN) Whereas, for example: $ host 147.35.221.60.china.blackholes.us 147.35.221.60.china.blackholes.us has address 127.0.0.2 or $host 147.35.221.60.my.local.dnsbl 147.35.221.60.my.local.dnsbl has address 127.0.0.2 -- Steve A revolving concretion of earthy or mineral matter accumulates no congeries of small, green bryophytic plant. From MikeE at ster.invalid Fri Sep 10 08:01:10 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 10 10:05:19 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: Steven Maesslein wrote: > The cn.rbl.cluecentral.net is selected in my options, meaning that > mail from China coming into my SC mail account should wind up in the > Held Mail as most of it does. I don't know if it means that or not; that is, you can't tell well from the available information. > $ host 147.35.221.60.cn.rbl.cluecentral.net > Host 147.35.221.60.cn.rbl.cluecentral.net not found: 3(NXDOMAIN) > > Whereas, for example: > > $ host 147.35.221.60.china.blackholes.us > 147.35.221.60.china.blackholes.us has address 127.0.0.2 > > or > > $host 147.35.221.60.my.local.dnsbl > 147.35.221.60.my.local.dnsbl has address 127.0.0.2 I'm familiar with china.blackholes.us and the other *.blackholes.us you can examine in detail here http://www.blackholes.us/ I had never heard of cn.rbl.cluecentral.net and I looked for a comparison of the two, which I didn't find; or even what is listed in the dnsbl at the website here http://www.cluecentral.net/rbl/faq.php ...but, you can't see the cluecentral lists to see how good a job it does on the different countries, or even which countries are included in *.all.cludecentral.net. So, if I were going to block by country, my choice would be blackholes.us. For what it is worth, cluecentral doesn't show up in this site which compares many blocklists http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html Blacklists Compared -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Fri Sep 10 08:27:02 2004 From: tdy at blackhole.invalid (N. Miller) Date: Fri Sep 10 10:30:03 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: In article , Steve Gilder says... > Way ahead of you. I did what you suggest when I was up to 300 and what a big > suprise: Korea, China, Japan, Brazil make up over 90% Oddly enough, Japan is hardly a blip for me. The big U.S. ISPs, including my own, are bigger sources than Japan. Based on my spam numbers, if I put a blanket block on Japan, I might as well put a blanket block on all of APNIC space. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From mrcics2000-spamcop-nomail at nomail.yahoo.com Fri Sep 10 10:50:06 2004 From: mrcics2000-spamcop-nomail at nomail.yahoo.com (Mike B) Date: Fri Sep 10 10:55:03 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: "AlecWest" wrote in message news:chouck$nnk$1@news.spamcop.net... > Since I saw no subject header including this topic, I thought I'd start > one myself. Some of the guestbooks I host are plagued with spammers. I've > treated the "symptom" by doing 3 things: Couldn't you simply email each person that wants to write in your guest book a link? That way no robot/spam would respond. Like a one-time link with a key that is good for a short while? Mike B From dlane-olson at synoffsys.com Fri Sep 10 12:03:27 2004 From: dlane-olson at synoffsys.com (Deborah) Date: Fri Sep 10 11:05:02 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Merlyn" wrote in message news:chknsv$s6t$1@news.spamcop.net... > > You might have closed your relay but are you sure that is what is was? > Maybe it could be an SMTP AUTH Hack on your Exchange server version > 6.0.6487.0 > Can someone explain to me how an SMTP AUTH hack works? I think that's what happened to me this week at one of my client sites, and I just want to understand a little better what goes on and how someone or what seems to be multiple someones can get authorized to send mail through my server without my knowing it. Sorry for the ignorant question, but if I don't ask I'll never understand. -- D-LO From MikeE at ster.invalid Fri Sep 10 09:26:16 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 10 11:30:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: Deborah wrote: > Can someone explain to me how an SMTP AUTH hack works? MAPS has some links to securing Exchange servers here http://www.mail-abuse.com/support/an_sec3rdparty.html#Microsoft%20Exchange%20Server Versions through 5.0 are vulnerable to relay if they permit any local SMTP users. (Servers that only act as a gateway between internal non-SMTP mail and the Internet don't have relay problems.) In other words, if your Exchange 5.0 server is connected to the Internet, it WILL relay for anyone, and that cannot be stopped. Starting with version 5.5, provisions have been made to prevent unauthorized relay. These are described in detail in an article from Windows NT Magazine, http://www.winnetmag.com/MicrosoftExchangeOutlook/Article/ArticleID/7696/MicrosoftExchangeOutlook_7696.html. If you're running an older version, it's time to upgrade. Microsoft has an article on their TechNet site that discusses securing Exchange 2000 and 5.5. The last line contains this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/mail/excrelay.asp Oops; that link is broken; you have to dig up the MS article. Here's a front page for MS Exchange tech http://www.microsoft.com/technet/prodtechnol/exchange/default.mspx Microsoft Exchange Server Assistance Center Here's a pretty good page http://www.microsoft.com/technet/prodtechnol/exchange/2000/deploy/frtfytr2.mspx Fortify Your Email Transport - Part 2 - Open Relays ... but none of that describes how to carry out an smtp auth attack hack. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Sep 10 09:30:58 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 10 11:35:05 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: Deborah wrote: > Can someone explain to me how an SMTP AUTH hack works? This might be more useful than the preceding http://www.winnetmag.com/Article/ArticleID/42406/42406.html Exchange Server SMTP AUTH Attacks and it has a link to this article http://www.winnetmag.com/article/articleid/40507/40507.html A New Kind of Attack -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Fri Sep 10 18:34:54 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 11:35:18 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: On Fri, 10 Sep 2004 07:01:10 -0700, Mike Easter coughed into spamcop and left this in : > So, if I were going to block by country, my choice would be > blackholes.us. Yabbut SC doesn't give that choice. The only BL of China provided by SC is the cluecentral one, hence my remark about it maybe being time for SC to start using a different BL. Maybe you didn't understand it that way, but the spam came through my SC e-mail account. My own servers use a local BL which does include data from china.blackholes.us, and that particular spam would have been rejected. -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From nobody at spamcop.net Fri Sep 10 11:59:40 2004 From: nobody at spamcop.net (Miss Betsy) Date: Fri Sep 10 12:00:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Don Wannit" wrote in message news:chr9fj$u5c$1@news.spamcop.net... Yo! > Oh, I forgot -- this is the newsgroup advertised as the place to go > for help, and for which posters are admonished to respond politely > and with an extra measure of "slack". So the formal letter format > is probably not going to fly. Actually spamcop.help is the ng advertised as the 'gentle' ng. The rules here (that I know of) are only to make comments inline and , no posting of entire spam email, and when the thread gets too offtopic to move it to .social or .geeks (depending on the subject). The character of the ng has changed somewhat over time. When I first started posting, there were many more server admins, it seems to me, and much more rough and tumble - not necessarily bad spirited, but horrifying to many newbies. Arguments about some aspect of spam fighting could go on for days. Now even spamcop is pretty tame and people don't seem to mind off spam topics discussions as much. Miss Betsy From MikeE at ster.invalid Fri Sep 10 10:06:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 10 12:10:03 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> So, if I were going to block by country, my choice would be >> blackholes.us. > > Yabbut SC doesn't give that choice. Hmm. I have a gripe about how much one is able to find out about the functionality of spamcop mail if one isn't a subscriber. How is a person supposed to make an informed decision about signing up if the only way they get any information about such as available blocklists is after the fact? Unless there's something I don't know about looking at. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Sep 10 12:17:15 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 10 12:20:03 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Deborah" wrote in message news:chsfoi$ug6$1@news.spamcop.net... > > Can someone explain to me how an SMTP AUTH hack works? I think that's > what happened to me this week at one of my client sites, and I just want > to understand a little better what goes on and how someone or what seems > to be multiple someones can get authorized to send mail through my > server without my knowing it. Web-based, single page entry point for a SpamCop FAQ is at http://forum.spamcop.net/forums/index.php?showtopic=2238 Help for Admins, and specifically Exchange servers ends up pointing to a recently updated FAQ item found at http://www.spamcop.net/fom-serve/cache/372.html From nobody at nowhere.invalid Fri Sep 10 19:20:54 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Sep 10 12:25:03 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: On Fri, 10 Sep 2004 09:06:01 -0700, Mike Easter coughed into spamcop and left this in : > I have a gripe about how much one is able to find out about the > functionality of spamcop mail if one isn't a subscriber. How is a person > supposed to make an informed decision about signing up if the only way > they get any information about such as available blocklists is after the > fact? Well, for completeness' sake, here's the list of BLs that SC proposes: bl.spamcop.net l1.spews.dnsbl.sorbs.net list.dsbl.org sbl.spamhaus.org korea.services.net cn.rbl.cluecentral.net nigeria.blackholes.us argentina.blackholes.us brazil.blackholes.us cbl.abuseat.org xbl.spamhaus.org dnsbl.sorbs.net -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From nobody at devnull.spamcop.net Fri Sep 10 12:21:44 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 10 12:25:14 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: "Mike Easter" wrote in message news:chsjc8$20g$1@news.spamcop.net... > > I have a gripe about how much one is able to find out about the > functionality of spamcop mail if one isn't a subscriber. How is a person > supposed to make an informed decision about signing up if the only way > they get any information about such as available blocklists is after the > fact? > > Unless there's something I don't know about looking at. Dang, sounds like something that should be in a FAQ, huh? I'll beg for some help from a subscriber or two and see if I can add something to the Forum FAQ ...???? From baloo at ursine.dyndns.org Fri Sep 10 10:29:41 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 10 12:45:04 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> Message-ID: <874qm6qe8a.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AlecWest writes: > LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: > >> Tell me about it: I made more money twenty years ago than I do now! > > Well, there's still a market for "geeks" to make good money. In my > area, there's a service called "Geeks-A-Knockin'" that markets > itself as a friendly neighborhood company employing "nerds." In > reality, it's just another consultancy firm that charges big bucks > for house calls. And, believe it or not, there's still a niche of > people who will pay those big bucks. Oh, you're from Portland. 8:o) Yeah, I know about Geeks-a-knockin. It's three guys out of a garage, as I understand it. > Really ... I am constantly astounded by the MULTITUDES of people > willing to pay $21 or $23 a month for AOL dialup service (with > dubious benefits such as friendly voices saying, "You've got mail!") "You've got mail!" "Argh...." "It's not spam!" "Oooooooh!" > when 24/7/365 dialup access can be had for $6.95 a month from > Mailaka.net ... or $9.95 a month from a plethora of other dialup > ISPs. Sad fact ... some poeple just "need" those dumbed down GUIs > to navigate their way through cyberspace. I have a good friend > living a few blocks from me who epitomizes this. She has Comcast > broadband ... and (sigh) AOL as well. And she's always on AOL > because she hasn't yet figured out how to use her Comcast access as > a standalone service. I've offered to help her make the > "transition" (I'm on Comcast myself) ... but she balks every time. Hide the dialup modem, set them to "Only dial a connection when there is no network present" or "never dial a connection" and reboot. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBQdZ1UzgNqloQMwcRAs+hAJ9EjcKt/XQgBD5QchtQFvEyqQPQGwCg3Wg6 VlsdzOqhjY7xh+4Po+qhV9c= =RiaF -----END PGP SIGNATURE----- From nobody at spamcop.net Fri Sep 10 13:40:15 2004 From: nobody at spamcop.net (Ellen) Date: Fri Sep 10 12:45:26 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: "Deborah" wrote in message news:chsfoi$ug6$1@news.spamcop.net... > > Can someone explain to me how an SMTP AUTH hack works? I think that's > what happened to me this week at one of my client sites, and I just want > to understand a little better what goes on and how someone or what seems > to be multiple someones can get authorized to send mail through my > server without my knowing it. > > Sorry for the ignorant question, but if I don't ask I'll never > understand. > It's really pretty simple -- the spammers finds a valid name/password combination and logs into the server. Once logged in as a legitimate user then he can send mail. He will first try the obvious name/password combinations -- like administrator/demo/test/guest -- and lately has been moving to trying different name/password combinations. Ellen From nobody at devnull.spamcop.net Fri Sep 10 13:20:21 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Sep 10 13:25:16 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: "Steven Maesslein" wrote in message news:slrnck3l36.3ui.nobody@127.0.0.1... > > Well, for completeness' sake, here's the list of BLs that SC proposes: Thanks, now added to the web-Forum based FAQ under the SpamCop E-Mail Account section. From wb8tyw at qsl.network Fri Sep 10 13:40:50 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Sep 10 13:45:05 2004 Subject: [SpamCop-List] Mail reader security (was: I must share this one [C&C]) References: Message-ID: In article , "Mike Easter" writes: > > Before anyone starts the 'debate' about spamfighters reading spam or not, > anyone debating the issue on the side of spamreading has to > > - describe or assure the security they use while reading spam Mozilla 1.7 (no patches) with external images, scripts, and return receipts disabled. No virus scanner, previous OS usually behind on patches, currently running pre-release evaluation version. > - roughly approximate what percentage of their spam they read 100% of what can be read from the view source option. > - 'explain' how they decide which spams to read It is only a glance to read as I look up the source I.P. to report it to maps-ops, blitz-opm, or SORBS DUHL if needed. And then who other than the uce@ftc.gov would be interested in the spam. > - answer how often they visit a spamvertised site to 'further' satisfy > their curiosity or interest Zero. > - define approximately how often they make additional notifies on the > basis of spamreading, and how About 50% of the time. 50% of the spam is not readable. > - answer whether or not they are pledged to never aid or profit a > spammer I have told a phone company long distance telemarketer that the main reason that they would not get my long distance service is because of the amount of spam coming from zombies on their DSL lines. [The other main reason is that they had a telemarketer call me, but I did not get the chance to mention that] She told me that I should be complaining to those people and not taking it out on the rest of the company. I replied that I had complained to those people and nothing happened to fix the problem, so this makes it her problem now, as it indicates that I could not trust her company to provide good service. After she finally gave up, on trying to convince me that they were two separate entities, I recommended that she tell her supervisor why she did not get the sale. Interestingly enough, the amount of spam from those DSL lines dropped a few months later. I figure that it is best to assume that any business that uses unsolicited phone calls, faxes, or e-mail, is running some sort of scam. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Fri Sep 10 14:42:46 2004 From: nobody at spamcop.net (indigo) Date: Fri Sep 10 13:45:20 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Don Wannit wrote: > Oh, I forgot -- this is the newsgroup advertised as the place to go > for help, and for which posters are admonished to respond politely > and with an extra measure of "slack". Spamcop.help is that way ===> last door on the left (this NG is a bit more of a free-fire zone ;-) From nobody at spamcop.net Fri Sep 10 14:54:55 2004 From: nobody at spamcop.net (indigo) Date: Fri Sep 10 13:55:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> Message-ID: AlecWest wrote: > LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: > > > Tell me about it: I made more money twenty years ago than I do now! > > Well, there's still a market for "geeks" to make good money. In my > area, there's a service called "Geeks-A-Knockin'" that markets itself > as a friendly neighborhood company employing "nerds." The local gang around where I live is called "Geeks on Call". Business is booming, new franchises are all over the place. "Geeks On Call charges $99 for the initial consultation and first 15 minutes of a visit. Labor costs vary depending on the service required, Burns said. For example, virus removal costs between $165 to $275, he said, depending on the complexity of the virus." Sounds like a helluva moneymaker for an out of work geek! From nobody at spamcop.net Fri Sep 10 15:26:26 2004 From: nobody at spamcop.net (indigo) Date: Fri Sep 10 14:30:05 2004 Subject: [SpamCop-List] Re: Time for SC to use a more up-to-date BL for China? References: Message-ID: Steven Maesslein wrote: > Well, for completeness' sake, here's the list of BLs that SC proposes: > > bl.spamcop.net > l1.spews.dnsbl.sorbs.net > list.dsbl.org > sbl.spamhaus.org > korea.services.net > cn.rbl.cluecentral.net > nigeria.blackholes.us > argentina.blackholes.us > brazil.blackholes.us > cbl.abuseat.org > xbl.spamhaus.org > dnsbl.sorbs.net What? No ORDB? Howcome? From bensc at rflatnospam.com.invalid Fri Sep 10 20:56:56 2004 From: bensc at rflatnospam.com.invalid (spuds) Date: Fri Sep 10 14:55:03 2004 Subject: [SpamCop-List] Re: This message looks like a bounce, will not report. Do notreport bounces as spam! In-Reply-To: References: Message-ID: Miss Betsy wrote: > If what you are interested in is keeping spam out of your inbox, > the most effective way is to change your email address to one that > is alphanumeric and then be careful where you use that email > address on the internet. For online purchases and registrations, > use an alternate email address (either something like a Hotmail > account or a sneakemail address that you can abandon if it starts > getting a lot of spam because the person you entrusted your email > address to passed it on.) > > If, for some reason, you do not want to change your email address, > then it is true that you can use some sort of filtering device. I > believe that Mailwasher also offers filtering based on IP address. > Since they also offer the 'bounce' feature, many people who have > been annoyed by bounces will not use Mailwasher. However, you > still have to look through your 'held' mail for false positives if > you don't want to lose an email and you have to wait until someone > reports a spam run to block by IP address. I believe that most > virus progams now will delete any emails that contain viruses so > that you never see them in your inbox. Any content filtering > method will also filter out legitimate bounce messages. > > I don't use the spamcop email service myself, but I understand that > it does a pretty good job of filtering out spam and viruses. An > alternative would probably not be much better, though different, in > the ability to filter. I am not sure about the cost, but I believe > spamcop email service has a very reasonable cost. I expect there > is a way to set your filtering options to filter out bounces just > as there would be in other systems. > > OTOH, I don't believe there is another reporting service for > ordinary end users. Your complaint was about the ability to report > 'bounces' Unless you learn to read headers yourself, there is no > alternative to report bounces. > > Miss Betsy > It was a suggestion, not a demand. I thought that lots of people probably get annoyed by these bounces! Cheers - Ben From baloo at ursine.dyndns.org Fri Sep 10 12:55:03 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 10 15:05:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> Message-ID: <878ybilzso.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "indigo" writes: > "Geeks On Call charges $99 for the initial consultation and first 15 minutes > of a visit. Labor costs vary depending on the service required, Burns said. > For example, virus removal costs between $165 to $275, he said, depending on > the complexity of the virus." > > Sounds like a helluva moneymaker for an out of work geek! Until you take into account the fact that you only get 45% and don't get paid when you're not with a customer. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBQfiHUzgNqloQMwcRArSIAJ0QqW9cy2jgSelplKxpijUHmxn6KgCfU0mE YoHx4eNpJey3RGuS3yqewfE= =3o7a -----END PGP SIGNATURE----- From aeiouqwert at netscape.net Fri Sep 10 14:22:19 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Fri Sep 10 16:25:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: <874qm6qe8a.fsf@ursine.dyndns.org> References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <874qm6qe8a.fsf@ursine.dyndns.org> Message-ID: Paul Johnson wrote: >>In reality, it's just another consultancy firm that charges big bucks >>for house calls. And, believe it or not, there's still a niche of >>people who will pay those big bucks. > > Oh, you're from Portland. 8:o) God, no. I'm from Milwaukie. Only liberals live in Multnomah County, hehehe. > Yeah, I know about Geeks-a-knockin. It's three guys out of a > garage, as I understand it. That's how they started. Now they've got a "staff" and have jobs open in Newberg, McMinnville, unincorporated Yamhill County, Gresham, Troutdale, Sandy, Canby, Molalla, Clackamas, Woodburn, Salem, Silverton, Keizer, Vancouver, Camas, Battle Ground, etc., etc. Minimum house call is $90.00 (one hour minimum ... then $22.50 for each subsequent fifteen-minute increment). >>Really ... I am constantly astounded by the MULTITUDES of people >>willing to pay $21 or $23 a month for AOL dialup service (with >>dubious benefits such as friendly voices saying, "You've got mail!") > > "You've got mail!" > "Argh...." > "It's not spam!" > "Oooooooh!" When my system gets mail, a WAV snippet from "Monty Python & The Holy Grail" plays, "I fart in your general direction. Your mother was a hamster and your father smelled of elderberries." > Hide the dialup modem, set them to "Only dial a connection when there > is no network present" or "never dial a connection" and reboot. The dialup modem is internal (sigh). If she wants to continue paying for a 3 megabit broadband line (just so she can get cable TV cheap) and turn around and "dial in" to AOL .... well .... it ain't my money. Regards, J. Alec West From aeiouqwert at netscape.net Fri Sep 10 14:25:41 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Fri Sep 10 16:30:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: <878ybilzso.fsf@ursine.dyndns.org> References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <878ybilzso.fsf@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > Until you take into account the fact that you only get 45% and don't > get paid when you're not with a customer. Geeks-A-Knockin' pays a "salary." Regards, J. Alec West From aeiouqwert at netscape.net Fri Sep 10 14:33:27 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Fri Sep 10 16:35:03 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: Mike B wrote: > Couldn't you simply email each person that wants to write in your guest book > a link? That way no robot/spam would respond. Like a one-time link with a > key that is good for a short while? Most of the suggestions I've seen work great ... for forums or bulletin boards where people come back again and again. But people who normally post to guestbooks usually do it once and rarely (if ever) come back. Asking a one-time guestbook poster to jump through any kind of hoop would be a turn-off, I think. They'd just "pass" on it ... and I'd end up with the quietest guestbooks on the planet. Regards, J. Alec West From ubetrap at hotmail.com Sat Sep 11 01:04:07 2004 From: ubetrap at hotmail.com (Dick Cardy) Date: Fri Sep 10 17:10:03 2004 Subject: [SpamCop-List] Anyone explain what I think is a misidentified mail header parse Message-ID: >From recent spamcop report: - This page may be saved for future reference: http://www.spamcop.net/sc?id=z653298941z0005b32fa63b44218e2a3e86a6969d72z 0: Received: from mail01.eboz.com ([64.58.229.172]) by bcs-israel.com with MailEnable ESMTP; Fri, 10 Sep 2004 21:03:20 +0200 Hostname verified: mail.eboz.com bcs-israel.com received mail from bcs-israel.com ( 64.58.229.172 ) <================== 1: Received: from localhost (127.0.0.1) by localhost with SMTP; 10 Sep 2004 18:01:28 -0000 Internal handoff at bcs-israel.com <============================== Thanks Dick From 8vmb6jy02 at sneakemail.com Sat Sep 11 00:55:16 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Fri Sep 10 19:00:07 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each In-Reply-To: References: Message-ID: Glenn Daniels wrote: > > Am I being "blocked"? When I attempt to access http://4drugs123.com > or http://220.249.103.22, all I get is 404 compliance. > > I thought it odd to be seeing so many items for a site that was not > even there and it is so for nearly a week already. > > Thoughts? > > Glenn > > Yes. You are. It resolves for me. China/Asian sort of speeds. (VIA US for the UK it seems). Try a proxy for those 'dead' addresses http://nonymouse.com/ should do the trick (search for SAMAIR if you need more to validate against). -- Sean From baloo at ursine.dyndns.org Fri Sep 10 15:01:10 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Fri Sep 10 19:00:25 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <874qm6qe8a.fsf@ursine.dyndns.org> Message-ID: <87u0u5j0tl.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AlecWest writes: > Paul Johnson wrote: > > >>>In reality, it's just another consultancy firm that charges big bucks >>>for house calls. And, believe it or not, there's still a niche of >>>people who will pay those big bucks. >> Oh, you're from Portland. 8:o) > > God, no. I'm from Milwaukie. Only liberals live in Multnomah County, > hehehe. Given that Tom McCall's the most conservative governor this state has seen in recent history, I'd say that could be said for Oregon in general, not just Multnomah County. And Milwaukie extends well into MultCo. >> Yeah, I know about Geeks-a-knockin. It's three guys out of a >> garage, as I understand it. > > That's how they started. Now they've got a "staff" and have jobs open > in Newberg, McMinnville, unincorporated Yamhill County, Gresham, > Troutdale, Sandy, Canby, Molalla, Clackamas, Woodburn, Salem, > Silverton, Keizer, Vancouver, Camas, Battle Ground, etc., etc. > Minimum house call is $90.00 (one hour minimum ... then $22.50 for > each subsequent fifteen-minute increment). Wow, they got big in a year...might go try them again for a job. >> Hide the dialup modem, set them to "Only dial a connection when there >> is no network present" or "never dial a connection" and reboot. > > The dialup modem is internal (sigh). If she wants to continue paying > for a 3 megabit broadband line (just so she can get cable TV cheap) > and turn around and "dial in" to AOL .... well .... it ain't my money. AOL once again proves that 23 million people can be wrong. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBQhYaUzgNqloQMwcRApP0AJ4rKi1Dl2gGnIZWefudyCiJ9W4KUwCg1CJx oGXCVAenU+i39fy7r/sG3mw= =edP8 -----END PGP SIGNATURE----- From MikeE at ster.invalid Fri Sep 10 17:10:54 2004 From: MikeE at ster.invalid (Mike Easter) Date: Fri Sep 10 19:15:02 2004 Subject: [SpamCop-List] Re: Anyone explain what I think is a misidentified mail header parse References: Message-ID: Dick Cardy wrote: www.spamcop.net/sc?id=z653298941z0005b32fa63b44218e2a3e86a6969d72z > 0: Received: from mail01.eboz.com ([64.58.229.172]) by bcs-israel.com > with MailEnable ESMTP; Fri, 10 Sep 2004 21:03:20 +0200 > Hostname verified: mail.eboz.com > bcs-israel.com received mail from bcs-israel.com ( 64.58.229.172 ) > <================== > > 1: Received: from localhost (127.0.0.1) by localhost with SMTP; 10 > Sep 2004 18:01:28 -0000 > Internal handoff at bcs-israel.com <======== IMO - - interpret SC 'remarks' in the verbose with a 'grain of salt' - SC has an advantage over me in reading these headers, as it is a known mailhosts situation to SC - but, I'll give my opinion anyway; I think SC is overinterpreting that line instead of just ignoring it, which is what it is really doing, and which I, a human parse,r would do. Abbreviated summary of Received lines *comment from mail01.eboz.com ([64.58.229.172]) by bcs-israel.com *sourceline from localhost (127.0.0.1) by localhost *ignoreline, timestamp discrepancy 3h Any good parser, including spamcop, would parse those lines by trying to chain from the upper 'from' field to the lower 'by' field down to the source or the first sign of bogosity, whichever comes first. In doing so, you/SC/I cannot chain beyond the topline - there's nothing 'real' down there in the 2nd line. 'Making up some kind of story' about 'internal handoff' is a completely unnecessary extension of what anyone, including a 'dumb' algorithm or a human, might be able to conclude on the basis of the available information. In fact, as a human who looks at timestamps, which SC doesn't use in its parsing, I would be 'troubled' by the 3h timestamp discrepancy. If I were SC and were sitting here holding your mailhosts setup information, I might know if there is a tendency for your server to put in some kind of stupid line like that 'routinely' - but I don't. In any case, the line is useless for purposes of determining anything which wasn't derived from the line above it. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Sep 10 17:19:15 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Fri Sep 10 19:20:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <874qm6qe8a.fsf@ursine.dyndns.org> Message-ID: > she wants to continue paying for a 3 megabit broadband line > (just so she can get cable TV cheap) That's what my wife did. I had us set up with a ten-buckamonth local dialup, but then she got a deal on 'Net/HBO/SHO cable that she swears is cheaper than HBO/SHO cable + dialup + 'phone line. Whatever. > well .... it ain't my money. It ain't mine, either, really... she makes a helluva lot more than I do. -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Fri Sep 10 17:21:58 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Fri Sep 10 19:25:03 2004 Subject: [SpamCop-List] Re: Mail reader security In-Reply-To: References: Message-ID: > I figure that it is best to assume that any business > that uses unsolicited phone calls, faxes, or e-mail, > is running some sort of scam. Amen to that, Brother John! -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Fri Sep 10 17:27:49 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Fri Sep 10 19:30:02 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam In-Reply-To: References: Message-ID: > It's a little difficult to kidnap Richter or one of his > buddies to put him in a Chinese prison. Don't you think? Oh, I do like the way you think, Maesslein! Difficult, no: some reliable intelligence, a rented delivery van, a good driver, a couple of burly henchmen, and a roll of duct tape... -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Fri Sep 10 17:35:39 2004 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Fri Sep 10 19:40:02 2004 Subject: [SpamCop-List] Re: B:EH:UN:G4HER In-Reply-To: References: Message-ID: > This fool seems to be sending from every mail server on the > planet... but his spamvertized site is served by kornet.net > > We have any extra artillery left over from Iraq? One MOAB > bomb should take that server out... Way more than necessary: one single AN-M14 should do the trick. -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Fri Sep 10 20:44:14 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Sep 10 19:45:02 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each References: Message-ID: "Sean W" wrote in message > Glenn Daniels wrote: > > > > Am I being "blocked"? When I attempt to access http://4drugs123.com > > or http://220.249.103.22, all I get is 404 compliance. > > > > I thought it odd to be seeing so many items for a site that was not > > even there and it is so for nearly a week already. > > > > Thoughts? > > > > Glenn > > > > > > Yes. You are. > It resolves for me. China/Asian sort of speeds. (VIA US for the UK it > seems). > Try a proxy for those 'dead' addresses http://nonymouse.com/ should do > the trick (search for SAMAIR if you need more to validate against). > Thanks, Sean, I needed that. Added already to my "faves" as I am sure it will be handy. But I cannot imagine why they would want to stop me from seeing their site. Maybe I looked at it too hard, trying to decide something. Suppose maybe they thought I had looked long enough. Some things just don't bear up when you look closely. Maybe they stop spamming me, would not that be a trip! What is SAMAIR? Glenn From 8vmb6jy02 at sneakemail.com Sat Sep 11 02:26:05 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Fri Sep 10 20:30:15 2004 Subject: [SpamCop-List] Re: multi spam messages with different IP for each In-Reply-To: References: Message-ID: Glenn Daniels wrote: [Stuff got caught by the snipper] > But I cannot imagine why they would want to stop me > from seeing their site. Maybe I looked at it too hard, trying to > decide something. Suppose maybe they thought I had looked > long enough. Some things just don't bear up when you look > closely. Maybe they stop spamming me, would not that be > a trip! > > What is SAMAIR? > > Glenn True, perhaps their next move might be to block access to your MX and prevent themselves from sending spam? SAMAIR is a site which provides a list of 'things' that work like the previously discussed 'thing' (it's Russian, surprisingly...) www.samair.ru (or it appears it /did/ as it's currently down too. What is it with these Russian sites today :-p ) -- Sean From porpoise1954 at yahoo.co.uk Sat Sep 11 02:29:16 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Sep 10 20:30:32 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: "AlecWest" wrote in message news:cht32d$h7l$1@news.spamcop.net... > Mike B wrote: > > > Couldn't you simply email each person that wants to write in your guest book > > a link? That way no robot/spam would respond. Like a one-time link with a > > key that is good for a short while? > > Most of the suggestions I've seen work great ... for forums or bulletin > boards where people come back again and again. But people who normally > post to guestbooks usually do it once and rarely (if ever) come back. > Asking a one-time guestbook poster to jump through any kind of hoop > would be a turn-off, I think. They'd just "pass" on it ... and I'd end > up with the quietest guestbooks on the planet. Why do you need guest books anyway? > > Regards, > J. Alec West From none at none.com Fri Sep 10 22:41:42 2004 From: none at none.com (klondike) Date: Fri Sep 10 22:45:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? References: Message-ID: "Magnus Back" wrote in message news:chb942$5ok$1@news.spamcop.net... > Eddie, I post top, bottom, middle or pretty much where I want thank you very > much. Seems Americans aren't the only arrogant, selfish bickering and vain people in the world. > "Bush style": Falsification of truths to suit your own needs. > Well go figure. That's pretty much any politician's style. Even those in other countries. > And yes from pretty much anywhere in the world we can see and feel > the difference between Republicans and Democrats. > But to be honest it is like making a choice between Coke and Pepsi. > In the US you seem to see it as a big difference but seen from the outside > it won't matter much. And you speak not only for yourself, but for your country and the whole world? > Surface, arrogance, bickering but no content (and what is worse, few people > cares). Hey, not many people have the cajonies to make a false accusations, realize they're wrong, apologize, spit on forum etiquette, insult a president, country and 200+ year old political system, and speak for the world in one thread. Actually, come to think of it, ignorance, arrogance, and rudness are all too common. > Magnus From none at none.com Fri Sep 10 22:43:29 2004 From: none at none.com (klondike) Date: Fri Sep 10 22:45:25 2004 Subject: [SpamCop-List] 3d Message-ID: What does putting 3d in htlm links do for spammers? I know they use it to avoid link detection, but how and why does it work? Why does the HTML code continue to work? From wb8tyw at qsl.network Fri Sep 10 23:55:27 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Sep 10 23:00:03 2004 Subject: [SpamCop-List] Re: Who the hell gave spamcop the right? In-Reply-To: References: Message-ID: klondike wrote: > > Seems Americans aren't the only arrogant, selfish bickering and vain people > in the world. Possibly, but some Americans hate to lose any contest, no matter how petty. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Sat Sep 11 00:23:29 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Sep 10 23:25:04 2004 Subject: [SpamCop-List] Re: 3d In-Reply-To: References: Message-ID: klondike wrote: > What does putting 3d in htlm links do for spammers? I know they use it to > avoid link detection, but how and why does it work? Why does the HTML code > continue to work? If you look closely, you will see an equals "=" sign in front of it. That format is known as quoted printable, which is a way to encode characters in mail and news postings. E-mail and news groups are based on a 7bit ASCII code, and in the past, some gateways and modems will only pass 7bit ASCII. So if you want anything else to get through, you have to encode it. The code "equal_sign"3D in quoted printable translates to an equals sign, so that is how the URL still works. Some e-mail clients will translate quoted printable codes in spite of the message not stated that it is encoded that way. Spammers take advantage of that in attempts to avoid content filters, and possibly the spamcop parser. There are also errors in some implementations of quoted printable, and errors in some mailing list software that decodes it, so you may see extra equals signs in e-mails and news postings as a result of that. Now what is not commonly known is that some modems that claimed to be 9600 baud modems before the 9600 baud standard was established actually only send that effective rate for 7 bit ASCII. They use data compression, with bit eight to indicate that the data compression was in place. The uncompressed data rate was 2400 baud. To send a real eight bit character, they sent two characters. So for plain ASCII text, you got your 9600 baud. Try to transfer a binary file, it went at 1200 baud. And it was almost impossible to convince many programmers to use the standard 2400 baud modem pools instead for time critical file transfers instead of these proprietary 9600 baud modems. They would not even look at where the owner's manual clearly stated that binary transfers went at an effective rate of 1200 baud. Of course the only thing that these "9600" baud modems had been purchased for was for binary file transfers, back when 1200 baud was the highest standard. All those decisions had been done before I came to that site. -John wb8tyw@qsl.network Personal Opinion Only From aeiouqwert at netscape.net Fri Sep 10 21:55:51 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Sat Sep 11 00:00:03 2004 Subject: [SpamCop-List] Re: No spam! In-Reply-To: <87u0u5j0tl.fsf@ursine.dyndns.org> References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <874qm6qe8a.fsf@ursine.dyndns.org> <87u0u5j0tl.fsf@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > Given that Tom McCall's the most conservative governor this state has > seen in recent history, I'd say that could be said for Oregon in > general, not just Multnomah County. I dunno ... Vic Atiyeh, I think, was a bit more conservative. > And Milwaukie extends well into MultCo. Not the Oak Lodge district (grin). While my ending up in Milwaukie just happened to be a matter of fate, I do take some pleasure in being a Multnomah County Income Tax refugee, hehe. > AOL once again proves that 23 million people can be wrong. I used to be an AOL subscriber myself. It lasted for about a week, hehe, until I found that their browser was not entirely compatible with the WWW. Even now, I still see websites that say "CLICK HERE" ... and below, in tiny letter, another link saying "OR CLICK HERE IF YOU'RE AN AOL USER." In theory, I was actually an AOL user "twice." Most people don't know this but, at one time, AOL was called "Quantum Link" ... and primarily catered to users of the Commodore 64. I was a Quantum Link member for quite some time until I "kicked" the "online service" habit in favor of straight ISPs. Regards, J. Alec West From aeiouqwert at netscape.net Fri Sep 10 22:01:06 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Sat Sep 11 00:05:03 2004 Subject: [SpamCop-List] Re: Guestbook spam In-Reply-To: References: Message-ID: Porpoise wrote: > Why do you need guest books anyway? I don't. My clients request them. And rather than ask them, "Why do you need guest books anyway?" I usually reply "Yes sir." I make more money that way, hehe. Regards, J. Alec West From rcarlton at spamcop.net Sat Sep 11 00:49:26 2004 From: rcarlton at spamcop.net (Rick Carlton) Date: Sat Sep 11 00:50:02 2004 Subject: [SpamCop-List] Re: Need Help with unlisting References: Message-ID: On 9/10/04 11:40 AM, in article chslg1$3s6$1@news.spamcop.net, "Ellen" wrote: > It's really pretty simple -- the spammers finds a valid name/password > combination and logs into the server. Once logged in as a legitimate user > then he can send mail. He will first try the obvious name/password > combinations -- like administrator/demo/test/guest -- and lately has been > moving to trying different name/password combinations. I know this is a .geeks thought, and yet it also seems germane to this thread.. A (relatively) easy thing you can do as a network admin to make it harder for the criminals to break into your server (or workstation) is change the name of the Administrator account and the Guest account. Then disable login for the Guest account. So, instead of the Administrator account on the machine named applepie, call it applepie-admin, the Guest account, applepie-guest etc. Or whatever. Anything but the built-in names. It doesn't hamper how they work, but it does go a long way towards thwarting basic dictionary attacks. In W2K and W2K3 Server, you do this with Active Directory Users and Computers. In W2K Workstation and XP, it's in Control Panels-->Administrative Tools-->Computer Management-->Local Users and Groups-->Users. In all Windows cases, once you get to the account you want, right click on the user and select Rename. In MacOS X, it's in Applications-->System Preferences-->System-->Accounts BTW, this recommendation also holds true for your routers, networked laser printers and copiers. Many of them have built-in mail servers to send notifications of paper outages and such. And the last thing you want is a device circumventing your efforts at stopping spam and spammers. I now return you to your regularly scheduled forum.... From baloo at ursine.dyndns.org Fri Sep 10 23:08:10 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Sat Sep 11 01:10:03 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <874qm6qe8a.fsf@ursine.dyndns.org> <87u0u5j0tl.fsf@ursine.dyndns.org> Message-ID: <87y8jhgzph.fsf@ursine.dyndns.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AlecWest writes: > Paul Johnson wrote: > >> Given that Tom McCall's the most conservative governor this state has >> seen in recent history, I'd say that could be said for Oregon in >> general, not just Multnomah County. > > I dunno ... Vic Atiyeh, I think, was a bit more conservative. Yeah, but I consider before the lumber crash Tom McCall helped save the state from to be not-so-recent history. 8:o) >> And Milwaukie extends well into MultCo. > > Not the Oak Lodge district (grin). While my ending up in Milwaukie > just happened to be a matter of fate, I do take some pleasure in being > a Multnomah County Income Tax refugee, hehe. Eh. 1% going to maintain society 'till the end of next year is worth it. I want the significantly larger chunk I'm flushing out of state and away from our benefit to the feds back. About the only thing that comes back in to the state from the feds is the pittance they give ODOT to maintain I-5 and the (small) portions of I-84 that aren't on the state-owned US-30 alignment as far as is apparent. > In theory, I was actually an AOL user "twice." Most people don't know > this but, at one time, AOL was called "Quantum Link" ... and primarily > catered to users of the Commodore 64. I was a Quantum Link member for > quite some time until I "kicked" the "online service" habit in favor > of straight ISPs. "Online Service" is just a friendly phrase for "BBS that you have to install something other than a terminal client for" as far as I can tell... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBQog8UzgNqloQMwcRAiEGAJ9LCqabZnUt2JzUW29wPj05DgEFSgCggYm1 r9VZ+oQAdIa7yeNeloLqNsc= =0C5E -----END PGP SIGNATURE----- From ubetrap at hotmail.com Sat Sep 11 12:27:56 2004 From: ubetrap at hotmail.com (Dick Cardy) Date: Sat Sep 11 04:35:14 2004 Subject: [SpamCop-List] Re: Anyone explain what I think is a misidentified mail header parse References: Message-ID: "Mike Easter" wrote in message news:chtc8r$o1f$1@news.spamcop.net... > > - interpret SC 'remarks' in the verbose with a 'grain of salt' > - SC has an advantage over me in reading these headers, as it is a known > mailhosts situation to SC > - but, I'll give my opinion anyway; I think SC is overinterpreting that > line instead of just ignoring it, which is what it is really doing, and > which I, a human parse,r would do. > Thanks Mike From mattoli at tin.it Sat Sep 11 15:47:57 2004 From: mattoli at tin.it (Maurizio Mattoli) Date: Sat Sep 11 08:50:15 2004 Subject: [SpamCop-List] SpamCop false positives Message-ID: Either UNETE.CL e-mail service provider is just unable to properly configure SpamCop or the latter just doesn't really seem a serious product to me. Too many false positives, too many friends of mine complaining of rejected messages because of some "funny" criteria. For instance, what is the problem hereafter ? Maurizio Mattoli mattoli@tin.it ---------------------------------------------------------------------- From: Servizio di recapito posta Subject: Notifica sullo stato del recapito To: tanganika@autopro.cl Date: Sat, 11 Sep 2004 13:33:56 +0200 X-Antivirus: Scanned by Tchile.com Antivirus (http://www.tchile.com) - Questi destinatari sono stati elaborati dal server di posta: trailmas@unete.cl; Non riuscito; 5.1.3 (sintassi indirizzo casella di posta di destinazione errata) MTA remoto cl.mx.ifxnetworks.com: diagnostica SMTP: 553 Blocked - see http://www.spamcop.net/bl.shtml?213.140.2.42 Reporting-MTA: dns; ms003msg.fastwebnet.it Received-from-MTA: dns; LAPTANGA.autopro.cl (23.9.149.81) Arrival-Date: Sat, 11 Sep 2004 13:33:53 +0200 Final-Recipient: rfc822; trailmas@unete.cl Action: Failed Status: 5.1.3 (bad destination mailbox address syntax) Remote-MTA: dns; cl.mx.ifxnetworks.com Diagnostic-Code: smtp; 553 Blocked - see http://www.spamcop.net/bl.shtml?213.140.2.42 Return-Path: Received: from LAPTANGA.autopro.cl (23.9.149.81) by ms003msg.fastwebnet.it (7.0.028) id 41383A2B004A0695 for trailmas@unete.cl; Sat, 11 Sep 2004 13:33:53 +0200 Message-Id: <6.1.0.6.2.20040911134036.02d6cc30@mattoli.com> X-Sender: tanganikaaut@mail.autopro.cl X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 X-Priority: 1 (Highest) Date: Sat, 11 Sep 2004 13:41:14 +0200 To: trailmas@unete.cl From: "A.M." Subject: rova 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed From whybothertoemailme at webziek.nl Sat Sep 11 16:00:56 2004 From: whybothertoemailme at webziek.nl (wbtem) Date: Sat Sep 11 08:55:03 2004 Subject: [SpamCop-List] [DNS] bad referral (spamcop.net !< bl.spamcop.net) Message-ID: Lately I'm getting these messages in mij nameserver logs: Sep 11 13:36:42 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:37:54 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:38:43 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [207.152.133.2].53 Sep 11 13:38:44 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 13:39:36 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:40:34 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [207.152.133.2].53 Sep 11 13:40:36 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:41:58 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [206.67.234.112].53 Sep 11 13:42:04 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 13:42:10 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:43:58 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:45:09 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:46:02 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:46:23 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:49:54 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:50:00 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:50:52 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:52:58 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:54:08 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:54:27 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:55:20 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:57:54 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [195.69.128.108].53 Sep 11 13:59:28 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 13:59:56 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:01:22 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:01:44 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:03:03 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:04:17 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:04:28 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:04:37 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:05:08 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:05:55 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:08:04 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:08:39 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:08:50 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:09:34 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:11:05 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:11:13 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:11:50 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:12:49 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:13:18 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:14:08 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:14:16 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:14:50 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 Sep 11 14:14:52 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:15:13 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:17:39 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:18:42 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:18:44 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:18:54 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:20:23 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:21:30 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:22:17 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:22:28 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:22:41 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:23:15 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:23:23 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:23:42 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:23:43 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:23:46 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:23:58 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:24:18 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:25:33 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:26:16 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:26:17 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:26:25 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:27:04 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:28:21 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:28:48 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:29:51 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:31:18 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:33:02 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 Sep 11 14:33:35 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [64.132.253.13].53 Sep 11 14:35:29 masterofthenet named[10643]: bad referral (spamcop.net !< bl.spamcop.net) from [66.6.205.130].53 I found it means: " Indicates that while querying the bl.spamcop.net name servers, your name server was referred to the spamcop.net name servers. Since a referral should always point to name servers authoritative for descendant zones, this is an error. The name server that sent the referral is probably misconfigured, and not authoritative for the zone delegated to it. " Is somebody trying to spoof me? Thnx wbtem From nobody at nowhere.invalid Sat Sep 11 16:07:16 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Sep 11 09:10:04 2004 Subject: [SpamCop-List] Re: SpamCop false positives References: Message-ID: On Sat, 11 Sep 2004 14:47:57 +0200, Maurizio Mattoli coughed into spamcop and left this in : > Either UNETE.CL e-mail service provider is just unable to properly configure > SpamCop or the latter just doesn't really seem a serious product to me. > > Too many false positives, too many friends of mine complaining of rejected > messages because of some "funny" criteria. > > For instance, what is the problem hereafter ? > > MTA remoto cl.mx.ifxnetworks.com: diagnostica SMTP: 553 Blocked - see > http://www.spamcop.net/bl.shtml?213.140.2.42 Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Listing History In the past 942.0 days, it has been listed 125 times for a total of 211.9 days The problem here is that fastweb.it is a heaving spam sewer that has been virtually taken over by Nigerian 419 scammers. If the scam spam stops spewing from that IP address then the listing will disappear. Of course, you'll still have to contend with the many admins who have simply blocked out the whole of Italy thanks to ISPs like fastweb.it, tiscali.it and interbusiness who do apparently nothing, niente, to prevent this from happening in the first place, meaning that the IP address will doubtless become listed again. -- Steve "POLICE STATION TOILET STOLEN...Cops have nothing to go on." From mattoli at tin.it Sat Sep 11 16:13:39 2004 From: mattoli at tin.it (Maurizio Mattoli) Date: Sat Sep 11 09:15:03 2004 Subject: [SpamCop-List] Re: SpamCop false positives References: Message-ID: Thank you Steven. Maurizio > > Causes of listing > System has sent mail to SpamCop spam traps in the past week (spam traps > are secret, no reports or evidence are provided by SpamCop) > SpamCop users have reported system as a source of spam less than 10 > times in the past week > > Listing History > In the past 942.0 days, it has been listed 125 times for a total of > 211.9 days > > The problem here is that fastweb.it is a heaving spam sewer that has > been virtually taken over by Nigerian 419 scammers. If the scam spam > stops spewing from that IP address then the listing will disappear. > > Of course, you'll still have to contend with the many admins who have > simply blocked out the whole of Italy thanks to ISPs like fastweb.it, > tiscali.it and interbusiness who do apparently nothing, niente, to > prevent this from happening in the first place, meaning that the IP > address will doubtless become listed again. > > -- > Steve > > "POLICE STATION TOILET STOLEN...Cops have nothing to go on." From joe at I.hate.spam.com Sat Sep 11 10:14:21 2004 From: joe at I.hate.spam.com (Joe Blow) Date: Sat Sep 11 09:15:15 2004 Subject: [SpamCop-List] Yahoo spammer Message-ID: What is actually done about these? The report goes to an internal spamcop address. I've been receiving and reporting this crap to spamcop for over a year. It also appears that direct reports to netblockadmin@yahoo-inc.com and mail-abuse@yahoo-inc.com are ignored. The registrar for the domain (Tucows) also does nothing, despite the fact that the registration contact info is obviously false. http://www.spamcop.net/sc?id=z654481620z997302c98f66ef8f925071172b2654c1z From me at privacy.net Sat Sep 11 11:02:03 2004 From: me at privacy.net (Frog Prince) Date: Sat Sep 11 10:10:03 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: "AlecWest" wrote in message news:cht32d$h7l$1@news.spamcop.net... | Mike B wrote: | | > Couldn't you simply email each person that wants to write in your guest book | > a link? That way no robot/spam would respond. Like a one-time link with a | > key that is good for a short while? | | Most of the suggestions I've seen work great ... for forums or bulletin | boards where people come back again and again. But people who normally | post to guestbooks usually do it once and rarely (if ever) come back. | Asking a one-time guestbook poster to jump through any kind of hoop | would be a turn-off, I think. They'd just "pass" on it ... and I'd end | up with the quietest guestbooks on the planet. Much like the trash from the neighbor's tree, enjoy the green and periodically sweep up the mess. From me at privacy.net Sat Sep 11 11:11:17 2004 From: me at privacy.net (Frog Prince) Date: Sat Sep 11 10:40:03 2004 Subject: [SpamCop-List] Re: [C&C] Effective advertising? Would you References: Message-ID: "Steven Maesslein" | | > The grammar used in spam nowadays is atrocious, hehe. Certainly, you'd | > want to beware of ordering a "penis enlargement" product from them since | > the might send you a "pannus enlargement" product by mistake ("pannus" | > being the fold of skin usually removed via "tummy tuck"). Instead of a | > larger penis, you could end up with a bigger beer-gut (snicker). | | Subject: M4k3 yo'ur p4nnus c|¡s4pp34r When you retire a tool you should build a shed over it. From nobody at devnull.spamcop.net Sat Sep 11 11:40:15 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 11 10:45:03 2004 Subject: [SpamCop-List] Parser misses Link Message-ID: Can someone explain this one to me? See: http://www.spamcop.net/sc?id=z654613772zaaedbb2e0a9f669b95bc1ef995fe5999z From MikeE at ster.invalid Sat Sep 11 09:16:23 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sat Sep 11 11:20:03 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: Steve Gilder wrote: > Can someone explain this one to me? www.spamcop.net/sc?id=z654613772zaaedbb2e0a9f669b95bc1ef995fe5999z I don't know yet. I fixed all of the things which were ugly and it worked. Now I would have to see how little I can do and get it to still parse, but I'm working on the belated syndicated Sat NYT Xword #731. Very difficult today. The things which bothered me were that I wanted the subject to not confuse me about how many lines it was on, I needed a separation between the mulitparts so that the boundary delimiter could be seen, and I wanted to get rid of all of that table stuff which preceded the link. www.spamcop.net/sc?id=z654657551z555302652561b3e9764c0a5b202a3d8fz I'm sure it can be done with less changes. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Sep 11 12:36:27 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 11 11:40:03 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: "Mike Easter" wrote in message news:chv4r1$uku$1@news.spamcop.net... > Steve Gilder wrote: >> Can someone explain this one to me? > www.spamcop.net/sc?id=z654613772zaaedbb2e0a9f669b95bc1ef995fe5999z > [snip] > > The things which bothered me were that I wanted the subject to not > confuse me about how many lines it was on, I needed a separation between > the mulitparts so that the boundary delimiter could be seen, and I wanted > to get rid of all of that table stuff which preceded the link. > > www.spamcop.net/sc?id=z654657551z555302652561b3e9764c0a5b202a3d8fz > > I'm sure it can be done with less changes. > > -- > Mike Easter > kibitzer, not SC admin > When I first looked at it I thought it was the so I got rid of that. I guess it must be something in the table stuff that caused it. I just do not have the time today to really get into it. Maybe after the honeydoo stuff is done - tonight if I have any energy left. Thanks for your time Mike. From glnews030922 at highspot.net Sat Sep 11 17:41:01 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Sat Sep 11 11:40:13 2004 Subject: [SpamCop-List] Re: [DNS] bad referral (spamcop.net !< bl.spamcop.net) In-Reply-To: References: Message-ID: wbtem wrote: > Lately I'm getting these messages in mij nameserver logs: > [snip] > > I found it means: > > " Indicates that while querying the bl.spamcop.net name servers, your name > server was referred to the spamcop.net name servers. Since a referral > should always point to name servers authoritative for descendant zones, this > is an error. The name server that sent the referral is probably > misconfigured, and not authoritative for the zone delegated to it. " > > Is somebody trying to spoof me? Could possibly be an attempt to poison your DNS cache. If the attacker could force your server to cache an NXDOMAIN response for a d.c.b.a.bl.spamcop.net query, they could then send spam from that IP and have it pass through the RBL check. It would depend on your DNS server chaching negative results and being vulnerable to poisoning. From nobody at devnull.spamcop.net Sat Sep 11 12:43:15 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sat Sep 11 11:45:08 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: "Steve Gilder" wrote in message > Can someone explain this one to me? > > See: > > http://www.spamcop.net/sc?id=z654613772zaaedbb2e0a9f669b95bc1ef995fe5999z > I'm no html expert, but I think that the parts in constructs are called tags . While the "content" of the rendered html sits between the tags. I doubt the html would render, so you might "see" a blank html if you tried. I suspect possibly the parser may be trying to process the item as html, in which case it would reasonably be expected to not "see" the URL hiding in the tag as you would not. blah blah URL /sees/ blah blah URL, gobbledegook /sees/ gobbledegook. If you safely "render" the html in your item, you actually "see" a link "You Are Welcome" that directs you to [sic]: ttp://fuwjeppey.mfadena.info/?M_OliNh1hQT9yMMhebrifroy" which is not exactly a URL. Try finding ttp://prettymuch.anyurl.com with your browser, it is not a URL. OK to post your tracker elsewhere? Glenn From not at home.today Sat Sep 11 17:46:14 2004 From: not at home.today (Ant) Date: Sat Sep 11 11:50:02 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: "Steve Gilder" wrote... > Can someone explain this one to me? > > See: > > http://www.spamcop.net/sc?id=z654613772zaaedbb2e0a9f669b95bc1ef995fe5999z The html part containing the link claims to be utf-8 (unicode) but isn't (same for the text part). The spam won't display in my version of OE, apart from the link text only. If you hover the mouse over it, the URL is shown on the status bar with the 'h' of 'http' removed. Clicking on it gives me "invalid syntax error" in the IE browser. I'm not surprised the parser can't handle it. From nobody at devnull.spamcop.net Sat Sep 11 12:50:07 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 11 11:55:03 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: "Glenn Daniels" wrote in message news:chv6da$vmu$1@news.spamcop.net... > "Steve Gilder" wrote in message [snip] > > OK to post your tracker elsewhere? > > Glenn > > abso freeking lutely From nobody at devnull.spamcop.net Sat Sep 11 12:54:39 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 11 11:55:13 2004 Subject: [SpamCop-List] Re: Parser misses Link References: Message-ID: "Glenn Daniels" wrote in message news:chv6da$vmu$1@news.spamcop.net... > "Steve Gilder" wrote in message [snip] Glenn, I started a new thread in .geeks for reporting the JSCRIPT.ENCODE. Hopefully it can be kept to a one report/one reply format so it does not get out of hand the way the others have. Steve From nobody at spamcop.net Sat Sep 11 14:35:09 2004 From: nobody at spamcop.net (spamcop) Date: Sat Sep 11 13:35:04 2004 Subject: [SpamCop-List] No one gave spamcop the right and SC doesn't do it. References: Message-ID: From eddie at eddie.web Sat Sep 11 15:24:43 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 11 14:25:02 2004 Subject: [SpamCop-List] Re: Guestbook spam References: Message-ID: On Fri, 10 Sep 2004 21:01:06 -0700, AlecWest scratched out the following: > Porpoise wrote: > >> Why do you need guest books anyway? > > I don't. My clients request them. And rather than ask them, "Why do you > need guest books anyway?" I usually reply "Yes sir." I make more money > that way, hehe. > > Regards, > J. Alec West That is the same kind of reason I still use XP :) That late-night phone call for help from a client cost him a few bucks extra, and if I can solve it over the phone, which is usually the case, it's easy money in the bank. From nobody at spamcop.net Sat Sep 11 10:55:02 2004 From: nobody at spamcop.net (Ellen) Date: Sat Sep 11 16:00:03 2004 Subject: [SpamCop-List] Re: [DNS] bad referral (spamcop.net !< bl.spamcop.net) References: Message-ID: "wbtem" wrote in message news:chusdb$nvh$1@news.spamcop.net... > Lately I'm getting these messages in mij nameserver logs: > > > Sep 11 13:36:42 masterofthenet named[10643]: bad referral (spamcop.net !< > bl.spamcop.net) from [209.92.188.201].53 > Sep 11 13:37:54 masterofthenet named[10643]: bad referral (spamcop.net !< > bl.spamcop.net) from [209.92.188.201].53 I think this is the answer to your question, from Julian: >"Thanks for bringing this up. We are migrating to a >different dns server - rbldnsd. It allows us to add some new features, >but I think the problem is due to the lack of an NS record returned with >the query. We'll see what we can do about that (more complicated than it >sounds).. > >In the meantime though, you could try upgrading bind or just disabling >that message - it is not fatal, just a warning and in this case (and 99% >of other cases) it does not indicate any real problem. > >Currently, only some of our mirrors are using the new system, so this >may only show up sometimes - depending on which mirror your system decides >to use. But we will gradually be migrating the whole set over." Ellen From eddie at eddie.web Sat Sep 11 20:08:59 2004 From: eddie at eddie.web (eddie) Date: Sat Sep 11 19:10:27 2004 Subject: [SpamCop-List] [Media]PayPal to Levy Fines for Gambling, Porn Message-ID: Sounds like a good start "PayPal, the online payments arm of eBay Inc. (Nasdaq:EBAY - news), on Friday said it will soon fine people up to $500 for uses related to gambling, adult content or services, and buying or selling prescription drugs from noncertified sellers. ... The new policy, which takes effect Sept. 24 and applies to both buyers and sellers, marks the first time PayPal has imposed fines for violations of its use policy, ..." http://news.yahoo.com/news?tmpl=story&u=/nm/20040910/wr_nm/tech_ebay_fines_dc_1 Of course, some could simply see the fines as the cost of doing business, but I would hope PayPal would also prosecute repeat offenders or better, find a way to block them completely. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From usenet1 at DE.LETE.THISljvideo.com Sun Sep 12 01:30:35 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Sep 11 20:35:35 2004 Subject: [SpamCop-List] Re: No one gave spamcop the right and SC doesn't do it. References: Message-ID: Waiving the right to remain silent, "spamcop" said: .."burp"... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at devnull.spamcop.net Sat Sep 11 21:40:24 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sat Sep 11 20:45:02 2004 Subject: [SpamCop-List] Old subject Revisited Message-ID: I do not know if this is allowed here and, if it is, if the time is right but here goes: While reading thru some posts from a couple of months ago I came across an idea that got my attention. The idea was to organize a retaliation against a hit list of spammers. The objective was to shut them down. There was a lot of dialog about legality and morality that made some sense. Well, if you are one of those people that had objection to using FriedSpam.net or Spam Vampire to fight back, please do not read any further because you are going to take exception to what I have to say. I have tried playing nice and know what? My spam has increased and I am now getting NDRs from spam that uses my domain in phony *From:* addresses. I am now ready to take off the kid gloves and get the baseball bat to get the spammers attention. Frankly, the way I feel right now, I would do anything in my power and limited means to put my hit list out of business. LARTs do not seem work and SC reports, although successful, are not getting results fast enough for me. I am fighting two battles and would like some help and am will to help others. The first battle is the one everyone reading this is fighting: SPAM. Reporting it, LARTing, etc. The second battle I am fighting (as are others) is spammers using my domain in their phonied up *From:* addresses. Yes, I probably brought this on myself by being naive but this really tweaks my ... I am willing to organize and participate in this and am seeking others to participate. I have set up a site at 64 dot 115 dot 103 dot 168 and anyone who wants can go there and select a domain from my list that have appeared in my NDRs. The SpamVampire is from HillsCap (thanks again A) and you can run it from there. It is all set up and ready to go. I suggest and request you copy the source to your hard drive (to minimize the load on my server), verify the contents and when you are satisfied, run them down. Send me an email at Spam Abuse Reporting (all one word, no spaces) at Stellar Consulting, Inc (all one word and no comma) dot com with a subject that has SC somewhere in it and the domain name(s) of your nominee(s). I will order the nominee(s) in descending order of number of nominations and, every other Monday, send out the top ten list to the participitants for review. The top ten list review period will be three days and participants can respond to get nominees off the list but not added. To get a nominee removed, explain why and this will be diseminated to the other participants for their review. The objective is to have a solid hit list every other Friday. I will prepare the Spam Vampires for participants to download and away we go. If there are any domains still in operation after 2 weeks, any left will remain on the hit list and will not be removed until gone. I just hope I am not biting off more work than I can get done. Steve From Kilgallen at SpamCop.net Sat Sep 11 21:15:41 2004 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Sep 11 21:20:04 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: In article , "Steve Gilder" writes: > I do not know if this is allowed here and, if it is, if the time is right > but here goes: You don't know if _what_ is allowed ? Starting a thread without a descriptive title ? It is "allowed" in the sense that SpamCop Lightning is probably not going to strike you dead. But a lot of people are going to ignore your proposed discussion due to the lack of a proper title. From toni.kranjec--- at siol.net Sun Sep 12 11:37:21 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Sun Sep 12 04:30:20 2004 Subject: [SpamCop-List] Need some help with GrantProfessor.com In-Reply-To: References: Message-ID: So, I am not satisfied with what spamcop finds in http://www.spamcop.net/sc?id=z655939110ze04e09050346ddc996be18145dcb457cz The complaint is only being sent to one address, while there are 3 URL's. What am I missing (I hate to be newbe)? What do I do?! Toni From toni.kranjec--- at siol.net Sun Sep 12 12:05:27 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Sun Sep 12 05:01:00 2004 Subject: [SpamCop-List] Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: > I just hope I am not biting off more work than I can get done. Well, I am getting 150-250 spam emails per day. I don't have the time to lart every day on every one. However, when my girlfriend is abroad I basically sit in front of the computer all day long, larting through spamcop, manually larting, sending complaints to all possible addresses I can find on hosting provider's web site, even sending faxes... It doesn't really help much (especially in China). So I also tried vampiring. 2 days ago I downloaded 10G from 2 web sites hosting on Hanaro (and manually larted them wherever I could), they are still standing. So I don't know what else to do. I know that some companies have very cheap bandwidth, it would take hundreds of vampires to take them down. But if you will manage to form a vampire community, I will join you, because I can see I can not do much just by myself. If there is anyone that claims otherwise, I will gladly forward my spam to him/her to handle it. Kudos to those who manage to take sites down by larting. Suggestions: Do post on your web site the number of vampires that will join you, it really helps to know one is not alone. also, try to get a pro and make a script Netscape friendly. From nobody at devnull.spamcop.net Sun Sep 12 06:19:30 2004 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Sep 12 05:20:21 2004 Subject: [SpamCop-List] Re: Need some help with GrantProfessor.com References: Message-ID: "ToniK" wrote in message > So, I am not satisfied with what spamcop finds in > http://www.spamcop.net/sc?id=z655939110ze04e09050346ddc996be18145dcb457cz > > The complaint is only being sent to one address, while there are 3 > URL's. What am I missing (I hate to be newbe)? What do I do?! > Ummm... first off, start a new thread? this item has nothing to do with this thread's topic, IMO. Forgetting that: This http://http://www.junip.com/?a=CD73&b=58&d=0 does not resolve because the syntax is invalid. If you wish to report the alleged spamvendor domain junip.com to admins for hir ISP, plug junip.com into the websubmit form to access the appropriate abuse desk and manually report. You can't make the link work without first fixing it: The parser correctly "sees" a broken link. This http://www.discovery04wind.com/you/can see it does not resolve but in your browser, this does: http://www.discovery04wind.com/you/can%20see%20it Again, is left to you to "see" what the robot parser misses. In many cases spammers seem to protect spamvendors and themselves by endless tricks to avoid detection by the parser. The parser is not "Deep Blue" and can't be expected to "see" the deviant behavior of the spamsourcer without previously being configured to look for it. The parser can only be reasonably preprogrammed to "see past" some obfuscation, not all. The one thing you may never do is "cheat" and modify the spamitem to trick the parser into seeing things it should not. OTOH, if you knew in advance the abuse desks to be notified, you could manually enter that information in the "user notify" section when sending reports. The parser can only be allowed to report what it "sees". What you "see", you assume responsibility for acting or not acting on. I could not find a third URL. Image URL's don't qualify, as spammers will often "borrow" images from wherever they please. HTH, Glenn From MikeE at ster.invalid Sun Sep 12 03:54:55 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 05:55:04 2004 Subject: [SpamCop-List] Re: Need some help with GrantProfessor.com References: Message-ID: ToniK wrote: > So, I am not satisfied with what spamcop finds in www.spamcop.net/sc?id=z655939110ze04e09050346ddc996be18145dcb457cz > The complaint is only being sent to one address, The source was counted and notified > while there are 3 > URL's. The URLs, such as they are, are in a rather tattered condition: http://http://www.junip.com/?a=CD73&b=58&d=0 [extra 'http'] http://www.grantprofessor.com/oo.php [not in http] http://www.discovery04wind.com/you/can see it [spaces in there] .. but some browsers will handle such errors, but not necessarily gracefully. I can resolve www.junip.com www.discovery04wind.com & www.grantprofessor.com to various providers, but SC can't. > What am I missing (I hate to be newbe)? What do I do?! If you are not pay, there's nothing you can add to a spamcop report. If you don't want to do things manually, you quit. But.... if you want to do more.... If you want to notify those manually, you would 'extract' the domain name from the bent URL to see how spamcop would notify it junip = mickey@paravisions.com discovery [no valid] grant = Reporting addresses: postmaster@starlan.com abuse@above.net abuse@starlan.com abuse@he.net abuse@genuity.com Then, after that, you have to start using some tools. The situation with discovery is that it is 69.60.106.231 = Infolink Information Services whose notify addy is supposed to be abuse@serverpronto.com -- but it is spews and spamhaus listed which means that it is unresponsive; and that's probably why SC doesn't want to bother notifying it. You can also help SC out by looking up the IP and feeding it the IP for an address: 69.60.106.231 Reporting addresses: abuse@cogentco.com Then, if you were going to really work at your manual notify, you would have to go upstream AS adjacencies AS15083 = infolink whose notifies are whois -h whois.abuse.net infolink.com ... abuse@gblx.net abuse@cogentco.com abuse@infolink.com Upstream Adjacent AS list AS3549 GBLX Global Crossing Ltd. AS19094 ADE2 Adelphia Business Solutions global is covered by the above, adelphia is abuse@telcove.net It all depends on how much trouble you want to go to for this little bent spam. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Sep 12 04:14:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 06:15:03 2004 Subject: [SpamCop-List] Re: Need some help with GrantProfessor.com References: Message-ID: Mike Easter wrote: > ToniK wrote: >> What am I missing (I hate to be newbe)? What do I do?! > If you want to notify those manually, you would 'extract' the domain > name from the bent URL to see how spamcop would notify it The business with the manual notify is to make yourself a little template which is very very brief and succinct and whose purpose is to clarify for the notified the role they had in the spam or your need or decision to notify them, such as spamvertiser provider or upstream for spews/spamhaus listed unresponsive spamvertiser. Or source [proxy/trojan], open relay, etc. Then you can use the template by pasting in information and deleting that not applicable and pasting underneath the spam as the complete headers with attached raw message source spambody. So, you would derive all of those addresses described previously and clarify their role and do the manual notify with your template. -- Mike Easter kibitzer, not SC admin From me at privacy.net Sat Sep 11 21:58:46 2004 From: me at privacy.net (Frog Prince) Date: Sun Sep 12 06:45:08 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: "AlecWest" | http://thewhir.com/marketwatch/chi090704.cfm | | According to MSNBC, a full 50% of all email with a Chinese source is | spam. I doubt seriously whether the Chinese really care whether us | Yankees (and others) get spam in their mailboxes. But I do suspect they | care a great deal about their Internet infrastructure being abused to | such an extent that "legitimate" Chinese Internet providers are bogged | down with bandwidth pollution - especially if the spam is pornographic. | On my local TV news earlier this week, I heard that China is thinking | about imposing "life sentences in prison" to the most aggregious | spammers they catch. That sounds pretty serious to me. And, I suspect | a sentence in a Chinese prison is more of a deterrent to Chinese | spammers than any sentence in a U.S. prison would be to U.S. spammers. Especially when 'lifers' are as often as not DNA linked to organ donation. From MikeE at ster.invalid Sun Sep 12 05:12:59 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 07:15:15 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: Frog Prince wrote: Date: Sat, 11 Sep 2004 20:58:46 -0400 NNTP-Posting-Date: Sun, 12 Sep 2004 10:44:41 +0000 (UTC) Voluntary clock police courtesy report: Your clock is almost 10 hours slow, 9h 46m from nntp. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Sep 12 13:26:15 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Sep 12 07:30:14 2004 Subject: [SpamCop-List] HSBC Phish Message-ID: Another Phishing expedition: http://www.spamcop.net/sc?id=z656067659z26dc79d58762fdfbcf559c02e5add7e5z The text in the visible link is spot on but the underlying link is something else. From me at privacy.net Sun Sep 12 09:26:13 2004 From: me at privacy.net (Frog Prince) Date: Sun Sep 12 08:30:09 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: "Mike Easter" wrote in message news:ci1auh$smi$1@news.spamcop.net... | Frog Prince wrote: | | Voluntary clock police courtesy report: | | Your clock is almost 10 hours slow, 9h 46m from nntp. According to the Navy time standard (tick/tock) I'm less than a fraction (+0.06 sec) off. Can't explain the difference in the headder perhaps Charter has clock problems? Ideas? From aljuhani at zajil.net Sun Sep 12 17:41:10 2004 From: aljuhani at zajil.net (aljuhani) Date: Sun Sep 12 09:41:35 2004 Subject: [SpamCop-List] Queries to bl.spamcop.net refer my ns to spamcop.net ns Message-ID: <001301c498ce$2afb1740$3687a2d4@outbound> Hello List, As subject indicates when my server sends queries to bl.spamcop.net = nameservers, my nameservers get referred to spamcop.net causing Bind Error as below. Sep 12 09:20:35 ns named[1645]: bad referral (spamcop.net !< = bl.spamcop.net) from [209.198.142.147].53 Sep 12 09:20:36 ns named[1645]: bad referral (spamcop.net !< = bl.spamcop.net) from [63.246.133.50].53 Sep 12 09:20:36 ns named[1645]: bad referral (spamcop.net !< = bl.spamcop.net) from [64.156.136.112].53 I run Bind 8 on a RH 6.2 machine. I never had any problems with SpamCop but noticed today when my sendmail = stopped responding. I do not know if there has been any changes to spamcop queries address = or zonefile, the one I use is: # DNS based IP address spam list bl.spamcop.net R$* $: $&{client_addr} R::ffff:$-.$-.$-.$- $: $(host $4.$3.$2.$1.bl.spamcop.net. $: OK = $) R$-.$-.$-.$- $: $(host $4.$3.$2.$1.bl.spamcop.net. $: OK = $) ROK $: OKSOFAR R$+ $#error $@ 5.7.1 $: 554 Rejected - see = http://spamcop.net/ any ideas.. Thanks aljuhani@zajil.net From MikeE at ster.invalid Sun Sep 12 08:02:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 10:05:03 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: Frog Prince wrote: > "Mike Easter" >> Your clock is almost 10 hours slow, 9h 46m from nntp. > > According to the Navy time standard (tick/tock) I'm less than a > fraction (+0.06 sec) off. Can't explain the difference in the > headder perhaps Charter has clock problems? > > Ideas? The previously observed discrepancy has disappeared Frog Prince wrote: [in this post] Date: Sun, 12 Sep 2004 08:26:13 -0400 NNTP-Posting-Date: Sun, 12 Sep 2004 12:26:22 +0000 (UTC) Could there have been such a delay in starting that post I was 'clocking' and actually sending it? From: "Frog Prince" Date: Sat, 11 Sep 2004 20:58:46 -0400 Message-ID: NNTP-Posting-Date: Sun, 12 Sep 2004 10:44:41 +0000 (UTC) Under that theory, you would start editing the post which sez Frog Prince wrote: > Especially when 'lifers' are as often as not DNA linked to organ > donation. some 10 hours before it was actually launched from your newsreader. Or, you would start the post and send it, but something would go wrong in transit. You could also include your own clock being wrong then but correct now into the mix, but I wouldn't rank that one very high unless you observed it. According to our musty old records here at the volunteer clock police crackerbarrel, the most common cause of delays of an hour or so is delay in posting after starting the item, as reported by Ellen. We don't have much information about 10 hour ones like that, so we are in uncharted territory here. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Sep 12 08:16:42 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 10:20:05 2004 Subject: [SpamCop-List] Re: Queries to bl.spamcop.net refer my ns to spamcop.net ns References: Message-ID: aljuhani wrote: > As subject indicates when my server sends queries to bl.spamcop.net > nameservers, > my nameservers get referred to spamcop.net causing Bind Error as > below. > any ideas.. In this post Ellen sed Julian sed: From: "Ellen" Subject: Re: [DNS] bad referral (spamcop.net !< bl.spamcop.net) Date: Sat, 11 Sep 2004 09:55:02 -0400 Message-ID: Ellen wrote: > "wbtem" wrote in message > news:chusdb$nvh$1@news.spamcop.net... >> Lately I'm getting these messages in mij nameserver logs: >> >> >> Sep 11 13:36:42 masterofthenet named[10643]: bad referral >> (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 >> Sep 11 13:37:54 masterofthenet named[10643]: bad referral >> (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 > > I think this is the answer to your question, from Julian: > >> "Thanks for bringing this up. We are migrating to a >> different dns server - rbldnsd. It allows us to add some new >> features, but I think the problem is due to the lack of an NS record >> returned with the query. We'll see what we can do about that (more >> complicated than it sounds).. >> >> In the meantime though, you could try upgrading bind or just >> disabling that message - it is not fatal, just a warning and in this >> case (and 99% of other cases) it does not indicate any real problem. >> >> Currently, only some of our mirrors are using the new system, so this >> may only show up sometimes - depending on which mirror your system >> decides to use. But we will gradually be migrating the whole set >> over." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Sep 12 08:39:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 10:40:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: ToniK wrote: > Well, I am getting 150-250 spam emails per day. I don't have the time > to lart every day on every one. > So I also tried vampiring. 2 days ago I downloaded 10G from 2 web > sites hosting on Hanaro (and manually larted them wherever I could), > they are still standing. So I don't know what else to do. I'm not a proponent of vampiring or similar, but it might give you heart to read what's up on the spammer board: Urgent Help Needed - Antis Attacking My Hosting -------------------------------------------------------- hi@all i have a bis problem. these fucking antis have set up a script that reloads all my pics from my hostet website every minute - this couses enormous traffic as everybody can imagine. .htaccess dooesn`t work on my BP hosting and now i `m looking for fast help. is there any other script that block all accesses except the accesses from my owm server through the html-files? they generate huge amount of traffic -kill ?m all wold be very glad when someone could help me - icq 335180653 thx http://www.spamforum.biz/forums/showthread.php?t=190 I have no idea of whether that is bogus or real, but the board seems real enough in the main. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Sep 12 11:34:58 2004 From: nobody at spamcop.net (Ellen) Date: Sun Sep 12 10:45:03 2004 Subject: [SpamCop-List] Re: Queries to bl.spamcop.net refer my ns to spamcop.net ns References: Message-ID: "Mike Easter" wrote in message news:ci1ln0$c93$1@news.spamcop.net... > > In this post Ellen sed Julian sed: > > From: "Ellen" > Subject: Re: [DNS] bad referral (spamcop.net !< bl.spamcop.net) > Date: Sat, 11 Sep 2004 09:55:02 -0400 > Message-ID: > > Ellen wrote: > > "wbtem" wrote in message > > news:chusdb$nvh$1@news.spamcop.net... > >> Lately I'm getting these messages in mij nameserver logs: > >> > >> > >> Sep 11 13:36:42 masterofthenet named[10643]: bad referral > >> (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 > >> Sep 11 13:37:54 masterofthenet named[10643]: bad referral > >> (spamcop.net !< bl.spamcop.net) from [209.92.188.201].53 > > > > I think this is the answer to your question, from Julian: > > > >> "Thanks for bringing this up. We are migrating to a > >> different dns server - rbldnsd. It allows us to add some new > >> features, but I think the problem is due to the lack of an NS record > >> returned with the query. We'll see what we can do about that (more > >> complicated than it sounds).. > >> > >> In the meantime though, you could try upgrading bind or just > >> disabling that message - it is not fatal, just a warning and in this > >> case (and 99% of other cases) it does not indicate any real problem. > >> > >> Currently, only some of our mirrors are using the new system, so this > >> may only show up sometimes - depending on which mirror your system > >> decides to use. But we will gradually be migrating the whole set > >> over." There is further work going to be done on this next week I believe. That explanantion may not be entirely accurate and I probably shouldn't have posted it. Ellen From MikeE at ster.invalid Sun Sep 12 08:45:12 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 10:45:14 2004 Subject: [SpamCop-List] Re: Queries to bl.spamcop.net refer my ns to spamcop.net ns References: Message-ID: Ellen wrote: > There is further work going to be done on this next week I believe. > That explanantion may not be entirely accurate and I probably > shouldn't have posted it. Okey dokey, I won't say you sed he sed it any more :-) I'll take that one down if you like. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Sep 12 11:54:25 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 10:55:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "ToniK" wrote in message news:ci132u$j0u$1@news.spamcop.net... > [snip] > > I know that some companies have very cheap bandwidth, it would take > hundreds of vampires to take them down. But if you will manage to form a > vampire community, I will join you, because I can see I can not do much > just by myself. If there is anyone that claims otherwise, I will gladly > forward my spam to him/her to handle it. Kudos to those who manage to take > sites down by larting. > > Suggestions: > Do post on your web site the number of vampires that will join you, it > really helps to know one is not alone. also, try to get a pro and make a > script Netscape friendly. I added a count of vampires to the site (currently at 2, you and me). Any Javascript Pro's who can modify the script care to give it try: make SpamVampire browser aware? ToniK: submit your nominee(s) From nobody at devnull.spamcop.net Sun Sep 12 12:03:19 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 11:05:06 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "Mike Easter" wrote in message news:ci1n2f$e4l$1@news.spamcop.net... > ToniK wrote: [snip] > > Urgent Help Needed - Antis Attacking My Hosting > > -------------------------------------------------------- > > hi@all > > i have a bis problem. > > these fucking antis have set up a script that reloads all my pics from my > hostet website every minute - this couses enormous traffic as everybody > can imagine. > > .htaccess dooesn`t work on my BP hosting and now i `m looking for fast > help. > > is there any other script that block all accesses except the accesses > from my owm server through the html-files? > > they generate huge amount of traffic -kill ?m all > > wold be very glad when someone could help me - icq 335180653 > > thx > http://www.spamforum.biz/forums/showthread.php?t=190 > > > I have no idea of whether that is bogus or real, but the board seems real > enough in the main. > > -- > Mike Easter > kibitzer, not SC admin > hmmmm.. Antis=Anti-Spammers? Sounds like a spammer to me. From MikeE at ster.invalid Sun Sep 12 09:24:57 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 11:25:04 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: Steve Gilder wrote: Steve, you snip the part where I say it is a spammer board and you leave my sig untrimmed. We're going to have to send you back to trimming class. > hmmmm.. Antis=Anti-Spammers? > > Sounds like a spammer to me. Mike Easter wrote: > it might give you > heart to read what's up on the spammer board: Yes, the post was ostensibly made by a spammer on a spammer board and yes, antis are anti-spammers. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sun Sep 12 13:10:12 2004 From: nobody at spamcop.net (Ellen) Date: Sun Sep 12 12:50:18 2004 Subject: [SpamCop-List] Re: Queries to bl.spamcop.net refer my ns to spamcop.net ns References: Message-ID: "Mike Easter" wrote in message news:ci1nce$ejs$1@news.spamcop.net... > Ellen wrote: > > There is further work going to be done on this next week I believe. > > That explanantion may not be entirely accurate and I probably > > shouldn't have posted it. > > Okey dokey, I won't say you sed he sed it any more :-) > > I'll take that one down if you like. > > -- Yeah might be a good idea for now ... Ellen From aeiouqwert at netscape.net Sun Sep 12 10:56:53 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Sun Sep 12 13:00:03 2004 Subject: [SpamCop-List] Re: Old subject Revisited In-Reply-To: References: Message-ID: Steve Gilder wrote: > I just hope I am not biting off more work than I can get done. I just had a devilishly clever idea. I knew nothing about "Spam Vampire" until yesterday. But, as I understand it, it works by multiple downloading image files from a spam-site to frustrate bandwidth limits and the general performance of the site. As a member of the SETI@home project, I'm constantly astounded by the power of distributed computing. I wonder if a distributed computing scenario could be set up to allow volunteers to join the war on spam by using their unused CPU time to what Spam Vampire does ... only on a much more massive scale. Pardon me if this sounds far-fetched ... but has anyone considered this? Regards, J. Alec West From user\" at domain.invalid>" Sun Sep 12 20:39:19 2004 From: user\" at domain.invalid>" ( Rolf) Date: Sun Sep 12 13:40:18 2004 Subject: [SpamCop-List] Re: Old subject Revisited In-Reply-To: References: Message-ID: AlecWest wrote: > As a member of the SETI@home project, I'm constantly astounded by the > power of distributed computing. I wonder if a distributed computing > scenario could be set up to allow volunteers to join the war on spam by > using their unused CPU time to what Spam Vampire does ... only on a much > more massive scale. Pardon me if this sounds far-fetched ... but has > anyone considered this? I would think so, but the problem is not CPU power as with SETI@home but rather download bandwith. And for many people that bandwith is not free although they may pay a fixed price broadband access. I know for one thing that my provider would at least bark if I would download 30G every month over my ADSL connection. From nobody at devnull.spamcop.net Sun Sep 12 14:55:52 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 14:00:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "Mike Easter" wrote in message news:ci1pmv$i8q$1@news.spamcop.net... > Steve Gilder wrote: > > Steve, you snip the part where I say it is a spammer board and you leave > my sig untrimmed. > > We're going to have to send you back to trimming class. oops. back to remedial trimming class. oh noooo > >> hmmmm.. Antis=Anti-Spammers? >> >> Sounds like a spammer to me. > > Mike Easter wrote: >> it might give you >> heart to read what's up on the spammer board: > > Yes, the post was ostensibly made by a spammer on a spammer board and > yes, antis are anti-spammers. > > -- > Mike Easter > kibitzer, not SC admin > Sorry Mike. It will not happen again From me at privacy.net Sun Sep 12 14:40:20 2004 From: me at privacy.net (Frog Prince) Date: Sun Sep 12 14:00:20 2004 Subject: [SpamCop-List] Re: i've given up reporting asian spam References: Message-ID: "Mike Easter" | Could there have been such a delay in starting that post I was 'clocking' | and actually sending it? | | From: "Frog Prince" | Date: Sat, 11 Sep 2004 20:58:46 -0400 | Message-ID: | NNTP-Posting-Date: Sun, 12 Sep 2004 10:44:41 +0000 (UTC) | | Under that theory, you would start editing the post which sez | | Frog Prince wrote: | > Especially when 'lifers' are as often as not DNA linked to organ | > donation. | | some 10 hours before it was actually launched from your newsreader. Or, | you would start the post and send it, but something would go wrong in | transit. You could also include your own clock being wrong then but | correct now into the mix, but I wouldn't rank that one very high unless | you observed it. | | According to our musty old records here at the volunteer clock police | crackerbarrel, the most common cause of delays of an hour or so is delay | in posting after starting the item, as reported by Ellen. We don't have | much information about 10 hour ones like that, so we are in uncharted | territory here. I've been traveling and have been known to 'cook' a post as a result with a delayed posting. Regardless I does not seem to bother me. Just consider the time error my contribution to giving the clock police something to do. From usenet1 at DE.LETE.THISljvideo.com Sun Sep 12 19:00:50 2004 From: usenet1 at DE.LETE.THISljvideo.com (Larry J.) Date: Sun Sep 12 14:05:03 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: Waiving the right to remain silent, AlecWest said: > Steve Gilder wrote: > >> I just hope I am not biting off more work than I can get done. > > I just had a devilishly clever idea. I knew nothing about "Spam > Vampire" until yesterday. But, as I understand it, it works by > multiple downloading image files from a spam-site to frustrate > bandwidth limits and the general performance of the site. I've just revisited Spam Vampire at http://www.hillscapital.com/antispam/index.htm and all I get is "load failure" of fourteen images that it's currently trying. The number of failures jst keeps incrementing. Does that mean that Spam Vampire is broken, or the spam sites are broken..? http://members.cox.net/ljvideo/images/spam_vampire.gif -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "Lord, are we worthy of the task that lies before us, or are we just jerking off..?" From nobody at devnull.spamcop.net Sun Sep 12 15:06:25 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 14:10:04 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Rolf" wrote in message news:ci21lb$vi6$1@news.spamcop.net... > AlecWest wrote: > >> As a member of the SETI@home project, I'm constantly astounded by the >> power of distributed computing. I wonder if a distributed computing >> scenario could be set up to allow volunteers to join the war on spam by >> using their unused CPU time to what Spam Vampire does ... only on a much >> more massive scale. Pardon me if this sounds far-fetched ... but has >> anyone considered this? > I was thinking of SETI@home after reading the old posts and while thinking about this could work. > I would think so, but the problem is not CPU power as with SETI@home but > rather download bandwith. And for many people that bandwith is not free > although they may pay a fixed price broadband access. I know for one thing > that my provider would at least bark if I would download 30G every month > over my ADSL connection. > > Rolf is correct. Bandwidth is the major concern because Spam Vampire uses spammer and your bandwidth. If you pay on a rate schedule, you what to think hard about how much you can participate. If you pay a fixed rate, well, why not? As long as you have unused capacity and will not be getting nasty-grams from your ISP. 30G, 20G, 10G, whatever you can spare or are willing to commit. With enough people doing it, the amount each needs to provide may not so large except for the really stubborn or really unaware. Unaware until their ISP bill comes. From toni.kranjec--- at siol.net Sun Sep 12 21:17:34 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Sun Sep 12 14:15:02 2004 Subject: [SpamCop-List] Re: Old subject Revisited In-Reply-To: References: Message-ID: Larry J. wrote: > I've just revisited Spam Vampire at > http://www.hillscapital.com/antispam/index.htm and all I get is "load > failure" of fourteen images that it's currently trying. The number > of failures jst keeps incrementing. > > Does that mean that Spam Vampire is broken, or the spam sites are > broken..? > > http://members.cox.net/ljvideo/images/spam_vampire.gif > I think that links to pictures are put wrongly (I might be wrong): ["www.softheaven.ws/", "images/topleft.gif", ... I think it should be: ["www.softheaven.ws", "/images/topleft.gif", ... From nobody at devnull.spamcop.net Sun Sep 12 15:11:14 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 14:15:19 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Larry J." wrote in message news:Xns95627014F2605larryathome@216.154.195.61... > Waiving the right to remain silent, AlecWest > said: > >> Steve Gilder wrote: >> >>> I just hope I am not biting off more work than I can get done. >> >> I just had a devilishly clever idea. I knew nothing about "Spam >> Vampire" until yesterday. But, as I understand it, it works by >> multiple downloading image files from a spam-site to frustrate >> bandwidth limits and the general performance of the site. > > I've just revisited Spam Vampire at > http://www.hillscapital.com/antispam/index.htm and all I get is "load > failure" of fourteen images that it's currently trying. The number > of failures jst keeps incrementing. > > Does that mean that Spam Vampire is broken, or the spam sites are > broken..? > > http://members.cox.net/ljvideo/images/spam_vampire.gif > > -- > Larry J. - Remove spamtrap in ALLCAPS to e-mail > > "Lord, are we worthy of the task that lies before us, > or are we just jerking off..?" The download is setup for the last site HillsCap wiped out. The site is gone. You need to setup the site and images for your execution. Look near the end of the download and you will see the format. Site, images. I had a few false starts setting it up, but once you get it set... Well, it is a beautiful thing. Blazing Saddles.. Candy-gram for Mongo. From MikeE at ster.invalid Sun Sep 12 12:13:48 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 14:15:28 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: Steve Gilder wrote: >> -- >> Mike Easter >> kibitzer, not SC admin >> > > Sorry Mike. It will not happen again Trim that sig -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Sep 12 15:14:45 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 14:15:35 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "ToniK" wrote in message news:ci23e3$2aq$1@news.spamcop.net... > > > Larry J. wrote: >> I've just revisited Spam Vampire at >> http://www.hillscapital.com/antispam/index.htm and all I get is "load >> failure" of fourteen images that it's currently trying. The number of >> failures jst keeps incrementing. >> >> Does that mean that Spam Vampire is broken, or the spam sites are >> broken..? >> >> http://members.cox.net/ljvideo/images/spam_vampire.gif >> > > I think that links to pictures are put wrongly (I might be wrong): > ["www.softheaven.ws/", "images/topleft.gif", ... > > I think it should be: > ["www.softheaven.ws", "/images/topleft.gif", ... Either way should work. just put the "/" in one place or the other. The site is appended in front od the images. You want the string to wind up as *site.domain/images/...* not *site.domain//images/..* note the double *//* in the latter. From toni.kranjec--- at siol.net Sun Sep 12 21:25:18 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Sun Sep 12 14:20:03 2004 Subject: [SpamCop-List] Re: Old subject Revisited In-Reply-To: References: Message-ID: > The download is setup for the last site HillsCap wiped out. The site is > gone. > The first site still loads for me, the second is gone. ["www.softheaven.ws/", "images/topleft.gif" = http://www.softheaven.ws/images/topleft.gif From glnews030922 at highspot.net Sun Sep 12 20:38:47 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Sun Sep 12 14:40:05 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Steve Gilder wrote: > I added a count of vampires to the site (currently at 2, you and me). > > Any Javascript Pro's who can modify the script care to give it try: make > SpamVampire browser aware? Does it follow redirects? If it does, some spammer with mod_rewrite is going to redirect your queries to large images on a legitimate site and you'll probably end up with your ISP TOSing you. If it doesn't, then the spammers will just end up re-writing the URLs to stop you hitting them. From dfm2a3l0t2 at spymac.com Sun Sep 12 15:47:24 2004 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sun Sep 12 14:50:03 2004 Subject: [SpamCop-List] Re: [Media]PayPal to Levy Fines for Gambling, Porn References: Message-ID: In article , eddie wrote: > Sounds like a good start > > "PayPal, the online payments arm of eBay Inc. (Nasdaq:EBAY - news), on > Friday said it will soon fine people up to $500 for uses related to > gambling, adult content or services, and buying or selling prescription > drugs from noncertified sellers. ... > The new policy, which takes effect Sept. 24 and applies to both buyers > and sellers, marks the first time PayPal has imposed fines for violations > of its use policy, ..." > > http://news.yahoo.com/news?tmpl=story&u=/nm/20040910/wr_nm/tech_ebay_fines_dc_ > 1 > > Of course, some could simply see the fines as the cost of doing business, > but I would hope PayPal would also prosecute repeat offenders or better, > find a way to block them completely. Or one could be cynical and see it as an attempt by PayPal to increase its revenues. -- I'm D.F. Manno, and I don't approve of George Bush's message. From eddie at eddie.web Sun Sep 12 16:04:55 2004 From: eddie at eddie.web (eddie) Date: Sun Sep 12 15:05:26 2004 Subject: [SpamCop-List] Re: [Media]PayPal to Levy Fines for Gambling, Porn References: Message-ID: On Sun, 12 Sep 2004 14:47:24 -0400, D.F. Manno scratched out the following: snip > Or one could be cynical and see it as an attempt by PayPal to increase its > revenues. Yes, and even look like they are the good guys in doing so :) -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From none at none.com Sun Sep 12 15:20:54 2004 From: none at none.com (klondike) Date: Sun Sep 12 15:25:17 2004 Subject: [SpamCop-List] Why are spammers doing this? Message-ID: 1). I have no idea how they did it, how I can even decipher it or even how to accurately describe it, but I have received two spams to an e-mail address where the spammer managed to put the spamvertised website in a "header" and the body of the message below. It appears as if you are views two separate e-mails in one window when looking at in my particular e-mail client. It doesn't seem to help them in anyway,but maybe they are trying to keep the header with the URL from being forwarded to spamcop and only get the body reported since that is from a throw away account they don't care about? 2). They are embedding urls with my e-mail address. For example, if my email address is yugoi@dev.null, they put links to http:\\yugoi.com, yugio.net and yugio.org in there. Are they hoping I own yugio.com and report myself as a spammer? From MikeE at ster.invalid Sun Sep 12 14:17:25 2004 From: MikeE at ster.invalid (Mike Easter) Date: Sun Sep 12 16:20:21 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? References: Message-ID: X-Newsreader: Microsoft Outlook Express 6.00.2800.1437 klondike wrote: Don't try to describe something like that. The strategy is to use your mailuseragent - mua presumably OE Outlooke Express - to 'capture' the spamitem using File menu/ Properties item/ Details tab/ Message source button and paste it into the SC SpamCop webparser. Then, after the parse, to copy the tracker whose environment is... Spam Header This page may be saved for future reference: www.spamcop.net/sc?id=z656859293z6593ebcf2c2bda710df1e14f3d55027dz and paste it in here, so that we can see what you are struggling to try to describe. You would cancel the parse above. -- Mike Easter kibitzer, not SC admin From mrichter at cpl.net Sun Sep 12 14:33:48 2004 From: mrichter at cpl.net (Mike Richter) Date: Sun Sep 12 16:35:11 2004 Subject: [SpamCop-List] Re: HSBC Phish In-Reply-To: References: Message-ID: Porpoise wrote: > Another Phishing expedition: > > http://www.spamcop.net/sc?id=z656067659z26dc79d58762fdfbcf559c02e5add7e5z > > The text in the visible link is spot on but the underlying link is something > else. Standard phishing methodology. That's reason enough to 1. Refuse to view in HTML 2. Reject any e-mail in which the visible and hidden links differ. 3. Never click a link. (Copy and paste ensures getting what you see.) Mike -- mrichter@cpl.net http://www.mrichter.com/ From mrichter at cpl.net Sun Sep 12 14:36:20 2004 From: mrichter at cpl.net (Mike Richter) Date: Sun Sep 12 16:40:03 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? In-Reply-To: References: Message-ID: klondike wrote: > 2). They are embedding urls with my e-mail address. For example, if my email > address is yugoi@dev.null, they put links to http:\\yugoi.com, yugio.net and > yugio.org in there. Are they hoping I own yugio.com and report myself as a > spammer? Mike Easter replied to the first question. My guess in answer to the second is that they're trying to overwhelm SC with URLs so it rejects them all - or at least the real ones. Mike -- mrichter@cpl.net http://www.mrichter.com/ From mrichter at cpl.net Sun Sep 12 14:38:58 2004 From: mrichter at cpl.net (Mike Richter) Date: Sun Sep 12 16:40:16 2004 Subject: [SpamCop-List] The four-address limit Message-ID: User notification has been (still is?) limited to four addresses. Yet when I put in just the real e-mail address to get the abuse desk, I sometimes receive five or more places to which to report. In one case, there are five names at the same address - no abuse desk per se, postmaster or other clearly fitting screen name. 1. Is the four-address limit still in place? 2. How can the reporter select in cases such as that above? 3. Should SC limit the reporting addresses? Mike -- mrichter@cpl.net http://www.mrichter.com/ From ric.gates at bigsleep.org Sun Sep 12 21:42:06 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Sep 12 16:45:02 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? References: Message-ID: On 12 Sep 2004 klondike entered spamcop and left news:ci27jo$9ao$1@news.spamcop.net: > 2). They are embedding urls with my e-mail address. For example, if my > email address is yugoi@dev.null, they put links to http:\\yugoi.com, > yugio.net and yugio.org in there. Are they hoping I own yugio.com and > report myself as a spammer? > My guess is that they are trying to poisen filters and block lists. I can only hope that reporters are smart enough not to report these addresses. -- | Ric | From fred558 at bobames.com Mon Sep 13 00:50:08 2004 From: fred558 at bobames.com (Bob Ames) Date: Sun Sep 12 17:50:26 2004 Subject: [SpamCop-List] Want Milter to reject Email containing links in which visible and hidden links differ In-Reply-To: References: Message-ID: Mike Richter wrote: > Porpoise wrote: >> Another Phishing expedition: > [...] > Standard phishing methodology. That's reason enough to > > 2. Reject any e-mail in which the visible and hidden links differ. Does anyone have any suggestions about how to set up a sendmail/postfix Milter to do this? Bob (Use bob at this domain to reach me) Don't Send Any Email To: From ric.gates at bigsleep.org Sun Sep 12 23:18:48 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Sep 12 18:20:24 2004 Subject: [SpamCop-List] Re: The four-address limit References: Message-ID: On 12 Sep 2004 Mike Richter entered spamcop and left news:ci2c36$ghf$3@news.spamcop.net: > 2. How can the reporter select in cases such as that above? > If there is no fairly obvious abuse address, I would be reluctant to send any reports to them. -- | Ric | From ric.gates at bigsleep.org Sun Sep 12 23:23:27 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Sep 12 18:25:03 2004 Subject: [SpamCop-List] Re: The four-address limit References: Message-ID: On 12 Sep 2004 Blammo entered spamcop and left news:Xns95629BC6A1DEEblammo@216.154.195.61: > If there is no fairly obvious abuse address, I would be reluctant to > send any reports to them. > Since you can alias addresses at the server, anyone that supplies more than one mail-abuse address per server is stupid. -- | Ric | From TJLWBECGSGWU at spammotel.com Mon Sep 13 00:29:36 2004 From: TJLWBECGSGWU at spammotel.com (Mathew Hendry) Date: Sun Sep 12 18:35:10 2004 Subject: [SpamCop-List] Re: new trick by spamkid References: <4132C28D.4070307@spamcop.net> Message-ID: On Tue, 31 Aug 2004 01:50:22 +0100, "Ant" wrote: >"Sean W" wrote... >> John McLusky wrote: >>> Berny wrote: >>>>Are there any non-MLM/non pyramidal biznesses in existence? > >>> http://www.cclcomputers.biz/ - a quite well-respected computer store in >>> England. > >> Phew, I thought they were spamming there for a moment (I have some >> memory and drives and such from them, my bro lives nearby). (They have >> a .co.uk though too so people can still email them and visit their site >> :-p ) >> >> That's one, anyone for number two? :-p > >http://computercops.biz/ - Not sure if they are a business. They host >various security related forums, inclding one for HijackThis which is >a well regarded free malware detection tool. http://www.gamesindustry.biz , a news site for, well, obvious really. -- Mat. From aeiouqwert at netscape.net Sun Sep 12 16:56:54 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Sun Sep 12 19:00:18 2004 Subject: [SpamCop-List] ANTIS@home - formerly Old subject Revisited In-Reply-To: References: Message-ID: Steve Gilder wrote: > Rolf is correct. Bandwidth is the major concern because Spam Vampire > uses spammer and your bandwidth. If you pay on a rate schedule, you > what to think hard about how much you can participate. If you pay a > fixed rate, well, why not? As long as you have unused capacity and > will not be getting nasty-grams from your ISP. > > 30G, 20G, 10G, whatever you can spare or are willing to commit. Exactly. I put the question to the "nerds" at SETI@home and am awaiting a reply (if any). As I see it, you'd need distributed computing software that would keep a running count of bandwidth used ... at least, those with high-speed broadband. It would have to be software allowing users to input a bandwidth "max" figure ... and meter it (turn itself off when it approached an average daily maximum). But, this might be one of these situations where a "lot" of dialup users might be worth more than broadband users ... since usually, dialup users aren't given a bandwidth "max" because of their sheer inability to reach it at 56k (in normal-use scenarios). And, once a "work-unit" (spammer site) stopped responding to calls enough times, a different "work-unit" could be downloaded to take its place until it, too, stopped responding ... and so on. But, there could be other incentives, too (hehe, I'm really getting into this). A _lot_ of ISPs themselves hate spam with such a vengeance they might be willing to become "ANTIS@home" member-ISPs ... and give an extra amount of bandwidth (tax-deductible as cost-of-doing-business) to participating clients. In addition, some businesses are so large they can garner "flat-fee" arrangements for broadband. And, some of those businesses hate spam with the same vengeance as home users ... and some ISPs. In any case, distributed computing as a weapon against spam does have the virtue of never having been tried. And, almost _everybody_ hates spam to some degree. Hopefully, someone with more knowledge of distributed computing projects than I have will put their thinking cap on and see what can be done with the idea. If, besides the software itself, a little "marketing" could be done to convince ISPs to cut ANTIS some slack (and businesses to use their immense, usually unused, nighttime processing power), this scenario could end up being a spammer's worst nightmare, hehe. Regards, J. Alec West From aeiouqwert at netscape.net Sun Sep 12 17:13:26 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Sun Sep 12 19:15:20 2004 Subject: [SpamCop-List] Re: ANTIS@home - formerly Old subject Revisited In-Reply-To: References: Message-ID: Brief P.S.: At SETI@home, when users crunch enough "work units," they get a downloadable certificate (suitable for printing). In theory, if calls for a site's graphics stop working, the site has been either (A) taken down, or (B) the site owner has been forced to "rename" graphics or relocate them. Bottom line? In either case, "work" (or money) is required on the part of the spammer to keep the site up ... and ANTIS@home users could also have a downloadable certificate (suitable for framing). I was thinking of a WWII graphic (grin) showing a fighter plane with enemy-plane graphics on it ... "ex-ed out" ... a more modern version of a gunfighter with knotches on his gun-handle, hehehe. Regards, J. Alec West From nobody at devnull.spamcop.net Sun Sep 12 20:22:00 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 19:25:04 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "Graeme Leith" wrote in message news:ci24sr$4cc$1@news.spamcop.net... > Steve Gilder wrote: > >> I added a count of vampires to the site (currently at 2, you and me). >> >> Any Javascript Pro's who can modify the script care to give it try: make >> SpamVampire browser aware? > > Does it follow redirects? Hmmm. not sure. I need more info about this. > > If it does, some spammer with mod_rewrite is going to redirect your > queries to large images on a legitimate site and you'll probably end up > with your ISP TOSing you. If it doesn't, then the spammers will just end > up re-writing the URLs to stop you hitting them. There is no URL just the IP. The script runs on the users machine from their IP From porpoise1954 at yahoo.co.uk Mon Sep 13 01:32:48 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Sep 12 19:35:03 2004 Subject: [SpamCop-List] Re: HSBC Phish References: Message-ID: "Mike Richter" wrote in message news:ci2bpg$ghf$1@news.spamcop.net... > Porpoise wrote: > > > Another Phishing expedition: > > > > http://www.spamcop.net/sc?id=z656067659z26dc79d58762fdfbcf559c02e5add7e5z > > > > The text in the visible link is spot on but the underlying link is something > > else. > > Standard phishing methodology. That's reason enough to > > 1. Refuse to view in HTML Disagree. There are some docs I get which I would hate to have to try and read in plain text. Same with web pages.... You just have to be aware of what's going on. > > 2. Reject any e-mail in which the visible and hidden links differ. Definitely agree > > 3. Never click a link. (Copy and paste ensures getting what you see.) Definitely agree - but I rarely even copy and paste. I usually do a manual or if it's a site that I have a genuine link to, I'll use my own link. > > Mike > -- > mrichter@cpl.net > http://www.mrichter.com/ > From porpoise1954 at yahoo.co.uk Mon Sep 13 01:57:38 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Sep 12 20:00:23 2004 Subject: [SpamCop-List] Re: Want Milter to reject Email containing links in which visible and hidden links differ References: Message-ID: "Bob Ames" wrote in message news:ci2g9i$o0t$1@news.spamcop.net... > Mike Richter wrote: > > Porpoise wrote: > >> Another Phishing expedition: > > [...] > > Standard phishing methodology. That's reason enough to > > > > 2. Reject any e-mail in which the visible and hidden links differ. > > Does anyone have any suggestions about how to set up a > sendmail/postfix Milter to do this? There is one major flaw in that - the visible and hidden links usually do differ. Same as links on a web page the visible might be something like: with: https://sslrelay.com/s87910425.oneandoneshop.co.uk/sess/utn;jsessionid=15404cdff3ba114/shopdata/0040_Freediving+=26amp=3B+Spearfishing/0060_Suits/product_overview.shopscript being the link. > > Bob (Use bob at this domain to reach me) > Don't Send Any Email To: From completelyfalse at harrykiri.com Mon Sep 13 11:17:36 2004 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Sun Sep 12 20:20:03 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? References: Message-ID: "Blammo" wrote in message news:Xns95628B61CD1A3blammo@216.154.195.61... > My guess is that they are trying to poisen filters and block lists. > I can only hope that reporters are smart enough not to report these > addresses. I don't read the spam - either raw HTML or rendered, so I can't tell what the final web site destination might be in all cases. Sure, if it's a drugs spam and you see something like "meds" in the URL about to be reported, it's probably the payload. This approach is *still guesswork* unless you are prepared to open the spam and start clicking! >From a time perspective, it is very wasteful for dozens (or perhaps even hundreds) of SC users to duplicate forensic efforts to find "payload" URL's. Is a database of spamvertised sites the answer? SC could check this against those detected in the parse and tick the boxes, whilst having no tick in those that were not in the database. I seem to recall seeing something in some parses that indicates "no previous history" or similar - does this mean there is some sort of simple implementation already? Regards, Hughy -- I can be found at aw_electronics_ng atiinetdotnetdotau From nobody at devnull.spamcop.net Sun Sep 12 21:49:59 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 20:50:05 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "ToniK" wrote in message news:ci23sj$3c7$1@news.spamcop.net... > >> The download is setup for the last site HillsCap wiped out. The site is >> gone. >> > > The first site still loads for me, the second is gone. > > ["www.softheaven.ws/", "images/topleft.gif" > = http://www.softheaven.ws/images/topleft.gif Great. You have your first target. Edit the source and delete the line for the second site. Why waste an time on a dead site. From nobody at devnull.spamcop.net Sun Sep 12 21:53:24 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 20:55:02 2004 Subject: [SpamCop-List] Re: ANTIS@home - formerly Old subject Revisited References: Message-ID: "AlecWest" wrote in message news:ci2l6k$sb$1@news.spamcop.net... > Brief