From nobody at devnull.spamcop.net Fri Apr 1 11:50:05 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Mar 31 21:55:02 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Never mind. > > anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) > Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical > tracking. The non-bouncing address is anti-spam@chinanet.cn.net From nobody at devnull.spamcop.net Fri Apr 1 17:08:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Fri Apr 1 03:10:07 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Patto wrote: > Brian (SnSR) wrote: > >> Never mind. >> >> anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) >> Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical >> tracking. > > > The non-bouncing address is anti-spam@chinanet.cn.net There is also abuse@chinatietong.com - it doesn't seem to bounce. From nobody at nowhere.invalid Fri Apr 1 10:25:54 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Apr 1 03:30:03 2005 Subject: [SpamCop-List] Re: chinatietong.com References: Message-ID: On Fri, 01 Apr 2005 17:08:07 +0900, Patto coughed into spamcop and left this in : >> The non-bouncing address is anti-spam@chinanet.cn.net > > There is also abuse@chinatietong.com - it doesn't seem to bounce. That's because /dev/null never fills up. Cynic, moi? :) -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From nobody at xyzzy.claranet.de Fri Apr 1 13:03:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:05:26 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> Message-ID: <424D2A9B.6168@xyzzy.claranet.de> Porpoise wrote: > Do you still use an old telephone with a dial that you poke > your finger in to dial as well? ;-) No, translating pulses to tones is too slow for phone banking, I've lost my external tone generator. But in theory... ASCII-art is 24*79 or smaller, anything else is just spam. Bye From nobody at xyzzy.claranet.de Fri Apr 1 13:09:36 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:10:03 2005 Subject: [SpamCop-List] ICANN annual whois data problem report Message-ID: <424D2BF0.71CF@xyzzy.claranet.de> For details see... ...but the expected outcome is clear, gTLD .biz got three times more reports than any other ICANN gTLD (relatively). Bye, Frank From MikeE at ster.invalid Fri Apr 1 05:20:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:20:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). That's a very interesting report. Here's a par "Third, there are a number of "power users" of the system. Given that they account for more than 50% of the reports, and that at least 74% of the reports are for legitimately bad Whois information, it is reasonable to assume that these industrious individuals are indeed finding many domains with incorrect Whois information. It might be reasonable to offer features in the interface to help these users." The power users to whom they are referring is based on the fact that there were 31533 reports, 3122 reporters, and the top 20 reporters reported 18317 reports. The top or power power reporter reported 4035. Now there's a diligent reporter. What I'm wondering about is the significant number of reports which were deemed to result in 'other' or 'data unchanged' as opposed to 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports resulted in data unchanged. People who are interested in the problem of bad whois and reporting it to icann/internic should read that report. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 1 05:26:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > What I'm wondering about is the significant number of reports which > were deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. There's a par on that subject as well, describing what happened when ICANN investigated whether the report should have been so classificd. The facts are that the registrars were doing a very bad job of so classifying the report. "In order to better understand the nature of the domain names marked "Other" or "Data Unchanged" (7,532 total) I CANN staff individually reviewed 5,842 (about 80%) of them and made the following observations: more than half (51.6%) had in fact been deleted or suspended. Another third of them (34.9%) had Whois data that appeared to be accurate (note, however, that it is quite possible to supply Whois information that looks completely plausible, but is in fact bad). About 14% appeared incomplete or clearly inaccurate." So the other & data unchanged data is seriously outawhack. -- Mike Easter kibitzer, not SC admin From salvisberg at spamcop.net Fri Apr 1 16:26:32 2005 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Fri Apr 1 09:20:03 2005 Subject: [SpamCop-List] Re: Automatic "held mail" deletion? In-Reply-To: References: Message-ID: <424D5A18.9070209@spamcop.net> Tim Lavoie wrote: > I'm using the spam filters to grab incoming spam instead of passing it > on, and that part works well. It does build up quickly though, leaving > a huge backlog of unreportable spam if I don't get to it every day or so. > > Is it possible to set it up to just delete old emails after certain age? I had this same problem with a SpamCop account that I set up for a computer-illiterate third party, but 1. old Held Emails seem to go away after a while (but until then they keep showing up in the Held Email report again and again...), and 2. if you have an email client with IMAP support (e.g. Thunderbird), you can set up an IMAP account for SpamCop, subscribe to the Held Email folder, and then delete your Held Email reasonably efficiently by simply dragging it from the Held Email folder to the Trash folder. It would be nice if this mechanism could also be used for reporting, e.g. by having a "Quick-Report as Spam" (and possibly a "Queue for Spam Reporting") folder, but this is not the case. See http://www.spamcop.net/fom-serve/cache/335.html for more information. Hans From skiwi at spamcop.net Fri Apr 1 08:03:14 2005 From: skiwi at spamcop.net (Skiwi) Date: Fri Apr 1 11:05:02 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? In-Reply-To: References: Message-ID: Mike Easter wrote: > Skiwi wrote: > >>Mike Easter wrote: >> >>>Skiwi wrote: >>> >>> >>>>Does yahoo@admin.spamcop.net go anywhere except the bit bin? >>> >>> >>>I'm not an admin, but those types of addresses typically are for >>>special handling for the provider, not a devnul. >> >>[snip] >> >>That was my feeling - but I wanted some admin confirmation or at least >>hand-holding that I using a "good" user report address! :-) > > > Skiwi wrote: > >>Thanks Fred - but I am getting so many of those pimp & dumps using >>st0ck54@yahoo.com et. al. that manual larting would be, hmmm, how to >>say, less likley for me to do! :-) > > > What I'm looking at in sightings^1 -- that looks to me like a (likely > bogus) remove addy. > > If you have a yahoo account, you can check it the username for > availability, but I'll be surprised if you get a positive yahoo response > to a notify of a remove email addy. You are, cough, analyzing spam then? :-P This guys seems to have such specific emails that I am guessing he is trying to be "legit" (or at least look "legit") - I have heard stories about the Vancouver Stock Exchange... :-) Anyway, I sent an email from a throwaway to 10 of the addresses - 42 through 52 - and nothing bounced back yet... Earlier, I sent complaints to Yahoo via their form for some of the 30-series ones; got back the 'we have taken action but won't tell you what is is" (thanks "Chad"!) - but did NOT say that they did not exist... Anyway... From MikeE at ster.invalid Fri Apr 1 08:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 11:25:03 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? References: Message-ID: Skiwi wrote: > Mike Easter wrote: >>> st0ck54@yahoo.com >> What I'm looking at in sightings^1 -- that looks to me like a (likely >> bogus) remove addy. >> but I'll be surprised if you get a positive yahoo >> response to a notify of a remove email addy. > > > You are, cough, analyzing spam then? :-P For the purposes of discussion, naturally. Everyone has to trip their own trigger about how they like to notify or otherwise engage in the sport or pastime or hobby of spamfighting, including how they use SC simply as a tool. But of course I'm kibitzing how that sport can be played. In the beginning, the qx was about SC using the notify address of yahoo@admin.spamcop.net for 'something' and I told about how I tho't SC didn't notify yahoo about http://mail.yahoo.com. SC also doesn't notify for spambody email addresses -- an admin decision based on the considered judgment as to the value of notifying for removes in general and those which were email addies instead of links specifically. Once upon a time SC /did/ notify for email addresses in spambodies. So, when the discussion evolved into the idea of notifying for a email remove address, I felt like putting in my 2 cents. In order to get 2 cents worth, I had to figger out why we were talking about st0ck54@yahoo.com - which required more than my reading the content of a spambody, I actually had to go dig it out of sightings in order to read it. Also, if you are doing a 'user directed' notify to yahoo about the st0ck54 username, SC advises to those using the parser for advice about notifies, not the SC notify address, but instead the user yahoo notify address. Parsing input: st0ck54@yahoo.com Reporting addresses: mail-abuse@yahoo-inc.com postmaster@yahoo.com > > This guys seems to have such specific emails that I am guessing he is > trying to be "legit" (or at least look "legit") - I have heard stories > about the Vancouver Stock Exchange... :-) > > Anyway, I sent an email from a throwaway to 10 of the addresses - 42 > through 52 - and nothing bounced back yet... > > Earlier, I sent complaints to Yahoo via their form for some of the > 30-series ones; got back the 'we have taken action but won't tell you > what is is" (thanks "Chad"!) - but did NOT say that they did not > exist... > > Anyway... -- Mike Easter kibitzer, not SC admin From Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu Fri Apr 1 16:51:22 2005 From: Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu (Paul Sawyer) Date: Fri Apr 1 11:55:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:424D2A9B.6168 @xyzzy.claranet.de: > Porpoise wrote: > >> Do you still use an old telephone with a dial that you poke >> your finger in to dial as well? ;-) > > No, translating pulses to tones is too slow for phone banking, > I've lost my external tone generator. But in theory... > > ASCII-art is 24*79 or smaller, anything else is just spam. Bye Feh -- I can remember ASCII art of 132 column width and virtually unlimited length. Kids today.... From cbminfo at toast.net Fri Apr 1 11:58:02 2005 From: cbminfo at toast.net (ken) Date: Fri Apr 1 12:00:04 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: "Frog Prince" wrote in message news:d2h6d2$c06$1@news.spamcop.net... > > "ken" > | After digging thru this the only legitimate address with an abuse > | address was my isp's return address. > | The other links jumped all over the planet wherever a phone line > could > | be hung. > | ====================================================== > | Couple weeks back it was WAMU banks, they're still coming in > | intermittantly, and they had the same returns all the time. They > | finally created an abuse address > | > ========================================================================== > | Not nearly as prolific as WAMU, I've seen other banks represented > in > | these scams. All with no legitimate abuse addresses, and rather > than > | forward my email to some unknown, I've opted to just forwarding > these > | on to spam@uce.gov. Why not stick with WAMU ? did they choose to > chase > | and prosecute ? > > I'm a WAMU customer. I called sent emails etc the responce 'just > delete it' > or get a spam blocker. > > For awhile there I was getting wamu from the SAME return for the longest time. So got into the habit of reporting it to them. Obviously if it's not from my bank telling me to update my account, it's definitely spam. I use popfile. Only when the spam passes as regular mail do I waste a minute on it. popfile has a better than 90% accuracy on moving the trash to the trash folder. I'm just saying that there's a lot of spams fitting the Nigerian scam now targeting U.S. financial institutions. That Nigerian thing may be more of a joke and annoyance now, but it did hook several people to thousands of dollars if you can believe what the news says. I don't really think ignoring and deleting these scams emails does anyone any good. And it would seem the only ones even suggesting to do nothing about it are the ones profiting from them. Actually WAMU had no abuse when I 1st started reporting to them. Now they do. they send a thank you form letter. which makes sense when the business is business. From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 1 09:26:00 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 1 12:30:07 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report In-Reply-To: References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > Frank Ellermann wrote: > >>For details see... >> >> >> >>...but the expected outcome is clear, gTLD .biz got three >>times more reports than any other ICANN gTLD (relatively). > > > That's a very interesting report. Here's a par > > "Third, there are a number of "power users" of the system. Given that > they account for more than 50% of the reports, and that at least 74% of > the reports are for legitimately bad Whois information, it is reasonable > to assume that these industrious individuals are indeed finding many > domains with incorrect Whois information. It might be reasonable to > offer features in the interface to help these users." > > The power users to whom they are referring is based on the fact that > there were 31533 reports, 3122 reporters, and the top 20 reporters > reported 18317 reports. The top or power power reporter reported 4035. > Now there's a diligent reporter. That's an average of over 900 reports for the top 20. Subtracting the top reporter's 4035 from 18317 reports of the top 20 reporters and dividing by 19 gives an average of 750 reports per reporter for the top 20 minus 1. I've made lots of reports, but not quite that many. Guess I need to step it up a bit. > > What I'm wondering about is the significant number of reports which were > deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. > > People who are interested in the problem of bad whois and reporting it > to icann/internic should read that report. > It is an informative article, lending some encouragement with the knowledge that our reports are having some effect. The analysis performed on the data indicates that more than 63% of the names reported were corrected, suspended, or are no longer registered. Then there is this statement that shows why only 63% were corrected - The advisory also reiterated that a registrar has the right to cancel a registration in such cases, but is not required to do so. Another disheartening note - Finally, the 16,941 reported names is a small fraction of the 49+ million gTLD registrations. From not at home.today Fri Apr 1 20:54:47 2005 From: not at home.today (Ant) Date: Fri Apr 1 15:00:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote: > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: [snip] >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually unlimited > length. > > Kids today.... Indeed. I still have a stack of fanfold line-printer paper on which I produced an ASCII image in several strips. When assembled and laid out it is about 9 feet square! From pantheus at suespammers.org Fri Apr 1 11:56:43 2005 From: pantheus at suespammers.org (Ken Knull) Date: Fri Apr 1 15:00:08 2005 Subject: [SpamCop-List] A Russian ISP that cares? Message-ID: English isn't perfect, clue-impaired? about closing open proxy, but hey, a non-autoack ... far more than I've ever gotten from any Russian outfit. Ken Hello, the client is temporarily blocked!!! Despite of efforts of the client the spam continued, to act in communication, with what has been blocked before finding-out of circumstances. ?????????? ?? ??????????? ?????? ???????? ********************* ??????????? ???????????? ??? ??????? ? ???????? ?????? ???????? ????? (095)789-37-27 Best regards, ISP "Zebra Telecom" Maxim Volkov www.zebratelecom.ru 24h customer service : Moscow: +7(095)741-0011 support@ztel.ru St.Petersburg: +7(812)103-3103 -----Original Message----- From: Alex Tsybin [mailto:a.tsybin@zebratelecom.ru] Sent: Friday, April 01, 2005 12:04 PM To: support@ztel.ru Subject: FW: [SpamCop (213.145.41.76) id:1393564647]**JUNK** pantheus, LOS MEJORES DOCUMENTALES DE ESP.. From PossumTrot at dont.spam.me Fri Apr 1 13:11:42 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Apr 1 16:15:04 2005 Subject: [SpamCop-List] Did the MS suits stop Spammy overnight? Message-ID: Today was the lowest number of spam in my attglobal.net account in 5 years - only 6 compared with 220 the day before and an average of more than 200 per day for the past year. Surely the MS suits filed yesterday didn't impact that number. From nobody at spamcop.net Fri Apr 1 17:06:48 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 17:10:02 2005 Subject: [SpamCop-List] Preventing Exchange 2000 from delayed bouncing Message-ID: I just made the unpleasant discovery that our corporate mail server is accepting undeliverable mail and then sending bounces, specifically in the case of nonexistent recipients. I guess we're lucky that spammers haven't found it (yet). I want to configure it to reject during the SMTP session instead of after, but I wasn't able to find any information on how to do so from a cursory Google search. The server is running Exchange 2000. Does anyone have a pointer to how I can fix this? Thanks, Mike From dfm2a3l0t2 at spymac.com Fri Apr 1 17:30:48 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Apr 1 17:35:03 2005 Subject: [SpamCop-List] Re: Unsubscribe Now Spam ?? References: Message-ID: In article , "Dwayne Conyers" wrote: > I'll spank myself. Oooh, kinky! -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Fri Apr 1 14:52:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 17:55:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: Mike Nuss wrote: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the > SMTP session instead of after, but I wasn't able to find any > information on how to do so from a cursory Google search. The server > is running Exchange 2000. Does anyone have a pointer to how I can fix > this? Someone else with experience with exchange may have a better link, but here's a place to start while you are waiting for them to show up here. http://www.byteplant.com/support/nospamtoday/howtorejectexchange.html How To Reject Undeliverable Mail with MS Exchange -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sat Apr 2 01:00:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:05:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: <424DD295.25C4@xyzzy.claranet.de> Mike Easter wrote: > So the other & data unchanged data is seriously outawhack. Not necessarily. I only report stuff listed at RFCI with the evidence of a bounced mail. When they later ask me what happened, I compare old + new data. If it's the same I test RCPT TO but don't try to send a mail. If RCPT TO is okay I say "other" (+ manual comment), otherwise I say "still bad". Bye, Frank From nobody at xyzzy.claranet.de Sat Apr 2 01:05:42 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:10:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: <424DD3C6.6677@xyzzy.claranet.de> Paul Sawyer wrote: > I can remember ASCII art of 132 column width and virtually > unlimited length. Now you confuse Snoopy or some [XXX] with ASCII art. And that wasn't in mail, it was a proper print job. > Kids today.... ...don't try to punch Snoopy. Bye, Frank From MikeE at ster.invalid Fri Apr 1 15:11:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 18:15:03 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> <424DD295.25C4@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> So the other & data unchanged data is seriously outawhack. > > Not necessarily. I only report stuff listed at RFCI with > the evidence of a bounced mail. When they later ask me what > happened, I compare old + new data. If it's the same I test > RCPT TO but don't try to send a mail. If RCPT TO is okay I > say "other" (+ manual comment), otherwise I say "still bad". Yabbut, what I'm meaning is that the reports were generated, and then the registrars were the respondents to the reports incompetently, just like they were incompetent in entering the bogus data in the first place.. The registrars responded with other16% and unchanged 59% as opposed to the other choices of corrected and deleted-- but that wasn't true very often. ICANN investigated and found that most of the time the answer should have been something else. I would like to believe that ICANN is exerting pressure appropriately to get registrars to act like the information is supposed to be correct in the first place and that they are also supposed to be responsive when /they/ are challenged that it isn't. The fact that registrars accept blatantly bogus information indicates that they don't take the responsibility seriously, and that ICANN should be making them do so. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 1 18:04:01 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 1 18:30:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 Ellen From eddie at eddie.web Fri Apr 1 21:00:12 2005 From: eddie at eddie.web (eddie) Date: Fri Apr 1 21:05:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the following: > Today was the lowest number of spam in my attglobal.net account in 5 years > - only 6 compared with 220 the day before and an average of more than 200 > per day for the past year. Surely the MS suits filed yesterday didn't > impact that number. I have noticed a downward trend in spam volume. But it is personal and anecdotal. I may be simply getting "list washed" for all my complaining and reporting to higher authorities (congress, FBI, IRS etc.) However, I have noticed the trend that most of my spam now consists mainly of chinese spamvertized sites (with russian and brazil next in line) and with most of the actual spam coming from korea. It has been a while since I was being deluged by spam from att, mci, comcast, charter etal. Whether the principals are the same but they simply have moved offshore, it's clear that it must be getting hot for the spammers to use US websites and email sources. Even the number of zombie spammers has dropped, either from ISPs getting to them or from Microsoft service packs finally disallowing them. Having said that, I fully expect a huge amount of spam later today :) It always seems to work that way. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Fri Apr 1 23:26:43 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 23:30:04 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing In-Reply-To: References: Message-ID: Ellen wrote: > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > Ellen > > Thanks, but this doesn't really do what I want, as it still accepts the messages. I want it to reject them. Unfortunately it appears that Exchange 2000 provides no mechanism to change this, and the only solution I've seen so far was Mike Easter's link, which is unfortunately to a commercial add-on that purports to solve the problem (and not terribly cleanly). Adding anything onto Exchange makes me a little queasy (well, not much more than running Exchange in the first place, I guess). Still hoping that someone will show up with a better solution. Mike From ric.gates at bigsleep.org Sat Apr 2 04:27:32 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:30:09 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 eddie entered spamcop and left news:pan.2005.04.02.02.00.12.280000@eddie.web: > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they > simply have moved offshore, it's clear that it must be getting hot for > the spammers to use US websites and email sources. Many of these are being blocked, I can still sit there and watch the comcast IPs getting reflected, it produces a bit of a glow. -- | Ric | From ric.gates at bigsleep.org Sat Apr 2 04:49:02 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 Blammo entered spamcop and left news:Xns962BD02B9347Bblammo@216.154.195.61: > produces a bit of a glow. Speaking of glow, I heat my house with the glow from chinanet. -- | Ric | | From bar_n0ne at hotmail.com Sat Apr 2 08:42:04 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Apr 1 23:55:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: "eddie" wrote in message news:pan.2005.04.02.02.00.12.280000@eddie.web... > On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the > following: > > > Today was the lowest number of spam in my attglobal.net account in 5 years > > - only 6 compared with 220 the day before and an average of more than 200 > > per day for the past year. Surely the MS suits filed yesterday didn't > > impact that number. > > I have noticed a downward trend in spam volume. But it is personal and > anecdotal. I may be simply getting "list washed" for all my complaining > and reporting to higher authorities (congress, FBI, IRS etc.) > However, I have noticed the trend that most of my spam now consists mainly > of chinese spamvertized sites (with russian and brazil next in line) and > with most of the actual spam coming from korea. > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they simply > have moved offshore, it's clear that it must be getting hot for the > spammers to use US websites and email sources. Even the number of zombie > spammers has dropped, either from ISPs getting to them or from Microsoft > service packs finally disallowing them. > Having said that, I fully expect a huge amount of spam later today :) It > always seems to work that way. > > -- > Once movie theaters gave out steak knives > Today they confiscate them Your provider may just have started filtering or miltering mine did and i dropped from 200+ to less than 10 a day rising again From ric.gates at bigsleep.org Sat Apr 2 05:10:23 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:15:05 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: On 29 Mar 2005 ken entered spamcop and left news:d2ch6b$eqr$1@news.spamcop.net: > If the people start moving their cash into mattresses and coffee cans > in the back yard because they can no longer trust the banks, where's > the economy headed ? > Ha! Most people in America don't have any money. You are working for the Man, man, come now, join me brother.... -- | Ric | From bar_n0ne at hotmail.com Sat Apr 2 09:35:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 2 00:40:02 2005 Subject: [SpamCop-List] mci 63.82.96.35, ATMLinkinc/calpop 216.240.129.23 Message-ID: Could someone put these spam servers on the nuclear targetting list please. latest incarnation is networkvisionaries.com, mci hosts the images and targets of the periodic mainsleaze style spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, same server for months now. The owners have stealthed this server from spamcop it's generally shopping spree/free products spam for "market research" just in case I trash their spam they send anywhere from 5 to 20 in a blast at my addy, sometimes several blasts over the course of a few days. From ric.gates at bigsleep.org Sat Apr 2 05:44:20 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:45:03 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: On 01 Apr 2005 Mike Nuss entered spamcop and left news:d2kgla$553$1@news.spamcop.net: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike Just use a front-end relay to check the mail, then relay it to the Exchange server. Probably best to get another box with Sendmail or Postfix, or something similar that can read a virtual user map. Keeping the virtual user database updated might require a script, but should be a simple task. Or maybe LDAP is better, as that would update itself. If you do this make sure you get both A and PTR records for both. I just looked a little and found this... http://lists.freebsd.org/pipermail/freebsd-isp/2003-October/001201.html -- | Ric | From nobody at devnull.spamcop.net Sat Apr 2 10:08:39 2005 From: nobody at devnull.spamcop.net (Xris) Date: Sat Apr 2 04:10:03 2005 Subject: [SpamCop-List] Re: SPEWS: Please remove IP Ranges from SPEWS Lists S511 In-Reply-To: References: Message-ID: Inflow AUP wrote: > Please remove the following IP's from the SPEWS blacklist. The person that > you are showing them for (Scott Richter) has been removed from our network > and the IP's have been returned to Inflow. > > 66.179.100.0 - 66.179.100.255 > 66.179.76.0 - 66.179.124.255 > 66.45.41.136 - 66.45.41.143 > 66.45.41.192 - 66.45.41.207 > 66.179.17.160 - 66.179.17.191 > 66.45.80.80 - 66.45.80.87 > 66.45.30.187 > 66.45.30.0/24 > 66.45.28.0 - 66.45.32.255 > 66.179.35.0 - 66.179.39.255 > > Thank you, > Inflow AUP Team > > Do these guys ever look at the responses they get on this list? From bjoeg at *spammer*bjoeg.dk Sat Apr 2 14:42:18 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sat Apr 2 09:45:05 2005 Subject: [SpamCop-List] Spammers getting scared? Message-ID: Of the tons of spam we receive everyday, I then wonder if this spammer got scared, and if so by which of the spam mails I reported. Follow full header X-Message-Status: n X-SID-PRA: admin@LeadSourceGroup.com X-SID-Result: TempError X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= Received: from server.thelistpro.com ([69.50.192.100]) by mc1- f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 2 Apr 2005 05:10:02 -0800 Received: from listpro by server.thelistpro.com with local (Exim 4.50) id 1DHjLV-0007yw-Q0 for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 To: @hotmail.com From: admin@LeadSourceGroup.com Subject: Your remove request has been successfully processed! Message-Id: Date: Sat, 02 Apr 2005 08:11:29 -0600 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.thelistpro.com X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] X-AntiAbuse: Sender Address Domain - server.thelistpro.com X-Source: X-Source-Args: X-Source-Dir: Return-Path: listpro@server.thelistpro.com X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) FILETIME=[47AD6090:01C53785] We have processed your global remove request successfully. You have been entirely removed from all autoresponder accounts hosted at http://www.thelistpro.com and are now blocked from being subscribed to any autoresponder hosted at this domain. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From nobody at spamcop.net Sat Apr 2 08:39:20 2005 From: nobody at spamcop.net (Ellen) Date: Sat Apr 2 10:00:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2l6tk$fm0$1@news.spamcop.net... > Ellen wrote: > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > > > Ellen > > > > > > Thanks, but this doesn't really do what I want, as it still accepts the > messages. I want it to reject them. Oh sorry, I misread your post. Ellen From nobody at nowhere.invalid Sat Apr 2 18:20:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Apr 2 11:25:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: On Sat, 2 Apr 2005 14:42:18 +0000 (UTC), Bjarke Andersen coughed into spamcop and left this in : > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header See Rules #1 and #2 here: http://bruce.pennypacker.org/spamrules.html -- Steve The three "R"s of Microsoft support: Retry, Reboot, Reinstall. From nobody at spamcop.net Sat Apr 2 08:22:35 2005 From: nobody at spamcop.net (Dar) Date: Sat Apr 2 11:25:07 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); > Sat, 2 Apr 2005 05:10:02 -0800 > Received: from listpro by server.thelistpro.com with local (Exim 4.50) > id 1DHjLV-0007yw-Q0 > for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 > To: @hotmail.com > From: admin@LeadSourceGroup.com > Subject: Your remove request has been successfully processed! > Message-Id: > Date: Sat, 02 Apr 2005 08:11:29 -0600 > X-AntiAbuse: This header was added to track abuse, please include it with > any abuse report > X-AntiAbuse: Primary Hostname - server.thelistpro.com > X-AntiAbuse: Original Domain - hotmail.com > X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] > X-AntiAbuse: Sender Address Domain - server.thelistpro.com > X-Source: > X-Source-Args: > X-Source-Dir: > Return-Path: listpro@server.thelistpro.com > X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) > FILETIME=[47AD6090:01C53785] > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- > Bjarke Andersen - Freelance SpamKiller > http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) > Wanna reply by email? Remove the spammer in address I found three of these, identical, in server spam this morning. I think it's simply a back-handed way of getting you to click on the link. Spam, by any other name, is still spam. Dar From eddie at eddie.web Sat Apr 2 13:10:46 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 08:42:04 +0400, Berny scratched out the following: snip > Your provider may just have started filtering or miltering > mine did and i dropped from 200+ to less than 10 a day > rising again My provider is not involved. I am referring to my spamcop email - my only public address. I get zero spam on my other accounts because of proper use and/or the use of discardable aliases. No, I am only talking about the spam I get to my spamcop address. It has dropped remarkedly over the last few months. Of course, the idea that anyone would send spam to a spamcop address is ludicrous to start with, but then, we know spamkiddy is braindead. Spamming a spamcop address practically guarantees it will be reported. I still suspect "list-washing" of my account, or list-washing of all SC accounts from the "million address CD." Whatever, I am not complaining. Not a bit. :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Apr 2 13:12:50 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:10 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 04:27:32 +0000, Blammo scratched out the following: > On 01 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.02.02.00.12.280000@eddie.web: > >> It has been a while since I was being deluged by spam from att, mci, >> comcast, charter etal. Whether the principals are the same but they >> simply have moved offshore, it's clear that it must be getting hot for >> the spammers to use US websites and email sources. > > Many of these are being blocked, I can still sit there and watch the > comcast IPs getting reflected, it produces a bit of a glow. Does that glow have the napalm smell of victory? Still, on my open SC account, comcast has nearly dropped into the noise. Right now it's mostly korean spam sources. -- Once movie theaters gave out steak knives Today they confiscate them From skiwi at spamcop.net Sat Apr 2 10:59:23 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 2 14:00:02 2005 Subject: [SpamCop-List] Anyone got any history on http://www.RealityAtTheSEC.com ?:? Message-ID: "The Domain www.realityatthesec.com is currently under construction. Please come back in the future for updates." From other links I was looking at, this seemed like an interesting / illumiating read (although I had my salt shaker at the ready...) SEC have it killed? TIA: Greg... From ivan at gmail.com Sat Apr 2 22:08:48 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Apr 2 15:10:03 2005 Subject: [SpamCop-List] Re: Stock scam In-Reply-To: References: Message-ID: ken wrote: > To: Cbbelegrin > Subject: Stock News All stock spam should be forwarded to enforcement@sec.gov Ivan. From porpoise1954 at yahoo.co.uk Sat Apr 2 23:08:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 2 17:15:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote in message news:Xns962B789C0C9B5Senex@216.154.195.61... > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: > >> Porpoise wrote: >> >>> Do you still use an old telephone with a dial that you poke >>> your finger in to dial as well? ;-) >> >> No, translating pulses to tones is too slow for phone banking, >> I've lost my external tone generator. But in theory... >> >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually > unlimited > length. > > Kids today.... I guess it's really all about what printer you had/have (as it all stems from pre-graphics capable printers). From noone at nowhere.net Sat Apr 2 19:02:15 2005 From: noone at nowhere.net (anna cypher) Date: Sat Apr 2 19:05:06 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: "Dwayne Conyers" wrote in message news:d2f9hi$849$1@news.spamcop.net... > I'm still waiting on George W. to declare a war on spam. Locate the > geographic location of the machine where the spam originates and have a > cruise missle fly up the orifice of the person sending it. I'm sure he will if spam is detected coming out of any oil-producing country in the Middle East (other than Saudi Arabia, of course). Anna From nobody at devnull.spamcop.net Sat Apr 2 19:26:11 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: ... > See Rules #1 and #2 here: > > http://bruce.pennypacker.org/spamrules.html ... That's FUNNY! I wonder how many addresses they've collected? I'll bet a lot, unfortunately. Pop From nobody at devnull.spamcop.net Sat Apr 2 19:29:33 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:07 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Porpoise" wrote in message news:d2n5f0$fi0$1@news.spamcop.net... > > "Paul Sawyer" wrote > in message news:Xns962B789C0C9B5Senex@216.154.195.61... >> Frank Ellermann wrote in news:424D2A9B.6168 >> @xyzzy.claranet.de: >> >>> Porpoise wrote: >>> >>>> Do you still use an old telephone with a dial that you poke >>>> your finger in to dial as well? ;-) >>> >>> No, translating pulses to tones is too slow for phone banking, >>> I've lost my external tone generator. But in theory... >>> >>> ASCII-art is 24*79 or smaller, anything else is just spam. Bye >> >> Feh -- I can remember ASCII art of 132 column width and virtually >> unlimited >> length. >> >> Kids today.... > > I guess it's really all about what printer you had/have (as it all stems > from pre-graphics capable printers). > Any of you "oldsters" here ever hear a printer play things like the Star Spangled Banner? I have! Better yet, anyone have a tape recording of such a thing? I'd LOVE to hear it again! Takes a multi-headed printer of course; won't work on polyphonic printers . I think our old IBM was a 4 header, gave us a full 8 notes with 8 more diff harmonics! Pop From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 2 18:14:20 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 2 21:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) 29-Mar-2005 08:40 GMT | SR02 Atjeu helping spammer listwash Passing on complaints to the spammer so victim's address can be removed but spammer can go right on spamming traps and those who don't know how to track and report spam. 69.50.192.28 - ad2ads.com "This is NOT SPAM. You Agreed to receive a one time message from me and my other fellow PRO FFA Page owners when posting your link to MyWayFFA.com FFA Network." (mywayffa.com registered but not in DNS) 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 server.crazy-server5.com - hitting traps From nobody at spamcop.net Sun Apr 3 09:45:17 2005 From: nobody at spamcop.net (nospam) Date: Sat Apr 2 23:50:05 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation References: Message-ID: in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > Bjarke Andersen wrote: >> Of the tons of spam we receive everyday, I then wonder if this spammer got >> scared, and if so by which of the spam mails I reported. Follow full header >> >> X-Message-Status: n >> X-SID-PRA: admin@LeadSourceGroup.com >> X-SID-Result: TempError >> X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >> Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > >> > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 > > 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) > > 29-Mar-2005 08:40 GMT | SR02 > > Atjeu helping spammer listwash > > Passing on complaints to the spammer so victim's address can be removed > but spammer can go right on spamming traps and those who don't know how > to track and report spam. > > 69.50.192.28 - ad2ads.com > > "This is NOT SPAM. You Agreed to receive a one time message > from me and my other fellow PRO FFA Page owners when posting > your link to MyWayFFA.com FFA Network." > > (mywayffa.com registered but not in DNS) > > 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 > server.crazy-server5.com - hitting traps Crzy stuff going on, one of my "spamtraps" that hasn't sent anything but SC submittals for 4 years now, and for the past year and a half only been receiving medz spam got an unsubscribe ack from thelistpro.com today, also reported as spam. --Well I neither unsubscribed (nor subscribed) I'm pretty sure it hasn't even reported spam from thelistpr.com at least not in the past half year. All it gets is a daily medz from kornet/hana for sites in tietong space. I don't know how much thelistpro spam I get if any, but maybe they're trying to wash their lists of complainers, though how that account got hit is a mystery unless there is (at least) a good 6 month time lag between them getting complaints and washing their lists. From tdy at blackhole.invalid Sat Apr 2 21:46:31 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sun Apr 3 00:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: In article , Possum Trot says... > Today was the lowest number of spam in my attglobal.net account in 5 years - > only 6 compared with 220 the day before and an average of more than 200 per > day for the past year. Surely the MS suits filed yesterday didn't impact > that number. How much spam were you getting from SBC sources? How much are you now getting from SBC sources? Last September I received an email from SBC announcing that they intended to implement port 25 blocks on outbound connections. Last December fellow SBC customers began bitching about not being able to connect to there off-ISP SMTP servers. At that time I was not blocked, but I started investigating my mail providers. By last January I had converted to using port 587, or port 465. Two nights ago I ran a Telnet check on one of those servers; port 25 is now blocked for me. It has now been seven days since I have received a spam message through an SBC open proxy; and, for the first time since October, or so, Comcast is ahead of SBC for open proxy spam. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Sun Apr 3 11:12:50 2005 From: nobody at spamcop.net (nospam) Date: Sun Apr 3 01:15:03 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com wrote on 4/2/05 9:35 AM: > Could someone put these spam servers on the nuclear targetting list please. > > latest incarnation is networkvisionaries.com, > > mci hosts the images and targets of the periodic mainsleaze style > spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, > same server for months now. > > The owners have stealthed this server from spamcop > > it's generally shopping spree/free products spam for "market research" > > just in case I trash their spam they send anywhere from 5 to 20 in a blast > at my addy, sometimes several blasts over the course of a few days. > > > today spamvertized at 63.82.06.35 : wakings.com interestor.com dreamwaking.com goldenfury.com infinite supply of registrations it seems, all at TUCOWS for software factory solutions that mo**erfscker in Laval Quebec, isn't there any disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam AUP for registrants? (Like Go-Daddy?) From bar_n0ne at hotmail.com Sun Apr 3 13:45:40 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 3 04:51:23 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: "nospam" wrote in message news:BE757221.147E5%nobody@spamcop.net... > in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com > wrote on 4/2/05 9:35 AM: > SNIP > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Sender address cycles throughout the 216.240.129.[1-256] From nobody at nowhere.invalid Sun Apr 3 12:11:59 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 3 05:16:19 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: On Sat, 2 Apr 2005 19:02:15 -0500, anna cypher coughed into spamcop and left this in : > I'm sure he will if spam is detected coming out of any oil-producing > country in the Middle East (other than Saudi Arabia, of course). If? I've already had plenty of spam coming out of .sa! -- Steve There's no place like ~ From bjoeg at *spammer*bjoeg.dk Sun Apr 3 13:21:49 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sun Apr 3 08:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Dar" crashed Echelon writing news:d2mgsb$4e6$1@news.spamcop.net: > I found three of these, identical, in server spam this morning. I think > it's simply a back-handed way of getting you to click on the link. > Spam, by any other name, is still spam. But looking at the code, what would a click on the link contribute. The link does not confirm your email address by any means, unless som eobscure bugged HTML can sniff emailaddress as refferer for visit on page. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From wb8tyw at qsl.network Sun Apr 3 10:56:21 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Apr 3 10:00:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > > But looking at the code, what would a click on the link contribute. The > link does not confirm your email address by any means, unless som eobscure > bugged HTML can sniff emailaddress as refferer for visit on page. You might be surprised at what your browser will tell the world about you. It can access quite a bit of information that you told it when you set up your Internet connection. Just visiting the link tells the spammer that it their spew has made it through your ISP's anti-spam actions, so they know that they can send more spam to everyone at your ISP. Everyone at your ISP that still has their e-mail client opening external HTML links/pictures is telling the spammer that you ISP will reliably deliver spam. And from what I have seen of web access to e-mail, there is no way to turn off that option. If it is coupled with a e-mail client, it has access to that setup information, and in some cases the html can request that it generate a mail message. If you have a slow enough computer, you can see the pop-up as the message gets sent. That is if your default profile has a valid mail server associated with it. If your default profile does not have a valid e-mail address associated with it, in most cases if a web site or a local program attempts to send e-mail through it with out your consent, you will get a pop-up from the mail program about it not being able to reach a mail server. And for some browsers, all you have to do is be tricked into visiting the web page, and spammy can use your web browser to send a spam run. http://dsbl.org/relay-methods#FTPURLrelaying The mozilla.org has informed me that Mozilla is not vulnerable to this exploit, and have posted that in the Bugzilla.org database. A major ISP is a target for spammers to begin with. If they are not using sbl-xbl.spamhaus.org, open proxy/open relay lists and a good DHCP list, then they will be flooded with spam. And by watching the web hits, the spammers know which ISPs are aiding them by reliably delivering the spam from sources that are well known to send so much spam it is not worth trying to accept the potentially 1 or two real e-mails out of each couple thousands of spam delivery attempts from them. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Sun Apr 3 12:28:15 2005 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Apr 3 11:30:06 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... >I just made the unpleasant discovery that our corporate mail server is >accepting undeliverable mail and then sending bounces, specifically in the >case of nonexistent recipients. I guess we're lucky that spammers haven't >found it (yet). I want to configure it to reject during the SMTP session >instead of after, but I wasn't able to find any information on how to do so >from a cursory Google search. The server is running Exchange 2000. Does >anyone have a pointer to how I can fix this? > > Thanks, > Mike If you do not have corporate reservations about using it, check out ORFilter. I found it from an SC link See: http://martijnjongen.com/ I have it installed on an SBS 2000 system that includes Exchange 2000 and it works great. You will have to tweak it a bit. Steve From ivan at gmail.com Sun Apr 3 18:49:12 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 11:50:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Everyone at your ISP that still has their e-mail client opening external > HTML links/pictures is telling the spammer that you ISP will reliably > deliver spam. And from what I have seen of web access to e-mail, there > is no way to turn off that option. There is with gmail, actually it's the default for spam messages. Ivan. From nobody at spamcop.net Sun Apr 3 10:23:02 2005 From: nobody at spamcop.net (Dar) Date: Sun Apr 3 12:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: In addition, the intention could be a simple: Hope I've peaked your curiosity enough to come look at this web page in the hope you will buy my product. If I put it into words in my email, you'd probably just delete it without reading it. But if you come and look, I may have a better chance of selling my product. Dar From SCNews.5.myspamgobbler at spamgourmet.com Sun Apr 3 12:38:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Apr 3 14:45:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation In-Reply-To: References: Message-ID: nospam wrote: > in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at > SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > > >>Bjarke Andersen wrote: >> >>>Of the tons of spam we receive everyday, I then wonder if this spammer got >>>scared, and if so by which of the spam mails I reported. Follow full header >>> >>>X-Message-Status: n >>>X-SID-PRA: admin@LeadSourceGroup.com >>>X-SID-Result: TempError >>>X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >>>Received: from server.thelistpro.com ([69.50.192.100]) by mc1- >> >>http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 >> >>69.50.192.100/32 is listed on the Spamhaus Block List (SBL) >> >>29-Mar-2005 08:40 GMT | SR02 >> >>Atjeu helping spammer listwash >> >>Passing on complaints to the spammer so victim's address can be removed >>but spammer can go right on spamming traps and those who don't know how >>to track and report spam. >> >>69.50.192.28 - ad2ads.com >> >>"This is NOT SPAM. You Agreed to receive a one time message >>from me and my other fellow PRO FFA Page owners when posting >>your link to MyWayFFA.com FFA Network." >> >>(mywayffa.com registered but not in DNS) >> >>69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 >>server.crazy-server5.com - hitting traps > > > Crzy stuff going on, > > one of my "spamtraps" that hasn't sent anything but SC submittals for 4 > years now, and for the past year and a half only been receiving medz spam > got an unsubscribe ack from thelistpro.com today, also reported as spam. > > --Well I neither unsubscribed (nor subscribed) > > I'm pretty sure it hasn't even reported spam from thelistpr.com at least not > in the past half year. All it gets is a daily medz from kornet/hana for > sites in tietong space. > > I don't know how much thelistpro spam I get if any, but maybe they're trying > to wash their lists of complainers, though how that account got hit is a > mystery unless there is (at least) a good 6 month time lag between them > getting complaints and washing their lists. > From: Rich Kulawiec To: SPAM-L Date: Apr 3, 2005 5:04 AM Subject: Re: Help: who is LeadSourceGroup/thelistpro? Thelistpro are block-on-sight spamming scum. I think they've got at least: 4profitebooks.com charzbiz.com charzbiznews.com cindyandrews.com emailmarketingmagic.com goldenstreammarketing.com gr8bigidea.com jessieandrews.com klaraandrews.com looppowerhits.com mypromailer.com mysecretpage.com netservicebox.com netserviceboxnews.com options2day.com oyesucan.com rapidtracker.com ringofpower.biz ringofpowernews.biz straighttalknewsloop.com strategicmarketingconcepts.com thelistpro.com thepromailer.com From ivan at gmail.com Sun Apr 3 22:37:53 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 15:40:04 2005 Subject: [SpamCop-List] Microsoft bankrupts OptInRealBig.com (and Scott Richter) Message-ID: http://news.bbc.co.uk/1/hi/technology/4400335.stm Just in case you think the lawsuits are pointless. Ivan. From gezgin at spamcop.net Sun Apr 3 23:49:10 2005 From: gezgin at spamcop.net (Gezgin) Date: Sun Apr 3 15:50:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote > http://news.bbc.co.uk/1/hi/technology/4400335.stm Nice. I especially liked "But, make no mistake, we do expect to prevail." He should have added "And the light at the end of the tunnel is NOT a train bearing down on us." -- Bob Kanyak's Doghouse http://www.kanyak.com From DougThegarden at hotmail.com Sun Apr 3 21:58:11 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 16:00:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. Before you get too excited its a pure technicality at this stage. Chapter 11 allows him to continue trading while protected from his creditors. And who are those creditors? Well if you look at what the article says, he would be in the black by about $6m except for this big potential $46m being claimed by M$. So under Chapter 11 he can continue trading while protected from Microsofts financial claim i.e. life as normal Doug From ivan at gmail.com Sun Apr 3 23:14:04 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 16:15:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Before you get too excited its a pure technicality at this stage. > Chapter 11 allows him to continue trading while protected from his > creditors. And who are those creditors? Well if you look at what the > article says, he would be in the black by about $6m except for this big > potential $46m being claimed by M$. So under Chapter 11 he can continue > trading while protected from Microsofts financial claim i.e. life as normal Sure, until Microsoft wins with their army of lawyers. Ivan. From nospam at dev.null Sun Apr 3 23:39:44 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:40:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote in message news:d2pgmh$l8u$1@news.spamcop.net... > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. My, my.... How our heroes change overnight :-) Somehow I think (and hope) M$ will win the end round.. Not being a M$ fanatic, they are at least doing a bit of good here. Uhmmm, make that a LOT.... However, as affected parties, we all probably hope to see M$ win. Seems crazy though: A party doing something illegal, a private company does what law officials should be doing, they succeed. Then the guilty party turns to the law for protection to spam again. Questions: Not being a laywer or knowing US law, anybody got a take on the alternatives? Scot succeeds in Chapter 11 or ...???? Have you guys got gaols in the US? Or am I missing something? Cheers E From pxpearson at spamxcop.net Sun Apr 3 14:39:10 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Apr 3 16:40:08 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. [snip] > Sure, until Microsoft wins with their army of lawyers. Let's hope so. But I think Doug Thegarden's point was that the bankruptcy filing is a defensive tactic, not proof of the devastating, humiliating, crushing, bloody, obliterating, emasculating defeat we're all waiting so politely (:-) to see. -- Remove the two x's to get a good email address. From nospam at dev.null Sun Apr 3 23:52:57 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:50:03 2005 Subject: [SpamCop-List] Positive Registrar Feedback Message-ID: Hi All In these times when 99.9% of the spam in my inbox has URL's in either Brazil or China as payload (and moving a lot between the two): Sent a mail to XIN NET TECHNOLOGY re bad whois on BICKERER.NET. I included proof of wilfully supplied bad whois etc. Mail was sent on the 31st of March. From: X Sent: 31 March 2005 10:19 To: X Subject: Bad Whois for bickerer.net Result: Domain Name: BICKERER.NET Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.paycenter.com.cn Name Server: NS1.ALON587.COM Name Server: NS2.ALON587.COM Status: REGISTRAR-HOLD Updated Date: 31-mar-2005 Creation Date: 29-mar-2005 Expiration Date: 29-mar-2006 Immediate hold. I used the registrar contact as found at http://www.internic.net/contact.html Excellent service. Well done to XIN NET ! From nospam at dev.null Mon Apr 4 00:18:13 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... SNIP > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- SNIP Wonders what whois and google can produce. Administrative Contact: Andrews, James admin@oyesucan.com 27529 Hwy 72 Athens, Alabama 35613 United States 8668248893 Fax -- Goofle on address gives: http://leadsourcegroup.com/facts.htm "We NEVER use spam to generate leads." They have a toll free tel number. Why not phone them and ask them HOW you email got onto the list? :-) http://oyesucan.com/contact.php ...we provide personal and expert leadership and e-marketing guidance at "no cost"! http://www.audiovideostreams.com/contactus/ Tracking is anonymous - your privacy is not being violated. Non-intrusive. From DougThegarden at hotmail.com Sun Apr 3 23:19:27 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 17:20:09 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: > >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. And who are those creditors? Well if you look at what the >> article says, he would be in the black by about $6m except for this >> big potential $46m being claimed by M$. So under Chapter 11 he can >> continue trading while protected from Microsofts financial claim i.e. >> life as normal > > Sure, until Microsoft wins with their army of lawyers. > Even then he would continue trading in Chapter 11 protected from his creditors i.e. M$ until the Courts decide there is no prospect of him trading through his financial problems. Doug From nospam at dev.null Mon Apr 4 00:35:07 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:35:07 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: > > latest incarnation is networkvisionaries.com, > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Won't work. This is a mailbox rental. http://www.mailnetwork.com/atemporary.html Tel numer is US - toll free http://www.numberingplans.com/index.php?goto=isdn&s=%2B1.8775725732&action=a nalyse Also: THEHOTTESTTHINGAROUND.COM used as mail server I suggest mail to info@mailnetwork.com T&C: http://www.mailnetwork.com/aterms.html "3. Customer agrees that Customer will not use the Center premises or any Center services for any unlawful, illegitimate or fraudulent purpose or for any purpose prohibited by U.S. postal regulations or those of the country where the Center is located. Customer further agrees that any use of the Mailbox shall be in conformity with all applicable federal, state and local laws." etc etc Cheers From nobody at devnull.spamcop.net Sun Apr 3 18:03:38 2005 From: nobody at devnull.spamcop.net (Tom) Date: Sun Apr 3 18:05:05 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: On Sun, 3 Apr 2005 22:49:10 +0300, Gezgin wrote: >> http://news.bbc.co.uk/1/hi/technology/4400335.stm > >Nice. I especially liked "But, make no mistake, we do expect >to prevail." He should have added "And the light at the end >of the tunnel is NOT a train bearing down on us." Mm, Sounds a lot like the litiny of Daryl McBride and crew (SCO). From nospam at dev.null Mon Apr 4 01:23:55 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 18:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:424D2BF0.71CF@xyzzy.claranet.de... > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). > > Bye, Frank > Thanks for the URL. It slipped by me ... My stats: Sent and confirmed: Sent, 247 Reports received for follow up: 229 Deviation of 18? Never noticed that ... Hmm, sone more work to do :-) Howver, as regards the desired result: 37 sent via rip.gandi.net 303 other direct to registrar, with follow up onto wdprs only if not action in 5 days (normally for wilfully supplied inaccurate whois). No stats on duplication effort, but it is quite high. 8 misc other Hmm, maybe I should combine direct to registrar and wdprs from step 1 Interesting and thanks for the link again From nospam at dev.null Mon Apr 4 02:06:41 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:05:04 2005 Subject: [SpamCop-List] Re: ISP's that bounce phishes and phish LART's References: Message-ID: "George Langford, Sc.D." wrote in message news:mailman.123.1111932673.4572.spamcop-list@news.spamcop.net... > Just one of many tracking URL's: > http://www.spamcop.net/sc?id=z746288874zb890ad0ac0e6156148c594320c8214f1z > > These bounces have happened several times recently. They have > the effect that the bouncing IP's will not be getting any notifies of > unlawful phishing activity. Do they know that their diligence in > protecting their technical staff from phishes is protecting their > criminals even more ? > Hmm Try http://antiphishing.org/ and reprot there. Also try mail to abuse without copy, stating reason you are not incuding a sample. That way they have to ask and you will get some address that may work. Also mention you have copied http://antiphishing.org/ Cheers From nospam at dev.null Mon Apr 4 02:43:49 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:45:05 2005 Subject: [SpamCop-List] Feedback: Worm infested server @ Bharti 202.56.239.78 References: Message-ID: "Anty Spam" wrote in message news:d1t1n3$vpl$1@news.spamcop.net... > Hi All > > The following two worm attempts refer > http://www.spamcop.net/sc?id=z745308652zb954fdc03dd52f4b85b68463b3299470z > and > http://www.spamcop.net/sc?id=z745309531z8ea5780a36e8501468ad92d10a7657dcz > > Each time a Netsky is attached (and removed :-) > > > I has tried the techsupport@bharti.com and postmaster@bharti.com addresses. > For more than a month! > > Yet with regularity, these mails arrive from 202.56.239.78, up to 5 per day. > > Normally the "bounce" message is acompanied by one or two nonsense mails. > All mails have a Netsky attached. Feedback on this issue. My ISP has not extremely helpful on this issue. I got a "Report to spamcop" response - Ughhhhhhhhhhhhhhh. One born every minute. Luckily I am not paying... Also, my philosophy on an issue such as this: Never give up. Escalate. (reminds me a bit of the frog and the stork)As such I stepped up the heat. I started polling "security" newsgroups "that it is best not to be known on" about the morality of taking down such a server based on the circumstances. Complete with IP address. (I was sure this generated a lot attention from undersirables) . Also made Bharti aware of these. I dug around. Found the Indian IT act. Based upon the above, combined with the fact that I had proof of which addresses did in fact receive my mails, I requested my mails be forwarded to the legal department. I mentioned and quoted the act, clean up costs etc etc to which I am entitled. I also happended to ask if "X". was still doing their support, since this could hurt them. After this mail, I have not received another worm. Persistence pays. Since replies here mentioned bad/non-existent service: There are articles floating about on the net about who is doing their support in which areas. I think I hit a nerve when I mentioned "X". Cheers From baloo at ursine.ca Sun Apr 3 17:54:06 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 3 20:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Anty Spam wrote: > > "Ivan Leo Puoti" wrote in message > news:d2pgmh$l8u$1@news.spamcop.net... >> http://news.bbc.co.uk/1/hi/technology/4400335.stm >> >> Just in case you think the lawsuits are pointless. >> >> Ivan. > > My, my.... How our heroes change overnight :-) I wouldn't say that heroes have changed, though it does show that Microsoft *is* self-conscious and is trying to assert their position on the pole: relatively good --------------- [...] People with common sense AOL and it's users Microsoft Spammers Postal spammers [...] --------------- relatively evil -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From nobody at xyzzy.claranet.de Mon Apr 4 11:32:04 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 04:35:25 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> Message-ID: <4250FB84.2B03@xyzzy.claranet.de> Steven Maesslein wrote: > AFRINIC isn't completely up and running yet. Apparently they import bogus records from RIPE without contact address, if that's the case it's an excessively bad idea. > the abuse addy for aviso.ci isn't abuse@ according to > abuse.net: Yes, I didn't check abuse.net. IMNSHO the RfC with abuse@ is now old enough, implement it or die. > $ whois -h whois.abuse.net aviso.ci > postmaster@aviso.ci (for aviso.ci) > assied@aviso.ci (for aviso.ci) > j.zano@aviso.ci (for aviso.ci) If John has not changed his procedures entries with postmaster@ are unverified (= submitted by 3rd parties). Only the entries without postmaster@ were really submitted by the postmaster@. That is of course irrelevant for our beloved SC-the-script, but for manual report I'd first try abuse@, and if that bounces I'd check RFCI and add abuse@ if neccessary. Then I'd try whatever whois says and postmaster@ to maximize the RFCI damage. If all fails I test the abuse.net entries and other addresses, sending an update to update(A T)abuse.net if something works. aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, `rxwhois -a aviso.ci`: aviso.ci (-------10): .postmaster.rfc-ignorant.org aviso.ci (------2--): .abuse.rfc-ignorant.org aviso.ci (------210): .whois.rfc-ignorant.org whois -h whois.abuse.net aviso.ci postmaster@aviso.ci (for aviso.ci) assied@aviso.ci (for aviso.ci) j.zano@aviso.ci (for aviso.ci) Sigh, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:13:02 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:15:36 2005 Subject: [SpamCop-List] error:Can't send report Message-ID: <4251051E.2F7B@xyzzy.claranet.de> A really old SpamCop error strikes again: error:Can't send report: smtpEnvelope (1395420024@bounces.spamcop.net, abuse@bora.net): smtpFrom: mail From 1395420024@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919881zff0ca772a1a36c63198ba44563c1b7e6z error:Can't send report: smtpEnvelope (1395420035@bounces.spamcop.net, abuse@netvision.net.il): smtpFrom: mail From 1395420035@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919880zb9027024467a615e07d91cf70ef96f99z error:Can't send report: smtpEnvelope (1395420043@bounces.spamcop.net, abuse@xo.com): smtpFrom: mail From 1395420043@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919879z921f7bedf1d4c2b46aae7b2f4035694cz error:Can't send report: smtpEnvelope (1395420051@bounces.spamcop.net, abuse@comcast.net): smtpFrom: mail From 1395420051@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919878z9b4b47099d1aa2edf1793ce0899862bcz Lines folded by me, the SC error output has no \n (line end). Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:29:14 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:35:03 2005 Subject: [SpamCop-List] JPnic parsing failed: HB022JP Message-ID: <425108EA.1052@xyzzy.claranet.de> Another old SpamCop problem, it cannot parse the JPNIC handles: | "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) | JPnic parsing failed: HB022JP | nothing found I don't see why, the JPNIC format is strange but clear: whois -h whois.nic.ad.jp HB022JP /e [...] | Contact Information: | a. [JPNIC Handle] HB022JP | c. [Last, First] Baba, Hyosuke | d. [E-Mail] baba@hd-group.com [...] I've already reported the similar case KP035JP to deputies@, but this HB022JP "baba" is sending quite a lot of spam. Bye, Frank http://www.spamcop.net/sc?id=z748917832ze7e35cf3c294a6645224187d38e689d3z From MikeE at ster.invalid Mon Apr 4 03:35:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:35:07 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > A really old SpamCop error strikes again: What does/did it do? The trackers look like a report was sent on the source on each. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 03:49:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:50:02 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Another old SpamCop problem, it cannot parse the JPNIC handles: > >> "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) >> JPnic parsing failed: HB022JP >> nothing found > > I don't see why, the JPNIC format is strange but clear: > whois -h whois.nic.ad.jp HB022JP /e > [...] >> Contact Information: >> a. [JPNIC Handle] HB022JP >> c. [Last, First] Baba, Hyosuke >> d. [E-Mail] baba@hd-group.com > [...] So it is tripping on the a. b. c. again. Also, I seem to recall from somewhere that for the .jp notifies that if you were only going to notify one, as SC is inclined to do here, that you should notify the admin instead of the tech. inetnum: 210.160.67.64 - 210.160.67.79 netname: HD-GROUP descr: HIRANO & ASSOCIATES,INC. country: JP admin-c: MO558JP tech-c: HB022JP SC picked the tech, not the admin. a. [JPNIC Handle] MO558JP c. [Last, First] Oki, Masafumi d. [E-Mail] oki@hd-group.com g. [Organization] HIRANO & ASSOCIATES,INC. l. [Division] planning group n. [Title] Director I don't remember where I heard that tech is a better choice /generally/ except for .jp -- maybe that information is incorrect. On the ones I do [choose notifies], if there is a presumed language situation, I try to notify /more/ addresses, not less, and let them sort it out on their end. There isn't a reg'd abuse.net here, so that's another reason I would notify more not less. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 15:14:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 08:15:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 10:32:04 +0200, Frank Ellermann coughed into spamcop and left this in <4250FB84.2B03@xyzzy.claranet.de>: > aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, > `rxwhois -a aviso.ci`: Can you think of anyone in AFRINIC space that isn't a permanent source of 419 junk nowadays? I don't think that AFRINIC is that bad an idea if it can be used to block on sight. Much like LACNIC can. -- Steve Good judgment comes from bad experience, and a lot of that comes from bad judgment. From nobody at devnull.spamcop.net Mon Apr 4 08:10:00 2005 From: nobody at devnull.spamcop.net (Premedic) Date: Mon Apr 4 10:15:02 2005 Subject: [SpamCop-List] postmaster@telecall.ru does not bounce Message-ID: Hello, postmaster@telecall.ru appears to no longer be bouncing, as determined by a manual message to that address. Please enable sending SpamCop reports to this address in the SPAM submission tool on SpamCop.net. Thank you, Premedic From nobody at xyzzy.claranet.de Mon Apr 4 17:12:46 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:03 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: <42514B5E.1D45@xyzzy.claranet.de> Mike Easter wrote: >>> Contact Information: >>> a. [JPNIC Handle] HB022JP >>> c. [Last, First] Baba, Hyosuke >>> d. [E-Mail] baba@hd-group.com > So it is tripping on the a. b. c. again. It's missing a "b." ? LOL, you're right, it's the same for KP035JP. Now that's stupid, the JP-pattern is always a line starting with "d. [E-Mail]". The "b." is irrelevant, IIRC it's something like organization or name of network. > I seem to recall from somewhere that for the .jp notifies > that if you were only going to notify one, as SC is inclined > to do here, that you should notify the admin instead of the > tech. Yes, that's a general rule, the Tech-C is not responsible for abuse issues, or at least not in any automatical "script" way. > I don't remember where I heard that tech is a better choice > /generally/ except for .jp -- maybe that information is > incorrect. Maybe this depends on the case, for a spamvertized domain the Admin-C probably _is_ the spammer. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:20:08 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:09 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: <42514D18.DA6@xyzzy.claranet.de> Mike Easter wrote: >> A really old SpamCop error strikes again: > What does/did it do? I'm not sure, it's only in Quick reporting confirmations. If the error message means what it says SC's SMTP got a 500 error for unknown reasons, and that's all I see in the confirmation. > The trackers look like a report was sent Maybe it only says that SC _tried_ to send a report, and it never really worked. I've asked deputies@ about this issue more than once, but probably they are lost like you and me. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:33:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:35:04 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: <42515055.4811@xyzzy.claranet.de> Steven Maesslein wrote: > Can you think of anyone in AFRINIC space that isn't a > permanent source of 419 junk nowadays? Why not ? I don't believe in any regional ignorance. ;-) And as far as I'm concerned the 419ers moved from NL to Tiscali in the UK, not to Aviso in CI. > I don't think that AFRINIC is that bad an idea if it can be > used to block on sight. Much like LACNIC can. No, sorry, I really don't like these strategies. BR used to be a very bad sign, and Chile is an intentional whois-ignorant, I'd really love to block these countries "forever" (until they change their laws and maybe shoot their NICs). But why should I block say Venezuela or Namibia ? Bye, Frank From ivan at gmail.com Mon Apr 4 18:46:35 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Mon Apr 4 11:50:11 2005 Subject: [SpamCop-List] Re: St0ck Spammers In-Reply-To: <4246601F.FC717C60@gotohell.com> References: <4246601F.FC717C60@gotohell.com> Message-ID: Steve Holmes wrote: > Anyone want to join forces to shut these guys down? I'm keeping a chart > of Yahoo addresses used and st0cks touted. Report them to enforcement@sec.gov Ivan. From nobody at nowhere.invalid Mon Apr 4 19:06:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 12:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 16:33:57 +0200, Frank Ellermann coughed into spamcop and left this in <42515055.4811@xyzzy.claranet.de>: > Why not ? I don't believe in any regional ignorance. ;-) And > as far as I'm concerned the 419ers moved from NL to Tiscali in > the UK, not to Aviso in CI. I sometimes see 419's that were relayed through various areas but that still originate in aviso.ci space. > No, sorry, I really don't like these strategies. BR used to > be a very bad sign, and Chile is an intentional whois-ignorant, > I'd really love to block these countries "forever" (until they > change their laws and maybe shoot their NICs). But why should > I block say Venezuela or Namibia ? Well... I've received plenty of spam from .ve and I know of nobody with any reason to contact me in .na. OTOH, I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, .ci, .ng, .za, .zw, .ml, .sa..... -- Steve The average nutritional value of promises is roughly zero. From nobody at xyzzy.claranet.de Mon Apr 4 19:43:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 12:45:10 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: <42516EB4.53DD@xyzzy.claranet.de> Steven Maesslein wrote: > I sometimes see 419's that were relayed through various areas > but that still originate in aviso.ci space. Okay, that this ISP is a listed RFC-ignorant is clear. I've no problem with blocking ISPs. But I doubt that all black hats on earth are together as bad as SpamCast alone. > I know of nobody with any reason to contact me in .na. TLD .na has a working whois server, that's alone is better than major parts of the world. > I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, > .ci, .ng, .za, .zw, .ml, .sa..... Maybe you get much more spam, I'm not sure that I ever got any mail with an address or mail provider in some of these ccTLDs. Does .sa belong to AFRINIC ? Bye, Frank From MikeE at ster.invalid Mon Apr 4 11:09:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 13:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Does .sa belong to AFRINIC ? There's a Local Internet Registry saudinic whose IP netblocks are in ripe. http://www.saudinic.net.sa/about/about_saudinic.htm It also operates an online whois. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 22:40:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 15:45:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 18:43:32 +0200, Frank Ellermann coughed into spamcop and left this in <42516EB4.53DD@xyzzy.claranet.de>: > Okay, that this ISP is a listed RFC-ignorant is clear. I've no > problem with blocking ISPs. But I doubt that all black hats on earth > are together as bad as SpamCast alone. They do appear to be relqtively empty-hat, which probably explains why I ended up feeding the firewall with their alllocations whenever I got spam from a new one. >> I know of nobody with any reason to contact me in .na. > > TLD .na has a working whois server, that's alone is better than > major parts of the world. Agreed. But it doesn't alter the fact that I can't think of a reason why I'd have to correspond with anyone in that country. >> I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, >> .ci, .ng, .za, .zw, .ml, .sa..... > > Maybe you get much more spam, I'm not sure that I ever got any > mail with an address or mail provider in some of these ccTLDs. I'm sent in the region of 2000 spams each day. That's counting stuff that doesn't make it past the firewall, what's blocked by DNSBL's and what seeps through. > Does .sa belong to AFRINIC ? Apparently not according to Mike Easter. Maybe RIPE is keeping control of the Middle-East. -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From tdy at blackhole.invalid Mon Apr 4 14:08:09 2005 From: tdy at blackhole.invalid (N. Miller) Date: Mon Apr 4 16:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: In article , Anty Spam says... > Questions: > Not being a laywer or knowing US law, anybody got a take on the > alternatives? Scot succeeds in Chapter 11 or ...???? If MSFT wins a judgement, and Richter's Chapter 11 plan does not look like it will succeed, he will probably have to move to a different plan. I am not sure it it would be Chapter 7, or Chapter 13; but one of them. > Have you guys got gaols in the US? Nope. We have "jails"; same pronunciation and function, though. > Or am I missing something? I don't believe that we have debtor's prisons any more. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Mon Apr 4 23:17:41 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 16:20:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: <4251A0E5.B12@xyzzy.claranet.de> Mike Easter wrote: > It also operates an online whois. Yes, I collect these servers for rxwhois.cmd (a whois client), and SaudiNic made it on my "special" list, because they need a special syntax for their handles. Not as bad as DENIC... ;-) Bye, Frank -- (version 1.7.7, 45 KB) From spamcop at 1bigthink.com Mon Apr 4 17:22:58 2005 From: spamcop at 1bigthink.com (spamcop) Date: Mon Apr 4 16:23:30 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: <6.1.2.0.0.20050404162150.03e6bde8@mx.1bigthink.com> At 04:08 PM 4/4/2005, you wrote: >In article , Anty Spam says... > > >I don't believe that we have debtor's prisons any more. Sure we do.. if you can't afford a decent attorney, we'll appoint one so that you are sure to lose.. what's the difference? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From president at whitehouse.gov Mon Apr 4 18:15:45 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 20:20:10 2005 Subject: [SpamCop-List] 1and1 Internet SMTP servers Message-ID: Hi All: I have been using www.1and1.com as a web host for about 8 months now. I've noticed that sometimes when I write an email to someone at AOL, it is blocked with a message that my server is being blocked. Also, though less frequent, emails to Prodigy and Juno addresses have been blocked. 1and1 tech support swears they don't permit spamming, and says it's just because they are so large that it's inevitable that some emails that originate from their IP blocks are flagged as spam. I am very happy with their web hosting ability, but this block list crap is wearing me thin. Is 1and1 feeding me a line of bull? Do they have any reputation, good or bad? Thanks! From nobody at spamcop.net Mon Apr 4 18:48:36 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Apr 4 20:50:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Block AOL with the message to users to change ISP accounts "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... > Hi All: > > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. > > Also, though less frequent, emails to Prodigy and Juno addresses have been > blocked. 1and1 tech support swears they don't permit spamming, and says > it's just because they are so large that it's inevitable that some emails > that originate from their IP blocks are flagged as spam. > > I am very happy with their web hosting ability, but this block list crap > is wearing me thin. > > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? > > Thanks! > From MikeE at ster.invalid Mon Apr 4 18:52:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 20:55:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, > it is blocked with a message that my server is being blocked. The way to talk about a server or a mail being blocked or having its mail rejected because it is DNSBL listed is to name the particular IP, not name some website who is a webhost. We aren't talking about webhosting here, we are talking about smtp transactions and particular mailserver output IPs. When you give that kind of information, it means that whoever is going to 'correspond' or discuss with you whatever it is you are talking about is going to have to do a lot of or some detective work to begin the conversation. > Also, though less frequent, emails to Prodigy and Juno addresses have > been blocked. That means that some IP is getting itself onto AOL's as well as Juno's and Prodigy's blocklists. > 1and1 tech support swears they don't permit spamming, > and says it's just because they are so large that it's inevitable > that some emails that originate from their IP blocks are flagged as > spam. There are a variety of reasons that IPs get themselves blocklisted; and it behooves a good provider to recognize all of those causes and avoid or prevent them by good security and spam output prevention, as well as both proactive prevention of blocklisting plus aggressive efforts to correct any problems once listings occur. > I am very happy with their web hosting ability, but this block list > crap is wearing me thin. Maybe you should handle your mail output someother way. > Is 1and1 feeding me a line of bull? Do they have any reputation, > good or bad? I don't think the issue of www.1and1.com is what we are talking about here. 1and1 is Schlund. Schlund is also perfora.net If I look around in sightings and see who is notifying schlund about being a spamsource, I see perfora output servers and I see a perfora output server currently listed on sorbs as a spamsource server; in fact there are 4 different perfora output servers so listed in sorbs. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 19:02:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 21:05:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > blocked with a message that my server is being blocked. What message and what server is that? -- Mike Easter kibitzer, not SC admin From dannyg at dannyg.com Mon Apr 4 19:14:42 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Mon Apr 4 21:14:45 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: <200504050020.j350KI2N094944@dannyg.com> Message-ID: > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? They've been on my radar in the last month, but only as the host to a few phisher sites that got shut down exceedingly quickly (e.g., within 20 minutes of the phish email hitting my server). These aren't the common hacked servers, but domains and accounts set up explicitly to phish (probably paid for by a stolen cc). That evidence is positive, but not statistically sound. Danny http://www.dannyg.com http://www.spamwars.com From president at whitehouse.gov Mon Apr 4 21:09:14 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:31 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2sndf$9t7$1@news.spamcop.net... > The way to talk about a server or a mail being blocked or having its > mail rejected because it is DNSBL listed is to name the particular IP, > not name some website who is a webhost. We aren't talking about > webhosting here, we are talking about smtp transactions and particular > mailserver output IPs. My apologies, my choice of terminology was poor. 1and1 is hosting some domains for me. As a part of that service they provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is what I sometimes use when I send email. I occasionally use my ISP's SMTP server but that's yet another sob story. >> I am very happy with their web hosting ability, but this block list >> crap is wearing me thin. > > Maybe you should handle your mail output someother way. How so? I don't really want to maintain my own mail server. My ISP has their own problems with SMTP, which causes me to occasionally bounce back and forth between using the ISP's SMTP servers and 1and1's SMTP server(s). I could pay another company to provide SMTP service I guess, though I'm already paying two companies to provide it now. What other way to you recommend? > If I look around in sightings and see who is notifying schlund about > being a spamsource, I see perfora output servers and I see a perfora > output server currently listed on sorbs as a spamsource server; in fact > there are 4 different perfora output servers so listed in sorbs. Doesn't surprise me. :) > Mike Easter > kibitzer, not SC admin Thanks Mike! I appreciate your input. From president at whitehouse.gov Mon Apr 4 21:13:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:49 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? A sample would be... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.40]. The delivery of the mail below has failed due to the following reasons: xyz1@aol.com: xyz2@aol.com: connection rejected by 64.12.138.152 command : greeting response: 554 (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html From president at whitehouse.gov Mon Apr 4 21:17:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:20:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? Here's one from Juno... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.41]. The delivery of the mail below has failed due to the following reasons: xyz1@juno.com: connection rejected by 64.136.28.83 command : greeting response: 550 Access denied...48711c65bd656861acf98d1d4cf94981a5855cd935b8b8353958318558ed75ed359d05... From skiwi at spamcop.net Mon Apr 4 22:52:24 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 00:55:02 2005 Subject: [SpamCop-List] FYI - email to and response from regarding all these Canadian P&Ds lately... Message-ID: Greg : Thank you for contacting us regarding your concerns and suggestions for dealing with spam electronic messages for shares trading on the TSX Venture Exchange. Staff of the BCSC do investigate complaints to enforce compliance with the securities legislation and to sanction market misconduct. When appropriate, we also refer complaints to other regulatory jurisdictions or self-regulatory bodies. Not all complaints result in an investigation or public sanction. Staff cannot verify or comment on an investigation until the matter becomes one of public record. While this may seem frustrating to some, the purpose is to protect the integrity of an investigation and to ensure that the complaint process is not used to affect the market. Again, we appreciate you bringing your concerns to our attention. British Columbia Securities Commission PO Box 10142, Pacific Centre 701 West Georgia Street Vancouver, BC V7Y 1L2 Inquiries@bcsc.bc.ca 604 899-6500 - Main switchboard 604 899-6854 - Inquiries or Complaints 1 800 373-6393 - Toll Free in BC and Alberta) 604 899-6506 - Fax ------------------------------------------------------------------------- Greg .net> To inquiries@bcsc.bc.ca 04/02/2005 11:05 cc AM consltcomm@fin.gc.ca Subject There has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange --------------------- Hello, I am sure you are aware that there has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange. Please consider setting up a mechanism like that put in place by Ottawa (or indeed the US (enforcement@sec.gov)) to enable you to at least collect these in aggregate - a possible model: the Ontario Securities Commission accepts P&D emails forwarded to inquiries@osc.gov.on.ca That is, although it would of course be impractical to act on every instance the patterns may allow you to start looking for the perpetrators and the stocks they are utilizing - and hence further protect the name of the Vancouver Stock Exchange / British Columbia Securities Commission. Regards & Thank You, GREG c.c. consltcomm@fin.gc.ca From Kilgallen at SpamCop.net Tue Apr 5 00:53:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Apr 5 00:55:07 2005 Subject: [SpamCop-List] References: Message-ID: In article , spamcop writes: > At 04:08 PM 4/4/2005, you wrote: >>In article , Anty Spam says... >> >> >>I don't believe that we have debtor's prisons any more. > > Sure we do.. if you can't afford a decent attorney, we'll appoint one so > that you are sure to lose.. what's the difference? Prisons are for those convicted of criminal charges. The Microsoft action is a civil suit. From bar_n0ne at hotmail.com Tue Apr 5 10:50:48 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 01:55:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... References: Message-ID: "Skiwi" wrote in message news:d2t5ia$ghp$1@news.spamcop.net... > Greg : > EXCHANGE SNIPPED > > c.c. consltcomm@fin.gc.ca Looks like a form letter, they didn't even address your issue about a straghtforward submission mechanism as done by the Ontario commission. Seems they don't read their mail. From skiwi at spamcop.net Tue Apr 5 00:02:02 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 02:05:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it.... :-( From MikeE at ster.invalid Tue Apr 5 00:05:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:05:11 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > "Mike Easter" >> What message and what server is that? > > Here's one from Juno... > > ---cut--- > This message was created automatically by mail delivery software > NEMESIS/mout on mout.perfora.net[217.160.230.41]. Yep, that's that perfora server I saw in sightings; it is listed in sorbs as a spamsource and its spam output examples can be seen in sightings. In the case of the sightings one I looked at, it was serving spam out from a perfora user IP behind it. Your outgoing mail may go in 1and1 smtp MXes, but it is/must be/ coming out of a perfora server which is getting itself blocked because of spam activity. It is possible that Juno may be using sorbs, or something of their own, or some kind of scoring system which includes sorbs listing. Same way for AOL & Prodigy. The other perfora output servers names seen in senderbase besides mout are mx00 and mx01 -- which are also sorbs listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 5 00:29:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:30:06 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > 1and1 is hosting some domains for me. As a part of that service they > provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is > what I sometimes use when I send email. That is ending up going out the perfora servers which get their mail blocked because they are associated with spam activity. > I occasionally use my ISP's > SMTP server but that's yet another sob story. I would think that clearskye/ westcoast wireless/ would have better luck staying off lists than schlund/perfora >>> I am very happy with their web hosting ability, but this block list >>> crap is wearing me thin. >> >> Maybe you should handle your mail output someother way. > > How so? I don't really want to maintain my own mail server. My ISP > has their own problems with SMTP, which causes me to occasionally > bounce back and forth between using the ISP's SMTP servers and > 1and1's SMTP server(s). I could pay another company to provide SMTP > service I guess, though I'm already paying two companies to provide > it now. > > What other way to you recommend? I don't have any professional or personal experience with smarthosting, but when I read commentary in nanae, some of them recommend hiring out some mail service and charging your webhost for it because of their failure to provide the service. Naturally that would result in a p*ssing contest which would lead to your changing webhosts. Else you would just have to eat the cost of better mail service. Are you talking about much outgoing mail here, or just modest? -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Tue Apr 5 11:34:36 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Apr 5 04:35:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. I've > noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. The problem may be that United Internet (1&1, Schlund, GMX, Kundenserver, ...) is one of the largest web hosting companies (hosting 4,500,000 domains) in Germany/Europe. In such a big company you always will have some 'rotten apples'. So the question is how fast the abuse desk reacts and shuts down such rogue customers. In my personal experience I would say they are more white hat but the reaction time of the abuse desk sometimes seems a little bit slow. - kjz From devnull at spamcop.net Tue Apr 5 04:05:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 09:10:09 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... | Hi All: | | I have been using www.1and1.com as a web host for about 8 months now. I've | noticed that sometimes when I write an email to someone at AOL, it is | blocked with a message that my server is being blocked. | | Also, though less frequent, emails to Prodigy and Juno addresses have been | blocked. 1and1 tech support swears they don't permit spamming, and says | it's just because they are so large that it's inevitable that some emails | that originate from their IP blocks are flagged as spam. | | I am very happy with their web hosting ability, but this block list crap is | wearing me thin. | | Is 1and1 feeding me a line of bull? Do they have any reputation, good or | bad? | | Thanks! My experiance with 1and1 is that tech support/marketing/billing, etc., amouts to a referral to the FAQ regardless of the issue. From bar_n0ne at hotmail.com Tue Apr 5 18:10:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 09:15:02 2005 Subject: [SpamCop-List] hanaro must be hurtin for spammer business Message-ID: Seems like they're back in competition with chinatietong to host spammers. From skiwi at spamcop.net Tue Apr 5 08:16:26 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:20:04 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it! :-( I was considering a scarcastic reply suggesting that I come up and re-write their form letter system to make look a little less like a bollocky cut & paste one... :-) but what the hey... From skiwi at spamcop.net Tue Apr 5 08:28:53 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:30:02 2005 Subject: [SpamCop-List] OptIn's Chapter 11 - Civil suit In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , spamcop writes: > >>At 04:08 PM 4/4/2005, you wrote: >> >>>In article , Anty Spam says... >>> >>> >>>I don't believe that we have debtor's prisons any more. >> >>Sure we do.. if you can't afford a decent attorney, we'll appoint one so >>that you are sure to lose.. what's the difference? > > > Prisons are for those convicted of criminal charges. > The Microsoft action is a civil suit. Maybe he will seek the protection of prison when the boys from Chinatietong et. al. come looking to collect on their unpaid bills? :-) From nobody at xyzzy.claranet.de Tue Apr 5 18:08:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 5 11:15:03 2005 Subject: [SpamCop-List] SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: Message-ID: <4252A9D1.4BE9@xyzzy.claranet.de> Mike Easter wrote: [217.160.230.41]. > listed in sorbs as a spamsource 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, unless they changed their $ 50 unlisting procedures. > mx00 and mx01 -- which are also sorbs listed. Besides 217 = 7 * 31, that's an excellent reason to block this IP, more convincing than SORBS 127.0.0.6. 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 SORBS 127.0.0.6 users are a part of the problem. Bye, Frank From MikeE at ster.invalid Tue Apr 5 10:07:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 12:10:04 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > > [217.160.230.41]. >> listed in sorbs as a spamsource > > 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, > unless they changed their $ 50 unlisting procedures. I have my own gripes about sorbs, mainly based on the fact that I'm not able to use the webbased access to their db because I refuse to provide all the information necessary to register for login. But, I don't have any problem with their creation of a 'spam' db based on their own criteria for listing and delisting. As far as I'm concerned, anyone can make any kind of db they want to make. The power of a db is based on its popularity and usage. Sorbs has a variety of db with lots of different criteria. Only the spam one has the fine feature. >> mx00 and mx01 -- which are also sorbs listed. > > Besides 217 = 7 * 31, that's an excellent reason to block this > IP, more convincing than SORBS 127.0.0.6. I don't grok the significance of 7 * 31 = 217 or if it has anything to do with the IP in question being in the 217 class A. > 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > SORBS 127.0.0.6 users are a part of the problem. sorbs long definition of their .6 is this: - You are a spammer who has spammed a SORBS spamtrap or admin. - You are hosting DNS, webservices or mailservers (etc) for a spammer that has spammed a SORBS spamtrap or admin. - You are an innocent party that has been included in a wider listing policy because your provider is happy to host spammer(s) that have spammed a SORBS spamtrap or admin.? - You had your machine hijacked by one or more spammers who have spammed a SORBS spamtrap or admin. - You have a machine with a virus or trojan that has spammed a SORBS spamtrap or admin. - You run an unsecure mailing list that has been used to spam a SORBS spamtrap or admin. - You inherited the netblock or address after your provider moved a spammer. The long explanation of their $50 delisting 'fine' and how it can be paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get out of the Database of servers sending spam...? Also, if you feel that you have a better suggestion than the fine, Matt Sullivan invites you to make a suggestion, but the suggestion address is temporarily inop because too many requests for removal were being sent there. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Tue Apr 5 12:46:47 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Apr 5 12:50:03 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: In article , "Mike Easter" writes: > Frank Ellermann wrote: >> Mike Easter wrote: >> >> [217.160.230.41]. >>> listed in sorbs as a spamsource >> >> 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 >> >> Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, >> unless they changed their $ 50 unlisting procedures. It is hard for any residential ISP to keep all of their mail servers out of that list because of multi-hop spam, and some still bounce over-quota messages to forged addresses even if they reject or silently delete other messages that they chose not to deliver. > I have my own gripes about sorbs, mainly based on the fact that I'm not > able to use the webbased access to their db because I refuse to provide > all the information necessary to register for login. Matt posted on one of the net.admin.net-abuse. forums about that. It seems that spammers were using the web form to find open proxies and abuseable systems. Some of the redirectors to the forms do not work sometimes. > The long explanation of their $50 delisting 'fine' and how it can be > paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get > out of the Database of servers sending spam...? In some cases the fine can be waived according to postings by Matt in the news.admin.net-abuse.* forums. I am not sure what those conditions are. > Also, if you feel that you have a better suggestion than the fine, Matt > Sullivan invites you to make a suggestion, but the suggestion address is > temporarily inop because too many requests for removal were being sent > there. The current system requires you to sign up for an account in order to send mail to them through their web form. >From Matt's postings, the spammers were mail bombing the web form also. Matt has also posted that the signup will not accept e-mail addresses from "free" providers. Apparently he does not have a complete list as the one that I used worked. It also appears though that to use the SORBS web site, you may have to lower your browser security to accept cookies. Spammers do not seem to like SORBS much. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Tue Apr 5 11:20:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 13:20:11 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: John E. Malmberg wrote: > "Mike Easter" >> I have my own gripes about sorbs, mainly based on the fact that I'm >> not able to use the webbased access to their db because I refuse to >> provide all the information necessary to register for login. > > Matt posted on one of the net.admin.net-abuse. forums about that. > It seems that spammers were using the web form to find open proxies > and abuseable systems. I can understand the desirability of registration; my complaint is about the amount of personal information required. Some people have no problem providing bogus information for a registration. I have a 'variety' of self-imposed rules and behaviors about registration requirements, ranging from evasion or 'cracking', to bogus data, to my real data; depending upon what I think about the integrity or validity of the request. For example, for online newspapers I perform all 3, depending upon the 'situation'. Some I evade by using some community shared login or pw, either 'homespun' by some mailing list participant or 'formal' like bugmenot, some I provide with bogus information, and some I provide with real information, the two which come to mind are the NYT and my local newspaper to which I'm also a subscriber to the deadtree version. In the case of Matt's sorbs, I didn't feel like giving my honest personal information and I didn't want to give bogus information. I also dropped my registration to access to some junk fax db/s and information for the same reasons when that db started requiring 'excessive' personal information. > Some of the redirectors to the forms do not work sometimes. Yes, I remember that being a problem before the registration started. >> The long explanation of their $50 delisting 'fine' and how it can be >> paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get >> out of the Database of servers sending spam...? > > In some cases the fine can be waived according to postings by Matt in > the news.admin.net-abuse.* forums. I am not sure what those > conditions are. The site describes waiving the fine, but the waiver also sez that the IP stays listed. Some waiver "If you are part of a wider netblock that is blocked you are not required to pay the SORBS 'fine' as the entry was not generated because of your actions, however your netblock will not be removed until your upstream removes the spammers." > Matt has also posted that the signup will not accept e-mail addresses > from "free" providers. Apparently he does not have a complete list > as the one that I used worked. gmail currently doesn't. > It also appears though that to use the SORBS web site, you may have to > lower your browser security to accept cookies. I can deal with/ accept/ that. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 11:55:13 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 14:00:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2tb4i$jol$1@news.spamcop.net... > I would think that clearskye/ westcoast wireless/ would have better luck > staying off lists than schlund/perfora They have never been on a block list that I know of. Their issue is that they use Clam Antivirus, which bounces emails that have a ZIP attachment if that ZIP has a compression ratio over a certain amount. Part of my business is to setup database scripts and send them to my clients. When those scripts are processed on my end they are automatically zipped up in a format that is set in stone. The customer only needs to put the zip file into a special folder and run the software I have setup for them. It automatically unzips and does its thing. I don't have a choice on the file format. I had been using 1and1's SMTP for many months when I got sick of the bounces to AOL (mostly Mom) :). So I switched over to my ISP's server only to discover that now I can't send a dang ZIP file to a client because the files in the ZIP are too compressable. They end up compressing at about 95%. The ISP's tech support has been dunderheaded about it. It took me a while to explain to more than one of their techs that just because the bounce message I get says... ---cut--- A virus was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The virus was reported to be: Oversized Zip ---cut--- ...that I don't actually have a virus. I get told to update my virus definitions, etc... I have to explain all over again that a simple ZIP file that contains 50k of "DBF/DBT" files cannot possibly be a virus. Each time I talk to someone it's like starting anew because the guy who runs things is always out of town somewhere. :) I explain to them what a ZIP bomb is, and that that if I had a TXT file that was actually 50 gigabytes of ASCII(20)'s that it would zip into a very tiny ZIP file, and that their software is protecting against that style attack. But the contents of my 2k ZIP file is 50k. I give them the URL of the page at http://www.clamav.net/faq.html which is a FAQ that explains what to do about false positives of Oversized.zip. Bla bla bla.... talk to the hand! :) So I switch back to 1and1, which by then has cleared up the block list problem, only to get on another block list two days later. :) Here are my two options as I see it. 1) Include a superfluous uncompressable file within my ZIP files that will reduce the compression ratio below my ISP's ArchiveMaxCompressionRatio threshold (which they don't know what it is and nobody there that I can speak to has the ability to determine what it is). This will involve some angst in that the process is designed to unzip/process/delete the contents of the ZIP file. There may be ramifications involving unwanted overwrite prompts, etc. 2) Setup an FTP server with a login/password for each client to retrieve their scripts. This is what my ISP's tech support has recommended... which to me is a stuuupid idea. The guy started going off on a spiel about how email was never really intended to send data files. That file attachments was a late addition to email's capabilities from the beginning, and that setting up an FTP server would be the way to go. But that would entail punching a hole through my fiirewall (easy to do but who the hell wants to have an open port 21 if they don't have to?), and worrying about attacks against the FTP server. Also I'd have to train each customer how to use FTP. I'd have to maintain PW/Login's for everyone. Not going to happen just because I want to email a dang 2k ZIP file. Or there's a third possibility I hadn't thought of... I could go on some newsgroups and whine incessantly about this until someone comes up with a better plan! Yeah, that's the ticket! From devnull at spamcop.net Tue Apr 5 16:45:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 15:55:05 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" | Or there's a third possibility I hadn't thought of... I could go on some | newsgroups and whine incessantly about this until someone comes up with a | better plan! Yeah, that's the ticket! The following works for us to avoid the zip/attachment problem http://s11.yousendit.com/ This is a one up/down solution but there may be the ability for one up multiple down load as well. From MikeE at ster.invalid Tue Apr 5 14:03:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 16:05:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > 1) Include a superfluous uncompressable file within my ZIP files that > will reduce the compression ratio below my ISP's > ArchiveMaxCompressionRatio threshold (which they don't know what it > is and nobody there that I can speak to has the ability to determine > what it is). This will involve some angst in that the process is > designed to unzip/process/delete the contents of the ZIP file. There > may be ramifications involving unwanted > overwrite prompts, etc. I read the clamAV faq. The first thing which comes to my mind would be some kind of little promotional .jpg or something to stick in there which doesn't compress much. > 2) Setup an FTP server with a login/password for each client to > retrieve their scripts. This is what my ISP's tech support has > recommended... which to me is a stuuupid idea. FTP is a nice way to handle bigger files, but I agree with you that there would/might/could be a client learning curve to acquire that would/could cause you some grief, probably/perhaps. You might be able to just pass an FTP link to the client in an email and it would all happen automagically or transparently with a browser FTP dl, but I can imagine some glitches which don't happen in email the way you're doing it. And these little files you describe aren't big files anyway. > Or there's a third possibility I hadn't thought of... I could go on > some newsgroups and whine incessantly about this until someone comes > up with a better plan! Yeah, that's the ticket! I don't have any bright ideas which would be innovative. You don't have any control over perfora's tendency to permit spam and get listed. You might not have any control over your ISP's clamAV configuration, altho' that is some kind of possibility. It didn't look to me like they were very large, but I don't know who is in charge of the AV, clearskye, westcoast wireless, or timewarner, who is over westcoast's block. You could acquire yet another smtp provider if there's no other way. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 14:16:02 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 16:20:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Frog Prince" wrote in message news:d2uq7v$clq$1@news.spamcop.net... > The following works for us to avoid the zip/attachment problem > > http://s11.yousendit.com/ Wow, what an interesting business model! They say they transfer over 33 terabytes per day. I wonder why I haven't heard about them yet... Thanks for the heads up! Fuzz From MikeE at ster.invalid Tue Apr 5 14:22:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 16:25:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Frog Prince wrote: > The following works for us to avoid the zip/attachment problem > > http://s11.yousendit.com/ > > This is a one up/down solution but there may be the ability for one up > multiple down load as well. Ah, that's a good one. I used to know about a different one of those that I lost. I'm a little puzzled about the technology; apparently it is https [ssl/tls]. It looks as good/flexible as one of the free/pay ones like sendthisfile. The first time I needed one was when someone who was AOL broadband wanted to email me a 40 meg file. At the time, I didn't even know about services like yousendit and I crawled around all over the place trying to figure out how to do something with someone who wasn't FTP savvy, and didn't use a regular mailuser agent or know how to chop up a file. Plus I don't know about anything AOL. -- Mike Easter kibitzer, not SC admin From president at whitehouse.gov Tue Apr 5 15:29:21 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 17:30:14 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2uqr9$d1s$1@news.spamcop.net... > I read the clamAV faq. The first thing which comes to my mind would be > some kind of little promotional .jpg or something to stick in there > which doesn't compress much. You know, that just may be the ticket! I'll have to remember to always put it there, but at least it should work. Thanks! Fuzz From SCNews.5.myspamgobbler at spamgourmet.com Tue Apr 5 15:52:24 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Apr 5 17:55:02 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 In-Reply-To: References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > John E. Malmberg wrote: > >> "Mike Easter" >> >>>I have my own gripes about sorbs, mainly based on the fact that I'm >>>not able to use the webbased access to their db because I refuse to >>>provide all the information necessary to register for login. >> >>Matt posted on one of the net.admin.net-abuse. forums about that. >>It seems that spammers were using the web form to find open proxies >>and abuseable systems. > > > I can understand the desirability of registration; my complaint is > about the amount of personal information required. > > Some people have no problem providing bogus information for a > registration. I have a 'variety' of self-imposed rules and behaviors > about registration requirements, ranging from evasion or 'cracking', to > bogus data, to my real data; depending upon what I think about the > integrity or validity of the request. For example, for online > newspapers I perform all 3, depending upon the 'situation'. Some I > evade by using some community shared login or pw, either 'homespun' by > some mailing list participant or 'formal' like bugmenot, some I provide > with bogus information, and some I provide with real information, the > two which come to mind are the NYT and my local newspaper to which I'm > also a subscriber to the deadtree version. > > In the case of Matt's sorbs, I didn't feel like giving my honest > personal information and I didn't want to give bogus information. I > also dropped my registration to access to some junk fax db/s and > information for the same reasons when that db started requiring > 'excessive' personal information. > I was also not pleased with how much personal info SORBs asked for. I did supply some real, some not so real. > >>Some of the redirectors to the forms do not work sometimes. > > > Yes, I remember that being a problem before the registration started. > > >>>The long explanation of their $50 delisting 'fine' and how it can be >>>paid is here http://www.us.sorbs.net/faq/spamdb.shtml So how do I get >>>out of the Database of servers sending spam...? >> >>In some cases the fine can be waived according to postings by Matt in >>the news.admin.net-abuse.* forums. I am not sure what those >>conditions are. > > > The site describes waiving the fine, but the waiver also sez that the IP > stays listed. Some waiver "If you are part of a wider netblock that is > blocked you are not required to pay the SORBS 'fine' as the entry was > not generated because of your actions, however your netblock will not be > removed until your upstream removes the spammers." > > >>Matt has also posted that the signup will not accept e-mail addresses >>from "free" providers. Apparently he does not have a complete list >>as the one that I used worked. > > > gmail currently doesn't. > My spamcop address didn't work, but my free spamgourmet account did. Go figure. > >>It also appears though that to use the SORBS web site, you may have to >>lower your browser security to accept cookies. > > > I can deal with/ accept/ that. > I have my settings to always ask, and there are some that I allow. > > From davidctietz at NOSPAMatt.net Tue Apr 5 19:05:46 2005 From: davidctietz at NOSPAMatt.net (David Tietz) Date: Tue Apr 5 18:10:02 2005 Subject: [SpamCop-List] [Sc-Help] Changing Password Message-ID: I have been using the free version of Spamcop for about 2 years now & love it, so I was thinking about upgrading to a paid account. However, when I click on the upgrade link, it asks me to sign in... In that 2 years I have forgotten my password, so I went to the "request password change" form and typed in the e-mail address I registered with: davidctietz@NOSPAMatt.net (remove NOSPAM, of course) and it gave me the error message "Cannot find username for davidctietz@NOSPAMatt.net". This message is opposed to when I entered another of my e-mail addresses, in which case it says "No user found for input: [e-mail address]". Any thoughts as to the problem?? Thanks David Tietz From MikeE at ster.invalid Tue Apr 5 16:46:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 18:45:06 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: David Tietz wrote: > I have been using the free version of Spamcop for about 2 years now You can't login for 2 years without logging in again, the max is 1 year, the default is 12 hours. > when I click on the upgrade link, it asks me to sign in... hmmm. I seem to recall that if logged in, the add fuel link takes one to a payment scheme. > In that 2 years I have forgotten my password, so I went to the > "request password change" form and typed in the e-mail address I > registered with: davidctietz@NOSPAMatt.net (remove NOSPAM, of course) > and it gave me the error message "Cannot find username for > davidctietz@NOSPAMatt.net". You can't change your password without a password. You can't login without a combination user+pw. If you don't have a pw, you aren't logged in. You need to get a new 'signup' letter by going to the 'front page' to signup http://www.spamcop.net/anonsignup.shtml "You may re-run this free authorization whenever you need to. If you do, any previous authorization information associated with your email address will be deleted. " So, you just signup all over again, you'll get the letter and use it to login. Try to hang onto your letter/pw. Things will be a little stickier when you've paid. You'll need a deputy's help if you lose your pw. > Any thoughts as to the problem?? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 5 16:50:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 18:50:03 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: Mike Easter wrote: > You can't login without a combination user+pw. If you don't have a > pw, you aren't logged in. There's a cookie loophole in there somewhere, but I'm not a cookie guru or maven, nor do I think the cookie loophole could help you as much as a new signup. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Apr 5 19:53:00 2005 From: nobody at spamcop.net (Ellen) Date: Tue Apr 5 19:35:06 2005 Subject: [SpamCop-List] Re: [Sc-Help] Changing Password References: Message-ID: "David Tietz" wrote in message news:d2v23q$h25$1@news.spamcop.net... > I have been using the free version of Spamcop for about 2 years now & love > it, so I was thinking about upgrading to a paid account. However, when I > click on the upgrade link, it asks me to sign in... > > In that 2 years I have forgotten my password, so I went to the "request > password change" form and typed in the e-mail address I registered with: > davidctietz@NOSPAMatt.net (remove NOSPAM, of course) and it gave me the > error message "Cannot find username for davidctietz@NOSPAMatt.net". > This message is opposed to when I entered another of my e-mail addresses, in > which case it says "No user found for input: [e-mail address]". > I assume that you are forwarding your spam? Send the email address that you forward your spam to, to deputies admin.spamcop.net (actually we only need the part after the submit. ) and we will figure out what your account name is and get you a new password. Ellen From porpoise1954 at yahoo.co.uk Wed Apr 6 02:25:26 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 20:35:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... > Hi All: > > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. > > Also, though less frequent, emails to Prodigy and Juno addresses have been > blocked. 1and1 tech support swears they don't permit spamming, and says > it's just because they are so large that it's inevitable that some emails > that originate from their IP blocks are flagged as spam. > > I am very happy with their web hosting ability, but this block list crap > is wearing me thin. > > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? I've been with 1and1 for several years and never had any problems. What are you trying to send out? From porpoise1954 at yahoo.co.uk Wed Apr 6 02:33:41 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 20:40:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2sndf$9t7$1@news.spamcop.net... > Fuzz wrote: > >> Also, though less frequent, emails to Prodigy and Juno addresses have >> been blocked. > > That means that some IP is getting itself onto AOL's as well as Juno's > and Prodigy's blocklists. > >> 1and1 tech support swears they don't permit spamming, >> and says it's just because they are so large that it's inevitable >> that some emails that originate from their IP blocks are flagged as >> spam. > > There are a variety of reasons that IPs get themselves blocklisted; and > it behooves a good provider to recognize all of those causes and avoid > or prevent them by good security and spam output prevention, as well as > both proactive prevention of blocklisting plus aggressive efforts to > correct any problems once listings occur. > >> I am very happy with their web hosting ability, but this block list >> crap is wearing me thin. > > Maybe you should handle your mail output someother way. > >> Is 1and1 feeding me a line of bull? Do they have any reputation, >> good or bad? > > I don't think the issue of www.1and1.com is what we are talking about > here. > > 1and1 is Schlund. Schlund is also perfora.net > > If I look around in sightings and see who is notifying schlund about > being a spamsource, I see perfora output servers and I see a perfora > output server currently listed on sorbs as a spamsource server; in fact > there are 4 different perfora output servers so listed in sorbs. > Just as a point of interest; I have been with 1and1 for years but it seems that, just recently, they have had a few customers with insecure webform submittal scripts and are currently doing a sweep of all webforms to check for security issues (I've had a slip-up on one of my scripts :-() pointed out to me - which has subsequently been plugged. So good for them! They take security VERY seriously (which is one of the reasons - besides very good prices - that I have been with them for so long [having tried various other companies]) but, inevitably, occasionally, the odd one will get in below the radar! From porpoise1954 at yahoo.co.uk Wed Apr 6 02:49:54 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 5 21:00:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2uqr9$d1s$1@news.spamcop.net... > Fuzz wrote: > You could acquire yet another smtp provider if there's no other way. > Or, maybe, if it's such a small file anyway, why bother zipping it in the first place? From president at whitehouse.gov Tue Apr 5 19:25:06 2005 From: president at whitehouse.gov (Fuzz) Date: Tue Apr 5 21:30:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Porpoise" wrote in message news:d2vc25$m30$1@news.spamcop.net... > Or, maybe, if it's such a small file anyway, why bother zipping it in the > first place? The file must be zipped with a specific name when the customer drops it into the target directory. There are often as many as a dozen or more (sometimes many more) small DBF/DBT files within the zip. If I could just get a hold of the grand poobah at my ISP I think I can get him to make an allowance. Thanks, Fuzz From devnull at spamcop.net Tue Apr 5 22:32:05 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 21:40:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2vdpk$mvn$1@news.spamcop.net... | | "Porpoise" wrote in message | news:d2vc25$m30$1@news.spamcop.net... | > Or, maybe, if it's such a small file anyway, why bother zipping it in the | > first place? | | The file must be zipped with a specific name when the customer drops it into | the target directory. There are often as many as a dozen or more (sometimes | many more) small DBF/DBT files within the zip. | | If I could just get a hold of the grand poobah at my ISP I think I can get | him to make an allowance. Off the wall and may not work. Compress the file or whatever you do to it ==> data.zip Rename the file junk.xyz Send the file have an auto.exe rename the file data.zip and copy/move to the selected folder. From redball at mindspring.com Wed Apr 6 08:14:59 2005 From: redball at mindspring.com (Trish Roberts-Miller) Date: Wed Apr 6 08:18:23 2005 Subject: [SpamCop-List] *I'm* blacklisted? In-Reply-To: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: <4253D2C3.2080501@mindspring.com> I just received this message in failed mail: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: Alfred.Bertrand@oxon.blackwellpublishing.com SMTP error from remote mailer after RCPT TO:: host obp-mailchk2.oxon.blackwellpublishing.com [194.128.227.6]: 550 Rule imposed as redball@mindspring.com is blacklisted on SpamCop (see www.spamcop.net) ----- Needless to say, I've never heard anything from spamcop, and I didn't even know there was a way to block a specific email. I don't know the numeric IP address, so I can't even see if earthlink is blocked. Yipes! -- Trish Roberts-Miller redball@mindspring.com http://www.cwrl.utexas.edu/~robertsmiller/homepage.html "though we could fool each other, we should consider-- lest the parade of our mutual life get lost in the dark." ("A Ritual to Read to Each Other" Wm. Stafford) From MikeE at ster.invalid Wed Apr 6 07:00:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 09:00:05 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: Trish Roberts-Miller wrote: > I just received this message in failed mail: That message isn't accurate as stated, since the SC blocklist doesn't list email addresses; it is a DNSbl. > This message was created automatically by mail delivery software. > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) > failed: > > Alfred.Bertrand@oxon.blackwellpublishing.com > SMTP error from remote mailer after RCPT > TO:: host > obp-mailchk2.oxon.blackwellpublishing.com [194.128.227.6]: 550 > Rule imposed as redball@mindspring.com is blacklisted on SpamCop (see > www.spamcop.net) blackwellpublishing.com's mxes are that mailchk2 at .6 above and mailchk1 at .5 Presumably the mx rejected the item from your EL server, but gave the bad information of naming your sending email address instead of naming the EL IP which was listed. EL does manage to get its servers listed from time to time; usually not by spamcop. It is also possible that the server also gave bad information about which blocklist; ie the blocklist might've been some other than SC's, but the non-delivery information sez SC erroneously just like it sez the email address erroneously. > Needless to say, I've never heard anything from spamcop, and I didn't > even know there was a way to block a specific email. I don't know the > numeric IP address, so I can't even see if earthlink is blocked. Yep, that's a problem all right. The way I would go about trying to see if some EL server/s are currently listed would be to go to senderbase, I went thru the top 15 or so to find this.... 209.86.89.64 rDNS smtpauth04.mail.atl.earthlink.net is currently listed in sorbs spam 209.86.89.65 rDNS smtpauth05.mail.atl.earthlink.net is currently listed in SCbl http://www.spamcop.net/w3m?action=checkblock&ip=209.86.89.65 - If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours. - System has sent mail to SpamCop spam traps in the past week > Yipes! There are many ways an EL server can get itself listed, not the least of which is that EL permits its customers to enable spamcontrol with challenge response. The C/R can be turned off, but the default is on for those who choose high spamblocking. EL also has some other bad practices which I regularly berate them for in the EL support ng/s. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 6 07:06:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 09:05:04 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: I'll put the bottom line here in less words, all that other while I was figuring out a possibility may be confusing. Trish Roberts-Miller wrote: > I don't know the > numeric IP address, so I can't even see if earthlink is blocked. At least one of EL's output servers is currently SCbl listed for hitting spamtraps. 209.86.89.65 listed in bl.spamcop.net smtpauth05.mail.atl.earthlink.net Then, your mindspring mail tries to go out that server, it gets rejected and the rejection message isn't properly informative. EL has many many scores of output servers. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Apr 6 11:24:30 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Apr 6 11:25:30 2005 Subject: [SpamCop-List] ComCast still hard at it Message-ID: Started my reporting this morning ... I received an auto-ack to my first ComCast sourced spew at 0929 GMT -5 .... however, I then received the following message for the next seven complaints; (I've no idea what TZ this relates to?) Subject: Returned mail: delivery problems encountered A message (from ) was received at 6 Apr 2005 14:36:36 +0000. The following addresses had delivery problems: Permanent Failure: 522_mailbox_full;_sz=629145218/629145600_ct=74214/100000 Delivery last attempted at Wed, 6 Apr 2005 14:36:36 -0000 From nobody at xyzzy.claranet.de Wed Apr 6 19:00:31 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 12:05:08 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: <4254079F.7B8E@xyzzy.claranet.de> WazoO wrote: > I've no idea what TZ this relates to? Looking from GMT 5 hours in your direction, that's apparently your timezone. 7 hours would be Mike, and 4 hours is Ellen. As usual I'm lost with these calculations, Ellen never said that she lives in Greenland or the Bermudas... ;-) No, wait, DST, all one hour to the West, Ellen is Eastcoast, Mike is Westcoast, and you're in between. > _sz=629145218/629145600_ct=74214/100000 About 75000 unread abuse reports in 625 MB, average size 8400 bytes. And Spamcast customers are scum, not exactly "news". Bye, Frank From president at whitehouse.gov Tue Apr 5 23:48:37 2005 From: president at whitehouse.gov (Fuzz) Date: Wed Apr 6 12:25:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Frog Prince" wrote in message news:d2vece$nb5$1@news.spamcop.net... > Compress the file or whatever you do to it ==> data.zip > Rename the file junk.xyz The other day I tried naming it to *.txt but it still hit the filter. My ISP has *not* told me that they *can't* fix it. They just said that the guy who is able to access the SMTP server configuration is out of town. I'll just have to wait and see. We just had DSL come here to our little town, which is tempting me sorely. Right now I'm on a wireless connection, which is pretty fast. About 1.5m down and 750k up. But I'm paying $100/month for that. The DSL is through Verizon, which I've had before when I lived in Long Beach, CA, and I was very unhappy with their service. A call to tech support always resulted in a 45 minute wait, only to speak with someone who was in perpetual rudimentary computer skills training. :) Fuzz From president at whitehouse.gov Tue Apr 5 23:53:18 2005 From: president at whitehouse.gov (Fuzz) Date: Wed Apr 6 12:25:17 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Porpoise" wrote in message news:d2vak8$lbk$1@news.spamcop.net... > I've been with 1and1 for several years and never had any problems. What > are you trying to send out? Nothing out of the ordinary. Just a TXT based email to an AOL address. Juno and Prodigy have also blocked them on occasion. Perhaps you're connecting to a different SMTP server? They've had me use smtp.1and1.com from the beginning. Then when I complained of being blocked by AOL they had me try these... 217.160.230.51 217.160.230.50 217.160.230.52 All of which had been getting blocked at one time or another. Fuzz From nobody at xyzzy.claranet.de Wed Apr 6 19:25:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 12:30:03 2005 Subject: [SpamCop-List] ClamAV clueless (was: 1and1 Internet SMTP servers) References: Message-ID: <42540D6E.1C7F@xyzzy.claranet.de> Fuzz wrote: >| The virus was reported to be: >| Oversized Zip Only because your 2 KB compress 50 KB ? LOL. > Include a superfluous uncompressable file within my ZIP > files that will reduce the compression ratio below my ISP's > ArchiveMaxCompressionRatio threshold What a headache. How about using tgz (= gzipped tar) ? Or find the ZIP switch where you can say "fast instead of small". > The guy started going off on a spiel about how email was > never really intended to send data files. True, but if he knows this he also knows the ZIP-bomb issue, and why 50 KB won't kill a single-sided 5.25" floppy. > there's a third possibility I hadn't thought of... I could go > on some newsgroups and whine incessantly about this until > someone comes up with a better plan! Yeah, that's the ticket! ACK, good plan, but it needs a better subject. ;-> Bye, Frank From nttp.sc.s at bigsleep.org Wed Apr 6 18:09:17 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 6 13:10:04 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: On 05 Apr 2005 Porpoise entered spamcop and left news:d2vb3o$lka$1@news.spamcop.net: > I have been with 1and1 for years but it seems that, just recently, > they have had a few customers with insecure webform submittal scripts > and are currently doing a sweep of all webforms to check for security > issues (I've had a slip-up on one of my scripts :-() pointed out to > me - which has subsequently been plugged. So good for them! They take > security VERY seriously (which is one of the reasons - besides very > good prices - that I have been with them for so long [having tried > various other companies]) but, inevitably, occasionally, the odd one > will get in below the radar! > I don't like that scenario. If all mail goes out the same server, that means anyone can write a screwy script and get everyone blocked. I don't think they should relay mail for scripts, or only allow local relaying. If I write a screwy script (and I have), only I get blocked and only I am to blame since I check all scripts. -- | Ric | From nobody at xyzzy.claranet.de Wed Apr 6 20:06:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Apr 6 13:15:08 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: <42541718.55A0@xyzzy.claranet.de> Mike Easter wrote: > I have my own gripes about sorbs For their other zones the listing and delisting procedures are rather clear and "normal". > anyone can make any kind of db they want to make. The power > of a db is based on its popularity and usage. Yes, and SORBS abuses the poularity of its other zones for the private agenda in the 127.0.0.6 zone. > Only the spam one has the fine feature. It's not ordinary spam, it's spam to addresses of SORBS admins. They are not interested to protect you and me, they protect their own mailboxes with the $50 fine and 127.0.0.6. > I don't grok the significance of 7 * 31 = 217 It has absolutely no significance at all, like SORBS 127.0.0.6. I'm very upset about this because I used and propagated SORBS from rxwhois 1.3 up to rxwhois 1.6.x until I finally found out how stupid I've been. My total ignorance about SORBS 127.0.0.6 was very embarassing. Bye, Frank -- IN 1.3, OUT 1.6.x: From nttp.sc.s at bigsleep.org Wed Apr 6 18:16:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 6 13:20:06 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: On 05 Apr 2005 Mike Easter entered spamcop and left news:d2ud0l$5md$1@news.spamcop.net: > I have my own gripes about sorbs, mainly based on the fact that I'm not > able to use the webbased access to their db because I refuse to provide > all the information necessary to register for login. > I tried to register when I started using their list, but the form never worked correctly, nothing happened when I submitted the form. Yes, I noticed you have to register to do a lookup now, but I don't have a problem with that since I can make my own form anyway. I should probably try and register again, I don't even remember what address I used, ah I don't have time for this shit. -- | Ric | From lise.tr372 at videotron.ca Wed Apr 6 17:56:18 2005 From: lise.tr372 at videotron.ca (Lise) Date: Wed Apr 6 17:00:02 2005 Subject: [SpamCop-List] I lack Fuel !! Message-ID: and don't have the money right now to add some :( can I still report spam in between ? Lise From nobody at devnull.spamcop.net Wed Apr 6 16:13:15 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Wed Apr 6 18:15:11 2005 Subject: [SpamCop-List] Re: I lack Fuel !! In-Reply-To: References: Message-ID: "If you wanna run cool You got to run On heavy, heavy fuel" -- Dire Straits, "Heavy Fuel" (1991) From porpoise1954 at yahoo.co.uk Thu Apr 7 00:20:15 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 6 18:30:05 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Blammo" wrote in message news:Xns9630675B133F1blammo@216.154.195.61... > On 05 Apr 2005 Porpoise entered spamcop and left > news:d2vb3o$lka$1@news.spamcop.net: > >> I have been with 1and1 for years but it seems that, just recently, >> they have had a few customers with insecure webform submittal scripts >> and are currently doing a sweep of all webforms to check for security >> issues (I've had a slip-up on one of my scripts :-() pointed out to >> me - which has subsequently been plugged. So good for them! They take >> security VERY seriously (which is one of the reasons - besides very >> good prices - that I have been with them for so long [having tried >> various other companies]) but, inevitably, occasionally, the odd one >> will get in below the radar! >> > > I don't like that scenario. If all mail goes out the same server, that > means anyone can write a screwy script and get everyone blocked. I don't > think they should relay mail for scripts, or only allow local relaying. All webforms are effectively scripts (that's how you get the data from the form on your website into your email inbox). The problem arises when people use insecure scripts that don't lock down who the allowable sender/recipients can be (effectively allowing anyone from anywhere to use it for sending spam to all-and-sundry and making it appear to come from the hapless customer. Fortunately, 1and1 are very "on-the-ball" in this respect and are constantly hunting out errant webform mailing scripts. > If I write a screwy script (and I have), only I get blocked and only I am > to blame since I check all scripts. > It depends whose server it's on and whose mailserver it sends the data through. It's not quite that simple. Email could go out through any one of hundreds of Mx servers and the same email address doesn't necessarily always go out through the same mail server - it's somewhat transparent to the customer - "auth.smtp.1and1.co.uk" (or .com, or .de - whatever) isn't *a* server - it could be any number of servers at any given time, depending on a number of factors including local load/geographical location etc. This is just a selection of the "auth.smtp.1and1.co.uk" mailservers some of my mails have gone out through over the last couple of days (and there are plenty more where that came from): 212.227.126.186 212.227.126.185 212.227.126.208 212.227.126.176 212.227.126.207 212.227.126.171 212.227.126.189 212.227.126.206 From lise.tr372 at videotron.ca Wed Apr 6 20:36:47 2005 From: lise.tr372 at videotron.ca (Lise) Date: Wed Apr 6 19:40:03 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: well I see SpamCop is lending me some fuel for now, maybe from you ;) ... Lise --------------- "LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m" wrote in message news:d31mts$di$1@news.spamcop.net... > "If you wanna run cool > You got to run > On heavy, heavy fuel" > > -- Dire Straits, "Heavy Fuel" (1991) > From MikeE at ster.invalid Wed Apr 6 17:42:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 19:45:04 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: Lise wrote: > and don't have the money right now to add some :( > > can I still report spam in between ? When you are a free reporter you can still report, you just don't have the same perq/s as a paid one. -- Mike Easter kibitzer, not SC admin From philip at pch.home.cs.vu.nl Thu Apr 7 01:40:54 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Apr 6 20:10:55 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: <7g4l6gr81vikuvan65jfgdpbp7@inews_id.stereo.hq.phicoh.net> In article , John E. Malmberg wrote: >In article , > "Mike Easter" writes: >> Frank Ellermann wrote: >>> Mike Easter wrote: >>> >>> [217.160.230.41]. >>>> listed in sorbs as a spamsource >>> >>> 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 >>> >>> Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, >>> unless they changed their $ 50 unlisting procedures. > >It is hard for any residential ISP to keep all of their mail servers out of >that list because of multi-hop spam, and some still bounce over-quota messages >to forged addresses even if they reject or silently delete other messages >that they chose not to deliver. Independent of any SORBS/127.0.0.6 or other issues, 217.160.0.0/16 does generate/forward enough spam to be listed. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it had been hard done by. It was allowed to keep its horse, since horses were so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From MikeE at ster.invalid Wed Apr 6 19:08:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 21:10:02 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 References: <4252A9D1.4BE9@xyzzy.claranet.de> <7g4l6gr81vikuvan65jfgdpbp7@inews_id.stereo.hq.phicoh.net> Message-ID: Philip Homburg wrote: > Independent of any SORBS/127.0.0.6 or other issues, 217.160.0.0/16 > does generate/forward enough spam to be listed. I didn't have any trouble finding any perfora spam in sightings. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Wed Apr 6 19:18:58 2005 From: tdy at blackhole.invalid (N. Miller) Date: Wed Apr 6 21:20:03 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: In article , WazoO says... > Started my reporting this morning ... I received an auto-ack to > my first ComCast sourced spew at 0929 GMT -5 .... however, > I then received the following message for the next seven > complaints; (I've no idea what TZ this relates to?) > Subject: Returned mail: delivery problems encountered > A message (from ) was received at 6 Apr 2005 14:36:36 +0000. > The following addresses had delivery problems: > > Permanent Failure: 522_mailbox_full;_sz=629145218/629145600_ct=74214/100000 > Delivery last attempted at Wed, 6 Apr 2005 14:36:36 -0000 I haven't had an ameritech.net source of spam since Februry 18, 2005. My latest SBC source of spam was from snet.net on March 26, 2005. By contrast, my latest comcast.net spam source came through on April 4, 2005. Whereas, in January, 2005 my SBC sourced email spam was running ahead of Comcast sourced email spam by about six to one, I have not seen an SBC sourced email spam since shortly after my own SBC IP address was blocked for port 25 outbound; maybe I was one of the last SBC IP address ranges to be blocked by SBC. The contrast is interesting. Comcast stated that they would implement port 25 blocking, but as a reactive measure. Sufficient complaints and Comcast would block a customers outbound port 25. SBC, however, is implementing outbound port 25 blocks proactively; customers won't find out until their email stops working. If they only use designated SMTP servers, they will never notice. If they do find themselves blocked, they can request unblocking. Presmuambly this will be better because customers who know enough to use third party SMTP servers probably also know enough to avoid becoming infected with spambots. It remains to be seen how this will play out; but, if SBC's dynamic IP address pools are mostly blocked as spam sources, maybe their abuse email address won't overflow. They might even have enough time to run a thorough examination of a complaint; and act quickly. Or not... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Wed Apr 6 19:26:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 6 21:25:02 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: N. Miller wrote: > The contrast is interesting. Comcast stated that they would implement > port 25 blocking, but as a reactive measure. EL stated they would do 'selective' port 25 blocking based on 'something' - but they don't do diddly. Not one thing. Not even if you point them to a proxified user IP which is putting out as much spam as a normal busy EL output server puts out mail, according to senderbase stats. > Sufficient complaints > and Comcast would block a customers outbound port 25. SBC, however, > is implementing outbound port 25 blocks proactively; customers won't > find out until their email stops working. Good for comcast & sbc. EL is clueless. EL also currently has 6 output servers blocklisted by sorbs or spamcop for hitting spamtraps, more cluelessness. I don't have any way of knowing if it is from their challenge scheme or something else. -- Mike Easter kibitzer, not SC admin From tdy at blackhole.invalid Wed Apr 6 19:28:39 2005 From: tdy at blackhole.invalid (N. Miller) Date: Wed Apr 6 21:30:02 2005 Subject: [SpamCop-List] Re: *I'm* blacklisted? References: <200504040815.1diqu2y73Nl3oJ1@wanamaker.mail.atl.earthlink.net> Message-ID: In article , Trish Roberts-Miller says... > Needless to say, I've never heard anything from spamcop, and I didn't > even know there was a way to block a specific email. I don't know the > numeric IP address, so I can't even see if earthlink is blocked. Yipes! #1. It is possible to block a specific email at the MTA; I do it for a select few of email addresses. The error message that my MTA sends back should refer to a "killfile". #2. Most blocks, even in my case, are by IP addresses. I use about eight DNSBLs to check the sources by IP address. #3. My own ISP gets its customer output SMTP servers blocked at AOL from time to time. I have never checked if they get listed by the DNSBLs. Maybe they do. But they usually work out the issue with AOL, and I have never had any other trouble sending email. #4. I use SpamCop on a regular basis. I also report C/R challenges as spam. As Mike points out, EL is famous for touting their C/R system. If enough SC users report EL challenges from EL output SMTP servers, they can get listed. #5. Unless it is one of the rare email blocks, there is nothing personal in blocking. IP address blocking is imposed on the party responsible for controlling traffic emanating from those IP addresses which are blocked; that would be your ISP, not you. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From me at privacy.net Thu Apr 7 02:54:16 2005 From: me at privacy.net (Michael R N Dolbear) Date: Wed Apr 6 21:55:06 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: <01c53afe$4015c580$LocalHost@default> Fuzz wrote > "Porpoise" wrote > > Or, maybe, if it's such a small file anyway, why bother zipping it in the > > first place? > > The file must be zipped with a specific name when the customer drops it into > the target directory. There are often as many as a dozen or more (sometimes > many more) small DBF/DBT files within the zip. Why not zip the zipped file (and unzip it twice the far end) ? The apparent compression will then be negative which is certainly outside the range the anti-virus is objecting to ! -- Mike D From Nobody at Spamcop.net Thu Apr 7 01:44:42 2005 From: Nobody at Spamcop.net (Nobody) Date: Thu Apr 7 01:45:23 2005 Subject: [SpamCop-List] Sometimes Manual LARTs Work Fine Message-ID: <4254C8CA.BFE81A4A@Spamcop.net> All: Got the following autoack from Yahoo! in reply to a manual LART on an embedded Yahoo link that SpamCop parser didn't pick up and report. Yahoo! took a look and determined the mailbox was supporting spam. Note the classy cultural clues: Russian scientific genius, important contracts in Central America, corporate offices in Las Vegas and.........Newport Beach, Calif., the "maggot mile" of the West Coast -- where yaks and singers from Boca Raton go when they want to work the West Coast for a while. And Vancouver is the penny-stock armpit of the continent. Yeah, this company is a beacon of business ethics, I can tell. Oh, and I forwarded a copy of the spam to SEC's net-enforcement address. Here's what the stock has been doing in the last six months; note the volume surge in the last few days: http://bigcharts.marketwatch.com/intchart/frames/main.asp?time=7&freq=1&compidx=aaaaa%3A0&comp=NO_SYMBOL_CHOSEN&ma=3&maval=50&uf=8&lf=4&lf2=268435456&lf3=32&type=64&style=380&size=2&sid=0&o_symb=YPIL&startdate=&enddate=&show=&symb=YPIL&draw.x=78&draw.y=7 Applause for Harry at Yahoo! for checking it out and crimping their style. BTW, I've checked some other, similar spams (not this one), similar in form and header treatment, and they came from orgs controlled or partnered by Michael Lindsay of San Jose, California, who is big on the ROKSO list. Michael Just a Humble Spam Reporter ____________________________________________ Hello, Thank you for contacting Yahoo! Customer Care. Mass distribution of unsolicited email messages, or "spamming", violates the Yahoo! Terms of Service (TOS). Although it does not appear that this message originated from the Yahoo! Mail system, there is a "@yahoo.com" address within the message or message headers and we believe that this account is being used in connection with the unwanted email message. Consequently, we have taken appropriate action against this account as per the Yahoo! Terms of Service (TOS). For further information about the Yahoo! Terms of Service, you can visit: http://docs.yahoo.com/info/terms/ Please know that Yahoo! is unable to disclose the action taken on another user's account with a third party. We are not able to make exceptions to this rule. Thank you again for contacting Yahoo! Customer Care. Regards, Harry Yahoo! Customer Care http://www.yahoo.com/ 13554404 Original Message Follows: ------------------------- Gentlemen: This morning I received the spam e-mail pasted into this message inline below. The spammer is supported by a Yahoo e-mail address at the end of the heavily munged message. Yours truly, [Redacted] ________________________________________________________ Return-Path: Received: from [64.18.0.62] (HELO psmtp.com) by mail.[redacted] (CommuniGate Pro SMTP 4.2.1) with SMTP id 164298889; Mon, 04 Apr 2005 05:54:08 -0500 Received: from source ([218.48.46.41]) by exprod5mx110.postini.com ([64.18.4.10]) with SMTP; Mon, 04 Apr 2005 06:52:36 EDT Received: from wurldlink.net ([200.2.204.20]) by egyptian.frontiernet.net (InterMail vK.4.04.00.00 754-493-939 license [redacted]) with ESMTP id <[redacted].offset@wurldlink.net> for <[redacted]>; Mon, 04 Apr 2005 [DTG redacted] +0100 Date: Mon, 04 Apr 2005 [redacted] -0300 From: "Lynn Sandoval" Subject: Dominating picks from market news alerts X-Originating-IP: [198.182.207.3] To: <[redacted]> Message-ID: <[redacted]@lockian.frontiernet.net> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.4281.24) Content-type: text/plain X-VirusChecked: Checked X-Env-Sender: affiliate@wurldlink.net X-StarScan-Version: 5.3.26; banners=S_FROM_DOMAIN,-,- Original-recipient: [redacted] X-pstn-levels: ([redacted] ) Yap International, Inc.