From nobody at devnull.spamcop.net Fri Apr 1 11:50:05 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Mar 31 21:55:02 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Never mind. > > anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) > Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical > tracking. The non-bouncing address is anti-spam@chinanet.cn.net From nobody at devnull.spamcop.net Fri Apr 1 17:08:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Fri Apr 1 03:10:07 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Patto wrote: > Brian (SnSR) wrote: > >> Never mind. >> >> anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) >> Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical >> tracking. > > > The non-bouncing address is anti-spam@chinanet.cn.net There is also abuse@chinatietong.com - it doesn't seem to bounce. From nobody at nowhere.invalid Fri Apr 1 10:25:54 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Apr 1 03:30:03 2005 Subject: [SpamCop-List] Re: chinatietong.com References: Message-ID: On Fri, 01 Apr 2005 17:08:07 +0900, Patto coughed into spamcop and left this in : >> The non-bouncing address is anti-spam@chinanet.cn.net > > There is also abuse@chinatietong.com - it doesn't seem to bounce. That's because /dev/null never fills up. Cynic, moi? :) -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From nobody at xyzzy.claranet.de Fri Apr 1 13:03:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:05:26 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> Message-ID: <424D2A9B.6168@xyzzy.claranet.de> Porpoise wrote: > Do you still use an old telephone with a dial that you poke > your finger in to dial as well? ;-) No, translating pulses to tones is too slow for phone banking, I've lost my external tone generator. But in theory... ASCII-art is 24*79 or smaller, anything else is just spam. Bye From nobody at xyzzy.claranet.de Fri Apr 1 13:09:36 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:10:03 2005 Subject: [SpamCop-List] ICANN annual whois data problem report Message-ID: <424D2BF0.71CF@xyzzy.claranet.de> For details see... ...but the expected outcome is clear, gTLD .biz got three times more reports than any other ICANN gTLD (relatively). Bye, Frank From MikeE at ster.invalid Fri Apr 1 05:20:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:20:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). That's a very interesting report. Here's a par "Third, there are a number of "power users" of the system. Given that they account for more than 50% of the reports, and that at least 74% of the reports are for legitimately bad Whois information, it is reasonable to assume that these industrious individuals are indeed finding many domains with incorrect Whois information. It might be reasonable to offer features in the interface to help these users." The power users to whom they are referring is based on the fact that there were 31533 reports, 3122 reporters, and the top 20 reporters reported 18317 reports. The top or power power reporter reported 4035. Now there's a diligent reporter. What I'm wondering about is the significant number of reports which were deemed to result in 'other' or 'data unchanged' as opposed to 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports resulted in data unchanged. People who are interested in the problem of bad whois and reporting it to icann/internic should read that report. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 1 05:26:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > What I'm wondering about is the significant number of reports which > were deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. There's a par on that subject as well, describing what happened when ICANN investigated whether the report should have been so classificd. The facts are that the registrars were doing a very bad job of so classifying the report. "In order to better understand the nature of the domain names marked "Other" or "Data Unchanged" (7,532 total) I CANN staff individually reviewed 5,842 (about 80%) of them and made the following observations: more than half (51.6%) had in fact been deleted or suspended. Another third of them (34.9%) had Whois data that appeared to be accurate (note, however, that it is quite possible to supply Whois information that looks completely plausible, but is in fact bad). About 14% appeared incomplete or clearly inaccurate." So the other & data unchanged data is seriously outawhack. -- Mike Easter kibitzer, not SC admin From salvisberg at spamcop.net Fri Apr 1 16:26:32 2005 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Fri Apr 1 09:20:03 2005 Subject: [SpamCop-List] Re: Automatic "held mail" deletion? In-Reply-To: References: Message-ID: <424D5A18.9070209@spamcop.net> Tim Lavoie wrote: > I'm using the spam filters to grab incoming spam instead of passing it > on, and that part works well. It does build up quickly though, leaving > a huge backlog of unreportable spam if I don't get to it every day or so. > > Is it possible to set it up to just delete old emails after certain age? I had this same problem with a SpamCop account that I set up for a computer-illiterate third party, but 1. old Held Emails seem to go away after a while (but until then they keep showing up in the Held Email report again and again...), and 2. if you have an email client with IMAP support (e.g. Thunderbird), you can set up an IMAP account for SpamCop, subscribe to the Held Email folder, and then delete your Held Email reasonably efficiently by simply dragging it from the Held Email folder to the Trash folder. It would be nice if this mechanism could also be used for reporting, e.g. by having a "Quick-Report as Spam" (and possibly a "Queue for Spam Reporting") folder, but this is not the case. See http://www.spamcop.net/fom-serve/cache/335.html for more information. Hans From skiwi at spamcop.net Fri Apr 1 08:03:14 2005 From: skiwi at spamcop.net (Skiwi) Date: Fri Apr 1 11:05:02 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? In-Reply-To: References: Message-ID: Mike Easter wrote: > Skiwi wrote: > >>Mike Easter wrote: >> >>>Skiwi wrote: >>> >>> >>>>Does yahoo@admin.spamcop.net go anywhere except the bit bin? >>> >>> >>>I'm not an admin, but those types of addresses typically are for >>>special handling for the provider, not a devnul. >> >>[snip] >> >>That was my feeling - but I wanted some admin confirmation or at least >>hand-holding that I using a "good" user report address! :-) > > > Skiwi wrote: > >>Thanks Fred - but I am getting so many of those pimp & dumps using >>st0ck54@yahoo.com et. al. that manual larting would be, hmmm, how to >>say, less likley for me to do! :-) > > > What I'm looking at in sightings^1 -- that looks to me like a (likely > bogus) remove addy. > > If you have a yahoo account, you can check it the username for > availability, but I'll be surprised if you get a positive yahoo response > to a notify of a remove email addy. You are, cough, analyzing spam then? :-P This guys seems to have such specific emails that I am guessing he is trying to be "legit" (or at least look "legit") - I have heard stories about the Vancouver Stock Exchange... :-) Anyway, I sent an email from a throwaway to 10 of the addresses - 42 through 52 - and nothing bounced back yet... Earlier, I sent complaints to Yahoo via their form for some of the 30-series ones; got back the 'we have taken action but won't tell you what is is" (thanks "Chad"!) - but did NOT say that they did not exist... Anyway... From MikeE at ster.invalid Fri Apr 1 08:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 11:25:03 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? References: Message-ID: Skiwi wrote: > Mike Easter wrote: >>> st0ck54@yahoo.com >> What I'm looking at in sightings^1 -- that looks to me like a (likely >> bogus) remove addy. >> but I'll be surprised if you get a positive yahoo >> response to a notify of a remove email addy. > > > You are, cough, analyzing spam then? :-P For the purposes of discussion, naturally. Everyone has to trip their own trigger about how they like to notify or otherwise engage in the sport or pastime or hobby of spamfighting, including how they use SC simply as a tool. But of course I'm kibitzing how that sport can be played. In the beginning, the qx was about SC using the notify address of yahoo@admin.spamcop.net for 'something' and I told about how I tho't SC didn't notify yahoo about http://mail.yahoo.com. SC also doesn't notify for spambody email addresses -- an admin decision based on the considered judgment as to the value of notifying for removes in general and those which were email addies instead of links specifically. Once upon a time SC /did/ notify for email addresses in spambodies. So, when the discussion evolved into the idea of notifying for a email remove address, I felt like putting in my 2 cents. In order to get 2 cents worth, I had to figger out why we were talking about st0ck54@yahoo.com - which required more than my reading the content of a spambody, I actually had to go dig it out of sightings in order to read it. Also, if you are doing a 'user directed' notify to yahoo about the st0ck54 username, SC advises to those using the parser for advice about notifies, not the SC notify address, but instead the user yahoo notify address. Parsing input: st0ck54@yahoo.com Reporting addresses: mail-abuse@yahoo-inc.com postmaster@yahoo.com > > This guys seems to have such specific emails that I am guessing he is > trying to be "legit" (or at least look "legit") - I have heard stories > about the Vancouver Stock Exchange... :-) > > Anyway, I sent an email from a throwaway to 10 of the addresses - 42 > through 52 - and nothing bounced back yet... > > Earlier, I sent complaints to Yahoo via their form for some of the > 30-series ones; got back the 'we have taken action but won't tell you > what is is" (thanks "Chad"!) - but did NOT say that they did not > exist... > > Anyway... -- Mike Easter kibitzer, not SC admin From Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu Fri Apr 1 16:51:22 2005 From: Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu (Paul Sawyer) Date: Fri Apr 1 11:55:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:424D2A9B.6168 @xyzzy.claranet.de: > Porpoise wrote: > >> Do you still use an old telephone with a dial that you poke >> your finger in to dial as well? ;-) > > No, translating pulses to tones is too slow for phone banking, > I've lost my external tone generator. But in theory... > > ASCII-art is 24*79 or smaller, anything else is just spam. Bye Feh -- I can remember ASCII art of 132 column width and virtually unlimited length. Kids today.... From cbminfo at toast.net Fri Apr 1 11:58:02 2005 From: cbminfo at toast.net (ken) Date: Fri Apr 1 12:00:04 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: "Frog Prince" wrote in message news:d2h6d2$c06$1@news.spamcop.net... > > "ken" > | After digging thru this the only legitimate address with an abuse > | address was my isp's return address. > | The other links jumped all over the planet wherever a phone line > could > | be hung. > | ====================================================== > | Couple weeks back it was WAMU banks, they're still coming in > | intermittantly, and they had the same returns all the time. They > | finally created an abuse address > | > ========================================================================== > | Not nearly as prolific as WAMU, I've seen other banks represented > in > | these scams. All with no legitimate abuse addresses, and rather > than > | forward my email to some unknown, I've opted to just forwarding > these > | on to spam@uce.gov. Why not stick with WAMU ? did they choose to > chase > | and prosecute ? > > I'm a WAMU customer. I called sent emails etc the responce 'just > delete it' > or get a spam blocker. > > For awhile there I was getting wamu from the SAME return for the longest time. So got into the habit of reporting it to them. Obviously if it's not from my bank telling me to update my account, it's definitely spam. I use popfile. Only when the spam passes as regular mail do I waste a minute on it. popfile has a better than 90% accuracy on moving the trash to the trash folder. I'm just saying that there's a lot of spams fitting the Nigerian scam now targeting U.S. financial institutions. That Nigerian thing may be more of a joke and annoyance now, but it did hook several people to thousands of dollars if you can believe what the news says. I don't really think ignoring and deleting these scams emails does anyone any good. And it would seem the only ones even suggesting to do nothing about it are the ones profiting from them. Actually WAMU had no abuse when I 1st started reporting to them. Now they do. they send a thank you form letter. which makes sense when the business is business. From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 1 09:26:00 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 1 12:30:07 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report In-Reply-To: References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > Frank Ellermann wrote: > >>For details see... >> >> >> >>...but the expected outcome is clear, gTLD .biz got three >>times more reports than any other ICANN gTLD (relatively). > > > That's a very interesting report. Here's a par > > "Third, there are a number of "power users" of the system. Given that > they account for more than 50% of the reports, and that at least 74% of > the reports are for legitimately bad Whois information, it is reasonable > to assume that these industrious individuals are indeed finding many > domains with incorrect Whois information. It might be reasonable to > offer features in the interface to help these users." > > The power users to whom they are referring is based on the fact that > there were 31533 reports, 3122 reporters, and the top 20 reporters > reported 18317 reports. The top or power power reporter reported 4035. > Now there's a diligent reporter. That's an average of over 900 reports for the top 20. Subtracting the top reporter's 4035 from 18317 reports of the top 20 reporters and dividing by 19 gives an average of 750 reports per reporter for the top 20 minus 1. I've made lots of reports, but not quite that many. Guess I need to step it up a bit. > > What I'm wondering about is the significant number of reports which were > deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. > > People who are interested in the problem of bad whois and reporting it > to icann/internic should read that report. > It is an informative article, lending some encouragement with the knowledge that our reports are having some effect. The analysis performed on the data indicates that more than 63% of the names reported were corrected, suspended, or are no longer registered. Then there is this statement that shows why only 63% were corrected - The advisory also reiterated that a registrar has the right to cancel a registration in such cases, but is not required to do so. Another disheartening note - Finally, the 16,941 reported names is a small fraction of the 49+ million gTLD registrations. From not at home.today Fri Apr 1 20:54:47 2005 From: not at home.today (Ant) Date: Fri Apr 1 15:00:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote: > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: [snip] >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually unlimited > length. > > Kids today.... Indeed. I still have a stack of fanfold line-printer paper on which I produced an ASCII image in several strips. When assembled and laid out it is about 9 feet square! From pantheus at suespammers.org Fri Apr 1 11:56:43 2005 From: pantheus at suespammers.org (Ken Knull) Date: Fri Apr 1 15:00:08 2005 Subject: [SpamCop-List] A Russian ISP that cares? Message-ID: English isn't perfect, clue-impaired? about closing open proxy, but hey, a non-autoack ... far more than I've ever gotten from any Russian outfit. Ken Hello, the client is temporarily blocked!!! Despite of efforts of the client the spam continued, to act in communication, with what has been blocked before finding-out of circumstances. ?????????? ?? ??????????? ?????? ???????? ********************* ??????????? ???????????? ??? ??????? ? ???????? ?????? ???????? ????? (095)789-37-27 Best regards, ISP "Zebra Telecom" Maxim Volkov www.zebratelecom.ru 24h customer service : Moscow: +7(095)741-0011 support@ztel.ru St.Petersburg: +7(812)103-3103 -----Original Message----- From: Alex Tsybin [mailto:a.tsybin@zebratelecom.ru] Sent: Friday, April 01, 2005 12:04 PM To: support@ztel.ru Subject: FW: [SpamCop (213.145.41.76) id:1393564647]**JUNK** pantheus, LOS MEJORES DOCUMENTALES DE ESP.. From PossumTrot at dont.spam.me Fri Apr 1 13:11:42 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Apr 1 16:15:04 2005 Subject: [SpamCop-List] Did the MS suits stop Spammy overnight? Message-ID: Today was the lowest number of spam in my attglobal.net account in 5 years - only 6 compared with 220 the day before and an average of more than 200 per day for the past year. Surely the MS suits filed yesterday didn't impact that number. From nobody at spamcop.net Fri Apr 1 17:06:48 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 17:10:02 2005 Subject: [SpamCop-List] Preventing Exchange 2000 from delayed bouncing Message-ID: I just made the unpleasant discovery that our corporate mail server is accepting undeliverable mail and then sending bounces, specifically in the case of nonexistent recipients. I guess we're lucky that spammers haven't found it (yet). I want to configure it to reject during the SMTP session instead of after, but I wasn't able to find any information on how to do so from a cursory Google search. The server is running Exchange 2000. Does anyone have a pointer to how I can fix this? Thanks, Mike From dfm2a3l0t2 at spymac.com Fri Apr 1 17:30:48 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Apr 1 17:35:03 2005 Subject: [SpamCop-List] Re: Unsubscribe Now Spam ?? References: Message-ID: In article , "Dwayne Conyers" wrote: > I'll spank myself. Oooh, kinky! -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Fri Apr 1 14:52:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 17:55:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: Mike Nuss wrote: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the > SMTP session instead of after, but I wasn't able to find any > information on how to do so from a cursory Google search. The server > is running Exchange 2000. Does anyone have a pointer to how I can fix > this? Someone else with experience with exchange may have a better link, but here's a place to start while you are waiting for them to show up here. http://www.byteplant.com/support/nospamtoday/howtorejectexchange.html How To Reject Undeliverable Mail with MS Exchange -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sat Apr 2 01:00:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:05:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: <424DD295.25C4@xyzzy.claranet.de> Mike Easter wrote: > So the other & data unchanged data is seriously outawhack. Not necessarily. I only report stuff listed at RFCI with the evidence of a bounced mail. When they later ask me what happened, I compare old + new data. If it's the same I test RCPT TO but don't try to send a mail. If RCPT TO is okay I say "other" (+ manual comment), otherwise I say "still bad". Bye, Frank From nobody at xyzzy.claranet.de Sat Apr 2 01:05:42 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:10:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: <424DD3C6.6677@xyzzy.claranet.de> Paul Sawyer wrote: > I can remember ASCII art of 132 column width and virtually > unlimited length. Now you confuse Snoopy or some [XXX] with ASCII art. And that wasn't in mail, it was a proper print job. > Kids today.... ...don't try to punch Snoopy. Bye, Frank From MikeE at ster.invalid Fri Apr 1 15:11:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 18:15:03 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> <424DD295.25C4@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> So the other & data unchanged data is seriously outawhack. > > Not necessarily. I only report stuff listed at RFCI with > the evidence of a bounced mail. When they later ask me what > happened, I compare old + new data. If it's the same I test > RCPT TO but don't try to send a mail. If RCPT TO is okay I > say "other" (+ manual comment), otherwise I say "still bad". Yabbut, what I'm meaning is that the reports were generated, and then the registrars were the respondents to the reports incompetently, just like they were incompetent in entering the bogus data in the first place.. The registrars responded with other16% and unchanged 59% as opposed to the other choices of corrected and deleted-- but that wasn't true very often. ICANN investigated and found that most of the time the answer should have been something else. I would like to believe that ICANN is exerting pressure appropriately to get registrars to act like the information is supposed to be correct in the first place and that they are also supposed to be responsive when /they/ are challenged that it isn't. The fact that registrars accept blatantly bogus information indicates that they don't take the responsibility seriously, and that ICANN should be making them do so. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 1 18:04:01 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 1 18:30:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 Ellen From eddie at eddie.web Fri Apr 1 21:00:12 2005 From: eddie at eddie.web (eddie) Date: Fri Apr 1 21:05:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the following: > Today was the lowest number of spam in my attglobal.net account in 5 years > - only 6 compared with 220 the day before and an average of more than 200 > per day for the past year. Surely the MS suits filed yesterday didn't > impact that number. I have noticed a downward trend in spam volume. But it is personal and anecdotal. I may be simply getting "list washed" for all my complaining and reporting to higher authorities (congress, FBI, IRS etc.) However, I have noticed the trend that most of my spam now consists mainly of chinese spamvertized sites (with russian and brazil next in line) and with most of the actual spam coming from korea. It has been a while since I was being deluged by spam from att, mci, comcast, charter etal. Whether the principals are the same but they simply have moved offshore, it's clear that it must be getting hot for the spammers to use US websites and email sources. Even the number of zombie spammers has dropped, either from ISPs getting to them or from Microsoft service packs finally disallowing them. Having said that, I fully expect a huge amount of spam later today :) It always seems to work that way. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Fri Apr 1 23:26:43 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 23:30:04 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing In-Reply-To: References: Message-ID: Ellen wrote: > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > Ellen > > Thanks, but this doesn't really do what I want, as it still accepts the messages. I want it to reject them. Unfortunately it appears that Exchange 2000 provides no mechanism to change this, and the only solution I've seen so far was Mike Easter's link, which is unfortunately to a commercial add-on that purports to solve the problem (and not terribly cleanly). Adding anything onto Exchange makes me a little queasy (well, not much more than running Exchange in the first place, I guess). Still hoping that someone will show up with a better solution. Mike From ric.gates at bigsleep.org Sat Apr 2 04:27:32 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:30:09 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 eddie entered spamcop and left news:pan.2005.04.02.02.00.12.280000@eddie.web: > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they > simply have moved offshore, it's clear that it must be getting hot for > the spammers to use US websites and email sources. Many of these are being blocked, I can still sit there and watch the comcast IPs getting reflected, it produces a bit of a glow. -- | Ric | From ric.gates at bigsleep.org Sat Apr 2 04:49:02 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 Blammo entered spamcop and left news:Xns962BD02B9347Bblammo@216.154.195.61: > produces a bit of a glow. Speaking of glow, I heat my house with the glow from chinanet. -- | Ric | | From bar_n0ne at hotmail.com Sat Apr 2 08:42:04 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Apr 1 23:55:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: "eddie" wrote in message news:pan.2005.04.02.02.00.12.280000@eddie.web... > On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the > following: > > > Today was the lowest number of spam in my attglobal.net account in 5 years > > - only 6 compared with 220 the day before and an average of more than 200 > > per day for the past year. Surely the MS suits filed yesterday didn't > > impact that number. > > I have noticed a downward trend in spam volume. But it is personal and > anecdotal. I may be simply getting "list washed" for all my complaining > and reporting to higher authorities (congress, FBI, IRS etc.) > However, I have noticed the trend that most of my spam now consists mainly > of chinese spamvertized sites (with russian and brazil next in line) and > with most of the actual spam coming from korea. > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they simply > have moved offshore, it's clear that it must be getting hot for the > spammers to use US websites and email sources. Even the number of zombie > spammers has dropped, either from ISPs getting to them or from Microsoft > service packs finally disallowing them. > Having said that, I fully expect a huge amount of spam later today :) It > always seems to work that way. > > -- > Once movie theaters gave out steak knives > Today they confiscate them Your provider may just have started filtering or miltering mine did and i dropped from 200+ to less than 10 a day rising again From ric.gates at bigsleep.org Sat Apr 2 05:10:23 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:15:05 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: On 29 Mar 2005 ken entered spamcop and left news:d2ch6b$eqr$1@news.spamcop.net: > If the people start moving their cash into mattresses and coffee cans > in the back yard because they can no longer trust the banks, where's > the economy headed ? > Ha! Most people in America don't have any money. You are working for the Man, man, come now, join me brother.... -- | Ric | From bar_n0ne at hotmail.com Sat Apr 2 09:35:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 2 00:40:02 2005 Subject: [SpamCop-List] mci 63.82.96.35, ATMLinkinc/calpop 216.240.129.23 Message-ID: Could someone put these spam servers on the nuclear targetting list please. latest incarnation is networkvisionaries.com, mci hosts the images and targets of the periodic mainsleaze style spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, same server for months now. The owners have stealthed this server from spamcop it's generally shopping spree/free products spam for "market research" just in case I trash their spam they send anywhere from 5 to 20 in a blast at my addy, sometimes several blasts over the course of a few days. From ric.gates at bigsleep.org Sat Apr 2 05:44:20 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:45:03 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: On 01 Apr 2005 Mike Nuss entered spamcop and left news:d2kgla$553$1@news.spamcop.net: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike Just use a front-end relay to check the mail, then relay it to the Exchange server. Probably best to get another box with Sendmail or Postfix, or something similar that can read a virtual user map. Keeping the virtual user database updated might require a script, but should be a simple task. Or maybe LDAP is better, as that would update itself. If you do this make sure you get both A and PTR records for both. I just looked a little and found this... http://lists.freebsd.org/pipermail/freebsd-isp/2003-October/001201.html -- | Ric | From nobody at devnull.spamcop.net Sat Apr 2 10:08:39 2005 From: nobody at devnull.spamcop.net (Xris) Date: Sat Apr 2 04:10:03 2005 Subject: [SpamCop-List] Re: SPEWS: Please remove IP Ranges from SPEWS Lists S511 In-Reply-To: References: Message-ID: Inflow AUP wrote: > Please remove the following IP's from the SPEWS blacklist. The person that > you are showing them for (Scott Richter) has been removed from our network > and the IP's have been returned to Inflow. > > 66.179.100.0 - 66.179.100.255 > 66.179.76.0 - 66.179.124.255 > 66.45.41.136 - 66.45.41.143 > 66.45.41.192 - 66.45.41.207 > 66.179.17.160 - 66.179.17.191 > 66.45.80.80 - 66.45.80.87 > 66.45.30.187 > 66.45.30.0/24 > 66.45.28.0 - 66.45.32.255 > 66.179.35.0 - 66.179.39.255 > > Thank you, > Inflow AUP Team > > Do these guys ever look at the responses they get on this list? From bjoeg at *spammer*bjoeg.dk Sat Apr 2 14:42:18 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sat Apr 2 09:45:05 2005 Subject: [SpamCop-List] Spammers getting scared? Message-ID: Of the tons of spam we receive everyday, I then wonder if this spammer got scared, and if so by which of the spam mails I reported. Follow full header X-Message-Status: n X-SID-PRA: admin@LeadSourceGroup.com X-SID-Result: TempError X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= Received: from server.thelistpro.com ([69.50.192.100]) by mc1- f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 2 Apr 2005 05:10:02 -0800 Received: from listpro by server.thelistpro.com with local (Exim 4.50) id 1DHjLV-0007yw-Q0 for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 To: @hotmail.com From: admin@LeadSourceGroup.com Subject: Your remove request has been successfully processed! Message-Id: Date: Sat, 02 Apr 2005 08:11:29 -0600 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.thelistpro.com X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] X-AntiAbuse: Sender Address Domain - server.thelistpro.com X-Source: X-Source-Args: X-Source-Dir: Return-Path: listpro@server.thelistpro.com X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) FILETIME=[47AD6090:01C53785] We have processed your global remove request successfully. You have been entirely removed from all autoresponder accounts hosted at http://www.thelistpro.com and are now blocked from being subscribed to any autoresponder hosted at this domain. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From nobody at spamcop.net Sat Apr 2 08:39:20 2005 From: nobody at spamcop.net (Ellen) Date: Sat Apr 2 10:00:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2l6tk$fm0$1@news.spamcop.net... > Ellen wrote: > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > > > Ellen > > > > > > Thanks, but this doesn't really do what I want, as it still accepts the > messages. I want it to reject them. Oh sorry, I misread your post. Ellen From nobody at nowhere.invalid Sat Apr 2 18:20:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Apr 2 11:25:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: On Sat, 2 Apr 2005 14:42:18 +0000 (UTC), Bjarke Andersen coughed into spamcop and left this in : > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header See Rules #1 and #2 here: http://bruce.pennypacker.org/spamrules.html -- Steve The three "R"s of Microsoft support: Retry, Reboot, Reinstall. From nobody at spamcop.net Sat Apr 2 08:22:35 2005 From: nobody at spamcop.net (Dar) Date: Sat Apr 2 11:25:07 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); > Sat, 2 Apr 2005 05:10:02 -0800 > Received: from listpro by server.thelistpro.com with local (Exim 4.50) > id 1DHjLV-0007yw-Q0 > for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 > To: @hotmail.com > From: admin@LeadSourceGroup.com > Subject: Your remove request has been successfully processed! > Message-Id: > Date: Sat, 02 Apr 2005 08:11:29 -0600 > X-AntiAbuse: This header was added to track abuse, please include it with > any abuse report > X-AntiAbuse: Primary Hostname - server.thelistpro.com > X-AntiAbuse: Original Domain - hotmail.com > X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] > X-AntiAbuse: Sender Address Domain - server.thelistpro.com > X-Source: > X-Source-Args: > X-Source-Dir: > Return-Path: listpro@server.thelistpro.com > X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) > FILETIME=[47AD6090:01C53785] > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- > Bjarke Andersen - Freelance SpamKiller > http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) > Wanna reply by email? Remove the spammer in address I found three of these, identical, in server spam this morning. I think it's simply a back-handed way of getting you to click on the link. Spam, by any other name, is still spam. Dar From eddie at eddie.web Sat Apr 2 13:10:46 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 08:42:04 +0400, Berny scratched out the following: snip > Your provider may just have started filtering or miltering > mine did and i dropped from 200+ to less than 10 a day > rising again My provider is not involved. I am referring to my spamcop email - my only public address. I get zero spam on my other accounts because of proper use and/or the use of discardable aliases. No, I am only talking about the spam I get to my spamcop address. It has dropped remarkedly over the last few months. Of course, the idea that anyone would send spam to a spamcop address is ludicrous to start with, but then, we know spamkiddy is braindead. Spamming a spamcop address practically guarantees it will be reported. I still suspect "list-washing" of my account, or list-washing of all SC accounts from the "million address CD." Whatever, I am not complaining. Not a bit. :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Apr 2 13:12:50 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:10 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 04:27:32 +0000, Blammo scratched out the following: > On 01 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.02.02.00.12.280000@eddie.web: > >> It has been a while since I was being deluged by spam from att, mci, >> comcast, charter etal. Whether the principals are the same but they >> simply have moved offshore, it's clear that it must be getting hot for >> the spammers to use US websites and email sources. > > Many of these are being blocked, I can still sit there and watch the > comcast IPs getting reflected, it produces a bit of a glow. Does that glow have the napalm smell of victory? Still, on my open SC account, comcast has nearly dropped into the noise. Right now it's mostly korean spam sources. -- Once movie theaters gave out steak knives Today they confiscate them From skiwi at spamcop.net Sat Apr 2 10:59:23 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 2 14:00:02 2005 Subject: [SpamCop-List] Anyone got any history on http://www.RealityAtTheSEC.com ?:? Message-ID: "The Domain www.realityatthesec.com is currently under construction. Please come back in the future for updates." From other links I was looking at, this seemed like an interesting / illumiating read (although I had my salt shaker at the ready...) SEC have it killed? TIA: Greg... From ivan at gmail.com Sat Apr 2 22:08:48 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Apr 2 15:10:03 2005 Subject: [SpamCop-List] Re: Stock scam In-Reply-To: References: Message-ID: ken wrote: > To: Cbbelegrin > Subject: Stock News All stock spam should be forwarded to enforcement@sec.gov Ivan. From porpoise1954 at yahoo.co.uk Sat Apr 2 23:08:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 2 17:15:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote in message news:Xns962B789C0C9B5Senex@216.154.195.61... > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: > >> Porpoise wrote: >> >>> Do you still use an old telephone with a dial that you poke >>> your finger in to dial as well? ;-) >> >> No, translating pulses to tones is too slow for phone banking, >> I've lost my external tone generator. But in theory... >> >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually > unlimited > length. > > Kids today.... I guess it's really all about what printer you had/have (as it all stems from pre-graphics capable printers). From noone at nowhere.net Sat Apr 2 19:02:15 2005 From: noone at nowhere.net (anna cypher) Date: Sat Apr 2 19:05:06 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: "Dwayne Conyers" wrote in message news:d2f9hi$849$1@news.spamcop.net... > I'm still waiting on George W. to declare a war on spam. Locate the > geographic location of the machine where the spam originates and have a > cruise missle fly up the orifice of the person sending it. I'm sure he will if spam is detected coming out of any oil-producing country in the Middle East (other than Saudi Arabia, of course). Anna From nobody at devnull.spamcop.net Sat Apr 2 19:26:11 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: ... > See Rules #1 and #2 here: > > http://bruce.pennypacker.org/spamrules.html ... That's FUNNY! I wonder how many addresses they've collected? I'll bet a lot, unfortunately. Pop From nobody at devnull.spamcop.net Sat Apr 2 19:29:33 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:07 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Porpoise" wrote in message news:d2n5f0$fi0$1@news.spamcop.net... > > "Paul Sawyer" wrote > in message news:Xns962B789C0C9B5Senex@216.154.195.61... >> Frank Ellermann wrote in news:424D2A9B.6168 >> @xyzzy.claranet.de: >> >>> Porpoise wrote: >>> >>>> Do you still use an old telephone with a dial that you poke >>>> your finger in to dial as well? ;-) >>> >>> No, translating pulses to tones is too slow for phone banking, >>> I've lost my external tone generator. But in theory... >>> >>> ASCII-art is 24*79 or smaller, anything else is just spam. Bye >> >> Feh -- I can remember ASCII art of 132 column width and virtually >> unlimited >> length. >> >> Kids today.... > > I guess it's really all about what printer you had/have (as it all stems > from pre-graphics capable printers). > Any of you "oldsters" here ever hear a printer play things like the Star Spangled Banner? I have! Better yet, anyone have a tape recording of such a thing? I'd LOVE to hear it again! Takes a multi-headed printer of course; won't work on polyphonic printers . I think our old IBM was a 4 header, gave us a full 8 notes with 8 more diff harmonics! Pop From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 2 18:14:20 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 2 21:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) 29-Mar-2005 08:40 GMT | SR02 Atjeu helping spammer listwash Passing on complaints to the spammer so victim's address can be removed but spammer can go right on spamming traps and those who don't know how to track and report spam. 69.50.192.28 - ad2ads.com "This is NOT SPAM. You Agreed to receive a one time message from me and my other fellow PRO FFA Page owners when posting your link to MyWayFFA.com FFA Network." (mywayffa.com registered but not in DNS) 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 server.crazy-server5.com - hitting traps From nobody at spamcop.net Sun Apr 3 09:45:17 2005 From: nobody at spamcop.net (nospam) Date: Sat Apr 2 23:50:05 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation References: Message-ID: in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > Bjarke Andersen wrote: >> Of the tons of spam we receive everyday, I then wonder if this spammer got >> scared, and if so by which of the spam mails I reported. Follow full header >> >> X-Message-Status: n >> X-SID-PRA: admin@LeadSourceGroup.com >> X-SID-Result: TempError >> X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >> Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > >> > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 > > 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) > > 29-Mar-2005 08:40 GMT | SR02 > > Atjeu helping spammer listwash > > Passing on complaints to the spammer so victim's address can be removed > but spammer can go right on spamming traps and those who don't know how > to track and report spam. > > 69.50.192.28 - ad2ads.com > > "This is NOT SPAM. You Agreed to receive a one time message > from me and my other fellow PRO FFA Page owners when posting > your link to MyWayFFA.com FFA Network." > > (mywayffa.com registered but not in DNS) > > 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 > server.crazy-server5.com - hitting traps Crzy stuff going on, one of my "spamtraps" that hasn't sent anything but SC submittals for 4 years now, and for the past year and a half only been receiving medz spam got an unsubscribe ack from thelistpro.com today, also reported as spam. --Well I neither unsubscribed (nor subscribed) I'm pretty sure it hasn't even reported spam from thelistpr.com at least not in the past half year. All it gets is a daily medz from kornet/hana for sites in tietong space. I don't know how much thelistpro spam I get if any, but maybe they're trying to wash their lists of complainers, though how that account got hit is a mystery unless there is (at least) a good 6 month time lag between them getting complaints and washing their lists. From tdy at blackhole.invalid Sat Apr 2 21:46:31 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sun Apr 3 00:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: In article , Possum Trot says... > Today was the lowest number of spam in my attglobal.net account in 5 years - > only 6 compared with 220 the day before and an average of more than 200 per > day for the past year. Surely the MS suits filed yesterday didn't impact > that number. How much spam were you getting from SBC sources? How much are you now getting from SBC sources? Last September I received an email from SBC announcing that they intended to implement port 25 blocks on outbound connections. Last December fellow SBC customers began bitching about not being able to connect to there off-ISP SMTP servers. At that time I was not blocked, but I started investigating my mail providers. By last January I had converted to using port 587, or port 465. Two nights ago I ran a Telnet check on one of those servers; port 25 is now blocked for me. It has now been seven days since I have received a spam message through an SBC open proxy; and, for the first time since October, or so, Comcast is ahead of SBC for open proxy spam. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Sun Apr 3 11:12:50 2005 From: nobody at spamcop.net (nospam) Date: Sun Apr 3 01:15:03 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com wrote on 4/2/05 9:35 AM: > Could someone put these spam servers on the nuclear targetting list please. > > latest incarnation is networkvisionaries.com, > > mci hosts the images and targets of the periodic mainsleaze style > spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, > same server for months now. > > The owners have stealthed this server from spamcop > > it's generally shopping spree/free products spam for "market research" > > just in case I trash their spam they send anywhere from 5 to 20 in a blast > at my addy, sometimes several blasts over the course of a few days. > > > today spamvertized at 63.82.06.35 : wakings.com interestor.com dreamwaking.com goldenfury.com infinite supply of registrations it seems, all at TUCOWS for software factory solutions that mo**erfscker in Laval Quebec, isn't there any disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam AUP for registrants? (Like Go-Daddy?) From bar_n0ne at hotmail.com Sun Apr 3 13:45:40 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 3 04:51:23 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: "nospam" wrote in message news:BE757221.147E5%nobody@spamcop.net... > in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com > wrote on 4/2/05 9:35 AM: > SNIP > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Sender address cycles throughout the 216.240.129.[1-256] From nobody at nowhere.invalid Sun Apr 3 12:11:59 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 3 05:16:19 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: On Sat, 2 Apr 2005 19:02:15 -0500, anna cypher coughed into spamcop and left this in : > I'm sure he will if spam is detected coming out of any oil-producing > country in the Middle East (other than Saudi Arabia, of course). If? I've already had plenty of spam coming out of .sa! -- Steve There's no place like ~ From bjoeg at *spammer*bjoeg.dk Sun Apr 3 13:21:49 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sun Apr 3 08:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Dar" crashed Echelon writing news:d2mgsb$4e6$1@news.spamcop.net: > I found three of these, identical, in server spam this morning. I think > it's simply a back-handed way of getting you to click on the link. > Spam, by any other name, is still spam. But looking at the code, what would a click on the link contribute. The link does not confirm your email address by any means, unless som eobscure bugged HTML can sniff emailaddress as refferer for visit on page. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From wb8tyw at qsl.network Sun Apr 3 10:56:21 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Apr 3 10:00:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > > But looking at the code, what would a click on the link contribute. The > link does not confirm your email address by any means, unless som eobscure > bugged HTML can sniff emailaddress as refferer for visit on page. You might be surprised at what your browser will tell the world about you. It can access quite a bit of information that you told it when you set up your Internet connection. Just visiting the link tells the spammer that it their spew has made it through your ISP's anti-spam actions, so they know that they can send more spam to everyone at your ISP. Everyone at your ISP that still has their e-mail client opening external HTML links/pictures is telling the spammer that you ISP will reliably deliver spam. And from what I have seen of web access to e-mail, there is no way to turn off that option. If it is coupled with a e-mail client, it has access to that setup information, and in some cases the html can request that it generate a mail message. If you have a slow enough computer, you can see the pop-up as the message gets sent. That is if your default profile has a valid mail server associated with it. If your default profile does not have a valid e-mail address associated with it, in most cases if a web site or a local program attempts to send e-mail through it with out your consent, you will get a pop-up from the mail program about it not being able to reach a mail server. And for some browsers, all you have to do is be tricked into visiting the web page, and spammy can use your web browser to send a spam run. http://dsbl.org/relay-methods#FTPURLrelaying The mozilla.org has informed me that Mozilla is not vulnerable to this exploit, and have posted that in the Bugzilla.org database. A major ISP is a target for spammers to begin with. If they are not using sbl-xbl.spamhaus.org, open proxy/open relay lists and a good DHCP list, then they will be flooded with spam. And by watching the web hits, the spammers know which ISPs are aiding them by reliably delivering the spam from sources that are well known to send so much spam it is not worth trying to accept the potentially 1 or two real e-mails out of each couple thousands of spam delivery attempts from them. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Sun Apr 3 12:28:15 2005 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Apr 3 11:30:06 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... >I just made the unpleasant discovery that our corporate mail server is >accepting undeliverable mail and then sending bounces, specifically in the >case of nonexistent recipients. I guess we're lucky that spammers haven't >found it (yet). I want to configure it to reject during the SMTP session >instead of after, but I wasn't able to find any information on how to do so >from a cursory Google search. The server is running Exchange 2000. Does >anyone have a pointer to how I can fix this? > > Thanks, > Mike If you do not have corporate reservations about using it, check out ORFilter. I found it from an SC link See: http://martijnjongen.com/ I have it installed on an SBS 2000 system that includes Exchange 2000 and it works great. You will have to tweak it a bit. Steve From ivan at gmail.com Sun Apr 3 18:49:12 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 11:50:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Everyone at your ISP that still has their e-mail client opening external > HTML links/pictures is telling the spammer that you ISP will reliably > deliver spam. And from what I have seen of web access to e-mail, there > is no way to turn off that option. There is with gmail, actually it's the default for spam messages. Ivan. From nobody at spamcop.net Sun Apr 3 10:23:02 2005 From: nobody at spamcop.net (Dar) Date: Sun Apr 3 12:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: In addition, the intention could be a simple: Hope I've peaked your curiosity enough to come look at this web page in the hope you will buy my product. If I put it into words in my email, you'd probably just delete it without reading it. But if you come and look, I may have a better chance of selling my product. Dar From SCNews.5.myspamgobbler at spamgourmet.com Sun Apr 3 12:38:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Apr 3 14:45:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation In-Reply-To: References: Message-ID: nospam wrote: > in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at > SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > > >>Bjarke Andersen wrote: >> >>>Of the tons of spam we receive everyday, I then wonder if this spammer got >>>scared, and if so by which of the spam mails I reported. Follow full header >>> >>>X-Message-Status: n >>>X-SID-PRA: admin@LeadSourceGroup.com >>>X-SID-Result: TempError >>>X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >>>Received: from server.thelistpro.com ([69.50.192.100]) by mc1- >> >>http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 >> >>69.50.192.100/32 is listed on the Spamhaus Block List (SBL) >> >>29-Mar-2005 08:40 GMT | SR02 >> >>Atjeu helping spammer listwash >> >>Passing on complaints to the spammer so victim's address can be removed >>but spammer can go right on spamming traps and those who don't know how >>to track and report spam. >> >>69.50.192.28 - ad2ads.com >> >>"This is NOT SPAM. You Agreed to receive a one time message >>from me and my other fellow PRO FFA Page owners when posting >>your link to MyWayFFA.com FFA Network." >> >>(mywayffa.com registered but not in DNS) >> >>69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 >>server.crazy-server5.com - hitting traps > > > Crzy stuff going on, > > one of my "spamtraps" that hasn't sent anything but SC submittals for 4 > years now, and for the past year and a half only been receiving medz spam > got an unsubscribe ack from thelistpro.com today, also reported as spam. > > --Well I neither unsubscribed (nor subscribed) > > I'm pretty sure it hasn't even reported spam from thelistpr.com at least not > in the past half year. All it gets is a daily medz from kornet/hana for > sites in tietong space. > > I don't know how much thelistpro spam I get if any, but maybe they're trying > to wash their lists of complainers, though how that account got hit is a > mystery unless there is (at least) a good 6 month time lag between them > getting complaints and washing their lists. > From: Rich Kulawiec To: SPAM-L Date: Apr 3, 2005 5:04 AM Subject: Re: Help: who is LeadSourceGroup/thelistpro? Thelistpro are block-on-sight spamming scum. I think they've got at least: 4profitebooks.com charzbiz.com charzbiznews.com cindyandrews.com emailmarketingmagic.com goldenstreammarketing.com gr8bigidea.com jessieandrews.com klaraandrews.com looppowerhits.com mypromailer.com mysecretpage.com netservicebox.com netserviceboxnews.com options2day.com oyesucan.com rapidtracker.com ringofpower.biz ringofpowernews.biz straighttalknewsloop.com strategicmarketingconcepts.com thelistpro.com thepromailer.com From ivan at gmail.com Sun Apr 3 22:37:53 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 15:40:04 2005 Subject: [SpamCop-List] Microsoft bankrupts OptInRealBig.com (and Scott Richter) Message-ID: http://news.bbc.co.uk/1/hi/technology/4400335.stm Just in case you think the lawsuits are pointless. Ivan. From gezgin at spamcop.net Sun Apr 3 23:49:10 2005 From: gezgin at spamcop.net (Gezgin) Date: Sun Apr 3 15:50:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote > http://news.bbc.co.uk/1/hi/technology/4400335.stm Nice. I especially liked "But, make no mistake, we do expect to prevail." He should have added "And the light at the end of the tunnel is NOT a train bearing down on us." -- Bob Kanyak's Doghouse http://www.kanyak.com From DougThegarden at hotmail.com Sun Apr 3 21:58:11 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 16:00:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. Before you get too excited its a pure technicality at this stage. Chapter 11 allows him to continue trading while protected from his creditors. And who are those creditors? Well if you look at what the article says, he would be in the black by about $6m except for this big potential $46m being claimed by M$. So under Chapter 11 he can continue trading while protected from Microsofts financial claim i.e. life as normal Doug From ivan at gmail.com Sun Apr 3 23:14:04 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 16:15:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Before you get too excited its a pure technicality at this stage. > Chapter 11 allows him to continue trading while protected from his > creditors. And who are those creditors? Well if you look at what the > article says, he would be in the black by about $6m except for this big > potential $46m being claimed by M$. So under Chapter 11 he can continue > trading while protected from Microsofts financial claim i.e. life as normal Sure, until Microsoft wins with their army of lawyers. Ivan. From nospam at dev.null Sun Apr 3 23:39:44 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:40:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote in message news:d2pgmh$l8u$1@news.spamcop.net... > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. My, my.... How our heroes change overnight :-) Somehow I think (and hope) M$ will win the end round.. Not being a M$ fanatic, they are at least doing a bit of good here. Uhmmm, make that a LOT.... However, as affected parties, we all probably hope to see M$ win. Seems crazy though: A party doing something illegal, a private company does what law officials should be doing, they succeed. Then the guilty party turns to the law for protection to spam again. Questions: Not being a laywer or knowing US law, anybody got a take on the alternatives? Scot succeeds in Chapter 11 or ...???? Have you guys got gaols in the US? Or am I missing something? Cheers E From pxpearson at spamxcop.net Sun Apr 3 14:39:10 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Apr 3 16:40:08 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. [snip] > Sure, until Microsoft wins with their army of lawyers. Let's hope so. But I think Doug Thegarden's point was that the bankruptcy filing is a defensive tactic, not proof of the devastating, humiliating, crushing, bloody, obliterating, emasculating defeat we're all waiting so politely (:-) to see. -- Remove the two x's to get a good email address. From nospam at dev.null Sun Apr 3 23:52:57 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:50:03 2005 Subject: [SpamCop-List] Positive Registrar Feedback Message-ID: Hi All In these times when 99.9% of the spam in my inbox has URL's in either Brazil or China as payload (and moving a lot between the two): Sent a mail to XIN NET TECHNOLOGY re bad whois on BICKERER.NET. I included proof of wilfully supplied bad whois etc. Mail was sent on the 31st of March. From: X Sent: 31 March 2005 10:19 To: X Subject: Bad Whois for bickerer.net Result: Domain Name: BICKERER.NET Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.paycenter.com.cn Name Server: NS1.ALON587.COM Name Server: NS2.ALON587.COM Status: REGISTRAR-HOLD Updated Date: 31-mar-2005 Creation Date: 29-mar-2005 Expiration Date: 29-mar-2006 Immediate hold. I used the registrar contact as found at http://www.internic.net/contact.html Excellent service. Well done to XIN NET ! From nospam at dev.null Mon Apr 4 00:18:13 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... SNIP > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- SNIP Wonders what whois and google can produce. Administrative Contact: Andrews, James admin@oyesucan.com 27529 Hwy 72 Athens, Alabama 35613 United States 8668248893 Fax -- Goofle on address gives: http://leadsourcegroup.com/facts.htm "We NEVER use spam to generate leads." They have a toll free tel number. Why not phone them and ask them HOW you email got onto the list? :-) http://oyesucan.com/contact.php ...we provide personal and expert leadership and e-marketing guidance at "no cost"! http://www.audiovideostreams.com/contactus/ Tracking is anonymous - your privacy is not being violated. Non-intrusive. From DougThegarden at hotmail.com Sun Apr 3 23:19:27 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 17:20:09 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: > >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. And who are those creditors? Well if you look at what the >> article says, he would be in the black by about $6m except for this >> big potential $46m being claimed by M$. So under Chapter 11 he can >> continue trading while protected from Microsofts financial claim i.e. >> life as normal > > Sure, until Microsoft wins with their army of lawyers. > Even then he would continue trading in Chapter 11 protected from his creditors i.e. M$ until the Courts decide there is no prospect of him trading through his financial problems. Doug From nospam at dev.null Mon Apr 4 00:35:07 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:35:07 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: > > latest incarnation is networkvisionaries.com, > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Won't work. This is a mailbox rental. http://www.mailnetwork.com/atemporary.html Tel numer is US - toll free http://www.numberingplans.com/index.php?goto=isdn&s=%2B1.8775725732&action=a nalyse Also: THEHOTTESTTHINGAROUND.COM used as mail server I suggest mail to info@mailnetwork.com T&C: http://www.mailnetwork.com/aterms.html "3. Customer agrees that Customer will not use the Center premises or any Center services for any unlawful, illegitimate or fraudulent purpose or for any purpose prohibited by U.S. postal regulations or those of the country where the Center is located. Customer further agrees that any use of the Mailbox shall be in conformity with all applicable federal, state and local laws." etc etc Cheers From nobody at devnull.spamcop.net Sun Apr 3 18:03:38 2005 From: nobody at devnull.spamcop.net (Tom) Date: Sun Apr 3 18:05:05 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: On Sun, 3 Apr 2005 22:49:10 +0300, Gezgin wrote: >> http://news.bbc.co.uk/1/hi/technology/4400335.stm > >Nice. I especially liked "But, make no mistake, we do expect >to prevail." He should have added "And the light at the end >of the tunnel is NOT a train bearing down on us." Mm, Sounds a lot like the litiny of Daryl McBride and crew (SCO). From nospam at dev.null Mon Apr 4 01:23:55 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 18:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:424D2BF0.71CF@xyzzy.claranet.de... > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). > > Bye, Frank > Thanks for the URL. It slipped by me ... My stats: Sent and confirmed: Sent, 247 Reports received for follow up: 229 Deviation of 18? Never noticed that ... Hmm, sone more work to do :-) Howver, as regards the desired result: 37 sent via rip.gandi.net 303 other direct to registrar, with follow up onto wdprs only if not action in 5 days (normally for wilfully supplied inaccurate whois). No stats on duplication effort, but it is quite high. 8 misc other Hmm, maybe I should combine direct to registrar and wdprs from step 1 Interesting and thanks for the link again From nospam at dev.null Mon Apr 4 02:06:41 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:05:04 2005 Subject: [SpamCop-List] Re: ISP's that bounce phishes and phish LART's References: Message-ID: "George Langford, Sc.D." wrote in message news:mailman.123.1111932673.4572.spamcop-list@news.spamcop.net... > Just one of many tracking URL's: > http://www.spamcop.net/sc?id=z746288874zb890ad0ac0e6156148c594320c8214f1z > > These bounces have happened several times recently. They have > the effect that the bouncing IP's will not be getting any notifies of > unlawful phishing activity. Do they know that their diligence in > protecting their technical staff from phishes is protecting their > criminals even more ? > Hmm Try http://antiphishing.org/ and reprot there. Also try mail to abuse without copy, stating reason you are not incuding a sample. That way they have to ask and you will get some address that may work. Also mention you have copied http://antiphishing.org/ Cheers From nospam at dev.null Mon Apr 4 02:43:49 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:45:05 2005 Subject: [SpamCop-List] Feedback: Worm infested server @ Bharti 202.56.239.78 References: Message-ID: "Anty Spam" wrote in message news:d1t1n3$vpl$1@news.spamcop.net... > Hi All > > The following two worm attempts refer > http://www.spamcop.net/sc?id=z745308652zb954fdc03dd52f4b85b68463b3299470z > and > http://www.spamcop.net/sc?id=z745309531z8ea5780a36e8501468ad92d10a7657dcz > > Each time a Netsky is attached (and removed :-) > > > I has tried the techsupport@bharti.com and postmaster@bharti.com addresses. > For more than a month! > > Yet with regularity, these mails arrive from 202.56.239.78, up to 5 per day. > > Normally the "bounce" message is acompanied by one or two nonsense mails. > All mails have a Netsky attached. Feedback on this issue. My ISP has not extremely helpful on this issue. I got a "Report to spamcop" response - Ughhhhhhhhhhhhhhh. One born every minute. Luckily I am not paying... Also, my philosophy on an issue such as this: Never give up. Escalate. (reminds me a bit of the frog and the stork)As such I stepped up the heat. I started polling "security" newsgroups "that it is best not to be known on" about the morality of taking down such a server based on the circumstances. Complete with IP address. (I was sure this generated a lot attention from undersirables) . Also made Bharti aware of these. I dug around. Found the Indian IT act. Based upon the above, combined with the fact that I had proof of which addresses did in fact receive my mails, I requested my mails be forwarded to the legal department. I mentioned and quoted the act, clean up costs etc etc to which I am entitled. I also happended to ask if "X". was still doing their support, since this could hurt them. After this mail, I have not received another worm. Persistence pays. Since replies here mentioned bad/non-existent service: There are articles floating about on the net about who is doing their support in which areas. I think I hit a nerve when I mentioned "X". Cheers From baloo at ursine.ca Sun Apr 3 17:54:06 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 3 20:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Anty Spam wrote: > > "Ivan Leo Puoti" wrote in message > news:d2pgmh$l8u$1@news.spamcop.net... >> http://news.bbc.co.uk/1/hi/technology/4400335.stm >> >> Just in case you think the lawsuits are pointless. >> >> Ivan. > > My, my.... How our heroes change overnight :-) I wouldn't say that heroes have changed, though it does show that Microsoft *is* self-conscious and is trying to assert their position on the pole: relatively good --------------- [...] People with common sense AOL and it's users Microsoft Spammers Postal spammers [...] --------------- relatively evil -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From nobody at xyzzy.claranet.de Mon Apr 4 11:32:04 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 04:35:25 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> Message-ID: <4250FB84.2B03@xyzzy.claranet.de> Steven Maesslein wrote: > AFRINIC isn't completely up and running yet. Apparently they import bogus records from RIPE without contact address, if that's the case it's an excessively bad idea. > the abuse addy for aviso.ci isn't abuse@ according to > abuse.net: Yes, I didn't check abuse.net. IMNSHO the RfC with abuse@ is now old enough, implement it or die. > $ whois -h whois.abuse.net aviso.ci > postmaster@aviso.ci (for aviso.ci) > assied@aviso.ci (for aviso.ci) > j.zano@aviso.ci (for aviso.ci) If John has not changed his procedures entries with postmaster@ are unverified (= submitted by 3rd parties). Only the entries without postmaster@ were really submitted by the postmaster@. That is of course irrelevant for our beloved SC-the-script, but for manual report I'd first try abuse@, and if that bounces I'd check RFCI and add abuse@ if neccessary. Then I'd try whatever whois says and postmaster@ to maximize the RFCI damage. If all fails I test the abuse.net entries and other addresses, sending an update to update(A T)abuse.net if something works. aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, `rxwhois -a aviso.ci`: aviso.ci (-------10): .postmaster.rfc-ignorant.org aviso.ci (------2--): .abuse.rfc-ignorant.org aviso.ci (------210): .whois.rfc-ignorant.org whois -h whois.abuse.net aviso.ci postmaster@aviso.ci (for aviso.ci) assied@aviso.ci (for aviso.ci) j.zano@aviso.ci (for aviso.ci) Sigh, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:13:02 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:15:36 2005 Subject: [SpamCop-List] error:Can't send report Message-ID: <4251051E.2F7B@xyzzy.claranet.de> A really old SpamCop error strikes again: error:Can't send report: smtpEnvelope (1395420024@bounces.spamcop.net, abuse@bora.net): smtpFrom: mail From 1395420024@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919881zff0ca772a1a36c63198ba44563c1b7e6z error:Can't send report: smtpEnvelope (1395420035@bounces.spamcop.net, abuse@netvision.net.il): smtpFrom: mail From 1395420035@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919880zb9027024467a615e07d91cf70ef96f99z error:Can't send report: smtpEnvelope (1395420043@bounces.spamcop.net, abuse@xo.com): smtpFrom: mail From 1395420043@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919879z921f7bedf1d4c2b46aae7b2f4035694cz error:Can't send report: smtpEnvelope (1395420051@bounces.spamcop.net, abuse@comcast.net): smtpFrom: mail From 1395420051@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919878z9b4b47099d1aa2edf1793ce0899862bcz Lines folded by me, the SC error output has no \n (line end). Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:29:14 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:35:03 2005 Subject: [SpamCop-List] JPnic parsing failed: HB022JP Message-ID: <425108EA.1052@xyzzy.claranet.de> Another old SpamCop problem, it cannot parse the JPNIC handles: | "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) | JPnic parsing failed: HB022JP | nothing found I don't see why, the JPNIC format is strange but clear: whois -h whois.nic.ad.jp HB022JP /e [...] | Contact Information: | a. [JPNIC Handle] HB022JP | c. [Last, First] Baba, Hyosuke | d. [E-Mail] baba@hd-group.com [...] I've already reported the similar case KP035JP to deputies@, but this HB022JP "baba" is sending quite a lot of spam. Bye, Frank http://www.spamcop.net/sc?id=z748917832ze7e35cf3c294a6645224187d38e689d3z From MikeE at ster.invalid Mon Apr 4 03:35:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:35:07 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > A really old SpamCop error strikes again: What does/did it do? The trackers look like a report was sent on the source on each. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 03:49:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:50:02 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Another old SpamCop problem, it cannot parse the JPNIC handles: > >> "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) >> JPnic parsing failed: HB022JP >> nothing found > > I don't see why, the JPNIC format is strange but clear: > whois -h whois.nic.ad.jp HB022JP /e > [...] >> Contact Information: >> a. [JPNIC Handle] HB022JP >> c. [Last, First] Baba, Hyosuke >> d. [E-Mail] baba@hd-group.com > [...] So it is tripping on the a. b. c. again. Also, I seem to recall from somewhere that for the .jp notifies that if you were only going to notify one, as SC is inclined to do here, that you should notify the admin instead of the tech. inetnum: 210.160.67.64 - 210.160.67.79 netname: HD-GROUP descr: HIRANO & ASSOCIATES,INC. country: JP admin-c: MO558JP tech-c: HB022JP SC picked the tech, not the admin. a. [JPNIC Handle] MO558JP c. [Last, First] Oki, Masafumi d. [E-Mail] oki@hd-group.com g. [Organization] HIRANO & ASSOCIATES,INC. l. [Division] planning group n. [Title] Director I don't remember where I heard that tech is a better choice /generally/ except for .jp -- maybe that information is incorrect. On the ones I do [choose notifies], if there is a presumed language situation, I try to notify /more/ addresses, not less, and let them sort it out on their end. There isn't a reg'd abuse.net here, so that's another reason I would notify more not less. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 15:14:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 08:15:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 10:32:04 +0200, Frank Ellermann coughed into spamcop and left this in <4250FB84.2B03@xyzzy.claranet.de>: > aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, > `rxwhois -a aviso.ci`: Can you think of anyone in AFRINIC space that isn't a permanent source of 419 junk nowadays? I don't think that AFRINIC is that bad an idea if it can be used to block on sight. Much like LACNIC can. -- Steve Good judgment comes from bad experience, and a lot of that comes from bad judgment. From nobody at devnull.spamcop.net Mon Apr 4 08:10:00 2005 From: nobody at devnull.spamcop.net (Premedic) Date: Mon Apr 4 10:15:02 2005 Subject: [SpamCop-List] postmaster@telecall.ru does not bounce Message-ID: Hello, postmaster@telecall.ru appears to no longer be bouncing, as determined by a manual message to that address. Please enable sending SpamCop reports to this address in the SPAM submission tool on SpamCop.net. Thank you, Premedic From nobody at xyzzy.claranet.de Mon Apr 4 17:12:46 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:03 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: <42514B5E.1D45@xyzzy.claranet.de> Mike Easter wrote: >>> Contact Information: >>> a. [JPNIC Handle] HB022JP >>> c. [Last, First] Baba, Hyosuke >>> d. [E-Mail] baba@hd-group.com > So it is tripping on the a. b. c. again. It's missing a "b." ? LOL, you're right, it's the same for KP035JP. Now that's stupid, the JP-pattern is always a line starting with "d. [E-Mail]". The "b." is irrelevant, IIRC it's something like organization or name of network. > I seem to recall from somewhere that for the .jp notifies > that if you were only going to notify one, as SC is inclined > to do here, that you should notify the admin instead of the > tech. Yes, that's a general rule, the Tech-C is not responsible for abuse issues, or at least not in any automatical "script" way. > I don't remember where I heard that tech is a better choice > /generally/ except for .jp -- maybe that information is > incorrect. Maybe this depends on the case, for a spamvertized domain the Admin-C probably _is_ the spammer. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:20:08 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:09 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: <42514D18.DA6@xyzzy.claranet.de> Mike Easter wrote: >> A really old SpamCop error strikes again: > What does/did it do? I'm not sure, it's only in Quick reporting confirmations. If the error message means what it says SC's SMTP got a 500 error for unknown reasons, and that's all I see in the confirmation. > The trackers look like a report was sent Maybe it only says that SC _tried_ to send a report, and it never really worked. I've asked deputies@ about this issue more than once, but probably they are lost like you and me. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:33:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:35:04 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: <42515055.4811@xyzzy.claranet.de> Steven Maesslein wrote: > Can you think of anyone in AFRINIC space that isn't a > permanent source of 419 junk nowadays? Why not ? I don't believe in any regional ignorance. ;-) And as far as I'm concerned the 419ers moved from NL to Tiscali in the UK, not to Aviso in CI. > I don't think that AFRINIC is that bad an idea if it can be > used to block on sight. Much like LACNIC can. No, sorry, I really don't like these strategies. BR used to be a very bad sign, and Chile is an intentional whois-ignorant, I'd really love to block these countries "forever" (until they change their laws and maybe shoot their NICs). But why should I block say Venezuela or Namibia ? Bye, Frank From ivan at gmail.com Mon Apr 4 18:46:35 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Mon Apr 4 11:50:11 2005 Subject: [SpamCop-List] Re: St0ck Spammers In-Reply-To: <4246601F.FC717C60@gotohell.com> References: <4246601F.FC717C60@gotohell.com> Message-ID: Steve Holmes wrote: > Anyone want to join forces to shut these guys down? I'm keeping a chart > of Yahoo addresses used and st0cks touted. Report them to enforcement@sec.gov Ivan. From nobody at nowhere.invalid Mon Apr 4 19:06:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 12:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 16:33:57 +0200, Frank Ellermann coughed into spamcop and left this in <42515055.4811@xyzzy.claranet.de>: > Why not ? I don't believe in any regional ignorance. ;-) And > as far as I'm concerned the 419ers moved from NL to Tiscali in > the UK, not to Aviso in CI. I sometimes see 419's that were relayed through various areas but that still originate in aviso.ci space. > No, sorry, I really don't like these strategies. BR used to > be a very bad sign, and Chile is an intentional whois-ignorant, > I'd really love to block these countries "forever" (until they > change their laws and maybe shoot their NICs). But why should > I block say Venezuela or Namibia ? Well... I've received plenty of spam from .ve and I know of nobody with any reason to contact me in .na. OTOH, I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, .ci, .ng, .za, .zw, .ml, .sa..... -- Steve The average nutritional value of promises is roughly zero. From nobody at xyzzy.claranet.de Mon Apr 4 19:43:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 12:45:10 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: <42516EB4.53DD@xyzzy.claranet.de> Steven Maesslein wrote: > I sometimes see 419's that were relayed through various areas > but that still originate in aviso.ci space. Okay, that this ISP is a listed RFC-ignorant is clear. I've no problem with blocking ISPs. But I doubt that all black hats on earth are together as bad as SpamCast alone. > I know of nobody with any reason to contact me in .na. TLD .na has a working whois server, that's alone is better than major parts of the world. > I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, > .ci, .ng, .za, .zw, .ml, .sa..... Maybe you get much more spam, I'm not sure that I ever got any mail with an address or mail provider in some of these ccTLDs. Does .sa belong to AFRINIC ? Bye, Frank From MikeE at ster.invalid Mon Apr 4 11:09:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 13:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Does .sa belong to AFRINIC ? There's a Local Internet Registry saudinic whose IP netblocks are in ripe. http://www.saudinic.net.sa/about/about_saudinic.htm It also operates an online whois. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 22:40:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 15:45:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 18:43:32 +0200, Frank Ellermann coughed into spamcop and left this in <42516EB4.53DD@xyzzy.claranet.de>: > Okay, that this ISP is a listed RFC-ignorant is clear. I've no > problem with blocking ISPs. But I doubt that all black hats on earth > are together as bad as SpamCast alone. They do appear to be relqtively empty-hat, which probably explains why I ended up feeding the firewall with their alllocations whenever I got spam from a new one. >> I know of nobody with any reason to contact me in .na. > > TLD .na has a working whois server, that's alone is better than > major parts of the world. Agreed. But it doesn't alter the fact that I can't think of a reason why I'd have to correspond with anyone in that country. >> I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, >> .ci, .ng, .za, .zw, .ml, .sa..... > > Maybe you get much more spam, I'm not sure that I ever got any > mail with an address or mail provider in some of these ccTLDs. I'm sent in the region of 2000 spams each day. That's counting stuff that doesn't make it past the firewall, what's blocked by DNSBL's and what seeps through. > Does .sa belong to AFRINIC ? Apparently not according to Mike Easter. Maybe RIPE is keeping control of the Middle-East. -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From tdy at blackhole.invalid Mon Apr 4 14:08:09 2005 From: tdy at blackhole.invalid (N. Miller) Date: Mon Apr 4 16:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: In article , Anty Spam says... > Questions: > Not being a laywer or knowing US law, anybody got a take on the > alternatives? Scot succeeds in Chapter 11 or ...???? If MSFT wins a judgement, and Richter's Chapter 11 plan does not look like it will succeed, he will probably have to move to a different plan. I am not sure it it would be Chapter 7, or Chapter 13; but one of them. > Have you guys got gaols in the US? Nope. We have "jails"; same pronunciation and function, though. > Or am I missing something? I don't believe that we have debtor's prisons any more. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Mon Apr 4 23:17:41 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 16:20:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: <4251A0E5.B12@xyzzy.claranet.de> Mike Easter wrote: > It also operates an online whois. Yes, I collect these servers for rxwhois.cmd (a whois client), and SaudiNic made it on my "special" list, because they need a special syntax for their handles. Not as bad as DENIC... ;-) Bye, Frank -- (version 1.7.7, 45 KB) From spamcop at 1bigthink.com Mon Apr 4 17:22:58 2005 From: spamcop at 1bigthink.com (spamcop) Date: Mon Apr 4 16:23:30 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: <6.1.2.0.0.20050404162150.03e6bde8@mx.1bigthink.com> At 04:08 PM 4/4/2005, you wrote: >In article , Anty Spam says... > > >I don't believe that we have debtor's prisons any more. Sure we do.. if you can't afford a decent attorney, we'll appoint one so that you are sure to lose.. what's the difference? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From president at whitehouse.gov Mon Apr 4 18:15:45 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 20:20:10 2005 Subject: [SpamCop-List] 1and1 Internet SMTP servers Message-ID: Hi All: I have been using www.1and1.com as a web host for about 8 months now. I've noticed that sometimes when I write an email to someone at AOL, it is blocked with a message that my server is being blocked. Also, though less frequent, emails to Prodigy and Juno addresses have been blocked. 1and1 tech support swears they don't permit spamming, and says it's just because they are so large that it's inevitable that some emails that originate from their IP blocks are flagged as spam. I am very happy with their web hosting ability, but this block list crap is wearing me thin. Is 1and1 feeding me a line of bull? Do they have any reputation, good or bad? Thanks! From nobody at spamcop.net Mon Apr 4 18:48:36 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Apr 4 20:50:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Block AOL with the message to users to change ISP accounts "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... > Hi All: > > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. > > Also, though less frequent, emails to Prodigy and Juno addresses have been > blocked. 1and1 tech support swears they don't permit spamming, and says > it's just because they are so large that it's inevitable that some emails > that originate from their IP blocks are flagged as spam. > > I am very happy with their web hosting ability, but this block list crap > is wearing me thin. > > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? > > Thanks! > From MikeE at ster.invalid Mon Apr 4 18:52:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 20:55:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, > it is blocked with a message that my server is being blocked. The way to talk about a server or a mail being blocked or having its mail rejected because it is DNSBL listed is to name the particular IP, not name some website who is a webhost. We aren't talking about webhosting here, we are talking about smtp transactions and particular mailserver output IPs. When you give that kind of information, it means that whoever is going to 'correspond' or discuss with you whatever it is you are talking about is going to have to do a lot of or some detective work to begin the conversation. > Also, though less frequent, emails to Prodigy and Juno addresses have > been blocked. That means that some IP is getting itself onto AOL's as well as Juno's and Prodigy's blocklists. > 1and1 tech support swears they don't permit spamming, > and says it's just because they are so large that it's inevitable > that some emails that originate from their IP blocks are flagged as > spam. There are a variety of reasons that IPs get themselves blocklisted; and it behooves a good provider to recognize all of those causes and avoid or prevent them by good security and spam output prevention, as well as both proactive prevention of blocklisting plus aggressive efforts to correct any problems once listings occur. > I am very happy with their web hosting ability, but this block list > crap is wearing me thin. Maybe you should handle your mail output someother way. > Is 1and1 feeding me a line of bull? Do they have any reputation, > good or bad? I don't think the issue of www.1and1.com is what we are talking about here. 1and1 is Schlund. Schlund is also perfora.net If I look around in sightings and see who is notifying schlund about being a spamsource, I see perfora output servers and I see a perfora output server currently listed on sorbs as a spamsource server; in fact there are 4 different perfora output servers so listed in sorbs. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 19:02:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 21:05:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > blocked with a message that my server is being blocked. What message and what server is that? -- Mike Easter kibitzer, not SC admin From dannyg at dannyg.com Mon Apr 4 19:14:42 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Mon Apr 4 21:14:45 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: <200504050020.j350KI2N094944@dannyg.com> Message-ID: > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? They've been on my radar in the last month, but only as the host to a few phisher sites that got shut down exceedingly quickly (e.g., within 20 minutes of the phish email hitting my server). These aren't the common hacked servers, but domains and accounts set up explicitly to phish (probably paid for by a stolen cc). That evidence is positive, but not statistically sound. Danny http://www.dannyg.com http://www.spamwars.com From president at whitehouse.gov Mon Apr 4 21:09:14 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:31 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2sndf$9t7$1@news.spamcop.net... > The way to talk about a server or a mail being blocked or having its > mail rejected because it is DNSBL listed is to name the particular IP, > not name some website who is a webhost. We aren't talking about > webhosting here, we are talking about smtp transactions and particular > mailserver output IPs. My apologies, my choice of terminology was poor. 1and1 is hosting some domains for me. As a part of that service they provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is what I sometimes use when I send email. I occasionally use my ISP's SMTP server but that's yet another sob story. >> I am very happy with their web hosting ability, but this block list >> crap is wearing me thin. > > Maybe you should handle your mail output someother way. How so? I don't really want to maintain my own mail server. My ISP has their own problems with SMTP, which causes me to occasionally bounce back and forth between using the ISP's SMTP servers and 1and1's SMTP server(s). I could pay another company to provide SMTP service I guess, though I'm already paying two companies to provide it now. What other way to you recommend? > If I look around in sightings and see who is notifying schlund about > being a spamsource, I see perfora output servers and I see a perfora > output server currently listed on sorbs as a spamsource server; in fact > there are 4 different perfora output servers so listed in sorbs. Doesn't surprise me. :) > Mike Easter > kibitzer, not SC admin Thanks Mike! I appreciate your input. From president at whitehouse.gov Mon Apr 4 21:13:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:49 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? A sample would be... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.40]. The delivery of the mail below has failed due to the following reasons: xyz1@aol.com: xyz2@aol.com: connection rejected by 64.12.138.152 command : greeting response: 554 (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html From president at whitehouse.gov Mon Apr 4 21:17:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:20:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? Here's one from Juno... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.41]. The delivery of the mail below has failed due to the following reasons: xyz1@juno.com: connection rejected by 64.136.28.83 command : greeting response: 550 Access denied...48711c65bd656861acf98d1d4cf94981a5855cd935b8b8353958318558ed75ed359d05... From skiwi at spamcop.net Mon Apr 4 22:52:24 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 00:55:02 2005 Subject: [SpamCop-List] FYI - email to and response from regarding all these Canadian P&Ds lately... Message-ID: Greg : Thank you for contacting us regarding your concerns and suggestions for dealing with spam electronic messages for shares trading on the TSX Venture Exchange. Staff of the BCSC do investigate complaints to enforce compliance with the securities legislation and to sanction market misconduct. When appropriate, we also refer complaints to other regulatory jurisdictions or self-regulatory bodies. Not all complaints result in an investigation or public sanction. Staff cannot verify or comment on an investigation until the matter becomes one of public record. While this may seem frustrating to some, the purpose is to protect the integrity of an investigation and to ensure that the complaint process is not used to affect the market. Again, we appreciate you bringing your concerns to our attention. British Columbia Securities Commission PO Box 10142, Pacific Centre 701 West Georgia Street Vancouver, BC V7Y 1L2 Inquiries@bcsc.bc.ca 604 899-6500 - Main switchboard 604 899-6854 - Inquiries or Complaints 1 800 373-6393 - Toll Free in BC and Alberta) 604 899-6506 - Fax ------------------------------------------------------------------------- Greg .net> To inquiries@bcsc.bc.ca 04/02/2005 11:05 cc AM consltcomm@fin.gc.ca Subject There has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange --------------------- Hello, I am sure you are aware that there has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange. Please consider setting up a mechanism like that put in place by Ottawa (or indeed the US (enforcement@sec.gov)) to enable you to at least collect these in aggregate - a possible model: the Ontario Securities Commission accepts P&D emails forwarded to inquiries@osc.gov.on.ca That is, although it would of course be impractical to act on every instance the patterns may allow you to start looking for the perpetrators and the stocks they are utilizing - and hence further protect the name of the Vancouver Stock Exchange / British Columbia Securities Commission. Regards & Thank You, GREG c.c. consltcomm@fin.gc.ca From Kilgallen at SpamCop.net Tue Apr 5 00:53:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Apr 5 00:55:07 2005 Subject: [SpamCop-List] References: Message-ID: In article , spamcop writes: > At 04:08 PM 4/4/2005, you wrote: >>In article , Anty Spam says... >> >> >>I don't believe that we have debtor's prisons any more. > > Sure we do.. if you can't afford a decent attorney, we'll appoint one so > that you are sure to lose.. what's the difference? Prisons are for those convicted of criminal charges. The Microsoft action is a civil suit. From bar_n0ne at hotmail.com Tue Apr 5 10:50:48 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 01:55:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... References: Message-ID: "Skiwi" wrote in message news:d2t5ia$ghp$1@news.spamcop.net... > Greg : > EXCHANGE SNIPPED > > c.c. consltcomm@fin.gc.ca Looks like a form letter, they didn't even address your issue about a straghtforward submission mechanism as done by the Ontario commission. Seems they don't read their mail. From skiwi at spamcop.net Tue Apr 5 00:02:02 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 02:05:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it.... :-( From MikeE at ster.invalid Tue Apr 5 00:05:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:05:11 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > "Mike Easter" >> What message and what server is that? > > Here's one from Juno... > > ---cut--- > This message was created automatically by mail delivery software > NEMESIS/mout on mout.perfora.net[217.160.230.41]. Yep, that's that perfora server I saw in sightings; it is listed in sorbs as a spamsource and its spam output examples can be seen in sightings. In the case of the sightings one I looked at, it was serving spam out from a perfora user IP behind it. Your outgoing mail may go in 1and1 smtp MXes, but it is/must be/ coming out of a perfora server which is getting itself blocked because of spam activity. It is possible that Juno may be using sorbs, or something of their own, or some kind of scoring system which includes sorbs listing. Same way for AOL & Prodigy. The other perfora output servers names seen in senderbase besides mout are mx00 and mx01 -- which are also sorbs listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 5 00:29:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:30:06 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > 1and1 is hosting some domains for me. As a part of that service they > provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is > what I sometimes use when I send email. That is ending up going out the perfora servers which get their mail blocked because they are associated with spam activity. > I occasionally use my ISP's > SMTP server but that's yet another sob story. I would think that clearskye/ westcoast wireless/ would have better luck staying off lists than schlund/perfora >>> I am very happy with their web hosting ability, but this block list >>> crap is wearing me thin. >> >> Maybe you should handle your mail output someother way. > > How so? I don't really want to maintain my own mail server. My ISP > has their own problems with SMTP, which causes me to occasionally > bounce back and forth between using the ISP's SMTP servers and > 1and1's SMTP server(s). I could pay another company to provide SMTP > service I guess, though I'm already paying two companies to provide > it now. > > What other way to you recommend? I don't have any professional or personal experience with smarthosting, but when I read commentary in nanae, some of them recommend hiring out some mail service and charging your webhost for it because of their failure to provide the service. Naturally that would result in a p*ssing contest which would lead to your changing webhosts. Else you would just have to eat the cost of better mail service. Are you talking about much outgoing mail here, or just modest? -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Tue Apr 5 11:34:36 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Apr 5 04:35:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. I've > noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. The problem may be that United Internet (1&1, Schlund, GMX, Kundenserver, ...) is one of the largest web hosting companies (hosting 4,500,000 domains) in Germany/Europe. In such a big company you always will have some 'rotten apples'. So the question is how fast the abuse desk reacts and shuts down such rogue customers. In my personal experience I would say they are more white hat but the reaction time of the abuse desk sometimes seems a little bit slow. - kjz From devnull at spamcop.net Tue Apr 5 04:05:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 09:10:09 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... | Hi All: | | I have been using www.1and1.com as a web host for about 8 months now. I've | noticed that sometimes when I write an email to someone at AOL, it is | blocked with a message that my server is being blocked. | | Also, though less frequent, emails to Prodigy and Juno addresses have been | blocked. 1and1 tech support swears they don't permit spamming, and says | it's just because they are so large that it's inevitable that some emails | that originate from their IP blocks are flagged as spam. | | I am very happy with their web hosting ability, but this block list crap is | wearing me thin. | | Is 1and1 feeding me a line of bull? Do they have any reputation, good or | bad? | | Thanks! My experiance with 1and1 is that tech support/marketing/billing, etc., amouts to a referral to the FAQ regardless of the issue. From bar_n0ne at hotmail.com Tue Apr 5 18:10:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 09:15:02 2005 Subject: [SpamCop-List] hanaro must be hurtin for spammer business Message-ID: Seems like they're back in competition with chinatietong to host spammers. From skiwi at spamcop.net Tue Apr 5 08:16:26 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:20:04 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it! :-( I was considering a scarcastic reply suggesting that I come up and re-write their form letter system to make look a little less like a bollocky cut & paste one... :-) but what the hey... From skiwi at spamcop.net Tue Apr 5 08:28:53 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:30:02 2005 Subject: [SpamCop-List] OptIn's Chapter 11 - Civil suit In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , spamcop writes: > >>At 04:08 PM 4/4/2005, you wrote: >> >>>In article , Anty Spam says... >>> >>> >>>I don't believe that we have debtor's prisons any more. >> >>Sure we do.. if you can't afford a decent attorney, we'll appoint one so >>that you are sure to lose.. what's the difference? > > > Prisons are for those convicted of criminal charges. > The Microsoft action is a civil suit. Maybe he will seek the protection of prison when the boys from Chinatietong et. al. come looking to collect on their unpaid bills? :-) From nobody at xyzzy.claranet.de Tue Apr 5 18:08:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 5 11:15:03 2005 Subject: [SpamCop-List] SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: Message-ID: <4252A9D1.4BE9@xyzzy.claranet.de> Mike Easter wrote: [217.160.230.41]. > listed in sorbs as a spamsource 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, unless they changed their $ 50 unlisting procedures. > mx00 and mx01 -- which are also sorbs listed. Besides 217 = 7 * 31, that's an excellent reason to block this IP, more convincing than SORBS 127.0.0.6. 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 SORBS 127.0.0.6 users are a part of the problem. Bye, Frank From MikeE at ster.invalid Tue Apr 5 10:07:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 12:10:04 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > > [217.160.230.41]. >> listed in sorbs as a spamsource > > 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, > unless they changed their $ 50 unlisting procedures. I have my own gripes about sorbs, mainly based on the fact that I'm not able to use the webbased access to their db because I refuse to provide all the information necessary to register for login. But, I don't have any problem with their creation of a 'spam' db based on their own criteria for listing and delisting. As far as I'm concerned, anyone can make any kind of db they want to make. The power of a db is based on its popularity and usage. Sorbs has a variety of db with lots of different criteria. Only the spam one has the fine feature. >> mx00 and mx01 -- which are also sorbs listed. > > Besides 217 = 7 * 31, that's an excellent reason to block this > IP, more convincing than SORBS 127.0.0.6. I don't grok the significance of 7 * 31 = 217 or if it has anything to do with the IP in question being in the 217 class A. > 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > SORBS 127.0.0.6 users are a part of the problem. sorbs long definition of their .6 is this: - You are a spammer who has spammed a SORBS spamtrap or admin. - You are hosting DNS, webservices or mailservers (etc) for a spammer that has spammed a SORBS spamtrap or admin. - You are an innocent party that has been included in a wider listing policy because your provider is happy to host spammer(s) that have spammed a SORBS spamtrap or admin.? - You had your machine hijacked by one or more spammers who have spammed a SORBS spamtrap or admin. - You have a machine with a virus or trojan that has spammed a SORBS spamtrap or admin. - You run an unsecure mailing list that has been used to spam a SORBS spamtrap or admin. - You inherited the netblock or address after your provider moved a spammer. The long explanation of their $50 delisting 'fine' and how it can be paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get out of the Database of servers sending spam...? Also, if you feel that you have a better suggestion than the fine, Matt Sullivan invites you to make a suggestion, but the suggestion address is temporarily inop because too many requests for removal were being sent there. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Tue Apr 5 12:46:47 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Apr 5 12:50:03 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: In article , "Mike Easter" writes: > Frank Ellermann wrote: >> Mike Easter wrote: >> >> [217.160.230.41]. >>> listed in sorbs as a spamsource >> >> 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 >> >> Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, >> unless they changed their $ 50 unlisting procedures. It is hard for any residential ISP to keep all of their mail servers out of that list because of multi-hop spam, and some still bounce over-quota messages to forged addresses even if they reject or silently delete other messages that they chose not to deliver. > I have my own gripes about sorbs, mainly based on the fact that I'm not > able to use the webbased access to their db because I refuse to provide > all the information necessary to register for login. Matt posted on one of the net.admin.net-abuse. forums about that. It seems that spammers were using the web form to find open proxies and abuseable systems. Some of the redirectors to the forms do not work sometimes. > The long explanation of their $50 delisting 'fine' and how it can be > paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get > out of the Database of servers sending spam...? In some cases the fine can be waived according to postings by Matt in the news.admin.net-abuse.* forums. I am not sure what those conditions are. > Also, if you feel that you have a better suggestion than the fine, Matt > Sullivan invites you to make a suggestion, but the suggestion address is > temporarily inop because too many requests for removal were being sent > there. The current system requires you to sign up for an account in order to send mail to them through their web form. >From Matt's postings, the spammers were mail bombing the web form also. Matt has also posted that the signup will not accept e-mail addresses from "free" providers. Apparently he does not have a complete list as the one that I used worked. It also appears though that to use the SORBS web site, you may have to lower your browser security to accept cookies. Spammers do not seem to like SORBS much. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Tue Apr 5 11:20:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 13:20:11 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: John E. Malmberg wrote: > "Mike Easter" >> I have my own gripes about sorbs, mainly based on the fact that I'm >> not able to use the webbased access to their db because I refuse to >> provide all the information necessary to register for login. > > Matt posted on one of the net.admin.net-abuse. forums about that. > It seems that spammers were using the web form to find open proxies > and abuseable systems. I can understand the desirability of registration; my complaint is about the amount of personal information required. Some people have no problem providing bogus information for a registration. I have a 'variety' of self-imposed rules and behaviors about registration requirements, ranging from evasion or 'cracking', to bogus data, to my real data; depending upon what I think about the integrity or validity of the request. For example, for online newspapers I perform all 3, depending upon the 'situation'. Some I evade by using some community shared login or pw, either 'homespun' by some mailing list participant or 'formal' like bugmenot, some I provide with bogus information, and some I provide with real information, the two which come to mind are the NYT and my local newspaper to which I'm also a subscriber to the deadtree version. In the case of Matt's sorbs, I didn't feel like giving my honest personal information and I didn't want to give bogus information. I also dropped my registration to access to some junk fax db/s and information for the same reasons when that db started requiring 'excessive' personal information. > Some of the redirectors to the forms do not work sometimes. Yes, I remember that being a problem before the registration started. >> The long explanation of their $50 delisting 'fine' and how it can be >> paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get >> out of the Database of servers sending spam...? > > In some cases the fine can be waived according to postings by Matt in > the news.admin.net-abuse.* forums. I am not sure what those > conditions are. The site describes waiving the fine, but the waiver also sez that the IP stays listed. Some waiver "If you are part of a wider netblock that is blocked you are not required to pay the SORBS 'fine' as the entry was not generated because of your actions, however your netblock will not be removed until your upstream removes the spammers." > Matt has also posted that the signup will not accept e-mail addresses > from "free" providers. Apparently he does not have a complete list > as the one that I used worked. gmail currently doesn't. > It also appears though that to use the SORBS web site, you may have to > lower your browser security to accept cookies. I can deal with/ accept/ that. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 11:55:13 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 14:00:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2tb4i$jol$1@news.spamcop.net... > I would think that clearskye/ westcoast wireless/ would have better luck > staying off lists than schlund/perfora They have never been on a block list that I know of. Their issue is that they use Clam Antivirus, which bounces emails that have a ZIP attachment if that ZIP has a compression ratio over a certain amount. Part of my business is to setup database scripts and send them to my clients. When those scripts are processed on my end they are automatically zipped up in a format that is set in stone. The customer only needs to put the zip file into a special folder and run the software I have setup for them. It automatically unzips and does its thing. I don't have a choice on the file format. I had been using 1and1's SMTP for many months when I got sick of the bounces to AOL (mostly Mom) :). So I switched over to my ISP's server only to discover that now I can't send a dang ZIP file to a client because the files in the ZIP are too compressable. They end up compressing at about 95%. The ISP's tech support has been dunderheaded about it. It took me a while to explain to more than one of their techs that just because the bounce message I get says... ---cut--- A virus was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The virus was reported to be: Oversized Zip ---cut--- ...that I don't actually have a virus. I get told to update my virus definitions, etc... I have to explain all over again that a simple ZIP file that contains 50k of "DBF/DBT" files cannot possibly be a virus. Each time I talk to someone it's like starting anew because the guy who runs things is always out of town somewhere. :) I explain to them what a ZIP bomb is, and that that if I had a TXT file that was actually 50 gigabytes of ASCII(20)'s that it would zip into a very tiny ZIP file, and that their software is protecting against that style attack. But the contents of my 2k ZIP file is 50k. I give them the URL of the page at http://www.clamav.net/faq.html which is a FAQ that explains what to do about false positives of Oversized.zip. Bla bla bla.... talk to the hand! :) So I switch back to 1and1, which by then has cleared up the block list problem, only to get on another block list two days later. :) Here are my two options as I see it. 1) Include a superfluous uncompressable file within my ZIP files that will reduce the compression ratio below my ISP's ArchiveMaxCompressionRatio threshold (which they don't know what it is and nobody there that I can speak to has the ability to determine what it is). This will involve some angst in that the process is designed to unzip/process/delete the contents of the ZIP file. There may be ramifications involving unwanted overwrite prompts, etc. 2) Setup an FTP server with a login/password for each client to retrieve their scripts. This is what my ISP's tech support has recommended... which to me is a stuuupid idea. The guy started going off on a spiel about how email was never really intended to send data files. That file attachments was a late addition to email's capabilities from the beginning, and that setting up an FTP server would be the way to go. But that would entail punching a hole through my fiirewall (easy to do but who the hell wants to have an open port 21 if they don't have to?), and worrying about attacks against the FTP server. Also I'd have to train each customer how to use FTP. I'd have to maintain PW/Login's for everyone. Not going to happen just because I want to email a dang 2k ZIP file. Or there's a third possibility I hadn't thought of... I could go on some newsgroups and whine incessantly about this until someone comes up with a better plan! Yeah, that's the ticket! From devnull at spamcop.net Tue Apr 5 16:45:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 15:55:05 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" | Or there's a third possibility I hadn't thought of... I could go on some | newsgroups and whine incessantly about this until someone comes up with a | better plan! Yeah, that's the ticket! The following works for us to avoid the zip/attachment problem http://s11.yousendit.com/ This is a one up/down solution but there may be the ability for one up multiple down load as well. From MikeE at ster.invalid Tue Apr 5 14:03:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 16:05:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > 1) Include a superfluous uncompressable file within my ZIP files that > will reduce the compression ratio below my ISP's > ArchiveMaxCompressionRatio threshold (which they don't know what it > is and nobody there that I can speak to has the ability to determine > what it is). This will involve some angst in that the process is > designed to unzip/process/delete the contents of the ZIP file. There > may be ramifications involving unwanted > overwrite prompts, etc. I read the clamAV faq. The first thing which comes to my mind would be some kind of little promotional .jpg or something to stick in there which doesn't compress much. > 2) Setup an FTP server with a login/password for each client to > retrieve their scripts. This is what my ISP's tech support has > recommended... which to me is a stuuupid idea. FTP is a nice way to handle bigger files, but I agree with you that there would/might/could be a client learning curve to acquire that would/could cause you some grief, probably/perhaps. You might be able to just pass an FTP link to the client in an email and it would all happen automagically or transparently with a browser FTP dl, but I can imagine some glitches which don't happen in email the way you're doing it. And these little files you describe aren't big files anyway. > Or there's a third possibility I hadn't thought of... I could go on > some newsgroups and whine incessantly about this until someone comes > up with a better plan! Yeah, that's the ticket! I don't have any bright ideas which would be innovative. You don't have any control over perfora's tendency to permit spam and get listed. You might not have any control over your ISP's clamAV configuration, altho' that is some kind of possibility. It didn't look to me like they were very large, but I don't know who is in charge of the AV, clearskye, westcoast wireless, or timewarner, who is over westcoast's block. You could acquire yet another smtp provider if there's no other way. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 14:16:02 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 16:20:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Frog Prince" wrote in message news:d2uq7v$clq$1@news.spamcop.net... > The following works for us to avoid the zip/attachment problem > > http://s11.yousendit.com/ Wow, what an interesting business model! They say they transfer over 33 terabytes per day. I wonder why I haven't heard about them yet... Thanks for the heads up! Fuzz From MikeE at ster.invalid Tue Apr 5 14:22:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 16:25:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Frog Prince wrote: > The following works for us to avoid the zip/attachment problem > > http://s11.yousendit.com/ > > This is a one up/down solution but there may be the ability for one up > multiple down load as well. Ah, that's a good one. I used to know about a different one of those that I lost. I'm a little puzzled about the technology; apparently it is https [ssl/tls]. It looks as good/flexible as one of the free/pay ones like sendthisfile. The first time I needed one was when someone who was AOL broadband wanted to email me a 40 meg file. At the time, I didn't even know about services like yousendit and I crawled around all over the place trying to figure out how to do something with someone who wasn't FTP savvy, and didn't use a regular mailuser agent or know how to chop up a file. Plus I don't know about anything AOL. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 15:29:21 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 17:30:14 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2uqr9$d1s$1@news.spamcop.net... > I read the clamAV faq. The first thing which comes to my mind would be > some kind of little promotional .jpg or something to stick in there > which doesn't compress much. You know, that just may be the ticket! I'll have to remember to always put it there, but at least it should work. Thanks! Fuzz From SCNews.5.myspamgobbler at spamgourmet.com Tue Apr 5 15:52:24 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Apr 5 17:55:02 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 In-Reply-To: References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > John E. Malmberg wrote: > >> "Mike Easter" >> >>>I have my own gripes about sorbs, mainly based on the fact that I'm >>>not able to use the webbased access to their db because I refuse to >>>provide all the information necessary to register for login. >> >>Matt posted on one of the net.admin.net-abuse. forums about that. >>It seems that spammers were using the web form to find open proxies >>and abuseable systems. > > > I can understand the desirability of registration; my complaint is > about the amount of personal information required. > > Some people have no problem providing bogus information for a > registration. I have a 'variety' of self-imposed rules and behaviors > about registration requirements, ranging from evasion or 'cracking', to > bogus data, to my real data; depending upon what I think about the > integrity or validity of the request. For example, for online > newspapers I perform all 3, depending upon the 'situation'. Some I > evade by using some community shared login or pw, either 'homespun' by > some mailing list participant or 'formal' like bugmenot, some I provide > with bogus information, and some I provide with real information, the > two which come to mind are the NYT and my local newspaper to which I'm > also a subscriber to the deadtree version. > > In the case of Matt's sorbs, I didn't feel like giving my honest > personal information and I didn't want to give bogus information. I > also dropped my registration to access to some junk fax db/s and > information for the same reasons when that db started requiring > 'excessive' personal information. > I was also not pleased with how much personal info SORBs asked for. I did supply some real, some not so real. > >>Some of the redirectors to the forms do not work sometimes. > > > Yes, I remember that being a problem before the registration started. > > >>>The long explanation of their $50 delisting 'fine' and how it can be >>>paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get >>>out of the Database of servers sending spam...? >> >>In some cases the fine can be waived according to postings by Matt in >>the news.admin.net-abuse.* forums. I am not sure what those >>conditions are. > > > The site describes waiving the fine, but the waiver also sez that the IP > stays listed. Some waiver "If you are part of a wider netblock that is > blocked you are not required to pay the SORBS 'fine' as the entry was > not generated because of your actions, however your netblock will not be > removed until your upstream removes the spammers." > > >>Matt has also posted that the signup will not accept e-mail addresses >>from "free" providers. Apparently he does not have a complete list >>as the one that I used worked. > > > gmail currently doesn't. > My spamcop address didn't work, but my free spamgourmet account did. Go figure. > >>It also appears though that to use the SORBS web site, you may have to >>lower your browser security to accept cookies. > > > I can deal with/ accept/ that. > I have my settings to always ask, and there are some that I allow. > > From davidctietz at NOSPAMatt.net Tue Apr 5 19:05:46 2005 From: davidctietz at NOSPAMatt.net (David Tietz) Date: Tue Apr 5 18:10:02 2005 Subject: [SpamCop-List] [Sc-Help] Changing Password Message-ID: I have been using the free version of Spamcop for about 2 years now & love it, so I was thinking about upgrading to a paid account. However, when I click on the upgrade link, it asks me to sign in... In that 2 years I have forgotten my password, so I went to the "request password change" form and typed in the e-mail address I registered with: davidctietz@NOSPAMatt.net (remove NOSPAM, of course) and it gave me the error message "Cannot find username for davidctietz@NOSPAMatt.net". This message is opposed to when I entered another of my e-mail addresses, in which case it says "No user found for input: [e-mail address]". Any thoughts as to the problem?? Thanks David Tietz From MikeE at ster.invalid Tue Apr 5 16:46:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 18:45:06 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: David Tietz wrote: > I have been using the free version of Spamcop for about 2 years now You can't login for 2 years without logging in again, the max is 1 year, the default is 12 hours. > when I click on the upgrade link, it asks me to sign in... hmmm. I seem to recall that if logged in, the add fuel link takes one to a payment scheme. > In that 2 years I have forgotten my password, so I went to the > "request password change" form and typed in the e-mail address I > registered with: davidctietz@NOSPAMatt.net (remove NOSPAM, of course) > and it gave me the error message "Cannot find username for > davidctietz@NOSPAMatt.net". You can't change your password without a password. You can't login without a combination user+pw. If you don't have a pw, you aren't logged in. You need to get a new 'signup' letter by going to the 'front page' to signup http://www.spamcop.net/anonsignup.shtml "You may re-run this free authorization whenever you need to. If you do, any previous authorization information associated with your email address will be deleted. " So, you just signup all over again, you'll get the letter and use it to login. Try to hang onto your letter/pw. Things will be a little stickier when you've paid. You'll need a deputy's help if you lose your pw. > Any thoughts as to the problem?? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 5 16:50:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 18:50:03 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: Mike Easter wrote: > You can't login without a combination user+pw. If you don't have a > pw, you aren't logged in. There's a cookie loophole in there somewhere, but I'm not a cookie guru or maven, nor do I think the cookie loophole could help you as much as a new signup. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Apr 5 19:53:00 2005 From: nobody at spamcop.net (Ellen) Date: Tue Apr 5 19:35:06 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: "David Tietz" wrote in message news:d2v23q$h25$1@news.spamcop.net... > I have been using the free version of Spamcop for about 2 years now & love > it, so I was thinking about upgrading to a paid account. However, when I > click on the upgrade link, it asks me to sign in... > > In that 2 years I have forgotten my password, so I went to the "request > password change" form and typed in the e-mail address I registered with: > davidctietz@NOSPAMatt.net (remove NOSPAM, of course) and it gave me the > error message "Cannot find username for davidctietz@NOSPAMatt.net". > This message is opposed to when I entered another of my e-mail addresses, in > which case it says "No user found for input: [e-mail address]". > I assume that you are forwarding your spam? Send the email address that you forward your spam to, to deputies admin.spamcop.net (actually we only need the part after the submit. ) and we will figure out what your account name is and get you a new password. Ellen From porpoise1954 at yahoo.co.uk Wed Apr 6 02:25:26 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 20:35:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... > Hi All: > > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. > > Also, though less frequent, emails to Prodigy and Juno addresses have been > blocked. 1and1 tech support swears they don't permit spamming, and says > it's just because they are so large that it's inevitable that some emails > that originate from their IP blocks are flagged as spam. > > I am very happy with their web hosting ability, but this block list crap > is wearing me thin. > > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? I've been with 1and1 for several years and never had any problems. What are you trying to send out? From porpoise1954 at yahoo.co.uk Wed Apr 6 02:33:41 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 20:40:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2sndf$9t7$1@news.spamcop.net... > Fuzz wrote: > >> Also, though less frequent, emails to Prodigy and Juno addresses have >> been blocked. > > That means that some IP is getting itself onto AOL's as well as Juno's > and Prodigy's blocklists. > >> 1and1 tech support swears they don't permit spamming, >> and says it's just because they are so large that it's inevitable >> that some emails that originate from their IP blocks are flagged as >> spam. > > There are a variety of reasons that IPs get themselves blocklisted; and > it behooves a good provider to recognize all of those causes and avoid > or prevent them by good security and spam output prevention, as well as > both proactive prevention of blocklisting plus aggressive efforts to > correct any problems once listings occur. > >> I am very happy with their web hosting ability, but this block list >> crap is wearing me thin. > > Maybe you should handle your mail output someother way. > >> Is 1and1 feeding me a line of bull? Do they have any reputation, >> good or bad? > > I don't think the issue of www.1and1.com is what we are talking about > here. > > 1and1 is Schlund. Schlund is also perfora.net > > If I look around in sightings and see who is notifying schlund about > being a spamsource, I see perfora output servers and I see a perfora > output server currently listed on sorbs as a spamsource server; in fact > there are 4 different perfora output servers so listed in sorbs. > Just as a point of interest; I have been with 1and1 for years but it seems that, just recently, they have had a few customers with insecure webform submittal scripts and are currently doing a sweep of all webforms to check for security issues (I've had a slip-up on one of my scripts :-() pointed out to me - which has subsequently been plugged. So good for them! They take security VERY seriously (which is one of the reasons - besides very good prices - that I have been with them for so long [having tried various other companies]) but, inevitably, occasionally, the odd one will get in below the radar! From porpoise1954 at yahoo.co.uk Wed Apr 6 02:49:54 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 21:00:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2uqr9$d1s$1@news.spamcop.net... > Fuzz wrote: > You could acquire yet another smtp provider if there's no other way. > Or, maybe, if it's such a small file anyway, why bother zipping it in the first place? From president at whitehouse.gov Tue Apr 5 19:25:06 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 21:30:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Porpoise" wrote in message news:d2vc25$m30$1@news.spamcop.net... > Or, maybe, if it's such a small file anyway, why bother zipping it in the > first place? The file must be zipped with a specific name when the customer drops it into the target directory. There are often as many as a dozen or more (sometimes many more) small DBF/DBT files within the zip. If I could just get a hold of the grand poobah at my ISP I think I can get him to make an allowance. Thanks, Fuzz From devnull at spamcop.net Tue Apr 5 22:32:05 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 21:40:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2vdpk$mvn$1@news.spamcop.net... | | "Porpoise" wrote in message | news:d2vc25$m30$1@news.spamcop.net... | > Or, maybe, if it's such a small file anyway, why bother zipping it in the | > first place? | | The file must be zipped with a specific name when the customer drops it into | the target directory. There are often as many as a dozen or more (sometimes | many more) small DBF/DBT files within the zip. | | If I could just get a hold of the grand poobah at my ISP I think I can get | him to make an allowance. Off the wall and may not work. Compress the file or whatever you do to it ==> data.zip Rename the file junk.xyz Send the file have an auto.exe rename the file data.zip and copy/move to the selected folder. From redball at mindspring.com Wed Apr 6 08:14:59 2005 From: redball at mindspring.com (Trish Roberts-Miller) Date: Wed Apr 6 08:18:23 2005 Subject: [SpamCop-List] *I'm* blacklisted? In-Reply-To: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: <4253D2C3.2080501@mindspring.com> I just received this message in failed mail: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: Alfred.Bertrand@oxon.blackwellpublishing.com SMTP error from remote mailer after RCPT TO:: host obp-mailchk2.oxon.blackwellpublishing.com [194.128.227.6]: 550 Rule imposed as redball@mindspring.com is blacklisted on SpamCop (see www.spamcop.net) ----- Needless to say, I've never heard anything from spamcop, and I didn't even know there was a way to block a specific email. I don't know the numeric IP address, so I can't even see if earthlink is blocked. Yipes! -- Trish Roberts-Miller redball@mindspring.com http://www.cwrl.utexas.edu/~robertsmiller/homepage.html "though we could fool each other, we should consider-- lest the parade of our mutual life get lost in the dark." ("A Ritual to Read to Each Other" Wm. Stafford) From MikeE at ster.invalid Wed Apr 6 07:00:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 09:00:05 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: Trish Roberts-Miller wrote: > I just received this message in failed mail: That message isn't accurate as stated, since the SC blocklist doesn't list email addresses; it is a DNSbl. > This message was created automatically by mail delivery software. > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) > failed: > > Alfred.Bertrand@oxon.blackwellpublishing.com > SMTP error from remote mailer after RCPT > TO:: host > obp-mailchk2.oxon.blackwellpublishing.com [194.128.227.6]: 550 > Rule imposed as redball@mindspring.com is blacklisted on SpamCop (see > www.spamcop.net) blackwellpublishing.com's mxes are that mailchk2 at .6 above and mailchk1 at .5 Presumably the mx rejected the item from your EL server, but gave the bad information of naming your sending email address instead of naming the EL IP which was listed. EL does manage to get its servers listed from time to time; usually not by spamcop. It is also possible that the server also gave bad information about which blocklist; ie the blocklist might've been some other than SC's, but the non-delivery information sez SC erroneously just like it sez the email address erroneously. > Needless to say, I've never heard anything from spamcop, and I didn't > even know there was a way to block a specific email. I don't know the > numeric IP address, so I can't even see if earthlink is blocked. Yep, that's a problem all right. The way I would go about trying to see if some EL server/s are currently listed would be to go to senderbase, I went thru the top 15 or so to find this.... 209.86.89.64 rDNS smtpauth04.mail.atl.earthlink.net is currently listed in sorbs spam 209.86.89.65 rDNS smtpauth05.mail.atl.earthlink.net is currently listed in SCbl http://www.spamcop.net/w3m?action=checkblock&ip=209.86.89.65 - If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours. - System has sent mail to SpamCop spam traps in the past week > Yipes! There are many ways an EL server can get itself listed, not the least of which is that EL permits its customers to enable spamcontrol with challenge response. The C/R can be turned off, but the default is on for those who choose high spamblocking. EL also has some other bad practices which I regularly berate them for in the EL support ng/s. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 6 07:06:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 09:05:04 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: I'll put the bottom line here in less words, all that other while I was figuring out a possibility may be confusing. Trish Roberts-Miller wrote: > I don't know the > numeric IP address, so I can't even see if earthlink is blocked. At least one of EL's output servers is currently SCbl listed for hitting spamtraps. 209.86.89.65 listed in bl.spamcop.net smtpauth05.mail.atl.earthlink.net Then, your mindspring mail tries to go out that server, it gets rejected and the rejection message isn't properly informative. EL has many many scores of output servers. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Apr 6 11:24:30 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Apr 6 11:25:30 2005 Subject: [SpamCop-List] ComCast still hard at it Message-ID: Started my reporting this morning ... I received an auto-ack to my first ComCast sourced spew at 0929 GMT -5 .... however, I then received the following message for the next seven complaints; (I've no idea what TZ this relates to?) Subject: Returned mail: delivery problems encountered A message (from ) was received at 6 Apr 2005 14:36:36 +0000. The following addresses had delivery problems: Permanent Failure: 522_mailbox_full;_sz=629145218/629145600_ct=74214/100000 Delivery last attempted at Wed, 6 Apr 2005 14:36:36 -0000 From nobody at xyzzy.claranet.de Wed Apr 6 19:00:31 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 12:05:08 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: <4254079F.7B8E@xyzzy.claranet.de> WazoO wrote: > I've no idea what TZ this relates to? Looking from GMT 5 hours in your direction, that's apparently your timezone. 7 hours would be Mike, and 4 hours is Ellen. As usual I'm lost with these calculations, Ellen never said that she lives in Greenland or the Bermudas... ;-) No, wait, DST, all one hour to the West, Ellen is Eastcoast, Mike is Westcoast, and you're in between. > _sz=629145218/629145600_ct=74214/100000 About 75000 unread abuse reports in 625 MB, average size 8400 bytes. And Spamcast customers are scum, not exactly "news". Bye, Frank From president at whitehouse.gov Tue Apr 5 23:48:37 2005 From: president at whitehouse.gov (Fuzz) Date: Wed Apr 6 12:25:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Frog Prince" wrote in message news:d2vece$nb5$1@news.spamcop.net... > Compress the file or whatever you do to it ==> data.zip > Rename the file junk.xyz The other day I tried naming it to *.txt but it still hit the filter. My ISP has *not* told me that they *can't* fix it. They just said that the guy who is able to access the SMTP server configuration is out of town. I'll just have to wait and see. We just had DSL come here to our little town, which is tempting me sorely. Right now I'm on a wireless connection, which is pretty fast. About 1.5m down and 750k up. But I'm paying $100/month for that. The DSL is through Verizon, which I've had before when I lived in Long Beach, CA, and I was very unhappy with their service. A call to tech support always resulted in a 45 minute wait, only to speak with someone who was in perpetual rudimentary computer skills training. :) Fuzz From president at whitehouse.gov Tue Apr 5 23:53:18 2005 From: president at whitehouse.gov (Fuzz) Date: Wed Apr 6 12:25:17 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Porpoise" wrote in message news:d2vak8$lbk$1@news.spamcop.net... > I've been with 1and1 for several years and never had any problems. What > are you trying to send out? Nothing out of the ordinary. Just a TXT based email to an AOL address. Juno and Prodigy have also blocked them on occasion. Perhaps you're connecting to a different SMTP server? They've had me use smtp.1and1.com from the beginning. Then when I complained of being blocked by AOL they had me try these... 217.160.230.51 217.160.230.50 217.160.230.52 All of which had been getting blocked at one time or another. Fuzz From nobody at xyzzy.claranet.de Wed Apr 6 19:25:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 12:30:03 2005 Subject: [SpamCop-List] ClamAV clueless (was: 1and1 Internet SMTP servers) References: Message-ID: <42540D6E.1C7F@xyzzy.claranet.de> Fuzz wrote: >| The virus was reported to be: >| Oversized Zip Only because your 2 KB compress 50 KB ? LOL. > Include a superfluous uncompressable file within my ZIP > files that will reduce the compression ratio below my ISP's > ArchiveMaxCompressionRatio threshold What a headache. How about using tgz (= gzipped tar) ? Or find the ZIP switch where you can say "fast instead of small". > The guy started going off on a spiel about how email was > never really intended to send data files. True, but if he knows this he also knows the ZIP-bomb issue, and why 50 KB won't kill a single-sided 5.25" floppy. > there's a third possibility I hadn't thought of... I could go > on some newsgroups and whine incessantly about this until > someone comes up with a better plan! Yeah, that's the ticket! ACK, good plan, but it needs a better subject. ;-> Bye, Frank From nttp.sc.s at bigsleep.org Wed Apr 6 18:09:17 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 6 13:10:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: On 05 Apr 2005 Porpoise entered spamcop and left news:d2vb3o$lka$1@news.spamcop.net: > I have been with 1and1 for years but it seems that, just recently, > they have had a few customers with insecure webform submittal scripts > and are currently doing a sweep of all webforms to check for security > issues (I've had a slip-up on one of my scripts :-() pointed out to > me - which has subsequently been plugged. So good for them! They take > security VERY seriously (which is one of the reasons - besides very > good prices - that I have been with them for so long [having tried > various other companies]) but, inevitably, occasionally, the odd one > will get in below the radar! > I don't like that scenario. If all mail goes out the same server, that means anyone can write a screwy script and get everyone blocked. I don't think they should relay mail for scripts, or only allow local relaying. If I write a screwy script (and I have), only I get blocked and only I am to blame since I check all scripts. -- | Ric | From nobody at xyzzy.claranet.de Wed Apr 6 20:06:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 13:15:08 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: <42541718.55A0@xyzzy.claranet.de> Mike Easter wrote: > I have my own gripes about sorbs For their other zones the listing and delisting procedures are rather clear and "normal". > anyone can make any kind of db they want to make. The power > of a db is based on its popularity and usage. Yes, and SORBS abuses the poularity of its other zones for the private agenda in the 127.0.0.6 zone. > Only the spam one has the fine feature. It's not ordinary spam, it's spam to addresses of SORBS admins. They are not interested to protect you and me, they protect their own mailboxes with the $50 fine and 127.0.0.6. > I don't grok the significance of 7 * 31 = 217 It has absolutely no significance at all, like SORBS 127.0.0.6. I'm very upset about this because I used and propagated SORBS from rxwhois 1.3 up to rxwhois 1.6.x until I finally found out how stupid I've been. My total ignorance about SORBS 127.0.0.6 was very embarassing. Bye, Frank -- IN 1.3, OUT 1.6.x: From nttp.sc.s at bigsleep.org Wed Apr 6 18:16:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 6 13:20:06 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: On 05 Apr 2005 Mike Easter entered spamcop and left news:d2ud0l$5md$1@news.spamcop.net: > I have my own gripes about sorbs, mainly based on the fact that I'm not > able to use the webbased access to their db because I refuse to provide > all the information necessary to register for login. > I tried to register when I started using their list, but the form never worked correctly, nothing happened when I submitted the form. Yes, I noticed you have to register to do a lookup now, but I don't have a problem with that since I can make my own form anyway. I should probably try and register again, I don't even remember what address I used, ah I don't have time for this shit. -- | Ric | From lise.tr372 at videotron.ca Wed Apr 6 17:56:18 2005 From: lise.tr372 at videotron.ca (Lise) Date: Wed Apr 6 17:00:02 2005 Subject: [SpamCop-List] I lack Fuel !! Message-ID: and don't have the money right now to add some :( can I still report spam in between ? Lise From nobody at devnull.spamcop.net Wed Apr 6 16:13:15 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Wed Apr 6 18:15:11 2005 Subject: [SpamCop-List] Re: I lack Fuel !! In-Reply-To: References: Message-ID: "If you wanna run cool You got to run On heavy, heavy fuel" -- Dire Straits, "Heavy Fuel" (1991) From porpoise1954 at yahoo.co.uk Thu Apr 7 00:20:15 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 6 18:30:05 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Blammo" wrote in message news:Xns9630675B133F1blammo@216.154.195.61... > On 05 Apr 2005 Porpoise entered spamcop and left > news:d2vb3o$lka$1@news.spamcop.net: > >> I have been with 1and1 for years but it seems that, just recently, >> they have had a few customers with insecure webform submittal scripts >> and are currently doing a sweep of all webforms to check for security >> issues (I've had a slip-up on one of my scripts :-() pointed out to >> me - which has subsequently been plugged. So good for them! They take >> security VERY seriously (which is one of the reasons - besides very >> good prices - that I have been with them for so long [having tried >> various other companies]) but, inevitably, occasionally, the odd one >> will get in below the radar! >> > > I don't like that scenario. If all mail goes out the same server, that > means anyone can write a screwy script and get everyone blocked. I don't > think they should relay mail for scripts, or only allow local relaying. All webforms are effectively scripts (that's how you get the data from the form on your website into your email inbox). The problem arises when people use insecure scripts that don't lock down who the allowable sender/recipients can be (effectively allowing anyone from anywhere to use it for sending spam to all-and-sundry and making it appear to come from the hapless customer. Fortunately, 1and1 are very "on-the-ball" in this respect and are constantly hunting out errant webform mailing scripts. > If I write a screwy script (and I have), only I get blocked and only I am > to blame since I check all scripts. > It depends whose server it's on and whose mailserver it sends the data through. It's not quite that simple. Email could go out through any one of hundreds of Mx servers and the same email address doesn't necessarily always go out through the same mail server - it's somewhat transparent to the customer - "auth.smtp.1and1.co.uk" (or .com, or .de - whatever) isn't *a* server - it could be any number of servers at any given time, depending on a number of factors including local load/geographical location etc. This is just a selection of the "auth.smtp.1and1.co.uk" mailservers some of my mails have gone out through over the last couple of days (and there are plenty more where that came from): 212.227.126.186 212.227.126.185 212.227.126.208 212.227.126.176 212.227.126.207 212.227.126.171 212.227.126.189 212.227.126.206 From lise.tr372 at videotron.ca Wed Apr 6 20:36:47 2005 From: lise.tr372 at videotron.ca (Lise) Date: Wed Apr 6 19:40:03 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: well I see SpamCop is lending me some fuel for now, maybe from you ;) ... Lise --------------- "LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m" wrote in message news:d31mts$di$1@news.spamcop.net... > "If you wanna run cool > You got to run > On heavy, heavy fuel" > > -- Dire Straits, "Heavy Fuel" (1991) > From MikeE at ster.invalid Wed Apr 6 17:42:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 19:45:04 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: Lise wrote: > and don't have the money right now to add some :( > > can I still report spam in between ? When you are a free reporter you can still report, you just don't have the same perq/s as a paid one. -- Mike Easter kibitzer, not SC admin From philip at pch.home.cs.vu.nl Thu Apr 7 01:40:54 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Apr 6 20:10:55 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: <7g4l6gr81vikuvan65jfgdpbp7@inews_id.stereo.hq.phicoh.net> In article , John E. Malmberg wrote: >In article , > "Mike Easter" writes: >> Frank Ellermann wrote: >>> Mike Easter wrote: >>> >>> [217.160.230.41]. >>>> listed in sorbs as a spamsource >>> >>> 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 >>> >>> Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, >>> unless they changed their $ 50 unlisting procedures. > >It is hard for any residential ISP to keep all of their mail servers out of >that list because of multi-hop spam, and some still bounce over-quota messages >to forged addresses even if they reject or silently delete other messages >that they chose not to deliver. Independent of any SORBS/127.0.0.6 or other issues, 217.160.0.0/16 does generate/forward enough spam to be listed. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From MikeE at ster.invalid Wed Apr 6 19:08:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 21:10:02 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> <7g4l6gr81vikuvan65jfgdpbp7@inews_id.stereo.hq.phicoh.net> Message-ID: Philip Homburg wrote: > Independent of any SORBS/127.0.0.6 or other issues, 217.160.0.0/16 > does generate/forward enough spam to be listed. I didn't have any trouble finding any perfora spam in sightings. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Wed Apr 6 19:18:58 2005 From: tdy at blackhole.invalid (N. Miller) Date: Wed Apr 6 21:20:03 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: In article , WazoO says... > Started my reporting this morning ... I received an auto-ack to > my first ComCast sourced spew at 0929 GMT -5 .... however, > I then received the following message for the next seven > complaints; (I've no idea what TZ this relates to?) > Subject: Returned mail: delivery problems encountered > A message (from ) was received at 6 Apr 2005 14:36:36 +0000. > The following addresses had delivery problems: > > Permanent Failure: 522_mailbox_full;_sz=629145218/629145600_ct=74214/100000 > Delivery last attempted at Wed, 6 Apr 2005 14:36:36 -0000 I haven't had an ameritech.net source of spam since Februry 18, 2005. My latest SBC source of spam was from snet.net on March 26, 2005. By contrast, my latest comcast.net spam source came through on April 4, 2005. Whereas, in January, 2005 my SBC sourced email spam was running ahead of Comcast sourced email spam by about six to one, I have not seen an SBC sourced email spam since shortly after my own SBC IP address was blocked for port 25 outbound; maybe I was one of the last SBC IP address ranges to be blocked by SBC. The contrast is interesting. Comcast stated that they would implement port 25 blocking, but as a reactive measure. Sufficient complaints and Comcast would block a customers outbound port 25. SBC, however, is implementing outbound port 25 blocks proactively; customers won't find out until their email stops working. If they only use designated SMTP servers, they will never notice. If they do find themselves blocked, they can request unblocking. Presmuambly this will be better because customers who know enough to use third party SMTP servers probably also know enough to avoid becoming infected with spambots. It remains to be seen how this will play out; but, if SBC's dynamic IP address pools are mostly blocked as spam sources, maybe their abuse email address won't overflow. They might even have enough time to run a thorough examination of a complaint; and act quickly. Or not... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Wed Apr 6 19:26:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 21:25:02 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: N. Miller wrote: > The contrast is interesting. Comcast stated that they would implement > port 25 blocking, but as a reactive measure. EL stated they would do 'selective' port 25 blocking based on 'something' - but they don't do diddly. Not one thing. Not even if you point them to a proxified user IP which is putting out as much spam as a normal busy EL output server puts out mail, according to senderbase stats. > Sufficient complaints > and Comcast would block a customers outbound port 25. SBC, however, > is implementing outbound port 25 blocks proactively; customers won't > find out until their email stops working. Good for comcast & sbc. EL is clueless. EL also currently has 6 output servers blocklisted by sorbs or spamcop for hitting spamtraps, more cluelessness. I don't have any way of knowing if it is from their challenge scheme or something else. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Wed Apr 6 19:28:39 2005 From: tdy at blackhole.invalid (N. Miller) Date: Wed Apr 6 21:30:02 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: In article , Trish Roberts-Miller says... > Needless to say, I've never heard anything from spamcop, and I didn't > even know there was a way to block a specific email. I don't know the > numeric IP address, so I can't even see if earthlink is blocked. Yipes! #1. It is possible to block a specific email at the MTA; I do it for a select few of email addresses. The error message that my MTA sends back should refer to a "killfile". #2. Most blocks, even in my case, are by IP addresses. I use about eight DNSBLs to check the sources by IP address. #3. My own ISP gets its customer output SMTP servers blocked at AOL from time to time. I have never checked if they get listed by the DNSBLs. Maybe they do. But they usually work out the issue with AOL, and I have never had any other trouble sending email. #4. I use SpamCop on a regular basis. I also report C/R challenges as spam. As Mike points out, EL is famous for touting their C/R system. If enough SC users report EL challenges from EL output SMTP servers, they can get listed. #5. Unless it is one of the rare email blocks, there is nothing personal in blocking. IP address blocking is imposed on the party responsible for controlling traffic emanating from those IP addresses which are blocked; that would be your ISP, not you. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From me at privacy.net Thu Apr 7 02:54:16 2005 From: me at privacy.net (Michael R N Dolbear) Date: Wed Apr 6 21:55:06 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: <01c53afe$4015c580$LocalHost@default> Fuzz wrote > "Porpoise" wrote > > Or, maybe, if it's such a small file anyway, why bother zipping it in the > > first place? > > The file must be zipped with a specific name when the customer drops it into > the target directory. There are often as many as a dozen or more (sometimes > many more) small DBF/DBT files within the zip. Why not zip the zipped file (and unzip it twice the far end) ? The apparent compression will then be negative which is certainly outside the range the anti-virus is objecting to ! -- Mike D From Nobody at Spamcop.net Thu Apr 7 01:44:42 2005 From: Nobody at Spamcop.net (Nobody) Date: Thu Apr 7 01:45:23 2005 Subject: [SpamCop-List] Sometimes Manual LARTs Work Fine Message-ID: <4254C8CA.BFE81A4A@Spamcop.net> All: Got the following autoack from Yahoo! in reply to a manual LART on an embedded Yahoo link that SpamCop parser didn't pick up and report. Yahoo! took a look and determined the mailbox was supporting spam. Note the classy cultural clues: Russian scientific genius, important contracts in Central America, corporate offices in Las Vegas and.........Newport Beach, Calif., the "maggot mile" of the West Coast -- where yaks and singers from Boca Raton go when they want to work the West Coast for a while. And Vancouver is the penny-stock armpit of the continent. Yeah, this company is a beacon of business ethics, I can tell. Oh, and I forwarded a copy of the spam to SEC's net-enforcement address. Here's what the stock has been doing in the last six months; note the volume surge in the last few days: http://bigcharts.marketwatch.com/intchart/frames/main.asp?time=7&freq=1&compidx=aaaaa%3A0&comp=NO_SYMBOL_CHOSEN&ma=3&maval=50&uf=8&lf=4&lf2=268435456&lf3=32&type=64&style=380&size=2&sid=0&o_symb=YPIL&startdate=&enddate=&show=&symb=YPIL&draw.x=78&draw.y=7 Applause for Harry at Yahoo! for checking it out and crimping their style. BTW, I've checked some other, similar spams (not this one), similar in form and header treatment, and they came from orgs controlled or partnered by Michael Lindsay of San Jose, California, who is big on the ROKSO list. Michael Just a Humble Spam Reporter ____________________________________________ Hello, Thank you for contacting Yahoo! Customer Care. Mass distribution of unsolicited email messages, or "spamming", violates the Yahoo! Terms of Service (TOS). Although it does not appear that this message originated from the Yahoo! Mail system, there is a "@yahoo.com" address within the message or message headers and we believe that this account is being used in connection with the unwanted email message. Consequently, we have taken appropriate action against this account as per the Yahoo! Terms of Service (TOS). For further information about the Yahoo! Terms of Service, you can visit: http://docs.yahoo.com/info/terms/ Please know that Yahoo! is unable to disclose the action taken on another user's account with a third party. We are not able to make exceptions to this rule. Thank you again for contacting Yahoo! Customer Care. Regards, Harry Yahoo! Customer Care http://www.yahoo.com/ 13554404 Original Message Follows: ------------------------- Gentlemen: This morning I received the spam e-mail pasted into this message inline below. The spammer is supported by a Yahoo e-mail address at the end of the heavily munged message. Yours truly, [Redacted] ________________________________________________________ Return-Path: Received: from [64.18.0.62] (HELO psmtp.com) by mail.[redacted] (CommuniGate Pro SMTP 4.2.1) with SMTP id 164298889; Mon, 04 Apr 2005 05:54:08 -0500 Received: from source ([218.48.46.41]) by exprod5mx110.postini.com ([64.18.4.10]) with SMTP; Mon, 04 Apr 2005 06:52:36 EDT Received: from wurldlink.net ([200.2.204.20]) by egyptian.frontiernet.net (InterMail vK.4.04.00.00 754-493-939 license [redacted]) with ESMTP id <[redacted].offset@wurldlink.net> for <[redacted]>; Mon, 04 Apr 2005 [DTG redacted] +0100 Date: Mon, 04 Apr 2005 [redacted] -0300 From: "Lynn Sandoval" Subject: Dominating picks from market news alerts X-Originating-IP: [198.182.207.3] To: <[redacted]> Message-ID: <[redacted]@lockian.frontiernet.net> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.4281.24) Content-type: text/plain X-VirusChecked: Checked X-Env-Sender: affiliate@wurldlink.net X-StarScan-Version: 5.3.26; banners=S_FROM_DOMAIN,-,- Original-recipient: [redacted] X-pstn-levels: ([redacted] ) Yap International, Inc.(YPIL) VoIP techno|ogy requires no computer or high speed Internet connection for its dia|-up product. Current Price: $.11 Watch This Stock Monday Some of These Litt|e VOIP Stocks Have Been Rea|ly Moving Lately. And When Some of them Move, They Rea|ly Go...Gains of 100%, 2OO% or More Are Not Unheard Of. Break News!! The past months have seen Yap Internationa| executing on its p|an to become a |eading supp|ier of VoIP techno|ogy including the following milestones: On January 19, 2005, in an effort to further enhance its management team, Yap Internationa| announced the appointment of Dr. V|adimir Karpenkov, MS, Ph.D. as the Company's Chief Information Officer. Dr. Karpenkov ... Our agreement with Securities Trading Services Inc. and the developments of the past months |eaves us with tools necessary to commercia|ize and market our products on a g|oba| scale. We expect our milestones to be met and thus executing our business plan as anticipated??, stated Jan Olivier, CEO of Yap International Inc. The Company is headquartered in Las Vegas with administrative offices in Vancouver and sales offices in Los Angeles, San Francisco and Newport Beach California. ---------------------------------------- And Please Watch this One Trade Monday! Go Ypil ----------------------------------------- Information within this pub|ication contains future |ooking statements within the meaning of Section 27A of the Securities Act of 1933 and .... If you wish to stop future mai|ings, or if you fee| you have been wrongfully p|aced in our membership, please go here or send a b|ank e mail with No Thanks in the subject to st0ck54@ yahoo.com From Nobody at Spamcop.net Thu Apr 7 01:52:41 2005 From: Nobody at Spamcop.net (Nobody) Date: Thu Apr 7 01:55:03 2005 Subject: [SpamCop-List] Re: What Am I Looking At? References: <42262264.A5F21544@Spamcop.net> Message-ID: <4254CAA9.5F93F02B@Spamcop.net> "N. Miller" wrote: > > In article <42262264.A5F21544@Spamcop.net>, Nobody says... > > How do I get to the internal links so SpamCop can lart the proxy owners? > > The proxy owners who should get the notifies are in the headers. Anything in > the body is a hosting service. While it would be nice to notify them, if you > are encountering the "too many links" foil, all that you can do is a manual > notify. > > -- > Norman Norman, Thanks for the suggestion, I've been doing that, and chasing the internal links through GEEKtools and SamSpade.org has led to some very reportable, ROKSO-listed spamhosts. Thanks for the suggestion, and happy to pile on. Michael From nobody at spamcop.net Thu Apr 7 00:11:04 2005 From: nobody at spamcop.net (RandallW) Date: Thu Apr 7 02:15:04 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: "N. Miller" wrote in message news:MPG.1cbe2a5c84908b839897cf@news.spamcop.net... > > I haven't had an ameritech.net source of spam since Februry 18, 2005. My > latest SBC source of spam was from snet.net on March 26, 2005. By contrast, > my latest comcast.net spam source came through on April 4, 2005. > > Whereas, in January, 2005 my SBC sourced email spam was running ahead of > Comcast sourced email spam by about six to one, I have not seen an SBC > sourced email spam since shortly after my own SBC IP address was blocked for > port 25 outbound; maybe I was one of the last SBC IP address ranges to be > blocked by SBC. > > The contrast is interesting. Comcast stated that they would implement port > 25 blocking, but as a reactive measure. Sufficient complaints and Comcast > would block a customers outbound port 25. SBC, however, is implementing > outbound port 25 blocks proactively; customers won't find out until their > email stops working. If they only use designated SMTP servers, they will > never notice. If they do find themselves blocked, they can request > unblocking. Presmuambly this will be better because customers who know > enough to use third party SMTP servers probably also know enough to avoid > becoming infected with spambots. > > It remains to be seen how this will play out; but, if SBC's dynamic IP > address pools are mostly blocked as spam sources, maybe their abuse email > address won't overflow. They might even have enough time to run a thorough > examination of a complaint; and act quickly. Or not... > > SBC claims they sent mail to their customers last year informing them they would start doing that port 25 block. From nobody at devnull.spamcop.net Thu Apr 7 16:15:48 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Apr 7 02:20:02 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine In-Reply-To: <4254C8CA.BFE81A4A@Spamcop.net> References: <4254C8CA.BFE81A4A@Spamcop.net> Message-ID: Nobody wrote: > All: > > Got the following autoack from Yahoo! in reply to a manual LART on an > embedded Yahoo link that SpamCop parser didn't pick up and report. > Yahoo! took a look and determined the mailbox was supporting spam. > > ... > > Applause for Harry at Yahoo! for checking it out and crimping their > style. > > ... Sometimes they get it, sometimes not. Sometimes they just reply that the spam did not originate from Yahoo!, and that the headers were forged, but completely ignore the Yahoo! contact addresses in the message body. I had a similar case this week where I pointed them to the scam contact address, plus the http://profiles.yahoo.com/... user profile to show that the account was still alive. The reply was that they have forwarded the complaint to another department to check whether the profile in question was appropriate. From nttp.sc.s at bigsleep.org Thu Apr 7 09:41:41 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Apr 7 04:46:51 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: On 06 Apr 2005 Porpoise entered spamcop and left news:d31nlq$ov$1@news.spamcop.net: > > All webforms are effectively scripts (that's how you get the data from > the form on your website into your email inbox). The problem arises > when people use insecure scripts that don't lock down who the > allowable sender/recipients can be (effectively allowing anyone from > anywhere to use it for sending spam to all-and-sundry and making it > appear to come from the hapless customer. > That's not exactly what the flaw was in formmail and that's not what the spambots look for. > Fortunately, 1and1 are very "on-the-ball" in this respect and are > constantly hunting out errant webform mailing scripts. > So which comes first, the 1and1 or the spammer? Spammers are on the ball too, that's my point. >> If I write a screwy script (and I have), only I get blocked and only >> I am to blame since I check all scripts. >> > > It depends whose server it's on and whose mailserver it sends the data > through. > > It's not quite that simple. Email could go out through any one of > hundreds of Mx servers and the same email address doesn't necessarily > always go out through the same mail server - it's somewhat transparent > to the customer - "auth.smtp.1and1.co.uk" (or .com, or .de - > whatever) isn't *a* server - it could be any number of servers at any > given time, depending on a number of factors including local > load/geographical location etc. > Certainly they know who their own servers are, I don't see what difference it makes what server it comes from, or what server it goes out of. > This is just a selection of the "auth.smtp.1and1.co.uk" mailservers > some of my mails have gone out through over the last couple of days > (and there are plenty more where that came from): > Again, this really doesn't apply to scripts, since scripts (at least the ones I know of) open a program to send the message to, the mail program doesn't necessarily have to use SMTP at all. It doesn't matter how many mail servers they have, they MUST know if the message is coming from one of their own machines, and if its destined to one of their own servers. -- | Ric From nttp.sc.s at bigsleep.org Thu Apr 7 09:58:46 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Apr 7 05:00:37 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: On 06 Apr 2005 Lise entered spamcop and left news:d31ide$to1$1@news.spamcop.net: > and don't have the money right now to add some :( > > can I still report spam in between ? > Don't sweat it, you only lose the empty user report box (and possibly some other things you probably don't use), and when you pay up everything returns to normal. See also (last paragraph) http://www.spamcop.net/fom-serve/cache/288.html But if you wanna run cool.... -- | Ric From nobody at spamcop.net Thu Apr 7 11:41:10 2005 From: nobody at spamcop.net (-) Date: Thu Apr 7 05:45:28 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: We have hosted our own mail and web servers with 1and1 for more than 5 years and one thing is clear: They take abuse reports very seriously. One or two complaints together with evidence and the spammers are shut down. Like all big ISPs and hosting providers, they also have problems with spammers. If you run your own mailserver on their network, they run random weekly scans on your servers for open SMTP relays and open proxies and if they find one, your IP will be blocked for outgoing until you fixed the problem. The best solution is always to run your own mailserver, however, this is not everybody's cup of tea. Regards, John From nobody at spamcop.net Thu Apr 7 11:49:51 2005 From: nobody at spamcop.net (Anti-Spam) Date: Thu Apr 7 11:00:20 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: "Mike Easter" wrote in message news:d3224c$65t$1@news.spamcop.net... > N. Miller wrote: > > Sufficient complaints > > and Comcast would block a customers outbound port 25. SBC, however, > > is implementing outbound port 25 blocks proactively; customers won't > > find out until their email stops working. > > Good for comcast & sbc. EL is clueless. EL also currently has 6 output > servers blocklisted by sorbs or spamcop for hitting spamtraps, more > cluelessness. I don't have any way of knowing if it is from their > challenge scheme or something else. I regularly get C/R from EL triggered by spam they receive. Since the last change to the SC TOS, into the SC queue it goes. And as Mike observes, SC isn't the only anti-spam service with this attitude regarding C/R. I concur with Mike's opinion: EL is a bad Netizen in their spam handling. Their business practice doesn't appear too swift either, by deliberately getting themselves blocked and degrading their own e-mail service like this. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: can@kbhcyonkopypg.net (generated by Webpoison) From mailing_jg at cantimplora.com.ar Thu Apr 7 13:50:39 2005 From: mailing_jg at cantimplora.com.ar (JulianG) Date: Thu Apr 7 11:55:08 2005 Subject: [SpamCop-List] Need to know which email account has been reported as spammer Message-ID: If my server is blacklisted, how can I know which email account or accounts are the ones have been reported as spammers? My univerity is a large organization and I need to find who is sending Spam. thanks, JulianG From pxpearson at spamxcop.net Thu Apr 7 09:57:30 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Thu Apr 7 12:00:05 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: JulianG wrote: > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? > > My univerity is a large organization and I need to find who is sending > Spam. Since spammers routinely forge "From" lines and "From:" lines, there is no trail back to any email address. The IP address that injected the spam into the Internet is available in the header, and tracing must begin from there. Given the IP address and timestamp (also in the header), I hope your server's log files will help identify the culprit. -- Remove the two x's to get a good email address. From dannyg at dannyg.com Thu Apr 7 10:13:44 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Thu Apr 7 12:13:53 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine In-Reply-To: <200504071600.j37G0JvQ002889@dannyg.com> Message-ID: > Consequently, we have taken > appropriate action against this account That phrase in LART responses always bothers me. It's sooo weasely. What's appropriate? To whom? Does that mean just a warning? If you canned his butt, why not say so? Danny http://www.dannyg.com http://www.spamwars.com From MikeE at ster.invalid Thu Apr 7 10:13:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 12:15:04 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: JulianG wrote: > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? What IP are we trying to talk about but not really? You can take the IP in question to this page http://www.spamcop.net/bl.shtml "You can check the status of any server by entering its address:" - and then, if positive, that page also provides links to additonal information. The spamcop parser is designed to not name a server as a source if there is a user IP behind it; that is, the parser is designed to call the server a relay not a source, and sources are listed, not relays. If the parser is unfamiliar with the relay or if the server's Received tracelines are misconfigured the parser may errantly name a server as a source. A server may also be named as a source because it is doing belated 'bounces' which are newmails addressed to bogus froms. That type of server activity may be reported by a reporter or be a cause of spamtraps being hit. Similarly some outofoffice abusive automails. You don't get to see any evidence from spamtrap hits. If you are in control of a server, it should have logs. If you are in control of a server it shouldn't be designed to email belated bounce information to bogus Froms. If you are in control of a server you shouldn't be allowing abusive autoreplies to bogus Froms. > My univerity is a large organization and I need to find who is > sending Spam. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Apr 7 21:12:20 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 12:15:11 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: in article d33ho3$t1t$1@news.spamcop.net, Anti-Spam at nobody@spamcop.net wrote on 4/7/05 6:49 PM: > SNIPPED > Bring in the death penalty for repeat spammers. >SNIPPED Is there such a thing as a non repeating spammer? From nobody at spamcop.net Thu Apr 7 21:17:27 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 12:20:03 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine References: Message-ID: in article mailman.129.1112890433.4572.spamcop-list@news.spamcop.net, Danny Goodman at dannyg@dannyg.com wrote on 4/7/05 8:13 PM: >> Consequently, we have taken >> appropriate action against this account > > That phrase in LART responses always bothers me. It's sooo weasely. What's > appropriate? To whom? Does that mean just a warning? > > If you canned his butt, why not say so? > > Danny > http://www.dannyg.com > http://www.spamwars.com > > and what about st0ck01-st0ck53, and 55-59? All this might have accomplished is deletion of a few fsck -off messages From 0rio85a02 at sneakemail.com Thu Apr 7 09:17:48 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Thu Apr 7 12:20:07 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine References: <4254C8CA.BFE81A4A@Spamcop.net> Message-ID: "Patto" wrote in message news:d32j6l$eg6$1@news.spamcop.net... > Nobody wrote: >> All: >> >> Got the following autoack from Yahoo! in reply to a manual LART on an >> embedded Yahoo link that SpamCop parser didn't pick up and report. Yahoo! >> took a look and determined the mailbox was supporting spam. Larting to Yahoo, I have 99% success mainly for 419 scammers of the previously mentioned reply. In checking the next day by sending an email to the address I larted on, it is no longer active. In addition, if they aren't using Yahoo I lart the sending and contact address with text saying that they have reached a scam reporting address. I haven't had a 419 or lottery scam email for 4 weeks now. Fred k From mikegray at spammenotcretinsdsl.pipex.com Thu Apr 7 20:13:39 2005 From: mikegray at spammenotcretinsdsl.pipex.com (Mike Gray) Date: Thu Apr 7 14:15:04 2005 Subject: [SpamCop-List] Checking if a friend is blacklisted? Message-ID: I was talking to a friend who's a singer/songwriter who runs a mailing list that sends out news of gigs etc... she said that she'd been having problems with her software causing people to receive multiple e-mails and is concerned that she might have been reported as a spammer and ended up on blacklists (the e-mail list is opt-in only, and the problem with the software existed between keyboard and chair, I believe, but that's a digression) I've had her send just me an e-mail in the same way - where do I look in the header to input the right IP address, and which blacklists should I check? Many thanks, Mike From MikeE at ster.invalid Thu Apr 7 12:38:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 14:40:07 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Mike Gray wrote: > I was talking to a friend who's a singer/songwriter who runs a > mailing list that sends out news of gigs etc... she said that she'd > been having problems with her software causing people to receive > multiple e-mails and is concerned that she might have been reported > as a spammer and ended up on blacklists (the e-mail list is opt-in > only, and the problem with the software existed between keyboard and > chair, I believe, but that's a digression) Her biggest problem/risk isn't her duplications but the necessity to manage her mailing list very scrupulously. Often some list starts out being to just a few well known friends and actually isn't managed as a 'proper' list -- then it starts to grow and people ask that other people who've asked them to be included get added, none of which is handled in proper 'dangerous' mailing list fashion. Eventually the list has grown and the methods of its growth have grown and then no one wants to throw the list away and start all over. She should use /very/ proper mailing list management from the very beginning, even if it sounds 'excessive' in its strictness. http://www.mail-abuse.com/an_listmgntgdlines.html Guidelines for proper mailing list management > I've had her send just me an e-mail in the same way - where do I look > in the header to input the right IP address, and which blacklists > should I check? That's hard to describe in just a few words. It is easier to have you have the spamcop parser do the work for you. If you are a registered spamcop reporter, just properly submit the item to the website parser as if it were a spam so that SC will determine the source, and then cancel the report. If you aren't a reporter, then paste the complete headers into the newsgroup spamcop.spam *NOT HERE* and someone around here will look at it and tell you how it is sourced and relayed. One way to check a lot of blocklists at one time very quickly is at the top center column tool at dnsstuff http://www.dnsstuff.com/ -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Thu Apr 7 13:55:50 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Thu Apr 7 16:00:07 2005 Subject: [SpamCop-List] Prepaid Legal: New ploy or just a coincidence? Message-ID: Message in question posted in .spam group. I'm trying to decide if the sender is just a totally gullible ignoramus or a clever spammer who's come up with a new way to spam for Prepaid Legal. Did they really get a virus email showing my (forged) address in the From slot? Which would mean they're just incredibly stupid, both because she sent a "helpful" virus notice without seeing where it *really* came from (a Yahoo address? not likely!) and because she's dumb enough to hook up with Prepaid Legal. On the other hand, I can see that this virus notification thing could be a whole new way to spam with low likelyhood of being reported... Carol Seattle USA From MikeE at ster.invalid Thu Apr 7 14:46:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 16:45:05 2005 Subject: [SpamCop-List] Re: Prepaid Legal: New ploy or just a coincidence? References: Message-ID: caroljean52 wrote: > Message in question posted in .spam group. > > I'm trying to decide if the sender is just a totally gullible > ignoramus or a clever spammer who's come up with a new way to spam > for Prepaid Legal. A total ignoramus is my diagnosis. But an ignoramus who is promoting prepaid legal with their stupidity. They should probably have their hands spanked on general abusively ignorant principles by being reported for 'spamming', since they are incompetently 'incidentally' spamming you with a Prepaid Legal 'footer'. Of course, yahoo isn't going to take any action, because yahoo is getting promoted with its own promotional footer. Funny how that works. > Did they really get a virus email showing my (forged) address in the > From slot? That's what I think. They got a virus message from your address with the virus stripped and they replied to it with a prepaid legal and incidentally also a yahoo promotional footer. > Which would mean they're just incredibly stupid, both > because she sent a "helpful" virus notice without seeing where it > *really* came from (a Yahoo address? not likely!) and because she's > dumb enough to hook up with Prepaid Legal. Prepaid legal has some kind of deal which they offer to be an 'associate'. That is an invitation to spam. My guess is that this particular item isn't/wasn't intentional spam, but that it might as well have been, because it 'deserves' to be reported. If it was a mistake, there should be consequences for mistakes which affect other people and if there are some consequences of her being reported, those consequences will serve to help her not behave in the same way in the future. > On the other hand, I can see that this virus notification thing could > be a whole new way to spam with low likelyhood of being reported... That's why I think it should be reported even if it were/ might be/ sorta accidental. The prepaid legal associate-ship is unhealthy in general; sending out virus receipt notifications with a promotional trailer of some 'size' and presentation is very spammish, and both of those spammish behaviors and conditions need some spam response rather than just overlooking it as an accident. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 7 15:01:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 17:00:03 2005 Subject: [SpamCop-List] Re: Prepaid Legal: New ploy or just a coincidence? References: Message-ID: caroljean52 wrote: > or a clever spammer who's come up with a new way to spam > for Prepaid Legal. You can always fall back on the 'rules' In this case you can consider all 3 Rule #1: Spammers lie Rule #2: If a spammer ever appears to be telling the truth, consult Rule #1 Rule #3: Spammers are stupid -- Mike Easter kibitzer, not SC admin From mikegray at spammenotcretinsdsl.pipex.com Thu Apr 7 23:43:21 2005 From: mikegray at spammenotcretinsdsl.pipex.com (Mike Gray) Date: Thu Apr 7 17:45:39 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: > Her biggest problem/risk isn't her duplications but the necessity to > manage her mailing list very scrupulously. Often some list starts out > being to just a few well known friends and actually isn't managed as a > 'proper' list -- then it starts to grow and people ask that other people > who've asked them to be included get added, none of which is handled in > proper 'dangerous' mailing list fashion. Thanks for all the advice. I've passed it on to her. A quick check on the web site (very handy, one for the bookmarks!) shows no damage thus far, so I'll try and make sure there isn't any in future. :) Cheers, Mike From mailing_jg at cantimplora.com.ar Thu Apr 7 20:43:02 2005 From: mailing_jg at cantimplora.com.ar (JulianG) Date: Thu Apr 7 18:45:03 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer In-Reply-To: References: Message-ID: Thank you for your help! From nobody at spamcop.net Fri Apr 8 00:59:46 2005 From: nobody at spamcop.net (Valerio) Date: Thu Apr 7 19:00:04 2005 Subject: [SpamCop-List] Why kornet.net isn't everytime banned? Message-ID: I receive about 10 spam mail a day, 6 of this come from kornet.net. I dont understand why kornet.net isn't everytime banned from spamcop? Vale From nobody at devnull.spamcop.net Thu Apr 7 20:49:21 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Apr 7 19:50:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d33uka$5gd$1@news.spamcop.net... ... > One way to check a lot of blocklists at one time very quickly is at the > top center column tool at dnsstuff http://www.dnsstuff.com/ Wow, they've either come a long way baby!, or I've got them mixed up with someone similar sounding - THAT URL's a keeper! It even got e-mails right too, except I had to put one of mine in twice before it "found" it to be a good address. It's also blazingly fast on the features I tried at least. Thanks mucho! Pop From wb8tyw at qsl.network Thu Apr 7 20:59:50 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 7 20:00:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: Valerio wrote: > I receive about 10 spam mail a day, 6 of this come from kornet.net. > I dont understand why kornet.net isn't everytime banned from spamcop? Spamcop is best at quickly locating new spam sources, not at keeping long term spam sources listed. If you look around on the internet, you will find blocking lists that lists that attempt to list specific countries and some specific ISPs. If you do not want to receive spam from a specific location, it is under the total control of the operator of your mail server. Accepting spam from known spam sources increases a mail server's operating costs, and they either pass them on to you in poorer service or rate increases. Get together with other users of the same mail server if needed. In order for an I.P. address to be listed, spam has to be received by a spamcop member or a spamtrap in enough quantity to be listed. For a spamcop.net member to report spam from a specific netblock, it means that their mail server must still accept e-mail from that netblock. Some of us have mail server operators do not wait for a DNSbl to block a chronic spam source. For some domains, one received spam will cause at least a /23 (slang for 512 I.P. addresses) to be put on a local blocking list. Also once a spam source gets in the sbl-xbl.spamhaus.org which includes opm.blitzed.org and cbl.abuseat.org, many reporters no longer see spam from it. And the same is the case for many once an address is identified as being in a DHCP pool. Still others will not see any spam from any source that does not have a valid rDNS. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Thu Apr 7 17:18:56 2005 From: nobody at spamcop.net (Ellen) Date: Thu Apr 7 21:00:04 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: "JulianG" wrote in message news:d33ks9$uje$1@news.spamcop.net... > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? > > My univerity is a large organization and I need to find who is sending Spam. > > thanks, > JulianG We may be able to provide some additional information if you send the IP in question to deputies admin.spamcop.net Ellen SpamCop From wb8tyw at qsl.network Thu Apr 7 21:59:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 7 21:00:17 2005 Subject: [SpamCop-List] Media reports of alleged spammer being burnt down under. Message-ID: http://www.news.com.au/story/0,10117,12783127-29277,00.html http://internet.aca.gov.au/ACAINTER.852416:STANDARD::pc=PC_2943 While the identity of the alleged spammer has not been named, posters on news.admin.net-abuse.email have been speculating on it. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Thu Apr 7 21:59:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Apr 7 21:55:03 2005 Subject: [SpamCop-List] Re: Media reports of alleged spammer being burnt down under. References: Message-ID: Oh, I hope it is Abaco Machines!!! Miss Betsy From nobody at spamcop.net Fri Apr 8 07:52:32 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 22:55:04 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net wrote on 4/8/05 2:59 AM: > I receive about 10 spam mail a day, 6 of this come from kornet.net. > I dont understand why kornet.net isn't everytime banned from spamcop? > Vale I'd love to know how they stay off the top 50 list, because they are MY #1 spammer, (at least 50% of my crap) and judging from remarks here a significant spammer for a number of people in this NG (presumably reporters) From wb8tyw at qsl.network Fri Apr 8 01:05:21 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Apr 8 00:10:29 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >>I receive about 10 spam mail a day, 6 of this come from kornet.net. >>I dont understand why kornet.net isn't everytime banned from spamcop? >>Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) Spamvertised web sites do not count toward the blocking list. Most of the spam is coming from compromised computers and the spammers hop from one to another to avoid DNSbsl like spamcop and cbl.abuseat.org and opm.blitzed.org which expire listings. The only way to avoid this type of spam is to preemptively block the spam source by using either an up to date DHCP list, or to block the I.P. address ranges of the ISP that is allowing the spam to be sent. Once a spam source becomes known, it becomes widely blocked in the more conservative lists or local blocking lists, so less spamcop.net reporters will be seeing spam from it to keep it on the blocking lists. Have a talk with your postmaster, and if that is not productive, other users of that mail server. I see the most complaints about lost e-mail and service outages for mail servers that accept spam and then try to content filter it on a per user basis. I see the least complaints and the highest uptimes on the mail servers that refuse to accept e-mail from known spam sources. And refusing e-mail from known spam sources lowers the cost of operating the mail server. -John wb8tyw@qsl.network Personal Opinion Only From SCNews.5.myspamgobbler at spamgourmet.com Thu Apr 7 22:11:49 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 8 00:15:03 2005 Subject: [SpamCop-List] Re: Media reports of alleged spammer being burnt down under. In-Reply-To: References: Message-ID: Miss Betsy wrote: > Oh, I hope it is Abaco Machines!!! > > Miss Betsy > There is some speculation about it being Wayne Mansfield. Wayne's morphing companies include: - The Which Company Pty Ltd - T3 Direct - The Maverick Spirit Newsletter - Business Seminars Australia From PossumTrot at dont.spam.me Fri Apr 8 14:29:57 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Apr 8 16:35:02 2005 Subject: [SpamCop-List] Spammer gets slammer Message-ID: http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html Essentially same story on USATODAY.COM From kenbrody at spamcop.net Fri Apr 8 17:58:49 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Apr 8 17:05:07 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: <4256F089.92A19904@spamcop.net> Doug Thegarden wrote: > > Ivan Leo Puoti wrote: > > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > > > Just in case you think the lawsuits are pointless. > > > > Ivan. > > Before you get too excited its a pure technicality at this stage. > Chapter 11 allows him to continue trading while protected from his > creditors. And who are those creditors? Well if you look at what the > article says, he would be in the black by about $6m except for this big > potential $46m being claimed by M$. So under Chapter 11 he can continue > trading while protected from Microsofts financial claim i.e. life as normal Besides, he'll simply bankrupt OptInRealBig.com and start up RealBigOptIn.com in its place. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From / at /.cn Sat Apr 9 09:51:13 2005 From: / at /.cn (Petzl) Date: Fri Apr 8 18:55:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: "Possum Trot" wrote in message news:d36pou$ore$1@news.spamcop.net... > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html > > Essentially same story on USATODAY.COM So we will see snotty here to? http://www.mugshots.com/Criminal/Computer/Jeremy+Jaynes.htm From zypher at spamcop.net Fri Apr 8 20:45:27 2005 From: zypher at spamcop.net (Ron B.) Date: Fri Apr 8 20:50:04 2005 Subject: [SpamCop-List] Appropriate Psuedonyn for spammer Message-ID: "Tittle K. Prevaricator" "Sent" me spam for "oem software". From nobody at spamcop.net Sat Apr 9 06:29:21 2005 From: nobody at spamcop.net (nospam) Date: Fri Apr 8 21:30:05 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: in article d34vu1$ppu$1@news.spamcop.net, John E. Malmberg at wb8tyw@qsl.network wrote on 4/8/05 8:05 AM: > nospam wrote: >> in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net >> wrote on 4/8/05 2:59 AM: >> >>> I receive about 10 spam mail a day, 6 of this come from kornet.net. >>> I dont understand why kornet.net isn't everytime banned from spamcop? >>> Vale >> >> I'd love to know how they stay off the top 50 list, because they are MY #1 >> spammer, (at least 50% of my crap) and judging from remarks here a >> significant spammer for a number of people in this NG (presumably reporters) > > Spamvertised web sites do not count toward the blocking list. > >SNIPPED, I know, I rarely se spamvertized sites on kornet, those're normally in China, tietong these days, kornet and the hanas are mostly sources. I don't think spamtraps are usually behind DNSBL's, so, my question still stands. From reader at invalid.invalid Sat Apr 9 01:48:15 2005 From: reader at invalid.invalid (Reader) Date: Fri Apr 8 23:50:15 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Fri, 08 Apr 2005 06:52:32 +0400, nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >> I receive about 10 spam mail a day, 6 of this come from kornet.net. >> I dont understand why kornet.net isn't everytime banned from spamcop? >> Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) South Korea is #2 (25%) on Sophos spamtraps, an increase of 10% over the August 2004 list. USA is still #1 at 35.7% but at least it's a drop from the previous 42.5%. http://www.theregister.com/2005/04/07/spam_shame_chart/ http://www.theregister.com/2004/08/24/spam_table/ 'whois -h whois.apnic.net kornet' shows shows 10.2m ip addresses allocated to Kornet. In fairness that's a sizeable chunk of the internet for a single ISP and worth bearing in mind when pointing the finger. http://www.blackholes.us/zones/country/korea.classful lists 51.6m ip addresses in total for Korea. From Ilgaz at spamcop.net Sat Apr 9 17:33:36 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Apr 9 09:35:37 2005 Subject: [SpamCop-List] Re: I got through to kornet!! woohoo 211.219.147.210 References: Message-ID: In article , "John E. Malmberg" wrote: > justin wrote: > > > > we informed our customer of his illegal activity and requested to fixing > > a this problem. > > They admit that they have taken no action to immediately stop abuse > coming from their network. > > > In future if it will try again, we will not service to this customer > > from our network. > > Look up what a "bedbug letter" is. And then see if you can convince > your mail server operator to solve the issue of spam coming from Kornet. > > -John > wb8tyw@qsl.network > Personal Opinion Only Hi, If there was a way to see all my spam submitted for years, I bet Kornet would be top of list. Call me paranoid but I really wonder if we should report spam to them or not. That response is a miracle I say. I had no response what so ever and I started learning Korean swearing just because of that ISP and Hananet :) Of course, they do nothing and everyone blocks their domain as a first thing to do whatever system they use. They get what they deserve I would say but there is a slight possibility that they figured this thing can't go forever. If I was a Korean, I would clearly carry this amazing issue to Korean parliament,my parliamenterian whatever. It can't go this way... Have a nice day Ilgaz Ocal ps: Finally found a good,free client for OS X for "real" news. Will hang out here for sure. From Ilgaz at spamcop.net Sat Apr 9 17:48:12 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Apr 9 09:50:02 2005 Subject: [SpamCop-List] What did spamcop do to Subsume Technologies? :) Message-ID: Hi, On OS X, since my first OS X usage days, I have found Subsume ( http://www.subsume.com/ ) for very interesting apps. They are plain cool guys. For Mac, they produced Spamcop mail bundle for FREE (a plugin for apple mail) for OS X mail users. As I am paid customer now and have bayesian stuff all over, I don't need it. Yahoo filters have failed in number of occasions and I remembered that software. Their webpage says: http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop This software has been demoted to idle mode. For details, see the Demoted section. Demoted section http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem oted Writes: ______ Our main reporting account with spamcop.net was permanently disabled on 07 Aug 2004. Because of this development, we will no longer be able to support this software. We have decided to leave it available for download until Apple releases Mac OS X 10.4 (which will almost certainly break the bundle, as all major releases do) on the off chance that registrations will allow it to be open sourced, or the possibly some other developer will buy the asset outright. The long version of the story is tedious and looks like a lot of childish finger pointing. Suffice it to say that if you ever get a spam that mentions a virus or (security) software in any way (including the common pirate software site spams), don't report it; it's a free ride for the spammers. Likewise, any spam disguised to look like an automated message from a badly configured server (e.g. bogus out of office messages, faked challenge/response messages, etc.) should not be reported as it will likely get your spamcop.net account cancelled, much to the amusement of the spammer on the sending end. Expect to see a lot more spam in the future trying to look like spam that spamcop.net deems OK; as vocal anti-spammers we seem to be on the leading edge for testing junk that eventually clogs up your inbox. So after using spamcop.net for over two years, after reporting spam into the hundreds of thousands, after still seeing raw spam attempts in that period increase from 50 to 5000 daily, we call it quits. The spammer have seemingly won as far as spamcop.net is concerned. ______ So, what happened basically? Oh, mac fanatics won't tell it to you, as a old timer in computers, I tell you, 90% of Mac users won't care the hassle to copy raw source and report it via web. Mac mail is great but its a "starter" application. It doesn't have stuff like "forward as attachment" etc, not to confuse users. So, thats why that bundle/plugin was coded at first place. It is for the user profile spamcop talks about (and genius imho) We aren't talking about frustrated newbies here btw. Check their other stuff, you'd have an idea about the level of them. Have a nice day Ilgaz Ocal From MikeE at ster.invalid Sat Apr 9 08:08:52 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 10:10:05 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Ilgaz Ocal wrote: > The long version of the story is tedious and looks like a lot of > childish finger pointing. I don't recall any discussion by subsume's rep openly in the newsgroups. Whatever discussion or 'discipline' there was must've been privately handled in email by a deputy. > Suffice it to say that if you ever get a > spam that mentions a virus or (security) software in any way > (including the common pirate software site spams), don't report it; > it's a free ride for the spammers. Once upon a time it was against the rules to report viral propagations, or the 'spawn' from viral propagations, which includes notifications to bogus Froms on the propagation. > Likewise, any spam disguised to > look like an automated message from a badly configured server (e.g. > bogus out of office messages, faked challenge/response messages, > etc.) should not be reported as it will likely get your spamcop.net > account cancelled, much to the amusement of the spammer on the > sending end. Once upon a time it was also against the rules to report the abusive belated bounces to bogus Froms which are generated as described above. Challenges were another matter. > Expect to see a lot more spam in the future trying to > look like spam that spamcop.net deems OK; as vocal anti-spammers we > seem to be on the leading edge for testing junk that eventually clogs > up your inbox. The writer isn't uptodate on what the rules are. Now all of those reports, including virms [viral email propagations] are OK. http://www.spamcop.net/fom-serve/cache/14.html On what type of email should I (not) use SpamCop? That page sez it is ok to report virms, virm spawn, misdirected bounces, challenges, outofoffice misdirections, etc. It is not OK to report mailing list spam, 'social' spam, mail errors, and usenet spats. > So after using spamcop.net for over two years, after reporting spam > into the hundreds of thousands, after still seeing raw spam attempts > in that period increase from 50 to 5000 daily, we call it quits. The > spammer have seemingly won as far as spamcop.net is concerned. > ______ > > So, what happened basically? I expect the reporter didn't pay attention to the rules, was admonished, still didn't pay attention to the rules, and so had their account jerked. The deputies are pretty easy going, but you have to play by the rules whether you like them or not. The rules that must've gotten the reporter busted have since been changed to include the very issues that got hir busted. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 08:16:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 10:15:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Mike Easter wrote: > It is not OK to report mailing list spam, Unless you are the listowner. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Apr 9 20:30:00 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 9 11:35:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Mike Easter" wrote in message news:d38nic$mjs$1@news.spamcop.net... > Ilgaz Ocal wrote: > > The long version of the story is tedious and looks like a lot of > > childish finger pointing. > > I don't recall any discussion by subsume's rep openly in the newsgroups. > Whatever discussion or 'discipline' there was must've been privately > handled in email by a deputy. > > Snipped I remember the discussion, S/He left in a bit of a huff, the exchange was short though. and mostly handled in private, I think. (since I am not privy to that). From source at netcom.com Sat Apr 9 09:53:23 2005 From: source at netcom.com (David Harmon) Date: Sat Apr 9 11:55:02 2005 Subject: [SpamCop-List] Earthlink parseing not as good as might be Message-ID: <4257f85d.36927468@news.spamcop.net> I guess Earthlink screwed it up again. It used to go like this: > Received: from c-24-7-93-159.client.comcast.net ([24.7.93.159]) by kite (EarthLink SMTP Server) with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 Jan 2004 10:08:52 -0800 (PST) >warning:Fixing bozotic earthlink received line: > Received: from c-24-7-93-159.client.comcast.net ([24.7.93.159]) by kite.earthlink.net with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 Jan 2004 10:08:52 -0800 (PST) host 24.7.93.159 = c-24-7-93-159.client.comcast.net (cached) > host c-24-7-93-159.client.comcast.net (checking ip) = 24.7.93.159 > Possible spammer: 24.7.93.159 > Received line accepted Now it goes like this: > Received: from AUFBUCHSTATION ([217.7.21.199]) by mx-a065b05.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1dfPi4Wh3NZFpL0 Mon, 28 Mar 2005 00:07:47 -0800 (PST) > no date found > 217.7.21.199 found > host 217.7.21.199 (getting name) no name > Possible spammer: 217.7.21.199 > Received line accepted ... > warning:Yum, this spam is fresh! Message is old From eddie at eddie.web Sat Apr 9 12:57:12 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 12:00:02 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Fri, 08 Apr 2005 13:29:57 -0700, Possum Trot scratched out the following: > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html > > Essentially same story on USATODAY.COM Since spammers have the learning curve of the common housefly, at best, let's see what effect, if any, this has on overall spam. At some point, one would expect to see that the bottom feeders who buy the "Million Address" CDs and buy into the "get rich quick" scam will wise up and see that only the top people make any money. But that would only apply to normal brains. However, at some point the money will start to dry up, starting at the bottom. As I noted in another post, the overall level of my personal spam has dropped over the last month or so, either from "list-washing" or spamkiddy is more interested in video and computer games and doesn't want to play them in jail. -- Once movie theaters gave out steak knives Today they confiscate them From usenet2 at DE.LETE.THISljvideo.com Sat Apr 9 17:08:23 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 9 12:10:03 2005 Subject: [SpamCop-List] Re: Appropriate Psuedonyn for spammer References: Message-ID: Waiving the right to remain silent, "Ron B." said: > "Tittle K. Prevaricator" > "Sent" me spam for "oem software". He's my friend too. But today, I got the same spam from "Deadliness I. Kook" I shit you not... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Sat Apr 9 10:10:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 12:10:10 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: David Harmon wrote: Subject: Earthlink parseing not as good as might be > I guess Earthlink screwed it up again. It used to go like this: If you want to talk about a parsing problem, you are going to have to post the tracker of a 'real' set of headers or spam, not some partial snippage. What you posted is meaningless, and I'm accustomed to seeing SC parse EL headers. -- Mike Easter kibitzer, not SC admin From usenet2 at DE.LETE.THISljvideo.com Sat Apr 9 17:09:56 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 9 12:10:16 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: Waiving the right to remain silent, "Possum Trot" said: > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/inde > x.html > > Essentially same story on USATODAY.COM Sentence suspended, awaiting appeal. I don't think this bastage is ever going to see the inside of a jail cell. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Sat Apr 9 10:29:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 12:30:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: Mike Easter wrote: > the tracker of a 'real' set of headers > I'm accustomed to > seeing SC parse EL headers. Parse of oldstyle bozotic EL headers from 2004 Aug http://www.spamcop.net/sc?id=z750683046z62ce0cac71cb834e01702afadbd91c89z Parse of 'new' style EL headers from stale spam of 2005 Apr 5 with meaningless fresh and old words http://www.spamcop.net/sc?id=z750683835z63d6180660230a150f342251aa03ee52z Parse of fresh 'newstyle' EL headers from today with the same meaningless fresh and old words http://www.spamcop.net/sc?id=z750684371zdda231b0a06d7db6fdcee7913e0ce882z -- Mike Easter kibitzer, not SC admin From source at netcom.com Sat Apr 9 10:32:15 2005 From: source at netcom.com (David Harmon) Date: Sat Apr 9 12:35:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: <42590260.39490203@news.spamcop.net> On Sat, 9 Apr 2005 09:10:36 -0700 in spamcop, "Mike Easter" wrote: >If you want to talk about a parsing problem, you are going to have to >post the tracker of a 'real' set of headers or spam, Fair enough. http://www.spamcop.net/sc?id=z750663102za27b9e1be3d5d9df2798ea1da83bbb2dz http://www.spamcop.net/sc?id=z750663101z6bfcf8672ccb4a39d8adf56e7263e692z http://www.spamcop.net/sc?id=z750663098z0f2db625fffcd1a702c34d38632517dez http://www.spamcop.net/sc?id=z750663093zbc2fe422c134538c1835cca8a38fcb5fz http://www.spamcop.net/sc?id=z750663091zcc1b88804b463d64a5a92d58cd560834z http://www.spamcop.net/sc?id=z750663090zc862bc7992fe32b14a0992ab53886f9az http://www.spamcop.net/sc?id=z750663087z11027ed239a643c463ef40082f8e5577z http://www.spamcop.net/sc?id=z750663086z5f92efcdad79dc61f1b551e019432c05z http://www.spamcop.net/sc?id=z750663085z2f5674fe80ea30d36a4c8e9b80a2c0d1z From MikeE at ster.invalid Sat Apr 9 11:04:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:05:19 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: David Harmon wrote: > "Mike Easter" >> If you want to talk about a parsing problem, you are going to have to >> post the tracker of a 'real' set of headers or spam, > > Fair enough. I looked at almost all of those, but I'm still not getting what you are talking about. Are you talking about one or another of the meaningless lines: no date found Yum, this spam is fresh! Message is old ... which functionally have no relevance, or something else? The parse proceeds just fine, in that it is managed properly in terms of the parser's accuracy in assessing the age for the 'real' purposes of age determination [too old to report and such]. If you simply disregard 'zany' parser editorial 'commentary', SC parser palaver won't make you crazy. Reading what the parser sez about the 'meaning' of what it is handling near to what it is saying needs to be done very imaginatively, so that you can avoid literal interpretations applied to the wrong places. -- Mike Easter kibitzer, not SC admin From spamtrap at icarus.com Sat Apr 9 11:07:59 2005 From: spamtrap at icarus.com (Stephen Williams) Date: Sat Apr 9 13:10:03 2005 Subject: [SpamCop-List] Re: chinatietong.com Bulletproof scumbags In-Reply-To: References: Message-ID: Jamie wrote: [...] > > No try again the so called screen shots are altered shots > You have no clue what the hell you are talking about > so why don't you just shut up for a while. > > However some one was trying to make it look like it > was me. I have not been laughed out of NANAE at all > and infact I STILL post to NANAE. > > And the SMTP proxy was bogus and was nothing > more then a sting. All of this was already explained > in google groups I suggest you go back and > read http://groups.google.com [...] Ah, the nostalgia of it all. Who has the URLs for the various "Jamie shrines"? From MikeE at ster.invalid Sat Apr 9 11:24:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:25:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > Are you talking about one or another of the meaningless lines: > > no date found If you want SC to not say 'no date found' while it is actually /finding/ the date and time, you will have to get EL to place an appropriate semicolon before the date field [ie after the informational section following the hostname in the 'by' field] in its Received traceline. >From this one www.spamcop.net/sc?id=z750663102za27b9e1be3d5d9df2798ea1da83bbb2dz modified by unfolding and spacing out the Received tracelines. Received: from silkgraphics.com ([64.37.122.4]) by bunting.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id 1dk7vx5q43NZFmR0 Fri, 8 Apr 2005 21:23:42 -0700 (PDT) Received: from silkcvvqi2mce2 [207.175.209.1] by silkgraphics.com with ESMTP (SMTPD32-8.15) id AC31A6FB012E; Fri, 08 Apr 2005 20:13:21 -0500 Without commenting on the role of the alleged relay, but for purposes of discussion accepting that EL stamped the topline and silkgraphics/chicagowebs stamped the 2nd line; notice that silkgraphics line has a semilcolon before the timestamp field, whereas EL's does not. If you forge the EL line to contain a semicolon and feed it to the parser, the parser will not 'complain' or say the no date found line, but otherwise will parse the item exactly the same, including the interpretation of the timestamp information.which it is saying it can't find. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:33:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:35:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > If you forge the EL line to contain a semicolon and feed it to the > parser, the parser will not 'complain' or say the > > no date found http://www.spamcop.net/sc?id=z750700675zd67a6478a4d2879da9fff4d404e1ed9fz For demonstration purposes only; do not forge headerlines to report spam. And this par I said is in error > line, but otherwise will parse the item exactly the same, including > the interpretation of the timestamp information.which it is saying it > can't find. I was wrong. SC interprets the age differently for the two parses. In the unforged parse, it is using the timestamp of the 2nd line; in the forged parse, it is using the timestamp of the line which it now finds the timestamp for because of the introduction of the appropriate semicolon. EL is acting bozotic again by leaving out the semicolon. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:40:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:40:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > EL is acting bozotic again by leaving out the semicolon. RFC 2821 Section 3.6.7 on Trace fields requires that a semicolon be placed between that section of the 'by' field which precedes the timestamp and the timestamp, so the EL stamp is noncompliant.. My recent experience with trying to email EL some suggestions about how to do something was met with total obstruction. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:52:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:55:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: Now that I understand better, I'll try again. David Harmon wrote: > I guess Earthlink screwed it up again. It used to go like this: >> by kite (EarthLink SMTP Server) with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 >> Jan 2004 10:08:52 -0800 (PST) >> warning:Fixing bozotic earthlink received line: when SC 'fixed'/accepted the bozotic EL line before, it was logic-configured to ignore/accept not only the bozotic deficient hostname, but also the bozotic missing semicolon. > Now it goes like this: > >> Received: from AUFBUCHSTATION ([217.7.21.199]) by >> mx-a065b05.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP >> id 1dfPi4Wh3NZFpL0 Mon, 28 Mar 2005 00:07:47 -0800 (PST) >> no date found EL fixed the problem with the deficient hostname in the 'by' field, but it failed to repair the still missing semicolon. The algorithm is and was logic-designed to recognize the old EL bozoticy [?] -- but not the current, less bozotic condition; so now it can't find the timestamp, whereas it could before. -- Mike Easter kibitzer, not SC admin From rebbit_cad at hotmail.com Sat Apr 9 14:24:37 2005 From: rebbit_cad at hotmail.com (rebbit) Date: Sat Apr 9 15:25:03 2005 Subject: [SpamCop-List] major spammer arrested Message-ID: Reffering to Associated Press, Jeremy James, a major spammer got arrested and sentanced for nine years in jail. Cause, or effect?: we haven't received a single spam today !!! It is about time that legislation get implemented, worldwide. Against those shaddy companies which promote counterfeited products, illegal drugs , and other trash. And against those immoral spammers looking for a quick buck. Rebbit From eddie at eddie.web Sat Apr 9 16:30:27 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 15:35:04 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: On Sat, 09 Apr 2005 13:24:37 -0600, rebbit scratched out the following: > Reffering to Associated Press, Jeremy James, a major spammer got arrested > and sentanced for nine years in jail. Cause, or effect?: we haven't > received a single spam today !!! It is about time that legislation get > implemented, worldwide. Against those shaddy companies which promote > counterfeited products, illegal drugs , and other trash. > And against those immoral spammers looking for a quick buck. Rebbit My thoughts are that it doesn't matter if it was him personally or if the other spamkiddies are getting scared as long as it gives us less spam and more bandwidth. The negative publicity has to be good for us. After a few big convictions, who will want to buy the "Million Address" CDs knowing that it's a big pyramid scam and they can't make any money. Spam is like the Social Security program. Only the ones who started it get anything out of it. The rest get screwed. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Apr 9 16:31:57 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 15:35:13 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Sat, 09 Apr 2005 16:09:56 +0000, Larry J. scratched out the following: > Waiving the right to remain silent, "Possum Trot" > said: > >> http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/inde x.html >> >> Essentially same story on USATODAY.COM > > Sentence suspended, awaiting appeal. > > I don't think this bastage is ever going to see the inside of a jail cell. Not as long as a shyster is willing to take his case. And it's the shysters who run the country - everyone is afraid of them. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Sat Apr 9 22:45:05 2005 From: nobody at devnull.spamcop.net (Xris) Date: Sat Apr 9 16:50:35 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > She should use /very/ proper mailing list management from the very > Am I the only person for whom these words between slashes are unreadable? That /very/ (slash-very-slash) above looks like a mess of dots in Thunderbird. :( What's wrong with *asterisks* for emphasis? ;) From not at home.today Sat Apr 9 23:13:19 2005 From: not at home.today (Ant) Date: Sat Apr 9 17:15:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: "rebbit" wrote: > Reffering to Associated Press, Jeremy James, It's Jaynes. > a major spammer got arrested and sentanced for nine years in jail. He'll probably wriggle out of it. > Cause, or effect?: we haven't received a single spam today !!! Or just chance. I've noticed a decline in my spam over the last month, but it may be due to other reasons such as some ISPs getting a clue. > It is about time that legislation get implemented, worldwide. > Against those shaddy companies which promote counterfeited products, > illegal drugs , and other trash. Interesting that while they peddle fake prescription drugs, I've seen no attempt to push illegal ones. I reckon they'd be stopped pretty quick if they tried to offer things like heroin and cocaine! From MikeE at ster.invalid Sat Apr 9 15:18:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 17:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Xris wrote: > Mike Easter wrote: > >> She should use /very/ proper mailing list management from the very >> > Am I the only person for whom these words between slashes are > unreadable? Perhaps one of a few. > That /very/ (slash-very-slash) above looks like a mess of > dots in Thunderbird. :( Many newsreaders [not my default OE, but OE with QuoteFix with that feature enabled] have a 'standard' behavior for plaintext 'enhancements' in which slashed words are italicized, asterisked words are bolded, underline embraced words are underlined. > What's wrong with *asterisks* for emphasis? ;) Your Tbird is not compliant [neither is my default OE] with those popular or common or quasi-standard newsreader enhancements I described. We could 'argue' more effectively about how popular the 'feature' is or isn't in some newsgroup better represented by the newsreader knowledgeable such as news.software.readers. OE would simply show the words as slashed, asterisked, or underline bracketed, it wouldn't make a mess of dots out of it. I would say that is an non- or anti-feature of Tbird; I don't want to stigmatize something as popular as that with calling it a bug ;-) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 15:29:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 17:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Mike Easter wrote: > Xris wrote: >> That /very/ (slash-very-slash) above looks like a mess of >> dots in Thunderbird. :( > > Many newsreaders [not my default OE, but OE with QuoteFix with that > feature enabled] have a 'standard' behavior for plaintext > 'enhancements' in which slashed words are italicized, asterisked > words are bolded, underline embraced words are underlined. Found at the indicated msgid news:18SdnQN847wlQETcRVn-hw@comcast.com Date: Mon, 03 Jan 2005 16:05:16 -0800 From: Tim Merrigan Message-ID: <18SdnQN847wlQETcRVn-hw@comcast.com> > 4. How can I include special characters in my *text* post? My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning and end of a word as _underscore_, a slash at the beginning and end of a word or phrase as /italics/, and an asterisk at the beginning of a word or phrase as *bold*. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sat Apr 9 23:34:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 17:45:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39hc8$539$1@news.spamcop.net... > Mike Easter wrote: >> Xris wrote: >>> That /very/ (slash-very-slash) above looks like a mess of >>> dots in Thunderbird. :( >> >> Many newsreaders [not my default OE, but OE with QuoteFix with that >> feature enabled] have a 'standard' behavior for plaintext >> 'enhancements' in which slashed words are italicized, asterisked >> words are bolded, underline embraced words are underlined. > > Found at the indicated msgid news:18SdnQN847wlQETcRVn-hw@comcast.com > > > Date: Mon, 03 Jan 2005 16:05:16 -0800 > From: Tim Merrigan > Message-ID: <18SdnQN847wlQETcRVn-hw@comcast.com> > >> 4. How can I include special characters in my *text* post? > > My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning > and end of a word as _underscore_, a slash at the beginning and end of a > word or phrase as /italics/, and an asterisk at the beginning of a word > or phrase as *bold*. > > So, going back to the original question......... Perhaps the person who used /very/ *meant* it to be italicised, not bolded.......????? From MikeE at ster.invalid Sat Apr 9 16:05:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 18:05:21 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > "Mike Easter" >>> Xris wrote: >>>> That /very/ (slash-very-slash) above looks like a mess of >>>> dots in Thunderbird. :( >>> 'enhancements' in which slashed words are italicized, asterisked >>> words are bolded, underline embraced words are underlined. > So, going back to the original question......... Perhaps the person > who used /very/ *meant* it to be italicised, not bolded.......????? No, Xris was 'complaining' because it, the slashed word, turned into a mess of dots. But I don't know why hir Tbird is different than the Tim's Tbird. But, part of what I trimmed from the snippaged post was a different function > Using the underscore before and after text will generally be recognized as _italicizing_ the text. Using the "*" character before and after text will be seen as *bold*. All caps is SHOUTING. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 01:01:45 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 19:10:08 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39jgu$6di$1@news.spamcop.net... > Porpoise wrote: >> "Mike Easter" > >>>> Xris wrote: >>>>> That /very/ (slash-very-slash) above looks like a mess of >>>>> dots in Thunderbird. :( > >>>> 'enhancements' in which slashed words are italicized, asterisked >>>> words are bolded, underline embraced words are underlined. > >> So, going back to the original question......... Perhaps the person >> who used /very/ *meant* it to be italicised, not bolded.......????? > > No, Xris was 'complaining' because it, the slashed word, turned into a > mess of dots. > > But I don't know why hir Tbird is different than the Tim's Tbird. But, > part of what I trimmed from the snippaged post was a different function > > >> Using the underscore before and after text will generally be > recognized as _italicizing_ the text. Using the "*" character before > and after text will be seen as *bold*. All caps is SHOUTING. > > Admit it Mike! You really are trying to confuse me now, aren't you? ;-) I thought it was: _underscore_ = underlined /slash/ = italicised *asterisk* = bold AND...... I thought the original question was: "Why did he use /very/ instead of *very*?" From MikeE at ster.invalid Sat Apr 9 17:25:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 19:25:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > I thought it was: > > _underscore_ = underlined > /slash/ = italicised > *asterisk* = bold Correct, as far as we know; except that Xris sez something else about hir personal copy of Tbird. > AND...... I thought the original question was: > > "Why did he use /very/ instead of *very*?" No. Xris sez why did he use /..../ [slash with only dots, no very inside] instead of *very* ["because 'everyone' uses asterisks on their emphasized 'very', not slashes with dots inside" - imaginary quote of Xris.] -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 01:23:04 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 19:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39o61$8tc$1@news.spamcop.net... > Porpoise wrote: >> I thought it was: >> >> _underscore_ = underlined >> /slash/ = italicised >> *asterisk* = bold > > Correct, as far as we know; except that Xris sez something else about > hir personal copy of Tbird. > >> AND...... I thought the original question was: >> >> "Why did he use /very/ instead of *very*?" > > No. Xris sez why did he use /..../ [slash with only dots, no very > inside] instead of *very* ["because 'everyone' uses asterisks on their > emphasized 'very', not slashes with dots inside" - imaginary quote of > Xris.] > Yabbut...... He went on to say "What's wrong with *asterisks* for emphasis? ;)" to which my reply woz "maybe he *meant* to italicise not emphasise....... BTW....... Are we the only 2 nutters on this time of night on a Saturday? ;-) From johnl at spamcop.net Sun Apr 10 00:30:47 2005 From: johnl at spamcop.net (JohnL) Date: Sat Apr 9 19:35:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Porpoise" wrote in news:d39og4$92m$1 @news.spamcop.net: > BTW....... Are we the only 2 nutters on this time of night on a Saturday? > > ;-) But... But.... It's only late afternoon here. ;-) From nttp.sc.s at bigsleep.org Sun Apr 10 01:19:50 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 20:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Mike Easter entered spamcop and left news:d39o61$8tc$1@news.spamcop.net: >> _underscore_ = underlined >> /slash/ = italicised >> *asterisk* = bold > > Correct, as far as we know; except that Xris sez something else about > hir personal copy of Tbird. > I think it's likely that the font Xris is using does not display italics very well, at least at the current size. Sometimes italics do not display very well for me in Mozilla, depending on font/size. -- | Ric | From MikeE at ster.invalid Sat Apr 9 18:38:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 20:40:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Blammo wrote: > I think it's likely that the font Xris is using does not display > italics very well, at least at the current size. Sometimes italics do > not display very well for me in Mozilla, depending on font/size. Ah, so. That would solve the whole problem. How can a font be in such a mess? Is that some kind of anti-MS stance? That would be pretty silly to reject some serious quality work which MS has done with typography, whatever else it/they may have done wrong with OS/app bloat and insecurity and harmful abusive business practices. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 18:44:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 20:45:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: JohnL wrote: > "Porpoise" >> BTW....... Are we the only 2 nutters on this time of night on a >> Saturday? >> >> ;-) > > But... But.... It's only late afternoon here. ;-) Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of year- so it is seriously still daytime at my house. -- Mike Easter kibitzer, not SC admin From johnl at spamcop.net Sun Apr 10 01:51:47 2005 From: johnl at spamcop.net (JohnL) Date: Sat Apr 9 20:55:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in news:d39spo$bl0$1 @news.spamcop.net: > Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of > year- so it is seriously still daytime at my house. Sunset will be 8:23 PM today here. It may get cold in the winter, but when it's light, it stays light quite a bit. :) ( 6:51 PM MDT right now ) From nttp.sc.s at bigsleep.org Sun Apr 10 02:09:28 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 21:10:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Mike Easter entered spamcop and left news:d39se2$bcj$1@news.spamcop.net: > Blammo wrote: >> I think it's likely that the font Xris is using does not display >> italics very well, at least at the current size. Sometimes italics do >> not display very well for me in Mozilla, depending on font/size. > > Ah, so. That would solve the whole problem. How can a font be in such > a mess? > > Is that some kind of anti-MS stance? That would be pretty silly to > reject some serious quality work which MS has done with typography, > whatever else it/they may have done wrong with OS/app bloat and > insecurity and harmful abusive business practices. > Most likely the font does not exist, has nothing to do with MS. I have many fonts that have no italic version, or the default could be changed to a font that does not support italics. Many fonts are limited to a size range and so, if too large or small, may become unreadable. I believe that *NIX systems have a way of dealing this problem, if the necessary library is installed. But then I am no expert on font systems, I just know a bit about making web pages readable. -- | Ric From nttp.sc.s at bigsleep.org Sun Apr 10 02:28:19 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 21:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Blammo entered spamcop and left news:Xns9633B8C31F9F7blammo@216.154.195.61: > I have many fonts that have no italic version, or the default could be > changed to a font that does not support italics. Bad grammer, I meant to suggest that maybe Xris changed the font to something that does not support italics, which of course means it can be changed to something more readable. BTW, this is (one reason) why HTML eMail is a bad idea. -- | Ric From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 9 21:12:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 9 23:15:08 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: JohnL wrote: > "Mike Easter" wrote in news:d39spo$bl0$1 > @news.spamcop.net: > > >>Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of >>year- so it is seriously still daytime at my house. > > > Sunset will be 8:23 PM today here. > It may get cold in the winter, but when it's light, it stays light quite a > bit. :) > ( 6:51 PM MDT right now ) Just now getting dark here. There's other nutters around, just that some of us were enjoying the beautiful day outdoors. Getting the garden ready to plant. BTW, my TBird reads /very/ as italicized very well. Don't need no bold very much, thank you. From nobody at devnull.spamcop.net Sun Apr 10 01:28:29 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 00:30:06 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, folks!! If it's a bastardized text "reader", I mean, bastardized TEXT reader, then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ Pop's penny! -- Let someone else do it I'm retired! "Brian (SnSR)" wrote in message news:d3a5mp$fe8$1@news.spamcop.net... > JohnL wrote: >> "Mike Easter" wrote in news:d39spo$bl0$1 >> @news.spamcop.net: >> >> >>>Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of >>>year- so it is seriously still daytime at my house. >> >> >> Sunset will be 8:23 PM today here. >> It may get cold in the winter, but when it's light, it stays light quite >> a bit. :) >> ( 6:51 PM MDT right now ) > > Just now getting dark here. There's other nutters around, just that some > of us were enjoying the beautiful day outdoors. Getting the garden ready > to plant. > > BTW, my TBird reads /very/ as italicized very well. Don't need no bold > very much, thank you. From nttp.sc.s at bigsleep.org Sun Apr 10 06:05:49 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 01:10:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Pop entered spamcop and left news:d3aa16$hqr$1@news.spamcop.net: > Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a > /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! > If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, > folks!! > If it's a bastardized text "reader", I mean, bastardized TEXT > reader, > then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ > You've never heard of Rich Text, or Latex? (I may have misspelt Latex??) How about Emotes? ;-) [ramble]And then we could go on to text processors and word processors...[/ramble] -- | Ric From nobody at spamcop.net Sat Apr 9 23:48:24 2005 From: nobody at spamcop.net (Dar) Date: Sun Apr 10 01:50:05 2005 Subject: [SpamCop-List] sprintnetops.net > utelfla.com Message-ID: Anyone familiar with these domains? 65.40.60.144 (Administrator of network where email originates) abuse-quiet@sprintnetops.net abuse@utelfla.com sprintnettops.net appears to be a sprint off-shoot? utelfla.com appears to be garden variety spamhaus? utelfla.com = The page cannot be displayed Network Abuse: http://sprintnetops.net/abuse/links.php What's up with this?? Contact us by phone at 1-555-555-5555 from M-F 8am-5pm http://utelfla.com = This page cannot be displayed Spam headers in spamcop.spam Dar From source at netcom.com Sun Apr 10 00:44:27 2005 From: source at netcom.com (David Harmon) Date: Sun Apr 10 02:45:08 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: <4258ca8d.3213343@news.spamcop.net> On Sat, 9 Apr 2005 10:52:59 -0700 in spamcop, "Mike Easter" wrote: >EL fixed the problem with the deficient hostname in the 'by' field, but >it failed to repair the still missing semicolon. The algorithm is and >was logic-designed to recognize the old EL bozoticy [?] -- but not the >current, less bozotic condition; so now it can't find the timestamp, >whereas it could before. You stated it much better than I could. I despair of Earthlink fixing anything right. I hold some hope that Spamcop may make up for Earthlink's current bozoticy as it did once upon a time previously. From MikeE at ster.invalid Sun Apr 10 00:58:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:00:02 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Dar wrote: > Anyone familiar with these domains? > > 65.40.60.144 (Administrator of network where email originates) > abuse-quiet@sprintnetops.net > abuse@utelfla.com They are the abuse.net reg'd addies for a number of different Sprint domainnames and are domain registered to Sprint. > Spam headers in spamcop.spam Abbreviated Received lines *comment from (fl-65-40-60-144.sta.sprint-hsd.net [65.40.60.144]) by xxx.xxx.net *sourceline from NV19AS13 ([10.2.202.25]) by WMLV87.bodleian.excite.com *bogusline 65.40.60.144 rDNS fl-65-40-60-144.sta.sprint-hsd.net listed on multiple blocklists for being a trojanized spamtrap hitting spamsource whois -h whois.arin.net 65.40.60.144 ... OrgName: Sprint DSL Network NetRange: 65.40.0.0 - 65.41.255.255 TechEmail: support@sprint-hsd.net OrgTechEmail: ipsupport@sprintnetops.net If you examine all of the abuse.net reg'd addies for - the rDNS of the IP - the abuse.net for the tech domainname - the abuse.net for the orgtech domainname ... you get all the same thing: abuse@sprintnetops.net & abuse@utelfla.com Sprint's nameservers are utelfla, sprintnettops nameservers are utelfla, utelfla and sprintnettops are both reg'd to Sprint at alldomains registrar.. What's the problem? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 01:25:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:25:04 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Dar wrote: > sprintnettops.net appears to be a sprint off-shoot? sp sprintnetops.net DNS 64.45.201.2 .. whois -h whois.arin.net 64.45.201.2 ... Sprint-United Telephone of Florida 64.45.192.0 - 64.45.255.255 ANS Engineering Netcool 64.45.201.0 - 64.45.202.255 > utelfla.com appears to be garden variety spamhaus? No. DNS 209.26.88.20 not listed anywhere whois -h whois.arin.net 209.26.88.20 ... OrgName: Sprint-United Telephone of Florida NetRange: 209.26.0.0 - 209.26.255.255 > utelfla.com = The page cannot be displayed Page? Why would you look for a page? My GET sez it refers to sprint. > Network Abuse: > http://sprintnetops.net/abuse/links.php That page has some abuse links. > What's up with this?? > Contact us by phone at 1-555-555-5555 from M-F 8am-5pm I couldn't find that at the above link even after I degraded my security settings so I could see more. 'Contact us' didn't get me anything. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 01:41:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:40:03 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Mike Easter wrote: > Page? Why would you look for a page? Speaking of crawling around looking for pages, I went crawling around sprint pages and found a description of their huge 'campus' in KS. Very impressive http://www.sprint.com/sprint/fastfacts/campus/index.html 4 million SF of buildings on 200 acres with lotsa greenspace, 6000 trees. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 09:34:23 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 03:45:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39spo$bl0$1@news.spamcop.net... > JohnL wrote: >> "Porpoise" > >>> BTW....... Are we the only 2 nutters on this time of night on a >>> Saturday? >>> >>> ;-) >> >> But... But.... It's only late afternoon here. ;-) > > Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of > year- so it is seriously still daytime at my house. > Aahhhh! But! I've been to bed and it's next morning now................. From MikeE at ster.invalid Sun Apr 10 01:53:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:55:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > > Aahhhh! But! I've been to bed and it's next morning > now................. Yeah, well, I've been to bed and it's next morning now for me too, 12:50 AM Sunday, PDT, UTC -0700 And, I'm getting ready to go back to bed again. I'm big on naps. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 10:02:45 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 04:10:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d3alu1$nq8$1@news.spamcop.net... > Porpoise wrote: >> >> Aahhhh! But! I've been to bed and it's next morning >> now................. > > Yeah, well, I've been to bed and it's next morning now for me too, 12:50 > AM Sunday, PDT, UTC -0700 > > And, I'm getting ready to go back to bed again. I'm big on naps. > Hmmm..... Well,........ I'm getting ready to go outside and get some Tai Chi practice in........... From nobody at nowhere.invalid Sun Apr 10 12:44:35 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 05:45:24 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On Sun, 10 Apr 2005 00:53:14 -0700, Mike Easter coughed into spamcop and left this in : > Yeah, well, I've been to bed and it's next morning now for me too, 12:50 > AM Sunday, PDT, UTC -0700 You mean you get up in the middle of the night? 12.50 AM is 10 minutes to 1 AM! -- Steve "Thank you for calling the Incontinence hotline. Please hold." From nobody at nowhere.invalid Sun Apr 10 13:19:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 06:20:04 2005 Subject: [SpamCop-List] Reporting backscatter Message-ID: I thought that reporting backscatter was allowed now. Spam traps of mine are receiving notifications from Ol?ane (supposed to be the professional branch of Wanadoo.fr) in response to non-deliverables sent from Chinanet-HN. SC refuses to parse them so I can't even supply a tracker URL. All I can give is the response to my quick submission: Here are the results of your submission: error:Ignoring mail with content-type:multipart/report; report-type=delivery-status; boundary="....munged....." The process is simple. Chinanet-HN is sending spam to the Ol?ane MX machines with my spam trap address as the sender. Return-Path: Received: from bonivet.net ([218.77.43.136]) by relay1.clb.oleane.net with SMTP id j3A9*********91; Sun, 10 Apr 2005 11:40:18 +0200 Message-ID: Date: Sun, 10 Apr 2005 12:29:11 -0300 From: "Maricela" User-Agent: Mozilla/5.0 (Windows; U; Win95; en-GB; rv:0.9.4) Gecko/20011019 Netscape6/6.2 MIME-Version: 1.0 To: 4 addresses hosted by Ol?ane Subject: Not sure Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit { snip p|llz spam } Ol?ane is accepting the messages, and then generating a newmail kindly informing me that the mails weren't deliverable: X-ConnectingHost: 213.56.31.21 Return-Path: Received: from relay1.clb.oleane.net (relay1.clb.oleane.net [213.56.31.21]) by my_server (8.13.3/8.13.3) with ESMTP id j3A9********26 for ; Sun, 10 Apr 2005 11:40:31 +0200 Received: from localhost (localhost) by relay1.clb.oleane.net id j3A9********04; Sun, 10 Apr 2005 11:40:25 +0200 Date: Sun, 10 Apr 2005 11:40:25 +0200 From: Mail Delivery Subsystem Message-Id: <200504100940.j3A9ePEn003704@relay1.clb.oleane.net> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="j3A9ePEn003704.1113126025/relay1.clb.oleane.net" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) SpamCop isn't allowing me to report this as spam. -- Steve "Thank you for calling the Incontinence hotline. Please hold." From Ilgaz at spamcop.net Sun Apr 10 14:55:48 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:00:04 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Thanks, I can assure this thing has happened because communications lacked from Subsume side. I use their products, really respect them as a coder company but I can't speak about "how excellent they are to feedback they get" I hope you guessed my point, Thanks all Ilgaz Ocal In article , "Mike Easter" wrote: > Ilgaz Ocal wrote: (snip) > > > > So, what happened basically? > > I expect the reporter didn't pay attention to the rules, was admonished, > still didn't pay attention to the rules, and so had their account > jerked. > > The deputies are pretty easy going, but you have to play by the rules > whether you like them or not. The rules that must've gotten the > reporter busted have since been changed to include the very issues that > got hir busted. From nobody at spamcop.net Sun Apr 10 08:04:04 2005 From: nobody at spamcop.net (Ellen) Date: Sun Apr 10 07:10:04 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5hvdt.4j7.nobody@127.0.0.1... > I thought that reporting backscatter was allowed now. Spam traps of mine > are receiving notifications from Oléane (supposed to be the professional > branch of Wanadoo.fr) in response to non-deliverables sent from > Chinanet-HN. SC refuses to parse them so I can't even supply a tracker > URL. All I can give is the response to my quick submission: > > Here are the results of your submission: > error:Ignoring mail with content-type:multipart/report; report-type=delivery-status; boundary="....munged....." > Please send me this info with a complete copy of the headers and text -- deputies admin.spamcop.net Thanks Ellen From Ilgaz at spamcop.net Sun Apr 10 15:12:18 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:15:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: Now a "yahoo plus user" (I regret) it would be interesting to know that 6 filters exist from my old yahoo webmail days to block korean spam I get. I couldn't find a host/ip based way (of course!) and lived the hassle to write down korean charset codes, common characters spammers they use and even "!!!" which korean spammers can't live without. There are 2 ISP's here we speak about. Kornet and Hananet. Currently, I check my trash account weekly and I still see 3-4 spams are in based on newbie filters I created which actually passed Yahoo's gigabyte bayesian filter AND my very personal bayesian filter (plus feature, bla bla) I remember asking it years ago in this place so I better repeat. Is there a chance, slight chance that our reports are abused by those ISP's for verification? If its worth something, can share that funny filter which works with this newsgroup. Its like: Body contains "charset="ks_c_5601-1987" Body contains "ks_c_5601-1987" Body contains "charset="ISO-2022-KR"" Body contains "charset=KS_C_5601-1987" and believe or not, this actually worked Subject contains "!!!!" Also, can't paste here but you can be sure its likely a spam if you don't work in Wall Street and contains "1/4" symbol :) I guess you can understand my feelings about Korean IP space. ;) Also, can understand why I became paranoid about them. Have a nice day Ilgaz Ocal In article , nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > > > I receive about 10 spam mail a day, 6 of this come from kornet.net. > > I dont understand why kornet.net isn't everytime banned from spamcop? > > Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) From Ilgaz at spamcop.net Sun Apr 10 15:29:46 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:30:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: In article , "rebbit" wrote: > Reffering to Associated Press, Jeremy James, a major spammer got arrested > and sentanced for nine years in jail. > Cause, or effect?: we haven't received a single spam today !!! > It is about time that legislation get implemented, worldwide. > Against those shaddy companies which promote counterfeited products, illegal > drugs , and other trash. > And against those immoral spammers looking for a quick buck. > Rebbit I can only hope it will be a major story in major (non geek) news sites, newspapers so it will make the newbie spammerwannabe think just 5 seconds what he/she is getting into. >From my personal point of view, I can easily tell that some of spams we get are sent by people who doesn't know what "spam" is. Forget if they know its illegal etc. A lifeless, jobless computer genius wannabe comes to his/her company, hands a cd which actually looks like those commercial stuff from Adobe etc, with box for $100. We aren't speaking about unlabeled , unbranded CD-R here. Criminals know how to sell stuff via tricking people too. I actually stopped a poor company owner lecturing poor guy about what spam is and how he will be hated by 99% of his consumers. I still have the CD from him ($100) sitting next to my virus collection diskettes. Scanned with VirusBarrier/OS X (Mac), it includes a backdoor of course. I thought better to share that experience. Ilgaz Ocal ps: Of course, I got the sarcasm :) From nobody at nowhere.invalid Sun Apr 10 15:17:46 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 08:20:04 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Sun, 10 Apr 2005 07:04:04 -0400, Ellen coughed into spamcop and left this in : > Please send me this info with a complete copy of the headers and text -- > deputies admin.spamcop.net You have mail! TIA :) -- Steve "Thank you for calling the Incontinence hotline. Please hold." From devnull at spamcop.net Sun Apr 10 10:02:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Apr 10 09:05:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: "Ilgaz Ocal" | | > Reffering to Associated Press, Jeremy James, a major spammer got arrested | > and sentanced for nine years in jail. | > Cause, or effect?: we haven't received a single spam today !!! | > It is about time that legislation get implemented, worldwide. | > Against those shaddy companies which promote counterfeited products, illegal | > drugs , and other trash. | > And against those immoral spammers looking for a quick buck. | > Rebbit | | I can only hope it will be a major story in major (non geek) news sites, | newspapers so it will make the newbie spammerwannabe think just 5 | seconds what he/she is getting into. | C-span did one of the call in talk shows on this very issue. Most callers had no clue and though any jail time was unreasonable. One quoted 'It's not like their Enron screwing people of a lot of money' From nobody at devnull.spamcop.net Sun Apr 10 10:39:03 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 09:40:06 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Blammo" wrote in message news:Xns9633E0D4A3C9Ablammo@216.154.195.61... > On 09 Apr 2005 Pop entered spamcop and left > news:d3aa16$hqr$1@news.spamcop.net: > >> Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a >> /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! >> If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, >> folks!! >> If it's a bastardized text "reader", I mean, bastardized TEXT >> reader, >> then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ >> > > You've never heard of Rich Text, or Latex? > (I may have misspelt Latex??) > How about Emotes? > ;-) > [ramble]And then we could go on to text processors and word > processors...[/ramble] > > -- > | Ric I said, "text reader", not abri, or latex or kotex or anything else; if it ain't displaying the 7 bit character set, without extensions, it ain't a "text" reader. That's all. NBD, just that if I use a "text" reader, I expect to see a representation of the first 128 characters on my screen, not an interpretation of anything. Else it aint' a text reader. Dat's all. Pop From wb8tyw at qsl.network Sun Apr 10 11:00:37 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Apr 10 10:05:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: nospam wrote: > in article d34vu1$ppu$1@news.spamcop.net, John E. Malmberg at > wb8tyw@qsl.network wrote on 4/8/05 8:05 AM: > >>nospam wrote: >> >>>in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net >>>wrote on 4/8/05 2:59 AM: >>> >>> >>>>I receive about 10 spam mail a day, 6 of this come from kornet.net. >>>>I dont understand why kornet.net isn't everytime banned from spamcop? >>>>Vale >>> >>>I'd love to know how they stay off the top 50 list, because they are MY #1 >>>spammer, (at least 50% of my crap) and judging from remarks here a >>>significant spammer for a number of people in this NG (presumably reporters) > I don't think spamtraps are usually behind DNSBL's, so, my question still > stands. A spamtrap that is behind a DNSBL would be more useful at finding new spam sources than one that is wide open. Also, we do not know where the spamtraps are at. I could easily set up spamtraps on over a dozen networks that give out "free" e-mail accounts with out having to ask special permission, and that is with out even trying to find all the ones available. A spammer should assume that any e-mail addresses that they harvest from the wild wild web are a spamtraps. -John wb8tyw@qsl.network Personal Opinion Only From bar_n0ne at hotmail.com Sun Apr 10 19:31:05 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 10 10:35:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: "John E. Malmberg" wrote in message news:d3bbi6$34q$1@news.spamcop.net... >SNIP. > > A spammer should assume that any e-mail addresses that they harvest from > the wild wild web are a spamtraps. Well that's what my addies all are! From MikeE at ster.invalid Sun Apr 10 08:35:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 10:35:17 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> Yeah, well, I've been to bed and it's next morning now for me too, >> 12:50 AM Sunday, PDT, UTC -0700 > > You mean you get up in the middle of the night? 12.50 AM is 10 minutes > to 1 AM! Yes. My waking sleeping patterns are pretty random, more sleep/naps in the dark/night than daytime naps, tho'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 08:44:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 10:45:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Pop wrote: > if it ain't displaying the 7 bit character set, without extensions, > it ain't a "text" reader. That's all. NBD, just that if I use a > "text" reader, I expect to see a representation of the first 128 > characters on my screen, not an interpretation of anything. Else it > aint' a text reader. Dat's all. What I think happened was that the text based internet introduced a 'need' or desire for text based communications to take on some of the characteristics or 'emotions' and gestures of conversation. As a result, text based writers and readers started using text based 'symbols' to enhance their 'speech' and thus we got symbols for emoticons and symbols for italicizing and bolding and underlining and caps for shouting and all that jazz. Then, when it became sorta standardized, those otherwise text based readers started 'enhancing' their text displays with little 'things' like graphical emoticons, and italics, bold, and underlined fonts. Because the simplistic 'enhancements' we are talking about can be read either way, as ascii display or with the enhanced character, it didn't cause any trouble. Xris experienced a 'very' unusual 'glitch'. Hir Tbird tried to enhance and failed at it. If s/he is going to use that choice of fonts, perhaps s/he should disable the enhancement feature and simply see my slashveryslash as /very/ instead of 'very' unreadably badly italicized. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 09:05:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 11:05:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Steven Maesslein wrote: > I thought that reporting backscatter was allowed now. If I try to report a 'mockup' of the oleane server bounce/sending me that spam with a 'regular' [not quick] submit, SC offers to report the oleane server to oleane abuse for me. http://www.spamcop.net/sc?id=z750929460z401e3bfd6b13a9a344285a3d81268f5fz Received: from relay1.clb.oleane.net (relay1.clb.oleane.net [213.56.31.21]) Report Spam to: Re: 213.56.31.21 (Bounce) To: abuse@oleane.net (Notes) > SpamCop isn't allowing me to report this as spam. Naturally nothing is done about the spamheaders themselves, as that wouldn't be 'my' spam, just the belated newmail bounce is reportable. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 09:35:28 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 11:35:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Mike Easter wrote: > If I try to report a 'mockup' of the oleane server bounce/sending me > that spam with a 'regular' [not quick] submit, SC offers to report the > oleane server to oleane abuse for me. > > http://www.spamcop.net/sc?id=z750929460z401e3bfd6b13a9a344285a3d81268f5fz I concede that wasn't a very realistic mockup, because I didn't create any proper boundary structures and other newmail 'bounce' elements. It was just quick and dirty to see if it would fail because of the Content-Type: multipart/report; report-type=delivery-status; header content. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sun Apr 10 09:54:16 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sun Apr 10 11:55:12 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com In-Reply-To: References: Message-ID: Dar wrote: > Anyone familiar with these domains? > > 65.40.60.144 (Administrator of network where email originates) > abuse-quiet@sprintnetops.net > abuse@utelfla.com > > sprintnettops.net appears to be a sprint off-shoot? > utelfla.com appears to be garden variety spamhaus? > utelfla.com = The page cannot be displayed Actually, it's the other way around. "Way back when" (tm) - Sprint was United Telecom. http://www.answers.com/topic/sprint-2 From nobody at devnull.spamcop.net Sun Apr 10 12:54:00 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 10 12:55:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Ilgaz Ocal" wrote in message news:Ilgaz-7717A4.16481209042005@news.cesmail.net... > > On OS X, since my first OS X usage days, I have found Subsume ( > http://www.subsume.com/ ) for very interesting apps. > > Demoted section > http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem > oted > > So, what happened basically? You asked the same question over in the web Forum last month at http://forum.spamcop.net/forums/lofiversion/index.php/t3873.html You were invited to use the search tool to look up a few of the previous discussions about the SubSume status. Apparently, you chose not to do that. Here's a few discussion links, the massive one is first, but it contains a bit of history, old newsgroup threads, etc ..... http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html http://forum.spamcop.net/forums/lofiversion/index.php/t1767.html From nobody at nowhere.invalid Sun Apr 10 20:20:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 13:25:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Sun, 10 Apr 2005 08:05:13 -0700, Mike Easter coughed into spamcop and left this in : > Naturally nothing is done about the spamheaders themselves, as that > wouldn't be 'my' spam, just the belated newmail bounce is reportable. Had a brief e-mail exchange with Ellen about this. Apparently the quick-report doesn't parse the same way as a cut'n'paste into the spam submission form. -- Steve "Thank you for calling the Incontinence hotline. Please hold." From nttp.sc.s at bigsleep.org Sun Apr 10 18:58:11 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 14:00:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 10 Apr 2005 Pop entered spamcop and left news:d3ba9o$2gf$1@news.spamcop.net: > I said, "text reader", not abri, or latex or kotex or anything else; > if it ain't displaying the 7 bit character set, without extensions, it > ain't a "text" reader. That's all. NBD, just that if I use a "text" > reader, I expect to see a representation of the first 128 characters > on my screen, not an interpretation of anything. Else it aint' a text > reader. Dat's all. > Well that's what it's doing. We are simply using "hints" for local formatting (or not). I don't see why you claim it's not a "text reader". There is nothing new about this, for example messages here contain quote indents "> " which I have displayed in another color. Quoted quotes ">> " are displayed in yet another color. Sigs that start with "-- " are displayed in a different color as well. I don't like too many slashes and such, it can make it hard to read. And emote icons can sometimes appear where they shouldn't. Those are the querks. -- | Ric | From MikeE at ster.invalid Sun Apr 10 12:14:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 14:15:36 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Steven Maesslein wrote: > Had a brief e-mail exchange with Ellen about this. Apparently the > quick-report doesn't parse the same way as a cut'n'paste into the spam > submission form. At brief first consideration, I don't find that algorithmic logic 'logical'. The quick report focuses on the headers for source 'ignoring' the body. The issue of the interpretation of a header as being a bounce item doesn't strike me as something the algorithmic source namer would want to 'drop' because of its bounce-ness. OTOH -- with a bit more 'rumination' about the consequences.... There are a lot of 'numbers' involved with quick reporting. Maybe the sense of it is that while virus and its spawn reporting and bounce reporting and challenge reporting and OOO reporting is a good way to call attention to those abusive server behaviors, but the desirability of server listings and the fallout and the IB users who would be 'harmed' by the collateral damage of their servers getting listed might not be acceptable. I wish I knew what proportions of SC reports were spamtraps, quickreports, and 'regular' reports. Apparently/maybe spamtraps are being handled like regular reports re this bouncing business, but quickreports aren't. Or something. There are many secrets to the system which aren't spelled out around here. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 13:25:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 15:25:02 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: WazoO wrote: > Here's a few discussion links, the > massive one is first, but it contains a bit of history, old > newsgroup threads, etc ..... Everyone has their own opinions about what is easier to find and read about something than something else; for example I don't like the google groups beta much at all for most google groups work, so I continue to use the 'oldstyle' .uk version of google groups. Similarly, I find trying to find to read about some specific exchange in the forums maddening. The most useful thing I found in the forum so far was a link to the discussion in the newsgroups which is archived in pipermail http://news.spamcop.net/pipermail/spamcop-help/2002-October/014077.html [SC-Help] Since Jaguar Upgrade-SpamCop doesn't work. > http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm The 'name' of this link is "Thunderbird forward as attachment works @50%" which goes on for two pages and doesn't provide a way to link to the part of the thread which actually has anything to do with subsume. Maybe you think it is 'spoonfeeding' to be able to create a link which actually /works/ to get close to the target without having to use your eyeballs for reading for several minutes to find the issue being discussed; but in reality the forum archive/accumulation process has a number of flaws for dredging up old stuff that google plus pipermail archives doesn't have. Also, gmane is often a better way to find something, even tho' it has its own search problems. It would be better if any given forum post could have its own link or number or msgid so that it can be 'nailed' more accurately in a link. Once found, then the searcher could go up and down from the focal point, instead of having to start reading at the beginning of a long thread to 'work' their way to the target issue. > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html That one showed me the way to the pipermail jaguar discussion. But it was about a naming issue rather than a rule violation issue. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 22:10:34 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 16:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Pop" wrote in message news:d3ba9o$2gf$1@news.spamcop.net... >> >> You've never heard of Rich Text, or Latex? >> (I may have misspelt Latex??) >> How about Emotes? >> ;-) >> [ramble]And then we could go on to text processors and word >> processors...[/ramble] >> >> -- >> | Ric > > I said, "text reader", not abri, or latex or kotex or anything else; if it > ain't displaying the 7 bit character set, without extensions, it ain't a > "text" reader. That's all. NBD, just that if I use a "text" reader, I > expect to see a representation of the first 128 characters on my screen, > not an interpretation of anything. Else it aint' a text reader. Dat's > all. > Wouldn't be much use for all the other languages though, would it? Somewhat more than 128 characters are required for that. But, then, the world was once flat>>>> From nobody at nowhere.invalid Sun Apr 10 23:30:59 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 16:35:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On Sun, 10 Apr 2005 21:10:34 +0100, Porpoise coughed into spamcop and left this in : > Wouldn't be much use for all the other languages though, would it? Somewhat > more than 128 characters are required for that. But, then, the world was > once flat>>>> It's funny how some people think the whole world communicates with nothing but 7-bit us-ascii... Makes you wonder why so much effort is poured into i18n and l10n. -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From MOHCTP at spamcop.net Sun Apr 10 15:01:13 2005 From: MOHCTP at spamcop.net (MOHCTP) Date: Sun Apr 10 17:05:05 2005 Subject: [SpamCop-List] Spam counter reset Message-ID: My spam counter, the one you see on http://mailsc.spamcop.net/reportheld?action=heldlog/ was reset to one after reaching 72 odd thousand. Any explanation? Average reporting time wasn't reset and still shows the same garbage it showed for the last 50 thousand or so messages. No e-mail from Spamcop either, so I have no clue whatsoever about what happened or why... From nospam at dev.null Mon Apr 11 00:08:52 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 10 17:10:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: "eddie" wrote in message news:pan.2005.04.09.15.57.11.797000@eddie.web... > Since spammers have the learning curve of the common housefly, ... THAT'S INSULTING. Flies are my pet chameleon's favourite. As such they have 50% nuisance value, 50% nutitional value. Spammers have no use and are 100% liability. :-) From nobody at spamcop.net Sun Apr 10 23:57:22 2005 From: nobody at spamcop.net (Valerio) Date: Sun Apr 10 18:00:07 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: Ilgaz Ocal ha scritto: > There are 2 ISP's here we speak about. Kornet and Hananet. right that two: Kornet.net ---------- IPv4 Address : 211.48.62.0-211.48.62.255 IPv4 Address : 211.216.0.0 - 211.225.255.255 IPv4 Address : 211.220.64.0-211.220.64.255 IPv4 Address : 220.76.104.0-220.76.104.255 Hananet.net ----------- IPv4 Address : 211.202.13.0-211.202.13.255 inetnum: 211.200.0.0 - 211.205.255.255 In the past I use Eudora, and I setted some regex filter to ban the IPs range of spammer provider. Now I use Mozilla, and it have the bayesian filter that do an automatic content analisis and is better. But If I look inside my spam mailbox I got most from korner.net, hananet and chinanet. > Its like: > Body contains "charset="ks_c_5601-1987" > Body contains "ks_c_5601-1987" > Body contains "charset="ISO-2022-KR"" > Body contains "charset=KS_C_5601-1987" another strategy may be to filter every mail that is encoded with "base64". But something happened, from two day I do not received spam from kornet... more, I do not received spam completely. Whats happed? From click1510 at earthlink.net Sun Apr 10 16:08:43 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Sun Apr 10 18:10:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: > > http://s11.yousendit.com/ How are they paying for it? Somebody has to pay for connections, servers, etc. what is the business model and should we worry if we use that service? From 79ytka802 at sneakemail.com Mon Apr 11 00:31:52 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Apr 10 18:35:04 2005 Subject: [SpamCop-List] Reports going to spammer Message-ID: [Spam posted in .spam, with the same headers] Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de The problem is...: Mr Kerler appears to be the spammer! Had a suspicion that this might be the case, so did a bit of googling and found this: http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html I also found a newsgroup discussion, in German, where someone had done a manual LART to the upstream (Deutsche Telekom) and got a reply saying "not our problem". So - is there anything one can do? From nobody at nowhere.invalid Mon Apr 11 01:32:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 18:35:16 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Sun, 10 Apr 2005 22:57:22 +0100, Valerio coughed into spamcop and left this in : > But something happened, from two day I do not received spam from > kornet... more, I do not received spam completely. Whats happed? Probably need to give your mail server a good kick :) -- Steve A grammarian's life is always intense. From 79ytka802 at sneakemail.com Mon Apr 11 00:34:42 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Apr 10 18:35:23 2005 Subject: [SpamCop-List] Reports going to spammer Message-ID: [Spam posted in .spam, under the same heading] Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de The problem is...: Mr Kerler appears to be the spammer! Had a suspicion that this might be the case, so did a bit of googling and found this: http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html I also found a newsgroup discussion, in German, where someone had done a manual LART to the upstream (Deutsche Telekom) and got a reply saying "not our problem". So - is there anything one can do? From click1510 at earthlink.net Sun Apr 10 16:35:09 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Sun Apr 10 18:40:03 2005 Subject: [SpamCop-List] SBS 2003 as forward target to spamcop Message-ID: I'm looking at the possibility of setting up the Exchange server in M$ Small Business Server 2003 as a forwarding target for spamcop mailboxes, by restricting it to accept inbound connections only from spamcop servers. Does this seem reasonable? From devnull at spamcop.net Sun Apr 10 19:45:56 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Apr 10 18:50:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "CO-DBA-SC-EL" wrote in message news:d3c85o$ike$1@news.spamcop.net... | > > http://s11.yousendit.com/ | | How are they paying for it? Somebody has to pay for connections, servers, | etc. what is the business model and should we worry if we use that service? >From what I can see it's a small sample of what they can do. If you want/need the full service that's available for a fee. I personally don't have much need for even the limited service but have recommened the full service to other who are quite happy in this regard. From nobody at devnull.spamcop.net Sun Apr 10 20:31:20 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:35:27 2005 Subject: [SpamCop-List] Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > > Well that's what it's doing. We are simply using "hints" for local > formatting (or not). I don't see why you claim it's not a "text reader". > There is nothing new about this, for example messages here contain quote > indents "> " which I have displayed in another color. Quoted quotes ">> " > are displayed in yet another color. Sigs that start with "-- " are > displayed in a different color as well. > > I don't like too many slashes and such, it can make it hard to read. And > emote icons can sometimes appear where they shouldn't. Those are the > querks. Wellll, I suppose it only matters from a perspective viewpoint. "Text" is generally described as ASCII code characters from xx(not sure where it starts, just after all the machine controls) to 127, and contained in the 7-bit media. There are no color commands or character replacement commands etc. in the entire 128 characters of the set. If you're seeing color from your reader, yadda yadda yadda, you know the drill I'm sure; it's not displaying a true rendering of what was sent. Emoticons should display as the text emoticons, not interpreted representations of their meaning and so on, IFF it's a legit text reader. The reader is indeed "reading" text, but it is not "displaying" the text that it "reads" and thus, to this miscreant's way of thinking, is no longer a legitimate "text" reader, but an interpretive reader of text. I guess, having come from the days of the 8080, machine language and CP/M I find it hard to take the MS approach of "softening" the definition of everything. I LIKE OEQuotefix, though I'm not useing it at this moment, but in my opinion, it modifies OE so that it's no longer reading "plain text" because it "reads" an emoticon as a symbol which doesn't exist in the character set for text. In other words, it interprets it. Or rather, it interprets it as the code writer interpreted it. Now, whatever the atche eee double-hockey-sticks that has to do with checking if a friend is blacklisted totally escapes me, so I guess I'll fess up and add an "OT" to the title. Hmm, wonder if "OT" shouldn't be a symbol of some sort? Maybe a down arrow or a circle maybe? And this just occurred to me. Most people will accuse a person of shouting if he should use CAPITALS here and there for emphasis - but it's not shouting at all when it's used for emphasis. It's merely emphasizing a word. Perhaps WRITING IN ALL CAPS FOR LONG PERIODS COULD BE CONSIDERED SHOUTING, but that's no worse than writing in all lower case. I guess all lower case then would be a whisper, eh? I wonder what the emoticon would be for that? I'd like to meet this guy Emote; he must be a real character. And speaking of characters ... (a loud, shouted grin) . LOL! No, actually that was a lol; sort of whispered to msyelf. Pop's popper's popped, Pop From nobody at devnull.spamcop.net Sun Apr 10 20:32:39 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:35:51 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: -- Let someone else do it I'm retired! "Porpoise" wrote in message news:d3c1jb$f46$1@news.spamcop.net... > > "Pop" wrote in message > news:d3ba9o$2gf$1@news.spamcop.net... >>> >>> You've never heard of Rich Text, or Latex? >>> (I may have misspelt Latex??) >>> How about Emotes? >>> ;-) >>> [ramble]And then we could go on to text processors and word >>> processors...[/ramble] >>> >>> -- >>> | Ric >> >> I said, "text reader", not abri, or latex or kotex or anything else; if >> it ain't displaying the 7 bit character set, without extensions, it ain't >> a "text" reader. That's all. NBD, just that if I use a "text" reader, I >> expect to see a representation of the first 128 characters on my screen, >> not an interpretation of anything. Else it aint' a text reader. Dat's >> all. >> > > Wouldn't be much use for all the other languages though, would it? > Somewhat more than 128 characters are required for that. But, then, the > world was once flat>>>> > What chew mean, WAS? The world is just as flat today as it ever was! An d THAT's a truism! Pop From nobody at devnull.spamcop.net Sun Apr 10 20:36:23 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:40:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5j383.269.nobody@127.0.0.1... > On Sun, 10 Apr 2005 21:10:34 +0100, Porpoise coughed into spamcop and > left this in : > >> Wouldn't be much use for all the other languages though, would it? >> Somewhat >> more than 128 characters are required for that. But, then, the world was >> once flat>>>> > > It's funny how some people think the whole world communicates with > nothing but 7-bit us-ascii... Makes you wonder why so much effort is > poured into i18n and l10n. ===> Aaaarrrggghhhh, there's one of them in every crowd! Git! Git away! (holds up cross) aaaarrrrrrrggggghhhh > > -- > Steve > > "I don't understand that attitude. Don't we want email that has dancing > bears, cute little videos, musical tunes, animated waving hands, sixty > fonts, and looks like it's been done with crayolas? Good grief, man, > think like a three year old!" > -- Norm Reitzel discussing HTML email I do! I do, honest I do! Trust me! Trust me, I do! Oops! From zypher at spamcop.net Sun Apr 10 20:00:28 2005 From: zypher at spamcop.net (Ron B.) Date: Sun Apr 10 20:05:03 2005 Subject: [SpamCop-List] Survey: People More Accepting Of Spam Message-ID: http://www.theiowachannel.com/technology/4365058/detail.html Reactions? From porpoise1954 at yahoo.co.uk Mon Apr 11 01:59:24 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:10:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "CO-DBA-SC-EL" wrote in message news:d3c85o$ike$1@news.spamcop.net... >> > http://s11.yousendit.com/ > > How are they paying for it? Somebody has to pay for connections, servers, > etc. what is the business model and should we worry if we use that > service? > > Advertising? email harvesting? data mining? Who knows? Mind you, a 1Gb file size isn't much use, most normal email accounts manage that anyway. It certainly wouldn't be any good for the multi-Gb files I regularly send to the print bureau/photo lab. And *forget* video files! From MikeE at ster.invalid Sun Apr 10 18:15:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 20:15:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: Pop wrote: > Emoticons should display as the text emoticons, not > interpreted representations of their meaning and so on, > I LIKE > OEQuotefix, though I'm not useing it at this moment, but in my > opinion, it modifies OE so that it's no longer reading "plain text" > because it "reads" an emoticon as a symbol which doesn't exist in the > character set for text. My personal choice is to configure OE-QF to not make graphics out of the text emoticons or to color the citations, but I do let it change the fonts to italic, bold, or underline. So, I'm pretty textish; except that/ and/but I use a proportional font for reading instead of a monospaced one. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 18:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 20:25:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: Ron B. wrote: > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? Don't believe any survey unless you designed it and conducted it yourself and get to see all of the raw data, not the '62% now 53%' regurgitation of whatever it was they did and interpreted. Personally, I think a lot less people are letting their eyeballs fall on the interior of spams, and when they do they are perceiving the content much less receptively than ever before. Exactly 36% less by my precise survey. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Apr 11 02:17:21 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:25:13 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Pop" wrote in message news:d3cd2n$l8i$1@news.spamcop.net... > > > -- > Let someone else do it > I'm retired! > "Porpoise" wrote in message > news:d3c1jb$f46$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3ba9o$2gf$1@news.spamcop.net... >>>> >>>> You've never heard of Rich Text, or Latex? >>>> (I may have misspelt Latex??) >>>> How about Emotes? >>>> ;-) >>>> [ramble]And then we could go on to text processors and word >>>> processors...[/ramble] >>>> >>>> -- >>>> | Ric >>> >>> I said, "text reader", not abri, or latex or kotex or anything else; if >>> it ain't displaying the 7 bit character set, without extensions, it >>> ain't a "text" reader. That's all. NBD, just that if I use a "text" >>> reader, I expect to see a representation of the first 128 characters on >>> my screen, not an interpretation of anything. Else it aint' a text >>> reader. Dat's all. >>> >> >> Wouldn't be much use for all the other languages though, would it? >> Somewhat more than 128 characters are required for that. But, then, the >> world was once flat>>>> >> > What chew mean, WAS? The world is just as flat today as it ever was! An > d THAT's a truism! > áµè¶éҤسÁտ͹·ìä·Â ¤Ø³¤§¨ÐÍèÒ¹¤Ó¹Õéä´é Taethakhunmeefontthai khunkhongjaahnkhamneedai If you have Thai fonts, you can probably read these words. Even other European languages (other than English) require more than the standard 128 - for accents and characters which are not Roman alphabet. From porpoise1954 at yahoo.co.uk Mon Apr 11 02:21:01 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:30:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Ron B." wrote in message news:d3cems$m63$1@news.spamcop.net... > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? 1st reaction? BULLSHIT! If anything, people are getting more and more pissed off with spam every day! From porpoise1954 at yahoo.co.uk Mon Apr 11 02:23:17 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:30:15 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d3cfgj$mqu$1@news.spamcop.net... > Pop wrote: >> Emoticons should display as the text emoticons, not >> interpreted representations of their meaning and so on, > >> I LIKE >> OEQuotefix, though I'm not useing it at this moment, but in my >> opinion, it modifies OE so that it's no longer reading "plain text" >> because it "reads" an emoticon as a symbol which doesn't exist in the >> character set for text. > > My personal choice is to configure OE-QF to not make graphics out of the > text emoticons or to color the citations, but I do let it change the > fonts to italic, bold, or underline. So, I'm pretty textish; except > that/ and/but I use a proportional font for reading instead of a > monospaced one. > Oh, do me a favour! There aren't actually still dinosaurs out there using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? From nttp.sc.s at bigsleep.org Mon Apr 11 02:10:58 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:15:03 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On 10 Apr 2005 Pop entered spamcop and left news:d3cd08$l88$1@news.spamcop.net: > ... >> >> Well that's what it's doing. We are simply using "hints" for local >> formatting (or not). I don't see why you claim it's not a "text >> reader". There is nothing new about this, for example messages here >> contain quote indents "> " which I have displayed in another color. >> Quoted quotes ">> " are displayed in yet another color. Sigs that >> start with "-- " are displayed in a different color as well. >> >> I don't like too many slashes and such, it can make it hard to read. >> And emote icons can sometimes appear where they shouldn't. Those are >> the querks. > > Wellll, I suppose it only matters from a perspective viewpoint. > "Text" is generally described as ASCII code characters from xx(not > sure where it starts, just after all the machine controls) to 127, and > contained in the 7-bit media. There are no color commands or > character replacement commands etc. in the entire 128 characters of > the set. If you're seeing color from your reader, yadda yadda yadda, > you know the drill I'm sure; it's not displaying a true rendering of > what was sent. Emoticons should display as the text emoticons, not > interpreted representations of their meaning and so on, IFF it's a > legit text reader. > The reader is indeed "reading" text, but it is not "displaying" > the text > that it "reads" and thus, to this miscreant's way of thinking, is no > longer a legitimate "text" reader, but an interpretive reader of text. I get what you are saying, but that depends on if the reader if displaying everything or not, if it doesn't display /slashes/ then you are correct. Like HTML which does not display in the text. But here I'm using XNews, which does display everything (even HTML code). How I choose how to view what I get doesn't effect the fact that it is a text reader. > I guess, having come from the days of the 8080, machine language and > CP/M I find it hard to take the MS approach of "softening" the > definition of everything. I LIKE OEQuotefix, though I'm not useing it > at this moment, but in my opinion, it modifies OE so that it's no > longer reading "plain text" because it "reads" an emoticon as a symbol > which doesn't exist in the character set for text. In other words, it > interprets it. Or rather, it interprets it as the code writer > interpreted it. I agree, that's why I like the idea of rich text, where you define formats in the top of the message, something like this... :emotes: /italics/ *bold* _underline_ So, for example, if :emotes: isn't defined, they won't be displayed. Handy for when you send code that could get converted to something else. Or you could just turn that feature off. Then there are message boards that "smartlink" everything with a "@" in it, but I won't go there now. > Now, whatever the atche eee double-hockey-sticks that has to do > with > checking if a friend is blacklisted totally escapes me, so I guess > I'll fess up and add an "OT" to the title. Hmm, wonder if "OT" > shouldn't be a symbol of some sort? Maybe a down arrow or a circle > maybe? Wouldn't that be OT oh, that would be HTML, egads this is OT. -- | Ric | From nttp.sc.s at bigsleep.org Mon Apr 11 02:20:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:25:05 2005 Subject: [SpamCop-List] bluemountain forgery Message-ID: I hope people aren't too stupid to fall for this one, spam message attempts to look like a bluemountain eCard. Subject:user, You've received a postcard! http://www.bluemountain.com/ view.pd?i=975183635&m=2438&rr=y&source=bma859 - I only read it because I thought it actaully might be from bluemountain, it doesn't link to bluemountain, and I have no interest in going there. -- | Ric | From eddie at eddie.web Sun Apr 10 22:21:48 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:25:31 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? Without seeing the questions it is impossible for the results to mean anything of value. A more detailed set of results is available at http://www.pewinternet.org/PPF/r/103/press_release.asp and the quoted "results" are simply some Deborah Fallows interpretation of the poll. Note the phrase, "We see ... a little less distress ..." She is weaselly enough to say "we see" rather than "there is." So the results are subjective, not objective, by the interpreter herself. Does Pew have a bias or agenda? I know they sponsor PBS and NPR. What about Deborah Fallows? Is she biased? Does it show? In general I consider polls meaningless since they are totally dependent on the question. And there are "push polls" in which the question is preceded by a long statement designed to evoke the "proper" response. Other polls keep asking slightly different questions until they get the response they want. Remember, someone is usually paying for these polls. Maybe, in this case a spam consortium sponsored the poll???? -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sun Apr 10 22:24:41 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:25:37 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Sun, 10 Apr 2005 23:08:52 +0200, Anty Spam scratched out the following: > > "eddie" wrote in message > news:pan.2005.04.09.15.57.11.797000@eddie.web... > >> Since spammers have the learning curve of the common housefly, ... > > THAT'S INSULTING. > > Flies are my pet chameleon's favourite. As such they have 50% nuisance > value, 50% nutitional value. > Spammers have no use and are 100% liability. > > :-) Yeah, but if the chameleon misses a fly, the fly simply comes back to let the chameleon have another shot at it, just like a spammer. And dead spammers have a small amount of fertilizer value, after they are detoxed. :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sun Apr 10 22:25:38 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:30:07 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Fri, 08 Apr 2005 06:52:32 +0400, nospam scratched out the following: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >> I receive about 10 spam mail a day, 6 of this come from kornet.net. I >> dont understand why kornet.net isn't everytime banned from spamcop? Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably > reporters) I see some kind of teamwork between the chinese URLs and the Korean spammers. I think they actually work together - it's not random -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Sun Apr 10 21:30:23 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 10 21:35:02 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Mike Easter" wrote in message news:d3bug3$de1$1@news.spamcop.net... > > Maybe you think it is 'spoonfeeding' to be able to create a link which > actually /works/ to get close to the target without having to use your > eyeballs for reading for several minutes to find the issue being > discussed; but in reality the forum archive/accumulation process has a > number of flaws for dredging up old stuff that google plus pipermail > archives doesn't have. Also, gmane is often a better way to find > something, even tho' it has its own search problems. Actually, my 'search' did take me to specific links/posts, but in deference to a few other folks here, I then went to the lo-fi version of the page display to get around the gripes about having to hit a web-page thing with colors and such. > It would be better if any given forum post could have its own link or > number or msgid so that it can be 'nailed' more accurately in a link. > Once found, then the searcher could go up and down from the focal point, > instead of having to start reading at the beginning of a long thread to > 'work' their way to the target issue. > > > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html > > That one showed me the way to the pipermail jaguar discussion. But it > was about a naming issue rather than a rule violation issue. As I recall, that was just one of the old newsgroup threads I had pulled up to demonstrate that there was dialog with the Subsume developer, and not all of it was good. For example, the post you pull this link from has a Topic/message ID of; http://forum.spamcop.net/forums/index.php?showtopic=3757&view=findpost&p=25347 There was a bit of dialog from Don about the "situation" but I gave up looking for it. If you go to the www.spamcop.net page, hit Help, and do a search .... one of the things worked out/fixed/added back when Courtney was working on the FAQ contents, was the expansion of the Google search targets to include the web-Forum. (I actually wrote my own script/HTML for a desktop shortcut to handle multiple search scenarios, but YMMV) I'm sure you're aware of the limits of finding specific data that way, based on the limited content displayed in those results .. coupled with the many data returns .... and in the above case, trying to guess at the keywords to pull up Don's specific response is a definite guessing game. From nttp.sc.s at bigsleep.org Mon Apr 11 02:39:28 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:40:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 10 Apr 2005 Mike Easter entered spamcop and left news:d3bqas$bdp$1@news.spamcop.net: > At brief first consideration, I don't find that algorithmic logic > 'logical'. > > The quick report focuses on the headers for source 'ignoring' the body. > > The issue of the interpretation of a header as being a bounce item > doesn't strike me as something the algorithmic source namer would want > to 'drop' because of its bounce-ness. > > > OTOH -- with a bit more 'rumination' about the consequences.... > > There are a lot of 'numbers' involved with quick reporting. Maybe the > sense of it is that while virus and its spawn reporting and bounce > reporting and challenge reporting and OOO reporting is a good way to > call attention to those abusive server behaviors, but the desirability > of server listings and the fallout and the IB users who would be > 'harmed' by the collateral damage of their servers getting listed might > not be acceptable. > I really don't like the idea of reportable bounces. For one, it does nothing about the real source of the spam (ignoring the case of fake bounces), so it seems to me to be more annoying than useful. Second, all mail servers relay and bounce, that's the way the mail system is designed to work. So that really limits the credibility of the common reporter, who would be just as likely to report any type of bounce as spam, not just nouser and virus/spam notify bounces. Thirdly I don't see where Spamcop educates anyone on what a bad bounce (backscatter) really looks like. -- | Ric | From nobody at devnull.spamcop.net Mon Apr 11 12:18:28 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Apr 10 22:20:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer In-Reply-To: References: Message-ID: eddie wrote: > ... > > As I noted in another post, the overall level of my personal spam has > dropped over the last month or so, ... I also made the same observation in my Inbox: spam down to about 10%-20% of last year's level. Howver, looking at the SpamCop statistics, I don't see any indication of a general downwards trend. From nttp.sc.s at bigsleep.org Mon Apr 11 03:32:37 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 22:35:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 10 Apr 2005 eddie entered spamcop and left news:pan.2005.04.11.01.21.47.671000@eddie.web: > In general I consider polls meaningless since they are totally dependent > on the question. Statistical analysis is by nature, flawed, even without intentional bias. One good example is the second hand smoke study reported by the EPA... http://www.davehitt.com/facts/epid.html That site pretty much says it all, and shows what to look for in faulty stastics. -- | Ric | From nobody at devnull.spamcop.net Sun Apr 10 22:59:56 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 10 23:00:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > Your Tbird is not compliant [neither is my default OE] with those > popular or common or quasi-standard newsreader enhancements I described. > We could 'argue' more effectively about how popular the 'feature' is or > isn't in some newsgroup better represented by the newsreader > knowledgeable such as news.software.readers. I use Thunderbird, and it showed up properly for me. Maybe it's because Xris has an older version than mine. From nobody at devnull.spamcop.net Sun Apr 10 23:01:02 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 10 23:05:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning > and end of a word as _underscore_, a slash at the beginning and end of a > word or phrase as /italics/, and an asterisk at the beginning of a word > or phrase as *bold*. > Yeah, that's how mine shows in Thunderbird. From nobody at spamcop.net Mon Apr 11 01:04:23 2005 From: nobody at spamcop.net (RandallW) Date: Mon Apr 11 03:05:16 2005 Subject: [SpamCop-List] acetechusa Message-ID: Anyone receiving pump-and-dump spam sent through Acetechusa mail? I have a mind to make a phone call to complain, but i'm just so damn busy. From porpoise1954 at yahoo.co.uk Mon Apr 11 10:18:00 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 04:25:07 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Blammo" wrote in message news:Xns9634C6DECD80Eblammo@216.154.195.61... > On 10 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.11.01.21.47.671000@eddie.web: > >> In general I consider polls meaningless since they are totally dependent >> on the question. > > Statistical analysis is by nature, flawed, even without intentional bias. > One good example is the second hand smoke study reported by the EPA... > http://www.davehitt.com/facts/epid.html > Duff link?? From nobody at nowhere.invalid Mon Apr 11 11:39:24 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:40:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and left this in : > Oh, do me a favour! There aren't actually still dinosaurs out there > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? This dinosaur is using a console-based newsreader (slrn) and is pleased to be able to: 1) Read tables when they're sent in ASCII without a proportional font screwing them up. 2) ssh into my machine from anywhere in the world and fire up the newsreader with the same settings, killfile, spool etc. regardless of where I am geographically. -- Steve Always the dullness of the fool is the whetstone of the wits. -- William Shakespeare, "As You Like It" From nobody at nowhere.invalid Mon Apr 11 11:42:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:46:08 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On Sun, 10 Apr 2005 17:22:53 -0700, Mike Easter coughed into spamcop and left this in : > Don't believe any survey unless you designed it and conducted it > yourself and get to see all of the raw data, not the '62% now 53%' > regurgitation of whatever it was they did and interpreted. It's well known that 72% of statistics are bullshit :) -- Steve Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes. From nobody at nowhere.invalid Mon Apr 11 11:47:44 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:50:20 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Mon, 11 Apr 2005 01:39:28 +0000 (UTC), Blammo coughed into spamcop and left this in : > Second, all mail servers relay and bounce, that's the way the mail system > is designed to work. Not when they can reject. In this instance, the oleane.com server *ACCEPTED* the mail from the Chinese IP# even though it was addressed to non-existent users, and subsequently mailed *me* a DSN because my e-mail address was forged into the spam. That is *not* how the e-mail system is supposed to work. Had the oleane.com server been configured correctly it would have replied "550 no such user" to the Chinese machine and that would have been the end of it. -- Steve Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes. From bar_n0ne at hotmail.com Mon Apr 11 13:56:21 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 11 05:01:21 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5kdts.3ad.nobody@127.0.0.1... > On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and > left this in : > > > Oh, do me a favour! There aren't actually still dinosaurs out there > > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? > > This dinosaur is using a console-based newsreader (slrn) and is pleased > to be able to: > > 1) Read tables when they're sent in ASCII without a proportional font > screwing them up. > > 2) ssh into my machine from anywhere in the world and fire up the > newsreader with the same settings, killfile, spool etc. regardless of > where I am geographically. Hear Hear!! From nobody at devnull.spamcop.net Mon Apr 11 08:57:46 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 11 08:00:05 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > fonts to italic, bold, or underline. So, I'm pretty textish; except > that/ and/but I use a proportional font for reading instead of a > monospaced one. > > > -- > Mike Easter > kibitzer, not SC admin > Sooo, that makes you a /textish/ kibitzer, right? ;-] From dfm2a3l0t2 at spymac.com Mon Apr 11 10:09:17 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Apr 11 09:10:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: In article , eddie wrote: > On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > > > http://www.theiowachannel.com/technology/4365058/detail.html > > > > Reactions? > > Without seeing the questions it is impossible for the results to mean > anything of value. That's an overstatement. Do you have any reason to question the methodology? If so, present it. If not, you're just throwing shit against the wall and hoping some of it sticks. > A more detailed set of results is available at > http://www.pewinternet.org/PPF/r/103/press_release.asp > and the quoted "results" are simply some Deborah Fallows interpretation of > the poll. Since she's a senior research fellow at the organization that took the poll, her interpretation of the results would have more weight then, say, yours. > Note the phrase, "We see ... a little less distress ..." She is > weaselly enough to say "we see" rather than "there is." So the results are > subjective, not objective, by the interpreter herself. It's neither weaselly nor subjective. She _did_ see those things, right there in the results of the poll. > Does Pew have a bias or agenda? I know they sponsor PBS and NPR. So? Their underwriting of public broadcasting is totally irrelevant to this poll. > What about Deborah Fallows? Is she biased? Does it show? Throwing more shit. > In general I consider polls meaningless since they are totally dependent > on the question. And there are "push polls" in which the question is > preceded by a long statement designed to evoke the "proper" response. > Other polls keep asking slightly different questions until they get the > response they want. And you have no evidence that any of this was done with this poll. > Remember, someone is usually paying for these polls. > Maybe, in this case a spam consortium sponsored the poll???? You didn't read your own cite, which concluded with the following: "The Pew Internet & American Life Project is a non-profit initiative of the Pew Research Center and is funded by the Pew Charitable Trusts to examine the social impact of the internet." If you don't agree with the findings of the poll, that's one thing. But you're letting your animosity towards spam lead to making outrageous and unsupportable claims. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From porpoise1954 at yahoo.co.uk Mon Apr 11 15:19:26 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 09:30:07 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5kdts.3ad.nobody@127.0.0.1... > On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and > left this in : > >> Oh, do me a favour! There aren't actually still dinosaurs out there >> using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? > > This dinosaur is using a console-based newsreader (slrn) and is pleased > to be able to: > > 1) Read tables when they're sent in ASCII without a proportional font > screwing them up. I prefer using a spreadsheet for tables (or HTML) or PDF. I tend to use email for quick communication. For "proper" documents, I use the relevant programme, and if I need to send that data to someone, I'll either send them the original file (if they need to be able to edit it), or a PDF file. > > 2) ssh into my machine from anywhere in the world and fire up the > newsreader with the same settings, killfile, spool etc. regardless of > where I am geographically. > Ah well, there you go then, different course - different horse......... When you use a laptop on the move, all your settings are always there anyway. Not many people in the real world use consoles.......... From porpoise1954 at yahoo.co.uk Mon Apr 11 15:20:09 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 09:30:40 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Berny" wrote in message news:d3de3o$738$1@news.spamcop.net... > > "Steven Maesslein" wrote in message > news:slrnd5kdts.3ad.nobody@127.0.0.1... >> On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and >> left this in : >> >> > Oh, do me a favour! There aren't actually still dinosaurs out there >> > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? >> >> This dinosaur is using a console-based newsreader (slrn) and is pleased >> to be able to: >> >> 1) Read tables when they're sent in ASCII without a proportional font >> screwing them up. >> >> 2) ssh into my machine from anywhere in the world and fire up the >> newsreader with the same settings, killfile, spool etc. regardless of >> where I am geographically. > > Hear Hear!! > Don't you mean Har har! ;-) From nttp.sc.s at bigsleep.org Mon Apr 11 14:36:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 09:40:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 11 Apr 2005 Steven Maesslein entered spamcop and left news:slrnd5kedg.3ad.nobody@127.0.0.1: > On Mon, 11 Apr 2005 01:39:28 +0000 (UTC), Blammo coughed into spamcop > and left this in : > >> Second, all mail servers relay and bounce, that's the way the mail >> system is designed to work. > > Not when they can reject. > "can" being the operative word there. > In this instance, the oleane.com server *ACCEPTED* the mail from the > Chinese IP# even though it was addressed to non-existent users, and > subsequently mailed *me* a DSN because my e-mail address was forged > into the spam. That is *not* how the e-mail system is supposed to > work. > NO, people aren't supposed to forge your address, if noone forged addresses it wouldn't be an issue. So the issue isn't the bounce, but the forged address. > Had the oleane.com server been configured correctly it would have > replied "550 no such user" to the Chinese machine and that would have > been the end of it. > You are correct, I wasn't arguing your particular case. However you are trying to report what you consider a "incorrectly configured" server, not a spam source. You may be able to make an educated judgement on what an "incorrectly configured" server is, but certainly most people can't. Anytime I get bounces like this I do something about it, nouser and virus bounces, I even got a bounce from an abuse address that bounced because there was a "blocked URL" in the message (no, I didn't report that bounce as spam). I can now use Spamcop for this, however the only advantage would be that I can do so anonymously. Unless I'm getting a large number from the same server, I don't see much use in it. -- | Ric From bar_n0ne at hotmail.com Mon Apr 11 18:37:35 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 11 09:40:13 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: Whoa!!! cool down!! "D.F. Manno" wrote in message news:dfm2a3l0t2-9A7843.09091711042005@news.cesmail.net... > In article , > eddie wrote: > > > On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > > > > > http://www.theiowachannel.com/technology/4365058/detail.html > > > > > > Reactions? > > > > Without seeing the questions it is impossible for the results to mean > > anything of value. > > That's an overstatement. Do you have any reason to question the > methodology? If so, present it. If not, you're just throwing shit > against the wall and hoping some of it sticks. Read what the OP says, it's true, without knowing what was asked and how, how can one asses? > > A more detailed set of results is available at > > http://www.pewinternet.org/PPF/r/103/press_release.asp > > and the quoted "results" are simply some Deborah Fallows interpretation of > > the poll. > > Since she's a senior research fellow at the organization that took the > poll, her interpretation of the results would have more weight then, > say, yours. Probably true, but so what, the OP is not actually commenting on the validity of the results. Just on what _could_ be problems with the results. > > Note the phrase, "We see ... a little less distress ..." She is > > weaselly enough to say "we see" rather than "there is." So the results are > > subjective, not objective, by the interpreter herself. > > It's neither weaselly nor subjective. She _did_ see those things, right > there in the results of the poll. OK > > Does Pew have a bias or agenda? I know they sponsor PBS and NPR. > > So? Their underwriting of public broadcasting is totally irrelevant to > this poll. But how do WE know that? > > What about Deborah Fallows? Is she biased? Does it show? > > Throwing more shit. Where? OP's asking, in a negative way perhaps, but valid questions. > > In general I consider polls meaningless since they are totally dependent > > on the question. And there are "push polls" in which the question is > > preceded by a long statement designed to evoke the "proper" response. > > Other polls keep asking slightly different questions until they get the > > response they want. > > And you have no evidence that any of this was done with this poll. Nor did the OP claim it was. > > Remember, someone is usually paying for these polls. > > Maybe, in this case a spam consortium sponsored the poll???? > > You didn't read your own cite, which concluded with the following: "The > Pew Internet & American Life Project is a non-profit initiative of the > Pew Research Center and is funded by the Pew Charitable Trusts to > examine the social impact of the internet." > > If you don't agree with the findings of the poll, that's one thing. But > you're letting your animosity towards spam lead to making outrageous and > unsupportable claims. The OP may be insinuating, by the tone of the question, but makes almost no actual claims. The OP IS arguing a very generalized skepticism to the polling business. WHich > -- > D.F. Manno > dfm2a3l0t2@spymac.com > "The work goes on, the cause endures, the hope still lives and the dream > will never die." From nttp.sc.s at bigsleep.org Mon Apr 11 16:30:52 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 11:35:29 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 D.F. Manno entered spamcop and left news:dfm2a3l0t2- 9A7843.09091711042005@news.cesmail.net: >> Without seeing the questions it is impossible for the results to mean >> anything of value. > > That's an overstatement. Do you have any reason to question the > methodology? If so, present it. If not, you're just throwing shit > against the wall and hoping some of it sticks. > I'll jump in... There are major flaws in this poll: Q19 "Spam or junk email" is not defined; SP1 "How much have you heard or read about SPAM, or junk email? Have you heard or read…?" "Nothing at all" - 12% And 38% of the people polled know little or nothing about spam, and are asked about something may know nothing about. In June 2003 it was 43%, before the Can-Spam act you would assume people would know less about spam. According to the poll this difference is only 5%. SP5|SP6 "Thinking just about your [PERSONAL|WORK] email account…In the past 12 months, have you noticed any change in the amount of spam you receive in your [PERSONAL|WORK] email account?" In Feb 2004, question wording was "...Since January 1st of this year...". So they are compairing a ~1 month increase/decrease to one spanning ~12 months. SP18 "Have you ever…?" e "Used filters offered by your email provider or employer to block spam" "Yes" - 65% f "Applied your own filters to block spam" "Yes" - 33% This question was never asked before. Apparently 65% know what a spam filter is, and likely see less spam because of it. SP31 "Unsolicited [commercial|non-commercial|political]..." This is too general, in my opinion, for a meaningful response. Also the wording would likely be leading towards a positive (yes) response. SP3 "Received an unsolicited email requesting personal ...information..." Only 35% recall receiving phish. I find that hard to believe. This question was never asked before. "Further Analysis - Slightly Increasing Volume of Spam Those who keep tabs on spam report major increases in the volume of spam over the last year. For example, the spam filtering company MessageLabs has reported that in an average month during 2004, spam constituted 73% of email, up from 40% in 2003." The small difference in the pollees recollection, when compairing the results to previous polls, makes the comparison pretty much meaningless. For example porn spam would seem to be decreasing, however you have to consider how much of it is getting filtered or blocked, as it's highly likely that porn spam is easier to block. A poll of 1,295 email users is a somewhat small sample, especially when you try and break it down. -- | Ric From ob1db at spamcop.net Mon Apr 11 13:15:00 2005 From: ob1db at spamcop.net (David Butler) Date: Mon Apr 11 12:20:06 2005 Subject: [SpamCop-List] Re: chinatietong.com References: Message-ID: "Patto" wrote in message news:d2icst$1fr$1@news.spamcop.net... > Brian (SnSR) wrote: > > Never mind. > > > > anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) > > Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical > > tracking. > > The non-bouncing address is anti-spam@chinanet.cn.net abuse@chinanet.cn.net is also valid and non-bouncing currently. David From caroljean52 at yahoo.com Mon Apr 11 10:27:32 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Mon Apr 11 12:30:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Mike Easter" wrote in message news:d3cftj$n1v$1@news.spamcop.net... > Personally, I think a lot less people are letting their eyeballs fall on > the interior of spams, and when they do they are perceiving the content > much less receptively than ever before. Another reaction to this survey: "There could be another explanation for the Pew findings. As more people use the Internet to shop, pay bills and perform other critical aspects of daily life, they begin to worry about a far more dangerous threat -- an increase in online crime." http://www.washingtonpost.com/wp-dyn/articles/A43486-2005Apr11.html?referrer =email (WP requires registration. I don't know if the "referer=email" part will get you around this or not.) Carol Seattle USA From nobody at nowhere.invalid Mon Apr 11 20:28:50 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 13:30:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On Mon, 11 Apr 2005 14:19:26 +0100, Porpoise coughed into spamcop and left this in : > I prefer using a spreadsheet for tables (or HTML) or PDF. Bloat. And it goes down *really* well in text-only newsgroups... Remember, we're talking about newsreaders here. > I tend to use email for quick communication. So do I. And I use a fixed width font in e-mail too. > For "proper" documents, I use the relevant programme, and if I need to > send that data to someone, I'll either send them the original file (if > they need to be able to edit it), or a PDF file. It's a lot easier to send small amounts of data in tables like this: +----------------------------+ | Country | Spams per minute | +---------+------------------+ | .kr | 1204785547 | | .cn | 984657634 | | .br | 54979878 | | .fr | 78965456 | | .ng | 257987987 | | .us | 9836546545 | | others | 74 | +---------+------------------+ Anyone using a fixed width font like me will see something clean and tidy, I didn't have to fire up a spreadsheed program to do it, I probably typed the data just as fast, if not faster than if I'd used the spreadsheet program, people on the other end don't need a spreadsheet program or PDF viewer to view it, and it took up a grand total of 11x31=341 bytes. >> 2) ssh into my machine from anywhere in the world and fire up the >> newsreader with the same settings, killfile, spool etc. regardless of >> where I am geographically. > > Ah well, there you go then, different course - different horse......... When > you use a laptop on the move, all your settings are always there anyway. What if you don't have a laptop? > Not many people in the real world use consoles.......... Those that do appreciate them (otherwise they wouldn't use them because, as we all know, there are alternatives). And more people than you think run software on local or remote consoles. People who manage web and mail servers, for example. Would you tell me that these people are not in the real world? -- Steve Everyone has a photographic memory. Some just don't have film. From MikeE at ster.invalid Mon Apr 11 12:26:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 11 14:25:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: Steven Maesslein wrote: > It's a lot easier to send small amounts of data in tables like this: > > +----------------------------+ >> Country | Spams per minute | > +---------+------------------+ >> .kr | 1204785547 | >> .cn | 984657634 | >> .br | 54979878 | >> .fr | 78965456 | >> .ng | 257987987 | >> .us | 9836546545 | >> others | 74 | > +---------+------------------+ > > Anyone using a fixed width font like me will see something clean and > tidy, I prefer to read 'words' or sentences in a proportional font, my default. When I need to look at a table like that, I toggle into a fixed width. Different strokes for different folks; there are a lot of people who prefer fixed to read email and news with. > it took up a grand > total of 11x31=341 bytes. I'm a big fan of efficiency. -- Mike Easter kibitzer, not SC admin From Ilgaz at spamcop.net Mon Apr 11 23:48:12 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Apr 11 15:50:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: On 2005-04-10 19:54:00 +0300, "WazoO" said: > "Ilgaz Ocal" wrote in message > news:Ilgaz-7717A4.16481209042005@news.cesmail.net... >> >> On OS X, since my first OS X usage days, I have found Subsume ( >> http://www.subsume.com/ ) for very interesting apps. >> >> Demoted section >> http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem >> oted >> >> So, what happened basically? > > You asked the same question over in the web Forum last month at > http://forum.spamcop.net/forums/lofiversion/index.php/t3873.html > You were invited to use the search tool to look up a few of the > previous discussions about the SubSume status. Apparently, > you chose not to do that. Here's a few discussion links, the > massive one is first, but it contains a bit of history, old > newsgroup threads, etc ..... > http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html > http://forum.spamcop.net/forums/lofiversion/index.php/t1767.html You know what? I'd also start a fight because of your messages tone. I checked "notify me of replies" and replies didn't get notified. Sorry for that. In fact, cancelling that post now if I can. I can understand the reason of "fight" clearly. Well, result is "spam fighting" community'es loss, not spamcops nor subsume people. Some people , very rare percent of them choose to do the real thing, reporting those lame criminals to where they belong. Or... Apple mail has AI based (no,not bayesian) excellent spam filter anyway. No Apple user (unless a linux convert) will care to report spams using "display raw source" and paste to some web form. They bought that system for simplicity. Never mentioning the huge potential of problematic pastes too. If you use a OS X designed for publishing, DTP community at first hand... Paste doesn't work as in windows. Thanks anyway Ilgaz Ocal ps: Just bought Unison for OS X as well as a usenet account, may give an idea about my current feelings against "web forum" thing. ;) From Ilgaz at spamcop.net Mon Apr 11 23:57:02 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Apr 11 16:00:05 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: > > Thanks anyway > > Ilgaz Ocal > ps: Just bought Unison for OS X as well as a usenet account, may give > an idea about my current feelings against "web forum" thing. ;) Oops, when I went to forums, I see you were admin at forums. So, don't misunderstand, I speak about "web forums" in general, not "your" forums or your administration. Ilgaz Ocal never been good with nicks From nttp.sc.s at bigsleep.org Mon Apr 11 21:19:15 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 16:20:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 caroljean52 entered spamcop and left news:d3e8hp$k54$1@news.spamcop.net: > (WP requires registration. I don't know if the "referer=email" part > will get you around this or not.) > > Looks like the eMail stuff is "free", I don't think the "?referer" part makes any difference. I like this part: "Fourteen percent of the world's cell-phone users say they have interrupted a sexual encounter to answer their wireless phone, AdAge reported today. The finding came from a survey of 3,000 wireless product users titled 'Wireless Works: Exploring New Brand Connections,' that was conducted by Omnicom Group's BBDO Worldwide and Proximity Worldwide." Notice it used a survay base of 3,000, which I think makes it much more credible (are there twice as many cell phone users than Internet users?). He makes a good point, but really doesn't say anything at all, like why the Bush plug? -- | Ric From nttp.sc.s at bigsleep.org Mon Apr 11 21:25:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 16:30:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On 10 Apr 2005 Steven Maesslein entered spamcop and left news:slrnd5jacl.mhs.nobody@127.0.0.1: >> But something happened, from two day I do not received spam from >> kornet... more, I do not received spam completely. Whats happed? > > Probably need to give your mail server a good kick :) > Spam tends to stick to the sides, on a warm day it plops out all at once. -- | Ric From nobody at devnull.spamcop.net Mon Apr 11 18:08:13 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 11 17:10:07 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > -- > Steve > > Everyone has a photographic memory. Some just don't have film. NOTE: Your sig has just been appropriated! I feel sure I deserve it more than you do, because I AM afflicted with a film problem! '-] Not that I don't have any, but that it takes a long time to develop! Docs call it a "memory retrieval" problem: I call it I can't remember a damned thing until about two days after I learn it! IF I knew I wanted to remember it when I learned it! Took me a long time to learn that, too! Thanks! Pop --- I have a photographic memory; my film's just fogged. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 15:31:10 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 17:35:42 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Pop wrote: > ... > >>-- >>Steve >> >>Everyone has a photographic memory. Some just don't have film. > > > NOTE: Your sig has just been appropriated! I feel sure I deserve it more > than you do, because I AM afflicted with a film problem! '-] Not that I > don't have any, but that it takes a long time to develop! > Docs call it a "memory retrieval" problem: I call it I can't remember a > damned thing until about two days after I learn it! IF I knew I wanted to > remember it when I learned it! Took me a long time to learn that, too! > > Thanks! > > Pop > --- > I have a photographic memory; > my film's just fogged. > > I have a similar affliction. It's not new, but the doctors have just given it a new name. Called CRAFT. Cant Remember A Frigging Thing. :) Brian From borgholio at storymind.com Mon Apr 11 15:41:54 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 11 17:45:04 2005 Subject: [SpamCop-List] Fast Reporting - Good or bad? Message-ID: Using fast spam reporting allows me to report mass quantities of spam without having to sit in front of the Spamcop page for long periods of time clicking "Report Now" - "Send Reports" - "Report Now" - "Send Reports". The downside of fast reporting is that it does not report any spamvertised websites. Isn't this a major flaw? I always figured that reporting the spamvertised sites is just as important (if not more so) than reporting the source of the spam itself. If spammers can't make money, they won't spam. Why does fast reporting not report spamvertised links? From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 15:58:39 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:05:05 2005 Subject: [SpamCop-List] B0rken Regions Phish Message-ID: The poor luser has gone to a lot of trouble to not have this work, unless this is working for Insecure Explorer and/or Look Out Express. www.spamcop.net/sc?id=z751377537z2d0f701b87a1c7bdd4113a3d9146e139z It appears that the link was supposed to go to http://custconfdll.com/.../, but in fact goes to a non-existent page at regions.com. What is interesting, is the amount of hopping around custconfdll.com does. Whois at 14:30 -700 gives 210.5.3.3 which is in GUANGTONGNET space (abuse@optisp.com). Reparsing a few minutes later, SC reads it as 61.16.199.254 and wants to lart abuse@hotwireindia.com. Later still, SC wants the lart to go to abuse@pubnet.ne.kr for 211.57.134.199. Looking at report history shows this is repeated. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 16:05:02 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:10:05 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? In-Reply-To: References: Message-ID: Borgholio wrote: > Using fast spam reporting allows me to report mass quantities of spam > without having to sit in front of the Spamcop page for long periods of > time clicking "Report Now" - "Send Reports" - "Report Now" - "Send > Reports". The downside of fast reporting is that it does not report any > spamvertised websites. Isn't this a major flaw? I always figured that > reporting the spamvertised sites is just as important (if not more so) > than reporting the source of the spam itself. If spammers can't make > money, they won't spam. Why does fast reporting not report spamvertised > links? A quick, simple answer is that it is too easy for a spammer to throw in a link to an unrelated site, causing bad reports. This is a main reason why it is important for human eyes to verify that the links are actually the spamvertized links. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 16:12:09 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:15:09 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam In-Reply-To: References: Message-ID: Blammo wrote: > On 11 Apr 2005 caroljean52 entered spamcop and left > news:d3e8hp$k54$1@news.spamcop.net: > > >>(WP requires registration. I don't know if the "referer=email" part >>will get you around this or not.) >> >> > > > Looks like the eMail stuff is "free", I don't think the "?referer" part > makes any difference. > > I like this part: > > "Fourteen percent of the world's cell-phone users say they have interrupted > a sexual encounter to answer their wireless phone, I'd like to think that 86% said "screw it" when the phone rang, but that's not the case. It could mean that 86% never had the phone ring when they were so involved, or they never have sex, so they never experience coitus interuptus. ;) From borgholio at storymind.com Mon Apr 11 16:14:31 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 11 18:15:26 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Borgholio wrote: > >> Using fast spam reporting allows me to report mass quantities of spam >> without having to sit in front of the Spamcop page for long periods of >> time clicking "Report Now" - "Send Reports" - "Report Now" - "Send >> Reports". The downside of fast reporting is that it does not report >> any spamvertised websites. Isn't this a major flaw? I always figured >> that reporting the spamvertised sites is just as important (if not >> more so) than reporting the source of the spam itself. If spammers >> can't make money, they won't spam. Why does fast reporting not report >> spamvertised links? > > > A quick, simple answer is that it is too easy for a spammer to throw in > a link to an unrelated site, causing bad reports. This is a main reason > why it is important for human eyes to verify that the links are actually > the spamvertized links. Yeah that's pretty much what I figured. I can't see why people who get lots of spam are "penalized" in this way, though. I wouldn't mind reporting a bunch of spam at once if I could get some sort of "consolidated" page where I could review all pending reports at the same time. Having to wait for each individual report to come up is a huge waste of time. From noone at nowhere.com Mon Apr 11 20:29:14 2005 From: noone at nowhere.com (Bob Itguy) Date: Mon Apr 11 19:30:34 2005 Subject: [SpamCop-List] Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... Message-ID: http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az Argh...... From noone at nowhere.com Mon Apr 11 20:31:54 2005 From: noone at nowhere.com (Bob Itguy) Date: Mon Apr 11 19:35:03 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: Here is how the link is in the email, SC just goes crazy when the spammers format it like this.... From nobody at xyzzy.claranet.de Tue Apr 12 02:58:23 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 11 20:00:14 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: <425B0F1F.1D0@xyzzy.claranet.de> eddie wrote: > Remember, someone is usually paying for these polls. And someone might have answered the questions. Maybe those who allegedly participated really got more used to spam than last year. Or they have better filters. Many plausible possibilities, but all irrelevant, bye From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 19:21:46 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 21:25:10 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... In-Reply-To: References: Message-ID: Bob Itguy wrote: > > > > Here is how the link is in the email, SC just goes crazy when the spammers > format it like this.... > > What SC is attempting to resolve is http://http://zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/, which for some reason redirects me to http://www.microsoft.com/ in FireFox. Dusting off Insecure Explorer, I'm treated to "The page cannot be displayed" I'm not sure why the two browsers treat the double http:// so differently. I'm also not sure why this bothers you so much. Reporting URL's doesn't really do much good with mole reporting. From pete+usenet at heypete.com Mon Apr 11 21:33:38 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Mon Apr 11 23:35:03 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? References: Message-ID: In article , Borgholio wrote: > Yeah that's pretty much what I figured. I can't see why people who get lots > of spam are "penalized" in this way, though. I wouldn't mind reporting a > bunch of spam at once if I could get some sort of "consolidated" page where > I could review all pending reports at the same time. Having to wait for > each individual report to come up is a huge waste of time. Yeah, I miss not being able to report individual URLs. However, I simply don't have the time to deal with it nowadays. I quick-report massive (usually several hundred simultaneously) amounts of spam -- the "confirmation" message from SpamCop is occasionally >80k of plaintext. At least I'm contributing to the SCBL, though. One thing to look out for when quick-reporting: false positives. I've messed up and accidentally reported legit mail more than once. I do my best to make sure that they're not accidentally reported, but we all make mistakes sometimes. My biggest "oops" was when I LARTed SPAM-L. Embarrassment ensued. It's handy when submitting large amounts of spam, that's for sure. :) -- Pete Stephenson HeyPete.com From tdy at blackhole.invalid Mon Apr 11 22:45:47 2005 From: tdy at blackhole.invalid (N. Miller) Date: Tue Apr 12 00:50:05 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: In article , Blammo says... > ...all mail servers relay and bounce... Not necessarily true. Mine does neither; well, not for the world, anyway. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nttp.sc.s at bigsleep.org Tue Apr 12 07:52:30 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 02:55:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 11 Apr 2005 N. Miller entered spamcop and left news:MPG.1cc4f259ecc4c44f9897d1@news.spamcop.net: > In article , Blammo says... > >> ...all mail servers relay and bounce... > > Not necessarily true. Mine does neither; well, not for the world, anyway. > If you send an eMail to me, it relays from you to me, my server will reject it, and your's will bounce it back to you (or whomever you claim to be). Or have you come up with some new way of sending mail? -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 07:56:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 03:00:05 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 Brian (SnSR) entered spamcop and left news:d3esri$uk6$1@news.spamcop.net: > I'd like to think that 86% said "screw it" when the phone rang, but > that's not the case. It could mean that 86% never had the phone ring > when they were so involved, or they never have sex, so they never > experience coitus interuptus. ;) > Or, like me, answer it, and keep on rock'n. -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 08:59:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:00:08 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 11 Apr 2005 Brian (SnSR) entered spamcop and left news:d3f7v3$4kt$1@news.spamcop.net: > What SC is attempting to resolve is > http://http://zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/, which > for some reason redirects me to http://www.microsoft.com/ in FireFox. > Dusting off Insecure Explorer, I'm treated to "The page cannot be > displayed" > Mozilla 1.7 "correctly" goes to http://www.http.com http://www.http.com//zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/ GET //zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/ HTTP/1.1 Host: www.http.com Keep-Alive: 300 Connection: keep-alive HTTP/1.x 404 Not Found Date: Tue, 12 Apr 2005 07:32:38 GMT Server: Apache/2.0.49 (Unix) PHP/4.3.6 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=ISO-8859-1 however this is only because the "logic" is set to add ".com", otherwise the URL is invalid. Communicator complains about "http", IE 3.02 just complains. Lynx tries to go to "http". Technically the domain would be "http" and the port would be "//zdai". I believe the target is meant to be dnfuriljl.com, which most browsers would incorrectly fetch if it wasn't screwed up. Note that some browsers ignore the "&". Registrant: NA Borovskoe shosse 25, 2 Moscow, MSK 127039 RU 79268710023 No abuse address. -- | Ric | From click1510 at earthlink.net Tue Apr 12 02:07:43 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Tue Apr 12 04:10:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: > Notice it used a survay base of 3,000, which I think makes it much more > credible (are there twice as many cell phone users than Internet users?). A poorly selected sample of 3000 is much worse than a well selected sample of 100. Don't believe numbers--the methods used make all the difference. From nttp.sc.s at bigsleep.org Tue Apr 12 09:09:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:10:19 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 12 Apr 2005 Blammo entered spamcop and left news:Xns9636A2AF733blammo@216.154.195.61: > ...which most browsers would incorrectly fetch if it wasn't screwed up. Oh, I see that it's Spamcop that screwed up. Interesting. -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 09:16:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:20:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 12 Apr 2005 CO-DBA-SC-EL entered spamcop and left news:d3fvkv$gir$1@news.spamcop.net: >> Notice it used a survay base of 3,000, which I think makes it much >> more credible (are there twice as many cell phone users than Internet >> users?). > A poorly selected sample of 3000 is much worse than a well selected > sample of 100. Don't believe numbers--the methods used make all the > difference. > > > That's true, but we don't know anything important about the sample in either case, so we are left with only the number. -- | Ric | From DougThegarden at hotmail.com Tue Apr 12 10:26:02 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Tue Apr 12 04:30:03 2005 Subject: [SpamCop-List] Spam subject line of the day Message-ID: I couldn't resist opening this one to see what on earth it was about but the hilarious title disappointingly revealed just another mortgage offer: "Smell gene may help ward off mosquitoes" Doug From nttp.sc.s at bigsleep.org Tue Apr 12 09:57:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 05:01:36 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 12 Apr 2005 Blammo entered spamcop and left news:Xns9636BCDB7AA6blammo@216.154.195.61: > On 12 Apr 2005 Blammo entered spamcop and left > news:Xns9636A2AF733blammo@216.154.195.61: > >> ...which most browsers would incorrectly fetch if it wasn't screwed up. > > Oh, I see that it's Spamcop that screwed up. Interesting. > Parsing input: http://zdaizkit.comxzikqmoysmss84th6oly9.dnfuriljl.com/ host zdaizkit.comxzikqmoysmss84th6oly9.dnfuriljl.com (checking ip) = 202.99.172.145 host 202.99.172.145 (getting name) no name No recent reports, no history available Cached whois for 202.99.172.145 : ipanm@heinfo.net abuse@cnc-noc.net Using abuse net on abuse@cnc-noc.net abuse net cnc-noc.net = abuse@cnc-noc.net, postmaster@cnc-noc.net Using best contacts abuse@cnc-noc.net postmaster@cnc-noc.net postmaster@cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. Parsing input: http://xzikqmoysmss84th6oly9.dnfuriljl.com/ host xzikqmoysmss84th6oly9.dnfuriljl.com (checking ip) = 82.114.48.64 host 82.114.48.64 (getting name) no name No recent reports, no history available Cached whois for 82.114.48.64 : abuse@tautel.ru Using abuse net on abuse@tautel.ru abuse net tautel.ru = abuse@tautel.ru, postmaster@tautel.ru Using best contacts abuse@tautel.ru postmaster@tautel.ru -- | Ric | From Ilgaz at spamcop.net Tue Apr 12 15:37:58 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Tue Apr 12 07:40:31 2005 Subject: [SpamCop-List] Re: B0rken Regions Phish References: Message-ID: On 2005-04-12 00:58:39 +0300, "Brian (SnSR)" said: > The poor luser has gone to a lot of trouble to not have this work, > unless this is working for Insecure Explorer and/or Look Out Express. > > www.spamcop.net/sc?id=z751377537z2d0f701b87a1c7bdd4113a3d9146e139z > > It appears that the link was supposed to go to > http://custconfdll.com/.../, but in fact goes to a non-existent page at > regions.com. > > What is interesting, is the amount of hopping around custconfdll.com > does. Whois at 14:30 -700 gives 210.5.3.3 which is in GUANGTONGNET > space (abuse@optisp.com). Reparsing a few minutes later, SC reads it as > 61.16.199.254 and wants to lart abuse@hotwireindia.com. Later still, SC > wants the lart to go to abuse@pubnet.ne.kr for 211.57.134.199. > > Looking at report history shows this is repeated. Regions bank is clearly in trouble of a huge phishing campaign. My Yahoo bulk folder is full of them. Its from Korea all the time... More interestingly, they have also sent a legit mail once. I mean spammers! It was clearly to make reporters count as invalid. I tell you, if I was a spammer and I see even this kind of crime (huge crime) doesn't make the spammers door broken by local police/FBI. I'd have no fear. Ilgaz Ocal p.s.: I know, the machines are in question are zombies From nobody at nowhere.com Tue Apr 12 10:27:19 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 09:25:05 2005 Subject: [SpamCop-List] what do I do now? Message-ID: I've received 75 messages all identical to the one below in the past month. Maybe nobody else is reporting spam from this source, but 193.13.73.216 is not getting listed in any of the blocklists. I also sent a personal, unmunged email to abuse@griffel.se asking if he could kindly look into the matter, and received no response. Is there some something else I can do? http://www.spamcop.net/sc?id=z751593096z3f1c535e3d2658d96b32c59367932ac6z Bob From Ilgaz at spamcop.net Tue Apr 12 17:30:02 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Tue Apr 12 09:35:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: On 2005-04-12 16:27:19 +0300, "Robert" said: > I've received 75 messages all identical to the one below in the past month. > Maybe nobody else is reporting spam from this source, but 193.13.73.216 is > not getting listed in any of the blocklists. I also sent a personal, > unmunged email to abuse@griffel.se asking if he could kindly look into the > matter, and received no response. Is there some something else I can do? > > http://www.spamcop.net/sc?id=z751593096z3f1c535e3d2658d96b32c59367932ac6z > > Bob Are you _sure_ your mail client isn't actually getting same message forever? In case, you use a mail client. No recent reports, no history available Cannot resolve http://wyzh.flabaxileml.com/?shuxujss4wzrkssxeimphfc It definitely looks like the spammers site has been closed down to me. Some people took action against him/her. I suggest you manually black list the sender if you are sure thats not your clients problem. Ilgaz Ocal From MikeE at ster.invalid Tue Apr 12 08:56:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 10:55:04 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > I've received 75 messages all identical to the one below in the past > month. Maybe nobody else is reporting spam from this source, but > 193.13.73.216 is not getting listed in any of the blocklists. 193.13.73.216 rDNS stat.infanterit.se is not listed in any blocklists, and doesn't even make a blip on senderbase's radar screen: Report on IP address: 193.13.73.216 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 0.0 -100% Last 30d 0.0 -100% Average 0.0 If you report 2.5 per day, it seems that it would become SC blocklisted if some of those 'piled up'. > I also > sent a personal, unmunged email to abuse@griffel.se asking if he > could kindly look into the matter, and received no response. Is there > some something else I can do? You could expand the notifies to include swip and include griffel in the expansion. >From ripe: In case of improper use, please mail or route: 193.12.0.0/14 descr: SWIPNET In case of improper use originating from our network, please mail customer or -- Mike Easter kibitzer, not SC admin From nobody at nowhere.com Tue Apr 12 12:32:28 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 11:30:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3gnfc$se6$1@news.spamcop.net... > Volume Statistics for this IP > Magnitude Vol Change vs. Average > Last day 0.0 -100% > Last 30d 0.0 -100% > Average 0.0 Could it be that spamcop is ignoring my reports? BTW I've only reported the last 25 messages, beginning 3/29. While identical in content, the messages are all definitely different (I'll post links to the next bacth I report to show). Is it possible that they're always from the same source because my server's being somehow fooled into generating bad headers? In that case I'd feel bad for implicating an innocent bystander. Robert From MikeE at ster.invalid Tue Apr 12 10:00:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 12:00:05 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > "Mike Easter" >> Volume Statistics for this IP >> Magnitude Vol Change vs. Average >> Last day 0.0 -100% >> Last 30d 0.0 -100% >> Average 0.0 > > Could it be that spamcop is ignoring my reports? BTW I've only > reported the last 25 messages, beginning 3/29. That magnitude stuff is senderbase reporting 'traffic' Senderbase traffic is an accumulation of data from 50,000 big mail recipients. That isn't a summary of spamcop reports, which aren't/isn't available. SC only gives fragmentary, superficial information and then only when an IP has become SC listed. > While identical in content, the messages are all definitely different > (I'll post links to the next bacth I report to show). > > Is it possible that they're always from the same source because my > server's being somehow fooled into generating bad headers? In that > case I'd feel bad for implicating an innocent bystander. Well, I don't like your provider's headers, but they would be pretty whacky if they didn't report the source IP accurately in the Received traceline. Received: from 193.13.73.216 by 192.168.0.100; Mon, 11 Apr 2005 19:34:42 -0400 That 'from' field is supposed to represent the source IP, and many servers would be configured to also provide the helo and the rDNS. In this case the rDNS is stat.infanterit.se infanterit.se has the MX mail.griffel.se which is 193.13.74.245 The senderbase information for that IP is quite different: Report on IP address: 193.13.74.245 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.0 -22% Last 30d 4.1 -4% Average 4.1 indicating its function as the output IP for griffel. Those magnitude numbers can be considered as exponents or logrithms of a number, so 4 is a lot larger than 0. What is sorta wrong with your server's line is that it should put the domainname or hostname in the 'by' field; at least it should do that if it is transferring the mail somewhere else. Instead it just has a non-routing IP address 192.168.0.100 If I try to derive some clues about the server from the headers, I can look at the message ID, which is sometimes assigned by the recipient server if it didn't have one from the sender. Spam msg id/s may be absent at the time of sending or they can be bogus. I interpret this one as bogus rather than assigned by your mailserver, but I don't actually know that. -- Mike Easter kibitzer, not SC admin From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 12:58:36 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 13:00:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Ron B." wrote in message news:d3cems$m63$1@news.spamcop.net... > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? That is my local station. It is accurate. People don't like it any better than before but they don't freak out at it. They know scams now. I thought the original message said people were more accepting of spamcop. Of course, I would say that one is completely wrong. Most ISPs avoid it because it is too aggressive. Is is mostly pissed off individuals with small or no networks who participate on this forum. David P. From nobody at nowhere.com Tue Apr 12 14:46:49 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 13:45:06 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3gr70$unn$1@news.spamcop.net... > What is sorta wrong with your server's line is that it should put the > domainname or hostname in the 'by' field; at least it should do that if > it is transferring the mail somewhere else. Instead it just has a > non-routing IP address 192.168.0.100 And I've already been criticized about the line that comes directly above it, which is Received: from wps-1.merrimac (WPS-1 [192.168.100.9]) by merrexch.merrimac with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H1FNFHGW; Mon, 11 Apr 2005 20:11:38 -0400 I delete this one because it offers no extra or useful information, and prevents me from reporting. I'm really not sure why people beat me over the head about these headers - it's just how Exchange 5.5 works. I can't do *anything* to change how it generates its headers, and we're not upgrading to a newer version (which may still generate headers like this) for a few months still. Am I really the only SC user with an email server like this? Maybe I can configure it differently (I'm not the admin tho). I'll have to check out the Exchange NG's... Robert From zypher at spamcop.net Tue Apr 12 13:55:02 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Apr 12 13:55:05 2005 Subject: [SpamCop-List] OT: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) In-Reply-To: References: Message-ID: David Payer wrote: > "Ron B." wrote in message > news:d3cems$m63$1@news.spamcop.net... > >>http://www.theiowachannel.com/technology/4365058/detail.html >> >>Reactions? > > > That is my local station. It is accurate. People don't like it any better > than before but they don't freak out at it. They know scams now. > > I thought the original message said people were more accepting of spamcop. > Of course, I would say that one is completely wrong. > > Most ISPs avoid it because it is too aggressive. Is is mostly pissed off > individuals with small or no networks who participate on this forum. > > David P. > > I am a Des Moines resident. If you want, you may reach me using my Spamcop addy (it is not munged). BTW, does MediaCom count as a "small ... network"? From MikeE at ster.invalid Tue Apr 12 13:13:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 15:15:06 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > "Mike Easter" >> What is sorta wrong with your server's line is that it should put the >> domainname or hostname in the 'by' field; at least it should do >> that if it is transferring the mail somewhere else. Instead it just >> has a non-routing IP address 192.168.0.100 > > And I've already been criticized about the line that comes directly > above it, which is > > Received: from wps-1.merrimac (WPS-1 [192.168.100.9]) by > merrexch.merrimac with SMTP (Microsoft Exchange Internet Mail Service > Version 5.5.2653.13) id H1FNFHGW; Mon, 11 Apr 2005 20:11:38 -0400 Eek! That is a bad line too. Worse in some ways. > I delete this one because it offers no extra or useful information, > and prevents me from reporting. Eek! That deletion /is/ troublesome. I would be surprised if a deputy 'allowed' that material change if knowledgeable of it. I would be less surprised if a deputy sed that if your spam can't be submitted to spamcop and parsed 'as is' without material changes - that it just looks like your spam shouldn't be submitted to spamcop. Afterall, look at how many things are being done to alter the spam so that it no longer resembles what was sent in the first place -- the headers are being 'mangled' [actually improperly 'augmented' by bad Received tracelines] by their receipt by a misconfigured Exchange server -- and also the body is being mangled by something, presumably Outlook, which results in SC having to re-mangle the body again to do the OL/Eudora hack. > I'm really not sure why people beat me over the head about these > headers - it's just how Exchange 5.5 works. I can't do *anything* to > change how it generates its headers, and we're not upgrading to a > newer version (which may still generate headers like this) for a few > months still. Exchange does a lot of bad things in the server department, but it isn't 'required' to be misconfigured. Plenty of Exchange servers know what the name and IP of the receiving server should be. > Am I really the only SC user with an email server like this? Maybe I > can configure it differently (I'm not the admin tho). I'll have to > check out the Exchange NG's... -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Apr 13 00:25:29 2005 From: nobody at spamcop.net (nospam) Date: Tue Apr 12 15:30:04 2005 Subject: [SpamCop-List] Software Factory solutions moved from Calpop/Atmlinkinc to SBC global Message-ID: Now this fscker is spamming through SBC Global Still hosted on the same tired MCI server at 63.82.96.35 Still sending dozens of shopping sprees, free cell phones and compare the stores spams to the same addresses every few days. Same operation out of Laval PQ Canada From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 16:28:16 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 16:30:05 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Ron B." wrote in message news:d3h21m$4eg$1@news.spamcop.net... > I am a Des Moines resident. If you want, you may reach me using my > Spamcop addy (it is not munged). BTW, does MediaCom count as a "small > ... network"? No, they are not. You work for them? D From zypher at spamcop.net Tue Apr 12 17:02:33 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Apr 12 17:05:08 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) In-Reply-To: References: Message-ID: David Payer wrote: > "Ron B." wrote in message > news:d3h21m$4eg$1@news.spamcop.net... > >>I am a Des Moines resident. If you want, you may reach me using my >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small >>... network"? > > > No, they are not. You work for them? > > D > > Nope, just my ISP From krazikat at krazi.kat Tue Apr 12 22:05:16 2005 From: krazikat at krazi.kat (krazikat) Date: Tue Apr 12 17:10:11 2005 Subject: [SpamCop-List] Re: more slow response References: Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: >>> Tired? Try giving it a rest. >> >> >> Sucky? Try giving it a rest. > > > Yawn. > Idiot. From krazikat at krazi.kat Tue Apr 12 22:06:58 2005 From: krazikat at krazi.kat (krazikat) Date: Tue Apr 12 17:10:36 2005 Subject: [SpamCop-List] Re: more slow response References: Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: >>> Tired? Try giving it a rest. >> >> >> Sucky? Try giving it a rest. > > > Yawn. > Idiot. From noah.boddie at newsgroup.nospam Tue Apr 12 18:10:16 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Tue Apr 12 17:15:06 2005 Subject: [SpamCop-List] Re: Reports going to spammer References: Message-ID: "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:d3c9lv$j7r$3@news.spamcop.net... > [Spam posted in .spam, under the same heading] > > Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de > > The problem is...: Mr Kerler appears to be the spammer! > > Had a suspicion that this might be the case, so did a bit of googling > and found this: > > http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html > > I also found a newsgroup discussion, in German, where someone had done a > manual LART to the upstream (Deutsche Telekom) and got a reply saying > "not our problem". > > So - is there anything one can do? Go to his house and bust his kneecaps with a baseball bat? ------ If you were to realize how powerful your thoughts are you would never have a negative thought again www.dwacon.com From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 17:37:01 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 17:40:03 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Ron, I think my original assertion stands: "Most ISPs avoid it because it is too aggressive. Is is mostly pissed off individuals with small or no networks who participate on this forum." Those on this forum are not people running networks for the most part, just pissed off individuals who get spam. Among email admins, SpamCop is too aggressive and and unhelpful when valid ISPs get listed. D "Ron B." wrote in message news:d3hd19$aa2$1@news.spamcop.net... > David Payer wrote: > > "Ron B." wrote in message > > news:d3h21m$4eg$1@news.spamcop.net... > > > >>I am a Des Moines resident. If you want, you may reach me using my > >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small > >>... network"? > > > > > > No, they are not. You work for them? > > > > D > > > > > > > Nope, just my ISP From dwvbo91q4001 at sneakemail.com Tue Apr 12 23:51:33 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 18:55:03 2005 Subject: [SpamCop-List] Re: Software Factory solutions moved from Calpop/Atmlinkinc to SBC global References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nospam wrote in news:BE820969.14925%nobody@spamcop.net: > Now this fscker is spamming through SBC Global > > Still hosted on the same tired MCI server at 63.82.96.35 > > Still sending dozens of shopping sprees, free cell phones and > compare the stores spams to the same addresses every few days. > > Same operation out of Laval PQ Canada > > so noted... see sightings in NANAS. - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxQ8PkOwY5RskHOEQKEdQCfZEl4UbehOReoMxk9UxIso0f9yLsAmwTc ctgs3aGlHNl5BRfW2fkh8LOF =cICT -----END PGP SIGNATURE----- From dwvbo91q4001 at sneakemail.com Wed Apr 13 00:19:13 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 19:20:08 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blammo wrote in news:Xns9634BA9C9C7D5blammo@216.154.195.61: > bluemountain 66.115.247.220 -> (66-115-247-220.dsl-cust.gwtc.net) Just another forgery from a zombie. 65.70.18.157 -> (cable-bsr1-0668.grnco.net) and another one. 67.190.25.250 -> (c-67-190-25-250.hsd1.co.comcast.net), etc... Note also the weird port: 8180. Currently there are 809 sightings at NANAS: http://groups-beta.google.com/group/news.admin.net-abuse.sightings/sea rch?q=bluemountain&start=0&scoring=d& - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxXSvkOwY5RskHOEQKt5gCgnjlMR13qq0yp5IcGqpRinxjPOSsAoNak N9/DDE7LAoPoXL5oL48ZEgnj =66Tu -----END PGP SIGNATURE----- From eddie at eddie.web Tue Apr 12 21:06:30 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 12 20:10:02 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On Mon, 11 Apr 2005 01:20:18 +0000, Blammo scratched out the following: > I hope people aren't too stupid to fall for this one, spam message > attempts > to look like a bluemountain eCard. I get those off and on. I suspect that the website it takes you to attempts to infect your computer. I just report them and include a copy to bluemountain with a note that their good name is being abused. If enough people also report it to bluemountain they might take some kind of action, if possible. I am careful to let bluemountain know that they are innocent but someone is taking advangate of their name. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Apr 12 21:08:38 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 12 20:10:19 2005 Subject: [SpamCop-List] Re: Reports going to spammer References: Message-ID: On Sun, 10 Apr 2005 23:34:42 +0100, Aviatrix scratched out the following: > Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de > > The problem is...: Mr Kerler appears to be the spammer! > > Had a suspicion that this might be the case, so did a bit of googling and > found this: > > http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html > > I also found a newsgroup discussion, in German, where someone had done a > manual LART to the upstream (Deutsche Telekom) and got a reply saying "not > our problem". > > So - is there anything one can do? put his address in one or more of the many "do not spam me" newsgroups???? -- Once movie theaters gave out steak knives Today they confiscate them From dwvbo91q4001 at sneakemail.com Wed Apr 13 01:17:55 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 20:20:02 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "David Payer" wrote in news:d3hf38$blu$1@news.spamcop.net: > Ron, I think my original assertion stands: > > "Most ISPs avoid it because it is too aggressive. Is is mostly pissed > off individuals with small or no networks who participate on this > forum." > > Those on this forum are not people running networks for the most part, > just pissed off individuals who get spam. Among email admins, SpamCop > is too aggressive and and unhelpful when valid ISPs get listed. > > D > vs. invalid ISPs? What is a *valid* ISP? If anything, spamcop reports should indicate to responsible parties that there *could* be a problem that needs attention. Unless an ISP wants some/all of it's netspace to be on the other more conservative, broader, and more permanent blocklists (if not already), it would be prudent to pay attention. When it comes to ignoring early warnings, Le incompetent admins deserve the cluestick. So, in that sense, your position sounds amusingly like you are pissed, not the other way around. -- Tim P Very content SpamCop Subscriber since 4/2002 From dwvbo91q4001 at sneakemail.com Wed Apr 13 01:38:16 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 20:40:06 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Mike Easter" wrote in news:d393v7$tdl$1@news.spamcop.net: > Mike Easter wrote: >> EL is acting bozotic again by leaving out the semicolon. > > RFC 2821 Section 3.6.7 on Trace fields requires that a semicolon be > placed between that section of the 'by' field which precedes the > timestamp and the timestamp, so the EL stamp is noncompliant.. > > My recent experience with trying to email EL some suggestions about > how to do something was met with total obstruction. > RFC noncompliance = rfc.ignorant.org....eventually Earthstink will fix- or else ;) - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxp8vkOwY5RskHOEQIkDwCeNjfKOV/E2gL43tGqvusns5mSKGwAnRN9 7JcpOVdSAY0I+sYUZDY2U7Ym =TNpj -----END PGP SIGNATURE----- From MikeE at ster.invalid Tue Apr 12 18:51:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 20:55:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Tim P. wrote: > RFC noncompliance = rfc.ignorant.org....eventually Earthstink will > fix- or else ;) I'm not a fan of rfc-ignorant; EL isn't going to pay any attention to being listed there; and getting EL listed there only has the potential to cause me some kind of problem, not some kind of solution. Besides, rfc-ig doesn't have a category for noncompliant Received tracelines. It has categories for DSN <>, postmaster, abuse, whois, and bogusmx. spamcop.net is currently listed in rfc-ig in 2 categories, and Julian doesn't agree that the rfc-ig listing is appropriate. But, there you go. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Apr 13 08:27:00 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 07:30:25 2005 Subject: [SpamCop-List] Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: You are not supposed to top-post in this forum. Most old timers will not read your posts for that reason. That said: David, you haven't lurked here long enough; your assertions are quite flawed in fact. Pop -- Let someone else do it I'm retired! "David Payer" wrote in message news:d3hf38$blu$1@news.spamcop.net... > Ron, I think my original assertion stands: > > "Most ISPs avoid it because it is too aggressive. Is is mostly pissed off > individuals with small or no networks who participate on this forum." > > Those on this forum are not people running networks for the most part, > just > pissed off individuals who get spam. Among email admins, SpamCop is too > aggressive and and unhelpful when valid ISPs get listed. > > D > > > "Ron B." wrote in message > news:d3hd19$aa2$1@news.spamcop.net... >> David Payer wrote: >> > "Ron B." wrote in message >> > news:d3h21m$4eg$1@news.spamcop.net... >> > >> >>I am a Des Moines resident. If you want, you may reach me using my >> >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small >> >>... network"? >> > >> > >> > No, they are not. You work for them? >> > >> > D >> > >> > >> >> >> Nope, just my ISP > > From nobody at nowhere.com Wed Apr 13 10:34:31 2005 From: nobody at nowhere.com (Robert) Date: Wed Apr 13 09:35:28 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3h6h2$6ru$1@news.spamcop.net... > Eek! That deletion /is/ troublesome. I would be surprised if a deputy > 'allowed' that material change if knowledgeable of it. I would be less > surprised if a deputy sed that if your spam can't be submitted to > spamcop and parsed 'as is' without material changes - that it just looks > like your spam shouldn't be submitted to spamcop. If the source IP is correct, I don't see why not. But in defernce to your judgment I guess I'll have to refrain from reporting any spam at all until I convince the admin that Exchange needs the be reconfigured. Right now he doesn't see anything at all wrong with the headers - I relayed to him what you said, but he shrugged his shoulders and said "so what"?. From MikeE at ster.invalid Wed Apr 13 08:10:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 10:10:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > I guess I'll have to refrain from reporting any spam at > all until I convince the admin that Exchange needs the be > reconfigured. Right now he doesn't see anything at all wrong with the > headers - I relayed to him what you said, but he shrugged his > shoulders and said "so what"?. I'm not sure I correctly understand what 'so what?' means. If it means 'so what' if you can't report to spamcop? If it means 'so what' if the headers are RFC non-compliant? If it means 'so what' if /I/ don't like the headers? The strongest argument should be that the headers are non-compliant. RFC 2822 defines the structure of internet message format. He should care about that. He's not much of an admin if he doesn't know what that RFC contains. The syntax of the header fields is described in that RFC. Specifically the Trace fields are described in part 3.6.7, most especially the structure of those Received lines. 2822 is a 'reflection' of RFC 2821 which defines the SMTP protocol and the 'musts' of that protocol, and in 2821 the trace fields are defined in section 4.4 of that RFC. He should care that his headers aren't compliant with those sections of those RFCs. It makes him look pretty silly in the eyes of those who configure their servers correctly. It makes him look like he doesn't know what he is doing; ie that he doesn't know how to admin a mail server. -- Mike Easter kibitzer, not SC admin From smjg_1998 at yahoo.com Wed Apr 13 16:40:12 2005 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Wed Apr 13 10:45:03 2005 Subject: [SpamCop-List] Re: Spam subject line of the day In-Reply-To: References: Message-ID: Doug Thegarden wrote: > I couldn't resist opening this one to see what on earth it was about but > the hilarious title disappointingly revealed just another mortgage offer: > > "Smell gene may help ward off mosquitoes" It seems that at least some spammers do use random subject lines. I once had one with the subject "Hey girl". Despite what anatomical feature the content was about. Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From porpoise1954 at yahoo.co.uk Wed Apr 13 16:56:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 11:05:56 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3ivm0$4f0$1@news.spamcop.net... > You are not supposed to top-post in this forum. Most old timers will not > read your posts for that reason. That said: > David, you haven't lurked here long enough; your assertions are quite > flawed in fact. > Pop > -- POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting whilst doing it oneself!!! ;-) From eddie at eddie.web Wed Apr 13 12:26:55 2005 From: eddie at eddie.web (eddie) Date: Wed Apr 13 11:30:07 2005 Subject: [SpamCop-List] Spam Subj: Low worth but big as sortment. Stay cert ain about your own health. Message-ID: Recent spam subject - now that's real promotion Quantity, not quality is our watchword. :) -- Once movie theaters gave out steak knives Today they confiscate them From gezgin at spamcop.net Wed Apr 13 19:46:22 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Apr 13 11:50:35 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Who died and made you moderator? "Pop" wrote in message news:d3ivm0$4f0$1@news.spamcop.net... > You are not supposed to top-post in this forum. Most old > timers will not -- Bob Kanyak's Doghouse http://www.kanyak.com From 0rio85a02 at sneakemail.com Wed Apr 13 09:18:51 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Wed Apr 13 12:35:05 2005 Subject: [SpamCop-List] Displayed as read Spam Message-ID: I have started to receive 1 or two spams a day where it shows as being read in my OE spam folder, when in fact I have NOT opened it. Anybody else have that happening? Please no swipes at 'microwonderfuldamnsoft' OE. Fred k From porpoise1954 at yahoo.co.uk Wed Apr 13 19:25:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 13:35:05 2005 Subject: [SpamCop-List] Re: Displayed as read Spam References: Message-ID: "Fred k" <0rio85a02@sneakemail.com> wrote in message news:d3jhlp$dqu$1@news.spamcop.net... >I have started to receive 1 or two spams a day where it shows as being read >in my OE spam folder, when in fact I have NOT opened it. Anybody else have >that happening? Please no swipes at 'microwonderfuldamnsoft' OE. > > Fred k > Aha! That'll be the phantom spam opener..........!! We seek him here, we seek him there............. ;-) From nobody at nowhere.com Wed Apr 13 15:05:49 2005 From: nobody at nowhere.com (Robert) Date: Wed Apr 13 14:05:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3j94o$96i$1@news.spamcop.net... > I'm not sure I correctly understand what 'so what?' means. > > If it means 'so what' if you can't report to spamcop? > If it means 'so what' if the headers are RFC non-compliant? > If it means 'so what' if /I/ don't like the headers? Yes x 3. > The strongest argument should be that the headers are non-compliant. > > RFC 2822 defines the structure of internet message format. He should > care about that. He's not much of an admin if he doesn't know what that > RFC contains. We're talking about an MS product, here. I wouldn't be surprised if neither the Exhcange admin course, nor the documentation, makes any mention of RFC standards. > He should care that his headers aren't compliant with those sections of > those RFCs. It makes him look pretty silly in the eyes of those who > configure their servers correctly. It makes him look like he doesn't > know what he is doing; ie that he doesn't know how to admin a mail > server. I'm sure that not only does he not care about how he looks to other admins, but he also doesn't care about anything beyond whether or not email is "working". I pointed out that our outgoing headers are wrong, too, and that AOL, Hotmail, and other ISP's are silently rejecting all email from us (and even our own email scanner silently rejects malformed headers), and his response was to ask me how much email I thought needed to be sent to AOL. I do appreciate you taking this time to explain things to me, Mike. At least now I'll have some technical backing to my arguments. It probably will be an argument. Bob From nobody at devnull.spamcop.net Wed Apr 13 15:56:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:00:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: You enjoy misrepresenting text, don't you; a relevent part is missing there. Have YOU stopped beating your wife yet? , BTW -- Let someone else do it I'm retired! "Porpoise" wrote in message news:d3jcb1$atm$1@news.spamcop.net... > > "Pop" wrote in message > news:d3ivm0$4f0$1@news.spamcop.net... >> You are not supposed to top-post in this forum. Most old timers will not >> read your posts for that reason. That said: >> David, you haven't lurked here long enough; your assertions are quite >> flawed in fact. >> Pop >> -- > > POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting > whilst doing it oneself!!! > > ;-) > From nobody at devnull.spamcop.net Wed Apr 13 15:57:16 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:00:30 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: NOYB. -- Let someone else do it I'm retired! "Gezgin" wrote in message news:d3jeuq$cbb$1@news.spamcop.net... > Who died and made you moderator? > > "Pop" wrote in message > news:d3ivm0$4f0$1@news.spamcop.net... >> You are not supposed to top-post in this forum. Most old timers will not > > -- > Bob > > Kanyak's Doghouse > http://www.kanyak.com > From nobody at devnull.spamcop.net Wed Apr 13 16:00:25 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:05:04 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: -- Let someone else do it I'm retired! "eddie" wrote in message news:pan.2005.04.13.00.06.30.276000@eddie.web... > On Mon, 11 Apr 2005 01:20:18 +0000, Blammo scratched out the following: > ... > I get those off and on. I suspect that the website it takes you to > attempts to infect your computer. I just report them and include a copy to > bluemountain with a note that their good name is being abused. If enough > people also report it to bluemountain they might take some kind of action, > if possible. I am careful to let bluemountain know that they are innocent > but someone is taking advangate of their name. Hmm, thanks for that info; I had one yesterday in fact, and didn't notice the forgery; was in kind of a hurry. I'll watch them closer now on. Regards, Pop From gezgin at spamcop.net Wed Apr 13 23:00:36 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Apr 13 15:05:15 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Since you're posting in a public forum and responding to my posts, it is, by definition, my business. In future, kindly use a distinctive email address so that I may kill-file you. Thank you for your cooperation on this issue. It will be greatly appreciated. -- Bob Kanyak's Doghouse http://www.kanyak.com "Pop" wrote in message news:d3jq27$in4$1@news.spamcop.net... > NOYB. > > -- > Let someone else do it > I'm retired! > "Gezgin" wrote in message > news:d3jeuq$cbb$1@news.spamcop.net... >> Who died and made you moderator? >> >> "Pop" wrote in message >> news:d3ivm0$4f0$1@news.spamcop.net... >>> You are not supposed to top-post in this forum. Most old >>> timers will not From porpoise1954 at yahoo.co.uk Wed Apr 13 23:16:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 17:25:27 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3jq1i$imu$1@news.spamcop.net... > You enjoy misrepresenting text, don't you; a relevent part is missing > there. Have YOU stopped beating your wife yet? > , BTW Prey do tell! How does pointing out that you were admonishing someone for top-posting whilst doing the very same yourself in the process, misrepresent text? Exactly? And, what does it have to do with wife-beating? > "Porpoise" wrote in message > news:d3jcb1$atm$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3ivm0$4f0$1@news.spamcop.net... >>> You are not supposed to top-post in this forum. Most old timers will not >>> read your posts for that reason. That said: >>> David, you haven't lurked here long enough; your assertions are quite >>> flawed in fact. >>> Pop >>> -- >> >> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >> whilst doing it oneself!!! >> >> ;-) >> > > From nobody at devnull.spamcop.net Wed Apr 13 18:05:52 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 13 18:10:29 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: He was not arrested for spamming. He was, between other things, arrested for impostering other people, i.e. using real people's email addresses as fake source addresses. There were other forgeries too, as were software licensing violations. He won't wiggle out of that one. Spam complaining, spamhaus, spamcop, that's all nice backend work. Here is the real stuff to do to get spammers off the street: 99% of the stuff spamvertised is illegal, that's why they have to use spam. Thus: Besides complaining about spam, I do when I have some time on my hand: my over 10 years old email account gets about 80 to 120 spams a day, most are flagged, quarantained, and then deleted; of the ones not flagged I report some from time to time (like just came in - out go reports, using spamcop since today), so there is no lack of good fresh spam; and from the mass I pick raisins out for this: - send every fake from: ..@aol.com, ...@microsoft.com, etc. to the very same companies for illegal use of their address/logos/likeness etc. Because that's what brings a spammer into the slammer. Mailto abuse@ with appropriate comments. - illegal microsoft software offers (XP for $50, cannot be!) get copied to piracy@microsoft.com, with a comment that the spammer for sure knows that this must be illegal since he uses a Microsoft based system: adding copies of relevant header portions!!!! This gets the Microsoft police right into the spammer's house to check if he does not use the specially priced SW himself! No matter where on earth he/she lives/operates/hopefully dies young!. Yes, they go, order, buy, slam. - illegal meds spam ('no prescription needed'), or offering class 1 sedatives over the net (valium and derivatives, e.g.) get reported here: http://www.fda.gov/oc/buyonline/buyonlineform.htm Also those with too low prices for meds, even under Canadian levels, get reported here: cannot be, must be fake! There is also an email address, not sure if that still works: webcomplaints@ora.fda.gov - these great stock offers that fly around and supposedly make everyone rich (why does the sender not use it himself and rest on a sunny beach instead of typing up lenghty junk emails?): forward these pump and dump scams to enforcement@sec.gov - pyramids, nigerians, 'make money while you sleep' I report occasionally at the big brother site http://www.ifccfbi.gov/index.asp, click on 'file a complaint'. This is also the place to complain immediately if you see spam with your own address as from: ! I got that as retaliation; I stayed on top of it, traced every email back, I bet that spammer has been slammed too. He sent between others from a UoWashington address! On a Sunday when I had time. I called their NOC. He moved to a different address. I called their NOC again. He moved to outside of the U, and did not know what hit him! It stopped on Tuesday (of course I did a report at the FBI site too :-} . He must have used some batch from a laptop which he restarted each time. Spammers _are_ stupid! While spam filtering is nice, it is just an endless race. These additional steps bring the spammer into the slammer. Yes, this requires some extra work. I do a couple a week. If everyone who receives spam would do just one a week, spam would be gone in a very short time. I don't mind giving my personal data to the FBI site for that; sure not everyone's cup of tea. Keep in mind: there are still the other steps that can be done... The more people do these additional steps, the more spammers will fill up the slammers! Let's not just lament: let's clean house! It works, as seen in this example arrest. The more complaints, the more the issue moves up on the agenda. That's how it works: the Internet is a legal-free zone; we are all responsible to keep it clean. We are the ones who have the power to oust this very little tiny fraction of misbehaving users, responsible for over 75% of all Internet traffic! There are only very few spammers out there. All engage in multiple illegal message sending. They are responsible for the content, since they fake the headers! That's what catches them: this action makes them an accessory to the illegal meds offering, the illegal pump and dump, and all that stuff. And that's what caught that guy. da skinny guy On Sun, 10 Apr 2005 14:29:46 +0300, Ilgaz Ocal wrote: > In article , > "rebbit" wrote: > >> Reffering to Associated Press, Jeremy James, a major spammer got arrested >> and sentanced for nine years in jail. >> Cause, or effect?: we haven't received a single spam today !!! >> It is about time that legislation get implemented, worldwide. >> Against those shaddy companies which promote counterfeited products, illegal >> drugs , and other trash. >> And against those immoral spammers looking for a quick buck. >> Rebbit > > I can only hope it will be a major story in major (non geek) news sites, > newspapers so it will make the newbie spammerwannabe think just 5 > seconds what he/she is getting into. > > From my personal point of view, I can easily tell that some of spams we > get are sent by people who doesn't know what "spam" is. Forget if they > know its illegal etc. > > A lifeless, jobless computer genius wannabe comes to his/her company, > hands a cd which actually looks like those commercial stuff from Adobe > etc, with box for $100. We aren't speaking about unlabeled , unbranded > CD-R here. Criminals know how to sell stuff via tricking people too. > > I actually stopped a poor company owner lecturing poor guy about what > spam is and how he will be hated by 99% of his consumers. I still have > the CD from him ($100) sitting next to my virus collection diskettes. > > Scanned with VirusBarrier/OS X (Mac), it includes a backdoor of course. > > I thought better to share that experience. > > Ilgaz Ocal > ps: Of course, I got the sarcasm :) From nobody at devnull.spamcop.net Wed Apr 13 18:22:04 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 13 18:25:41 2005 Subject: [SpamCop-List] spamcop pricing Message-ID: flame shield on.... ok visor down ...... ok I know from my workplace that they subscribe to spamcop via the ISP. Spam I get there is mostly rare, and flagged with, e.g., X-Note: Message fits SPAMHAUS SPAMCOP I guess the ISP contracts this service not for free, right? By reporting spam at the spamcop site, I help make this service better. So more people will pay for the other end (marking up emails). By doing this with 'fresh' and 'yummy' spam, I do actually help that most people won't get spammed in the first place. That's why I think the nag thing is wrong. Sure, have a contribution button for the more affluent between us. Nothing wrong with that. But the reporting basis should be un-nagged, because that's what makes spamcop work in the first place. Suggestion: Take off the nag and replace it with a voluntary contribution button. And have a little link that sez 'here is what you get as a paying contributor'. I agree that other services, like copies of reports, etc., should only be available with pay, because this is then a real service offered. The collection of reports is actually something that enables spamcop to live in the first place. If nobody would report spam to spamcop, well, you can close then, right? skg From nobody at devnull.spamcop.net Wed Apr 13 19:58:51 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 19:00:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Bunky, you do not need a valid email address to killfile. Only spam lovers and newbies use their real email addresses in newsgroups, the playground of spammers. Your rationalizing and out of context abilities are superceded only by your lack of brightness. Don't be such a coward; stand up to life. Kill away; no loss, I assure you. Pop -- Let someone else do it I'm retired! "Gezgin" wrote in message news:d3jqbt$j47$1@news.spamcop.net... > Since you're posting in a public forum and responding to my posts, it is, > by definition, my business. > > In future, kindly use a distinctive email address so that I may kill-file > you. > > Thank you for your cooperation on this issue. It will be greatly > appreciated. > > -- > Bob > > Kanyak's Doghouse > http://www.kanyak.com > > > "Pop" wrote in message > news:d3jq27$in4$1@news.spamcop.net... >> NOYB. >> >> -- >> Let someone else do it >> I'm retired! >> "Gezgin" wrote in message >> news:d3jeuq$cbb$1@news.spamcop.net... >>> Who died and made you moderator? >>> >>> "Pop" wrote in message >>> news:d3ivm0$4f0$1@news.spamcop.net... >>>> You are not supposed to top-post in this forum. Most old timers will >>>> not > From nobody at devnull.spamcop.net Wed Apr 13 20:08:20 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 19:10:05 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Porpoise" wrote in message news:d3k2jn$nc6$1@news.spamcop.net... > > "Pop" wrote in message > news:d3jq1i$imu$1@news.spamcop.net... >> You enjoy misrepresenting text, don't you; a relevent part is missing >> there. Have YOU stopped beating your wife yet? >> , BTW > > > Prey do tell! How does pointing out that you were admonishing someone for > top-posting whilst doing the very same yourself in the process, > misrepresent text? ===> Because the printed REASON for the top post was clearly pointed out, but snipped from the response post. It also indicated that anyone responding to the post should delete the top-post, since it had nothing to do with the subject of the post; it was only an attempt to gently explain something. The previous 4 or 5 posts were combinations of top/bottom posting with attendant chronology loss, and it seemed an interesting enough subject for others to read, that I wanted to encourage a consistant posting method: Top OR Bottom, but not both, and to follow what had already been done. If you consider the total text of my actual post to be an admonishment, then you have misread/misinterpreted it, or you never read the full post I made. Context is often important and it was badly misconstrued in the quote due to its incompleteness. Exactly? And, what does it have to do with > wife-beating? I'm sorry if that eludes you; I'll not waste further time until/unless I am convinced you have read my actual post, not a partial quote to force that poster's own meaning from it. No animosity here, not mad, but I do tend to respond in-kind to posts. Regards, Pop > > >> "Porpoise" wrote in message >> news:d3jcb1$atm$1@news.spamcop.net... >>> >>> "Pop" wrote in message >>> news:d3ivm0$4f0$1@news.spamcop.net... >>>> You are not supposed to top-post in this forum. Most old timers will >>>> not read your posts for that reason. That said: >>>> David, you haven't lurked here long enough; your assertions are quite >>>> flawed in fact. >>>> Pop >>>> -- >>> >>> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >>> whilst doing it oneself!!! >>> >>> ;-) >>> >> >> > > From MikeE at ster.invalid Wed Apr 13 17:13:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 19:15:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: skinnyguy wrote: > flame shield on.... ok > visor down ...... ok I'm not arguing or flaming here, because I don't really have a grasp yet of your point, except a little bit way further down. > I know from my workplace that they subscribe to spamcop via the ISP. > > Spam I get there is mostly rare, and flagged with, e.g., > > X-Note: Message fits SPAMHAUS SPAMCOP I don't know what that means. SpamCop has a very very dynamic SCbl blocklist of spamsources. Spamhaus has 2 different blocklists, both of which are considerably different than the scbl, the sbl and the sbl-xbl which is the sbl combined with the xbl, where the xbl is a combination of the cbl & the blitzed obm > I guess the ISP contracts this service not for free, right? Most likely the ISP uses publicly available [free] blocklists as the dnsbl lookup system. SC also asks for contributions to those who use the scbl http://www.spamcop.net/fom-serve/cache/291.html How do I configure my mailserver to reject mail based on the blocklist? > By reporting spam at the spamcop site, I help make this service > better. I use a client side filter SpamPal which uses the SCbl among other lists and strategies. I also spamcop report. Therefore I am helping my spamfilter filter for me. And I'm help the scbl help others. And others are helping my scbl filter. Etc. > So more people will pay for the other end (marking up emails). > By doing this with 'fresh' and 'yummy' spam, I do actually help that > most people won't get spammed in the first place. The earlier you report your spam the better, ergo little word motivators. > That's why I think the nag thing is wrong. Wrong? OK, shoot. > Sure, have a contribution button for the more affluent between us. > Nothing wrong with that. > > But the reporting basis should be un-nagged, because that's what makes > spamcop work in the first place. What makes spamcop work is a lot of things. Having a lot of [free] reporters is one thing. Having a lot of spamtraps is another. Having some paid reporters is another thing. Having mail subscribers is another thing. Having an IronPort sugardaddy now is another thing. I would imagine a few contribute for using the SCbl, but I don't know -- a lot of people/servers etc use it. There's also a fee for the zone transfer of the scbl. > Suggestion: > > Take off the nag and replace it with a voluntary contribution button. > And have a little link that sez 'here is what you get as a paying > contributor'. Take off the nag delay I presume you mean. Else the current condition is about what you say. > I agree that other services, like copies of reports, etc., should > only be available with pay, because this is then a real service > offered. It is a real service of significant magnitude and speed even with the free reporting. Think about it. > The collection of reports is actually something that enables spamcop > to live in the first place. Yes, it is true that having a lot of reporters is an advantage. The reporters also make a lot of mistakes and cause a lot of trouble for the deputies. Not too very long ago I learned that 'inanimate' spamtrap reporters are better reporters than live reporters. Some of us used to think there were too many 'bad' reporters and the number of reporters should be filtercombed, so that there would be less bad reporters and the quality of spamcop reporting would be improved. Julian figgered out some ways to decrease spamcop errors even from/by reporters who didn't have header reading skills. > If nobody would report spam to spamcop, well, you can close then, > right? It is true that reporters are an integral part of spamcop. The 'balance' between the nag and the perq/s for paid reporters must be just about right to suit most free and paid reporters. Also, it is not all that hard to defeat the inconvenience of the nag delay. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 13 17:24:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 19:25:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Oops. I missed an important comment. skinnyguy wrote: > By reporting spam at the spamcop site, I help make this service > better. Yes. You in particular, like I in particular, make some individual miniscule contribution; which in the great scheme of things is negligible; but in the aggregate, we all make up the important contribution. > So more people will pay for the other end (marking up emails). This is the important line I missed commenting. No. There isn't really money to be made by SC from people's usage of the SCbl, which is fundamentally free and doesn't have any kind of nag delay for those who don't pay. In fact, almost all of the people who use the free SCbl probably never see the SC page inviting them to make a contribution. -- Mike Easter kibitzer, not SC admin From not at home.today Thu Apr 14 02:02:03 2005 From: not at home.today (Ant) Date: Wed Apr 13 20:05:05 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: "Mike Easter" wrote: > I'm not a fan of rfc-ignorant; Why not? > EL isn't going to pay any attention to > being listed there; and getting EL listed there only has the potential > to cause me some kind of problem, not some kind of solution. My ISP is listed for no postmaster@ or abuse@. I don't like it, but I've had no problems yet. Perhaps that's because their IP space is leased from a larger provider who are not listed. > spamcop.net is currently listed in rfc-ig in 2 categories, and Julian > doesn't agree that the rfc-ig listing is appropriate. But, there you > go. I see that postmaster@ and abuse@ is not read. Do you know why this might not be an appropriate cause for listing? From MikeE at ster.invalid Wed Apr 13 18:42:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 20:45:08 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Ant wrote: > "Mike Easter" wrote: > >> I'm not a fan of rfc-ignorant; > > Why not? What rfc-ignorant is supposed to be all about is about being compliant. Therefore you would think that the website and the process would be all about the fine points of being compliant. But it isn't. Whatever rfc-ignorant is, it isn't all about what it really means to be compliant; in fact, I would think the #1 'mission' of rfc-ignorant would be all about a 'meaningful' and competent idea of what the compliances would be. But it isn't. Here's a piece of what rfc-i sez: A listing here simply implies that a site has chosen not to implement the conditions described in a particular RFC. It is, of course, up to other sites to decide for themselves whether or not they wish to communicate with sites that have not chosen to implement, say, RFC2142, Personally, I would never block mailfrom a domainname on the basis of the domainname being listed somewhere in rfc-i. Would you? rfc-i is that classic 'conflict' between the frustrations of those who wish they could make others do as they wish, and an inability to /actually/ do that. So, they are left with choices that resemble cutting off their nose to spite their face. It is one thing to say 'my server, my rules' -- but if your server is serving 'others', then what you are actually doing is imposing your frustrations on others. Then, we get into the business of the mechanism of how rfc-i does a listing, or doesn't do a listing, or undoes a listing. Then, we should also get into the business of just exactly and precisely what complying really means. Unfortunately, rfc-i, which should be seriously uptospeed on what the RFC actually sez and what the RFC actually means, and what the 'significance' of the various *kinds* of RFCs is really all about -- doesn't actually happen at rfc-i. rfc-i is not actually a useful place to go find out what the 'rules' are. It appears to me that rfc-i actually doesn't have much of a clue about what the /meaning/ of RFCs is. If rfc-i doesn't know what the RFCs mean, what is it doing being so presumptuous as to be listing something for not being compliant? And, the listing is about domainnames! What are you going to do with a listing of domainnames? Who uses domainnname listings for anything?! So; I have no respect for rfc-i because it doesn't *KNOW* about RFCs, so that makes it 'RFC ignorant'. Or, at least its website doesn't convince me that it knows about RFCs. It has simply devised a scheme for listing domainnames. And, people who like to think they are powerful and important because they get to choose what to block at their servers to 'teach someone a lesson' do things like using rfc-i. So let them. That's their perogative. But if blocking a domainname affects some people because of rfc-i's RFC ignorance, then something else is wrong. > My ISP is listed for no postmaster@ or abuse@. I don't like it, but > I've had no problems yet. Perhaps that's because their IP space is > leased from a larger provider who are not listed. Or perhaps because no one gives a sh*t whether something is rfc-i listed or not. >> spamcop.net is currently listed in rfc-ig in 2 categories, and Julian >> doesn't agree that the rfc-ig listing is appropriate. But, there you >> go. > > I see that postmaster@ and abuse@ is not read. Do you know why this > might not be an appropriate cause for listing? The system spamcop uses is not compatible with the system which rfc-i uses for [not] listing. -- Mike Easter kibitzer, not SC admin From zypher at spamcop.net Wed Apr 13 20:47:34 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Apr 13 20:50:05 2005 Subject: [SpamCop-List] Another View of the Jaynes Case Message-ID: http://www.fool.com/News/mft/2005/mft05041306.htm From nobody at devnull.spamcop.net Wed Apr 13 20:58:29 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Apr 13 20:55:04 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: spamcop is more like a farmers' co-op than anything else. If you aren't running a server yourself, then if you contribute (thru reporting or 'donating' to get more services), it is entirely altruistic, but not tax deductible because it is donating to a for-profit business. It is a mistake, IMHO, not to recruit end users as a non-profit organization, but then I am not the brilliant programmer Julian is and can't compete. Miss Betsy From MikeE at ster.invalid Wed Apr 13 19:11:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 21:15:09 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Miss Betsy wrote: > spamcop is more like a farmers' co-op than anything else. If you > aren't running a server yourself, then if you contribute (thru > reporting or 'donating' to get more services), it is entirely > altruistic, but not tax deductible because it is donating to a > for-profit business. > > It is a mistake, IMHO, not to recruit end users as a non-profit > organization, but then I am not the brilliant programmer Julian is > and can't compete. I don't understand the business model you are alluding to. Suppose SC were some kind of non-profit business. What would its business model be? Where does the 'profit' ie the non-profit income come from? What would the balance sheet look like? -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Apr 14 02:17:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 13 21:20:03 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On 12 Apr 2005 eddie entered spamcop and left news:pan.2005.04.13.00.06.30.276000@eddie.web: > I just report them and include a copy to > bluemountain with a note that their good name is being abused. If > enough people also report it to bluemountain they might take some kind > of action, if possible. I am careful to let bluemountain know that > they are innocent but someone is taking advangate of their name. So what's the address for that? abuse? -- | Ric | From nobody at devnull.spamcop.net Wed Apr 13 21:50:15 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Apr 13 21:50:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" wrote in message news:d3kfth$uv4$1@news.spamcop.net... > I don't understand the business model you are alluding to. > > Suppose SC were some kind of non-profit business. What would its > business model be? > > Where does the 'profit' ie the non-profit income come from? What would > the balance sheet look like? If spamcop were a non-profit organization to help people protect themselves and the internet from spam, they would have to have a community Board of Directors (who would have a vote on whether to allow Cyvellience to have data or not). The paid stafff would be paid competitive wages, but the donations and payments for services would be separate accounts for accounting purposes and the decisions on policy would be made by the Board of Directors, not the staff. A co-op is also a non-profit organization designed to pool resources and thus compete with larger for-profit businesses, but its mission is not altruistic, but to give its members a competitive advantage. Although members have no say in the policies and practices of spamcop, the way they would in a real co-op, Julian often listens and it is advantageous to both Julian and the smaller server admins who need a blocklist. There is no advantage to an end user; it is only pure altruism to contribute to the spamcop bl - particularly when an end user can avoid getting spam in serveral very easy ways. Miss Betsy From MikeE at ster.invalid Wed Apr 13 21:22:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 23:35:18 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Miss Betsy wrote: > "Mike Easter" >> I don't understand the business model you are alluding to. >> >> Suppose SC were some kind of non-profit business. What would its >> business model be? >> >> Where does the 'profit' ie the non-profit income come from? What >> would the balance sheet look like? > > If spamcop were a non-profit organization to help people protect > themselves and the internet from spam, they would have to have a > community Board of Directors (who would have a vote on whether to > allow Cyvellience to have data or not). Well, that's about the governance. From a business model point of view, I would be more concerned about the mechanisms for the income and the outgo than who/what/how some kind of policy decisions are made. Unfortunately, neither of us has any concept of how the bucks work, so arguing or discussing some kind of non-profit structure for a model in which the balance sheet can't even be imagined doesn't go anywhere. > The paid stafff would be > paid competitive wages, I read somewhere like nanae that some functions like deputy that were once volunteer have become paid - but that evolution must've come about because of IronPort, not because the business model really supported it. > but the donations and payments for services > would be separate accounts for accounting purposes and the > decisions on policy would be made by the Board of Directors, not > the staff. You may have some familiarity with co-op and non-profit models and how they are governed and the advantages of some kind of governance which comes from the 'community' outside the entity -- but my own experience with small business models has been that the whole glitch, the nut, the survival of the entity, is all about the balance between the $ coming in and the $$ going out. The governance can be by a pointed haired manager, a benevolent dictator, an egalitarian community board of directors, or Satan himself -- but somehow the $ and the $$ have to work themselves out. > A co-op is also a non-profit organization designed to pool > resources and thus compete with larger for-profit businesses, but > its mission is not altruistic, but to give its members a > competitive advantage. Although members have no say in the > policies and practices of spamcop, the way they would in a real > co-op, Julian often listens and it is advantageous to both Julian > and the smaller server admins who need a blocklist. There is no > advantage to an end user; it is only pure altruism to contribute to > the spamcop bl - particularly when an end user can avoid getting > spam in serveral very easy ways. How does the non-profit model enhance the general situation [which is usually 'stressful' because $$ out may exceed $ in] about the balance sheet? I'm not saying that non-profits can't have enormous incomes which find ways to distribute that income -- or that non-profits aren't big money-losers underwritten by something generous or charitable - depending. But I would think that being designated non-profit or ostensibly for profit is rather immaterial compared to the necessity to have the income $ keep up with the outgoing $$. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Thu Apr 14 02:32:21 2005 From: eddie at eddie.web (eddie) Date: Thu Apr 14 01:35:34 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On Thu, 14 Apr 2005 01:17:35 +0000, Blammo scratched out the following: > On 12 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.13.00.06.30.276000@eddie.web: > >> I just report them and include a copy to bluemountain with a note that >> their good name is being abused. If enough people also report it to >> bluemountain they might take some kind of action, if possible. I am >> careful to let bluemountain know that they are innocent but someone is >> taking advangate of their name. > > So what's the address for that? abuse? As I recall, now, I think I manually forwarded it with a note it to both postmaster and abuse. Neither bounced so I assume they got it. Their website only has a CGI form, but I assume one could post the spam in the box with a note. I just don't like to see honest companies get a bad rap or rep so I thought they should be made aware of the problem since they may get complaints from people who fell for the phish, virus or scam. -- Once movie theaters gave out steak knives Today they confiscate them From sache at grignon.inra.fr Thu Apr 14 10:12:21 2005 From: sache at grignon.inra.fr (Ivan Sache) Date: Thu Apr 14 03:15:04 2005 Subject: [SpamCop-List] Re: Yet another variation of the Nigerian scam - this time about thePope! References: Message-ID: <425E17D4.1F56AECE@grignon.inra.fr> Hi, Stewart Gordon wrote: > They didn't take long to start spams/scams based around this event! > ---------- > From: "BernardinGantin "
Peace and Blessing be unto you in the name of our Lord > Jesus Christ.
Let me start by introducing myself. I am Cardinal > Bernardin Gantin,   Prefect Emeritus, Congregation for the > Bishops. ...
Private Email:cardinalbernardin@yahoo.com [Full spam posted by Stewart in .spam. I have redirected my answer to .spamcop, hoping I haven't goofed again.] > ---------- Cardinal Bernard Gantin is a real Cardinal. Born in 1922 in Cotonou (Benin), he was the first African Bishop (elected in 1956); he is today the Emeritus Dean of the College of Cardinals. Note that Cardinals are strictly forbidden to communicate with the outside world until the election of the new Pope; this probably holds for e-mail, too. Moreover, I don't believe a high-rank Cardinal would use the same terminology in his "proposal" as Mrs. Mariam Abacha and publish his secrete discussions with the late Pope. Dave Lerner wrote: > The @yahoo.com email address is especially convincing. :) There was probably no @yahoo.va available :-) (.va is the TLD for the Holy See, aka Vatican). I am still waiting proposals from Monaco (.mc). Prince Rainier III passed away last week and there is a lot of money stored in banks in Monaco. Since the bank system there is fairly opaque, 419 from Monaco could look legit at first sight. Regards -- Ivan Sache From nobody at devnull.spamcop.net Thu Apr 14 03:29:55 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 14 03:30:03 2005 Subject: [SpamCop-List] Re: major spammer arrested In-Reply-To: References: Message-ID: skinnyguy wrote: > He was not arrested for spamming. > He was, between other things, arrested for impostering other people, i.e. > using real people's email addresses as fake source addresses. > > There were other forgeries too, as were software licensing violations. Who are you talking about? When you top post instead of snipping what you aren't replying to and adding your own comments below each quoted point, it makes it harder for people to read and understand your comments. Please do not top post. Notice how most everyone else here snips and posts their comments below the quoted material. From porpoise1954 at yahoo.co.uk Thu Apr 14 09:40:37 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Apr 14 03:50:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3k8p0$r34$1@news.spamcop.net... > "Porpoise" wrote in message > news:d3k2jn$nc6$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3jq1i$imu$1@news.spamcop.net... >>> You enjoy misrepresenting text, don't you; a relevent part is missing >>> there. Have YOU stopped beating your wife yet? >>> , BTW >> >> >> Prey do tell! How does pointing out that you were admonishing someone for >> top-posting whilst doing the very same yourself in the process, >> misrepresent text? > ===> Because the printed REASON for the top post was clearly pointed out, > but snipped from the response post. It also indicated that anyone > responding to the post should delete the top-post, since it had nothing to > do with the subject of the post; it was only an attempt to gently explain > something. The previous 4 or 5 posts were combinations of top/bottom > posting with attendant chronology loss, and it seemed an interesting > enough subject for others to read, that I wanted to encourage a consistant > posting method: Top OR Bottom, but not both, and to follow what had > already been done. > If you consider the total text of my actual post to be an admonishment, > then you have misread/misinterpreted it, or you never read the full post I > made. Context is often important and it was badly misconstrued in the > quote due to its incompleteness. Because?...... It wasn't completely top-posted? > > Exactly? And, what does it have to do with >> wife-beating? > I'm sorry if that eludes you; I'll not waste further time until/unless I > am convinced you have read my actual post, not a partial quote to force > that poster's own meaning from it. Yup. It totally eludes me what wife-beating has to do with top-posting (which was the subject of the relevant section). > > No animosity here, not mad, but I do tend to respond in-kind to posts. So where was your smiley then? 8-() > > Regards, > > Pop > >> >> >>> "Porpoise" wrote in message >>> news:d3jcb1$atm$1@news.spamcop.net... >>>> >>>> "Pop" wrote in message >>>> news:d3ivm0$4f0$1@news.spamcop.net... >>>>> You are not supposed to top-post in this forum. Most old timers will >>>>> not read your posts for that reason. That said: >>>>> David, you haven't lurked here long enough; your assertions are quite >>>>> flawed in fact. >>>>> Pop Sorry, you are partially correct. I guess I should have snipped the "That said: David, you haven't lurked here long enough; your assertions are quite flawed in fact." part of the quote. That would have made it perfectly clear it was ONLY the top-posting bit I was commenting about - nothing to do with the rest of the original post. >>>>> -- >>>> >>>> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >>>> whilst doing it oneself!!! >>>> >>>> ;-) >>>> >>> >>> >> >> > > From devnull at spamcop.net Thu Apr 14 08:05:43 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Apr 14 07:25:12 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" | Miss Betsy wrote: | > spamcop is more like a farmers' co-op than anything else. If you | > aren't running a server yourself, then if you contribute (thru | > reporting or 'donating' to get more services), it is entirely | > altruistic, but not tax deductible because it is donating to a | > for-profit business. | > | > It is a mistake, IMHO, not to recruit end users as a non-profit | > organization, but then I am not the brilliant programmer Julian is | > and can't compete. | | I don't understand the business model you are alluding to. | | Suppose SC were some kind of non-profit business. What would its | business model be? | | Where does the 'profit' ie the non-profit income come from? What would | the balance sheet look like? don't know the business plan but I expect that Iron Port has use for the data collectd as does Cyvellience so there has to be some profit in there somewhere. From devnull at spamcop.net Thu Apr 14 08:09:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Apr 14 07:25:35 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" | How does the non-profit model enhance the general situation [which is | usually 'stressful' because $$ out may exceed $ in] about the balance | sheet? I'm not saying that non-profits can't have enormous incomes | which find ways to distribute that income -- or that non-profits aren't | big money-losers underwritten by something generous or charitable - | depending. But I would think that being designated non-profit or | ostensibly for profit is rather immaterial compared to the necessity to | have the income $ keep up with the outgoing $$. Non profit does not automatically equate to 'no profit' to someone. take for example these 'non-profit' credit counseling companies. they are set up under IRS rules that prevent them from showing a profit. Compliance is satisfied by paying all $ out with what would be 'profit' going to the founders typically as salary or consultant fees. From nobody at devnull.spamcop.net Thu Apr 14 08:07:54 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Apr 14 08:05:29 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: > How does the non-profit model enhance the general situation [which is > usually 'stressful' because $$ out may exceed $ in] about the balance > sheet? I'm not saying that non-profits can't have enormous incomes > which find ways to distribute that income -- or that non-profits aren't > big money-losers underwritten by something generous or charitable - > depending. But I would think that being designated non-profit or > ostensibly for profit is rather immaterial compared to the necessity to > have the income $ keep up with the outgoing $$. In a for-profit business, the product or service has to be sold in order to pay for the overhead, capital expenses, and salaries. The owner gets the 'profit'. No owner can continue to market a product or service unless sales are large enough to, at least, pay the overhead, capital expenses, and salaries. Since the owner gets what is generated over and above those expenses, someone who makes a 'donation' is putting money into the owner's pocket. The owner is the only one responsible for policy. In a non-for-profit business, the same expenses are necessary, however the purpose of the product or service is not to generate income, but to provide what the members think is a necessary product or service. Prices are not based on what the owner hopes to make, but on what is necessary to pay the bills. In a cooperative, the members are hoping to reduce individual overhead, operating costs, salaries, and to pool capital expenses so that the product or service that they offer is more competitve in the open market. IOW, they are the owners and anything made over and above the operating costs are returned to them in cheaper memberships or enhanced services - perhaps even dividends. The members are the owners and direct the policies as opposed to for-profit where the customers vote with their purses. In a co-op the customers vote also by buying or not buying, but the members also have a say in how and what to market. In other non-profits who hope to contribute something needed that it isn't being provided (or provided cheaply enough for some), it is the product or service that is being provided as cheaply as possible. They do not want to make a profit unlike the other two models. They do need money for the overhead costs, salaries, capital expenses, but as far as possible, they try to reduce those costs through volunteer labor and donations. The owners are the donors who provide the money that isn't made by sales and who believe that the product or service is necessary for the common good. The reporting side of spamcop is entirely altruistic unless you use the blocklist from the point of the user when it becomes more like a co-op. The email service is like a credit union where what you put in benefits you. Another model could be a for-profit recyling or health food business started by owners who think that there is a profit in catering to those who are concerned about the environment or health. Those owners may, or may not, be altruistic in their motives and may, or may not, plow the profits back so as to provide more products or services to more people. Like other for-profits, like-minded people vote with their purses for the services, but have no say in any policies and are unlikely to make a donation to keep the business running - unless like spamcop, it is the only business providing that service and they have complete faith in the owner's integrity. None of these models is 'better' than another except for the purpose. IMHO, getting people to support the use of blocklists is the primary way of stopping spam (and preserving the freedom and availability of the internet). That would be best be done by a not-for-profit organization where members have control of the policies and where the purpose is not just to provide a service for those who use the blocklist or the email service, but to promote user education. As it is, it is only if one uses either the blocklist or the email service for filtering that spamcop is useful and spamcop is only one of many ways to filter spam (or to have a spam free inbox). However, since it is the only way that a relatively non-fluent user can 'do' something about spam, many people want to use it for altruistic purposes - to stop spammers. They are willing to contribute to the blocklist to make it effective for others to use and some are even willing to contribute to operating costs (paying more for services or paying for services they don't need so that others have the filtering services) so that server admins are notified and spammers stopped by the blocklist. They think that they are contributing to the community good. It causes a certain amount of confusion in some situations where there is a conversation with someone who is just buying a service and isn't concerned at all about higher purposes. And that hurts both the models who are selling something and the model that is designed to promote the common good. But since spamcop is a for-profit business and Julian=spamcop, that's his problem (and now Ironport's), not mine. In another discussion about this subject, it was pointed out that for-profit hospitals also have volunteer organizations and foundation funds. IMHO, that's crazy. So there is a model for a for-profit business being supported by volunteers and donations, but money for services and donations are certainly required to be accounted for separately. My $.02 USD Miss Betsy From devnul at spamcop.net Thu Apr 14 10:41:28 2005 From: devnul at spamcop.net (Spamvireslayer) Date: Thu Apr 14 09:45:04 2005 Subject: [SpamCop-List] Junk Fax vote Message-ID: I know this has been discussed here before, mostly by me! I received the following from junkfax.org, they're asking people to call their senators to demand they vote against the bill. I did and they're both (shudder) Republicans..... You are getting this email because you (or someone you know) registered your email at www.junkfax.org. I promised we would rarely contact you. Most of you have NEVER been contacted. But now we need your help URGENTLY because Congress plans on passing a bill TODAY that will render your fax machine useless. Congress wants to turn your fax machine into a printing press for advertisers. If you don't call BOTH your Senators to complain, they will think nobody minds, and this bill WILL PASS (see instructions below on how to make the call). If you thought you were getting too much junk on your fax machine before, you ain't seen nothin' yet. Due to pressure from business groups and trade associations, they are about to LEGALIZE the sending of junk faxes! That's right, they are going to do for junk faxes what they did recently to spam....make it LEGAL to do as long as the advertiser adds an "opt out" notice on it (with no time frame for compliance) and remembers to put the number to use to opt out (if they forget to do that, you can't opt out). And non-profits don't even have to put an opt out notice on their faxes. So it's a real bonanza for businesses. So now all these businesses can save major $$$ on their advertising costs since fax advertising is MUCH cheaper than direct mail (about 20 times cheaper!) because they are shifting all the costs to you!!! And you have no say in the matter and may be completely unable to opt out. Think of thousands of business letting you know about all the great deals on health insurance, mortgages, vacations, and stock tips. Today it is ILLEGAL to send junk faxes and so only a few people did. But that's about to change. Congress is about to make sending junk faxes LEGAL so you'll be getting 10 to 100 times more unwanted advertising sent to your fax machine without your consent. You can read my Senate testimony against this bill at yesterday's hearing: http://commerce.senate.gov/hearings/witnesslist.cfm?id=1457 At the hearing, they didn't dispute a single point I made! But it didn't change the bill one bit!!!! Even though they said I made good points (such as "no recipient wants to receive more junk faxes...ask them yourself!"), they didn't want to change so much as a comma. If you are as outraged at this as I am, you MUST CALL YOUR SENATORS TODAY. Not tomorrow. Not in a week. RIGHT NOW. This bill is going for a vote TODAY. It could pass the Senate TODAY. You MUST ACT RIGHT NOW. Do NOT assume someone else will do it and you don't have to. They count the TOTAL number of calls, not whether one person called. The more people call, the better. Get your friends to call too if they get junk faxes. step 1: go to: http://www.senate.gov/index.htm and select your state from the drop down. step 2: call each senator at the number listed. You only have to make TWO phone calls. A staff person will answer the phone. step 3: say the following: "my name is john smith. I live at 124 easy street in san jose, California. I am calling to DEMAND that Senator vote AGAINST S.714 (the Junk Fax bill) unless the "EBR exemption" is REMOVED ENTIRELY. Your Senator NEEDS to hear from you. The business community is VERY well organized and has been lobbying heavily to be able to open up your fax machine as the next frontier in low-cost mass advertising. For more info, please see: http://www.junkfax.org/fax/legislation/jfpa.htm From nobody at devnull.spamcop.net Thu Apr 14 10:49:30 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Apr 14 09:50:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: ... >>> "Pop" wrote in message >>> news:d3jq1i$imu$1@news.spamcop.net... >>>> You enjoy misrepresenting text, don't you; a relevent part is missing >>>> there. Have YOU stopped beating your wife yet? >>>> , BTW ===> The 's the "smiley" you were looking for ;-(). Maybe you're too young for , , < g >, < GGGG > and so on? >>> >>> ===> Actually, I'll have you know that: 1, Youve given me one hell of a morning and thoroughly confused me, and 2, I don't enjoy eating crow!! (Place smiley here). FIRST of all, you (and others) were absolutely correct in what you said I posed at the top of that mail! SECOND, that's not what I intended to post! Occasionally I type with my palms and an email just "disappears" on me, usually never to be seen again! That happened to me twice during that post. So, when that first response "disappeared", I didn't catch that it went to the Outbox and stayed there. All I knew was it didn't go to Sent, which meant I didn't embarass myself! Uhhhh, right? mmmm, so, after a few CTRL-Zs, I got my post back, and completed it. Including fixing the portion of the top post that's got all the livers quivering here 8--{. HOWever, I forgot I was off-line next! So, it went to the Outbox, ready to be sent. I clicked on Send and was half way out the door when I saw the message it didn't go. So, I came back and clicked the Outbox, Sent it, and managed to send the wrong one, which I managed to discover this morning. Therefore, youse guys was talking about what I Sent to the group, and I was talking about what I -meant- to send to the group! Listen to what I meant, not what I said, will you?! ;-) I have no idea what went on because what finally got sent wasn't really either of the two compositions; the original start or the second CTRL-Z'd finish-up, and even I think my explanation above leaves a lot to be desired, so I guess all I can say is; Apologies to the group! I did a stoopid and admit it. I'll take my 50 lashes with a wet spammer's tongue long's I can wear a winter coat! Sometimes I really enjoy it when things ramble OT like this, but not this time. The entertainment value went negative on me all of a sudden. Rather grudgingly, I offer Porpoise a thank-you for making me go figure this out. ;-) Regards, Pop Embarasments available in previous posts. From porpoise1954 at yahoo.co.uk Thu Apr 14 16:24:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Apr 14 10:35:11 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3lsd5$nn4$1@news.spamcop.net... > ... >>>> "Pop" wrote in message >>>> news:d3jq1i$imu$1@news.spamcop.net... >>>>> You enjoy misrepresenting text, don't you; a relevent part is missing >>>>> there. Have YOU stopped beating your wife yet? >>>>> , BTW > > ===> The 's the "smiley" you were looking for ;-(). Maybe you're too > young for , , < g >, < GGGG > and so on? >>>> >>>> > > ===> Actually, I'll have you know that: 1, Youve given me one hell of a > morning and thoroughly confused me, and 2, I don't enjoy eating crow!! > (Place smiley here). > > Snipped embarASSment.......... > > I have no idea what went on because what finally got sent wasn't really > either of the two compositions; the original start or the second CTRL-Z'd > finish-up, and even I think my explanation above leaves a lot to be > desired, so I guess all I can say is; Apologies to the group! I did a > stoopid and admit it. I'll take my 50 lashes with a wet spammer's tongue > long's I can wear a winter coat! ........49 ........50 Done! > Sometimes I really enjoy it when things ramble OT like this, but not > this time. The entertainment value went negative on me all of a sudden. > Rather grudgingly, I offer Porpoise a thank-you for making me go figure > this out. ;-) > Aw shucks, 'twas nuthin'. Glad to have been of service ;-) From eddie at eddie.web Thu Apr 14 14:40:02 2005 From: eddie at eddie.web (eddie) Date: Thu Apr 14 13:48:50 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: On Wed, 13 Apr 2005 17:22:04 -0500, skinnyguy scratched out the following: > flame shield on.... ok > visor down ...... ok > > I know from my workplace that they subscribe to spamcop via the ISP. > > Spam I get there is mostly rare, and flagged with, e.g., > > X-Note: Message fits SPAMHAUS SPAMCOP > > I guess the ISP contracts this service not for free, right? > > By reporting spam at the spamcop site, I help make this service better. So > more people will pay for the other end (marking up emails). By doing this > with 'fresh' and 'yummy' spam, I do actually help that most people won't > get spammed in the first place. > > That's why I think the nag thing is wrong. > > Sure, have a contribution button for the more affluent between us. Nothing > wrong with that. > > But the reporting basis should be un-nagged, because that's what makes > spamcop work in the first place. > > Suggestion: > > Take off the nag and replace it with a voluntary contribution button. And > have a little link that sez 'here is what you get as a paying > contributor'. > > I agree that other services, like copies of reports, etc., should only be > available with pay, because this is then a real service offered. > > The collection of reports is actually something that enables spamcop to > live in the first place. > > If nobody would report spam to spamcop, well, you can close then, right? > > skg I have used spamcop since the early days when it was free and now I am a paying user. It costs less than 10 cents a day. If you cannot afford 10 cents a day to have your spam sorted and make reporting easy, then your time isn't very valuable at all. Besides being an excellent spamfilter, SC provides me with email access from anywhere in the world, from any ISP. Again, 10 cents a day? You can't even get a good cigar for that price anymore :) C'mon be serious -- Once movie theaters gave out steak knives Today they confiscate them From devnul at spamcop.net Thu Apr 14 10:44:28 2005 From: devnul at spamcop.net (Spamvireslayer) Date: Thu Apr 14 15:00:03 2005 Subject: [SpamCop-List] Re: Junk Fax vote References: Message-ID: Spamvireslayer wrote: > I know this has been discussed here before, mostly by me! I received the following > from junkfax.org, they're asking people to call their senators to demand they vote > against the bill. I did and they're both (shudder) Republicans..... > > > You are getting this email because you (or someone you know) registered your email at > www.junkfax.org. > > > I promised we would rarely contact you. Most of you have NEVER been contacted. But > now we need your help URGENTLY because Congress plans on passing a bill TODAY that > will render your fax machine useless. Congress wants to turn your fax machine into a > printing press for advertisers. If you don't call BOTH your Senators to complain, > they will think nobody minds, and this bill WILL PASS (see instructions below on how > to make the call). > > > If you thought you were getting too much junk on your fax machine before, you ain't > seen nothin' yet. Due to pressure from business groups and trade associations, they > are about to LEGALIZE the sending of junk faxes! > > > That's right, they are going to do for junk faxes what they did recently to > spam....make it LEGAL to do as long as the advertiser adds an "opt out" notice on it > (with no time frame for compliance) and remembers to put the number to use to opt out > (if they forget to do that, you can't opt out). And non-profits don't even have to > put an opt out notice on their faxes. So it's a real bonanza for businesses. So now > all these businesses can save major $$$ on their advertising costs since fax > advertising is MUCH cheaper than direct mail (about 20 times cheaper!) because they > are shifting all the costs to you!!! And you have no say in the matter and may be > completely unable to opt out. Think of thousands of business letting you know about > all the great deals on health insurance, mortgages, vacations, and stock tips. > > > Today it is ILLEGAL to send junk faxes and so only a few people did. But that's about > to change. Congress is about to make sending junk faxes LEGAL so you'll be getting 10 > to 100 times more unwanted advertising sent to your fax machine without your consent. > > > You can read my Senate testimony against this bill at yesterday's hearing: > > http://commerce.senate.gov/hearings/witnesslist.cfm?id=1457 > > > At the hearing, they didn't dispute a single point I made! But it didn't change the > bill one bit!!!! Even though they said I made good points (such as "no recipient > wants to receive more junk faxes...ask them yourself!"), they didn't want to change > so much as a comma. > > > If you are as outraged at this as I am, you MUST CALL YOUR SENATORS TODAY. Not > tomorrow. Not in a week. RIGHT NOW. This bill is going for a vote TODAY. It could > pass the Senate TODAY. You MUST ACT RIGHT NOW. > > > Do NOT assume someone else will do it and you don't have to. They count the TOTAL > number of calls, not whether one person called. The more people call, the better. Get > your friends to call too if they get junk faxes. > > > step 1: > > go to: > > http://www.senate.gov/index.htm > > and select your state from the drop down. > > > step 2: > > call each senator at the number listed. You only have to make TWO phone calls. A > staff person will answer the phone. > > > step 3: > > say the following: "my name is john smith. I live at 124 easy street in san jose, > California. I am calling to DEMAND that Senator vote AGAINST > S.714 (the Junk Fax bill) unless the "EBR exemption" is REMOVED ENTIRELY. explain that you are upset and do not want more junk faxes and to have additional new > EBR exemptions so that businesses can legally send you JUNK faxes> > > > Your Senator NEEDS to hear from you. The business community is VERY well organized > and has been lobbying heavily to be able to open up your fax machine as the next > frontier in low-cost mass advertising. > > > For more info, please see: > > http://www.junkfax.org/fax/legislation/jfpa.htm Disregard... I'm a clueless idiot. From ivan at gmail.com Thu Apr 14 22:37:04 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Thu Apr 14 15:40:31 2005 Subject: [SpamCop-List] Re: Yet another variation of the Nigerian scam - this time about thePope! In-Reply-To: <425E17D4.1F56AECE@grignon.inra.fr> References: <425E17D4.1F56AECE@grignon.inra.fr> Message-ID: Ivan Sache wrote: > Hi, > > Stewart Gordon wrote: > > >>They didn't take long to start spams/scams based around this event! I was expecting it. Ivan. From ivan at gmail.com Thu Apr 14 22:41:18 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Thu Apr 14 15:45:04 2005 Subject: [SpamCop-List] Re: spamcop pricing In-Reply-To: References: Message-ID: Just forward spam to spamcop with your forwarding address, then redirect all emails from spamcop@devnull.spamcop.net to /dev/null. Or just paste a spam, click "report spam", then click stop immediately, do the same for all the spams. Then reload and go through your spams by using the "Report spam now" for unreported spam. Ivan. From not at home.today Fri Apr 15 00:01:05 2005 From: not at home.today (Ant) Date: Thu Apr 14 18:05:05 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: "Mike Easter" wrote: > What rfc-ignorant is supposed to be all about is about being compliant. > Therefore you would think that the website and the process would be all > about the fine points of being compliant. [snip] You didn't go into those fine points, but thanks for your thoughts. I'll just comment on a few things. > Personally, I would never block mailfrom a domainname on the basis of > the domainname being listed somewhere in rfc-i. Would you? No, I'd only block spam or attack sources if I blocked anything. > rfc-i is that classic 'conflict' between the frustrations of those who > wish they could make others do as they wish, and an inability to > /actually/ do that. So, they are left with choices that resemble > cutting off their nose to spite their face. A bit like SPEWS then, when they extend an IP range to include those that may not be spamming? [snip] > And, the listing is about domainnames! What are you going to do with a > listing of domainnames? Who uses domainnname listings for anything?! Well, if I find an IP belongs to an ISP called example.com, and I want to report spam from that IP, then it's helpful if everyone adopts a standard method of contact for abuse. Of course not all domain names belong to ISPs or have abusable services associated with them. In any case I would use whois to find a contact. So, yes, I see your point. [snip] > Or perhaps because no one gives a sh*t whether something is rfc-i listed > or not. But you said a listing of EL had potential to cause you some kind of problem, so apparently you, or someone, does care. > The system spamcop uses is not compatible with the system which rfc-i > uses for [not] listing. Looking at the reason, and finding that Spamcop gives an alternative contact, it does seem a bit extreme. From MikeE at ster.invalid Thu Apr 14 17:20:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 14 19:20:09 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Ant wrote: > "Mike Easter" wrote: > >> What rfc-ignorant is supposed to be all about is about being >> compliant. Therefore you would think that the website and the >> process would be all about the fine points of being compliant. [snip] > > You didn't go into those fine points, but thanks for your thoughts. My remark about rfc-i not going into the fine points was based on old information; I hadn't reviewed the available website information recently when I sed that. I just visited rfc-i's pages and find quite a lot more details there than were available previously. The discussion found at http://www.rfc-ignorant.org/policy-postmaster.php is much more comprehensive than it used to be, and the annotated and highlighted RFC 2821 sec 4.5.1 is an excellent idea. That is completely different than what I used to see there. There is a similar big improvement at http://www.rfc-ignorant.org/policy-abuse.php and an annotated/highlighted RFC 2142 That type of improvement fixes my #1 gripe about rfc-i not addressing the RFCs properly. The pages don't show a last-modified timestamp, so I can't say how long they've been like that. Then, the other business is that of usage of the list to block. Ideally, if some admins use such a list to block and if the admin of an rfc-i listed domain were properly responsive to a listing and blocking, they would find a way to correct the cause of the listing. As I recall, in the past, some mild change of wording in SC's autoack could have fixed the rfc-i condition, but there wasn't motivation for that. As I read back thru' discussions in nanae, SC's prior handling of pm SC.net was previously different than presently. SC's current handling of abuse is to reject it. Of course, the proper [but not RFC related] abuse address for SC.net is reg's at abuse.net abusenet2@admin.spamcop.net >> rfc-i is that classic 'conflict' between the frustrations of those >> who wish they could make others do as they wish, and an inability to >> /actually/ do that. So, they are left with choices that resemble >> cutting off their nose to spite their face. > > A bit like SPEWS then, when they extend an IP range to include those > that may not be spamming? There are a lot of ways to make a blocklist over something. I support all kinds of blocklists, including rfc-i, even if I wouldn't use such a list. That is, a list is a list, and it should have some kind of basis, even including zany, for its existence. Then, the 'meaning' of a list has to do with how it is interpreted by those who might use it, and how it would be used. So, people who don't like spews listing and delisting methods shouldn't use spews. Those people who think spamhaus has a great list should use the spamhaus list. Those who think spamcop gets false positives sometimes should have a strategy for dealing with that possibility. >> And, the listing is about domainnames! What are you going to do >> with a listing of domainnames? Who uses domainnname listings for >> anything?! > > Well, if I find an IP belongs to an ISP called example.com, and I want > to report spam from that IP, then it's helpful if everyone adopts a > standard method of contact for abuse. Of course not all domain names > belong to ISPs or have abusable services associated with them. In any > case I would use whois to find a contact. So, yes, I see your point. Then, I'll come around the other way in 'support' of rfc-i. If I have to go some roundabout way to contact for something, and the domain is rfc-i listed, then I'll be including that information in my roundabout communication -- say an upstream or parent or whatever -- so that if there is something which should be fixed, people know. Just like I do about there not being a reg'd abuse.net addy. >> The system spamcop uses is not compatible with the system which rfc-i >> uses for [not] listing. > > Looking at the reason, and finding that Spamcop gives an alternative > contact, it does seem a bit extreme. Now that rfc-i has a more comprehensive description of what its interpretation of compliance really means, I suspect that if Julian or some admin would look that over, they could find a way to comply with rfc-i's notion of compliance for pm & abuse. -- Mike Easter kibitzer, not SC admin From Vanguard at domain.invalid Thu Apr 14 20:05:01 2005 From: Vanguard at domain.invalid (Vanguard) Date: Thu Apr 14 20:10:05 2005 Subject: [SpamCop-List] Re: Displayed as read Spam References: Message-ID: "Fred k" <0rio85a02@sneakemail.com> wrote in message news:d3jhlp$dqu$1@news.spamcop.net... >I have started to receive 1 or two spams a day where it shows as being >read in my OE spam folder, when in fact I have NOT opened it. Anybody >else have that happening? Please no swipes at 'microwonderfuldamnsoft' >OE. To get into the Spam folder (from the Inbox where it is first delivered) you had to use a rule. Maybe the rule has the clause to mark the message as read. Also, if you have the Preview pane opened and the only message that appears is the spam, then perhaps the message is getting downloaded to show in the Preview pane before it gets moved by your rule. -- ____________________________________________________________ ** Post your replies to the newsgroup - Share with others ** For e-mail Reply: remove "DELETE", add "~VN56~" to Subject. ____________________________________________________________ From MikeE at ster.invalid Thu Apr 14 18:17:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 14 20:20:02 2005 Subject: [SpamCop-List] Re: Displayed as read Spam References: Message-ID: Vanguard wrote: > Also, if you have the Preview pane opened > and the only message that appears is the spam, then perhaps the > message is getting downloaded to show in the Preview pane before it > gets moved by your rule. Exposure in the preview pane for x amount of time leads to the item being counted as read. Where x is configurable in Tools/ Options/ Read tab - reading section, mark message as read after displaying x seconds. If a message is opened at all for any number of seconds it is marked as read. If that function above is enabled, to applies to the preview function. I only recently had occasion to experiment with that function/variable, because I don't use preview. -- Mike Easter kibitzer, not SC admin From devnull at spamcop.net Thu Apr 14 22:49:07 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Apr 14 21:55:17 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Miss Betsy" | In a non-for-profit business, the same expenses are necessary, | however the purpose of the product or service is not to generate | income, but to provide what the members think is a necessary | product or service. Prices are not based on what the owner hopes | to make, but on what is necessary to pay the bills. In a | cooperative, the members are hoping to reduce individual overhead, | operating costs, salaries, and to pool capital expenses so that the | product or service that they offer is more competitive in the open | market. IOW, they are the owners and anything made over and above | the operating costs are returned to them in cheaper memberships or | enhanced services - perhaps even dividends. The members are the | owners and direct the policies as opposed to for-profit where the | customers vote with their purses. In a co-op the customers vote | also by buying or not buying, but the members also have a say in | how and what to market. BUZZ that was the way it was some long time back. Less scrupulous business owners (such as credit consulting folk many of who are under investigation for abuse) use the non-profit label as a means of a) seeming to be legitimate philanthropic operations and b) specifically for skating/avoiding the law. BTW there are any number of charity groups that spend 90-95% of receipts on over head and 5-10 (or less) on the designated charity. Not ethical but still legal. From devnul at spamcop.net Thu Apr 14 21:27:28 2005 From: devnul at spamcop.net (Spamvireslayer) Date: Thu Apr 14 22:30:03 2005 Subject: [SpamCop-List] Boyfriend wanted Message-ID: OK, I really suck at this but here goes... Just wanted to post around at some of the places I know because I need to find a new man in my life. My last boyfriend just admited that he cheated on me so I've had enough with him and his sort. I'm an all around girl who likes horsebackriding, animals in general esp. dogs. I love Nascar and wwe, I also enjoy flea marketing, spending time with family, or just hanging around. I'm a fun loving individual just looking for someone to enjoy life with. Plain and simple. I'm 39, I'm a good cook, I'm very honest and loyal not into head games so please no players please serious inquires only Looking for a good honest guy to show me a good time. Check me out and send me a message. From baloo at ursine.ca Thu Apr 14 20:58:36 2005 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 14 23:10:06 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Gezgin wrote: > Who died and made you moderator? What makes you think he's wrong? http://ursine.ca/Top_Posting -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Thu Apr 14 20:59:37 2005 From: baloo at ursine.ca (Paul Johnson) Date: Thu Apr 14 23:10:31 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Pop wrote: > Bunky, you do not need a valid email address to killfile. Only spam > lovers and newbies use their real email addresses in newsgroups, the > playground of spammers. Your ignorance is showing. http://www.interhack.net/pubs/munging-harmful I don't munge, less than 2% of my mail is spam. If you get more spam, something is wrong with your postmaster. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From smcgarrett at hawaii.com Thu Apr 14 23:26:32 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Thu Apr 14 23:30:20 2005 Subject: [SpamCop-List] Help with odd parsing error (Deputies?) Message-ID: I have a friend here who noticed that on a single recent email message, SpamCop tried to report her own ISP: http://www.spamcop.net/sc?id=z752545685z1e767907eeba0706824d0bf3dc1a15f0z (207.155.252.6 is one of her ISP's inbound mail servers.) Fortunately, she was reporting this one manually, caught the error, and cancelled the report. She uses quick reporting most of the time, and is now worried about getting her ISP's mail server(s) wrongly listed. I had her search her quick reporting data messages from the last month, and she couldn't find anyplace where it seemed to have happened. (The few reports sent to abuse@xo.com did not point to any of the inbound mail servers, but instead to other machines under that abuse address.) I also had her find and re-parse a couple of recent spam messages which came through the same server at her ISP. These were parsed correctly: http://www.spamcop.net/sc?id=z752545019zbf478e9527893620b9f9b749eeac5917z http://www.spamcop.net/sc?id=z752545884zb25407ae15e833318cf8079133d83536z I've looked at the headers and played around with them some (cancelling the reports, of course) and I can't see why the parser tries to report her ISP in the first case but not in the other two. Is there some error in the way SpamCop's parser is handling the first message above, or am I missing some crucial difference in the headers? All help appreciated. Aloha, McGarrett "LART 'em, Danno!" From MikeE at ster.invalid Thu Apr 14 22:39:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 00:40:14 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: Steve McGarrett wrote: www.spamcop.net/sc?id=z752545685z1e767907eeba0706824d0bf3dc1a15f0z Abbreviated Received lines *comment from unknown (192.168.1.101) by blade4.cesmail.net *serves recipient from hood.concentric.net (HELO hood.cnchost.com) (207.155.252.6) by mailgate.cesmail.net *serves recipient from (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com *sourceline from bordello (Buhrbaoqin@prolog.net) by courtesy.esso.uk *bogusline SC trips and names cnchost/concentric because it broke the chain for no apparent reason. Actually it broke off the evaluation and named the last IP it was holding when it quit and made a useless remark about forgery. > (207.155.252.6 is one of her ISP's inbound mail servers.) [I think] There is something wrong with the invisible characters in the folding/whitespace of the tracker item. If I take them out by unfolding all of the Received tracelines to each be oneline, SC parses the item correctly. www.spamcop.net/sc?id=z752561545z175cd41a47dd830822a17e823de4beb8z Tracking message source: 82.158.114.11: > Fortunately, she was reporting this one manually, caught the error, > and cancelled the report. She uses quick reporting most of the time, > and is now worried about getting her ISP's mail server(s) wrongly > listed. Yep, that is a definite hazard of quickreporting. C'est la vie. The risks of such a misparse might be greatly reduced by establishing a proper mailhost configuration; but there is never any guarantee that a parsing error won't name one's own server. If one doesn't want to take a chance on that, they shouldn't quickreport. > I also had her find and re-parse a couple of recent spam messages > which came through the same server at her ISP. These were parsed > correctly: www.spamcop.net/sc?id=z752545019zbf478e9527893620b9f9b749eeac5917z www.spamcop.net/sc?id=z752545884zb25407ae15e833318cf8079133d83536z Yep. > I've looked at the headers and played around with them some > (cancelling the reports, of course) and I can't see why the parser > tries to report her ISP in the first case but not in the other two. I couldn't find anything to /see/ either; but there is something in there; as is evidenced by the absence of it in the 'identical' one that parsed correctly. > Is there some error in the way SpamCop's parser is handling the first > message above, or am I missing some crucial difference in the headers? You can only 'see it' when SC discards the source IP as a 'forgery' [which means nothing] after it has already accepted the line which is the line of the server. That is, normally once a line is accepted, then SC's 'brain' is working on the next line, to see if it can be accepted. Then, when it is not, the IP in the 'from' field is the source, because that was the line whose chain got broken. Instead, SC 'suddenly' drops the processing of the important line like a hot potato. Make screens of your first tracker and my tracker of the same item with unfolded lines and study their verboses line by line. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 14 23:00:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 01:00:03 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: Mike Easter wrote: > Make screens of your first tracker and my tracker of the same item > with unfolded lines and study their verboses line by line. Here's yours Received: from hood.concentric.net (HELO hood.cnchost.com) (207.155.252.6) by mailgate.cesmail.net with SMTP; 14 Apr 2005 18:32:50 -0000 207.155.252.6 found host 207.155.252.6 = hood.concentric.net (cached) hood.concentric.net is 207.155.252.6 Possible spammer: 207.155.252.6 Received line accepted Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) 82.158.114.11 found host 82.158.114.11 = 11.red-82-158-114.user.auna.net. (cached) 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 207.155.252.6 is not an MX for mailgate.cesmail.net ips are close enough 207.155.252.6 is close to an MX (207.155.252.130) for hood.concentric.net Possible spammer: 82.158.114.11 82.158.114.11 is not an MX for 11.red-82-158-114.user.auna.net host 11.red-82-158-114.user.auna.net (checking ip) ip not found ; 11.red-82-158-114.user.auna.net discarded as fake. cannot find an mx for 11.red-82-158-114.user.auna.net cannot find an mx for red-82-158-114.user.auna.net host hood.cnchost.com (checking ip) = 207.155.252.6 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) Chain test:hood.cnchost.com =? hood.concentric.net hood.cnchost.com and hood.concentric.net have same hostname - chain verified Possible relay: 207.155.252.6 207.155.252.6 not listed in relays.ordb.org. 207.155.252.6 has already been sent to relay testers Received line accepted Received: from bordello (Buhrbaoqin@prolog.net) by courtesy.esso.uk Ignored Received: (EGP: mail-8_0_3_9); Thu, 14 Apr 2005 12:36:03 -0800 no from Ignored 82.158.114.11 discarded as a forgery, using 207.155.252.6 Tracking message source: 207.155.252.6: ====================== Here's mine, similarly commented. BTW, mine doesn't parse the same every time; if it gives the same result as yours, hit the refresh button and change it to the result you see below Received: from hood.concentric.net (HELO hood.cnchost.com) (207.155.252.6) by mailgate.cesmail.net with SMTP; 14 Apr 2005 18:32:50 -0000 207.155.252.6 found host 207.155.252.6 = hood.concentric.net (cached) hood.concentric.net is 207.155.252.6 Possible spammer: 207.155.252.6 Received line accepted Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) 82.158.114.11 found host 82.158.114.11 = 11.red-82-158-114.user.auna.net. (cached) <82 isn't really the suspect here yet, because the 207 chain hasn't been completed yet> 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 207.155.252.6 is not an MX for mailgate.cesmail.net ips are close enough 207.155.252.6 is close to an MX (207.155.252.130) for hood.concentric.net Possible spammer: 82.158.114.11 82.158.114.11 is not an MX for 11.red-82-158-114.user.auna.net host 11.red-82-158-114.user.auna.net (checking ip) ip not found ; 11.red-82-158-114.user.auna.net discarded as fake. cannot find an mx for 11.red-82-158-114.user.auna.net cannot find an mx for red-82-158-114.user.auna.net host hood.cnchost.com (checking ip) = 207.155.252.6 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) Chain test:hood.cnchost.com =? hood.concentric.net hood.cnchost.com and hood.concentric.net have same hostname - chain verified Possible relay: 207.155.252.6 207.155.252.6 not listed in relays.ordb.org. 207.155.252.6 has already been sent to relay testers Received line accepted Received: from bordello (Buhrbaoqin@prolog.net) by courtesy.esso.uk Ignored Received: (EGP: mail-8_0_3_9); Thu, 14 Apr 2005 12:36:03 -0800 no from Ignored Tracking message source: 82.158.114.11: <82 has to be the source because there are no more valid lines under that one; later, after SC decides how to notify for that IP, it also proves that 82 is an open proxy listed in cbl> The fact that SC is giving me variable results wasn't going on before when I first unfolded the lines for the parse; so now I'm even more confused about why SC suddenly drops the 82 line; which is what causes it to name the 207 IP. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 14 23:42:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 01:45:05 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: Mike Easter wrote: > [I think] There is something wrong with the invisible characters in > the folding/whitespace of the tracker item. If I take them out by > unfolding all of the Received tracelines to each be oneline, SC > parses the item correctly. Disregard those experimental results; they are inconsistent and unreliable. Sometimes the parsing of the unfolded works, but it usually doesn't. I have another theory, or rather a more consistent experimental observation.. This is your original tracker, which never gave/gives me a correct parse. http://www.spamcop.net/sc?id=z752545685z1e767907eeba0706824d0bf3dc1a15f0z This is my newest experimental tracker www.spamcop.net/sc?id=z752575582z33d694b856a58faabbec71746a892adbz This item parses correctly: Tracking message source: 82.158.114.11: and does so consistently. The forgery/experimental configuration is to get rid of some of the 'overload' of information in this 'from' section: Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) that format is of the configuration Received: from helo (rDNS [IP]) which is a perfectly legitimate format, but the helo/rDNS is just so loooong, so I made it Received: from 11.red-82-158-114.user.auna.net (82.158.114.11) which is also a perfectly legitimate format, and that seems to consistently parse correctly. So, maybe SC doesn't like such a long combination of helo & rDNS or something. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 14 23:55:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 01:55:03 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: Mike Easter wrote: > I have another theory, or rather a more consistent experimental > observation.. One of the more striking kinds of experimental parse comparisons is to 'boil down' the parsing target to the 'lowest common denominator' to show the discrepancy. http://www.spamcop.net/sc?id=z752578538z22865c0f6b5561d1ff03458ce28d3536z http://www.spamcop.net/sc?id=z752579052zd97326b548c68d4328af942624c738d7z Those trackers are very simplistic headers which differ only in the 'from' field of the critical line. The top one never parses correctly; the bottom one always does. They differ as below. Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) Received: from 11.red-82-158-114.user.auna.net (82.158.114.11) Parse results: Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) 82.158.114.11 found host 82.158.114.11 = 11.red-82-158-114.user.auna.net. (cached) 11.red-82-158-114.user.auna.net. is 82.158.114.11 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 207.155.252.6 is not an MX for mailgate.cesmail.net ips are close enough 207.155.252.6 is close to an MX (207.155.252.40) for hood.concentric.net Possible spammer: 82.158.114.11 82.158.114.11 is not an MX for 11.red-82-158-114.user.auna.net host 11.red-82-158-114.user.auna.net (checking ip) = 82.158.114.11 host hood.cnchost.com (checking ip) = 207.155.252.6 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) Chain test:hood.cnchost.com =? hood.concentric.net hood.cnchost.com and hood.concentric.net have same hostname - chain verified Possible relay: 207.155.252.6 207.155.252.6 not listed in relays.ordb.org. 207.155.252.6 has already been sent to relay testers Received line accepted 82.158.114.11 discarded as a forgery, using 207.155.252.6 Tracking message source: 207.155.252.6: =============== Received: from 11.red-82-158-114.user.auna.net (82.158.114.11) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) 82.158.114.11 found host 82.158.114.11 = 11.red-82-158-114.user.auna.net. (cached) 11.red-82-158-114.user.auna.net. is 82.158.114.11 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 207.155.252.6 is not an MX for mailgate.cesmail.net ips are close enough 207.155.252.6 is close to an MX (207.155.252.40) for hood.concentric.net Possible spammer: 82.158.114.11 host hood.cnchost.com (checking ip) = 207.155.252.6 207.155.252.6 not listed in dnsbl.njabl.org 207.155.252.6 not listed in cbl.abuseat.org 207.155.252.6 listed in dnsbl.sorbs.net ( 127.0.0.6 ) Chain test:hood.cnchost.com =? hood.concentric.net hood.cnchost.com and hood.concentric.net have same hostname - chain verified Possible relay: 207.155.252.6 207.155.252.6 not listed in relays.ordb.org. 207.155.252.6 has already been sent to relay testers Received line accepted Tracking message source: 82.158.114.11: -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Fri Apr 15 07:29:34 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Apr 15 02:30:05 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: On Fri, 15 Apr 2005 02:59:37 UTC, Paul Johnson wrote: > Pop wrote: > > > Bunky, you do not need a valid email address to killfile. Only spam > > lovers and newbies use their real email addresses in newsgroups, the > > playground of spammers. > > Your ignorance is showing. > http://www.interhack.net/pubs/munging-harmful One persons opinion about munging but it is not my opinion. In newsgroups there is no real requirement to post a valid email address since all communications is in the newsgroup not through email. > I don't munge, less than 2% of my mail is spam. Your ISP seems to be doing a fair job of deleting your spam. > If you get more spam, > something is wrong with your postmaster. I do not allow my ISP to delete my spam because they also delete a few valid messages which I do not want to miss. I filter my own spam which is about 60% of my email. -- Robert Blair From nttp.sc.s at bigsleep.org Fri Apr 15 07:38:34 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Apr 15 02:40:04 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: On 14 Apr 2005 Mike Easter entered spamcop and left news:d3ngeo$kq7$1@news.spamcop.net: > [I think] There is something wrong with the invisible characters in the > folding/whitespace of the tracker item. If I take them out by unfolding > all of the Received tracelines to each be oneline, SC parses the item > correctly. > Those are tabs, that shouldn't be a problem. Some servers use double spaces, others use a tab. I don't see any problem with that header. I have an ISP that has internal relays and uses the same header format, however the relays also use tabs, not spaces (that shouldn't make any difference anyway). I think the parser made a mistake by dropping (ignoring) the wrong IP. By removing either X-Sender and/or X-Apparently-To it parses correctly (well, it still wants to relay test it). Note also the second header IP is actually resolved to something... host 192.168.1.101 = ip192-168-1-101.z1-168-192.customer.algx.net (old cache) -- | Ric | From smjg_1998 at yahoo.com Fri Apr 15 11:30:25 2005 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Fri Apr 15 05:35:24 2005 Subject: [SpamCop-List] Porn, porn and more porn Message-ID: Is it just me, or is everyone getting a massive influx of pornographic spam this week? And why does Entourage seem to lack a means of not automatically showing images? I keep finding myself covering it up with my hand. I know I should remember to hide the preview pane first.... Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From nobody at devnull.spamcop.net Fri Apr 15 06:52:14 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Apr 15 06:55:07 2005 Subject: [SpamCop-List] Re: Porn, porn and more porn References: Message-ID: "Stewart Gordon" wrote in message news:d3o1jh$sqn$1@news.spamcop.net... > > And why does Entourage seem to lack a means of not automatically showing > images? I keep finding myself covering it up with my hand. I know I > should remember to hide the preview pane first.... Quick search brings back http://www.entourage.mvps.org/faq_topic/html_msg.html From nobody at devnull.spamcop.net Fri Apr 15 07:24:43 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Apr 15 07:20:04 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: > BUZZ that was the way it was some long time back. Less scrupulous business > owners (such as credit consulting folk many of who are under investigation > for abuse) use the non-profit label as a means of a) seeming to be > legitimate philanthropic operations and b) specifically for skating/avoiding > the law. There are always some people who will find a loophole, however the principle of the business model holds. > BTW there are any number of charity groups that spend 90-95% of receipts on > over head and 5-10 (or less) on the designated charity. Not ethical but > still legal. Not all non-profits are charitable. In addition to cooperatives, there are special interest groups who come together for a purpose - much like the cooperatives - but not to market anything, but to provide information and plan events for its members - which may, or may not, include the public. Probably, the basic difference in priciple between a for-profit business and non-profit organization is that the for-profit is interested in making a profit on whatever they do which the owner keeps. A non-profit is interested in paying the bills to keep the organization going - any profit either adds services or reduces the price of products or services. In addition, in general, policy is made by the owners in a for-profit and by the members in a non-profit. As you point out, there are many people who pretend to be non-profit in order to 'make a profit' for themselves - which is why one has to be careful in where one donates. Miss Betsy From devnull at spamcop.net Fri Apr 15 08:57:19 2005 From: devnull at spamcop.net (Frog Prince) Date: Fri Apr 15 08:00:04 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Miss Betsy" wrote in message news:d3o80q$von$1@news.spamcop.net... | | > BUZZ that was the way it was some long time back. Less | scrupulous business | > owners (such as credit consulting folk many of who are under | investigation | > for abuse) use the non-profit label as a means of a) seeming to | be | > legitimate philanthropic operations and b) specifically for | skating/avoiding | > the law. | | There are always some people who will find a loophole, however the | principle of the business model holds. | | > BTW there are any number of charity groups that spend 90-95% of | receipts on | > over head and 5-10 (or less) on the designated charity. Not | ethical but | > still legal. | | Not all non-profits are charitable. In addition to cooperatives, | there are special interest groups who come together for a purpose - | much like the cooperatives - but not to market anything, but to | provide information and plan events for its members - which may, or | may not, include the public. | | Probably, the basic difference in priciple between a for-profit | business and non-profit organization is that the for-profit is | interested in making a profit on whatever they do which the owner | keeps. A non-profit is interested in paying the bills to keep the | organization going - any profit either adds services or reduces the | price of products or services. In addition, in general, policy is | made by the owners in a for-profit and by the members in a | non-profit. As you point out, there are many people who pretend to | be non-profit in order to 'make a profit' for themselves - which is | why one has to be careful in where one donates. You are confusing philanthropic (charity) with a commercial business model that while it is 'non profit' in and of itself is for profit for the owners. This is now the new paradigm business model. "any profit either adds services or reduces the price of products or services" is not part of that business model. From MikeE at ster.invalid Fri Apr 15 06:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 08:25:04 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: Blammo wrote: > Mike Easter >> [I think] There is something wrong with the invisible characters in >> the folding/whitespace of the tracker item. If I take them out by >> unfolding all of the Received tracelines to each be oneline, SC >> parses the item correctly. > Those are tabs, that shouldn't be a problem. Some servers use double > spaces, others use a tab. I abandoned that theory. I temporarily adopted it because I couldn't figger out why SC would 'insanely' and abruptly drop the evaluation in favor of the last IP it was holding before it bailed; and as soon as I experimentally unfolded the lines, it [appeared to] quit doing that. However, further experimenting and evaluating showed that it hadn't quit doing that at all -- so I dropped my notion about invisible boogey men. > I think the parser made a mistake by dropping (ignoring) the wrong > IP. By removing either X-Sender and/or X-Apparently-To it parses > correctly (well, it still wants to relay test it). I think [am sure] Julian has been working. The original tracker parses correctly now http://www.spamcop.net/sc?id=z752545685z1e767907eeba0706824d0bf3dc1a15f0z Tracking message source: 82.158.114.11: ...without tuning up the 'from' section I discussed in my last post or dropping any of your X-lines above. Also, the two simplistic examples I created http://www.spamcop.net/sc?id=z752578538z22865c0f6b5561d1ff03458ce28d3536z http://www.spamcop.net/sc?id=z752579052zd97326b548c68d4328af942624c738d7z to prove my thesis about excess information in the 'from' - now parse identically instead of with the results I posted before. Yep. Julian has fixed the little bug. > Note also the second header IP is actually resolved to something... > > host 192.168.1.101 = ip192-168-1-101.z1-168-192.customer.algx.net (old > cache) Odd. If you feed it the naked nonrouting IP it seems to know what it is. -- Mike Easter kibitzer, not SC admin From smjg_1998 at yahoo.com Fri Apr 15 14:58:33 2005 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Fri Apr 15 09:00:04 2005 Subject: [SpamCop-List] Re: Porn, porn and more porn In-Reply-To: References: Message-ID: WazoO wrote: > "Stewart Gordon" wrote in message > news:d3o1jh$sqn$1@news.spamcop.net... > >> And why does Entourage seem to lack a means of not automatically showing >> images? I keep finding myself covering it up with my hand. I know I >> should remember to hide the preview pane first.... > > Quick search brings back > http://www.entourage.mvps.org/faq_topic/html_msg.html The relevant part of that page seems to be specific to Entourage 2004 - I'm on Entourage X so it hasn't got me anywhere. There is, however, a "Show attached pictures and movies in messages" option, but it doesn't seem to work on images included in HTML. Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From nobody at devnull.spamcop.net Fri Apr 15 09:18:38 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Apr 15 09:15:02 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Frog Prince" wrote in message news:d3oa9e$18a$1@news.spamcop.net... > You are confusing philanthropic (charity) with a commercial business model > that while it is 'non profit' in and of itself is for profit for the owners. > This is now the new paradigm business model. "any profit either adds > services or reduces the price of products or services" is not part of that > business model. Although there are loopholes - and thus, individuals can make money out of the income over and above the costs of the organization, the principle of the law concerning the two models is still the same. A non-profit does not have to be charitable, but the profits should be divided among the members and the members do have a say in the policies as opposed to the for-profit model in which the owners keep all the profits and make all the policies. Miss Betsy From bill_beyer at excite.cXoYmZ Fri Apr 15 07:35:29 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Fri Apr 15 09:40:05 2005 Subject: [SpamCop-List] lankiest.net Message-ID: Why is it Spamcop simply won't parse this particular site? I've tried to report numerous drug spams with this URL or variations of it and SC sees the link but won't do anything with it. http://www.spamcop.net/sc?id=z752676680zfce66967ed60bd52a5a8058595373b03z However if I type it in the report box on the web submission form it parses quite easily: Parsing input: http://zjqntmwnvmls.lankiest.net/g2/o.php Routing details for 210.21.119.131 [refresh/show] Cached whois for 210.21.119.131 : gzman_admin@china-netcom.com Using abuse net on gzman_admin@china-netcom.com abuse net china-netcom.com = cncsummary@special.abuse.net, daihy@china-netcom.com, postmaster@china-netcom.com, tech-group@china-netcom.com Using best contacts cncsummary@special.abuse.net daihy@china-netcom.com postmaster@china-netcom.com tech-group@china-netcom.com cncsummary@special.abuse.net redirects to cnc-abuse@sprint.net cnc-abuse@sprint.net redirects to cnc-abuse@abuse.sprint.net tech-group@china-netcom.com redirects to china-netcom.com@abuse.net De-referencing tech-group@china-netcom.com abuse net china-netcom.com = cncsummary@special.abuse.net, daihy@china-netcom.com, postmaster@china-netcom.com, tech-group@china-netcom.com cncsummary@special.abuse.net redirects to cnc-abuse@sprint.net cnc-abuse@sprint.net redirects to cnc-abuse@abuse.sprint.net tech-group@china-netcom.com redirects to china-netcom.com@abuse.net De-referencing tech-group@china-netcom.com abuse net china-netcom.com = cncsummary@special.abuse.net, daihy@china-netcom.com, postmaster@china-netcom.com, tech-group@china-netcom.com tech-group@china-netcom.com redirects to china-netcom.com@abuse.net cncsummary@special.abuse.net redirects to cnc-abuse@sprint.net From MikeE at ster.invalid Fri Apr 15 08:16:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 10:20:03 2005 Subject: [SpamCop-List] Re: Boyfriend wanted References: Message-ID: Mike wrote: > Spamvireslayer wrote: NNTP-Posting-Host: 193.159.243.138 >> OK, I really suck at this but here goes... > You are lacking in social skills and intelligence wasting time and > bandwidth by your post. Go find a more appropriate venue for your > mating needs. You are replying/responding to a troll posting from an abused proxy who is forge spoofing Heidi/Spamvireslayer's nym for sport. I never even saw the original post because my filter drops the posts with that NNTP posting host line. You can also 'mentally' filter them if you are familiar with the modus operandi of the spoofer. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 15 08:29:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 10:30:03 2005 Subject: [SpamCop-List] Re: lankiest.net References: Message-ID: Bill Beyer wrote: > Why is it Spamcop simply won't parse this particular site? I've tried > to report numerous drug spams with this URL or variations of it and > SC sees the link but won't do anything with it. > www.spamcop.net/sc?id=z752676680zfce66967ed60bd52a5a8058595373b03z What I see when I access the tracker is SC finding the url but not bothering with resolving it or providing a notify. Resolving link obfuscation http://zjqntmwnvmls.lankiest.net/g2/o.php http://ttdggubvhjh.lankiest.net/g2/ I for one think that SC acts that way if it has some other priorities/load and doesn't feel like resolving a spamvertiser and working the notify. That requires some resources and I think the resource usage is prioritized somehow. > However if I type it in the report box on the web submission form it > parses quite easily: > > Parsing input: http://zjqntmwnvmls.lankiest.net/g2/o.php > Routing details for 210.21.119.131 210.21.119.131 guangzhou branch, china netcom corp is spamhaus listed indicating non-responsiveness. It is also part of the massive spews2 china netcom S2171 listing/s. http://spews.org/html/S2171.html http://www.spamhaus.org/SBL/sbl.lasso?query=SBL25921 You are going to develop a sense of frustration if you spend very much time notifying those kinds of providers or their upstream adjacencies. -- Mike Easter kibitzer, not SC admin From bill_beyer at excite.cXoYmZ Fri Apr 15 08:42:57 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Fri Apr 15 10:45:03 2005 Subject: [SpamCop-List] Re: lankiest.net References: Message-ID: "Mike Easter" wrote in message news:d3oj0s$5v5$1@news.spamcop.net... > Bill Beyer wrote: > > Why is it Spamcop simply won't parse this particular site? I've tried > > to report numerous drug spams with this URL or variations of it and > > SC sees the link but won't do anything with it. > > > www.spamcop.net/sc?id=z752676680zfce66967ed60bd52a5a8058595373b03z > > What I see when I access the tracker is SC finding the url but not > bothering with resolving it or providing a notify. > > Resolving link obfuscation > http://zjqntmwnvmls.lankiest.net/g2/o.php > http://ttdggubvhjh.lankiest.net/g2/ > > > I for one think that SC acts that way if it has some other > priorities/load and doesn't feel like resolving a spamvertiser and > working the notify. That requires some resources and I think the > resource usage is prioritized somehow. > Most of the URLs I report that this happens on eventually parse after multiple refreshes/preview reports but none of the 10 or so I've submitted with tht URL ever parse. Some code must have been changed somewhere because this whole recognizing the URL but not parsing is a relatively new phenomenon. > > However if I type it in the report box on the web submission form it > > parses quite easily: > > > > Parsing input: http://zjqntmwnvmls.lankiest.net/g2/o.php > > Routing details for 210.21.119.131 > > 210.21.119.131 guangzhou branch, china netcom corp is spamhaus listed > indicating non-responsiveness. > > It is also part of the massive spews2 china netcom S2171 listing/s. > > http://spews.org/html/S2171.html > http://www.spamhaus.org/SBL/sbl.lasso?query=SBL25921 > > You are going to develop a sense of frustration if you spend very much > time notifying those kinds of providers or their upstream adjacencies. After I manually submitted it I saw who it was going to so now I don't feel too bad about not reporting it. It's not like it'd do much good anyway. From dannyg at dannyg.com Fri Apr 15 09:02:14 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Fri Apr 15 11:02:24 2005 Subject: [SpamCop-List] Re: Porn, porn and more porn In-Reply-To: <200504151120.j3FBKOst068902@dannyg.com> Message-ID: > And why does Entourage seem to lack a means of not automatically showing > images? I keep finding myself covering it up with my hand. For any suspicious mail, a better solution is to select the item in the list and choose View->Source (if only Outlook made it so easy). You'll be able to see quickly whether it's something you want to receive or delete without viewing. A nice feature of Entourage is that well-formed URLs are highlighted in source view (they're also clickable, so watch out), making it easy to spot the operative data and things like Web bugs. > I know I > should remember to hide the preview pane first.... My recommendation: Keep the preview pane closed at _all_ times. Danny http://www.dannyg.com http://www.spamwars.com From baloo at ursine.ca Fri Apr 15 08:58:20 2005 From: baloo at ursine.ca (Paul Johnson) Date: Fri Apr 15 11:10:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Robert Blair wrote: > On Fri, 15 Apr 2005 02:59:37 UTC, Paul Johnson > wrote: > >> Pop wrote: >> >> > Bunky, you do not need a valid email address to killfile. Only spam >> > lovers and newbies use their real email addresses in newsgroups, the >> > playground of spammers. >> >> Your ignorance is showing. >> http://www.interhack.net/pubs/munging-harmful > > One persons opinion about munging but it is not my opinion. In > newsgroups there is no real requirement to post a valid email address > since all communications is in the newsgroup not through email. That's like saying that all mailing lists shouldn't require a valid email address because "all communication should happen through the list, no matter how off-topic or personal such communication may be." Stop smoking crack. >> I don't munge, less than 2% of my mail is spam. > > Your ISP seems to be doing a fair job of deleting your spam. I'm my own postmaster. >> If you get more spam, >> something is wrong with your postmaster. > > I do not allow my ISP to delete my spam because they also delete a few > valid messages which I do not want to miss. I filter my own spam > which is about 60% of my email. If you have a false positive problem, something's wrong with your postmaster. Just because your postmaster sucks, and you've never had a decent postmaster, doesn't mean they don't exist. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From smjg_1998 at yahoo.com Fri Apr 15 19:21:39 2005 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Fri Apr 15 13:25:03 2005 Subject: [SpamCop-List] Re: Porn, porn and more porn In-Reply-To: References: Message-ID: Danny Goodman wrote: >> And why does Entourage seem to lack a means of not automatically showing >> images? I keep finding myself covering it up with my hand. > > For any suspicious mail, a better solution is to select the item in the list > and choose View->Source (if only Outlook made it so easy). Fortunately Entourage has View->Source on the main window menu. I don't know why M$ had to write one program for Windows and a completely different one for Mac ... seems rather out of character.... Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From nobody at nowhere.not Fri Apr 15 19:40:19 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Apr 15 14:45:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: On Fri, 15 Apr 2005 14:58:20 UTC, Paul Johnson wrote: > >> Your ignorance is showing. > >> http://www.interhack.net/pubs/munging-harmful > > > > One persons opinion about munging but it is not my opinion. In > > newsgroups there is no real requirement to post a valid email address > > since all communications is in the newsgroup not through email. > > That's like saying that all mailing lists shouldn't require a valid email > address because "all communication should happen through the list, no > matter how off-topic or personal such communication may be." Stop smoking > crack. You are a bit confused. If you are on a mailing list you MUST have an email address otherwise you can not receive any of the list messages. On a newsgroup you do not need an email address because you retrieve the messages, the difference between the push and pull style of each medium. Some people on newsgroups seem to think that if someone post a message that they want to be contacted off the newsgroup to continue a conversation. I do not want to get email from anyone responding to messages on a newsgroup, if they have something to say they should reply on the newsgroup. > >> I don't munge, less than 2% of my mail is spam. > > > > Your ISP seems to be doing a fair job of deleting your spam. > > I'm my own postmaster. > > >> If you get more spam, > >> something is wrong with your postmaster. > > > > I do not allow my ISP to delete my spam because they also delete a few > > valid messages which I do not want to miss. I filter my own spam > > which is about 60% of my email. > > If you have a false positive problem, something's wrong with your > postmaster. Just because your postmaster sucks, and you've never had a > decent postmaster, doesn't mean they don't exist. Since you being your own postmaster can not filter all your email with 100% certainty why should you or I expect another postmaster to do the job with 100% certainty? I receive email from many different countries around the world and do not want to lose any valid messages. This can only be done by me, as any automatic filtering program will miss-classify some small percentage of valid messages as spam. -- Robert Blair From nttp.sc.s at bigsleep.org Fri Apr 15 21:45:20 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Apr 15 16:50:05 2005 Subject: [SpamCop-List] Re: Porn, porn and more porn References: Message-ID: On 15 Apr 2005 Stewart Gordon entered spamcop and left news:d3ot73$bm8$1@news.spamcop.net: > I don't know why M$ had to write one program for Windows and a > completely different one for Mac ... seems rather out of character.... > Ha! Inconsistancy is their middle name. Most likely, in trying to compete with Netscape, they copy some of Netscape's features. Now you might notice, they don't care, so they do little, or if they do anything, they don't tell you about it. I'm sure if you close your eyes and take a couple steps, you will trip over something better. -- | Ric | From nttp.sc.s at bigsleep.org Fri Apr 15 21:53:00 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Apr 15 16:55:06 2005 Subject: [SpamCop-List] Re: lankiest.net References: Message-ID: On 15 Apr 2005 Bill Beyer entered spamcop and left news:d3ojtk$6kh$1@news.spamcop.net: >> You are going to develop a sense of frustration if you spend very >> much time notifying those kinds of providers or their upstream >> adjacencies. > > After I manually submitted it I saw who it was going to so now I don't > feel too bad about not reporting it. It's not like it'd do much good > anyway. > The problem I have with that is you don't know who it would go to since it don't parse. I could parse the URL in another window, however a user report isn't going to add it to the sburl or whatever, if that's even being used. So a user lart may be completely ineffective. -- | Ric | From MikeE at ster.invalid Fri Apr 15 15:37:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 17:40:15 2005 Subject: [SpamCop-List] Re: lankiest.net References: Message-ID: Blammo wrote: > The problem I have with that is you don't know who it would go to > since it don't parse. I could parse the URL in another window, > however a user report isn't going to add it to the sburl or whatever, > if that's even being used. So a user lart may be completely > ineffective. Yep. I keep trying to imagine a SC reporting strategy which would make it exceedingly easy for the spamvertisers to get exposure on the stats page without having to 'bother with' the actual trouble of resolution and the presentation of notify addies and without the reporter having to actually notify anything other than some kind of dev/null. Since SC would like to bail on the process of even resolving them, I would like to bail on the process of even notifying them if they did resolve. That would save even more time. I would like to be able to make the choice as to whether something was an IB or a spamvertiser and then the spamvertiser url would appear on the stats page or its equivalent for the sc-surbl gang. I don't want to actually notify for the vast majority of spamvertisers -- some of them are in cahoots with the spammer and that puts pressure on the mungeing question -- most of them are non-responsive anyway, they don't need notifying -- and there are too many things wrong with quickreporting to have that be the solution for all things. There should be another option in between quickreporting and standard reporting to enable feeding the reporter's 'opinion' of spamvertising to sc-surbl without SC having to resolve or go thru' all of those resource consuming notify address gyrations. I can imagine that a sizeable percentage of standard reporters would just as soon not notify those spamvertiser providers. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 15 15:51:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 17:50:03 2005 Subject: [SpamCop-List] Re: where to post for advice on stopping news spamvertising? References: Message-ID: Michael Vilain wrote: > There's a Jesus-freak who's currently posting religious spew in > various technical newsgroups. You might be talking about the Grossi nym. > Several of these sites have complained to me that they aren't spamming > and don't want to know about the spew this guy is sending out. Err. That dodge doesn't work. The most prolific spammers typically don't source from their spamvertiser provider. The site dudes are doing what is called 'spam support'. Spam support is hosting the website of spammers; that will also get you listed in spamsupport blocklists, such as spews and spamhaus. > Since > they can't do anything about it, I see their point. Spamvertiser providers most certainly can do something about hosting spammers, and they profit from the spam. > - Where can I send abuse complaints to AOL other than abuse@aol.com > (aka the bit bucket)? The problem you are dealing with isn't so much unresponsiveness from AOL, which is actually a vigorous antispamming provider. The problem you are dealing with is that usenet spam isn't email spam. I just got thru' raving about that subject somewhere else very recently, so I'll dig up my other post on that so I don't have to do it all over again. > - What's the netiquette of contacting 3rd-parties mentioned in spam? The general situation about doing anything about usenet spam is going to be very very frustrating and non-productive, which is why many folks, including me, don't do anything about it at all. But, antispam activity 'fun' sport has to be played by the players the way they like to play it. If you like to try to do something about usenet spam, then far be it from me to dissuade you; but I will post my little recent missive in a bit. > - If this isn't the right newsgroup for this, can someone directly > accordingly? This place is as good as any, since it has usenet spam reporting advice and facility -- except that I don't think much of some of SC's advice about usenet spam. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 15 16:00:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 18:00:22 2005 Subject: [SpamCop-List] Re: where to post for advice on stopping news spamvertising? References: Message-ID: Mike Easter wrote: > The general situation about doing anything about usenet spam is going > to be very very frustrating and non-productive, which is why many > folks, including me, don't do anything about it at all. Mike Easter wrote: > Raindrop wrote: >> Is there a place /group to report spammers that post to newsgroups? > > Not any good place for the following reasons: > > There's a distinct difference between your email spam and the spam you > encounter in newsgroups; and there's a distinct difference in the > traceability of the newsgroup spam; and there's a distinct difference > in how a provider behaves/performs/responds upon notification of their > user/client allegedly spamming a newsgroup. > > Part one the First: usenet spam is *not* email spam. Even tho' > usenet spam came before email, unqualified the term 'spam' now means > email spam, not usenet spam. > > Second: whereas it is easy to define unsolicited and apparently bulk > and probably commercial email spam as 'qualifying' for being spam as > defined by some definition like MAPS, it is possible for a 'spammish' > usenet post to not be against the 'rules' or guidelines or charter or > whatever of the usenet newsgroup. Usenet is highly organized anarchy, > and what you might consider spammish to your eyes may not be against > any rules. Whose rules, in the first place? Whereas the same item > in your mailbox is unsolicited and 'automatically' spam. > > Third: many usenet newsgroups are permissive of commercial > advertisements and also have guidelines about how much or how many of > the same item must be posted to be in violation of some index, such as > Breidbart. > > Part two the traceability: the usage of smtp conforming trace header > Received: lines to aid in determining the actual IP source of an email > is generally pretty reliable. NNTP headers are quite variable and > generally also quite unreliable to be used in determining the source > of a usenet spam. In many cases the item may not be traceable at > all, or it may be traceable to a proxy abused user IP which isn't the > 'actual' source of the item and not an IP or an account which is > going to be 'punished' for the trojan abuse. > > Part three the provider non-responsiveness the first: Before you even > report a spam item, you should know that it is actually in violation > of the charter of a newsgroup and what its distribution was so that > you will know whether or not it fails to conform to the Breidbart > index. > > Second: you should also know whether or not the item is properly > traceable to a particular provider to notify. > > And part 3 the 3rd, you should know whether or not the provider > actually has a meaningful TOS or AUP which is against whatever it is > that is bothering you. Many providers have an AUP which sez > something like 'be nice on usenet' and the likelihood of them > performing in any way against the usenet spam is almost zero. > > I'm a big supporter of managing and reporting email spam. I think > reporting usenet spam is a waste of time and never do it. Spamcop > has a 'system' and guidelines for reporting usenet spam. I think > those guidelines are dumb too, and they also discourage usenet spam > reporting. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Fri Apr 15 23:33:08 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Apr 15 18:35:05 2005 Subject: [SpamCop-List] Re: lankiest.net References: Message-ID: On 15 Apr 2005 Mike Easter entered spamcop and left news:d3pc3n$jch$1@news.spamcop.net: > I would like to be able to make the choice as to whether something was > an IB or a spamvertiser and then the spamvertiser url would appear on > the stats page or its equivalent for the sc-surbl gang. I don't want to > actually notify for the vast majority of spamvertisers -- some of them > are in cahoots with the spammer and that puts pressure on the mungeing > question -- most of them are non-responsive anyway, they don't need > notifying -- and there are too many things wrong with quickreporting to > have that be the solution for all things. - sc-surbl - haven't memorized that yet. You bring up an interesting point, our inability, as reporters, to select what we want added to the bl (whichever one that may be). The integration of reporting and listing may be adaquate for most reports, but there are times when we may wish to skip (or include) one or the other, for example, we may wish to report a virus or bounce, but may not wish it added to the scbl. And then the case of the mystery URL we are talking about here. -- | Ric | From nobody at devnull.spamcop.net Fri Apr 15 22:29:24 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Apr 15 21:30:02 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: ... > I'm my own postmaster. > ... > If you have a false positive problem, something's wrong with your > postmaster. Just because your postmaster sucks, and you've never had a > decent postmaster, doesn't mean they don't exist. ... Oh wow, your ignorance is really showing now. Also showing is the fact that you are a liar either directly or by inference. Either way it shows you for what you are; a blowhard and a closed-minded rationalizer of all things (you think) are good. Have a happy day, you poor chap. Pop From MikeE at ster.invalid Fri Apr 15 20:01:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 15 22:00:02 2005 Subject: [SpamCop-List] Re: Boyfriend wanted References: <0ht5j2-vg3.ln1@news.invalid.99computer> Message-ID: Mike wrote: > Mike Easter wrote: >> Mike wrote: >>> Spamvireslayer wrote: >> NNTP-Posting-Host: 193.159.243.138 > >>>> OK, I really suck at this but here goes... > >>> You are lacking in social skills and intelligence wasting time and >>> bandwidth by your post. Go find a more appropriate venue for your >>> mating needs. > >> You are replying/responding to a troll posting from an abused proxy >> who is forge spoofing Heidi/Spamvireslayer's nym for sport. > >> I never even saw the original post because my filter drops the posts >> with that NNTP posting host line. You can also 'mentally' filter >> them if you are familiar with the modus operandi of the spoofer. > > Uhm, got me .... which posting host line are you dropping? I would > like to add it to my list. Over some weeks I've accumulated a bunch of NNTP posting host lines associated with the troll/spoofer. Heidi/Spamvireslayer's NNTPs are 2 comcast ones which I don't have in front of me right now, but they aren't that 193 Deutsche telekom one up there which is proxy listed all over the place, cbl, blitzed, sorbs, dnsbl, & ahbl as an open proxy. So, in most newsgroups I filter without a software filter, just by ignoring. But spamcop.social has enough of a problem to justify using Nfilter/Newsproxy on the NNTP posting host line. So, that one line in the nfilter.dat file looks like * drop NNTP-Posting-Host:193.159.243.138 But, the spoofer has/uses a lot of them and adds or changes from time to time. I don't know what kind of filtering power your slrn has; my newsagent has almost zero power, so I have to use a proxy for it. XNews people have a lot of filter power. -- Mike Easter kibitzer, not SC admin From baloo at ursine.ca Fri Apr 15 21:04:05 2005 From: baloo at ursine.ca (Paul Johnson) Date: Fri Apr 15 23:10:02 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: <5ub6j2-3eu.ln1@ursine.ca> Pop wrote: > ... >> I'm my own postmaster. >> > ... >> If you have a false positive problem, something's wrong with your >> postmaster. Just because your postmaster sucks, and you've never had a >> decent postmaster, doesn't mean they don't exist. > ... > > Oh wow, your ignorance is really showing now. Also showing is the fact > that > you are a liar either directly or by inference. Either way it shows you > for what you are; a blowhard and a closed-minded rationalizer of all > things (you think) are good. No, I just don't think network abuse should affect the way I use the internet and am proactive in doing something about it. If you want to hide behind your munged addresses and lazy postmasters, go right on ahead, but don't go passing it off like it's a good thing. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From smcgarrett at hawaii.com Sat Apr 16 00:38:47 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Sat Apr 16 00:40:13 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) In-Reply-To: References: Message-ID: Mike Easter wrote: > > I think [am sure] Julian has been working. The original tracker parses > correctly now . . . > ...without tuning up the 'from' section I discussed in my last post or > dropping any of your X-lines above. > > Also, the two simplistic examples I created . . . > to prove my thesis about excess information in the 'from' - now parse > identically instead of with the results I posted before. > > Yep. Julian has fixed the little bug. Wow, Mike, thanks for all your hard work! Certainly more that I have the right to expect from a "kibitzer." And thanks to Julian (wherever you are) for fixing the bug. As a side note, my friend tried to report another email earlier today (but after your last post) that had this same problem. In that one, the errant line began: Received: from ARennes-306-1-39-236.w80-14.abo.wanadoo.fr (ARennes-306-1-39-236.w80-14.abo.wanadoo.fr [80.14.199.236]) I played around with this new one a bit earlier, and removing the rDNS the way Mike did earlier fixed the parse. But apparently another fix has since been added, because this one now parses correctly, too. IIRC, the RFCs say that DNS names are allowed to be up to 256 characters (bytes) long, although I think that includes the implied trailing dot. The one above is 42 characters (sans implied dot), and the one in my original post was only 31. It seems to me that these are waaay below what could be officially called "long" DNS names, so there's no reason SpamCop shouldn't be expected to handle them correctly. Anyway, thanks again for all your help. Aloha, McGarrett "LART 'em, Danno!" From smcgarrett at hawaii.com Sat Apr 16 00:42:18 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Sat Apr 16 00:45:02 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) In-Reply-To: References: Message-ID: Mike Easter wrote: > I think [am sure] Julian has been working. The original tracker parses > correctly now . . . > ...without tuning up the 'from' section I discussed in my last post or > dropping any of your X-lines above. > > Also, the two simplistic examples I created . . . > to prove my thesis about excess information in the 'from' - now parse > identically instead of with the results I posted before. > > Yep. Julian has fixed the little bug. Wow, Mike, thanks for all your hard work! Certainly more that I have the right to expect from a "kibitzer." And thanks to Julian (wherever you are) for fixing the bug. As a side note, my friend tried to report another email earlier today (but after your last post) that had this same problem. In that one, the errant line began: Received: from ARennes-306-1-39-236.w80-14.abo.wanadoo.fr (ARennes-306-1-39-236.w80-14.abo.wanadoo.fr [80.14.199.236]) I played around with this new one a bit earlier, and removing the rDNS the way Mike did earlier fixed the parse. But apparently another fix has since been added, because this one now parses correctly, too. IIRC, the RFCs say that DNS names are allowed to be up to 256 characters (bytes) long, although I think that includes the implied trailing dot. The one above is 42 characters (sans implied dot), and the one in my original post was only 31. It seems to me that these are waaay below what could be officially called "long" DNS names, so there's no reason SpamCop shouldn't be expected to handle them correctly. Anyway, thanks again for all your help. Aloha, McGarrett "LART 'em, Danno!" From tdy at blackhole.invalid Sat Apr 16 00:13:44 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sat Apr 16 02:15:17 2005 Subject: [SpamCop-List] Why won't url in spambody parse, but will out of spambody? Message-ID: http://www.spamcop.net/sc?id=z752884241z4a9cc2d1288675a68bb63da5b4c756caz SC won't parse the link. But copying and pasting the link: http://goodratezz.com/x/loan.php?id=somb And the parser output looks like this (sorry, no tracker for this one): > SpamCop v 1.429 (C) Ironport Systems Inc., 1998-2005 , All rights reserved. > > Parsing input: http://goodratezz.com/x/st.html > Routing details for 202.99.172.149 > [refresh/show] Cached whois for 202.99.172.149 : ipanm@heinfo.net abuse@cnc-noc.net > Using abuse net on abuse@cnc-noc.net > abuse net cnc-noc.net = antispam@public.zz.ha.cn, abuse@cnc-noc.net, postmaster@cnc-noc.net > Using best contacts antispam@public.zz.ha.cn abuse@cnc-noc.net postmaster@cnc-noc.net > antispam@public.zz.ha.cn redirects to abuse@chinanet.cn.net > postmaster@cnc-noc.net bounces (6 sent : 6 bounces) > Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. > Statistics: > 202.99.172.149 not listed in bl.spamcop.net > More Information.. > 202.99.172.149 not listed in dnsbl.njabl.org > 202.99.172.149 not listed in dnsbl.njabl.org > 202.99.172.149 not listed in cbl.abuseat.org > 202.99.172.149 listed in dnsbl.sorbs.net ( 127.0.0.6 ) > 202.99.172.149 not listed in relays.ordb.org. > > Reporting addresses: > abuse@chinanet.cn.net > abuse@cnc-noc.net -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From hee.haw at jack.ass Sat Apr 16 04:12:58 2005 From: hee.haw at jack.ass (DC) Date: Sat Apr 16 03:15:09 2005 Subject: [SpamCop-List] Unbelievable Message-ID: I'm still shocked that the guy getting 9 years in jail for spamming made over 20-million from people who respond to spam mails. Can't believe there are that many fools on the net. But this raises a question -- when compiling spam lists, why scrape every possible e-mail address, even those who report to SC and other LARTs and NEVER buy from a spammer? Why not just compile a list of the dummies who buy the scheiss and leave the rest of us alone? What is the logic behind bombarding people (last week, my mail server crashed with a gigabyte of spam) rather than only bombarding the morons who will buy something? Sigh... -- Pater Familias http://www.dwacon.com/publications/pater_familias.asp From no at no.spam Sat Apr 16 01:13:58 2005 From: no at no.spam (Michael Wise) Date: Sat Apr 16 03:15:32 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: <5ub6j2-3eu.ln1@ursine.ca> Message-ID: In article <5ub6j2-3eu.ln1@ursine.ca>, Paul Johnson wrote: > > ... > >> I'm my own postmaster. > >> > > ... > >> If you have a false positive problem, something's wrong with your > >> postmaster. Just because your postmaster sucks, and you've never had a > >> decent postmaster, doesn't mean they don't exist. > > ... > > > > Oh wow, your ignorance is really showing now. Also showing is the fact > > that > > you are a liar either directly or by inference. Either way it shows you > > for what you are; a blowhard and a closed-minded rationalizer of all > > things (you think) are good. > > No, I just don't think network abuse should affect the way I use the > internet and am proactive in doing something about it. If you want to hide > behind your munged addresses and lazy postmasters, go right on ahead, but > don't go passing it off like it's a good thing. Speaking of lazy admins; two of your three authoritative dns servers are lame. --Mike From tdy at blackhole.invalid Sat Apr 16 01:26:11 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sat Apr 16 03:30:03 2005 Subject: [SpamCop-List] Re: Why won't url in spambody parse, but will out of spambody? References: Message-ID: In article , N. Miller says... > SC won't parse the link. But copying and pasting the link: > http://goodratezz.com/x/loan.php?id=somb > And the parser output looks like... Hmmm. More refreshes than I am used to. After six refreshes, I tried the link paste once, and it parsed. Two more refreshes of the spam, no go. Tried the link past trick again, and it parsed. Two more refreshes of the spam, no go. Use the tracker, and a third link past to create the post. Went back after posting, went back to the spam and the links parsed. Um, ten refreshes to get that. And a couple later which needed six to eight refreshes. Oh, well... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sat Apr 16 01:28:52 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sat Apr 16 03:30:17 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: In article , DC says... > I'm still shocked that the guy getting 9 years in jail for spamming made > over 20-million from people who respond to spam mails. > Can't believe there are that many fools on the net. He was convicted of spamming that many people. There was nothing said about all of them actually responding to the spam. > But this raises a question -- when compiling spam lists, why scrape every > possible e-mail address, even those who report to SC and other LARTs and > NEVER buy from a spammer? > Why not just compile a list of the dummies who buy the scheiss and leave the > rest of us alone? What is the logic behind bombarding people (last week, > my mail server crashed with a gigabyte of spam) rather than only bombarding > the morons who will buy something? Many spammers get paid by delivery. Every SMTP "220 Message queued for delivery" counts as a delivered message. > Sigh... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sat Apr 16 01:41:12 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sat Apr 16 03:45:03 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: In article , Steve McGarrett says... > Fortunately, she was reporting this one manually, caught the error, and > cancelled the report. She uses quick reporting most of the time, and is > now worried about getting her ISP's mail server(s) wrongly listed. Has she configured "Mailhosts"? It won't guaranty that she will accidentally "self-report" while quick reporting, but it well help reduce the possibility of error. BTW, although I have "Mailhosts" configured on all accounts for which I report spam, I noticed one account where the SC parsed wanted to notify my mail account host. Odd. Because I manually review ever parse, I caught the problem and cancelled the report. Turns out that my mail service had re- configured the way that SpamAssasin handled possible spam, and the provider's server was sending me new mail with the spam encapsulated. Screwed the spam reporting; but, apparently my note to them caused them to return the configuration so the spam would not be encapsulated in new mail. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From Ilgaz at spamcop.net Sat Apr 16 12:20:11 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Apr 16 04:25:10 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: On 2005-04-16 10:12:58 +0300, "DC" said: > I'm still shocked that the guy getting 9 years in jail for spamming > made over 20-million from people who respond to spam mails. > > Can't believe there are that many fools on the net. > > But this raises a question -- when compiling spam lists, why scrape > every possible e-mail address, even those who report to SC and other > LARTs and NEVER buy from a spammer? > > Why not just compile a list of the dummies who buy the scheiss and > leave the rest of us alone? What is the logic behind bombarding > people (last week, my mail server crashed with a gigabyte of spam) > rather than only bombarding the morons who will buy something? > > Sigh... As I use OS X on Mac and Omniweb which shares nothing in common except Apple html rendering, I clicked some of those ATM password wanting stuff or the obvious spam. I don't suggest to do it since its generally X rated or they are very advanced webcoders. The thing is, many times I noticed site is down. Password stealing sites etc. "So what? they get reported, FBI broke in their houses" you may ask. Sites were down because they couldn't handle LOAD of thousands of morons clicking those. Was giving "server too busy" messages. Speechless eh? :) Ilgaz Ocal From nttp.sc.s at bigsleep.org Sat Apr 16 09:35:11 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 16 04:40:09 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: On 16 Apr 2005 DC entered spamcop and left news:d3qdto$44u$1@news.spamcop.net: > But this raises a question -- when compiling spam lists, why scrape > every possible e-mail address, even those who report to SC and other > LARTs and NEVER buy from a spammer? > That would require work. > Why not just compile a list of the dummies who buy the scheiss and > leave the rest of us alone? What is the logic behind bombarding > people (last week, my mail server crashed with a gigabyte of spam) > rather than only bombarding the morons who will buy something? > That's what they use "web bugs" for. Those who never open spam and load the images never get the "good stuff". -- | Ric | From DougThegarden at hotmail.com Sat Apr 16 10:53:22 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sat Apr 16 04:56:26 2005 Subject: [SpamCop-List] Re: Unbelievable In-Reply-To: References: Message-ID: DC wrote: > I'm still shocked that the guy getting 9 years in jail for spamming made > over 20-million from people who respond to spam mails. > > Can't believe there are that many fools on the net. > Why else would they keep spamming, phishing and 419ing? Because you can fool some of the people all of the time and it pays. > > Why not just compile a list of the dummies who buy the scheiss and leave the > rest of us alone? What is the logic behind bombarding people (last week, > my mail server crashed with a gigabyte of spam) rather than only bombarding > the morons who will buy something? > Because sending e-mails to everyone costs nothing but sorting them out costs time and effort and therefore cash. Doug From nobody at devnull.spamcop.net Sat Apr 16 07:09:54 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Apr 16 07:10:20 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: > Sites were down because they couldn't handle LOAD of thousands of > morons clicking those. Was giving "server too busy" messages. > > Speechless eh? :) There are people who deliberately with some kind of program bombard spamvertized sites in order to shut them down. So it may not be 'buyers' who are making the server too busy. My guess is that more money is made from selling lists than from actually selling products in the spam economy. Miss Betsy From DougThegarden at hotmail.com Sat Apr 16 14:08:21 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sat Apr 16 08:10:05 2005 Subject: [SpamCop-List] Re: Unbelievable In-Reply-To: References: Message-ID: Miss Betsy wrote: > > So it may not be 'buyers' who are making the server too busy. My > guess is that more money is made from selling lists than from > actually selling products in the spam economy. > And maybe even more from the anti-spam solutions: http://news.inq7.net/common/print.php?index=1&story_id=15092&site_id=30 Doug From DougThegarden at hotmail.com Sat Apr 16 15:36:27 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sat Apr 16 09:40:04 2005 Subject: [SpamCop-List] Maybe its true! Message-ID: Maybe Miriam has been telling the truth all along in her e-mails ;-) http://news.bbc.co.uk/1/hi/world/africa/4449587.stm Doug "The son of former Nigerian military ruler Sani Abacha has been charged with money laundering and fraud after being extradited to Switzerland. Investigating judge Daniel Dumartheray told the BBC that Abba Sani Abacha was wanted in connection with the loss of hundreds of millions of dollars. He was extradited from Germany, where he was arrested last year. Nigerian state lawyers believe Sani Abacha may have stolen $2.2bn (?1.8bn) from 1993 until his death in 1998. Mr Dumartheray told the BBC News website that the Swiss authorities had been seeking Abba Abacha since 1999. He was charged with aggravated money laundering, participation in a criminal organisation and embezzlement. The judge said Mr Abacha should be brought before court within eight days from the Geneva prison, where he is currently being held. Money returned In February, Switzerland announced that it was returning to Nigeria $458m invested in its banks by Abacha. The Abacha family failed in a last-ditch court appeal to prevent the money being handed back to Nigeria. Switzerland agreed last August to hand over the money - which has been in frozen accounts since Abacha's death - and said an inquiry proved it had criminal origins. As well as Switzerland, Nigeria is looking for money in the UK, Liechtenstein, Luxembourg and the US. From not at home.today Sat Apr 16 15:47:36 2005 From: not at home.today (Ant) Date: Sat Apr 16 09:55:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: "Mike Easter" wrote: > My remark about rfc-i not going into the fine points was based on old > information; I hadn't reviewed the available website information > recently when I sed that. Ah, right. I must say I was somewhat surprised by the vehemence of your 'rant'. I've known of rfc-i for a long time, but only recently looked at their pages in detail. [snip] > the annotated and highlighted RFC 2821 sec 4.5.1 is an excellent idea. That's pretty useful. [...] > That type of improvement fixes my #1 gripe about rfc-i not addressing > the RFCs properly. The pages don't show a last-modified timestamp, so I > can't say how long they've been like that. Bottom of the pages: ... policy-postmaster.php,v 1.12 2004/10/08 ... ... policy-abuse.php,v 1.11 2004/08/22 ... [snip] > Of course, the proper [but not RFC related] abuse address for SC.net > is reg's at abuse.net > abusenet2@admin.spamcop.net Yes, and the rfc-i evidence auto-ack (which doesn't have a date) says use appeals@. I don't see why SC cannot redirect mail sent to standard domain contact points to a preferred subdomain mailbox. Perhaps it's thought that if one has to do some work to find the correct address it will discourage frivolous complaints. [snip] > Then, the 'meaning' of a list has to do with how it is interpreted > by those who might use it, and how it would be used. Absolutely. Some people gripe about being on a particular list without understanding its basis. They need to put their case to the admins using it to block mail, rather than the list maker, if they think such use is inappropriate for them. > Now that rfc-i has a more comprehensive description of what its > interpretation of compliance really means, I suspect that if Julian or > some admin would look that over, they could find a way to comply with > rfc-i's notion of compliance for pm & abuse. I would be interested to know why the RFCs are not followed, or thought not to be applicable in this instance. From panoptes at iquest.net Sat Apr 16 11:59:40 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Sat Apr 16 12:00:07 2005 Subject: [SpamCop-List] Apparent DNS blockage Message-ID: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> The website http://www.thefakerolex.net is one that has been appearing in spam. SpamCop keeps discarding it as fake, but the DNS does resolve elsewhere. The dnsstuff site sees no problem with that lookup (aside from some variation in the TTL). -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From usenet2 at DE.LETE.THISljvideo.com Sat Apr 16 18:10:32 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 16 13:15:14 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: Waiving the right to remain silent, N. Miller said: > In article , DC says... > >> I'm still shocked that the guy getting 9 years in jail for >> spamming made over 20-million from people who respond to spam >> mails. > >> Can't believe there are that many fools on the net. > > He was convicted of spamming that many people. There was nothing > said about all of them actually responding to the spam. He was NOT convicted of spamming. He was convicted of breaking other laws. IIRC, it had to do with using falsified information. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From nobody at xyzzy.claranet.de Sat Apr 16 21:10:33 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Apr 16 14:15:03 2005 Subject: [SpamCop-List] Re: Top Posted References: Message-ID: <42615519.5260@xyzzy.claranet.de> Robert Blair wrote: > In newsgroups there is no real requirement to post a valid > email address since all communications is in the newsgroup > not through email. That's completely wrong. For off topic discussions switching to mail is very useful. For private replies to public articles mail is essential. For minimal plausibility checks of Cancel messages a valid From is required. For "purging" articles in the Google archive a valid From is essential. For hard cases when two posters claim to have the same address the only way to resolve it is to ask by mail. Usenet without mail does not work as intended. Any similar one-to-many communication system offers one-to-one communication. Mailing lists, Web forums, IM systems, and even the better Blogs offer it. There's no convincing reason why Usenet should be completely different. If you're unable to get or configure a spam-filtered address for this purpose it's another story, and if you have reasons to post quasi-anonymous it's again another issue, especially here, but it's not the norm. Bye, Frank From nobody at devnull.spamcop.net Sat Apr 16 14:49:40 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Sat Apr 16 14:50:03 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> Message-ID: Hey, hey: the statement is 'right'. off topic off group is off news. Posting to a newsgroup is just that. If you want to flame the poster in private, and the poster decides not to publish an email address, then so be it! completely wrong: apply it to your email. News is news, email is email, cross-over is optional. sg On Sat, 16 Apr 2005 20:10:33 +0200, Frank Ellermann wrote: > Robert Blair wrote: > >> In newsgroups there is no real requirement to post a valid >> email address since all communications is in the newsgroup >> not through email. > > That's completely wrong. For off topic discussions switching > to mail is very useful. For private replies to public articles > mail is essential. For minimal plausibility checks of Cancel > messages a valid From is required. For "purging" articles in > the Google archive a valid From is essential. For hard cases > when two posters claim to have the same address the only way > to resolve it is to ask by mail. Usenet without mail does not > work as intended. Any similar one-to-many communication system > offers one-to-one communication. Mailing lists, Web forums, > IM systems, and even the better Blogs offer it. There's no > convincing reason why Usenet should be completely different. > > If you're unable to get or configure a spam-filtered address > for this purpose it's another story, and if you have reasons > to post quasi-anonymous it's again another issue, especially > here, but it's not the norm. > Bye, Frank From nobody at devnull.spamcop.net Sat Apr 16 15:27:54 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Sat Apr 16 15:30:07 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: He did not make this money from people responding. He made this money from idiots thinking spam is the right thing, and he actually suckered them pretty well. Here is how spam works: meet Joe Spammer. Joe spammer puts out ad in marketing trade rags, mailing lists, local newspapers: "get free leads for your product; free marketing campaign" Jake Greedball reads it: cool, let's go; Jake Greedball calls Joe Spammer. Joe Spammer gives a marketing speech. Essence: mass email to a focussed group of interested individuals. "I do have millions on file, sorted by interest" Programs available are: mail to 1,000,000 interested, selected individuals --comment: "selected": Joe Spammer canvassed whois, newsgroups, mailing lists and web sites for mailto:, from:, to:, cc:, and/or bought the "millions of email addresses' CDs that are widely offered through spam; Joe Spammer's 'focus' is: make a quick buck from a big suck! Jake Greedball: $? (imagine a very small $ sign .....) Joe Spammer: Prog. 1: send out 1,000,000 advertisements, $50 Prog. 2: send out 500,000 advertisements, with confirmed reception (i.e. checks that the mailer on the other end actually accepts email for that user): $500 ( Jake Greedball probably takes this one) If Jake Greedball has about 1/10th cubic inch of gray matter functioning, he will ask for better confirmation: Joe Spammer: Prog. 3: user clicks on web site after reading email: $.02 per click (this is the Million $ Jackpot game! Getting Joe Greedball to sign that!). - comment: 'click': nobody 'clicks': Microsoft Corporation has provided help here in the various spam/marketing friendly megashaft email clients: web links get opened if you want it or not; just having a message in the preview pane opens a link, a 'click'; the links are spiked, e.g., http://spammersite.com/product/showthatjunk?thisisthestringthatmakesmoneybecause-it-links-this-http-connection-to-the-sent-email Jake Greedball: eats it raw Joe Spammer: another sucker down, many many more to go That spammer got arrested for: impersonating (my email on spam results in an immediate form submission to the FBI on their reporting site) license violations (well, once they got his computers....) deception in all variations (some Jake Greedball had 2/10th of a cubic inch of brain matter still working!) Nobody gets arrested for spam. The internet is a legal-free zone: cannot be regulated! That's why it is so important to: ############################################################# forward any spam to: uce@ftc.gov forward pharmacy spam to: webcomplaints@ora.fda.gov forward stock offers too good to be true to: enforcement@sec.gov forward all 'XP SP2' < $100 to: piracy@microsoft.com (YES! this works great!!!!) forward all kiddy porn offers to: C3@customs.treas.gov (a real spammer killer for the 'young, underage...' offers!) forward other software 'too cheap to be true' offers to these: piracy@adobe.com nopiracy@corel.com #################################################################### This gets spammers off the net! No matter how much they suckered off their greedball customers: faking the header makes the spammer an accessory to an illegal offer introducing obfuscation makes the spammer an accessory to an illegal offer simply propagating illegal offers (hash, dope, childporn) gets them off the street like chlorox on birdpoop! Does the spammer use outlook? does the included doc contain signs being composed on a Microsoft based system (word/iis/compressing SW) -> piracy@microsoft.com Because: 'Joe Spammer not uses licensed SW', that's a given! sg On Sat, 16 Apr 2005 17:10:32 +0000, Larry J. wrote: > Waiving the right to remain silent, N. Miller > said: > >> In article , DC says... >> >>> I'm still shocked that the guy getting 9 years in jail for >>> spamming made over 20-million from people who respond to spam >>> mails. >> >>> Can't believe there are that many fools on the net. >> >> He was convicted of spamming that many people. There was nothing >> said about all of them actually responding to the spam. > > He was NOT convicted of spamming. He was convicted of breaking other > laws. IIRC, it had to do with using falsified information. From ivan at gmail.com Sun Apr 17 00:19:54 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Apr 16 17:20:04 2005 Subject: [SpamCop-List] Re: Unbelievable In-Reply-To: References: Message-ID: > forward other software 'too cheap to be true' offers to these: > > piracy@adobe.com > nopiracy@corel.com and tip@macromedia.com spamwatch@symantec.com software@bsa.org Ivan. From nobody at devnull.spamcop.net Sat Apr 16 20:39:50 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 16 19:40:04 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:42615519.5260@xyzzy.claranet.de... > Robert Blair wrote: > >> In newsgroups there is no real requirement to post a valid >> email address since all communications is in the newsgroup >> not through email. > > That's completely wrong. For off topic discussions switching > to mail is very useful. For private replies to public articles > mail is essential. For minimal plausibility checks of Cancel ... But the fact still remains, "In newsgroups there is no real requirement to post a valid email address since all communications is in the newsgroup not through email." If one HAS a reason, and it's useful to them, then they can do it. But, there is NO requirement for using a valid email address in a newsgroup and in most cases all it does is provide another spammer-scrapable address for the spammy lists which then go on sale. Newsgroup addies are even better than those scraped from web pages because they are deomonstrably "active" by virtue of the post, which adds more value to the list of addresses at sell-time. Pop From eddie at eddie.web Sat Apr 16 22:27:23 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 16 21:30:03 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: On Sat, 16 Apr 2005 03:12:58 -0400, DC scratched out the following: > I'm still shocked that the guy getting 9 years in jail for spamming made > over 20-million from people who respond to spam mails. > > Can't believe there are that many fools on the net. Does he get to keep the 20 mil? How many people would take a 9-year jail term and come out with 20 mil plus capital gains? Not really a bad deal. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Sat Apr 16 21:55:40 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Apr 16 21:55:07 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: "Doug Thegarden" wrote in message news:d3qv7m$c4g$1@news.spamcop.net... > Miss Betsy wrote: > > > > So it may not be 'buyers' who are making the server too busy. My > > guess is that more money is made from selling lists than from > > actually selling products in the spam economy. > > > > And maybe even more from the anti-spam solutions: > http://news.inq7.net/common/print.php?index=1&story_id=15092&site_id=30 > If blocking lists only had sales personnel!!! Miss Betsy From wb8tyw at qsl.network Sun Apr 17 00:42:47 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Apr 16 23:45:07 2005 Subject: [SpamCop-List] Re: Unbelievable In-Reply-To: References: Message-ID: eddie wrote: > On Sat, 16 Apr 2005 03:12:58 -0400, DC scratched out the following: > >>I'm still shocked that the guy getting 9 years in jail for spamming made >>over 20-million from people who respond to spam mails. >> >>Can't believe there are that many fools on the net. > > Does he get to keep the 20 mil? How many people would take a 9-year jail > term and come out with 20 mil plus capital gains? Not really a bad deal. I wonder what his tax returns say he made? -John wb8tyw@qsl.network Personal Opinion Only From bahkah at midsouth.rr.com Sun Apr 17 09:40:17 2005 From: bahkah at midsouth.rr.com (JT) Date: Sun Apr 17 09:40:03 2005 Subject: [SpamCop-List] moles Message-ID: The "silent reports" show my ISP at the top and mu username at the bottom...??! From bahkah at midsouth.rr.com Sun Apr 17 09:54:16 2005 From: bahkah at midsouth.rr.com (JT) Date: Sun Apr 17 09:55:05 2005 Subject: [SpamCop-List] Mole Message-ID: I viewed the reports sent, and it shows my ISP at the top and my username at the bottom. Please help me to understand how this is "silent" From MikeE at ster.invalid Sun Apr 17 08:31:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 17 10:30:06 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: JT wrote: > I viewed the reports sent, and it shows my ISP at the top and my > username at the bottom. Please help me to understand how this is > "silent" Presuming that your giving your message the subject "Mole" means that you are registered as a mole resporter and you submitted a spam and you are looking at something which you think we can all see as if we were looking thru' your eyeballs. So, now you are saying "I'm looking at something, please explain it to me." That is not a good way to ask questions because it really makes anyone who wants to try to answer you have to work and talk and imagine and guess and give half-*ssed information because of the quality or lack thereof of your question asking. First, when you sign up to be a mole you can look at "What is this?" http://www.spamcop.net/fom-serve/cache/373.html What is "mole" reporting? That page contains this sentence "SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" That means that no report is sent; so whatever you are looking at isn't sent to anyone. A mole report is a non-report, and the spamsource doesn't count toward the SCbl and the data is only used in some kind of non-reported mysterious cumulative kind of way by spamcop which doesn't attach any information about your provider or your IP or your identity to anyone outside of SC. -- Mike Easter kibitzer, not SC admin From bahkah at midsouth.rr.com Sun Apr 17 12:22:50 2005 From: bahkah at midsouth.rr.com (JT) Date: Sun Apr 17 12:25:04 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: Thanks for replying and explaining as only you can. Believe it or not, I can read, and *I'm* more than willing to consider that others can think. Didn't feel the need to wax or write a book... When I click on "View Report", I see "my ISP at top"... I'm guessing that your Mrs. doesn't let you talk at home; got tired of your pedantics early on. Thanks again though. "Mike Easter" wrote in message news:d3trt9$mlq$1@news.spamcop.net... JT wrote: > I viewed the reports sent, and it shows my ISP at the top and my > username at the bottom. Please help me to understand how this is > "silent" Presuming that your giving your message the subject "Mole" means that you are registered as a mole resporter and you submitted a spam and you are looking at something which you think we can all see as if we were looking thru' your eyeballs. So, now you are saying "I'm looking at something, please explain it to me." That is not a good way to ask questions because it really makes anyone who wants to try to answer you have to work and talk and imagine and guess and give half-*ssed information because of the quality or lack thereof of your question asking. First, when you sign up to be a mole you can look at "What is this?" http://www.spamcop.net/fom-serve/cache/373.html What is "mole" reporting? That page contains this sentence "SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" That means that no report is sent; so whatever you are looking at isn't sent to anyone. A mole report is a non-report, and the spamsource doesn't count toward the SCbl and the data is only used in some kind of non-reported mysterious cumulative kind of way by spamcop which doesn't attach any information about your provider or your IP or your identity to anyone outside of SC. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 17 10:41:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 17 12:40:03 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: JT wrote: > When I click on "View Report", I see "my ISP at top"... So what? -- Mike Easter kibitzer, not SC admin From panoptes at iquest.net Sun Apr 17 12:43:43 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Sun Apr 17 12:45:03 2005 Subject: [SpamCop-List] SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 Message-ID: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7a z That's like trying to use an address at ripe.net to report problems in RIPE space. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From Vanguard at domain.invalid Sun Apr 17 13:18:03 2005 From: Vanguard at domain.invalid (Vanguard) Date: Sun Apr 17 13:20:28 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: "JT" wrote in message news:d3u2ec$q39$1@news.spamcop.net... > Thanks for replying and explaining as only you can. Believe it or > not, I can read, and *I'm* more than willing to consider that others > can think. Didn't feel the need to wax or write a book... > > When I click on "View Report", I see "my ISP at top"... > > I'm guessing that your Mrs. doesn't let you talk at home; got tired of > your pedantics early on. Thanks again though. > > > "Mike Easter" wrote in message > news:d3trt9$mlq$1@news.spamcop.net... > JT wrote: >> I viewed the reports sent, and it shows my ISP at the top and my >> username at the bottom. Please help me to understand how this is >> "silent" > > Presuming that your giving your message the subject "Mole" means that > you are registered as a mole resporter and you submitted a spam and > you > are looking at something which you think we can all see as if we were > looking thru' your eyeballs. > > So, now you are saying "I'm looking at something, please explain it to > me." > > That is not a good way to ask questions because it really makes anyone > who wants to try to answer you have to work and talk and imagine and > guess and give half-*ssed information because of the quality or lack > thereof of your question asking. > > First, when you sign up to be a mole you can look at "What is this?" > http://www.spamcop.net/fom-serve/cache/373.html What is "mole" > reporting? > > That page contains this sentence "SpamCop now offers new and existing > users an option to withhold almost all data - registering reports in > SpamCop's database, but never sending reports to the "ISP" > > That means that no report is sent; so whatever you are looking at > isn't > sent to anyone. A mole report is a non-report, and the spamsource > doesn't count toward the SCbl and the data is only used in some kind > of > non-reported mysterious cumulative kind of way by spamcop which > doesn't > attach any information about your provider or your IP or your identity > to anyone outside of SC. You didn't expect to see yourself identified in a report you created? You think spammers are going around generating a random 43-character sequence in some ridiculous attempt to see who reported what and from those results parse out which reports regards their own spam? Yeah, right. Being a mole means that the abuse contact won't get your report, so how else are they going to find it to identify you specifically reported them? Do you issue a spam report as a mole and then separately go e-mail the abuse contact with the link to your report? If so, why be a mole in the first place? -- ____________________________________________________________ ** Post your replies to the newsgroup - Share with others ** For e-mail Reply: remove "DELETE", add "~VN56~" to Subject. ____________________________________________________________ From MikeE at ster.invalid Sun Apr 17 11:20:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 17 13:20:55 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: Daniel W. Johnson wrote: > http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7a > z Something is wrong with that broken tracker.. Reattaching the 'z' to the tracker gives me http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az or www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az or id z751407904z299a158b87b909a5b386fda37e6afb7az which doesn't have anything about 165.146.0.114 which is rDNS rndf-146-0-114.telkomadsl.co.za But, if I stick that IP from your subject into the tracker, SC does fail to properly use afrinic. That is a bug which must be corrected, not handled by routing adjustments. I also think that RIPE doesn't handle non-RIPE queries properly. I think that all of the top RIRs, arin, ripe, apnic, lacnic, and now afrinic should properly refer to the appropriate RIR if they are queried. Only arin acts properly in that regard; so if you query ripe and the query were misdirected, ripe doesn't tell you to go to afrinic. > That's like trying to use an address at ripe.net to report problems in > RIPE space. Something is wrong with that statement too. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 17 11:31:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 17 13:30:06 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: Mike Easter wrote: > Daniel W. Johnson wrote: >> That's like trying to use an address at ripe.net to report problems >> in RIPE space. > > Something is wrong with that statement too. Oh, now I get it. You mean like notifying hostmaster or abuse ripe.net for something in the ripe RIR. -- Mike Easter kibitzer, not SC admin From panoptes at iquest.net Sun Apr 17 17:09:18 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Sun Apr 17 17:10:06 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: <1gv67cg.18hfbo6o40pc8N%panoptes@iquest.net> Mike Easter wrote: > Something is wrong with that broken tracker.. > > Reattaching the 'z' to the tracker gives me > > http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az > or > www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az > or id > z751407904z299a158b87b909a5b386fda37e6afb7az > > which doesn't have anything about 165.146.0.114 which is rDNS > rndf-146-0-114.telkomadsl.co.za I must have had something else in my paste buffer. Here's the real tracker: -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From panoptes at iquest.net Sun Apr 17 17:13:20 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Sun Apr 17 17:15:07 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: <1gv67mo.yjzase1kg7hx4N%panoptes@iquest.net> Mike Easter wrote: > Oh, now I get it. You mean like notifying hostmaster or abuse > ripe.net for something in the ripe RIR. Yep. I left that notification in, though, in case the abusepoc address is actually a holdover that does something useful. And here's another attempt at the tracker: http://www.spamcop.net/sc?id=z753359051z769b892bb28b8268f192e6c87301d440z -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From nobody at devnull.spamcop.net Sun Apr 17 18:45:47 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sun Apr 17 17:50:03 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> <1gv67cg.18hfbo6o40pc8N%panoptes@iquest.net> Message-ID: "Daniel W. Johnson" wrote in message > Mike Easter wrote: ... gross snippage ... Daniel W. Johnson posted parse tracker: http://www.spamcop.net/sc?id=z753359051z769b892bb28b8268f192e6c87301d440z And I am thinking that you posted the item to the FTC, and 419.fcd@usss.treas.gov with "No monetary loss" in "Subject" line. But I am forgetting which Yahoo! Inc abuse desk squashes email addies used in 419 spams: I think Mike Easter will remember. I have three abuse desks for Yahoo! Inc. and I have lost track of which for what: mail-abuse@yahoo-inc.com mail-spoof@cc.yahoo-inc.com postmaster@yahoo.com and then there is yahoo@admin.spamcop.net If memory serves, it would be mail-abuse@yahoo-inc.com, but Mike E. knows... Glenn From smcgarrett at hawaii.com Sun Apr 17 18:32:33 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Sun Apr 17 18:35:07 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) In-Reply-To: References: Message-ID: Mike Easter wrote: > Yep. Julian has fixed the little bug. Well, it now seems my friend was also sometimes editing the received line to remove the "for " part, and occasionally deleting the following semicolon by accident. In some cases, this can still trigger the bug. It turns out that when the semicolon before the date is missing, the Received line is incorrectly parsed if the rDNS is more than 16 characters long. Thus, of the following four cases, the first three parse correctly and the fourth does not: Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165 for ; Thu, 14 Apr 2005 15:32:32 -0400 (EDT) Received: from 11.red-82-158-114.user.auna.net (14.