P.S.: > > At SETI@home, when users crunch enough "work units," they get a > downloadable certificate (suitable for printing). In theory, if calls for > a site's graphics stop working, the site has been either (A) taken down, > or (B) the site owner has been forced to "rename" graphics or relocate > them. Bottom line? In either case, "work" (or money) is required on the > part of the spammer to keep the site up ... and ANTIS@home users could > also have a downloadable certificate (suitable for framing). I was > thinking of a WWII graphic (grin) showing a fighter plane with enemy-plane > graphics on it ... "ex-ed out" ... a more modern version of a gunfighter > with knotches on his gun-handle, hehehe. > > Regards, > J. Alec West I will post on my site any graphics certificates I received at Spam Abuse Reporting. Think you deserve a certificate, download it, print it, frame it and smile when you look at it. I like your idea more than mine. Get it organized! I am in! From porpoise1954 at yahoo.co.uk Mon Sep 13 03:22:44 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Sep 12 21:25:21 2004 Subject: [SpamCop-List] Bad report Message-ID: Don't know whether this is an attempt to find my real address to whitelist me or a genuine problem. http://www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z From fred558 at bobames.com Mon Sep 13 04:50:13 2004 From: fred558 at bobames.com (Bob Ames) Date: Sun Sep 12 21:50:04 2004 Subject: [SpamCop-List] Re: Want Milter to reject Email containing links in which visible and hidden links differ In-Reply-To: References: Message-ID: Porpoise wrote: > "Bob Ames" wrote in message > news:ci2g9i$o0t$1@news.spamcop.net... >>Mike Richter wrote: >>>Porpoise wrote: >>>>Another Phishing expedition: >>>[...] >>>Standard phishing methodology. That's reason enough to >>>[...] >>>2. Reject any e-mail in which the visible and hidden links differ. >> >>Does anyone have any suggestions about how to set up a >>sendmail/postfix Milter to do this? > > There is one major flaw in that - the visible and hidden links usually do > differ. Same as links on a web page the visible might be something like: > > with: > https://sslrelay.com/s87910425.oneandoneshop.co.uk/sess/utn;jsessionid=15404cdff3ba114/shopdata/0040_Freediving+=26amp=3B+Spearfishing/0060_Suits/product_overview.shopscript > being the link. You're right. But, if the visible link *looks like* a valid URL, starting with http:// , then it would be rejectable if it differed from the real link, right? Bob (use bob at this domain to reach me) Don't Send Any Email To: From nobody at devnull.spamcop.net Sun Sep 12 23:07:55 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Sep 12 22:10:04 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? References: Message-ID: "klondike" wrote in message news:ci27jo$9ao$1@news.spamcop.net... > 1). I have no idea how they did it, how I can even decipher it or even how > to accurately describe it, but I have received two spams to an e-mail > address where the spammer managed to put the spamvertised website in a > "header" and the body of the message below. It appears as if you are views > two separate e-mails in one window when looking at in my particular e-mail > client. > > It doesn't seem to help them in anyway,but maybe they are trying to keep > the > header with the URL from being forwarded to spamcop and only get the body > reported since that is from a throw away account they don't care about? > > 2). They are embedding urls with my e-mail address. For example, if my > email > address is yugoi@dev.null, they put links to http:\\yugoi.com, yugio.net > and > yugio.org in there. Are they hoping I own yugio.com and report myself as a > spammer? > I've gotten a couple of these and reported them all. The parser has told me *too many links* each time. I manually go thru ALL the source code of my spams to make a record of them for indexing and database analysis. The subject always had *browse member profiles* with images from www moopid com (with the dots in the appropriate places). The last one had the payload from Photo.to and iDate.to. If anyone wants to see a sample see: http://www.spamcop.net/sc?id=z657349167z84d5b9e1c1a3ea42acb70e169c09e10az I manually munge my spam to catch all of these and the multitude of other places spammers put a name. I have also seen an IMG that loads a php file for recording the *To:* address. Slimey motherf#$%ers. Use up my time. You WILL pay. From ric.gates at bigsleep.org Mon Sep 13 04:06:09 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Sep 12 23:10:02 2004 Subject: [SpamCop-List] Re: Why are spammers doing this? References: Message-ID: On 12 Sep 2004 Harry Kiri entered spamcop and left news:ci2ots$76g$1@news.spamcop.net: > I don't read the spam - either raw HTML or rendered, so I can't tell > what the final web site destination might be in all cases. > > Sure, if it's a drugs spam and you see something like "meds" in the > URL about to be reported, it's probably the payload. This approach is > *still guesswork* unless you are prepared to open the spam and start > clicking! > Right, but I look at the URLs and abuse contacts. If I see something obviously wrong, like www.w3.org, I uncheck it. Seeing your eMail username in a URL domain is a pretty good sign that something's wrong. I never click on any link in spam. -- | Ric | From ric.gates at bigsleep.org Mon Sep 13 04:25:37 2004 From: ric.gates at bigsleep.org (Blammo) Date: Sun Sep 12 23:30:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: On 12 Sep 2004 Porpoise entered spamcop and left news:ci2sqk$aqf$1@news.spamcop.net: > Don't know whether this is an attempt to find my real address to > whitelist me or a genuine problem. > Uhm, 22:56:19 +0200 = 16:56:19 -0400 not 18:56:19 -0400 Perhaps they are on Swatch time? -- | Ric | From eddie at eddie.web Mon Sep 13 01:40:37 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 00:45:04 2004 Subject: [SpamCop-List] Most idiotic spam subject of the day Message-ID: Subject: 5 Adult Deevde's for 4 only 1 Dollar !!! foursome I don't even know that means. It's certainly not English. Maybe the pigeon variety? The website is hosted by MCI no less. http://www.good-real-offers.com tracker: http://www.spamcop.net/sc?id=z657534983z380264d6b84f67fc8f820ccfe4da6503z It was obviously written by an idiot or an 8-year old or a drunk. Some kiddy figured out how to get daddy's system to run a server and put some "warz" on it. Boy, will daddy be ticked off. I larted MCI. I hope the kill the account permanently. "you get to pick up 5 sizzling hot adult detrveeds for the price of 1 dolla= r with free shippment check it out - Adiolt eDeeveeds:" -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From nobody at spamcop.net Mon Sep 13 02:11:34 2004 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Mon Sep 13 01:10:03 2004 Subject: [SpamCop-List] URL not found, why? Message-ID: Hello, all. Can you have a peek at "reUrgente" in sc.spam, please? I didn't save the headers but SC parsed them correctly. The problem is the body. Maybe I'm overlooking something obvious, but I don't understand why SC didn't pick any URL. There's one to my eyes and there's no scripting involved. Thanks. C. From MikeE at ster.invalid Sun Sep 12 23:22:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 01:25:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: Blammo wrote: > Porpoise >> Don't know whether this is an attempt to find my real address to >> whitelist me or a genuine problem. None of the above IMO; I think that's a real response to your spam report, it is just incompetent, see below. > Uhm, > 22:56:19 +0200 = 16:56:19 -0400 > > not 18:56:19 -0400 > > Perhaps they are on Swatch time? Ha!. Yes, they are confused and mistaken about converting from your time to their time, as Blammo/Ric has pointed out, so their analysis of their user being online or not is in error. -- Mike Easter kibitzer, not SC admin From aeiouqwert at netscape.net Mon Sep 13 00:12:33 2004 From: aeiouqwert at netscape.net (aeiouqwert@netscape.net) Date: Mon Sep 13 02:15:11 2004 Subject: [SpamCop-List] Re: ANTIS@home - formerly Old subject Revisited Message-ID: fred558@bobames.com wrote: > Bob Ames (presently at 19.498 years of CPU time in SETI@Home) I'm not even close to that. I've only been using it on one PC ... a Pentium III 500 mhz with 256 megs RAM ... and only for a little over a year. But, I am quickly approaching my 250 WU milestone (unless they cut off Classic before I reach it). Currently, I'm running Classic and BOINC simultaneously. Since I started doing that, I've never run out of work to do. At the present time, both Classic and BOINC are crunching away ... but when BOINC runs out of WUs, Classic speed up. Regards, Alec (aka ProfessorBarnhardt, 4131 hr. 33 min. CPU time) From toni.kranjec--- at siol.net Mon Sep 13 08:51:53 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Mon Sep 13 02:15:34 2004 Subject: [SpamCop-List] Hanaro Message-ID: Friday was a nice day. My girlfriend was abroad and I was larting all day long. 24 of complaints were sent to Hanaro. I larted through spamcop (BIG thank you for your system), then I manually sent email with full headers exposed to: postmaster at hananet.net spamcenter at hanafos.com security at hanaro.com abuse at hanaro.com nospam at hanaro.com trexx at hanaro.com jwjang at hanaro.com rasung at hanaro.com icec at icec.or.kr ip-adm at hanaro.com At the end of the day I also sent fax to Hanaro and to someone else who might be interested in this. I sent to (fax numbers): Hanaro 82262664399 82262662166 82262666483 Spamcop.or.kr 8224055329 Nospam.go.kr 8225072053 Kiba.or.kr 8225398767 They don't work through the weekend as spammers do, so Monday morning I got their email (the email was sent from "abuse at hanaro.com"): ----------------------- To whom it may concern, We got your message by fax this morning. First of all, We are very sorry about your inconvenience because of spamming. We, Hanaro, also know about this problem of those who have been sending spam mails that you mentioned in your message. We are now in the process of sorting out the problem. We are going to close the contract with those who have been spamming. We are always do our best to prevent spam mail relays in our network and We are strongly trying to follow Internet rule of making Internet clean. For more request or questions, please feel free to contact us. Thank you for your attention. Best Regards, Eun Kyoung Yang ------------------------- Sites that seem to be gone already: http://duct.hotnewdealioz.com/index.html?1 http://week.hopeisnear4you.com/index.html?2 http://www.welcomeh0mez.com/index.html?1 http://www.yorhere2savez.com/index.html?2 http://www.phard0ckzz.com/quick/index.html?1 http://www.couchp00pz.com/151/index.html?1 Still hanging there: http://ipwljpag.entire7576drygs.com/b12m/ http://entirefinance.net/?partid=brl http://www.graduationservices.info/fasttrack/ http://www.baby29.com/ http://0rderdrugs.com/sup/ http://www.bdfgasfsdf.info/?64 http://kekhigpam.nblccmd.info/?qassYJWAX.xkcqqwaqbaspal http://joc.actsfast.info/ct/index.php?pid=eph4748 http://www.vbuy.biz/en/4/?AFF_ID=0909st http://www.xoffers.biz/en/4/?AFF_ID=0909x http://portddlswt.reportedly5882dryg.com/b12m/ http://ngta.aw.harlem7204nx.com/56/ http://www.aaweqcv.com/ http://pharm.cadhhej.info/?pFXrrcpcht0PbVV http://www.nprob.info/ http://www.baby30.com/ http://www.realmilfs.net/bnr/3050981720 http://www.sister31.com/ I really wonder if all sites will be gone... From tmcgraw at spamcop.net Mon Sep 13 00:35:01 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Sep 13 02:35:05 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: <41453F95.3000305@spamcop.net> Porpoise wrote: > Don't know whether this is an attempt to find my real address to whitelist > me or a genuine problem. > > http://www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z Besides the interpretation of the time stamp mentioned by others, it appears you have not added spamcop to your mailhosts. From ric.gates at bigsleep.org Mon Sep 13 10:13:01 2004 From: ric.gates at bigsleep.org (Blammo) Date: Mon Sep 13 05:15:22 2004 Subject: [SpamCop-List] Re: Hanaro References: Message-ID: On 12 Sep 2004 ToniK entered spamcop and left news:ci3dro$m7f$1@news.spamcop.net: > I really wonder if all sites will be gone... > Just moving to another hanaro IP is all. -- | Ric | From nobody at nowhere.invalid Mon Sep 13 12:15:38 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Sep 13 05:20:03 2004 Subject: [SpamCop-List] Re: Most idiotic spam subject of the day References: Message-ID: On Mon, 13 Sep 2004 00:40:37 -0400, eddie coughed into spamcop and left this in : > I larted MCI. I hope the kill the account permanently. Dream on. I don't think MCI has nuked a single account yet for reasons other than the bill not being paid. Not for nothing do they have 224 SBL listings, about half of which are ROKSO listings. -- Steve Seen in the classified ads: COMPLETE SET OF ENCYCLOPEDIA BRITANNICA. 45 VOLUMES. EXCELLENT CONDITION. $1000 OR BEST OFFER. NO LONGER NEEDED. MARRIED. WIFE KNOWS EVERYTHING. From ric.gates at bigsleep.org Mon Sep 13 10:15:40 2004 From: ric.gates at bigsleep.org (Blammo) Date: Mon Sep 13 05:20:17 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: On 12 Sep 2004 Claudio Valderrama C. entered spamcop and left news:ci3a1e$jon$2@news.spamcop.net: > Maybe I'm overlooking something obvious, but I don't understand why SC > didn't pick any URL. Sometimes reloading the page works. -- | Ric | From none at domain.invalid Mon Sep 13 03:34:40 2004 From: none at domain.invalid (Anonymous) Date: Mon Sep 13 05:35:03 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Steve Gilder" wrote in message news:ci2qrk$9d1$1@news.spamcop.net... > Great. You have your first target. > > Edit the source and delete the line for the second site. Why > waste an time on a dead site. Actually, it only slows down SpamVampire a very little bit... if an image falters as it loads in, and you get a broken graphic, SpamVampire will wait 15 seconds or so before trying that image again. Once that image is deemed to be 'suffering', SV will only test it once a minute. After a week or so of this, if the image fails to load, it'll stop trying to load it. If you click on the images in SV, you can see the status of each image, including how many times each image has loaded, how many times it's failed to load, and how much data that image accounts for. From none at domain.invalid Mon Sep 13 04:46:18 2004 From: none at domain.invalid (Anonymous) Date: Mon Sep 13 06:45:24 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Anonymous" wrote in message news:ci3pg6$urm$1@news.spamcop.net... >> Edit the source and delete the line for the second site. Why >> waste an time on a dead site. Here's an idea I had... I put a graphic at the bottom of SV that's linked to another SV page... I could just as easily link it to another person's SV. That way, if a person visits my SV, finds that the images are dead (either because I've run out of targets, or because I'm waiting out a spammer who's playing tricks with his website by turning if off except for when he's actively spamming. I've got a lot of patience... so I wait the full week for SV to proclaim a site dead, and I check it periodically after that.), then they can move on to the next site, where hopefully someone's got a full complement of images. That person, in turn, can link to someone else in the same fashion... people visiting SV would have their choice of which one to utilize at any given time. From porpoise1954 at yahoo.co.uk Mon Sep 13 12:44:07 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 06:45:48 2004 Subject: [SpamCop-List] Re: Want Milter to reject Email containing links in which visible and hidden links differ References: Message-ID: "Bob Ames" wrote in message news:ci2ubn$bse$1@news.spamcop.net... > Porpoise wrote: > > "Bob Ames" wrote in message > > news:ci2g9i$o0t$1@news.spamcop.net... > >>Mike Richter wrote: > >>>Porpoise wrote: <> > > There is one major flaw in that - the visible and hidden links usually do > > differ. Same as links on a web page the visible might be something like: > > > > with: > > https://sslrelay.com/s87910425.oneandoneshop.co.uk/sess/utn;jsessionid=15404cdff3ba114/shopdata/0040_Freediving+=26amp=3B+Spearfishing/0060_Suits/product_overview.shopscript > > being the link. > > You're right. But, if the visible link *looks like* a valid > URL, starting with http:// , then it would be rejectable if > it differed from the real link, right? True, true..... > > Bob (use bob at this domain to reach me) > Don't Send Any Email To: From porpoise1954 at yahoo.co.uk Mon Sep 13 12:55:24 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 07:00:03 2004 Subject: [SpamCop-List] Re: Bad report References: <41453F95.3000305@spamcop.net> Message-ID: "Tim McGraw" wrote in message news:41453F95.3000305@spamcop.net... > Porpoise wrote: > > Don't know whether this is an attempt to find my real address to whitelist > > me or a genuine problem. > > > > http://www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z > > Besides the interpretation of the time stamp mentioned by others, it > appears you have not added spamcop to your mailhosts. > Ermmm...... what? I don't have a spamcop email address...... From nobody at spamcop.net Mon Sep 13 07:41:57 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 07:30:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Porpoise" wrote in message news:ci2sqk$aqf$1@news.spamcop.net... > Don't know whether this is an attempt to find my real address to whitelist > me or a genuine problem. > > http://www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z > > > Ok this is a legit ISP response -- unfortunately they can't seem to calculate the correct time. You could respond to the ISP and point out that they have miscalculated the time if you are in a good mood. However I notice that it appears the path for this reply is them --> your SC account --> your ISP and neither the SC servers nor your account at yahoo UK mailservers are added to your mailhosts. If you plan to report spams that make it thru your SC account to your home ISP you need to add those mailhosts. It would be just as well to go ahead and add them now and be done with it so this issue does not arise again. Ellen From porpoise1954 at yahoo.co.uk Mon Sep 13 13:42:07 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 07:45:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Ellen" wrote in message news:ci402v$3rv$1@news.spamcop.net... > > > "Porpoise" wrote in message > news:ci2sqk$aqf$1@news.spamcop.net... > > Don't know whether this is an attempt to find my real address to whitelist > > me or a genuine problem. > > > > http://www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z > > > > > > > > Ok this is a legit ISP response -- unfortunately they can't seem to > calculate the correct time. You could respond to the ISP and point out that > they have miscalculated the time if you are in a good mood. > > However I notice that it appears the path for this reply is them --> your SC > account --> your ISP and neither the SC servers nor your account at yahoo UK > mailservers are added to your mailhosts. If you plan to report spams that > make it thru your SC account to your home ISP you need to add those > mailhosts. It would be just as well to go ahead and add them now and be done > with it so this issue does not arise again. Hmmm.. Strange... My Yahoo account was the first mailhost I configured. Followed by for all my other pop addresses. I didn't even know I had a mail address at spamcop.net.....??? So I've done it as porpoise1954 at spamcop.net Is that correct? > > Ellen > > From glnews030922 at highspot.net Mon Sep 13 14:05:52 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 08:05:04 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Steve Gilder wrote: > > "Graeme Leith" wrote in message > news:ci24sr$4cc$1@news.spamcop.net... > >> Steve Gilder wrote: >> >>> I added a count of vampires to the site (currently at 2, you and me). >>> >>> Any Javascript Pro's who can modify the script care to give it try: >>> make SpamVampire browser aware? >> >> >> Does it follow redirects? > > > Hmmm. not sure. I need more info about this. > >> >> If it does, some spammer with mod_rewrite is going to redirect your >> queries to large images on a legitimate site and you'll probably end >> up with your ISP TOSing you. If it doesn't, then the spammers will >> just end up re-writing the URLs to stop you hitting them. > > > There is no URL just the IP. The script runs on the users machine from > their IP Follow this link: http://www.highspot.net/rw/See.jpg Does it take you to where you thought you were going? Now follow this one: http://www.highspot.net/rw/index.html Right click on the graphic and compare it's URL to the first link. The above is the simplest example of what you can do with mod_rewrite on the server side. The spammer can use mod_rewrite to rewrite valid requests in one way to stop Spam Vampire if it doesn't follow redirects. They can rewrite identified Spam Vampire requests in another way if it does follow redirects. How about the chances of going to bed one night hitting a spammers web site and waking up the next morning with a personal visit from the FBI. Would you enjoy helping them with their inquiries into your DoS attack on the Homeland Security site? Just because the spammers you've been hitting so far are clueless bottom feeders that don't know how to stop your attacks doesn't mean that they all are. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Mon Sep 13 06:09:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 08:10:02 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: Porpoise wrote: > Hmmm.. Strange... My Yahoo account was the first mailhost I > configured. Followed by for all my other pop > addresses. I didn't even know I had a mail address at > spamcop.net.....??? So I've done it as porpoise1954 at spamcop.net > > Is that correct? You don't need to have a spamcop address to employ mailhosts, and you have employed mailhosts for the hosts you've shown here, yahoo and kundenserver. In the item you posted, you submitted the clock related response you got from the ISP to the parser, I assumed as a method of demonstrating what the content of the ISP's response was. That ISP response parsing was done as a mailhosts one, but the response was a response to a spam report, so it went from the ISP to spamcop to you at yahoo, one of your mailhosts. www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z Inside of the ISP's response was the original spamitem and its original parse www.spamcop.net/w3m?i=z1221297745zf479918085bdad0c3ab62b2ba2299400z That item also shows it being parsed as a mailhosts at kundenserver because the original spamitem went to kunden Original spam abbreviated Received lines *comment from [209.240.23.98] (helo=209-240-23-98.tc1.woodsfield.oh.dial.1st.net) by mxng20.kundenserver.de *sourceline reported, also reponding ISP from 70.40.242.28 by 209.240.23.98 *bogusline I think there may be some confusion about that item which went from the ISP to spamcop to you because it was a response to a report and because you 'processed' it as spam. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Sep 13 06:19:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 08:20:04 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: Claudio Valderrama C. wrote: > Can you have a peek at "reUrgente" in sc.spam, please? > I didn't save the headers but SC parsed them correctly. The problem > is the body. Maybe I'm overlooking something obvious, but I don't > understand why SC didn't pick any URL. There's one to my eyes and > there's no scripting involved. The problem with posting only the body to .spam instead of simply posting a tracking url here to discuss is that in order to 'play with' spamcop's parsing of the item, someone would have to manufacture headers to put over the body, because SC won't parse what you posted in .spam. I, for one, don't feel like doing that, altho' it wouldn't really be very hard. I'm curious about the fact that you saved the body but not the headers. Why is that? For the purpose of posting in .spam? It would've been better to save the tracker; it has everything and takes up less room. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Sep 13 06:29:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 08:30:04 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: Mike Easter wrote: > someone would have to > manufacture headers to put over the body, because SC won't parse what > you posted in .spam. > > I, for one, don't feel like doing that, altho' it wouldn't really be > very hard. I shamed myself into putting some bogus headers over that body. SC finds the links www.spamcop.net/sc?id=z658293348z8b1991dd555c12e30aa27d59fd255461z However, I made it a point to put on headers which happened to say Content-Type: text/html If the original headers were 'wrong' about content type, then SC might not have correctly parsed the body -- which is another reason that posting a body without headers and then asking why SC didn't find the links is inappropriate. In the future, simply post the tracker for what you want to ask about. -- Mike Easter kibitzer, not SC admin From toni.kranjec--- at siol.net Mon Sep 13 15:56:59 2004 From: toni.kranjec--- at siol.net (ToniK) Date: Mon Sep 13 09:00:04 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: > Follow this link: http://www.highspot.net/rw/See.jpg > > Does it take you to where you thought you were going? > > Now follow this one: http://www.highspot.net/rw/index.html Interesting. Is it also possible to somehow trick this way http://friedspam.net ?? I guess there are less chances, because you are loading the whole site, but what if spammer temporary closes web site or he set up redirection only for your IP (is that possible?), will http://friedspam.net keep loading redirected site then? T. From glnews030922 at highspot.net Mon Sep 13 15:20:23 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 09:20:02 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: ToniK wrote: > >> Follow this link: http://www.highspot.net/rw/See.jpg >> >> Does it take you to where you thought you were going? >> >> Now follow this one: http://www.highspot.net/rw/index.html > > > Interesting. > > Is it also possible to somehow trick this way http://friedspam.net ?? I > guess there are less chances, because you are loading the whole site, > but what if spammer temporary closes web site or he set up redirection > only for your IP (is that possible?), will http://friedspam.net keep > loading redirected site then? Yes, you could use it to combat Friedspam. The mechanism is pretty flexible in itself and can easily be augmented with external scripts that build a block list in real time. No need to take the site off-line, the blocking can be done without interruption to regular services and would only hit the abusing IPs. You could return either a 403, or re-direct to an external site. Even if the program has built-in protection to work out when it's being re-directed, the load to the spammer is reduced from the size of the page in question, to a couple of hundred bytes for a re-direct/reject per hit. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From nobody at devnull.spamcop.net Mon Sep 13 10:58:29 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Mon Sep 13 10:00:11 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Anonymous" wrote in message news:ci3tmf$22v$1@news.spamcop.net... > "Anonymous" wrote in message > news:ci3pg6$urm$1@news.spamcop.net... >>> Edit the source and delete the line for the second site. Why waste an >>> time on a dead site. > > Here's an idea I had... I put a graphic at the bottom of SV that's linked > to another SV page... I could just as easily link it to another person's > SV. > > That way, if a person visits my SV, finds that the images are dead (either > because I've run out of targets, or because I'm waiting out a spammer > who's playing tricks with his website by turning if off except for when > he's actively spamming. I've got a lot of patience... so I wait the full > week for SV to proclaim a site dead, and I check it periodically after > that.), then they can move on to the next site, where hopefully someone's > got a full complement of images. Sort of like the *Ring* concept that is used by certain groups? I like that. > > That person, in turn, can link to someone else in the same fashion... > people visiting SV would have their choice of which one to utilize at any > given time. > To: Anyone, Send me links to other SVs and I will put them on my page. From nobody at spamcop.net Mon Sep 13 09:57:59 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 10:05:07 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Porpoise" wrote in message news:ci413j$4k9$1@news.spamcop.net... > > > Hmmm.. Strange... My Yahoo account was the first mailhost I configured. > Followed by for all my other pop addresses. I didn't even > know I had a mail address at spamcop.net.....??? So I've done it as > porpoise1954 at spamcop.net > Bah -- note to self -- do not type anything prior to coffee. Just ignore me. I got confused because you went and parsed the reply from the ISP ... if you haven't purchased a SpamCop email account then you don't have a spamcop email address. Ellen From porpoise1954 at yahoo.co.uk Mon Sep 13 16:01:24 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 10:05:29 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Mike Easter" wrote in message news:ci42kr$5vn$1@news.spamcop.net... > Porpoise wrote: > > Hmmm.. Strange... My Yahoo account was the first mailhost I > > configured. Followed by for all my other pop > > addresses. I didn't even know I had a mail address at > > spamcop.net.....??? So I've done it as porpoise1954 at spamcop.net > > > > Is that correct? > > You don't need to have a spamcop address to employ mailhosts, and you > have employed mailhosts for the hosts you've shown here, yahoo and > kundenserver. > > In the item you posted, you submitted the clock related response you got > from the ISP to the parser, I assumed as a method of demonstrating what > the content of the ISP's response was. That ISP response parsing was > done as a mailhosts one, but the response was a response to a spam > report, so it went from the ISP to spamcop to you at yahoo, one of your > mailhosts. > > www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z > > Inside of the ISP's response was the original spamitem and its original > parse > > www.spamcop.net/w3m?i=z1221297745zf479918085bdad0c3ab62b2ba2299400z > > That item also shows it being parsed as a mailhosts at kundenserver > because the original spamitem went to kunden > > Original spam abbreviated Received lines *comment > from [209.240.23.98] > (helo=209-240-23-98.tc1.woodsfield.oh.dial.1st.net) by > mxng20.kundenserver.de *sourceline reported, also reponding ISP > from 70.40.242.28 by 209.240.23.98 *bogusline > > I think there may be some confusion about that item which went from the > ISP to spamcop to you because it was a response to a report and because > you 'processed' it as spam. It was the only way I could see of getting it to the group for comment. I was surprised to get the response from the ISP to my Yahoo address. Would you suggest I reply to them directly, or would it be more appropriate for it to be a reply from Spamcop? I'm not sure what action I should/am supposed to take at this time. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at devnull.spamcop.net Mon Sep 13 11:03:35 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Mon Sep 13 10:05:37 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "Graeme Leith" wrote in message news:ci4293$5ii$1@news.spamcop.net... > Steve Gilder wrote: >> >> "Graeme Leith" wrote in message >> news:ci24sr$4cc$1@news.spamcop.net... >> >>> Steve Gilder wrote: >>> >>>> I added a count of vampires to the site (currently at 2, you and me). >>>> >>>> Any Javascript Pro's who can modify the script care to give it try: >>>> make SpamVampire browser aware? >>> >>> >>> Does it follow redirects? >> >> >> Hmmm. not sure. I need more info about this. >> >>> >>> If it does, some spammer with mod_rewrite is going to redirect your >>> queries to large images on a legitimate site and you'll probably end up >>> with your ISP TOSing you. If it doesn't, then the spammers will just end >>> up re-writing the URLs to stop you hitting them. >> >> >> There is no URL just the IP. The script runs on the users machine from >> their IP > > Follow this link: http://www.highspot.net/rw/See.jpg > > Does it take you to where you thought you were going? > > Now follow this one: http://www.highspot.net/rw/index.html > > Right click on the graphic and compare it's URL to the first link. > > > The above is the simplest example of what you can do with mod_rewrite on > the server side. The spammer can use mod_rewrite to rewrite valid requests > in one way to stop Spam Vampire if it doesn't follow redirects. They can > rewrite identified Spam Vampire requests in another way if it does follow > redirects. > > How about the chances of going to bed one night hitting a spammers web > site and waking up the next morning with a personal visit from the FBI. > Would you enjoy helping them with their inquiries into your DoS attack on > the Homeland Security site? Yeahbut. SV only loads images. Unless redirect site has a same name image in a same named folder SV wouldn't do anything except get 404s in which case it slows way down. I think. > > Just because the spammers you've been hitting so far are clueless bottom > feeders that don't know how to stop your attacks doesn't mean that they > all are. > > -- > Evidence shows Cyveillance abuse internet resources. > I recommend unchecking their box in SpamCop reports. > Cyveillance are part of the problem. > They are not part of the solution. From glnews030922 at highspot.net Mon Sep 13 16:22:40 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 10:20:02 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Steve Gilder wrote: > Yeahbut. SV only loads images. Unless redirect site has a same name > image in a same named folder SV wouldn't do anything except get 404s in > which case it slows way down. I think. You didn't hit my proof of concept site, did you? I can re-direct your image request to any other image on any site I choose. If you ignore the re-directs, then SV has negligible load on the target site. If you follow them, you run the danger of DoSing a legitimate site. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From porpoise1954 at yahoo.co.uk Mon Sep 13 16:31:59 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 10:35:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Ellen" wrote in message news:ci497m$bdi$1@news.spamcop.net... > > > "Porpoise" wrote in message > news:ci413j$4k9$1@news.spamcop.net... > > > > > > Hmmm.. Strange... My Yahoo account was the first mailhost I configured. > > Followed by for all my other pop addresses. I didn't > even > > know I had a mail address at spamcop.net.....??? So I've done it as > > porpoise1954 at spamcop.net > > > > Bah -- note to self -- do not type anything prior to coffee. Just ignore me. > I got confused because you went and parsed the reply from the ISP ... if you > haven't purchased a SpamCop email account then you don't have a spamcop > email address. > > Ellen > I what you mean about the coffee....... I wos confused too..... > From completelyfalse at harrykiri.com Tue Sep 14 01:36:04 2004 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Mon Sep 13 10:40:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Cat" wrote in message news:chqf4g$8pr$1@news.spamcop.net... Cat, I just love you when you're angry :-) Regards, Hughy From none at domain.invalid Mon Sep 13 08:42:18 2004 From: none at domain.invalid (Anonymous) Date: Mon Sep 13 10:45:02 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: "Graeme Leith" wrote in message news:ci4a8n$cl9$1@news.spamcop.net... > You didn't hit my proof of concept site, did you? I can > re-direct your image request to any other image on any site I > choose. If you ignore the re-directs, then SV has negligible > load on the target site. If you follow them, you run the danger > of DoSing a legitimate site. Well, I'd much rather have a negligible load on a smart spammer's website (I know... mutually exclusive terms) than accidentally hit an IB. So, what do we do to detect a redirect? From nobody at spamcop.net Mon Sep 13 11:12:03 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 10:55:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Porpoise" wrote in message news:ci498p$be8$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:ci42kr$5vn$1@news.spamcop.net... > > Porpoise wrote: > > > Hmmm.. Strange... My Yahoo account was the first mailhost I > > > configured. Followed by for all my other pop > > > addresses. I didn't even know I had a mail address at > > > spamcop.net.....??? So I've done it as porpoise1954 at spamcop.net > > > > > > Is that correct? > > > > You don't need to have a spamcop address to employ mailhosts, and you > > have employed mailhosts for the hosts you've shown here, yahoo and > > kundenserver. > > > > In the item you posted, you submitted the clock related response you got > > from the ISP to the parser, I assumed as a method of demonstrating what > > the content of the ISP's response was. That ISP response parsing was > > done as a mailhosts one, but the response was a response to a spam > > report, so it went from the ISP to spamcop to you at yahoo, one of your > > mailhosts. > > > > www.spamcop.net/sc?id=z657291121zc40a69591001f33afc3b33c114d15ee1z > > > > Inside of the ISP's response was the original spamitem and its original > > parse > > > > www.spamcop.net/w3m?i=z1221297745zf479918085bdad0c3ab62b2ba2299400z > > > > That item also shows it being parsed as a mailhosts at kundenserver > > because the original spamitem went to kunden > > > > Original spam abbreviated Received lines *comment > > from [209.240.23.98] > > (helo=209-240-23-98.tc1.woodsfield.oh.dial.1st.net) by > > mxng20.kundenserver.de *sourceline reported, also reponding ISP > > from 70.40.242.28 by 209.240.23.98 *bogusline > > > > I think there may be some confusion about that item which went from the > > ISP to spamcop to you because it was a response to a report and because > > you 'processed' it as spam. > > It was the only way I could see of getting it to the group for comment. I > was surprised to get the response from the ISP to my Yahoo address. > > Would you suggest I reply to them directly, or would it be more appropriate > for it to be a reply from Spamcop? > > I'm not sure what action I should/am supposed to take at this time. > > > If you want me to reply to them send the tracking link to me at deputies spamcop.net and I will take care of it. If you want to reply to them I think that is also fine, I don't suspect that they are evil people and it should be perfectly fine to engage them in conversation. Ellen From MikeE at ster.invalid Mon Sep 13 08:53:53 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 10:55:16 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: Porpoise wrote: > "Mike Easter" >> In the item you posted, you submitted the clock related response you >> got from the ISP to the parser, I assumed as a method of >> demonstrating what the content of the ISP's response was. > It was the only way I could see of getting it to the group for > comment. I was surprised to get the response from the ISP to my Yahoo > address. You apparently are registered with spamcop with your yahoo, so SC sent you the SC report response to your SC registered addy. > Would you suggest I reply to them directly, or would it be more > appropriate for it to be a reply from Spamcop? I don't know how you would make a 'reply' from SC that would work in the same way as a spamreport, anonymizing you. Is that possible? I don't have any experience with responding to notify responses. Right now 1st.net only knows you as '1221297745@reports.spamcop.net' - but if you were to reply to them 'directly' they would have that address. If you don't want them to know a real address, you would have to be using some kind of throwaway address. Or, if you didn't care if they knew your real addy, you could just correspond with them normally. I'm less intimidated about communicating with provider's abuse desks than are some others. These guys are not listed anywhere about being non-responsive; I don't know why one would consider them to be blackhat. But it /is/ a little annoying that you have to disclose more to them because of their own stupidity; that's the part that would irk me a little. > I'm not sure what action I should/am supposed to take at this time. It depends upon - how disinclined you are to expose some address - how likely or unlikely you think it would be of 'value' to straighten them out That IP 209.240.23.98 rDNS 209-240-23-98.tc1.woodsfield.oh.dial.1st.net is still not listed anywhere 'meaningful' - only fiveten, but its activity at senderbase is a little interesting Magnitude Vol Change vs. Average Last day 0.0 -100% Last 30d 2.0 963% Average 1.0 So, it is possible that 1st.net 'rethought' their analysis after they emailed you their miscalculation and so maybe they've done something about whatever was going on at that IP. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Sep 13 17:12:29 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 11:15:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Ellen" wrote in message news:ci4c6l$ed8$1@news.spamcop.net... > > "Porpoise" wrote in message > news:ci498p$be8$1@news.spamcop.net... > > > > "Mike Easter" wrote in message > > news:ci42kr$5vn$1@news.spamcop.net... > > > Porpoise wrote: <> > > If you want me to reply to them send the tracking link to me at deputies > spamcop.net and I will take care of it. If you want to reply to them I > think that is also fine, I don't suspect that they are evil people and it > should be perfectly fine to engage them in conversation. > > Ellen > > Thanks Ellen. I have sent the tracker via email as suggested. I don't suspect them as evil people but I'd rather not divulge my email addies to them as they are used for business. From joe at I.hate.spam.com Mon Sep 13 13:01:51 2004 From: joe at I.hate.spam.com (Joe Blow) Date: Mon Sep 13 12:05:16 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: > > Follow this link: http://www.highspot.net/rw/See.jpg > > Does it take you to where you thought you were going? > > Now follow this one: http://www.highspot.net/rw/index.html > > Right click on the graphic and compare it's URL to the first link. > You're assuming that the image exists on the IB's site...which seems unlikely if the image is really related to the spammer's site. For example, spammy can't very well expect an image of his "product" to exist on an IB's site...and it would look pretty stupid to have an image unrelated to his "product". Granted, if the image is a common logo or otherwise generic image that may exist on any number of sites, it wouldn't be a good candidate to spam vampire. You make a good point though...something to watch out for. From glnews030922 at highspot.net Mon Sep 13 18:56:19 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 12:55:11 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Joe Blow wrote: > You're assuming that the image exists on the IB's site...which seems > unlikely if the image is really related to the spammer's site. For example, > spammy can't very well expect an image of his "product" to exist on an IB's > site...and it would look pretty stupid to have an image unrelated to his > "product". Granted, if the image is a common logo or otherwise generic > image that may exist on any number of sites, it wouldn't be a good candidate > to spam vampire. The image doesn't have to be the same name. The image on my site is called See.jpg. If you send a referrer of the index page on my site, then my server will deliver the *See.jpg* to you. If you don't send the correct referrer, then you get redirected to the image *spews.gif* on SPEWS. So, if you send a valid request, you see what you're supposed to see. If you send an invalid request, you get bumped to something else. The owner of the web site gets to choose what are valid and invalid requests. I chose referrer as it only took a couple of minutes to code. I could have decided that it would deliver the image to any single IP address 100 times in a 24 hour period, with all additional requests from that IP beyond that point getting redirected. If I set it up this way, SV would become useless, but normal visitors would not encounter any problems. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From glnews030922 at highspot.net Mon Sep 13 19:00:45 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 13:00:02 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Anonymous wrote: > Well, I'd much rather have a negligible load on a smart spammer's > website (I know... mutually exclusive terms) than accidentally hit an IB. This is good. > So, what do we do to detect a redirect? Sorry, I'm not a JavaScript expert. I'm just pointing out the dangers of what you're doing. This is what my server replies with when it decides it doesn't want to show you it's image. It may provide a useful starting point for you. 302 Found

Found
Apache Server at www.highspot.net Port 80
-- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From joe at I.hate.spam.com Mon Sep 13 14:14:47 2004 From: joe at I.hate.spam.com (Joe Blow) Date: Mon Sep 13 13:15:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: > > The image doesn't have to be the same name. The image on my site is > called See.jpg. If you send a referrer of the index page on my site, > then my server will deliver the *See.jpg* to you. If you don't send the > correct referrer, then you get redirected to the image *spews.gif* on > SPEWS. So, if you send a valid request, you see what you're supposed to > see. If you send an invalid request, you get bumped to something else. > The owner of the web site gets to choose what are valid and invalid > requests. > Got it...although, the person using SV would see an unexpected image, if they're paying attention. Still, if SV works for dumb spammers, which I suspect are the majority, it serves a purpose. With Yahoo and others hosting spam support sites, and refusing to take any action, I don't see a good alternative. SC obviously isn't working. From nobody at spamcop.net Mon Sep 13 14:30:30 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 13:40:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "Porpoise" wrote in message news:ci4de2$fhr$1@news.spamcop.net... > > > > Thanks Ellen. I have sent the tracker via email as suggested. I don't > suspect them as evil people but I'd rather not divulge my email addies to > them as they are used for business. > > Yes I got the mail -- will email them about it. Thanks Ellen From fred558 at bobames.com Mon Sep 13 20:44:13 2004 From: fred558 at bobames.com (Bob Ames) Date: Mon Sep 13 13:45:03 2004 Subject: [SpamCop-List] Vampire Legality & Supporting Your Local Vampire Message-ID: <4145DC6D.3050100@bobames.com> The militant technique known as Vampiring, whereby a SpamWarrior drains data from websites of known scammers and spammers, is illegal in certain areas because it's abusive. Vampiring is not exactly a denial of service, where a large number of computers act together to simultaneously attack a certain website, in order to deny legitimate incoming requests from being serviced by the website. Vampiring is more like slowly continually draining the funds of the Scammer or Spammer until they (or their ISP) decides to take down the website because it's too expensive to keep it operational. But Vampiring, by definition, uses abusive techniques, and this is why it's illegal in many areas to do Vampiring. Scammers and spammers also use abusive techniques, so Vampiring is thought by many SpamWarriors to be an acceptable response to some of the life-destroying activities of the scammers and spammers. Particularly the so-called "419 scammers," who trick often elderly retirees out of their life savings, are thought by many SpamWarriors to be legitimate targets for Vampiring. Some legal issues: Since the Vampiring of websites is illegal is many jurisdictions, could IronPort/SpamCop have any liability for supporting the discussion forums strategizing ways to Vampire? Perhaps an alt.spam.vampiring NG could be created in case IronPort/SpamCop wishes to avoid liability exposure issues. Could SpamWarriors become targets of civil suits by scammers and spammers who are incredibly upset that their websites are being targeted and attacked? Could scammers and spammers file criminal ("John Doe") complaints against SpamWarriors? Could scammers and spammers LART (file complaints with) the ISPs of the attacking SpamWarriors? Of course every non-black-hat ISP would cheer the activities of Vampires, but if they don't enforce their own TOS/AUP against the Vampiring SpamWarrior, wouldn't the SpamWarrior's ISP become a legitimate target of civil (or even criminal) complaints filed by the scammers and spammers? And what about Black-Hat ISPs? Couldn't they join in these civil and criminal complaints against the Vampiring SpamWarriors? Besides using anonymizing proxies which still isn't a cure-all since any given proxy might still be traceable back to the SpamWarrior, what can be done to protect these Vampiring SpamWarriors? Many non-Vampiring SpamWarriors want to support the Vampires but aren't comfortable with actually doing Vampiring since it's illegal in certain places. Is there anything that the Vampires need in the way of support that could be done by the less militant SpamFighters that don't wish to actually do the Vampiring? Bob (use bob at this domain to reach me) Don't Send Any Email To: From abuse-team at covad.com Mon Sep 13 15:04:13 2004 From: abuse-team at covad.com (Covad Abuse Team) Date: Mon Sep 13 14:05:03 2004 Subject: [SpamCop-List] SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) Message-ID: Hello- Our hosted services company (MegaMailServers.com) is currently blacklisted on the IP address 69.46.98.21. This is causing problems for our customers because they are unable to send email to anyone that subscribes to this RBL. I checked SpamCop's website, but there is not update when this IP address will be removed. Could a deputy at SpamCop please contact me at abuse-team@covad.com? Thanks- Andy Smith Covad.net Abuse Department From mrichter at cpl.net Mon Sep 13 12:06:04 2004 From: mrichter at cpl.net (Mike Richter) Date: Mon Sep 13 14:10:02 2004 Subject: [SpamCop-List] Re: The four-address limit In-Reply-To: References: Message-ID: Blammo wrote: > On 12 Sep 2004 Blammo entered spamcop and left > news:Xns95629BC6A1DEEblammo@216.154.195.61: > > >>If there is no fairly obvious abuse address, I would be reluctant to >>send any reports to them. >> > > > Since you can alias addresses at the server, anyone that supplies more than > one mail-abuse address per server is stupid. Do we need further proof that spamhausen are stupid? Isn't the fact that they host the spammers sufficient? The same applies to those who do not keep up with security updates or who tolerate open relays. As a result, those who most need the LART are likely to be stupid and allowance needs to be made. Mike -- mrichter@cpl.net http://www.mrichter.com/ From 8vmb6jy02 at sneakemail.com Mon Sep 13 20:20:33 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Mon Sep 13 14:25:03 2004 Subject: [SpamCop-List] Re: SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) In-Reply-To: References: Message-ID: Covad Abuse Team wrote: > Hello- > > Our hosted services company (MegaMailServers.com) is currently blacklisted > on the IP address 69.46.98.21. This is causing problems for our customers > because they are unable to send email to anyone that subscribes to this RBL. > I checked SpamCop's website, but there is not update when this IP address > will be removed. Could a deputy at SpamCop please contact me at > abuse-team@covad.com? > > Thanks- > Andy Smith > Covad.net Abuse Department > > No it isn't. ITYM http://www.spamcop.net/w3m?action=blcheck&ip=69.49.98.21 Ask your customers to whitelist you *after* you find out why your system is sending email to spamtraps. 11 hours to removal. -- Sean From baloo at ursine.dyndns.org Mon Sep 13 12:31:19 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Mon Sep 13 14:35:03 2004 Subject: [SpamCop-List] Re: SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) References: Message-ID: <873c1mm360.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Covad Abuse Team" writes: > I checked SpamCop's website, but there is not update when this IP address > will be removed. Could a deputy at SpamCop please contact me at > abuse-team@covad.com? http://www.justfuckinggoogleit.com/?query=spamcop+bl+de-listed+site:spamcop.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBRed7UzgNqloQMwcRAsJqAJ9c0e/n40pFmPISYBe+wayEW6Xq3gCg3VU4 rL63evuFLEgZ1eBbpNxdTtQ= =8WSG -----END PGP SIGNATURE----- From 8vmb6jy02 at sneakemail.com Mon Sep 13 20:42:33 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Mon Sep 13 14:45:04 2004 Subject: [SpamCop-List] Re: HSBC Phish In-Reply-To: References: Message-ID: Mike Richter wrote: > Porpoise wrote: > >> Another Phishing expedition: >> >> http://www.spamcop.net/sc?id=z656067659z26dc79d58762fdfbcf559c02e5add7e5z >> >> The text in the visible link is spot on but the underlying link is >> something >> else. > > > Standard phishing methodology. That's reason enough to > > 1. Refuse to view in HTML > > 2. Reject any e-mail in which the visible and hidden links differ. > > 3. Never click a link. (Copy and paste ensures getting what you see.) > > Mike (These always make me laugh) I like what it says on the real site (which is .co.uk not com natch.) "Customers are reminded that we will never send you an email with a link asking you to enter or confirm your bank details. Such emails should be ignored and deleted. More information." (Such emails should be reported and acted upon by law enforcement). (Being a UK HSBC phish that went wrong). HSBC do have a .com address but use .co.uk so wouldn't send email from there (I don't think - as) not that they send email anyway AFAIK. They have my address and never sent me anything (even when I first registered for an internet ID). At least when dealing with UK customers! Also they tend to (being a bank) have peoples names and other data on record and deal with people on named basis! Actually correct address is http://www.ukpersonal.hsbc.co.uk/public/ukpersonal/internet_banking/en/logon.jhtml *not* .com so they couldn't even get that bit right. Pretty naive phish but then that's what they rely on anyways.... Question is, how can anyone who can remember their bank logon details be so stupid... Answers on the back of a penny stamp please... -- Sean From eddie at eddie.web Mon Sep 13 15:43:30 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 14:45:21 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: On Mon, 13 Sep 2004 19:44:13 +0200, Bob Ames scratched out the following: > Since the Vampiring of websites is illegal is many jurisdictions, could > IronPort/SpamCop have any liability for supporting the discussion forums > strategizing ways to Vampire? Perhaps an alt.spam.vampiring NG could be > created in case IronPort/SpamCop wishes to avoid liability exposure > issues. Not unless our freedom of speech has been taken away. Most laws are against action, not talk. It's not even illegal to publish a book about how to kill the the president. Or show an off-broadway play about the same thing. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From nobody at devnull.spamcop.net Mon Sep 13 14:45:00 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 13 14:45:30 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Harry Kiri wrote: > "Cat" wrote in message > news:chqf4g$8pr$1@news.spamcop.net... > > > > Cat, I just love you when you're angry :-) Hehe, thank you. From eddie at eddie.web Mon Sep 13 16:36:56 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 15:40:08 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: On Mon, 13 Sep 2004 19:44:13 +0200, Bob Ames scratched out the following: As an aside, it is perfectly legal to publish source code for vurii, in most countries. I don't know about the USA, though. The illegality only enters when the code is distributed. This is the mechanism by which scriptbabies get and send out the virii. Expoits to various OSs are also published on the net, purportedly to get the companies to fix their products and to make users aware of the exploits. There is no question that it's a very gray area, but for now, discussing these things in a NG is perfectly legal, AFAIAC. Of course this NG belongs to SC, and they could create their own rules, since they own the NG, but I suspect that they won't do anything. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From Merlyn at Spamcop.net Mon Sep 13 16:43:44 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 13 15:45:02 2004 Subject: [SpamCop-List] Re: SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) References: Message-ID: "Covad Abuse Team" wrote in message news:ci4neu$p02$1@news.spamcop.net... > Hello- > > Our hosted services company (MegaMailServers.com) is currently blacklisted > on the IP address 69.46.98.21. This is causing problems for our customers > because they are unable to send email to anyone that subscribes to this RBL. > I checked SpamCop's website, but there is not update when this IP address > will be removed. Could a deputy at SpamCop please contact me at > abuse-team@covad.com? > > Thanks- > Andy Smith > Covad.net Abuse Department > Spammers spoil it for everyone. The server will automatically be delisted up to 48 hours after the last spam report/trap :-) The Deputies should be able to help as to why it is listed. Also Covad if you are from Covad abuse team as you posted from a Dynamic/Residential Covad Ip address please see: http://www.spamhaus.org/sbl/listings.lasso?isp=covad.com Are you going to be removing those spammers? Inquiring minds want to know. I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From wb8tyw at qsl.network Mon Sep 13 15:58:39 2004 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Sep 13 16:00:06 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: <4KZuVHGAOlED@eisner.encompasserve.org> In article <4145DC6D.3050100@bobames.com>, Bob Ames writes: > > The militant technique known as Vampiring, whereby a SpamWarrior > drains data from websites of known scammers and spammers, is > illegal in certain areas because it's abusive. Unless you have direct peering with the network being vampired, it is likely a TOS violation somewhere up the line that you get internet service from. > But Vampiring, by definition, uses abusive techniques, and this is > why it's illegal in many areas to do Vampiring. It can also overload the residential broadband networks that are used to do the vampiring, just like open proxies on the networks do now. In my area, one to two active open proxies can wipe out the broadband internet for several towns because they will overload a common link to the rest of the Internet. It probably would not take many spam vampires to have the same effect. > Some legal issues: I am not a lawyer, and do not even play one on TV. > Since the Vampiring of websites is illegal is many jurisdictions, > could IronPort/SpamCop have any liability for supporting the > discussion forums strategizing ways to Vampire? Perhaps an > alt.spam.vampiring NG could be created in case IronPort/SpamCop > wishes to avoid liability exposure issues. > Could SpamWarriors become targets of civil suits by scammers and > spammers who are incredibly upset that their websites are being > targeted and attacked? Yes. And unlike SLAPP lawsuits, it should be easy for the plaintiff to get proof once they trace a connection. They may be able to get wiretap warrants on the sites that are coordinating the attack. Once they get the wiretap warrants, the case becomes a slam-dunk. > Could scammers and spammers file criminal ("John Doe") complaints > against SpamWarriors? Yes. > Could scammers and spammers LART (file complaints with) the ISPs of > the attacking SpamWarriors? Yes. And it is very likely that there will be automatic LARTS generated by the owners of proxypots. > Of course every non-black-hat ISP would cheer the activities of > Vampires, Not really, as ISPs buy bandwidth at a metered rate, and sell it at a fixed rate. Allowing spam vampires to operate cuts their profit margin, it can even make them lose money if there are enough spam vampires operating. Operating a spam vampire on a residential broadband connection hurts the broaband ISP more than it hurts the spammer's web sites for the same reason. And many spammers are already floating their web sites on multiple zombied computers, so the spam vampiring has zero effect on them. True unlimited bandwidth is still expensive. Cheap bandwidth is really shared bandwidth with the assumption that even though you have T1/T3 speeds, you are really only using far less than 1% of the available bandwidth on average and are probably peaking at less than 5% in tiny bursts. Some networks operate on the honor system, others have meters. You can bet that the eventual upstream has a meter, and once it hits a threshold, either the higher bill will kick in, or service will be cut off. Intermediate upstreams may absorb small overcharges that do not repeat, but will not month after month without raising rates downstream. > but if they don't enforce their own TOS/AUP against the > Vampiring SpamWarrior, wouldn't the SpamWarrior's ISP become a > legitimate target of civil (or even criminal) complaints filed by > the scammers and spammers? Yes. > And what about Black-Hat ISPs? Couldn't they join in these civil > and criminal complaints against the Vampiring SpamWarriors? Not likely, they are more likely to just add it to the cost of doing business, and try to pass the cost on to the spammers. They have mostly learned that legal action against the ISP's that you want to exchange packets with just costs money and does not really accomplish anything else. > Besides using anonymizing proxies which still isn't a cure-all > since any given proxy might still be traceable back to the > SpamWarrior, what can be done to protect these Vampiring > SpamWarriors? Nothing. Once they are traced back, the spammer can use the full actions of the civil and criminal courts against the spam vampire operator. My guess is that a competent lawyer could easily bankrupt a spam vampire operator one way or another regardless of the outcome of the case. Using anonymizing proxies is actually starting to increase the chances of the spam vampire being caught, or having their I.P. space widely blocked by spam fighting organizations. As there is no way to tell the difference between a proxypot and a open proxy, there is a high likely hood that using what appears to be an open proxy will cause a LART to the ISP where the probe originates from. > Many non-Vampiring SpamWarriors want to support the Vampires but > aren't comfortable with actually doing Vampiring since it's illegal > in certain places. Is there anything that the Vampires need in the > way of support that could be done by the less militant SpamFighters > that don't wish to actually do the Vampiring? Provide them with a high bandwidth connection to the internet where the TOS does not prohibit spam vampiring, and change I.P. addresses on a regular basis? Also provide unlimited funds to cover the legal claims that will show up. The same techniques that are used to trace spammers can be used to trace spam vampire operators, and as both proxypot operators and spammers would be issuing complaints, it is more likely that a spam vampire user will get their internet access terminated if they are on a residential or any fixed rate connection, or sending through open proxies. And it is likely that if they are using open proxies on a high bandwidth connection, that they would find their I.P. ranges blocked just from the proxypot hits. After all, how is a proxypot operator going to know the difference between spam vampire and a spammer? It is like catching a criminal in the act, and them trying to claim that they were only testing the security, and they did not intend to really steal anything. These points have been brought up before, and most of them have even been acknowledged by those that think spam vampiring is a good idea. It is like posts contrary to their view are ignored. -John wb8tyw@qsl.network Personal Opinion Only From Merlyn at Spamcop.net Mon Sep 13 17:19:53 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 13 16:25:02 2004 Subject: [SpamCop-List] Re: SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) References: Message-ID: "Covad Abuse Team" wrote in message news:ci4neu$p02$1@news.spamcop.net... > Hello- > > Our hosted services company (MegaMailServers.com) is currently blacklisted > on the IP address 69.46.98.21. This is causing problems for our customers > because they are unable to send email to anyone that subscribes to this RBL. > I checked SpamCop's website, but there is not update when this IP address > will be removed. Could a deputy at SpamCop please contact me at > abuse-team@covad.com? > > Thanks- > Andy Smith > Covad.net Abuse Department > This just posted to NANAS: profitcentsdemo.com from Covad: 64.105.44.173 spamming from Covad Use Google for the full thing, I am sure you know about NANAS Better get your spammer at profitcentsdemo.com under control (Meaning Drop them) I am sure you just made many more blocklists. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From D.Gray at picture.oscar.wilde Mon Sep 13 22:39:21 2004 From: D.Gray at picture.oscar.wilde (Dorian Gray) Date: Mon Sep 13 16:40:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: It's funny reading half-a-thread, with all of Cat's posts missing. I get the gist though from the responses... In article , "Mike Easter" wrote: > http://www.spamcop.net/forum.shtml 'you might want to consider > configuring your software with a false email address. Please use > "nobody@devnull.spamcop.net" if you use a fake address'. I did read that faq. I went with the majority of mungers and chose to ignore it. Is my literary domain against the rules then? Does it annoy the deputies (not my intention)? What are the problems with using an arbitrary munging, and what are the advantages of using the devnull address above? Cheers. From kenbrody at spamcop.net Mon Sep 13 17:37:03 2004 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Sep 13 16:45:03 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: <414604EF.37FDAD2@spamcop.net> eddie wrote: > > On Mon, 13 Sep 2004 19:44:13 +0200, Bob Ames scratched out the following: > > > Since the Vampiring of websites is illegal is many jurisdictions, could > > IronPort/SpamCop have any liability for supporting the discussion forums > > strategizing ways to Vampire? Perhaps an alt.spam.vampiring NG could be > > created in case IronPort/SpamCop wishes to avoid liability exposure > > issues. > > Not unless our freedom of speech has been taken away. > Most laws are against action, not talk. > It's not even illegal to publish a book about how to kill the the > president. Or show an off-broadway play about the same thing. Unless one of the members of the discussion actually commits the illegal act that was being discussed, in which case the rest of the group might be considered part of the conspiracy to commit said act. However, SpamCop might have the defense that they were merely the carrier of the message. (I forget the legal term, but it's the same reason a phone company can't be held responsible for something simply because the act was discussed in a phone call.) ObDisclaimer: IANAL -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ From nobody at devnull.spamcop.net Mon Sep 13 16:59:36 2004 From: nobody at devnull.spamcop.net (Cat) Date: Mon Sep 13 17:00:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: Message-ID: Dorian Gray wrote: > It's funny reading half-a-thread, with all of Cat's posts missing. I > get the gist though from the responses... Well, aren't you just a perfect picture of immaturity. From puoti at inwind.it Mon Sep 13 22:59:09 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Mon Sep 13 17:05:02 2004 Subject: [SpamCop-List] Spamcop contradicts itself Message-ID: http://www.spamcop.net/sc?id=z659021031z80b209a25e999b58e869d7586d1ce41ez Yum, this spam is fresh! Message is old Is spamcop on drugs or something? Ivan. From umm at no.invalid Mon Sep 13 23:12:25 2004 From: umm at no.invalid (Sean W) Date: Mon Sep 13 17:15:03 2004 Subject: [SpamCop-List] Re: Spamcop contradicts itself References: Message-ID: Ivan Leo Puoti wrote: > http://www.spamcop.net/sc?id=z659021031z80b209a25e999b58e869d7586d1ce41ez > Yum, this spam is fresh! > Message is old > > Is spamcop on drugs or something? > > Ivan. Heh. Never saw that one before. But but but... It's right, it's fresh spam but hey the message *is* old right? As in spam *is* old and we dinee want it anymore? -- Sean From nobody at spamcop.net Mon Sep 13 15:40:03 2004 From: nobody at spamcop.net (Eric) Date: Mon Sep 13 17:45:08 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Graeme Leith wrote: > Joe Blow wrote: > >> You're assuming that the image exists on the IB's site...which seems >> unlikely if the image is really related to the spammer's site. For >> example, >> spammy can't very well expect an image of his "product" to exist on an >> IB's >> site...and it would look pretty stupid to have an image unrelated to his >> "product". Granted, if the image is a common logo or otherwise generic >> image that may exist on any number of sites, it wouldn't be a good >> candidate >> to spam vampire. > > > The image doesn't have to be the same name. The image on my site is > called See.jpg. If you send a referrer of the index page on my site, > then my server will deliver the *See.jpg* to you. If you don't send the > correct referrer, then you get redirected to the image *spews.gif* on > SPEWS. So, if you send a valid request, you see what you're supposed to > see. If you send an invalid request, you get bumped to something else. > The owner of the web site gets to choose what are valid and invalid > requests. > > I chose referrer as it only took a couple of minutes to code. I could > have decided that it would deliver the image to any single IP address > 100 times in a 24 hour period, with all additional requests from that IP > beyond that point getting redirected. If I set it up this way, SV would > become useless, but normal visitors would not encounter any problems. > Using "HTTP_REFERER" do perform this switch is unreliable, especially with more and more people setting their browsers not to send the referring URL out of privacy concerns. Of course, those same people might be less likely to fall for some spam scam. So those people would see the redirect target image, and not the scam image. It might reduce the number of suckers, at that! From nobody at spamcop.net Mon Sep 13 18:35:29 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 17:45:29 2004 Subject: [SpamCop-List] Re: SpamCop Blacklisting 69.49.98.21 (MegaMailServers.com) References: Message-ID: "Covad Abuse Team" wrote in message news:ci4neu$p02$1@news.spamcop.net... > Hello- > > Our hosted services company (MegaMailServers.com) is currently blacklisted > on the IP address 69.46.98.21. This is causing problems for our customers > because they are unable to send email to anyone that subscribes to this RBL. > I checked SpamCop's website, but there is not update when this IP address > will be removed. Could a deputy at SpamCop please contact me at > abuse-team@covad.com? > > Thanks- > Andy Smith > Covad.net Abuse Department > > handled in email Ellen From nobody at spamcop.net Mon Sep 13 18:36:09 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 17:45:39 2004 Subject: [SpamCop-List] Vampires etc Message-ID: Folks -- can you please take these discussions to either social or geeks where they more properly belong. Thanks Ellen SpamCop From nobody at nowhere.not Mon Sep 13 22:47:28 2004 From: nobody at nowhere.not (Robert Blair) Date: Mon Sep 13 17:50:02 2004 Subject: [SpamCop-List] reporting probes to my system Message-ID: I have been thinking of reporting probes to my system, so a few questions. I will be using sneakemail to send the reports and possibly spamcop to get the reporting address. I want to mung the destination IP/domain name from the firewall logs I send as documentation. Will an ISP automatically reject my LART without the destination? What should I give as the description of the problem? Hacking or something else? -- Robert Blair From Merlyn at Spamcop.net Mon Sep 13 18:58:39 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 13 18:00:02 2004 Subject: [SpamCop-List] Re: Vampires etc References: Message-ID: "Ellen" wrote in message news:ci544k$at0$2@news.spamcop.net... > > Folks -- can you please take these discussions to either social or geeks > where they more properly belong. Thanks > > Ellen > SpamCop > Thank you Ellen :-) -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From glnews030922 at highspot.net Tue Sep 14 00:04:05 2004 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Sep 13 18:05:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Eric wrote: > Using "HTTP_REFERER" do perform this switch is unreliable, especially > with more and more people setting their browsers not to send the > referring URL out of privacy concerns. Of course, those same people > might be less likely to fall for some spam scam. I used the referrer in my example because it only took a couple of minutes to set up. If I was building it to stop something like SV, I would have an external program build a list of IPs to redirect/refuse based on the number of hits or bytes downloaded. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Mon Sep 13 16:05:57 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 18:10:03 2004 Subject: [SpamCop-List] Re: Spamcop contradicts itself References: Message-ID: Ivan Leo Puoti wrote: >> Yum, this spam is fresh! > Message is old > > Is spamcop on drugs or something? Heh. I think somehow spamcop lost its 'x hours' thingy to put between 'is old' -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Sep 13 16:10:23 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 18:10:16 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: Robert Blair wrote: > I have been thinking of reporting probes to my system, so a few > questions. Are you familiar with the reporting systems at DShield and MyNetWatchman? snips http://www.dshield.org/ DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service. http://www.mynetwatchman.com/ myNetWatchman collects, analyzes and reports malicious access attempts to ISPs, who can then take action against the offending machines. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Sep 13 16:23:20 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 18:25:03 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Dorian Gray wrote: > I did read that faq. I went with the majority of mungers and chose to > ignore it. Is my literary domain against the rules then? Does it > annoy the deputies (not my intention)? What are the problems with > using an arbitrary munging, and what are the advantages of using the > devnull address above? My post was actually about or against using *only* the 'nobody' email addy without any kind of handle or persona attached to it leading to ambiguity or confusion between the nobodies. If everyone who is using nobody for the addy /only/ used the address, it would be a problem. Some people have interpreted that faq as saying that that is the address which should [or perhaps 'must'] be used. I interpret that faq not for what it is saying but for what it isn't saying. What it isn't saying is that many people make mistakes in arbitrarily 'manufacturing' a munged address. By providing an acceptable munged address, the faq would hope to prevent people making /bad/ munged addresses. The problem with arbitrary mungeing is when the munge has the potential of causing problems somewhere at present on in the future. If the nature of the munge results in the possibility that a spammer who harvests from the From and then begins to attach usernames to that domainname might be hitting some domain owners mailboxes now or in the future. For that reason, somehow the domainname has to be now and forever invalid. There are a number of ways of doing that. I chose to use the domain '.invalid' because it has been decreed that .invalid would never be a domainname. Mungeing is actually not 'sanctioned' in any RFCs, and in fact there are arguments and even rules against mungeing. It is likely that your provider sez that you cannot forge your address or you would be in violation of its TOS. The advantages of the devnull here is that it is 'approved' here. There might be arbitrary choices which are poor choices. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Sep 14 00:45:14 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Sep 13 18:50:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: "Mike Easter" wrote in message news:ci56jc$etl$1@news.spamcop.net... > Dorian Gray wrote: > > I did read that faq. I went with the majority of mungers and chose to > > ignore it. Is my literary domain against the rules then? Does it > > annoy the deputies (not my intention)? What are the problems with > > using an arbitrary munging, and what are the advantages of using the > > devnull address above? > > My post was actually about or against using *only* the 'nobody' email > addy without any kind of handle or persona attached to it leading to > ambiguity or confusion between the nobodies. If everyone who is using > nobody for the addy /only/ used the address, it would be a problem. > > Some people have interpreted that faq as saying that that is the address > which should [or perhaps 'must'] be used. I interpret that faq not for > what it is saying but for what it isn't saying. What it isn't saying is > that many people make mistakes in arbitrarily 'manufacturing' a munged > address. By providing an acceptable munged address, the faq would hope > to prevent people making /bad/ munged addresses. > > The problem with arbitrary mungeing is when the munge has the potential > of causing problems somewhere at present on in the future. If the nature > of the munge results in the possibility that a spammer who harvests from > the From and then begins to attach usernames to that domainname might be > hitting some domain owners mailboxes now or in the future. > > For that reason, somehow the domainname has to be now and forever > invalid. There are a number of ways of doing that. I chose to use the > domain '.invalid' because it has been decreed that .invalid would never > be a domainname. > > Mungeing is actually not 'sanctioned' in any RFCs, and in fact there are > arguments and even rules against mungeing. It is likely that your > provider sez that you cannot forge your address or you would be in > violation of its TOS. > > The advantages of the devnull here is that it is 'approved' here. There > might be arbitrary choices which are poor choices. > Err..... Pardon? > -- > Mike Easter > kibitzer, not SC admin > From eddie at eddie.web Mon Sep 13 19:49:15 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 18:50:24 2004 Subject: [SpamCop-List] http://www.world-of-meds.com Message-ID: It seems pacbell is hosting this site. I wonder if my LART will do anything? Or if the bottom line at pacbell is the overruling factor. I have also alerted several other agencies and some of the drug companies. Their spam came from China with forged headers, etc., which a legit company would not use. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From l at rs.nomail.dk Tue Sep 14 01:50:41 2004 From: l at rs.nomail.dk (Lars Poulsen) Date: Mon Sep 13 18:55:02 2004 Subject: [SpamCop-List] Re: Vampires etc In-Reply-To: References: Message-ID: These discussions don't belong here - you are quite right.... ... BUT these FOLKS seems to be very frustrated - like myself. I am reporting more than 200 spamitems daily. Most of the reports are going to the same well known addresses like: anti-spam@chinanet.cn.net, ct-abuse@sprint.net, abuse@hanaro.com, mail-abuse@nic.br, spamcenter@hanafos.com, postmaster@hananet.net, .......,.. you know the rest. I am beginning to wonder - is it really worth the trouble - reporting doesn't seem to affect these spammers at all. There must be other ways - in my frustration I am now finding myself ready to use methods that are less fine. I am sick and tired of having my mailbox flooded with Spam and mail bounces and I want to do what I can to stop these criminals that are destroying our email system. Please convince me that the tiresome reporting job is worth while. Best Regards Lars Denmark (English is not my first language!) From fred558 at bobames.com Tue Sep 14 02:01:54 2004 From: fred558 at bobames.com (Bob Ames) Date: Mon Sep 13 19:05:03 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire In-Reply-To: <4145DC6D.3050100@bobames.com> References: <4145DC6D.3050100@bobames.com> Message-ID: Bob Ames wrote: > Many non-Vampiring SpamWarriors want to support the Vampires but > aren't comfortable with actually doing Vampiring since it's illegal > in certain places. Is there anything that the Vampires need in the > way of support that could be done by the less militant SpamFighters > that don't wish to actually do the Vampiring? Replying to my own post. Followups set to spamcop.geeks. From BobJeff at att.net Mon Sep 13 19:05:44 2004 From: BobJeff at att.net (Bob) Date: Mon Sep 13 19:05:17 2004 Subject: [SpamCop-List] ATT OK's spam Message-ID: I have been getting a lot of spam for a free Dell that lead to ProductResearchPanel An ad link to the exact same page is sometimes displayed at the top of the ATT webmail home page. ATT is taking ad money from spammers NO WONDER THEY ARE NOT BLOCKING THEIR SPAM. Read this now - they will probably cancel my account soon. From nobody at nowhere.not Tue Sep 14 00:07:37 2004 From: nobody at nowhere.not (Robert Blair) Date: Mon Sep 13 19:10:04 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: On Mon, 13 Sep 2004 22:10:23 UTC, "Mike Easter" wrote: > > I have been thinking of reporting probes to my system, so a few > > questions. > > Are you familiar with the reporting systems at DShield and MyNetWatchman? > snips Not until you posted this message. > http://www.dshield.org/ DShield provides a platform for users of > firewalls to share intrusion information. DShield is a free and open > service. Not a reporting service, it is a blocklist. > http://www.mynetwatchman.com/ myNetWatchman collects, analyzes and > reports malicious access attempts to ISPs, who can then take action > against the offending machines. I am not using a supported OS or firewall (I expected this) which is why my original questions so I can send my own LARTS. -- Robert Blair From nobody at spamcop.net Mon Sep 13 19:29:27 2004 From: nobody at spamcop.net (Miss Betsy) Date: Mon Sep 13 19:30:05 2004 Subject: [SpamCop-List] Re: Vampires etc References: Message-ID: "Lars Poulsen" wrote in message news:ci5882$h79$1@news.spamcop.net... > These discussions don't belong here - you are quite right.... > > ... BUT these FOLKS seems to be very frustrated - like myself. > > I am reporting more than 200 spamitems daily. Most of the reports are > going to the same well known addresses like: > anti-spam@chinanet.cn.net, ct-abuse@sprint.net, abuse@hanaro.com, > mail-abuse@nic.br, spamcenter@hanafos.com, postmaster@hananet.net, > .......,.. you know the rest. > > I am beginning to wonder - is it really worth the trouble - reporting > doesn't seem to affect these spammers at all. There must be other ways > - in my frustration I am now finding myself ready to use methods that > are less fine. I am sick and tired of having my mailbox flooded with > Spam and mail bounces and I want to do what I can to stop these > criminals that are destroying our email system. > > Please convince me that the tiresome reporting job is worth while. No one could tell that English is not your first language! It depends on what you hope to accomplish by using spamcop. In the short term, reporting will not decrease your spam load. Particularly if most of your spam is coming from China, Korea, and Brazil, there seems to be nothing done about the reports. However, every report also puts that IP address on a blocklist. People who use the blocklist no longer see the spam in their inboxes. People who use the blocklist to 'tag' the email as spam will have it sent to a special folder. The spamcop email service 'tags' the spam and sends it to a 'held' mail folder. Blocking spam has worked so well that spammers now use ISPs in countries where either they don't understand or they are glad to get spammer money. Spammers also steal the use of other computers (hijack them) to send their spam (which is not honest, obviously). Eventually, perhaps China, Korea, and Brazil will realize that their countries are being exploited by the spammers and that their international reputation is suffering. Then, they will adopt the practices that US and Denmark ISPs have so that spammers do not use their networks to spam. Also more and more ISPs are using blocklists - spamcop is only one blocklist of many. Therefore, more and more ISPs will be refusing email from China, etc. There is evidence that some Chinese server admins understand this and are working to make their IP addresses safe from spammers. If you want to reduce your spam in the short term, change your email address to one that contains alphanumeric characters in the middle - as you did in your 'fake address' and be careful where you use it. Use a throwaway account like hotmail or sneakemail when you want to order something on the Internet or enter your address for any reason. If you can't change your email address, then get a good content filter. Miss Betsy From agent01413 at my-deja.com Tue Sep 14 00:33:19 2004 From: agent01413 at my-deja.com (Socks) Date: Mon Sep 13 19:35:05 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: Bob Ames wrote in news:4145DC6D.3050100 @bobames.com: IANAL > > But Vampiring, by definition, uses abusive techniques, and this is > why it's illegal in many areas to do Vampiring. > which statute(s) do you feel it violates, specifically? > > Since the Vampiring of websites is illegal is many jurisdictions, > could IronPort/SpamCop have any liability for supporting the > discussion forums strategizing ways to Vampire? no. Define "supporting the discussion forums". However, CDA clearly exempts service providers from liability for discussions on their forums. > > Could SpamWarriors become targets of civil suits by scammers and > spammers who are incredibly upset that their websites are being > targeted and attacked? > there is a clean hands doctrine in tort law. > Could scammers and spammers file criminal ("John Doe") complaints > against SpamWarriors? sure. getting anyone to take it seriously is a different matter. > > Could scammers and spammers LART (file complaints with) the ISPs of > the attacking SpamWarriors? > see above > Of course every non-black-hat ISP would cheer the activities of > Vampires, but if they don't enforce their own TOS/AUP against the > Vampiring SpamWarrior, wouldn't the SpamWarrior's ISP become a > legitimate target of civil (or even criminal) complaints filed by > the scammers and spammers? nope. CDA again. ISP could still enforce their TOS though, which is a different matter. If individuals could go after ISPs who fail to enforce their TOS, do you really think that MCI would currently have over 200 entries on spamhaus. Even under can-spam, section 7 says that only the FDA can go after spammer hosts. > > And what about Black-Hat ISPs? Couldn't they join in these civil > and criminal complaints against the Vampiring SpamWarriors? > How would they defend against the counter claims? Arguing in favor of ISP liability for the actions of its customers would make their own hosting of spammers totally untenable. Read the opinion of the judge who dismissed Richter's TRO application against Spamcop. It is quite an education on how a service provider has CDA as a shield against all sorts of claims. Nor is that the only case where that CDA defense came out on the side of the ISP. The same legal theory, with the same results, go way back to actions against Compuserve in the early days of the Internet. This is old and tested law that is covered now in Technology Law 101 in the colleges. (rest snipped) From Merlyn at Spamcop.net Mon Sep 13 20:36:39 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 13 19:40:03 2004 Subject: [SpamCop-List] Re: ATT OK's spam References: Message-ID: "Bob" wrote in message news:ci5913$i6l$1@news.spamcop.net... > I have been getting a lot of spam for a free Dell that lead to > > ProductResearchPanel > > An ad link to the exact same page is sometimes displayed at the > top of the ATT webmail home page. > > ATT is taking ad money from spammers > > > NO WONDER THEY ARE NOT BLOCKING THEIR SPAM. > > Read this now - they will probably cancel my account soon. > ProductResearchPanel.com 208.48.182.44 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19391 Very interesting. If this is them then yes they are supporting a large Spamhaus. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From Merlyn at Spamcop.net Mon Sep 13 20:40:50 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Sep 13 19:45:03 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: "eddie" wrote in message news:pan.2004.09.13.22.49.14.676000@eddie.web... > It seems pacbell is hosting this site. I wonder if my LART will do > anything? Or if the bottom line at pacbell is the overruling factor. > I have also alerted several other agencies and some of the drug companies. > Their spam came from China with forged headers, etc., which a legit > company would not use. > IMHO, It will do no good but send it anyway. Rokso spammers Michael Lindsay / iMedia Networks / Alan Ralsky http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19411 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL16316 -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From MikeE at ster.invalid Mon Sep 13 17:51:01 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 19:55:02 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: Robert Blair wrote: > "Mike Easter" >> http://www.dshield.org/ DShield provides a platform for users of >> firewalls to share intrusion information. DShield is a free and open >> service. > > Not a reporting service, it is a blocklist. I wouldn't say 'it is a blocklist' but the sharing of information can be used in several ways, including that blocklist which is described at http://www.dshield.org/block_list_info.php - but DShield doesn't perform the same way as MNW. DShield accumulates logs from many and thus facilitates sharing information but it doesn't report to providers like MNW does. Reports and Database Summaries Top 10 Most Wanted Top 10 offenders according to the DShield database. Top 10 Ports Top 10 most probed ports. Port Report Provides a thirty day history of a user selected port. IP Info Provides information about an IP address. Subnet Report Get a summary of recent activity from a Subnet Block List List of IP address ranges that you might want to block. >> http://www.mynetwatchman.com/ myNetWatchman collects, analyzes and >> reports malicious access attempts to ISPs, who can then take action >> against the offending machines. > > I am not using a supported OS or firewall (I expected this) which is > why my original questions so I can send my own LARTS. User-Agent: ProNews/2 V1.53.cp050 As well as I can tell, that must be OS2, which would make those available clients for Win or /n/x not helpful. And if there's no hardware firewall to use as a source of logs that's another problem. Does that mean that you have no software intrusion management system and no hardware firewall either? Hmmm. Where are your logs coming from? DShield 'encourages' deveoping your own client at http://www.dshield.org/specs.php MNW encourages those with 'alternate' OSes besides Win & /n/x to use their WebAgent submission http://www.mynetwatchman.com/setup-install-web.asp -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Tue Sep 14 01:10:32 2004 From: nobody at nowhere.not (Robert Blair) Date: Mon Sep 13 20:15:03 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: On Mon, 13 Sep 2004 23:51:01 UTC, "Mike Easter" wrote: > As well as I can tell, that must be OS2, which would make those available > clients for Win or /n/x not helpful. Yep. > And if there's no hardware firewall > to use as a source of logs that's another problem. Does that mean that > you have no software intrusion management system and no hardware firewall > either? Hmmm. Where are your logs coming from? I have the InJoy Firewall installed (http://www.fx.dk). -- Robert Blair From MikeE at ster.invalid Mon Sep 13 18:16:35 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 20:20:02 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: Robert Blair wrote: > I have the InJoy Firewall installed (http://www.fx.dk). I anticipated that and have been looking around about it. InJoy also makes similar apps for other OSes and the logs are plaintext, probably similar betwen the various platforms. But, neither DShield nor MNW mentions InJoy logs for the /n/x or Win platforms, so what to do with the InJoy logs is back on your table. I seem to recall somewhere at the MNW site how they go about reporting to providers. Perhaps there's a format or template-like idea there. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Sep 13 18:44:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 20:45:04 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: Robert Blair wrote: > I have been thinking of reporting probes to my system, so a few > questions. It might be useful to you to read a typical kind of response to those who want to report to providers about probes and such: snurled googlegroups to the post http://snipurl.com/91oq From: (Robert Feeple) Newsgroups: alt.stop.spamming Subject: Re: firewalls & hackers --- anyway to report them? Message-ID: <3cc5d7c0.1239882@news.sf.sbcglobal.net> Date: Tue, 23 Apr 2002 22:30:32 GMT and then to read some faq/s about interpreting your logs and what to do or think about what you see http://www.robertgraham.com/pubs/firewall-seen.html http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html Basically, the idea is to defend yourself; the business of some ISP being interested in an individual reporting things from their firewall to the provider for the source of the probe is /not/ The various firewall experts would recommend that individuals report thru' a service like DShield or MNW, not individually, because of the tendency of individuals to overreact or overinterpret their logs. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Sep 13 22:10:10 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 21:15:07 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: On Mon, 13 Sep 2004 19:40:50 -0400, Merlyn scratched out the following: snip > IMHO, It will do no good but send it anyway. > > Rokso spammers Michael Lindsay / iMedia Networks / Alan Ralsky > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19411 > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL16316 I sent copies to the drug companies and the FTC and FDA Next time maybe I'll ask the FBI if they are interested. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From nobody at devnull.spamcop.net Mon Sep 13 22:20:08 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Mon Sep 13 21:25:04 2004 Subject: [SpamCop-List] Re: Old subject Revisited References: Message-ID: "Steve Gilder" wrote in message news:ci05to$mbp$1@news.spamcop.net... >I do not know if this is allowed here and, if it is, if the time is right >but here goes: [snip] Sorry. This should have been in .geeks. The site I started has been shut down. Steve From MikeE at ster.invalid Mon Sep 13 19:22:17 2004 From: MikeE at ster.invalid (Mike Easter) Date: Mon Sep 13 21:25:20 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: Mike Easter wrote: > http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html > > Basically, the idea is to defend yourself; the business of some ISP > being interested It is important to realize that there is noise and traffic and sweeps, and sweeps are not an 'attack'. That article above discusses the difference between traffic, sweeps, and a genuine attack which is rare -- and points to an app's webpage which discusses in more depth. Oh my gosh, I'm being HACKED!!! What do I do now? This article applies to: BlackICE Defender. http://www.iss.net/security_center/advice/Support/KB/q000040/default.htm ... which would have the genuinely attacked shift over to packet sniffing. What can I use as evidence? This article applies to: BlackICE Defender. http://www.iss.net/security_center/advice/Support/KB/q000016/default.htm More articles are about company 'break-ins' than individuals and involve an organized security structure and 'incident handling team' or protocol. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Sep 13 22:27:54 2004 From: nobody at spamcop.net (Ellen) Date: Mon Sep 13 21:35:03 2004 Subject: [SpamCop-List] Re: Vampires etc References: Message-ID: "Lars Poulsen" wrote in message news:ci5882$h79$1@news.spamcop.net... > These discussions don't belong here - you are quite right.... > > ... BUT these FOLKS seems to be very frustrated - like myself. > > I am reporting more than 200 spamitems daily. Most of the reports are > going to the same well known addresses like: > anti-spam@chinanet.cn.net, ct-abuse@sprint.net, abuse@hanaro.com, > mail-abuse@nic.br, spamcenter@hanafos.com, postmaster@hananet.net, > .......,.. you know the rest. Yes, yes I do and I *do* understand the frustration! I have an unuseable domain now -- it's a domain that I have owned for many many many years -- because it is receiving well over 6000 spams a day now and even with SC and quick reporting that takes a while to plow thru. All sent thru open proxies, all for the same old cr*p. And as the domain is paid up for the next couple of years I am having the privilege of paying for a registration for something unuseable. And the privilege of having to register a new domain and pay for it to replace this one. I am very angry about it -- you bet! > > I am beginning to wonder - is it really worth the trouble - reporting > doesn't seem to affect these spammers at all. There must be other ways > - in my frustration I am now finding myself ready to use methods that > are less fine. I am sick and tired of having my mailbox flooded with > Spam and mail bounces and I want to do what I can to stop these > criminals that are destroying our email system. Sigh it is useful. There are actually signs of movement in recognition of the problems in China. There are meetings being held between Chinese admins and well regarded anti-spammers and useful suggestions are being made. How long will it take them to do some effective things? I don't know. Some provinces are moving faster than others. The reports help put pressure on them. It may not seem that way but they do. In terms of injection IPs that helps also as most ISPs actually do want to clean up their infected users. Again you may not see direct results but the reports make a difference. > > Please convince me that the tiresome reporting job is worth while. I can only tell you that reports and the statistics that result from them do help. There is not always an immediate result and the results are not always immediate but there are results. You know, it took a long time to get to this place where we are at because entities that could have perhaps done something 2 or 3 or 4 years ago were in denial that there was a problem or going to be a major problem, a crisis in fact -- well now there is and, of course, when there is a crisis there is a lot of resultant running around and hand waving and finger pointing. I won't say things won't get worse before they get better but I do believe they will, albeit slowly, get better unless we are all willing to give up email. And yes it is tiresome. Do what you can do without making yourself crazy but don't feel that you have to report every last spam that you receive. Every so often I give myself a spam reporting vacation :-) Ellen From nobody at nowhere.not Tue Sep 14 03:57:38 2004 From: nobody at nowhere.not (Robert Blair) Date: Mon Sep 13 23:00:30 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: On Tue, 14 Sep 2004 00:44:45 UTC, "Mike Easter" wrote: > Basically, the idea is to defend yourself; the business of some ISP > being interested in an individual reporting things from their firewall to > the provider for the source of the probe is /not/ OK. I have a firewall in place, actually for several years now as it was one of the first things I did when I switched from dial-up to DSL. ISPs don't want to know, so I will not report the probes except to my own ISP, which I have been doing. I don't know if my ISP wants them either but because I am a customer they seem to do what is necessary to stop the probes. I will look at DShield and MNW again and see if I want to try either of them. Thanks -- Robert Blair From nobody at devnull.spamcop.net Tue Sep 14 13:04:20 2004 From: nobody at devnull.spamcop.net (Patto) Date: Mon Sep 13 23:05:09 2004 Subject: [SpamCop-List] Another form of unsolicited mail Message-ID: This morning I received the following message -- The message with a subject: "read it immediately" you have sent to [x], has been placed on hold. Please click [this link] and it will be delivered into the mailbox of [x]. If above link does not work, then copy and paste the follosing URL into the address bar of your browser: http://www.domain.com/whitelist?UserName=x&Domain=y.z&UIDL=0&Sender=a@b.c You will have to do it only once. After mail is delivered, your email address will be added to the user whitelist, and you will not need to repeat this procedure, if you send further correspondence to [x]. Please click above link within 24 hours, otherwise, your message will be deleted from the queue, and you will have to resend it again. This is a anti-spam measure. Thanks for understanding. ArGoSoft Mail Server. -- It is quite clear to me that someone set up a system where any incoming messages must be confirmed by the "sender" (address in the From header) in order for the message to be delivered. In this case it is quite obvious that the message is a virus with my address forged in the From header. It is the first time for me to receive such a message, so I am a bit lost what to do with it, and any future such messages. I was not particularly annoyed by this message, but it got me thinking. In order to protect one Internet user from receiving unsolicited messages, others do receive unsolicited messages such as the one above. I will not tolerate this if I receive a number of those in the future. Has this ever been discussed here? What should be done with such messages? From skiwi+newsgroups at spamcop.net Mon Sep 13 21:17:57 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Mon Sep 13 23:20:03 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com In-Reply-To: References: Message-ID: eddie wrote: > It seems pacbell is hosting this site. I wonder if my LART will do > anything? Or if the bottom line at pacbell is the overruling factor. > I have also alerted several other agencies and some of the drug companies. > Their spam came from China with forged headers, etc., which a legit > company would not use. I get http://www.directi.com out of Bombay, India... and it is very slow - maybe just changed? From eddie at eddie.web Tue Sep 14 00:31:37 2004 From: eddie at eddie.web (eddie) Date: Mon Sep 13 23:35:03 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: On Mon, 13 Sep 2004 20:17:57 -0700, Skiwi scratched out the following: > eddie wrote: > >> It seems pacbell is hosting this site. I wonder if my LART will do >> anything? Or if the bottom line at pacbell is the overruling factor. I >> have also alerted several other agencies and some of the drug companies. >> Their spam came from China with forged headers, etc., which a legit >> company would not use. > > I get http://www.directi.com out of Bombay, India... and it is very slow > - maybe just changed? I didn't check SC's parsing, but is it possible that it is a redirect and that I caught it when it was pointing to pacbell? I posted the tracker, but I didn't really look into it too carefully. SC said pacbell and I believed it, but it could be one of those rotating redirectors I read about. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From nobody at spamcop.net Tue Sep 14 00:50:49 2004 From: nobody at spamcop.net (Nobody) Date: Mon Sep 13 23:55:03 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited In-Reply-To: References: Message-ID: Graeme Leith wrote: > If you follow them, you run the danger of DoSing a legitimate site. For that matter, hasn't anyone mentioned that DoSing a spammer site is also probably a violation of your own legitimate ISPs TOS? What's to stop the spammer from larting your ISP and getting you shutdown? Please forgive me, for I haven't lurked much on this group in a while, and perhaps missed this point. From nobody at devnull.spamcop.net Tue Sep 14 00:01:16 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 00:05:02 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Patto" wrote in message news:ci5n3l$3cc$1@news.spamcop.net... > > It is quite clear to me that someone set up a system where any incoming > messages must be confirmed by the "sender" (address in the From header) in > order for the message to be delivered. In this case it is quite obvious > that the message is a virus with my address forged in the From header. It's called Challenge/Response ... There's a FAQ entry over in the web-Forums with some discussion on this concept ... do a search for "Mailblocks" for a bit of "lively" discussion. http://forum.spamcop.net/forums/index.php? From baloo at ursine.dyndns.org Mon Sep 13 22:02:31 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Tue Sep 14 00:25:02 2004 Subject: [SpamCop-List] Re: reporting probes to my system References: Message-ID: <871xh5ijl4.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Robert Blair" writes: > I don't know if my ISP wants them > either but because I am a customer they seem to do what is necessary > to stop the probes. I doubt they want them, either. You might ask them just in case. However, I suspect their answer will be "your security is your responsibility," and I'm inclined to agree. Users have different needs, and there isn't a one-size-fits-all solution when it comes to security. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBRm1aUzgNqloQMwcRAt4gAKDXS5NOYobonymTOh0Dip1RFIcYtgCeKhPH uS0YrA7zQYTRzq8ZqAPuu4o= =0Ffu -----END PGP SIGNATURE----- From baloo at ursine.dyndns.org Mon Sep 13 22:28:35 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Tue Sep 14 00:35:02 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: <87sm9lh3t8.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "WazoO" writes: > It's called Challenge/Response ... There's a FAQ entry > over in the web-Forums with some discussion on this > concept ... do a search for "Mailblocks" for a bit of > "lively" discussion. http://forum.spamcop.net/forums/index.php? Or just google for "challenge response considered harmful" for a summary with less drama... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBRnNzUzgNqloQMwcRAnk+AJ942YIxSQX6evymkvvP28wwjBK6VQCggc3+ 2IbNAug+MX+bJSTCcR1wHJk= =tIXc -----END PGP SIGNATURE----- From nobody at devnull.spamcop.net Tue Sep 14 02:22:37 2004 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Tue Sep 14 01:25:15 2004 Subject: [SpamCop-List] Registrants inaccurate info [C&C] Message-ID: Domain Name:XVXXDATWERS.INFO Sponsoring Registrar:R263-LRMS Status:ACTIVE Status:OK Registrant ID:C5701518-LRMS Registrant Name:Jonathan Blue Registrant Organization:None Registrant Street1:1214 West 55th St. Registrant City:New York Registrant State/Province:New York Registrant Postal Code:10023 Registrant Country:US Registrant Phone:+1.7184120202 1214 W. 55th St is in the Hudson River. ZIP 10023 is centered at 69th Street. The zip for 699 W. 55th is 10019 (highest valid address on W.55th) the 718 area code is Brooklyn/Queens and Bronx I think I don't think this guy knows where he is From nobody at devnull.spamcop.net Tue Sep 14 15:30:45 2004 From: nobody at devnull.spamcop.net (Patto) Date: Tue Sep 14 01:35:04 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: <87sm9lh3t8.fsf@ursine.dyndns.org> Message-ID: "Paul Johnson" wrote in message news:87sm9lh3t8.fsf@ursine.dyndns.org... > <#secure method=pgp mode=sign> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "WazoO" writes: > >> It's called Challenge/Response ... There's a FAQ entry >> over in the web-Forums with some discussion on this >> concept ... do a search for "Mailblocks" for a bit of >> "lively" discussion. http://forum.spamcop.net/forums/index.php? > > Or just google for "challenge response considered harmful" for a > summary with less drama... I've heard about Chanllenge/Response before, but this is the first time that I had come in contact with it. I certainly don't like it the way it is done, without verifying the real sender first. But since this has been already discussed at lenght before, I'll leave it at that. From MikeE at ster.invalid Mon Sep 13 23:34:39 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 01:35:18 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: Patto wrote: > In this case it is quite obvious that the message > is a virus with my address forged in the From header. Or a spam. Spam or virms may have your addy From forged and be so challenged > What should be done with such messages? To the best of my understanding, they are spamcop reportable. There is nothing in this part of the faq that sez challenges aren't reportable http://www.spamcop.net/fom-serve/cache/14.html Some spam defense systems are stupidly based entirely on whitelisting and challenging everything else. They should be spamcop reported and SC blocklisted out of existence. Mailblocks had a lot of trouble with its SC blocklisted condition. My favorite definitions of spam are those most like that at MAPS http://www.mail-abuse.com/support/techfaqs.html#spam_def and those who have trouble seeing the 'bulk' in challenges, should look at its #1 which sez that your identity is irrelevant because the message is equally applicable to many others. That is better than saying 'bulk', especially in the case of the challenge. -- Mike Easter kibitzer, not SC admin From mrichter at cpl.net Mon Sep 13 23:38:40 2004 From: mrichter at cpl.net (Mike Richter) Date: Tue Sep 14 01:40:03 2004 Subject: [SpamCop-List] Re: Registrants inaccurate info [C&C] In-Reply-To: References: Message-ID: Steve Gilder wrote: > 1214 W. 55th St is in the Hudson River. > ZIP 10023 is centered at 69th Street. The zip for 699 W. 55th is 10019 > (highest valid address on W.55th) > the 718 area code is Brooklyn/Queens and Bronx I think > > I don't think this guy knows where he is > He's in deep cover. Mike -- mrichter@cpl.net http://www.mrichter.com/ From tdy at blackhole.invalid Mon Sep 13 23:49:15 2004 From: tdy at blackhole.invalid (N. Miller) Date: Tue Sep 14 01:50:03 2004 Subject: [SpamCop-List] Re: Vampire Legality & Supporting Your Local Vampire References: <4145DC6D.3050100@bobames.com> Message-ID: In article , eddie says... > This is the mechanism by which scriptbabies get and send out the virii. I have been playing with computers since 1983, and I have yet to see a 'virii' on any computer I have ever come in contact with. I have helped a friend clean a virus, and I have had many email message containing viruses which were properly disposed of by the anti virus software. I just haven't seen a 'virii'. Yet. I believe that I never will. http://www.cknow.com/vtutor/vtplural.htm -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Tue Sep 14 00:14:48 2004 From: tdy at blackhole.invalid (N. Miller) Date: Tue Sep 14 02:20:03 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: In article , eddie says... > It seems pacbell is hosting this site. I wonder if my LART will do > anything? Or if the bottom line at pacbell is the overruling factor. > I have also alerted several other agencies and some of the drug companies. > Their spam came from China with forged headers, etc., which a legit > company would not use. Pacbell only exists as a "legacy domain" in the SBC Global universe, now. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Tue Sep 14 00:29:39 2004 From: tdy at blackhole.invalid (N. Miller) Date: Tue Sep 14 02:30:03 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: In article , Claudio Valderrama C. says... > Can you have a peek at "reUrgente" in sc.spam, please? > I didn't save the headers but SC parsed them correctly. The problem is the > body. Maybe I'm overlooking something obvious, but I don't understand why SC > didn't pick any URL. There's one to my eyes and there's no scripting > involved. Mike Easter discussed the problem of the incorrect content type breaking the parse. His example shows that putting "Content-Type: text/html" with a spambody that has no HTML tags will cause the parse to fail to find links. Here you will find an actual example of a spam where SC failed to find links because the headers declared, "Content-Type: text/html", but the spambody has no HTML tags. Merely changing the "/html" to "/plain" caused SC to find the links, as the second tracker will show: SC found no links: http://www.spamcop.net/sc?id=z659300106ze6b5687c92904c445938b0a9a5b66ba8z Same spamitem, "/html" changed to "/plain" in the headers: http://www.spamcop.net/sc?id=z659364955z7d8924ea45fb63e23e02912d5cdc0978z Some points: You will see why Mike wants to see the trackers. One line only for each spamitem. You can pick apart the headers by following the links. There is a certain amount of controversy over editing the headers, beyond munging identity. At what point does the change become "substantial", and cause the item to lose its value as evidence. I have not made up my mind about it. I have "fixed" broken headers, such as this one in the past. But I always wind up fretting about it. Maybe I should just fall back on Sam Spade for this type of spam; at least for reporting links in the spambody. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Tue Sep 14 00:39:20 2004 From: tdy at blackhole.invalid (N. Miller) Date: Tue Sep 14 02:40:03 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: In article , Ellen says... > However I notice that it appears the path for this reply is them --> your SC > account --> your ISP and neither the SC servers nor your account at yahoo UK > mailservers are added to your mailhosts. If you plan to report spams that > make it thru your SC account to your home ISP you need to add those > mailhosts. It would be just as well to go ahead and add them now and be done > with it so this issue does not arise again. I have not received a response to a SpamCop complaint for a long time. But if I did, what would the path be? Them --> SC servers --> my ISP? I don't have a SpamCop account, and I believe the OP stated that he has none, either. The routing in this case isn't for spam, is it? The OP apparently just loaded the response for a parse because he was uncertain whether it was actually spam, or not. Just curious... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From ric.gates at bigsleep.org Tue Sep 14 07:56:46 2004 From: ric.gates at bigsleep.org (Blammo) Date: Tue Sep 14 03:00:05 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: On 13 Sep 2004 N. Miller entered spamcop and left news:MPG.1bb031f6a2e4aa12989747@news.spamcop.net: > I have not received a response to a SpamCop complaint for a long time. > But if I did, what would the path be? Them --> SC servers --> my ISP? > I don't have a SpamCop account, and I believe the OP stated that he > has none, either. The routing in this case isn't for spam, is it? The > OP apparently just loaded the response for a parse because he was > uncertain whether it was actually spam, or not. Just curious... > Yes, you are right, Ellen's coffee was too weak. Each report generates a unique number, and that's where replies go to. Spamcop relays them to you. -- | Ric From porpoise1954 at yahoo.co.uk Tue Sep 14 09:24:09 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 14 03:25:20 2004 Subject: [SpamCop-List] Re: Bad report References: Message-ID: "N. Miller" wrote in message news:MPG.1bb031f6a2e4aa12989747@news.spamcop.net... > In article , Ellen says... > > > However I notice that it appears the path for this reply is them --> your SC > > account --> your ISP and neither the SC servers nor your account at yahoo UK > > mailservers are added to your mailhosts. If you plan to report spams that > > make it thru your SC account to your home ISP you need to add those > > mailhosts. It would be just as well to go ahead and add them now and be done > > with it so this issue does not arise again. > > I have not received a response to a SpamCop complaint for a long time. But > if I did, what would the path be? Them --> SC servers --> my ISP? I don't > have a SpamCop account, and I believe the OP stated that he has none, > either. The routing in this case isn't for spam, is it? The OP apparently > just loaded the response for a parse because he was uncertain whether it was > actually spam, or not. Just curious... No. I actually loaded the response to be able to post a tracker for advice and munge my real address as I didn't want to reply to the ISP directly and as their post originally went to SC, I thought they might be better positioned to go back to them. This is what has now happened OSIB. Case closed, I think. > > -- > Norman > ~Win dain a lotica, En vai tu ri, Si lo ta > ~Fin dein a loluca, En dragu a sei lain > ~Vi fa-ru les shutai am, En riga-lint From nobody at nowhere.invalid Tue Sep 14 11:26:45 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Sep 14 04:30:10 2004 Subject: [SpamCop-List] Re: Vampire - Re: Old subject Revisited References: Message-ID: On Mon, 13 Sep 2004 23:50:49 -0400, Nobody coughed into spamcop and left this in : > For that matter, hasn't anyone mentioned that DoSing a spammer site is > also probably a violation of your own legitimate ISPs TOS? > > What's to stop the spammer from larting your ISP and getting you shutdown? > > Please forgive me, for I haven't lurked much on this group in a while, > and perhaps missed this point. No, I don't think you did miss the point. There are two groups of people WRT SpamVampire: those who think it's okay to fight abuse with abuse and those who don't. Personally, I don't. -- Steve Spotted in a toilet of a London office: TOILET OUT OF ORDER. PLEASE USE FLOOR BELOW. From nobody at spamcop.net Tue Sep 14 07:48:35 2004 From: nobody at spamcop.net (Miss Betsy) Date: Tue Sep 14 07:50:20 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: <87sm9lh3t8.fsf@ursine.dyndns.org> Message-ID: "Patto" wrote in message news:ci5vm6$ffa$1@news.spamcop.net... > I've heard about Chanllenge/Response before, but this is the first time that > I had come in contact with it. I certainly don't like it the way it is > done, without verifying the real sender first. > > But since this has been already discussed at lenght before, I'll leave it at > that. I once sent a complaint (not thru spamcop) to a C/R to an abuse department who forwarded it to the C/R desk who sent me a C/R which I reported to the abuse desk. It finally took an email to the abuse desk with something to catch the eye in the subject to stop the circle. I just hope I don't have any friends who ever try to use that particular C/R because they did something so that I never got any more. Miss Betsy From nobody at spamcop.net Tue Sep 14 08:33:56 2004 From: nobody at spamcop.net (Ellen) Date: Tue Sep 14 07:50:41 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Mike Easter" wrote in message news:ci5vs2$flf$1@news.spamcop.net... > > To the best of my understanding, they are spamcop reportable. There is > nothing in this part of the faq that sez challenges aren't reportable > http://www.spamcop.net/fom-serve/cache/14.html No they aren't -- they are intensely annoying in all cases especially those cases where someone wrote to you first and/or if sent in response to a bogus/forged message but they are not reportable. > > Some spam defense systems are stupidly based entirely on whitelisting and > challenging everything else. They should be spamcop reported and SC > blocklisted out of existence. Mailblocks had a lot of trouble with its > SC blocklisted condition. No they shouldn't. Ellen From agent01413 at my-deja.com Tue Sep 14 13:24:27 2004 From: agent01413 at my-deja.com (Socks) Date: Tue Sep 14 08:25:06 2004 Subject: [SpamCop-List] Re: Registrants inaccurate info [C&C] References: Message-ID: "Steve Gilder" wrote in news:ci5v6u$eps$1 @news.spamcop.net: > Domain Name:XVXXDATWERS.INFO > > Sponsoring Registrar:R263-LRMS > Status:ACTIVE > Status:OK > Registrant ID:C5701518-LRMS > Registrant Name:Jonathan Blue > Registrant Organization:None > Registrant Street1:1214 West 55th St. > Registrant City:New York > Registrant State/Province:New York > Registrant Postal Code:10023 > Registrant Country:US > Registrant Phone:+1.7184120202 > > 1214 W. 55th St is in the Hudson River. > ZIP 10023 is centered at 69th Street. The zip for 699 W. 55th is 10019 > (highest valid address on W.55th) > the 718 area code is Brooklyn/Queens and Bronx I think > > I don't think this guy knows where he is > 718 does not include the Bronx. It does include StatenIsland. The nxx part of the number (412 in this case) is unique to a specific phone company central business office. 