(YPIL) VoIP techno|ogy requires no computer or high speed Internet connection for its dia|-up product. Current Price: $.11 Watch This Stock Monday Some of These Litt|e VOIP Stocks Have Been Rea|ly Moving Lately. And When Some of them Move, They Rea|ly Go...Gains of 100%, 2OO% or More Are Not Unheard Of. Break News!! The past months have seen Yap Internationa| executing on its p|an to become a |eading supp|ier of VoIP techno|ogy including the following milestones: On January 19, 2005, in an effort to further enhance its management team, Yap Internationa| announced the appointment of Dr. V|adimir Karpenkov, MS, Ph.D. as the Company's Chief Information Officer. Dr. Karpenkov ... Our agreement with Securities Trading Services Inc. and the developments of the past months |eaves us with tools necessary to commercia|ize and market our products on a g|oba| scale. We expect our milestones to be met and thus executing our business plan as anticipated??, stated Jan Olivier, CEO of Yap International Inc. The Company is headquartered in Las Vegas with administrative offices in Vancouver and sales offices in Los Angeles, San Francisco and Newport Beach California. ---------------------------------------- And Please Watch this One Trade Monday! Go Ypil ----------------------------------------- Information within this pub|ication contains future |ooking statements within the meaning of Section 27A of the Securities Act of 1933 and .... If you wish to stop future mai|ings, or if you fee| you have been wrongfully p|aced in our membership, please go here or send a b|ank e mail with No Thanks in the subject to st0ck54@ yahoo.com From Nobody at Spamcop.net Thu Apr 7 01:52:41 2005 From: Nobody at Spamcop.net (Nobody) Date: Thu Apr 7 01:55:03 2005 Subject: [SpamCop-List] Re: What Am I Looking At? References: <42262264.A5F21544@Spamcop.net> Message-ID: <4254CAA9.5F93F02B@Spamcop.net> "N. Miller" wrote: > > In article <42262264.A5F21544@Spamcop.net>, Nobody says... > > How do I get to the internal links so SpamCop can lart the proxy owners? > > The proxy owners who should get the notifies are in the headers. Anything in > the body is a hosting service. While it would be nice to notify them, if you > are encountering the "too many links" foil, all that you can do is a manual > notify. > > -- > Norman Norman, Thanks for the suggestion, I've been doing that, and chasing the internal links through GEEKtools and SamSpade.org has led to some very reportable, ROKSO-listed spamhosts. Thanks for the suggestion, and happy to pile on. Michael From nobody at spamcop.net Thu Apr 7 00:11:04 2005 From: nobody at spamcop.net (RandallW) Date: Thu Apr 7 02:15:04 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: "N. Miller" wrote in message news:MPG.1cbe2a5c84908b839897cf@news.spamcop.net... > > I haven't had an ameritech.net source of spam since Februry 18, 2005. My > latest SBC source of spam was from snet.net on March 26, 2005. By contrast, > my latest comcast.net spam source came through on April 4, 2005. > > Whereas, in January, 2005 my SBC sourced email spam was running ahead of > Comcast sourced email spam by about six to one, I have not seen an SBC > sourced email spam since shortly after my own SBC IP address was blocked for > port 25 outbound; maybe I was one of the last SBC IP address ranges to be > blocked by SBC. > > The contrast is interesting. Comcast stated that they would implement port > 25 blocking, but as a reactive measure. Sufficient complaints and Comcast > would block a customers outbound port 25. SBC, however, is implementing > outbound port 25 blocks proactively; customers won't find out until their > email stops working. If they only use designated SMTP servers, they will > never notice. If they do find themselves blocked, they can request > unblocking. Presmuambly this will be better because customers who know > enough to use third party SMTP servers probably also know enough to avoid > becoming infected with spambots. > > It remains to be seen how this will play out; but, if SBC's dynamic IP > address pools are mostly blocked as spam sources, maybe their abuse email > address won't overflow. They might even have enough time to run a thorough > examination of a complaint; and act quickly. Or not... > > SBC claims they sent mail to their customers last year informing them they would start doing that port 25 block. From nobody at devnull.spamcop.net Thu Apr 7 16:15:48 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Apr 7 02:20:02 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine In-Reply-To: <4254C8CA.BFE81A4A@Spamcop.net> References: <4254C8CA.BFE81A4A@Spamcop.net> Message-ID: Nobody wrote: > All: > > Got the following autoack from Yahoo! in reply to a manual LART on an > embedded Yahoo link that SpamCop parser didn't pick up and report. > Yahoo! took a look and determined the mailbox was supporting spam. > > ... > > Applause for Harry at Yahoo! for checking it out and crimping their > style. > > ... Sometimes they get it, sometimes not. Sometimes they just reply that the spam did not originate from Yahoo!, and that the headers were forged, but completely ignore the Yahoo! contact addresses in the message body. I had a similar case this week where I pointed them to the scam contact address, plus the http://profiles.yahoo.com/... user profile to show that the account was still alive. The reply was that they have forwarded the complaint to another department to check whether the profile in question was appropriate. From nttp.sc.s at bigsleep.org Thu Apr 7 09:41:41 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Apr 7 04:46:51 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: On 06 Apr 2005 Porpoise entered spamcop and left news:d31nlq$ov$1@news.spamcop.net: > > All webforms are effectively scripts (that's how you get the data from > the form on your website into your email inbox). The problem arises > when people use insecure scripts that don't lock down who the > allowable sender/recipients can be (effectively allowing anyone from > anywhere to use it for sending spam to all-and-sundry and making it > appear to come from the hapless customer. > That's not exactly what the flaw was in formmail and that's not what the spambots look for. > Fortunately, 1and1 are very "on-the-ball" in this respect and are > constantly hunting out errant webform mailing scripts. > So which comes first, the 1and1 or the spammer? Spammers are on the ball too, that's my point. >> If I write a screwy script (and I have), only I get blocked and only >> I am to blame since I check all scripts. >> > > It depends whose server it's on and whose mailserver it sends the data > through. > > It's not quite that simple. Email could go out through any one of > hundreds of Mx servers and the same email address doesn't necessarily > always go out through the same mail server - it's somewhat transparent > to the customer - "auth.smtp.1and1.co.uk" (or .com, or .de - > whatever) isn't *a* server - it could be any number of servers at any > given time, depending on a number of factors including local > load/geographical location etc. > Certainly they know who their own servers are, I don't see what difference it makes what server it comes from, or what server it goes out of. > This is just a selection of the "auth.smtp.1and1.co.uk" mailservers > some of my mails have gone out through over the last couple of days > (and there are plenty more where that came from): > Again, this really doesn't apply to scripts, since scripts (at least the ones I know of) open a program to send the message to, the mail program doesn't necessarily have to use SMTP at all. It doesn't matter how many mail servers they have, they MUST know if the message is coming from one of their own machines, and if its destined to one of their own servers. -- | Ric From nttp.sc.s at bigsleep.org Thu Apr 7 09:58:46 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Apr 7 05:00:37 2005 Subject: [SpamCop-List] Re: I lack Fuel !! References: Message-ID: On 06 Apr 2005 Lise entered spamcop and left news:d31ide$to1$1@news.spamcop.net: > and don't have the money right now to add some :( > > can I still report spam in between ? > Don't sweat it, you only lose the empty user report box (and possibly some other things you probably don't use), and when you pay up everything returns to normal. See also (last paragraph) http://www.spamcop.net/fom-serve/cache/288.html But if you wanna run cool.... -- | Ric From nobody at spamcop.net Thu Apr 7 11:41:10 2005 From: nobody at spamcop.net (-) Date: Thu Apr 7 05:45:28 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: We have hosted our own mail and web servers with 1and1 for more than 5 years and one thing is clear: They take abuse reports very seriously. One or two complaints together with evidence and the spammers are shut down. Like all big ISPs and hosting providers, they also have problems with spammers. If you run your own mailserver on their network, they run random weekly scans on your servers for open SMTP relays and open proxies and if they find one, your IP will be blocked for outgoing until you fixed the problem. The best solution is always to run your own mailserver, however, this is not everybody's cup of tea. Regards, John From nobody at spamcop.net Thu Apr 7 11:49:51 2005 From: nobody at spamcop.net (Anti-Spam) Date: Thu Apr 7 11:00:20 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: "Mike Easter" wrote in message news:d3224c$65t$1@news.spamcop.net... > N. Miller wrote: > > Sufficient complaints > > and Comcast would block a customers outbound port 25. SBC, however, > > is implementing outbound port 25 blocks proactively; customers won't > > find out until their email stops working. > > Good for comcast & sbc. EL is clueless. EL also currently has 6 output > servers blocklisted by sorbs or spamcop for hitting spamtraps, more > cluelessness. I don't have any way of knowing if it is from their > challenge scheme or something else. I regularly get C/R from EL triggered by spam they receive. Since the last change to the SC TOS, into the SC queue it goes. And as Mike observes, SC isn't the only anti-spam service with this attitude regarding C/R. I concur with Mike's opinion: EL is a bad Netizen in their spam handling. Their business practice doesn't appear too swift either, by deliberately getting themselves blocked and degrading their own e-mail service like this. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: can@kbhcyonkopypg.net (generated by Webpoison) From mailing_jg at cantimplora.com.ar Thu Apr 7 13:50:39 2005 From: mailing_jg at cantimplora.com.ar (JulianG) Date: Thu Apr 7 11:55:08 2005 Subject: [SpamCop-List] Need to know which email account has been reported as spammer Message-ID: If my server is blacklisted, how can I know which email account or accounts are the ones have been reported as spammers? My univerity is a large organization and I need to find who is sending Spam. thanks, JulianG From pxpearson at spamxcop.net Thu Apr 7 09:57:30 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Thu Apr 7 12:00:05 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: JulianG wrote: > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? > > My univerity is a large organization and I need to find who is sending > Spam. Since spammers routinely forge "From" lines and "From:" lines, there is no trail back to any email address. The IP address that injected the spam into the Internet is available in the header, and tracing must begin from there. Given the IP address and timestamp (also in the header), I hope your server's log files will help identify the culprit. -- Remove the two x's to get a good email address. From dannyg at dannyg.com Thu Apr 7 10:13:44 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Thu Apr 7 12:13:53 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine In-Reply-To: <200504071600.j37G0JvQ002889@dannyg.com> Message-ID: > Consequently, we have taken > appropriate action against this account That phrase in LART responses always bothers me. It's sooo weasely. What's appropriate? To whom? Does that mean just a warning? If you canned his butt, why not say so? Danny http://www.dannyg.com http://www.spamwars.com From MikeE at ster.invalid Thu Apr 7 10:13:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 12:15:04 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: JulianG wrote: > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? What IP are we trying to talk about but not really? You can take the IP in question to this page http://www.spamcop.net/bl.shtml "You can check the status of any server by entering its address:" - and then, if positive, that page also provides links to additonal information. The spamcop parser is designed to not name a server as a source if there is a user IP behind it; that is, the parser is designed to call the server a relay not a source, and sources are listed, not relays. If the parser is unfamiliar with the relay or if the server's Received tracelines are misconfigured the parser may errantly name a server as a source. A server may also be named as a source because it is doing belated 'bounces' which are newmails addressed to bogus froms. That type of server activity may be reported by a reporter or be a cause of spamtraps being hit. Similarly some outofoffice abusive automails. You don't get to see any evidence from spamtrap hits. If you are in control of a server, it should have logs. If you are in control of a server it shouldn't be designed to email belated bounce information to bogus Froms. If you are in control of a server you shouldn't be allowing abusive autoreplies to bogus Froms. > My univerity is a large organization and I need to find who is > sending Spam. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Apr 7 21:12:20 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 12:15:11 2005 Subject: [SpamCop-List] Re: ComCast still hard at it References: Message-ID: in article d33ho3$t1t$1@news.spamcop.net, Anti-Spam at nobody@spamcop.net wrote on 4/7/05 6:49 PM: > SNIPPED > Bring in the death penalty for repeat spammers. >SNIPPED Is there such a thing as a non repeating spammer? From nobody at spamcop.net Thu Apr 7 21:17:27 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 12:20:03 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine References: Message-ID: in article mailman.129.1112890433.4572.spamcop-list@news.spamcop.net, Danny Goodman at dannyg@dannyg.com wrote on 4/7/05 8:13 PM: >> Consequently, we have taken >> appropriate action against this account > > That phrase in LART responses always bothers me. It's sooo weasely. What's > appropriate? To whom? Does that mean just a warning? > > If you canned his butt, why not say so? > > Danny > http://www.dannyg.com > http://www.spamwars.com > > and what about st0ck01-st0ck53, and 55-59? All this might have accomplished is deletion of a few fsck -off messages From 0rio85a02 at sneakemail.com Thu Apr 7 09:17:48 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Thu Apr 7 12:20:07 2005 Subject: [SpamCop-List] Re: Sometimes Manual LARTs Work Fine References: <4254C8CA.BFE81A4A@Spamcop.net> Message-ID: "Patto" wrote in message news:d32j6l$eg6$1@news.spamcop.net... > Nobody wrote: >> All: >> >> Got the following autoack from Yahoo! in reply to a manual LART on an >> embedded Yahoo link that SpamCop parser didn't pick up and report. Yahoo! >> took a look and determined the mailbox was supporting spam. Larting to Yahoo, I have 99% success mainly for 419 scammers of the previously mentioned reply. In checking the next day by sending an email to the address I larted on, it is no longer active. In addition, if they aren't using Yahoo I lart the sending and contact address with text saying that they have reached a scam reporting address. I haven't had a 419 or lottery scam email for 4 weeks now. Fred k From mikegray at spammenotcretinsdsl.pipex.com Thu Apr 7 20:13:39 2005 From: mikegray at spammenotcretinsdsl.pipex.com (Mike Gray) Date: Thu Apr 7 14:15:04 2005 Subject: [SpamCop-List] Checking if a friend is blacklisted? Message-ID: I was talking to a friend who's a singer/songwriter who runs a mailing list that sends out news of gigs etc... she said that she'd been having problems with her software causing people to receive multiple e-mails and is concerned that she might have been reported as a spammer and ended up on blacklists (the e-mail list is opt-in only, and the problem with the software existed between keyboard and chair, I believe, but that's a digression) I've had her send just me an e-mail in the same way - where do I look in the header to input the right IP address, and which blacklists should I check? Many thanks, Mike From MikeE at ster.invalid Thu Apr 7 12:38:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 14:40:07 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Mike Gray wrote: > I was talking to a friend who's a singer/songwriter who runs a > mailing list that sends out news of gigs etc... she said that she'd > been having problems with her software causing people to receive > multiple e-mails and is concerned that she might have been reported > as a spammer and ended up on blacklists (the e-mail list is opt-in > only, and the problem with the software existed between keyboard and > chair, I believe, but that's a digression) Her biggest problem/risk isn't her duplications but the necessity to manage her mailing list very scrupulously. Often some list starts out being to just a few well known friends and actually isn't managed as a 'proper' list -- then it starts to grow and people ask that other people who've asked them to be included get added, none of which is handled in proper 'dangerous' mailing list fashion. Eventually the list has grown and the methods of its growth have grown and then no one wants to throw the list away and start all over. She should use /very/ proper mailing list management from the very beginning, even if it sounds 'excessive' in its strictness. http://www.mail-abuse.com/an_listmgntgdlines.html Guidelines for proper mailing list management > I've had her send just me an e-mail in the same way - where do I look > in the header to input the right IP address, and which blacklists > should I check? That's hard to describe in just a few words. It is easier to have you have the spamcop parser do the work for you. If you are a registered spamcop reporter, just properly submit the item to the website parser as if it were a spam so that SC will determine the source, and then cancel the report. If you aren't a reporter, then paste the complete headers into the newsgroup spamcop.spam *NOT HERE* and someone around here will look at it and tell you how it is sourced and relayed. One way to check a lot of blocklists at one time very quickly is at the top center column tool at dnsstuff http://www.dnsstuff.com/ -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Thu Apr 7 13:55:50 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Thu Apr 7 16:00:07 2005 Subject: [SpamCop-List] Prepaid Legal: New ploy or just a coincidence? Message-ID: Message in question posted in .spam group. I'm trying to decide if the sender is just a totally gullible ignoramus or a clever spammer who's come up with a new way to spam for Prepaid Legal. Did they really get a virus email showing my (forged) address in the From slot? Which would mean they're just incredibly stupid, both because she sent a "helpful" virus notice without seeing where it *really* came from (a Yahoo address? not likely!) and because she's dumb enough to hook up with Prepaid Legal. On the other hand, I can see that this virus notification thing could be a whole new way to spam with low likelyhood of being reported... Carol Seattle USA From MikeE at ster.invalid Thu Apr 7 14:46:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 16:45:05 2005 Subject: [SpamCop-List] Re: Prepaid Legal: New ploy or just a coincidence? References: Message-ID: caroljean52 wrote: > Message in question posted in .spam group. > > I'm trying to decide if the sender is just a totally gullible > ignoramus or a clever spammer who's come up with a new way to spam > for Prepaid Legal. A total ignoramus is my diagnosis. But an ignoramus who is promoting prepaid legal with their stupidity. They should probably have their hands spanked on general abusively ignorant principles by being reported for 'spamming', since they are incompetently 'incidentally' spamming you with a Prepaid Legal 'footer'. Of course, yahoo isn't going to take any action, because yahoo is getting promoted with its own promotional footer. Funny how that works. > Did they really get a virus email showing my (forged) address in the > From slot? That's what I think. They got a virus message from your address with the virus stripped and they replied to it with a prepaid legal and incidentally also a yahoo promotional footer. > Which would mean they're just incredibly stupid, both > because she sent a "helpful" virus notice without seeing where it > *really* came from (a Yahoo address? not likely!) and because she's > dumb enough to hook up with Prepaid Legal. Prepaid legal has some kind of deal which they offer to be an 'associate'. That is an invitation to spam. My guess is that this particular item isn't/wasn't intentional spam, but that it might as well have been, because it 'deserves' to be reported. If it was a mistake, there should be consequences for mistakes which affect other people and if there are some consequences of her being reported, those consequences will serve to help her not behave in the same way in the future. > On the other hand, I can see that this virus notification thing could > be a whole new way to spam with low likelyhood of being reported... That's why I think it should be reported even if it were/ might be/ sorta accidental. The prepaid legal associate-ship is unhealthy in general; sending out virus receipt notifications with a promotional trailer of some 'size' and presentation is very spammish, and both of those spammish behaviors and conditions need some spam response rather than just overlooking it as an accident. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Apr 7 15:01:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 7 17:00:03 2005 Subject: [SpamCop-List] Re: Prepaid Legal: New ploy or just a coincidence? References: Message-ID: caroljean52 wrote: > or a clever spammer who's come up with a new way to spam > for Prepaid Legal. You can always fall back on the 'rules' In this case you can consider all 3 Rule #1: Spammers lie Rule #2: If a spammer ever appears to be telling the truth, consult Rule #1 Rule #3: Spammers are stupid -- Mike Easter kibitzer, not SC admin From mikegray at spammenotcretinsdsl.pipex.com Thu Apr 7 23:43:21 2005 From: mikegray at spammenotcretinsdsl.pipex.com (Mike Gray) Date: Thu Apr 7 17:45:39 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: > Her biggest problem/risk isn't her duplications but the necessity to > manage her mailing list very scrupulously. Often some list starts out > being to just a few well known friends and actually isn't managed as a > 'proper' list -- then it starts to grow and people ask that other people > who've asked them to be included get added, none of which is handled in > proper 'dangerous' mailing list fashion. Thanks for all the advice. I've passed it on to her. A quick check on the web site (very handy, one for the bookmarks!) shows no damage thus far, so I'll try and make sure there isn't any in future. :) Cheers, Mike From mailing_jg at cantimplora.com.ar Thu Apr 7 20:43:02 2005 From: mailing_jg at cantimplora.com.ar (JulianG) Date: Thu Apr 7 18:45:03 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer In-Reply-To: References: Message-ID: Thank you for your help! From nobody at spamcop.net Fri Apr 8 00:59:46 2005 From: nobody at spamcop.net (Valerio) Date: Thu Apr 7 19:00:04 2005 Subject: [SpamCop-List] Why kornet.net isn't everytime banned? Message-ID: I receive about 10 spam mail a day, 6 of this come from kornet.net. I dont understand why kornet.net isn't everytime banned from spamcop? Vale From nobody at devnull.spamcop.net Thu Apr 7 20:49:21 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Apr 7 19:50:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d33uka$5gd$1@news.spamcop.net... ... > One way to check a lot of blocklists at one time very quickly is at the > top center column tool at dnsstuff http://www.dnsstuff.com/ Wow, they've either come a long way baby!, or I've got them mixed up with someone similar sounding - THAT URL's a keeper! It even got e-mails right too, except I had to put one of mine in twice before it "found" it to be a good address. It's also blazingly fast on the features I tried at least. Thanks mucho! Pop From wb8tyw at qsl.network Thu Apr 7 20:59:50 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 7 20:00:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: Valerio wrote: > I receive about 10 spam mail a day, 6 of this come from kornet.net. > I dont understand why kornet.net isn't everytime banned from spamcop? Spamcop is best at quickly locating new spam sources, not at keeping long term spam sources listed. If you look around on the internet, you will find blocking lists that lists that attempt to list specific countries and some specific ISPs. If you do not want to receive spam from a specific location, it is under the total control of the operator of your mail server. Accepting spam from known spam sources increases a mail server's operating costs, and they either pass them on to you in poorer service or rate increases. Get together with other users of the same mail server if needed. In order for an I.P. address to be listed, spam has to be received by a spamcop member or a spamtrap in enough quantity to be listed. For a spamcop.net member to report spam from a specific netblock, it means that their mail server must still accept e-mail from that netblock. Some of us have mail server operators do not wait for a DNSbl to block a chronic spam source. For some domains, one received spam will cause at least a /23 (slang for 512 I.P. addresses) to be put on a local blocking list. Also once a spam source gets in the sbl-xbl.spamhaus.org which includes opm.blitzed.org and cbl.abuseat.org, many reporters no longer see spam from it. And the same is the case for many once an address is identified as being in a DHCP pool. Still others will not see any spam from any source that does not have a valid rDNS. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Thu Apr 7 17:18:56 2005 From: nobody at spamcop.net (Ellen) Date: Thu Apr 7 21:00:04 2005 Subject: [SpamCop-List] Re: Need to know which email account has been reported as spammer References: Message-ID: "JulianG" wrote in message news:d33ks9$uje$1@news.spamcop.net... > If my server is blacklisted, how can I know which email account or > accounts are the ones have been reported as spammers? > > My univerity is a large organization and I need to find who is sending Spam. > > thanks, > JulianG We may be able to provide some additional information if you send the IP in question to deputies admin.spamcop.net Ellen SpamCop From wb8tyw at qsl.network Thu Apr 7 21:59:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 7 21:00:17 2005 Subject: [SpamCop-List] Media reports of alleged spammer being burnt down under. Message-ID: http://www.news.com.au/story/0,10117,12783127-29277,00.html http://internet.aca.gov.au/ACAINTER.852416:STANDARD::pc=PC_2943 While the identity of the alleged spammer has not been named, posters on news.admin.net-abuse.email have been speculating on it. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Thu Apr 7 21:59:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Apr 7 21:55:03 2005 Subject: [SpamCop-List] Re: Media reports of alleged spammer being burnt down under. References: Message-ID: Oh, I hope it is Abaco Machines!!! Miss Betsy From nobody at spamcop.net Fri Apr 8 07:52:32 2005 From: nobody at spamcop.net (nospam) Date: Thu Apr 7 22:55:04 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net wrote on 4/8/05 2:59 AM: > I receive about 10 spam mail a day, 6 of this come from kornet.net. > I dont understand why kornet.net isn't everytime banned from spamcop? > Vale I'd love to know how they stay off the top 50 list, because they are MY #1 spammer, (at least 50% of my crap) and judging from remarks here a significant spammer for a number of people in this NG (presumably reporters) From wb8tyw at qsl.network Fri Apr 8 01:05:21 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Apr 8 00:10:29 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >>I receive about 10 spam mail a day, 6 of this come from kornet.net. >>I dont understand why kornet.net isn't everytime banned from spamcop? >>Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) Spamvertised web sites do not count toward the blocking list. Most of the spam is coming from compromised computers and the spammers hop from one to another to avoid DNSbsl like spamcop and cbl.abuseat.org and opm.blitzed.org which expire listings. The only way to avoid this type of spam is to preemptively block the spam source by using either an up to date DHCP list, or to block the I.P. address ranges of the ISP that is allowing the spam to be sent. Once a spam source becomes known, it becomes widely blocked in the more conservative lists or local blocking lists, so less spamcop.net reporters will be seeing spam from it to keep it on the blocking lists. Have a talk with your postmaster, and if that is not productive, other users of that mail server. I see the most complaints about lost e-mail and service outages for mail servers that accept spam and then try to content filter it on a per user basis. I see the least complaints and the highest uptimes on the mail servers that refuse to accept e-mail from known spam sources. And refusing e-mail from known spam sources lowers the cost of operating the mail server. -John wb8tyw@qsl.network Personal Opinion Only From SCNews.5.myspamgobbler at spamgourmet.com Thu Apr 7 22:11:49 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 8 00:15:03 2005 Subject: [SpamCop-List] Re: Media reports of alleged spammer being burnt down under. In-Reply-To: References: Message-ID: Miss Betsy wrote: > Oh, I hope it is Abaco Machines!!! > > Miss Betsy > There is some speculation about it being Wayne Mansfield. Wayne's morphing companies include: - The Which Company Pty Ltd - T3 Direct - The Maverick Spirit Newsletter - Business Seminars Australia From PossumTrot at dont.spam.me Fri Apr 8 14:29:57 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Apr 8 16:35:02 2005 Subject: [SpamCop-List] Spammer gets slammer Message-ID: http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html Essentially same story on USATODAY.COM From kenbrody at spamcop.net Fri Apr 8 17:58:49 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Apr 8 17:05:07 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: <4256F089.92A19904@spamcop.net> Doug Thegarden wrote: > > Ivan Leo Puoti wrote: > > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > > > Just in case you think the lawsuits are pointless. > > > > Ivan. > > Before you get too excited its a pure technicality at this stage. > Chapter 11 allows him to continue trading while protected from his > creditors. And who are those creditors? Well if you look at what the > article says, he would be in the black by about $6m except for this big > potential $46m being claimed by M$. So under Chapter 11 he can continue > trading while protected from Microsofts financial claim i.e. life as normal Besides, he'll simply bankrupt OptInRealBig.com and start up RealBigOptIn.com in its place. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From / at /.cn Sat Apr 9 09:51:13 2005 From: / at /.cn (Petzl) Date: Fri Apr 8 18:55:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: "Possum Trot" wrote in message news:d36pou$ore$1@news.spamcop.net... > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html > > Essentially same story on USATODAY.COM So we will see snotty here to? http://www.mugshots.com/Criminal/Computer/Jeremy+Jaynes.htm From zypher at spamcop.net Fri Apr 8 20:45:27 2005 From: zypher at spamcop.net (Ron B.) Date: Fri Apr 8 20:50:04 2005 Subject: [SpamCop-List] Appropriate Psuedonyn for spammer Message-ID: "Tittle K. Prevaricator" "Sent" me spam for "oem software". From nobody at spamcop.net Sat Apr 9 06:29:21 2005 From: nobody at spamcop.net (nospam) Date: Fri Apr 8 21:30:05 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: in article d34vu1$ppu$1@news.spamcop.net, John E. Malmberg at wb8tyw@qsl.network wrote on 4/8/05 8:05 AM: > nospam wrote: >> in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net >> wrote on 4/8/05 2:59 AM: >> >>> I receive about 10 spam mail a day, 6 of this come from kornet.net. >>> I dont understand why kornet.net isn't everytime banned from spamcop? >>> Vale >> >> I'd love to know how they stay off the top 50 list, because they are MY #1 >> spammer, (at least 50% of my crap) and judging from remarks here a >> significant spammer for a number of people in this NG (presumably reporters) > > Spamvertised web sites do not count toward the blocking list. > >SNIPPED, I know, I rarely se spamvertized sites on kornet, those're normally in China, tietong these days, kornet and the hanas are mostly sources. I don't think spamtraps are usually behind DNSBL's, so, my question still stands. From reader at invalid.invalid Sat Apr 9 01:48:15 2005 From: reader at invalid.invalid (Reader) Date: Fri Apr 8 23:50:15 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Fri, 08 Apr 2005 06:52:32 +0400, nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >> I receive about 10 spam mail a day, 6 of this come from kornet.net. >> I dont understand why kornet.net isn't everytime banned from spamcop? >> Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) South Korea is #2 (25%) on Sophos spamtraps, an increase of 10% over the August 2004 list. USA is still #1 at 35.7% but at least it's a drop from the previous 42.5%. http://www.theregister.com/2005/04/07/spam_shame_chart/ http://www.theregister.com/2004/08/24/spam_table/ 'whois -h whois.apnic.net kornet' shows shows 10.2m ip addresses allocated to Kornet. In fairness that's a sizeable chunk of the internet for a single ISP and worth bearing in mind when pointing the finger. http://www.blackholes.us/zones/country/korea.classful lists 51.6m ip addresses in total for Korea. From Ilgaz at spamcop.net Sat Apr 9 17:33:36 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Apr 9 09:35:37 2005 Subject: [SpamCop-List] Re: I got through to kornet!! woohoo 211.219.147.210 References: Message-ID: In article , "John E. Malmberg" wrote: > justin wrote: > > > > we informed our customer of his illegal activity and requested to fixing > > a this problem. > > They admit that they have taken no action to immediately stop abuse > coming from their network. > > > In future if it will try again, we will not service to this customer > > from our network. > > Look up what a "bedbug letter" is. And then see if you can convince > your mail server operator to solve the issue of spam coming from Kornet. > > -John > wb8tyw@qsl.network > Personal Opinion Only Hi, If there was a way to see all my spam submitted for years, I bet Kornet would be top of list. Call me paranoid but I really wonder if we should report spam to them or not. That response is a miracle I say. I had no response what so ever and I started learning Korean swearing just because of that ISP and Hananet :) Of course, they do nothing and everyone blocks their domain as a first thing to do whatever system they use. They get what they deserve I would say but there is a slight possibility that they figured this thing can't go forever. If I was a Korean, I would clearly carry this amazing issue to Korean parliament,my parliamenterian whatever. It can't go this way... Have a nice day Ilgaz Ocal ps: Finally found a good,free client for OS X for "real" news. Will hang out here for sure. From Ilgaz at spamcop.net Sat Apr 9 17:48:12 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Apr 9 09:50:02 2005 Subject: [SpamCop-List] What did spamcop do to Subsume Technologies? :) Message-ID: Hi, On OS X, since my first OS X usage days, I have found Subsume ( http://www.subsume.com/ ) for very interesting apps. They are plain cool guys. For Mac, they produced Spamcop mail bundle for FREE (a plugin for apple mail) for OS X mail users. As I am paid customer now and have bayesian stuff all over, I don't need it. Yahoo filters have failed in number of occasions and I remembered that software. Their webpage says: http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop This software has been demoted to idle mode. For details, see the Demoted section. Demoted section http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem oted Writes: ______ Our main reporting account with spamcop.net was permanently disabled on 07 Aug 2004. Because of this development, we will no longer be able to support this software. We have decided to leave it available for download until Apple releases Mac OS X 10.4 (which will almost certainly break the bundle, as all major releases do) on the off chance that registrations will allow it to be open sourced, or the possibly some other developer will buy the asset outright. The long version of the story is tedious and looks like a lot of childish finger pointing. Suffice it to say that if you ever get a spam that mentions a virus or (security) software in any way (including the common pirate software site spams), don't report it; it's a free ride for the spammers. Likewise, any spam disguised to look like an automated message from a badly configured server (e.g. bogus out of office messages, faked challenge/response messages, etc.) should not be reported as it will likely get your spamcop.net account cancelled, much to the amusement of the spammer on the sending end. Expect to see a lot more spam in the future trying to look like spam that spamcop.net deems OK; as vocal anti-spammers we seem to be on the leading edge for testing junk that eventually clogs up your inbox. So after using spamcop.net for over two years, after reporting spam into the hundreds of thousands, after still seeing raw spam attempts in that period increase from 50 to 5000 daily, we call it quits. The spammer have seemingly won as far as spamcop.net is concerned. ______ So, what happened basically? Oh, mac fanatics won't tell it to you, as a old timer in computers, I tell you, 90% of Mac users won't care the hassle to copy raw source and report it via web. Mac mail is great but its a "starter" application. It doesn't have stuff like "forward as attachment" etc, not to confuse users. So, thats why that bundle/plugin was coded at first place. It is for the user profile spamcop talks about (and genius imho) We aren't talking about frustrated newbies here btw. Check their other stuff, you'd have an idea about the level of them. Have a nice day Ilgaz Ocal From MikeE at ster.invalid Sat Apr 9 08:08:52 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 10:10:05 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Ilgaz Ocal wrote: > The long version of the story is tedious and looks like a lot of > childish finger pointing. I don't recall any discussion by subsume's rep openly in the newsgroups. Whatever discussion or 'discipline' there was must've been privately handled in email by a deputy. > Suffice it to say that if you ever get a > spam that mentions a virus or (security) software in any way > (including the common pirate software site spams), don't report it; > it's a free ride for the spammers. Once upon a time it was against the rules to report viral propagations, or the 'spawn' from viral propagations, which includes notifications to bogus Froms on the propagation. > Likewise, any spam disguised to > look like an automated message from a badly configured server (e.g. > bogus out of office messages, faked challenge/response messages, > etc.) should not be reported as it will likely get your spamcop.net > account cancelled, much to the amusement of the spammer on the > sending end. Once upon a time it was also against the rules to report the abusive belated bounces to bogus Froms which are generated as described above. Challenges were another matter. > Expect to see a lot more spam in the future trying to > look like spam that spamcop.net deems OK; as vocal anti-spammers we > seem to be on the leading edge for testing junk that eventually clogs > up your inbox. The writer isn't uptodate on what the rules are. Now all of those reports, including virms [viral email propagations] are OK. http://www.spamcop.net/fom-serve/cache/14.html On what type of email should I (not) use SpamCop? That page sez it is ok to report virms, virm spawn, misdirected bounces, challenges, outofoffice misdirections, etc. It is not OK to report mailing list spam, 'social' spam, mail errors, and usenet spats. > So after using spamcop.net for over two years, after reporting spam > into the hundreds of thousands, after still seeing raw spam attempts > in that period increase from 50 to 5000 daily, we call it quits. The > spammer have seemingly won as far as spamcop.net is concerned. > ______ > > So, what happened basically? I expect the reporter didn't pay attention to the rules, was admonished, still didn't pay attention to the rules, and so had their account jerked. The deputies are pretty easy going, but you have to play by the rules whether you like them or not. The rules that must've gotten the reporter busted have since been changed to include the very issues that got hir busted. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 08:16:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 10:15:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Mike Easter wrote: > It is not OK to report mailing list spam, Unless you are the listowner. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Apr 9 20:30:00 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 9 11:35:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Mike Easter" wrote in message news:d38nic$mjs$1@news.spamcop.net... > Ilgaz Ocal wrote: > > The long version of the story is tedious and looks like a lot of > > childish finger pointing. > > I don't recall any discussion by subsume's rep openly in the newsgroups. > Whatever discussion or 'discipline' there was must've been privately > handled in email by a deputy. > > Snipped I remember the discussion, S/He left in a bit of a huff, the exchange was short though. and mostly handled in private, I think. (since I am not privy to that). From source at netcom.com Sat Apr 9 09:53:23 2005 From: source at netcom.com (David Harmon) Date: Sat Apr 9 11:55:02 2005 Subject: [SpamCop-List] Earthlink parseing not as good as might be Message-ID: <4257f85d.36927468@news.spamcop.net> I guess Earthlink screwed it up again. It used to go like this: > Received: from c-24-7-93-159.client.comcast.net ([24.7.93.159]) by kite (EarthLink SMTP Server) with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 Jan 2004 10:08:52 -0800 (PST) >warning:Fixing bozotic earthlink received line: > Received: from c-24-7-93-159.client.comcast.net ([24.7.93.159]) by kite.earthlink.net with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 Jan 2004 10:08:52 -0800 (PST) host 24.7.93.159 = c-24-7-93-159.client.comcast.net (cached) > host c-24-7-93-159.client.comcast.net (checking ip) = 24.7.93.159 > Possible spammer: 24.7.93.159 > Received line accepted Now it goes like this: > Received: from AUFBUCHSTATION ([217.7.21.199]) by mx-a065b05.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1dfPi4Wh3NZFpL0 Mon, 28 Mar 2005 00:07:47 -0800 (PST) > no date found > 217.7.21.199 found > host 217.7.21.199 (getting name) no name > Possible spammer: 217.7.21.199 > Received line accepted ... > warning:Yum, this spam is fresh! Message is old From eddie at eddie.web Sat Apr 9 12:57:12 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 12:00:02 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Fri, 08 Apr 2005 13:29:57 -0700, Possum Trot scratched out the following: > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/index.html > > Essentially same story on USATODAY.COM Since spammers have the learning curve of the common housefly, at best, let's see what effect, if any, this has on overall spam. At some point, one would expect to see that the bottom feeders who buy the "Million Address" CDs and buy into the "get rich quick" scam will wise up and see that only the top people make any money. But that would only apply to normal brains. However, at some point the money will start to dry up, starting at the bottom. As I noted in another post, the overall level of my personal spam has dropped over the last month or so, either from "list-washing" or spamkiddy is more interested in video and computer games and doesn't want to play them in jail. -- Once movie theaters gave out steak knives Today they confiscate them From usenet2 at DE.LETE.THISljvideo.com Sat Apr 9 17:08:23 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 9 12:10:03 2005 Subject: [SpamCop-List] Re: Appropriate Psuedonyn for spammer References: Message-ID: Waiving the right to remain silent, "Ron B." said: > "Tittle K. Prevaricator" > "Sent" me spam for "oem software". He's my friend too. But today, I got the same spam from "Deadliness I. Kook" I shit you not... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Sat Apr 9 10:10:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 12:10:10 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: David Harmon wrote: Subject: Earthlink parseing not as good as might be > I guess Earthlink screwed it up again. It used to go like this: If you want to talk about a parsing problem, you are going to have to post the tracker of a 'real' set of headers or spam, not some partial snippage. What you posted is meaningless, and I'm accustomed to seeing SC parse EL headers. -- Mike Easter kibitzer, not SC admin From usenet2 at DE.LETE.THISljvideo.com Sat Apr 9 17:09:56 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Sat Apr 9 12:10:16 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: Waiving the right to remain silent, "Possum Trot" said: > http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/inde > x.html > > Essentially same story on USATODAY.COM Sentence suspended, awaiting appeal. I don't think this bastage is ever going to see the inside of a jail cell. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From MikeE at ster.invalid Sat Apr 9 10:29:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 12:30:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: Mike Easter wrote: > the tracker of a 'real' set of headers > I'm accustomed to > seeing SC parse EL headers. Parse of oldstyle bozotic EL headers from 2004 Aug http://www.spamcop.net/sc?id=z750683046z62ce0cac71cb834e01702afadbd91c89z Parse of 'new' style EL headers from stale spam of 2005 Apr 5 with meaningless fresh and old words http://www.spamcop.net/sc?id=z750683835z63d6180660230a150f342251aa03ee52z Parse of fresh 'newstyle' EL headers from today with the same meaningless fresh and old words http://www.spamcop.net/sc?id=z750684371zdda231b0a06d7db6fdcee7913e0ce882z -- Mike Easter kibitzer, not SC admin From source at netcom.com Sat Apr 9 10:32:15 2005 From: source at netcom.com (David Harmon) Date: Sat Apr 9 12:35:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: <42590260.39490203@news.spamcop.net> On Sat, 9 Apr 2005 09:10:36 -0700 in spamcop, "Mike Easter" wrote: >If you want to talk about a parsing problem, you are going to have to >post the tracker of a 'real' set of headers or spam, Fair enough. http://www.spamcop.net/sc?id=z750663102za27b9e1be3d5d9df2798ea1da83bbb2dz http://www.spamcop.net/sc?id=z750663101z6bfcf8672ccb4a39d8adf56e7263e692z http://www.spamcop.net/sc?id=z750663098z0f2db625fffcd1a702c34d38632517dez http://www.spamcop.net/sc?id=z750663093zbc2fe422c134538c1835cca8a38fcb5fz http://www.spamcop.net/sc?id=z750663091zcc1b88804b463d64a5a92d58cd560834z http://www.spamcop.net/sc?id=z750663090zc862bc7992fe32b14a0992ab53886f9az http://www.spamcop.net/sc?id=z750663087z11027ed239a643c463ef40082f8e5577z http://www.spamcop.net/sc?id=z750663086z5f92efcdad79dc61f1b551e019432c05z http://www.spamcop.net/sc?id=z750663085z2f5674fe80ea30d36a4c8e9b80a2c0d1z From MikeE at ster.invalid Sat Apr 9 11:04:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:05:19 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: David Harmon wrote: > "Mike Easter" >> If you want to talk about a parsing problem, you are going to have to >> post the tracker of a 'real' set of headers or spam, > > Fair enough. I looked at almost all of those, but I'm still not getting what you are talking about. Are you talking about one or another of the meaningless lines: no date found Yum, this spam is fresh! Message is old ... which functionally have no relevance, or something else? The parse proceeds just fine, in that it is managed properly in terms of the parser's accuracy in assessing the age for the 'real' purposes of age determination [too old to report and such]. If you simply disregard 'zany' parser editorial 'commentary', SC parser palaver won't make you crazy. Reading what the parser sez about the 'meaning' of what it is handling near to what it is saying needs to be done very imaginatively, so that you can avoid literal interpretations applied to the wrong places. -- Mike Easter kibitzer, not SC admin From spamtrap at icarus.com Sat Apr 9 11:07:59 2005 From: spamtrap at icarus.com (Stephen Williams) Date: Sat Apr 9 13:10:03 2005 Subject: [SpamCop-List] Re: chinatietong.com Bulletproof scumbags In-Reply-To: References: Message-ID: Jamie wrote: [...] > > No try again the so called screen shots are altered shots > You have no clue what the hell you are talking about > so why don't you just shut up for a while. > > However some one was trying to make it look like it > was me. I have not been laughed out of NANAE at all > and infact I STILL post to NANAE. > > And the SMTP proxy was bogus and was nothing > more then a sting. All of this was already explained > in google groups I suggest you go back and > read http://groups.google.com [...] Ah, the nostalgia of it all. Who has the URLs for the various "Jamie shrines"? From MikeE at ster.invalid Sat Apr 9 11:24:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:25:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > Are you talking about one or another of the meaningless lines: > > no date found If you want SC to not say 'no date found' while it is actually /finding/ the date and time, you will have to get EL to place an appropriate semicolon before the date field [ie after the informational section following the hostname in the 'by' field] in its Received traceline. >From this one www.spamcop.net/sc?id=z750663102za27b9e1be3d5d9df2798ea1da83bbb2dz modified by unfolding and spacing out the Received tracelines. Received: from silkgraphics.com ([64.37.122.4]) by bunting.