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165 Thu, 14 Apr 2005 15:32:32 -0400 (EDT) Received: from 11.red-82-158-114.user.auna.net (11.red-82-158-114.user.auna.net [82.158.114.11]) by hood.cnchost.com (ConcentricHost(2.54) MX) with SMTP id CF36D33165 Thu, 14 Apr 2005 15:32:32 -0400 (EDT) (I know the rDNS in case 3 is not accurate, but I'm just using it as an example.) I have now pointed out the "Obscure identifying information" option to her, and she has set it. (She hadn't found this because the options are listed as "non-critical" and for "more technical users.") I also pointed out the rules for not making "material" changes to spam. So she should now be in good shape as long as her ISP's inbound mail servers continue to follow their current Received line sytax. As for configuring Mailhosts, she says she found it "too confusing" and was afraid she was going to "permanently screw up" her account, so she still won't touch it. I guess that's my next hurdle. :-) Aloha, McGarrett "LART 'em, Danno!" From Ilgaz at spamcop.net Mon Apr 18 02:42:31 2005 From: Ilgaz at spamcop.net (Ilgaz) Date: Sun Apr 17 18:45:07 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: On 2005-04-17 19:43:43 +0300, panoptes@iquest.net (Daniel W. Johnson) said: > http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7a > z > > That's like trying to use an address at ripe.net to report problems in > RIPE space. Hi, I am a ordinary spamcop customer here, just browsing sometimes. There is huge load of information at www.spamcop.net for admins. If I understood you correctly (I saw message), a DNS area admin is counted as "spammer host". Would create lots of problems of course. Its like (now changed) notifying ipg@metu.edu.tr for every spammer in Turkey. Which is DNS master in fact. I think you may first block the Spamcop from sending reports (polite way, by notifying not blocking) and may fix it later. Hope I understood right. Anyway, www site is pure standards compliant and text only. Ilgaz Ocal From panoptes at iquest.net Sun Apr 17 18:59:07 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Sun Apr 17 19:00:04 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> Message-ID: <1gv6cf6.b5fcv08rmqi4N%panoptes@iquest.net> Ilgaz wrote: > If I understood you correctly (I saw message), a DNS area admin is > counted as "spammer host". Would create lots of problems of course. > > Its like (now changed) notifying ipg@metu.edu.tr for every spammer in > Turkey. Which is DNS master in fact. > > I think you may first block the Spamcop from sending reports (polite > way, by notifying not blocking) and may fix it later. > > Hope I understood right. Anyway, www site is pure standards compliant > and text only. I think I didn't express my point clearly enough. Reporting spammers in RIPE space to hostmaster at ripe.net: Bad. And not Spamcop's current behavior (if it ever was). Reporting spammers in Turkey to ipg at metu.edu.tr: Bad. And possibly Spamcop's current behavior. Reporting spammers in Africa to abusepoc at afrinic.net: Bad. But the natural consequence of Spamcop's parsing at this time. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From nttp.sc.s at bigsleep.org Mon Apr 18 00:19:11 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 17 19:20:04 2005 Subject: [SpamCop-List] Re: Help with odd parsing error (Deputies?) References: Message-ID: On 17 Apr 2005 Steve McGarrett entered spamcop and left news:d3uo62$5b6$1@news.spamcop.net: > Well, it now seems my friend was also sometimes editing the received > line to remove the "for " part, and occasionally deleting the > following semicolon by accident. In some cases, this can still trigger > the bug. > Why are you messing with trusted headers? I already pointed out that the trusted headers weren't the problem. Trying to discover a bug by breaking something is unscientific, to say the least, and Spamcop don't want you doing it. Spamcop should be removing your eMail from the for line, it always does for me. -- | Ric | From noone at nowhere.com Sun Apr 17 20:52:39 2005 From: noone at nowhere.com (Bob Itguy) Date: Sun Apr 17 19:55:03 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: Not trying to hijack but I was a mole for quite a while until I realized no reports were going out. I was assuming (yea I know, can't assume anything) that a mole was kinds like a hidden reporter. I think the OP might be under the same false assumption as I was. Someone here cleared that error up one day for me so now I report as I once did, the regular way (btw for those that don't know look under Preferences/Report Handling Options to change this). As one of the other responders said, need to read the FAQs. I know I sure should have and will from now on ;) "Vanguard" wrote in message news:d3u5ob$rvp$1@news.spamcop.net... > "JT" wrote in message > news:d3u2ec$q39$1@news.spamcop.net... >> Thanks for replying and explaining as only you can. Believe it or not, I >> can read, and *I'm* more than willing to consider that others can think. >> Didn't feel the need to wax or write a book... >> >> When I click on "View Report", I see "my ISP at top"... >> >> I'm guessing that your Mrs. doesn't let you talk at home; got tired of >> your pedantics early on. Thanks again though. >> >> >> "Mike Easter" wrote in message >> news:d3trt9$mlq$1@news.spamcop.net... >> JT wrote: >>> I viewed the reports sent, and it shows my ISP at the top and my >>> username at the bottom. Please help me to understand how this is >>> "silent" >> >> Presuming that your giving your message the subject "Mole" means that >> you are registered as a mole resporter and you submitted a spam and you >> are looking at something which you think we can all see as if we were >> looking thru' your eyeballs. >> >> So, now you are saying "I'm looking at something, please explain it to >> me." >> >> That is not a good way to ask questions because it really makes anyone >> who wants to try to answer you have to work and talk and imagine and >> guess and give half-*ssed information because of the quality or lack >> thereof of your question asking. >> >> First, when you sign up to be a mole you can look at "What is this?" >> http://www.spamcop.net/fom-serve/cache/373.html What is "mole" >> reporting? >> >> That page contains this sentence "SpamCop now offers new and existing >> users an option to withhold almost all data - registering reports in >> SpamCop's database, but never sending reports to the "ISP" >> >> That means that no report is sent; so whatever you are looking at isn't >> sent to anyone. A mole report is a non-report, and the spamsource >> doesn't count toward the SCbl and the data is only used in some kind of >> non-reported mysterious cumulative kind of way by spamcop which doesn't >> attach any information about your provider or your IP or your identity >> to anyone outside of SC. > > > You didn't expect to see yourself identified in a report you created? You > think spammers are going around generating a random 43-character sequence > in some ridiculous attempt to see who reported what and from those results > parse out which reports regards their own spam? Yeah, right. Being a > mole means that the abuse contact won't get your report, so how else are > they going to find it to identify you specifically reported them? Do you > issue a spam report as a mole and then separately go e-mail the abuse > contact with the link to your report? If so, why be a mole in the first > place? > > -- > ____________________________________________________________ > ** Post your replies to the newsgroup - Share with others ** > For e-mail Reply: remove "DELETE", add "~VN56~" to Subject. > ____________________________________________________________ > From MikeE at ster.invalid Sun Apr 17 17:55:38 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 17 19:55:23 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> <1gv6cf6.b5fcv08rmqi4N%panoptes@iquest.net> Message-ID: Daniel W. Johnson wrote: > Ilgaz >> Its like (now changed) notifying ipg@metu.edu.tr for every spammer in >> Turkey. Which is DNS master in fact. > Reporting spammers in Turkey to ipg at metu.edu.tr: Bad. And possibly > Spamcop's current behavior. > > Reporting spammers in Africa to abusepoc at afrinic.net: Bad. But the > natural consequence of Spamcop's parsing at this time. But it isn't the same situation. afrinic is now a legitimate RIR just like ripe is, and SC should be querying afrinic about the IPs which arin refers to afrinic for. It shouldn't be querying ripe about an afrinic IP. Or lacnic about an afrinic IP. Or apnic about an afrinic IP. But the .tr IP addresses are under ripe. While metu.edu.tr is an important .tr netblock, it isn't the only one found in ripe. So is ulakbim.gov.tr and presumably others. The .tr related IP addresses need to have themselves properly reg'd in ripe for their tech/admin or abuse contacts. Also, it would be nice if the corresponding appropriate domainname for the contacts were also abuse.net reg'd. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Sun Apr 17 21:13:21 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sun Apr 17 23:15:25 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: In article , Larry J. says... > He was NOT convicted of spamming. He was convicted of breaking other > laws. IIRC, it had to do with using falsified information. Well, I stand corrected. I knew what I meant to say, though... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Sun Apr 17 21:19:31 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sun Apr 17 23:20:09 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: In article , JT says... > I viewed the reports sent, and it shows my ISP at the top and my username at > the bottom. Please help me to understand how this is "silent" The report was not sent to anybody; just used by SC for statistics. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From panoptes at iquest.net Mon Apr 18 00:55:04 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Mon Apr 18 01:00:03 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv5v28.11xr4vy11k60c8N%panoptes@iquest.net> <1gv6cf6.b5fcv08rmqi4N%panoptes@iquest.net> Message-ID: <1gv6ssw.n0mc361y79jw0N%panoptes@iquest.net> Mike Easter wrote: > But it isn't the same situation. afrinic is now a legitimate RIR just > like ripe is, and SC should be querying afrinic about the IPs which arin > refers to afrinic for. It shouldn't be querying ripe about an afrinic > IP. Or lacnic about an afrinic IP. Or apnic about an afrinic IP. > > But the .tr IP addresses are under ripe. While metu.edu.tr is an > important .tr netblock, it isn't the only one found in ripe. So is > ulakbim.gov.tr and presumably others. The .tr related IP addresses need > to have themselves properly reg'd in ripe for their tech/admin or abuse > contacts. Also, it would be nice if the corresponding appropriate > domainname for the contacts were also abuse.net reg'd. Okay, maybe I shouldn't have taken Ilgaz's description of .tr at face value. Something else I've noticed: For at least some RIPE addresses, SC asks ARIN first, then recognizes that response as a redirection and asks RIPE. I'm not sure why it doesn't do the same thing for the redirection in AfriNIC's record. -- Daniel W. Johnson panoptes@iquest.net http://members.iquest.net/~panoptes/ 039 53 36 N / 086 11 55 W From / at /.cn Mon Apr 18 16:37:28 2005 From: / at /.cn (Petzl) Date: Mon Apr 18 01:40:04 2005 Subject: [SpamCop-List] Re: moles References: Message-ID: "JT" wrote in message news:d3toti$l4v$1@news.spamcop.net... > The "silent reports" show my ISP at the top and mu username at the > bottom...??! Not clear on what you are getting at here? This info may help If you are using SpamCop to report spam it is important to *FIRST* "whitelist" your own ISP You do this by clicking the "MailHosts" tap on your reporting page and entering all your email addresses with *different* domain names For instance if you have Joe@devnul and Sam@devnul you only need to enter one of them for (MailHost) whitelisting Many people wish to not give abuse reports to ISP's, in this case you select "Mole" reporting which does not identify you or your spam to other parties. Aside from statistcs mole reporting is pointless You can select other options under "preferences" and "Spam Munging" Petzl From nobody at devnull.spamcop.net Mon Apr 18 02:04:08 2005 From: nobody at devnull.spamcop.net (Cat) Date: Mon Apr 18 02:05:04 2005 Subject: [SpamCop-List] Re: Top Posted In-Reply-To: References: <42615519.5260@xyzzy.claranet.de> Message-ID: (Top posting fixed) skinnyguy wrote: > On Sat, 16 Apr 2005 20:10:33 +0200, Frank Ellermann wrote: > > >>Robert Blair wrote: >> >> >>>In newsgroups there is no real requirement to post a valid >>>email address since all communications is in the newsgroup >>>not through email. >> >>That's completely wrong. > Hey, hey: > > the statement is 'right'. > > off topic off group is off news. > > Posting to a newsgroup is just that. > If you want to flame the poster in private, and the poster decides not to > publish an email address, > then so be it! > > completely wrong: apply it to your email. > > News is news, email is email, cross-over is optional. > > sg Well, since you're talking about right or wrong here, check out these two links since you still insist on top posting: http://linux.sgms-centre.com/misc/netiquette.php (specifically #6) http://www.river.com/users/share/etiquette/ (#1 and #2) From Ilgaz at spamcop.net Mon Apr 18 12:05:14 2005 From: Ilgaz at spamcop.net (Ilgaz) Date: Mon Apr 18 04:10:04 2005 Subject: [SpamCop-List] Re: SpamCop doesn't use AfriNIC for lookup of 165.146.0.114 References: <1gv6ssw.n0mc361y79jw0N%panoptes@iquest.net> Message-ID: On 2005-04-18 07:55:04 +0300, panoptes@iquest.net (Daniel W. Johnson) said: > Mike Easter wrote: > >> But it isn't the same situation. afrinic is now a legitimate RIR just >> like ripe is, and SC should be querying afrinic about the IPs which arin >> refers to afrinic for. It shouldn't be querying ripe about an afrinic >> IP. Or lacnic about an afrinic IP. Or apnic about an afrinic IP. >> >> But the .tr IP addresses are under ripe. While metu.edu.tr is an >> important .tr netblock, it isn't the only one found in ripe. So is >> ulakbim.gov.tr and presumably others. The .tr related IP addresses need >> to have themselves properly reg'd in ripe for their tech/admin or abuse >> contacts. Also, it would be nice if the corresponding appropriate >> domainname for the contacts were also abuse.net reg'd. > > Okay, maybe I shouldn't have taken Ilgaz's description of .tr at face > value. > > Something else I've noticed: For at least some RIPE addresses, SC asks > ARIN first, then recognizes that response as a redirection and asks > RIPE. I'm not sure why it doesn't do the same thing for the redirection > in AfriNIC's record. It was very late (4 am or something) and I replied half asleep then figured I completely misunderstood, even launched MT Newswatcher to cancel my article. Eh, its at control.cancel but didn't work. :) Sorry for that METU was assigned to care about DNS stuff in early times, now (for years) we have https://www.nic.tr/ caring about all domain stuff. Poor Unix geeks are always first ones to call by bureaucrats in any tech thing happening ;) Also http://www.spam.org.tr is anti spam organization. Thanks to their efforts, there are no open relays etc for years. Not speaking about zombies of course. Oh, and some clever (!) admins opening relays accidentally and close them. Ilgaz Ocal From nobody at devnull.spamcop.net Mon Apr 18 19:52:35 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 18 05:55:28 2005 Subject: [SpamCop-List] SpamCop unable to handle Unicode URL Message-ID: http://www.spamcop.net/sc?id=z753581057za900e78fe2cdab760454fed73876553bz Spam is encoded BIG5 and contains a multibyte URL http://www.????. com/ (http://www.蒙特梭利.com/). SpamCop seems to be unable to handle multibyte URLs, even when pasted as a standalone address - even when pasted with the numeric HTML numbers. Is this something that is going to be implemented some time in the (near) future? Otherwise spammers will soon jump on this great new opportunity to protect their spamvertized websites from being reported. (They could use multibyte alpha characters, so it won't look so "Chinese": http://www.????????.com/ or other accented alpha characters: http://www.????????.com/). From nobody at devnull.spamcop.net Mon Apr 18 19:56:04 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 18 06:00:05 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL In-Reply-To: References: Message-ID: Patto wrote: > http://www.spamcop.net/sc?id=z753581057za900e78fe2cdab760454fed73876553bz > > Spam is encoded BIG5 and contains a multibyte URL http://www.????. > com/ (http://www.蒙特梭利.com/). SpamCop seems > to be unable to handle multibyte URLs, even when pasted as a standalone > address - even when pasted with the numeric HTML numbers. > > Is this something that is going to be implemented some time in the > (near) future? Otherwise spammers will soon jump on this great new > opportunity to protect their spamvertized websites from being reported. > (They could use multibyte alpha characters, so it won't look so > "Chinese": http://www.????????.com/ or other accented alpha > characters: http://www.????????.com/). Sorry for the b0rken URL above, should be http://www.????.com/ From nobody at devnull.spamcop.net Mon Apr 18 20:02:47 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 18 06:05:04 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL In-Reply-To: References: Message-ID: Patto wrote: > And sorry one more time; I have encoded the previous messages as UTF8, but of course the URL won't exist in this encoding - it should really be BIG5. But you will only "see" the actual URL if you have a Chinese Traditional font installed. Here is the BIG5 URL http://www.»X¯S±ô§Q.com/ - hopefully that will prove to be a real link. From / at /.cn Mon Apr 18 22:05:16 2005 From: / at /.cn (Petzl) Date: Mon Apr 18 07:10:04 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: "DC" wrote in message news:d3qdto$44u$1@news.spamcop.net... > I'm still shocked that the guy getting 9 years in jail for spamming made > over 20-million from people who respond to spam mails. > > Can't believe there are that many fools on the net. > The biggest disgrace is the number of ISP's who let this fraud & filth into their customers email inbox Another reason to *NOT* accept a email address forced onto one just because they wish to access the internet. Best practice is to just use a free throw away Hotmail account rather than your ISP's. Then have them post, if they must, to that address Of course the best email address to get is a SpamCop email one and use it let the others which are mostly usless undefended spam/virus targets drift into legacy accounts Petzl From m at remove.this.part.rtij.nl Mon Apr 18 15:18:57 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Mon Apr 18 08:20:25 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: On Mon, 18 Apr 2005 19:02:47 +0900, Patto wrote: > Patto wrote: >> > > And sorry one more time; I have encoded the previous messages as UTF8, > but of course the URL won't exist in this encoding - it should really be > BIG5. But you will only "see" the actual URL if you have a Chinese > Traditional font installed. Here is the BIG5 URL > http://www.????.com/ - hopefully that will prove to be a real link. It displayed fine in your first post, no reason why it shouldn't. If it didn't in your newsreader, Mozilla is borken. (OTOH, the only valid characterset according to the RFCs is US-ASCII, but very few actually pay notice to that. Most newsreaders luckily don't). M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From m at remove.this.part.rtij.nl Mon Apr 18 15:21:05 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Mon Apr 18 08:25:04 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: On Sat, 16 Apr 2005 10:59:40 -0500, Daniel W. Johnson wrote: > The website http://www.thefakerolex.net is one that has been appearing > in spam. SpamCop keeps discarding it as fake, but the DNS does resolve > elsewhere. The dnsstuff site sees no problem with that lookup (aside > from some variation in the TTL). This seems to be a trend. Maybe spamcop should start using forwarders all over the world to combat this. M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From MikeE at ster.invalid Mon Apr 18 06:36:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 18 08:35:05 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: Martijn Lievaart wrote: > Daniel W. Johnson wrote: > >> The website http://www.thefakerolex.net is one that has been >> appearing in spam. SpamCop keeps discarding it as fake, but the DNS >> does resolve elsewhere. The dnsstuff site sees no problem with that >> lookup (aside from some variation in the TTL). > > This seems to be a trend. Maybe spamcop should start using forwarders > all over the world to combat this. Or maybe SC should start letting us simply report spamvertisers without SC resolving the url or providing notify addresses. It would save SC resources and it would feed a lot of spamvertisers to sc-surbl from the stats page -- especially since a lot of people would like to not notify many spamvertisers anyway. The black hats are in cahoots with the spammer and/or are non-responsive. Notifying them is counterproductive -- but contributing to a system which enables filtering the spam that contains them would be positive. The SC system itself is toothless re the spamvertisers, so there shouldn't be an obligation to notify. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 18 15:04:46 2005 From: nobody at spamcop.net (me-no-no) Date: Mon Apr 18 09:05:08 2005 Subject: [SpamCop-List] Can you believe this ? Message-ID: After a new batch of rolex/viagra/scams, I was doing a little research on simply-rx.net (rx1.dns889.com) currently rotating/resovling around the mulberry bush :-) nserver: rx1.dns889.com 200.149.11.35 nserver: rx2.dns889.com 200.149.11.35 nserver: rx3.dns889.com 200.155.191.26 nserver: rx4.dns889.com 200.155.191.26 etc - as per:- http://groups.google.co.uk/groups?hl=en&lr=&scoring=d&q=dns889.com&btnG=Search However, I was stopped dead in my tracks by:- http://www.jdrowell.com/archives/2005/01/simplyrxcom_suc.html (long thread). If you ever wondered who would purchase (or attempt to purchase - more like) at these scam-sites, just take a peek at a few messages at random. Many appear to gladly part with $200-400 + and not just complain about the spam - but also "wonder" if it is all a rip-off ? I remain - yours "speechless" for today ! Ciao Meno From MikeE at ster.invalid Mon Apr 18 07:33:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 18 09:35:08 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: me-no-no wrote: > However, I was stopped dead in my tracks by:- > http://www.jdrowell.com/archives/2005/01/simplyrxcom_suc.html (long > thread). > If you ever wondered who would purchase (or attempt to purchase - > more like) at these scam-sites, just take a peek at a few messages at > random. Many appear to gladly part with $200-400 + and not just > complain about the spam - but also "wonder" if it is all a rip-off ? > I remain - yours "speechless" for today ! Not to excuse the stupidity encompassed by that thread, which seems unbelievable. Unbelievable that that many suckers would find their way to that particular blogsite. But, trying to make a little sense of it, consider that they didn't come at/to the site as spam respondants. Or some did and some 'found' the site by looking/searching for it; googling it up while they were looking for some relief from outrageous pharm prices. So, temporarily forget that you are an antispammer and you know that all spammers lie; and instead imagine that you are more naive and look at spam the same way you look at junk mail. If something comes into your mailbox and you glance at the cover and see if it is a good deal on something you need, while the rest you throw away. That accounts for the spammed going to the site looking for a bargain on something they needed or wanted and which was priced pretty steep at their local pharm. Then alternatively, if you /don't/ respond to spam or are pledged, but you need something and search/shop for and find it online, somehow it seems legitimate. They consider that their credit card gives them some protection. But, all in all it is pretty unbelievable -- especially how long it seems to take that 'crowd' at the blog to get a clue. You would think they would be suspicious or leery from the git-go. -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Mon Apr 18 17:30:39 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Mon Apr 18 10:35:38 2005 Subject: [SpamCop-List] Re: Can you believe this ? In-Reply-To: References: Message-ID: me-no-no wrote: > If you ever wondered who would purchase (or attempt to purchase - more > like) at these scam-sites, just take a peek at a few messages at random. > Many appear to gladly part with $200-400 + and not just complain about the > spam - but also "wonder" if it is all a rip-off ? > I remain - yours "speechless" for today ! For me it seems a lot of drug addicts are buying from spammers because they can't get their stuff on a legal way.... - kjz From noah.boddie at newsgroup.nospam Mon Apr 18 12:16:47 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Mon Apr 18 11:20:02 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: "John E. Malmberg" wrote in message news:d3slvn$5b3$1@news.spamcop.net... > Does he get to keep the 20 mil? How many people would take a 9-year jail > term and come out with 20 mil plus capital gains? Not really a bad deal. He can use the money to repair his a$$ after 9 years of being the prison b'yotch. -- I Shave With Occams Razor http://www.dwacon.com From porpoise1954 at yahoo.co.uk Mon Apr 18 17:12:07 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 18 11:25:05 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: "Martijn Lievaart" wrote in message news:h6lcj2-hb1.ln1@news.rtij.nl... > On Mon, 18 Apr 2005 19:02:47 +0900, Patto wrote: > >> Patto wrote: >>> >> >> And sorry one more time; I have encoded the previous messages as UTF8, >> but of course the URL won't exist in this encoding - it should really be >> BIG5. But you will only "see" the actual URL if you have a Chinese >> Traditional font installed. Here is the BIG5 URL >> http://www.????.com/ - hopefully that will prove to be a real link. > > It displayed fine in your first post, no reason why it shouldn't. If it > didn't in your newsreader, Mozilla is borken. > > (OTOH, the only valid characterset according to the RFCs is US-ASCII, but > very few actually pay notice to that. Most newsreaders luckily don't). > Can read the url just fine - it still doesn't resolve as a valid url though........... From nobody at xyzzy.claranet.de Mon Apr 18 18:25:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 18 11:30:02 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> Message-ID: <4263D171.2592@xyzzy.claranet.de> Pop wrote: > But the fact still remains, "In newsgroups there is no > real requirement to post a valid email address since all > communications is in the newsgroup not through email." That's not a fact, it's wrong. Solving problems in Usenet requires mail, the complete concept of "Cancel" messages stands and falls with valid From:-addresses. It's an old system, a valid From:-address is the only "authentication" it offers. You can get away without valid From:-address for some time, but not if you really need all features. Or if you have enemies. If different users claiming to be "Pop" with an address start Cancel-wars, absolutely nothing can help you. Nobody can identify the "real" . And these technical issues are not all, it's a royal PITA in real newsgroups (not this mini-server here) if you can not use mail for OT or private issues. If a followup-to poster doesn't work (another feature lost without a valid address, in that case a valid Reply-To could fix it). > all communications is in the newsgroup not through email That's like "why a WC if you can do it in the kitchen" :-( Major parts of any decent netiquette explain when using mail is better. > there is NO requirement for using a valid email address > in a newsgroup Have you ever read RfC 1036 ? > another spammer-scrapable address for the spammy lists So what, it's the same situation everywhere, harvesters take anything with an "@". Address harvesting in NGs is not more state of the art. You wouldn't use your secret only-for-friends address in public, whereever this is. Bye, Frank From kjz at despammed.com Mon Apr 18 19:32:26 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Mon Apr 18 12:35:22 2005 Subject: [SpamCop-List] Re: Can you believe this ? In-Reply-To: References: Message-ID: me-no-no wrote: > After a new batch of rolex/viagra/scams, I was doing a little research on > simply-rx.net (rx1.dns889.com) currently rotating/resovling around the > mulberry bush :-) > nserver: rx1.dns889.com 200.149.11.35 > nserver: rx2.dns889.com 200.149.11.35 > nserver: rx3.dns889.com 200.155.191.26 > nserver: rx4.dns889.com 200.155.191.26 Yes, simply-rx.net, online-replica-store.com, vdrugz.com all seems to be the same spam outfits which have also the same contact information, i.e. questions@simply-rx.net, questions@online-..... and so on. Their actual redirector is h67.net which redirects to online-replica-store.com as well as simply-rx.net. I'm following the informations about the IPs of the redirectors and the spamvertized websites for several months on Spamhaus and there are several connections again and again to Al and the RSG. So Al has subcontracted the RSG for spam services? This again proves my assumption that (in the background) only a handful of big spamlords ('godfathers of spam') are responsible for more than 80 percent of all spam worldwide. After Snotty when will Mr. Gates set pressure on Al? - kjz From nobody at devnull.spamcop.net Mon Apr 18 13:55:03 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Mon Apr 18 12:55:05 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: "Porpoise" wrote > "Martijn Lievaart" wrote > >> Patto wrote: > >>> > >> > >> And sorry one more time; I have encoded the previous messages as UTF8, > >> but of course the URL won't exist in this encoding - it should really be > >> BIG5. But you will only "see" the actual URL if you have a Chinese > >> Traditional font installed. Here is the BIG5 URL > >> http://www.????.com/ - hopefully that will prove to be a real link. > > > > It displayed fine in your first post, no reason why it shouldn't. If it > > didn't in your newsreader, Mozilla is borken. > > > > (OTOH, the only valid characterset according to the RFCs is US-ASCII, but > > very few actually pay notice to that. Most newsreaders luckily don't). > > > > Can read the url just fine - it still doesn't resolve as a valid url > though........... > Ummm... Babel Fish say ???? translates to: The Mongte shuttle is favorable Loose interpretation: The shuttle has landed, but the link is b0rken. :) Glenn From eddie at eddie.web Mon Apr 18 14:43:52 2005 From: eddie at eddie.web (eddie) Date: Mon Apr 18 13:45:04 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: On Sat, 16 Apr 2005 23:42:47 -0400, John E. Malmberg scratched out the following: > eddie wrote: snip >> Does he get to keep the 20 mil? How many people would take a 9-year jail >> term and come out with 20 mil plus capital gains? Not really a bad deal. > > I wonder what his tax returns say he made? > > -John > wb8tyw@qsl.network > Personal Opinion Only Maybe the feds can do an "Al Capone" on him and hit him for additional time for tax evasion? At least he's being made an example of - and it might explain why my personal spam level has stayed low for the last few months. You have to do more than scare these little nincompoops, you really have to spank them. I bet Ted Nugent would have even a stronger policy :) -- Once movie theaters gave out steak knives Today they confiscate them From 0rio85a02 at sneakemail.com Mon Apr 18 12:16:06 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Mon Apr 18 15:20:04 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: "Glenn Daniels" wrote in message news:d40oo8$42q$1@news.spamcop.net... > Ummm... Babel Fish say ???? > translates to: The Mongte shuttle is favorable > > Loose interpretation: The shuttle has landed, but the > link is b0rken. > > :) > Glenn > Glenn Are you in Anchorage? Fred k From nttp.sc.s at bigsleep.org Mon Apr 18 22:26:12 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 18 17:30:24 2005 Subject: [SpamCop-List] Re: Mole References: Message-ID: On 17 Apr 2005 Bob Itguy entered spamcop and left news:d3ussb$7jm$1@news.spamcop.net: > I was assuming (yea I know, can't assume anything) that a mole was kinds > like a hidden reporter. > That just isn't possible. I suppose Spamcop could strip away everything but the trusted headers. I know they won't do that, even then it wouldn't be 100%. -- | Ric | From president at whitehouse.gov Mon Apr 18 16:05:18 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 18 18:15:14 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: "me-no-no" wrote in message news:d40b8f$sqv$1@news.spamcop.net... > http://www.jdrowell.com/archives/2005/01/simplyrxcom_suc.html (long Here's an interesting entry from that thread... >>I too was charged for meds -- never got them and they erased the e-mail >>from my computer. I am taking legal action again them!!!! Gee, I hate it when they erase email messages from MY computer! :) I'd take legal action "again" them too! No wonder spammers stay in business! From nobody at devnull.spamcop.net Mon Apr 18 19:18:11 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 18 18:20:04 2005 Subject: [SpamCop-List] Re: Unbelievable References: Message-ID: ... > Maybe the feds can do an "Al Capone" on him and hit him for additional > time for tax evasion? At least he's being made an example of - and it > might explain why my personal spam level has stayed low for the last few > months. You have to do more than scare these little nincompoops, you > really have to spank them. I bet Ted Nugent would have even a stronger > policy :) The Capone thing would be fitting, wouldn't it? Actually, I thought I was seeing a big downturn in spam too, getting one or two a day for a couple of months. For the last week or so though, something changed again: Now instead of it being all from Kornet and chinatietong(sp?), Hanaro and a bunch of that sort of ilk have been added to raise it to about eight to ten per day pretty consistantly. I'm pretty sure there's a pattern to it too, in that some groupings come in repeatable predictable sequences, but I haven't taken the time to be certain. Another odd thing is that it's always an "even" number of spams; never odd. Either Kornet or Hanaro is always there, with th eothers rotating thru somehow. No idea what it means. Not sure it's worth chasing either, but I thought it was interesting if nothing else. It's the two (so far) consistant quantities that I think are most interesting. Something's different, but who knows what? I might go back to hand picking some for all-out prejudice LARTs for awhile and see what happens, not sure. Maybe they just brought on board a new crew, who knows? Regards, Pop From borgholio at storymind.com Mon Apr 18 17:12:46 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 18 19:15:02 2005 Subject: [SpamCop-List] Re: Can you believe this ? In-Reply-To: References: Message-ID: Fuzz wrote: > "me-no-no" wrote in message > news:d40b8f$sqv$1@news.spamcop.net... > >>http://www.jdrowell.com/archives/2005/01/simplyrxcom_suc.html (long > > > > Here's an interesting entry from that thread... > > >>>I too was charged for meds -- never got them and they erased the e-mail >> >>>from my computer. I am taking legal action again them!!!! > > > Gee, I hate it when they erase email messages from MY computer! :) I'd > take legal action "again" them too! > > No wonder spammers stay in business! > > I read those posts...and I'm still in shock. I am so tempted to post a message tellling those people how f*cking stupid they are. From no at no.spam Mon Apr 18 17:17:08 2005 From: no at no.spam (Michael Wise) Date: Mon Apr 18 19:20:02 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> <4263D171.2592@xyzzy.claranet.de> Message-ID: In article <4263D171.2592@xyzzy.claranet.de>, Frank Ellermann wrote: > > But the fact still remains, "In newsgroups there is no > > real requirement to post a valid email address since all > > communications is in the newsgroup not through email." > > That's not a fact, it's wrong. Because one feels strongly about something does not change opinion into fact. > Solving problems in Usenet > requires mail, It does not. "Problems" can be discussed and addressed publicly on the very forum and the very medium (Usenet) they are observed in. > the complete concept of "Cancel" messages > stands and falls with valid From:-addresses. Cancel messages are the concern of the original poster and nobody else. If the OP doesn't care about them; why should you? > It's an old > system, a valid From:-address is the only "authentication" > it offers. So what? If the OP doesn't care about cancels; why should you? After all, it's nobody else's business if the OP can cancel a post or not. > > You can get away without valid From:-address for some time, > but not if you really need all features. "All the features" most people are concerned about with respect to Usenet are being able to post and respond to posts. Being able to discern email options within Usenet are not something people are (or should be) required to do. > Or if you have > enemies. If different users claiming to be "Pop" with an > address start Cancel-wars, > absolutely nothing can help you. Nobody can identify the > "real" . If identifying is the goal, message ID's and NNTP posting hosts are sufficient. > And these technical issues are not all, it's a royal PITA > in real newsgroups (not this mini-server here) if you can > not use mail for OT or private issues. Tough sh*t. If you wish to correspond with a Usenet poster privately; then you can spend a few seconds asking them for their private address. Expecting the world to provide such initially in such a public forum is as unreasonable as it is naive. > If a followup-to > poster doesn't work (another feature lost without a valid > address, in that case a valid Reply-To could fix it). A valid email address has ZERO to do with follow-up posts. > > > all communications is in the newsgroup not through email > > That's like "why a WC if you can do it in the kitchen" :-( > Major parts of any decent netiquette explain when using > mail is better. > > > there is NO requirement for using a valid email address > > in a newsgroup > > Have you ever read RfC 1036 ? You mean the one dated 1987? Sure I have. Now come back and cite something with relevance to Internet reality as it exists in any year after say 1997 or so. > > > another spammer-scrapable address for the spammy lists > > So what, it's the same situation everywhere, harvesters > take anything with an "@". Address harvesting in NGs is > not more state of the art. You wouldn't use your secret > only-for-friends address in public, whereever this is. How about let the owners of email addresses decide how and where they are used and not try to force your or anybody else's understanding of the Internet as it was 15-20 years ago as being applicable today down their throats??? --Mike From caroljean52 at yahoo.com Mon Apr 18 17:21:46 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Mon Apr 18 19:25:03 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: "Fuzz" wrote: > Gee, I hate it when they erase email messages from MY computer! :) I'd > take legal action "again" them too! I've heard there's software you can use to set email you send to self-destruct. Don't know how true this is. (Never felt a need to investigate further.) But if true, that could certainly be useful if you wanted to send a confirmation email now but leave no evidence by the time the sucker realizes he's been had. Carol Seattle USA From notformail0405 at comcast.net Mon Apr 18 20:36:37 2005 From: notformail0405 at comcast.net (Gunter Herrmann) Date: Mon Apr 18 19:40:05 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage In-Reply-To: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: Hi! Daniel W. Johnson wrote: > The website http://www.thefakerolex.net is one that has been appearing > in spam. The email on file at the whois record is watchreplicas@gmail.com. I am sure a lot of people will have complained to them. But gmail.com, hotmail.com, mail.ru seem to be spam supporters. OTOH lycos.com/outblaze.com and all their aliases (e.g. mexico.com) seem to be clean. I got a lot of 550/554 from them regarding spammer's email addresses. brgds -- Gunter Herrmann Naples, Florida, USA From no at no.spam Mon Apr 18 17:37:36 2005 From: no at no.spam (Michael Wise) Date: Mon Apr 18 19:40:25 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: In article , "caroljean52" wrote: > > Gee, I hate it when they erase email messages from MY computer! :) I'd > > take legal action "again" them too! > > I've heard there's software you can use to set email you send to > self-destruct. Don't know how true this is. Pure fiction. --Mike From MikeE at ster.invalid Mon Apr 18 18:24:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 18 20:25:04 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: caroljean52 wrote: > I've heard there's software you can use to set email you send to > self-destruct. You can self-destruct your own sent item; and you can send something that the recipient gets encrypted which gets 'temporarily' decrypted hy a middleman key elsewhere that disappears. There are several articles around, this old 2000 Sep Forbes one talks about the subject http://www.forbes.com/2000/09/12/feat.html Self-Destructing E-Mail But that's old news and there's nothing revolutionary in there that doesn't have all kinds of normal expected security holes in it. That is, the concept isn't like the Mission Impossible tape that burns itself up. Many of the links from some of the old articles are dead now; and a contrary point of view can be seen here http://www.heise.de/tp/r4/artikel/5/5395/1.html Security through Absurdity - Disappearing Inc. Repackages Key Escrow. The other firm and name that was bandied about a lot was http://www.self-destructing-email.com/ - but that outfit has nothing to do with selfdestructing email, they are all about tricks to try to show that someone read something. This 2002 Jan thread from a pgp group is pretty pertinent http://groups.google.co.uk/groups?hl=en&lr=&th=1f1ad0637c68638d&rnum=3 <7 article thread starts here> Newsgroups: alt.security.pgp Subject: Self Destruct Email? Message-ID: Date: Tue, 29 Jan 2002 01:03:11 GMT -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Tue Apr 19 03:29:37 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 18 22:30:04 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: On 18 Apr 2005 Mike Easter entered spamcop and left news:d41j05$jgc$1@news.spamcop.net: > > Could you repeat that? Your message seems to have disapeared. ;-) -- | Ric | From nobody at devnull.spamcop.net Tue Apr 19 13:12:41 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 18 23:15:08 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL In-Reply-To: References: Message-ID: Porpoise wrote: > "Martijn Lievaart" wrote in message > news:h6lcj2-hb1.ln1@news.rtij.nl... > >>On Mon, 18 Apr 2005 19:02:47 +0900, Patto wrote: >> >> >>>Patto wrote: >>> >>>> >>> >>>And sorry one more time; I have encoded the previous messages as UTF8, >>>but of course the URL won't exist in this encoding - it should really be >>>BIG5. But you will only "see" the actual URL if you have a Chinese >>>Traditional font installed. Here is the BIG5 URL >>>http://www.????.com/ - hopefully that will prove to be a real link. >> >>It displayed fine in your first post, no reason why it shouldn't. If it >>didn't in your newsreader, Mozilla is borken. >> >>(OTOH, the only valid characterset according to the RFCs is US-ASCII, but >>very few actually pay notice to that. Most newsreaders luckily don't). >> > > > Can read the url just fine - it still doesn't resolve as a valid url > though........... So since SC cannot handle these URLs, does anybody here know of a tool that can handle them (for manual reports)? Tried Sam Spade and http://www.completewhois.com/ - both are unable to handle it. For now I can only report the redirects from the original URL. From nobody at devnull.spamcop.net Mon Apr 18 23:29:35 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Mon Apr 18 23:30:03 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: Yes, this email is called -outlook -outlook express -and whatever the other old one was before them running full imap as administrator on their internet connected machines: that's not backdoors, thats wide open barndoors! These packages do: - open automatically embedded links (to 'click') even if you program it not to: it reverts to that after a couple of boots by itself! - honor receipt/read confirmation requests, even if you say not to do so - have 'expiration' features, i.e. an email can either expire with time, or expire upon a trigger (which is the sales confirmation, s u c k e r!) - run vbs scripts if you don't explicitely deny it (and who of the lemmings knows the difference between a script and a VBS script...) As I said: thanks to the thoughtful marketing friendly design of Microsoft email and web browsing software, but more thanks to all those who welcome this stuff, worship the originator, and use it daily, paying one guy up the a.. for spam friendly junk: that's why spam can proliferate, and spammers make money from supposed 'answers' which are nothing else but opened spiked links. Sure, the spammer's customers are the other group of big fat suckers... The real spam supporters are: - those who order from a spammer ask yourself: why do they need to use spam!: ... like download software from a spamvertised site that can vanish any second.... after having given the credit card... how stupid is that? As stupid as thnking you get a $900 SW package for $140. - those who buy and run spam friendly 'OS's (also called 'lemmings') As long as people fall for these unbelievable discounts - which in meds are achieved by selling repackaged outdated, or by skipping the active ingredient - from sites that send from France, reside in Brazil, or in China .... sure, not easy for the lemming to find out. People who think they can click a mouse and start an email program or a browser that hands out their real name and email which they put in when they installed that user friendly OS and agreed to the 'free' email account! ...... come on, get real. It's not the fault of Microsoft: it's the fault of all these little arrogant lemmings who think they can, running a device they don't know nothing about, instant messenging all over the world spewing out all kinds of personal data, using 'free' greeting card services, 'free' credit checks (a real backfiring thing, rightfull so!): greed .... greed that gets rightfully punished by a full mailbox of spam, credit card charges with no delivery, and no recourse because the 'company' does not exist any more a week after the fact, and the email thread had been 'expired' with the last message to it. And since it was in China, Brazil, or Timbuktu, good luck with criminal complaints. sg On Mon, 18 Apr 2005 16:21:46 -0700, caroljean52 wrote: > > "Fuzz" wrote: >> Gee, I hate it when they erase email messages from MY computer! :) I'd >> take legal action "again" them too! > > I've heard there's software you can use to set email you send to > self-destruct. Don't know how true this is. (Never felt a need to > investigate further.) But if true, that could certainly be useful if you > wanted to send a confirmation email now but leave no evidence by the time > the sucker realizes he's been had. > > Carol > Seattle USA From wb8tyw at qsl.network Tue Apr 19 00:38:42 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Apr 18 23:40:04 2005 Subject: [SpamCop-List] Re: Can you believe this ? In-Reply-To: References: Message-ID: caroljean52 wrote: > "Fuzz" wrote: > >>Gee, I hate it when they erase email messages from MY computer! :) I'd >>take legal action "again" them too! > > I've heard there's software you can use to set email you send to > self-destruct. It only works on insecure computers that are binarly compatible with it. In past times, the default setting of some of the mail readers for a certain popular platform defaulted to automatically executing any program that was referenced by or contained in an e-mail, so it was trivial to infect such machines. Now the sender either has to hope that the victim is running an older version, or spoof them into overriding security. Of course spoofing does not appear to be too hard to do. The local paper just reported that in a town near me, a 419 scammer scored $7,000 from a resident. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Tue Apr 19 00:39:47 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Mon Apr 18 23:40:22 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: "Patto" wrote in message > Porpoise wrote: > > "Martijn Lievaart" wrote in message > >>>Patto wrote: > >>> > >>>> > >>> > >>>And sorry one more time; I have encoded the previous messages as UTF8, > >>>but of course the URL won't exist in this encoding - it should really be > >>>BIG5. But you will only "see" the actual URL if you have a Chinese > >>>Traditional font installed. Here is the BIG5 URL > >>>http://www.????.com/ - hopefully that will prove to be a real link. > >> >From here, the URL given above resolves as http://www.asianet.com, then redirects elsewhere... hth, Glenn From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 18 21:43:46 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 18 23:50:03 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL In-Reply-To: References: Message-ID: Patto wrote: > Porpoise wrote: > >> "Martijn Lievaart" wrote in message >> news:h6lcj2-hb1.ln1@news.rtij.nl... >> >>> On Mon, 18 Apr 2005 19:02:47 +0900, Patto wrote: >>> >>> >>>> Patto wrote: >>>> >>>>> >>>> >>>> >>>> And sorry one more time; I have encoded the previous messages as UTF8, >>>> but of course the URL won't exist in this encoding - it should >>>> really be >>>> BIG5. But you will only "see" the actual URL if you have a Chinese >>>> Traditional font installed. Here is the BIG5 URL >>>> http://www.????.com/ - hopefully that will prove to be a real link. >>> >>> >>> It displayed fine in your first post, no reason why it shouldn't. If it >>> didn't in your newsreader, Mozilla is borken. >>> >>> (OTOH, the only valid characterset according to the RFCs is US-ASCII, >>> but >>> very few actually pay notice to that. Most newsreaders luckily don't). >>> >> >> >> Can read the url just fine - it still doesn't resolve as a valid url >> though........... > > > So since SC cannot handle these URLs, does anybody here know of a tool > that can handle them (for manual reports)? Tried Sam Spade and > http://www.completewhois.com/ - both are unable to handle it. > > For now I can only report the redirects from the original URL. http://www.xn--kcrt26c72gj0s.com/ is what the link ends up resolving as, but the site looks like it's hacked. The link there goes to http://montessori.so-buy.com/front/bin/home.phtml which is what shows up in the message source. Can you forward the spam to me? I'll take a look and see what I can come up with. canonical name ????.com. (xn--kcrt26c72gj0s.com.) aliases addresses 210.243.192.199 Domain: xn--kcrt26c72gj0s.com Status: Active DNS: nic1.vitalic.com dns2.greatwall.net Created: 2004-08-19 Expires: 2006-08-18 Last Modified: 2004-08-19 10:56:08 Registrant Contact: Austin Management Consultant Company Sun Lien Chi (domain@asiannet.com) Futai St., East District, Taichung City Taichung City, **, tw P: +886.422166163 F: +886.422136164 Administrative Contact: United Internet Information, Inc. Richard C.H. Liu (domain@asiannet.com) 8F.-1, No.537, Sec. 2, Guangfu Rd., Hisnchu, **, tw P: +886.35612121 F: +886.35612270 Network Whois record Queried whois.apnic.net with "210.243.192.199"... % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 210.243.128.0 - 210.243.255.255 netname: SEEDNET descr: Digital United Inc. descr: 9F, No. 125, Song Jiang Road descr: Taipei, Taiwan country: TW admin-c: CY74-AP tech-c: CY74-AP person: Chyi-Chuan Yang address: Digital United Inc. address: 9F, No. 125, Song Jiang Road address: Taipei, Taiwan country: TW phone: +886 2 2739 0900 fax-no: +886 2 2739 7512 e-mail: ccyang@du.net.tw postmaster@du.net.tw (for du.net.tw) antispam@eagle.seed.net.tw (for du.net.tw) abuse@twnic.net.tw (for du.net.tw) ----------------- canonical name so-buy.com. aliases addresses 203.160.250.60 Registrant: EC-SERVER 9F-1, No 380, Sec 1 FuHsing S Rd Taipei, Taiwan 106 TW Domain name: SO-BUY.COM Administrative Contact: lai, sun fu tiger@ec-server.com 9F-1, No 380, Sec 1 FuHsing S Rd Taipei, Taiwan 106 TW 27006611 Fax: 27006612 Network Whois record Queried whois.apnic.net with "203.160.250.60"... % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 203.160.224.0 - 203.160.255.255 netname: TWGATE descr: Taiwan Internet Gateway descr: Chunghwa Telecom - International Business Group (CHTI) descr: #31, Aikuo East Road, Taipei, Taiwan, 106 R.O.C country: TW status: ALLOCATED PORTABLE admin-c: WS31-AP tech-c: MY37-AP person: Wen-Shyang Shiau address: Chunghwa Telecom - International Business Group (CHTI) address: 5F(R511), #31, Aikuo East Road, Taipei,Taiwan, 106 R.O.C country: TW phone: +886-2-23443916 fax-no: +886-2-23443577 e-mail: wsshiau@chti.com.tw nic-hdl: WS31-AP mnt-by: MAINT-TW-CHTI changed: noc@twgate.net 20030416 postmaster@twgate.net (for twgate.net) abuse@twgate.net (for twgate.net) Brian Posting address works. From nobody at spamcop.net Tue Apr 19 00:26:32 2005 From: nobody at spamcop.net (RandallW) Date: Tue Apr 19 02:30:23 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: "Karl-Josef Ziegler" wrote in message news:d40gae$v4g$1@news.spamcop.net... > > For me it seems a lot of drug addicts are buying from spammers because they > can't get their stuff on a legal way.... > > - kjz Well maybe this is a good way for them to go a few weeks without their fix. From vincehoran at gmail.com Tue Apr 19 09:53:59 2005 From: vincehoran at gmail.com (Vince Horan) Date: Tue Apr 19 03:54:04 2005 Subject: [SpamCop-List] Re: Can you believe this ? In-Reply-To: References: Message-ID: On 4/19/05, Borgholio wrote: > Fuzz wrote: > I read those posts...and I'm still in shock. I am so tempted to post a > message tellling those people how f*cking stupid they are. I did so under a bogus name. The thing is moderated so I doubt it will appear. From president at whitehouse.gov Tue Apr 19 02:23:09 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 19 04:25:06 2005 Subject: [SpamCop-List] Re: Can you believe this ? References: Message-ID: "Vince Horan" wrote in message news:mailman.134.1113897245.4572.spamcop-list@news.spamcop.net... On 4/19/05, Borgholio wrote: > Fuzz wrote: > I read those posts...and I'm still in shock. I am so tempted to post a > message tellling those people how f*cking stupid they are. >I did so under a bogus name. The thing is moderated so I doubt it will >appear. I did so too! Basically told them how to get their money back. Go to bank. Withdraw in cash the amount they're already in for. Take cash and fold in half, put in pocket. You've doubled your money, just as Ben Franklin said. Now hope that you've paid enough for the lesson to stick. There's a reason why precription drugs are prescription, and that their suckerdom is testament to that. One day at a time, brothers! From amenex at amenex.com Tue Apr 19 10:01:24 2005 From: amenex at amenex.com (George Langford, Sc.D.) Date: Tue Apr 19 09:01:30 2005 Subject: [SpamCop-List] Blocking a notorius spam-friendly domain with my Hosts file Message-ID: <200504191301.j3JD1Ov08486@email1.voicenet.com> When I look at items on a popular auction site, my Symantec history log records long URL's that begin like these: http://e-2dj6wjkyuoajmlp.stats.esomniture.com/... http://e-2dj6wjnyokajchq.stats.esomniture.com/... http://e-2dj6wfk4ckczifo.stats.esomniture.com/... http://e-2dj6wjkyaod5iho.stats.esomniture.com/... http://e-2dj6wjny-1lajsg.stats.esomniture.com/... http://e-2dj6wjkoqhajkdp.stats.esomniture.com/... http://e-2dj6wjnyclczobp.stats.esomniture.com/... http://e-2dj6wjkycndpedq.stats.esomniture.com/... http://e-2dj6wjligjcpgbo.stats.esomniture.com/... http://e-2dj6wjkoggcjmhp.stats.esomniture.com/... http://e-2dj6wjnyspajgaq.stats.esomniture.com/... http://e-2dj6wfl4oncpoao.stats.esomniture.com/... ... and there are even more ... If you look up esomniture.com with us.openrbl.org, you will see why I think that this domain is worthy of being blocked from access to my (or just about anyone else's) computer. I have captured dozens of these, where the "e-2dj6wjny-1lajsg," portions are all different. In fact, they are ten alphanumeric characters different. At 64 different combinations per character, that's rather daunting. I have tried using wild cards, to wit, "e-2dj6w??????????," but that has proven ineffective. When I look up these domains with us.openrbl.org, I am always given the same IP address, the one that corresponds with esomniture.com's nameserver. Placing that numeric IP address in my Hosts file has also proven ineffective. My questions are: 1. Is there an algorithm buried in the sourcecodes of the pages that I am viewing that generates all these 64^10 different names ? 2. Is there another way of blocking these URL's ? 3. Is there a WhoIs that converts the 64^10 domain names into the 255 different IP addy's that the Internet uses to identify servers in the esomniture.com system (as in 255.stats.esomniture.com) ? George Langford From SCNews.5.myspamgobbler at spamgourmet.com Tue Apr 19 07:07:41 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Apr 19 09:15:04 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file In-Reply-To: References: Message-ID: George Langford, Sc.D. wrote: > When I look at items on a popular auction site, my Symantec > history log records long URL's that begin like these: > > http://e-2dj6wjkyuoajmlp.stats.esomniture.com/... > http://e-2dj6wjnyokajchq.stats.esomniture.com/... > http://e-2dj6wfk4ckczifo.stats.esomniture.com/... > http://e-2dj6wjkyaod5iho.stats.esomniture.com/... > http://e-2dj6wjny-1lajsg.stats.esomniture.com/... > http://e-2dj6wjkoqhajkdp.stats.esomniture.com/... > http://e-2dj6wjnyclczobp.stats.esomniture.com/... > http://e-2dj6wjkycndpedq.stats.esomniture.com/... > http://e-2dj6wjligjcpgbo.stats.esomniture.com/... > http://e-2dj6wjkoggcjmhp.stats.esomniture.com/... > http://e-2dj6wjnyspajgaq.stats.esomniture.com/... > http://e-2dj6wfl4oncpoao.stats.esomniture.com/... > > ... and there are even more ... > > If you look up esomniture.com with us.openrbl.org, you will see > why I think that this domain is worthy of being blocked from > access to my (or just about anyone else's) computer. > > I have captured dozens of these, where the "e-2dj6wjny-1lajsg," > portions are all different. In fact, they are ten alphanumeric > characters different. At 64 different combinations per character, > that's rather daunting. I have tried using wild cards, to wit, > "e-2dj6w??????????," but that has proven ineffective. When I look > up these domains with us.openrbl.org, I am always given the same > IP address, the one that corresponds with esomniture.com's nameserver. > Placing that numeric IP address in my Hosts file has also proven > ineffective. > > My questions are: > 1. Is there an algorithm buried in the sourcecodes of the pages > that I am viewing that generates all these 64^10 different names ? > 2. Is there another way of blocking these URL's ? > 3. Is there a WhoIs that converts the 64^10 domain names into the > 255 different IP addy's that the Internet uses to identify servers > in the esomniture.com system (as in 255.stats.esomniture.com) ? > > George Langford try 127.0.0.1 stats.esomniture.com in your hosts file From nobody at devnull.spamcop.net Tue Apr 19 09:22:41 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Tue Apr 19 09:25:04 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: After having read this, I checked in the spam reports I did. I keep the pages with the details before 'submit this spam'. Really, a service like Spamcop, asking money from spam reporters (who make this thing work in the first place), and cashing from professional users of this service (go ahead, deny it), does not observe the most principal, basic precaution: don't trust the fiend's name server! Looking at these, running their own name server, of course they exclude all known queries from addresses that belong to or associate with, e.g. Spamcop. That's the reason to run the own name server in the first place: thward off complaints (capturing them in own 1/4 class C 'ISP's), and tailoring name service answers. Well guys, you might have noticed there was no report from me yesterday. There won't be until you fixed that! You are not meeting any criteria beyond 'hobbyists wanting to make a quick buck' sg On Mon, 18 Apr 2005 19:36:37 -0400, Gunter Herrmann wrote: > Hi! > > Daniel W. Johnson wrote: >> The website http://www.thefakerolex.net is one that has been appearing >> in spam. > > The email on file at the whois record is watchreplicas@gmail.com. > I am sure a lot of people will have complained to them. > But gmail.com, hotmail.com, mail.ru seem to be spam supporters. > > OTOH lycos.com/outblaze.com and all their aliases (e.g. mexico.com) > seem to be clean. I got a lot of 550/554 from them regarding > spammer's email addresses. > > brgds From MikeE at ster.invalid Tue Apr 19 08:24:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 19 10:25:04 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: skinnyguy wrote: > Really, a service like Spamcop, asking money from spam reporters (who > make this thing work in the first place), and cashing from > professional users of this service (go ahead, deny it), does not > observe the most principal, basic precaution: don't trust the fiend's > name server! You haven't done a very good job of making your point yet. Temporarily leaving aside some confusion about the SC business model and trying to focus on the subject thread of the SC parser reporter failing to resolve a URL to an IP address -- how do /you/ think the tool should go about resolving? -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Tue Apr 19 11:24:57 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 19 10:25:29 2005 Subject: [SpamCop-List] Spamreporting down? Message-ID: I receive this notice from the SC reporting server when I first attempted to log in this morning: Service Unavailable The server is temporarily unable to service your request. Please try again later. Occasionally it does give me a login window, but does not accept my login - the login window simply reappears -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Apr 19 11:31:32 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 19 10:35:16 2005 Subject: [SpamCop-List] Re: Spamreporting down? References: Message-ID: On Tue, 19 Apr 2005 10:24:57 -0400, eddie scratched out the following: > I receive this notice from the SC reporting server when I first attempted > to log in this morning: > > Service Unavailable > The server is temporarily unable to service your request. Please try again > later. > > Occasionally it does give me a login window, but does not accept my login > - the login window simply reappears Curiously, it just allowed me access *without* logging in. I assume it accepted my previous "failed" logins. Anyway, it was a strange thing -- Once movie theaters gave out steak knives Today they confiscate them From amenex at amenex.com Tue Apr 19 13:11:04 2005 From: amenex at amenex.com (George Langford, Sc.D.) Date: Tue Apr 19 12:11:08 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file Message-ID: <200504191611.j3JGB4QK019131@voicenet.com> In reply to my wailing about esomniture.com, Brian (SnSR) wrote: > try 127.0.0.1 stats.esomniture.com in your hosts file Sigh. I tried that, but to no avail. However, Netscape's browser may have come to my rescue. There's an option to block images from certain domains, and I just put stats.esomniture.com in that list. I'll report back as soon as I've done my morning rounds at that popular auction site ... George Langford From NQUQICYJQBOC at spammotel.com Tue Apr 19 12:30:39 2005 From: NQUQICYJQBOC at spammotel.com (FG) Date: Tue Apr 19 12:35:03 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: "George Langford, Sc.D." wrote in message news:mailman.137.1113927070.4572.spamcop-list@news.spamcop.net... > In reply to my wailing about esomniture.com, Brian (SnSR) wrote: > > > try 127.0.0.1 stats.esomniture.com in your hosts file > > Sigh. I tried that, but to no avail. > > However, Netscape's browser may have come to my rescue. There's > an option to block images from certain domains, and I just put > stats.esomniture.com in that list. I'll report back as soon as > I've done my morning rounds at that popular auction site ... > > George Langford http://esomniture.com redirects to http://www.omniture.com which is a known tracker.. block both in your host file or firewall. -- FG From no at no.spam Tue Apr 19 10:36:53 2005 From: no at no.spam (Michael Wise) Date: Tue Apr 19 12:40:03 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: In article , "George Langford, Sc.D." wrote: > In reply to my wailing about esomniture.com, Brian (SnSR) wrote: > > > try 127.0.0.1 stats.esomniture.com in your hosts file > > Sigh. I tried that, but to no avail. That's because a hosts file is for outbound connections; not inbound ones. --Mike From SCNews.5.myspamgobbler at spamgourmet.com Tue Apr 19 11:54:05 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Apr 19 14:00:05 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file In-Reply-To: References: Message-ID: Michael Wise wrote: > In article , > "George Langford, Sc.D." wrote: > > >>In reply to my wailing about esomniture.com, Brian (SnSR) wrote: >> >> >>>try 127.0.0.1 stats.esomniture.com in your hosts file >> >>Sigh. I tried that, but to no avail. > > > That's because a hosts file is for outbound connections; not inbound > ones. > > > --Mike :/ It was only 6 a.m. and I wasn't awake yet. I should know better than to deal with some things before my first cup of espresso. I don't schedule appointments before 10 am, which gives me a few hours to fully wake up. Life is tough. ;) Blocking at the firewall would be more appropriate. Much more awake Brian From firewoman at default.domain.not.available Tue Apr 19 15:27:34 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Tue Apr 19 14:30:03 2005 Subject: [SpamCop-List] Spam Fallout Message-ID: Anyone who knows me or my online persona know that I've been fighting spam as long as I've been receiving e-mail. I subscribe to very few newsletters, but one of them (from a quite well known humorist), is dying today. I knew there would be fallout from spam fighting, but I'm just a little miffed to see this happen. I never ever found myself receiving spam because of my subscription to his newsletter. Because of some/most/all spammers, ISP's just don't play fair anymore and getting valid e-mail through a mail server is becoming more and more of a challenge. A quote from the e-mail I just received: "So today, the 10th anniversary of the *** Column, seems like a pretty good place to call it a halt. I've got several reasons: first, spam has killed interest in receiving funny e-mails--my subscription base has been dropping for the past several years. Second, filters, barriers to bulk e-mails, and other defensive measures deployed by ISP's have often blocked me. There were several big name e-mail companies that blocked my column from reaching my subscribers, and for all I know that continues to this day." It's a shame that he didn't create 9 rules instead..... From MikeE at ster.invalid Tue Apr 19 13:07:28 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 19 15:10:04 2005 Subject: [SpamCop-List] Re: Spam Fallout References: Message-ID: Firewoman wrote: > I subscribe to very few newsletters, but one of them (from a quite > well known humorist), is dying today. > first, spam has killed interest in receiving funny e-mails--my > subscription base has been dropping for the past several years. > Second, filters, barriers to bulk e-mails, and other defensive > measures deployed by ISP's have often blocked me. Maybe he should switch over to a blog site. -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Tue Apr 19 14:29:39 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Tue Apr 19 16:30:06 2005 Subject: [SpamCop-List] Virus notification fiasco Message-ID: Seems there's no end to cluelessness. I took the time to research a virus notification I received this morning. You know, one of those where my address was forged as the sender on an email addressed to someone I've never heard of before. So I write a polite complaint to Frontbridge (who seem to be in charge of mail for bigfish.com, which is the source of the virus notification) and here's the response. (Obviously they spent way less time on reading my letter and writing this brush off than I did on explaining *why* I was complaining. So what else is new?) Hello Carol, Sorry you feel this way. This is simply a redirect to the valid address on the message itself. We are fully following RFC 821 for handling mail, and there is no way around this other than us completely blacklisting yahoo.com email addresses. Thank you, Tige Thiessen Technical Support Yeah, my address is indeed valid, but that doesn't mean I sent the virus or even know who did! And he clearly missed how this stupid virus mail that arrived in his system did *not* come from Yahoo at all... Just hope that maybe my message got passed on to someone higher up who may understand what I was talking about, but I'm not holding my breath on that. Carol Seattle USA From caroljean52 at yahoo.com Tue Apr 19 15:00:13 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Tue Apr 19 17:05:25 2005 Subject: [SpamCop-List] Re: Virus notification fiasco References: Message-ID: "caroljean52" wrote: > Seems there's no end to cluelessness. I took the time to research a virus > notification I received this morning. > So I write a polite complaint to Frontbridge > Just hope that maybe my message got passed on to someone higher up who may > understand what I was talking about, but I'm not holding my breath on that. Wow! I'll go into shock here. I did indeed receive a much more satisfactory reply from another person (Charles McColgan) about 45 minutes after the first clueless response! I like this one a *lot* better! It is our policy to suppress bounce messages for viruses that spoof mail from addresses. This particular virus was not on our exclusion list for these bounces and as such the incorrect bounce was sent. It will be added to this suppression list by COB today. Thank you for bringing this to our attention. Yay! I am vindicated. My time was not wasted after all. So I guess we give Frontbridge some brownie points for fast response and Doing the Right Thing. Carol Seattle USA From wb8tyw at qsl.network Tue Apr 19 17:46:20 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Apr 19 17:50:04 2005 Subject: [SpamCop-List] Re: Virus notification fiasco References: Message-ID: In article , "caroljean52" writes: > > > It is our policy to suppress bounce messages for viruses that spoof > mail > from addresses. This particular virus was not on our exclusion list for > these bounces and as such the incorrect bounce was sent. It will be > added to > this suppression list by COB today. > > Thank you for bringing this to our attention. > > > > Yay! I am vindicated. My time was not wasted after all. So I guess we give > Frontbridge some brownie points for fast response and Doing the Right Thing. They are still missing a few clues. They should be assuming that all viruses are address spoofing, and if they are going to maintain an exclusion list, it should be the one that contains the few non-spoofing ones. Preferably they should be doing the virus scan before the SMTP transaction is over, then all they have to do is close the SMTP session with a 5xx rejection code, and a message text that indicates a virus was detected. By using the SMTP reject codes they are both fully compliant with the RFCs and they are never sending a notification to the wrong network. As it is, it will probably be at least 8 hours of them sending out bogus virus alerts each time either a new worm comes out, or an old one morphs enough to look like a new virus. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Tue Apr 19 18:50:17 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Apr 19 17:50:29 2005 Subject: [SpamCop-List] Re: SpamCop unable to handle Unicode URL References: Message-ID: "Fred k" wrote > "Glenn Daniels" wrote ... snippage ... > > :) > > Glenn > > > > Glenn > Are you in Anchorage? > > Fred k > Fred Not even close to Anchorage, AK, although I am about 25 miles from a subdivision "Anchorage". Doubt you have cause for concern, anyway. They tell me what I have is not contagious, and nobody I know has ever caught it from me. I think you are safe. ;-) Glenn From MikeE at ster.invalid Tue Apr 19 16:18:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 19 18:20:05 2005 Subject: [SpamCop-List] Re: Virus notification fiasco References: Message-ID: John E. Malmberg wrote: > Preferably they should be doing the virus scan before the SMTP > transaction is over, If I were a virus writer, as soon as it was DATA time, my infected propagator's smtp engine would belch out the propagation and split, not waiting for any steenking 250 'badge' or acceptance. [Lest we forget, 'We don' need no steenking badges' Gold Hat's real name was Alphonso Bedoya.] -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Wed Apr 20 00:06:13 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 19 19:10:04 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: On 19 Apr 2005 Michael Wise entered spamcop and left news:no- 9A6F6E.09365319042005@news.cesmail.net: > In article , > "George Langford, Sc.D." wrote: > >> In reply to my wailing about esomniture.com, Brian (SnSR) wrote: >> >> > try 127.0.0.1 stats.esomniture.com in your hosts file >> >> Sigh. I tried that, but to no avail. > > That's because a hosts file is for outbound connections; not inbound > ones. > Uhm, these are outgoing connections. The hosts file don't accept wild cards, not that I'm aware of anyway. http://www.dslwebserver.com/main/sbs-hosts-file.html The domain uses a wildcard subdomain so that it can use tracking numbers in URLs rather than have to set cookies. The URL can be generated at the host site based on the cookies sent to it (either via client script or server script), or other info (referrer, current URL, etc.). This is generally used as a method of tracking payment for advertising, not necessarily tracking you (the client). But of course it is up to you whether you want this information generated or not. I sometimes block sites I don't trust or that set excessive cookies. -- | Ric | From nttp.sc.s at bigsleep.org Wed Apr 20 00:42:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 19 19:45:39 2005 Subject: [SpamCop-List] Re: Virus notification fiasco References: Message-ID: On 19 Apr 2005 Mike Easter entered spamcop and left news:d43vvo$sdp$1@news.spamcop.net: > If I were a virus writer, as soon as it was DATA time, my infected > propagator's smtp engine would belch out the propagation and split, not > waiting for any steenking 250 'badge' or acceptance. > They probably don't wait (as in they probably don't send "QUIT"), so SMTP rejection is pretty much pointless, unless an internal (authenticated) user is trying to send a virus (perhaps unknowingly). Scanning DATA is really pointless as it saves nothing except maybe some space on the server. The only way that it would do any good is if you were running a dynamic blocking list that would reject sucessive connections from the same infected IP. If scanning is done after SMTP, then someone internal should be alerted, or it should just go to the bit bucket. One of my ISP's virus scanner sends a notice to the recipient "A virus was detected from " which is about as stupid as a bounce. Another ISP uses a very loose filter durring SMTP that rejects any "executable attachment", which is moronic since it doesn't actually scan for viruses at all, or even help anything since it still has to take in all the DATA before it can reject it, and the loose expression probably consumes more processer time than is really necessary. -- | Ric | From nobody at devnull.spamcop.net Tue Apr 19 20:14:25 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Tue Apr 19 20:15:09 2005 Subject: [SpamCop-List] Re: Spamreporting down? References: Message-ID: You are probably either a customer of charter.com, or comcast. These providers are not Internet providers, but, like AOL, just give you access to their systems. They have relatively thin pipes to the 'Internet', and are second tier providers, i.e. have an upstream provider and are not directly represented at the NAPs. And of course they do not sign their proxy failure messages as coming from thier system, hoping you will believe that the site you want to go is down, not suspecting that their weakly sized proxies won't be able to deliver. They work fine for where everyone goes: porn and yahoo. Anything not up there in the hitlist falls off the end of the table. Switch providers to a real Internet provider, not some pseudo pretending service. With these second tier wannabe's : you pay for _access_ speed, not throughput. Look at network maps, do your homework, and suffer... sg On Tue, 19 Apr 2005 10:31:32 -0400, eddie wrote: > On Tue, 19 Apr 2005 10:24:57 -0400, eddie scratched out the following: > >> I receive this notice from the SC reporting server when I first attempted >> to log in this morning: >> >> Service Unavailable >> The server is temporarily unable to service your request. Please try again >> later. >> >> Occasionally it does give me a login window, but does not accept my login >> - the login window simply reappears > > Curiously, it just allowed me access *without* logging in. I assume it > accepted my previous "failed" logins. Anyway, it was a strange thing From nobody at devnull.spamcop.net Tue Apr 19 20:16:45 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Tue Apr 19 20:20:05 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: ... seems you don't have upstream provider topology analysis neither: which is necessary to get those spammer run 'ISP's off the net. i.e. complain the the provider of the spammer network, which will cut them off like a hot potato sg On Tue, 19 Apr 2005 07:24:21 -0700, Mike Easter wrote: > skinnyguy wrote: >> Really, a service like Spamcop, asking money from spam reporters (who >> make this thing work in the first place), and cashing from >> professional users of this service (go ahead, deny it), does not >> observe the most principal, basic precaution: don't trust the fiend's >> name server! > > You haven't done a very good job of making your point yet. > > Temporarily leaving aside some confusion about the SC business model and > trying to focus on the subject thread of the SC parser reporter failing > to resolve a URL to an IP address -- how do /you/ think the tool should > go about resolving? From no at no.spam Tue Apr 19 18:18:46 2005 From: no at no.spam (Michael Wise) Date: Tue Apr 19 20:20:22 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: In article , Blammo wrote: > >> In reply to my wailing about esomniture.com, Brian (SnSR) wrote: > >> > >> > try 127.0.0.1 stats.esomniture.com in your hosts file > >> > >> Sigh. I tried that, but to no avail. > > > > That's because a hosts file is for outbound connections; not inbound > > ones. > > > > Uhm, these are outgoing connections. My mistake. I assumed since SC and its forums are about email spam, that that was what was being talked about. > The hosts file don't accept wild > cards, not that I'm aware of anyway. No it doesn't. If one desires that level of blocking, they need to set up their own dns server (which they then have their gear use for look-ups), create a zone file for esomniture.com (as an example), and then have some blocking fun. --Mike From nobody at devnull.spamcop.net Tue Apr 19 20:37:24 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Tue Apr 19 20:40:10 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: now that I finished dinner: how has been answered in other emails. To use your business model: I assume you have more than the equivalent of 10 people paying $15 for a year of reporting, as suggested in your nag delay. that's about $150. For this you go buy a year worth of cheap dial-up, like for $6.50/month. Buy two ($130 ). run your resolving through the dialups redial frequently change POPs (long distance is about $5/h, inter state, or less) voila... would require re-investing what you take in I know, you operate servers, etc., but I assume that's paid for amply by the sugardaddy corporation, right? Upstream analysis: my consulting fee is #250/h .... ;-} Why don't you lay your business model open, with numbers. This way you sure could get help, and also help in formulating it as a non profit, if you did not do this yet. That would be in the line of asking for web contributions for reporting, which is the fuel that makes your list work. I'll ask UsInternet how much they pay for using your list tomorrow. You have your work cut out now: fix your resolving add upstream analysis and reporting it's an endless race, you need to keep up, man! sg On Tue, 19 Apr 2005 19:16:45 -0500, skinnyguy wrote: > ... seems you don't have upstream provider topology analysis neither: > > which is necessary to get those spammer run 'ISP's off the net. > > > i.e. complain the the provider of the spammer network, which will cut them > off like a hot potato > > sg > > On Tue, 19 Apr 2005 07:24:21 -0700, Mike Easter wrote: > >> skinnyguy wrote: >>> Really, a service like Spamcop, asking money from spam reporters (who >>> make this thing work in the first place), and cashing from >>> professional users of this service (go ahead, deny it), does not >>> observe the most principal, basic precaution: don't trust the fiend's >>> name server! >> >> You haven't done a very good job of making your point yet. >> >> Temporarily leaving aside some confusion about the SC business model and >> trying to focus on the subject thread of the SC parser reporter failing >> to resolve a URL to an IP address -- how do /you/ think the tool should >> go about resolving? From kopfj at worldnet.att.net Tue Apr 19 18:57:21 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Tue Apr 19 21:00:27 2005 Subject: [SpamCop-List] request for location information... Message-ID: <4265A8F1.87845AB6@worldnet.att.net> When one goes to a site such as: http://www.anti-kinderporno.de/start_adressen.htm to report child pornography believed to originate in Germany, they provide "A list of address, telephone, and E-mail resources for reporting child pornography in each of the German provinces." Since many of these foreign emails come from ISPs whose URL ends in ".COM" os some similar domain, is is difficult to determine origination. Could SpamCop add available location-information (eg, country, state/provence, city), in addition to the Email address for complaining to the ISP? That way one could also inform the local government of the offense. John Kopf From nttp.sc.s at bigsleep.org Wed Apr 20 02:17:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 19 21:20:07 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: On 19 Apr 2005 Michael Wise entered spamcop and left news:no- 3D8B20.17184619042005@news.cesmail.net: > In article , > Blammo wrote: > >> The hosts file don't accept wild >> cards, not that I'm aware of anyway. > > > No it doesn't. If one desires that level of blocking, they need to set > up their own dns server (which they then have their gear use for > look-ups), create a zone file for esomniture.com (as an example), and > then have some blocking fun. > I think you can do this with the XP Internet Firewall, or was that in the Internet Security/Privacy zone. Or other firewalls should allow wildcard domains. With *NIX it's built-in. You can add zones to named.conf which point to the same "dummy" DNS file, which can contain the "*" subdomain. But the easiest way is probably to use the AdBlock features of Opera, Mozilla or Firefox. Especially since the other methods won't block IPs or directories. Also, since the requested file won't exist on 127.0.0.1, the browser will have to "time out" which can slow down page rendering. -- | Ric | From 0rio85a02 at sneakemail.com Tue Apr 19 18:27:07 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Tue Apr 19 21:30:05 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: "Michael Wise" wrote in message news:no-3D8B20.17184619042005@news.cesmail.net... > --Mike Mike, by chance are you an ex-FAA type? From nttp.sc.s at bigsleep.org Wed Apr 20 02:36:50 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 19 21:40:04 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: On 19 Apr 2005 skinnyguy entered spamcop and left news:pan.2005.04.20.00.37.21.266935@devnull.spamcop.net: > I'll ask UsInternet how much they pay for using your list tomorrow. > $0 I don't see what you're ranting about, QWest can't even create proper PTR records, other than dial-up anyway. -- | Ric | From nobody at devnull.spamcop.net Wed Apr 20 12:23:33 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Apr 19 22:25:03 2005 Subject: [SpamCop-List] What's the point...? Message-ID: http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z For several weeks now I am getting dozens and dozens of spam messages titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the contents is always in Dutch, but it never contains any kind of contact address, URL, or telephone number. I just cannot imagine what the spammer's point is here? Is it just for public harassment's sake? Any suggestion? From zypher at spamcop.net Tue Apr 19 22:42:36 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Apr 19 22:45:04 2005 Subject: [SpamCop-List] Re: What's the point...? In-Reply-To: References: Message-ID: Patto wrote: > http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z > > For several weeks now I am getting dozens and dozens of spam messages > titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the > contents is always in Dutch, but it never contains any kind of contact > address, URL, or telephone number. > > I just cannot imagine what the spammer's point is here? Is it just for > public harassment's sake? Any suggestion? See rule 3, Russell's Corollary http://forum.spamcop.net/forums/index.php?showtopic=930 From eddie at eddie.web Tue Apr 19 23:58:35 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 19 23:00:02 2005 Subject: [SpamCop-List] Re: Spamreporting down? References: Message-ID: On Tue, 19 Apr 2005 19:14:25 -0500, skinnyguy scratched out the following: > You are probably either a customer of charter.com, or comcast. No but that has nothing to do with my post. I was stating that the spam reporting service run by SC was down and would not accept my password. My connection to the internet is well over 5Mb/s. I would never even consider comcast, charter, etc as an ISP. Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Tue Apr 19 21:02:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 19 23:05:03 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: Patto wrote: www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > For several weeks now I am getting dozens and dozens of spam messages > titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the > contents is always in Dutch, but it never contains any kind of contact > address, URL, or telephone number. At first glance I tho't it was straightup with the source IP = the From and Reply-To addies, so that you could simply hit reply and open a correspondence with the sender/spammer -- because the source IP rDNS 'looks like' the From addy. But nooooo..... The source IP is a known proxy listed in numerous db/s, and the From addy domain doesn't have an MX or A address, so emailing it wouldn't work at all. > I just cannot imagine what the spammer's point is here? Is it just > for public harassment's sake? Any suggestion? Since my first glance idea fell on its face, I'm outa ammunition. That's what you get for reading your spam. And translating it. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Apr 19 23:19:38 2005 From: nobody at devnull.spamcop.net (Cat) Date: Tue Apr 19 23:20:03 2005 Subject: [SpamCop-List] SBCGlobal.net Message-ID: Is anyone else having trouble with SBC Global ignoring spam complaints? I get spam several times a day from the same spammer advertising stuff like cell phones or laptops. Most of them advertise a Motorola RAZR V3 phone, but a few also advertise Sony laptops. The from name is usually something like Consumer Research or ProductTestPanel. I've started sending manual LARTs for some of them since SpamCop reports were being ingored, but they apparently ignore all complaints. From OokUseNet at emberts.UpYoursSpammer.com Tue Apr 19 21:40:04 2005 From: OokUseNet at emberts.UpYoursSpammer.com (Ook) Date: Tue Apr 19 23:55:03 2005 Subject: [SpamCop-List] The spam flood continues, my domain is useless Message-ID: Several months later I continue to receive thousands of spams every day to one of my domains. I've long since moved all email to a different domain as I can no longer use this domain for email. Is there any hope, or should I just write off this domain as a win for the spammers? I don't know what to do to stop the flood of spam, and I haven't found a spam tool that can filter out one legit email from 5,000 spams. From rcarlton at spamcop.net Tue Apr 19 22:02:07 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Wed Apr 20 00:05:07 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Cat wrote: > Is anyone else having trouble with SBC Global ignoring spam complaints? > I get spam several times a day from the same spammer advertising stuff > like cell phones or laptops. Most of them advertise a Motorola RAZR V3 > phone, but a few also advertise Sony laptops. The from name is usually > something like Consumer Research or ProductTestPanel. I've started > sending manual LARTs for some of them since SpamCop reports were being > ingored, but they apparently ignore all complaints. If you're willing to be listwashed to get it to stop, please PM me. I have a decent Subscriberbase contact who's helped stem the tide for a corporate client somewhat. From noah.boddie at newsgroup.nospam Wed Apr 20 00:38:03 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Wed Apr 20 00:40:03 2005 Subject: [SpamCop-List] Re: The spam flood continues, my domain is useless References: Message-ID: "Ook" wrote in message news:d44jhg$7dp$1@news.spamcop.net... > Several months later I continue to receive thousands of spams every day to > one of my domains. I've long since moved all email to a different domain > as I can no longer use this domain for email. Is there any hope, or should > I just write off this domain as a win for the spammers? I don't know what > to do to stop the flood of spam, and I haven't found a spam tool that can > filter out one legit email from 5,000 spams. > The same happened with me. Right now, I'm using a client side tool, Spam Pal, to sort the wheat from the chaff while my ISP tries to get the server-side tools up and running again. -- I Shave With Occams Razor http://www.dwacon.com From nobody at devnull.spamcop.net Wed Apr 20 15:06:21 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Apr 20 01:10:02 2005 Subject: [SpamCop-List] Re: What's the point...? In-Reply-To: References: Message-ID: Mike Easter wrote: > > > > That's what you get for reading your spam. And translating it. Just to find a way to report. Like the dozens of "1.0% - 1.48% Mor tgage" spams I receive, every day with a new Yahoo, Hotmail, or Outblaze address, which I manually report and usually get shut down within a few hours. From none.of at your.biz Tue Apr 19 23:24:42 2005 From: none.of at your.biz (R. Asby Dragon) Date: Wed Apr 20 01:30:04 2005 Subject: [SpamCop-List] {Bizzare?} SC returning "Cannot Resolve" on *working* "Simply-RX.net" and CN hosted redirect sites ONLY Message-ID: This one's bizzare ! Each is recent ; all redirect to http://www.simply-rx.net/ http://hkfeiymi.xans.net/ph/sevy/fku.zsln httphttp://www.h67.net/p/jpeg/ http://www.j5k.net/p/jpeg/ http://sv9664y26.tumultuous.klih.com/p/dp22/conestoga.fuwu (and probably more ) I've plugged each and every one of these into SC ; both as "whole spam" and as "URL only"; the returns are slow as hell and all come up as "Cannot Resolve" . But all of these *do* resolve in IE; Firefox; and also SamSpade's text browser. I *don't* do browser caching except for selected IPs. Samspade's basically a fetch/get .. no way can that cache! Same happens on http://www.simply-rx.net/ I've had the occasional "fail" on URLS before; and a repeat resubmit or 3 will clear up the problem . I've tried as many as 15 retries with no luck on the above URLs. Could these assholes have figured a way to block traffic from Spamcop by DNS tricks ?? Selectively denying DNS to Spamcop's normal IP addreses? I just tried the IP version of http://hkfeiymi.xans.net/ph/sevy/fku.zsln (http://218.7.120.70/ph/sevy/fku.zsln) THAT WORKS!! I've seen weird DNS stuff with simply-rx.net and online-replica-store.com before (both share 200.149.11.35). Spamcop usually brings up "mail-abuse@nic.br" (at least before this strangeness started); but would occasionally show "abuse@cnc-noc.net". Any ideas?? From bar_n0ne at hotmail.com Wed Apr 20 10:42:58 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Apr 20 01:45:02 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: "Cat" wrote in message news:d44hoa$6hv$1@news.spamcop.net... > Is anyone else having trouble with SBC Global ignoring spam complaints? > I get spam several times a day from the same spammer advertising stuff > like cell phones or laptops. Most of them advertise a Motorola RAZR V3 > phone, but a few also advertise Sony laptops. The from name is usually > something like Consumer Research or ProductTestPanel. I've started > sending manual LARTs for some of them since SpamCop reports were being > ingored, but they apparently ignore all complaints. They have joined the darkside along with MCI, by providing Spam Service to _Software Factory Solutions_ product testers, free this and that, consumer research All the spams are structurally Identical, all links point to the same MCI host, through a name service also registered toi the same jerks, which will not resolve for Spamcop at all. The spammer has registered thousands of names, with Tucows mostly all going through one or two nameservices also registered by him. The same MCI spamvertizing host has been in use for over a yearby them. 63.82.96.35 they used to send mail from ATMLinkInc and CalPOP, then moved for a while to another provider, and moved back after a week or so. a couple of weeks back they moved to SpewGlobal They tend to use a netblock for sending, rotating through X.X.X.1-255 They also tend to mailbomb, sometimes sending more than 15 spams in a few minutes. only the links and mainsleaze style from domain names change. Again always sending from the same netblock, and linking to the same host. I guess SBC (SpewGlobal) wants that revenue. From bar_n0ne at hotmail.com Wed Apr 20 10:54:06 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Apr 20 01:55:03 2005 Subject: [SpamCop-List] Re: {Bizzare?} SC returning "Cannot Resolve" on *working* "Simply-RX.net" and CN hosted redirect sites ONLY References: Message-ID: "R. Asby Dragon" wrote in message news:d44p4v$a93$1@news.spamcop.net... > This one's bizzare ! > > Each is recent ; all redirect to http://www.simply-rx.net/ > > http://hkfeiymi.xans.net/ph/sevy/fku.zsln > httphttp://www.h67.net/p/jpeg/ > http://www.j5k.net/p/jpeg/ > http://sv9664y26.tumultuous.klih.com/p/dp22/conestoga.fuwu > (and probably more ) > > I've plugged each and every one of these into SC ; both as "whole spam" > and as "URL only"; the returns are slow as hell and all come up as > "Cannot Resolve" . But all of these *do* resolve in IE; Firefox; and > also SamSpade's text browser. I *don't* do browser caching except for > selected IPs. Samspade's basically a fetch/get .. no way can that cache! > > Same happens on http://www.simply-rx.net/ > > I've had the occasional "fail" on URLS before; and a repeat resubmit or > 3 will clear up the problem . I've tried as many as 15 retries with no > luck on the above URLs. > > Could these assholes have figured a way to block traffic from Spamcop by > DNS tricks ?? Selectively denying DNS to Spamcop's normal IP addreses? > > I just tried the IP version of http://hkfeiymi.xans.net/ph/sevy/fku.zsln > (http://218.7.120.70/ph/sevy/fku.zsln) > > THAT WORKS!! > > I've seen weird DNS stuff with simply-rx.net and > online-replica-store.com before (both share 200.149.11.35). > > Spamcop usually brings up "mail-abuse@nic.br" (at least before this > strangeness started); but would occasionally show "abuse@cnc-noc.net". > > Any ideas?? Well For sure I know that "Software Factory Solutions" DNS servers for their site at 63.82.96.35 NEVER in over half a year resolves for SC, but do so, for anyone else. So, My answer is yes they can. Another wierd thing though, for your sites, Spamcop rarely even offers to try to resolve the sites, with the above it at least tries and fails. From Ilgaz at spamcop.net Wed Apr 20 12:59:33 2005 From: Ilgaz at spamcop.net (Ilgaz) Date: Wed Apr 20 05:01:34 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: On 2005-04-16 18:59:40 +0300, panoptes@iquest.net (Daniel W. Johnson) said: > The website http://www.thefakerolex.net is one that has been appearing > in spam. SpamCop keeps discarding it as fake, but the DNS does resolve > elsewhere. The dnsstuff site sees no problem with that lookup (aside > from some variation in the TTL). Interestingly I had a similar problem 2-3 times for a week. Notice they are "advanced" spammers who can bypass Yahoo Plus (paid) spamfilter. I didn'T save them or anything but sure will do something if I get another "possible forgery" message. They can do anything... Ilgaz From nobody at devnull.spamcop.net Wed Apr 20 05:45:20 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 05:50:32 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: PUre harassment: it comes form a 10/8 address. One of your nice neighbors or someone you know. Guess your ISP is doling out 10/8s right? If not, the sender has to be on your network segment, becasue the next router would ditch the 10.1 source, unless: the ISP has internally 10., you complained too much, and someone from inside the ISP is harassing you. It's not something that comes via 'the Internet': 10/8 is not routed. sg On Tue, 19 Apr 2005 20:02:08 -0700, Mike Easter wrote: > Patto wrote: > www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > >> For several weeks now I am getting dozens and dozens of spam messages >> titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the >> contents is always in Dutch, but it never contains any kind of contact >> address, URL, or telephone number. > > At first glance I tho't it was straightup with the source IP = the From > and Reply-To addies, so that you could simply hit reply and open a > correspondence with the sender/spammer -- because the source IP rDNS > 'looks like' the From addy. But nooooo..... > > The source IP is a known proxy listed in numerous db/s, and the From > addy domain doesn't have an MX or A address, so emailing it wouldn't > work at all. > >> I just cannot imagine what the spammer's point is here? Is it just >> for public harassment's sake? Any suggestion? > > Since my first glance idea fell on its face, I'm outa ammunition. > > That's what you get for reading your spam. And translating it. From nobody at nowhere.invalid Wed Apr 20 13:04:42 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Apr 20 06:05:07 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On Wed, 13 Apr 2005 15:00:25 -0400, Pop coughed into spamcop and left this in : > {nothing to quote because everything was under the sig delimiter} Please post the content of your messages *above* the dash-dash-space on its own on a line. This is the signature delimiter. Most newsreaders will remove the signature delimiter and everything below it when following up to a post, and some won't even display it in the first place. Even if you insist on using something b0rken like Outleak Suxpress, please have a thought for people who use software that *does* comply with established standards. -- Steve The average nutritional value of promises is roughly zero. From nobody at devnull.spamcop.net Wed Apr 20 06:05:55 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 06:10:04 2005 Subject: [SpamCop-List] Re: Spamreporting down? References: Message-ID: you posted this from an optonline.net address. Is this from the access you used when the incident occurred? This would be another cable provider with the same proxy deficiency ans comcast, charter, and all the trolltraps who hand out ficticious 'access speeds', but do have no link to the Internet. optonline hangs off cv.net cv.net hangs of savvis savvis is tier 1 ISP access speed has nothing to do with real Intenet access,unless you are with a tier one provider. don't look at this posting source: it's a dialup! (I'd be suicidal to post through my real access....). The symptoms of your 'mishap' are exactly that: proxy failure because the proxy actually let your logon through, but could not maintain the connection for the answer back: you never knew you were logged on. Your access goes through: '5Mb' _access_ to your local cable trunc (couple ot 1000 users on that one, do the math!) shared between all truncs: a cable access point network between cable access points (kind of routers): 1Gb/s at most (that's 200 users at 5Mb/s, from about 16 to 128 cable truncs! the whole half world of your community) Access from the main cable router place to the uplink: maybe an OC3, OC48 (don't dream they would have that!) Between you and the world: like a carboard condom: their proxy server! _access speed_: you only get that (if at all and not throttled by the cable access point) between you and some other host on the same cable trunc. This means it's great between you and your neighbor. To the Internet: skimpy..skimpy..skimpy thin with a cheapo cheapest proxy construct. Yahoo works great, right? sg On Tue, 19 Apr 2005 22:58:35 -0400, eddie wrote: > On Tue, 19 Apr 2005 19:14:25 -0500, skinnyguy scratched out the following: > >> You are probably either a customer of charter.com, or comcast. > No but that has nothing to do with my post. I was stating that the spam > reporting service run by SC was down and would not accept my password. > > My connection to the internet is well over 5Mb/s. I would never even > consider comcast, charter, etc as an ISP. > > Once movie theaters gave out steak knives > Today they confiscate them From nobody at devnull.spamcop.net Wed Apr 20 06:06:54 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 06:10:21 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: Yes, I did lots of time: SBC is just another name plate over the old Ameritech. sg On Tue, 19 Apr 2005 22:19:38 -0500, Cat wrote: > Is anyone else having trouble with SBC Global ignoring spam complaints? > I get spam several times a day from the same spammer advertising stuff > like cell phones or laptops. Most of them advertise a Motorola RAZR V3 > phone, but a few also advertise Sony laptops. The from name is usually > something like Consumer Research or ProductTestPanel. I've started > sending manual LARTs for some of them since SpamCop reports were being > ingored, but they apparently ignore all complaints. From nobody at devnull.spamcop.net Wed Apr 20 06:26:27 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 06:30:26 2005 Subject: [SpamCop-List] Re: {Bizzare?