From nobody at devnull.spamcop.net Fri Apr 1 11:50:05 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Mar 31 21:55:02 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Never mind. > > anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) > Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical > tracking. The non-bouncing address is anti-spam@chinanet.cn.net From nobody at devnull.spamcop.net Fri Apr 1 17:08:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Fri Apr 1 03:10:07 2005 Subject: [SpamCop-List] Re: chinatietong.com In-Reply-To: References: Message-ID: Patto wrote: > Brian (SnSR) wrote: > >> Never mind. >> >> anti-spam@ns.chinanet.cn.net bounces (102 sent : 23203 bounces) >> Using anti-spam#ns.chinanet.cn.net@devnull.spamcop.net for statistical >> tracking. > > > The non-bouncing address is anti-spam@chinanet.cn.net There is also abuse@chinatietong.com - it doesn't seem to bounce. From nobody at nowhere.invalid Fri Apr 1 10:25:54 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Apr 1 03:30:03 2005 Subject: [SpamCop-List] Re: chinatietong.com References: Message-ID: On Fri, 01 Apr 2005 17:08:07 +0900, Patto coughed into spamcop and left this in : >> The non-bouncing address is anti-spam@chinanet.cn.net > > There is also abuse@chinatietong.com - it doesn't seem to bounce. That's because /dev/null never fills up. Cynic, moi? :) -- Steve Anarchy may not be the best form of government, but it's better than no government at all. From nobody at xyzzy.claranet.de Fri Apr 1 13:03:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:05:26 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> Message-ID: <424D2A9B.6168@xyzzy.claranet.de> Porpoise wrote: > Do you still use an old telephone with a dial that you poke > your finger in to dial as well? ;-) No, translating pulses to tones is too slow for phone banking, I've lost my external tone generator. But in theory... ASCII-art is 24*79 or smaller, anything else is just spam. Bye From nobody at xyzzy.claranet.de Fri Apr 1 13:09:36 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 06:10:03 2005 Subject: [SpamCop-List] ICANN annual whois data problem report Message-ID: <424D2BF0.71CF@xyzzy.claranet.de> For details see... ...but the expected outcome is clear, gTLD .biz got three times more reports than any other ICANN gTLD (relatively). Bye, Frank From MikeE at ster.invalid Fri Apr 1 05:20:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:20:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). That's a very interesting report. Here's a par "Third, there are a number of "power users" of the system. Given that they account for more than 50% of the reports, and that at least 74% of the reports are for legitimately bad Whois information, it is reasonable to assume that these industrious individuals are indeed finding many domains with incorrect Whois information. It might be reasonable to offer features in the interface to help these users." The power users to whom they are referring is based on the fact that there were 31533 reports, 3122 reporters, and the top 20 reporters reported 18317 reports. The top or power power reporter reported 4035. Now there's a diligent reporter. What I'm wondering about is the significant number of reports which were deemed to result in 'other' or 'data unchanged' as opposed to 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports resulted in data unchanged. People who are interested in the problem of bad whois and reporting it to icann/internic should read that report. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 1 05:26:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 08:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > What I'm wondering about is the significant number of reports which > were deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. There's a par on that subject as well, describing what happened when ICANN investigated whether the report should have been so classificd. The facts are that the registrars were doing a very bad job of so classifying the report. "In order to better understand the nature of the domain names marked "Other" or "Data Unchanged" (7,532 total) I CANN staff individually reviewed 5,842 (about 80%) of them and made the following observations: more than half (51.6%) had in fact been deleted or suspended. Another third of them (34.9%) had Whois data that appeared to be accurate (note, however, that it is quite possible to supply Whois information that looks completely plausible, but is in fact bad). About 14% appeared incomplete or clearly inaccurate." So the other & data unchanged data is seriously outawhack. -- Mike Easter kibitzer, not SC admin From salvisberg at spamcop.net Fri Apr 1 16:26:32 2005 From: salvisberg at spamcop.net (Hans Salvisberg) Date: Fri Apr 1 09:20:03 2005 Subject: [SpamCop-List] Re: Automatic "held mail" deletion? In-Reply-To: References: Message-ID: <424D5A18.9070209@spamcop.net> Tim Lavoie wrote: > I'm using the spam filters to grab incoming spam instead of passing it > on, and that part works well. It does build up quickly though, leaving > a huge backlog of unreportable spam if I don't get to it every day or so. > > Is it possible to set it up to just delete old emails after certain age? I had this same problem with a SpamCop account that I set up for a computer-illiterate third party, but 1. old Held Emails seem to go away after a while (but until then they keep showing up in the Held Email report again and again...), and 2. if you have an email client with IMAP support (e.g. Thunderbird), you can set up an IMAP account for SpamCop, subscribe to the Held Email folder, and then delete your Held Email reasonably efficiently by simply dragging it from the Held Email folder to the Trash folder. It would be nice if this mechanism could also be used for reporting, e.g. by having a "Quick-Report as Spam" (and possibly a "Queue for Spam Reporting") folder, but this is not the case. See http://www.spamcop.net/fom-serve/cache/335.html for more information. Hans From skiwi at spamcop.net Fri Apr 1 08:03:14 2005 From: skiwi at spamcop.net (Skiwi) Date: Fri Apr 1 11:05:02 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? In-Reply-To: References: Message-ID: Mike Easter wrote: > Skiwi wrote: > >>Mike Easter wrote: >> >>>Skiwi wrote: >>> >>> >>>>Does yahoo@admin.spamcop.net go anywhere except the bit bin? >>> >>> >>>I'm not an admin, but those types of addresses typically are for >>>special handling for the provider, not a devnul. >> >>[snip] >> >>That was my feeling - but I wanted some admin confirmation or at least >>hand-holding that I using a "good" user report address! :-) > > > Skiwi wrote: > >>Thanks Fred - but I am getting so many of those pimp & dumps using >>st0ck54@yahoo.com et. al. that manual larting would be, hmmm, how to >>say, less likley for me to do! :-) > > > What I'm looking at in sightings^1 -- that looks to me like a (likely > bogus) remove addy. > > If you have a yahoo account, you can check it the username for > availability, but I'll be surprised if you get a positive yahoo response > to a notify of a remove email addy. You are, cough, analyzing spam then? :-P This guys seems to have such specific emails that I am guessing he is trying to be "legit" (or at least look "legit") - I have heard stories about the Vancouver Stock Exchange... :-) Anyway, I sent an email from a throwaway to 10 of the addresses - 42 through 52 - and nothing bounced back yet... Earlier, I sent complaints to Yahoo via their form for some of the 30-series ones; got back the 'we have taken action but won't tell you what is is" (thanks "Chad"!) - but did NOT say that they did not exist... Anyway... From MikeE at ster.invalid Fri Apr 1 08:22:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 11:25:03 2005 Subject: [SpamCop-List] Re: Does yahoo@admin.spamcop.net go anywhere except the bit bin? References: Message-ID: Skiwi wrote: > Mike Easter wrote: >>> st0ck54@yahoo.com >> What I'm looking at in sightings^1 -- that looks to me like a (likely >> bogus) remove addy. >> but I'll be surprised if you get a positive yahoo >> response to a notify of a remove email addy. > > > You are, cough, analyzing spam then? :-P For the purposes of discussion, naturally. Everyone has to trip their own trigger about how they like to notify or otherwise engage in the sport or pastime or hobby of spamfighting, including how they use SC simply as a tool. But of course I'm kibitzing how that sport can be played. In the beginning, the qx was about SC using the notify address of yahoo@admin.spamcop.net for 'something' and I told about how I tho't SC didn't notify yahoo about http://mail.yahoo.com. SC also doesn't notify for spambody email addresses -- an admin decision based on the considered judgment as to the value of notifying for removes in general and those which were email addies instead of links specifically. Once upon a time SC /did/ notify for email addresses in spambodies. So, when the discussion evolved into the idea of notifying for a email remove address, I felt like putting in my 2 cents. In order to get 2 cents worth, I had to figger out why we were talking about st0ck54@yahoo.com - which required more than my reading the content of a spambody, I actually had to go dig it out of sightings in order to read it. Also, if you are doing a 'user directed' notify to yahoo about the st0ck54 username, SC advises to those using the parser for advice about notifies, not the SC notify address, but instead the user yahoo notify address. Parsing input: st0ck54@yahoo.com Reporting addresses: mail-abuse@yahoo-inc.com postmaster@yahoo.com > > This guys seems to have such specific emails that I am guessing he is > trying to be "legit" (or at least look "legit") - I have heard stories > about the Vancouver Stock Exchange... :-) > > Anyway, I sent an email from a throwaway to 10 of the addresses - 42 > through 52 - and nothing bounced back yet... > > Earlier, I sent complaints to Yahoo via their form for some of the > 30-series ones; got back the 'we have taken action but won't tell you > what is is" (thanks "Chad"!) - but did NOT say that they did not > exist... > > Anyway... -- Mike Easter kibitzer, not SC admin From Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu Fri Apr 1 16:51:22 2005 From: Paul.Sawyer.does.not.want.spam at unh.BAD.EXAMPLE.edu (Paul Sawyer) Date: Fri Apr 1 11:55:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:424D2A9B.6168 @xyzzy.claranet.de: > Porpoise wrote: > >> Do you still use an old telephone with a dial that you poke >> your finger in to dial as well? ;-) > > No, translating pulses to tones is too slow for phone banking, > I've lost my external tone generator. But in theory... > > ASCII-art is 24*79 or smaller, anything else is just spam. Bye Feh -- I can remember ASCII art of 132 column width and virtually unlimited length. Kids today.... From cbminfo at toast.net Fri Apr 1 11:58:02 2005 From: cbminfo at toast.net (ken) Date: Fri Apr 1 12:00:04 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: "Frog Prince" wrote in message news:d2h6d2$c06$1@news.spamcop.net... > > "ken" > | After digging thru this the only legitimate address with an abuse > | address was my isp's return address. > | The other links jumped all over the planet wherever a phone line > could > | be hung. > | ====================================================== > | Couple weeks back it was WAMU banks, they're still coming in > | intermittantly, and they had the same returns all the time. They > | finally created an abuse address > | > ========================================================================== > | Not nearly as prolific as WAMU, I've seen other banks represented > in > | these scams. All with no legitimate abuse addresses, and rather > than > | forward my email to some unknown, I've opted to just forwarding > these > | on to spam@uce.gov. Why not stick with WAMU ? did they choose to > chase > | and prosecute ? > > I'm a WAMU customer. I called sent emails etc the responce 'just > delete it' > or get a spam blocker. > > For awhile there I was getting wamu from the SAME return for the longest time. So got into the habit of reporting it to them. Obviously if it's not from my bank telling me to update my account, it's definitely spam. I use popfile. Only when the spam passes as regular mail do I waste a minute on it. popfile has a better than 90% accuracy on moving the trash to the trash folder. I'm just saying that there's a lot of spams fitting the Nigerian scam now targeting U.S. financial institutions. That Nigerian thing may be more of a joke and annoyance now, but it did hook several people to thousands of dollars if you can believe what the news says. I don't really think ignoring and deleting these scams emails does anyone any good. And it would seem the only ones even suggesting to do nothing about it are the ones profiting from them. Actually WAMU had no abuse when I 1st started reporting to them. Now they do. they send a thank you form