99% of those numbers will be in the immediate vicinity of each other, with some exceptions that you pay significant amounts of money for if you are a business that needs a specific number for some reason. Phone numbers starting with 718-412-xxxx will be in the north Queens CBO. From agent01413 at my-deja.com Tue Sep 14 13:29:58 2004 From: agent01413 at my-deja.com (Socks) Date: Tue Sep 14 08:30:05 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Ellen" wrote in news:ci6lso$dgi$1@news.spamcop.net: >> >> Some spam defense systems are stupidly based entirely on whitelisting >> and challenging everything else. They should be spamcop reported and >> SC blocklisted out of existence. Mailblocks had a lot of trouble >> with its SC blocklisted condition. > > No they shouldn't. > They may not fit spamcop's criteria, but they either fit the criteria of someone else, or someone needs to start a dnsbl that lists only them. If enough people share that view, the dnsbl will be used and successful. I blocked a couple of C/R systems locally on my servers in the access file because they decided to save addresses of people who received their C/R's for future spamming purposes. That subsequant spam (which did appropriately get reported to spamcop) caused the blockage. SPEWS and SORBS blocked that same outfit, IIRC. From nobody at spamcop.net Tue Sep 14 09:38:20 2004 From: nobody at spamcop.net (Ellen) Date: Tue Sep 14 08:55:03 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Socks" wrote in message news:Xns9564421C6AADAagent01413MYDEJACOM@216.154.195.61... > "Ellen" wrote in > news:ci6lso$dgi$1@news.spamcop.net: > > > > They may not fit spamcop's criteria, but they either fit the criteria of > someone else, or someone needs to start a dnsbl that lists only them. If > enough people share that view, the dnsbl will be used and successful. > Well I agree with you that they are beyond annoying -- I especially do not enjoy getting them for replies to people who write to deputies@ At least one abuse desk is now using C/R. I understand why they are doing it as we get large amounts of spam to the various addresses that feed into the deputies mailbox -- altho that doesn't make it one bit less irritating. At this time we use no filters or blocklists altho we are real close to having to seriously figure out doing something, altho I don't know what that something will be :-( E From MikeE at ster.invalid Tue Sep 14 08:32:21 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 10:35:14 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: Ellen wrote: > "Mike Easter" >> To the best of my understanding, they are spamcop reportable. > No they aren't >> They should be >> spamcop reported and SC blocklisted out of existence. > No they shouldn't. Well, I'll be dingdong. I always tho't challenges were SC reportable and have spouted that in numerous other forums discussing C/R. As I review information about mailblocks here and the forum, including the concurrence of Ellen and mailblocks, I haven't been able to find a previous statement saying it was or was not appropriate to report them. Apparently mailblocks' biggest problem in the past has been due to hitting spamtraps and getting listed, and there has never been an 'approval' of spamcop reporters reporting them. Until now, unless someone else can find it, there has also not been a disapproval. I sit corrected. Too bad. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 14 08:41:45 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 10:45:02 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: Mike Easter wrote: > As I review information about mailblocks here and the forum, including > the concurrence of Ellen and mailblocks, I haven't been able to find a > previous statement saying it was or was not appropriate to report > them. Here's an example of an Ellen commentary on a mailblocks listing Most of the authorizations, but not all, were sent to spamtraps. As spamtraps are email addresses that don't exist and never have there is no way that they sent any mail to a mailblocks user. The rest of the reports are from users and by the subject lines it is obvious that the spammer has forged their email addresses as the from in the spam mail being sent to the mailblocks user. Using the from address when spam and viruses routinely forge them is a broken methodology. I delisted the IP but more c/r emails will just relist it. http://news.spamcop.net/pipermail/spamcop-list/2003-September/057288.html I failed to interpret that as Ellen saying those reporters shouldn't be reporting the challenges. -- Mike Easter kibitzer, not SC admin From l at rs.nomail.dk Tue Sep 14 18:43:09 2004 From: l at rs.nomail.dk (Lars Poulsen) Date: Tue Sep 14 11:45:21 2004 Subject: [SpamCop-List] Re: Vampires etc In-Reply-To: References: Message-ID: Thanks to Miss Betsy and Ellen for wise words and good moral support - that was just what I needed. Especially Ellen's words about giving yourself a spam reporting vacation is a good advice - I had driven myself into believing that the whole fight against spam was depending on *me* -and *my* reporting every single spamitem, forgetting that this is a collective battle and that there are others that will report what I am missing and vice versa. I hope that other frustrated reporters will read your fine analysis's of the situation and find new courage. Best Regards Lars Poulsen Denmark From nobody at spamcop.net Tue Sep 14 19:43:33 2004 From: nobody at spamcop.net (John McLusky) Date: Tue Sep 14 13:45:51 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: Patto wrote: > This morning I received the following message > > The message with a subject: "read it immediately" you have sent to > [x], has been placed on hold. That sounds like one of the NetSky variants to me. Last time I receved a C/R for a virus that I had supposedly sent, I answered the challenge thus letting the virus through. OK, I know I shouldn't really have, but... John. From nobody at spamcop.net Tue Sep 14 15:07:13 2004 From: nobody at spamcop.net (Ellen) Date: Tue Sep 14 14:35:22 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Mike Easter" wrote in message news:ci6vc7$ong$1@news.spamcop.net... > Ellen wrote: > Until now, unless > someone else can find it, there has also not been a disapproval. Soon to be appearing in a faq near you :-) Somehow the faqs didn't get updated when C/R became a hot new way to annoy email recipients across the world. > > I sit corrected. Feel free to sit :-) > > Too bad. Yeah it is. Speaking personally what bothers me the most about them (above and beyond having my email address stored in a 3rd party database) is that this is a "spam solution" that generates more clutter in *my* mailbox, especially when I am merely responding to an email and not originating an email exchange. Oh well ... Ellen From eddie at eddie.web Tue Sep 14 15:42:28 2004 From: eddie at eddie.web (eddie) Date: Tue Sep 14 14:45:17 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: On Mon, 13 Sep 2004 23:14:48 -0700, N.Miller scratched out the following: sniparooni > > Pacbell only exists as a "legacy domain" in the SBC Global universe, now. Then shouldn't SC be reporting to SBC? Or is Pacbell still semi-autonomous and worth reporting to? -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From skiwi+newsgroups at spamcop.net Tue Sep 14 13:34:03 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Tue Sep 14 15:35:20 2004 Subject: [SpamCop-List] [media] "This ISP flatfoot enjoys giving spammers the boot" Message-ID: http://tinyurl.com/4d73p "The most trying part of Louis Rush's job is confronting scofflaws, some of whom are hardened criminals, to inform them they've been caught. Often defensive, sometimes cocky, these would-be felons threaten Rush and dare him to stop them. "I already have," is Rush's response, as he cancels their account with ISP EarthLink. Rush, an investigator with EarthLink's abuse team at the company's headquarters in Atlanta, wields the power to disconnect spammers and other offenders from their lifelines by canceling their accounts. Rush learns about abusers from complaints submitted to EarthLink's Web site; from computer logs that show how many e-mails users sends out at once (an excessive amount is a telltale sign of spamming); and even from federal investigators, in the case of offenses such as fraud or child pornography. His job is to contact suspects over the telephone, if possible, alert them to the problem and determine whether an account should be cancelled...." Hmm, wonder if he can bottle that 'satisfied feeling' and send me a 6 pack? :-) From fred558 at bobames.com Tue Sep 14 22:53:32 2004 From: fred558 at bobames.com (Bob Ames) Date: Tue Sep 14 15:55:48 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail In-Reply-To: References: Message-ID: <41474C3C.9060702@bobames.com> Mike Easter wrote: > Well, I'll be dingdong. I always tho't challenges were SC reportable and > have spouted that in numerous other forums discussing C/R. I don't think that real challenges, coming back from LARTS, for example, can be spamcop reported. Fake challenges bring up additional issues. If it's really a bounce from a forged From: address to a C/R address, then these are not spamcop reportable. These can be manually reported using the reporting addresses recommended by the spamcop parser, but you have to cancel the spamcop report and send manual LARTs. If there are 6 lines about how wonderful this Challenge/ Response system is, arriving at a proper secret spamtrap, either with or without a "standard" forged From: address, then it's spam and it's irritating, but is it spamcop reportable? If someone out of the nowhere sends me spam, claiming to be a challenge, with a "straight-up" To: address, which contains several lines promoting their product, then this is spamcop reportable spam, right? Whether it has a forged From: address would appear to be a deciding factor, and maybe the spammyiness of the challengeware description, but unfortunately you would have to look inside the spam to check spammyness. :-( Bob -- (use bob at this domain to reach me) Don't Send Any Email To: From nobody at devnull.spamcop.net Tue Sep 14 16:12:50 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 16:15:39 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: "eddie" wrote in message news:pan.2004.09.14.18.42.28.38000@eddie.web... > > > Pacbell only exists as a "legacy domain" in the SBC Global universe, now. > > Then shouldn't SC be reporting to SBC? Or is Pacbell still > semi-autonomous and worth reporting to? Strangely enough, I had just done some searching on a lowlife knocking on some of my doors looking for a formmail.pl to play with ... and look at what popped up; 09/14/04 15:08:12 IP block 64.165.235.18 Trying 64.165.235.18 at ARIN Trying 64.165.235 at ARIN Pac Bell Internet Services PBI-NET-8 (NET-64-160-0-0-1) 64.160.0.0 - 64.175.255.255 rback8.lsan03 SBC064165234000021015 (NET-64-165-234-0-1) 64.165.234.0 - 64.165.235.255 For Policy Abuse issues, contact: abuse@swbell.net For Technical issues, contact: noc@swbell.net OrgAbuseEmail: abuse@pacbell.net From D.Gray at picture.oscar.wilde Tue Sep 14 22:15:47 2004 From: D.Gray at picture.oscar.wilde (Dorian Gray) Date: Tue Sep 14 16:20:09 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: In article , "Mike Easter" wrote: > For that reason, somehow the domainname has to be now and forever > invalid. There are a number of ways of doing that. I chose to use the > domain '.invalid' because it has been decreed that .invalid would never > be a domainname. Thanks for your thoughts. I agree with everything you said. I was careful when I came up with my munged domain. I decided that the day oscar.wilde is a valid domain name is the day I stop aging. I guess it is possible that one day it will be a valid domain name, but I think it is highly unlikely, but if I am wrong then hopefully by then the spam problem will be solved anyway... :) > Mungeing is actually not 'sanctioned' in any RFCs, and in fact there are > arguments and even rules against mungeing. It is likely that your > provider sez that you cannot forge your address or you would be in > violation of its TOS. Here is what my "provider" says in its guidelines: "Although the forgery of e-mail addresses cannot be condoned, it is recognised that the automated grabbing of email addresses from news postings and subsequent unsolicited junk email is a very real problem for many people. Until the situation improves, obscuring email addresses in news postings to make automatic spamming difficult will be tolerated as long as the sender's true email address is made clear to the human reader. However, such devices are against the rules of some news hierarchies and use of them can cause the whole [domain] to be blocked; anti-spamming techniques will therefore not be tolerated for those news hierarchies." Apparently neither of us is following the above guideline because our true email address is not clear to a human reader. However, given the nature of this ng (anti-spam), I am not prepared to provide a human-decipherable address in case vengeful spammers lurking here add it manually to their lists... Cheers. From nobody at devnull.spamcop.net Tue Sep 14 16:21:47 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 16:25:17 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Ellen" wrote in message news:ci7dgl$c7v$1@news.spamcop.net... > > Soon to be appearing in a faq near you :-) Somehow the faqs didn't get > updated when C/R became a hot new way to annoy email recipients across the > world. I'm still wondering if there's a way that (per Richard) the Ironport girl that was to do the FAQ updating would be allowed to spend time dealing with me? Yeah, I know, wasting the time of a paid corporate employee by dealing with some volunteer could be seen as a waste of time .. but ... I had just recently added stuff to the Forum FAQ on the C/R crap (more explanation and pointers to other discussions) ... but agreeing with Mike's view, I said nothing about the non-reportable status of this type of traffic. From porpoise1954 at yahoo.co.uk Tue Sep 14 22:25:51 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 14 16:30:04 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: "Skiwi" wrote in message news:ci7h28$jfa$1@news.spamcop.net... > http://tinyurl.com/4d73p > <> > > Hmm, wonder if he can bottle that 'satisfied feeling' and send me a 6 > pack? :-) Sorry, work is required to get a six-pack. ;-) From nobody at spamcop.net Tue Sep 14 17:41:14 2004 From: nobody at spamcop.net (Firewoman) Date: Tue Sep 14 16:40:03 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: "Skiwi" wrote in message news:ci7h28$jfa$1@news.spamcop.net... > http://tinyurl.com/4d73p > " Rush learns about abusers from complaints submitted to EarthLink's Web site; from computer logs that show how many e-mails users sends out at once (an excessive amount is a telltale sign of spamming); and even from federal investigators, in the case of offenses such as fraud or child pornography." Meaning: He ignores manual LART's and SpamCop reports. He will only review complaints that are submitted through their website, IF you can find the page. From not at home.today Tue Sep 14 22:55:05 2004 From: not at home.today (Ant) Date: Tue Sep 14 17:00:09 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: "Firewoman" wrote... > "Skiwi": >> " Rush learns about abusers from complaints submitted to >> EarthLink's Web site; [...] > Meaning: He ignores manual LART's and SpamCop reports. He will only > review complaints that are submitted through their website, IF you > can find the page. Earthlink refuse munged reports, so they may not see many from Spamcop. From MikeE at ster.invalid Tue Sep 14 15:03:00 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 17:05:04 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: Dorian Gray wrote: > Apparently neither of us is following the above guideline because our > true email address is not clear to a human reader. However, given the > nature of this ng (anti-spam), I am not prepared to provide a > human-decipherable address in case vengeful spammers lurking here add > it manually to their lists... Once upon a time, in a galaxy far far away.... ... in my beliefs that the only place that spammers harvest from 'actively' [using XOVER] is the From: field, and that From: mungeing was 'wrong' absent a good addy, preferably in the Reply-To, and that since back then I was much more full of questions which I wanted answered including by those gurus who only /lurk/ newsgroups but don't post in them, but will /email/ someone if the someone asks their questions intelligently and makes it easy enough to click on the ng post to email them... .... I used to put a good address in the Reply-To section and only munged the From. I did that for years without garnering spam. I also used that address unmunged to report manually from the spammed address to blackhats, whitehats, grayhats, pinkhats, and all manner of abuse addresses without problems. In fact, the only disadvantage to doing that was the number of people who like to open up Q&A dialogues privately in email instead of keeping things which arise in ng/s in the ng. It also brought me a lot of help when I was asking more questions than asnswering them. There are a lot of people who are helpful who don't like to post in newsgroups, but do email. But then, along came some kind of virm, I forget which one, I think it was a Swen, which 'cleverly' used its skills to scarf addresses from everywhere, including the Reply-To in newsgroups. At about the same time that virus came along, I had a brand new never exposed address which was exposed only in the Reply-To in 2 or 3 ng/s for a few days. It was bombarded by the virms, by the scores, while receiving absolutely no spams to that addy for many weeks. Since then, I've quit exposing a good address in the Reply-To, and it also spares me from having to make explanations in newsgroups to people who email me for a dialogue that I don't do that, by 'policy'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 14 15:06:05 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 17:10:07 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: Firewoman wrote: > Meaning: He ignores manual LART's and SpamCop reports. He will only > review complaints that are submitted through their website, IF you > can find the page. Yeah; I don't even know of an EL abuse report page. I just went looking around again. The spamreporting information and instructions for getting full headers and all that jazz just tell about the normal standard EL abuse addy. Maybe it has something to do with the EL TA TotalAccess frontend gizmo; I don't use that. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 14 17:22:00 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 17:25:20 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "Mike Easter" wrote in message news:ci5vs2$flf$1@news.spamcop.net... > > To the best of my understanding, they are spamcop reportable. There is > nothing in this part of the faq that sez challenges aren't reportable > http://www.spamcop.net/fom-serve/cache/14.html This has been updated, as Ellen said it would be. Challenge / Response now has its own batch of details From nobody at devnull.spamcop.net Tue Sep 14 17:29:18 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 17:30:12 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: "WazoO" wrote in message news:ci7jsr$js$1@news.spamcop.net... > "Ellen" wrote in message > news:ci7dgl$c7v$1@news.spamcop.net... > > > > Soon to be appearing in a faq near you :-) Somehow the faqs didn't get > > updated when C/R became a hot new way to annoy email recipients across the > > world. > > I'm still wondering if there's a way that (per Richard) the > Ironport girl that was to do the FAQ updating would be > allowed to spend time dealing with me? Yeah, I know, > wasting the time of a paid corporate employee by > dealing with some volunteer could be seen as a > waste of time .. but ... I had just recently added stuff > to the Forum FAQ on the C/R crap (more explanation > and pointers to other discussions) ... but agreeing with > Mike's view, I said nothing about the non-reportable > status of this type of traffic. Seeing that the spamcop.net page was updated, I added this caution as a comment within the Topic pointed to from the Forum FAQ. So this is in addition to the exiting pointer to the Rules page. From porpoise1954 at yahoo.co.uk Tue Sep 14 23:29:30 2004 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Sep 14 17:35:18 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: "Mike Easter" wrote in message news:ci7med$atg$1@news.spamcop.net... > Firewoman wrote: > > Meaning: He ignores manual LART's and SpamCop reports. He will only > > review complaints that are submitted through their website, IF you > > can find the page. > > Yeah; I don't even know of an EL abuse report page. I just went looking > around again. The spamreporting information and instructions for getting > full headers and all that jazz just tell about the normal standard EL > abuse addy. > > Maybe it has something to do with the EL TA TotalAccess frontend gizmo; After a lot of digging, finally found the info below at this location: http://support.earthlink.net/mu/1/psc/img/walkthroughs/other/landingpage/8976.psc.html 4. Report spam. If the OrgName is EarthLink, Inc., you will need to forward the suspicious email along with the full header information to abuse@abuse.earthlink.net. If the OrgName is not EarthLink, Inc., you will need to forward the suspicious email along with full header information to junkmail@earthlink.net. This will allow EarthLink to improve on its spam filters. For instructions on forwarding full header information, click here. Please note, if you would like the issue investigated, you will have to send the email to the originating network's abuse department. Sites such as spamcop.com can assist you in doing this. 5. If you would like to find out more about fraud and spam protection, click here. > I don't use that. > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Tue Sep 14 15:53:38 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 17:55:12 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: WazoO wrote: > "Mike Easter" >> To the best of my understanding, they are spamcop reportable. There >> is nothing in this part of the faq that sez challenges aren't >> reportable http://www.spamcop.net/fom-serve/cache/14.html > > This has been updated, as Ellen said it would be. Challenge / > Response now has its own batch of details The last time I got into a big argument about C/R and spam semantics was with Karsten Self over in the EL support group. Karsten is very anti-C/R. Let me see if I can find his website.... ah, here we go http://kmself.home.netcom.com/Rants/challenge-response.html My argument then was that by my strictest definitions of spam with the MAPS definition, challenges didn't 'quite' fit the #1, which is the maps 'bulk' section without using the word bulk; but that challenges /were/ spamcop reportable, which was just fine by me. I know that I recently posited here that challenges /do/ fit #1, so that is a murky one there. Also, those defnitions which say 'bulk' have a hard time calling the one up method of challenges 'bulk' - but the maps one just about works. Karsten argued that challenges were very definitely spam. I also recently said that challenges were SC reportable over in alt.spam. Oh, well, maybe that's another thing that will have to be added to viruscop. Maybe the whole idea is to get enough 'stuff' to make VC worthwhile. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Sep 14 17:55:54 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Sep 14 18:00:13 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: "Porpoise" wrote in message news:ci7nt2$ijk$1@news.spamcop.net... > > If the OrgName is not EarthLink, Inc., you will need to forward the > suspicious email along with full header information to > junkmail@earthlink.net. This will allow EarthLink to improve on its spam > filters. For instructions on forwarding full header information, click here. > Please note, if you would like the issue investigated, you will have to send > the email to the originating network's abuse department. Sites such as > spamcop.com can assist you in doing this. ....^^^^^^^^^^ Ouch!!!! From aeiouqwert at netscape.net Tue Sep 14 15:59:45 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Tue Sep 14 18:00:28 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" In-Reply-To: References: Message-ID: Mike Easter wrote: > Firewoman wrote: > >>Meaning: He ignores manual LART's and SpamCop reports. He will only >>review complaints that are submitted through their website, IF you >>can find the page. > > > Yeah; I don't even know of an EL abuse report page. Not a page, just an address. When I went to the http://Earthlink.net homepage, I went to the bottom of the page and clicked on their "Policies and Agreements" link. On that page, under "Usage Policies" I clicked on "Acceptable Use Policy" ... which took me to this page: http://www.earthlink.net/about/policies/use/ There are 4 areas on that page ... and the abuse reporting address appears in area 3. Regards, J. Alec West From MikeE at ster.invalid Tue Sep 14 16:01:29 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 18:05:11 2004 Subject: [SpamCop-List] Re: [media] "This ISP flatfoot enjoys giving spammers the boot" References: Message-ID: Porpoise wrote: > "Mike Easter" >> Yeah; I don't even know of an EL abuse report page. I just went >> looking around again. The spamreporting information and >> instructions for getting full headers and all that jazz just tell >> about the normal standard EL abuse addy. > After a lot of digging, finally found the info below at this location: > > http://support.earthlink.net/mu/1/psc/img/walkthroughs/other/landingpage/8976.psc.html I could have saved you the dig, I know right where that page is. I can also tell you some 'stupid' stuff which is in that section. > abuse@abuse.earthlink.net. > junkmail@earthlink.net. Addies, not webpage submission. That was my point. The stupid stuff is that the instructions for submitting spam found there are all over the map; the complete headers is the only part which is consistent. The OE instructions would have you open and render the spam and submit rendered body under complete headers. Other mailagent instructions would have you submit raw message source. Very inconsistent, especially the rendering ones. Obviously some rendering destroys the accuracy of the body content of such as phishes and others. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 14 16:28:44 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 18:30:09 2004 Subject: [SpamCop-List] OT New Orleans vs Ivan Message-ID: Eek! I didn't realize what a terrible vulnerability New Orleans has to hurricane storm surge. Much of the below sealevel city would be flooded, rather under 20 or more feet of water, contaminated by chemical plants and all kinds of things, and remain underwater for many weeks, after the storm is gone the levees would have to be cut to let some of the seawater out, and then some kind of huge operation to pump out the rest of the below sealevel water. If many people were to stay during the storm, there would need to be a giant rescue operation of massive proportions. For the ones alive, dredging the dead ones. http://www.usatoday.com/weather/hurricane/2004-09-14-new-orleans-storm_x.htm Direct hit by Ivan in New Orleans could mean a modern Atlantis "Surveys show about 300,000 of the city's 1.6 million metro-area residents would choose to risk staying inside the city's ring of levees." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Sep 14 16:33:41 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 18:35:03 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: Mike Easter wrote: > hurricane storm surge. But, that's most likely not going to happen this time because Ivan is going to pass to the east and the surge won't be much and the levees will be OK. -- Mike Easter kibitzer, not SC admin From skiwi+newsgroups at spamcop.net Tue Sep 14 16:38:39 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Tue Sep 14 18:40:07 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>hurricane storm surge. > > > But, that's most likely not going to happen this time because Ivan is > going to pass to the east and the surge won't be much and the levees will > be OK. And the momentary pause in the New Orelewans party, the gentle lifting of the head to consider that it was getting a tad windy outside would just be a faint memory, some folklore for those in 20 years to pass on to their grandchildren as they wrapped beads around their neck... From me at privacy.net Tue Sep 14 19:52:43 2004 From: me at privacy.net (Frog Prince) Date: Tue Sep 14 19:00:04 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: "Mike Easter" wrote in message news:ci7r9c$9uu$1@news.spamcop.net... | Eek! I didn't realize what a terrible vulnerability New Orleans has to | hurricane storm surge. Much of the below sealevel city would be flooded, | rather under 20 or more feet of water, contaminated by chemical plants | and all kinds of things, and remain underwater for many weeks, after the | storm is gone the levees would have to be cut to let some of the seawater | out, and then some kind of huge operation to pump out the rest of the | below sealevel water. If many people were to stay during the storm, | there would need to be a giant rescue operation of massive proportions. | For the ones alive, dredging the dead ones. | | http://www.usatoday.com/weather/hurricane/2004-09-14-new-orleans-storm_x.htm | Direct hit by Ivan in New Orleans could mean a modern Atlantis | | "Surveys show about 300,000 of the city's 1.6 million metro-area | residents would choose to risk staying inside the city's ring of levees." Where else would they go? The nearest high ground is Baton Rouge and they don't have enough room by 1/10 to house that many people. As it is the city has HUGE 14-20 foot diameter screw pumps ganged 3-5 across to pump rain water out of the city. Also the city is ZONEd so that flooding in one area will not automatically flow to another area. I would expect Chalmette and Plaquemine Parish to bear the brunt of the danger. From MikeE at ster.invalid Tue Sep 14 17:17:13 2004 From: MikeE at ster.invalid (Mike Easter) Date: Tue Sep 14 19:20:22 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: Frog Prince wrote: >> Where else would they go? The nearest high ground is Baton Rouge and > they don't have enough room by 1/10 to house that many people. Yes, a problem. > As it is the city has HUGE 14-20 foot diameter screw pumps ganged 3-5 > across to pump rain water out of the city. Also the city is ZONEd so > that flooding in one area will not automatically flow to another area. That's cool for 'run-of-the-mill' and big rain. However, if an Ivan-grade hurricane came in with N.O. as landfall or just west of NO that kind of pumping would be a joke [you might say p*ssing in the wind] and way under a lot of big windy high storm surge. And those inundated pumps would stay under lotsa water long long after the storm was gone. Weeks. I gather they are not even being counted in the grim scenario recovery. > I would expect Chalmette and Plaquemine Parish to bear the brunt of > the danger. -- Mike Easter kibitzer, not SC admin From me at privacy.net Tue Sep 14 21:26:24 2004 From: me at privacy.net (Frog Prince) Date: Tue Sep 14 20:30:27 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: "Mike Easter" wrote in message news:ci7u48$f9e$1@news.spamcop.net... | Frog Prince wrote: | >> Where else would they go? The nearest high ground is Baton Rouge and | > they don't have enough room by 1/10 to house that many people. | | Yes, a problem. | | > As it is the city has HUGE 14-20 foot diameter screw pumps ganged 3-5 | > across to pump rain water out of the city. Also the city is ZONEd so | > that flooding in one area will not automatically flow to another area. | | That's cool for 'run-of-the-mill' and big rain. However, if an | Ivan-grade hurricane came in with N.O. as landfall or just west of NO | that kind of pumping would be a joke [you might say p*ssing in the wind] | and way under a lot of big windy high storm surge. And those inundated | pumps would stay under lotsa water long long after the storm was gone. | Weeks. I gather they are not even being counted in the grim scenario | recovery. To have the most devastating effect the storm would have to come in just west of Bay St. Louis Mississippi. (has happen twice in the past 40 years) We have property on the Mississippi Gulf coast. We had water/flotsam chafe marks at ~ the 80 foot level on 100 foot pine trees on our property. Back in the '60s New Orleans East was hit with the exact same scenario of an Ivan-grade storm. Water surge jumped the levee (only part of the town was flooded due to the zoning effect) even with power outages the water was out of the flooded area within 24<48 hours. Some of the water was pump drained, the rest flowed north into Lake Ponchatrain (spl?) My personal suspect is that NOLA is playing the federal aid game with the trump card being the November elections. From nobody at spamcop.net Wed Sep 15 00:45:45 2004 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Tue Sep 14 23:45:10 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: Mike Easter wrote: > > I'm curious about the fact that you saved the body but not the > headers. Why is that? For the purpose of posting in .spam? It > would've been better to save the tracker; it has everything and > takes up less room. Sinple: because I forgot that Outlook, when saving an item to a text file, doesn't include the headers. In the meantime, I had deleted permanently the original crap that I received, so I couldn't recover the headers. Then I went to SC, logged in as a member, viewed my recent reports and there was no URL to copy in this forum. Now, few days later, I realized that in reading the message I skipped a little, dim "Parse" at the top. If some SC admin is reading, I suggest repeating that hyperlink at the bottom of the report, please. I didn't find it! Clicking on that URL I got what I wanted: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z652496743z0558fcc76dfabf441b4e62d67b722b01z I wonder if it's legitimate to fix headers to have SC parsing correctly the body. C. From nobody at spamcop.net Wed Sep 15 00:04:47 2004 From: nobody at spamcop.net (Tom) Date: Wed Sep 15 00:05:07 2004 Subject: [SpamCop-List] Re: Tiresome References: Message-ID: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> On Mon, 06 Sep 2004 22:47:16 -0500, Cat wrote: >Just pointing out that it's no longer an acceptable practice in modern >society to automatically assume you're only addressing men. Cat, I know you mean well, but your attitude sucks. If I ran into this at work in a subordinate, I'd have you down to HR so fast your head would spin. What I'm saying is that ANY kind of sexist, racist, whatever, attitude about anyone is unacceptable. HR would agree with that sentiment, at least in the multi-national company that I work for (over 410,000 employees world-wide). They even have a program to help folks like you recognize that _diversity_ is a *good* thing and needs to be recognized for what it is. The day of unisex disappeared with the death of the ERA here in the states and statements that are universal (as in "wise men") are not only acceptable by the majority of society, you'll find plenty of women who take offense at your attitude toward the use of such (my wife of thirty eight years being one of them). That was one of the reasons why the ERA was eventually defeated. Women didn't like the idea of equality on *those* grounds. It seems that some of them like the idea of being "different." There's nothing wrong with equality and I fully support equal opportunity/pay/rights in all areas of life. But there comes a time when you can really be offensive and no, I'm not joking in saying this. Sorry, but that's the way I feel about it. From nobody at spamcop.net Wed Sep 15 00:28:03 2004 From: nobody at spamcop.net (Tom) Date: Wed Sep 15 00:30:07 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: On Tue, 7 Sep 2004 10:51:25 -0700, "Mike Easter" wrote: >> p.s. Anyone know what *shinola* (or is it shineola) really is? :-) > >Years ago, when but a lad working in a smalltown 'drugstore' I sold the >many varieties of Shinola shoe polish, with the nifty tin container with >the attached lid opener, depicted here And somewhere along the line, "your don't know s**t from shinola" was coined and it went from there... I just looked, and yes, I still have a few tins of the stuff... (getting rather unusable at this point, but I still have them). From nobody at spamcop.net Wed Sep 15 00:46:34 2004 From: nobody at spamcop.net (Tom) Date: Wed Sep 15 00:50:03 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: On Tue, 14 Sep 2004 07:33:56 -0400, "Ellen" wrote: >> To the best of my understanding, they are spamcop reportable. There is >> nothing in this part of the faq that sez challenges aren't reportable >> http://www.spamcop.net/fom-serve/cache/14.html > >No they aren't -- they are intensely annoying in all cases especially those >cases where someone wrote to you first and/or if sent in response to a >bogus/forged message but they are not reportable. Like everything else dealing with technology, there is a proper way to do things and an improper way to do things. If a person sets up a challenge system, they need to whitelist anyone they send a message to automatically. The real problem, though, comes from things like Yahoo Groups, wherein the mail list does not report it as the sender, but the person posting the message. That results in missed traffic and irritating challenge responses like that which was posted at the beginning of this thread. In those cases, the person with the challenge system should not set their options to receive individual e-mails. They would be better off setting the option to "no email" or "Digest." From nobody at spamcop.net Wed Sep 15 00:57:22 2004 From: nobody at spamcop.net (Tom) Date: Wed Sep 15 01:00:03 2004 Subject: [SpamCop-List] HTML (C&C) Message-ID: I found this one especially humorous: "Your mailer do not support HTML messages. Switch to a better mailer." Yeah, right, if I want viruses and other nasties. No thanks, Forte's Agent is just fine because it does NOT support HTML unless I ask it to on a message-by-message basis. From MikeE at ster.invalid Tue Sep 14 23:06:04 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 01:10:03 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: Claudio Valderrama C. wrote: www.spamcop.net/sc?id=z652496743z0558fcc76dfabf441b4e62d67b722b01z SC fails to find that body url because the header sez Content-Type: multipart/mixed;boundary= "----=_NextPart_000_00EA_C25713A.2FD92E58" whereas the body has no boundary delimiter or structure. It is also not multipart/mixed, but is text/html without a MIME boundary structure. > I wonder if it's legitimate to fix headers to have SC parsing > correctly the body. No. That would be breaking a rule which sez that you can't fix things which would cause SC to find something it doesn't. http://www.spamcop.net/fom-serve/cache/283.html Material changes to spam ..except when specifically permitted in the faq. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Sep 15 01:29:29 2004 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Sep 15 01:30:03 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: "Claudio Valderrama C." wrote in message news:ci8dmk$3e1$1@news.spamcop.net... > > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z652496743z0558fcc76dfabf441b4e62d67b722b01z Wow, when did this happen? It was only like two weeks ago that I'd started a Glossary over in the web-Forums as so many folks were bitching about not knowing just what was being defined when the "Tracking URL" was being asked for. From MikeE at ster.invalid Tue Sep 14 23:39:32 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 01:40:04 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: WazoO wrote: > "Claudio Valderrama C." >> Here is your TRACKING URL > Wow, when did this happen? The newer words and the caps just started. -- Mike Easter kibitzer, not SC admin From ric.gates at bigsleep.org Wed Sep 15 08:06:25 2004 From: ric.gates at bigsleep.org (Blammo) Date: Wed Sep 15 03:10:19 2004 Subject: [SpamCop-List] Re: URL not found, why? References: Message-ID: On 14 Sep 2004 Mike Easter entered spamcop and left news:ci8kh3$8lp$1@news.spamcop.net: > WazoO wrote: >> "Claudio Valderrama C." > >>> Here is your TRACKING URL > >> Wow, when did this happen? > > The newer words and the caps just started. > > I just noticed that today (oh, it's tomorrow now). I could make a joke about it, but you really need to put up signs for the less literate. It certainly doesn't hurt, but the caps are a little overkill, perhaps would be better? -- | Ric | From DougThegarden at hotmail.com Wed Sep 15 09:22:58 2004 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Wed Sep 15 03:25:02 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>hurricane storm surge. > > > But, that's most likely not going to happen this time because Ivan is > going to pass to the east and the surge won't be much and the levees will > be OK. > Having a contradictory conversation with yourself is the first sign. Doug ;-) From baloo at ursine.dyndns.org Tue Sep 14 18:28:08 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 15 04:40:25 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: <87y8jc1ilj.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Mike Easter" writes: > Eek! I didn't realize what a terrible vulnerability New Orleans has to > hurricane storm surge. How could you possibly have missed it? Downtown New Orleans has an elevation of something like -20. Their ground is about where the bottom of the Columbia River at Portland will be after they dredge it... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBR4yaUzgNqloQMwcRAgX/AJ0SEAjmGsWLQZlvuYOuSCM4ZaEV+ACg19KH f9wo4QFHwGVOlSShlVaCAAI= =hfLV -----END PGP SIGNATURE----- From philip at pch.home.cs.vu.nl Wed Sep 15 12:53:11 2004 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Sep 15 06:10:16 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: <3vvq3nprljm0jmlhilj08g14j2@inews_id.stereo.hq.phicoh.net> In article , Tom wrote: >Like everything else dealing with technology, there is a proper way to >do things and an improper way to do things. If a person sets up a >challenge system, they need to whitelist anyone they send a message to >automatically. The problem with C/R systems is that when a spammer forges my e-mail address as the sender, I will get additional junk. When I receive a challenge, two things will happen. First, I will respond to the challenge, to make sure that the spam gets delivered. The other thing is that the mail system that sent the challenge will be added to my blocklist. (I many cases, a stupid admin decided to add C/R, so there is no reason to send a complaint). -- This Monk had first gone wrong when it was [...] cross-connected to a video recorder that was watching eleven TV channels simultaneously, [...] The video recorder only had to watch them, of course. It didn't have to believe them all as well. This is why instruction manuals are so important -- Douglas Adams From D.Gray at picture.oscar.wilde Wed Sep 15 13:03:51 2004 From: D.Gray at picture.oscar.wilde (Dorian Gray) Date: Wed Sep 15 07:05:18 2004 Subject: [SpamCop-List] Re: Munging [was Re: Tiresome] References: Message-ID: In article , "Mike Easter" wrote: > But then, along came some kind of virm, I forget which one, I think it > was a Swen, which 'cleverly' used its skills to scarf addresses from > everywhere, including the Reply-To in newsgroups. <...> > Since then, I've quit exposing a good address in the Reply-To Sure, I agree - I'm not criticising you for not exposing your unmunged real address anywhere. I have the same policy. But I don't think we've come to the horrible stage where virms and robots can unmunge addresses, although sooner or later some robots will be able to automatically unmunge addresses like me@myrealdomain.com.invalid or me@nospam.myrealdomain.com. Nevertheless, even with advancements in spammers' automatic harvesting tools, there are as many ways to munge an address as there are posters (or posts) so only the common and obvious munging techniques will be vulnerable to this kind of thing. So you could argue that we could each obscure our address in a way that is never going to be able to be automatically unmunged, yet still allows a human to discipher it. My point was that on a ng like this one, I am not even prepared to do that, because if a human can discipher it, so too can a spammer[1] who might lurk here, waiting to discipher our addresses and add them to his[2] list of vengence. Cheers. [1] Note the coy suggestion that a spammer is not exactly human. But actually I mean a real person spammer, not his[2] tools. [2] I have deliberately assumed that all spammers are male. This is meant to be a compliment to women. From vr at myrealbox.com Wed Sep 15 08:26:20 2004 From: vr at myrealbox.com (Vadim Rapp) Date: Wed Sep 15 08:30:14 2004 Subject: [SpamCop-List] Re: Yahoo spammer References: Message-ID: Hello Joe: You wrote in conference spamcop on Sat, 11 Sep 2004 09:14:21 -0400: JB> What is actually done about these? The report goes to an internal JB> spamcop address. I've been receiving and reporting this crap to JB> spamcop for over a year. It also appears that direct reports to JB> netblockadmin@yahoo-inc.com and mail-abuse@yahoo-inc.com are ignored. JB> The registrar for the domain (Tucows) also does nothing, despite the JB> fact that the registration contact info is obviously false. As sbcglobal customer, I can say that all support of Yahoo mail is 100% customer abuse, most likely handled by a call center in Asia. I would be highly surprised to ehar that they did something professional anywhere. Vadim From nobody at spamcop.net Wed Sep 15 09:18:02 2004 From: nobody at spamcop.net (Miss Betsy) Date: Wed Sep 15 09:20:03 2004 Subject: [SpamCop-List] Re: Munging [was Re: Tiresome] References: Message-ID: "Dorian Gray" wrote in message news:D.Gray-F21E56.12035115092004@news.cesmail.net... > In article , > [1] Note the coy suggestion that a spammer is not exactly human. But > actually I mean a real person spammer, not his[2] tools. > > [2] I have deliberately assumed that all spammers are male. This is > meant to be a compliment to women. Thank you from one woman! Back to the idea that, in a ng, one should be able to email participants privately. I have never offered a real address - mostly because in the beginning I didn't understand how to do it and I am too lazy to create one when I did. However, I don't particularly /want/ to talk privately and IMHO, if someone wants to communicate privately, then they can ask. I don't wear my phone number on my forehead when I talk to people offline and don't usually expect to continue the discussion after I leave the meeting or the place where I met them. Miss Betsy From nobody at devnull.spamcop.net Wed Sep 15 15:15:49 2004 From: nobody at devnull.spamcop.net (JohnL) Date: Wed Sep 15 10:20:03 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: Tom scribbled in news:l3hfk0h73frnpq8u911ub1bdn6f55acse9@4ax.com: > I just looked, and yes, I still have a few tins of the stuff... > (getting rather unusable at this point, but I still have them). Kiwi was the brand recommended when I was in the Army. Worked great for me. ( no reference to our friends "down under") From MikeE at ster.invalid Wed Sep 15 08:41:08 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 10:45:03 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: JohnL wrote: > Kiwi was the brand recommended when I was in the Army. > Worked great for me. > ( no reference to our friends "down under") Actually, it does sorta refer to our kiwi friends. http://www.design-technology.org/kiwi.htm Pic of the Kiwi tin and brief history of the product. In 1906 the Scot William Ramsay was mfging the polish in Melbourne .au distributing it to farmers for their boots by horse and wagon, and named his product after his .nz wife's country. Later product was produced in the .uk and then .us and has been the most famous brand for years, since WWI. More interesting history details including the wife's name & .nz birthplace at http://www.wackyuses.com/wf_kiwi.html -- Mike Easter kibitzer, not SC admin From aeiouqwert at netscape.net Wed Sep 15 08:45:50 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Wed Sep 15 10:50:03 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> References: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> Message-ID: Tom wrote: > What I'm saying is that ANY kind of sexist, racist, whatever, attitude > about anyone is unacceptable. HR would agree with that sentiment, at > least in the multi-national company that I work for (over 410,000 > employees world-wide). They even have a program to help folks like you > recognize that _diversity_ is a *good* thing and needs to be > recognized for what it is. I'm just getting into the "middle" of all this and am not sure what the entire dispute is about. But, I work for a large employer, too (600k employees) and would concur with your statement ... up to a point. The following are examples of "incidents" occurring in my workplace. 1) One day while taking a break, I noticed that one of the female employees had brought in her Victoria's Secret catalog (her name and address was on the label) and left it on a break-room table. I picked it up and looked at the cover. It depicted a large-breasted woman wearing only bra and panties. She was facing the camera and bending over to pick up a pencil ... with her breasts pushing very tightly against the bra. I held up the cover to one of my male co-workers and said, "Hey, Stef, if Victoria bends over any further, the secret will be out." We both chuckled ... but later, as I left the break-room, a female co-worker followed me and said, "I found your comment offensive." I replied, "Sorry," ... which is the ONLY response a man can give in my workplace if he wants to keep his job. Women, on the other hand, can make any comment they choose ... and men who find their comments offensive are ignored by management. 2) One female employee was working with two male co-workers on a certain operation. This employee made it a habit to wear micro-mini-skirts which were against our published dress code ... but supervisors chose to ignore the violation. One day, she dropped something and bent over to pick it up ... revealing that she wasn't wearing underwear. One of the male co-workers got an eyeful, went over to her and lifted up the back of her skirt. The woman and the man both laughed at it ... and just continued to work as if nothing had happened. But, the next day, the man was called into the office because a sexual-harrassment complaint had been filed against him ... not by the woman, but by the other _male_ co-worker who happened to be a Jehovah's Witness. Mind you, the complaint only mentioned the man, not the woman. The male employee was suspended for 60 days without pay. But two days later, an attorney showed up in HR saying that unless the woman was added to the complaint, he'd file an EEO lawsuit claiming that management was giving preferential treatment to a female employee who violated dress code. Within a day, the man was re-instated (with back pay) and the whole matter was dropped ... but ... the woman was allowed to CONTINUE wearing micro-minis without punishment. How they justified this to the complainer is something I don't know. 3) One day, a male employee wore a tee-shirt depicting a caricature of a Sumo wrestler in traditional Sumo garb. There were no "naughty bits" showing, only what you'd normally see on TV in any televised Sumo match. A female co-worker walked up to the male employee and told him she found his tee-shirt offensive. He told her to (ahem) "Get a life." She went to the supervisor ... and the supervisor ordered the man to go home and change his tee-shirt. He refused and the supervisor suspended him on the spot. But, the very next day, another attorney showed up in HR saying that unless the man was brought back (with back pay for missed work), he'd file an EEO lawsuit claiming "cultural bias." You see, the man wearing the tee-shirt was of Japanese descent ... and to a Japanese person, Sumo is almost "holy" in its cultural significance. The man was brought back (with back pay) in about a week ... and he continues to occasionally wear the Sumo tee-shirt. But ... After he came back, our entire unit was called in for a special meeting by HR's EEO rep ... where we were given a "sensitivity lecture". Hehe, I thought I was going to get fired in that meeting because, when the rep later called for questions, I raised my hand and asked, "Will there EVER come a time when the stuck-up sticky-beaks of this world are sat down and told to leave their emotional eggshells at home so the tolerant majority can get on with their lives?" She glared at me, didn't respond, and took the next question. Regards, J. Alec West From nobody at devnull.spamcop.net Wed Sep 15 15:48:07 2004 From: nobody at devnull.spamcop.net (JohnL) Date: Wed Sep 15 10:50:19 2004 Subject: [SpamCop-List] Re: What I learned in two weeks References: Message-ID: "Mike Easter" scribbled in news:ci9k8h$17i$1@news.spamcop.net: > JohnL wrote: >> Kiwi was the brand recommended when I was in the Army. >> Worked great for me. >> ( no reference to our friends "down under") > > Actually, it does sorta refer to our kiwi friends. > > http://www.design-technology.org/kiwi.htm Pic of the Kiwi tin and > brief history of the product. In 1906 the Scot William Ramsay was > mfging the polish in Melbourne .au distributing it to farmers for > their boots by horse and wagon, and named his product after his > .nz wife's country. Later product was produced in the .uk and then > .us and has been the most famous brand for years, since WWI. > > More interesting history details including the wife's name & .nz > birthplace at http://www.wackyuses.com/wf_kiwi.html > Well, haven't used it in years, have a real aversion to highly shined shoes/boots to this day. ;-) From MikeE at ster.invalid Wed Sep 15 09:32:22 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 11:35:02 2004 Subject: [SpamCop-List] Re: Tiresome References: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> Message-ID: AlecWest wrote: > The following are examples of "incidents" occurring in my > workplace. And the moral to /that/ story or those stories is that some people need to be more sensitive or sensible or 'aware' or at least /think/ and some other people need to be less 'sensitive' or intolerant or tattletale-driven. It seems that folks around there are rather quick or 'harsh' on the trigger about involving management and HR and as a result the landsharks are having to get involved. Too bad. It is like a big pendulum; first there's too much neglect about office misbehavior and remarks in that environment, then there's too much attention or repercussions in order to get it all sorted out. Then the overkill has to get fixed. Balance, that's what we need. -- Mike Easter kibitzer, not SC admin From masfjorden at spamcop.net Wed Sep 15 19:37:40 2004 From: masfjorden at spamcop.net (helge) Date: Wed Sep 15 12:40:12 2004 Subject: [SpamCop-List] ISP resolved this issue sometime after Message-ID: http://www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz What is an acceptable definition of 'sometime after'? This spam was received 6 hour after ISP allegedly resolved the issue, and methinks that is rather much. helge From puoti at inwind.it Wed Sep 15 18:41:40 2004 From: puoti at inwind.it (Ivan Leo Puoti) Date: Wed Sep 15 12:45:02 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after In-Reply-To: References: Message-ID: Just report manually, or appeal if you have a paid account. Ivan. From nobody at nowhere.invalid Wed Sep 15 19:45:24 2004 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Sep 15 12:50:03 2004 Subject: [SpamCop-List] Re: Another form of unsolicited mail References: Message-ID: On Tue, 14 Sep 2004 14:53:38 -0700, Mike Easter coughed into spamcop and left this in : > Karsten argued that challenges were very definitely spam. I tend to define spam e-main as something which is both of the following: 1) unsolicited 2) bulk or promotional C/R challenges are definitely unsolicited. Also, since most of the time they include a prominent message like "this is addressed to you by the Acme soopah e-mail validation system from foobar software", they are most definitely promotional also. Ergo, they are spam - by *my* definition of the term anyway. -- Steve "Mothers all want their sons to grow up to be President, but they don't want them to become politicians in the process." -- John F. Kennedy From masfjorden at spamcop.net Wed Sep 15 19:46:07 2004 From: masfjorden at spamcop.net (helge) Date: Wed Sep 15 12:50:16 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after In-Reply-To: References: Message-ID: helge wrote: > > http://www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz > What is an acceptable definition of 'sometime after'? > This spam was received 6 hour after ISP allegedly resolved the issue, > and methinks that is rather much. > > helge The spam was quick-reported, but spamcop didn't send a report, since ISP had promised to be a good guy. Belatedly I realised that by following the link I could actually have sent reports. helge From eddie at eddie.web Wed Sep 15 13:52:00 2004 From: eddie at eddie.web (eddie) Date: Wed Sep 15 12:55:02 2004 Subject: [SpamCop-List] SC filtering not working properly Message-ID: Twice in as many days, My inbox has received spam with a Spam Assassin rating over 2.5. I have Spam Assassin set to 1. Both of these spams were of the russky crapola kind with the moscow phone number. There is nothing on my whitelist to allow this - it seems that SC is just missing some of these spams, which clearly should have been placed in the held bin, not the inbox. Anyone else have this kind of problem? It's certainly a good reason to check the inbox online before running a local client. While the russky stuff is merely innocuously annoying, it could have been some infected stuff which is more serious. -- Rather: I don't want to be argumentative, Mr. vice president. Bush41(veep):You do, Dan. Rather: No -- no, sir, I don't. From MikeE at ster.invalid Wed Sep 15 10:54:12 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 12:55:15 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after References: Message-ID: helge wrote: > www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz > What is an acceptable definition of 'sometime after'? > This spam was received 6 hour after ISP allegedly resolved the issue, > and methinks that is rather much. The IP is listed in cbl as insecure and scbl as spamming; also listed in spews as the /24 in s3168, along with many many other videotron blocks. Videotron is unresponsive; if you were inclined to notify upstream, AS5769 abuse@videotron.net looks like this Upstream Adjacent AS list AS3356 LEVEL3 Level 3 Communications = abuse@level3.net abuse@level3.com spamtool@level3.net AS6453 GLOBEINTERNET Teleglobe America Inc. = abuse@Teleglobe.net -- Mike Easter kibitzer, not SC admin From aeiouqwert at netscape.net Wed Sep 15 11:02:23 2004 From: aeiouqwert at netscape.net (AlecWest) Date: Wed Sep 15 13:05:02 2004 Subject: [SpamCop-List] Re: Tiresome In-Reply-To: References: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> Message-ID: Mike Easter wrote: > Balance, that's what we need. Amen and hallelujah on that. The thing that irks me most about the current state of EEO matters is that they "default" toward the lowest common denominator (eg., guilty until proven innocent ... or otherwise vindicated by legal involvement). Sexual harassment is dangerous and real. But when every little nit-picky person jumps at the slightest comment or joke, it tends to give _valid_ complainers bad rep ... and that's very unfortunate. My sociology instructor in college called it "label-libel." In many circles, just saying you're an NRA member puts you in the rarified category of "ultra-neocon-gun-wacko" ... when in fact, many members are highly sensitive highly-responsible gun owners. The recent end of the assault weapons ban is a good example ... since a poll of NRA member indicated 30% of them favored extention of the ban. This doesn't mean I either support or am against such a ban. I only mentioned it because it clearly shows there's no "either/or" absolutism in the NRA ... that there's a pretty good sized gray area out there. It's sad that some EEO people don't recognize gray areas in sexual harassment matters until a lawyer shows up at the door. Regards, J. Alec West From nobody at spamcop.net Wed Sep 15 14:15:57 2004 From: nobody at spamcop.net (indigo) Date: Wed Sep 15 13:20:02 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <878ybilzso.fsf@ursine.dyndns.org> Message-ID: Paul Johnson wrote: > > > "Geeks On Call charges $99 for the initial consultation and first > > 15 minutes of a visit. Labor costs vary depending on the service > > required, Burns said. For example, virus removal costs between $165 > > to $275, he said, depending on the complexity of the virus." > > > > Sounds like a helluva moneymaker for an out of work geek! > > Until you take into account the fact that you only get 45% and don't > get paid when you're not with a customer. Aw, poor baby....making only $178/hour isn't enough for ya? From me at privacy.net Wed Sep 15 14:26:59 2004 From: me at privacy.net (Frog Prince) Date: Wed Sep 15 13:30:04 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: <87y8jc1ilj.fsf@ursine.dyndns.org> Message-ID: "Paul Johnson" | > Eek! I didn't realize what a terrible vulnerability New Orleans has to | > hurricane storm surge. | | How could you possibly have missed it? Downtown New Orleans has an | elevation of something like -20. Their ground is about where the | bottom of the Columbia River at Portland will be after they dredge it... Actually DT NOLA is ~ 3 feet above sea level and rises toward the river falls toward the lack. Not that that fact is much of a distinction when the tidal surge can be 20-100 feet. Especially when funneled but a river/bayou system. I just talked to my brother and the drive to Baton Rouge on I10 is now 6 hours v. 45 min it was last week. I have no idea what I55 and I59 look like. We have a summer home on the Gulf Coast the will be almost dead center of where the Ivan is projected to land. From baloo at ursine.dyndns.org Wed Sep 15 11:49:41 2004 From: baloo at ursine.dyndns.org (Paul Johnson) Date: Wed Sep 15 13:55:04 2004 Subject: [SpamCop-List] Re: No spam! References: <4134443F.1060606@spamcop.net> <871xhcq65x.fsf@ursine.dyndns.org> <878ybilzso.fsf@ursine.dyndns.org> Message-ID: <87wtyvqv62.fsf@ursine.dyndns.org> <#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "indigo" writes: > Paul Johnson wrote: >> >> > "Geeks On Call charges $99 for the initial consultation and first >> > 15 minutes of a visit. Labor costs vary depending on the service >> > required, Burns said. For example, virus removal costs between $165 >> > to $275, he said, depending on the complexity of the virus." >> > >> > Sounds like a helluva moneymaker for an out of work geek! >> >> Until you take into account the fact that you only get 45% and don't >> get paid when you're not with a customer. > > Aw, poor baby....making only $178/hour isn't enough for ya? I'd like to see anybody in this business make that much an hour... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBSIC3UzgNqloQMwcRAsgbAJ9WwA8g6zmlh7DLq3Jfn9pl6xEI0wCdG3o9 ic+7Hy+sjbPLj5ePdJxYt+c= =uY1Q -----END PGP SIGNATURE----- From michael.spamcop at michaellefevre.com Wed Sep 15 19:04:19 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Wed Sep 15 14:05:02 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after References: Message-ID: helge wrote: > > http://www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz > What is an acceptable definition of 'sometime after'? > This spam was received 6 hour after ISP allegedly resolved the issue, > and methinks that is rather much. You're misunderstanding. It's telling you that it was resolved _sometime after_ that time. If the time given is 6 hours ago, it means it was resolved some time between 6 hours ago and the time you saw the message - it might only have been resolved 10 minutes ago. The time given is the timestamp of the spam message in the report that the ISP responded to. -- Michael From nobody at spamcop.net Wed Sep 15 15:09:19 2004 From: nobody at spamcop.net (Ellen) Date: Wed Sep 15 14:20:03 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after References: Message-ID: "helge" wrote in message news:ci9r4c$6is$1@news.spamcop.net... > > http://www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz > What is an acceptable definition of 'sometime after'? > This spam was received 6 hour after ISP allegedly resolved the issue, > and methinks that is rather much. > > helge When you see that for an injecting IP all it means is that they have turned off reports for 24 hours, the reports still count towards the blocklist. ISPs will do that when they have enough reports and don't want to see any more. Ellen From nobody at spamcop.net Wed Sep 15 19:41:12 2004 From: nobody at spamcop.net (Bodger) Date: Wed Sep 15 14:25:03 2004 Subject: [SpamCop-List] E-Bay Spoof Message-ID: Be advised that an attempt to spoof an e-mail from E-Bay was received in the UK from 212.36.9.10 using the link http://ebay.account-change.com/582201017237763802032477072182083997barvl44uahgb5ei.htm From masfjorden at spamcop.net Wed Sep 15 21:48:13 2004 From: masfjorden at spamcop.net (helge) Date: Wed Sep 15 14:50:02 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after In-Reply-To: References: Message-ID: Michael Lefevre wrote: > helge wrote: > >>http://www.spamcop.net/sc?id=z662877727zee37ed481f64d342c44be14b49a5d0cfz >>What is an acceptable definition of 'sometime after'? >>This spam was received 6 hour after ISP allegedly resolved the issue, >>and methinks that is rather much. > > > You're misunderstanding. It's telling you that it was resolved _sometime > after_ that time. If the time given is 6 hours ago, it means it was > resolved some time between 6 hours ago and the time you saw the message - > it might only have been resolved 10 minutes ago. > > The time given is the timestamp of the spam message in the report that the > ISP responded to. > I don't think I misunderstood, rather that my English wasn't good enough. Let me rephrase the sentence that followed my question: "This spam was received 6 hours after ISP was notified, and allegedly started the long and arduous work of resolving the issue, and methinks that is rather much." However, Ellen gave the answer to my question, and I interpret her thusly: ISP may or may not intend to resolve the issue, but asks SpamCop to shut up for 24 hours. Ivan and Mike came up with alternative ways to treat this particular spam. Ivan suggests manual larting or appealing, Mike to lart upstreams Whenever SpamCop offers members to appeal, the offer is given with a warning: experts only. As a reporter, I try not to do things that are too far beyond my level of competency, and appeals and upstream reporting are - to me - out of bounds. helge From nobody at spamcop.net Wed Sep 15 16:08:32 2004 From: nobody at spamcop.net (Ellen) Date: Wed Sep 15 15:10:03 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after References: Message-ID: "helge" wrote in message news:cia2p2$ebo$1@news.spamcop.net... > > However, Ellen gave the answer to my question, and I interpret her > thusly: ISP may or may not intend to resolve the issue, but asks SpamCop > to shut up for 24 hours. Correct > > Ivan and Mike came up with alternative ways to treat this particular > spam. Ivan suggests manual larting or appealing, Mike to lart upstreams > Whenever SpamCop offers members to appeal, the offer is given with a > warning: experts only. As a reporter, I try not to do things that are > too far beyond my level of competency, and appeals and upstream > reporting are - to me - out of bounds. You can't appeal an IP -- they autoamtically reopen after 24 hours. Ellen From michael.spamcop at michaellefevre.com Wed Sep 15 20:21:44 2004 From: michael.spamcop at michaellefevre.com (Michael Lefevre) Date: Wed Sep 15 15:25:04 2004 Subject: [SpamCop-List] Re: ISP resolved this issue sometime after References: Message-ID: helge wrote: > Michael Lefevre wrote: [snip] >> You're misunderstanding. [snip] > > I don't think I misunderstood, rather that my English wasn't good > enough. Sorry. It was evidently good enough for others - it was me that misunderstood. -- Michael From skiwi+newsgroups at spamcop.net Wed Sep 15 13:29:52 2004 From: skiwi+newsgroups at spamcop.net (Skiwi) Date: Wed Sep 15 15:30:03 2004 Subject: [SpamCop-List] Re: E-Bay Spoof [it.ca has some 'measures' in place] In-Reply-To: References: Message-ID: Bodger wrote: > Be advised that an attempt to spoof an e-mail from E-Bay was received in the > UK from > 212.36.9.10 > > using the link > http://ebay.account-change.com/582201017237763802032477072182083997barvl44uahgb5ei.htm This is interesting though - if you click continue http://www.it.ca/bin/mailform-blocked.php?l=$blocklevel&s=Account&t=support%40account-change.com (http://tinyurl.com/66h8f) From nobody at devnull.spamcop.net Thu Sep 16 00:01:46 2004 From: nobody at devnull.spamcop.net (mrfurryman) Date: Wed Sep 15 18:05:22 2004 Subject: [SpamCop-List] Media: FLORIDA SIBLINGS PLEAD GUILTY TO SELLING Rx DRUGS ONLINE Message-ID: FLORIDA SIBLINGS PLEAD GUILTY TO SELLING Rx DRUGS ONLINE a brother and sister have been charged with selling prescription drugs illegally over the internet have pleaded guilty in a federal court in Virginia, the FDA announced. http://www.fda.gov/bbs/topics/news/2004/NEW01112.html Two down... how many more to go? Chris From tmcgraw at spamcop.net Wed Sep 15 16:16:46 2004 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Sep 15 18:20:03 2004 Subject: [SpamCop-List] Re: Tiresome References: <89ffk0t3es0a85n2vrcc6rm7m6qa7ngao0@4ax.com> Message-ID: <4148BF4E.5000408@spamcop.net> Tom wrote: > On Mon, 06 Sep 2004 22:47:16 -0500, Cat > wrote: > >>Just pointing out that it's no longer an acceptable practice in modern >>society to automatically assume you're only addressing men. > > Cat, I know you mean well, but your attitude sucks. If I ran into this > at work in a subordinate, I'd have you down to HR so fast your head > would spin. But we aren't, and you can't. From 8vmb6jy02 at sneakemail.com Thu Sep 16 02:14:33 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Wed Sep 15 20:15:20 2004 Subject: [SpamCop-List] Re: Media: FLORIDA SIBLINGS PLEAD GUILTY TO SELLING Rx DRUGS ONLINE In-Reply-To: References: Message-ID: mrfurryman wrote: > FLORIDA SIBLINGS PLEAD GUILTY TO SELLING Rx DRUGS ONLINE > a brother and sister have been charged with selling prescription drugs > illegally over the internet have pleaded guilty in a federal court in > Virginia, the FDA announced. > > http://www.fda.gov/bbs/topics/news/2004/NEW01112.html > > Two down... how many more to go? > > Chris Bit more on these http://www.ftc.gov/os/adjpro/d9317/ How many more? Well there's certainly 4 or 5 I'm sure one can think of that one would like to see contemplating a long 'vacation' at the 'tax payers' expense... First being the #1 ROKSO name. -- Sean From nobody at spamcop.net Wed Sep 15 21:20:33 2004 From: nobody at spamcop.net (spamcop) Date: Wed Sep 15 20:25:03 2004 Subject: [SpamCop-List] Re: No one gave spamcop the right and SC doesn't do it. References: Message-ID: "Larry J." wrote in message news:Xns9561B21EAB2EClarryathome@216.154.195.61... | Waiving the right to remain silent, "spamcop" | said: | | .."burp"... | | -- | Larry J. - Remove spamtrap in ALLCAPS to e-mail | | "Lord, are we worthy of the task that lies before us, | or are we just jerking off..?" Well, Larry's jerking off anyway. From snowbat at geocities.com Thu Sep 16 02:22:52 2004 From: snowbat at geocities.com (Snowbat) Date: Wed Sep 15 20:25:31 2004 Subject: [SpamCop-List] Re: HTML (C&C) References: Message-ID: On Tue, 14 Sep 2004 23:57:22 -0500, Tom wrote: > I found this one especially humorous: "Your mailer do not support HTML > messages. Switch to a better mailer." > > Yeah, right, if I want viruses and other nasties. No thanks, Forte's > Agent is just fine because it does NOT support HTML unless I ask it to > on a message-by-message basis. They appear to have switched to "Get a capable html e-mailer" today or else there's a new comedian on the block :-) From mswift at computerassistance.com Wed Sep 15 18:32:36 2004 From: mswift at computerassistance.com (mjj) Date: Wed Sep 15 20:35:03 2004 Subject: [SpamCop-List] white hat e-mailers Message-ID: Spamcoppers, I need help in trying to evaluate a commercial e-mail house to see if they are clean enough to do business with. I've done quite a few searches and find some people complaining about them and other ISPs that have whitelisted them. They want to be a third party CRM provider to some of our customers. We've worked in our market for over 25 years so doing a bad job is far worse than foregoing the business. Can you suggest a way to research this seriously rather than the preponderance of evidence method from the search engines? I've run the listed IPs on MAPS and nothing popped 204.180.130.0 -.255 208.28.15.0 -.255 205.162.40.0 -.255 Some names used by them are: omeda o-mail omessage lemroh That last one that concerns me. Thanks in advance for any help. I don't want to end up back here trying to figure out why my guys are getting blocked. Sincerely, Myles J. Swift Computer Assistance Inc. repair management software since 1977 From tdy at blackhole.invalid Wed Sep 15 19:24:58 2004 From: tdy at blackhole.invalid (N. Miller) Date: Wed Sep 15 21:30:07 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: In article , eddie says... > On Mon, 13 Sep 2004 23:14:48 -0700, N.Miller scratched out the following: > sniparooni > > Pacbell only exists as a "legacy domain" in the SBC Global universe, now. > Then shouldn't SC be reporting to SBC? Or is Pacbell still > semi-autonomous and worth reporting to? Reports should go to the registered abuse address. SBC operates the pacbell.net domain, it is just that Pacbell does not exist as a company. SBC gets the report, whether to ameritech.net, prodigy.net, or pacbell.net[1]. A different center, probably; but all SBC nonetheless. It is just a minor quibble... ;) [1] There are a total of nine SBC domains assigned to residential customers, nearly as I can tell. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Wed Sep 15 19:33:49 2004 From: tdy at blackhole.invalid (N. Miller) Date: Wed Sep 15 21:35:02 2004 Subject: [SpamCop-List] Re: http://www.world-of-meds.com References: Message-ID: In article , WazoO says... > Strangely enough, I had just done some searching on > a lowlife knocking on some of my doors looking for > a formmail.pl to play with ... and look at what popped up; SBC it the company which runs that service...and owns those domains. 09/15/04 18:27:41 whois pacbell.net@whois.networksolutions.com whois -h whois.networksolutions.com pacbell.net ... NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes. The Data in Network Solutions' WHOIS database is provided by Network Solutions for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. Network Solutions does not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to Network Solutions (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of Network Solutions. You agree not to use high-volume, automated, electronic processes to access or query the WHOIS database. Network Solutions reserves the right to terminate your access to the WHOIS database in its sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy. Network Solutions reserves the right to modify these terms at any time. > Registrant: > SBC Internet Services, Inc. (PACBELL2-DOM) > 1701 Alma dr > Plano, TX 75075 > US > > Domain Name: PACBELL.NET 09/15/04 18:29:14 whois swbell.net@whois.networksolutions.com > Registrant: > SBC Internet Services, Inc. (SWBELL2-DOM) > 1701 Alma dr > Plano, TX 75075 > US > > Domain Name: SWBELL.NET 09/15/04 18:31:59 whois prodigy.net@whois.networksolutions.com > Registrant: > SBC Services, Inc. (PRODIGY2-DOM) > 1565 Front St. > Yorktown Heights, NY 10598 > US > > Domain Name: PRODIGY.NET Try it for the other six domains... ameritech.net flash.net nvbell.net sbcglobal.net snet.net wans.net -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Wed Sep 15 19:37:33 2004 From: MikeE at ster.invalid (Mike Easter) Date: Wed Sep 15 21:40:03 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: Message-ID: Skiwi wrote: > And the momentary pause in the New Orelewans party, the gentle lifting > of the head to consider that it was getting a tad windy outside would > just be a faint memory, some folklore for those in 20 years to pass on > to their grandchildren as they wrapped beads around their neck... "We don't run from hurricanes - we drink them," read one sign daubed on plywood Diehards carry on drinking as Ivan closes on New Orleans --------------------- As Hurricane Ivan tore across the Gulf of Mexico towards them, the inhabitants of America's most notoriously hedonistic town did one of two things. The majority obeyed a mandatory evacuation order, leaving behind them a ghost city of boarded-up windows and sandbagged shopfronts. The rest got drunk. Bourbon Street, the fabled main drag of the New Orleans' French Quarter, remained a tiny oasis of intoxication as the first gusts of wind began to disturb the languid heat. Stubborn residents and stranded tourists strolled the cobble-stones - drinks in hand, thanks to an unusual bylaw - and tried not to think about the storm that has already devastated Grenada and parts of Jamaica, and prompted states of emergency in Louisiana, Mississippi, Alabama and Florida. "We don't run from hurricanes - we drink them," read one sign daubed on plywood, referring to the rum-and-lime cocktail that most bars were dispensing at a dollar a glass. --------------------- http://www.guardian.co.uk/naturaldisasters/story/0,7369,1305368,00.html -- Mike Easter kibitzer, not SC admin From Merlyn at Spamcop.net Wed Sep 15 22:52:18 2004 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Sep 15 21:55:05 2004 Subject: [SpamCop-List] Re: white hat e-mailers References: Message-ID: "mjj" wrote in message news:ciamv8$vgn$1@news.spamcop.net... > Spamcoppers, > > I need help in trying to evaluate a commercial e-mail house to see if they > are clean enough to do business with. I've done quite a few searches and > find some people complaining about them and other ISPs that have whitelisted > them. They want to be a third party CRM provider to some of our customers. > We've worked in our market for over 25 years so doing a bad job is far worse > than foregoing the business. Can you suggest a way to research this > seriously rather than the preponderance of evidence method from the search > engines? > > I've run the listed IPs on MAPS and nothing popped > 204.180.130.0 -.255 > 208.28.15.0 -.255 > 205.162.40.0 -.255 > > > Some names used by them are: > omeda > o-mail > omessage > lemroh > > That last one that concerns me. Thanks in advance for any help. I don't want > to end up back here trying to figure out why my guys are getting blocked. > > Sincerely, > Myles J. Swift > > Computer Assistance Inc. > repair management software since 1977 > omeda.com OrgName: Omeda Communications There are some sightings on them http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&c2coff=1&scoring=d&q=omeda.com&btnG=Search&meta=group%3Dnews.admin.net-abuse.* http://groups.google.com/groups?q=Omeda+Communications&hl=en&lr=&ie=UTF-8&group=news.admin.net-abuse.*&c2coff=1&safe=off&sa=G&scoring=d According to thier page on O-Mail I wouldn't trust them but there are very few I trust with email. I see nothing about confirmed opt-in. They look pretty spammy. They say: -------------------------------------- After thorough research, we learned that actually sending the e-mail message (with customization and HTML content) was the easy part. However, coordinating the demographic information used for and received from the e-mail blast has proven to be a difficult challenge for many circulators, especially when they are storing files at several different locations. To combat this dilemma, the O-mail system combines this information into one comprehensive database. And as a leading database management company, collecting and storing all of this various information and understanding the uses of it is exactly where we excel. OMEDA's new O-mail System, in conjunction with our new user-friendly web-based "OnQ", is the ultimate e-mail marketing weapon. -------------------------------------- Sure sounds pretty spammy to me. The reason you don't find much info is that they disguise their spam so their client gets the heat. I know what my choice would be. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From tdy at blackhole.invalid Wed Sep 15 19:53:19 2004 From: tdy at blackhole.invalid (N. Miller) Date: Wed Sep 15 21:55:23 2004 Subject: [SpamCop-List] Re: OT New Orleans vs Ivan References: <87y8jc1ilj.fsf@ursine.dyndns.org> Message-ID: In article , Frog Prince says... > We have a summer home on the Gulf Coast the will be almost dead center of > where the Ivan is projected to land. I am living in a house that has stood for forty years, only losing a chimney once, in 1989: http://quake.wr.usgs.gov/research/strongmotion/intensity/1989.html I was living north of Sacramento at the time. The last one I felt was: http://earthquake.usgs.gov/recenteqsUS/Quakes/nc40160942.htm They are brief, and usually over before you can think about it. If they don't bring the house down (and most don't!), you just pick up a few pieces and carry on. I think I prefer earthquake over hurricanes. ;) -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From none at domain.invalid Wed Sep 15 20:35:45 2004 From: none at domain.invalid (Anonymous) Date: Wed Sep 15 22:35:05 2004 Subject: [SpamCop-List] Re: white hat e-mailers References: Message-ID: "Merlyn" wrote in message news:ciarki$3df$1@news.spamcop.net... > "mjj" wrote in message > news:ciamv8$vgn$1@news.spamcop.net... >> Some names used by them are: >> omeda >> o-mail >> omessage >> lemroh >> >> That last one that concerns me. > I see nothing about confirmed opt-in. They look pretty spammy. Well, considering that that last name is HORMEL spelled backwards, I can't imagine why... From 8vmb6jy02 at sneakemail.com Thu Sep 16 04:34:08 2004 From: 8vmb6jy02 at sneakemail.com (Sean W) Date: Wed Sep 15 22:35:26 2004 Subject: [SpamCop-List] Re: white hat e-mailers In-Reply-To: References: Message-ID: Merlyn wrote: > "mjj" wrote in message > news:ciamv8$vgn$1@news.spamcop.net... > >>Spamcoppers, >> >>I need help in trying to evaluate a commercial e-mail house to see if they >>are clean enough to do business with. I've done quite a few searches and >>find some people complaining about them and other ISPs that have > > whitelisted > >>them. They want to be a third party CRM provider to some of our customers. >>We've worked in our market for over 25 years so doing a bad job is far > > worse > >>than foregoing the business. Can you suggest a way to research this >>seriously rather than the preponderance of evidence method from the search >>engines? >> >>I've run the listed IPs on MAPS and nothing popped >>204.180.130.0 -.255 >>208.28.15.0 -.255 >>205.162.40.0 -.255 >> >> >>Some names used by them are: >>omeda >>o-mail >>omessage >>lemroh >> >>That last one that concerns me. Thanks in advance for any help. I don't > > want > >>to end up back here trying to figure out why my guys are getting blocked. >> >>Sincerely, >>Myles J. Swift >> >>Computer Assistance Inc. >>repair managem

The document has moved here.