} SC returning "Cannot Resolve" on *working* "Simply-RX.net" and CN hosted redirect sites ONLY References: Message-ID: You won't miss anything if you block everything that comes from 200.149.11/24. I bet you don't know anybody in Campinhas, SP, Brazil, right? If so send them a last email..... Of course they know who's 53 inquiries to block... Here is simply-rx, which SC cannot do because of 'sub-amateur level': hquer:/home/mn # nslookup > www.simply-rx.net Server: 172.16.173.254 Address: 172.16.173.254#53 Non-authoritative answer: Name: www.simply-rx.net Address: 200.149.11.35 > exit hquer:/home/mn # whois -h whois.arin.net 200.149.11.35 OrgName: Latin American and Caribbean IP address Regional Registry OrgID: LACNIC Address: Potosi 1517 City: Montevideo StateProv: PostalCode: 11500 Country: UY ReferralServer: whois://whois.lacnic.net inetnum: 200.149.11/24 aut-num: AS7738 abuse-c: CGR13 owner: Connect BR Net ownerid: 006.239.728/0001-57 responsible: Simone da Penha Brites de Oliveira address: Rua Alvares Machado, 424, sl 62 address: 13013-070 - Campinas - SP phone: (19) 32323195 [] owner-c: CBN62 tech-c: CBN62 created: 20050404 changed: 20050404 inetnum-up: 200.149.0/17 nic-hdl-br: CBN62 person: Connect BR NET e-mail: abusebr@UOL.COM.BR address: Rua Jos?Paulino - Centro, 416, Sl 805 address: 13013-000 - Campinas - SP phone: (19) 32364345 [] created: 20050218 changed: 20050415 This should give you all necessary information to place a spam complaint, or just filter that class C in your mail client. simply-rx is a moving target, though.... sg On Tue, 19 Apr 2005 22:24:42 -0700, R. Asby Dragon wrote: > This one's bizzare ! > > Each is recent ; all redirect to http://www.simply-rx.net/ > > http://hkfeiymi.xans.net/ph/sevy/fku.zsln > httphttp://www.h67.net/p/jpeg/ > http://www.j5k.net/p/jpeg/ > http://sv9664y26.tumultuous.klih.com/p/dp22/conestoga.fuwu > (and probably more ) > > I've plugged each and every one of these into SC ; both as "whole spam" > and as "URL only"; the returns are slow as hell and all come up as > "Cannot Resolve" . But all of these *do* resolve in IE; Firefox; and > also SamSpade's text browser. I *don't* do browser caching except for > selected IPs. Samspade's basically a fetch/get .. no way can that cache! > > Same happens on http://www.simply-rx.net/ > > I've had the occasional "fail" on URLS before; and a repeat resubmit or > 3 will clear up the problem . I've tried as many as 15 retries with no > luck on the above URLs. > > Could these assholes have figured a way to block traffic from Spamcop by > DNS tricks ?? Selectively denying DNS to Spamcop's normal IP addreses? > > I just tried the IP version of http://hkfeiymi.xans.net/ph/sevy/fku.zsln > (http://218.7.120.70/ph/sevy/fku.zsln) > > THAT WORKS!! > > I've seen weird DNS stuff with simply-rx.net and > online-replica-store.com before (both share 200.149.11.35). > > Spamcop usually brings up "mail-abuse@nic.br" (at least before this > strangeness started); but would occasionally show "abuse@cnc-noc.net". > > Any ideas?? From nobody at nowhere.invalid Wed Apr 20 13:28:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Apr 20 06:30:51 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: On Tue, 19 Apr 2005 08:22:41 -0500, skinnyguy coughed into spamcop and left this in : > After having read this,... After having read what? There was no context or quote above what you wrote so there's no way to know what you're on about. -- Steve Let's call it an accidental feature. -- Larry Wall From nobody at devnull.spamcop.net Wed Apr 20 06:39:45 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 06:40:05 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: use threaded view, then check what was posted befor the message you are referring to. glad to help sg On Wed, 20 Apr 2005 12:28:03 +0200, Steven Maesslein wrote: > On Tue, 19 Apr 2005 08:22:41 -0500, skinnyguy coughed into spamcop and > left this in : > >> After having read this,... > > After having read what? > > There was no context or quote above what you wrote so there's no way to > know what you're on about. From notgiven at nodomain.net Wed Apr 20 07:40:47 2005 From: notgiven at nodomain.net (C. S.) Date: Wed Apr 20 06:45:04 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: Sometime around Tue, 19 Apr 2005 22:19:38 -0500, Cat deemed it necessary to offer: > Is anyone else having trouble with SBC Global ignoring spam complaints? > I get spam several times a day from the same spammer advertising stuff > like cell phones or laptops. Most of them advertise a Motorola RAZR V3 > phone, but a few also advertise Sony laptops. The from name is usually > something like Consumer Research or ProductTestPanel. I've started > sending manual LARTs for some of them since SpamCop reports were being > ingored, but they apparently ignore all complaints. Yep, and it's been going on for at least a few months. Have a look at Berny's post; I've been seeing the same notifies for source/hosting, etc. Looks like SBC and MCI are gearing-up to grab all the spammer revenue they can possibly get. From nobody at devnull.spamcop.net Wed Apr 20 06:47:55 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 06:50:05 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: Oh my, 'ProductTestPanel' and everything associated with it: here is how I got into that: I was looking for a certain MB on the net. One of the search results (Yahoo, why in the did I use Yahoo and not hotbot as always?) posted: 'D915gev - MB testers needed - keep the MB after you review it'.... dumb me. greedy me, I clicked on that, entered an email and whoops, no MB testing, a spammer's nest opened up. Done. gave it away. That email address now gets about 15 to 20 spams a day from all kinds of 'Product Test Panel', some WebPanel, etc. Why? The 'search result', offered by Yahoo, in corporation with spammers, was no search result at all, but a canned script that issues runs upon the search. The search engines do support this kind of trap, most are obvious, that one was too good (to be true, right, slap me, please...). Most are, e.g. searching for 64bit, returns links like 'shop for stop-bit at...' or 'greatest selection of stop-bit'. These people, under pretext and false advertisement, do just capture information and distribute it to hundreds of spam outlets. Sure, that address has been gone ever since. Don't fall for Product Test Panel The Web Panel there are more. Any 'panel' thing is a spammer's trap, no matter how the search result, in cooperation with Yahoo, is 'enveloped'. sg On Tue, 19 Apr 2005 22:19:38 -0500, Cat wrote: > Is anyone else having trouble with SBC Global ignoring spam complaints? > I get spam several times a day from the same spammer advertising stuff > like cell phones or laptops. Most of them advertise a Motorola RAZR V3 > phone, but a few also advertise Sony laptops. The from name is usually > something like Consumer Research or ProductTestPanel. I've started > sending manual LARTs for some of them since SpamCop reports were being > ingored, but they apparently ignore all complaints. From nobody at nowhere.invalid Wed Apr 20 13:50:28 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Apr 20 06:55:04 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: On Wed, 20 Apr 2005 04:45:20 -0500, skinnyguy coughed into spamcop and left this in : > PUre harassment: it comes form a 10/8 address. Learn how to read e-mail headers (and not to top-post while you're at it). The mail came from 80.105.112.177 (interbusiness.it, no surprises there) anf the other hosts in RFC1918-space are internal hand-offs within the recipient's ISP. -- Steve If at first you don't succeed, redefine success. From nobody at nowhere.invalid Wed Apr 20 14:03:20 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Apr 20 07:05:05 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: On Wed, 20 Apr 2005 05:39:45 -0500, skinnyguy coughed into spamcop and left this in : > use threaded view, then check what was posted befor the message you are > referring to. I do use a threaded view. Why should I have to go and read another message to find out what you're blathering on about? Why don't you just learn how to post correctly and include a few lines of context above your comments? -- Steve The only person to get all of his work done by Friday was Robinson Crusoe From nobody at devnull.spamcop.net Wed Apr 20 07:20:29 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 20 07:25:03 2005 Subject: [SpamCop-List] suggestion: add open relays to your statistics Message-ID: If you could add open relays to your statistics. I noticed that 211.237.142.66 has been used by all kinds of spammers operating from very different sources. Looks as if someone is holding a relay open and announced it so different spammers for use. Such a statistic would be helpful to complain against the provider of such an address and ask to cut the customer off. A backing of how many spam emails, and from how many different origins had been piped through the proxy, would be a great asset in shutting these down. It is one thing if an uninformed user by chance puts such a thing up. It is another if this happens to the same user often, and if it is not only used by one spammer, but by many. Sure, one discovers it, and distributes it to 'family and friends'. Cutting off people who behave irresponsively when connected to the Internet, facilitating nuisance and harm to everyone else (yes, harm, see spams for goods not intended to be delivered), should just be the right thing. The stats needed as supporting material for such a complaint would be relay, number of spam complaints due to that relay, and a breakdown by spam source (source - #complaints) like relay-ip total complaints ##### source breakdown ip1 ##### ip2 ##### ... Cracking down on open relays and proxies, intended or not, is one important tool against spammers. Yes, if bohoo-troll blahmouth puts his XP Pro directly on the troll high speed cable net and runs some funky configuration, he should be cut off, basta! sg From Ilgaz at spamcop.net Wed Apr 20 16:09:07 2005 From: Ilgaz at spamcop.net (Ilgaz) Date: Wed Apr 20 08:10:11 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: On 2005-04-20 05:23:33 +0300, Patto said: > http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z > > For several weeks now I am getting dozens and dozens of spam messages > titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the > contents is always in Dutch, but it never contains any kind of contact > address, URL, or telephone number. > > I just cannot imagine what the spammer's point is here? Is it just for > public harassment's sake? Any suggestion? Be sure to send reports to piracy@microsoft.com I always do and currently, army of lawyers are on this issue :) Must use more evil against evil ;) Ilgaz From MikeE at ster.invalid Wed Apr 20 06:28:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 20 08:30:04 2005 Subject: [SpamCop-List] Re: suggestion: add open relays to your statistics References: Message-ID: skinnyguy wrote: > If you could add open relays to your statistics. SC's design is to name sources to contribute to the SCbl and feed apparent relays to the relay tester/listers. > I noticed that 211.237.142.66 has been used by all kinds of spammers > operating from very different sources. It is more likely that you have misinterpreted the headers and 211.237.142.66 rDNS d211-237-142-66.rev.krline.net is a user IP source in the item/s you haven't demonstrated.. 211.237.142.66 is listed in cbl & blitzed for proxy type spamsourcing. Probably lines under that IP's line are bogus. -- Mike Easter kibitzer, not SC admin From cnwykab02 at sneakemail.com Wed Apr 20 16:09:28 2005 From: cnwykab02 at sneakemail.com (Warre) Date: Wed Apr 20 09:10:05 2005 Subject: [SpamCop-List] Re: What's the point...? In-Reply-To: References: Message-ID: Patto wrote: > http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z > > For several weeks now I am getting dozens and dozens of spam messages > titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the > contents is always in Dutch, but it never contains any kind of contact > address, URL, or telephone number. > > I just cannot imagine what the spammer's point is here? Is it just for > public harassment's sake? Any suggestion? I received almost exactly the same spam recently, but it did have a link: http://sdqcjaa.mjmentholkm.com/? ip address: 218.7.112.241 was some kind of code. I get a blank page if I open the website. SamSpade's DNSBLomatic gives these links to Spamhaus: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL23549 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL25815 Could be the same guys as http://sofmtm.info/ The message was sent from 207.40.116.45 ( host45.boysvillage.com ). From amenex at amenex.com Wed Apr 20 11:10:19 2005 From: amenex at amenex.com (George Langford, Sc.D.) Date: Wed Apr 20 10:10:38 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file Message-ID: <200504201410.j3KEAJxL027582@voicenet.com> As promised (almost) here's my report on blocking the dreaded omniture.com (masquerading as esomniture.com): In Mozilla's "Preferences" menu, (significantly) under Privacy & Security -> Images -> Manage Image Persmissions, one can block the loading of images from domains that can be added to a blocklist. I did so with stats.esomniture.com and can gleefully report that, so far, this has stopped any URL's of that ilk from appearing in Symantec's Web History log. Now, let's see if that has any effect on the amount of spam that gets sent my way ... BTW, to use the Hosts file efficiently, one has to come up with a substitute image for the one that the bad guys are trying to load. The program, "eDexter" serves that role for me. It's quite invisible in its actions, except for a tiny red rectangle that appears in place of banned images, such as slow-to-load popular-auction-site counters, etc. George Langford in beastly hot SE PA From spamcop at 1bigthink.com Wed Apr 20 12:10:25 2005 From: spamcop at 1bigthink.com (spamcop) Date: Wed Apr 20 11:10:32 2005 Subject: [SpamCop-List] What's the point...? In-Reply-To: References: Message-ID: <6.1.2.0.0.20050420110723.063e8ce0@mx.1bigthink.com> At 10:23 PM 4/19/2005, you wrote: >http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z >http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z > >For several weeks now I am getting dozens and dozens of spam messages >titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the >contents is always in Dutch, but it never contains any kind of contact >address, URL, or telephone number. > >I just cannot imagine what the spammer's point is here? Is it just for >public harassment's sake? Any suggestion? Because people who click on spam supplied links are stupid and apparently there are a lot of stupid people. This was posted under the subject 'Re: Can you believe this ?' yesterday. See the stupidity of some of the comments under this thread and you'll understand that some idiots will actually respond to stupid spammers. http://www.jdrowell.com/archives/2005/01/simplyrxcom_suc.html Still unbelievable. No wonder we elected G.W.Bush as President! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From nobody at spamcop.net Wed Apr 20 11:31:01 2005 From: nobody at spamcop.net (Ellen) Date: Wed Apr 20 11:20:04 2005 Subject: [SpamCop-List] Re: suggestion: add open relays to your statistics References: Message-ID: "Mike Easter" wrote in message news:d45hp8$o50$1@news.spamcop.net... > > It is more likely that you have misinterpreted the headers and > 211.237.142.66 rDNS d211-237-142-66.rev.krline.net is a user IP source > in the item/s you haven't demonstrated.. 211.237.142.66 is listed in > cbl & blitzed for proxy type spamsourcing. > > Probably lines under that IP's line are bogus. > As you said ... Not all spam injected by that IP has forged headers added -- some does and some doesn't. It's well connected tho cause it sure is sending a lot of spam. Ellen From MikeE at ster.invalid Wed Apr 20 09:22:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 20 11:25:02 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: Warre wrote: > I received almost exactly the same spam recently, but it did have a > link: I looked around in sightings and there are similar/identicals there which do contain a link. Examples: http://dpt.suptunab.info/?BQDG7mB9_FcunBBiosojpths Mar 18 http://noeref.suptunab.info/uvuyjmc?raZwtcX_R_yQJrX|munged@nwsup.com http://enocndbs.kicoydogfc.com/?9UbKHW9dzJgyr99y Mar 24 So, maybe Patto's were an error and left out the link. -- Mike Easter kibitzer, not SC admin From firewoman at default.domain.not.available Wed Apr 20 12:34:54 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Wed Apr 20 11:35:07 2005 Subject: [SpamCop-List] Re: Spam Fallout References: Message-ID: "Mike Easter" wrote in message news:d43kq4$m8i$1@news.spamcop.net... > Firewoman wrote: >> I subscribe to very few newsletters, but one of them (from a quite >> well known humorist), is dying today. > >> first, spam has killed interest in receiving funny e-mails--my >> subscription base has been dropping for the past several years. >> Second, filters, barriers to bulk e-mails, and other defensive >> measures deployed by ISP's have often blocked me. > > Maybe he should switch over to a blog site. With someone that seems to be challenged enough with getting out an irregular newsletter, a blog would probably just blow his mind. You never know, but I sent him an e-mail with that very suggestion. Blogs aren't my favorite thing on the internet, and they seem to be a a growing source of mis-information, but I'd probably read his. Thanks Mike! :) From no at no.spam Wed Apr 20 09:44:55 2005 From: no at no.spam (Michael Wise) Date: Wed Apr 20 11:45:05 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: In article , "Fred k" <0rio85a02@sneakemail.com> wrote: > Mike, by chance are you an ex-FAA type? No, but I was in Naval aviation for a spell. --Mike From no at no.spam Wed Apr 20 09:47:24 2005 From: no at no.spam (Michael Wise) Date: Wed Apr 20 11:50:03 2005 Subject: [SpamCop-List] Re: The spam flood continues, my domain is useless References: Message-ID: In article , "Ook" wrote: > Several months later I continue to receive thousands of spams every day to > one of my domains. I've long since moved all email to a different domain as > I can no longer use this domain for email. Is there any hope, or should I > just write off this domain as a win for the spammers? I don't know what to > do to stop the flood of spam, and I haven't found a spam tool that can > filter out one legit email from 5,000 spams. Client-side anti spam tools are not very good...and shouldn't even be needed (if email admins did their jobs). Consider having a provider with a clue host your email. --Mike From nttp.sc.s at bigsleep.org Wed Apr 20 17:45:58 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 20 12:50:03 2005 Subject: [SpamCop-List] Re: Blocking a notorius spam-friendly domain with my Hosts file References: Message-ID: On 20 Apr 2005 George Langford, Sc.D. entered spamcop and left news:mailman.139.1114006226.4572.spamcop-list@news.spamcop.net: > Now, let's see if that has any effect on the amount of spam > that gets sent my way ... > We are talking about images loaded from a web page? How do you suppose they would get your eMail address? -- | Ric | From eddie at eddie.web Wed Apr 20 13:50:35 2005 From: eddie at eddie.web (eddie) Date: Wed Apr 20 12:55:03 2005 Subject: [SpamCop-List] Re: Spamreporting down? References: Message-ID: On Wed, 20 Apr 2005 05:05:55 -0500, skinnyguy scratched out the following: > you posted this from an optonline.net address. Is this from the access you > used when the incident occurred? > > > This would be another cable provider with the same proxy deficiency ans > comcast, charter, and all the trolltraps who hand out ficticious 'access > speeds', but do have no link to the Internet. All this has nothing to do with my original post which has nothing to do with my ISP. Nothing whatsoever. The problem was fixed yesterday and I am done with it. >> >> Once movie theaters gave out steak knives Today they confiscate them -- Once movie theaters gave out steak knives Today they confiscate them From tdy at blackhole.invalid Wed Apr 20 14:15:08 2005 From: tdy at blackhole.invalid (N. Miller) Date: Wed Apr 20 16:20:16 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: In article , skinnyguy says... > Yes, I did lots of time: SBC is just another name plate over the old > Ameritech. I suppose you could call it that. More like Ameritech was "Borged", though; along with flash.net, nvbell.net, pacbell.net (anybody remember "PinkBell"?), prodigy.net, snet.net, swbell.net, and wans.net. SBC is all there is left of those entities. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Thu Apr 21 01:23:13 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 20 18:30:42 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> <4263D171.2592@xyzzy.claranet.de> Message-ID: <4266D651.6996@xyzzy.claranet.de> Michael Wise wrote: > Because one feels strongly about something does not change > opinion into fact. It's not officially required to know RfC 1036 and its son in the WG trying to create a "grandson", but silently expected. It's a rather simple system, just check a few odd cases like fup2 poster, moderated NGs, Cancels, etc. and you'll find that a valid address is essential to solve some problems. > "Problems" can be discussed and addressed publicly on the > very forum and the very medium (Usenet) they are observed in. As I said it doesn't work if two no@no.spam Cancel each other or try opther stunts. It's impossible to identify the "real" no@no.spam - this address doesn't exist. The very best I could do if several no@no.spam start to discuss who's the "real" no@no.spam is to killfile them all. > Cancel messages are the concern of the original poster The "original" poster is identified by a valid From: address. It's undefined for an invalid address, anybody is free to send articles from no@no.spam, incl. control messages. There is no "original poster" in this case. No no@no.spam can prove that (s)he's the "real" no@no.spam. > If the OP doesn't care about them; why should you? I don't. Nobody can help you in this case, especially no news admin. > If identifying is the goal, message ID's and NNTP posting > hosts are sufficient. I get a new dyn. IP whenever I'm online. I can (and do) post on several servers. The only thing you - if you're an admin - have if you want to identify the "real" me is the addresss, If that's invalid don't waste your time. > A valid email address has ZERO to do with follow-up posts. Maybe you didn't know Followup-to: poster, I test it here. > come back and cite something with relevance to Internet > reality as it exists in any year after say 1997 or so. IIRC the latest USEFOR drafts were published in March 2005. Checking... no, wrong, April 2005. If you're reading this stuff grep for .invalid - that's what you're looking for, you find it in the usefor-usepro-03 and usefor-useage-01 drafts. Bye, Frank From 79ytka802 at sneakemail.com Thu Apr 21 03:12:00 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Wed Apr 20 21:15:04 2005 Subject: [SpamCop-List] Re: request for location information... In-Reply-To: <4265A8F1.87845AB6@worldnet.att.net> References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: John O. Kopf wrote: > Could SpamCop add available location-information (eg, country, > state/provence, city), in addition to the Email address for complaining > to the ISP? That way one could also inform the local government of the > offense. This information is readily available from Whois servers - try, for example http://www.uwhois.com/ Hope this helps! From nobody at devnull.spamcop.net Thu Apr 21 12:09:27 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Apr 20 22:10:05 2005 Subject: [SpamCop-List] What's the point...? In-Reply-To: References: Message-ID: spamcop wrote: > At 10:23 PM 4/19/2005, you wrote: > >> http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z >> http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z >> >> For several weeks now I am getting dozens and dozens of spam messages >> titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the >> contents is always in Dutch, but it never contains any kind of contact >> address, URL, or telephone number. >> >> I just cannot imagine what the spammer's point is here? Is it just >> for public harassment's sake? Any suggestion? > > > Because people who click on spam supplied links are stupid and > apparently there are a lot of stupid people. This was posted under the > subject 'Re: Can you believe this ?' yesterday. See the stupidity of > some of the comments under this thread and you'll understand that some > idiots will actually respond to stupid spammers. You mean to say the spammers omitted the link(s) out of respect for the stupidity of the recipients? > > Still unbelievable. No wonder we elected G.W.Bush as President! No comment... From nttp.sc.s at bigsleep.org Thu Apr 21 04:12:55 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 20 23:15:06 2005 Subject: [SpamCop-List] What's the point...? References: Message-ID: On 20 Apr 2005 spamcop entered spamcop and left news:mailman.140.1114009835.4572.spamcop-list@news.spamcop.net: > Still unbelievable. No wonder we elected G.W.Bush as President! > Actually they voted against the other idiot. -- | Ric | From no at no.spam Wed Apr 20 21:48:06 2005 From: no at no.spam (Michael Wise) Date: Wed Apr 20 23:50:04 2005 Subject: [SpamCop-List] Re: Top Posted References: <42615519.5260@xyzzy.claranet.de> <4263D171.2592@xyzzy.claranet.de> <4266D651.6996@xyzzy.claranet.de> Message-ID: In article <4266D651.6996@xyzzy.claranet.de>, Frank Ellermann wrote: > > Because one feels strongly about something does not change > > opinion into fact. > > It's not officially required to know RfC 1036 and its son in > the WG trying to create a "grandson", but silently expected. Silently expected by whom? Are you claiming spokesmanship for the clued Usenet community? > > It's a rather simple system, just check a few odd cases like > fup2 poster, moderated NGs, Cancels, etc. and you'll find > that a valid address is essential to solve some problems. And if the participant doesn't care about being able to cancel their posts (check) and is not posting to a moderated group, why should he/she care? As far as following up to the poster goes; if that's what the prospective poster wants; then he can darn well publicly ask the sender for a way to do so. Its not mail lists we're talking about here, and people shouldn't be strong-armed into acting as if they were. > > > "Problems" can be discussed and addressed publicly on the > > very forum and the very medium (Usenet) they are observed in. > > As I said it doesn't work if two no@no.spam Cancel each other > or try opther stunts. It's impossible to identify the "real" > no@no.spam - this address doesn't exist. If I don't care about being able to cancel, why should I care about this? > > The very best I could do if several no@no.spam start to discuss > who's the "real" no@no.spam is to killfile them all. You have plenty of other info with which to utilize for kill-filing. > > > Cancel messages are the concern of the original poster > > The "original" poster is identified by a valid From: address. The original post is identified by his/her From: address (valid or not) and a number of other things like msg ID and such. > It's undefined for an invalid address, anybody is free to send > articles from no@no.spam, Anybody is free to make posts from any address they wish. If people want to verify the sender, there's plenty of header info for them to do that with. > incl. control messages. There is no > "original poster" in this case. No no@no.spam can prove that > (s)he's the "real" no@no.spam. Big deal. Your point is...? > > > If the OP doesn't care about them; why should you? > > I don't. Nobody can help you in this case, especially no news > admin. Perhaps the poster doesn't need or want your or the news server admin's help in the first place. > > > If identifying is the goal, message ID's and NNTP posting > > hosts are sufficient. > > I get a new dyn. IP whenever I'm online. I can (and do) post > on several servers. The only thing you - if you're an admin - > have if you want to identify the "real" me is the addresss, If > that's invalid don't waste your time. Since when is anybody obligated to identify themselves to anybody on Usenet? If people want that info, they can ask for it. > > > A valid email address has ZERO to do with follow-up posts. > > Maybe you didn't know Followup-to: poster, I test it here. And I ignore it here. > > > come back and cite something with relevance to Internet > > reality as it exists in any year after say 1997 or so. > > IIRC the latest USEFOR drafts were published in March 2005. > Checking... no, wrong, April 2005. The RFC you cited was from well before that. --Mike From nobody at devnull.spamcop.net Thu Apr 21 00:43:39 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 00:45:03 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Rick Carlton wrote: > Cat wrote: > >> Is anyone else having trouble with SBC Global ignoring spam >> complaints? > If you're willing to be listwashed to get it to stop, please PM me. > > I have a decent Subscriberbase contact who's helped stem the tide for a > corporate client somewhat. Sorry it took a while to get back to this thread for replies. I haven't been home all day. I'd really rather find a way to get through to them to make them stop instead of just listwashing while they get to keep their spamming customer. I'm just getting frustrated with it all. I had several more from the same spammer waiting for me when I got home tonight. I may still consider dropping you a private note on it though. From nobody at devnull.spamcop.net Thu Apr 21 00:50:48 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 00:55:03 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Berny wrote: > "Cat" wrote in message > news:d44hoa$6hv$1@news.spamcop.net... > >>Is anyone else having trouble with SBC Global ignoring spam complaints? > They have joined the darkside along with MCI, by providing Spam Service to > _Software Factory Solutions_ That sucks. I did get one of them that went to MCI. They must have listwashed me from that one since I haven't had any more with that as a source. > product testers, free this and that, consumer research > > All the spams are structurally Identical, all links point to the same MCI > host, through a name service also registered toi the same jerks, which will > not resolve for Spamcop at all. Yeah, some of them also advertise Sirius Satellite Radio. > The spammer has registered thousands of names, with Tucows mostly all going > through one or two nameservices also registered by him. > > The same MCI spamvertizing host has been in use for over a yearby them. > 63.82.96.35 > I guess SBC (SpewGlobal) wants that revenue. Thanks for the info. I just wish there was something we could do to push them to stop. I've actually called spam friendly hosts on the phone before, but I don't know that any of the phone numbers I found for SBC would get me to the right department to complain. I remember one before (I think it was WCG) that acted like they didn't understand the concept of an abuse admin and hung up on me for asking. I called three different times before I finally got someone with half a brain cell who wouldn't hang up on me. I'm no longer getting spam from that particular spammer, but last I checked, s/h/it was hosting s/h/its web sites with a different ISP. From nobody at devnull.spamcop.net Thu Apr 21 00:55:21 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 01:00:05 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: (Top posting fixed) skinnyguy wrote: > On Tue, 19 Apr 2005 22:19:38 -0500, Cat wrote: > > >>Is anyone else having trouble with SBC Global ignoring spam complaints? > Yes, I did lots of time: SBC is just another name plate over the old > Ameritech. I have a few like that where I had to resort to hounding them on the phone each time I got another one. They would finally do something when they figured out that I wasn't going to leave them alone as long as I was still getting spew from their customers. WCG and Rackspace where a couple that I had major problems with in the past. From nobody at devnull.spamcop.net Thu Apr 21 00:56:13 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 01:00:29 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: N. Miller wrote: > In article , skinnyguy > says... > >>Yes, I did lots of time: SBC is just another name plate over the old >>Ameritech. > > I suppose you could call it that. More like Ameritech was "Borged", though; > along with flash.net, nvbell.net, pacbell.net (anybody remember > "PinkBell"?), prodigy.net, snet.net, swbell.net, and wans.net. SBC is all > there is left of those entities. Yeah, I noticed that when I was searching around for some info on this one. From nobody at devnull.spamcop.net Thu Apr 21 00:59:41 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 01:00:39 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: C. S. wrote: > Sometime around Tue, 19 Apr 2005 22:19:38 -0500, Cat deemed > it necessary to offer: > > >>Is anyone else having trouble with SBC Global ignoring spam complaints? > Yep, and it's been going on for at least a few months. > > Have a look at Berny's post; I've been seeing the same > notifies for source/hosting, etc. > > Looks like SBC and MCI are gearing-up to grab all the > spammer revenue they can possibly get. I'm at the point where I'm ready to copy each spam complaint to the e-mail addresses to all the top officers in the company. I just wish I could get through to someone who actually reads spam complaints. I tried to search through Google Groups for more about SBC in NANAE but couldn't find anything beyond the link to NANAE's new moderated section and no actual posts. From nobody at devnull.spamcop.net Thu Apr 21 01:04:35 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 01:05:04 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: (Top posting rearranged) skinnyguy wrote: > On Tue, 19 Apr 2005 22:19:38 -0500, Cat wrote: > > >>Is anyone else having trouble with SBC Global ignoring spam complaints? > Oh my, 'ProductTestPanel' and everything associated with it: > > here is how I got into that: > > I was looking for a certain MB on the net. > Don't fall for > > Product Test Panel > The Web Panel > > there are more. > > Any 'panel' thing is a spammer's trap, no matter how the search result, in > cooperation with Yahoo, is 'enveloped'. I'm not sure how I got onto this particular spam list. I've noticed that I don't get much small time spam any more. Most of the spam I get is the usual stuff that comes through Korean or Chinese ISPs with the occasional one from somewhere else. The repeats are usually the same handful of repeat offenders. From nobody at devnull.spamcop.net Thu Apr 21 01:19:58 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 21 01:20:10 2005 Subject: [SpamCop-List] Re: Apparent DNS blockage In-Reply-To: References: <1gv3y1f.ns1eid130okrmN%panoptes@iquest.net> Message-ID: skinnyguy wrote: > use threaded view, then check what was posted befor the message you are > referring to. Please understand that it's about courtesy and consideration toward other readers (and also a general rule of netiquette if you're posting to a newsgroup). When everyone else is posting inline below each quoted point while you insist on top posting, it gets the conversation out of order, and people will often just skip over your post or add you to their killfiles. People shouldn't have to spend time scrolling back and forth to get the context of your reply. Top posting and not snipping is a quick way to make people ignore your posts. There may come a time when you'll really need help with something but you won't get the help that you need because the people best equiped to help you will have already killfiled you for habitual top posting. You wouldn't read a book page from bottom to top, and you certainly wouldn't read the page out of order, so why would you expect people to read top posted unsnipped comments in a newsgroup? Here are a couple of links that you should really read over and start following: #6 at http://linux.sgms-centre.com/misc/netiquette.php and #1 and #2 at http://www.river.com/users/share/etiquette/ From viraptor at kni.cutme.prz.rzeszow.pl Thu Apr 21 09:23:11 2005 From: viraptor at kni.cutme.prz.rzeszow.pl (Viraptor) Date: Thu Apr 21 02:25:19 2005 Subject: [SpamCop-List] Re: Parse Failures Today In-Reply-To: References: Message-ID: SpamCop Admin wrote: > The problem has been fixed and new code published. Not really. I got "No ip" error now. Report id = z754633844z84ea7542e19240f15a7ff405b09ea65cz if that helps. From bar_n0ne at hotmail.com Thu Apr 21 13:58:32 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Apr 21 05:00:12 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: "Cat" wrote in message news:d47bf6$mgs$1@news.spamcop.net... > Berny wrote: > > All the spams are structurally Identical, all links point to the same MCI > > host, through a name service also registered toi the same jerks, which will > > not resolve for Spamcop at all. > > Yeah, some of them also advertise Sirius Satellite Radio. > > > The spammer has registered thousands of names, with Tucows mostly all going > > through one or two nameservices also registered by him. > > Same ip I get them too , RAZR phones, SONY Vagio (or something like that) PC's, etc. From ariane at freenet.de Thu Apr 21 16:14:15 2005 From: ariane at freenet.de (Ariane) Date: Thu Apr 21 09:15:03 2005 Subject: [SpamCop-List] Re: Meine geilen Bilder Message-ID: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Hi, hier sind meine geilen Bilder! My nude Pics!!! http://www.geile-tipps.info/go/ -- Posted by News Bulk Poster Unregistered version From MikeE at ster.invalid Thu Apr 21 08:39:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 21 10:40:33 2005 Subject: [SpamCop-List] Re: Meine geilen Bilder References: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Message-ID: Ariane wrote: > Hi, hier sind meine geilen Bilder! > My nude Pics!!! > http://www.geile-tipps.info/go/ Strange feed situation, spacing the path so it will wrap: Path: news.spamcop.net! newsfeed-3001.bay.webtv.net! diablo.voicenet.com! 216.196.98.140.MISMATCH! border1.nntp.dca.giganews.com! nntp.giganews.com! newshosting.com!nx02.iad01.newshosting.com! newsfeed.icl.net! newsfeed.fjserv.net! newsfeed.icl.net! skynet.be! fr.ip.ndsoftware.net! feeder.enertel.nl! nntpfeed-01.ops.asmr-01.energis-idc.net! feeder.xsnews.nl! 10.0.1.1.MISMATCH! reader-1.xsnews.nl! not-for-mail From: "Ariane" Message-ID: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Organization: XS News NNTP-Posting-Host: 0e1191cc.reader-1.xsnews.nl X-Trace: DXC=H3KKB9aWgA5YiI6l83WH^3LBI=_KEmQ^2aE8^;NRX2I>[U8n@`FkVD5fPc3jZ855`0U? D9CED:6S;`Ho`^Q\0Q1< X-Complaints-To: newsmaster@xsnews.nl Xref: news.spamcop.net spamcop:145771 That means that xsnews.nl is getting a spamcop feed and is able to feed back. Also, the nntp-posting host line wasn't stamped by spamcop's newsserver, because spamcop's stamps a 'real' nntp posting host line, whereas this item's nntp posting host doesn't resolve 0e1191cc.reader-1.xsnews.nl No DNS for this address or other tools for getting an A address So, my opinion is that the nntp posting host line was stamped by the XS News newsserver. XS News has a website and information about their peering arrangements http://www.xsnews.nl/index.php?x=Home http://www.xsnews.nl/index.php?x=peering and the contact about that is newsmaster@xsnews.nl Maybe XS News is new, because the website is carrying on about the first 500 somethings, I don't know if that is individual subscribers or some kind of resale for newsfeeds. So, if the SC news admin doesn't want XS News peering with the SC newsgroups like that, they should open up some kind of communication dialogue. The business about the 'usenet' spamvertising of the website is a minor matter compared to the larger issue. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Thu Apr 21 19:00:31 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Apr 21 12:05:06 2005 Subject: [SpamCop-List] What's the point...? References: Message-ID: On Thu, 21 Apr 2005 10:13:46 -0500, Kenneth Loafman coughed into spamcop and left this in : > I voted against this warmongering, alliterate, anti-environmentalist, ^^^^^^^^^^ *cough* > pro-corporate idiot that we have now. -- Steve "Politics is supposed to be the second oldest profession. I have come to realize that it bears a very close resemblance to the first." From nttp.sc.s at bigsleep.org Thu Apr 21 18:01:36 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Apr 21 13:05:05 2005 Subject: [SpamCop-List] What's the point...? References: Message-ID: On 21 Apr 2005 Steven Maesslein entered spamcop and left news:slrnd6fjgv.hdo.nobody@127.0.0.1: > "Politics is supposed to be the second oldest profession. > I have come to realize that it bears a very close > resemblance to the first." > There ya go, I think in this case organized crime fits in there somewhere as well. Thats as far as I go here ;-) -- | Ric | From spamcop at 1bigthink.com Thu Apr 21 14:59:28 2005 From: spamcop at 1bigthink.com (spamcop) Date: Thu Apr 21 13:59:38 2005 Subject: [SpamCop-List] What's the point...? In-Reply-To: References: Message-ID: <6.1.2.0.0.20050421135653.0688ce70@mx.1bigthink.com> At 01:26 PM 4/21/2005, you wrote: >On Thu, 21 Apr 2005 18:00:31 +0200, Steven Maesslein > wrote: > > >On Thu, 21 Apr 2005 10:13:46 -0500, Kenneth Loafman coughed into spamcop > >and left this in : > > > >> I voted against this warmongering, alliterate, anti-environmentalist, > > ^^^^^^^^^^ *cough* > >> pro-corporate idiot that we have now. > >Not sure what you meant by *cough*, but he is aliterate (OK, only one L), >he is able to read (I think), but choses not to. He only listens to the >folks around him and his own messed up head. He will not allow dispute, >thus showing that he is beyond rational thought. Need any more? Umm, yes. He and his family own a butt-load of Petroleum industry and Pharmaceutical industry stocks! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From nobody at devnull.spamcop.net Thu Apr 21 18:53:50 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Apr 21 17:55:14 2005 Subject: OT: Re: [SpamCop-List] What's the point...? References: Message-ID: "Kenneth Loafman" wrote in message news:lhgf615538k8d45d24j3od528fjj7nptrf@4ax.com... > On Thu, 21 Apr 2005 03:12:55 +0000 (UTC), Blammo > wrote: > >>On 20 Apr 2005 spamcop entered spamcop and left >>news:mailman.140.1114009835.4572.spamcop-list@news.spamcop.net: >> >>> Still unbelievable. No wonder we elected G.W.Bush as President! >>> >> >>Actually they voted against the other idiot. > > I voted against this warmongering, alliterate, anti-environmentalist, > pro-corporate idiot that we have now. At least my conscience is clean, > and since I did vote, I get to complain about every mistake he makes, and > believe me, I'm getting a lot to complain about. > > ...Ken > And you spend many an OT moment boring everyone with your crap too. I may partially agree but that doesn't mean I spew hatred every chance I get; I'm more intelligent than that. Pop From nobody at devnull.spamcop.net Thu Apr 21 18:26:17 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Apr 21 18:30:07 2005 Subject: [SpamCop-List] Re: Meine geilen Bilder References: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Message-ID: "Mike Easter" wrote in message news:d48drf$7q4$1@news.spamcop.net... > > So, if the SC news admin doesn't want XS News peering with the SC > newsgroups like that, they should open up some kind of communication > dialogue. > > The business about the 'usenet' spamvertising of the website is a minor > matter compared to the larger issue. e-mail sent to you / JT From nobody at spamcop.net Thu Apr 21 17:16:23 2005 From: nobody at spamcop.net (A.J.) Date: Thu Apr 21 19:20:44 2005 Subject: [SpamCop-List] Link Resolving Failures Message-ID: I've received several spams over the past week or so with hyperlinks like this: (From ) The line breaks in the URL (but not the extraneous or tags) are copied verbatim from the original. SpamCop adds a second "http://" to the beginning of this mess when attempting to straighten it out, resulting in: === Resolving link obfuscation http://http://foztetdpbqm.com&omifjg4c5k1h6ujift4%2eiliacgnkln%2ecom/ Percent unescape: http://http://foztetdpbqm.com&omifjg4c5k1h6ujift4.iliacgnkln.com/ host http (getting name) no name http is not a hostname http is not a hostname === Manually removing the extra line breaks still leaves SpamCop with a problem: === Resolving link obfuscation http://foztetdpbqm.com&omifjg4c5k1h6ujift4%2eiliacgnkln%2ecom/ Percent unescape: http://foztetdpbqm.com&omifjg4c5k1h6ujift4.iliacgnkln.com/ host foztetdpbqm.com (checking ip) ip not found ; foztetdpbqm.com discarded as fake. host foztetdpbqm.com (checking ip) ip not found ; foztetdpbqm.com discarded as fake. Tracking link: http://foztetdpbqm.com&omifjg4c5k1h6ujift4.iliacgnkln.com/ [report history] Resolves to 82.114.48.67 Routing details for 82.114.48.67 [refresh/show] Cached whois for 82.114.48.67 : abuse@tautel.ru Using abuse net on abuse@tautel.ru abuse net tautel.ru = abuse@tautel.ru, postmaster@tautel.ru Using best contacts abuse@tautel.ru postmaster@tautel.ru === SC interprets the TLD as ending at the "&" following the first ".com" (foztetdpbqm.com), rather than at the next "/" as it should (iliacgnkln.com - the real domain), causing it to interpret the URL as fake. The tracker appears to function correctly; however, using other tools I come up with a different IP address: 218.7.112.241 -- A.J. Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From kopfj at worldnet.att.net Thu Apr 21 18:07:52 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Thu Apr 21 20:10:03 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: <42684058.5D14FBEA@worldnet.att.net> Aviatrix wrote: > > John O. Kopf wrote: > > > Could SpamCop add available location-information (eg, country, > > state/provence, city), in addition to the Email address for complaining > > to the ISP? That way one could also inform the local government of the > > offense. > > This information is readily available from Whois servers - try, for example > > http://www.uwhois.com/ > > Hope this helps! I tried that...got back: I'm sorry but we are unable to answer the query '=sanmtaki@erasmas.com' at the present time. We could not contact the server 'whois.crsnic.net' ........and have been getting this response for several hours. I'll try again tomorrow, unless you have an alternative suggestion. John Kopf From MikeE at ster.invalid Thu Apr 21 18:44:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 21 20:45:06 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: John O. Kopf wrote: > When one goes to a site such as: > http://www.anti-kinderporno.de/start_adressen.htm > to report child pornography believed to originate in Germany, they > provide "A list of address, telephone, and E-mail resources for > reporting child pornography in each of the German provinces." > > Since many of these foreign emails come from ISPs whose URL ends in > ".COM" os some similar domain, is is difficult to determine > origination. > > Could SpamCop add available location-information (eg, country, > state/provence, city), in addition to the Email address for > complaining to the ISP? That way one could also inform the local > government of the offense. I'm interpreting a few words in your question "these foreign mails come from' -- to indicate that you must be interested in the source of the *mail* rather than the provider for the spamvertised porno site, for some reason. I don't like to use words like 'from' to describe or characterize a spam. Mail typically has a From: which is bogus, and a source which is often a proxy, and a spamvertiser which isn't the source or the From, but sometimes people like to imagine or say that the spam is 'from' the spamvertiser. I think it is a bad choice of word in this context. That being said; if you have a domainname [whether it be for a source provider or a spamvertised site -- hopefully not for a bogus From] - you can garner some geographical information from that domainname. A domainname has a registrar and an associated IP address. The registrar records a registrant's address and the IP address is associated with a regional internet registrar which has contact information for the provider for the website. Somewhere along here it is time for you to clarify what you are seeking. Else the road is getting too many forks to put in an ascii map. -- Mike Easter kibitzer, not SC admin From rg at nospam.please Thu Apr 21 21:59:38 2005 From: rg at nospam.please (rg) Date: Thu Apr 21 21:00:03 2005 Subject: [SpamCop-List] darjheef.com is gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com Message-ID: I get dozens of spams with the below link: This translates to: gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com Why does spamcop report this as not resolvable? FYI, Reporting addresses: abuse@chinanet.cn.net abuse@cnc-noc.net From MikeE at ster.invalid Thu Apr 21 19:03:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 21 21:05:15 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: I'll focus on some different words. John O. Kopf wrote: > Could SpamCop add available location-information (eg, country, > state/provence, city), in addition to the Email address for > complaining to the ISP? That way one could also inform the local > government of the offense. SC is providing an email address to notify for a source [such as a proxy's provider] or a spamvertiser's provider's contact address. If you use the registrar for the domainname of the provider's registrant contact; or if you use the regional internet registrar for the website provider's contact domainname's registrant contact -- you are not getting the geographic location of any porn providing perpetrator. You are getting information about the domainname of the contact for a provider for a spamsource or a spamvertiser. The provider's contact's domainname's geographical location isn't of interest to a local government interested in some child porn offense -- if I'm understanding your quest and website interaction correctly. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 21 19:32:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 21 21:35:07 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: Mike Easter wrote: > I'll focus on some different words. Better yet, I'll use a specific example and pretend. This is a pharm spam, not a porn spam, but we'll talk about it. http://www.spamcop.net/sc?id=z754939349zea498cabb6216892dbef38d8f2503772z SC offers to notify: Report Spam to: Re: 81.192.194.130 (Administrator of network where email originates) To: elasri@menara.ma (Notes) Re: http://www.premiumhealthnow.info/vt/ (Administrator of network hosting website referenced in spam) To: abuse@sbcglobal.net (Notes) The first is the notify for the source and the second is the notify for the spamvertiser. Play like it was a porn being spamvertised instead of a pharm.. The source is a [proxified] user IP whose provider's notify address is a domainname menara.ma in/of Morocco. That doesn't mean some child porno related crime took place in Morocco. Similarly, the notify address for the spamvertiser, sbcglobal.net, has its mail handled by prodigy which is in NY, which doesn't have anything to do with anything; and/or/but/also sbcglobal registration which happens to be in Plano, Texas USA - which also doesn't mean anything. These notify addresses are providers for something, not perpetrators of anything. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 21 19:59:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 21 22:00:05 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> <42684058.5D14FBEA@worldnet.att.net> Message-ID: John O. Kopf wrote: > Aviatrix wrote: >> http://www.uwhois.com/ > I'm sorry but we are unable to answer > the query '=sanmtaki@erasmas.com' at the present time. > We could not contact the server 'whois.crsnic.net' This remark overlaps slightly with what I was saying before, but it is awkward because going 'backward' from why SC would want to notify sanmtaki doesn't come 'naturally'. But, my point is that the purpose of crsnic's whois is similar to the purpose of internic's whois [ie whois.internic.net], which is first to tell you whois the registrar for erasmas -- which is Registrar: IHOLDINGS.COM, INC. D/B/A DOTREGISTRAR.COM which has its own whois whois.dotregistrar.com which was overloaded at the time I wanted to use it so I went to the dotreg website where that whois told me about the registration of that provider erasmas Cambridge Capital Investment Ltd. (ERASMAS-COM-DOM) any information about the geographical address of Cambridge doesn't have anything to do with anything that you are looking for. You are getting mixed up about trying to use the notify address SC provides you to focus on the perpetrator - who might, for example, be the registrant for the website -- if you have actually located the website which is displaying child porn -- which isn't likely because the most likely structure of the spam is that there's some redirectors and javascripted obfuscation in there. What we should do is start with your display of a tracker for a spam which is allegedly a child porn issue and go from there, so that we can talk about all of the little steps along the way so that you can feed something to your kinderporn site people. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Apr 22 00:10:24 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Fri Apr 22 00:15:09 2005 Subject: [SpamCop-List] Re: suggestion: add open relays to your statistics References: Message-ID: If you would have read my posting with an attention spam slightly longer than that of a pigeon, you would have noticed that: I was referring to 'users' who have 'always on' connections and leave some funky thing open that serves as an open relay. Besides trying the 'vigilante' approach to silence the source of the spam (pretty futile....), a second pillar should be to take away their toys and make sure that open relays are reported from as many sides as possible to the ISPs of these negligeant people. Negligence through cluelessness is still negligeance. sg On Wed, 20 Apr 2005 05:28:03 -0700, Mike Easter wrote: > skinnyguy wrote: >> If you could add open relays to your statistics. > > SC's design is to name sources to contribute to the SCbl and feed > apparent relays to the relay tester/listers. > >> I noticed that 211.237.142.66 has been used by all kinds of spammers >> operating from very different sources. > > It is more likely that you have misinterpreted the headers and > 211.237.142.66 rDNS d211-237-142-66.rev.krline.net is a user IP source > in the item/s you haven't demonstrated.. 211.237.142.66 is listed in > cbl & blitzed for proxy type spamsourcing. > > Probably lines under that IP's line are bogus. From nobody at devnull.spamcop.net Fri Apr 22 00:22:36 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Fri Apr 22 00:25:05 2005 Subject: [SpamCop-List] re: request for location information Message-ID: Just send it to: C3@customs.treas.gov You don't need to worry about the source in a foreign country. Since you receive it here, that's where you need to report it. They work very closely with the European authorities, and also very fast. They have much faster and better contacts. sg From skiwi at spamcop.net Fri Apr 22 00:12:30 2005 From: skiwi at spamcop.net (Skiwi) Date: Fri Apr 22 02:15:04 2005 Subject: [SpamCop-List] FYI - Cannot log into IMAP mailserver as ##@spamcop.net - 04/21/05 23:10 PDT Message-ID: <426895CE.7070705@spamcop.net> FYI - "Cannot log into IMAP mailserver as ##@spamcop.net" 04/21/05 23:10 PDT ... you likley know about this already, but 'just in case'.... :-) From nttp.sc.s at bigsleep.org Fri Apr 22 07:32:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Apr 22 02:35:03 2005 Subject: [SpamCop-List] Re: Link Resolving Failures References: Message-ID: On 21 Apr 2005 A.J. entered spamcop and left news:d49c87$nsc$1@news.spamcop.net: > SC interprets the TLD as ending at the "&" following the first ".com" > (foztetdpbqm.com), rather than at the next "/" as it should > (iliacgnkln.com - the real domain), causing it to interpret the URL as > fake. The tracker appears to function correctly; however, using other > tools I come up with a different IP address: 218.7.112.241 > Spamcop is correct, or actually it doesn't resolve now so I can't check, but I got one like that earlier and spamcop was correct. You can't look it up "correctly", you have to do what the browser would do. iliacgnkln.com is actually a different IP than the full URL. Spamcop appears to check foztetdpbqm.com first, but fails and tries the full URL. This isn't very obvious. I haven't seen the line feed problem, don't know about that. see also thread news:d3f18a$17a$1@news.spamcop.net -- | Ric | From nobody at devnull.spamcop.net Fri Apr 22 04:45:33 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Apr 22 04:51:41 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net - 04/21/05 23:10 PDT References: <426895CE.7070705@spamcop.net> Message-ID: "Skiwi" wrote in message news:426895CE.7070705@spamcop.net... > FYI - "Cannot log into IMAP mailserver as ##@spamcop.net" > 04/21/05 23:10 PDT > > ... you likley know about this already, but 'just in case'.... :-) Nobody else up at this hour perhaps? No similar complaints (yet) over in the Forum and no one else piling in here yet ..??? Only a free-reporter, so can't check myself ... unless you'd want to pass me some data (say in a PM over there?) From Ilgaz at spamcop.net Fri Apr 22 15:05:44 2005 From: Ilgaz at spamcop.net (Ilgaz) Date: Fri Apr 22 07:10:36 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net - 04/21/05 23:10 PDT References: <426895CE.7070705@spamcop.net> Message-ID: On 2005-04-22 09:12:30 +0300, Skiwi said: > FYI - "Cannot log into IMAP mailserver as ##@spamcop.net" > 04/21/05 23:10 PDT > > ... you likley know about this already, but 'just in case'.... :-) Hi, It sure works here or I would know (Eudora Pro), I have secure IMAP connection even which does creates problems for non configured. Backbone problem maybe? cable25-100:~ ilgaz$ ping imap.spamcop.net PING mail.cesmail.net (216.154.195.50): 56 data bytes 64 bytes from 216.154.195.50: icmp_seq=0 ttl=47 time=185.858 ms 64 bytes from 216.154.195.50: icmp_seq=1 ttl=47 time=177.64 ms 64 bytes from 216.154.195.50: icmp_seq=2 ttl=47 time=177.306 ms ^C --- mail.cesmail.net ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 177.306/180.268/185.858 ms Hope you aren'T using comcast, usenet is full about DNS problems which never ends Ilgaz From mjy at geizhals.at Fri Apr 22 14:50:19 2005 From: mjy at geizhals.at (Marinos J. Yannikos) Date: Fri Apr 22 07:55:12 2005 Subject: [SpamCop-List] several ISPs used by the same spammer (in the mail route) Message-ID: Hi, in this case: >>Received: from kylie.netkey.at (unknown [83.64.50.180]) >> by morework.geizhals.at (Postfix) with ESMTP >> for ; Thu, 21 Apr 2005 18:48:04 +0200 (CEST) >>Received: from nitgofer.netkey.at (unknown [213.185.164.132]) >> by kylie.netkey.at (Postfix) with ESMTP id 339326C299 >> for ; Thu, 21 Apr 2005 18:48:04 +0200 (CEST) > > a spammer sent e-mail from his access ISP (COLT) through one of his servers hosted at inode.at and then to us. The reporting web interface found only the administrators related to the COLT IP. I'm not sure if this applies: http://www.spamcop.net/fom-serve/cache/70.html , so I'll ask anyway - would it be possible to extend the parsing so that in case of matching verified domain names in several hops of the trace all used ISPs are notified of the spamming? If this should be done already, what could be the reason for it not happening here? The e-mail contacts for the IP in the second hop was easy to find using "whois -r" and AFAIK in a standard format. Regards, Marinos From MikeE at ster.invalid Fri Apr 22 06:46:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 22 08:45:07 2005 Subject: [SpamCop-List] Re: several ISPs used by the same spammer (in the mail route) References: Message-ID: Marinos J. Yannikos wrote: > in this case: It is better to post a tracker than partial headers. I don't ever assume that the item we are talking about has been analyzed correctly; and if the tracker isn't posted we can't see what SC did with it. > a spammer sent e-mail from his access ISP (COLT) through one of his > servers hosted at inode.at and then to us. The reporting web interface > found only the administrators related to the COLT IP. That's exactly the way it is supposed to work. That is, the parser is designed to name the source and chain thru' the relays and feed the relays to the relay testers. When I report manually, if I think the relay needs to be notified separately, then I do that manually. A paid SC reporter can SC report an additional notified. I can't tell from the partial headers you posted exactly what happened, that is, if it were really true that 213.185.164.132 rDNS 132-164-185-213.customer.coltnet.at were the source and that 83.64.50.180 rDNS ns2.netkey.at were the relay; then the relationship between those two, besides that they are both in .at, isn't quite clear to me. The 213 is colt which is AS8220 whose upstream adjacencies are AS513 & 4637 which are cern & reach -- whereas the 83 is inode netkey, which doesn't seem the same to me, and it is AS8514. If I were doing that manually, I would be notifying inode about the relay. There is a server there, but it isn't listed as open anywhere -- so presumably it is [supposed to be] serving the source 'appropriately'. If it isn't, it needs to be notified and find out what is going on. SC doesn't figure all of that out. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Fri Apr 22 14:59:43 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Fri Apr 22 09:00:05 2005 Subject: [SpamCop-List] Big rise in 'Pharmacy' spam Message-ID: Anyone else seeing this? A lot of them have the subject 'legit rxPharm'. At the moment I think it's about 2 an hour. Here is a tracker to one example: http://www.spamcop.net/sc?id=z755082486z8b3c628405b43be82a08e2efccdbade5z What I don't get is the need to send so many almost indentical spams! If i'm not going to click/buy/view on the first spam then i'm am still not going to on the 10th or 100th. So what's the damn point of sending so many of these turdlets to my inbox? Do spammers think sheer volume is gonna make me give in and buy something? From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 22 08:14:16 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 22 10:20:04 2005 Subject: [SpamCop-List] Re: request for location information In-Reply-To: References: Message-ID: skinnyguy wrote: > Just send it to: > > C3@customs.treas.gov > > You don't need to worry about the source in a foreign country. > > Since you receive it here, that's where you need to report it. > > They work very closely with the European authorities, and also very fast. > They have much faster and better contacts. > > sg If you would have read his posting with an attention spam slightly longer than that of a pigeon, you would have noticed that: John was interested in finding the location of email sources so that he could manually report kiddie porn. Just sending it to the above is not necessarily the best or only way to go about it, just your 'easy' way to be done with it. Also, not everyone is from 'here,' nor from Coon Rapids, Minnesota. There is a website that you can plug in an IP address and it returns a geographical location. It's not always accurate and not always able to find a location. http://www.geobytes.com/IpLocator.htm Using Mike's example, the IP comes back with a 90% certainty of being located in the capital city of Rabat, Morocco. From nobody at spamcop.net Thu Apr 21 22:07:51 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 22 10:40:05 2005 Subject: [SpamCop-List] Re: darjheef.com is gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com References: Message-ID: "rg" wrote in message news:d49iaf$qv1$1@news.spamcop.net... > I get dozens of spams with the below link: > > > > This translates to: > gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com > > Why does spamcop report this as not resolvable? > > FYI, Reporting addresses: > abuse@chinanet.cn.net > abuse@cnc-noc.net > > We have a trouble ticket opened for this problem. Ellen From avoozl at spamcop.net Fri Apr 22 09:54:24 2005 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Fri Apr 22 11:55:41 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: I'm running into the issue as well still.. Chris "SpamCop Admin" wrote in message news:g10e6155r16p1ub352i395fih6557im1r2@4ax.com... > New code we published today caused some "no source IP" parse failures > for users with Mailhosts configured. > > The problem has been fixed and new code published. > > - Don - From wb8tyw at qsl.network Fri Apr 22 13:15:10 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Apr 22 13:20:55 2005 Subject: [SpamCop-List] Re: several ISPs used by the same spammer (in the mail route) References: Message-ID: In article , "Marinos J. Yannikos" writes: > Hi, > > in this case: The MX for your domain is mail.geizhals.at [213.229.14.34], which is claiming to be morework.geizhals.at. It's real publicname by rDNS is home.geizhals.at. This means that we can trust the following lines: > >>Received: from kylie.netkey.at (unknown [83.64.50.180]) > >> by morework.geizhals.at (Postfix) with ESMTP > >> for ; Thu, 21 Apr 2005 18:48:04 +0200 (CEST) The server at 83.64.50.180 is misconfigured by a missing or bad rDNS according to the header lines generated by your server. For real mail, the text next to the I.P. address should never be "unknown". A check of the rDNS shows that it is claiming to be ns2.netkey.at. ns2.netkey.at claims to be 62.218.147.30. This is a serious misconfiguration on the sender's system. A missing rDNS indicates an over 90% chance that the incoming e-mail is spam. A bad rDNS like this indicates an over 80% chance that the incoming e-mail is spam. The name kylie.netkey.at can not be trusted because it was supplied by the sending system and spammers can and do put anything there. Many networks will not accept e-mail from systems misconfigured that way because of the high probability of it being spam. This does cause a bit of real e-mail to be rejected because there are mail server administrators that do not have correctly configured networks. The above means that the parser does not really have a way to know if the next header line is valid or not unless you are an administrator for netkey.at or this is one of your mailhosts. So the assumption would be that the netkey.at server is the source of the spam. If the mail was really relayed externally from netkey.at, then it would have to have gone through it's MX xena.netkey.at [83.64.50.179] However it seems that kylie.netkey.at is also it's own MX. But unless it is one of your mailhosts, spamcop.net does not have the information needed to trust it. And having the DNS records messed up makes it even less likely to be trusted. If this is one of your mailhosts you should talk to your ISP about this configuration problem. > >>Received: from nitgofer.netkey.at (unknown [213.185.164.132]) > >> by kylie.netkey.at (Postfix) with ESMTP id 339326C299 > >> for ; Thu, 21 Apr 2005 18:48:04 +0200 (CEST) If we take an unwarranted leap of faith that the e-mail actually did get relayed through kylie.netkey.at: The server at 213.185.164.132 is misconfigured by a missing or bad rDNS. There is an rDNS of 132-164-185-213.customer.coltnet.at for it, but that name does not resolve, so effectively there is no rDNS. > a spammer sent e-mail from his access ISP (COLT) through one of his > servers hosted at inode.at and then to us. The reporting web interface > found only the administrators related to the COLT IP. I'm not sure if > this applies: http://www.spamcop.net/fom-serve/cache/70.html , I do not see anything in the headers you presented to absolutely prove that. It is just as likely that 83.64.50.180 has some security problem that is allowing spammers to spam through it and put their fake header lines on it. In either case though, it is either a severe security hole in the server at 83.64.50.180, or some authorized user of that server, so the administrator of the domain for 83.64.50.180 is the one that can figure out if it is their equipment or one of their clients that is the problem. So based on what you have posted, who ever has responsibilty for 83.64.50.180 is the person that needs to investigate and fix the problem that is allowing spam to be sent from that I.P. address. If the server at 83.64.50.180 had it's DNS information properly configured, then there might be more reason to trust it. But if they can not get the DNS right, which is really quite a simple configuration issue, how can someone be sure that they got the server security correct? > so I'll > ask anyway - would it be possible to extend the parsing so that in case > of matching verified domain names in several hops of the trace all used > ISPs are notified of the spamming? Domain verification is not what is needed. What is needed is a trust of what wrote the header lines that are being parsed. Spamcop.net can trust that your mailserver/mailhosts put the right header lines on, so it knows the I.P. your mail server or if you are using mailhosts, (recommended) it knows where the spam was injected into your system. > If this should be done already, what > could be the reason for it not happening here? The e-mail contacts for > the IP in the second hop was easy to find using "whois -r" and AFAIK in > a standard format. The problem is that the presence of a header line does not actually mean anything at all. Spammers routinely put in fake headerlines like that just to cause misdirected LARTs to innocent ISPs. Some spammers actually are trying to fool the spamcop.net parser into causing the spamcop.net reporting server to flood an innocent domain with misdirected LARTs. Much of the spam that I have been reporting has fake header lines that are trying to make it look like the spam came from a server managed by Outblaze. Apparently the spammers are not happy with the anti-spam attitude of that domain. -John wb8tyw@qsl.network Personal Opinion Only From bill_beyer at excite.cXoYmZ Fri Apr 22 11:32:41 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Fri Apr 22 13:35:05 2005 Subject: [SpamCop-List] Massive pump & dumps Message-ID: I've been seeing a huge number of pump & dump scam spams today on several email addresses as well as more & more drug spams. All of the stuff I've submitted via email ths morning is over 2 hours old and still not ready to be reported. Anyone else having problems or is SC just trying to cope with the flood? From johnl at spamcop.net Fri Apr 22 18:55:51 2005 From: johnl at spamcop.net (JohnL) Date: Fri Apr 22 14:00:10 2005 Subject: [SpamCop-List] Re: Massive pump & dumps References: Message-ID: "Bill Beyer" wrote in news:d4bcfg$qi8$1@news.spamcop.net: > I've been seeing a huge number of pump & dump scam spams today on > several email addresses as well as more & more drug spams. All of the > stuff I've submitted via email ths morning is over 2 hours old and > still not ready to be reported. Anyone else having problems or is SC > just trying to cope with the flood? > > > Been submitting all morning by email, not a one has come thru as yet. (about 3 plus hours since the first submission, nothing back) From nobody at spamcop.net Fri Apr 22 12:23:45 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Fri Apr 22 14:25:06 2005 Subject: [SpamCop-List] Re: Massive pump & dumps References: Message-ID: On Fri, 22 Apr 2005 18:55:51 +0000, JohnL wrote: > "Bill Beyer" wrote in > news:d4bcfg$qi8$1@news.spamcop.net: > >> I've been seeing a huge number of pump & dump scam spams today on >> several email addresses as well as more & more drug spams. All of the >> stuff I've submitted via email ths morning is over 2 hours old and still >> not ready to be reported. Anyone else having problems or is SC just >> trying to cope with the flood? >> > Been submitting all morning by email, not a one has come thru as yet. > (about 3 plus hours since the first submission, nothing back) Same here, now the site's not coming up at all. - Lazlo From asterix at no_where.net Fri Apr 22 21:35:07 2005 From: asterix at no_where.net (Asterix) Date: Fri Apr 22 14:40:09 2005 Subject: [SpamCop-List] Re: Big rise in 'Pharmacy' spam References: Message-ID: <1gvfsxz.ogsg5x36kccwN%asterix@no_where.net> Tim wrote: > Anyone else seeing this? > > A lot of them have the subject 'legit rxPharm'. > At the moment I think it's about 2 an hour. I think there has been a considerable rise in the number of PC:s hijacked as spam proxies. A number of new backdoor Trojans seem to have surfaced the past week, as well as a couple of virms that drop them. I've been hunting them down all week at work ... -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From eddie at eddie.web Fri Apr 22 16:35:39 2005 From: eddie at eddie.web (eddie) Date: Fri Apr 22 15:40:26 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net - 04/21/05 23:10 PDT References: <426895CE.7070705@spamcop.net> Message-ID: On Fri, 22 Apr 2005 03:45:33 -0500, WazoO scratched out the following: > "Skiwi" wrote in message > news:426895CE.7070705@spamcop.net... >> FYI - "Cannot log into IMAP mailserver as ##@spamcop.net" 04/21/05 23:10 >> PDT >> >> ... you likley know about this already, but 'just in case'.... :-) > > Nobody else up at this hour perhaps? No similar complaints (yet) over in > the Forum and no one else piling in here yet ..??? Only a free-reporter, > so can't check myself ... unless you'd want to pass me some data (say in a > PM over there?) Add one more unable to access the reporting side of SC Service Unavailable The server is temporarily unable to service your request. Please try again later. The email service is fine - just the reporting server seems unavailable -- Once movie theaters gave out steak knives Today they confiscate them From newandrew at rump.dk Fri Apr 22 20:39:32 2005 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Fri Apr 22 15:41:19 2005 Subject: [SpamCop-List] Re: Spamreporting down? Service Unavailable References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, skinnyguy mumbled in news:pan.2005.04.20.00.14.22.935738@devnull.spamcop.net: > On Tue, 19 Apr 2005 10:31:32 -0400, eddie wrote: >> On Tue, 19 Apr 2005 10:24:57 -0400, eddie scratched out the >> following: >>> I receive this notice from the SC reporting server when I first >>> attempted to log in this morning: Service Unavailable >>> The server is temporarily unable to service your request. >>> Please try again later. >> Curiously, it just allowed me access *without* logging in. I >> assume it accepted my previous "failed" logins. Anyway, it was >> a strange thing [Please do not top post] > You are probably either a customer of charter.com, or comcast. > These providers are not Internet providers, but, like AOL, just > give you access to their systems. > ... > Switch providers to a real Internet provider, not some pseudo > pretending service. > With these second tier wannabe's : you pay for _access_ speed, > not throughput. > Look at network maps, do your homework, and suffer... I experienced the same problem and is experiencing it again - and I am also not connected to charter.com or comcast, as I am located on the other side of the planet - in a country called Denmark - and no that is NOT the capital of Sweeden! Why is SpamCop having these problems lately? Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From Joes at acme.inc Fri Apr 22 17:37:36 2005 From: Joes at acme.inc (Joe Schmoe) Date: Fri Apr 22 16:40:11 2005 Subject: [SpamCop-List] Service Unavailable Message-ID: Service Unavailable The server is temporarily unable to service your request. Please try again later. No posting @ http://mail.spamcop.net/news.php as to what's going on. Been this way all day. Anyone have any ideas? From nobody at spamcop.net Fri Apr 22 14:45:43 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Fri Apr 22 16:50:07 2005 Subject: [SpamCop-List] Re: Service Unavailable References: Message-ID: On Fri, 22 Apr 2005 17:37:36 -0400, Joe Schmoe wrote: > Service Unavailable > The server is temporarily unable to service your request. Please try again > later. > > > > No posting @ http://mail.spamcop.net/news.php as to what's going on. Been > this way all day. > > Anyone have any ideas? There's a few posts in http://forum.spamcop.net about it, and a few here. It's been an issue since at least early this morning. Some people are able to report, but I can't get to www.spamcop.net at all, though the forum and mail subdomains come up alright. - Lazlo From m at remove.this.part.rtij.nl Fri Apr 22 23:47:12 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Fri Apr 22 16:50:28 2005 Subject: [SpamCop-List] Re: What's the point...? References: Message-ID: On Wed, 20 Apr 2005 11:23:33 +0900, Patto wrote: > http://www.spamcop.net/sc?id=z754240382zfa0766f135c897028692f27fc4ccb8b6z > http://www.spamcop.net/sc?id=z754240384ze4421244efc0cc4fdeb0b755920ffc18z > > For several weeks now I am getting dozens and dozens of spam messages > titled "Microsoft XP pro 50 USD", "Photoshop 80 USD", or similar; the > contents is always in Dutch, but it never contains any kind of contact > address, URL, or telephone number. > > I just cannot imagine what the spammer's point is here? Is it just for > public harassment's sake? Any suggestion? Email me (mind the spamblock) that spam, I'll have a look at it. M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From gezgin at spamcop.net Sat Apr 23 00:59:22 2005 From: gezgin at spamcop.net (Gezgin) Date: Fri Apr 22 17:05:38 2005 Subject: [SpamCop-List] Re: Service Unavailable References: Message-ID: "Joe Schmoe" wrote > Service Unavailable > The server is temporarily unable to service your request. > Please try again later. > No posting @ http://mail.spamcop.net/news.php as to what's > going on. Been this way all day. It was OK at about 07:00 GMT but I've been away from the computer all day and since returning I've been getting the same result since 20:00 GMT or thereabouts. Somebody prod the non-performing hamster(s) in the butt, please. -- Bob, Hello? Tap tap tap. Is this thing on? Tap tap tap. Kanyak's Doghouse http://www.kanyak.com From nobody at spamcop.net Fri Apr 22 18:12:37 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 22 17:20:12 2005 Subject: [SpamCop-List] System outage Message-ID: The system is down and we have people working on the problem. Unfortunately I do not have an estimated time to repair. If someone would propagate this to the forums I would appreciate it! Ellen SpamCop followups to spamcop From nobody at devnull.spamcop.net Fri Apr 22 17:41:12 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Apr 22 17:45:04 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net - 04/21/05 23:10 PDT References: <426895CE.7070705@spamcop.net> Message-ID: "eddie" wrote in message news:pan.2005.04.22.19.35.38.160000@eddie.web... > On Fri, 22 Apr 2005 03:45:33 -0500, WazoO scratched out the following: > > Add one more unable to access the reporting side of SC > Service Unavailable > The server is temporarily unable to service your request. Please try again > later. > The email service is fine - just the reporting server seems unavailable The e-mail, nntp, and web-forum side of the house runs on JT's machines over in Georgia. The reporting side of the house is basically in California, running on hardware supported by IronPort and Julian from his Washington State chair, but with access nodes all over the world, the BL is also in California with a number of mirrors in other locations. From nobody at devnull.spamcop.net Fri Apr 22 17:43:20 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Apr 22 17:45:26 2005 Subject: [SpamCop-List] Re: Service Unavailable References: Message-ID: "Lazlo Toth" wrote in message news:pan.2005.04.22.20.45.43.439221@spamcop.net... > On Fri, 22 Apr 2005 17:37:36 -0400, Joe Schmoe wrote: > > There's a few posts in http://forum.spamcop.net about it, and a few here. > It's been an issue since at least early this morning. Some people are able > to report, but I can't get to www.spamcop.net at all, though the forum and > mail subdomains come up alright. The e-mail, nntp, and web-forum side of the house runs on JT's machines over in Georgia. The reporting side of the house is basically in California, running on hardware supported by IronPort and Julian from his Washington State chair, but with access nodes all over the world, the BL is also in California with a number of mirrors in other locations. From nobody at spamcop.net Fri Apr 22 20:19:48 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 22 19:26:09 2005 Subject: [SpamCop-List] The system is back up Message-ID: Thanks! Ellen SpamCop From kopfj at worldnet.att.net Fri Apr 22 17:27:46 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Apr 22 19:30:06 2005 Subject: [SpamCop-List] Spamcop providing bad addresses... Message-ID: <42698872.6F6028FF@worldnet.att.net> Several times recently I've received Nigerian Scam and International Lottery Scam messages that I forward to SpamCop. Spamcop returns the Email address "postmaster@costasol.net". I then forward the offending message to the FBI and FTC, and copy postmaster@costasol.net to indicate that they have a problem. The Email to postmaster@costasol.net is bouncing - "not a valid address". I assume that the Email that SpamCop sends is also bouncing. Can't SpamCop detect the rejections and either find an alternative or at least stop using the ones that fail? John Kopf From kopfj at worldnet.att.net Fri Apr 22 17:35:17 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Apr 22 19:40:04 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: <42698A34.C9A6C047@worldnet.att.net> It's NOT a web site... I regularly get offensive Email messages (kiddie-porn is only one type) from what Spamcop says is the same ISP, based on where the Spamcop complaint is sent (e.g., "postmaster@costasol.net"). Since this has been going on daily for weeks now, I want to copy the complaints I sent to the FTC and FBI to the ISP's local law enforcement. Unfortunately, ".net" does not tell me if I have to complain to the Spanish Government, the Dutch Government, or the state or city government somewhere in Germany. John Kopf Mike Easter wrote: > > John O. Kopf wrote: > > When one goes to a site such as: > > http://www.anti-kinderporno.de/start_adressen.htm > > to report child pornography believed to originate in Germany, they > > provide "A list of address, telephone, and E-mail resources for > > reporting child pornography in each of the German provinces." > > > > Since many of these foreign emails come from ISPs whose URL ends in > > ".COM" os some similar domain, is is difficult to determine > > origination. > > > > Could SpamCop add available location-information (eg, country, > > state/provence, city), in addition to the Email address for > > complaining to the ISP? That way one could also inform the local > > government of the offense. > > I'm interpreting a few words in your question "these foreign mails come > from' -- to indicate that you must be interested in the source of the > *mail* rather than the provider for the spamvertised porno site, for > some reason. > > I don't like to use words like 'from' to describe or characterize a > spam. Mail typically has a From: which is bogus, and a source which is > often a proxy, and a spamvertiser which isn't the source or the From, > but sometimes people like to imagine or say that the spam is 'from' the > spamvertiser. I think it is a bad choice of word in this context. > > That being said; if you have a domainname [whether it be for a source > provider or a spamvertised site -- hopefully not for a bogus From] - you > can garner some geographical information from that domainname. A > domainname has a registrar and an associated IP address. The registrar > records a registrant's address and the IP address is associated with a > regional internet registrar which has contact information for the > provider for the website. > > Somewhere along here it is time for you to clarify what you are seeking. > Else the road is getting too many forks to put in an ascii map. > > -- > Mike Easter > kibitzer, not SC admin From crappy.trappy at ntlworld.com Sat Apr 23 01:38:49 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Fri Apr 22 19:40:25 2005 Subject: [SpamCop-List] Big rise in 'pharmacy' spam Message-ID: ** Reposted, incorrect tracker removed ** Anyone else seeing this? A lot of them have the subject 'legit rxPharm'. At the moment I think it's about 2 an hour. What I don't get is the need to send so many almost indentical spams! If i'm not going to click/buy/view on the first spam then i'm am still not going to on the 10th or 100th. So what's the damn point of sending so many of these turdlets to my inbox? Do spammers think sheer volume is gonna make me give in and buy something? From kopfj at worldnet.att.net Fri Apr 22 17:42:11 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Apr 22 19:45:03 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> Message-ID: <42698BD3.25C80CF9@worldnet.att.net> As far as I'm concerned, when the Email-providing ISP fails to block a username that's originating spam after severa weeks, they are in cahoots with the sender, and I want the local law enforcement people to have a word with the ISP about their lax practices. MOST ISPs I complain to immediately send back a message such as "While this mail was not sent from runbox, the new trial account used as a reply address has now been closed, thank you." I want to encourage the others to do the same. John Kopf Mike Easter wrote: > > Mike Easter wrote: > > I'll focus on some different words. > > Better yet, I'll use a specific example and pretend. > > This is a pharm spam, not a porn spam, but we'll talk about it. > > http://www.spamcop.net/sc?id=z754939349zea498cabb6216892dbef38d8f2503772z > > SC offers to notify: > > Report Spam to: > Re: 81.192.194.130 (Administrator of network where email originates) > To: elasri@menara.ma (Notes) > Re: http://www.premiumhealthnow.info/vt/ (Administrator of network > hosting website referenced in spam) > To: abuse@sbcglobal.net (Notes) > > The first is the notify for the source and the second is the notify for > the spamvertiser. Play like it was a porn being spamvertised instead of > a pharm.. > > The source is a [proxified] user IP whose provider's notify address is a > domainname menara.ma in/of Morocco. That doesn't mean some child > porno related crime took place in Morocco. Similarly, the notify > address for the spamvertiser, sbcglobal.net, has its mail handled by > prodigy which is in NY, which doesn't have anything to do with anything; > and/or/but/also sbcglobal registration which happens to be in Plano, > Texas USA - which also doesn't mean anything. > > These notify addresses are providers for something, not perpetrators of > anything. > > -- > Mike Easter > kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 22 18:05:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 22 20:05:02 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> <42698A34.C9A6C047@worldnet.att.net> Message-ID: John O. Kopf wrote: > I regularly get offensive Email messages (kiddie-porn is only one > type) from what Spamcop says is the same ISP, based on where the > Spamcop complaint is sent (e.g., "postmaster@costasol.net"). You will find that it is a lot easier to talk about a specific example rather than trying to describe one. It takes many many more words to talk about anything obscurely than specifically. You haven't posted a tracker and you haven't named the source IP for the example you've given. For example, if you received a spam from an IP in the netblock 213.254.230.0 - 213.254.230.255 - SC would query ripe and determine the IP resides here: inetnum: 213.254.230.0 - 213.254.230.255 netname: COSTASOL-TINET admin/tech info@costasol.net whois -h whois.abuse.net costasol.net No abuse address is registered with abuse.net Then, SC like to send a notify to the [perhaps nonexistent] postmaster address instead of to the info username. Personally, I don't like to email a default pm address, and if the provider hasn't reg'd an abuse address with abuse.net, I notify the admin/tech contact address and when there is a language difference, I also notify the upstream adjacency and tell them that there wasn't a reg'd abuse address. In this example case, since you chose to name a notify address rather than an actual source IP, I'm not able to tell you if the source IP is listed in a spam database. It might be. The IPs in that family belong to Tiscali.which /does/ have a reg'd abuse.net addy abuse@tiscali.com -- so my notify would be going to info@costasol.net and abuse@tiscali.com - not the 'default' or imaginary postmaster address. SC generally keeps track of whether or not a notify address is bouncing too much -- but if your own experience is that it bounces, I would derive myself some additonal notifies. costasol isn't listed in rfc-ignorant -- and/but an additional 'theoretical' notify address is abuse@costasol.net I have no problem with your notifying the ftc and the fbi about anything that they've specifically requested being notified about, but I'm not familiar with the conditions under which you should be notifying the local law enforcement for an ISP email provider's geographic area. Where did you see that the local law enforcement was requesting to be notified about any kind of spam? The information in ripe provides contact information for the tech/admin for the netblock described above which is in Malaga, Spain. The registration for the domainname is a different person in Malaga. Is your idea that you would notify some Malaga Spain local law enforcement? > Since this has been going on daily for weeks now, I want to copy the > complaints I sent to the FTC and FBI to the ISP's local law > enforcement. See, I'm not getting into that local law enforcement business. > Unfortunately, ".net" does not tell me if I have to complain to the > Spanish Government, the Dutch Government, or the state or city > government somewhere in Germany. To repeat, is your idea that you would notify some Malaga, Spain local law enforcement? You could also telephone or fax Manuel Franco Arrabal who is the admin tech for the costasol netblock, but that doesn't mean that he is the appropriate abuse desk person. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Fri Apr 22 18:24:00 2005 From: tdy at blackhole.invalid (N. Miller) Date: Fri Apr 22 20:25:44 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: In article , skinnyguy says... > Oh my, 'ProductTestPanel' and everything associated with it: Somebody pointed me there, so I cobbled up a Yahoo! throwaway email address (using AddressGuard), and tried them out. I never got the promised verification email, but I started getting announcements with the hour. I tried to unsubscribe from a few, to no avail. I tried to contact them, to no avail. After the time passed in the message I sent them, I just deleted the address. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Fri Apr 22 18:26:31 2005 From: tdy at blackhole.invalid (N. Miller) Date: Fri Apr 22 20:30:05 2005 Subject: [SpamCop-List] Re: SBCGlobal.net References: Message-ID: In article , Cat says... > N. Miller wrote: > > In article , skinnyguy > > says... > >>Yes, I did lots of time: SBC is just another name plate over the old > >>Ameritech. > > I suppose you could call it that. More like Ameritech was "Borged", though; > > along with flash.net, nvbell.net, pacbell.net (anybody remember > > "PinkBell"?), prodigy.net, snet.net, swbell.net, and wans.net. SBC is all > > there is left of those entities. > Yeah, I noticed that when I was searching around for some info on this one. AFAIK, the domains that I listed are "legacy" domains; no longer issued to new SBC customers, but maintained for the old customers. All new SBC customers get the sbcglobal.net domain. These would be residential customers, both DSL and Dial Up. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Fri Apr 22 18:35:01 2005 From: tdy at blackhole.invalid (N. Miller) Date: Fri Apr 22 20:35:05 2005 Subject: [SpamCop-List] Re: Big rise in 'Pharmacy' spam References: Message-ID: In article , Tim says... > What I don't get is the need to send so many almost indentical spams! > If i'm not going to click/buy/view on the first spam then i'm am still > not going to on the 10th or 100th. Spammers operate under the assumption that 80% of their messages are lost in filters, so they send ten message for every one they expect to get through. If you are wondering about the logic if that, don't. I just made a WAG. In any case, refer to the rules of spam. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From ob1db at spamcop.net Fri Apr 22 21:55:35 2005 From: ob1db at spamcop.net (David Butler) Date: Fri Apr 22 21:00:07 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: "SpamCop Admin" wrote in message news:g10e6155r16p1ub352i395fih6557im1r2@4ax.com... > New code we published today caused some "no source IP" parse failures > for users with Mailhosts configured. > > The problem has been fixed and new code published. > I don't even use mailhosts and half my submissions failed. WHAT HAVE YOU DONE !??? From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 22 19:00:51 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 22 21:05:07 2005 Subject: [SpamCop-List] Re: request for location information... In-Reply-To: <42698A34.C9A6C047@worldnet.att.net> References: <4265A8F1.87845AB6@worldnet.att.net> <42698A34.C9A6C047@worldnet.att.net> Message-ID: John O. Kopf wrote: > It's NOT a web site... > > I regularly get offensive Email messages (kiddie-porn is only one type) > from what Spamcop says is the same ISP, based on where the Spamcop > complaint is sent (e.g., "postmaster@costasol.net"). > > Since this has been going on daily for weeks now, I want to copy the > complaints I sent to the FTC and FBI to the ISP's local law enforcement. > > Unfortunately, ".net" does not tell me if I have to complain to the > Spanish Government, the Dutch Government, or the state or city > government somewhere in Germany. > I use http://www.geobytes.com/IpLocator.htm From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 22 19:12:18 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 22 21:15:06 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Cat wrote: > (Top posting fixed) > > skinnyguy wrote: > >> On Tue, 19 Apr 2005 22:19:38 -0500, Cat wrote: >> >> >>> Is anyone else having trouble with SBC Global ignoring spam complaints? > > > > > > Yes, I did lots of time: SBC is just another name plate over the old > > Ameritech. > > I have a few like that where I had to resort to hounding them on the > phone each time I got another one. They would finally do something when > they figured out that I wasn't going to leave them alone as long as I > was still getting spew from their customers. WCG and Rackspace where a > couple that I had major problems with in the past. Cat, It seems that you have a problem mixing up where and were. If you are going to correct others all the time, please maintain that level of proper English usage that you expect of others. I put off doing this for a long time. I just couldn't stop myself any longer. ;) From nobody at devnull.spamcop.net Fri Apr 22 21:52:12 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Apr 22 22:00:14 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: "Chris F. Willoughby" wrote in message news:d4b6n9$nfg$1@news.spamcop.net... > I'm running into the issue as well still.. > In response to users posting over in the web-Forum that provided Tracking URLs, notification of continuing issues has been sent upstream. From nobody at spamcop.net Fri Apr 22 22:53:05 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 22 22:00:34 2005 Subject: [SpamCop-List] Re: Spamcop providing bad addresses... References: <42698872.6F6028FF@worldnet.att.net> Message-ID: "John O. Kopf" wrote in message news:42698872.6F6028FF@worldnet.att.net... > Several times recently I've received Nigerian Scam and International > Lottery Scam messages that I forward to SpamCop. > > Spamcop returns the Email address "postmaster@costasol.net". > > I then forward the offending message to the FBI and FTC, and copy > postmaster@costasol.net to indicate that they have a problem. > > The Email to postmaster@costasol.net is bouncing - "not a valid > address". > The /16 is allocated to auna.es and they refuse reports. I have no better address to send them to. Bah just did a check directly at RIPE and now I see 213.254.102.0/18 tiscali. I suppose I can try that. Ellen From nobody at devnull.spamcop.net Fri Apr 22 23:13:25 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Apr 22 23:15:05 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Cat wrote: >> WCG and Rackspace >> where a couple that I had major problems with in the past. > > > Cat, > > It seems that you have a problem mixing up where and were. If you are > going to correct others all the time, please maintain that level of > proper English usage that you expect of others. > > I put off doing this for a long time. I just couldn't stop myself any > longer. ;) D'oh! Thanks! Actually, I appreciate when people catch mistakes like that if I don't catch it and correct myself first because it just really looks bad to have that kind of mistake in my writing. It was a typo. I can usually tell the difference between someone making a typo or not knowing (or caring about) basic grammar rules. Yeah, it would have looked better if I had caught that because the misspelling changed the meaning of the sentence. I'm surprised I didn't catch that to fix before now. From nobody at devnull.spamcop.net Fri Apr 22 23:18:37 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Apr 22 23:20:07 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: N. Miller wrote: > In article , skinnyguy > says... > > >>Oh my, 'ProductTestPanel' and everything associated with it: > > > Somebody pointed me there, so I cobbled up a Yahoo! throwaway email address > (using AddressGuard), and tried them out. I never got the promised > verification email, but I started getting announcements with the hour. I > tried to unsubscribe from a few, to no avail. I tried to contact them, to no > avail. After the time passed in the message I sent them, I just deleted the > address. Figures they would do something like that. I haven't had much of a chance to report spam the past couple of days, but I'm thinking the next round of complaints about this one will be copied to addresses of SBC's top officers. They didn't have a listed investor relations address anywhere, but I've noticed that sending to investor relations addresses or media contacts at spam friendly ISPs usually gets something done I guess because they don't want any bad press or lost investors over their refusal to do anything about spam. From bar_n0ne at hotmail.com Sat Apr 23 08:50:53 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Apr 22 23:55:03 2005 Subject: [SpamCop-List] spmeone please kick the Recieving Mailservers Message-ID: spam submitted by mail arriving to the SC engines anywhere from minutes to many hours later, probably depends on which MX receives the mail, Problem ongoing since last monday and getting worse. Now it's impossible to submit a fresh one by mail. From nobody at devnull.spamcop.net Sat Apr 23 01:51:42 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Apr 23 01:55:14 2005 Subject: [SpamCop-List] Re: spmeone please kick the Recieving Mailservers References: Message-ID: ."Berny" wrote in message news:d4cgmt$efb$1@news.spamcop.net... > spam submitted by mail arriving to the SC engines anywhere from minutes to > many hours later, probably depends on which MX receives the mail, Problem > ongoing since last monday and getting worse. Now it's impossible to submit a > fresh one by mail. Don't recall seeing anything in spamcop.mail newsgroup, there is a bit of conversation in a web-Forum section at < http://forum.spamcop.net/forums/index.php?showtopic=3948> But the current issue is playing catch-up after the outage, see http://www.spamcop.net/spamgraph.shtml?spamstats From skiwi at spamcop.net Sat Apr 23 00:01:12 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 23 02:05:06 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net -04/21/05 23:10 PDT In-Reply-To: References: <426895CE.7070705@spamcop.net> Message-ID: WazoO wrote: > "Skiwi" wrote in message > news:426895CE.7070705@spamcop.net... > >>FYI - "Cannot log into IMAP mailserver as ##@spamcop.net" >>04/21/05 23:10 PDT >> >>... you likley know about this already, but 'just in case'.... :-) > > > Nobody else up at this hour perhaps? No similar complaints > (yet) over in the Forum and no one else piling in here yet ..??? > Only a free-reporter, so can't check myself ... unless you'd > want to pass me some data (say in a PM over there?) Thanks, seems to be OK now - some other intermittent problems (Report Now gives No Data - sometimes!), but I have lots of patientence! :-) From skiwi at spamcop.net Sat Apr 23 00:03:25 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 23 02:05:32 2005 Subject: [SpamCop-List] Re: FYI - Cannot log into IMAP mailserver as ##@spamcop.net -04/21/05 23:10 PDT In-Reply-To: References: <426895CE.7070705@spamcop.net> Message-ID: Ilgaz wrote: [snip] > Hope you aren'T using comcast, usenet is full about DNS problems which > never ends If I was using Comcast, I would have changed - I like my email to go through rather than being caught on BLs due to other zombied users at my ISP! :-) From bar_n0ne at hotmail.com Sat Apr 23 11:03:42 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 23 02:05:42 2005 Subject: [SpamCop-List] Re: spmeone please kick the Recieving Mailservers References: Message-ID: "WazoO" wrote in message news:d4cnpe$h92$1@news.spamcop.net... > ."Berny" wrote in message > news:d4cgmt$efb$1@news.spamcop.net... > > spam submitted by mail arriving to the SC engines anywhere from minutes to > > many hours later, probably depends on which MX receives the mail, Problem > > ongoing since last monday and getting worse. Now it's impossible to submit > a > > fresh one by mail. > > Don't recall seeing anything in spamcop.mail newsgroup, there is > a bit of conversation in a web-Forum section at > < http://forum.spamcop.net/forums/index.php?showtopic=3948> > > But the current issue is playing catch-up after the outage, > see http://www.spamcop.net/spamgraph.shtml?spamstats There were afew a few days ago and some in forum, I can't remember my forum login and can't be bothered to make another one so I post here. Forum is OK for reading, but no fun for posting. Besides, It calls me a newby :). In the past when this has happened, a poky mail stash was always the problem, once the sick mailserver(s) was restarted things returned to normal. From nobody at spamcop.net Sat Apr 23 01:19:46 2005 From: nobody at spamcop.net (RW) Date: Sat Apr 23 02:20:03 2005 Subject: [SpamCop-List] Re: spam data not found error In-Reply-To: References: Message-ID: Technomage Hawke wrote: > I submitted fresh spams today and all I have been seeing when I click the > links is "spam data not found". > > can someone please look into this? > > TMH > This is all related to the service outage earlier today. A new server just put into service didn't like its surroundings and crashed. Right now it's still unclear as to whether the old server was thrown back in the rack or another new one was put in. What is known is that about 30 hours of data have been lost and recovering it is still questionable. That isn't exactly a priority right now though. The priority is ensuring servers and software in place can keep up with the constant load. Richard From nobody at devnull.spamcop.net Sat Apr 23 03:50:10 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Apr 23 03:55:35 2005 Subject: [SpamCop-List] Re: spmeone please kick the Recieving Mailservers References: Message-ID: "Berny" wrote in message news:d4cofv$hkr$1@news.spamcop.net... > > There were afew a few days ago and some in forum, I can't remember my forum > login and can't be bothered to make another one so I post here. Forum is OK > for reading, but no fun for posting. Besides, It calls me a newby :). PM sent which should result in an e-mail arriving. Guess the question is whether you remember the password for that account Not sure about the posting problem, other then suggesting an entry in the "How to Use..." section at http://forum.spamcop.net/forums/index.php?showtopic=3522 that talks about some button confusion. The "newbie" title could be solved by helping out a few of the real newbies! From bar_n0ne at hotmail.com Sat Apr 23 13:11:00 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 23 04:15:04 2005 Subject: [SpamCop-List] Re: spmeone please kick the Recieving Mailservers References: Message-ID: "WazoO" wrote in message news:d4cunj$kre$1@news.spamcop.net... > "Berny" wrote in message > news:d4cofv$hkr$1@news.spamcop.net... > > > > There were afew a few days ago and some in forum, I can't remember my > forum > > login and can't be bothered to make another one so I post here. Forum is > OK > > for reading, but no fun for posting. Besides, It calls me a newby :). > > PM sent which should result in an e-mail arriving. Guess the > question is whether you remember the password for that > account Not sure about the posting problem, other > then suggesting an entry in the "How to Use..." section at > http://forum.spamcop.net/forums/index.php?showtopic=3522 > that talks about some button confusion. The "newbie" title > could be solved by helping out a few of the real newbies! Actually I'm quite happy in the NG :) From DougThegarden at hotmail.com Sat Apr 23 10:35:52 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sat Apr 23 04:40:03 2005 Subject: [SpamCop-List] Re: request for location information... In-Reply-To: <42698A34.C9A6C047@worldnet.att.net> References: <4265A8F1.87845AB6@worldnet.att.net> <42698A34.C9A6C047@worldnet.att.net> Message-ID: John O. Kopf wrote: > It's NOT a web site... > > I regularly get offensive Email messages (kiddie-porn is only one type) > from what Spamcop says is the same ISP, based on where the Spamcop > complaint is sent (e.g., "postmaster@costasol.net"). > > Since this has been going on daily for weeks now, I want to copy the > complaints I sent to the FTC and FBI to the ISP's local law enforcement. > If its kiddie porn forward it to report@iwf.org.uk (http://www.iwf.org.uk/) Doug From spence at jaspenhof.com Sat Apr 23 12:25:27 2005 From: spence at jaspenhof.com (Russ Spencer) Date: Sat Apr 23 12:30:38 2005 Subject: [SpamCop-List] Need help Message-ID: A friend tried to send me an email and got the following "failure report." Can anyone tell me what it means and how to make it go away. I'm trying to run a business that doesn't necessitate me using spam ... ever. Thanks all. Subject: Returned mail: Service unavailable From: Mail Delivery Subsystem Date: Sat, 23 Apr 2005 01:24:56 -0400 (EDT) To: AltOstland@aol.com The original message was received at Sat, 23 Apr 2005 01:24:53 -0400 (EDT) from root@localhost *** ATTENTION *** Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----". The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----". The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers. Please direct further questions regarding this message to the e-mail administrator or Postmaster at that destination. --AOL Postmaster ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to extrpfx1.extrasecurity.com.: >>>>>> RCPT To: <<< 554 Service unavailable; Client host [205.188.139.137] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?205.188.139.137 554 ... Service unavailable Final-Recipient: RFC822; spence@jaspenhof.com Action: failed Status: 5.5.0 Remote-MTA: DNS; extrpfx1.extrasecurity.com Diagnostic-Code: SMTP; 554 Service unavailable; Client host [205.188.139.137] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?205.188.139.137 Last-Attempt-Date: Sat, 23 Apr 2005 01:24:56 -0400 (EDT) Received: from AltOstland@aol.com by imo-d23.mx.aol.com (mail_out_v38.7.) id u.46.680c2798 (4206) for ; Sat, 23 Apr 2005 01:24:53 -0400 (EDT) Return-path: From: AltOstland@aol.com Message-ID: <46.680c2798.2f9b3625@aol.com> Date: Sat, 23 Apr 2005 01:24:53 EDT Subject: Re: treva2 To: spence@jaspenhof.