letter. which makes sense when the business is business. From SCNews.5.myspamgobbler at spamgourmet.com Fri Apr 1 09:26:00 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Apr 1 12:30:07 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report In-Reply-To: References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: Mike Easter wrote: > Frank Ellermann wrote: > >>For details see... >> >> >> >>...but the expected outcome is clear, gTLD .biz got three >>times more reports than any other ICANN gTLD (relatively). > > > That's a very interesting report. Here's a par > > "Third, there are a number of "power users" of the system. Given that > they account for more than 50% of the reports, and that at least 74% of > the reports are for legitimately bad Whois information, it is reasonable > to assume that these industrious individuals are indeed finding many > domains with incorrect Whois information. It might be reasonable to > offer features in the interface to help these users." > > The power users to whom they are referring is based on the fact that > there were 31533 reports, 3122 reporters, and the top 20 reporters > reported 18317 reports. The top or power power reporter reported 4035. > Now there's a diligent reporter. That's an average of over 900 reports for the top 20. Subtracting the top reporter's 4035 from 18317 reports of the top 20 reporters and dividing by 19 gives an average of 750 reports per reporter for the top 20 minus 1. I've made lots of reports, but not quite that many. Guess I need to step it up a bit. > > What I'm wondering about is the significant number of reports which were > deemed to result in 'other' or 'data unchanged' as opposed to > 'inaccuracy corrected' or 'domain deleted'. Almost 60% of the reports > resulted in data unchanged. > > People who are interested in the problem of bad whois and reporting it > to icann/internic should read that report. > It is an informative article, lending some encouragement with the knowledge that our reports are having some effect. The analysis performed on the data indicates that more than 63% of the names reported were corrected, suspended, or are no longer registered. Then there is this statement that shows why only 63% were corrected - The advisory also reiterated that a registrar has the right to cancel a registration in such cases, but is not required to do so. Another disheartening note - Finally, the 16,941 reported names is a small fraction of the 49+ million gTLD registrations. From not at home.today Fri Apr 1 20:54:47 2005 From: not at home.today (Ant) Date: Fri Apr 1 15:00:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote: > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: [snip] >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually unlimited > length. > > Kids today.... Indeed. I still have a stack of fanfold line-printer paper on which I produced an ASCII image in several strips. When assembled and laid out it is about 9 feet square! From pantheus at suespammers.org Fri Apr 1 11:56:43 2005 From: pantheus at suespammers.org (Ken Knull) Date: Fri Apr 1 15:00:08 2005 Subject: [SpamCop-List] A Russian ISP that cares? Message-ID: English isn't perfect, clue-impaired? about closing open proxy, but hey, a non-autoack ... far more than I've ever gotten from any Russian outfit. Ken Hello, the client is temporarily blocked!!! Despite of efforts of the client the spam continued, to act in communication, with what has been blocked before finding-out of circumstances. ?????????? ?? ??????????? ?????? ???????? ********************* ??????????? ???????????? ??? ??????? ? ???????? ?????? ???????? ????? (095)789-37-27 Best regards, ISP "Zebra Telecom" Maxim Volkov www.zebratelecom.ru 24h customer service : Moscow: +7(095)741-0011 support@ztel.ru St.Petersburg: +7(812)103-3103 -----Original Message----- From: Alex Tsybin [mailto:a.tsybin@zebratelecom.ru] Sent: Friday, April 01, 2005 12:04 PM To: support@ztel.ru Subject: FW: [SpamCop (213.145.41.76) id:1393564647]**JUNK** pantheus, LOS MEJORES DOCUMENTALES DE ESP.. From PossumTrot at dont.spam.me Fri Apr 1 13:11:42 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Apr 1 16:15:04 2005 Subject: [SpamCop-List] Did the MS suits stop Spammy overnight? Message-ID: Today was the lowest number of spam in my attglobal.net account in 5 years - only 6 compared with 220 the day before and an average of more than 200 per day for the past year. Surely the MS suits filed yesterday didn't impact that number. From nobody at spamcop.net Fri Apr 1 17:06:48 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 17:10:02 2005 Subject: [SpamCop-List] Preventing Exchange 2000 from delayed bouncing Message-ID: I just made the unpleasant discovery that our corporate mail server is accepting undeliverable mail and then sending bounces, specifically in the case of nonexistent recipients. I guess we're lucky that spammers haven't found it (yet). I want to configure it to reject during the SMTP session instead of after, but I wasn't able to find any information on how to do so from a cursory Google search. The server is running Exchange 2000. Does anyone have a pointer to how I can fix this? Thanks, Mike From dfm2a3l0t2 at spymac.com Fri Apr 1 17:30:48 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Apr 1 17:35:03 2005 Subject: [SpamCop-List] Re: Unsubscribe Now Spam ?? References: Message-ID: In article , "Dwayne Conyers" wrote: > I'll spank myself. Oooh, kinky! -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Fri Apr 1 14:52:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 17:55:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: Mike Nuss wrote: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the > SMTP session instead of after, but I wasn't able to find any > information on how to do so from a cursory Google search. The server > is running Exchange 2000. Does anyone have a pointer to how I can fix > this? Someone else with experience with exchange may have a better link, but here's a place to start while you are waiting for them to show up here. http://www.byteplant.com/support/nospamtoday/howtorejectexchange.html How To Reject Undeliverable Mail with MS Exchange -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Sat Apr 2 01:00:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:05:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: <424DD295.25C4@xyzzy.claranet.de> Mike Easter wrote: > So the other & data unchanged data is seriously outawhack. Not necessarily. I only report stuff listed at RFCI with the evidence of a bounced mail. When they later ask me what happened, I compare old + new data. If it's the same I test RCPT TO but don't try to send a mail. If RCPT TO is okay I say "other" (+ manual comment), otherwise I say "still bad". Bye, Frank From nobody at xyzzy.claranet.de Sat Apr 2 01:05:42 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Apr 1 18:10:02 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: <424DD3C6.6677@xyzzy.claranet.de> Paul Sawyer wrote: > I can remember ASCII art of 132 column width and virtually > unlimited length. Now you confuse Snoopy or some [XXX] with ASCII art. And that wasn't in mail, it was a proper print job. > Kids today.... ...don't try to punch Snoopy. Bye, Frank From MikeE at ster.invalid Fri Apr 1 15:11:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 1 18:15:03 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> <424DD295.25C4@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> So the other & data unchanged data is seriously outawhack. > > Not necessarily. I only report stuff listed at RFCI with > the evidence of a bounced mail. When they later ask me what > happened, I compare old + new data. If it's the same I test > RCPT TO but don't try to send a mail. If RCPT TO is okay I > say "other" (+ manual comment), otherwise I say "still bad". Yabbut, what I'm meaning is that the reports were generated, and then the registrars were the respondents to the reports incompetently, just like they were incompetent in entering the bogus data in the first place.. The registrars responded with other16% and unchanged 59% as opposed to the other choices of corrected and deleted-- but that wasn't true very often. ICANN investigated and found that most of the time the answer should have been something else. I would like to believe that ICANN is exerting pressure appropriately to get registrars to act like the information is supposed to be correct in the first place and that they are also supposed to be responsive when /they/ are challenged that it isn't. The fact that registrars accept blatantly bogus information indicates that they don't take the responsibility seriously, and that ICANN should be making them do so. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Apr 1 18:04:01 2005 From: nobody at spamcop.net (Ellen) Date: Fri Apr 1 18:30:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 Ellen From eddie at eddie.web Fri Apr 1 21:00:12 2005 From: eddie at eddie.web (eddie) Date: Fri Apr 1 21:05:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the following: > Today was the lowest number of spam in my attglobal.net account in 5 years > - only 6 compared with 220 the day before and an average of more than 200 > per day for the past year. Surely the MS suits filed yesterday didn't > impact that number. I have noticed a downward trend in spam volume. But it is personal and anecdotal. I may be simply getting "list washed" for all my complaining and reporting to higher authorities (congress, FBI, IRS etc.) However, I have noticed the trend that most of my spam now consists mainly of chinese spamvertized sites (with russian and brazil next in line) and with most of the actual spam coming from korea. It has been a while since I was being deluged by spam from att, mci, comcast, charter etal. Whether the principals are the same but they simply have moved offshore, it's clear that it must be getting hot for the spammers to use US websites and email sources. Even the number of zombie spammers has dropped, either from ISPs getting to them or from Microsoft service packs finally disallowing them. Having said that, I fully expect a huge amount of spam later today :) It always seems to work that way. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Fri Apr 1 23:26:43 2005 From: nobody at spamcop.net (Mike Nuss) Date: Fri Apr 1 23:30:04 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing In-Reply-To: References: Message-ID: Ellen wrote: > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > Ellen > > Thanks, but this doesn't really do what I want, as it still accepts the messages. I want it to reject them. Unfortunately it appears that Exchange 2000 provides no mechanism to change this, and the only solution I've seen so far was Mike Easter's link, which is unfortunately to a commercial add-on that purports to solve the problem (and not terribly cleanly). Adding anything onto Exchange makes me a little queasy (well, not much more than running Exchange in the first place, I guess). Still hoping that someone will show up with a better solution. Mike From ric.gates at bigsleep.org Sat Apr 2 04:27:32 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:30:09 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 eddie entered spamcop and left news:pan.2005.04.02.02.00.12.280000@eddie.web: > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they > simply have moved offshore, it's clear that it must be getting hot for > the spammers to use US websites and email sources. Many of these are being blocked, I can still sit there and watch the comcast IPs getting reflected, it produces a bit of a glow. -- | Ric | From ric.gates at bigsleep.org Sat Apr 2 04:49:02 2005 From: ric.gates at bigsleep.org (Blammo) Date: Fri Apr 1 23:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On 01 Apr 2005 Blammo entered spamcop and left news:Xns962BD02B9347Bblammo@216.154.195.61: > produces a bit of a glow. Speaking of glow, I heat my house with the glow from chinanet. -- | Ric | | From bar_n0ne at hotmail.com Sat Apr 2 08:42:04 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Apr 1 23:55:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: "eddie" wrote in message news:pan.2005.04.02.02.00.12.280000@eddie.web... > On Fri, 01 Apr 2005 13:11:42 -0800, Possum Trot scratched out the > following: > > > Today was the lowest number of spam in my attglobal.net account in 5 years > > - only 6 compared with 220 the day before and an average of more than 200 > > per day for the past year. Surely the MS suits filed yesterday didn't > > impact that number. > > I have noticed a downward trend in spam volume. But it is personal and > anecdotal. I may be simply getting "list washed" for all my complaining > and reporting to higher authorities (congress, FBI, IRS etc.) > However, I have noticed the trend that most of my spam now consists mainly > of chinese spamvertized sites (with russian and brazil next in line) and > with most of the actual spam coming from