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id 1dk7vx5q43NZFmR0 Fri, 8 Apr 2005 21:23:42 -0700 (PDT) Received: from silkcvvqi2mce2 [207.175.209.1] by silkgraphics.com with ESMTP (SMTPD32-8.15) id AC31A6FB012E; Fri, 08 Apr 2005 20:13:21 -0500 Without commenting on the role of the alleged relay, but for purposes of discussion accepting that EL stamped the topline and silkgraphics/chicagowebs stamped the 2nd line; notice that silkgraphics line has a semilcolon before the timestamp field, whereas EL's does not. If you forge the EL line to contain a semicolon and feed it to the parser, the parser will not 'complain' or say the no date found line, but otherwise will parse the item exactly the same, including the interpretation of the timestamp information.which it is saying it can't find. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:33:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:35:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > If you forge the EL line to contain a semicolon and feed it to the > parser, the parser will not 'complain' or say the > > no date found http://www.spamcop.net/sc?id=z750700675zd67a6478a4d2879da9fff4d404e1ed9fz For demonstration purposes only; do not forge headerlines to report spam. And this par I said is in error > line, but otherwise will parse the item exactly the same, including > the interpretation of the timestamp information.which it is saying it > can't find. I was wrong. SC interprets the age differently for the two parses. In the unforged parse, it is using the timestamp of the 2nd line; in the forged parse, it is using the timestamp of the line which it now finds the timestamp for because of the introduction of the appropriate semicolon. EL is acting bozotic again by leaving out the semicolon. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:40:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:40:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Mike Easter wrote: > EL is acting bozotic again by leaving out the semicolon. RFC 2821 Section 3.6.7 on Trace fields requires that a semicolon be placed between that section of the 'by' field which precedes the timestamp and the timestamp, so the EL stamp is noncompliant.. My recent experience with trying to email EL some suggestions about how to do something was met with total obstruction. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 11:52:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 13:55:03 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: Now that I understand better, I'll try again. David Harmon wrote: > I guess Earthlink screwed it up again. It used to go like this: >> by kite (EarthLink SMTP Server) with SMTP id 1aCQcJ6LM3NZFkD0 Sat, 3 >> Jan 2004 10:08:52 -0800 (PST) >> warning:Fixing bozotic earthlink received line: when SC 'fixed'/accepted the bozotic EL line before, it was logic-configured to ignore/accept not only the bozotic deficient hostname, but also the bozotic missing semicolon. > Now it goes like this: > >> Received: from AUFBUCHSTATION ([217.7.21.199]) by >> mx-a065b05.pas.sa.earthlink.net (EarthLink SMTP Server) with SMTP >> id 1dfPi4Wh3NZFpL0 Mon, 28 Mar 2005 00:07:47 -0800 (PST) >> no date found EL fixed the problem with the deficient hostname in the 'by' field, but it failed to repair the still missing semicolon. The algorithm is and was logic-designed to recognize the old EL bozoticy [?] -- but not the current, less bozotic condition; so now it can't find the timestamp, whereas it could before. -- Mike Easter kibitzer, not SC admin From rebbit_cad at hotmail.com Sat Apr 9 14:24:37 2005 From: rebbit_cad at hotmail.com (rebbit) Date: Sat Apr 9 15:25:03 2005 Subject: [SpamCop-List] major spammer arrested Message-ID: Reffering to Associated Press, Jeremy James, a major spammer got arrested and sentanced for nine years in jail. Cause, or effect?: we haven't received a single spam today !!! It is about time that legislation get implemented, worldwide. Against those shaddy companies which promote counterfeited products, illegal drugs , and other trash. And against those immoral spammers looking for a quick buck. Rebbit From eddie at eddie.web Sat Apr 9 16:30:27 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 15:35:04 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: On Sat, 09 Apr 2005 13:24:37 -0600, rebbit scratched out the following: > Reffering to Associated Press, Jeremy James, a major spammer got arrested > and sentanced for nine years in jail. Cause, or effect?: we haven't > received a single spam today !!! It is about time that legislation get > implemented, worldwide. Against those shaddy companies which promote > counterfeited products, illegal drugs , and other trash. > And against those immoral spammers looking for a quick buck. Rebbit My thoughts are that it doesn't matter if it was him personally or if the other spamkiddies are getting scared as long as it gives us less spam and more bandwidth. The negative publicity has to be good for us. After a few big convictions, who will want to buy the "Million Address" CDs knowing that it's a big pyramid scam and they can't make any money. Spam is like the Social Security program. Only the ones who started it get anything out of it. The rest get screwed. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Apr 9 16:31:57 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 9 15:35:13 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Sat, 09 Apr 2005 16:09:56 +0000, Larry J. scratched out the following: > Waiving the right to remain silent, "Possum Trot" > said: > >> http://www.cnn.com/2005/TECH/internet/04/08/spam.sentence.ap/inde x.html >> >> Essentially same story on USATODAY.COM > > Sentence suspended, awaiting appeal. > > I don't think this bastage is ever going to see the inside of a jail cell. Not as long as a shyster is willing to take his case. And it's the shysters who run the country - everyone is afraid of them. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Sat Apr 9 22:45:05 2005 From: nobody at devnull.spamcop.net (Xris) Date: Sat Apr 9 16:50:35 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > She should use /very/ proper mailing list management from the very > Am I the only person for whom these words between slashes are unreadable? That /very/ (slash-very-slash) above looks like a mess of dots in Thunderbird. :( What's wrong with *asterisks* for emphasis? ;) From not at home.today Sat Apr 9 23:13:19 2005 From: not at home.today (Ant) Date: Sat Apr 9 17:15:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: "rebbit" wrote: > Reffering to Associated Press, Jeremy James, It's Jaynes. > a major spammer got arrested and sentanced for nine years in jail. He'll probably wriggle out of it. > Cause, or effect?: we haven't received a single spam today !!! Or just chance. I've noticed a decline in my spam over the last month, but it may be due to other reasons such as some ISPs getting a clue. > It is about time that legislation get implemented, worldwide. > Against those shaddy companies which promote counterfeited products, > illegal drugs , and other trash. Interesting that while they peddle fake prescription drugs, I've seen no attempt to push illegal ones. I reckon they'd be stopped pretty quick if they tried to offer things like heroin and cocaine! From MikeE at ster.invalid Sat Apr 9 15:18:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 17:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Xris wrote: > Mike Easter wrote: > >> She should use /very/ proper mailing list management from the very >> > Am I the only person for whom these words between slashes are > unreadable? Perhaps one of a few. > That /very/ (slash-very-slash) above looks like a mess of > dots in Thunderbird. :( Many newsreaders [not my default OE, but OE with QuoteFix with that feature enabled] have a 'standard' behavior for plaintext 'enhancements' in which slashed words are italicized, asterisked words are bolded, underline embraced words are underlined. > What's wrong with *asterisks* for emphasis? ;) Your Tbird is not compliant [neither is my default OE] with those popular or common or quasi-standard newsreader enhancements I described. We could 'argue' more effectively about how popular the 'feature' is or isn't in some newsgroup better represented by the newsreader knowledgeable such as news.software.readers. OE would simply show the words as slashed, asterisked, or underline bracketed, it wouldn't make a mess of dots out of it. I would say that is an non- or anti-feature of Tbird; I don't want to stigmatize something as popular as that with calling it a bug ;-) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 15:29:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 17:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Mike Easter wrote: > Xris wrote: >> That /very/ (slash-very-slash) above looks like a mess of >> dots in Thunderbird. :( > > Many newsreaders [not my default OE, but OE with QuoteFix with that > feature enabled] have a 'standard' behavior for plaintext > 'enhancements' in which slashed words are italicized, asterisked > words are bolded, underline embraced words are underlined. Found at the indicated msgid news:18SdnQN847wlQETcRVn-hw@comcast.com Date: Mon, 03 Jan 2005 16:05:16 -0800 From: Tim Merrigan Message-ID: <18SdnQN847wlQETcRVn-hw@comcast.com> > 4. How can I include special characters in my *text* post? My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning and end of a word as _underscore_, a slash at the beginning and end of a word or phrase as /italics/, and an asterisk at the beginning of a word or phrase as *bold*. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sat Apr 9 23:34:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 17:45:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39hc8$539$1@news.spamcop.net... > Mike Easter wrote: >> Xris wrote: >>> That /very/ (slash-very-slash) above looks like a mess of >>> dots in Thunderbird. :( >> >> Many newsreaders [not my default OE, but OE with QuoteFix with that >> feature enabled] have a 'standard' behavior for plaintext >> 'enhancements' in which slashed words are italicized, asterisked >> words are bolded, underline embraced words are underlined. > > Found at the indicated msgid news:18SdnQN847wlQETcRVn-hw@comcast.com > > > Date: Mon, 03 Jan 2005 16:05:16 -0800 > From: Tim Merrigan > Message-ID: <18SdnQN847wlQETcRVn-hw@comcast.com> > >> 4. How can I include special characters in my *text* post? > > My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning > and end of a word as _underscore_, a slash at the beginning and end of a > word or phrase as /italics/, and an asterisk at the beginning of a word > or phrase as *bold*. > > So, going back to the original question......... Perhaps the person who used /very/ *meant* it to be italicised, not bolded.......????? From MikeE at ster.invalid Sat Apr 9 16:05:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 18:05:21 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > "Mike Easter" >>> Xris wrote: >>>> That /very/ (slash-very-slash) above looks like a mess of >>>> dots in Thunderbird. :( >>> 'enhancements' in which slashed words are italicized, asterisked >>> words are bolded, underline embraced words are underlined. > So, going back to the original question......... Perhaps the person > who used /very/ *meant* it to be italicised, not bolded.......????? No, Xris was 'complaining' because it, the slashed word, turned into a mess of dots. But I don't know why hir Tbird is different than the Tim's Tbird. But, part of what I trimmed from the snippaged post was a different function > Using the underscore before and after text will generally be recognized as _italicizing_ the text. Using the "*" character before and after text will be seen as *bold*. All caps is SHOUTING. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 01:01:45 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 19:10:08 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39jgu$6di$1@news.spamcop.net... > Porpoise wrote: >> "Mike Easter" > >>>> Xris wrote: >>>>> That /very/ (slash-very-slash) above looks like a mess of >>>>> dots in Thunderbird. :( > >>>> 'enhancements' in which slashed words are italicized, asterisked >>>> words are bolded, underline embraced words are underlined. > >> So, going back to the original question......... Perhaps the person >> who used /very/ *meant* it to be italicised, not bolded.......????? > > No, Xris was 'complaining' because it, the slashed word, turned into a > mess of dots. > > But I don't know why hir Tbird is different than the Tim's Tbird. But, > part of what I trimmed from the snippaged post was a different function > > >> Using the underscore before and after text will generally be > recognized as _italicizing_ the text. Using the "*" character before > and after text will be seen as *bold*. All caps is SHOUTING. > > Admit it Mike! You really are trying to confuse me now, aren't you? ;-) I thought it was: _underscore_ = underlined /slash/ = italicised *asterisk* = bold AND...... I thought the original question was: "Why did he use /very/ instead of *very*?" From MikeE at ster.invalid Sat Apr 9 17:25:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 19:25:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > I thought it was: > > _underscore_ = underlined > /slash/ = italicised > *asterisk* = bold Correct, as far as we know; except that Xris sez something else about hir personal copy of Tbird. > AND...... I thought the original question was: > > "Why did he use /very/ instead of *very*?" No. Xris sez why did he use /..../ [slash with only dots, no very inside] instead of *very* ["because 'everyone' uses asterisks on their emphasized 'very', not slashes with dots inside" - imaginary quote of Xris.] -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 01:23:04 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 9 19:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39o61$8tc$1@news.spamcop.net... > Porpoise wrote: >> I thought it was: >> >> _underscore_ = underlined >> /slash/ = italicised >> *asterisk* = bold > > Correct, as far as we know; except that Xris sez something else about > hir personal copy of Tbird. > >> AND...... I thought the original question was: >> >> "Why did he use /very/ instead of *very*?" > > No. Xris sez why did he use /..../ [slash with only dots, no very > inside] instead of *very* ["because 'everyone' uses asterisks on their > emphasized 'very', not slashes with dots inside" - imaginary quote of > Xris.] > Yabbut...... He went on to say "What's wrong with *asterisks* for emphasis? ;)" to which my reply woz "maybe he *meant* to italicise not emphasise....... BTW....... Are we the only 2 nutters on this time of night on a Saturday? ;-) From johnl at spamcop.net Sun Apr 10 00:30:47 2005 From: johnl at spamcop.net (JohnL) Date: Sat Apr 9 19:35:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Porpoise" wrote in news:d39og4$92m$1 @news.spamcop.net: > BTW....... Are we the only 2 nutters on this time of night on a Saturday? > > ;-) But... But.... It's only late afternoon here. ;-) From nttp.sc.s at bigsleep.org Sun Apr 10 01:19:50 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 20:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Mike Easter entered spamcop and left news:d39o61$8tc$1@news.spamcop.net: >> _underscore_ = underlined >> /slash/ = italicised >> *asterisk* = bold > > Correct, as far as we know; except that Xris sez something else about > hir personal copy of Tbird. > I think it's likely that the font Xris is using does not display italics very well, at least at the current size. Sometimes italics do not display very well for me in Mozilla, depending on font/size. -- | Ric | From MikeE at ster.invalid Sat Apr 9 18:38:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 20:40:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Blammo wrote: > I think it's likely that the font Xris is using does not display > italics very well, at least at the current size. Sometimes italics do > not display very well for me in Mozilla, depending on font/size. Ah, so. That would solve the whole problem. How can a font be in such a mess? Is that some kind of anti-MS stance? That would be pretty silly to reject some serious quality work which MS has done with typography, whatever else it/they may have done wrong with OS/app bloat and insecurity and harmful abusive business practices. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Apr 9 18:44:16 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 9 20:45:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: JohnL wrote: > "Porpoise" >> BTW....... Are we the only 2 nutters on this time of night on a >> Saturday? >> >> ;-) > > But... But.... It's only late afternoon here. ;-) Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of year- so it is seriously still daytime at my house. -- Mike Easter kibitzer, not SC admin From johnl at spamcop.net Sun Apr 10 01:51:47 2005 From: johnl at spamcop.net (JohnL) Date: Sat Apr 9 20:55:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in news:d39spo$bl0$1 @news.spamcop.net: > Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of > year- so it is seriously still daytime at my house. Sunset will be 8:23 PM today here. It may get cold in the winter, but when it's light, it stays light quite a bit. :) ( 6:51 PM MDT right now ) From nttp.sc.s at bigsleep.org Sun Apr 10 02:09:28 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 21:10:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Mike Easter entered spamcop and left news:d39se2$bcj$1@news.spamcop.net: > Blammo wrote: >> I think it's likely that the font Xris is using does not display >> italics very well, at least at the current size. Sometimes italics do >> not display very well for me in Mozilla, depending on font/size. > > Ah, so. That would solve the whole problem. How can a font be in such > a mess? > > Is that some kind of anti-MS stance? That would be pretty silly to > reject some serious quality work which MS has done with typography, > whatever else it/they may have done wrong with OS/app bloat and > insecurity and harmful abusive business practices. > Most likely the font does not exist, has nothing to do with MS. I have many fonts that have no italic version, or the default could be changed to a font that does not support italics. Many fonts are limited to a size range and so, if too large or small, may become unreadable. I believe that *NIX systems have a way of dealing this problem, if the necessary library is installed. But then I am no expert on font systems, I just know a bit about making web pages readable. -- | Ric From nttp.sc.s at bigsleep.org Sun Apr 10 02:28:19 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Apr 9 21:30:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Blammo entered spamcop and left news:Xns9633B8C31F9F7blammo@216.154.195.61: > I have many fonts that have no italic version, or the default could be > changed to a font that does not support italics. Bad grammer, I meant to suggest that maybe Xris changed the font to something that does not support italics, which of course means it can be changed to something more readable. BTW, this is (one reason) why HTML eMail is a bad idea. -- | Ric From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 9 21:12:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 9 23:15:08 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: JohnL wrote: > "Mike Easter" wrote in news:d39spo$bl0$1 > @news.spamcop.net: > > >>Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of >>year- so it is seriously still daytime at my house. > > > Sunset will be 8:23 PM today here. > It may get cold in the winter, but when it's light, it stays light quite a > bit. :) > ( 6:51 PM MDT right now ) Just now getting dark here. There's other nutters around, just that some of us were enjoying the beautiful day outdoors. Getting the garden ready to plant. BTW, my TBird reads /very/ as italicized very well. Don't need no bold very much, thank you. From nobody at devnull.spamcop.net Sun Apr 10 01:28:29 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 00:30:06 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, folks!! If it's a bastardized text "reader", I mean, bastardized TEXT reader, then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ Pop's penny! -- Let someone else do it I'm retired! "Brian (SnSR)" wrote in message news:d3a5mp$fe8$1@news.spamcop.net... > JohnL wrote: >> "Mike Easter" wrote in news:d39spo$bl0$1 >> @news.spamcop.net: >> >> >>>Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of >>>year- so it is seriously still daytime at my house. >> >> >> Sunset will be 8:23 PM today here. >> It may get cold in the winter, but when it's light, it stays light quite >> a bit. :) >> ( 6:51 PM MDT right now ) > > Just now getting dark here. There's other nutters around, just that some > of us were enjoying the beautiful day outdoors. Getting the garden ready > to plant. > > BTW, my TBird reads /very/ as italicized very well. Don't need no bold > very much, thank you. From nttp.sc.s at bigsleep.org Sun Apr 10 06:05:49 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 01:10:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 09 Apr 2005 Pop entered spamcop and left news:d3aa16$hqr$1@news.spamcop.net: > Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a > /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! > If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, > folks!! > If it's a bastardized text "reader", I mean, bastardized TEXT > reader, > then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ > You've never heard of Rich Text, or Latex? (I may have misspelt Latex??) How about Emotes? ;-) [ramble]And then we could go on to text processors and word processors...[/ramble] -- | Ric From nobody at spamcop.net Sat Apr 9 23:48:24 2005 From: nobody at spamcop.net (Dar) Date: Sun Apr 10 01:50:05 2005 Subject: [SpamCop-List] sprintnetops.net > utelfla.com Message-ID: Anyone familiar with these domains? 65.40.60.144 (Administrator of network where email originates) abuse-quiet@sprintnetops.net abuse@utelfla.com sprintnettops.net appears to be a sprint off-shoot? utelfla.com appears to be garden variety spamhaus? utelfla.com = The page cannot be displayed Network Abuse: http://sprintnetops.net/abuse/links.php What's up with this?? Contact us by phone at 1-555-555-5555 from M-F 8am-5pm http://utelfla.com = This page cannot be displayed Spam headers in spamcop.spam Dar From source at netcom.com Sun Apr 10 00:44:27 2005 From: source at netcom.com (David Harmon) Date: Sun Apr 10 02:45:08 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> Message-ID: <4258ca8d.3213343@news.spamcop.net> On Sat, 9 Apr 2005 10:52:59 -0700 in spamcop, "Mike Easter" wrote: >EL fixed the problem with the deficient hostname in the 'by' field, but >it failed to repair the still missing semicolon. The algorithm is and >was logic-designed to recognize the old EL bozoticy [?] -- but not the >current, less bozotic condition; so now it can't find the timestamp, >whereas it could before. You stated it much better than I could. I despair of Earthlink fixing anything right. I hold some hope that Spamcop may make up for Earthlink's current bozoticy as it did once upon a time previously. From MikeE at ster.invalid Sun Apr 10 00:58:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:00:02 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Dar wrote: > Anyone familiar with these domains? > > 65.40.60.144 (Administrator of network where email originates) > abuse-quiet@sprintnetops.net > abuse@utelfla.com They are the abuse.net reg'd addies for a number of different Sprint domainnames and are domain registered to Sprint. > Spam headers in spamcop.spam Abbreviated Received lines *comment from (fl-65-40-60-144.sta.sprint-hsd.net [65.40.60.144]) by xxx.xxx.net *sourceline from NV19AS13 ([10.2.202.25]) by WMLV87.bodleian.excite.com *bogusline 65.40.60.144 rDNS fl-65-40-60-144.sta.sprint-hsd.net listed on multiple blocklists for being a trojanized spamtrap hitting spamsource whois -h whois.arin.net 65.40.60.144 ... OrgName: Sprint DSL Network NetRange: 65.40.0.0 - 65.41.255.255 TechEmail: support@sprint-hsd.net OrgTechEmail: ipsupport@sprintnetops.net If you examine all of the abuse.net reg'd addies for - the rDNS of the IP - the abuse.net for the tech domainname - the abuse.net for the orgtech domainname ... you get all the same thing: abuse@sprintnetops.net & abuse@utelfla.com Sprint's nameservers are utelfla, sprintnettops nameservers are utelfla, utelfla and sprintnettops are both reg'd to Sprint at alldomains registrar.. What's the problem? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 01:25:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:25:04 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Dar wrote: > sprintnettops.net appears to be a sprint off-shoot? sp sprintnetops.net DNS 64.45.201.2 .. whois -h whois.arin.net 64.45.201.2 ... Sprint-United Telephone of Florida 64.45.192.0 - 64.45.255.255 ANS Engineering Netcool 64.45.201.0 - 64.45.202.255 > utelfla.com appears to be garden variety spamhaus? No. DNS 209.26.88.20 not listed anywhere whois -h whois.arin.net 209.26.88.20 ... OrgName: Sprint-United Telephone of Florida NetRange: 209.26.0.0 - 209.26.255.255 > utelfla.com = The page cannot be displayed Page? Why would you look for a page? My GET sez it refers to sprint. > Network Abuse: > http://sprintnetops.net/abuse/links.php That page has some abuse links. > What's up with this?? > Contact us by phone at 1-555-555-5555 from M-F 8am-5pm I couldn't find that at the above link even after I degraded my security settings so I could see more. 'Contact us' didn't get me anything. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 01:41:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:40:03 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com References: Message-ID: Mike Easter wrote: > Page? Why would you look for a page? Speaking of crawling around looking for pages, I went crawling around sprint pages and found a description of their huge 'campus' in KS. Very impressive http://www.sprint.com/sprint/fastfacts/campus/index.html 4 million SF of buildings on 200 acres with lotsa greenspace, 6000 trees. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 09:34:23 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 03:45:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d39spo$bl0$1@news.spamcop.net... > JohnL wrote: >> "Porpoise" > >>> BTW....... Are we the only 2 nutters on this time of night on a >>> Saturday? >>> >>> ;-) >> >> But... But.... It's only late afternoon here. ;-) > > Yeah. My local is currently 5:42 PM & sunset is 7:14 PM this time of > year- so it is seriously still daytime at my house. > Aahhhh! But! I've been to bed and it's next morning now................. From MikeE at ster.invalid Sun Apr 10 01:53:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 03:55:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Porpoise wrote: > > Aahhhh! But! I've been to bed and it's next morning > now................. Yeah, well, I've been to bed and it's next morning now for me too, 12:50 AM Sunday, PDT, UTC -0700 And, I'm getting ready to go back to bed again. I'm big on naps. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 10:02:45 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 04:10:02 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d3alu1$nq8$1@news.spamcop.net... > Porpoise wrote: >> >> Aahhhh! But! I've been to bed and it's next morning >> now................. > > Yeah, well, I've been to bed and it's next morning now for me too, 12:50 > AM Sunday, PDT, UTC -0700 > > And, I'm getting ready to go back to bed again. I'm big on naps. > Hmmm..... Well,........ I'm getting ready to go outside and get some Tai Chi practice in........... From nobody at nowhere.invalid Sun Apr 10 12:44:35 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 05:45:24 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On Sun, 10 Apr 2005 00:53:14 -0700, Mike Easter coughed into spamcop and left this in : > Yeah, well, I've been to bed and it's next morning now for me too, 12:50 > AM Sunday, PDT, UTC -0700 You mean you get up in the middle of the night? 12.50 AM is 10 minutes to 1 AM! -- Steve "Thank you for calling the Incontinence hotline. Please hold." From nobody at nowhere.invalid Sun Apr 10 13:19:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 06:20:04 2005 Subject: [SpamCop-List] Reporting backscatter Message-ID: I thought that reporting backscatter was allowed now. Spam traps of mine are receiving notifications from Ol?ane (supposed to be the professional branch of Wanadoo.fr) in response to non-deliverables sent from Chinanet-HN. SC refuses to parse them so I can't even supply a tracker URL. All I can give is the response to my quick submission: Here are the results of your submission: error:Ignoring mail with content-type:multipart/report; report-type=delivery-status; boundary="....munged....." The process is simple. Chinanet-HN is sending spam to the Ol?ane MX machines with my spam trap address as the sender. Return-Path: Received: from bonivet.net ([218.77.43.136]) by relay1.clb.oleane.net with SMTP id j3A9*********91; Sun, 10 Apr 2005 11:40:18 +0200 Message-ID: Date: Sun, 10 Apr 2005 12:29:11 -0300 From: "Maricela" User-Agent: Mozilla/5.0 (Windows; U; Win95; en-GB; rv:0.9.4) Gecko/20011019 Netscape6/6.2 MIME-Version: 1.0 To: 4 addresses hosted by Ol?ane Subject: Not sure Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit { snip p|llz spam } Ol?ane is accepting the messages, and then generating a newmail kindly informing me that the mails weren't deliverable: X-ConnectingHost: 213.56.31.21 Return-Path: Received: from relay1.clb.oleane.net (relay1.clb.oleane.net [213.56.31.21]) by my_server (8.13.3/8.13.3) with ESMTP id j3A9********26 for ; Sun, 10 Apr 2005 11:40:31 +0200 Received: from localhost (localhost) by relay1.clb.oleane.net id j3A9********04; Sun, 10 Apr 2005 11:40:25 +0200 Date: Sun, 10 Apr 2005 11:40:25 +0200 From: Mail Delivery Subsystem Message-Id: <200504100940.j3A9ePEn003704@relay1.clb.oleane.net> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="j3A9ePEn003704.1113126025/relay1.clb.oleane.net" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) SpamCop isn't allowing me to report this as spam. -- Steve "Thank you for calling the Incontinence hotline. Please hold." From Ilgaz at spamcop.net Sun Apr 10 14:55:48 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:00:04 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: Thanks, I can assure this thing has happened because communications lacked from Subsume side. I use their products, really respect them as a coder company but I can't speak about "how excellent they are to feedback they get" I hope you guessed my point, Thanks all Ilgaz Ocal In article , "Mike Easter" wrote: > Ilgaz Ocal wrote: (snip) > > > > So, what happened basically? > > I expect the reporter didn't pay attention to the rules, was admonished, > still didn't pay attention to the rules, and so had their account > jerked. > > The deputies are pretty easy going, but you have to play by the rules > whether you like them or not. The rules that must've gotten the > reporter busted have since been changed to include the very issues that > got hir busted. From nobody at spamcop.net Sun Apr 10 08:04:04 2005 From: nobody at spamcop.net (Ellen) Date: Sun Apr 10 07:10:04 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5hvdt.4j7.nobody@127.0.0.1... > I thought that reporting backscatter was allowed now. Spam traps of mine > are receiving notifications from Oléane (supposed to be the professional > branch of Wanadoo.fr) in response to non-deliverables sent from > Chinanet-HN. SC refuses to parse them so I can't even supply a tracker > URL. All I can give is the response to my quick submission: > > Here are the results of your submission: > error:Ignoring mail with content-type:multipart/report; report-type=delivery-status; boundary="....munged....." > Please send me this info with a complete copy of the headers and text -- deputies admin.spamcop.net Thanks Ellen From Ilgaz at spamcop.net Sun Apr 10 15:12:18 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:15:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: Now a "yahoo plus user" (I regret) it would be interesting to know that 6 filters exist from my old yahoo webmail days to block korean spam I get. I couldn't find a host/ip based way (of course!) and lived the hassle to write down korean charset codes, common characters spammers they use and even "!!!" which korean spammers can't live without. There are 2 ISP's here we speak about. Kornet and Hananet. Currently, I check my trash account weekly and I still see 3-4 spams are in based on newbie filters I created which actually passed Yahoo's gigabyte bayesian filter AND my very personal bayesian filter (plus feature, bla bla) I remember asking it years ago in this place so I better repeat. Is there a chance, slight chance that our reports are abused by those ISP's for verification? If its worth something, can share that funny filter which works with this newsgroup. Its like: Body contains "charset="ks_c_5601-1987" Body contains "ks_c_5601-1987" Body contains "charset="ISO-2022-KR"" Body contains "charset=KS_C_5601-1987" and believe or not, this actually worked Subject contains "!!!!" Also, can't paste here but you can be sure its likely a spam if you don't work in Wall Street and contains "1/4" symbol :) I guess you can understand my feelings about Korean IP space. ;) Also, can understand why I became paranoid about them. Have a nice day Ilgaz Ocal In article , nospam wrote: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > > > I receive about 10 spam mail a day, 6 of this come from kornet.net. > > I dont understand why kornet.net isn't everytime banned from spamcop? > > Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably reporters) From Ilgaz at spamcop.net Sun Apr 10 15:29:46 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sun Apr 10 07:30:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: In article , "rebbit" wrote: > Reffering to Associated Press, Jeremy James, a major spammer got arrested > and sentanced for nine years in jail. > Cause, or effect?: we haven't received a single spam today !!! > It is about time that legislation get implemented, worldwide. > Against those shaddy companies which promote counterfeited products, illegal > drugs , and other trash. > And against those immoral spammers looking for a quick buck. > Rebbit I can only hope it will be a major story in major (non geek) news sites, newspapers so it will make the newbie spammerwannabe think just 5 seconds what he/she is getting into. >From my personal point of view, I can easily tell that some of spams we get are sent by people who doesn't know what "spam" is. Forget if they know its illegal etc. A lifeless, jobless computer genius wannabe comes to his/her company, hands a cd which actually looks like those commercial stuff from Adobe etc, with box for $100. We aren't speaking about unlabeled , unbranded CD-R here. Criminals know how to sell stuff via tricking people too. I actually stopped a poor company owner lecturing poor guy about what spam is and how he will be hated by 99% of his consumers. I still have the CD from him ($100) sitting next to my virus collection diskettes. Scanned with VirusBarrier/OS X (Mac), it includes a backdoor of course. I thought better to share that experience. Ilgaz Ocal ps: Of course, I got the sarcasm :) From nobody at nowhere.invalid Sun Apr 10 15:17:46 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 08:20:04 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Sun, 10 Apr 2005 07:04:04 -0400, Ellen coughed into spamcop and left this in : > Please send me this info with a complete copy of the headers and text -- > deputies admin.spamcop.net You have mail! TIA :) -- Steve "Thank you for calling the Incontinence hotline. Please hold." From devnull at spamcop.net Sun Apr 10 10:02:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Apr 10 09:05:03 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: "Ilgaz Ocal" | | > Reffering to Associated Press, Jeremy James, a major spammer got arrested | > and sentanced for nine years in jail. | > Cause, or effect?: we haven't received a single spam today !!! | > It is about time that legislation get implemented, worldwide. | > Against those shaddy companies which promote counterfeited products, illegal | > drugs , and other trash. | > And against those immoral spammers looking for a quick buck. | > Rebbit | | I can only hope it will be a major story in major (non geek) news sites, | newspapers so it will make the newbie spammerwannabe think just 5 | seconds what he/she is getting into. | C-span did one of the call in talk shows on this very issue. Most callers had no clue and though any jail time was unreasonable. One quoted 'It's not like their Enron screwing people of a lot of money' From nobody at devnull.spamcop.net Sun Apr 10 10:39:03 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 09:40:06 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Blammo" wrote in message news:Xns9633E0D4A3C9Ablammo@216.154.195.61... > On 09 Apr 2005 Pop entered spamcop and left > news:d3aa16$hqr$1@news.spamcop.net: > >> Sheesh! If it's a *text* reader, oops, sorry, a -text-, uhh, no, a >> /text/, or was that a \text\ reader, it'll say EXACTLY what was typed! >> If it shows ANYTHING else, it \ain't/ |NOT| -no- =text= reader, >> folks!! >> If it's a bastardized text "reader", I mean, bastardized TEXT >> reader, >> then it `AIN'T` a +text+ reader ~no more~!! ÿK?ÿ >> > > You've never heard of Rich Text, or Latex? > (I may have misspelt Latex??) > How about Emotes? > ;-) > [ramble]And then we could go on to text processors and word > processors...[/ramble] > > -- > | Ric I said, "text reader", not abri, or latex or kotex or anything else; if it ain't displaying the 7 bit character set, without extensions, it ain't a "text" reader. That's all. NBD, just that if I use a "text" reader, I expect to see a representation of the first 128 characters on my screen, not an interpretation of anything. Else it aint' a text reader. Dat's all. Pop From wb8tyw at qsl.network Sun Apr 10 11:00:37 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Apr 10 10:05:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: nospam wrote: > in article d34vu1$ppu$1@news.spamcop.net, John E. Malmberg at > wb8tyw@qsl.network wrote on 4/8/05 8:05 AM: > >>nospam wrote: >> >>>in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net >>>wrote on 4/8/05 2:59 AM: >>> >>> >>>>I receive about 10 spam mail a day, 6 of this come from kornet.net. >>>>I dont understand why kornet.net isn't everytime banned from spamcop? >>>>Vale >>> >>>I'd love to know how they stay off the top 50 list, because they are MY #1 >>>spammer, (at least 50% of my crap) and judging from remarks here a >>>significant spammer for a number of people in this NG (presumably reporters) > I don't think spamtraps are usually behind DNSBL's, so, my question still > stands. A spamtrap that is behind a DNSBL would be more useful at finding new spam sources than one that is wide open. Also, we do not know where the spamtraps are at. I could easily set up spamtraps on over a dozen networks that give out "free" e-mail accounts with out having to ask special permission, and that is with out even trying to find all the ones available. A spammer should assume that any e-mail addresses that they harvest from the wild wild web are a spamtraps. -John wb8tyw@qsl.network Personal Opinion Only From bar_n0ne at hotmail.com Sun Apr 10 19:31:05 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 10 10:35:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: "John E. Malmberg" wrote in message news:d3bbi6$34q$1@news.spamcop.net... >SNIP. > > A spammer should assume that any e-mail addresses that they harvest from > the wild wild web are a spamtraps. Well that's what my addies all are! From MikeE at ster.invalid Sun Apr 10 08:35:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 10:35:17 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> Yeah, well, I've been to bed and it's next morning now for me too, >> 12:50 AM Sunday, PDT, UTC -0700 > > You mean you get up in the middle of the night? 12.50 AM is 10 minutes > to 1 AM! Yes. My waking sleeping patterns are pretty random, more sleep/naps in the dark/night than daytime naps, tho'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 08:44:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 10:45:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: Pop wrote: > if it ain't displaying the 7 bit character set, without extensions, > it ain't a "text" reader. That's all. NBD, just that if I use a > "text" reader, I expect to see a representation of the first 128 > characters on my screen, not an interpretation of anything. Else it > aint' a text reader. Dat's all. What I think happened was that the text based internet introduced a 'need' or desire for text based communications to take on some of the characteristics or 'emotions' and gestures of conversation. As a result, text based writers and readers started using text based 'symbols' to enhance their 'speech' and thus we got symbols for emoticons and symbols for italicizing and bolding and underlining and caps for shouting and all that jazz. Then, when it became sorta standardized, those otherwise text based readers started 'enhancing' their text displays with little 'things' like graphical emoticons, and italics, bold, and underlined fonts. Because the simplistic 'enhancements' we are talking about can be read either way, as ascii display or with the enhanced character, it didn't cause any trouble. Xris experienced a 'very' unusual 'glitch'. Hir Tbird tried to enhance and failed at it. If s/he is going to use that choice of fonts, perhaps s/he should disable the enhancement feature and simply see my slashveryslash as /very/ instead of 'very' unreadably badly italicized. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 09:05:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 11:05:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Steven Maesslein wrote: > I thought that reporting backscatter was allowed now. If I try to report a 'mockup' of the oleane server bounce/sending me that spam with a 'regular' [not quick] submit, SC offers to report the oleane server to oleane abuse for me. http://www.spamcop.net/sc?id=z750929460z401e3bfd6b13a9a344285a3d81268f5fz Received: from relay1.clb.oleane.net (relay1.clb.oleane.net [213.56.31.21]) Report Spam to: Re: 213.56.31.21 (Bounce) To: abuse@oleane.net (Notes) > SpamCop isn't allowing me to report this as spam. Naturally nothing is done about the spamheaders themselves, as that wouldn't be 'my' spam, just the belated newmail bounce is reportable. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 09:35:28 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 11:35:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Mike Easter wrote: > If I try to report a 'mockup' of the oleane server bounce/sending me > that spam with a 'regular' [not quick] submit, SC offers to report the > oleane server to oleane abuse for me. > > http://www.spamcop.net/sc?id=z750929460z401e3bfd6b13a9a344285a3d81268f5fz I concede that wasn't a very realistic mockup, because I didn't create any proper boundary structures and other newmail 'bounce' elements. It was just quick and dirty to see if it would fail because of the Content-Type: multipart/report; report-type=delivery-status; header content. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sun Apr 10 09:54:16 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sun Apr 10 11:55:12 2005 Subject: [SpamCop-List] Re: sprintnetops.net > utelfla.com In-Reply-To: References: Message-ID: Dar wrote: > Anyone familiar with these domains? > > 65.40.60.144 (Administrator of network where email originates) > abuse-quiet@sprintnetops.net > abuse@utelfla.com > > sprintnettops.net appears to be a sprint off-shoot? > utelfla.com appears to be garden variety spamhaus? > utelfla.com = The page cannot be displayed Actually, it's the other way around. "Way back when" (tm) - Sprint was United Telecom. http://www.answers.com/topic/sprint-2 From nobody at devnull.spamcop.net Sun Apr 10 12:54:00 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 10 12:55:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Ilgaz Ocal" wrote in message news:Ilgaz-7717A4.16481209042005@news.cesmail.net... > > On OS X, since my first OS X usage days, I have found Subsume ( > http://www.subsume.com/ ) for very interesting apps. > > Demoted section > http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem > oted > > So, what happened basically? You asked the same question over in the web Forum last month at http://forum.spamcop.net/forums/lofiversion/index.php/t3873.html You were invited to use the search tool to look up a few of the previous discussions about the SubSume status. Apparently, you chose not to do that. Here's a few discussion links, the massive one is first, but it contains a bit of history, old newsgroup threads, etc ..... http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html http://forum.spamcop.net/forums/lofiversion/index.php/t1767.html From nobody at nowhere.invalid Sun Apr 10 20:20:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 13:25:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Sun, 10 Apr 2005 08:05:13 -0700, Mike Easter coughed into spamcop and left this in : > Naturally nothing is done about the spamheaders themselves, as that > wouldn't be 'my' spam, just the belated newmail bounce is reportable. Had a brief e-mail exchange with Ellen about this. Apparently the quick-report doesn't parse the same way as a cut'n'paste into the spam submission form. -- Steve "Thank you for calling the Incontinence hotline. Please hold." From nttp.sc.s at bigsleep.org Sun Apr 10 18:58:11 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 14:00:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On 10 Apr 2005 Pop entered spamcop and left news:d3ba9o$2gf$1@news.spamcop.net: > I said, "text reader", not abri, or latex or kotex or anything else; > if it ain't displaying the 7 bit character set, without extensions, it > ain't a "text" reader. That's all. NBD, just that if I use a "text" > reader, I expect to see a representation of the first 128 characters > on my screen, not an interpretation of anything. Else it aint' a text > reader. Dat's all. > Well that's what it's doing. We are simply using "hints" for local formatting (or not). I don't see why you claim it's not a "text reader". There is nothing new about this, for example messages here contain quote indents "> " which I have displayed in another color. Quoted quotes ">> " are displayed in yet another color. Sigs that start with "-- " are displayed in a different color as well. I don't like too many slashes and such, it can make it hard to read. And emote icons can sometimes appear where they shouldn't. Those are the querks. -- | Ric | From MikeE at ster.invalid Sun Apr 10 12:14:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 14:15:36 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: Steven Maesslein wrote: > Had a brief e-mail exchange with Ellen about this. Apparently the > quick-report doesn't parse the same way as a cut'n'paste into the spam > submission form. At brief first consideration, I don't find that algorithmic logic 'logical'. The quick report focuses on the headers for source 'ignoring' the body. The issue of the interpretation of a header as being a bounce item doesn't strike me as something the algorithmic source namer would want to 'drop' because of its bounce-ness. OTOH -- with a bit more 'rumination' about the consequences.... There are a lot of 'numbers' involved with quick reporting. Maybe the sense of it is that while virus and its spawn reporting and bounce reporting and challenge reporting and OOO reporting is a good way to call attention to those abusive server behaviors, but the desirability of server listings and the fallout and the IB users who would be 'harmed' by the collateral damage of their servers getting listed might not be acceptable. I wish I knew what proportions of SC reports were spamtraps, quickreports, and 'regular' reports. Apparently/maybe spamtraps are being handled like regular reports re this bouncing business, but quickreports aren't. Or something. There are many secrets to the system which aren't spelled out around here. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 13:25:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 15:25:02 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: WazoO wrote: > Here's a few discussion links, the > massive one is first, but it contains a bit of history, old > newsgroup threads, etc ..... Everyone has their own opinions about what is easier to find and read about something than something else; for example I don't like the google groups beta much at all for most google groups work, so I continue to use the 'oldstyle' .uk version of google groups. Similarly, I find trying to find to read about some specific exchange in the forums maddening. The most useful thing I found in the forum so far was a link to the discussion in the newsgroups which is archived in pipermail http://news.spamcop.net/pipermail/spamcop-help/2002-October/014077.html [SC-Help] Since Jaguar Upgrade-SpamCop doesn't work. > http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm The 'name' of this link is "Thunderbird forward as attachment works @50%" which goes on for two pages and doesn't provide a way to link to the part of the thread which actually has anything to do with subsume. Maybe you think it is 'spoonfeeding' to be able to create a link which actually /works/ to get close to the target without having to use your eyeballs for reading for several minutes to find the issue being discussed; but in reality the forum archive/accumulation process has a number of flaws for dredging up old stuff that google plus pipermail archives doesn't have. Also, gmane is often a better way to find something, even tho' it has its own search problems. It would be better if any given forum post could have its own link or number or msgid so that it can be 'nailed' more accurately in a link. Once found, then the searcher could go up and down from the focal point, instead of having to start reading at the beginning of a long thread to 'work' their way to the target issue. > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html That one showed me the way to the pipermail jaguar discussion. But it was about a naming issue rather than a rule violation issue. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sun Apr 10 22:10:34 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 16:20:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Pop" wrote in message news:d3ba9o$2gf$1@news.spamcop.net... >> >> You've never heard of Rich Text, or Latex? >> (I may have misspelt Latex??) >> How about Emotes? >> ;-) >> [ramble]And then we could go on to text processors and word >> processors...[/ramble] >> >> -- >> | Ric > > I said, "text reader", not abri, or latex or kotex or anything else; if it > ain't displaying the 7 bit character set, without extensions, it ain't a > "text" reader. That's all. NBD, just that if I use a "text" reader, I > expect to see a representation of the first 128 characters on my screen, > not an interpretation of anything. Else it aint' a text reader. Dat's > all. > Wouldn't be much use for all the other languages though, would it? Somewhat more than 128 characters are required for that. But, then, the world was once flat>>>> From nobody at nowhere.invalid Sun Apr 10 23:30:59 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 16:35:03 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: On Sun, 10 Apr 2005 21:10:34 +0100, Porpoise coughed into spamcop and left this in : > Wouldn't be much use for all the other languages though, would it? Somewhat > more than 128 characters are required for that. But, then, the world was > once flat>>>> It's funny how some people think the whole world communicates with nothing but 7-bit us-ascii... Makes you wonder why so much effort is poured into i18n and l10n. -- Steve "I don't understand that attitude. Don't we want email that has dancing bears, cute little videos, musical tunes, animated waving hands, sixty fonts, and looks like it's been done with crayolas? Good grief, man, think like a three year old!" -- Norm Reitzel discussing HTML email From MOHCTP at spamcop.net Sun Apr 10 15:01:13 2005 From: MOHCTP at spamcop.net (MOHCTP) Date: Sun Apr 10 17:05:05 2005 Subject: [SpamCop-List] Spam counter reset Message-ID: My spam counter, the one you see on http://mailsc.spamcop.net/reportheld?action=heldlog/ was reset to one after reaching 72 odd thousand. Any explanation? Average reporting time wasn't reset and still shows the same garbage it showed for the last 50 thousand or so messages. No e-mail from Spamcop either, so I have no clue whatsoever about what happened or why... From nospam at dev.null Mon Apr 11 00:08:52 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 10 17:10:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: "eddie" wrote in message news:pan.2005.04.09.15.57.11.797000@eddie.web... > Since spammers have the learning curve of the common housefly, ... THAT'S INSULTING. Flies are my pet chameleon's favourite. As such they have 50% nuisance value, 50% nutitional value. Spammers have no use and are 100% liability. :-) From nobody at spamcop.net Sun Apr 10 23:57:22 2005 From: nobody at spamcop.net (Valerio) Date: Sun Apr 10 18:00:07 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? In-Reply-To: References: Message-ID: Ilgaz Ocal ha scritto: > There are 2 ISP's here we speak about. Kornet and Hananet. right that two: Kornet.net ---------- IPv4 Address : 211.48.62.0-211.48.62.255 IPv4 Address : 211.216.0.0 - 211.225.255.255 IPv4 Address : 211.220.64.0-211.220.64.255 IPv4 Address : 220.76.104.0-220.76.104.255 Hananet.net ----------- IPv4 Address : 211.202.13.0-211.202.13.255 inetnum: 211.200.0.0 - 211.205.255.255 In the past I use Eudora, and I setted some regex filter to ban the IPs range of spammer provider. Now I use Mozilla, and it have the bayesian filter that do an automatic content analisis and is better. But If I look inside my spam mailbox I got most from korner.net, hananet and chinanet. > Its like: > Body contains "charset="ks_c_5601-1987" > Body contains "ks_c_5601-1987" > Body contains "charset="ISO-2022-KR"" > Body contains "charset=KS_C_5601-1987" another strategy may be to filter every mail that is encoded with "base64". But something happened, from two day I do not received spam from kornet... more, I do not received spam completely. Whats happed? From click1510 at earthlink.net Sun Apr 10 16:08:43 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Sun Apr 10 18:10:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: > > http://s11.yousendit.com/ How are they paying for it? Somebody has to pay for connections, servers, etc. what is the business model and should we worry if we use that service? From 79ytka802 at sneakemail.com Mon Apr 11 00:31:52 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Apr 10 18:35:04 2005 Subject: [SpamCop-List] Reports going to spammer Message-ID: [Spam posted in .spam, with the same headers] Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de The problem is...: Mr Kerler appears to be the spammer! Had a suspicion that this might be the case, so did a bit of googling and found this: http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html I also found a newsgroup discussion, in German, where someone had done a manual LART to the upstream (Deutsche Telekom) and got a reply saying "not our problem". So - is there anything one can do? From nobody at nowhere.invalid Mon Apr 11 01:32:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 10 18:35:16 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Sun, 10 Apr 2005 22:57:22 +0100, Valerio coughed into spamcop and left this in : > But something happened, from two day I do not received spam from > kornet... more, I do not received spam completely. Whats happed? Probably need to give your mail server a good kick :) -- Steve A grammarian's life is always intense. From 79ytka802 at sneakemail.com Mon Apr 11 00:34:42 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Apr 10 18:35:23 2005 Subject: [SpamCop-List] Reports going to spammer Message-ID: [Spam posted in .spam, under the same heading] Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de The problem is...: Mr Kerler appears to be the spammer! Had a suspicion that this might be the case, so did a bit of googling and found this: http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html I also found a newsgroup discussion, in German, where someone had done a manual LART to the upstream (Deutsche Telekom) and got a reply saying "not our problem". So - is there anything one can do? From click1510 at earthlink.net Sun Apr 10 16:35:09 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Sun Apr 10 18:40:03 2005 Subject: [SpamCop-List] SBS 2003 as forward target to spamcop Message-ID: I'm looking at the possibility of setting up the Exchange server in M$ Small Business Server 2003 as a forwarding target for spamcop mailboxes, by restricting it to accept inbound connections only from spamcop servers. Does this seem reasonable? From devnull at spamcop.net Sun Apr 10 19:45:56 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Apr 10 18:50:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "CO-DBA-SC-EL" wrote in message news:d3c85o$ike$1@news.spamcop.net... | > > http://s11.yousendit.com/ | | How are they paying for it? Somebody has to pay for connections, servers, | etc. what is the business model and should we worry if we use that service? >From what I can see it's a small sample of what they can do. If you want/need the full service that's available for a fee. I personally don't have much need for even the limited service but have recommened the full service to other who are quite happy in this regard. From nobody at devnull.spamcop.net Sun Apr 10 20:31:20 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:35:27 2005 Subject: [SpamCop-List] Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > > Well that's what it's doing. We are simply using "hints" for local > formatting (or not). I don't see why you claim it's not a "text reader". > There is nothing new about this, for example messages here contain quote > indents "> " which I have displayed in another color. Quoted quotes ">> " > are displayed in yet another color. Sigs that start with "-- " are > displayed in a different color as well. > > I don't like too many slashes and such, it can make it hard to read. And > emote icons can sometimes appear where they shouldn't. Those are the > querks. Wellll, I suppose it only matters from a perspective viewpoint. "Text" is generally described as ASCII code characters from xx(not sure where it starts, just after all the machine controls) to 127, and contained in the 7-bit media. There are no color commands or character replacement commands etc. in the entire 128 characters of the set. If you're seeing color from your reader, yadda yadda yadda, you know the drill I'm sure; it's not displaying a true rendering of what was sent. Emoticons should display as the text emoticons, not interpreted representations of their meaning and so on, IFF it's a legit text reader. The reader is indeed "reading" text, but it is not "displaying" the text that it "reads" and thus, to this miscreant's way of thinking, is no longer a legitimate "text" reader, but an interpretive reader of text. I guess, having come from the days of the 8080, machine language and CP/M I find it hard to take the MS approach of "softening" the definition of everything. I LIKE OEQuotefix, though I'm not useing it at this moment, but in my opinion, it modifies OE so that it's no longer reading "plain text" because it "reads" an emoticon as a symbol which doesn't exist in the character set for text. In other words, it interprets it. Or rather, it interprets it as the code writer interpreted it. Now, whatever the atche eee double-hockey-sticks that has to do with checking if a friend is blacklisted totally escapes me, so I guess I'll fess up and add an "OT" to the title. Hmm, wonder if "OT" shouldn't be a symbol of some sort? Maybe a down arrow or a circle maybe? And this just occurred to me. Most people will accuse a person of shouting if he should use CAPITALS here and there for emphasis - but it's not shouting at all when it's used for emphasis. It's merely emphasizing a word. Perhaps WRITING IN ALL CAPS FOR LONG PERIODS COULD BE CONSIDERED SHOUTING, but that's no worse than writing in all lower case. I guess all lower case then would be a whisper, eh? I wonder what the emoticon would be for that? I'd like to meet this guy Emote; he must be a real character. And speaking of characters ... (a loud, shouted grin) . LOL! No, actually that was a lol; sort of whispered to msyelf. Pop's popper's popped, Pop From nobody at devnull.spamcop.net Sun Apr 10 20:32:39 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:35:51 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: -- Let someone else do it I'm retired! "Porpoise" wrote in message news:d3c1jb$f46$1@news.spamcop.net... > > "Pop" wrote in message > news:d3ba9o$2gf$1@news.spamcop.net... >>> >>> You've never heard of Rich Text, or Latex? >>> (I may have misspelt Latex??) >>> How about Emotes? >>> ;-) >>> [ramble]And then we could go on to text processors and word >>> processors...[/ramble] >>> >>> -- >>> | Ric >> >> I said, "text reader", not abri, or latex or kotex or anything else; if >> it ain't displaying the 7 bit character set, without extensions, it ain't >> a "text" reader. That's all. NBD, just that if I use a "text" reader, I >> expect to see a representation of the first 128 characters on my screen, >> not an interpretation of anything. Else it aint' a text reader. Dat's >> all. >> > > Wouldn't be much use for all the other languages though, would it? > Somewhat more than 128 characters are required for that. But, then, the > world was once flat>>>> > What chew mean, WAS? The world is just as flat today as it ever was! An d THAT's a truism! Pop From nobody at devnull.spamcop.net Sun Apr 10 20:36:23 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sun Apr 10 19:40:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5j383.269.nobody@127.0.0.1... > On Sun, 10 Apr 2005 21:10:34 +0100, Porpoise coughed into spamcop and > left this in : > >> Wouldn't be much use for all the other languages though, would it? >> Somewhat >> more than 128 characters are required for that. But, then, the world was >> once flat>>>> > > It's funny how some people think the whole world communicates with > nothing but 7-bit us-ascii... Makes you wonder why so much effort is > poured into i18n and l10n. ===> Aaaarrrggghhhh, there's one of them in every crowd! Git! Git away! (holds up cross) aaaarrrrrrrggggghhhh > > -- > Steve > > "I don't understand that attitude. Don't we want email that has dancing > bears, cute little videos, musical tunes, animated waving hands, sixty > fonts, and looks like it's been done with crayolas? Good grief, man, > think like a three year old!" > -- Norm Reitzel discussing HTML email I do! I do, honest I do! Trust me! Trust me, I do! Oops! From zypher at spamcop.net Sun Apr 10 20:00:28 2005 From: zypher at spamcop.net (Ron B.) Date: Sun Apr 10 20:05:03 2005 Subject: [SpamCop-List] Survey: People More Accepting Of Spam Message-ID: http://www.theiowachannel.com/technology/4365058/detail.html Reactions? From porpoise1954 at yahoo.co.uk Mon Apr 11 01:59:24 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:10:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "CO-DBA-SC-EL" wrote in message news:d3c85o$ike$1@news.spamcop.net... >> > http://s11.yousendit.com/ > > How are they paying for it? Somebody has to pay for connections, servers, > etc. what is the business model and should we worry if we use that > service? > > Advertising? email harvesting? data mining? Who knows? Mind you, a 1Gb file size isn't much use, most normal email accounts manage that anyway. It certainly wouldn't be any good for the multi-Gb files I regularly send to the print bureau/photo lab. And *forget* video files! From MikeE at ster.invalid Sun Apr 10 18:15:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 20:15:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: Pop wrote: > Emoticons should display as the text emoticons, not > interpreted representations of their meaning and so on, > I LIKE > OEQuotefix, though I'm not useing it at this moment, but in my > opinion, it modifies OE so that it's no longer reading "plain text" > because it "reads" an emoticon as a symbol which doesn't exist in the > character set for text. My personal choice is to configure OE-QF to not make graphics out of the text emoticons or to color the citations, but I do let it change the fonts to italic, bold, or underline. So, I'm pretty textish; except that/ and/but I use a proportional font for reading instead of a monospaced one. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 10 18:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 10 20:25:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: Ron B. wrote: > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? Don't believe any survey unless you designed it and conducted it yourself and get to see all of the raw data, not the '62% now 53%' regurgitation of whatever it was they did and interpreted. Personally, I think a lot less people are letting their eyeballs fall on the interior of spams, and when they do they are perceiving the content much less receptively than ever before. Exactly 36% less by my precise survey. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Apr 11 02:17:21 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:25:13 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? References: Message-ID: "Pop" wrote in message news:d3cd2n$l8i$1@news.spamcop.net... > > > -- > Let someone else do it > I'm retired! > "Porpoise" wrote in message > news:d3c1jb$f46$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3ba9o$2gf$1@news.spamcop.net... >>>> >>>> You've never heard of Rich Text, or Latex? >>>> (I may have misspelt Latex??) >>>> How about Emotes? >>>> ;-) >>>> [ramble]And then we could go on to text processors and word >>>> processors...[/ramble] >>>> >>>> -- >>>> | Ric >>> >>> I said, "text reader", not abri, or latex or kotex or anything else; if >>> it ain't displaying the 7 bit character set, without extensions, it >>> ain't a "text" reader. That's all. NBD, just that if I use a "text" >>> reader, I expect to see a representation of the first 128 characters on >>> my screen, not an interpretation of anything. Else it aint' a text >>> reader. Dat's all. >>> >> >> Wouldn't be much use for all the other languages though, would it? >> Somewhat more than 128 characters are required for that. But, then, the >> world was once flat>>>> >> > What chew mean, WAS? The world is just as flat today as it ever was! An > d THAT's a truism! > áµè¶éҤسÁտ͹·ìä·Â ¤Ø³¤§¨ÐÍèÒ¹¤Ó¹Õéä´é Taethakhunmeefontthai khunkhongjaahnkhamneedai If you have Thai fonts, you can probably read these words. Even other European languages (other than English) require more than the standard 128 - for accents and characters which are not Roman alphabet. From porpoise1954 at yahoo.co.uk Mon Apr 11 02:21:01 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:30:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Ron B." wrote in message news:d3cems$m63$1@news.spamcop.net... > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? 1st reaction? BULLSHIT! If anything, people are getting more and more pissed off with spam every day! From porpoise1954 at yahoo.co.uk Mon Apr 11 02:23:17 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Apr 10 20:30:15 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Mike Easter" wrote in message news:d3cfgj$mqu$1@news.spamcop.net... > Pop wrote: >> Emoticons should display as the text emoticons, not >> interpreted representations of their meaning and so on, > >> I LIKE >> OEQuotefix, though I'm not useing it at this moment, but in my >> opinion, it modifies OE so that it's no longer reading "plain text" >> because it "reads" an emoticon as a symbol which doesn't exist in the >> character set for text. > > My personal choice is to configure OE-QF to not make graphics out of the > text emoticons or to color the citations, but I do let it change the > fonts to italic, bold, or underline. So, I'm pretty textish; except > that/ and/but I use a proportional font for reading instead of a > monospaced one. > Oh, do me a favour! There aren't actually still dinosaurs out there using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? From nttp.sc.s at bigsleep.org Mon Apr 11 02:10:58 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:15:03 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On 10 Apr 2005 Pop entered spamcop and left news:d3cd08$l88$1@news.spamcop.net: > ... >> >> Well that's what it's doing. We are simply using "hints" for local >> formatting (or not). I don't see why you claim it's not a "text >> reader". There is nothing new about this, for example messages here >> contain quote indents "> " which I have displayed in another color. >> Quoted quotes ">> " are displayed in yet another color. Sigs that >> start with "-- " are displayed in a different color as well. >> >> I don't like too many slashes and such, it can make it hard to read. >> And emote icons can sometimes appear where they shouldn't. Those are >> the querks. > > Wellll, I suppose it only matters from a perspective viewpoint. > "Text" is generally described as ASCII code characters from xx(not > sure where it starts, just after all the machine controls) to 127, and > contained in the 7-bit media. There are no color commands or > character replacement commands etc. in the entire 128 characters of > the set. If you're seeing color from your reader, yadda yadda yadda, > you know the drill I'm sure; it's not displaying a true rendering of > what was sent. Emoticons should display as the text emoticons, not > interpreted representations of their meaning and so on, IFF it's a > legit text reader. > The reader is indeed "reading" text, but it is not "displaying" > the text > that it "reads" and thus, to this miscreant's way of thinking, is no > longer a legitimate "text" reader, but an interpretive reader of text. I get what you are saying, but that depends on if the reader if displaying everything or not, if it doesn't display /slashes/ then you are correct. Like HTML which does not display in the text. But here I'm using XNews, which does display everything (even HTML code). How I choose how to view what I get doesn't effect the fact that it is a text reader. > I guess, having come from the days of the 8080, machine language and > CP/M I find it hard to take the MS approach of "softening" the > definition of everything. I LIKE OEQuotefix, though I'm not useing it > at this moment, but in my opinion, it modifies OE so that it's no > longer reading "plain text" because it "reads" an emoticon as a symbol > which doesn't exist in the character set for text. In other words, it > interprets it. Or rather, it interprets it as the code writer > interpreted it. I agree, that's why I like the idea of rich text, where you define formats in the top of the message, something like this... :emotes: /italics/ *bold* _underline_ So, for example, if :emotes: isn't defined, they won't be displayed. Handy for when you send code that could get converted to something else. Or you could just turn that feature off. Then there are message boards that "smartlink" everything with a "@" in it, but I won't go there now. > Now, whatever the atche eee double-hockey-sticks that has to do > with > checking if a friend is blacklisted totally escapes me, so I guess > I'll fess up and add an "OT" to the title. Hmm, wonder if "OT" > shouldn't be a symbol of some sort? Maybe a down arrow or a circle > maybe? Wouldn't that be OT oh, that would be HTML, egads this is OT. -- | Ric | From nttp.sc.s at bigsleep.org Mon Apr 11 02:20:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:25:05 2005 Subject: [SpamCop-List] bluemountain forgery Message-ID: I hope people aren't too stupid to fall for this one, spam message attempts to look like a bluemountain eCard. Subject:user, You've received a postcard! http://www.bluemountain.com/ view.pd?i=975183635&m=2438&rr=y&source=bma859 - I only read it because I thought it actaully might be from bluemountain, it doesn't link to bluemountain, and I have no interest in going there. -- | Ric | From eddie at eddie.web Sun Apr 10 22:21:48 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:25:31 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? Without seeing the questions it is impossible for the results to mean anything of value. A more detailed set of results is available at http://www.pewinternet.org/PPF/r/103/press_release.asp and the quoted "results" are simply some Deborah Fallows interpretation of the poll. Note the phrase, "We see ... a little less distress ..." She is weaselly enough to say "we see" rather than "there is." So the results are subjective, not objective, by the interpreter herself. Does Pew have a bias or agenda? I know they sponsor PBS and NPR. What about Deborah Fallows? Is she biased? Does it show? In general I consider polls meaningless since they are totally dependent on the question. And there are "push polls" in which the question is preceded by a long statement designed to evoke the "proper" response. Other polls keep asking slightly different questions until they get the response they want. Remember, someone is usually paying for these polls. Maybe, in this case a spam consortium sponsored the poll???? -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sun Apr 10 22:24:41 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:25:37 2005 Subject: [SpamCop-List] Re: Spammer gets slammer References: Message-ID: On Sun, 10 Apr 2005 23:08:52 +0200, Anty Spam scratched out the following: > > "eddie" wrote in message > news:pan.2005.04.09.15.57.11.797000@eddie.web... > >> Since spammers have the learning curve of the common housefly, ... > > THAT'S INSULTING. > > Flies are my pet chameleon's favourite. As such they have 50% nuisance > value, 50% nutitional value. > Spammers have no use and are 100% liability. > > :-) Yeah, but if the chameleon misses a fly, the fly simply comes back to let the chameleon have another shot at it, just like a spammer. And dead spammers have a small amount of fertilizer value, after they are detoxed. :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sun Apr 10 22:25:38 2005 From: eddie at eddie.web (eddie) Date: Sun Apr 10 21:30:07 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On Fri, 08 Apr 2005 06:52:32 +0400, nospam scratched out the following: > in article d34e12$eio$1@news.spamcop.net, Valerio at nobody@spamcop.net > wrote on 4/8/05 2:59 AM: > >> I receive about 10 spam mail a day, 6 of this come from kornet.net. I >> dont understand why kornet.net isn't everytime banned from spamcop? Vale > > I'd love to know how they stay off the top 50 list, because they are MY #1 > spammer, (at least 50% of my crap) and judging from remarks here a > significant spammer for a number of people in this NG (presumably > reporters) I see some kind of teamwork between the chinese URLs and the Korean spammers. I think they actually work together - it's not random -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Sun Apr 10 21:30:23 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 10 21:35:02 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: "Mike Easter" wrote in message news:d3bug3$de1$1@news.spamcop.net... > > Maybe you think it is 'spoonfeeding' to be able to create a link which > actually /works/ to get close to the target without having to use your > eyeballs for reading for several minutes to find the issue being > discussed; but in reality the forum archive/accumulation process has a > number of flaws for dredging up old stuff that google plus pipermail > archives doesn't have. Also, gmane is often a better way to find > something, even tho' it has its own search problems. Actually, my 'search' did take me to specific links/posts, but in deference to a few other folks here, I then went to the lo-fi version of the page display to get around the gripes about having to hit a web-page thing with colors and such. > It would be better if any given forum post could have its own link or > number or msgid so that it can be 'nailed' more accurately in a link. > Once found, then the searcher could go up and down from the focal point, > instead of having to start reading at the beginning of a long thread to > 'work' their way to the target issue. > > > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html > > That one showed me the way to the pipermail jaguar discussion. But it > was about a naming issue rather than a rule violation issue. As I recall, that was just one of the old newsgroup threads I had pulled up to demonstrate that there was dialog with the Subsume developer, and not all of it was good. For example, the post you pull this link from has a Topic/message ID of; http://forum.spamcop.net/forums/index.php?showtopic=3757&view=findpost&p=25347 There was a bit of dialog from Don about the "situation" but I gave up looking for it. If you go to the www.spamcop.net page, hit Help, and do a search .... one of the things worked out/fixed/added back when Courtney was working on the FAQ contents, was the expansion of the Google search targets to include the web-Forum. (I actually wrote my own script/HTML for a desktop shortcut to handle multiple search scenarios, but YMMV) I'm sure you're aware of the limits of finding specific data that way, based on the limited content displayed in those results .. coupled with the many data returns .... and in the above case, trying to guess at the keywords to pull up Don's specific response is a definite guessing game. From nttp.sc.s at bigsleep.org Mon Apr 11 02:39:28 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 21:40:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 10 Apr 2005 Mike Easter entered spamcop and left news:d3bqas$bdp$1@news.spamcop.net: > At brief first consideration, I don't find that algorithmic logic > 'logical'. > > The quick report focuses on the headers for source 'ignoring' the body. > > The issue of the interpretation of a header as being a bounce item > doesn't strike me as something the algorithmic source namer would want > to 'drop' because of its bounce-ness. > > > OTOH -- with a bit more 'rumination' about the consequences.... > > There are a lot of 'numbers' involved with quick reporting. Maybe the > sense of it is that while virus and its spawn reporting and bounce > reporting and challenge reporting and OOO reporting is a good way to > call attention to those abusive server behaviors, but the desirability > of server listings and the fallout and the IB users who would be > 'harmed' by the collateral damage of their servers getting listed might > not be acceptable. > I really don't like the idea of reportable bounces. For one, it does nothing about the real source of the spam (ignoring the case of fake bounces), so it seems to me to be more annoying than useful. Second, all mail servers relay and bounce, that's the way the mail system is designed to work. So that really limits the credibility of the common reporter, who would be just as likely to report any type of bounce as spam, not just nouser and virus/spam notify bounces. Thirdly I don't see where Spamcop educates anyone on what a bad bounce (backscatter) really looks like. -- | Ric | From nobody at devnull.spamcop.net Mon Apr 11 12:18:28 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Apr 10 22:20:04 2005 Subject: [SpamCop-List] Re: Spammer gets slammer In-Reply-To: References: Message-ID: eddie wrote: > ... > > As I noted in another post, the overall level of my personal spam has > dropped over the last month or so, ... I also made the same observation in my Inbox: spam down to about 10%-20% of last year's level. Howver, looking at the SpamCop statistics, I don't see any indication of a general downwards trend. From nttp.sc.s at bigsleep.org Mon Apr 11 03:32:37 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Apr 10 22:35:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 10 Apr 2005 eddie entered spamcop and left news:pan.2005.04.11.01.21.47.671000@eddie.web: > In general I consider polls meaningless since they are totally dependent > on the question. Statistical analysis is by nature, flawed, even without intentional bias. One good example is the second hand smoke study reported by the EPA... http://www.davehitt.com/facts/epid.html That site pretty much says it all, and shows what to look for in faulty stastics. -- | Ric | From nobody at devnull.spamcop.net Sun Apr 10 22:59:56 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 10 23:00:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > Your Tbird is not compliant [neither is my default OE] with those > popular or common or quasi-standard newsreader enhancements I described. > We could 'argue' more effectively about how popular the 'feature' is or > isn't in some newsgroup better represented by the newsreader > knowledgeable such as news.software.readers. I use Thunderbird, and it showed up properly for me. Maybe it's because Xris has an older version than mine. From nobody at devnull.spamcop.net Sun Apr 10 23:01:02 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Apr 10 23:05:04 2005 Subject: [SpamCop-List] Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Mike Easter wrote: > My Newsreader (Mozilla Thunderbird) reads an underscore at the beginning > and end of a word as _underscore_, a slash at the beginning and end of a > word or phrase as /italics/, and an asterisk at the beginning of a word > or phrase as *bold*. > Yeah, that's how mine shows in Thunderbird. From nobody at spamcop.net Mon Apr 11 01:04:23 2005 From: nobody at spamcop.net (RandallW) Date: Mon Apr 11 03:05:16 2005 Subject: [SpamCop-List] acetechusa Message-ID: Anyone receiving pump-and-dump spam sent through Acetechusa mail? I have a mind to make a phone call to complain, but i'm just so damn busy. From porpoise1954 at yahoo.co.uk Mon Apr 11 10:18:00 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 04:25:07 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Blammo" wrote in message news:Xns9634C6DECD80Eblammo@216.154.195.61... > On 10 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.11.01.21.47.671000@eddie.web: > >> In general I consider polls meaningless since they are totally dependent >> on the question. > > Statistical analysis is by nature, flawed, even without intentional bias. > One good example is the second hand smoke study reported by the EPA... > http://www.davehitt.com/facts/epid.html > Duff link?? From nobody at nowhere.invalid Mon Apr 11 11:39:24 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:40:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and left this in : > Oh, do me a favour! There aren't actually still dinosaurs out there > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? This dinosaur is using a console-based newsreader (slrn) and is pleased to be able to: 1) Read tables when they're sent in ASCII without a proportional font screwing them up. 2) ssh into my machine from anywhere in the world and fire up the newsreader with the same settings, killfile, spool etc. regardless of where I am geographically. -- Steve Always the dullness of the fool is the whetstone of the wits. -- William Shakespeare, "As You Like It" From nobody at nowhere.invalid Mon Apr 11 11:42:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:46:08 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On Sun, 10 Apr 2005 17:22:53 -0700, Mike Easter coughed into spamcop and left this in : > Don't believe any survey unless you designed it and conducted it > yourself and get to see all of the raw data, not the '62% now 53%' > regurgitation of whatever it was they did and interpreted. It's well known that 72% of statistics are bullshit :) -- Steve Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes. From nobody at nowhere.invalid Mon Apr 11 11:47:44 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 04:50:20 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On Mon, 11 Apr 2005 01:39:28 +0000 (UTC), Blammo coughed into spamcop and left this in : > Second, all mail servers relay and bounce, that's the way the mail system > is designed to work. Not when they can reject. In this instance, the oleane.com server *ACCEPTED* the mail from the Chinese IP# even though it was addressed to non-existent users, and subsequently mailed *me* a DSN because my e-mail address was forged into the spam. That is *not* how the e-mail system is supposed to work. Had the oleane.com server been configured correctly it would have replied "550 no such user" to the Chinese machine and that would have been the end of it. -- Steve Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes. From bar_n0ne at hotmail.com Mon Apr 11 13:56:21 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 11 05:01:21 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5kdts.3ad.nobody@127.0.0.1... > On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and > left this in : > > > Oh, do me a favour! There aren't actually still dinosaurs out there > > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? > > This dinosaur is using a console-based newsreader (slrn) and is pleased > to be able to: > > 1) Read tables when they're sent in ASCII without a proportional font > screwing them up. > > 2) ssh into my machine from anywhere in the world and fire up the > newsreader with the same settings, killfile, spool etc. regardless of > where I am geographically. Hear Hear!! From nobody at devnull.spamcop.net Mon Apr 11 08:57:46 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 11 08:00:05 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > fonts to italic, bold, or underline. So, I'm pretty textish; except > that/ and/but I use a proportional font for reading instead of a > monospaced one. > > > -- > Mike Easter > kibitzer, not SC admin > Sooo, that makes you a /textish/ kibitzer, right? ;-] From dfm2a3l0t2 at spymac.com Mon Apr 11 10:09:17 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Apr 11 09:10:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: In article , eddie wrote: > On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > > > http://www.theiowachannel.com/technology/4365058/detail.html > > > > Reactions? > > Without seeing the questions it is impossible for the results to mean > anything of value. That's an overstatement. Do you have any reason to question the methodology? If so, present it. If not, you're just throwing shit against the wall and hoping some of it sticks. > A more detailed set of results is available at > http://www.pewinternet.org/PPF/r/103/press_release.asp > and the quoted "results" are simply some Deborah Fallows interpretation of > the poll. Since she's a senior research fellow at the organization that took the poll, her interpretation of the results would have more weight then, say, yours. > Note the phrase, "We see ... a little less distress ..." She is > weaselly enough to say "we see" rather than "there is." So the results are > subjective, not objective, by the interpreter herself. It's neither weaselly nor subjective. She _did_ see those things, right there in the results of the poll. > Does Pew have a bias or agenda? I know they sponsor PBS and NPR. So? Their underwriting of public broadcasting is totally irrelevant to this poll. > What about Deborah Fallows? Is she biased? Does it show? Throwing more shit. > In general I consider polls meaningless since they are totally dependent > on the question. And there are "push polls" in which the question is > preceded by a long statement designed to evoke the "proper" response. > Other polls keep asking slightly different questions until they get the > response they want. And you have no evidence that any of this was done with this poll. > Remember, someone is usually paying for these polls. > Maybe, in this case a spam consortium sponsored the poll???? You didn't read your own cite, which concluded with the following: "The Pew Internet & American Life Project is a non-profit initiative of the Pew Research Center and is funded by the Pew Charitable Trusts to examine the social impact of the internet." If you don't agree with the findings of the poll, that's one thing. But you're letting your animosity towards spam lead to making outrageous and unsupportable claims. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From porpoise1954 at yahoo.co.uk Mon Apr 11 15:19:26 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 09:30:07 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Steven Maesslein" wrote in message news:slrnd5kdts.3ad.nobody@127.0.0.1... > On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and > left this in : > >> Oh, do me a favour! There aren't actually still dinosaurs out there >> using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? > > This dinosaur is using a console-based newsreader (slrn) and is pleased > to be able to: > > 1) Read tables when they're sent in ASCII without a proportional font > screwing them up. I prefer using a spreadsheet for tables (or HTML) or PDF. I tend to use email for quick communication. For "proper" documents, I use the relevant programme, and if I need to send that data to someone, I'll either send them the original file (if they need to be able to edit it), or a PDF file. > > 2) ssh into my machine from anywhere in the world and fire up the > newsreader with the same settings, killfile, spool etc. regardless of > where I am geographically. > Ah well, there you go then, different course - different horse......... When you use a laptop on the move, all your settings are always there anyway. Not many people in the real world use consoles.......... From porpoise1954 at yahoo.co.uk Mon Apr 11 15:20:09 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Apr 11 09:30:40 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: "Berny" wrote in message news:d3de3o$738$1@news.spamcop.net... > > "Steven Maesslein" wrote in message > news:slrnd5kdts.3ad.nobody@127.0.0.1... >> On Mon, 11 Apr 2005 01:23:17 +0100, Porpoise coughed into spamcop and >> left this in : >> >> > Oh, do me a favour! There aren't actually still dinosaurs out there >> > using crappy mono-spaced fonts??!!? Wot they using? Commodore Pets? >> >> This dinosaur is using a console-based newsreader (slrn) and is pleased >> to be able to: >> >> 1) Read tables when they're sent in ASCII without a proportional font >> screwing them up. >> >> 2) ssh into my machine from anywhere in the world and fire up the >> newsreader with the same settings, killfile, spool etc. regardless of >> where I am geographically. > > Hear Hear!! > Don't you mean Har har! ;-) From nttp.sc.s at bigsleep.org Mon Apr 11 14:36:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 09:40:03 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 11 Apr 2005 Steven Maesslein entered spamcop and left news:slrnd5kedg.3ad.nobody@127.0.0.1: > On Mon, 11 Apr 2005 01:39:28 +0000 (UTC), Blammo coughed into spamcop > and left this in : > >> Second, all mail servers relay and bounce, that's the way the mail >> system is designed to work. > > Not when they can reject. > "can" being the operative word there. > In this instance, the oleane.com server *ACCEPTED* the mail from the > Chinese IP# even though it was addressed to non-existent users, and > subsequently mailed *me* a DSN because my e-mail address was forged > into the spam. That is *not* how the e-mail system is supposed to > work. > NO, people aren't supposed to forge your address, if noone forged addresses it wouldn't be an issue. So the issue isn't the bounce, but the forged address. > Had the oleane.com server been configured correctly it would have > replied "550 no such user" to the Chinese machine and that would have > been the end of it. > You are correct, I wasn't arguing your particular case. However you are trying to report what you consider a "incorrectly configured" server, not a spam source. You may be able to make an educated judgement on what an "incorrectly configured" server is, but certainly most people can't. Anytime I get bounces like this I do something about it, nouser and virus bounces, I even got a bounce from an abuse address that bounced because there was a "blocked URL" in the message (no, I didn't report that bounce as spam). I can now use Spamcop for this, however the only advantage would be that I can do so anonymously. Unless I'm getting a large number from the same server, I don't see much use in it. -- | Ric From bar_n0ne at hotmail.com Mon Apr 11 18:37:35 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 11 09:40:13 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: Whoa!!! cool down!! "D.F. Manno" wrote in message news:dfm2a3l0t2-9A7843.09091711042005@news.cesmail.net... > In article , > eddie wrote: > > > On Sun, 10 Apr 2005 19:00:28 -0500, Ron B. scratched out the following: > > > > > http://www.theiowachannel.com/technology/4365058/detail.html > > > > > > Reactions? > > > > Without seeing the questions it is impossible for the results to mean > > anything of value. > > That's an overstatement. Do you have any reason to question the > methodology? If so, present it. If not, you're just throwing shit > against the wall and hoping some of it sticks. Read what the OP says, it's true, without knowing what was asked and how, how can one asses? > > A more detailed set of results is available at > > http://www.pewinternet.org/PPF/r/103/press_release.asp > > and the quoted "results" are simply some Deborah Fallows interpretation of > > the poll. > > Since she's a senior research fellow at the organization that took the > poll, her interpretation of the results would have more weight then, > say, yours. Probably true, but so what, the OP is not actually commenting on the validity of the results. Just on what _could_ be problems with the results. > > Note the phrase, "We see ... a little less distress ..." She is > > weaselly enough to say "we see" rather than "there is." So the results are > > subjective, not objective, by the interpreter herself. > > It's neither weaselly nor subjective. She _did_ see those things, right > there in the results of the poll. OK > > Does Pew have a bias or agenda? I know they sponsor PBS and NPR. > > So? Their underwriting of public broadcasting is totally irrelevant to > this poll. But how do WE know that? > > What about Deborah Fallows? Is she biased? Does it show? > > Throwing more shit. Where? OP's asking, in a negative way perhaps, but valid questions. > > In general I consider polls meaningless since they are totally dependent > > on the question. And there are "push polls" in which the question is > > preceded by a long statement designed to evoke the "proper" response. > > Other polls keep asking slightly different questions until they get the > > response they want. > > And you have no evidence that any of this was done with this poll. Nor did the OP claim it was. > > Remember, someone is usually paying for these polls. > > Maybe, in this case a spam consortium sponsored the poll???? > > You didn't read your own cite, which concluded with the following: "The > Pew Internet & American Life Project is a non-profit initiative of the > Pew Research Center and is funded by the Pew Charitable Trusts to > examine the social impact of the internet." > > If you don't agree with the findings of the poll, that's one thing. But > you're letting your animosity towards spam lead to making outrageous and > unsupportable claims. The OP may be insinuating, by the tone of the question, but makes almost no actual claims. The OP IS arguing a very generalized skepticism to the polling business. WHich > -- > D.F. Manno > dfm2a3l0t2@spymac.com > "The work goes on, the cause endures, the hope still lives and the dream > will never die." From nttp.sc.s at bigsleep.org Mon Apr 11 16:30:52 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 11:35:29 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 D.F. Manno entered spamcop and left news:dfm2a3l0t2- 9A7843.09091711042005@news.cesmail.net: >> Without seeing the questions it is impossible for the results to mean >> anything of value. > > That's an overstatement. Do you have any reason to question the > methodology? If so, present it. If not, you're just throwing shit > against the wall and hoping some of it sticks. > I'll jump in... There are major flaws in this poll: Q19 "Spam or junk email" is not defined; SP1 "How much have you heard or read about SPAM, or junk email? Have you heard or read…?" "Nothing at all" - 12% And 38% of the people polled know little or nothing about spam, and are asked about something may know nothing about. In June 2003 it was 43%, before the Can-Spam act you would assume people would know less about spam. According to the poll this difference is only 5%. SP5|SP6 "Thinking just about your [PERSONAL|WORK] email account…In the past 12 months, have you noticed any change in the amount of spam you receive in your [PERSONAL|WORK] email account?" In Feb 2004, question wording was "...Since January 1st of this year...". So they are compairing a ~1 month increase/decrease to one spanning ~12 months. SP18 "Have you ever…?" e "Used filters offered by your email provider or employer to block spam" "Yes" - 65% f "Applied your own filters to block spam" "Yes" - 33% This question was never asked before. Apparently 65% know what a spam filter is, and likely see less spam because of it. SP31 "Unsolicited [commercial|non-commercial|political]..." This is too general, in my opinion, for a meaningful response. Also the wording would likely be leading towards a positive (yes) response. SP3 "Received an unsolicited email requesting personal ...information..." Only 35% recall receiving phish. I find that hard to believe. This question was never asked before. "Further Analysis - Slightly Increasing Volume of Spam Those who keep tabs on spam report major increases in the volume of spam over the last year. For example, the spam filtering company MessageLabs has reported that in an average month during 2004, spam constituted 73% of email, up from 40% in 2003." The small difference in the pollees recollection, when compairing the results to previous polls, makes the comparison pretty much meaningless. For example porn spam would seem to be decreasing, however you have to consider how much of it is getting filtered or blocked, as it's highly likely that porn spam is easier to block. A poll of 1,295 email users is a somewhat small sample, especially when you try and break it down. -- | Ric From ob1db at spamcop.net Mon Apr 11 13:15:00 2005 From: ob1db at spamcop.net (David Butler) Date: Mon Apr 11 12:20:06 2005 Subject: [SpamCop-List] Re: chinatietong.com References: Message-ID: "Patto" wrote in message news:d2icst$1fr$1@news.spamcop.net... > Brian (SnSR) wrote: > > Never mind. > > > > anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) > > Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical > > tracking. > > The non-bouncing address is anti-spam@chinanet.cn.net abuse@chinanet.cn.net is also valid and non-bouncing currently. David From caroljean52 at yahoo.com Mon Apr 11 10:27:32 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Mon Apr 11 12:30:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Mike Easter" wrote in message news:d3cftj$n1v$1@news.spamcop.net... > Personally, I think a lot less people are letting their eyeballs fall on > the interior of spams, and when they do they are perceiving the content > much less receptively than ever before. Another reaction to this survey: "There could be another explanation for the Pew findings. As more people use the Internet to shop, pay bills and perform other critical aspects of daily life, they begin to worry about a far more dangerous threat -- an increase in online crime." http://www.washingtonpost.com/wp-dyn/articles/A43486-2005Apr11.html?referrer =email (WP requires registration. I don't know if the "referer=email" part will get you around this or not.) Carol Seattle USA From nobody at nowhere.invalid Mon Apr 11 20:28:50 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 11 13:30:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: On Mon, 11 Apr 2005 14:19:26 +0100, Porpoise coughed into spamcop and left this in : > I prefer using a spreadsheet for tables (or HTML) or PDF. Bloat. And it goes down *really* well in text-only newsgroups... Remember, we're talking about newsreaders here. > I tend to use email for quick communication. So do I. And I use a fixed width font in e-mail too. > For "proper" documents, I use the relevant programme, and if I need to > send that data to someone, I'll either send them the original file (if > they need to be able to edit it), or a PDF file. It's a lot easier to send small amounts of data in tables like this: +----------------------------+ | Country | Spams per minute | +---------+------------------+ | .kr | 1204785547 | | .cn | 984657634 | | .br | 54979878 | | .fr | 78965456 | | .ng | 257987987 | | .us | 9836546545 | | others | 74 | +---------+------------------+ Anyone using a fixed width font like me will see something clean and tidy, I didn't have to fire up a spreadsheed program to do it, I probably typed the data just as fast, if not faster than if I'd used the spreadsheet program, people on the other end don't need a spreadsheet program or PDF viewer to view it, and it took up a grand total of 11x31=341 bytes. >> 2) ssh into my machine from anywhere in the world and fire up the >> newsreader with the same settings, killfile, spool etc. regardless of >> where I am geographically. > > Ah well, there you go then, different course - different horse......... When > you use a laptop on the move, all your settings are always there anyway. What if you don't have a laptop? > Not many people in the real world use consoles.......... Those that do appreciate them (otherwise they wouldn't use them because, as we all know, there are alternatives). And more people than you think run software on local or remote consoles. People who manage web and mail servers, for example. Would you tell me that these people are not in the real world? -- Steve Everyone has a photographic memory. Some just don't have film. From MikeE at ster.invalid Mon Apr 11 12:26:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 11 14:25:04 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: Steven Maesslein wrote: > It's a lot easier to send small amounts of data in tables like this: > > +----------------------------+ >> Country | Spams per minute | > +---------+------------------+ >> .kr | 1204785547 | >> .cn | 984657634 | >> .br | 54979878 | >> .fr | 78965456 | >> .ng | 257987987 | >> .us | 9836546545 | >> others | 74 | > +---------+------------------+ > > Anyone using a fixed width font like me will see something clean and > tidy, I prefer to read 'words' or sentences in a proportional font, my default. When I need to look at a table like that, I toggle into a fixed width. Different strokes for different folks; there are a lot of people who prefer fixed to read email and news with. > it took up a grand > total of 11x31=341 bytes. I'm a big fan of efficiency. -- Mike Easter kibitzer, not SC admin From Ilgaz at spamcop.net Mon Apr 11 23:48:12 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Apr 11 15:50:03 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: On 2005-04-10 19:54:00 +0300, "WazoO" said: > "Ilgaz Ocal" wrote in message > news:Ilgaz-7717A4.16481209042005@news.cesmail.net... >> >> On OS X, since my first OS X usage days, I have found Subsume ( >> http://www.subsume.com/ ) for very interesting apps. >> >> Demoted section >> http://www.subsume.com/contemplate/assembler.cgi?page=SpamCop&segment=Dem >> oted >> >> So, what happened basically? > > You asked the same question over in the web Forum last month at > http://forum.spamcop.net/forums/lofiversion/index.php/t3873.html > You were invited to use the search tool to look up a few of the > previous discussions about the SubSume status. Apparently, > you chose not to do that. Here's a few discussion links, the > massive one is first, but it contains a bit of history, old > newsgroup threads, etc ..... > http://forum.spamcop.net/forums/lofiversion/index.php/t3622.htm > http://forum.spamcop.net/forums/lofiversion/index.php/t3757.html > http://forum.spamcop.net/forums/lofiversion/index.php/t1767.html You know what? I'd also start a fight because of your messages tone. I checked "notify me of replies" and replies didn't get notified. Sorry for that. In fact, cancelling that post now if I can. I can understand the reason of "fight" clearly. Well, result is "spam fighting" community'es loss, not spamcops nor subsume people. Some people , very rare percent of them choose to do the real thing, reporting those lame criminals to where they belong. Or... Apple mail has AI based (no,not bayesian) excellent spam filter anyway. No Apple user (unless a linux convert) will care to report spams using "display raw source" and paste to some web form. They bought that system for simplicity. Never mentioning the huge potential of problematic pastes too. If you use a OS X designed for publishing, DTP community at first hand... Paste doesn't work as in windows. Thanks anyway Ilgaz Ocal ps: Just bought Unison for OS X as well as a usenet account, may give an idea about my current feelings against "web forum" thing. ;) From Ilgaz at spamcop.net Mon Apr 11 23:57:02 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Apr 11 16:00:05 2005 Subject: [SpamCop-List] Re: What did spamcop do to Subsume Technologies? :) References: Message-ID: > > Thanks anyway > > Ilgaz Ocal > ps: Just bought Unison for OS X as well as a usenet account, may give > an idea about my current feelings against "web forum" thing. ;) Oops, when I went to forums, I see you were admin at forums. So, don't misunderstand, I speak about "web forums" in general, not "your" forums or your administration. Ilgaz Ocal never been good with nicks From nttp.sc.s at bigsleep.org Mon Apr 11 21:19:15 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 16:20:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 caroljean52 entered spamcop and left news:d3e8hp$k54$1@news.spamcop.net: > (WP requires registration. I don't know if the "referer=email" part > will get you around this or not.) > > Looks like the eMail stuff is "free", I don't think the "?referer" part makes any difference. I like this part: "Fourteen percent of the world's cell-phone users say they have interrupted a sexual encounter to answer their wireless phone, AdAge reported today. The finding came from a survey of 3,000 wireless product users titled 'Wireless Works: Exploring New Brand Connections,' that was conducted by Omnicom Group's BBDO Worldwide and Proximity Worldwide." Notice it used a survay base of 3,000, which I think makes it much more credible (are there twice as many cell phone users than Internet users?). He makes a good point, but really doesn't say anything at all, like why the Bush plug? -- | Ric From nttp.sc.s at bigsleep.org Mon Apr 11 21:25:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Apr 11 16:30:03 2005 Subject: [SpamCop-List] Re: Why kornet.net isn't everytime banned? References: Message-ID: On 10 Apr 2005 Steven Maesslein entered spamcop and left news:slrnd5jacl.mhs.nobody@127.0.0.1: >> But something happened, from two day I do not received spam from >> kornet... more, I do not received spam completely. Whats happed? > > Probably need to give your mail server a good kick :) > Spam tends to stick to the sides, on a warm day it plops out all at once. -- | Ric From nobody at devnull.spamcop.net Mon Apr 11 18:08:13 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Apr 11 17:10:07 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? References: Message-ID: ... > -- > Steve > > Everyone has a photographic memory. Some just don't have film. NOTE: Your sig has just been appropriated! I feel sure I deserve it more than you do, because I AM afflicted with a film problem! '-] Not that I don't have any, but that it takes a long time to develop! Docs call it a "memory retrieval" problem: I call it I can't remember a damned thing until about two days after I learn it! IF I knew I wanted to remember it when I learned it! Took me a long time to learn that, too! Thanks! Pop --- I have a photographic memory; my film's just fogged. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 15:31:10 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 17:35:42 2005 Subject: [SpamCop-List] Re: Gone OT: Re: Checking if a friend is blacklisted? In-Reply-To: References: Message-ID: Pop wrote: > ... > >>-- >>Steve >> >>Everyone has a photographic memory. Some just don't have film. > > > NOTE: Your sig has just been appropriated! I feel sure I deserve it more > than you do, because I AM afflicted with a film problem! '-] Not that I > don't have any, but that it takes a long time to develop! > Docs call it a "memory retrieval" problem: I call it I can't remember a > damned thing until about two days after I learn it! IF I knew I wanted to > remember it when I learned it! Took me a long time to learn that, too! > > Thanks! > > Pop > --- > I have a photographic memory; > my film's just fogged. > > I have a similar affliction. It's not new, but the doctors have just given it a new name. Called CRAFT. Cant Remember A Frigging Thing. :) Brian From borgholio at storymind.com Mon Apr 11 15:41:54 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 11 17:45:04 2005 Subject: [SpamCop-List] Fast Reporting - Good or bad? Message-ID: Using fast spam reporting allows me to report mass quantities of spam without having to sit in front of the Spamcop page for long periods of time clicking "Report Now" - "Send Reports" - "Report Now" - "Send Reports". The downside of fast reporting is that it does not report any spamvertised websites. Isn't this a major flaw? I always figured that reporting the spamvertised sites is just as important (if not more so) than reporting the source of the spam itself. If spammers can't make money, they won't spam. Why does fast reporting not report spamvertised links? From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 15:58:39 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:05:05 2005 Subject: [SpamCop-List] B0rken Regions Phish Message-ID: The poor luser has gone to a lot of trouble to not have this work, unless this is working for Insecure Explorer and/or Look Out Express. www.spamcop.net/sc?id=z751377537z2d0f701b87a1c7bdd4113a3d9146e139z It appears that the link was supposed to go to http://custconfdll.com/.../, but in fact goes to a non-existent page at regions.com. What is interesting, is the amount of hopping around custconfdll.com does. Whois at 14:30 -700 gives 210.5.3.3 which is in GUANGTONGNET space (abuse@optisp.com). Reparsing a few minutes later, SC reads it as 61.16.199.254 and wants to lart abuse@hotwireindia.com. Later still, SC wants the lart to go to abuse@pubnet.ne.kr for 211.57.134.199. Looking at report history shows this is repeated. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 16:05:02 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:10:05 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? In-Reply-To: References: Message-ID: Borgholio wrote: > Using fast spam reporting allows me to report mass quantities of spam > without having to sit in front of the Spamcop page for long periods of > time clicking "Report Now" - "Send Reports" - "Report Now" - "Send > Reports". The downside of fast reporting is that it does not report any > spamvertised websites. Isn't this a major flaw? I always figured that > reporting the spamvertised sites is just as important (if not more so) > than reporting the source of the spam itself. If spammers can't make > money, they won't spam. Why does fast reporting not report spamvertised > links? A quick, simple answer is that it is too easy for a spammer to throw in a link to an unrelated site, causing bad reports. This is a main reason why it is important for human eyes to verify that the links are actually the spamvertized links. From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 16:12:09 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 18:15:09 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam In-Reply-To: References: Message-ID: Blammo wrote: > On 11 Apr 2005 caroljean52 entered spamcop and left > news:d3e8hp$k54$1@news.spamcop.net: > > >>(WP requires registration. I don't know if the "referer=email" part >>will get you around this or not.) >> >> > > > Looks like the eMail stuff is "free", I don't think the "?referer" part > makes any difference. > > I like this part: > > "Fourteen percent of the world's cell-phone users say they have interrupted > a sexual encounter to answer their wireless phone, I'd like to think that 86% said "screw it" when the phone rang, but that's not the case. It could mean that 86% never had the phone ring when they were so involved, or they never have sex, so they never experience coitus interuptus. ;) From borgholio at storymind.com Mon Apr 11 16:14:31 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Apr 11 18:15:26 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Borgholio wrote: > >> Using fast spam reporting allows me to report mass quantities of spam >> without having to sit in front of the Spamcop page for long periods of >> time clicking "Report Now" - "Send Reports" - "Report Now" - "Send >> Reports". The downside of fast reporting is that it does not report >> any spamvertised websites. Isn't this a major flaw? I always figured >> that reporting the spamvertised sites is just as important (if not >> more so) than reporting the source of the spam itself. If spammers >> can't make money, they won't spam. Why does fast reporting not report >> spamvertised links? > > > A quick, simple answer is that it is too easy for a spammer to throw in > a link to an unrelated site, causing bad reports. This is a main reason > why it is important for human eyes to verify that the links are actually > the spamvertized links. Yeah that's pretty much what I figured. I can't see why people who get lots of spam are "penalized" in this way, though. I wouldn't mind reporting a bunch of spam at once if I could get some sort of "consolidated" page where I could review all pending reports at the same time. Having to wait for each individual report to come up is a huge waste of time. From noone at nowhere.com Mon Apr 11 20:29:14 2005 From: noone at nowhere.com (Bob Itguy) Date: Mon Apr 11 19:30:34 2005 Subject: [SpamCop-List] Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... Message-ID: http://www.spamcop.net/sc?id=z751407904z299a158b87b909a5b386fda37e6afb7az Argh...... From noone at nowhere.com Mon Apr 11 20:31:54 2005 From: noone at nowhere.com (Bob Itguy) Date: Mon Apr 11 19:35:03 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: Here is how the link is in the email, SC just goes crazy when the spammers format it like this.... From nobody at xyzzy.claranet.de Tue Apr 12 02:58:23 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 11 20:00:14 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: <425B0F1F.1D0@xyzzy.claranet.de> eddie wrote: > Remember, someone is usually paying for these polls. And someone might have answered the questions. Maybe those who allegedly participated really got more used to spam than last year. Or they have better filters. Many plausible possibilities, but all irrelevant, bye From SCNews.5.myspamgobbler at spamgourmet.com Mon Apr 11 19:21:46 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Mon Apr 11 21:25:10 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... In-Reply-To: References: Message-ID: Bob Itguy wrote: > > > > Here is how the link is in the email, SC just goes crazy when the spammers > format it like this.... > > What SC is attempting to resolve is http://http://zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/, which for some reason redirects me to http://www.microsoft.com/ in FireFox. Dusting off Insecure Explorer, I'm treated to "The page cannot be displayed" I'm not sure why the two browsers treat the double http:// so differently. I'm also not sure why this bothers you so much. Reporting URL's doesn't really do much good with mole reporting. From pete+usenet at heypete.com Mon Apr 11 21:33:38 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Mon Apr 11 23:35:03 2005 Subject: [SpamCop-List] Re: Fast Reporting - Good or bad? References: Message-ID: In article , Borgholio wrote: > Yeah that's pretty much what I figured. I can't see why people who get lots > of spam are "penalized" in this way, though. I wouldn't mind reporting a > bunch of spam at once if I could get some sort of "consolidated" page where > I could review all pending reports at the same time. Having to wait for > each individual report to come up is a huge waste of time. Yeah, I miss not being able to report individual URLs. However, I simply don't have the time to deal with it nowadays. I quick-report massive (usually several hundred simultaneously) amounts of spam -- the "confirmation" message from SpamCop is occasionally >80k of plaintext. At least I'm contributing to the SCBL, though. One thing to look out for when quick-reporting: false positives. I've messed up and accidentally reported legit mail more than once. I do my best to make sure that they're not accidentally reported, but we all make mistakes sometimes. My biggest "oops" was when I LARTed SPAM-L. Embarrassment ensued. It's handy when submitting large amounts of spam, that's for sure. :) -- Pete Stephenson HeyPete.com From tdy at blackhole.invalid Mon Apr 11 22:45:47 2005 From: tdy at blackhole.invalid (N. Miller) Date: Tue Apr 12 00:50:05 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: In article , Blammo says... > ...all mail servers relay and bounce... Not necessarily true. Mine does neither; well, not for the world, anyway. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nttp.sc.s at bigsleep.org Tue Apr 12 07:52:30 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 02:55:02 2005 Subject: [SpamCop-List] Re: Reporting backscatter References: Message-ID: On 11 Apr 2005 N. Miller entered spamcop and left news:MPG.1cc4f259ecc4c44f9897d1@news.spamcop.net: > In article , Blammo says... > >> ...all mail servers relay and bounce... > > Not necessarily true. Mine does neither; well, not for the world, anyway. > If you send an eMail to me, it relays from you to me, my server will reject it, and your's will bounce it back to you (or whomever you claim to be). Or have you come up with some new way of sending mail? -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 07:56:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 03:00:05 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 11 Apr 2005 Brian (SnSR) entered spamcop and left news:d3esri$uk6$1@news.spamcop.net: > I'd like to think that 86% said "screw it" when the phone rang, but > that's not the case. It could mean that 86% never had the phone ring > when they were so involved, or they never have sex, so they never > experience coitus interuptus. ;) > Or, like me, answer it, and keep on rock'n. -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 08:59:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:00:08 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 11 Apr 2005 Brian (SnSR) entered spamcop and left news:d3f7v3$4kt$1@news.spamcop.net: > What SC is attempting to resolve is > http://http://zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/, which > for some reason redirects me to http://www.microsoft.com/ in FireFox. > Dusting off Insecure Explorer, I'm treated to "The page cannot be > displayed" > Mozilla 1.7 "correctly" goes to http://www.http.com http://www.http.com//zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/ GET //zdaizkit.com&xzikqmoysmss84th6oly9.dnfuriljl.com/ HTTP/1.1 Host: www.http.com Keep-Alive: 300 Connection: keep-alive HTTP/1.x 404 Not Found Date: Tue, 12 Apr 2005 07:32:38 GMT Server: Apache/2.0.49 (Unix) PHP/4.3.6 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=ISO-8859-1 however this is only because the "logic" is set to add ".com", otherwise the URL is invalid. Communicator complains about "http", IE 3.02 just complains. Lynx tries to go to "http". Technically the domain would be "http" and the port would be "//zdai". I believe the target is meant to be dnfuriljl.com, which most browsers would incorrectly fetch if it wasn't screwed up. Note that some browsers ignore the "&". Registrant: NA Borovskoe shosse 25, 2 Moscow, MSK 127039 RU 79268710023 No abuse address. -- | Ric | From click1510 at earthlink.net Tue Apr 12 02:07:43 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Tue Apr 12 04:10:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: > Notice it used a survay base of 3,000, which I think makes it much more > credible (are there twice as many cell phone users than Internet users?). A poorly selected sample of 3000 is much worse than a well selected sample of 100. Don't believe numbers--the methods used make all the difference. From nttp.sc.s at bigsleep.org Tue Apr 12 09:09:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:10:19 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 12 Apr 2005 Blammo entered spamcop and left news:Xns9636A2AF733blammo@216.154.195.61: > ...which most browsers would incorrectly fetch if it wasn't screwed up. Oh, I see that it's Spamcop that screwed up. Interesting. -- | Ric | From nttp.sc.s at bigsleep.org Tue Apr 12 09:16:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 04:20:03 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: On 12 Apr 2005 CO-DBA-SC-EL entered spamcop and left news:d3fvkv$gir$1@news.spamcop.net: >> Notice it used a survay base of 3,000, which I think makes it much >> more credible (are there twice as many cell phone users than Internet >> users?). > A poorly selected sample of 3000 is much worse than a well selected > sample of 100. Don't believe numbers--the methods used make all the > difference. > > > That's true, but we don't know anything important about the sample in either case, so we are left with only the number. -- | Ric | From DougThegarden at hotmail.com Tue Apr 12 10:26:02 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Tue Apr 12 04:30:03 2005 Subject: [SpamCop-List] Spam subject line of the day Message-ID: I couldn't resist opening this one to see what on earth it was about but the hilarious title disappointingly revealed just another mortgage offer: "Smell gene may help ward off mosquitoes" Doug From nttp.sc.s at bigsleep.org Tue Apr 12 09:57:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Apr 12 05:01:36 2005 Subject: [SpamCop-List] Re: Not only do I get the same spam 4-5 times a day but SC can't even parse it right.... References: Message-ID: On 12 Apr 2005 Blammo entered spamcop and left news:Xns9636BCDB7AA6blammo@216.154.195.61: > On 12 Apr 2005 Blammo entered spamcop and left > news:Xns9636A2AF733blammo@216.154.195.61: > >> ...which most browsers would incorrectly fetch if it wasn't screwed up. > > Oh, I see that it's Spamcop that screwed up. Interesting. > Parsing input: http://zdaizkit.comxzikqmoysmss84th6oly9.dnfuriljl.com/ host zdaizkit.comxzikqmoysmss84th6oly9.dnfuriljl.com (checking ip) = 202.99.172.145 host 202.99.172.145 (getting name) no name No recent reports, no history available Cached whois for 202.99.172.145 : ipanm@heinfo.net abuse@cnc-noc.net Using abuse net on abuse@cnc-noc.net abuse net cnc-noc.net = abuse@cnc-noc.net, postmaster@cnc-noc.net Using best contacts abuse@cnc-noc.net postmaster@cnc-noc.net postmaster@cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. Parsing input: http://xzikqmoysmss84th6oly9.dnfuriljl.com/ host xzikqmoysmss84th6oly9.dnfuriljl.com (checking ip) = 82.114.48.64 host 82.114.48.64 (getting name) no name No recent reports, no history available Cached whois for 82.114.48.64 : abuse@tautel.ru Using abuse net on abuse@tautel.ru abuse net tautel.ru = abuse@tautel.ru, postmaster@tautel.ru Using best contacts abuse@tautel.ru postmaster@tautel.ru -- | Ric | From Ilgaz at spamcop.net Tue Apr 12 15:37:58 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Tue Apr 12 07:40:31 2005 Subject: [SpamCop-List] Re: B0rken Regions Phish References: Message-ID: On 2005-04-12 00:58:39 +0300, "Brian (SnSR)" said: > The poor luser has gone to a lot of trouble to not have this work, > unless this is working for Insecure Explorer and/or Look Out Express. > > www.spamcop.net/sc?id=z751377537z2d0f701b87a1c7bdd4113a3d9146e139z > > It appears that the link was supposed to go to > http://custconfdll.com/.../, but in fact goes to a non-existent page at > regions.com. > > What is interesting, is the amount of hopping around custconfdll.com > does. Whois at 14:30 -700 gives 210.5.3.3 which is in GUANGTONGNET > space (abuse@optisp.com). Reparsing a few minutes later, SC reads it as > 61.16.199.254 and wants to lart abuse@hotwireindia.com. Later still, SC > wants the lart to go to abuse@pubnet.ne.kr for 211.57.134.199. > > Looking at report history shows this is repeated. Regions bank is clearly in trouble of a huge phishing campaign. My Yahoo bulk folder is full of them. Its from Korea all the time... More interestingly, they have also sent a legit mail once. I mean spammers! It was clearly to make reporters count as invalid. I tell you, if I was a spammer and I see even this kind of crime (huge crime) doesn't make the spammers door broken by local police/FBI. I'd have no fear. Ilgaz Ocal p.s.: I know, the machines are in question are zombies From nobody at nowhere.com Tue Apr 12 10:27:19 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 09:25:05 2005 Subject: [SpamCop-List] what do I do now? Message-ID: I've received 75 messages all identical to the one below in the past month. Maybe nobody else is reporting spam from this source, but 193.13.73.216 is not getting listed in any of the blocklists. I also sent a personal, unmunged email to abuse@griffel.se asking if he could kindly look into the matter, and received no response. Is there some something else I can do? http://www.spamcop.net/sc?id=z751593096z3f1c535e3d2658d96b32c59367932ac6z Bob From Ilgaz at spamcop.net Tue Apr 12 17:30:02 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Tue Apr 12 09:35:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: On 2005-04-12 16:27:19 +0300, "Robert" said: > I've received 75 messages all identical to the one below in the past month. > Maybe nobody else is reporting spam from this source, but 193.13.73.216 is > not getting listed in any of the blocklists. I also sent a personal, > unmunged email to abuse@griffel.se asking if he could kindly look into the > matter, and received no response. Is there some something else I can do? > > http://www.spamcop.net/sc?id=z751593096z3f1c535e3d2658d96b32c59367932ac6z > > Bob Are you _sure_ your mail client isn't actually getting same message forever? In case, you use a mail client. No recent reports, no history available Cannot resolve http://wyzh.flabaxileml.com/?shuxujss4wzrkssxeimphfc It definitely looks like the spammers site has been closed down to me. Some people took action against him/her. I suggest you manually black list the sender if you are sure thats not your clients problem. Ilgaz Ocal From MikeE at ster.invalid Tue Apr 12 08:56:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 10:55:04 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > I've received 75 messages all identical to the one below in the past > month. Maybe nobody else is reporting spam from this source, but > 193.13.73.216 is not getting listed in any of the blocklists. 193.13.73.216 rDNS stat.infanterit.se is not listed in any blocklists, and doesn't even make a blip on senderbase's radar screen: Report on IP address: 193.13.73.216 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 0.0 -100% Last 30d 0.0 -100% Average 0.0 If you report 2.5 per day, it seems that it would become SC blocklisted if some of those 'piled up'. > I also > sent a personal, unmunged email to abuse@griffel.se asking if he > could kindly look into the matter, and received no response. Is there > some something else I can do? You could expand the notifies to include swip and include griffel in the expansion. >From ripe: In case of improper use, please mail or route: 193.12.0.0/14 descr: SWIPNET In case of improper use originating from our network, please mail customer or -- Mike Easter kibitzer, not SC admin From nobody at nowhere.com Tue Apr 12 12:32:28 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 11:30:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3gnfc$se6$1@news.spamcop.net... > Volume Statistics for this IP > Magnitude Vol Change vs. Average > Last day 0.0 -100% > Last 30d 0.0 -100% > Average 0.0 Could it be that spamcop is ignoring my reports? BTW I've only reported the last 25 messages, beginning 3/29. While identical in content, the messages are all definitely different (I'll post links to the next bacth I report to show). Is it possible that they're always from the same source because my server's being somehow fooled into generating bad headers? In that case I'd feel bad for implicating an innocent bystander. Robert From MikeE at ster.invalid Tue Apr 12 10:00:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 12:00:05 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > "Mike Easter" >> Volume Statistics for this IP >> Magnitude Vol Change vs. Average >> Last day 0.0 -100% >> Last 30d 0.0 -100% >> Average 0.0 > > Could it be that spamcop is ignoring my reports? BTW I've only > reported the last 25 messages, beginning 3/29. That magnitude stuff is senderbase reporting 'traffic' Senderbase traffic is an accumulation of data from 50,000 big mail recipients. That isn't a summary of spamcop reports, which aren't/isn't available. SC only gives fragmentary, superficial information and then only when an IP has become SC listed. > While identical in content, the messages are all definitely different > (I'll post links to the next bacth I report to show). > > Is it possible that they're always from the same source because my > server's being somehow fooled into generating bad headers? In that > case I'd feel bad for implicating an innocent bystander. Well, I don't like your provider's headers, but they would be pretty whacky if they didn't report the source IP accurately in the Received traceline. Received: from 193.13.73.216 by 192.168.0.100; Mon, 11 Apr 2005 19:34:42 -0400 That 'from' field is supposed to represent the source IP, and many servers would be configured to also provide the helo and the rDNS. In this case the rDNS is stat.infanterit.se infanterit.se has the MX mail.griffel.se which is 193.13.74.245 The senderbase information for that IP is quite different: Report on IP address: 193.13.74.245 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 4.0 -22% Last 30d 4.1 -4% Average 4.1 indicating its function as the output IP for griffel. Those magnitude numbers can be considered as exponents or logrithms of a number, so 4 is a lot larger than 0. What is sorta wrong with your server's line is that it should put the domainname or hostname in the 'by' field; at least it should do that if it is transferring the mail somewhere else. Instead it just has a non-routing IP address 192.168.0.100 If I try to derive some clues about the server from the headers, I can look at the message ID, which is sometimes assigned by the recipient server if it didn't have one from the sender. Spam msg id/s may be absent at the time of sending or they can be bogus. I interpret this one as bogus rather than assigned by your mailserver, but I don't actually know that. -- Mike Easter kibitzer, not SC admin From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 12:58:36 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 13:00:04 2005 Subject: [SpamCop-List] Re: Survey: People More Accepting Of Spam References: Message-ID: "Ron B." wrote in message news:d3cems$m63$1@news.spamcop.net... > http://www.theiowachannel.com/technology/4365058/detail.html > > Reactions? That is my local station. It is accurate. People don't like it any better than before but they don't freak out at it. They know scams now. I thought the original message said people were more accepting of spamcop. Of course, I would say that one is completely wrong. Most ISPs avoid it because it is too aggressive. Is is mostly pissed off individuals with small or no networks who participate on this forum. David P. From nobody at nowhere.com Tue Apr 12 14:46:49 2005 From: nobody at nowhere.com (Robert) Date: Tue Apr 12 13:45:06 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3gr70$unn$1@news.spamcop.net... > What is sorta wrong with your server's line is that it should put the > domainname or hostname in the 'by' field; at least it should do that if > it is transferring the mail somewhere else. Instead it just has a > non-routing IP address 192.168.0.100 And I've already been criticized about the line that comes directly above it, which is Received: from wps-1.merrimac (WPS-1 [192.168.100.9]) by merrexch.merrimac with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H1FNFHGW; Mon, 11 Apr 2005 20:11:38 -0400 I delete this one because it offers no extra or useful information, and prevents me from reporting. I'm really not sure why people beat me over the head about these headers - it's just how Exchange 5.5 works. I can't do *anything* to change how it generates its headers, and we're not upgrading to a newer version (which may still generate headers like this) for a few months still. Am I really the only SC user with an email server like this? Maybe I can configure it differently (I'm not the admin tho). I'll have to check out the Exchange NG's... Robert From zypher at spamcop.net Tue Apr 12 13:55:02 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Apr 12 13:55:05 2005 Subject: [SpamCop-List] OT: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) In-Reply-To: References: Message-ID: David Payer wrote: > "Ron B." wrote in message > news:d3cems$m63$1@news.spamcop.net... > >>http://www.theiowachannel.com/technology/4365058/detail.html >> >>Reactions? > > > That is my local station. It is accurate. People don't like it any better > than before but they don't freak out at it. They know scams now. > > I thought the original message said people were more accepting of spamcop. > Of course, I would say that one is completely wrong. > > Most ISPs avoid it because it is too aggressive. Is is mostly pissed off > individuals with small or no networks who participate on this forum. > > David P. > > I am a Des Moines resident. If you want, you may reach me using my Spamcop addy (it is not munged). BTW, does MediaCom count as a "small ... network"? From MikeE at ster.invalid Tue Apr 12 13:13:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 15:15:06 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > "Mike Easter" >> What is sorta wrong with your server's line is that it should put the >> domainname or hostname in the 'by' field; at least it should do >> that if it is transferring the mail somewhere else. Instead it just >> has a non-routing IP address 192.168.0.100 > > And I've already been criticized about the line that comes directly > above it, which is > > Received: from wps-1.merrimac (WPS-1 [192.168.100.9]) by > merrexch.merrimac with SMTP (Microsoft Exchange Internet Mail Service > Version 5.5.2653.13) id H1FNFHGW; Mon, 11 Apr 2005 20:11:38 -0400 Eek! That is a bad line too. Worse in some ways. > I delete this one because it offers no extra or useful information, > and prevents me from reporting. Eek! That deletion /is/ troublesome. I would be surprised if a deputy 'allowed' that material change if knowledgeable of it. I would be less surprised if a deputy sed that if your spam can't be submitted to spamcop and parsed 'as is' without material changes - that it just looks like your spam shouldn't be submitted to spamcop. Afterall, look at how many things are being done to alter the spam so that it no longer resembles what was sent in the first place -- the headers are being 'mangled' [actually improperly 'augmented' by bad Received tracelines] by their receipt by a misconfigured Exchange server -- and also the body is being mangled by something, presumably Outlook, which results in SC having to re-mangle the body again to do the OL/Eudora hack. > I'm really not sure why people beat me over the head about these > headers - it's just how Exchange 5.5 works. I can't do *anything* to > change how it generates its headers, and we're not upgrading to a > newer version (which may still generate headers like this) for a few > months still. Exchange does a lot of bad things in the server department, but it isn't 'required' to be misconfigured. Plenty of Exchange servers know what the name and IP of the receiving server should be. > Am I really the only SC user with an email server like this? Maybe I > can configure it differently (I'm not the admin tho). I'll have to > check out the Exchange NG's... -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Apr 13 00:25:29 2005 From: nobody at spamcop.net (nospam) Date: Tue Apr 12 15:30:04 2005 Subject: [SpamCop-List] Software Factory solutions moved from Calpop/Atmlinkinc to SBC global Message-ID: Now this fscker is spamming through SBC Global Still hosted on the same tired MCI server at 63.82.96.35 Still sending dozens of shopping sprees, free cell phones and compare the stores spams to the same addresses every few days. Same operation out of Laval PQ Canada From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 16:28:16 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 16:30:05 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Ron B." wrote in message news:d3h21m$4eg$1@news.spamcop.net... > I am a Des Moines resident. If you want, you may reach me using my > Spamcop addy (it is not munged). BTW, does MediaCom count as a "small > ... network"? No, they are not. You work for them? D From zypher at spamcop.net Tue Apr 12 17:02:33 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Apr 12 17:05:08 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) In-Reply-To: References: Message-ID: David Payer wrote: > "Ron B." wrote in message > news:d3h21m$4eg$1@news.spamcop.net... > >>I am a Des Moines resident. If you want, you may reach me using my >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small >>... network"? > > > No, they are not. You work for them? > > D > > Nope, just my ISP From krazikat at krazi.kat Tue Apr 12 22:05:16 2005 From: krazikat at krazi.kat (krazikat) Date: Tue Apr 12 17:10:11 2005 Subject: [SpamCop-List] Re: more slow response References: Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: >>> Tired? Try giving it a rest. >> >> >> Sucky? Try giving it a rest. > > > Yawn. > Idiot. From krazikat at krazi.kat Tue Apr 12 22:06:58 2005 From: krazikat at krazi.kat (krazikat) Date: Tue Apr 12 17:10:36 2005 Subject: [SpamCop-List] Re: more slow response References: Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: >>> Tired? Try giving it a rest. >> >> >> Sucky? Try giving it a rest. > > > Yawn. > Idiot. From noah.boddie at newsgroup.nospam Tue Apr 12 18:10:16 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Tue Apr 12 17:15:06 2005 Subject: [SpamCop-List] Re: Reports going to spammer References: Message-ID: "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:d3c9lv$j7r$3@news.spamcop.net... > [Spam posted in .spam, under the same heading] > > Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de > > The problem is...: Mr Kerler appears to be the spammer! > > Had a suspicion that this might be the case, so did a bit of googling > and found this: > > http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html > > I also found a newsgroup discussion, in German, where someone had done a > manual LART to the upstream (Deutsche Telekom) and got a reply saying > "not our problem". > > So - is there anything one can do? Go to his house and bust his kneecaps with a baseball bat? ------ If you were to realize how powerful your thoughts are you would never have a negative thought again www.dwacon.com From david.payer-no-spam-Thanks! at ia-omni.com Tue Apr 12 17:37:01 2005 From: david.payer-no-spam-Thanks! at ia-omni.com (David Payer) Date: Tue Apr 12 17:40:03 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Ron, I think my original assertion stands: "Most ISPs avoid it because it is too aggressive. Is is mostly pissed off individuals with small or no networks who participate on this forum." Those on this forum are not people running networks for the most part, just pissed off individuals who get spam. Among email admins, SpamCop is too aggressive and and unhelpful when valid ISPs get listed. D "Ron B." wrote in message news:d3hd19$aa2$1@news.spamcop.net... > David Payer wrote: > > "Ron B." wrote in message > > news:d3h21m$4eg$1@news.spamcop.net... > > > >>I am a Des Moines resident. If you want, you may reach me using my > >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small > >>... network"? > > > > > > No, they are not. You work for them? > > > > D > > > > > > > Nope, just my ISP From dwvbo91q4001 at sneakemail.com Tue Apr 12 23:51:33 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 18:55:03 2005 Subject: [SpamCop-List] Re: Software Factory solutions moved from Calpop/Atmlinkinc to SBC global References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nospam wrote in news:BE820969.14925%nobody@spamcop.net: > Now this fscker is spamming through SBC Global > > Still hosted on the same tired MCI server at 63.82.96.35 > > Still sending dozens of shopping sprees, free cell phones and > compare the stores spams to the same addresses every few days. > > Same operation out of Laval PQ Canada > > so noted... see sightings in NANAS. - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxQ8PkOwY5RskHOEQKEdQCfZEl4UbehOReoMxk9UxIso0f9yLsAmwTc ctgs3aGlHNl5BRfW2fkh8LOF =cICT -----END PGP SIGNATURE----- From dwvbo91q4001 at sneakemail.com Wed Apr 13 00:19:13 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 19:20:08 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blammo wrote in news:Xns9634BA9C9C7D5blammo@216.154.195.61: > bluemountain 66.115.247.220 -> (66-115-247-220.dsl-cust.gwtc.net) Just another forgery from a zombie. 65.70.18.157 -> (cable-bsr1-0668.grnco.net) and another one. 67.190.25.250 -> (c-67-190-25-250.hsd1.co.comcast.net), etc... Note also the weird port: 8180. Currently there are 809 sightings at NANAS: http://groups-beta.google.com/group/news.admin.net-abuse.sightings/sea rch?q=bluemountain&start=0&scoring=d& - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxXSvkOwY5RskHOEQKt5gCgnjlMR13qq0yp5IcGqpRinxjPOSsAoNak N9/DDE7LAoPoXL5oL48ZEgnj =66Tu -----END PGP SIGNATURE----- From eddie at eddie.web Tue Apr 12 21:06:30 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 12 20:10:02 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On Mon, 11 Apr 2005 01:20:18 +0000, Blammo scratched out the following: > I hope people aren't too stupid to fall for this one, spam message > attempts > to look like a bluemountain eCard. I get those off and on. I suspect that the website it takes you to attempts to infect your computer. I just report them and include a copy to bluemountain with a note that their good name is being abused. If enough people also report it to bluemountain they might take some kind of action, if possible. I am careful to let bluemountain know that they are innocent but someone is taking advangate of their name. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Tue Apr 12 21:08:38 2005 From: eddie at eddie.web (eddie) Date: Tue Apr 12 20:10:19 2005 Subject: [SpamCop-List] Re: Reports going to spammer References: Message-ID: On Sun, 10 Apr 2005 23:34:42 +0100, Aviatrix scratched out the following: > Spamcop thinks that reports on this one should go to mail@rudolf-kerler.de > > The problem is...: Mr Kerler appears to be the spammer! > > Had a suspicion that this might be the case, so did a bit of googling and > found this: > > http://www.avs-gold.de/Anbieter/0240_bueroschlampe_anja/impressum.html > > I also found a newsgroup discussion, in German, where someone had done a > manual LART to the upstream (Deutsche Telekom) and got a reply saying "not > our problem". > > So - is there anything one can do? put his address in one or more of the many "do not spam me" newsgroups???? -- Once movie theaters gave out steak knives Today they confiscate them From dwvbo91q4001 at sneakemail.com Wed Apr 13 01:17:55 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 20:20:02 2005 Subject: [SpamCop-List] Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "David Payer" wrote in news:d3hf38$blu$1@news.spamcop.net: > Ron, I think my original assertion stands: > > "Most ISPs avoid it because it is too aggressive. Is is mostly pissed > off individuals with small or no networks who participate on this > forum." > > Those on this forum are not people running networks for the most part, > just pissed off individuals who get spam. Among email admins, SpamCop > is too aggressive and and unhelpful when valid ISPs get listed. > > D > vs. invalid ISPs? What is a *valid* ISP? If anything, spamcop reports should indicate to responsible parties that there *could* be a problem that needs attention. Unless an ISP wants some/all of it's netspace to be on the other more conservative, broader, and more permanent blocklists (if not already), it would be prudent to pay attention. When it comes to ignoring early warnings, Le incompetent admins deserve the cluestick. So, in that sense, your position sounds amusingly like you are pissed, not the other way around. -- Tim P Very content SpamCop Subscriber since 4/2002 From dwvbo91q4001 at sneakemail.com Wed Apr 13 01:38:16 2005 From: dwvbo91q4001 at sneakemail.com (Tim P.) Date: Tue Apr 12 20:40:06 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Mike Easter" wrote in news:d393v7$tdl$1@news.spamcop.net: > Mike Easter wrote: >> EL is acting bozotic again by leaving out the semicolon. > > RFC 2821 Section 3.6.7 on Trace fields requires that a semicolon be > placed between that section of the 'by' field which precedes the > timestamp and the timestamp, so the EL stamp is noncompliant.. > > My recent experience with trying to email EL some suggestions about > how to do something was met with total obstruction. > RFC noncompliance = rfc.ignorant.org....eventually Earthstink will fix- or else ;) - -- Tim P Very content SpamCop Subscriber since 4/2002 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com iQA/AwUBQlxp8vkOwY5RskHOEQIkDwCeNjfKOV/E2gL43tGqvusns5mSKGwAnRN9 7JcpOVdSAY0I+sYUZDY2U7Ym =TNpj -----END PGP SIGNATURE----- From MikeE at ster.invalid Tue Apr 12 18:51:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 12 20:55:02 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Tim P. wrote: > RFC noncompliance = rfc.ignorant.org....eventually Earthstink will > fix- or else ;) I'm not a fan of rfc-ignorant; EL isn't going to pay any attention to being listed there; and getting EL listed there only has the potential to cause me some kind of problem, not some kind of solution. Besides, rfc-ig doesn't have a category for noncompliant Received tracelines. It has categories for DSN <>, postmaster, abuse, whois, and bogusmx. spamcop.net is currently listed in rfc-ig in 2 categories, and Julian doesn't agree that the rfc-ig listing is appropriate. But, there you go. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Apr 13 08:27:00 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 07:30:25 2005 Subject: [SpamCop-List] Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: You are not supposed to top-post in this forum. Most old timers will not read your posts for that reason. That said: David, you haven't lurked here long enough; your assertions are quite flawed in fact. Pop -- Let someone else do it I'm retired! "David Payer" wrote in message news:d3hf38$blu$1@news.spamcop.net... > Ron, I think my original assertion stands: > > "Most ISPs avoid it because it is too aggressive. Is is mostly pissed off > individuals with small or no networks who participate on this forum." > > Those on this forum are not people running networks for the most part, > just > pissed off individuals who get spam. Among email admins, SpamCop is too > aggressive and and unhelpful when valid ISPs get listed. > > D > > > "Ron B." wrote in message > news:d3hd19$aa2$1@news.spamcop.net... >> David Payer wrote: >> > "Ron B." wrote in message >> > news:d3h21m$4eg$1@news.spamcop.net... >> > >> >>I am a Des Moines resident. If you want, you may reach me using my >> >>Spamcop addy (it is not munged). BTW, does MediaCom count as a "small >> >>... network"? >> > >> > >> > No, they are not. You work for them? >> > >> > D >> > >> > >> >> >> Nope, just my ISP > > From nobody at nowhere.com Wed Apr 13 10:34:31 2005 From: nobody at nowhere.com (Robert) Date: Wed Apr 13 09:35:28 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3h6h2$6ru$1@news.spamcop.net... > Eek! That deletion /is/ troublesome. I would be surprised if a deputy > 'allowed' that material change if knowledgeable of it. I would be less > surprised if a deputy sed that if your spam can't be submitted to > spamcop and parsed 'as is' without material changes - that it just looks > like your spam shouldn't be submitted to spamcop. If the source IP is correct, I don't see why not. But in defernce to your judgment I guess I'll have to refrain from reporting any spam at all until I convince the admin that Exchange needs the be reconfigured. Right now he doesn't see anything at all wrong with the headers - I relayed to him what you said, but he shrugged his shoulders and said "so what"?. From MikeE at ster.invalid Wed Apr 13 08:10:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 10:10:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: Robert wrote: > I guess I'll have to refrain from reporting any spam at > all until I convince the admin that Exchange needs the be > reconfigured. Right now he doesn't see anything at all wrong with the > headers - I relayed to him what you said, but he shrugged his > shoulders and said "so what"?. I'm not sure I correctly understand what 'so what?' means. If it means 'so what' if you can't report to spamcop? If it means 'so what' if the headers are RFC non-compliant? If it means 'so what' if /I/ don't like the headers? The strongest argument should be that the headers are non-compliant. RFC 2822 defines the structure of internet message format. He should care about that. He's not much of an admin if he doesn't know what that RFC contains. The syntax of the header fields is described in that RFC. Specifically the Trace fields are described in part 3.6.7, most especially the structure of those Received lines. 