From porpoise1954 at yahoo.co.uk Mon Aug 1 00:39:09 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jul 31 18:45:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Mike Easter" wrote in message news:dcjj79$e6r$1@news.spamcop.net... > jdd wrote: > Agent (Toulouse) : Jean-Daniel Dodin > http://valerie.dodin.net/2004/img_1024.jpg > > Ooh la la :-) > Ooh la la????? Am I missing something?? From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 02:48:35 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Sun Jul 31 19:50:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > yep it is what cablevision uses for shreveport What is what cablevision uses for shreveport? You've bottom-quoted several dozens of lines to add a single-line answer. That's several dozens multiplied by 100% overhead, multiplied by the number of receivers. Add to that the fact that your answer isn't clear that way. All of us read many messages here, are we supposed to read the whole bottom-quote again for the off chance we might then be able to understand your answer? Proper quoting style: - Trim the quote. Don't join spammers in wasting resources that are not your own. - Reply beneath the quote. Show the question followed by the answer, because people understand it that way. Joris From nobody at devnull.spamcop.net Mon Aug 1 12:48:07 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Jul 31 22:50:03 2005 Subject: [SpamCop-List] Re: Ignoring more than 4 user-notify addresses - STUPID! In-Reply-To: References: Message-ID: Johannes Froemter wrote: > Why Spamcop cancel mails to user-notify addresses completely if there > are more than 4 addresses instead of ignoring the addresses exceeding > the limit? > > Extra stupid: if you add for example abuse@pub.sd.cninfo.net to the > user-notify addresses filed then it will be replaced by five (!) > addresses and therefore completely ignored. > > >>abuse net pub.sd.cninfo.net = postmaster@pub.sd.cninfo.net, ctsummary@special.abuse.net, postmaster@sd.cninfo.net, support@pub.sd.cninfo.net, security@pub.sd.cninfo.net >> >>Ignoring more than 4 user-notify addresses Agreed. I think it is a bug, it should send the 1st four, and ignore the rest. This has been reported a long time ago, but nothing came of it. From nobody at devnull.spamcop.net Mon Aug 1 13:05:02 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Jul 31 23:10:02 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Joris Van Damme wrote: >>There's nothing about spamcop reporting which is prone to motivate >>tekcom or dtag to do anything. A SC report is toothless for >>spamvertisers. > > > Still, I can understand J.G.'s reasoning. I've come to the same conclusion: > nearly all spam comes from just a handfull of people. And nobody's stopping > them. ... Not quite true; haven't you seen last week's news article http://mosnews.com/news/2005/07/25/spammerdead.shtml ? From devnull at spamcop.net Mon Aug 1 00:23:38 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Jul 31 23:30:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: "wayne" | > Picking up on a post from Mike Easter in a previous thread... | > | > > We are all very glad that SC now allows such reportage, which it once | > > didn't; and SC's decision to allow such reports is having a very | > > beneficial effect on all of those various misconfigurations. | > | > Mike, I hope you don't mind my saying so... but I am someon who is | > /not/ glad that SC now classes backscatter as spam! | | Well, put me down as someone who is very glad that SC *IS* allowing | backscatter and email worms/viruses to be reported. They are | unsolicited because I didn't consent to have my email address forged. | They are bulk because the content of these bounces and virus | notifications are substantially the same. And, of course, they are | email. As a result, they are UBE and therefore spam as far as I'm | concerned. Hear hear, my email addy my rules. From jdd at dodin.org Mon Aug 1 08:34:06 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:35:07 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Mike Easter wrote: > jdd wrote: > Agent (Toulouse) : Jean-Daniel Dodin > http://valerie.dodin.net/2004/img_1024.jpg > > Ooh la la :-) > > nice, isn't it :-) jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:35:29 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:40:03 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Mike Easter wrote: > I interpreted jdd to be Jean-Daniel Dodin, right father, of Valerie Dodin. that is :-) two daughters singers ! jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:47:02 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:50:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Peter Pearson wrote: > Hoping this helps - - - > yes, really, such explanation is somehow more comprehensive than faq ones. in fact I though there was an other step (seems I was mistaking). I was thinking of some kind of spamassassin spam tag (CRC... or such) that could make spassassin (and other products) more effective. I'm not found of RBL blocking, having already had problem with it. My local LUG uses it for it's mailing list, but was obliged to discard RBL for the major french FAI because there where frequently blacklisted ans don't care of. I have two concerns, in two different thing * I build a imap server with squirrelmail and try to make spamassassin better. Squirrel sent me to spamcop. * I'm semi-retired with a few time free (but no money :-() and I try to help free software. spamcop may not be completely free, it's a very nice thing. I'm not a programmer, but teacher and writer and try to help this way jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 08:50:24 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 01:55:02 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Patto wrote: > Not quite true; haven't you seen last week's news article > http://mosnews.com/news/2005/07/25/spammerdead.shtml ? this is fairly rude :-( jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From nobody at devnull.spamcop.net Mon Aug 1 16:49:50 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Aug 1 02:50:03 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: jdd wrote: > Patto wrote: > >>Not quite true; haven't you seen last week's news article >>http://mosnews.com/news/2005/07/25/spammerdead.shtml ? > > > this is fairly rude :-( > jdd Sorry if I offended you. While I generally do not condone violence, I cannot really say that I mourn the death of a notorious spammer. I don't think many people in this newsgroup do. From rcarlton at spamcop.net Mon Aug 1 01:51:20 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Mon Aug 1 03:50:04 2005 Subject: [SpamCop-List] 66.240.235.0/24 Reports Going to Spammer Message-ID: Report: http://www.spamcop.net/sc?id=z791889829zae64abf2b46122159f3796935308e413z This should probably go to abuse@cari.net - for all the good it will do. Spamcop can't resolve the spamvertized link - jsok3klf6y.miraneais.com - but it points to web2.radarinternet.com - on 66.240.235.8. Spamcop wants to report the originating IP - 66.240.235.88 - to hostmaster@radarinternet.com. Senderbase shows it quite busy - up 531% in the last day and 1444% in the last month. But - the spamvertized domain - miraneais.com - is also registered to Radar Internet. The contact number is in or near Jacksonville, FL, not Livonia MI. Radar Internet is not registered with the state of Michigan nor the state of Florida. It redirects to cashanyday.com on 206.15.66.65 - listed as SBL27180, Brian Haberstroh & Atriks. On top of that - this block is allocated to Realdata Hosting - aka Venture Provider. Same contact, etc - as seen in http://www.spamhaus.org/sbl/sbl.lasso?query=SBL23962 - with the exception this this class C is not listed here or there. Could we change that maybe? whois -h whois.directi.com miraneais.com ... Registration Service Provided By: BESTSOLUTIONS Contact: +011.2527489 Domain Name: MIRANEAIS.COM Registrant: Radar Internet Solutions DNS Hostmaster (hostmaster@radarinternet.com) 33006 Seven Mile Rd. #211 Livonia MI,48152 US Tel. +1.9042077022 Creation Date: 15-Jul-2005 Expiration Date: 15-Jul-2006 Domain servers in listed order: ns1.radarinternet.com ns2.radarinternet.com Administrative, Billing, Technical Contact: Radar Internet Solutions DNS Hostmaster (hostmaster@radarinternet.com) 33006 Seven Mile Rd. #211 Livonia MI,48152 US Tel. +1.9042077022 All listed domians point back to the exact same registration information. And every single one redirects to cashanyday.com IP Address Resolved Name *************************************************************** 66.240.235.1 sndgo-ca-brd-235.radarinternet.com 66.240.235.2 www.radarinternet.com 66.240.235.3 ns1.radarinternet.com 66.240.235.4 ns2.radarinternet.com 66.240.235.5 mail1.radarinternet.com 66.240.235.6 mail2.radarinternet.com 66.240.235.7 web1.radarinternet.com 66.240.235.8 web2.radarinternet.com 66.240.235.9 web3.radarinternet.com 66.240.235.10 gnzq4z.paratcheths.com 66.240.235.11 ex52wj.mirenilaus.com 66.240.235.12 q1ndmr.segaciachen.com 66.240.235.13 e07p9h.gathranduts.com 66.240.235.14 alx2dl.embippucund.com 66.240.235.15 ea0w0m.anohihiis.com 66.240.235.16 fem54e.pitaileme.com 66.240.235.17 zvdzac.fuaperude.com 66.240.235.18 cltlni.ightisong.com 66.240.235.19 q02npi.siellotege.com 66.240.235.20 ktd4ea.preshiste.com 66.240.235.21 z2xkux.mactaolom.com 66.240.235.22 rawixw.pibliotge.com 66.240.235.23 amm6fj.codgeong.com 66.240.235.24 j6rrtw.cincumea.com 66.240.235.25 iz5hsp.bolencrigs.com 66.240.235.26 c185ab.holurines.com 66.240.235.27 k0oufn.golinust.com 66.240.235.28 mj9mxo.muaterceos.com 66.240.235.29 si69mc.alsempern.com 66.240.235.30 k0ccjn.senopoplos.com 66.240.235.31 ddwmvw.ponergeneel.com 66.240.235.32 yyymmn.flatskal.com 66.240.235.33 yq2f2g.ackaciyros.com 66.240.235.34 k085zq.dimmefal.com 66.240.235.35 t73hnl.tegochpams.com 66.240.235.36 vqewej.bitetaig.com 66.240.235.37 nst0ut.suthines.com 66.240.235.38 kqmovu.gectossic.com 66.240.235.39 nhbf2j.roscasuses.com 66.240.235.40 xb18dl.dahemmis.com 66.240.235.41 ca5h7c.cricroresms.com 66.240.235.42 kykjhu.velolids.com 66.240.235.43 w8yi3p.wranalenaon.com 66.240.235.44 o21jif.ulloramirec.com 66.240.235.45 qav0pc.tephapifre.com 66.240.235.46 kfexnb.ursarmels.com 66.240.235.47 s0jsng.mimpenchas.com 66.240.235.48 qtfy0k.coblihias.com 66.240.235.49 rz58wx.ubicosuas.com 66.240.235.50 kr518x.sitoanallah.com 66.240.235.51 pwcxlp.severahad.com 66.240.235.52 kcw3wh.tistovatul.com 66.240.235.53 py66kz.ahuraner.com 66.240.235.54 jvk1oc.cuipplons.com 66.240.235.55 mkq50n.toantners.com 66.240.235.56 jr03pm.vobacipig.com 66.240.235.57 sz38yw.cickorus.com 66.240.235.58 wj2zjv.consumblar.com 66.240.235.59 tmgimm.anisascy.com 66.240.235.60 r8wyco.pametrerues.com 66.240.235.61 eft9ep.focurbis.com 66.240.235.62 shfj9z.slickast.com 66.240.235.63 a4qunf.saksooler.com 66.240.235.64 lz09eq.aciggalmut.com 66.240.235.65 yav95r.pisaeldinir.com 66.240.235.66 og84do.shessniish.com 66.240.235.67 btljhj.otaddlonges.com 66.240.235.68 b4apha.abcagnies.com 66.240.235.69 np056w.estopisirse.com 66.240.235.70 pytjks.eblovoug.com 66.240.235.71 x3p4bx.ulugones.com 66.240.235.72 r110vr.nirtuvatos.com 66.240.235.73 gw0g5o.braenafy.com 66.240.235.74 xlra4u.ynspitis.com 66.240.235.75 audujd.faxcinste.com 66.240.235.76 e0jl6a.mastetrets.com 66.240.235.77 dv88yk.fegrarmuss.com 66.240.235.78 nr2upb.titbecks.com 66.240.235.79 yt6pzb.plushens.com 66.240.235.80 l65r0m.dimucallaum.com 66.240.235.81 xf6l2n.lycoleliwi.com 66.240.235.82 pcnb3h.tentonang.com 66.240.235.83 kvd8dt.fullacods.com 66.240.235.84 wdcpzb.sedibumahis.com 66.240.235.85 kt2dsj.mertenatid.com 66.240.235.86 nc6yon.swaynepolis.com 66.240.235.87 mogj9r.dothasmeas.com 66.240.235.88 nt2s9o.miraneais.com 66.240.235.89 qpkahd.fasinine.com 66.240.235.90 iw8ghw.cleocuns.com 66.240.235.91 du8f1p.gleflamas.com 66.240.235.92 ovowon.saonimets.com 66.240.235.93 z1nr1e.utcoliod.com 66.240.235.94 cmhjvs.potalilduch.com 66.240.235.95 dfyhbp.contincyte.com 66.240.235.96 elewwx.seperene.com 66.240.235.97 b3m16c.siespens.com 66.240.235.98 z4858e.satchiig.com 66.240.235.99 fbmgnw.dictecleth.com 66.240.235.100 o8pv3k.dotcromangs.com 66.240.235.101 q4nppq.caghtelast.com 66.240.235.102 vpgo7o.costilita.com 66.240.235.103 b844cj.chustehs.com 66.240.235.104 rz7yco.cinglacan.com 66.240.235.105 cweypi.sehardyreos.com 66.240.235.106 ytvhag.hagrelid.com 66.240.235.107 t251ek.cetirong.com 66.240.235.108 zj32dx.benthibi.com 66.240.235.109 ul17bu.talleluit.com 66.240.235.110 ukfykb.horbitres.com 66.240.235.111 ybspii.paliisecs.com 66.240.235.112 fu0xou.mintasatie.com 66.240.235.113 owjxvr.bactrists.com 66.240.235.114 j2r83r.tipiigme.com 66.240.235.115 tsf7or.cantyring.com 66.240.235.116 xia8am.fesinswet.com 66.240.235.117 mr7b7f.tirazeramig.com 66.240.235.118 e42g4p.brenflar.com 66.240.235.119 es92xp.coffsaos.com 66.240.235.120 evz3bj.gandasuhers.com 66.240.235.121 oux8lz.rotriomiss.com 66.240.235.122 zmvuac.rirdwechals.com 66.240.235.123 zrx77w.memurilphis.com 66.240.235.124 ii42ot.ictamiemode.com 66.240.235.125 yvskrl.flonaged.com 66.240.235.126 opap5s.fotewlopen.com 66.240.235.127 p70a0b.thoreepty.com 66.240.235.128 oqd2hd.stedlods.com 66.240.235.129 tptscc.secksongos.com 66.240.235.130 ntuook.tinticke.com 66.240.235.131 fmw5ah.sheriterts.com 66.240.235.132 p7xshq.parthosmoto.com 66.240.235.133 o8ufkc.weppigee.com 66.240.235.134 cl60ao.tatollol.com 66.240.235.135 g2gpdy.piulacovyct.com 66.240.235.136 dbcpci.gocyruzewus.com 66.240.235.137 an1r0t.dirlolesh.com 66.240.235.138 nwq00k.ollagamim.com 66.240.235.139 qwsj8v.canspangs.com 66.240.235.140 ta2iln.phillahy.com 66.240.235.141 ystd7l.tahtenite.com 66.240.235.142 tlsx9b.dathixerbis.com 66.240.235.143 l1zx4w.wescenaead.com 66.240.235.144 i9546p.sigtheta.com 66.240.235.145 ggcwiz.aeclasms.com 66.240.235.146 go92oz.chronozert.com 66.240.235.147 j9pz1u.donanlid.com 66.240.235.148 ed9mrp.podelossom.com 66.240.235.149 ezg32u.tacyphery.com 66.240.235.150 hxhyva.seciserds.com 66.240.235.151 m79iva.byllaestass.com 66.240.235.152 p2qmgq.sitrintime.com 66.240.235.153 brq3dt.bentiqatile.com 66.240.235.154 g11zcd.pescroang.com 66.240.235.155 h7b7my.pyontriws.com 66.240.235.156 z3f83b.moniompas.com 66.240.235.157 sy7khg.ruwdilose.com 66.240.235.158 dqep1m.fropharm.com 66.240.235.159 z61m4u.bumetemmys.com 66.240.235.160 tprppq.yxturmaimas.com 66.240.235.161 uxap6n.blengemaht.com 66.240.235.162 pofxpo.virsonag.com 66.240.235.163 ffj0pz.leedisnel.com 66.240.235.164 xalj5x.belfeaed.com 66.240.235.165 kux6rd.pucawenady.com 66.240.235.166 lt0a8e.pospottarm.com 66.240.235.167 eat02a.cuncettend.com 66.240.235.168 gc06ku.ugaltinsos.com 66.240.235.169 tbejgp.happehight.com 66.240.235.170 t4c2mb.paagonad.com 66.240.235.171 pj4t5a.curistung.com 66.240.235.172 sarv5e.phengosig.com 66.240.235.173 lwpzxa.sentigablek.com 66.240.235.174 n65m1l.pelutaras.com 66.240.235.175 nitkft.prenfleus.com 66.240.235.176 ad947p.nenemusis.com 66.240.235.177 mtrgxy.binunditums.com 66.240.235.178 ccm8wa.treunulet.com 66.240.235.179 kqw0em.phatrihe.com 66.240.235.180 dno80l.caggilestut.com 66.240.235.181 mj0v2u.linedere.com 66.240.235.182 sf76lu.thenidad.com 66.240.235.183 iqwaok.repesmiky.com 66.240.235.184 s6qjer.piressyrs.com 66.240.235.185 hu6dcf.busehusees.com 66.240.235.186 g2i4er.siphevecun.com 66.240.235.187 a1xoew.mihavught.com 66.240.235.188 gf0v7r.ridynalasas.com 66.240.235.189 yna7jc.mapepigeos.com 66.240.235.190 t2yzbu.tistrems.com 66.240.235.191 w9un8j.asmoolirid.com 66.240.235.192 l22eyq.efrigrulem.com 66.240.235.193 rber0l.tenapeongs.com 66.240.235.194 rcdi2e.cherrhang.com 66.240.235.195 r7d9hw.beockaos.com 66.240.235.196 w1d1yt.danisting.com 66.240.235.197 i3opnb.moagligs.com 66.240.235.198 zrlylk.dusaivery.com 66.240.235.199 qdmdnk.seculisang.com 66.240.235.200 mt5r9x.mismanysina.com 66.240.235.201 pjsl9c.pedederots.com 66.240.235.202 pvx5ed.tillosenars.com 66.240.235.203 pzk46b.vabizeid.com 66.240.235.204 pmjbts.semiflest.com 66.240.235.205 a0y9yp.totorast.com 66.240.235.206 dm40ys.cirliterby.com 66.240.235.207 ni1edq.roibblolds.com 66.240.235.208 nw0h9r.dasoedwong.com 66.240.235.209 cm5jep.echmeunsed.com From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 11:59:09 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 05:00:49 2005 Subject: [SpamCop-List] Re: rsg References: Message-ID: "jdd" wrote in message news:dckd70$sgg$2@news.spamcop.net... > Patto wrote: > > > Not quite true; haven't you seen last week's news article > > http://mosnews.com/news/2005/07/25/spammerdead.shtml ? > > this is fairly rude :-( > jdd No, it's not. It's an excellent illustration of the kind of man these people are. If someone has so little conciense and good sense as to waste half the planet's e-mail resources on fake drug scemes and abuse of people's weaknesses, then chances are his into all kinds of crime, and chances are crime catches up with him. World is a better place now, as far as I'm concerned. Joris From nobody at devnull.spamcop.net Mon Aug 1 05:55:14 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Aug 1 05:50:16 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcijj2$sf2$1@news.spamcop.net... > > Well, somebody has to report it at some point or nobody would know > > what to reject. And, I think, technically the spam that is > > rejected has been filtered, but the action was rejection, not a > > particular folder. > > No, it's a rejection based on the IP or domain there is no filtering. Or, > the IP is blocked at the router so they can't even connect. A long time ago, I had a discussion on nanae that was going nowhere until I realized that 'filter' to them meant /any/ action that decided what to do with emails including rejection. Like you, I considered filtering to be something that was done after acceptance. Possibly the usage has changed - like the term 'bounce' - because what happens at the server and after acceptance has so completely different outcomes. However, to be technical, one is 'filtering' incoming email if there is any decision that is made about it. Miss Betsy From nobody at devnull.spamcop.net Mon Aug 1 06:05:41 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Aug 1 06:00:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: "Mike Easter" wrote in message news:dcingi$umg$1@news.spamcop.net... > Peter Gradwell wrote: > > > Presumably, it is acceptable to scan the mail during the SMTP session > > and to generate an smtp rejection along the lines of: > > > > 550 "Mail Rejected. Click http://www.gradwell.com/cr/1234 to > > whitelist" > > > > Which could then add you to my whitelist and deliver the email to me. > > Rejecting with a link would be just fine, ie it is not abusive > whatsoever, as opposed to the challenges. It might not 'work' as > expected for some automated or nonhuman senders, such as a typical > mailing list. The mailing list demon would probably interpret the > result as a regular bounce, the same as 'no such user' or even 'mailbox > full'. But that wouldn't matter since, presumably, he signed up for the mailing list and has it on his whitelist already. And mailing lists don't change without warning subscribers because so many people do have whitelists. Miss Betsy From nobody at nowhere.invalid Mon Aug 1 13:46:01 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Aug 1 06:50:02 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: On Mon, 1 Aug 2005 05:05:41 -0500, Miss Betsy coughed into spamcop and left this in : > But that wouldn't matter since, presumably, he signed up for the > mailing list and has it on his whitelist already. And mailing > lists don't change without warning subscribers because so many > people do have whitelists. You'd be surprised how many people *do* challenge mailing list traffic (ever posted anything to bugtraq, which is supposed to be populated by clued up people?). Their crapware is malconfigured for 2 reasons: 1) It sends the challenge to the address in the From: header, not to the SMTP FROM: address, which is reproduced in the Return-Path: header. 2) It sends challenges to stuff which is easily identifiable as list traffic through the RFC2369 headers. -- Steve BASIC: A programming language. Related to certain social diseases in that those who have it will not admit it in polite company. From nobody at xyzzy.claranet.de Mon Aug 1 13:47:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Aug 1 06:55:03 2005 Subject: [SpamCop-List] Re: Backscatter References: <42E62BCE.5AF9@xyzzy.claranet.de> <42E69488.1FF1@xyzzy.claranet.de> <42E75A5F.3D49@xyzzy.claranet.de> Message-ID: <42EDFDA5.6EC6@xyzzy.claranet.de> McWebber wrote: > LDAP is not an accounting database. Many systems, > with multiple MX use it. Another system I've heard of is a kind of relay test: Like "call-back-verification", only forward to the RCPT TO at the next hop instead of backwards to the MAIL FROM. It has some obvious timing issues, the sender won't wait forever for an "okay" or "error" after the RCPT TO. Probably LDAP has similar problems. It defeats the idea of a backup MX, it should take over when the main site incl. primary MXs and LDAP is unavailable. >> But the default for all identified worm should be >> "don't bounce". Dito for spam. > Unfortunately, it's not. Which is why a lot of > backscatter is getting reported. From SC's POV the only problem with these reports is that they are almost identical to any "unavoidable" backscatter. SC is only a script, it's smart enough to get "bounce" vs. "spam" right, but then it cannot identify "avoidable" vs. "unavoidable". > Please cite the law. Google says it's (de) "206 StGB Postunterdr?ckung": > Is it then illegal in your country to have a catchall > address? Now I have a catchall address. That's why I'm interested in this thread and SPF. One spammer decided that this is also a good time to forge my addresses sgain, I got about 160 backscatter mails today (the first major attack after about 10 months). Reporting this crap with SC is now very simple. I have a FAIL sender policy, so it is 100% "avoidable" as soon as the forged MAIL FROM appears in the SMTP dialogue. > You would then receive the misdirected email and do with > it as you please, including deleting it. Yes, I know all the fun with catchall addresses, especially Message-IDs. All reported via SC and deleted, no problem if I do it. My mail provider would have a problem if he accepts and deletes mail for me without telling me. It's not different for catchall addresses. > Not "bouncing" to the forged sender causes no abuse to > any innocent party. First you have to _know_ that it's forged. Or at least to guess, e.g. worm => default forged => delete. And it's not always possible to get this right without a sender policy. E,g. if something in your setup decides "over quota", and therefore you never check what it is (a worm), then you're not in the position to decide "forged". The only place to catch all forgeries is at the first MX, if the forged sender publishes a FAIL sender policy, and the first MX checks it. Otherwise, if you hope to get it right later, you depend on spam detection heuristics and less reliable tricks, and that might file => bounce. That's also what SC says in its FAQ about "misdirected" bounces. SC only forgot to enforce that senders really must have a FAIL sender policy or a similar DKIM policy before they can report all bounces. There's no incentive for senders to protect themselves, they can just report all bounces as spam without doing anything on their side. That will backfire, it's wrong. [bounce example] >> avoidable. Some outblaze mailer. > Outblaze? goodname.net has nothing to do with Outblaze. Yes, today it doen't mumble something about "outblaze" in its greeting, probably I screwed up, s/net/com/ (?) Tested again: using MAIL.MOSTBOX.COM for goodname.net 20050801 12:42:39 TCP connection with MAIL.MOSTBOX.COM:25 42:39.91 220 mail.mostbox.com ESMTP 42:39.91 ehlo xyzzy.dnsalias.org 42:40.38 250-mail.mostbox.com 42:40.38 250-PIPELINING 42:40.38 250 8BITMIME 42:40.38 mail from: 42:40.82 250 ok 42:40.82 rcpt to: 42:41.28 250 ok 42:41.28 quit 42:41.72 221 mail.mostbox.com Avoidable, assuming that gggjhggg@ doesn't exist. Bye From nobody at nowhere.invalid Mon Aug 1 13:54:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Aug 1 06:55:07 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: On Mon, 1 Aug 2005 01:48:35 +0200, Joris Van Damme coughed into spamcop and left this in : > What is what cablevision uses for shreveport? > > You've bottom-quoted several dozens of lines ...below the signature separator, meaning that some people won't see what was quoted. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From nobody at xyzzy.claranet.de Mon Aug 1 14:38:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Aug 1 07:40:03 2005 Subject: [SpamCop-List] Re: Backscatter References: <42E62BCE.5AF9@xyzzy.claranet.de> <42E73ED9.76FF@xyzzy.claranet.de> Message-ID: <42EE09AA.1C8B@xyzzy.claranet.de> Blammo wrote: > blackmailing others into suporting one's (SPF) own buggy > software is unreasonable Just reported in another article, today I got my first load of spam backscatter since about 10 months, reported manually with a very polite note: "Erroneous spam bounce / challenge / forward - please use a filter and/or SPF" I really don't care _how_ they avoid it, it's only important that they always _could_ do it using my published SPF policy. It's an open standard, they can write their own software if they don't like the available implementations. > Without going into details, which you probably know anyway, > it is not anti-spam nor real sender verification It's anti-forgery. Not one of the 160 bounces I got today was necessary, they'd all result in FAIL and reject if tested at the first MX on the side of the victims. Also unnecessary: all spams that made it to their victims with my MAIL FROM in this spam run. Also unnecessary: all other spams with unprotected addresses from the same zombies. As soon as SPF checks throw some FAIL results the receiver should know what he has to expect from the sending IP in the next hours. The latter might be faster than the SCBL, you can reject the zombie immediately, even before it's reported / blacklisted. And of course there are systems doing this already, using SpamAssassin 3 or similar toools, and on those systems not one spam with my forged MAIL FROM reached its victim. >From those systems it was also not bounced to me, it was simply rejected. So that is a typical win-win scenario for all participants. > very user unfriendly. Depends on how tricky the sender policy wants to be. I'm no fan of the more complex "features", for xyzzy.claranet.de it is plain simple (two queries): xyzzy.claranet.de text = "v=spf1 redirect=claranet.de" claranet.de text = "v=spf1 ip4:212.82.225.0/24 ip4:195.170.96.0/24 -all" So if you get MAIL FROM: and the IP is not one of the 2 * 256 listed IPs, please reject this as forgery. Obvious without digging deep in the spec. > However, when used after spam and virus detection, such > as with Spamassassin, it is a useful tool. The best order depends on the average costs. If you do it after spam / worm detection you already have the mail DATA. It's better to do it between MAIL FROM and DATA - no reason why you should waste your MTA's time receiving this crap if you could know that it's forged before the DATA. Of course you can also check it later together with other tests. Actually you can mix both approaches, if it's a FAIL policy do it a.s.a.p., if it's a policy without FAIL chance do it later (combined with scoring maybe) or maybe never (?) The most expensive steps are the DNS queries. Bye, Frank From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 16:03:56 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 09:05:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > > You've bottom-quoted several dozens of lines > > ...below the signature separator, meaning that some people won't see > what was quoted. Thanks for the clarification, I wasn't aware. It would be a shame if these people missed your signature, though... It's a nice one. ;-) Joris From glnews030922 at highspot.net Mon Aug 1 15:13:42 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Aug 1 09:15:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: jdd wrote: > however I build a new mail server and needs to reach it from web mail > (squirrelmali), and so install spamssassin and didn't know how to make > sa learn what is spam like mozilla do. Short answer: man sa-learn :-p Longer answer: My mail is held in mbox format, if you're using maildir, then miss out the --mbox part. If you're using mbx, then use --mbx instead. sa-learn --ham --mbox /path/to/ham/mail/folder sa-learn --spam --mbox /path/to/spam/mail/folder sa-learn --sync Best way to deal with it is to set up a cron job to do it for you every day. I have a cron job that learns from 2 spam and 5 ham folders and then does a sync to the Bayes database at 2am every day. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From mcwebber at my-deja.com Mon Aug 1 10:30:50 2005 From: mcwebber at my-deja.com (McWebber) Date: Mon Aug 1 09:35:04 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "Miss Betsy" wrote in message news:dckr5n$3qr$1@news.spamcop.net... > > A long time ago, I had a discussion on nanae that was going nowhere > until I realized that 'filter' to them meant /any/ action that > decided what to do with emails including rejection. Like you, I > considered filtering to be something that was done after > acceptance. Possibly the usage has changed - like the term > 'bounce' - because what happens at the server and after acceptance > has so completely different outcomes. However, to be technical, > one is 'filtering' incoming email if there is any decision that is > made about it. > No decision is made about the email. If the IP or domain is blocked, there is no email to filter. -- McWebber "Richter points to the lack of legal action against his company as proof that he's operating appropriately." Information Week, November 10, 2003 From kjz at despammed.com Mon Aug 1 16:57:52 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Mon Aug 1 10:00:03 2005 Subject: [SpamCop-List] Re: Auna.es In-Reply-To: References: Message-ID: Pete wrote: > Why does spamcop still try to mail abuse@auna.es? When you check the DNS > information for auna.NET, the registrant email address that pops up is > dominios.administracion@auna.es . It seems as though auna.es is actually > auna.net, or am I missing a link here? Does Auna actually react or do they only run an ignorebot so complaints will be useless either? - kjz From jr70 at blackhole.invalid Mon Aug 1 08:54:06 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 10:55:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: Ant wrote: > "McWebber" wrote: > >> There's probably and RFC about top-posting as well. > > RFC 1855. > 3.1.1 General Guidelines for mailing lists and NetNews > "If you are sending a reply to a message or a posting be sure you > summarize the original at the top of the message, or include just > enough text of the original to give a context". > > But I expect you knew that. That's not a very solid defense for bottom posting. "Summarize the original at the top" implies *new* text where the new responder restates (in his own words) the point made by the previous poster. The alternate option "include just enough text of the original" does not state where that quoted text should be positioned. -- John Richards From jr70 at blackhole.invalid Mon Aug 1 09:09:10 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 11:10:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: >> yep it is what cablevision uses for shreveport > > What is what cablevision uses for shreveport? > > You've bottom-quoted several dozens of lines to add a single-line answer. > That's several dozens multiplied by 100% overhead, multiplied by the number > of receivers. Add to that the fact that your answer isn't clear that way. > All of us read many messages here, are we supposed to read the whole > bottom-quote again for the off chance we might then be able to understand > your answer? > > Proper quoting style: > - Trim the quote. Don't join spammers in wasting resources that are not your > own. > - Reply beneath the quote. Show the question followed by the answer, because > people understand it that way. > > > Joris It would have been worse if he had put that one-line reply *after* several screens of quoted text. I understood mikeyhsd's reply immediately without having to reread the quoted text, because I remembered the pertinent section in the prior post from Mike Easter. The issue is not so much whether one top-posts or bottom-posts but whether extraneous quoted material is snipped (for those readers with poor recollection or *not* familiar with prior posts in that thread). -- John Richards From MikeE at ster.invalid Mon Aug 1 09:15:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 11:15:03 2005 Subject: [SpamCop-List] Re: Backscatter References: Message-ID: John Richards wrote: > That's not a very solid defense for bottom posting. Bottom posting does not equal trimmed contextualization. Trimming = trimming, first concept in the argument and the first step in the process. The preceding message should be trimmed down to /only/ the part which is going to be commented on. Contextual = conversationally sequential commentary on the trimmed result above -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Mon Aug 1 09:17:47 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 11:20:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: jdd wrote: > for example, I'm not sure to understand this: > > SpamCop will send email on your behalf to the appropriate > network administrator. Before using SpamCop... If you think *that* explanation is unclear, you should read the one about Mailhosts... -- John Richards From jdd at dodin.org Mon Aug 1 18:18:13 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 11:20:05 2005 Subject: [SpamCop-List] Re: rsg In-Reply-To: References: Message-ID: Joris Van Damme wrote: > are. If someone has so little conciense and good sense as to waste half the > planet's e-mail resources I don't wan to start a troll, but death penalty for spam is not fair (anyway I don't think he was murdered for this). This man didn't kill anybody and if the internet is ready to let anybody use freely helf of it's ressources, it deserve his problem. nobody, even the worst man, is responsible to the weakness of some net responsibles. jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From jdd at dodin.org Mon Aug 1 18:23:58 2005 From: jdd at dodin.org (jdd) Date: Mon Aug 1 11:25:02 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: Graeme Leith wrote: > Short answer: man sa-learn :-p I've seen this. needs console access and manual moving of spam, but iy's nice. anyway I won't disturb anymore this list with "sa" questions. thanks jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 18:27:42 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 11:35:02 2005 Subject: [SpamCop-List] Re: rsg References: Message-ID: > I don't wan to start a troll Indeed, let's not go into this too deeply. > but death penalty for spam is > not fair (anyway I don't think he was murdered for this). Of course. My personal opinion, I don't want to kill anyone. (That's as far as my personal opinion goes. If I were to take it any further, along the same line - which is not my responsability - then I'd say no reason is good enough to kill anyone, including Bush-Christian values and re-election and stuff. Murder is murder is murder, whether commited by a layman, a judge, or a soldier. Worse still, last two are professionals.) > This man didn't kill anybody and if the internet is ready to > let anybody use freely helf of it's ressources, it deserve > his problem. True, in the sense that it is logically correct. > nobody, even the worst man, is responsible to the weakness > of some net responsibles. Also true. I would like to stress that I never dissagreed with any of this, and never will. However, the point raised is that a man is responsible for his abuse of another man's weakness, which is quite different from being responsible for the weaknesses themselves. Another point raised, is related to the fact that I personally don't mind making jokes over the spammer's death, which is quite different from killing him. I also stated that the world is a better place without the sorts of criminals that likely get themselves killed by fellow sorry asses. That too, is a statement I'm quite willing to repeat and stick by. It's not the same as killing him, or defending death penalty or whatever murdurous activity itself. I don't think we dissagree, really. In any case, I don't dissagree with anything you said here. Joris From PleaseReplyTo at TheGroupInstead.be Mon Aug 1 18:33:03 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Mon Aug 1 11:35:04 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > It would have been worse if he had put that one-line reply *after* several > screens of quoted text. So? Something A being worse then B being worse then C, does not mean B is the recommend way to go. C is. > The issue is not so much whether one top-posts or bottom-posts > but whether extraneous quoted material is snipped (for those readers > with poor recollection or *not* familiar with prior posts in that thread). I've poor recollection, but good bookmarks: http://web.presby.edu/~nnqadmin/nnq/nquote.html Joris From anon at coks.net Mon Aug 1 09:53:02 2005 From: anon at coks.net (J G) Date: Mon Aug 1 11:55:02 2005 Subject: [SpamCop-List] whats in a name... Message-ID: http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z fartingfritter - gotta love it... From anon at coks.net Mon Aug 1 10:32:45 2005 From: anon at coks.net (J G) Date: Mon Aug 1 12:35:03 2005 Subject: [SpamCop-List] Great reply form, thanks to Andrew @ NANAE... Message-ID: Your idea advocates a (x) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.) ( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (x) Requires immediate total cooperation from everybody at once (x) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (x) Anyone could anonymously destroy anyone else's career or business Specifically, your plan fails to account for ( ) Laws expressly prohibiting it (x) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (x) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money (x) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (x) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam (x) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers (x) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering (x) Outlook and the following philosophical objections may also apply: (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free (x) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough Furthermore, this is what I think about you: (x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down! -- Andrew Oakley andrew/atsymbol/aoakley/stop/com From kenbrody at spamcop.net Mon Aug 1 13:18:29 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Aug 1 12:45:04 2005 Subject: [SpamCop-List] Re: Lying with statistics (was Re: turning spammy servers off) References: <42E775E9.A88EBB45@spamcop.net> <7dgkve46do2d$.dlg@news.spamcop.net> <1ndoxhi65dgbh.dlg@news.spamcop.net> <42EAA1C0.6EA18228@spamcop.net> Message-ID: <42EE4B55.8BC8E01E@spamcop.net> Porpoise wrote: > > "Kenneth Brody" wrote in message > news:42EAA1C0.6EA18228@spamcop.net... > > > > How to lie with statistics... :-) > > > > But, you end up with 2 (a 100% increase) rather than 3 (a 200% increase). > > Therefore, you have a 100% decrease in the amount of zombies. (100% is > > 100% less than 200%.) > > > > That's not actually correct - 100% less of anything is 0 > > If you're talking about the % movement from 3 (which is now the 100% figure) > to 2, then the percentage reduction is 1-2/3*100 = 33.333333' . Whichever > direction you're going in, the *starting* figure is always 100%. Well, I did rename this subject "lying with statistics". :-) 200 bananas is 100 bananas less than 300 bananas, correct? 200 people is 100 people less than 300 people, correct? 200 zorkmids is 100 zorkmids less than 300 zorkmids, correct? Therefore... 200 percent is 100 percent less than 300 percent. Correct? :-) Many years ago, I worked in a retail store, and learned their spin on markup percentage. If you buy something for 1 dollar and sell it for 2 dollars, it is called a "50% markup", despite the 100% increase in the price. Why? Because the markup was 50% of the final price. (That is, you're not saying "we marked up the price by X percent", but rather "our markup was Y percent of the price we sold it at".) Same thing with "X% free!" on boxes of merchandise. If the "normal" size is 100 oz. and they then have 125 oz. boxes for the same price, they'll mark it as "25% free". Actually, only 20% of the 125 oz. is "free". And even then, their normal 125 oz package does not cost 125% the price of the 100 oz. package. So, it's not really "25% free", but rather "15% off the normal 125 oz. package price", but that doesn't sound as good. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Mon Aug 1 13:30:42 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Aug 1 12:45:07 2005 Subject: [SpamCop-List] Re: whats in a name... References: Message-ID: <42EE4E32.47896C36@spamcop.net> J G wrote: > > http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z > > fartingfritter - gotta love it... Following the subject of this thread (though not spamcop-related)... http://www.answers.com/topic/brfxxccxxmnpcccclllmmnprxvclmnckssqlbb11116 -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From PossumTrot at dont.spam.me Mon Aug 1 10:35:03 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:10 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From PossumTrot at dont.spam.me Mon Aug 1 10:35:17 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:12 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From PossumTrot at dont.spam.me Mon Aug 1 10:36:02 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Mon Aug 1 12:45:15 2005 Subject: [SpamCop-List] Re: Major ISP's being blacklisted issue References: Message-ID: "McWebber" wrote in message news:dcdlbp$fjc$1@news.spamcop.net... > "Possum Trot" wrote in message > news:dcdh6h$d1t$1@news.spamcop.net... >> I am totally happy with Hotmail's filtering. AFAIK I have never had an >> email blocked coming or going. > > > You have no way of knowing what they blocked if you never got it and they > didn't send a rejection message. > > -- > McWebber > "Richter points to the lack of legal action against his company as proof > that he's operating appropriately." > Information Week, November 10, 2003 > > From anon at coks.net Mon Aug 1 11:27:03 2005 From: anon at coks.net (J G) Date: Mon Aug 1 13:30:03 2005 Subject: [SpamCop-List] Re: whats in a name... In-Reply-To: <42EE4E32.47896C36@spamcop.net> References: <42EE4E32.47896C36@spamcop.net> Message-ID: On 8/1/2005 9:30 AM Kenneth Brody scribbled: > J G wrote: > >>http://www.spamcop.net/sc?id=z792069855z9e36433f6c73b931fea5cb4210bdb8d6z >> >>fartingfritter - gotta love it... > > > Following the subject of this thread (though not spamcop-related)... > > http://www.answers.com/topic/brfxxccxxmnpcccclllmmnprxvclmnckssqlbb11116 > betcha he's running the RSG... From anon at coks.net Mon Aug 1 11:33:17 2005 From: anon at coks.net (J G) Date: Mon Aug 1 13:35:03 2005 Subject: [SpamCop-List] forenjoy Message-ID: http://www.spamcop.net/sc?id=z792098540z00313d1cdc1e9fd46ed0ac8b258a4e76z Does SC go through all those gyrations of deobfuscating and then ignoring because the URL is blackhat, or can it really not figure forenjoy out? Its been around quite a while... From glnews030922 at highspot.net Mon Aug 1 21:21:30 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Aug 1 15:20:04 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: jdd wrote: > Graeme Leith wrote: > >> Short answer: man sa-learn :-p > > > I've seen this. needs console access and manual moving of spam, but iy's > nice. anyway I won't disturb anymore this list with "sa" questions. thanks > jdd If you have console access to the box you're talking about and you want some help getting your system set up to automatically update its Bayes database and move SA identified spam to a special folder as it arrives, then drop me a line off group. The email address I use here is valid. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From click1510 at earthlink.net Mon Aug 1 13:51:13 2005 From: click1510 at earthlink.net (CO-DBA-SC-EL) Date: Mon Aug 1 15:55:03 2005 Subject: [SpamCop-List] Re: Great reply form, thanks to Andrew @ NANAE... References: Message-ID: "J G" wrote in message news:dclioc$gn5$1@news.spamcop.net... > Your idea advocates a > > (x) technical ( ) legislative ( ) market-based ( ) vigilante Which idea was this referring to? C_O From nobody at spamcop.net Mon Aug 1 13:56:23 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Aug 1 16:00:02 2005 Subject: [SpamCop-List] Reporting USENET spam? Message-ID: Is it appropriate to report Usenet spam via spamcop if there is an IP address? GB -- "That intellectual torpor maybe sufficient to earn a job at some disaster prone part of the world like Chernobyl or NASA, but it won't cut the mustard with me." - Professor Maximillian Arturo From MikeE at ster.invalid Mon Aug 1 14:47:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 16:50:02 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: NerdRevenge wrote: > Is it appropriate to report Usenet spam via spamcop if there is an IP > address? Appropriate is a complicated word, but the short answer before the philosophy is 'yes' -- maybe it will work and maybe it won't. Reporting usenet spam is complicated by the fact that usenet headers are very often unreliable. It is also complicated by the fact that what you might think is 'usenet spam' isn't necessarily usenet spam, because the criteria for acceptably posting something into a newsgroup are very very different than the unacceptability of someone emailing you the same item. It is also typically 'unclear' about whether or not usenet spamming is actually against any given provider's AUP or not. Some providers consider usenet 'misbehaviors' in a very vague way. A surprising number of providers have a usenet policy which is roughtly equivalent to "Be nice." because they don't want to enforces anything about newsgroup misbehavior because it can be defined so variably. An oversimplification is that some newsgroups permit commercial messages - and some providers allow some kind of usenet spamming - and some usenet spamming is permissibly defined by such things as the Breidbart index. You should also read SC's 'bizarre' advice about reporting usenet spam. SC advises you to send an email to the spammer and ask hir to not do that. Very often when you parse a usenet spam with the SC parser it will bail on determining a source because SC requires that a usenet spam header be 'just so' before it will offer to make a report. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Aug 1 14:51:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 16:55:02 2005 Subject: [SpamCop-List] Re: forenjoy References: Message-ID: J G wrote: www.spamcop.net/sc?id=z792098540z00313d1cdc1e9fd46ed0ac8b258a4e76z > > Does SC go through all those gyrations of deobfuscating and then > ignoring because the URL is blackhat, or can it really not figure > forenjoy out? SC can resolve the naked URL Parsing input: http://forenjoy.info/fgh.php host forenjoy.info (checking ip) = 221.4.179.229 but SC's apnic mirror is currently shot ch455-ap = So it has to devnull on that basis. > Its been around quite a while... -- Mike Easter kibitzer, not SC admin From anon at coks.net Mon Aug 1 15:29:58 2005 From: anon at coks.net (J G) Date: Mon Aug 1 17:30:03 2005 Subject: [SpamCop-List] Re: Great reply form, thanks to Andrew @ NANAE... In-Reply-To: References: Message-ID: On 8/1/2005 12:51 PM CO-DBA-SC-EL scribbled: > "J G" wrote in message news:dclioc$gn5$1@news.spamcop.net... > >>Your idea advocates a >> >>(x) technical ( ) legislative ( ) market-based ( ) vigilante > > > Which idea was this referring to? > > C_O > > Sorry, don't know - wasn't following that thread and there was no quote included. I thought it was clever and could be used with the next pipedream suggestion which may be floated around here... From petzl at spamcop.net Tue Aug 2 08:58:50 2005 From: petzl at spamcop.net (petzl) Date: Mon Aug 1 18:00:03 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: "NerdRevenge" wrote in message news:dclunf$ngu$1@news.spamcop.net... > Is it appropriate to report Usenet spam via spamcop if there is an IP > address? > > > GB > Use SpamCop by all means However Newsgroup reporting is not one of SpamCops strengths Most postings are anonymous but usually name the posting machine not the posting host Most do have an address to report abuse to Once you have found the abuse address you are best advertise this in your group such as report this spam to abusewhoever.com (do not use the @ as spammers runprograms to scrape email addresses off the internet The more that report newsgroup spamming the more effect you become Petzl From porpoise1954 at yahoo.co.uk Tue Aug 2 02:06:23 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Aug 1 20:10:04 2005 Subject: [SpamCop-List] Re: Lying with statistics (was Re: turning spammy servers off) References: <42E775E9.A88EBB45@spamcop.net> <7dgkve46do2d$.dlg@news.spamcop.net> <1ndoxhi65dgbh.dlg@news.spamcop.net> <42EAA1C0.6EA18228@spamcop.net> <42EE4B55.8BC8E01E@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:42EE4B55.8BC8E01E@spamcop.net... > Porpoise wrote: >> >> That's not actually correct - 100% less of anything is 0 >> >> If you're talking about the % movement from 3 (which is now the 100% >> figure) >> to 2, then the percentage reduction is 1-2/3*100 = 33.333333' . >> Whichever >> direction you're going in, the *starting* figure is always 100%. > > Well, I did rename this subject "lying with statistics". :-) > > 200 bananas is 100 bananas less than 300 bananas, correct? Correct > > 200 people is 100 people less than 300 people, correct? Correct > > 200 zorkmids is 100 zorkmids less than 300 zorkmids, correct? Correct > > Therefore... > > 200 percent is 100 percent less than 300 percent. > Mmmm....Sort of......... But only if it's applied to something - such as 200% of 50 bananas (100) is 100% of 50 bananas (50) less than 300% of 50 bananas (150). Unless it is "of" something, it is meaningless. In the same way - 50 bananas - 100% of 50 bananas = 0 For example: 1. If I have 10 apples and I decide to give you 100% of them, how many am I left with? 2. If I have 10 apples and I decide to give you 300% of them, how many do I have left? 3. If I have 10 apples and I decide to give you 200% of them, how many am I left with? From nobody at devnull.spamcop.net Mon Aug 1 21:00:52 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Aug 1 21:05:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "Peter Pearson" wrote in message news:dcjmls$g7k$1@news.spamcop.net... > > You're right: Spamcop's documentation is confusing and unclear. > From time to time, somebody makes noise about fixing that > problem, but . . . Hmmm, "FAQ sucks, hard to navigate, can't find anything ..." http://forum.spamcop.net/forums/index.php?showtopic=2238 single-page access point created as a possibility / work-horse "Don't know how to ...." http://forum.spamcop.net/forums/index.php?showforum=13 How to Use .... forum section created http://forum.spamcop.net/forums/index.php?showtopic=2385 How I use my SpamCop E-mail Account examples "Crap needs to be on a web-page ...." http://forum.spamcop.net/forums/index.php?act=home web page/portal created . asked for input . got "it's broken in FureFox" .. fixed FireFox issue .. no more input I'd have to suggest that a bit more than "noises" have been attempted. > here we are, still. I don't have a good > overview of all Spamcop's activities, but I think I understand > well the part that I use, so I'll describe that. Would be great fodder for the "How I Use ...." sections .... . From nobody at spamcop.net Mon Aug 1 19:43:34 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Aug 1 21:45:03 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: "petzl" wrote in message news:dcm5uu$rqe$1@news.spamcop.net... > > "NerdRevenge" wrote in message > news:dclunf$ngu$1@news.spamcop.net... >> Is it appropriate to report Usenet spam via spamcop if there is an IP >> address? >> >> >> GB >> > Use SpamCop by all means > However Newsgroup reporting is not one of SpamCops strengths > Most postings are anonymous but usually name the posting machine not the > posting host > Most do have an address to report abuse to > > Once you have found the abuse address you are best advertise this in your > group > such as > report this spam to > abusewhoever.com (do not use the @ as spammers runprograms to scrape > email addresses off the internet > The more that report newsgroup spamming the more effect you become I did report 23 spams today from the same IP adress in the same newsgroup posted within moments of each other. The "Make Millions with PayPal" scam. Result..No IP listed There are also others who love to flood some groups with copyrighted news stories that have nothing to do with the subject group. Resut..No IP listed and flooding continues > > Petzl > From dfm2a3l0t2 at spymac.com Mon Aug 1 23:12:39 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Aug 1 22:15:02 2005 Subject: [SpamCop-List] Re: How was I reporting my own service providers? References: Message-ID: In article , "Mike Easter" wrote: > > I have never seen the provider for either address listed. > > On the face of it, that would seem to negate the assumption above -- or > imply that either you or Don is in error. > > > So how was I reporting my providers? > > I suspect there is a discrepancy of 'something or other' in what we are > hearing here. Some uknown as yet error. > > > I asked Don this in my reply, but he did not respond. > > Yeah, if he had named even one report in which you were in error, your > confidence in being error-free would be altered. I e-mailed Don again about this. Here's his reply: > You probably wouldn't have recognized the connection. > > The parse went after 198.212.10.108 = permemail05.alumniconnections.com, > which is your alumni association's server. > > http://www.spamcop.net/sc?id=z790544389z37e92665f5ae3f07362d378ed6b10eb4z > > You can use that link to review the parse. The "View entire message" link > will show you the message text. > > Submitted: Wednesday, July 27, 2005 18:24:18 -0600: show / trace / munged / > raw > By: dfmanno@alumni.upenn.edu (dfmanno@localnet.com) > She wants a better sex? All you need's here! > > * 1477077100 ( 198.212.10.108 ) To: postmaster@bcharrispub.com > * 1477077096 ( 198.212.10.108 ) To: abuse@mci.com Mystery solved. -- D.F. Manno | dfm2a3l0t2@spymac.com "As democracy is perfected, the office represents, more and more closely, the inner soul of the people. We move toward a lofty ideal. On some great and glorious day the plain folks of the land will reach their heart's desire at last, and the White House will be adorned by a downright moron." - H. L. Mencken, in the Baltimore Sun, July 26, 1920 From MikeE at ster.invalid Mon Aug 1 20:32:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Aug 1 22:35:04 2005 Subject: [SpamCop-List] Re: How was I reporting my own service providers? References: Message-ID: D.F. Manno wrote: >> The parse went after 198.212.10.108 = >> permemail05.alumniconnections.com, which is your alumni >> association's server. In a non-mailhost, the noncompliant bottom line will cause the alumni to be named. Abbreviated Received lines *comment from cavtel.net [64.83.0.22] by cavtel.net *serves you from permemail05.alumniconnections.com [198.212.10.108] by cavtel.net *forwards? from bzq-218-200-61.red.bezeqint.net (81.218.200.61) by permemail05 *sourceline SC couldn't chain from the 2nd line's 'from' field to the bottom line's 'by' field because permemail didn't use a proper domainname. When SC wants to report the alumni server, it didn't offer the report in a 'recognizable' form, because the alumni server notify is to Harris Publishing. bcharrispub.com > Mystery solved. The advantage of mailhosting is that that screwy/noncompliant bottom line 'by' field doesn't matter. -- Mike Easter kibitzer, not SC admin From h9vzc2i02 at sneakemail.com Mon Aug 1 20:53:46 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Aug 1 22:55:03 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506281105.1dNhEa1743Nl3pw0@timothy.mail.atl.earthlink.net> Message-ID: "Mike B" wrote in message news:d9uja8$g86$1@news.spamcop.net... > "John E. Malmberg" wrote in message > news:MFFwIH7AZHYR@eisner.encompasserve.org > > > > It seems to me that a good application to hide on a laptop is one > > where it periodically contacts "Mother" to explain where it is. If > > it can not contact "Mother" and the user does not know a special > > password, or "Mother" tells it it is stolen, than the laptop can take > > evasive action, like cranking up it's speakers to full volume and > > explaining in several locally used languages > > how a reward can be obtained for it's recovery. > > > > You might get lucky in that the thief may not wipe the hard drive, > > and if the reward is about the same amount as a fence will pay, you > > may recover the device. > > > > A laptop with a power-on password, a harddrive password and a different > admin password set is practically useless to a thief. May not stop it from > getting nicked, but at least it can't be used. > *** Do all those passwords mean that the Feds, cops, etc. cannot read your hard drive - who are you kidding, if they can 'break' the passwords, so can a thief. The stolen laptop can always have the hard drive reformatted which kills all your protection. -- A SpamCop user and forum reader, Not Admin *** > -- > Mike B > > From h9vzc2i02 at sneakemail.com Mon Aug 1 21:02:52 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Mon Aug 1 23:05:03 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506281105.1dNhEa1743Nl3pw0@timothy.mail.atl.earthlink.net> Message-ID: "indigo" wrote in message news:d9ui9d$f9c$1@news.spamcop.net... > > > J G wrote: > > On 6/28/2005 3:50 PM Trish Roberts-Miller scribbled: > > > > > > > > > > Since then, almost all of my pump-and-dump stock spam has been > > > downloaded as though it's already been read. (I use mozilla, in case > > > that's relevant.) The sysadmin and I have both assumed that my mail > > > is compromised, and acted accordingly, but I thought I would ask > > > here, as perhaps it's a well-known phenomenon that pump-and-dump > > > mail *looks* read. > > > > > I'd join Mike and ask, what do you mean, already read? > > Don't see how Mozilla has anything to do with it - I don't know how > > you mean pump and dump looks read - I *know* how it looks old... > > I'm assuming she's referring to something like the way Mickeysoft email > software works -- if the message hasn't been read, the subject line is in > bold. Once it's marked as read the line is normal text, not in bold. > > ** Additionally, in OE, there is a right-click drop down menu that allows one to 'mark' a message as 'read' or 'unread', no matter what the current condition actually is. That, of course, does not change what you know about the message (whether you have opened the message or not), just its appearance in the message list. -- A SpamCop user and forum reader, Not Admin *** From jr70 at blackhole.invalid Mon Aug 1 21:45:20 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Aug 1 23:50:03 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: Joris Van Damme wrote: >> It would have been worse if he had put that one-line reply *after* several >> screens of quoted text. > > So? Something A being worse then B being worse then C, does not mean B is > the recommend way to go. C is. > >> The issue is not so much whether one top-posts or bottom-posts >> but whether extraneous quoted material is snipped (for those readers >> with poor recollection or *not* familiar with prior posts in that thread). > > I've poor recollection, but good bookmarks: > > http://web.presby.edu/~nnqadmin/nnq/nquote.html Referencing someone else's opinion does not prove a point. As we used to say in Dutch: Elke ketter heeft zijn letter. -- John Richards (Dutch expatriate) From anon at coks.net Mon Aug 1 21:55:12 2005 From: anon at coks.net (J G) Date: Mon Aug 1 23:55:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies In-Reply-To: References: Message-ID: On 8/1/2005 8:45 PM John Richards scribbled: > Referencing someone else's opinion does not prove a point. > As we used to say in Dutch: > Elke ketter heeft zijn letter. > Whats a ketter? From anon at coks.net Mon Aug 1 21:59:01 2005 From: anon at coks.net (J G) Date: Tue Aug 2 00:00:03 2005 Subject: [SpamCop-List] kook awards Message-ID: They're cooking over @ NANAE, for those that haven't noticed... From MikeE at ster.invalid Mon Aug 1 22:11:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 00:15:02 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: J G wrote: > John Richards scribbled: > >> Referencing someone else's opinion does not prove a point. >> As we used to say in Dutch: >> Elke ketter heeft zijn letter. >> > Whats a ketter? I think it means every/each heretic has his text. If you wanted to get 'Biblical' about it, there's the saying that 'The Devil can cite Scripture for his purpose.' However, that being sed, the referenced article in the news.newusers.questions faq links is a 'nice' and polite and helpful article to help new news posters who don't understand the traditionally accepted ng quoting style. -- Mike Easter kibitzer, not SC admin From jdd at dodin.org Tue Aug 2 10:59:09 2005 From: jdd at dodin.org (jdd) Date: Tue Aug 2 04:00:04 2005 Subject: [SpamCop-List] Re: make it clear In-Reply-To: References: Message-ID: WazoO wrote: > I'd have to suggest that a bit more than "noises" have > been attempted. having a forum is great, but having the web pages understandable is better. why the forum's clues are not at least linked from the relevant pages? jdd -- pour m'?crire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr From nobody at nowhere.invalid Tue Aug 2 11:26:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Aug 2 04:30:03 2005 Subject: [SpamCop-List] Re: kook awards References: Message-ID: On Mon, 01 Aug 2005 20:59:01 -0700, J G coughed into spamcop and left this in : > They're cooking over @ NANAE, for those that haven't noticed... When aren't they? -- Steve Just remember, if the world didn't suck, we'd all fall off. From PleaseReplyTo at TheGroupInstead.be Tue Aug 2 11:48:28 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 04:50:41 2005 Subject: [SpamCop-List] Re: big problem, attn deputies References: Message-ID: > > I've poor recollection, but good bookmarks: > > > > http://web.presby.edu/~nnqadmin/nnq/nquote.html > > Referencing someone else's opinion does not prove a point. > As we used to say in Dutch: > Elke ketter heeft zijn letter. Very true, of course. However, this ketter is in good company: see Mike's letter. Also, I didn't quote to prove a point, I quoted to point to a helpful and friendly article that has been around since usenet stone age, and has been the singe accepted guideline of its kind ever since. In this article, my point is explained very well and very thoroughly, much better then I could hope to do in an alien language and this short space. For example, what said in the answer to question 9 seems to address a point you made earlier. So if you do want to continue the discussion, I suggest you try and invalidate what's said in the answer to question 7, in the quoted article. Joris From nobody at devnull.spamcop.net Tue Aug 2 07:33:46 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Aug 2 07:30:18 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: "jdd" wrote in message news:dcn94d$edt$1@news.spamcop.net... > WazoO wrote: > > > I'd have to suggest that a bit more than "noises" have > > been attempted. > > having a forum is great, but having the web pages > understandable is better. why the forum's clues are not at > least linked from the relevant pages? Absolutely, the web pages should be revised. However, nobody who is charge of the web pages apparently thinks that it is necessary (or at least, revision is at the bottom of a 'to do' pile that never gets low enough to get revisions done). There have been many volunteers over the years to clarify the web pages, but TPTB have never accepted help. If you are interested in clarifying instructions, then the only place that your comments will be considered and used is the forum. Or, if you do not like the forum, you can make your own boilerplate answers and whenever someone asks a question in the newsgroup, you can give them a clear answer. Actually, in spite of the web pages, most reporters manage to muddle through and rarely access either the ng or the forum for help. IMHO, part of the rationale for not revising the pages is to eliminate those reporters who are technically non-fluent and are either incapable or unwilling to learn the basics. Those, as reporters, would be more likely to make mistakes and thereby lessen the usefulness of the scbl. Miss Betsy From MikeE at ster.invalid Tue Aug 2 08:54:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 10:55:02 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Miss Betsy wrote: > IMHO, part of the rationale for not revising the pages is to > eliminate those reporters who are technically non-fluent and are > either incapable or unwilling to learn the basics. I really don't think there is a conscious effort to create an information gap or hurdle to deter any users. I can't imagine that you would even think that. > Those, as > reporters, would be more likely to make mistakes and thereby lessen > the usefulness of the scbl. I'm sure that 'everyone' wishes that anyone who would want to be a reporter, or a user of the SCbl, or anyone who was every affected by the SCbl, be it admin or user, would be able to go to the 'real' web faq and 'instantly' and painlessly and easily navigated to exactly the page where they would be able to immediately read a crystal clear and succinct uptodate explanation of whatever it was they wanted to know. The way to do that would be to have a faq which was up-to-date, intuitively organized, and frequently reorganized and clarified and amended. Further, there also needs to be a 'simplistic' way that someone can ask a question and have it answered. The forum is a pretty good approximation of that, because a certain percentage of the population doesn't 'do' newsgroup questions. However, most of that same group also doesn't 'do' navigating either. The forum is also a rough approximation of a place to create some dynamic adjusting and pinning to the faq -- but it in no way resembles what I described above about a real faq -- properly organized for natural and intuitive navigation and enabling immediate and simple introduction to the answer. The forum is not a faq, and it also isn't some kind of magical oak tree that we used to joke about here. The magical oak tree that I refer to harkens back to a time when people could write a question into a box that was an entry to the mailing list of the newsgroup. Often it seemed that those who so subscribed fully expected that if they came back to that page, there would be an answer waiting for them. It reminded me of a condition of someone coming along to a magic oak tree, leaving a note inside a knothole, and coming back to the hole later and finding their answer inside. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 12:12:51 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 11:15:02 2005 Subject: [SpamCop-List] Internic Whois Data Problem Message-ID: Has anyone actually had any success getting a spammer's domain delisted through Internic where the registrant info is fraudulent? i.e., through the mechanism provided at http://wdprs.internic.net/ I reported RECIPIENTNETWORK.COM for data inaccuracy. The registrant just keeps modifying their record with more bogus info (i.e., the current address is HQ office for Victoria's Secret...funny that one). The current phone listed is disconnected, etc.. Internic keeps sending notice that the registrant info has been changed and it is left to me to determine whether the info is inaccurate. Don't they do any due diligence themselves? And after 10 submissions of inaccurate info (seriously), why don't they just delist the domain? From MikeE at ster.invalid Tue Aug 2 09:36:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 11:40:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Eponym wrote: > Has anyone actually had any success getting a spammer's domain > delisted through Internic where the registrant info is fraudulent? > i.e., through the mechanism provided at http://wdprs.internic.net/ I think you aren't understanding the process and who is responsible to whom. That is, I think you are understanding the 'process' by which you bring bogus whois information to the attention of internic. The process which you might not understand is that that is a 'conduit' by which internic can oversee the questioning of the domain registrar by 'anyone'. That is, there's a rule that registrars are supposed to maintain accurate information uptodate -- and registrars are certified by internic. So the registrar has a responsibility to internic. The way it is supposed to be is that the registrar is supposed to be acting responsibly in order to be a registrar. > I reported RECIPIENTNETWORK.COM for data inaccuracy. The registrant > just keeps modifying their record with more bogus info (i.e., the > current address is HQ office for Victoria's Secret...funny that one). > The current phone listed is disconnected, etc.. Internic keeps > sending notice that the registrant info has been changed and it is > left to me to determine whether the info is inaccurate. Don't they > do any due diligence themselves? And after 10 submissions of > inaccurate info (seriously), why don't they just delist the domain? Internic doesn't 'oversee' the accuracy of the information; internic only oversees the responsibility of the registrar. In a 'sense' internic doesn't see what you are seeing 'properly' because recipientnetwork is 'working' the system thru' the cooperation of the registrar. Domain Name: RECIPIENTNETWORK.COM Registrar: KEY-SYSTEMS GMBH Whois Server: whois.rrpproxy.net Referral URL: http://www.key-systems.net At this point, your beef is actually to internic about the registrar not performing due diligence. When you go to internic's front page, they have a different referral link about complaints about a registrar To submit a complaint about an accredited registrar go to the Registrar Problem Report form. http://reports.internic.net/cgi/registrars/problem-report.cgi That system is largely oriented toward some kind of financial beef or conflict between and registrar's customer and the registrar -- but since internic may not be 'paying attention' to the trend here, the usage of the registrar beef form might be more appropriate to let some light shine on the situation. That page sez "ICANN does monitor such complaints to discern trends." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 09:45:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 11:50:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Mike Easter wrote: > The way to do that would be to have a faq which was up-to-date, > intuitively organized, and frequently reorganized and clarified and > amended. > The forum is also a rough approximation of a place to create some > dynamic adjusting and pinning to the faq -- but it in no way resembles > what I described above about a real faq Just as an example of how the faq /can/ get adjusted or changed promptly for 'simplistic' issues. On Jul 30, adrianbye started a forum thread beefing about a problem with information used from the faq about SpamKiller http://forum.spamcop.net/forums/index.php?showtopic=4634&hl= The faq item 403 about blocking list information used to say this: SpamCop FAQ : SpamCop Blocking List information : How can I use the blocklist without mailserver configuration? Many spam filtering systems automatically use the SpamCop blocklist as part of a larger scheme. SpamCop does not review or garantee these third party products. One very effective and well-known filter is Spam Assassin; an open-source perl scoring system. Spam Assassin can be installed on unix-based systems in either system-wide or in "user land". It is highly configurable. SpamKiller from Minute Group is an outlook plugin which uses the Spamcop list to filter mail. It seems to use SpamCop's list exclusively for it's filtering logic. SpamKiller is a bad idea. After some discussion in the forum, the information was passed along and the faq was promptly amended by deleting the last par http://www.spamcop.net/fom-serve/cache/403.html So, that is 'evidence' of a couple of things. One is that the faq *CAN* be amended promptly if there is the right kind of attention. The other is that simple faq changes are more easily implemented than 'difficult' ones. Another is that the channels of communication have some preferences for the structures and input of the forum over whatever goes on in the newsgroups. -- Mike Easter kibitzer, not SC admin From kjz at despammed.com Tue Aug 2 19:24:46 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 12:25:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Eponym wrote: > Has anyone actually had any success getting a spammer's domain delisted > through Internic where the registrant info is fraudulent? i.e., through the > mechanism provided at http://wdprs.internic.net/ Yes, but the responsibility differs from registrar to registrar. There are 'white hat' registrars which act very fast and others ('black hat') which didn't act at all, even if the whois record is blatant fraudulent. And some spammers seem to know where they have to register a domain... - kjz From nobody at devnull.spamcop.net Tue Aug 2 13:30:24 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 12:35:02 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: "Mike Easter" wrote in message news:dco3tb$vug$1@news.spamcop.net... Excellent answer...thanks for the additional reporting link. I will say one thing...the spam I was getting from that domain stopped....for now anyway. The spammer always uses the same technique of redirecting through Yahoo, and I haven't gotten any of those for awhile. I'm guessing I got list washed, since he's still using yahoo name servers. From anon at coks.net Tue Aug 2 10:40:25 2005 From: anon at coks.net (J G) Date: Tue Aug 2 12:40:03 2005 Subject: [SpamCop-List] rsp Message-ID: http://www.spamcop.net/sc?id=z792421432ze284768da5c9942974907e6431ad1a12z I illegally inserted www. in front of pr1ority.com and SC picked it up but discarded it. However * Using URL: www.pr1ority.com Listed in: * sbl.spamhaus.org 194.126.188.4 is a known spam source Why didn't the program figure this out? And, no, I wouldn't have reported it... From MikeE at ster.invalid Tue Aug 2 10:46:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 12:50:03 2005 Subject: [SpamCop-List] Re: make it clear References: Message-ID: Mike Easter wrote: > SpamKiller from Minute Group is an outlook plugin which uses the > Spamcop list to filter mail. It seems to use SpamCop's list > exclusively for it's filtering logic. > > SpamKiller is a bad idea. There may be some confusion about what SpamKiller is. SK McAfee is this http://us.mcafee.com/root/package.asp?pkgid=123&cid=3213 -- I guess we could call that SK-McAfee. The link which the SC faq provided was to here http://www.minutegroup.com/prodpg_spamkiller.htm -- which I guess we could call SK-Minute or SK-Payya Tec. If a person were looking for an enduser system which uses DNSbl/s and can use the SCbl they might consider SpamPal or others, but I think someone or Don decided to just back off from the business of mentioning anything besides SpamAssassin. How hard do you think it would be to talk about how that faq page should mention SpamPal instead of the MinuteGroup SpamKiller and have the faq be changed any time soon? There is something paradoxical about that. Under some conditions the faq is impossible to change. Under other conditions it is easy to change. The same page makes a disclaimer. The same page mentions SpamAssassin. The same page used to mention SK-Minute and provide a link. Why shouldn't the same page mention SpamPal and provide a link? Many people around here and other newsgroups commend SpamPal as a valuable way to use DNSbl/s such as SpamCop's, SP is free and well supported, like SA. Why should /n/x users be provided access to a link about SA, but Win users not provided access to a link about SP? It actually doesn't make any sense. The fact that such products compete with the SpamCop business of providing filtered mailservice should mean that there shouldn't even be a link to SpamAssassin either. -- Mike Easter kibitzer, not SC admin From windsorfoxNOSPAM at cox.net Tue Aug 2 12:50:40 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 12:55:04 2005 Subject: [SpamCop-List] Re: ALGX and XO In-Reply-To: References: Message-ID: Mike Easter wrote: > WindsorFox[SS] wrote: > >> I am recieving insessant, constant garbage from ultimate free >>laptops .com. I Did the unsubscribe for 2 weeks and they still come. >>Now, Spamcop reports them to abuse@algx.com , but it seems like it >>should goto abuse@xo.com ?? These people are glib and could not care >>less if you paid them to. > > > If you want to discuss how SC notifies for something you should post a > tracker -- working with something like 'laptops.com' is not adequate > information, especially in the context in which you placed it. > > It also sounds like you are having trouble unsubbing to something you > subbed. > Exactly. It's a gmail addy that I made specially to use for one of those get a free laptop/ get a free sites. I followed all of the unsub links and they just totally disreguard the unsubs. The point here is that all of these places are on a network called AGLX. a little research shows that ALGX was bought by XO. A phone call to the number I found gives me a minimum wadge 15 yo who says abuse@algx.com is no longer a good email it has to goto abuse@xo.com, which I am sure some would argue is not a very good address either. At any rate I noticed about a week after I made the original post here *poof* all the mail parsed through Spamcop now contains the XO abuse address instead of the ALGX address. From MikeE at ster.invalid Tue Aug 2 10:59:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 13:00:02 2005 Subject: [SpamCop-List] Re: rsp References: Message-ID: J G wrote: www.spamcop.net/sc?id=z792421432ze284768da5c9942974907e6431ad1a12z > > I illegally inserted www. in front of pr1ority.com and SC picked it up > but discarded it. I don't know what kind of experiment you are trying to do with the forgery of changing pr1ority.com to www.pr1ority.com to see what happens. A simpler experiment would be to just put the naked 'URL' into the parser and see if it can resolve -- because when you fool around with trial and error of forgeries for that particular spam you are dealing with the additional layer of how the spam is 'misconstructed'. It is using some kind of crude or simplistic RTF rich text format and calling it text/html. > However > * Using URL: www.pr1ority.com > Listed in: > * sbl.spamhaus.org > 194.126.188.4 is a known spam source > > Why didn't the program figure this out? > And, no, I wouldn't have reported it... The simpler experiment shows that the naked url/s [with and without www] in the parser aren't resolved by SC. -- Mike Easter kibitzer, not SC admin From anon at coks.net Tue Aug 2 11:10:47 2005 From: anon at coks.net (J G) Date: Tue Aug 2 13:10:03 2005 Subject: [SpamCop-List] Re: rsp In-Reply-To: References: Message-ID: On 8/2/2005 9:59 AM Mike Easter scribbled: > I don't know what kind of experiment you are trying to do with the > forgery of changing pr1ority.com to www.pr1ority.com to see what > happens. > w/o the www., which is what the original msg. was and reported as such, SC didn't see the URL at all. I just added www. to see if that made the program see it, and it did but could not resolve it, which my utility did. I was curious as to why SC didn't resolve to 194.126.188.4 /after/ picking up the URL. > A simpler experiment would be to just put the naked 'URL' into the > parser and see if it can resolve -- because when you fool around with > trial and error of forgeries for that particular spam you are dealing > with the additional layer of how the spam is 'misconstructed'. > It is using some kind of crude or simplistic RTF rich text format and > calling it text/html. I didn't know that was possible - thought one needed headers and such... > The simpler experiment shows that the naked url/s [with and without www] > in the parser aren't resolved by SC. > From spamcop at oitc.com Tue Aug 2 14:30:14 2005 From: spamcop at oitc.com (spamcop) Date: Tue Aug 2 13:35:03 2005 Subject: [SpamCop-List] The message is not spam because...... Message-ID: Check this reply out. It refers to a submittal which was sent to a spam trap in a domain only used for traps! The message is not spam because, "This message is intended for those interested in search marketing"! Subject: Spamcop report id:1480536574 From: "Erin Johns" To: <1480536574@reports.spamcop.net> Hello SpamCop user, We have been informed by SpamCop that you have reported our e-mail as Spam. This message is intended for those interested in search marketing and is not spam. If you would no longer like to receive messages from us, please reply with the e-mail address you would like to have excluded from our mailing list or you can click on the opt-out link as well.? http://www.metricsdirect.com /about/optout.aspx -- Please use the link below to review the report in question: http://www.spamcop.net/mcgi?action=showhistory;slice=reportid;val=14805365 74 From kjz at despammed.com Tue Aug 2 20:32:55 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 13:35:07 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Mike Easter wrote: > That system is largely oriented toward some kind of financial beef or > conflict between and registrar's customer and the registrar -- but since > internic may not be 'paying attention' to the trend here, the usage of > the registrar beef form might be more appropriate to let some light > shine on the situation. That page sez "ICANN does monitor such > complaints to discern trends." Yes, and you can see the results at: http://www.icann.org/whois/wdprs-report-final-31mar05.htm - kjz From windsorfoxNOSPAM at cox.net Tue Aug 2 13:54:27 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 13:55:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: Sylvesterthekat wrote: > "Miss Betsy" wrote in message > news:dbu9ba$ekr$1@news.spamcop.net... > > >>"Sylvesterthekat" wrote in message >>news:dbu2a5$ad2$1@news.spamcop.net... >> >> >>>Shut the fuck up spammer. I hope you go out of business. >> >> >>Please ignore the troll. (trolls only post to be rude and make >>trouble) >> >>Miss Betsy >> > > > OK, we'll ignore you then. M0r0n. I figured Ellen or someone would have block this waste of bandwidth from the servers by now... From MikeE at ster.invalid Tue Aug 2 12:01:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 14:05:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: spamcop wrote: > Check this reply out. It refers to a submittal which was sent to a > spam trap in a domain only used for traps! The message is not spam > because, "This message is intended for those interested in search > marketing"! The concept that is going on there is that the marketer 'gets to' send out their email to any address which is on the list that they [bought, stole, manufactured, swapped, etc] and it is the 'responsibility' of anyone who doesn't want /that/ mail to unsubscribe. Further, since they are clearly spammers, that unsubscribe is /also/ a lie. The marketer/spammer idea of what to do with the unsubscribers is just as inventive as is/was where to get their original mailing list from. Unsubscribers make up some /other/ list/s. If you will just send them your unsub, they will move you around or rather use that information as well, perhaps taking you off one list and putting you on 42 more. Depending upon how cleverly they have performed the initial spam construction for a unique identity, they may or may not know which address corresponds to a particular SC report # when they receive a copy of the spamreport. -- Mike Easter kibitzer, not SC admin From windsorfoxNOSPAM at cox.net Tue Aug 2 14:04:03 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:05:08 2005 Subject: [SpamCop-List] Re: kook awards In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Mon, 01 Aug 2005 20:59:01 -0700, J G coughed into spamcop and left > this in : > > >>They're cooking over @ NANAE, for those that haven't noticed... > > > When aren't they? > It's been exceedingly high lately. From MikeE at ster.invalid Tue Aug 2 12:08:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 14:10:02 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Karl-Josef Ziegler wrote: > Mike Easter wrote: > >> That system is largely oriented toward some kind of financial beef or >> conflict between and registrar's customer and the registrar -- but >> since internic may not be 'paying attention' to the trend here, the >> usage of the registrar beef form might be more appropriate to let >> some light shine on the situation. That page sez "ICANN does >> monitor such complaints to discern trends." > > Yes, and you can see the results at: > > http://www.icann.org/whois/wdprs-report-final-31mar05.htm That page is very useful for outlining the responsibilities of icann vis internic and the registrars. The internic page I referred to earlier apparently wants the individual who is unhappy about whois information and the performance of the particular registrar in that regard to be 'working it out' with the registrar. "If you have a problem with one of the registrars, you should first try to resolve it with that registrar. " "If you cannot resolve your complaint with the registrar, you should address it to private-sector agencies involved in addressing customer complaints or governmental consumer-protection agencies." -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Tue Aug 2 20:23:58 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Aug 2 14:20:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: spamcop wrote: > Check this reply out. It refers to a submittal which was sent to a spam trap > in a domain only used for traps! The message is not spam because, "This > message is intended for those interested in search marketing"! http://www.metricsdirect.com/About/Privacy.aspx MetricsDirect is a service of 180solutions. http://www.doxdesk.com/parasite/nCase.html http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 Total scum no matter where you encounter them. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From windsorfoxNOSPAM at cox.net Tue Aug 2 14:36:42 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:40:03 2005 Subject: [SpamCop-List] Re: NEW WEBSITE In-Reply-To: References: Message-ID: Brian wrote: > indigo wrote: > >> Mike Easter wrote: >> >>> It is conceivable that some other different Salem OR comcast client in >>> cahoots with Chad Ayers spamposted here, but I doubt it. Don't forget >>> about the rules for spammers, especially #1 & #2 -- spammers lie and >>> if you ever think they are telling the truth, consult #1. >> >> >> >> Hey, maybe he meant his wife did it (he did say "other person" ;-) >> >> > > I've been considering calling Sue and ask about her hubby's spamming for > his porn site. I'm only a couple of hours away, maybe she would like a > personal visit. ;) > You might tip off something she doesn't know about ! ROFL!! From nobody at spamcop.net Tue Aug 2 15:35:48 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 2 14:40:07 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: WindsorFox[SS] wrote: > > > I figured Ellen or someone would have block this waste of > bandwidth from the servers by now... Can't do it, trollboi posts from different open proxies on near daily basis. From kjz at despammed.com Tue Aug 2 21:45:05 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Aug 2 14:50:06 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem In-Reply-To: References: Message-ID: Mike Easter wrote: > That page is very useful for outlining the responsibilities of icann vis > internic and the registrars. Especially interesting I found the following information: As this table shows, fewer than 1% of all those who filed reports (20 people) were responsible for over 58% (18,317 out of 31,533) of all Whois inaccuracy reports submitted to ICANN during the reporting period. The 2004 Report indicated that the top 20 ( 0.3%) of reporters were responsible for over 40% (9,938 out of 24,148) of Whois inaccuracy reports. >From both anecdotal information received by ICANN and text accompanying the body of these reports we conclude that most, if not all of the high volume reporters are driven by a concern about abuses involving spam. In well over 80% of the reports filed, the reporter indicated "spam" as a factor in the body of the report. [...] there are a number of "power users" of the system. Given that they account for more than 50% of the reports, and that at least 74% of the reports are for legitimately bad Whois information, it is reasonable to assume that these industrious individuals are indeed finding many domains with incorrect Whois information. It might be reasonable to offer features in the interface to help these users. - kjz From windsorfoxNOSPAM at cox.net Tue Aug 2 14:49:11 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:50:11 2005 Subject: [SpamCop-List] Re: The message is not spam because...... In-Reply-To: References: Message-ID: Mike Easter wrote: > spamcop wrote: > >>Check this reply out. It refers to a submittal which was sent to a >>spam trap in a domain only used for traps! The message is not spam >>because, "This message is intended for those interested in search >>marketing"! > > > The concept that is going on there is that the marketer 'gets to' send > out their email to any address which is on the list that they [bought, > stole, manufactured, swapped, etc] and it is the 'responsibility' of > anyone who doesn't want /that/ mail to unsubscribe. Ten years in a Turkish prison might just point out his error in that assumption. From windsorfoxNOSPAM at cox.net Tue Aug 2 14:50:39 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Aug 2 14:50:13 2005 Subject: [SpamCop-List] Re: How are we to conduct business? In-Reply-To: References: Message-ID: indigo wrote: > WindsorFox[SS] wrote: > >> >> I figured Ellen or someone would have block this waste of >>bandwidth from the servers by now... > > > Can't do it, trollboi posts from different open proxies on near daily basis. > > Okay, and is there a reason that all these open proxies are not blocked?? From johnl at spamcop.net Tue Aug 2 19:57:45 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 15:00:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "WindsorFox[SS]" wrote in news:dcof7j$6k7$3 @news.spamcop.net: > Okay, and is there a reason that all these open proxies are not > blocked?? Also, isn't there a requirement to register to post to the NG's? I thought there was something about that quite some time ago. (and if not, why not make it that way) From bryn.lawrence at ntlworld.com Tue Aug 2 21:01:41 2005 From: bryn.lawrence at ntlworld.com (bryn lawrence) Date: Tue Aug 2 15:10:02 2005 Subject: [SpamCop-List] Re: forwarding spams by attachment References: Message-ID: I have been having the same problems in the last 3 to 4 days i have sent nearly 50 reports in but only had 5 or 6 back . Is this a problem with spam cop or could it be with ntl "Ivan Leo Puoti" wrote in message news:dcdqmf$ii7$1@news.spamcop.net... > Today I reported 6 spams sent with return receipt, two returned with a > relayed confirmation, the others have disappeared into thin air, none have > ended up in the spam queue, has anyone else seen this sort of problem? > > Ivan. From nobody at spamcop.net Tue Aug 2 16:13:20 2005 From: nobody at spamcop.net (indigo) Date: Tue Aug 2 15:15:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: JohnL wrote: > "WindsorFox[SS]" wrote in news:dcof7j$6k7$3 > @news.spamcop.net: > > > Okay, and is there a reason that all these open proxies are not > > blocked?? Because JT can't be arsed to incorporate some type of blocking routine into the server. He said he'd just as soon shut it down than waste his time trying to fight off trolls. > > Also, isn't there a requirement to register to post to the NG's? Nope. > I thought there was something about that quite some time ago. > (and if not, why not make it that way) Not that I can recall....... From PleaseReplyTo at TheGroupInstead.be Tue Aug 2 22:22:24 2005 From: PleaseReplyTo at TheGroupInstead.be (Joris Van Damme) Date: Tue Aug 2 15:25:02 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: > http://www.doxdesk.com/parasite/nCase.html > http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 > > Total scum no matter where you encounter them. Ha, no, that's just it, these people are not scum, the ads and viri and filth are intended for those people interested in ads and viri and filth. If your windows box still works after you've been stupid enough to let filth in, just unsubscribe, and... (see Mike's excellent comment). Really, I'm starting to think the old dream of a world-wide network of information is lost. Joris From MikeE at ster.invalid Tue Aug 2 13:32:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 15:35:03 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: JohnL wrote: > Also, isn't there a requirement to register to post to the NG's? No. The ng/s aren't limited to SC reporter registrants. They are open, a public 'specialty' newsserver. > I thought there was something about that quite some time ago. > (and if not, why not make it that way) The ng/s were intended for anyone 'off the street' to be able to post to ask questions. That configuration arose before there was a forum. Since there's a forum now, and since the forum *does* require registration to post, one might consider that there be a reconsideration of the status or condtion of the ng/s. However, the business of 'integrating' the SC registered reporters list into a scheme for authorizing access to news.spamcop.net might or not be non-trivial. I think it is also still possible to email into the ng/s - so that's another little issue. There's a general concept that since the newsserver is run by someone who is partial to the forum, that creating waves about alterations in or demands on newserver management wouldn't be in the best interests of those who want very much there to be newsgroups. The fear is that if the newsgroups were too much trouble, there just wouldn't be any newsgroups. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 13:35:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 15:40:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: Mike Easter wrote: > However, the business of 'integrating' the SC registered reporters > list into a scheme for authorizing access to news.spamcop.net might > or not be non-trivial. I suppose that one could also consider using the same registration process and db as is used for the forum. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Aug 2 16:58:49 2005 From: nobody at devnull.spamcop.net (Eponym) Date: Tue Aug 2 16:00:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: "Mike Easter" wrote in message news:dco3tb$vug$1@news.spamcop.net... > > To submit a complaint about an accredited registrar go to the Registrar > Problem Report form. > http://reports.internic.net/cgi/registrars/problem-report.cgi > I already received a real person response back...seems they don't like being reported through Internic. The response was rather whiney. From johnl at spamcop.net Tue Aug 2 21:16:12 2005 From: johnl at spamcop.net (JohnL) Date: Tue Aug 2 16:20:02 2005 Subject: [SpamCop-List] Re: How are we to conduct business? References: Message-ID: "indigo" wrote in news:dcogkg$8ep$1@news.spamcop.net: > Because JT can't be arsed to incorporate some type of blocking routine > into the server. He said he'd just as soon shut it down than waste his > time trying to fight off trolls. I just find it a little amazing that when someone makes 'some' money, all of a sudden, it gets to be "their way or the highway". Amazing how this has become a waste of his time now. From nobody at spamcop.net Tue Aug 2 14:19:34 2005 From: nobody at spamcop.net (N. Miller) Date: Tue Aug 2 16:20:09 2005 Subject: [SpamCop-List] Re: The message is not spam because...... References: Message-ID: On Tue, 2 Aug 2005 21:22:24 +0200, Joris Van Damme wrote: >> http://www.doxdesk.com/parasite/nCase.html >> > http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40683 >> >> Total scum no matter where you encounter them. > > Ha, no, that's just it, these people are not scum, the ads and viri and > filth are intended for those people interested in ads and viri and filth. If > your windows box still works after you've been stupid enough to let filth > in, just unsubscribe, and... (see Mike's excellent comment). > > Really, I'm starting to think the old dream of a world-wide network of > information is lost. Hardly. All marketers[1] are purveyors of "information". Isn't that what they've been trying to tell us? [1] It is getting damned hard to tell the "marketers" apart from the spammers... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at spamcop.net Tue Aug 2 14:23:56 2005 From: nobody at spamcop.net (N. Miller) Date: Tue Aug 2 16:25:02 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: Message-ID: <4ai4afbc2wia.dlg@news.spamcop.net> On Mon, 1 Aug 2005 18:43:34 -0700, NerdRevenge wrote: > I did report 23 spams today from the same IP adress in the same newsgroup > posted within moments of each other. The "Make Millions with PayPal" scam. > > Result..No IP listed > > There are also others who love to flood some groups with copyrighted news > stories that have nothing to do with the subject group. > Resut..No IP listed and flooding continues I am not sure of the value of adding Usenet posting IP addresses to the SCBL; unless the same IP address is the source of email spam. The SCBL is not used against Usenet posts, as nearly as I can tell. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From MikeE at ster.invalid Tue Aug 2 14:43:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 16:45:03 2005 Subject: [SpamCop-List] Re: Internic Whois Data Problem References: Message-ID: Eponym wrote: > "Mike Easter" >> To submit a complaint about an accredited registrar go to the >> Registrar Problem Report form. >> http://reports.internic.net/cgi/registrars/problem-report.cgi >> > > I already received a real person response back...seems they don't > like being reported through Internic. The response was rather whiney. Maybe the respondent registrar needs to be reminded of what ICANN sez about the registrar's responsibilities. How does it make any sense for them to be repetitively not vetting the information being submitted to them by some known bogus information submitter. And over and over again. I think part of the problem is that the registrars are sensitive to the issue that people don't like their information posted publicly; and many registrars and 3rd party systems have mechanisms in place so that people don't actually have to post anything of their own at all -- but instead post the information of some 'agent' for the domain registration. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Aug 2 14:50:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Aug 2 16:55:04 2005 Subject: [SpamCop-List] Re: Reporting USENET spam? References: <4ai4afbc2wia.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > I am not sure of the value of adding Usenet posting IP addresses to > the SCBL; unless the same IP address is the source of email spam. The > SCBL is not used against Usenet posts, as nearly as I can tell. It is true that the report doesn't do anything useful for the SCbl and that the SCbl doesn't have anything to do with usenet. The only thing a usenet spam reporter can hope for is that the provider cares whether or not the user IP is 'offending' someone with what appears to be bulked and commercial and disproportionately benefitting the poster. You can't call it unsolicited because it isn't email. Whether or not it is bulked or 'appropriately' bulked is not determined, and the provider isn't going to go looking around and see where it was posted and how many times and what the charters of the groups were it was posted are to know if it was against any groups charters. You can't even call it against the TOS of the particular provider unless you've read the provider's TOS/AUP. I think that providers typically don't act on reports of usenet spam. Unfortunately and more significantly they don't even act on reports of spam, real spam, email spam, emitting from proxified trojan users. If providers aren't going to be acting against email spam from their proxied users, they certainly aren't