korea. > It has been a while since I was being deluged by spam from att, mci, > comcast, charter etal. Whether the principals are the same but they simply > have moved offshore, it's clear that it must be getting hot for the > spammers to use US websites and email sources. Even the number of zombie > spammers has dropped, either from ISPs getting to them or from Microsoft > service packs finally disallowing them. > Having said that, I fully expect a huge amount of spam later today :) It > always seems to work that way. > > -- > Once movie theaters gave out steak knives > Today they confiscate them Your provider may just have started filtering or miltering mine did and i dropped from 200+ to less than 10 a day rising again From ric.gates at bigsleep.org Sat Apr 2 05:10:23 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:15:05 2005 Subject: [SpamCop-List] Re: Conspiracies everywhere References: Message-ID: On 29 Mar 2005 ken entered spamcop and left news:d2ch6b$eqr$1@news.spamcop.net: > If the people start moving their cash into mattresses and coffee cans > in the back yard because they can no longer trust the banks, where's > the economy headed ? > Ha! Most people in America don't have any money. You are working for the Man, man, come now, join me brother.... -- | Ric | From bar_n0ne at hotmail.com Sat Apr 2 09:35:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 2 00:40:02 2005 Subject: [SpamCop-List] mci 63.82.96.35, ATMLinkinc/calpop 216.240.129.23 Message-ID: Could someone put these spam servers on the nuclear targetting list please. latest incarnation is networkvisionaries.com, mci hosts the images and targets of the periodic mainsleaze style spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, same server for months now. The owners have stealthed this server from spamcop it's generally shopping spree/free products spam for "market research" just in case I trash their spam they send anywhere from 5 to 20 in a blast at my addy, sometimes several blasts over the course of a few days. From ric.gates at bigsleep.org Sat Apr 2 05:44:20 2005 From: ric.gates at bigsleep.org (Blammo) Date: Sat Apr 2 00:45:03 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: On 01 Apr 2005 Mike Nuss entered spamcop and left news:d2kgla$553$1@news.spamcop.net: > I just made the unpleasant discovery that our corporate mail server is > accepting undeliverable mail and then sending bounces, specifically in > the case of nonexistent recipients. I guess we're lucky that spammers > haven't found it (yet). I want to configure it to reject during the SMTP > session instead of after, but I wasn't able to find any information on > how to do so from a cursory Google search. The server is running > Exchange 2000. Does anyone have a pointer to how I can fix this? > > Thanks, > Mike Just use a front-end relay to check the mail, then relay it to the Exchange server. Probably best to get another box with Sendmail or Postfix, or something similar that can read a virtual user map. Keeping the virtual user database updated might require a script, but should be a simple task. Or maybe LDAP is better, as that would update itself. If you do this make sure you get both A and PTR records for both. I just looked a little and found this... http://lists.freebsd.org/pipermail/freebsd-isp/2003-October/001201.html -- | Ric | From nobody at devnull.spamcop.net Sat Apr 2 10:08:39 2005 From: nobody at devnull.spamcop.net (Xris) Date: Sat Apr 2 04:10:03 2005 Subject: [SpamCop-List] Re: SPEWS: Please remove IP Ranges from SPEWS Lists S511 In-Reply-To: References: Message-ID: Inflow AUP wrote: > Please remove the following IP's from the SPEWS blacklist. The person that > you are showing them for (Scott Richter) has been removed from our network > and the IP's have been returned to Inflow. > > 66.179.100.0 - 66.179.100.255 > 66.179.76.0 - 66.179.124.255 > 66.45.41.136 - 66.45.41.143 > 66.45.41.192 - 66.45.41.207 > 66.179.17.160 - 66.179.17.191 > 66.45.80.80 - 66.45.80.87 > 66.45.30.187 > 66.45.30.0/24 > 66.45.28.0 - 66.45.32.255 > 66.179.35.0 - 66.179.39.255 > > Thank you, > Inflow AUP Team > > Do these guys ever look at the responses they get on this list? From bjoeg at *spammer*bjoeg.dk Sat Apr 2 14:42:18 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sat Apr 2 09:45:05 2005 Subject: [SpamCop-List] Spammers getting scared? Message-ID: Of the tons of spam we receive everyday, I then wonder if this spammer got scared, and if so by which of the spam mails I reported. Follow full header X-Message-Status: n X-SID-PRA: admin@LeadSourceGroup.com X-SID-Result: TempError X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= Received: from server.thelistpro.com ([69.50.192.100]) by mc1- f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 2 Apr 2005 05:10:02 -0800 Received: from listpro by server.thelistpro.com with local (Exim 4.50) id 1DHjLV-0007yw-Q0 for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 To: @hotmail.com From: admin@LeadSourceGroup.com Subject: Your remove request has been successfully processed! Message-Id: Date: Sat, 02 Apr 2005 08:11:29 -0600 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.thelistpro.com X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] X-AntiAbuse: Sender Address Domain - server.thelistpro.com X-Source: X-Source-Args: X-Source-Dir: Return-Path: listpro@server.thelistpro.com X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) FILETIME=[47AD6090:01C53785] We have processed your global remove request successfully. You have been entirely removed from all autoresponder accounts hosted at http://www.thelistpro.com and are now blocked from being subscribed to any autoresponder hosted at this domain. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From nobody at spamcop.net Sat Apr 2 08:39:20 2005 From: nobody at spamcop.net (Ellen) Date: Sat Apr 2 10:00:02 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2l6tk$fm0$1@news.spamcop.net... > Ellen wrote: > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;294757 > > > > Ellen > > > > > > Thanks, but this doesn't really do what I want, as it still accepts the > messages. I want it to reject them. Oh sorry, I misread your post. Ellen From nobody at nowhere.invalid Sat Apr 2 18:20:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Apr 2 11:25:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: On Sat, 2 Apr 2005 14:42:18 +0000 (UTC), Bjarke Andersen coughed into spamcop and left this in : > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header See Rules #1 and #2 here: http://bruce.pennypacker.org/spamrules.html -- Steve The three "R"s of Microsoft support: Retry, Reboot, Reinstall. From nobody at spamcop.net Sat Apr 2 08:22:35 2005 From: nobody at spamcop.net (Dar) Date: Sat Apr 2 11:25:07 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > f25.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); > Sat, 2 Apr 2005 05:10:02 -0800 > Received: from listpro by server.thelistpro.com with local (Exim 4.50) > id 1DHjLV-0007yw-Q0 > for @hotmail.com; Sat, 02 Apr 2005 08:11:29 -0600 > To: @hotmail.com > From: admin@LeadSourceGroup.com > Subject: Your remove request has been successfully processed! > Message-Id: > Date: Sat, 02 Apr 2005 08:11:29 -0600 > X-AntiAbuse: This header was added to track abuse, please include it with > any abuse report > X-AntiAbuse: Primary Hostname - server.thelistpro.com > X-AntiAbuse: Original Domain - hotmail.com > X-AntiAbuse: Originator/Caller UID/GID - [32004 32005] / [47 12] > X-AntiAbuse: Sender Address Domain - server.thelistpro.com > X-Source: > X-Source-Args: > X-Source-Dir: > Return-Path: listpro@server.thelistpro.com > X-OriginalArrivalTime: 02 Apr 2005 13:10:02.0265 (UTC) > FILETIME=[47AD6090:01C53785] > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- > Bjarke Andersen - Freelance SpamKiller > http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) > Wanna reply by email? Remove the spammer in address I found three of these, identical, in server spam this morning. I think it's simply a back-handed way of getting you to click on the link. Spam, by any other name, is still spam. Dar From eddie at eddie.web Sat Apr 2 13:10:46 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 08:42:04 +0400, Berny scratched out the following: snip > Your provider may just have started filtering or miltering > mine did and i dropped from 200+ to less than 10 a day > rising again My provider is not involved. I am referring to my spamcop email - my only public address. I get zero spam on my other accounts because of proper use and/or the use of discardable aliases. No, I am only talking about the spam I get to my spamcop address. It has dropped remarkedly over the last few months. Of course, the idea that anyone would send spam to a spamcop address is ludicrous to start with, but then, we know spamkiddy is braindead. Spamming a spamcop address practically guarantees it will be reported. I still suspect "list-washing" of my account, or list-washing of all SC accounts from the "million address CD." Whatever, I am not complaining. Not a bit. :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sat Apr 2 13:12:50 2005 From: eddie at eddie.web (eddie) Date: Sat Apr 2 13:15:10 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: On Sat, 02 Apr 2005 04:27:32 +0000, Blammo scratched out the following: > On 01 Apr 2005 eddie entered spamcop and left > news:pan.2005.04.02.02.00.12.280000@eddie.web: > >> It has been a while since I was being deluged by spam from att, mci, >> comcast, charter etal. Whether the principals are the same but they >> simply have moved offshore, it's clear that it must be getting hot for >> the spammers to use US websites and email sources. > > Many of these are being blocked, I can still sit there and watch the > comcast IPs getting reflected, it produces a bit of a glow. Does that glow have the napalm smell of victory? Still, on my open SC account, comcast has nearly dropped into the noise. Right now it's mostly korean spam sources. -- Once movie theaters gave out steak knives Today they confiscate them From skiwi at spamcop.net Sat Apr 2 10:59:23 2005 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 2 14:00:02 2005 Subject: [SpamCop-List] Anyone got any history on http://www.RealityAtTheSEC.com ?:? Message-ID: "The Domain www.realityatthesec.com is currently under construction. Please come back in the future for updates." From other links I was looking at, this seemed like an interesting / illumiating read (although I had my salt shaker at the ready...) SEC have it killed? TIA: Greg... From ivan at gmail.com Sat Apr 2 22:08:48 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Apr 2 15:10:03 2005 Subject: [SpamCop-List] Re: Stock scam In-Reply-To: References: Message-ID: ken wrote: > To: Cbbelegrin > Subject: Stock News All stock spam should be forwarded to enforcement@sec.gov Ivan. From porpoise1954 at yahoo.co.uk Sat Apr 2 23:08:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Apr 2 17:15:03 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Paul Sawyer" wrote in message news:Xns962B789C0C9B5Senex@216.154.195.61... > Frank Ellermann wrote in news:424D2A9B.6168 > @xyzzy.claranet.de: > >> Porpoise wrote: >> >>> Do you still use an old telephone with a dial that you poke >>> your finger in to dial as well? ;-) >> >> No, translating pulses to tones is too slow for phone banking, >> I've lost my external tone generator. But in theory... >> >> ASCII-art is 24*79 or smaller, anything else is just spam. Bye > > Feh -- I can remember ASCII art of 132 column width and virtually > unlimited > length. > > Kids today.... I guess it's really all about what printer you had/have (as it all stems from pre-graphics capable printers). From noone at nowhere.net Sat Apr 2 19:02:15 2005 From: noone at nowhere.net (anna cypher) Date: Sat Apr 2 19:05:06 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: "Dwayne Conyers" wrote in message news:d2f9hi$849$1@news.spamcop.net... > I'm still waiting on George W. to declare a war on spam. Locate the > geographic location of the machine where the spam originates and have a > cruise missle fly up the orifice of the person sending it. I'm sure he will if spam is detected coming out of any oil-producing country in the Middle East (other than Saudi Arabia, of course). Anna From nobody at devnull.spamcop.net Sat Apr 2 19:26:11 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:02 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: ... > See Rules #1 and #2 here: > > http://bruce.pennypacker.org/spamrules.html ... That's FUNNY! I wonder how many addresses they've collected? I'll bet a lot, unfortunately. Pop From nobody at devnull.spamcop.net Sat Apr 2 19:29:33 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Apr 2 19:30:07 2005 Subject: [SpamCop-List] Re: Amusing spam technique (rastering), seen before? References: <424B96CE.3598@xyzzy.claranet.de> <424D2A9B.6168@xyzzy.claranet.de> Message-ID: "Porpoise" wrote in message news:d2n5f0$fi0$1@news.spamcop.net... > > "Paul Sawyer" wrote > in message news:Xns962B789C0C9B5Senex@216.154.195.61... >> Frank Ellermann wrote in news:424D2A9B.6168 >> @xyzzy.claranet.de: >> >>> Porpoise wrote: >>> >>>> Do you still use an old telephone with a dial that you poke >>>> your finger in to dial as well? ;-) >>> >>> No, translating pulses to tones is too slow for phone banking, >>> I've lost my external tone generator. But in theory... >>> >>> ASCII-art is 24*79 or smaller, anything else is just spam. Bye >> >> Feh -- I can remember ASCII art of 132 column width and virtually >> unlimited >> length. >> >> Kids today.... > > I guess it's really all about what printer you had/have (as it all stems > from pre-graphics capable printers). > Any of you "oldsters" here ever hear a printer play things like the Star Spangled Banner? I have! Better yet, anyone have a tape recording of such a thing? I'd LOVE to hear it again! Takes a multi-headed printer of course; won't work on polyphonic printers . I think our old IBM was a 4 header, gave us a full 8 notes with 8 more diff harmonics! Pop From SCNews.5.myspamgobbler at spamgourmet.com Sat Apr 2 18:14:20 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Apr 2 21:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > Of the tons of spam we receive everyday, I then wonder if this spammer got > scared, and if so by which of the spam mails I reported. Follow full header > > X-Message-Status: n > X-SID-PRA: admin@LeadSourceGroup.com > X-SID-Result: TempError > X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= > Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) 29-Mar-2005 08:40 GMT | SR02 Atjeu helping spammer listwash Passing on complaints to the spammer so victim's address can be removed but spammer can go right on spamming traps and those who don't know how to track and report spam. 69.50.192.28 - ad2ads.com "This is NOT SPAM. You Agreed to receive a one time message from me and my other fellow PRO FFA Page owners when posting your link to MyWayFFA.com FFA Network." (mywayffa.com registered but not in DNS) 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 server.crazy-server5.com - hitting traps From nobody at spamcop.net Sun Apr 3 09:45:17 2005 From: nobody at spamcop.net (nospam) Date: Sat Apr 2 23:50:05 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation References: Message-ID: in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > Bjarke Andersen wrote: >> Of the tons of spam we receive everyday, I then wonder if this spammer got >> scared, and if so by which of the spam mails I reported. Follow full header >> >> X-Message-Status: n >> X-SID-PRA: admin@LeadSourceGroup.com >> X-SID-Result: TempError >> X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >> Received: from server.thelistpro.com ([69.50.192.100]) by mc1- > >> > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 > > 69.50.192.100/32 is listed on the Spamhaus Block List (SBL) > > 29-Mar-2005 08:40 GMT | SR02 > > Atjeu helping spammer listwash > > Passing on complaints to the spammer so victim's address can be removed > but spammer can go right on spamming traps and those who don't know how > to track and report spam. > > 69.50.192.28 - ad2ads.com > > "This is NOT SPAM. You Agreed to receive a one time message > from me and my other fellow PRO FFA Page owners when posting > your link to MyWayFFA.com FFA Network." > > (mywayffa.com registered but not in DNS) > > 69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 > server.crazy-server5.com - hitting traps Crzy stuff going on, one of my "spamtraps" that hasn't sent anything but SC submittals for 4 years now, and for the past year and a half only been receiving medz spam got an unsubscribe ack from thelistpro.com today, also reported as spam. --Well I neither unsubscribed (nor subscribed) I'm pretty sure it hasn't even reported spam from thelistpr.com at least not in the past half year. All it gets is a daily medz from kornet/hana for sites in tietong space. I don't know how much thelistpro spam I get if any, but maybe they're trying to wash their lists of complainers, though how that account got hit is a mystery unless there is (at least) a good 6 month time lag between them getting complaints and washing their lists. From tdy at blackhole.invalid Sat Apr 2 21:46:31 2005 From: tdy at blackhole.invalid (N. Miller) Date: Sun Apr 3 00:50:03 2005 Subject: [SpamCop-List] Re: Did the MS suits stop Spammy overnight? References: Message-ID: In article , Possum Trot says... > Today was the lowest number of spam in my attglobal.net account in 5 years - > only 6 compared with 220 the day before and an average of more than 200 per > day for the past year. Surely the MS suits filed yesterday didn't impact > that number. How much spam were you getting from SBC sources? How much are you now getting from SBC sources? Last September I received an email from SBC announcing that they intended to implement port 25 blocks on outbound connections. Last December fellow SBC customers began bitching about not being able to connect to there off-ISP SMTP servers. At that time I was not blocked, but I started investigating my mail providers. By last January I had converted to using port 587, or port 465. Two nights ago I ran a Telnet check on one of those servers; port 25 is now blocked for me. It has now been seven days since I have received a spam message through an SBC open proxy; and, for the first time since October, or so, Comcast is ahead of SBC for open proxy spam. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Sun Apr 3 11:12:50 2005 From: nobody at spamcop.net (nospam) Date: Sun Apr 3 01:15:03 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com wrote on 4/2/05 9:35 AM: > Could someone put these spam servers on the nuclear targetting list please. > > latest incarnation is networkvisionaries.com, > > mci hosts the images and targets of the periodic mainsleaze style > spambblasts (mailbombings) originating out of atmlinkink.com/calpop.net, > same server for months now. > > The owners have stealthed this server from spamcop > > it's generally shopping spree/free products spam for "market research" > > just in case I trash their spam they send anywhere from 5 to 20 in a blast > at my addy, sometimes several blasts over the course of a few days. > > > today spamvertized at 63.82.06.35 : wakings.com interestor.com dreamwaking.com goldenfury.com infinite supply of registrations it seems, all at TUCOWS for software factory solutions that mo**erfscker in Laval Quebec, isn't there any disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam AUP for registrants? (Like Go-Daddy?) From bar_n0ne at hotmail.com Sun Apr 3 13:45:40 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Apr 3 04:51:23 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: "nospam" wrote in message news:BE757221.147E5%nobody@spamcop.net... > in article d2laum$i07$1@news.spamcop.net, Berny at bar_n0ne@hotmail.com > wrote on 4/2/05 9:35 AM: > SNIP > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Sender address cycles throughout the 216.240.129.[1-256] From nobody at nowhere.invalid Sun Apr 3 12:11:59 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Apr 3 05:16:19 2005 Subject: [SpamCop-List] Re: [OT] Spam vampire idea References: Message-ID: On Sat, 2 Apr 2005 19:02:15 -0500, anna cypher coughed into spamcop and left this in : > I'm sure he will if spam is detected coming out of any oil-producing > country in the Middle East (other than Saudi Arabia, of course). If? I've already had plenty of spam coming out of .sa! -- Steve There's no place like ~ From bjoeg at *spammer*bjoeg.dk Sun Apr 3 13:21:49 2005 From: bjoeg at *spammer*bjoeg.dk (Bjarke Andersen) Date: Sun Apr 3 08:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Dar" crashed Echelon writing news:d2mgsb$4e6$1@news.spamcop.net: > I found three of these, identical, in server spam this morning. I think > it's simply a back-handed way of getting you to click on the link. > Spam, by any other name, is still spam. But looking at the code, what would a click on the link contribute. The link does not confirm your email address by any means, unless som eobscure bugged HTML can sniff emailaddress as refferer for visit on page. -- Bjarke Andersen - Freelance SpamKiller http://www.cdt.org/speech/spam/030319spamreport.shtml (How to prevent) Wanna reply by email? Remove the spammer in address From wb8tyw at qsl.network Sun Apr 3 10:56:21 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sun Apr 3 10:00:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: Bjarke Andersen wrote: > > But looking at the code, what would a click on the link contribute. The > link does not confirm your email address by any means, unless som eobscure > bugged HTML can sniff emailaddress as refferer for visit on page. You might be surprised at what your browser will tell the world about you. It can access quite a bit of information that you told it when you set up your Internet connection. Just visiting the link tells the spammer that it their spew has made it through your ISP's anti-spam actions, so they know that they can send more spam to everyone at your ISP. Everyone at your ISP that still has their e-mail client opening external HTML links/pictures is telling the spammer that you ISP will reliably deliver spam. And from what I have seen of web access to e-mail, there is no way to turn off that option. If it is coupled with a e-mail client, it has access to that setup information, and in some cases the html can request that it generate a mail message. If you have a slow enough computer, you can see the pop-up as the message gets sent. That is if your default profile has a valid mail server associated with it. If your default profile does not have a valid e-mail address associated with it, in most cases if a web site or a local program attempts to send e-mail through it with out your consent, you will get a pop-up from the mail program about it not being able to reach a mail server. And for some browsers, all you have to do is be tricked into visiting the web page, and spammy can use your web browser to send a spam run. http://dsbl.org/relay-methods#FTPURLrelaying The mozilla.org has informed me that Mozilla is not vulnerable to this exploit, and have posted that in the Bugzilla.org database. A major ISP is a target for spammers to begin with. If they are not using sbl-xbl.spamhaus.org, open proxy/open relay lists and a good DHCP list, then they will be flooded with spam. And by watching the web hits, the spammers know which ISPs are aiding them by reliably delivering the spam from sources that are well known to send so much spam it is not worth trying to accept the potentially 1 or two real e-mails out of each couple thousands of spam delivery attempts from them. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Sun Apr 3 12:28:15 2005 From: nobody at devnull.spamcop.net (Steve Gilder) Date: Sun Apr 3 11:30:06 2005 Subject: [SpamCop-List] Re: Preventing Exchange 2000 from delayed bouncing References: Message-ID: "Mike Nuss" wrote in message news:d2kgla$553$1@news.spamcop.net... >I just made the unpleasant discovery that our corporate mail server is >accepting undeliverable mail and then sending bounces, specifically in the >case of nonexistent recipients. I guess we're lucky that spammers haven't >found it (yet). I want to configure it to reject during the SMTP session >instead of after, but I wasn't able to find any information on how to do so >from a cursory Google search. The server is running Exchange 2000. Does >anyone have a pointer to how I can fix this? > > Thanks, > Mike If you do not have corporate reservations about using it, check out ORFilter. I found it from an SC link See: http://martijnjongen.com/ I have it installed on an SBS 2000 system that includes Exchange 2000 and it works great. You will have to tweak it a bit. Steve From ivan at gmail.com Sun Apr 3 18:49:12 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 11:50:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? In-Reply-To: References: Message-ID: John E. Malmberg wrote: > Everyone at your ISP that still has their e-mail client opening external > HTML links/pictures is telling the spammer that you ISP will reliably > deliver spam. And from what I have seen of web access to e-mail, there > is no way to turn off that option. There is with gmail, actually it's the default for spam messages. Ivan. From nobody at spamcop.net Sun Apr 3 10:23:02 2005 From: nobody at spamcop.net (Dar) Date: Sun Apr 3 12:25:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: In addition, the intention could be a simple: Hope I've peaked your curiosity enough to come look at this web page in the hope you will buy my product. If I put it into words in my email, you'd probably just delete it without reading it. But if you come and look, I may have a better chance of selling my product. Dar From SCNews.5.myspamgobbler at spamgourmet.com Sun Apr 3 12:38:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Apr 3 14:45:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? -and how did I get an unsub confirmation In-Reply-To: References: Message-ID: nospam wrote: > in article d2njl3$nnl$1@news.spamcop.net, Brian (SnSR) at > SCNews.5.myspamgobbler@spamgourmet.com wrote on 4/3/05 6:14 AM: > > >>Bjarke Andersen wrote: >> >>>Of the tons of spam we receive everyday, I then wonder if this spammer got >>>scared, and if so by which of the spam mails I reported. Follow full header >>> >>>X-Message-Status: n >>>X-SID-PRA: admin@LeadSourceGroup.com >>>X-SID-Result: TempError >>>X-Message-Info: 6sSXyD95QpVMRonLOZQNGB5SSowzcTU+xqZ6pcuxKh0= >>>Received: from server.thelistpro.com ([69.50.192.100]) by mc1- >> >>http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25456 >> >>69.50.192.100/32 is listed on the Spamhaus Block List (SBL) >> >>29-Mar-2005 08:40 GMT | SR02 >> >>Atjeu helping spammer listwash >> >>Passing on complaints to the spammer so victim's address can be removed >>but spammer can go right on spamming traps and those who don't know how >>to track and report spam. >> >>69.50.192.28 - ad2ads.com >> >>"This is NOT SPAM. You Agreed to receive a one time message >>from me and my other fellow PRO FFA Page owners when posting >>your link to MyWayFFA.com FFA Network." >> >>(mywayffa.com registered but not in DNS) >> >>69.50.192.100 server.thelistpro.com - hitting traps 69.50.210.173 >>server.crazy-server5.com - hitting traps > > > Crzy stuff going on, > > one of my "spamtraps" that hasn't sent anything but SC submittals for 4 > years now, and for the past year and a half only been receiving medz spam > got an unsubscribe ack from thelistpro.com today, also reported as spam. > > --Well I neither unsubscribed (nor subscribed) > > I'm pretty sure it hasn't even reported spam from thelistpr.com at least not > in the past half year. All it gets is a daily medz from kornet/hana for > sites in tietong space. > > I don't know how much thelistpro spam I get if any, but maybe they're trying > to wash their lists of complainers, though how that account got hit is a > mystery unless there is (at least) a good 6 month time lag between them > getting complaints and washing their lists. > From: Rich Kulawiec To: SPAM-L Date: Apr 3, 2005 5:04 AM Subject: Re: Help: who is LeadSourceGroup/thelistpro? Thelistpro are block-on-sight spamming scum. I think they've got at least: 4profitebooks.com charzbiz.com charzbiznews.com cindyandrews.com emailmarketingmagic.com goldenstreammarketing.com gr8bigidea.com jessieandrews.com klaraandrews.com looppowerhits.com mypromailer.com mysecretpage.com netservicebox.com netserviceboxnews.com options2day.com oyesucan.com rapidtracker.com ringofpower.biz ringofpowernews.biz straighttalknewsloop.com strategicmarketingconcepts.com thelistpro.com thepromailer.com From ivan at gmail.com Sun Apr 3 22:37:53 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 15:40:04 2005 Subject: [SpamCop-List] Microsoft bankrupts OptInRealBig.com (and Scott Richter) Message-ID: http://news.bbc.co.uk/1/hi/technology/4400335.stm Just in case you think the lawsuits are pointless. Ivan. From gezgin at spamcop.net Sun Apr 3 23:49:10 2005 From: gezgin at spamcop.net (Gezgin) Date: Sun Apr 3 15:50:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote > http://news.bbc.co.uk/1/hi/technology/4400335.stm Nice. I especially liked "But, make no mistake, we do expect to prevail." He should have added "And the light at the end of the tunnel is NOT a train bearing down on us." -- Bob Kanyak's Doghouse http://www.kanyak.com From DougThegarden at hotmail.com Sun Apr 3 21:58:11 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 16:00:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. Before you get too excited its a pure technicality at this stage. Chapter 11 allows him to continue trading while protected from his creditors. And who are those creditors? Well if you look at what the article says, he would be in the black by about $6m except for this big potential $46m being claimed by M$. So under Chapter 11 he can continue trading while protected from Microsofts financial claim i.e. life as normal Doug From ivan at gmail.com Sun Apr 3 23:14:04 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sun Apr 3 16:15:03 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Before you get too excited its a pure technicality at this stage. > Chapter 11 allows him to continue trading while protected from his > creditors. And who are those creditors? Well if you look at what the > article says, he would be in the black by about $6m except for this big > potential $46m being claimed by M$. So under Chapter 11 he can continue > trading while protected from Microsofts financial claim i.e. life as normal Sure, until Microsoft wins with their army of lawyers. Ivan. From nospam at dev.null Sun Apr 3 23:39:44 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:40:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: "Ivan Leo Puoti" wrote in message news:d2pgmh$l8u$1@news.spamcop.net... > http://news.bbc.co.uk/1/hi/technology/4400335.stm > > Just in case you think the lawsuits are pointless. > > Ivan. My, my.... How our heroes change overnight :-) Somehow I think (and hope) M$ will win the end round.. Not being a M$ fanatic, they are at least doing a bit of good here. Uhmmm, make that a LOT.... However, as affected parties, we all probably hope to see M$ win. Seems crazy though: A party doing something illegal, a private company does what law officials should be doing, they succeed. Then the guilty party turns to the law for protection to spam again. Questions: Not being a laywer or knowing US law, anybody got a take on the alternatives? Scot succeeds in Chapter 11 or ...???? Have you guys got gaols in the US? Or am I missing something? Cheers E From pxpearson at spamxcop.net Sun Apr 3 14:39:10 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Apr 3 16:40:08 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. [snip] > Sure, until Microsoft wins with their army of lawyers. Let's hope so. But I think Doug Thegarden's point was that the bankruptcy filing is a defensive tactic, not proof of the devastating, humiliating, crushing, bloody, obliterating, emasculating defeat we're all waiting so politely (:-) to see. -- Remove the two x's to get a good email address. From nospam at dev.null Sun Apr 3 23:52:57 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 16:50:03 2005 Subject: [SpamCop-List] Positive Registrar Feedback Message-ID: Hi All In these times when 99.9% of the spam in my inbox has URL's in either Brazil or China as payload (and moving a lot between the two): Sent a mail to XIN NET TECHNOLOGY re bad whois on BICKERER.NET. I included proof of wilfully supplied bad whois etc. Mail was sent on the 31st of March. From: X Sent: 31 March 2005 10:19 To: X Subject: Bad Whois for bickerer.net Result: Domain Name: BICKERER.NET Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.paycenter.com.cn Name Server: NS1.ALON587.COM Name Server: NS2.ALON587.COM Status: REGISTRAR-HOLD Updated Date: 31-mar-2005 Creation Date: 29-mar-2005 Expiration Date: 29-mar-2006 Immediate hold. I used the registrar contact as found at http://www.internic.net/contact.html Excellent service. Well done to XIN NET ! From nospam at dev.null Mon Apr 4 00:18:13 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:20:03 2005 Subject: [SpamCop-List] Re: Spammers getting scared? References: Message-ID: "Bjarke Andersen" wrote in message news:Xns962CA9EFB6828bjoegdk@216.154.195.61... SNIP > > We have processed your global remove request successfully. You have been > entirely removed from all autoresponder accounts hosted at > http://www.thelistpro.com and are now blocked from being subscribed to any > autoresponder hosted at this domain. > > -- SNIP Wonders what whois and google can produce. Administrative Contact: Andrews, James admin@oyesucan.com 27529 Hwy 72 Athens, Alabama 35613 United States 8668248893 Fax -- Goofle on address gives: http://leadsourcegroup.com/facts.htm "We NEVER use spam to generate leads." They have a toll free tel number. Why not phone them and ask them HOW you email got onto the list? :-) http://oyesucan.com/contact.php ...we provide personal and expert leadership and e-marketing guidance at "no cost"! http://www.audiovideostreams.com/contactus/ Tracking is anonymous - your privacy is not being violated. Non-intrusive. From DougThegarden at hotmail.com Sun Apr 3 23:19:27 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Apr 3 17:20:09 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) In-Reply-To: References: Message-ID: Ivan Leo Puoti wrote: > Doug Thegarden wrote: > >> Before you get too excited its a pure technicality at this stage. >> Chapter 11 allows him to continue trading while protected from his >> creditors. And who are those creditors? Well if you look at what the >> article says, he would be in the black by about $6m except for this >> big potential $46m being claimed by M$. So under Chapter 11 he can >> continue trading while protected from Microsofts financial claim i.e. >> life as normal > > Sure, until Microsoft wins with their army of lawyers. > Even then he would continue trading in Chapter 11 protected from his creditors i.e. M$ until the Courts decide there is no prospect of him trading through his financial problems. Doug From nospam at dev.null Mon Apr 4 00:35:07 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 17:35:07 2005 Subject: [SpamCop-List] Re: mci 63.82.06.35, ATMLinkinc/calpop 216.240.129.23 References: Message-ID: > > latest incarnation is networkvisionaries.com, > > > today spamvertized at 63.82.06.35 : > > wakings.com > interestor.com > dreamwaking.com > goldenfury.com > > infinite supply of registrations it seems, all at TUCOWS for software > factory solutions that mo**erfscker in Laval Quebec, isn't there any > disturbed individual wit a belt bomb nearby? Does TUCOWS have an anti-spam > AUP for registrants? (Like Go-Daddy?) > Won't work. This is a mailbox rental. http://www.mailnetwork.com/atemporary.html Tel numer is US - toll free http://www.numberingplans.com/index.php?goto=isdn&s=%2B1.8775725732&action=a nalyse Also: THEHOTTESTTHINGAROUND.COM used as mail server I suggest mail to info@mailnetwork.com T&C: http://www.mailnetwork.com/aterms.html "3. Customer agrees that Customer will not use the Center premises or any Center services for any unlawful, illegitimate or fraudulent purpose or for any purpose prohibited by U.S. postal regulations or those of the country where the Center is located. Customer further agrees that any use of the Mailbox shall be in conformity with all applicable federal, state and local laws." etc etc Cheers From nobody at devnull.spamcop.net Sun Apr 3 18:03:38 2005 From: nobody at devnull.spamcop.net (Tom) Date: Sun Apr 3 18:05:05 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: On Sun, 3 Apr 2005 22:49:10 +0300, Gezgin wrote: >> http://news.bbc.co.uk/1/hi/technology/4400335.stm > >Nice. I especially liked "But, make no mistake, we do expect >to prevail." He should have added "And the light at the end >of the tunnel is NOT a train bearing down on us." Mm, Sounds a lot like the litiny of Daryl McBride and crew (SCO). From nospam at dev.null Mon Apr 4 01:23:55 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 18:25:02 2005 Subject: [SpamCop-List] Re: ICANN annual whois data problem report References: <424D2BF0.71CF@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:424D2BF0.71CF@xyzzy.claranet.de... > For details see... > > > > ...but the expected outcome is clear, gTLD .biz got three > times more reports than any other ICANN gTLD (relatively). > > Bye, Frank > Thanks for the URL. It slipped by me ... My stats: Sent and confirmed: Sent, 247 Reports received for follow up: 229 Deviation of 18? Never noticed that ... Hmm, sone more work to do :-) Howver, as regards the desired result: 37 sent via rip.gandi.net 303 other direct to registrar, with follow up onto wdprs only if not action in 5 days (normally for wilfully supplied inaccurate whois). No stats on duplication effort, but it is quite high. 8 misc other Hmm, maybe I should combine direct to registrar and wdprs from step 1 Interesting and thanks for the link again From nospam at dev.null Mon Apr 4 02:06:41 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:05:04 2005 Subject: [SpamCop-List] Re: ISP's that bounce phishes and phish LART's References: Message-ID: "George Langford, Sc.D." wrote in message news:mailman.123.1111932673.4572.spamcop-list@news.spamcop.net... > Just one of many tracking URL's: > http://www.spamcop.net/sc?id=z746288874zb890ad0ac0e6156148c594320c8214f1z > > These bounces have happened several times recently. They have > the effect that the bouncing IP's will not be getting any notifies of > unlawful phishing activity. Do they know that their diligence in > protecting their technical staff from phishes is protecting their > criminals even more ? > Hmm Try http://antiphishing.org/ and reprot there. Also try mail to abuse without copy, stating reason you are not incuding a sample. That way they have to ask and you will get some address that may work. Also mention you have copied http://antiphishing.org/ Cheers From nospam at dev.null Mon Apr 4 02:43:49 2005 From: nospam at dev.null (Anty Spam) Date: Sun Apr 3 19:45:05 2005 Subject: [SpamCop-List] Feedback: Worm infested server @ Bharti 202.56.239.78 References: Message-ID: "Anty Spam" wrote in message news:d1t1n3$vpl$1@news.spamcop.net... > Hi All > > The following two worm attempts refer > http://www.spamcop.net/sc?id=z745308652zb954fdc03dd52f4b85b68463b3299470z > and > http://www.spamcop.net/sc?id=z745309531z8ea5780a36e8501468ad92d10a7657dcz > > Each time a Netsky is attached (and removed :-) > > > I has tried the techsupport@bharti.com and postmaster@bharti.com addresses. > For more than a month! > > Yet with regularity, these mails arrive from 202.56.239.78, up to 5 per day. > > Normally the "bounce" message is acompanied by one or two nonsense mails. > All mails have a Netsky attached. Feedback on this issue. My ISP has not extremely helpful on this issue. I got a "Report to spamcop" response - Ughhhhhhhhhhhhhhh. One born every minute. Luckily I am not paying... Also, my philosophy on an issue such as this: Never give up. Escalate. (reminds me a bit of the frog and the stork)As such I stepped up the heat. I started polling "security" newsgroups "that it is best not to be known on" about the morality of taking down such a server based on the circumstances. Complete with IP address. (I was sure this generated a lot attention from undersirables) . Also made Bharti aware of these. I dug around. Found the Indian IT act. Based upon the above, combined with the fact that I had proof of which addresses did in fact receive my mails, I requested my mails be forwarded to the legal department. I mentioned and quoted the act, clean up costs etc etc to which I am entitled. I also happended to ask if "X". was still doing their support, since this could hurt them. After this mail, I have not received another worm. Persistence pays. Since replies here mentioned bad/non-existent service: There are articles floating about on the net about who is doing their support in which areas. I think I hit a nerve when I mentioned "X". Cheers From baloo at ursine.ca Sun Apr 3 17:54:06 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Apr 3 20:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: Anty Spam wrote: > > "Ivan Leo Puoti" wrote in message > news:d2pgmh$l8u$1@news.spamcop.net... >> http://news.bbc.co.uk/1/hi/technology/4400335.stm >> >> Just in case you think the lawsuits are pointless. >> >> Ivan. > > My, my.... How our heroes change overnight :-) I wouldn't say that heroes have changed, though it does show that Microsoft *is* self-conscious and is trying to assert their position on the pole: relatively good --------------- [...] People with common sense AOL and it's users Microsoft Spammers Postal spammers [...] --------------- relatively evil -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From nobody at xyzzy.claranet.de Mon Apr 4 11:32:04 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 04:35:25 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> Message-ID: <4250FB84.2B03@xyzzy.claranet.de> Steven Maesslein wrote: > AFRINIC isn't completely up and running yet. Apparently they import bogus records from RIPE without contact address, if that's the case it's an excessively bad idea. > the abuse addy for aviso.ci isn't abuse@ according to > abuse.net: Yes, I didn't check abuse.net. IMNSHO the RfC with abuse@ is now old enough, implement it or die. > $ whois -h whois.abuse.net aviso.ci > postmaster@aviso.ci (for aviso.ci) > assied@aviso.ci (for aviso.ci) > j.zano@aviso.ci (for aviso.ci) If John has not changed his procedures entries with postmaster@ are unverified (= submitted by 3rd parties). Only the entries without postmaster@ were really submitted by the postmaster@. That is of course irrelevant for our beloved SC-the-script, but for manual report I'd first try abuse@, and if that bounces I'd check RFCI and add abuse@ if neccessary. Then I'd try whatever whois says and postmaster@ to maximize the RFCI damage. If all fails I test the abuse.net entries and other addresses, sending an update to update(A T)abuse.net if something works. aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, `rxwhois -a aviso.ci`: aviso.ci (-------10): .postmaster.rfc-ignorant.org aviso.ci (------2--): .abuse.rfc-ignorant.org aviso.ci (------210): .whois.rfc-ignorant.org whois -h whois.abuse.net aviso.ci postmaster@aviso.ci (for aviso.ci) assied@aviso.ci (for aviso.ci) j.zano@aviso.ci (for aviso.ci) Sigh, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:13:02 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:15:36 2005 Subject: [SpamCop-List] error:Can't send report Message-ID: <4251051E.2F7B@xyzzy.claranet.de> A really old SpamCop error strikes again: error:Can't send report: smtpEnvelope (1395420024@bounces.spamcop.net, abuse@bora.net): smtpFrom: mail From 1395420024@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919881zff0ca772a1a36c63198ba44563c1b7e6z error:Can't send report: smtpEnvelope (1395420035@bounces.spamcop.net, abuse@netvision.net.il): smtpFrom: mail From 1395420035@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919880zb9027024467a615e07d91cf70ef96f99z error:Can't send report: smtpEnvelope (1395420043@bounces.spamcop.net, abuse@xo.com): smtpFrom: mail From 1395420043@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919879z921f7bedf1d4c2b46aae7b2f4035694cz error:Can't send report: smtpEnvelope (1395420051@bounces.spamcop.net, abuse@comcast.net): smtpFrom: mail From 1395420051@bounces.spamcop.net: error (550 No expected reply from SMTP) May be saved for future reference: http://www.spamcop.net/sc?id=z748919878z9b4b47099d1aa2edf1793ce0899862bcz Lines folded by me, the SC error output has no \n (line end). Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 12:29:14 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 05:35:03 2005 Subject: [SpamCop-List] JPnic parsing failed: HB022JP Message-ID: <425108EA.1052@xyzzy.claranet.de> Another old SpamCop problem, it cannot parse the JPNIC handles: | "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) | JPnic parsing failed: HB022JP | nothing found I don't see why, the JPNIC format is strange but clear: whois -h whois.nic.ad.jp HB022JP /e [...] | Contact Information: | a. [JPNIC Handle] HB022JP | c. [Last, First] Baba, Hyosuke | d. [E-Mail] baba@hd-group.com [...] I've already reported the similar case KP035JP to deputies@, but this HB022JP "baba" is sending quite a lot of spam. Bye, Frank http://www.spamcop.net/sc?id=z748917832ze7e35cf3c294a6645224187d38e689d3z From MikeE at ster.invalid Mon Apr 4 03:35:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:35:07 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > A really old SpamCop error strikes again: What does/did it do? The trackers look like a report was sent on the source on each. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 03:49:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 05:50:02 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Another old SpamCop problem, it cannot parse the JPNIC handles: > >> "whois HB022JP/e@whois.nic.ad.jp" (Getting contact from jpnic) >> JPnic parsing failed: HB022JP >> nothing found > > I don't see why, the JPNIC format is strange but clear: > whois -h whois.nic.ad.jp HB022JP /e > [...] >> Contact Information: >> a. [JPNIC Handle] HB022JP >> c. [Last, First] Baba, Hyosuke >> d. [E-Mail] baba@hd-group.com > [...] So it is tripping on the a. b. c. again. Also, I seem to recall from somewhere that for the .jp notifies that if you were only going to notify one, as SC is inclined to do here, that you should notify the admin instead of the tech. inetnum: 210.160.67.64 - 210.160.67.79 netname: HD-GROUP descr: HIRANO & ASSOCIATES,INC. country: JP admin-c: MO558JP tech-c: HB022JP SC picked the tech, not the admin. a. [JPNIC Handle] MO558JP c. [Last, First] Oki, Masafumi d. [E-Mail] oki@hd-group.com g. [Organization] HIRANO & ASSOCIATES,INC. l. [Division] planning group n. [Title] Director I don't remember where I heard that tech is a better choice /generally/ except for .jp -- maybe that information is incorrect. On the ones I do [choose notifies], if there is a presumed language situation, I try to notify /more/ addresses, not less, and let them sort it out on their end. There isn't a reg'd abuse.net here, so that's another reason I would notify more not less. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 15:14:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 08:15:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 10:32:04 +0200, Frank Ellermann coughed into spamcop and left this in <4250FB84.2B03@xyzzy.claranet.de>: > aviso.ci is apparently an AFRINIC answer to WannaSpew SpamCast, > `rxwhois -a aviso.ci`: Can you think of anyone in AFRINIC space that isn't a permanent source of 419 junk nowadays? I don't think that AFRINIC is that bad an idea if it can be used to block on sight. Much like LACNIC can. -- Steve Good judgment comes from bad experience, and a lot of that comes from bad judgment. From nobody at devnull.spamcop.net Mon Apr 4 08:10:00 2005 From: nobody at devnull.spamcop.net (Premedic) Date: Mon Apr 4 10:15:02 2005 Subject: [SpamCop-List] postmaster@telecall.ru does not bounce Message-ID: Hello, postmaster@telecall.ru appears to no longer be bouncing, as determined by a manual message to that address. Please enable sending SpamCop reports to this address in the SPAM submission tool on SpamCop.net. Thank you, Premedic From nobody at xyzzy.claranet.de Mon Apr 4 17:12:46 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:03 2005 Subject: [SpamCop-List] Re: JPnic parsing failed: HB022JP References: <425108EA.1052@xyzzy.claranet.de> Message-ID: <42514B5E.1D45@xyzzy.claranet.de> Mike Easter wrote: >>> Contact Information: >>> a. [JPNIC Handle] HB022JP >>> c. [Last, First] Baba, Hyosuke >>> d. [E-Mail] baba@hd-group.com > So it is tripping on the a. b. c. again. It's missing a "b." ? LOL, you're right, it's the same for KP035JP. Now that's stupid, the JP-pattern is always a line starting with "d. [E-Mail]". The "b." is irrelevant, IIRC it's something like organization or name of network. > I seem to recall from somewhere that for the .jp notifies > that if you were only going to notify one, as SC is inclined > to do here, that you should notify the admin instead of the > tech. Yes, that's a general rule, the Tech-C is not responsible for abuse issues, or at least not in any automatical "script" way. > I don't remember where I heard that tech is a better choice > /generally/ except for .jp -- maybe that information is > incorrect. Maybe this depends on the case, for a spamvertized domain the Admin-C probably _is_ the spammer. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:20:08 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:25:09 2005 Subject: [SpamCop-List] Re: error:Can't send report References: <4251051E.2F7B@xyzzy.claranet.de> Message-ID: <42514D18.DA6@xyzzy.claranet.de> Mike Easter wrote: >> A really old SpamCop error strikes again: > What does/did it do? I'm not sure, it's only in Quick reporting confirmations. If the error message means what it says SC's SMTP got a 500 error for unknown reasons, and that's all I see in the confirmation. > The trackers look like a report was sent Maybe it only says that SC _tried_ to send a report, and it never really worked. I've asked deputies@ about this issue more than once, but probably they are lost like you and me. Bye, Frank From nobody at xyzzy.claranet.de Mon Apr 4 17:33:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 10:35:04 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> Message-ID: <42515055.4811@xyzzy.claranet.de> Steven Maesslein wrote: > Can you think of anyone in AFRINIC space that isn't a > permanent source of 419 junk nowadays? Why not ? I don't believe in any regional ignorance. ;-) And as far as I'm concerned the 419ers moved from NL to Tiscali in the UK, not to Aviso in CI. > I don't think that AFRINIC is that bad an idea if it can be > used to block on sight. Much like LACNIC can. No, sorry, I really don't like these strategies. BR used to be a very bad sign, and Chile is an intentional whois-ignorant, I'd really love to block these countries "forever" (until they change their laws and maybe shoot their NICs). But why should I block say Venezuela or Namibia ? Bye, Frank From ivan at gmail.com Mon Apr 4 18:46:35 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Mon Apr 4 11:50:11 2005 Subject: [SpamCop-List] Re: St0ck Spammers In-Reply-To: <4246601F.FC717C60@gotohell.com> References: <4246601F.FC717C60@gotohell.com> Message-ID: Steve Holmes wrote: > Anyone want to join forces to shut these guys down? I'm keeping a chart > of Yahoo addresses used and st0cks touted. Report them to enforcement@sec.gov Ivan. From nobody at nowhere.invalid Mon Apr 4 19:06:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 12:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 16:33:57 +0200, Frank Ellermann coughed into spamcop and left this in <42515055.4811@xyzzy.claranet.de>: > Why not ? I don't believe in any regional ignorance. ;-) And > as far as I'm concerned the 419ers moved from NL to Tiscali in > the UK, not to Aviso in CI. I sometimes see 419's that were relayed through various areas but that still originate in aviso.ci space. > No, sorry, I really don't like these strategies. BR used to > be a very bad sign, and Chile is an intentional whois-ignorant, > I'd really love to block these countries "forever" (until they > change their laws and maybe shoot their NICs). But why should > I block say Venezuela or Namibia ? Well... I've received plenty of spam from .ve and I know of nobody with any reason to contact me in .na. OTOH, I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, .ci, .ng, .za, .zw, .ml, .sa..... -- Steve The average nutritional value of promises is roughly zero. From nobody at xyzzy.claranet.de Mon Apr 4 19:43:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 12:45:10 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> Message-ID: <42516EB4.53DD@xyzzy.claranet.de> Steven Maesslein wrote: > I sometimes see 419's that were relayed through various areas > but that still originate in aviso.ci space. Okay, that this ISP is a listed RFC-ignorant is clear. I've no problem with blocking ISPs. But I doubt that all black hats on earth are together as bad as SpamCast alone. > I know of nobody with any reason to contact me in .na. TLD .na has a working whois server, that's alone is better than major parts of the world. > I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, > .ci, .ng, .za, .zw, .ml, .sa..... Maybe you get much more spam, I'm not sure that I ever got any mail with an address or mail provider in some of these ccTLDs. Does .sa belong to AFRINIC ? Bye, Frank From MikeE at ster.invalid Mon Apr 4 11:09:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 13:10:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Does .sa belong to AFRINIC ? There's a Local Internet Registry saudinic whose IP netblocks are in ripe. http://www.saudinic.net.sa/about/about_saudinic.htm It also operates an online whois. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Apr 4 22:40:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Apr 4 15:45:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: On Mon, 04 Apr 2005 18:43:32 +0200, Frank Ellermann coughed into spamcop and left this in <42516EB4.53DD@xyzzy.claranet.de>: > Okay, that this ISP is a listed RFC-ignorant is clear. I've no > problem with blocking ISPs. But I doubt that all black hats on earth > are together as bad as SpamCast alone. They do appear to be relqtively empty-hat, which probably explains why I ended up feeding the firewall with their alllocations whenever I got spam from a new one. >> I know of nobody with any reason to contact me in .na. > > TLD .na has a working whois server, that's alone is better than > major parts of the world. Agreed. But it doesn't alter the fact that I can't think of a reason why I'd have to correspond with anyone in that country. >> I still see plenty of crap from .ma, .tn, .dz, .eg, .lb, .sn, >> .ci, .ng, .za, .zw, .ml, .sa..... > > Maybe you get much more spam, I'm not sure that I ever got any > mail with an address or mail provider in some of these ccTLDs. I'm sent in the region of 2000 spams each day. That's counting stuff that doesn't make it past the firewall, what's blocked by DNSBL's and what seeps through. > Does .sa belong to AFRINIC ? Apparently not according to Mike Easter. Maybe RIPE is keeping control of the Middle-East. -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From tdy at blackhole.invalid Mon Apr 4 14:08:09 2005 From: tdy at blackhole.invalid (N. Miller) Date: Mon Apr 4 16:10:02 2005 Subject: [SpamCop-List] Re: Microsoft bankrupts OptInRealBig.com (and Scott Richter) References: Message-ID: In article , Anty Spam says... > Questions: > Not being a laywer or knowing US law, anybody got a take on the > alternatives? Scot succeeds in Chapter 11 or ...???? If MSFT wins a judgement, and Richter's Chapter 11 plan does not look like it will succeed, he will probably have to move to a different plan. I am not sure it it would be Chapter 7, or Chapter 13; but one of them. > Have you guys got gaols in the US? Nope. We have "jails"; same pronunciation and function, though. > Or am I missing something? I don't believe that we have debtor's prisons any more. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at xyzzy.claranet.de Mon Apr 4 23:17:41 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Apr 4 16:20:03 2005 Subject: [SpamCop-List] Re: O/R 196.201.78.0/23 => abuse@aviso.ci References: <424F277A.3A1E@xyzzy.claranet.de> <4250FB84.2B03@xyzzy.claranet.de> <42515055.4811@xyzzy.claranet.de> <42516EB4.53DD@xyzzy.claranet.de> Message-ID: <4251A0E5.B12@xyzzy.claranet.de> Mike Easter wrote: > It also operates an online whois. Yes, I collect these servers for rxwhois.cmd (a whois client), and SaudiNic made it on my "special" list, because they need a special syntax for their handles. Not as bad as DENIC... ;-) Bye, Frank -- (version 1.7.7, 45 KB) From spamcop at 1bigthink.com Mon Apr 4 17:22:58 2005 From: spamcop at 1bigthink.com (spamcop) Date: Mon Apr 4 16:23:30 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: <6.1.2.0.0.20050404162150.03e6bde8@mx.1bigthink.com> At 04:08 PM 4/4/2005, you wrote: >In article , Anty Spam says... > > >I don't believe that we have debtor's prisons any more. Sure we do.. if you can't afford a decent attorney, we'll appoint one so that you are sure to lose.. what's the difference? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From president at whitehouse.gov Mon Apr 4 18:15:45 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 20:20:10 2005 Subject: [SpamCop-List] 1and1 Internet SMTP servers Message-ID: Hi All: I have been using www.1and1.com as a web host for about 8 months now. I've noticed that sometimes when I write an email to someone at AOL, it is blocked with a message that my server is being blocked. Also, though less frequent, emails to Prodigy and Juno addresses have been blocked. 1and1 tech support swears they don't permit spamming, and says it's just because they are so large that it's inevitable that some emails that originate from their IP blocks are flagged as spam. I am very happy with their web hosting ability, but this block list crap is wearing me thin. Is 1and1 feeding me a line of bull? Do they have any reputation, good or bad? Thanks! From nobody at spamcop.net Mon Apr 4 18:48:36 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Apr 4 20:50:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Block AOL with the message to users to change ISP accounts "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... > Hi All: > > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. > > Also, though less frequent, emails to Prodigy and Juno addresses have been > blocked. 1and1 tech support swears they don't permit spamming, and says > it's just because they are so large that it's inevitable that some emails > that originate from their IP blocks are flagged as spam. > > I am very happy with their web hosting ability, but this block list crap > is wearing me thin. > > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? > > Thanks! > From MikeE at ster.invalid Mon Apr 4 18:52:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 20:55:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. > I've noticed that sometimes when I write an email to someone at AOL, > it is blocked with a message that my server is being blocked. The way to talk about a server or a mail being blocked or having its mail rejected because it is DNSBL listed is to name the particular IP, not name some website who is a webhost. We aren't talking about webhosting here, we are talking about smtp transactions and particular mailserver output IPs. When you give that kind of information, it means that whoever is going to 'correspond' or discuss with you whatever it is you are talking about is going to have to do a lot of or some detective work to begin the conversation. > Also, though less frequent, emails to Prodigy and Juno addresses have > been blocked. That means that some IP is getting itself onto AOL's as well as Juno's and Prodigy's blocklists. > 1and1 tech support swears they don't permit spamming, > and says it's just because they are so large that it's inevitable > that some emails that originate from their IP blocks are flagged as > spam. There are a variety of reasons that IPs get themselves blocklisted; and it behooves a good provider to recognize all of those causes and avoid or prevent them by good security and spam output prevention, as well as both proactive prevention of blocklisting plus aggressive efforts to correct any problems once listings occur. > I am very happy with their web hosting ability, but this block list > crap is wearing me thin. Maybe you should handle your mail output someother way. > Is 1and1 feeding me a line of bull? Do they have any reputation, > good or bad? I don't think the issue of www.1and1.com is what we are talking about here. 1and1 is Schlund. Schlund is also perfora.net If I look around in sightings and see who is notifying schlund about being a spamsource, I see perfora output servers and I see a perfora output server currently listed on sorbs as a spamsource server; in fact there are 4 different perfora output servers so listed in sorbs. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 4 19:02:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 4 21:05:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > blocked with a message that my server is being blocked. What message and what server is that? -- Mike Easter kibitzer, not SC admin From dannyg at dannyg.com Mon Apr 4 19:14:42 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Mon Apr 4 21:14:45 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: <200504050020.j350KI2N094944@dannyg.com> Message-ID: > Is 1and1 feeding me a line of bull? Do they have any reputation, good or > bad? They've been on my radar in the last month, but only as the host to a few phisher sites that got shut down exceedingly quickly (e.g., within 20 minutes of the phish email hitting my server). These aren't the common hacked servers, but domains and accounts set up explicitly to phish (probably paid for by a stolen cc). That evidence is positive, but not statistically sound. Danny http://www.dannyg.com http://www.spamwars.com From president at whitehouse.gov Mon Apr 4 21:09:14 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:31 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2sndf$9t7$1@news.spamcop.net... > The way to talk about a server or a mail being blocked or having its > mail rejected because it is DNSBL listed is to name the particular IP, > not name some website who is a webhost. We aren't talking about > webhosting here, we are talking about smtp transactions and particular > mailserver output IPs. My apologies, my choice of terminology was poor. 1and1 is hosting some domains for me. As a part of that service they provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is what I sometimes use when I send email. I occasionally use my ISP's SMTP server but that's yet another sob story. >> I am very happy with their web hosting ability, but this block list >> crap is wearing me thin. > > Maybe you should handle your mail output someother way. How so? I don't really want to maintain my own mail server. My ISP has their own problems with SMTP, which causes me to occasionally bounce back and forth between using the ISP's SMTP servers and 1and1's SMTP server(s). I could pay another company to provide SMTP service I guess, though I'm already paying two companies to provide it now. What other way to you recommend? > If I look around in sightings and see who is notifying schlund about > being a spamsource, I see perfora output servers and I see a perfora > output server currently listed on sorbs as a spamsource server; in fact > there are 4 different perfora output servers so listed in sorbs. Doesn't surprise me. :) > Mike Easter > kibitzer, not SC admin Thanks Mike! I appreciate your input. From president at whitehouse.gov Mon Apr 4 21:13:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:15:49 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? A sample would be... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.40]. The delivery of the mail below has failed due to the following reasons: xyz1@aol.com: xyz2@aol.com: connection rejected by 64.12.138.152 command : greeting response: 554 (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html From president at whitehouse.gov Mon Apr 4 21:17:27 2005 From: president at whitehouse.gov (Fuzz) Date: Mon Apr 4 23:20:02 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Mike Easter" wrote in message news:d2snvt$a6e$1@news.spamcop.net... > Fuzz wrote: >> blocked with a message that my server is being blocked. > > What message and what server is that? Here's one from Juno... ---cut--- This message was created automatically by mail delivery software NEMESIS/mout on mout.perfora.net[217.160.230.41]. The delivery of the mail below has failed due to the following reasons: xyz1@juno.com: connection rejected by 64.136.28.83 command : greeting response: 550 Access denied...48711c65bd656861acf98d1d4cf94981a5855cd935b8b8353958318558ed75ed359d05... From skiwi at spamcop.net Mon Apr 4 22:52:24 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 00:55:02 2005 Subject: [SpamCop-List] FYI - email to and response from regarding all these Canadian P&Ds lately... Message-ID: Greg : Thank you for contacting us regarding your concerns and suggestions for dealing with spam electronic messages for shares trading on the TSX Venture Exchange. Staff of the BCSC do investigate complaints to enforce compliance with the securities legislation and to sanction market misconduct. When appropriate, we also refer complaints to other regulatory jurisdictions or self-regulatory bodies. Not all complaints result in an investigation or public sanction. Staff cannot verify or comment on an investigation until the matter becomes one of public record. While this may seem frustrating to some, the purpose is to protect the integrity of an investigation and to ensure that the complaint process is not used to affect the market. Again, we appreciate you bringing your concerns to our attention. British Columbia Securities Commission PO Box 10142, Pacific Centre 701 West Georgia Street Vancouver, BC V7Y 1L2 Inquiries@bcsc.bc.ca 604 899-6500 - Main switchboard 604 899-6854 - Inquiries or Complaints 1 800 373-6393 - Toll Free in BC and Alberta) 604 899-6506 - Fax ------------------------------------------------------------------------- Greg .net> To inquiries@bcsc.bc.ca 04/02/2005 11:05 cc AM consltcomm@fin.gc.ca Subject There has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange --------------------- Hello, I am sure you are aware that there has been a HUGE volume recently of 'pump and dump' stock spams emails for shares traded on the Vancouver Stock Exchange. Please consider setting up a mechanism like that put in place by Ottawa (or indeed the US (enforcement@sec.gov)) to enable you to at least collect these in aggregate - a possible model: the Ontario Securities Commission accepts P&D emails forwarded to inquiries@osc.gov.on.ca That is, although it would of course be impractical to act on every instance the patterns may allow you to start looking for the perpetrators and the stocks they are utilizing - and hence further protect the name of the Vancouver Stock Exchange / British Columbia Securities Commission. Regards & Thank You, GREG c.c. consltcomm@fin.gc.ca From Kilgallen at SpamCop.net Tue Apr 5 00:53:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Tue Apr 5 00:55:07 2005 Subject: [SpamCop-List] References:

Message-ID: In article , spamcop writes: > At 04:08 PM 4/4/2005, you wrote: >>In article , Anty Spam says... >> >> >>I don't believe that we have debtor's prisons any more. > > Sure we do.. if you can't afford a decent attorney, we'll appoint one so > that you are sure to lose.. what's the difference? Prisons are for those convicted of criminal charges. The Microsoft action is a civil suit. From bar_n0ne at hotmail.com Tue Apr 5 10:50:48 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 01:55:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... References: Message-ID: "Skiwi" wrote in message news:d2t5ia$ghp$1@news.spamcop.net... > Greg : > EXCHANGE SNIPPED > > c.c. consltcomm@fin.gc.ca Looks like a form letter, they didn't even address your issue about a straghtforward submission mechanism as done by the Ontario commission. Seems they don't read their mail. From skiwi at spamcop.net Tue Apr 5 00:02:02 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 02:05:05 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it.... :-( From MikeE at ster.invalid Tue Apr 5 00:05:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:05:11 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > "Mike Easter" >> What message and what server is that? > > Here's one from Juno... > > ---cut--- > This message was created automatically by mail delivery software > NEMESIS/mout on mout.perfora.net[217.160.230.41]. Yep, that's that perfora server I saw in sightings; it is listed in sorbs as a spamsource and its spam output examples can be seen in sightings. In the case of the sightings one I looked at, it was serving spam out from a perfora user IP behind it. Your outgoing mail may go in 1and1 smtp MXes, but it is/must be/ coming out of a perfora server which is getting itself blocked because of spam activity. It is possible that Juno may be using sorbs, or something of their own, or some kind of scoring system which includes sorbs listing. Same way for AOL & Prodigy. The other perfora output servers names seen in senderbase besides mout are mx00 and mx01 -- which are also sorbs listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 5 00:29:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 02:30:06 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: Fuzz wrote: > 1and1 is hosting some domains for me. As a part of that service they > provide POP3 and SMTP servers. Their SMTP server, smtp.1and1.com, is > what I sometimes use when I send email. That is ending up going out the perfora servers which get their mail blocked because they are associated with spam activity. > I occasionally use my ISP's > SMTP server but that's yet another sob story. I would think that clearskye/ westcoast wireless/ would have better luck staying off lists than schlund/perfora >>> I am very happy with their web hosting ability, but this block list >>> crap is wearing me thin. >> >> Maybe you should handle your mail output someother way. > > How so? I don't really want to maintain my own mail server. My ISP > has their own problems with SMTP, which causes me to occasionally > bounce back and forth between using the ISP's SMTP servers and > 1and1's SMTP server(s). I could pay another company to provide SMTP > service I guess, though I'm already paying two companies to provide > it now. > > What other way to you recommend? I don't have any professional or personal experience with smarthosting, but when I read commentary in nanae, some of them recommend hiring out some mail service and charging your webhost for it because of their failure to provide the service. Naturally that would result in a p*ssing contest which would lead to your changing webhosts. Else you would just have to eat the cost of better mail service. Are you talking about much outgoing mail here, or just modest? -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Tue Apr 5 11:34:36 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Apr 5 04:35:03 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers In-Reply-To: References: Message-ID: Fuzz wrote: > I have been using www.1and1.com as a web host for about 8 months now. I've > noticed that sometimes when I write an email to someone at AOL, it is > blocked with a message that my server is being blocked. The problem may be that United Internet (1&1, Schlund, GMX, Kundenserver, ...) is one of the largest web hosting companies (hosting 4,500,000 domains) in Germany/Europe. In such a big company you always will have some 'rotten apples'. So the question is how fast the abuse desk reacts and shuts down such rogue customers. In my personal experience I would say they are more white hat but the reaction time of the abuse desk sometimes seems a little bit slow. - kjz From devnull at spamcop.net Tue Apr 5 04:05:27 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Apr 5 09:10:09 2005 Subject: [SpamCop-List] Re: 1and1 Internet SMTP servers References: Message-ID: "Fuzz" wrote in message news:d2slc3$8sq$1@news.spamcop.net... | Hi All: | | I have been using www.1and1.com as a web host for about 8 months now. I've | noticed that sometimes when I write an email to someone at AOL, it is | blocked with a message that my server is being blocked. | | Also, though less frequent, emails to Prodigy and Juno addresses have been | blocked. 1and1 tech support swears they don't permit spamming, and says | it's just because they are so large that it's inevitable that some emails | that originate from their IP blocks are flagged as spam. | | I am very happy with their web hosting ability, but this block list crap is | wearing me thin. | | Is 1and1 feeding me a line of bull? Do they have any reputation, good or | bad? | | Thanks! My experiance with 1and1 is that tech support/marketing/billing, etc., amouts to a referral to the FAQ regardless of the issue. From bar_n0ne at hotmail.com Tue Apr 5 18:10:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 5 09:15:02 2005 Subject: [SpamCop-List] hanaro must be hurtin for spammer business Message-ID: Seems like they're back in competition with chinatietong to host spammers. From skiwi at spamcop.net Tue Apr 5 08:16:26 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:20:04 2005 Subject: [SpamCop-List] Re: FYI - email to and response from regarding all these Canadian P&Ds lately... In-Reply-To: References: Message-ID: Berny wrote: > "Skiwi" wrote in message > news:d2t5ia$ghp$1@news.spamcop.net... > >>Greg : >> > > EXCHANGE SNIPPED > >>c.c. consltcomm@fin.gc.ca > > > Looks like a form letter, they didn't even address your issue about a > straghtforward submission mechanism as done by the Ontario commission. Seems > they don't read their mail. Well, I was not going to say it! :-( I was considering a scarcastic reply suggesting that I come up and re-write their form letter system to make look a little less like a bollocky cut & paste one... :-) but what the hey... From skiwi at spamcop.net Tue Apr 5 08:28:53 2005 From: skiwi at spamcop.net (Skiwi) Date: Tue Apr 5 10:30:02 2005 Subject: [SpamCop-List] OptIn's Chapter 11 - Civil suit In-Reply-To: References:

Message-ID: Larry Kilgallen wrote: > In article , spamcop writes: > >>At 04:08 PM 4/4/2005, you wrote: >> >>>In article , Anty Spam says... >>> >>> >>>I don't believe that we have debtor's prisons any more. >> >>Sure we do.. if you can't afford a decent attorney, we'll appoint one so >>that you are sure to lose.. what's the difference? > > > Prisons are for those convicted of criminal charges. > The Microsoft action is a civil suit. Maybe he will seek the protection of prison when the boys from Chinatietong et. al. come looking to collect on their unpaid bills? :-) From nobody at xyzzy.claranet.de Tue Apr 5 18:08:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Apr 5 11:15:03 2005 Subject: [SpamCop-List] SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: Message-ID: <4252A9D1.4BE9@xyzzy.claranet.de> Mike Easter wrote: [217.160.230.41]. > listed in sorbs as a spamsource 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, unless they changed their $ 50 unlisting procedures. > mx00 and mx01 -- which are also sorbs listed. Besides 217 = 7 * 31, that's an excellent reason to block this IP, more convincing than SORBS 127.0.0.6. 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 SORBS 127.0.0.6 users are a part of the problem. Bye, Frank From MikeE at ster.invalid Tue Apr 5 10:07:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 5 12:10:04 2005 Subject: [SpamCop-List] Re: SORBS 127.0.0.6 (was: 1and1 Internet SMTP servers) References: <4252A9D1.4BE9@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > > [217.160.230.41]. >> listed in sorbs as a spamsource > > 40.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > Using SORBS 127.0.0.6 is gross negligence, but IMNSHO worse, > unless they changed their $ 50 unlisting procedures. I have my own gripes about sorbs, mainly based on the fact that I'm not able to use the webbased access to their db because I refuse to provide all the information necessary to register for login. But, I don't have any problem with their creation of a 'spam' db based on their own criteria for listing and delisting. As far as I'm concerned, anyone can make any kind of db they want to make. The power of a db is based on its popularity and usage. Sorbs has a variety of db with lots of different criteria. Only the spam one has the fine feature. >> mx00 and mx01 -- which are also sorbs listed. > > Besides 217 = 7 * 31, that's an excellent reason to block this > IP, more convincing than SORBS 127.0.0.6. I don't grok the significance of 7 * 31 = 217 or if it has anything to do with the IP in question being in the 217 class A. > 10.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > 13.230.160.217.dnsbl.sorbs.net = 127.0.0.6 > > SORBS 127.0.0.6 users are a part of the problem. sorbs long definition of their .6 is this: - You are a spammer who