2822 is a 'reflection' of RFC 2821 which defines the SMTP protocol and the 'musts' of that protocol, and in 2821 the trace fields are defined in section 4.4 of that RFC. He should care that his headers aren't compliant with those sections of those RFCs. It makes him look pretty silly in the eyes of those who configure their servers correctly. It makes him look like he doesn't know what he is doing; ie that he doesn't know how to admin a mail server. -- Mike Easter kibitzer, not SC admin From smjg_1998 at yahoo.com Wed Apr 13 16:40:12 2005 From: smjg_1998 at yahoo.com (Stewart Gordon) Date: Wed Apr 13 10:45:03 2005 Subject: [SpamCop-List] Re: Spam subject line of the day In-Reply-To: References: Message-ID: Doug Thegarden wrote: > I couldn't resist opening this one to see what on earth it was about but > the hilarious title disappointingly revealed just another mortgage offer: > > "Smell gene may help ward off mosquitoes" It seems that at least some spammers do use random subject lines. I once had one with the subject "Hey girl". Despite what anatomical feature the content was about. Stewart. -- My e-mail is valid but not my primary mailbox. Please keep replies on the 'group where everyone may benefit. From porpoise1954 at yahoo.co.uk Wed Apr 13 16:56:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 11:05:56 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3ivm0$4f0$1@news.spamcop.net... > You are not supposed to top-post in this forum. Most old timers will not > read your posts for that reason. That said: > David, you haven't lurked here long enough; your assertions are quite > flawed in fact. > Pop > -- POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting whilst doing it oneself!!! ;-) From eddie at eddie.web Wed Apr 13 12:26:55 2005 From: eddie at eddie.web (eddie) Date: Wed Apr 13 11:30:07 2005 Subject: [SpamCop-List] Spam Subj: Low worth but big as sortment. Stay cert ain about your own health. Message-ID: Recent spam subject - now that's real promotion Quantity, not quality is our watchword. :) -- Once movie theaters gave out steak knives Today they confiscate them From gezgin at spamcop.net Wed Apr 13 19:46:22 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Apr 13 11:50:35 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Who died and made you moderator? "Pop" wrote in message news:d3ivm0$4f0$1@news.spamcop.net... > You are not supposed to top-post in this forum. Most old > timers will not -- Bob Kanyak's Doghouse http://www.kanyak.com From 0rio85a02 at sneakemail.com Wed Apr 13 09:18:51 2005 From: 0rio85a02 at sneakemail.com (Fred k) Date: Wed Apr 13 12:35:05 2005 Subject: [SpamCop-List] Displayed as read Spam Message-ID: I have started to receive 1 or two spams a day where it shows as being read in my OE spam folder, when in fact I have NOT opened it. Anybody else have that happening? Please no swipes at 'microwonderfuldamnsoft' OE. Fred k From porpoise1954 at yahoo.co.uk Wed Apr 13 19:25:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 13:35:05 2005 Subject: [SpamCop-List] Re: Displayed as read Spam References: Message-ID: "Fred k" <0rio85a02@sneakemail.com> wrote in message news:d3jhlp$dqu$1@news.spamcop.net... >I have started to receive 1 or two spams a day where it shows as being read >in my OE spam folder, when in fact I have NOT opened it. Anybody else have >that happening? Please no swipes at 'microwonderfuldamnsoft' OE. > > Fred k > Aha! That'll be the phantom spam opener..........!! We seek him here, we seek him there............. ;-) From nobody at nowhere.com Wed Apr 13 15:05:49 2005 From: nobody at nowhere.com (Robert) Date: Wed Apr 13 14:05:03 2005 Subject: [SpamCop-List] Re: what do I do now? References: Message-ID: "Mike Easter" wrote in message news:d3j94o$96i$1@news.spamcop.net... > I'm not sure I correctly understand what 'so what?' means. > > If it means 'so what' if you can't report to spamcop? > If it means 'so what' if the headers are RFC non-compliant? > If it means 'so what' if /I/ don't like the headers? Yes x 3. > The strongest argument should be that the headers are non-compliant. > > RFC 2822 defines the structure of internet message format. He should > care about that. He's not much of an admin if he doesn't know what that > RFC contains. We're talking about an MS product, here. I wouldn't be surprised if neither the Exhcange admin course, nor the documentation, makes any mention of RFC standards. > He should care that his headers aren't compliant with those sections of > those RFCs. It makes him look pretty silly in the eyes of those who > configure their servers correctly. It makes him look like he doesn't > know what he is doing; ie that he doesn't know how to admin a mail > server. I'm sure that not only does he not care about how he looks to other admins, but he also doesn't care about anything beyond whether or not email is "working". I pointed out that our outgoing headers are wrong, too, and that AOL, Hotmail, and other ISP's are silently rejecting all email from us (and even our own email scanner silently rejects malformed headers), and his response was to ask me how much email I thought needed to be sent to AOL. I do appreciate you taking this time to explain things to me, Mike. At least now I'll have some technical backing to my arguments. It probably will be an argument. Bob From nobody at devnull.spamcop.net Wed Apr 13 15:56:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:00:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: You enjoy misrepresenting text, don't you; a relevent part is missing there. Have YOU stopped beating your wife yet? , BTW -- Let someone else do it I'm retired! "Porpoise" wrote in message news:d3jcb1$atm$1@news.spamcop.net... > > "Pop" wrote in message > news:d3ivm0$4f0$1@news.spamcop.net... >> You are not supposed to top-post in this forum. Most old timers will not >> read your posts for that reason. That said: >> David, you haven't lurked here long enough; your assertions are quite >> flawed in fact. >> Pop >> -- > > POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting > whilst doing it oneself!!! > > ;-) > From nobody at devnull.spamcop.net Wed Apr 13 15:57:16 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:00:30 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: NOYB. -- Let someone else do it I'm retired! "Gezgin" wrote in message news:d3jeuq$cbb$1@news.spamcop.net... > Who died and made you moderator? > > "Pop" wrote in message > news:d3ivm0$4f0$1@news.spamcop.net... >> You are not supposed to top-post in this forum. Most old timers will not > > -- > Bob > > Kanyak's Doghouse > http://www.kanyak.com > From nobody at devnull.spamcop.net Wed Apr 13 16:00:25 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 15:05:04 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: -- Let someone else do it I'm retired! "eddie" wrote in message news:pan.2005.04.13.00.06.30.276000@eddie.web... > On Mon, 11 Apr 2005 01:20:18 +0000, Blammo scratched out the following: > ... > I get those off and on. I suspect that the website it takes you to > attempts to infect your computer. I just report them and include a copy to > bluemountain with a note that their good name is being abused. If enough > people also report it to bluemountain they might take some kind of action, > if possible. I am careful to let bluemountain know that they are innocent > but someone is taking advangate of their name. Hmm, thanks for that info; I had one yesterday in fact, and didn't notice the forgery; was in kind of a hurry. I'll watch them closer now on. Regards, Pop From gezgin at spamcop.net Wed Apr 13 23:00:36 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Apr 13 15:05:15 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Since you're posting in a public forum and responding to my posts, it is, by definition, my business. In future, kindly use a distinctive email address so that I may kill-file you. Thank you for your cooperation on this issue. It will be greatly appreciated. -- Bob Kanyak's Doghouse http://www.kanyak.com "Pop" wrote in message news:d3jq27$in4$1@news.spamcop.net... > NOYB. > > -- > Let someone else do it > I'm retired! > "Gezgin" wrote in message > news:d3jeuq$cbb$1@news.spamcop.net... >> Who died and made you moderator? >> >> "Pop" wrote in message >> news:d3ivm0$4f0$1@news.spamcop.net... >>> You are not supposed to top-post in this forum. Most old >>> timers will not From porpoise1954 at yahoo.co.uk Wed Apr 13 23:16:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 13 17:25:27 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3jq1i$imu$1@news.spamcop.net... > You enjoy misrepresenting text, don't you; a relevent part is missing > there. Have YOU stopped beating your wife yet? > , BTW Prey do tell! How does pointing out that you were admonishing someone for top-posting whilst doing the very same yourself in the process, misrepresent text? Exactly? And, what does it have to do with wife-beating? > "Porpoise" wrote in message > news:d3jcb1$atm$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3ivm0$4f0$1@news.spamcop.net... >>> You are not supposed to top-post in this forum. Most old timers will not >>> read your posts for that reason. That said: >>> David, you haven't lurked here long enough; your assertions are quite >>> flawed in fact. >>> Pop >>> -- >> >> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >> whilst doing it oneself!!! >> >> ;-) >> > > From nobody at devnull.spamcop.net Wed Apr 13 18:05:52 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 13 18:10:29 2005 Subject: [SpamCop-List] Re: major spammer arrested References: Message-ID: He was not arrested for spamming. He was, between other things, arrested for impostering other people, i.e. using real people's email addresses as fake source addresses. There were other forgeries too, as were software licensing violations. He won't wiggle out of that one. Spam complaining, spamhaus, spamcop, that's all nice backend work. Here is the real stuff to do to get spammers off the street: 99% of the stuff spamvertised is illegal, that's why they have to use spam. Thus: Besides complaining about spam, I do when I have some time on my hand: my over 10 years old email account gets about 80 to 120 spams a day, most are flagged, quarantained, and then deleted; of the ones not flagged I report some from time to time (like just came in - out go reports, using spamcop since today), so there is no lack of good fresh spam; and from the mass I pick raisins out for this: - send every fake from: ..@aol.com, ...@microsoft.com, etc. to the very same companies for illegal use of their address/logos/likeness etc. Because that's what brings a spammer into the slammer. Mailto abuse@ with appropriate comments. - illegal microsoft software offers (XP for $50, cannot be!) get copied to piracy@microsoft.com, with a comment that the spammer for sure knows that this must be illegal since he uses a Microsoft based system: adding copies of relevant header portions!!!! This gets the Microsoft police right into the spammer's house to check if he does not use the specially priced SW himself! No matter where on earth he/she lives/operates/hopefully dies young!. Yes, they go, order, buy, slam. - illegal meds spam ('no prescription needed'), or offering class 1 sedatives over the net (valium and derivatives, e.g.) get reported here: http://www.fda.gov/oc/buyonline/buyonlineform.htm Also those with too low prices for meds, even under Canadian levels, get reported here: cannot be, must be fake! There is also an email address, not sure if that still works: webcomplaints@ora.fda.gov - these great stock offers that fly around and supposedly make everyone rich (why does the sender not use it himself and rest on a sunny beach instead of typing up lenghty junk emails?): forward these pump and dump scams to enforcement@sec.gov - pyramids, nigerians, 'make money while you sleep' I report occasionally at the big brother site http://www.ifccfbi.gov/index.asp, click on 'file a complaint'. This is also the place to complain immediately if you see spam with your own address as from: ! I got that as retaliation; I stayed on top of it, traced every email back, I bet that spammer has been slammed too. He sent between others from a UoWashington address! On a Sunday when I had time. I called their NOC. He moved to a different address. I called their NOC again. He moved to outside of the U, and did not know what hit him! It stopped on Tuesday (of course I did a report at the FBI site too :-} . He must have used some batch from a laptop which he restarted each time. Spammers _are_ stupid! While spam filtering is nice, it is just an endless race. These additional steps bring the spammer into the slammer. Yes, this requires some extra work. I do a couple a week. If everyone who receives spam would do just one a week, spam would be gone in a very short time. I don't mind giving my personal data to the FBI site for that; sure not everyone's cup of tea. Keep in mind: there are still the other steps that can be done... The more people do these additional steps, the more spammers will fill up the slammers! Let's not just lament: let's clean house! It works, as seen in this example arrest. The more complaints, the more the issue moves up on the agenda. That's how it works: the Internet is a legal-free zone; we are all responsible to keep it clean. We are the ones who have the power to oust this very little tiny fraction of misbehaving users, responsible for over 75% of all Internet traffic! There are only very few spammers out there. All engage in multiple illegal message sending. They are responsible for the content, since they fake the headers! That's what catches them: this action makes them an accessory to the illegal meds offering, the illegal pump and dump, and all that stuff. And that's what caught that guy. da skinny guy On Sun, 10 Apr 2005 14:29:46 +0300, Ilgaz Ocal wrote: > In article , > "rebbit" wrote: > >> Reffering to Associated Press, Jeremy James, a major spammer got arrested >> and sentanced for nine years in jail. >> Cause, or effect?: we haven't received a single spam today !!! >> It is about time that legislation get implemented, worldwide. >> Against those shaddy companies which promote counterfeited products, illegal >> drugs , and other trash. >> And against those immoral spammers looking for a quick buck. >> Rebbit > > I can only hope it will be a major story in major (non geek) news sites, > newspapers so it will make the newbie spammerwannabe think just 5 > seconds what he/she is getting into. > > From my personal point of view, I can easily tell that some of spams we > get are sent by people who doesn't know what "spam" is. Forget if they > know its illegal etc. > > A lifeless, jobless computer genius wannabe comes to his/her company, > hands a cd which actually looks like those commercial stuff from Adobe > etc, with box for $100. We aren't speaking about unlabeled , unbranded > CD-R here. Criminals know how to sell stuff via tricking people too. > > I actually stopped a poor company owner lecturing poor guy about what > spam is and how he will be hated by 99% of his consumers. I still have > the CD from him ($100) sitting next to my virus collection diskettes. > > Scanned with VirusBarrier/OS X (Mac), it includes a backdoor of course. > > I thought better to share that experience. > > Ilgaz Ocal > ps: Of course, I got the sarcasm :) From nobody at devnull.spamcop.net Wed Apr 13 18:22:04 2005 From: nobody at devnull.spamcop.net (skinnyguy) Date: Wed Apr 13 18:25:41 2005 Subject: [SpamCop-List] spamcop pricing Message-ID: flame shield on.... ok visor down ...... ok I know from my workplace that they subscribe to spamcop via the ISP. Spam I get there is mostly rare, and flagged with, e.g., X-Note: Message fits SPAMHAUS SPAMCOP I guess the ISP contracts this service not for free, right? By reporting spam at the spamcop site, I help make this service better. So more people will pay for the other end (marking up emails). By doing this with 'fresh' and 'yummy' spam, I do actually help that most people won't get spammed in the first place. That's why I think the nag thing is wrong. Sure, have a contribution button for the more affluent between us. Nothing wrong with that. But the reporting basis should be un-nagged, because that's what makes spamcop work in the first place. Suggestion: Take off the nag and replace it with a voluntary contribution button. And have a little link that sez 'here is what you get as a paying contributor'. I agree that other services, like copies of reports, etc., should only be available with pay, because this is then a real service offered. The collection of reports is actually something that enables spamcop to live in the first place. If nobody would report spam to spamcop, well, you can close then, right? skg From nobody at devnull.spamcop.net Wed Apr 13 19:58:51 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 19:00:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: Bunky, you do not need a valid email address to killfile. Only spam lovers and newbies use their real email addresses in newsgroups, the playground of spammers. Your rationalizing and out of context abilities are superceded only by your lack of brightness. Don't be such a coward; stand up to life. Kill away; no loss, I assure you. Pop -- Let someone else do it I'm retired! "Gezgin" wrote in message news:d3jqbt$j47$1@news.spamcop.net... > Since you're posting in a public forum and responding to my posts, it is, > by definition, my business. > > In future, kindly use a distinctive email address so that I may kill-file > you. > > Thank you for your cooperation on this issue. It will be greatly > appreciated. > > -- > Bob > > Kanyak's Doghouse > http://www.kanyak.com > > > "Pop" wrote in message > news:d3jq27$in4$1@news.spamcop.net... >> NOYB. >> >> -- >> Let someone else do it >> I'm retired! >> "Gezgin" wrote in message >> news:d3jeuq$cbb$1@news.spamcop.net... >>> Who died and made you moderator? >>> >>> "Pop" wrote in message >>> news:d3ivm0$4f0$1@news.spamcop.net... >>>> You are not supposed to top-post in this forum. Most old timers will >>>> not > From nobody at devnull.spamcop.net Wed Apr 13 20:08:20 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Apr 13 19:10:05 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Porpoise" wrote in message news:d3k2jn$nc6$1@news.spamcop.net... > > "Pop" wrote in message > news:d3jq1i$imu$1@news.spamcop.net... >> You enjoy misrepresenting text, don't you; a relevent part is missing >> there. Have YOU stopped beating your wife yet? >> , BTW > > > Prey do tell! How does pointing out that you were admonishing someone for > top-posting whilst doing the very same yourself in the process, > misrepresent text? ===> Because the printed REASON for the top post was clearly pointed out, but snipped from the response post. It also indicated that anyone responding to the post should delete the top-post, since it had nothing to do with the subject of the post; it was only an attempt to gently explain something. The previous 4 or 5 posts were combinations of top/bottom posting with attendant chronology loss, and it seemed an interesting enough subject for others to read, that I wanted to encourage a consistant posting method: Top OR Bottom, but not both, and to follow what had already been done. If you consider the total text of my actual post to be an admonishment, then you have misread/misinterpreted it, or you never read the full post I made. Context is often important and it was badly misconstrued in the quote due to its incompleteness. Exactly? And, what does it have to do with > wife-beating? I'm sorry if that eludes you; I'll not waste further time until/unless I am convinced you have read my actual post, not a partial quote to force that poster's own meaning from it. No animosity here, not mad, but I do tend to respond in-kind to posts. Regards, Pop > > >> "Porpoise" wrote in message >> news:d3jcb1$atm$1@news.spamcop.net... >>> >>> "Pop" wrote in message >>> news:d3ivm0$4f0$1@news.spamcop.net... >>>> You are not supposed to top-post in this forum. Most old timers will >>>> not read your posts for that reason. That said: >>>> David, you haven't lurked here long enough; your assertions are quite >>>> flawed in fact. >>>> Pop >>>> -- >>> >>> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >>> whilst doing it oneself!!! >>> >>> ;-) >>> >> >> > > From MikeE at ster.invalid Wed Apr 13 17:13:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 19:15:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: skinnyguy wrote: > flame shield on.... ok > visor down ...... ok I'm not arguing or flaming here, because I don't really have a grasp yet of your point, except a little bit way further down. > I know from my workplace that they subscribe to spamcop via the ISP. > > Spam I get there is mostly rare, and flagged with, e.g., > > X-Note: Message fits SPAMHAUS SPAMCOP I don't know what that means. SpamCop has a very very dynamic SCbl blocklist of spamsources. Spamhaus has 2 different blocklists, both of which are considerably different than the scbl, the sbl and the sbl-xbl which is the sbl combined with the xbl, where the xbl is a combination of the cbl & the blitzed obm > I guess the ISP contracts this service not for free, right? Most likely the ISP uses publicly available [free] blocklists as the dnsbl lookup system. SC also asks for contributions to those who use the scbl http://www.spamcop.net/fom-serve/cache/291.html How do I configure my mailserver to reject mail based on the blocklist? > By reporting spam at the spamcop site, I help make this service > better. I use a client side filter SpamPal which uses the SCbl among other lists and strategies. I also spamcop report. Therefore I am helping my spamfilter filter for me. And I'm help the scbl help others. And others are helping my scbl filter. Etc. > So more people will pay for the other end (marking up emails). > By doing this with 'fresh' and 'yummy' spam, I do actually help that > most people won't get spammed in the first place. The earlier you report your spam the better, ergo little word motivators. > That's why I think the nag thing is wrong. Wrong? OK, shoot. > Sure, have a contribution button for the more affluent between us. > Nothing wrong with that. > > But the reporting basis should be un-nagged, because that's what makes > spamcop work in the first place. What makes spamcop work is a lot of things. Having a lot of [free] reporters is one thing. Having a lot of spamtraps is another. Having some paid reporters is another thing. Having mail subscribers is another thing. Having an IronPort sugardaddy now is another thing. I would imagine a few contribute for using the SCbl, but I don't know -- a lot of people/servers etc use it. There's also a fee for the zone transfer of the scbl. > Suggestion: > > Take off the nag and replace it with a voluntary contribution button. > And have a little link that sez 'here is what you get as a paying > contributor'. Take off the nag delay I presume you mean. Else the current condition is about what you say. > I agree that other services, like copies of reports, etc., should > only be available with pay, because this is then a real service > offered. It is a real service of significant magnitude and speed even with the free reporting. Think about it. > The collection of reports is actually something that enables spamcop > to live in the first place. Yes, it is true that having a lot of reporters is an advantage. The reporters also make a lot of mistakes and cause a lot of trouble for the deputies. Not too very long ago I learned that 'inanimate' spamtrap reporters are better reporters than live reporters. Some of us used to think there were too many 'bad' reporters and the number of reporters should be filtercombed, so that there would be less bad reporters and the quality of spamcop reporting would be improved. Julian figgered out some ways to decrease spamcop errors even from/by reporters who didn't have header reading skills. > If nobody would report spam to spamcop, well, you can close then, > right? It is true that reporters are an integral part of spamcop. The 'balance' between the nag and the perq/s for paid reporters must be just about right to suit most free and paid reporters. Also, it is not all that hard to defeat the inconvenience of the nag delay. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 13 17:24:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 19:25:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Oops. I missed an important comment. skinnyguy wrote: > By reporting spam at the spamcop site, I help make this service > better. Yes. You in particular, like I in particular, make some individual miniscule contribution; which in the great scheme of things is negligible; but in the aggregate, we all make up the important contribution. > So more people will pay for the other end (marking up emails). This is the important line I missed commenting. No. There isn't really money to be made by SC from people's usage of the SCbl, which is fundamentally free and doesn't have any kind of nag delay for those who don't pay. In fact, almost all of the people who use the free SCbl probably never see the SC page inviting them to make a contribution. -- Mike Easter kibitzer, not SC admin From not at home.today Thu Apr 14 02:02:03 2005 From: not at home.today (Ant) Date: Wed Apr 13 20:05:05 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: "Mike Easter" wrote: > I'm not a fan of rfc-ignorant; Why not? > EL isn't going to pay any attention to > being listed there; and getting EL listed there only has the potential > to cause me some kind of problem, not some kind of solution. My ISP is listed for no postmaster@ or abuse@. I don't like it, but I've had no problems yet. Perhaps that's because their IP space is leased from a larger provider who are not listed. > spamcop.net is currently listed in rfc-ig in 2 categories, and Julian > doesn't agree that the rfc-ig listing is appropriate. But, there you > go. I see that postmaster@ and abuse@ is not read. Do you know why this might not be an appropriate cause for listing? From MikeE at ster.invalid Wed Apr 13 18:42:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 20:45:08 2005 Subject: [SpamCop-List] Re: Earthlink parseing not as good as might be References: <4257f85d.36927468@news.spamcop.net> <42590260.39490203@news.spamcop.net> Message-ID: Ant wrote: > "Mike Easter" wrote: > >> I'm not a fan of rfc-ignorant; > > Why not? What rfc-ignorant is supposed to be all about is about being compliant. Therefore you would think that the website and the process would be all about the fine points of being compliant. But it isn't. Whatever rfc-ignorant is, it isn't all about what it really means to be compliant; in fact, I would think the #1 'mission' of rfc-ignorant would be all about a 'meaningful' and competent idea of what the compliances would be. But it isn't. Here's a piece of what rfc-i sez: A listing here simply implies that a site has chosen not to implement the conditions described in a particular RFC. It is, of course, up to other sites to decide for themselves whether or not they wish to communicate with sites that have not chosen to implement, say, RFC2142, Personally, I would never block mailfrom a domainname on the basis of the domainname being listed somewhere in rfc-i. Would you? rfc-i is that classic 'conflict' between the frustrations of those who wish they could make others do as they wish, and an inability to /actually/ do that. So, they are left with choices that resemble cutting off their nose to spite their face. It is one thing to say 'my server, my rules' -- but if your server is serving 'others', then what you are actually doing is imposing your frustrations on others. Then, we get into the business of the mechanism of how rfc-i does a listing, or doesn't do a listing, or undoes a listing. Then, we should also get into the business of just exactly and precisely what complying really means. Unfortunately, rfc-i, which should be seriously uptospeed on what the RFC actually sez and what the RFC actually means, and what the 'significance' of the various *kinds* of RFCs is really all about -- doesn't actually happen at rfc-i. rfc-i is not actually a useful place to go find out what the 'rules' are. It appears to me that rfc-i actually doesn't have much of a clue about what the /meaning/ of RFCs is. If rfc-i doesn't know what the RFCs mean, what is it doing being so presumptuous as to be listing something for not being compliant? And, the listing is about domainnames! What are you going to do with a listing of domainnames? Who uses domainnname listings for anything?! So; I have no respect for rfc-i because it doesn't *KNOW* about RFCs, so that makes it 'RFC ignorant'. Or, at least its website doesn't convince me that it knows about RFCs. It has simply devised a scheme for listing domainnames. And, people who like to think they are powerful and important because they get to choose what to block at their servers to 'teach someone a lesson' do things like using rfc-i. So let them. That's their perogative. But if blocking a domainname affects some people because of rfc-i's RFC ignorance, then something else is wrong. > My ISP is listed for no postmaster@ or abuse@. I don't like it, but > I've had no problems yet. Perhaps that's because their IP space is > leased from a larger provider who are not listed. Or perhaps because no one gives a sh*t whether something is rfc-i listed or not. >> spamcop.net is currently listed in rfc-ig in 2 categories, and Julian >> doesn't agree that the rfc-ig listing is appropriate. But, there you >> go. > > I see that postmaster@ and abuse@ is not read. Do you know why this > might not be an appropriate cause for listing? The system spamcop uses is not compatible with the system which rfc-i uses for [not] listing. -- Mike Easter kibitzer, not SC admin From zypher at spamcop.net Wed Apr 13 20:47:34 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Apr 13 20:50:05 2005 Subject: [SpamCop-List] Another View of the Jaynes Case Message-ID: http://www.fool.com/News/mft/2005/mft05041306.htm From nobody at devnull.spamcop.net Wed Apr 13 20:58:29 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Apr 13 20:55:04 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: spamcop is more like a farmers' co-op than anything else. If you aren't running a server yourself, then if you contribute (thru reporting or 'donating' to get more services), it is entirely altruistic, but not tax deductible because it is donating to a for-profit business. It is a mistake, IMHO, not to recruit end users as a non-profit organization, but then I am not the brilliant programmer Julian is and can't compete. Miss Betsy From MikeE at ster.invalid Wed Apr 13 19:11:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 21:15:09 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Miss Betsy wrote: > spamcop is more like a farmers' co-op than anything else. If you > aren't running a server yourself, then if you contribute (thru > reporting or 'donating' to get more services), it is entirely > altruistic, but not tax deductible because it is donating to a > for-profit business. > > It is a mistake, IMHO, not to recruit end users as a non-profit > organization, but then I am not the brilliant programmer Julian is > and can't compete. I don't understand the business model you are alluding to. Suppose SC were some kind of non-profit business. What would its business model be? Where does the 'profit' ie the non-profit income come from? What would the balance sheet look like? -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Apr 14 02:17:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Apr 13 21:20:03 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On 12 Apr 2005 eddie entered spamcop and left news:pan.2005.04.13.00.06.30.276000@eddie.web: > I just report them and include a copy to > bluemountain with a note that their good name is being abused. If > enough people also report it to bluemountain they might take some kind > of action, if possible. I am careful to let bluemountain know that > they are innocent but someone is taking advangate of their name. So what's the address for that? abuse? -- | Ric | From nobody at devnull.spamcop.net Wed Apr 13 21:50:15 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Apr 13 21:50:03 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" wrote in message news:d3kfth$uv4$1@news.spamcop.net... > I don't understand the business model you are alluding to. > > Suppose SC were some kind of non-profit business. What would its > business model be? > > Where does the 'profit' ie the non-profit income come from? What would > the balance sheet look like? If spamcop were a non-profit organization to help people protect themselves and the internet from spam, they would have to have a community Board of Directors (who would have a vote on whether to allow Cyvellience to have data or not). The paid stafff would be paid competitive wages, but the donations and payments for services would be separate accounts for accounting purposes and the decisions on policy would be made by the Board of Directors, not the staff. A co-op is also a non-profit organization designed to pool resources and thus compete with larger for-profit businesses, but its mission is not altruistic, but to give its members a competitive advantage. Although members have no say in the policies and practices of spamcop, the way they would in a real co-op, Julian often listens and it is advantageous to both Julian and the smaller server admins who need a blocklist. There is no advantage to an end user; it is only pure altruism to contribute to the spamcop bl - particularly when an end user can avoid getting spam in serveral very easy ways. Miss Betsy From MikeE at ster.invalid Wed Apr 13 21:22:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 13 23:35:18 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: Miss Betsy wrote: > "Mike Easter" >> I don't understand the business model you are alluding to. >> >> Suppose SC were some kind of non-profit business. What would its >> business model be? >> >> Where does the 'profit' ie the non-profit income come from? What >> would the balance sheet look like? > > If spamcop were a non-profit organization to help people protect > themselves and the internet from spam, they would have to have a > community Board of Directors (who would have a vote on whether to > allow Cyvellience to have data or not). Well, that's about the governance. From a business model point of view, I would be more concerned about the mechanisms for the income and the outgo than who/what/how some kind of policy decisions are made. Unfortunately, neither of us has any concept of how the bucks work, so arguing or discussing some kind of non-profit structure for a model in which the balance sheet can't even be imagined doesn't go anywhere. > The paid stafff would be > paid competitive wages, I read somewhere like nanae that some functions like deputy that were once volunteer have become paid - but that evolution must've come about because of IronPort, not because the business model really supported it. > but the donations and payments for services > would be separate accounts for accounting purposes and the > decisions on policy would be made by the Board of Directors, not > the staff. You may have some familiarity with co-op and non-profit models and how they are governed and the advantages of some kind of governance which comes from the 'community' outside the entity -- but my own experience with small business models has been that the whole glitch, the nut, the survival of the entity, is all about the balance between the $ coming in and the $$ going out. The governance can be by a pointed haired manager, a benevolent dictator, an egalitarian community board of directors, or Satan himself -- but somehow the $ and the $$ have to work themselves out. > A co-op is also a non-profit organization designed to pool > resources and thus compete with larger for-profit businesses, but > its mission is not altruistic, but to give its members a > competitive advantage. Although members have no say in the > policies and practices of spamcop, the way they would in a real > co-op, Julian often listens and it is advantageous to both Julian > and the smaller server admins who need a blocklist. There is no > advantage to an end user; it is only pure altruism to contribute to > the spamcop bl - particularly when an end user can avoid getting > spam in serveral very easy ways. How does the non-profit model enhance the general situation [which is usually 'stressful' because $$ out may exceed $ in] about the balance sheet? I'm not saying that non-profits can't have enormous incomes which find ways to distribute that income -- or that non-profits aren't big money-losers underwritten by something generous or charitable - depending. But I would think that being designated non-profit or ostensibly for profit is rather immaterial compared to the necessity to have the income $ keep up with the outgoing $$. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Thu Apr 14 02:32:21 2005 From: eddie at eddie.web (eddie) Date: Thu Apr 14 01:35:34 2005 Subject: [SpamCop-List] Re: bluemountain forgery References: Message-ID: On Thu, 14 Apr 2005 01:17:35 +0000, Blammo scratched out the following: > On 12 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.13.00.06.30.276000@eddie.web: > >> I just report them and include a copy to bluemountain with a note that >> their good name is being abused. If enough people also report it to >> bluemountain they might take some kind of action, if possible. I am >> careful to let bluemountain know that they are innocent but someone is >> taking advangate of their name. > > So what's the address for that? abuse? As I recall, now, I think I manually forwarded it with a note it to both postmaster and abuse. Neither bounced so I assume they got it. Their website only has a CGI form, but I assume one could post the spam in the box with a note. I just don't like to see honest companies get a bad rap or rep so I thought they should be made aware of the problem since they may get complaints from people who fell for the phish, virus or scam. -- Once movie theaters gave out steak knives Today they confiscate them From sache at grignon.inra.fr Thu Apr 14 10:12:21 2005 From: sache at grignon.inra.fr (Ivan Sache) Date: Thu Apr 14 03:15:04 2005 Subject: [SpamCop-List] Re: Yet another variation of the Nigerian scam - this time about thePope! References: Message-ID: <425E17D4.1F56AECE@grignon.inra.fr> Hi, Stewart Gordon wrote: > They didn't take long to start spams/scams based around this event! > ---------- > From: "BernardinGantin "
Peace and Blessing be unto you in the name of our Lord > Jesus Christ.
Let me start by introducing myself. I am Cardinal > Bernardin Gantin,   Prefect Emeritus, Congregation for the > Bishops. ...
Private Email:cardinalbernardin@yahoo.com [Full spam posted by Stewart in .spam. I have redirected my answer to .spamcop, hoping I haven't goofed again.] > ---------- Cardinal Bernard Gantin is a real Cardinal. Born in 1922 in Cotonou (Benin), he was the first African Bishop (elected in 1956); he is today the Emeritus Dean of the College of Cardinals. Note that Cardinals are strictly forbidden to communicate with the outside world until the election of the new Pope; this probably holds for e-mail, too. Moreover, I don't believe a high-rank Cardinal would use the same terminology in his "proposal" as Mrs. Mariam Abacha and publish his secrete discussions with the late Pope. Dave Lerner wrote: > The @yahoo.com email address is especially convincing. :) There was probably no @yahoo.va available :-) (.va is the TLD for the Holy See, aka Vatican). I am still waiting proposals from Monaco (.mc). Prince Rainier III passed away last week and there is a lot of money stored in banks in Monaco. Since the bank system there is fairly opaque, 419 from Monaco could look legit at first sight. Regards -- Ivan Sache From nobody at devnull.spamcop.net Thu Apr 14 03:29:55 2005 From: nobody at devnull.spamcop.net (Cat) Date: Thu Apr 14 03:30:03 2005 Subject: [SpamCop-List] Re: major spammer arrested In-Reply-To: References: Message-ID: skinnyguy wrote: > He was not arrested for spamming. > He was, between other things, arrested for impostering other people, i.e. > using real people's email addresses as fake source addresses. > > There were other forgeries too, as were software licensing violations. Who are you talking about? When you top post instead of snipping what you aren't replying to and adding your own comments below each quoted point, it makes it harder for people to read and understand your comments. Please do not top post. Notice how most everyone else here snips and posts their comments below the quoted material. From porpoise1954 at yahoo.co.uk Thu Apr 14 09:40:37 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Apr 14 03:50:04 2005 Subject: [SpamCop-List] Re: Top Posted Re: Ping David P. (Was: Re: Survey: People More Accepting Of Spam) References: Message-ID: "Pop" wrote in message news:d3k8p0$r34$1@news.spamcop.net... > "Porpoise" wrote in message > news:d3k2jn$nc6$1@news.spamcop.net... >> >> "Pop" wrote in message >> news:d3jq1i$imu$1@news.spamcop.net... >>> You enjoy misrepresenting text, don't you; a relevent part is missing >>> there. Have YOU stopped beating your wife yet? >>> , BTW >> >> >> Prey do tell! How does pointing out that you were admonishing someone for >> top-posting whilst doing the very same yourself in the process, >> misrepresent text? > ===> Because the printed REASON for the top post was clearly pointed out, > but snipped from the response post. It also indicated that anyone > responding to the post should delete the top-post, since it had nothing to > do with the subject of the post; it was only an attempt to gently explain > something. The previous 4 or 5 posts were combinations of top/bottom > posting with attendant chronology loss, and it seemed an interesting > enough subject for others to read, that I wanted to encourage a consistant > posting method: Top OR Bottom, but not both, and to follow what had > already been done. > If you consider the total text of my actual post to be an admonishment, > then you have misread/misinterpreted it, or you never read the full post I > made. Context is often important and it was badly misconstrued in the > quote due to its incompleteness. Because?...... It wasn't completely top-posted? > > Exactly? And, what does it have to do with >> wife-beating? > I'm sorry if that eludes you; I'll not waste further time until/unless I > am convinced you have read my actual post, not a partial quote to force > that poster's own meaning from it. Yup. It totally eludes me what wife-beating has to do with top-posting (which was the subject of the relevant section). > > No animosity here, not mad, but I do tend to respond in-kind to posts. So where was your smiley then? 8-() > > Regards, > > Pop > >> >> >>> "Porpoise" wrote in message >>> news:d3jcb1$atm$1@news.spamcop.net... >>>> >>>> "Pop" wrote in message >>>> news:d3ivm0$4f0$1@news.spamcop.net... >>>>> You are not supposed to top-post in this forum. Most old timers will >>>>> not read your posts for that reason. That said: >>>>> David, you haven't lurked here long enough; your assertions are quite >>>>> flawed in fact. >>>>> Pop Sorry, you are partially correct. I guess I should have snipped the "That said: David, you haven't lurked here long enough; your assertions are quite flawed in fact." part of the quote. That would have made it perfectly clear it was ONLY the top-posting bit I was commenting about - nothing to do with the rest of the original post. >>>>> -- >>>> >>>> POT? KETTLE? BLACK? Tut, tut. Fancy admonishing someone for top-posting >>>> whilst doing it oneself!!! >>>> >>>> ;-) >>>> >>> >>> >> >> > > From devnull at spamcop.net Thu Apr 14 08:05:43 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Apr 14 07:25:12 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" | Miss Betsy wrote: | > spamcop is more like a farmers' co-op than anything else. If you | > aren't running a server yourself, then if you contribute (thru | > reporting or 'donating' to get more services), it is entirely | > altruistic, but not tax deductible because it is donating to a | > for-profit business. | > | > It is a mistake, IMHO, not to recruit end users as a non-profit | > organization, but then I am not the brilliant programmer Julian is | > and can't compete. | | I don't understand the business model you are alluding to. | | Suppose SC were some kind of non-profit business. What would its | business model be? | | Where does the 'profit' ie the non-profit income come from? What would | the balance sheet look like? don't know the business plan but I expect that Iron Port has use for the data collectd as does Cyvellience so there has to be some profit in there somewhere. From devnull at spamcop.net Thu Apr 14 08:09:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Apr 14 07:25:35 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: "Mike Easter" | How does the non-profit model enhance the general situation [which is | usually 'stressful' because $$ out may exceed $ in] about the balance | sheet? I'm not saying that non-profits can't have enormous incomes | which find ways to distribute that income -- or that non-profits aren't | big money-losers underwritten by something generous or charitable - | depending. But I would think that being designated non-profit or | ostensibly for profit is rather immaterial compared to the necessity to | have the income $ keep up with the outgoing $$. Non profit does not automatically equate to 'no profit' to someone. take for example these 'non-profit' credit counseling companies. they are set up under IRS rules that prevent them from showing a profit. Compliance is satisfied by paying all $ out with what would be 'profit' going to the founders typically as salary or consultant fees. From nobody at devnull.spamcop.net Thu Apr 14 08:07:54 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Apr 14 08:05:29 2005 Subject: [SpamCop-List] Re: spamcop pricing References: Message-ID: > How does the non-profit model enhance the general situation [which is > usually 'stressful' because $$ out may exceed $ in] about the balance > sheet? I'm not saying that non-profits can't have enormous incomes > which find ways to distribute that income -- or that non-profits aren't > big money-losers underwritten by something generous or charitable - > depending. But I would think that being designated non-profit or > ostensibly for profit is rather immaterial compared to the necessity to > have the income $ keep up with the outgoing $$. In a for-profit business, the product or service has to be sold in order to pay for the overhead, capital expenses, and salaries. The owner gets the 'profit'. No owner can continue to market a product or service unless sales are large enough to, at least, pay the overhead, capital expenses, and salaries. Since the owner gets what is generated over and above those expenses, someone who makes a 'donation' is putting money into the owner's pocket. The owner is the only one responsible for policy. In a non-for-profit business, the same expenses are necessary, however the purpose of the product or service is not to generate income, but to provide what the members think is a necessary product or service. Prices are not based on what the owner hopes to make, but on what is necessary to pay the bills. In a cooperative, the members are hoping to reduce individual overhead, operating costs, salaries, and to pool capital expenses so that the product or service that they offer is more competitve in the open market. IOW, they are the owners and anything made over and above the operating costs are returned to them in cheaper memberships or enhanced services - perhaps even dividends. The members are the owners and direct the policies as opposed to for-profit where the customers vote with their purses. In a co-op the customers vote also by buying or not buying, but the members also have a say in how and what to market. In other non-profits who hope to contribute something needed that it isn't being provided (or provided cheaply enough for some), it is the product or service that is being provided as cheaply as possible. They do not want to make a profit unlike the other two models. They do need money for the overhead costs, salaries, capital expenses, but as far as possible, they try to reduce those costs through volunteer labor and donations. The owners are the donors who provide the money that isn't made by sales and who believe that the product or service is necessary for the common good. The reporting side of spamcop is entirely altruistic unless you use the blocklist from the point of the user when it becomes more like a co-op. The email service is like a credit union where what you put in benefits you. Another model could be a for-profit recyling or health food business started by owners who think that there is a profit in catering to those who are concerned about the environment or health. Those owners may, or may not, be altruistic in their motives and may, or may not, plow the profits back so as to provide more products or services to more people. Like other for-profits, like-minded people vote with their purses for the services, but have no say in any policies and are unlikely to make a donation to keep the business running - unless like spamcop, it is the only business providing that service and they have complete faith in the owner's integrity. None of these models is 'better' than another except for the purpose. IMHO, getting people to support the use of blocklists is the primary way of stopping spam (and preserving the freedom and availability of the internet). That would be best be done by a not-for-profit organization where members have control of the policies and where the purpose is not just to provide a service for those who use the blocklist or the email service, but to promote user education. As it is, it is only if one uses either the blocklist or the email service for filtering that spamcop is useful and spamcop is only one of many ways to filter spam (or to have a spam free inbox). However, since it is the only way that a relatively non-fluent user can 'do' something about spam, many people want to use it for altruistic purposes - to stop spammers. They are willing to contribute to the blocklist to make it effective for others to use and some are even willing to contribute to operating costs (paying more for services or paying for services they don't need so that others have the filtering services) so that server admins are notified and spammers stopped by the blocklist. They think that they are contributing to the community good. It causes a certain amount of confusion in some situations where there is a conversation with someone who is just buying a service and isn't concerned at all about higher purposes. And that hurts both the models who are selling something and the model that is designed to promote the common good. But since spamcop is a for-profit business and Julian=spamcop, that's his problem (and now Ironport's), not mine. In another discussion about this subject, it was pointed out that for-profit hospitals also have volunteer organizations and foundation funds. IMHO, that's crazy. So there is a model for a for-profit business being supported by volunteers and donations, but money for services and donations are certainly requi