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="-----------------------------1114233893" X-Mailer: 9.0 SE for Windows sub 5012 No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.2 - Release Date: 4/21/2005 From ob1db at spamcop.net Sat Apr 23 13:49:50 2005 From: ob1db at spamcop.net (David Butler) Date: Sat Apr 23 12:55:40 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: "WazoO" wrote in message news:d4c9v5$b2v$1@news.spamcop.net... > "Chris F. Willoughby" wrote in message > news:d4b6n9$nfg$1@news.spamcop.net... > > I'm running into the issue as well still.. > > > In response to users posting over in the web-Forum that > provided Tracking URLs, notification of continuing issues > has been sent upstream. I am not even getting trackers! Just utter parse failure and so spam found errors. Seems to have stopped now. From nobody at nowhere.invalid Sat Apr 23 19:54:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Apr 23 12:56:01 2005 Subject: [SpamCop-List] Re: Need help References: Message-ID: On Sat, 23 Apr 2005 11:25:27 -0500, Russ Spencer coughed into spamcop and left this in : > A friend tried to send me an email and got the following "failure > report." Can anyone tell me what it means and how to make it go away. Here's your source of information, right there in the DSN that people obviously ignore all the time. Don't ignore it in future: ><<< 554 Service unavailable; Client host [205.188.139.137] blocked > using bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?205.188.139.137 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- Steve "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." -- President George W. Bush addressing the Pentagon, 05-AUG-2004 From usenet2 at DE.LETE.THISljvideo.com Sat Apr 23 17:56:30 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 23 13:00:05 2005 Subject: [SpamCop-List] Re: Big rise in 'pharmacy' spam References: Message-ID: Waiving the right to remain silent, Tim said: > Do spammers think sheer volume is gonna make me give in and buy > something? Isn't it Rule #2 - Spammers are stupid. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Sat Apr 23 11:32:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 13:35:05 2005 Subject: [SpamCop-List] Re: Need help References: Message-ID: Russ Spencer wrote: > A friend tried to send me an email and got the following "failure > report." altostland tried to email spence [you] from an aol account. spence's mail uses extrpfx1.extrasecurity.com for handling its mail and extrasecurity uses the spamcop blocklist to help defend itself against spam. aol's output server 205.188.139.137 rDNS imo-d23.mx.aol.com has managed to get itself on the SpamCop blocklist SCbl because mail coming from it has been hitting spamtraps and has been being reported by spamcop reporters. The SCbl makes every effort to keep provider servers from getting themselves blocklisted, but when they send abusive mails of various types described on the page currently accessible here http://www.spamcop.net/bl.shtml?205.188.139.137 which talks about misdirected auto replies: Vacation messages, auto-responses, challenge-response spam filters and virus-notification messages -- and some other causes of servers getting listed. When altostland's mail reached spence's mailhandler extrasecurity and that mailhandler saw the blocklisted IP, it rejected the mail. Rejection of mail from blocklisted IPs is a very healthy process. When altostland's aol server found that its mail to spence was blocked, it informed altostland of that. By that process, altostland and spence and aol can all find out what is going on and doing something about it. aol's output mail server should not be performing in any kind of abusive way and getting itself listed on the SCbl. Also, altostland would be able to resend his mail to spence and spence would get it, because not very many or perhaps no other aol output servers are currently SCbl listed. It is spence's mailserver which is doing the blocking of altostland's mail -- not because altostland is a spammer, but because altostland was using a server for that particular mail which had been acting abusively. > Can anyone tell me what it means and how to make it go away. > I'm trying to run a business that doesn't necessitate me using spam > ... ever. Thanks all. There's no implication of you being a spammer; the 'implication' would be of altostland being a spammer, but this particular issue isn't about that either, but instead it is about a problem that some servers can have about getting blocklisted. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Sat Apr 23 11:36:54 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sat Apr 23 13:40:06 2005 Subject: [SpamCop-List] Re: Need help References: Message-ID: In article , Russ Spencer says... > A friend tried to send me an email and got the following "failure > report." Can anyone tell me what it means and how to make it go away. Your friend is sending from an IP address, "[205.188.139.137]", which is in the SpamCop blocking list (SCBL). Your MX server appears to reject email in the SCBL. You could stop using, or urge your mail administrator to stop using the SCBL; I suppose. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Sat Apr 23 11:39:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 13:40:31 2005 Subject: [SpamCop-List] Re: Need help References: Message-ID: I think I'll clean that language up a little bit. Mike Easter wrote: > When altostland's mail reached spence's mailhandler extrasecurity and > that mailhandler saw the blocklisted IP, it rejected the mail. > Rejection of mail from blocklisted IPs is a very healthy process. That statement isn't accurate. When altostland's aol server tried to hand a mail to spence's mailhandler and the mailhandler saw the blocklisted IP, it rejected the transaction and refused to take the mail. Rejection of a transaction from blocklisted IPs is a very healthy process. > When altostland's aol server found that its mail to spence was > blocked, it informed altostland of that. When altostland's aol server found that the transmission of its mail to spence's mail handler was rejected, it informed alttostland of that failure. > By that process, altostland > and spence and aol can all find out what is going on and doing > something about it. -- Mike Easter kibitzer, not SC admin From noone at nowhere.net Sat Apr 23 15:56:47 2005 From: noone at nowhere.net (anna cypher) Date: Sat Apr 23 14:55:34 2005 Subject: [SpamCop-List] why can't I report this? Message-ID: http://www.spamcop.net/sc?id=z755627723z2fcb16c1600056e11193e08be752e86dz Anna From MikeE at ster.invalid Sat Apr 23 13:26:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 15:25:04 2005 Subject: [SpamCop-List] Re: why can't I report this? [Deputy please check] References: Message-ID: anna cypher wrote: www.spamcop.net/sc?id=z755627723z2fcb16c1600056e11193e08be752e86dz Your provider handles its Received traceline is a very whacky and noncompliant manner. That tracker shows me a parse in which SC found the source and two spamvertisers, one of which is a mistake, firstTime.htm isn't a link. The source provider abuse@theplanet.com doesn't want to hear about the source 67.19.103.226 rDNS b2net18.b2netsolutions.com which happens to be calling itself mail1.ilite.com mail1.ilite.com and/or ilite.com are in NetRange: 208.192.0.0 - 208.255.255.255 NetName: UUNET1996B 67.19.103.226 b2net18.b2netsolutions.com is in NetRange: 67.18.0.0 - 67.19.255.255 CIDR: 67.18.0.0/15 NetName: NETBLK-THEPLANET-BLK-11 When a source provider tells SC it doesn't want to hear about a source, SC translates that into the language "ISP has indicated spam will cease; ISP resolved this issue sometime after Saturday, April 23, 2005 12:43:06 AM -0700" based on the mechanism by which the provider communicates that it doesn't want to hear any more reports about that. The spamvertiser's provider notify was determined to be abuse@cogentco.com for http://wws.bet-royal.net For some reason the tracker isn't telling me what it did with the item when it parsed it; it doesn't say it reported anything or anything got cancelled. If I resubmit the original item I get this tracker www.spamcop.net/sc?id=z755640018zf16f775c6ee7c120ec0d0321c524b622z which shows the same thing. It doesn't offer to report anything. If I experimentally forge the IP one click so that I get a different effect from the provider situation, I get this tracker www.spamcop.net/sc?id=z755640973z3af18b7789d9945411123f36250bb0bdz which offers to report, and the provider hadn't declined notifies for that IP Report Spam to: Re: 67.19.103.225 (Administrator of network where email originates) To: abuse@theplanet.com (Notes) Re: 67.19.103.225 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://wws.bet-royal.net/unsub.pl?email=MTI4Nix... (Administrator of network hosting website referenced in spam) To: abuse@cogentco.com (Notes) which I cancelled, of course. So, I would say that SC has devised itself a mode in which if a source isn't going to be reported because the provider has said it doesn't want to hear about it, and the parser is running behind, then it 'aborts' the notify. That is a bad mode -- because it should be counting the source whether the provider said they didn't want to be hearing about it or not. I would say that your tracker demonstrates a mistaken configuration which needs repair. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 23 13:45:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 15:45:02 2005 Subject: [SpamCop-List] Re: why can't I report this? References: Message-ID: Mike Easter wrote: > anna cypher wrote: > www.spamcop.net/sc?id=z755627723z2fcb16c1600056e11193e08be752e86dz > > Your provider handles its Received traceline is a very whacky and > noncompliant manner. As a separate issue from the parser problem Abbreviated Received lines *comment from mail1.ilite.com ([172.18.12.133]) by vms049.mailsrvcs.net from mail1.ilite.com (67.19.103.226) by sv5pub.verizon.net *'sourceline' from (localhost.localdomain [127.0.0.1]) by mail1.ilite.com What is going on there is that the apparent source from which the verizon received the item is stamping its line with the 'bogus' helo and the IP of the source in the 2nd line. That is appropriate, but it would be nice if it did an rDNS. What is whacky is that the topline which is showing the non-routing IP from the verizon server to it is stamping the bogus helo up there. Additional information is that there /is/ a server at 67.19.103.226 calling itself mail1.ilite.com driving Postfix which doesn't appear to relay promiscuously with casual testing. The problem of the naming of mail1.ilite is a different problem than the problem of the behavior of the server calling itself vms049.mailsrvcs.net which doesn't resolve and which apparently belongs to verizon. You are verizon, so presumably the topline is a verizon mailbox server. The mailbox server can call itself what it likes if it isn't sending anything out, but that preceding helo doesn't belong in its 'from' field. So, the server which calls itself mail1 didn't say who it got the item from and it sent it to verizon which stamped one line satisfactorily but not as well as it could have, and then passed it on to the mailbox server which stamped another line whackily. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 23 14:12:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 16:15:03 2005 Subject: [SpamCop-List] Re: why can't I report this? References: Message-ID: Mike Easter wrote: > Additional information is that there /is/ a server at 67.19.103.226 > calling itself mail1.ilite.com driving Postfix which doesn't appear to > relay promiscuously with casual testing. But it has definitely gone whacky itself and is SCbl listed and spewing spam Report on IP address: 67.19.103.226 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.2 5630% Last 30d 3.2 468% Average 2.5 That volume change is huge, over 50x its normal mail output. -- Mike Easter kibitzer, not SC admin From OokUseNet at emberts.UpYoursSpammer.com Sat Apr 23 14:47:47 2005 From: OokUseNet at emberts.UpYoursSpammer.com (Ook) Date: Sat Apr 23 17:00:03 2005 Subject: [SpamCop-List] Re: The spam flood continues, my domain is useless References: Message-ID: "Dwayne Conyers" wrote in message news:d44mbh$8o2$1@news.spamcop.net... > "Ook" wrote in message > news:d44jhg$7dp$1@news.spamcop.net... >> Several months later I continue to receive thousands of spams every day >> to one of my domains. I've long since moved all email to a different >> domain as I can no longer use this domain for email. Is there any hope, >> or should I just write off this domain as a win for the spammers? I don't >> know what to do to stop the flood of spam, and I haven't found a spam >> tool that can filter out one legit email from 5,000 spams. >> > > The same happened with me. Right now, I'm using a client side tool, Spam > Pal, to sort the wheat from the chaff while my ISP tries to get the > server-side tools up and running again. > How well does it work? I might get 2 legitimate emails mixed in with about 8000 spams every day. To add to the irritation, someone lifted my email from godaddy.com, and now I'm being flooded with hundreds of porn spams a day. Serves me right for not hiding it.... From avoozl at spamcop.net Sat Apr 23 15:00:20 2005 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Sat Apr 23 17:05:03 2005 Subject: [SpamCop-List] Re: why can't I report this? References: Message-ID: Hey Mike.. Check out 66.60.130.146 in the BL.. You'll see some funky parses there as well. Chris "Mike Easter" wrote in message news:d4ea42$94b$1@news.spamcop.net... > But it has definitely gone whacky itself and is SCbl listed and spewing > spam > > -- > Mike Easter > kibitzer, not SC admin > From nobody at nowhere.invalid Sun Apr 24 00:09:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Apr 23 17:10:04 2005 Subject: [SpamCop-List] Re: why can't I report this? References: Message-ID: On Sat, 23 Apr 2005 13:12:34 -0700, Mike Easter coughed into spamcop and left this in : > But it has definitely gone whacky itself and is SCbl listed and spewing > spam Of course it is. It's on theplanet.com... -- Steve Just remember, if the world didn't suck, we'd all fall off. From nttp.sc.s at bigsleep.org Sat Apr 23 22:33:12 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 23 17:35:04 2005 Subject: [SpamCop-List] Re: Need help References: Message-ID: On 23 Apr 2005 N. Miller entered spamcop and left news:MPG.1cd427904b03d4529897dc@news.spamcop.net: > Your MX server appears to reject email in > the SCBL. You could stop using, or urge your mail administrator to stop > using the SCBL; I suppose. Or use it more responsibly, delay checks or just tag messages. -- | Ric | From kopfj at worldnet.att.net Sat Apr 23 17:36:42 2005 From: kopfj at worldnet.att.net (John O. Kopf) Date: Sat Apr 23 19:40:07 2005 Subject: [SpamCop-List] Re: request for location information References: Message-ID: <426ADC0A.F6286344@worldnet.att.net> all attempts to access "http://www.geobytes.com/IpLocator.htm" returns "www.geobytes.com could not be found. Please check the name and try again." John Kopf "Brian (SnSR)" wrote: > > skinnyguy wrote: > > Just send it to: > > > > C3@customs.treas.gov > > > > You don't need to worry about the source in a foreign country. > > > > Since you receive it here, that's where you need to report it. > > > > They work very closely with the European authorities, and also very fast. > > They have much faster and better contacts. > > > > sg > > If you would have read his posting with an attention spam slightly > longer than that of a pigeon, > > you would have noticed that: > > John was interested in finding the location of email sources so that he > could manually report kiddie porn. Just sending it to the above is not > necessarily the best or only way to go about it, just your 'easy' way to > be done with it. > > Also, not everyone is from 'here,' nor from Coon Rapids, Minnesota. > > There is a website that you can plug in an IP address and it returns a > geographical location. It's not always accurate and not always able to > find a location. > > http://www.geobytes.com/IpLocator.htm > > Using Mike's example, the IP comes back with a 90% certainty of being > located in the capital city of Rabat, Morocco. From 79ytka802 at sneakemail.com Sun Apr 24 01:37:14 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sat Apr 23 19:40:39 2005 Subject: [SpamCop-List] Re: request for location information... In-Reply-To: <42698BD3.25C80CF9@worldnet.att.net> References: <4265A8F1.87845AB6@worldnet.att.net> <42698BD3.25C80CF9@worldnet.att.net> Message-ID: John O. Kopf wrote: > As far as I'm concerned, when the Email-providing ISP fails to block a > username that's originating spam after severa weeks, they are in cahoots > with the sender, and I want the local law enforcement people to have a > word with the ISP about their lax practices. When you say "the username that is originating the spam", what username are you actually talking about? Do you mean the email address that is in the "from" line of the spam? If so then you are barking up the wrong tree. In 99 per cent of cases the address that appears in the "from" line of a spam has nothing whatsoever to do with who actually sent the spam. Spammers always forge their "from" lines, either by using completely fictitious addresses or by picking random addresses from their spamming databases. In all likelihood someone somewhere in the world is sending spam with my address and your address in the "from" line right at this very moment. That's what spammers do. Sometimes spammers will put an email address in the body of their email message because they actually want people to contact them (this is usually the case with advance fee and lottery fraud spam). Very occasionally (that's the 1%!) a newbie fraudster may even put a real address in the "from" line - you can usually tell it's a real address because the email will say something like "please reply to me at this address". If the spammer has given you an address at which they want to be contacted then it is indeed a good idea to write to the abuse address of whoever hosts that particular email address. However, in all other cases the "from" address is going to be a forgery and you would be wasting your time writing to the postmaster/abuse address for the forged "from" address. From MikeE at ster.invalid Sat Apr 23 17:51:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 19:50:04 2005 Subject: [SpamCop-List] Re: request for location information References: <426ADC0A.F6286344@worldnet.att.net> Message-ID: John O. Kopf wrote: > all attempts to access "http://www.geobytes.com/IpLocator.htm" returns > "www.geobytes.com could not be found. Please check the name and try > again." Works OK for me, resolves to Canonical name: www.geobytes.com Addresses: 150.101.176.182 150.101.179.154 -- Mike Easter kibitzer, not SC admin From 9ucs5y001 at sneakemail.com Sat Apr 23 17:50:06 2005 From: 9ucs5y001 at sneakemail.com (DS) Date: Sat Apr 23 19:55:05 2005 Subject: [SpamCop-List] SpamCOP fails to find web sites that exist Message-ID: This is probably a FAQ, but I have been noticing a lot of them happening lately, all for WorldMeds spam. The latest instance is: http://www.spamcop.net/sc?id=z755733028zfa54e28dc9eb0a0342aa08c99a1cbcabz and the web site in question that SpamCOP cannot find is: http://www.internationalrxonline.com. It is still up at this time (16:45 PDT) and the SpamCop parse has this to say about it: Tracking link: http://www.internationalrxonline.com [report history] Cannot resolve http://www.internationalrxonline.com I expect that it is one of the following reasons: 1. The host simply doesn't care, so SC doesn't care either. 2. The spammer somehow subverts the DNS and refuses to give the name to SpamCOP's parser machine(s). Thanks, DS From 9ucs5y001 at sneakemail.com Sat Apr 23 17:53:15 2005 From: 9ucs5y001 at sneakemail.com (DS) Date: Sat Apr 23 19:55:21 2005 Subject: [SpamCop-List] Re: SpamCOP fails to find web sites that exist References: Message-ID: See also the "{Bizzare?} SC returning "Cannot Resolve" on *working* "Simply-RX.net" and CN hosted redirect sites ONLY" subject I guess. Sigh, pays to look twice. DS "DS" <9ucs5y001@sneakemail.com> wrote in message news:d4emvd$f7q$1@news.spamcop.net... > This is probably a FAQ, but I have been noticing a lot of them happening > lately, all for WorldMeds spam. The latest instance is: > http://www.spamcop.net/sc?id=z755733028zfa54e28dc9eb0a0342aa08c99a1cbcabz > > and the web site in question that SpamCOP cannot find is: > http://www.internationalrxonline.com. > > It is still up at this time (16:45 PDT) and the SpamCop parse has this to > say about it: > > Tracking link: http://www.internationalrxonline.com > [report history] > Cannot resolve http://www.internationalrxonline.com > > I expect that it is one of the following reasons: > 1. The host simply doesn't care, so SC doesn't care either. > 2. The spammer somehow subverts the DNS and refuses to give the > name to SpamCOP's parser machine(s). > > Thanks, > DS > From MikeE at ster.invalid Sat Apr 23 18:02:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 23 20:05:04 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> <42698BD3.25C80CF9@worldnet.att.net> Message-ID: Aviatrix wrote: > John O. Kopf wrote: >> As far as I'm concerned, when the Email-providing ISP fails to block >> a username that's originating spam after severa weeks, they are in >> cahoots with the sender, and I want the local law enforcement people >> to have a word with the ISP about their lax practices. > When you say "the username that is originating the spam", what > username are you actually talking about? Do you mean the email > address that is in the "from" line of the spam? When I read what he sed, I interpreted it as him meaning that when the ISP failed to fix a problem with a user IP spamsource -- which presumably would correspond to that ISP's logs correlation with a particular account ie username -- that he was going to contact the corresponding local law enforcement. Corresponding to the source's ISP. Not the From's domainname, I don't think. > If so then you are barking up the wrong tree. However, I'm concerned with the wrong tree concept anyway. I think it is OK that someone would like to correlate an IP with a geographic region or country, but I'm a little confused about the involvement of a local law enforcement, and I'm trying to think globally, not just about my own country. But, it is hard to keep any significant country's laws out of the consideration if you are going to 'involve' local LE law enforcement. And, the other part of the problem is that he isn't starting with the original spamitem's source IP, but the email address of the notify which SC provides. That is, he wants to go from the SC notify email address to a local law enforcement entity. Go arrest those guys, their client spammed me. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Apr 23 20:17:20 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Apr 23 20:20:05 2005 Subject: [SpamCop-List] Re: request for location information In-Reply-To: <426ADC0A.F6286344@worldnet.att.net> References: <426ADC0A.F6286344@worldnet.att.net> Message-ID: John O. Kopf wrote: > "Brian (SnSR)" wrote: > >>There is a website that you can plug in an IP address and it returns a >>geographical location. It's not always accurate and not always able to >>find a location. >> >>http://www.geobytes.com/IpLocator.htm >> >>Using Mike's example, the IP comes back with a 90% certainty of being >>located in the capital city of Rabat, Morocco. > all attempts to access "http://www.geobytes.com/IpLocator.htm" returns > "www.geobytes.com could not be found. Please check the name and try > again." > > John Kopf Please be polite and stop top posting. Your posts and skinnyguy's posts are hard to follow because you both insist on top posting and not snipping. People shouldn't have to spend all that extra time scrolling back and forth to understand the context of your replies. From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 23 18:56:18 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 23 21:00:03 2005 Subject: [SpamCop-List] Re: request for location information In-Reply-To: References: <426ADC0A.F6286344@worldnet.att.net> Message-ID: Cat wrote: > John O. Kopf wrote: > >> "Brian (SnSR)" wrote: >> > > > >>> There is a website that you can plug in an IP address and it returns a >>> geographical location. It's not always accurate and not always able to >>> find a location. >>> >>> http://www.geobytes.com/IpLocator.htm >>> >>> Using Mike's example, the IP comes back with a 90% certainty of being >>> located in the capital city of Rabat, Morocco. > > > > all attempts to access "http://www.geobytes.com/IpLocator.htm" returns > > "www.geobytes.com could not be found. Please check the name and try > > again." > > > > John Kopf > > Please be polite and stop top posting. Your posts and skinnyguy's posts > are hard to follow because you both insist on top posting and not > snipping. People shouldn't have to spend all that extra time scrolling > back and forth to understand the context of your replies. John, I don't know why you are unable to access that site. It may have been that the site was down at the time. It works for me now. It's also possible that you have a browser hijack of some sort. Brian Brian.pctuneups gmail Cat, Please be polite and stop telling people to stop doing things because you are bothered by them. You have added no worthwhile input to this conversation. I do agree with the intent of your post, that it is desired to format in the way you suggest. But, people shouldn't have to spend all that extra time reading your posts that have nothing to do with the topic. And, yes, I realize that I have also added more needless time to other's already overloaded day in dealing with something that has nothing to do with the original topic. I am just hoping to help break you of this less than appealing habit. Brian From spamcop-list at news.spamcop.net Sat Apr 23 22:49:35 2005 From: spamcop-list at news.spamcop.net (TJP) Date: Sat Apr 23 22:50:07 2005 Subject: [SpamCop-List] MORE SPAM? Message-ID: Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to have more of the same 3 messages getting into my inbox. I have written support but no answers yet. From nobody at devnull.spamcop.net Sat Apr 23 23:36:47 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Apr 23 23:40:07 2005 Subject: [SpamCop-List] Re: MORE SPAM? References: Message-ID: "TJP" <@cesmail.net> wrote in message news:d4f1g0$kdm$1@news.spamcop.net... > Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to > have more of the same 3 messages getting into my inbox. I have written > support but no answers yet. There is only one current complaint of a similar nature in the web-Forum, and that one specifically is talking about the use (and apparent issues) with cn.rbl.cluecentral.net ... You may want to either post in the spamcop.mail newsgroup (very little traffic) or hit the Forum and add your data there (a bit more data would help) http://forum.spamcop.net/forums/ in this case, you'd want to hit the SpamCop Email System & Accounts section. From nobody at devnull.spamcop.net Sun Apr 24 00:21:27 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 24 00:25:30 2005 Subject: [SpamCop-List] Re: Meine geilen Bilder References: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Message-ID: "WazoO" wrote in message news:d499ad$m6e$1@news.spamcop.net... > > e-mail sent to you / JT JT responded ... you have GMail From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 23 22:53:48 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Apr 24 01:00:26 2005 Subject: [SpamCop-List] Re: MORE SPAM? In-Reply-To: References: Message-ID: WazoO wrote: > "TJP" <@cesmail.net> wrote in message news:d4f1g0$kdm$1@news.spamcop.net... > >>Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to >>have more of the same 3 messages getting into my inbox. I have written >>support but no answers yet. > > > There is only one current complaint of a similar nature in the > web-Forum, and that one specifically is talking about the > use (and apparent issues) with cn.rbl.cluecentral.net ... > You may want to either post in the spamcop.mail > newsgroup (very little traffic) or hit the Forum and > add your data there (a bit more data would help) > http://forum.spamcop.net/forums/ in this case, you'd > want to hit the SpamCop Email System & Accounts > section. > > I've noticed the same thing. I've been hoping that reports will eventually deal with this. I'm also getting hit with the same spam to some of my hotmail and yahoo accounts that are making it past the filters. And I refuse to try to go find something in the forum. Sorry Wazoo, but that is not a user friendly place for me. I have made a few attempts at trying to find something that you have suggested in the past, but have been unable to locate what I was looking for. And I'm not talking about a feeble attempt, but performing searches using numerous methods. Do you ever encourage people there to come here? Even though there is "(very little traffic)" in spamcop.mail, you will usually receive an answer there. Unfortunately, I hadn't thought to save those that made it through the SC filters, so I can't supply a link. It's not all that often, so I didn't think it was necessary :( Most of the spam that is getting through the hotmail and yahoo filters is web4presence/webplacedns pump and dump and email harvesting spam (free stuff) with domains registered to: Registrant Name:Raymond Sebastian Registrant Organization:dicerweb inc http://www.spamcop.net/sc?id=z755717980ze8551e99d174c0dfa0687a1c530dac66z is an example. It's Ralsky. From nobody at devnull.spamcop.net Sun Apr 24 03:34:52 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 24 03:35:03 2005 Subject: [SpamCop-List] Re: request for location information In-Reply-To: References: <426ADC0A.F6286344@worldnet.att.net> Message-ID: Brian (SnSR) wrote: > And, yes, I realize that I have also added more needless time to other's > already overloaded day in dealing with something that has nothing to do > with the original topic. I am just hoping to help break you of this less > than appealing habit. Thank you, but I don't need your "help." Your reply was neither constructive nor helpful. I'm not sure why you suddenly decided to follow me around the newsgroup attacking my posts for no good reason, but it's really not needed. Unless you plan on attacking every other person who has ever asked someone to stop top posting, then please keep your comments to yourself if you see such a reply from me. From nobody at devnull.spamcop.net Sun Apr 24 03:54:01 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 24 03:55:13 2005 Subject: [SpamCop-List] Re: SBCGlobal.net In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > It seems that you have a problem mixing up where and were. It's called a typo. I do know the difference between where and were. > If you are > going to correct others all the time, please maintain that level of > proper English usage that you expect of others. Since I don't post here much any more, you can't really accuse me of correcting others all the time. > I put off doing this for a long time. I just couldn't stop myself any > longer. ;) Ok, I was a little bit bugged by this reply from you last night but just kind of let it go and was polite in my reply to you since I took it to be a little tongue in cheek. Now that you have replied to one of my other posts for no other reason than to attack me (which I don't understand because I thought you were a better person than that), I'm extremely annoyed by your reply. I made a typo. I know the difference between where and were. A simple "you misspelled that" would have been fine. Now since you accused me of not adding anything constructive in another thread, do you actually have something constructive to add to this particular thread in relation to my issues with spam haven SBC Global? From MikeE at ster.invalid Sun Apr 24 04:27:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 24 06:30:26 2005 Subject: [SpamCop-List] Re: Meine geilen Bilder References: <4267a640$1$17971$6d4158fb@reader-1.xsnews.nl> Message-ID: WazoO wrote: > JT responded ... you have GMail Got it. The key is the webtv situation which I didn't realize. Not the xsnews. I wasn't thinking properly. The poster posted it via xsnews allright, but it got here via webtv. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 24 04:33:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 24 06:35:05 2005 Subject: [SpamCop-List] Re: MORE SPAM? References: Message-ID: Brian (SnSR) wrote: > Do > you ever encourage people there to come here? Heh. I don't like looking for things in the forum either. I still think the better way to have made a dynamic faq would be with a wiki. The business of who has posting rights in it could be handled by giving the 'responsiblity' to wazoo and let him deal with it however he liked. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Sun Apr 24 12:32:13 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Sun Apr 24 06:35:22 2005 Subject: [SpamCop-List] Re: MORE SPAM? In-Reply-To: References: Message-ID: TJP wrote: > Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to > have more of the same 3 messages getting into my inbox. I have written > support but no answers yet. > > Yup, quite alot coming thru at the moment. About 20-30 a day getting thru, normally it's about 2. Hope it gets fixed soon! From 79ytka802 at sneakemail.com Sun Apr 24 14:22:54 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Apr 24 08:25:35 2005 Subject: [SpamCop-List] Re: request for location information... In-Reply-To: References: <4265A8F1.87845AB6@worldnet.att.net> <42698BD3.25C80CF9@worldnet.att.net> Message-ID: Mike Easter wrote: > When I read what he sed, I interpreted it as him meaning that when the > ISP failed to fix a problem with a user IP spamsource -- which > presumably would correspond to that ISP's logs correlation with a > particular account ie username -- that he was going to contact the > corresponding local law enforcement. Corresponding to the source's ISP. > Not the From's domainname, I don't think. That was my initial interpretation also, but then I read John's posting about his attempt to obtain Whois information quoting this error message: > I'm sorry but we are unable to answer > the query '=sanmtaki@erasmas.com' at the present time. > We could not contact the server 'whois.crsnic.net' I may be wrong sanmtaki@erasmas.com doesn't look like a notify address to me. In fact it looks like something taken straight from a 419 spam - erasmas.com seems to be one of their favourites. I was therefore assuming that we are dealing with a newbie who was trying to track down "from" addresses, not realising that "from" addresses are generally meaningless. I apologise if my assumption was wrong. > I think it is OK that someone would like to correlate an IP with a > geographic region or country, An IP - yes, of course. But I got the impression that John was trying to correlate email addresses with geographical regions, which of course you can't. I have a webmail account @fido.ca - it would be wrong to conclude from that that I'm in Canada! From null at null.com.none Sun Apr 24 15:45:53 2005 From: null at null.com.none (Martin) Date: Sun Apr 24 09:50:15 2005 Subject: [SpamCop-List] Re: SpamCop Running Slowly References: Message-ID: I think you would be better off just deleting the mail queue and starting afresh, my last submissions came back 25 hours after I submited them, its getting worse not better. Since they are coming back so long after submitting I am just canceling them, not worth reporting if they are more than 12 hours old IMO Martin "SpamCop Admin" wrote in message news:mq1l61dssesvkibj5nbfbljr8n3po389me@4ax.com... > The system is currently running at near-overload while it works its > way through the backlog of spam submissions created by the outage > yesterday. You can expect delays and sluggishness. > > The situation is expected to continue through the weekend, and since > Monday and Tuesday are the biggest reporting days, it may be slow > then, too. > > The IT guys say that things are running properly and that they're > keeping an eye on it. > > - Don - From SCNews.5.myspamgobbler at spamgourmet.com Sun Apr 24 08:13:08 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Apr 24 10:20:04 2005 Subject: [SpamCop-List] Re: MORE SPAM? In-Reply-To: References: Message-ID: Mike Easter wrote: > Brian (SnSR) wrote: > >>Do >>you ever encourage people there to come here? > > > Heh. > > I don't like looking for things in the forum either. > > I still think the better way to have made a dynamic faq would be with a > wiki. The business of who has posting rights in it could be handled by > giving the 'responsiblity' to wazoo and let him deal with it however he > liked. > Good idea. From MikeE at ster.invalid Sun Apr 24 09:56:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 24 11:55:09 2005 Subject: [SpamCop-List] Re: request for location information... References: <4265A8F1.87845AB6@worldnet.att.net> <42698BD3.25C80CF9@worldnet.att.net> Message-ID: Aviatrix wrote: > Mike Easter wrote: >> Not the From's domainname, I don't think. > > That was my initial interpretation also, but then I read John's > posting about his attempt to obtain Whois information quoting this > error message: > > > I'm sorry but we are unable to answer > > the query '=sanmtaki@erasmas.com' at the present time. > > We could not contact the server 'whois.crsnic.net' > > > I may be wrong sanmtaki@erasmas.com doesn't look like a notify address > to me. In fact it looks like something taken straight from a 419 spam > - erasmas.com seems to be one of their favourites. You are correct. This site^1 lists sanmtaki@erasmas.com as a 419 From. I couldn't find one in sightings. ^1 http://www.joewein.de/sw/419-bl-s.htm "419" sender addresses "S" (blacklisted by jwSpamSpy) I don't like to get into defending John's approach, except to say that a 419 From or Reply-To /might/ be the payload address-- depending on how the 419 was constructed. > I was therefore assuming that we are dealing with a newbie who was > trying to track down "from" addresses, not realising that "from" > addresses are generally meaningless. I apologise if my assumption was > wrong. Well, that was my concern in this news://news.spamcop.net/d49hah$qh3$1@news.spamcop.net my first post in this thread > I have a webmail account @fido.ca - it would be > wrong to conclude from that that I'm in Canada! Correct. -- Mike Easter kibitzer, not SC admin From noone at nowhere.com Sun Apr 24 12:55:19 2005 From: noone at nowhere.com (Bob Itguy) Date: Sun Apr 24 12:00:09 2005 Subject: [SpamCop-List] Re: Link Resolving Failures References: Message-ID: I get them like this all the time, same email probably 2-3 times a day. I have to remove the returns manually to even get it to parse and then it's probably wrong like what the OP said. Here are some of mine for the past few days manually corected (which is a pita): 1409833225 1409830612 1409420499 1408817957 1408814034 1408813412 Someone at SC needs to see if they can fix the software to parse this type of stuff correctly I guess. "Blammo" wrote in message news:Xns963FEF7F8D842blammo@216.154.195.61... > On 21 Apr 2005 A.J. entered spamcop and left > news:d49c87$nsc$1@news.spamcop.net: > >> SC interprets the TLD as ending at the "&" following the first ".com" >> (foztetdpbqm.com), rather than at the next "/" as it should >> (iliacgnkln.com - the real domain), causing it to interpret the URL as >> fake. The tracker appears to function correctly; however, using other >> tools I come up with a different IP address: 218.7.112.241 >> > > Spamcop is correct, or actually it doesn't resolve now so I can't check, > but I got one like that earlier and spamcop was correct. > You can't look it up "correctly", you have to do what the browser would > do. > iliacgnkln.com is actually a different IP than the full URL. > Spamcop appears to check foztetdpbqm.com first, but fails and tries the > full URL. This isn't very obvious. > > I haven't seen the line feed problem, don't know about that. > > see also thread news:d3f18a$17a$1@news.spamcop.net > > -- > | Ric > | From noone at nowhere.com Sun Apr 24 12:58:41 2005 From: noone at nowhere.com (Bob Itguy) Date: Sun Apr 24 12:00:36 2005 Subject: [SpamCop-List] Re: darjheef.com is gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com References: Message-ID: I posted here on 4-11 with this problem and it's still around... http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az "Ellen" wrote in message news:d4b29f$l06$1@news.spamcop.net... > > "rg" wrote in message > news:d49iaf$qv1$1@news.spamcop.net... >> I get dozens of spams with the below link: >> >> >> >> This translates to: >> gzzednuvhhof.net&vfxmzpq5t1cr86djqp4ib.darjheef.com >> >> Why does spamcop report this as not resolvable? >> >> FYI, Reporting addresses: >> abuse@chinanet.cn.net >> abuse@cnc-noc.net >> >> > > We have a trouble ticket opened for this problem. > > Ellen > > From nobody at devnull.spamcop.net Sun Apr 24 12:17:16 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 24 12:20:13 2005 Subject: [SpamCop-List] Re: MORE SPAM? References: Message-ID: "Mike Easter" wrote in message news:d4fsi4$24l$1@news.spamcop.net... > Brian (SnSR) wrote: > > Do > > you ever encourage people there to come here? Yes > I still think the better way to have made a dynamic faq would be with a > wiki. The business of who has posting rights in it could be handled by > giving the 'responsiblity' to wazoo and let him deal with it however he > liked. Weird, the pipermail archives don't appear to include this newsgroup. Had to reach back into my saved stuff. From back on 19 Jan 2005, here's a copy of my query for input; (assumption has to be that little was offered due to the use of "possible new FAQ" in the Subject Line) -=-=-=-=-=-=- I started this "over there" ... but the premise is to possibly resolve some issues. To my knowledge, at this point, this was just something JT tossed at me the other night. Asking for input from "this side of the great divide" http://forum.spamcop.net/forums/index.php?showtopic=3486 JT tossed out a but of a suggestion and a question. Let's start with the product, described in all its glory at http://www.pineappletechnologies.com/products/lore/ .... I don't want to be the guy that said something like "it's a miracle! .. blow the bucks!" and have it not used. A bit of historical here .... the FAQ on the www.spamcop.net site has always been something to complain about .. some folks find in lacking in detail, others finding difficult to navigate and actually find anything, others not knowing that it exists .... Then came the Forum structure ... that caused a bit of a stir because NNTP newsgroup folks hated the thought of a web-based application getting in the way. (There's actually but a handful of "us" that frequent both the newsgroups and the Forum, so there really are two camps involved.) Never mind that part of the logic behind the web-based thing was based on it being the primary support area for the e-mail account folks that would already be accessing their e-mail via a web browser, so for a lot of folks, no problem. Most newer computer/internet users have no knowledge of the NNTP side of things, so less confusion there. Some work places have NNTP firewalled off, so the Forum offers a place that they can still post to and get answers. There came a day that I started glueing things together in the Forum that resulted in the current single page access point that includes both the top structure of the www.spamcop.net FAQ and much additional data developed within this Forum. Some folks love it. Some folks hate it. I just saw a post this morning that some folks can't find it (????) As recent as last week, there was a bit of a discussion over in the newsgroup area that talked about the division between the two camps and a couple of suggestions made that no one within the newsgroups should provide links to or point folks to this Forum area, as it was detracting from the support offered within the newsgroups. Even the two versions of the FAQ came under fire, even though pointed out that I don't have access to the spamcop.net pages and the Forum FAQ includes data developed from within .... someone had even mentioned at the "need" for the FAQ to be published on a periodic basis as a newsgroup posting (though noting that even though this suggestion has been made by many people over the years, there has been no one stepping up to the plate and writing it, much less posting it on a weekly/monthly basis) So now, JT's made the offer of purchasing some more software and putting it up so that there'd be something that could be much better for all .... can I ask any and all of you to take a look and offer up a yeah or a nay on building a new FAQ using that tool? -=-=-=-=-=-=- From nobody at devnull.spamcop.net Sun Apr 24 13:05:14 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 24 13:10:10 2005 Subject: [SpamCop-List] Forum FAQ entry list Message-ID: Not done since January, here's an entry list of the web-Forum FAQ, which incorporates the www.spamcop.net FAQ data/links. Not going to do an HTML version, and adding in the link data would simply end up being too huge and messy. The actual item is found at http://forum.spamcop.net/forums/index.php?showtopic=2238 Last Revised : 24 April 2005 SpamCop Glossary SpamCop FAQ .... (FAQ = Frequently Asked Questions) Overview of SpamCop Services - (somebody deleted this entry ... best replacement seems to be the following ...) How does SpamCop reporting work? Why am I Blocked? Has your email been blocked? (ISP, Mailing List Admin, Advertiser) SpamCop Blocking List - Am I listed? Why am I getting all these bounces? Why does SpamCop want to send a report to my own network administrator? Password Problems? Am I running mailing lists responsibly? Updated! Outlook 2003 REG hack to work around MIME issues Alternate Outlook 2003/XP e-mail submit methods NEW Why Outlook Express Forward doesn't work / Secure E-Mail Handling E-Mail Address Removal, Unsubscription, & Listwashing Yahoo Groups Mail Blocked? Say NO to the Challenge/Response Lunacy Cost of Spam Spammer Rules How can I contact a SpamCop representative? How To Ask Questions The Smart Way (language issue, but there really is only one defintion for RTFM) SpamCop Parsing and Reporting Service What is this? How does it work? How do I use it? SpamCop Analogous to a Credit Reporting Agency? How do I sign up? Rules - everybody read! (recent changes made ... you may need to re-look) What do I need to know to get started reporting spam? Parsing & Reporting spam - decisions, problems How do I get my email program to reveal the full, unmodified email? How do I configure Mailhosts for SpamCop? NEW One version of a Step-by-step MailHost set-up How do I submit spam via email? E-Mail spam submittals blocked by your ISP? Emailed Spam Submissions Disappearing? No Confirmation e-mails? What is Quick Reporting? How can I unsend a Report? "Header incomplete, aborting." and "No source IP address found, cannot proceed." Causes of "Would send" and "If reported today, reports would be sent to:" messages SpamCop said "No reports filed." What does it mean? Member and account management questions Why was my authorization revoked? Is there a limit on reporting spam? -----> 3,000 per day -----> not older than 48 hours Why did my spam load increase after I started Reporting? What is mole reporting? How do I set up SpamAssassin to work with SpamCop? NEW Can I automatically forward spam from my spamtraps? SpamCop Email System & Accounts What is this SpamCop Mail Service? What is the cost? How do I sign up? How do I setup my account? SpamCop E-Mail Account Storage Quota / Limit I can report and trash but not Delete from Held Folder Jeff G.'s Guide to accessing SpamCop email using OE and IMAP How do I sign up for multiple accounts under the family plan? Discounted Additional Account, more detail When does my account expire? How do I renew my account? I forgot my Password How I use my SpamCop E-Mail account examples Blocking and Blackhole lists available How To Stop Filtering With The SCBL, for SpamCop Email System Customers FAQ about the Personal Blacklist and Whitelist FAQ about POP'ing out of SpamCop Email System "POP Configuration" Setup FAQ about WebMail FAQ about Webmail: Deleting and Moving Messages WebMail Login problems & General Slowness, First things to check FAQ about IMAP IMAP - Deleting E-Mail How to save Sent Mail in SpamCop Webmail FAQ about Filtering and Held Mail FAQ about the personal webmail filters, Client filters within webmail Messages not Filtered - Why? Jeff G.'s Guide to SpamCop Quick Reporting from a SpamCop E-Mail Account Does SpamCop work with AOL/MSN/Hotmail? I want email to go from myaccount@myemail.com and back to the same account. Is this possible? When does my account expire? Where can I get further assistance? Why can't I receive any email? Getting Mail From The SpamCop Email System IMP/Horde FAQ SpamCop Blocking List Service How do I configure my mailserver to reject mail based on the blocklist? What is on the list? How can I be de-listed One-time automatic BL De-listing How much does it cost? Is it possible to download the entire blocklist? How can I check if an IP is on the list? If my IP is listed, does it mean I am a spammer or my ISP hosts spammers? Why can't I get to the blocking list from ATT's network? General Information about SpamCop How can I get help? How can I report a bug? How can I suggest a feature? What are the rules for posting to the forum? May I create a link to SpamCop from my site? Can I get a copy of the source code for SpamCop? Who is Julian Haight? Why did I get a spam promoting SpamCop? What are some general tips for responding to questions in the forum? Adding items to the FAQ Features and Bugs Use the parser without reference to your mailhosts configuration Non-SpamCop information Make an anonymous donation to support SpamCop Can I advertise on SpamCop? Help for abuse-desks and administrators These are questions commonly asked by Internet Service Providers. Users of SpamCop need not read this (skip on down a few sections), but may find it interesting. You have probably arrived here because of a SpamCop report. Please read the introduction for information about the report you are viewing. Introduction - What is this thing? How does it work? I have been falsely and/or maliciously accused of spamming, what can I do? How can I contact a real person about this? Interacting with SpamCop and it's users: You are mailbombing me! How can I make it stop? How can I get SpamCop reports about my network? How do I register an abuse@ email address? How can I get removed from SpamCop's blocking system? Once I close a spammer's account, how can I prevent others reporting it? How can I respond to spam complaints via email? How can I control what type of reports I receive? You've munged the header... How do I get in touch with the person who filed the complaint? Help with SpamCop reports and spam in general Robots: Mailing lists and autoresponders I didn't originate the spam. My server might have relayed this message. Why report it to me? What does a SpamCop Report look like? Why did SpamCop report this usenet message to me? General questions: Who appointed you the "cop" of the internet? Where do you get off? My web site got terminated/threatened because of SpamCop, but I did not send the spam. What's the big idea? Why did SpamCop submit my server to relay-testing sites? What is your opinion of FFA (free for all) pages? How do Deputies respond to appeals? Abuse-queue management tools Assistance stopping spam: I'm receiving spam reports, but my mail server logs don't reflect it. Why? HTTP Proxies (Cisco / Squid / Mailtraq) Formmail Open Relay Servers Adding BLs to Postfix Spam-sending malware But my Exchange 2000 server is secured against relaying! How can I control spam from my network? How can I control unsolicited bounces? SOCKS Proxy Servers Links to help with removing open proxies Other information, help and links What other sites should I visit to help fight spam? CAN-SPAM Act of 2003 - Bill Number S.877 for the 108th U.S. Congress Abuse.net's introduction to spam: What is it and why is it bad? Elsop's anti-spam page - lots of other links to more information U.S. FTC Spam page for the Consumer spam uce.gov replaces uce ftc.gov SamSpade - tools for the unix-deprived and other good info Bestprac.com - A guide for all types of users on how to avoid spamming abuse.net - ISP abuse address clearinghouse Realtime blackhole list - blocking of selected email servers Spamhaus - Lists ISPs who keep organized spamming alive Spam Links - Many Resources, Definitions, and Tools The SpamCon Foundation (formerly suespammers.org) The author of this software, Julian Haight Net abuse jargon file - Cues for the acronym challenged Net abuse FAQ - all about spam An organization to fight "street spam" - those unsightly weight loss signs on the highway. Reading Email Headers. Sneakemail is a service that gives you more control over the emails you receive. SpamList is a config file for sendmail which agressively blocks spam. Use with caution. SPEWS is not SpamCop, SpamCop is not SPEWS - Note the spelling SpamWars, a humorous kill-the-spammer browser-based game Monitoring and reporting worm/hacking activity Marjolein's Ban Spam page The Crystal Cave - News, Tools, Resources to combat Spam Surf the Internet Safely Outlook & Exchange Solutions Center Inside Outlook Express Anti-Phishing Working Group U.S.DoJ Identity Theft and Fraud Information Follow the Money; or, why does my computer keep getting infested with spyware? Phone number spam Recursos anti-spam en español Campaña anti-spam de El Espectador (Uruguay) Información básica acerca del 'spam' Credit and thanks Noting that the above link is Julian's credit / contributor list for the stuff found at spamcop.net and JT's newsgroup and e-mail support. What follows is my list of credit for the web-based Forum stuff .... for starters, the contributors to this existing FAQ (not sure I've got a 100% identity list, don't have permission to use real names, and will probably add more items into this FAQ and forget to update this list .. apologies in advance for missing the kudos and correct attributions) ... and just to keep things a bit off-kilter, in reverse alphabetical order; WB8TYW turetzsr (who does request to be known as Steve T) studog StevenUnderwood petzl PeterJ Miss Betsy Merlyn JeffG dbiel DavidT agsteele From MikeE at ster.invalid Sun Apr 24 11:23:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 24 13:25:04 2005 Subject: [SpamCop-List] Re: Forum FAQ entry list References: Message-ID: WazoO wrote: > here's an entry list of the > web-Forum FAQ, which incorporates the www.spamcop.net > FAQ data/links. Good idea. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Sun Apr 24 19:44:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 24 14:45:07 2005 Subject: [SpamCop-List] Re: Forum FAQ entry list References: Message-ID: On 24 Apr 2005 WazoO entered spamcop.help and left news:d4gjka$drj$1@news.spamcop.net: > How do I set up SpamAssassin to work with SpamCop? > http://www.spamcop.net/fom-serve/cache/331.html This is still out of date with spamassassin 3.x, which I mentioned some time ago. If anyone plans to update it I can verify all the rules and post that. My SA config adds this header to all X-Spam-Level: ***** And these headers to spam X-Spam-Prev-Subject: (ISP has something screwed so I can't remove that) X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.2 required=9.0 tests=etc, etc Spamcop never complains. -- | Ric | From nttp.sc.s at bigsleep.org Sun Apr 24 19:52:31 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 24 14:55:07 2005 Subject: [SpamCop-List] Re: Link Resolving Failures References: Message-ID: On 24 Apr 2005 Bob Itguy entered spamcop and left news:d4gfhj$bg8$1@news.spamcop.net: > I get them like this all the time, same email probably 2-3 times a day. I'm starting to wonder if Outlook is doing that because I get plenty of these but never with that line feed problem. Could possibly be some other in-between app like a virus or script scanner. If I ever get one like that I'll mention it. -- | Ric | From none.of at your.biz Sun Apr 24 21:02:17 2005 From: none.of at your.biz (R. Asby Dragon) Date: Sun Apr 24 23:05:03 2005 Subject: [SpamCop-List] Any way to include "redirects" in SC reports? Message-ID: I'm not a "paying member"; is that possible if I join? I'm seeing a huge resurgence in the old spammer trick of using one or more redirector websites to hide the real spam "payload" URL. It makes sense to the spammer; he can spend time and money on a website in Brazil that doesn't get nuked because most automated reporting systems (or semi-automated like SpamCop :})will not or cannot step thru the redirects to report it. The "first" URL (found as the payload in the message) is a throwaway; losing that is chump change for the spammer; and there's probably 20 more "in waiting" . Reporting the throwawy URLs is almost worthless. I realize that doing it off a script would be exceedingly time intensive for SC to do as part of the parse procedure; but would it be possible to have a "manual entry" system for a reporter to show the final URL (as well as the intermediate(s))?? Agreed; it's also a credibility issue as the reporter could put any URL in same as a "SpamCop Joe-Job". I've been doing a manual LART on these after SC'ing the spam normally; but I'm a lousy typist and the "redirected URL trick" spams are increasing too fast for me to keep up.. Amateurmatch.com ; Porndvddirect.com ; Simply-rx.com/net ; and a slew of Taiwan pornsites are some of the most recent bastards using this trick. From MikeE at ster.invalid Sun Apr 24 21:15:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 24 23:15:04 2005 Subject: [SpamCop-List] Re: Any way to include "redirects" in SC reports? References: Message-ID: R. Asby Dragon wrote: > I'm not a "paying member"; is that possible if I join? A paying member can add additional notifies to a SC report. > would it > be possible to have a "manual entry" system for a reporter to show > the final URL (as well as the intermediate(s))?? The way you would do it would be to develop your system for tracking down the ultimate target; I prefer to use SamSpadeWin's GET function, some people use a web based tool, you can even use your browser if you are configured to find out what is being hiddden from you. In any case, you figure out the ultimate target URL. Then, you feed just that URL to SC's parser and it will tell you the notify it likes for that. Then, you can add that notify to your notify for the original spamitem and explain why with your remarks. > I've been doing a manual LART on these after SC'ing the spam normally; > but I'm a lousy typist and the "redirected URL trick" spams are > increasing too fast for me to keep up.. Manual larts are done most efficiently with a little multipurpose template for the job. No typing, just pasting and cutting. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 25 02:01:06 2005 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Mon Apr 25 01:05:12 2005 Subject: [SpamCop-List] "boundary" and missing links Message-ID: Hello, all. Original letter posted in sc.spam with title "Residencia". Tracking URL: http://www.spamcop.net/sc?id=z756327706z432df001a1d00bffa5de1d5499dcb749z SC says: Finding links in message body Recurse multipart: Parsing text part Parsing HTML part No html links found, trying text parse Hmm, is the presence of the MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001__109346156_2489,578" part that makes SC miss the links in the body? Or is a construction like the following deemed too tricky to be parsed? Ironically, SC says: Resolving link obfuscation http://internet.e-mail host internet.e-mail (checking ip) ip not found ; internet.e-mail discarded as fake. and this comes simply from an HTML COMMENT at the top of the body: I wonder what's happening here. Is the header definitely malformed? Thanks. C. -- Claudio Valderrama C. www.cvalde.net - www.firebirdSql.org From nttp.sc.s at bigsleep.org Mon Apr 25 06:45:34 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 25 01:50:04 2005 Subject: [SpamCop-List] Re: Any way to include "redirects" in SC reports? References: Message-ID: On 24 Apr 2005 Mike Easter entered spamcop and left news:d4hn95$v0u$1@news.spamcop.net: > you can even use your browser if you > are configured to find out what is being hiddden from you. In any case, > you figure out the ultimate target URL. > There is a Mozilla extension called Live HTTP Headers that will show all the headers, redirects, etc., and you can replay any request as well. > Then, you feed just that URL to SC's parser and it will tell you the > notify it likes for that. > > Then, you can add that notify to your notify for the original spamitem > and explain why with your remarks. You didn't mention that paid members get a user notification box for this. -- | Ric | From nttp.sc.s at bigsleep.org Mon Apr 25 06:50:34 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 25 01:55:03 2005 Subject: [SpamCop-List] Re: "boundary" and missing links References: Message-ID: On 24 Apr 2005 Claudio Valderrama C. entered spamcop and left news:d4htgj$2ac$2@news.spamcop.net: > Hmm, is the presence of the > > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_001__109346156_2489,578" > > part that makes SC miss the links in the body? No, maybe it's because the closing NEXTPART is missing. -- | Ric | From MikeE at ster.invalid Mon Apr 25 07:13:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 09:15:04 2005 Subject: [SpamCop-List] Re: "boundary" and missing links References: Message-ID: Claudio Valderrama C. wrote: www.spamcop.net/sc?id=z756327706z432df001a1d00bffa5de1d5499dcb749z I see a body with a b64 and no links in the decoded b64. The decoded b64 is now below my sig. > No html links found, trying text parse > boundary="----=_NextPart_000_001__109346156_2489,578" There's no epilogue after the b64 part, but that shouldn't matter > I didn't/don't see that in my decoding of the b64. I sorta hate to paste a spambody in here even tho' it is short, so I'll paste my decoding of the b64 in .spam. Hmm. That seems like more trouble than it is worth for the small body, I'll paste it under my sig -- that's sorta like somewhere else :-/ It looks to me like the b64 was 'chopped off' and it ends 'abruptly'. With the missing epilogue, I would say that the tracker isn't showing the complete spam, especially if what you pasted above was from the spam. > and this comes simply from an HTML COMMENT at the top of the body: > That was a mistake. -- Mike Easter kibitzer, not SC admin Emilio Edwards Propiedades

 

Message-ID: Mike Easter wrote: > I didn't/don't see that in my decoding of the b64. I sorta hate to > paste a spambody in here even tho' it is short, so I'll paste my > decoding of the b64 in .spam. Hmm. That seems like more trouble than > it is worth for the small body, I'll paste it under my sig -- that's > sorta like somewhere else :-/ > > It looks to me like the b64 was 'chopped off' and it ends 'abruptly'. > With the missing epilogue, I would say that the tracker isn't showing > the complete spam, especially if what you pasted above was from the > spam. Since this is a case of one person seeing something different than another sees and there's a question of it being related to the veracity of the tracker, I've posted an item in .spam consisting of 3 parts, the tracker, the entire spam, and the decoded b64 -- under this same subject. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 25 11:50:57 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Mon Apr 25 10:55:05 2005 Subject: [SpamCop-List] Re: "boundary" and missing links References: Message-ID: "Mike Easter" wrote > Mike Easter wrote: > > I didn't/don't see that in my decoding of the b64. I sorta hate to > > paste a spambody in here even tho' it is short, so I'll paste my > > decoding of the b64 in .spam. Hmm. That seems like more trouble than > > it is worth for the small body, I'll paste it under my sig -- that's > > sorta like somewhere else :-/ > > > > It looks to me like the b64 was 'chopped off' and it ends 'abruptly'. > > With the missing epilogue, I would say that the tracker isn't showing > > the complete spam, especially if what you pasted above was from the > > spam. > > Since this is a case of one person seeing something different than > another sees and there's a question of it being related to the veracity > of the tracker, I've posted an item in .spam consisting of 3 parts, the > tracker, the entire spam, and the decoded b64 -- under this same > subject. > Odd... When I parse the original as Claudio posted in .spam I don't see any Base 64. The spam won't render in OE, but if the html is extracted you can "force" the spamitem to render as html. Try this parse tracker: http://www.spamcop.net/sc?id=z756516129z2e85efeb57543f0d6c2d231a161bbb3cz I think I am "seeing" the parse problem Claudio was enquiring about, but I can't answer his query. hth, Glenn From jr70 at blackhole.invalid Mon Apr 25 09:42:00 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Apr 25 11:45:40 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: "David Butler" wrote in message news:d4duce$33p$1@news.spamcop.net... > "WazoO" wrote in message > news:d4c9v5$b2v$1@news.spamcop.net... >> "Chris F. Willoughby" wrote in message >> news:d4b6n9$nfg$1@news.spamcop.net... >> > I'm running into the issue as well still.. >> > >> In response to users posting over in the web-Forum that >> provided Tracking URLs, notification of continuing issues >> has been sent upstream. > > > I am not even getting trackers! Just utter parse failure and so spam found > errors. Seems to have stopped now. I'm having trouble this morning with the SC parser calling genuine sources "fake" including my own ISP. I assume it's caused by some lookup process timing out. -- Gary VanderMolen From MikeE at ster.invalid Mon Apr 25 14:32:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 16:35:31 2005 Subject: [SpamCop-List] Re: "boundary" and missing links References: Message-ID: Glenn Daniels wrote: www.spamcop.net/sc?id=z756516129z2e85efeb57543f0d6c2d231a161bbb3cz That item SC sez for the body [which is in html, no b64] Finding links in message body Parsing text part error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found Reports regarding this spam have already been sent: Reportid: 1410694655 To: cancelled@devnull.spamcop.net Yours is improperly wrapped and folded in the header which is why the body won't parse properly. It also has an improper content type and boundary delimitor marker compared to the actual condition of the body - which makes me think that it has been screwed up by Outlook's improper message storage system. If I want the body to parse, I'll have to get rid of the improper boundary and content type information by changing it to text/html and no boundary. Then, SC parses the body like this: http://www.spamcop.net/sc?id=z756633026z5b75e825177bb471cacf3b538413d3a5z Resolving link obfuscation http://www.emilioedwards.cl host www.emilioedwards.cl (checking ip) = 200.74.163.34 host 200.74.163.34 = red163-034.manquehue.net (cached) Tracking link: http://www.emilioedwards.cl Report Spam to: Using abuse#savvis.net@devnull.spamcop.net for statistical tracking. Using abuse#savvis.net@devnull.spamcop.net for statistical tracking. Re: 200.74.185.78 (Administrator of network where email originates) To: postmaster@manquehue.net (Notes) To: networks@manquehue.net (Notes) Re: 200.74.185.78 (Third party interested in email source) To: abuse@savvis.net (refuses munged reports) (Notes) To: Cyveillance spam collection (Notes) To: abuse#savvis.net@devnull.spamcop.net (Notes) Re: http://www.emilioedwards.cl (Administrator of network hosting website referenced in spam) To: networks@manquehue.net (Notes) To: postmaster@manquehue.net (Notes) Re: http://www.emilioedwards.cl (Third party interested in spamvertized web site) To: abuse@savvis.net (refuses munged reports) (Notes) To: abuse#savvis.net@devnull.spamcop.net (Notes) Yours is completely different than what I saw with Claudio's, which I posted in .spam -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 25 14:33:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 16:35:56 2005 Subject: [SpamCop-List] Re: Parse Failures Today References: Message-ID: John Richards wrote: > I'm having trouble this morning with the SC parser calling genuine > sources "fake" including my own ISP. I assume it's caused by some > lookup process timing out. Yes -- don't take SC's language seriously. When it can't resolve something it sez that. -- Mike Easter kibitzer, not SC admin From wil0wisp at dccnet.com Mon Apr 25 15:40:45 2005 From: wil0wisp at dccnet.com (rodxpam (fish)) Date: Mon Apr 25 17:40:07 2005 Subject: [SpamCop-List] Head 'em off at the Headers Message-ID: Folks; I'm comparing anti-spam stuff to see what works, and why; as well as exploring some approaches that sound good, but don't. I would like to detail what happens when/if misconfigured headers are denied by my server. Is there a shareware, stand alone, program that does this, or is it only available as a component embedded in other anti-spam services, like SpamAssassin et.al.? rodxpam "Never slap a man who chews tobacco." From Cynthia at triplespiral.net Mon Apr 25 18:48:10 2005 From: Cynthia at triplespiral.net (Cynthia) Date: Mon Apr 25 17:50:04 2005 Subject: [SpamCop-List] WANT SPAMCOP TO GO AWAY Message-ID: I noticed my Yahoo groups seemed quiet...I have huge mailboxes, so I know I'm not bouncing due to a full box. I go check, and I am *hard* bouncing..why??? This is what I see "Remote host said: 550 Blocked - see http://www.spamcop.net/bl.shtml?66.94.237.24 [RCPT_TO] " I did NOT sign up for Spam Cop. I DO NOT WANT IT. Who the hell do they think they are to step in and screw with my email? They are worse than the damn spammers!!!! All the spam does is cost me a second do hit the "block this email address" button.....Spam Cop has taken my email away from me! I have my own domain, so it's not like it's some internet provider's fault. And on that domain, I do have the ability to set up filters, and there are NONE that would block my Yahoo groups. Again, how is this happening? How do I make it stop? I swear I'm about 2 more bounced emails away from filing a law suit. Cynthia From borgholio at storymind.com Mon Apr 25 15:54:28 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 25 17:55:05 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY In-Reply-To: References: Message-ID: Cynthia wrote: > I noticed my Yahoo groups seemed quiet...I have huge mailboxes, so I > know I'm not bouncing due to a full box. I go check, and I am *hard* > bouncing..why??? This is what I see "Remote host said: 550 Blocked - see > http://www.spamcop.net/bl.shtml?66.94.237.24 [RCPT_TO] " > > I did NOT sign up for Spam Cop. I DO NOT WANT IT. Who the hell do they > think they are to step in and screw with my email? They are worse than the > damn spammers!!!! All the spam does is cost me a second do hit the "block > this email address" button.....Spam Cop has taken my email away from me! > > I have my own domain, so it's not like it's some internet provider's > fault. And on that domain, I do have the ability to set up filters, and > there are NONE that would block my Yahoo groups. Again, how is this > happening? How do I make it stop? I swear I'm about 2 more bounced emails > away from filing a law suit. > > Cynthia > > > > > hehe From Cynthia at triplespiral.net Mon Apr 25 19:02:12 2005 From: Cynthia at triplespiral.net (Cynthia) Date: Mon Apr 25 18:05:09 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: > > hehe Ok, you think it's funny that this program has prevented me from getting mail? Reread what I sent pinhead. It's not stopping me from sending, it's stopping me from RECEIVING. I don't believe they have the legal right to do that. Cynthia From johnl at spamcop.net Mon Apr 25 23:11:40 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 18:15:07 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in news:d4jpck$2gb$1@news.spamcop.net: >> >> hehe > > Ok, you think it's funny that this program has prevented me from > getting > mail? Reread what I sent pinhead. It's not stopping me from sending, > it's stopping me from RECEIVING. I don't believe they have the legal > right to do that. > > Cynthia > > > Hmmm, maybe you should check with whoever supplies your email address. (Hint, unless someone sets up a block linst like SC on PURPOSE, it CANNOT affect you! IOW, your PROVIDER is using the blocklist(s)) Is that enough of a clue? From borgholio at storymind.com Mon Apr 25 16:15:21 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 25 18:20:08 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY In-Reply-To: References: Message-ID: Cynthia wrote: >> hehe > > > Ok, you think it's funny that this program has prevented me from getting > mail? Reread what I sent pinhead. It's not stopping me from sending, it's > stopping me from RECEIVING. I don't believe they have the legal right to do > that. > > Cynthia > > Sorry, but I work in customer service and I get inundated with people threatening legal action when they have absolutely no clue what they're talking about. It's rather pathetic, actually. I've learned to laugh whenever someone mentions "lawsuit". While I am not an expert by any means, I am familiar with the basics on how Spamcop works. Spamcop itself does NOT block anything. It simply maintains a list of networks from which spam originates. Your ISP may be using this list, which would explain why you're not getting any email from Yahoo Groups. But this is an issue with your ISP, NOT with Spamcop. From Cynthia at triplespiral.net Mon Apr 25 19:22:30 2005 From: Cynthia at triplespiral.net (Cynthia) Date: Mon Apr 25 18:25:09 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: I have my own website. And while the hosting company offer a spam blocker service, I do NOT use it. It's not my dial up service, the emails are rejected before I even try to download w/ OExpress. I tried reading straight on my web site, and they are not showing there either. Also it's not affecting all addresses from that website. Some of my address are working just fine with the Yahoo groups. Some are not. If it was either my hosting service or my dial up, why wouldn't all my addresses, or at least all the ones from the web site have the same problem? And it's only emails from Yahoo groups that have been affected, and only some of the groups...to some of my email addresses. This doesn't make sense!! Cynthia "JohnL" wrote in message news:Xns9643A4BC5F3D7johnlspamcopnet@216.154.195.61... > "Cynthia" wrote in > news:d4jpck$2gb$1@news.spamcop.net: > > >> > >> hehe > > > > Ok, you think it's funny that this program has prevented me from > > getting > > mail? Reread what I sent pinhead. It's not stopping me from sending, > > it's stopping me from RECEIVING. I don't believe they have the legal > > right to do that. > > > > Cynthia > > > > > > > > Hmmm, maybe you should check with whoever supplies your email address. > > (Hint, unless someone sets up a block linst like SC on PURPOSE, it CANNOT > affect you! IOW, your PROVIDER is using the blocklist(s)) > > Is that enough of a clue? From noah.boddie at newsgroup.nospam Mon Apr 25 19:22:08 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Mon Apr 25 18:25:38 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in message news:d4johm$1qq$1@news.spamcop.net... > I did NOT sign up for Spam Cop. I DO NOT WANT IT. Who the hell do they > think they are to step in and screw with my email? FWIW, Spamcop doesn't step in and/or screw with anyone's mail... > All the spam does is cost me a second do hit the "block > this email address" button..... And since spammers regularly change the (phoney) addresses they use, that's lots of button hitting... which adds up to lots of seconds... which parse to minutes/hours/days/weeks/months/years of wasted time. Not to mention wasted bandwith... > I swear I'm about 2 more bounced emails > away from filing a law suit. Wouldn't one WEAR a law suit and FILE a lawsuit? -- Live Nude Women http://www.dwacon.com From johnl at spamcop.net Mon Apr 25 23:25:46 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 18:30:10 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in news:d4jqi3$3du$1 @news.spamcop.net: > This doesn't make sense!! FINALLY you realize it!! Now, are you contacting your provider to find out what blocklists they are using and how you can stop using them? If they don't give you any options, then you don't have a very good provider at all. And once you find out, plase come back and apologize for your statements, that's the least you can do after threatening a "cartooney". From Cynthia at triplespiral.net Mon Apr 25 19:33:08 2005 From: Cynthia at triplespiral.net (Cynthia) Date: Mon Apr 25 18:35:07 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: My ISP offers a spam filter, it is NOT active on my account. My web host offers a spam filter, it is NOT active on my site. Who else is there to contact? I see nothing to apologize for. Last week I was able to receive email. This week I can not. Cynthia "JohnL" wrote in message news:Xns9643A7203DAACjohnlspamcopnet@216.154.195.61... > "Cynthia" wrote in news:d4jqi3$3du$1 > @news.spamcop.net: > > > This doesn't make sense!! > > FINALLY you realize it!! > Now, are you contacting your provider to find out what blocklists they are > using and how you can stop using them? > If they don't give you any options, then you don't have a very good > provider at all. > > And once you find out, plase come back and apologize for your statements, > that's the least you can do after threatening a "cartooney". From porpoise1954 at yahoo.co.uk Tue Apr 26 00:25:09 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 25 18:40:08 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in message news:d4jqi3$3du$1@news.spamcop.net... > I have my own website. And while the hosting company offer a spam > blocker > service, I do NOT use it. It's not my dial up service, the emails are > rejected before I even try to download w/ OExpress. I tried reading > straight > on my web site, and they are not showing there either. Also it's not > affecting all addresses from that website. Some of my address are working > just fine with the Yahoo groups. Some are not. If it was either my hosting > service or my dial up, why wouldn't all my addresses, or at least all the > ones from the web site have the same problem? > > And it's only emails from Yahoo groups that have been affected, and only > some of the groups...to some of my email addresses. > > This doesn't make sense!! > It makes perfect sense. The admin of the mailserver that holds your email account has a blocklist regime in place that is blocking mail from *some* other servers that are spewing spam. That some of those servers are ones that you want to receive mail from is collateral damage to that mailserver admin protecting their systems/customers from these spammer scum. From johnl at spamcop.net Mon Apr 25 23:38:46 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 18:40:32 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in news:d4jraa$44d$1@news.spamcop.net: > My ISP offers a spam filter, it is NOT active on my account. > My web host offers a spam filter, it is NOT active on my site. > > Who else is there to contact? I see nothing to apologize for. Last > week I > was able to receive email. This week I can not. Have you actually emailed both your ISP AND your web host and received replies from them that there is no filters on your accounts? Things do happen, sometimes not on purpose and they might have activated the filter(s). That is the ONLY way that your INcoming mail could be blocked, on the RECEIVING end, thru YOUR HOST. From nobody at nowhere.invalid Tue Apr 26 01:48:15 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 25 18:50:08 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: On Mon, 25 Apr 2005 17:48:10 -0400, Cynthia coughed into spamcop and left this in : > I swear I'm about 2 more bounced emails away from filing a law suit. This is going to be fun. Who has the popcorn concession today? -- Steve A clear conscience is usually the sign of a bad memory. From johnl at spamcop.net Mon Apr 25 23:52:21 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 18:55:04 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Steven Maesslein wrote in news:slrnd6qstf.3vk.nobody@127.0.0.1: > On Mon, 25 Apr 2005 17:48:10 -0400, Cynthia coughed into spamcop and > left this in : > >> I swear I'm about 2 more bounced emails away from filing a law suit. > > This is going to be fun. Who has the popcorn concession today? > Well I just got back from the store with extra beer and pop. ;-) From MikeE at ster.invalid Mon Apr 25 16:55:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 18:55:21 2005 Subject: [SpamCop-List] Re: Head 'em off at the Headers References: Message-ID: rodxpam wrote: > I would like to > detail what happens when/if misconfigured headers are denied by my > server. I don't understand what that means. What is -an example of- or -the meaning of- -1- a 'misconfigured' header or -2- being 'denied by' your server? And what is your server? Such as what is its server software and what is it configured to 'deny'? -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 25 18:59:56 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 25 19:00:04 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in message news:d4johm$1qq$1@news.spamcop.net... > > I have my own domain, so it's not like it's some internet provider's > fault. And on that domain, I do have the ability to set up filters, and > there are NONE that would block my Yahoo groups. Again, how is this > happening? How do I make it stop? I swear I'm about 2 more bounced emails > away from filing a law suit. What is really funny to me is that the last time I posted the Forum FAQ (Frequently Asked Questions) entry list here was back in January. I just re-posted the current list of entries and coincidentally, this is when you choose to drop in and say Hi! Bottom line, YahooGroup e-mail has it's own FAQ entry, and a number of other previous 'discussions' here and there. A bit of research can pay amazing benefits. From MikeE at ster.invalid Mon Apr 25 17:01:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 19:05:07 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Cynthia wrote: > I noticed my Yahoo groups seemed quiet...I have huge mailboxes, > so I know I'm not bouncing due to a full box. I go check, and I am > *hard* bouncing..why??? This is what I see "Remote host said: 550 > Blocked - see http://www.spamcop.net/bl.shtml?66.94.237.24 [RCPT_TO] " I'm still not clear on what is going on with your mailbox, but 66.94.237.24 rDNS n13a.bulk.scd.yahoo.com is not on the SCbl presently. It isn't possible for me to tell if it has been any time recently. That certainly looks like a busy yahoo output server. It is also listed in some minor blocklists, one of them for backscatter -- which /can/ get an IP SC blocklisted, so it is possible that it was listed recently for backscatter. If I can find an IP while I'm typing this, I'll show you what the link sez when something is listed, because the explanation explains backscatter problems. Some providers use blocklists other than SC's and they errantly make their delivery status notifications say spamcop. That may have happened here. > I have my own domain, so it's not like it's some internet > provider's fault. And on that domain, I do have the ability to set > up filters, and there are NONE that would block my Yahoo groups. > Again, how is this happening? So far it doesn't make any sense to me. According to the records, triplespiral.net's MX is mail.triplespiral.net and your nameservice is by iPowerWeb and the MX is in iPower's space. I don't know if you configure your own server or if someone else does it. > How do I make it stop? First, we need to figger out what is happening. Where did you get that DSN or bounce information you posted? > I swear I'm > about 2 more bounced emails away from filing a law suit. We call that kind of language a 'cartooney' -- so it would be better if you didn't use it. It is offensive and doesn't mean anything, that's why it is a cartooney joke - sounds like attorney, but it is actually silly. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Apr 26 00:48:49 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 25 19:05:28 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Cynthia" wrote in message news:d4jraa$44d$1@news.spamcop.net... > My ISP offers a spam filter, it is NOT active on my account. > My web host offers a spam filter, it is NOT active on my site. > > Who else is there to contact? I see nothing to apologize for. Last week > I > was able to receive email. This week I can not. > > Cynthia Well you should be talking to whoever provides your mailservice to find out why they're blocking the IPs of the mailservers you want to receive mail from. They are the only ones who know what they're blocking...... From porpoise1954 at yahoo.co.uk Tue Apr 26 00:49:47 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 25 19:05:40 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Steven Maesslein" wrote in message news:slrnd6qstf.3vk.nobody@127.0.0.1... > On Mon, 25 Apr 2005 17:48:10 -0400, Cynthia coughed into spamcop and > left this in : > >> I swear I'm about 2 more bounced emails away from filing a law suit. > > This is going to be fun. Who has the popcorn concession today? > I'll have the jellybeans please. ;-) From borgholio at storymind.com Mon Apr 25 17:17:00 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 25 19:20:04 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY In-Reply-To: References: Message-ID: JohnL wrote: > Steven Maesslein wrote in > news:slrnd6qstf.3vk.nobody@127.0.0.1: > > >>On Mon, 25 Apr 2005 17:48:10 -0400, Cynthia coughed into spamcop and >>left this in : >> >> >>>I swear I'm about 2 more bounced emails away from filing a law suit. >> >>This is going to be fun. Who has the popcorn concession today? >> > > > Well I just got back from the store with extra beer and pop. ;-) Pop? OH! You mean SODA. From johnl at spamcop.net Tue Apr 26 00:19:48 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 19:20:25 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Borgholio wrote in news:d4jtpc$630$1 @news.spamcop.net: > JohnL wrote: >> Well I just got back from the store with extra beer and pop. ;-) > > > Pop? OH! You mean SODA. Hey, Icalled it soda all my life.... up until I lived in So.Cal.!!! THAT's when it became pop. :P From devnull at spamcop.net Mon Apr 25 20:00:54 2005 From: devnull at spamcop.net (Frog Prince) Date: Mon Apr 25 19:30:51 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: | On Mon, 25 Apr 2005 17:48:10 -0400, Cynthia left this in : | | > I swear I'm about 2 more bounced emails away from filing a law suit. I don't nomally watch things (like foot ball or xxx rated movies) if I can't participate but this lawsuit is one that should be entertaining. Heck I'll even bring the hot wings... From borgholio at storymind.com Mon Apr 25 17:28:29 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 25 19:31:30 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY In-Reply-To: References: Message-ID: JohnL wrote: > Borgholio wrote in news:d4jtpc$630$1 > @news.spamcop.net: > > >>JohnL wrote: >> >>>Well I just got back from the store with extra beer and pop. ;-) >> >> >>Pop? OH! You mean SODA. > > > Hey, Icalled it soda all my life.... up until I lived in So.Cal.!!! > THAT's when it became pop. :P Oh bull. Pop is what you call it in Canada or Wyoming. :) From johnl at spamcop.net Tue Apr 26 00:32:34 2005 From: johnl at spamcop.net (JohnL) Date: Mon Apr 25 19:35:07 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Borgholio wrote in news:d4juet$6ir$1 @news.spamcop.net: > Oh bull. Pop is what you call it in Canada or Wyoming. :) Nope, up here it seems about half and half. But in So.Cal, it was probably 85% "Pop" One place even tried to give me a glass of "Soda Water" in Riverside. ( or maybe it was in Pomona, quite some time ago ) From carrickp at spamcop.net Mon Apr 25 19:33:43 2005 From: carrickp at spamcop.net (Carrick Patterson) Date: Mon Apr 25 19:35:23 2005 Subject: [SpamCop-List] Re: MORE SPAM? References: Message-ID: in article d4f1g0$kdm$1@news.spamcop.net, TJP at @cesmail.net wrote on 4/23/05 9:49 PM: > Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to > have more of the same 3 messages getting into my inbox. I have written > support but no answers yet. > > I, too, am seeing much more SPAM getting through SPAMCOP, especially pharmacy spam. From none.of at your.biz Mon Apr 25 18:05:35 2005 From: none.of at your.biz (R. Asby Dragon) Date: Mon Apr 25 20:10:03 2005 Subject: [SpamCop-List] Re: Any way to include "redirects" in SC reports? In-Reply-To: References: Message-ID: Mike Easter wrote: > R. Asby Dragon wrote: > >>I'm not a "paying member"; is that possible if I join? > The way you would do it would be to develop your system for tracking > down the ultimate target; I prefer to use SamSpadeWin's GET function, SSW's my choice; been my tool of choice for years. (not that I don't use others as needed :} I've been LARTing since '97 . > > Then, you feed just that URL to SC's parser and it will tell you the > notify it likes for that. > > Then, you can add that notify to your notify for the original spamitem > and explain why with your remarks. > > >>I've been doing a manual LART on these after SC'ing the spam normally; >>but I'm a lousy typist and the "redirected URL trick" spams are >>increasing too fast for me to keep up.. > > > Manual larts are done most efficiently with a little multipurpose > template for the job. No typing, just pasting and cutting. > > I've made up over 10 templates over the years; just have never been happy with any I've done. I've stole^^^borrowed OP's ideas and such; but have never found the right combination. (My problem.. too picky ??) I guess I'm going to "do the deed"and pay the money; I've just been putting it off. Thanks; Mike !! From Cynthia at triplespiral.net Mon Apr 25 21:10:09 2005 From: Cynthia at triplespiral.net (Cynthia) Date: Mon Apr 25 20:15:05 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "> I'm still not clear on what is going on with your mailbox, Well, at least I have company. :) but > 66.94.237.24 rDNS n13a.bulk.scd.yahoo.com is not on the SCbl > presently. It isn't possible for me to tell if it has been any time > recently. That certainly looks like a busy yahoo output server. It is > also listed in some minor blocklists, one of them for backscatter -- > which /can/ get an IP SC blocklisted, so it is possible that it was > listed recently for backscatter. If I can find an IP while I'm typing > this, I'll show you what the link sez when something is listed, because > the explanation explains backscatter problems. I checked my own address as well, just in case. It's not there either. > > Some providers use blocklists other than SC's and they errantly make > their delivery status notifications say spamcop. That may have happened > here. Oh lovely. So not only did someone go and mess me up, they may have thrown me a bit of misdirection too. >> > So far it doesn't make any sense to me. According to the records, > triplespiral.net's MX is mail.triplespiral.net and your nameservice is > by iPowerWeb and the MX is in iPower's space. I don't know if you > configure your own server or if someone else does it. I don't have a server of my own - no high speed connection here, it didn't seem worth the hassle of set up. iPower is my web hosting service. > > First, we need to figger out what is happening. Where did you get that > DSN or bounce information you posted? When the Yahoo groups get a bounced email, you can access it, or rather, part of it. The accounts that did the "hard bouncing" all had that as the last response from that account. It's not the complete header, but it's all they show me. For what it's worth, I just spoke to a tech at my ISP. He confirmed that 1) I do not have their spam blocker in place, and 2) it wouldn't have touched the emails from my web site even though I do download them through the ISP & Outlook Express. (Didn't think it would have, but figured I may as well ask) I am awaiting a response from iPower tech support, but I have checked the spam filters on my site, none are active. As far as any of their information says, their clients control the level of spam filtering and they don't interfere. Whatever happened has happened to both my Earthlink email and the ones through my own domain. But not *all* of them across the board. If iPower was running a second filter, then all of the accounts on my own domain would be affected. They are not. I've confirmed Earthlink isn't the source. I've also checked my last access time to the control panel of my web site where all those options are configured, and it was the last time I logged in, so it's not like I got hacked by someone pranking me who fooled w/ the settings. (Although why they'd bother is beyond me) For what it's worth, I have spyware & virus protection as well although I think it's safe to eliminiate my computer as the source of the problems since the emails aren't getting this far. There are two things that don't make sense - if it was my host, then all accounts there should be affected. They are not. Some have had Yahoo messages coming through w/out a hitch. I switched one bounced group to a different email on Saturday and it has worked fine since. Secondly, if either my host or my ISP was blocking that IP, then shouldn't it be a tad more constant? Last week, everything was fine. Friday afternoon, one address began bouncing. I reactivated it. It worked through until Saturday afternoon, then three addresses started bouncing. I'm not sure if they all went at the same time, just that I know I receieved mail on all three Sat am. I reactivated two of them, and swtiched the third to a different email. . They worked - again - for a few hours, but the two I didn't switch were bouncing by Sunday am. I reactivated Sunday eve, they worked fine then bounced today along with a different address that had worked all weekend long. I realize that they change their blacklist, but this frequently? All I know I know for sure is that someone else somewhere has done something that is screwing up my incoming mail, and it's still going on. I just reactivated one of those addys again, even though it'd been receiving mail for the last two hours. There are no words for this level of fustration. I stand by my subject header... decades on the internet (anyone else remember Genie?) and I have had more trouble with SpamCop (or what seems to be a result of SpamCop) in the past four days than I have had with spam over all these years. Cynthia From nobody at spamcop.net Mon Apr 25 18:18:31 2005 From: nobody at spamcop.net (Ray) Date: Mon Apr 25 20:20:04 2005 Subject: [SpamCop-List] Re: MORE SPAM? References: Message-ID: In article , Carrick Patterson wrote: > in article d4f1g0$kdm$1@news.spamcop.net, TJP at @cesmail.net wrote on > 4/23/05 9:49 PM: > > > Has anyone noticed that more SPAM is getting through SPAMCOP? I seem to > > have more of the same 3 messages getting into my inbox. I have written > > support but no answers yet. > > > > > I, too, am seeing much more SPAM getting through SPAMCOP, especially > pharmacy spam. > Lot's more spam in general mostly pump and dump and pills. Up maybe 400-500 per day over the last 4 or 5 days. From MikeE at ster.invalid Mon Apr 25 18:45:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 20:45:04 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Cynthia wrote: > (anyone else remember Genie?) Actually, it was officially 'GEnie' -- because the commercial BBS was made more economical [unlimited night access and a local access number] by the usage of infrastructure which belonged to General Electric and those were GE's off hours. I was never Prodigy or CompuServe or any of those others, only GEnie. I also didn't really do very much on local bulletin boards - but I spent a lot of time on GEnie because it had a very active Atari ST contingent. The Atari sysop that I remember best was Darlah, can't remember her last name just now. Started with a P I think. Atari's name was associated with games, but the 'believers' in the system [my OS is better than your OS] believed in the OS and the hardware because the value and the interface were better than WinTel or Mac or Amiga of the same generation. I never had anything to do with games, and I had about 5 different STs, 3 1040s and 2 Megas. At one location I had 2 of the 1040s networked via their midi ports. I still have a lot of that hardware piled up in a closet. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 25 22:30:17 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 25 21:35:46 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: "Borgholio" wrote in message news:d4jouj$24m$1@news.spamcop.net... > Cynthia wrote: >> I noticed my Yahoo groups seemed quiet...I have huge mailboxes, so I >> know I'm not bouncing due to a full box. I go check, and I am *hard* >> bouncing..why??? This is what I see "Remote host said: 550 Blocked - see >> http://www.spamcop.net/bl.shtml?66.94.237.24 [RCPT_TO] " >> >> I did NOT sign up for Spam Cop. I DO NOT WANT IT. Who the hell do they >> think they are to step in and screw with my email? They are worse than >> the >> damn spammers!!!! All the spam does is cost me a second do hit the "block >> this email address" button.....Spam Cop has taken my email away from me! >> >> I have my own domain, so it's not like it's some internet provider's >> fault. And on that domain, I do have the ability to set up filters, and >> there are NONE that would block my Yahoo groups. Again, how is this >> happening? How do I make it stop? I swear I'm about 2 more bounced >> emails >> away from filing a law suit. >> >> Cynthia >> >> >> >> >> > > hehe Gopher it! Groundhog it, mole it! From MikeE at ster.invalid Mon Apr 25 19:36:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 25 21:36:25 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: Message-ID: Cynthia wrote: > There are no words for this level of fustration. I stand by my > subject header... SC doesn't block anything. SC is a parsing and reporting service, free and paid, whose purpose is to facilitate people using their spam to notify the providers for source and spamvertisers and to also provide a layer of 'anonymity' between the reporter and the provider - unless the reporter chooses to not munge or unless a provider chooses to not receive default munged reports. SC is also a pay mail filtering service which also facilitates reporting by its clients. SC also maintains the SC blocklist, a DNSbl of spamsources derived from its reporters who are many and from its spamtraps, number unknown. SC handles many millions of reports per week, and because of its automated listing and unlisting mechanisms it is a very frisky and powerfully dynamic blocklist. This has made the SCbl a very very popular blocklist which is used by many admins and users who run servers, and also by individuals using DNSbl/s in their spam filters. The way a mail gets blocked by something which is in the SCbl is if a server is using the SCbl to reject mail. This is not generally recommended http://www.spamcop.net/fom-serve/cache/291.html IMO server rejection of mail is a healthy practice in general, but there are a lot of DNSbl/s, and a wise server admin should know how to use each of them considering strengths and weaknesses. The link I cited suggests tagging mail and making the filtered mail accessible to the user, which is the way the SC mail filtering service works. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 25 22:35:28 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 25 21:40:09 2005 Subject: [SpamCop-List] Re: WANT SPAMCOP TO GO AWAY References: