From jeffg at spamcop.net Thu Dec 1 04:35:24 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 1 04:40:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: "Mike Easter" wrote in message news:dmkna7$lkc$1@news.spamcop.net... > jg wrote: > > and came up with (via Sam Spade): > > > How do 3 bogus rDNS entries pop up and is this the result of spammy? > > academic question... > > I think but I'm not sure that in this context 'bogus' simply means that > 'paranoid' lookup doesn't work. > > That is, if an IP will rDNS but the rDNS doesn't DNS to the original IP > that the report sez 'bogus' -- which seems like an unkind term for that > particular behavior. 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' would be a little long for such a purpose, don't you think? I think "bogus" fits because the rdns names (the right sides of the PTR Records) are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com (the person responsible for the zones in all three parent SOA records) for the whole mess. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From devnull at spamcop.net Thu Dec 1 08:32:49 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 08:35:03 2005 Subject: [SpamCop-List] Re: Deserving of a LART - where would be a good address? References: Message-ID: "Ron B." | > www.spamcop.net/sc?id=z832218066z00305e1d2baeb27c894985a7f1404f35z | > | > | >>They are going to give away free pirated software - model citizens... | > | > | > You must be talking about something you read by clicking on one of the | > spamvertised links. There's nothing in the spam about free software. | > | | | Cut and paste: | | our corporation is doing what it can to help and has decided to give | away our services and software without cost to charities and nonprofits | in need, OT Might look at: http://www.compumentor.org/ http://www.techsoup.org/ If there is a need for free and very low cost software for NP. BTW there is a place on the techsoup.org web site to volunteer tech support if you are of a mind to do that. I'm doing that in this area on the premise that in the land of the blind the one eyed man in king. As little as I know I'm far better than most hear as there are clowns in this area charging $50-75+ per hour to bollix unsuspecting peoples computers. From devnull at spamcop.net Thu Dec 1 08:44:01 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 09:05:02 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: | >>> Questioning to a local editor the technical accuracy of one of the few | >>> strips that does deal with spam is a bad move. | >> | >> This comment just brings more questions. Explain. | > | > You can cause the strip to get cancelled from the local paper as | > "too complicated". | | So? No skin off my teeth... We'd all be better served to get spammy canceled than a cartoon on spam canceled. From mwnospam at comcast.net Thu Dec 1 09:24:59 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 09:25:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmj0p3$pdo$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmi7gv$asc$1@news.spamcop.net... > > > > > > I mean somthing like > > > > http:/\ZEh<7Jssx.0>0.pha > > r/:#3\|maserious.com > > > > Well, AFAIC, anyone clicking on a link that looks like that deserves all > they get hit with... > > The URL is associated with an image ie bunch of colorful pills, a bottle of "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably deserves what they get. But unless they look at the bottom of the screen, they don't see the gibberish URL. From porpoise1954 at yahoo.co.uk Thu Dec 1 14:43:07 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 09:45:02 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmn13g$rkh$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmj0p3$pdo$1@news.spamcop.net... >> >> >> > > The URL is associated with an image ie bunch of colorful pills, a bottle > of > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > deserves what they get. But unless they look at the bottom of the > screen, > they don't see the gibberish URL. > > Yup! That's why you should always know what the link is before clicking it! I *think* that's why the browser shows you that info in the status bar - and, if there's any doubt, view the source............ Of course, if they're clicking links in email .......... smack 'em round the ear! From mwnospam at comcast.net Thu Dec 1 12:29:41 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 12:30:10 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmn286$sb8$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmn13g$rkh$1@news.spamcop.net... > > > > "Porpoise" wrote in message > > news:dmj0p3$pdo$1@news.spamcop.net... > >> > >> > >> > > > > The URL is associated with an image ie bunch of colorful pills, a bottle > > of > > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > > deserves what they get. But unless they look at the bottom of the > > screen, > > they don't see the gibberish URL. > > > > > > Yup! That's why you should always know what the link is before clicking it! > I *think* that's why the browser shows you that info in the status bar - > and, if there's any doubt, view the source............ Of course, if they're > clicking links in email .......... smack 'em round the ear! > > The point is, why should the browser allow the gibberish URL in the first place? From Kilgallen at SpamCop.net Thu Dec 1 12:34:42 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Dec 1 13:35:04 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: In article , baloo@ursine.ca writes: > Larry Kilgallen wrote: >> In article , baloo@ursine.ca writes: >>> Larry Kilgallen wrote: >>>> Questioning to a local editor the technical accuracy of one of the few >>>> strips that does deal with spam is a bad move. >>> >>> This comment just brings more questions. Explain. >> >> You can cause the strip to get cancelled from the local paper as >> "too complicated". > > So? No skin off my teeth... Whereas I believe that it is better to have the subject of spam come up frequently in the popular literature. Consider the Chicago quote "It does not matter what they say about you in the papers, just so they get your name right." Nobody believes popular literature completely anyway, and inaccuracy leading to discussion may be better than accuracy leading to lack of discussion. From porpoise1954 at yahoo.co.uk Thu Dec 1 23:14:35 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 18:20:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmnbtp$1mf$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmn286$sb8$1@news.spamcop.net... >> >> >> Yup! That's why you should always know what the link is before clicking > it! >> I *think* that's why the browser shows you that info in the status bar - >> and, if there's any doubt, view the source............ Of course, if > they're >> clicking links in email .......... smack 'em round the ear! >> >> > > The point is, why should the browser allow the gibberish URL in the first > place? > Because a URL *can* be gibberish - same as any text - it's down to the user to determine whether it's meaningful gibberish. (NOTE: A "tiny" URL is gibberish, most URLs with session IDs are gibberish. There are plenty of legitimate URLs that are gibberish - but they are still valid URLs, so the browsers accept them as such). From zypher at spamcop.net Thu Dec 1 17:29:33 2005 From: zypher at spamcop.net (Ron B.) Date: Thu Dec 1 18:30:02 2005 Subject: [SpamCop-List] (MEDIA) -Mail Promising Tax Refund Is Phishing Scam Message-ID: -Mail Promising Tax Refund Is Phishing Scam Federal tax collectors are warning consumers not to be fooled by a bogus e-mail that appears to come from the Internal Revenue Service and promises a tax refund. The e-mail is an identity theft phishing scam that attempts to fool recipients into revealing personal and financial information. From borgholio at storymind.com Thu Dec 1 17:02:48 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 1 20:05:02 2005 Subject: [SpamCop-List] SEC no longer accepting spam forwards? Message-ID: I used to forward my stock spams to the SEC as attachments...but today I get this: Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 12.154.80.37 failed after I sent the message. Remote host said: 550 Error: SECPFR For security reasons we reject attachments of this type Should I start forwarding the spam inline, even though that kills the headers? From MikeE at ster.invalid Thu Dec 1 17:24:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 1 20:25:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but > today I get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. This is a permanent error; I've given up. Sorry it didn't > work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? Except for spamcop's submit addy, all spam I send to abuse desks and such is sent inline, not as an attachment -- but it is sent inline with complete headers. If the mail agent were OE, I would use File/ Properties/ Details/ Message Source button and copy the complete headers continuous with the unrendered spambody and paste that into the body of the email message after a delimitor and a brief 1 line explanation of why they're getting it. That has been the traditional way of doing it -- however, that method is actually 'inferior' to sending it as an attachment, because the mailuser agent will change what has been pasted into the body by adding linewraps -- so if someone really cares about 'evidence' insisting that it be put into the body is a dumb position to take because the evidence gets modified by the transmission. All in all it is a dumb position for anything as 'sophisticated' as an abuse desk or its equivalent to not be able to properly handle whichever format proper evidence comes in, attachment or not. My provider has some zany instructions for rendering spam and putting the full headers over a copy of the rendered spam -- but my provider has a host of stupid corporate and administrative policies and behaviors. Obviously there are some things that rendering would 'ruin' the evidence such as phish information. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Thu Dec 1 22:29:07 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 22:30:03 2005 Subject: [SpamCop-List] Re: KIDC.NET References: Message-ID: "spamacyde" wrote in message news:dmcftc$33b$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmb622$g9b$1@news.spamcop.net... > > Most of my spam is spamvertising KIDC.NET. Is KIDC.NET "black hat?" > > > > Thanks > > > > > > It is South Korea, right? > > I just received spam from South Korea promoting mainland China watches. Go figure. From SC.10.myspamgobbler at spamcowboy.net Thu Dec 1 22:42:31 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Fri Dec 2 01:50:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but today I > get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? I send multiple stock spam as attachments to SEC and am still getting their normal response that they've received it. Did you mistakenly include a malware laden message? -- Brian SC.10.myspamgobbler@spamcowboy.net From Kilgallen at SpamCop.net Fri Dec 2 08:32:52 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Dec 2 09:35:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: In article , Brian writes: > Borgholio wrote: >> I used to forward my stock spams to the SEC as attachments...but today I >> get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? I would hope the SEC is not using systems susceptible to malware. From nobody at spamcop.net Fri Dec 2 07:59:11 2005 From: nobody at spamcop.net (maulaf) Date: Fri Dec 2 11:00:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type I formerly used to "Save As..." and then attached the result in a separate e-mail to SEC(*). When I first received this error, the implication was that attachments with a .eml extension were a problem to the SEC. I tried "Save As..." and simply specified that the result should be .txt file. E-mail with .txt attachments, it turns out, are just fine as far as the SEC is concerned. So, you could try that little trick. (*) Various reasons for sending separate e-mail rather than having the SEC as a "Public standard report recipient"; e.g. the sudden recent unannounced switch from unchecked by default to checked by default, the severe limit on the number of recipients that can be listed, etc. From borgholio at storymind.com Fri Dec 2 09:46:07 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Dec 2 12:50:04 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Brian wrote: > Borgholio wrote: > >> I used to forward my stock spams to the SEC as attachments...but today >> I get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? > Not that I'm aware of.... From nobody at spamcop.net Fri Dec 2 13:49:25 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 13:50:03 2005 Subject: [SpamCop-List] system problems? Message-ID: Just tried to report a spam, I should have been logged in without seeing the log in screen (I allow SC cookies), and I got that "password is incorrect" error message. And nuts, I seem to have lost my SC cookie! How the heck did that happen? From nobody at devnull.spamcop.net Fri Dec 2 13:47:55 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Dec 2 14:50:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats Would have to guess that you hit during that last "undocumented" dip ..... System outages/instability http://forum.spamcop.net/forums/index.php?showtopic=5288 From nobody at spamcop.net Fri Dec 2 14:54:52 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 14:55:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: WazoO wrote: > "indigo" wrote in message > news:dmq4vl$fl8$1@news.spamcop.net... > > Just tried to report a spam, I should have been logged in without > > seeing the log in screen (I allow SC cookies), and I got that > > "password is incorrect" error message. > > System outages/instability > http://forum.spamcop.net/forums/index.php?showtopic=5288 Hmmm....well, I reset my password and it worked....I hope Ellen won't spank me! ;-) P.S. Seems no one propogated the news over to the NNTP groups like she asked.....tsk, tsk....but thanks for replying, Waz. From nobody at nowhere.invalid Fri Dec 2 21:09:28 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 2 15:10:02 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: On 2 Dec 2005 08:32:52 -0600, Larry Kilgallen coughed into spamcop and left this in : > I would hope the SEC is not using systems susceptible to malware. The chances are they're using M$-Windows desktops. Therefore not only are they susceptible to malware, but they're also already running it. -- Steve The original point and click interface was a Smith & Wesson. From nobody at spamcop.net Fri Dec 2 15:21:23 2005 From: nobody at spamcop.net (Ellen) Date: Fri Dec 2 15:30:04 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. And nuts, I seem to have lost my SC cookie! How the heck did > that happen? > > I have been on the system all day and have not seen any problems. I just checked with ops and they have not seen any either. I have no idea where your cookie went -- maybe it just expired. I notice down the thread that you got back in so that is good. Ellen SpamCop From bud at telus.net Fri Dec 2 15:31:46 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:03 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:33:32 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:07 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:36:38 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:40:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlkd$p48$2@news.spamcop.net... > http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z > http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez > > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are > open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: > > "Thank you for your information regarding the alleged violation of the > Shaw > Internet Acceptable Use Policy. > Based on the information provided, we have identified the offending > computer and will take appropriate action(s). > These actions may be: > - Issue a warning by email indicating a complaint has been registered > - Issue a warning that service may be suspended if activity continues > - Suspend or terminate Shaw Internet connection to customer" > > Acceptable Use Policy Management Team > Shaw High-Speed Internet Service > Shaw Cablesystems G.P. > 2400 - 32nd Avenue N.E. > Calgary, Alberta, T2E 9A7 > Telephone: (403)750-7420 > Facsimile: (403)539-6831 > > (gb) > > > I don't want to filter this spam because it's now become a crusade for me. > I could phone, but I'm not sure at this stage I could keep my composure. > What can I do to get through to this provider? > > -- > Bud I don't know how this got duplicated -- B. From porpoise1954 at yahoo.co.uk Fri Dec 2 23:51:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 2 18:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlqa$pa3$1@news.spamcop.net... > SNIPPED >> >> I don't want to filter this spam because it's now become a crusade for >> me. >> I could phone, but I'm not sure at this stage I could keep my composure. >> What can I do to get through to this provider? >> >> -- >> Bud > I don't know how this got duplicated > -- > B. > Now it just got triplicated. ;-0 From MikeE at ster.invalid Fri Dec 2 16:06:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I don't know how this got duplicated Sometimes it is interesting to compare the msgid/s and timestamp/s, and sometimes it isn't. Date: Fri, 2 Dec 2005 15:31:46 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:33 +0000 (UTC) Date: Fri, 2 Dec 2005 15:33:32 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:34 +0000 (UTC) The only thing which is interesting to me about the comparison is the difference in seconds between the nntp date stamped by the server and the date stamped by your machine. Your machine sez a difference of 1min 46sec -- whereas the nntp stamp sez a difference of 1 sec. You would expect a hiccup to have closer times on your end than the newsserver's - I would think. Some people's news agents, I think OE does this, put stamp the item based on when the person starts editing the item. At least I think I formed that theory once upon a time when I was being the volunteer clock police person and would pull Ellen over for clock discrepancies. It seemed that the explanation was not based on her clock being set wrong, but the fact that she sometimes starts a news message and finishes it later and then posts it. Or something like that, I think. OTOH, if you were trying to imagine a scenario to make a longer time for your agent vs the newsserver, you would have your agent *not* stamping its time until it got 'hooked up' with the server. So, if it were having a delay in the hookup, then it would be waiting and waiting to get hooked up, and while it was waiting it would hiccup. Then, in the same second as the hiccup the agent and server hooked up - like hookup plus hiccup - and then the server would get 'both' of them almost simultaneously, ie 1 second apart. But, that scenario doesn't fit with my current concept of how a message gets dated by the user's agent. My provider's newsserver changes my date to its own, which annoys me as a newsserver behavior. I think it should leave it alone. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 2 16:13:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:15:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume > are open proxies. Correct, and listed in proxytrojan spamtrap hits like CBL, also spamsource like spamcop, also nonresponsive provider, like spews. And others. The first is cbl, the 2nd is njabl, the 2nd isn't currently scbl/ed. Spews has a zillion shaws listed, just like it has a zillion comcasts. > I don't want to filter this spam because it's now become a crusade > for me. I could phone, but I'm not sure at this stage I could keep my > composure. What can I do to get through to this provider? If they don't respond to the larger community such as spews and others, they aren't likely to jump up and respond to you. Just keep doing your reporting and the source IPs will stay or get in SCbl. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sat Dec 3 00:18:08 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 19:20:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: I consider sjrb.ca as black hat. I also get a lot of spam from them and since they do not accept unmunged reports they do not get any of my reports. -- Robert Blair From jg at coks.net Fri Dec 2 16:47:12 2005 From: jg at coks.net (jg) Date: Fri Dec 2 19:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 4:18 PM Robert Blair scribbled: > On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > > >>I have been plagued for the last two weeks by spam coming from two IP >>addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open >>proxies. I have SC reported every one. I have reported each IP address to >>internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a >>standard response: > > > I consider sjrb.ca as black hat. I also get a lot of spam from them > and since they do not accept unmunged reports they do not get any of > my reports. > > I thought they didn't accept /munged/ reports - if they don't accept /unmunged/ reports, then they don't accept /any/ reports, which would decidely put them into the greyer shade of hat... From johnl at in.newsgroup.only Sat Dec 3 01:46:50 2005 From: johnl at in.newsgroup.only (JohnL) Date: Fri Dec 2 20:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: jg wrote in news:dmqpqj$rkj$1@news.spamcop.net: > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... They /do/ accept UNmunged reports. From MikeE at ster.invalid Fri Dec 2 18:06:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 21:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > open proxies. > What can I do to get through to this provider? Buy them a gizmo: We're launching a new product called F-Secure Network Control Appliance based on this technology. It will tackle spam and computer zombies for service providers automatically. This box will monitor traffic from end-users at the network edge, automatically denying offending computers access to the network. Those using too much bandwidth or operating as spam zombies will automatically get redirected to a self-help web page, explaining what they have to do (like "clean your PC - install patches!") in order to regain network connectivity. This is smart compared to the current model where ISPs and other service providers are manually trying to figure out who is a zombie and who is not - and when they find one they will just cut the user off, leaving him wondering what's going on and making support calls. This technology works: it is already being used to monitor around half a million subscriber lines. http://www.f-secure.com/weblog/ http://www.f-secure.com/products/fsnc/ F-Secure Network Control for Service Providers pic http://www.f-secure.com/weblog/archives/fsnc1.gif -- Mike Easter kibitzer, not SC admin From bud at telus.net Fri Dec 2 19:24:47 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 22:25:04 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Mike Easter" wrote in message news:dmquj3$u63$1@news.spamcop.net... > Bud wrote: > >> open proxies. > >> What can I do to get through to this provider? > > Buy them a gizmo: > > > We're launching a new product called F-Secure Network Control Appliance > based on this technology. It will tackle spam and computer zombies for > service providers automatically. This box will monitor traffic from > end-users at the network edge, automatically denying offending computers > access to the network. Those using too much bandwidth or operating as > spam zombies will automatically get redirected to a self-help web page, > explaining what they have to do (like "clean your PC - install > patches!") in order to regain network connectivity. > > This is smart compared to the current model where ISPs and other service > providers are manually trying to figure out who is a zombie and who is > not - and when they find one they will just cut the user off, leaving > him wondering what's going on and making support calls. > > This technology works: it is already being used to monitor around half a > million subscriber lines. > http://www.f-secure.com/weblog/ > http://www.f-secure.com/products/fsnc/ F-Secure Network Control for > Service Providers > > pic http://www.f-secure.com/weblog/archives/fsnc1.gif > > > -- > Mike Easter > kibitzer, not SC admin Terrific! Sent to Shaw and my own provider, Telus. We'll see what response I get. -- Bud From nobody at nowhere.not Sat Dec 3 04:52:01 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 23:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Sat, 3 Dec 2005 00:47:12 UTC, jg wrote: > > I consider sjrb.ca as black hat. I also get a lot of spam from them > > and since they do not accept unmunged reports they do not get any of > > my reports. > > > > > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... That was a BIG typo. I meant to say the do not accept munged reports (I wonder what my fingers thought my brain was sending to them, things do not function like they did in days gone by). -- Robert Blair From exfenestrate at spammers.invalid Fri Dec 2 22:22:40 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:25:03 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <5z4zq6wg26l4.dlg@grc.aosake.net> On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > "Mike Easter" wrote in message > news:dmkna7$lkc$1@news.spamcop.net... >> jg wrote: >>> and came up with (via Sam Spade): >>> >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? >>> academic question... >> I think but I'm not sure that in this context 'bogus' simply means >> that 'paranoid' lookup doesn't work. >> >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original >> IP that the report sez 'bogus' -- which seems like an unkind term for >> that particular behavior. > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > would be a little long for such a purpose, don't you think? I think > "bogus" fits because the rdns names (the right sides of the PTR Records) > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > (the person responsible for the zones in all three parent SOA records) > for the whole mess. Does it have an adverse affect on routing packets? These are intermediary routers, here, not end-point hosts. I should think that, as long as the packets are being properly routed, there is no _serious_ problem. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Fri Dec 2 22:29:48 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:30:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <1u178mqi2xgi6.dlg@grc.aosake.net> On Wed, 30 Nov 2005 08:20:56 -0800, jg wrote: > Been getting a lot of these lately. > While looking for something more definitive as to origin (curiousity) I > did a trace on 24.22.212.4 > and came up with (via Sam Spade)... An unremarkable trace route. Comcast has a contract, or peering agreement with AT&T, whoops, that is now "at&t"; seriously. Since SBC has completed its purchase of AT&T, and changed the company name to, "at&t", and the "Deathstar" logo for good measure, there may be some changes in the routing. I expect that at&t may decide to adjust the routing computations to spread the load among all of the at&t backbone routers, including the former SBC backbone routers. Or not. In any case, the old AT&T backbone is known to Comcast customers for being a routing choke point, prone to high latency. Right, none of that, nor the lack of responsiveness of the customer host ti ICMP packets, has a lot of bearing on the spam source. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From edb2000 at spamcop.net Fri Dec 2 23:15:00 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Dec 3 02:20:02 2005 Subject: [SpamCop-List] nacio listwashing Message-ID: Another example of 'not clear on the concept'. I do not believe the SC report was a request to be listwashed, but they do. Beware of email lists hosted as *.lyris.net: > Date: Fri, 2 Dec 2005 15:30:37 -0800 From: Mindy Wallen > Subject: re: Spam Notification Organization: Lyris > Technologies > > Hello, > > Thanks for bringing this to our attention. I have removed your email > address from the mailing list SiteBrand_S5_List. I have also filed a > formal spam complaint on your behalf and a representative here will > investigate this list's activity. > > If you desire any further assistance, please let me know. > > Thanks & take care, Mindy Wallen Abuse Department > > > >>> Nacio has received the following SPAM complaints for your server. >>> Please investigate this matter and take appropriate action. Thank >>> you, NACIO Abuse Dept abuse@nacio.com > Subject : Spam Notification Date : Fri, 2 Dec 2005 10:33:00 -0800 > From : "ABUSE" > To : Cc : ABUSE > > > > > > Nacio has received the following SPAM complaints for your server. > Please investigate this matter and take appropriate action. > > Thank you, > > NACIO Abuse Dept > > abuse@nacio.com -- Don Wannit A paid SpamCop user since 1999 From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:51:32 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:13 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? > > Did you check for any crumbs under your desk? >snicker< :-D From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:53:46 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:18 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote in news:dmo6fa$g9v$1@news.spamcop.net: > > > Should I start forwarding the spam inline, even though that kills the > headers? > I'm assuming this is on Yahoo. I do a copy/paste of the headers over the quoted stuff on the inline. That usually works for me. From bar_n0ne at hotmail.com Sat Dec 3 16:10:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 3 07:15:01 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Redstone" wrote in message SNIP > I do a copy/paste of the headers over the quoted stuff on the inline. That > usually works for me. I no longer bother, 2 reasons: 1) Default for Public non-standard recipients is checked on, I too often forgot to uncheck non-relevant ones.. 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes the gif and puts it in a separate folder. Larts only contain the name of the gif file, not the gif, so there is no payload my MUA choices (corporate) are Eudora or Outlook,, I have a nice workflow using outlook express to get complete spam (except in these cases), more work is not worth the trouble. From jg at coks.net Sat Dec 3 09:04:00 2005 From: jg at coks.net (jg) Date: Sat Dec 3 12:05:12 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 8:52 PM Robert Blair scribbled: > > That was a BIG typo. I meant to say the do not accept munged reports > (I wonder what my fingers thought my brain was sending to them, things > do not function like they did in days gone by). > > Don't feel like the Lone Ranger... From MikeE at ster.invalid Sat Dec 3 10:10:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 13:15:02 2005 Subject: [SpamCop-List] Re: a new kind of 419 References: Message-ID: Technomage Hawke wrote: > please see it in .spam. this one is new. Technomage Hawke wrote: > this arrived in my e-mail today. > I was rather a bit taken aback by this. > anyone know what to make of it? It is a spamscam sourced from a Belltech Lagos .ng IP via hotmail webmailer. The notifies are for the hotmailer usmanbello007@hotmail.com abuse@hotmail.com report_spam@hotmail.com (for hotmail.com) abuse@microsoft.com (for microsoft.com) abuse@msn.com (for msn.com) the source provider's admin/tech contact: bimboabubakar@yahoo.com and the AS25228 SkyVision for the general shabby condition of Belltech's Lagos contact listing in RIPE as well as no rDNS on the sourcce IP and thus no proper abuse.net listing for belltech's block ripeadm@sky-vision.net abuse@sky-vision.net Tatyana.Knaifel@sky-vision.net lir@sky-vision.net steve.birnbaum@sky-vision.net dimitry.raitses@sky-vision.net (for sky-vision.net) > Received: from 217.194.155.83 by by24fd.bay24.hotmail.msn.com with > HTTP; Fri, 02 Dec 2005 11:22:09 GMT > X-Originating-IP: [217.194.155.83] > X-Originating-Email: [usmanbello007@hotmail.com] > We have resolved to pay you immediately according to the directives > and mandate from the Ecowas heads of states and council of the ecowas > finance ministers. Immediately we hear from you, we shall give > directives to you on how to receive your fund. -- Mike Easter kibitzer, not SC admin -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Sat Dec 3 15:34:04 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Dec 3 15:35:03 2005 Subject: [SpamCop-List] Re: (MEDIA) -Mail Promising Tax Refund Is Phishing Scam References: Message-ID: In article , "Ron B." wrote: > -Mail Promising Tax Refund Is Phishing Scam > > Federal tax collectors are warning consumers not to be fooled by a bogus > e-mail that appears to come from the Internal Revenue Service and > promises a tax refund. > > The e-mail is an identity theft phishing scam that attempts to fool > recipients into revealing personal and financial information. > > Doesn't everybody know that the IRS only looks for you when you owe them money, not the other way around? -- D.F. Manno | dfm2a3l0t2@spymac.com Support the troops. Bring them home NOW! From newspost at deletethispart.hypercreations.com Sat Dec 3 21:08:40 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Sat Dec 3 16:10:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? This has been happening on and off to ALL of us for months, so it has nothing to do with our local computers/browsers/connections/etc....it's system instability, and it's being watched and documented at the Forums, as Wazoo indicated. In fact, there was a total shutdown for some minutes today (Saturday, Dec. 3) that caused the same behaviour, in addition to some interesting errors from intermediate servers, such as: An error occurred while processing your request. Reference #97.bbfb746.1133641925.ae63253 and: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.12bfb746.1133641841.42d6a15 Even though many of us accept and have even "protected" our SC cookies, it seems that the server problems cause FireFox to "forget" the memorized userid/password (login) information. I've seen it happen many times, and this isn't happening with *any* other sites I log in to. DT From borgholio at storymind.com Sat Dec 3 14:14:36 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 17:15:02 2005 Subject: [SpamCop-List] TeamAaronShara... Message-ID: Anybody else getting a ton of spam from these idiots? The emails seem to be coming from several different networks, all over the world. What's the deal? From jeffg at spamcop.net Sat Dec 3 17:56:07 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 18:00:04 2005 Subject: [SpamCop-List] Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Norman Miller" wrote in message news:5z4zq6wg26l4.dlg@grc.aosake.net... > On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > > "Mike Easter" wrote in message > > news:dmkna7$lkc$1@news.spamcop.net... > >> jg wrote: > >>> and came up with (via Sam Spade): > >>> > >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? > >>> academic question... > >> I think but I'm not sure that in this context 'bogus' simply means > >> that 'paranoid' lookup doesn't work. > >> > >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original > >> IP that the report sez 'bogus' -- which seems like an unkind term for > >> that particular behavior. > > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > > would be a little long for such a purpose, don't you think? I think > > "bogus" fits because the rdns names (the right sides of the PTR Records) > > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > > (the person responsible for the zones in all three parent SOA records) > > for the whole mess. > Does it have an adverse affect on routing packets? These are intermediary > routers, here, not end-point hosts. I should think that, as long as the > packets are being properly routed, there is no _serious_ problem. No, it does not "have an adverse affect on routing packets", but it does "have an adverse affect on troubleshooting of routing packets" -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jg at coks.net Sat Dec 3 16:11:29 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:10:07 2005 Subject: [SpamCop-List] OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 2:56 PM Jeff G. scribbled: > "Norman Miller" wrote in message > news:5z4zq6wg26l4.dlg@grc.aosake.net... > >>On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: >> >>>"Mike Easter" wrote in message >>>news:dmkna7$lkc$1@news.spamcop.net... >>> >>>>jg wrote: >>>> >>>>>and came up with (via Sam Spade): >>>>> >>>>>How do 3 bogus rDNS entries pop up and is this the result of > > spammy? > >>>>>academic question... >>>> >>>>I think but I'm not sure that in this context 'bogus' simply means >>>>that 'paranoid' lookup doesn't work. >>>> >>>>That is, if an IP will rDNS but the rDNS doesn't DNS to the > > original > >>>>IP that the report sez 'bogus' -- which seems like an unkind term > > for > >>>>that particular behavior. >>> >>>'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>>IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" > > at > >>>http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 > > ' > >>>would be a little long for such a purpose, don't you think? I think >>>"bogus" fits because the rdns names (the right sides of the PTR > > Records) > >>>are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, >>>tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net >>>authoritatively don't exist, and I blame > > rm-hostmaster[at]ems.att.com > >>>(the person responsible for the zones in all three parent SOA > > records) > >>>for the whole mess. >> >>Does it have an adverse affect on routing packets? These are > > intermediary > >>routers, here, not end-point hosts. I should think that, as long as > > the > >>packets are being properly routed, there is no _serious_ problem. > > > No, it does not "have an adverse affect on routing packets", but it does > "have an adverse affect on troubleshooting of routing packets" > Jeff, you need QuoteFix to go along with your doubtlook client - I got cross eyed reading the orig of above post... sorry... From jg at coks.net Sat Dec 3 16:13:13 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:15:04 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 2:14 PM Borgholio scribbled: > Anybody else getting a ton of spam from these idiots? The emails seem to be > coming from several different networks, all over the world. What's the deal? Doesn't sound familiar here - So. Cal. - just as well, got enuff of my own idiots falling in... From borgholio at storymind.com Sat Dec 3 16:13:16 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:15:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: jg wrote: > On 12/3/2005 2:14 PM Borgholio scribbled: > > >>Anybody else getting a ton of spam from these idiots? The emails seem to be >>coming from several different networks, all over the world. What's the deal? > > Doesn't sound familiar here - So. Cal. - just as well, got enuff of my > own idiots falling in... I live in Burbank...the epitome of SoCal. :) From MikeE at ster.invalid Sat Dec 3 16:20:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 19:25:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: > Jeff, you need QuoteFix to go along with your doubtlook client - I got > cross eyed reading the orig of above post... > sorry... While I'm in favor of as many people using QuoteFix as need to, my QF fixed Jeff's post; see below. If yours did not, then your QF has run out of its 'memory leak space' buffer, and you need to: - configure QF to 'depend on OE' in its advanced options and - integrate OE & QF to be 'OE with QF' and - periodically shutdown the OE/QF integrated operation and restart it and - when you do, you are likely to find that QF works better to fix such things Jeff G. wrote: > "Norman Miller" >> Jeff G. wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> and came up with (via Sam Spade): >>>>> >>>>> How do 3 bogus rDNS entries pop up and is this the result of >>>>> spammy? academic question... >>>> I think but I'm not sure that in this context 'bogus' simply means >>>> that 'paranoid' lookup doesn't work. >>>> >>>> That is, if an IP will rDNS but the rDNS doesn't DNS to the >>>> original IP that the report sez 'bogus' -- which seems like an >>>> unkind term for that particular behavior. >>> 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>> IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" >>> at >>> http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 >>> ' would be a little long for such a purpose, don't you think? I >>> think "bogus" fits because the rdns names (the right sides of the >>> PTR Records) are in fact "not genuine" because >>> tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and >>> tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame >>> rm-hostmaster[at]ems.att.com (the person responsible for the zones >>> in all three parent SOA records) for the whole mess. >> Does it have an adverse affect on routing packets? These are >> intermediary routers, here, not end-point hosts. I should think >> that, as long as the packets are being properly routed, there is no >> _serious_ problem. > > No, it does not "have an adverse affect on routing packets", but it > does "have an adverse affect on troubleshooting of routing packets" -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Sat Dec 3 16:40:26 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:45:03 2005 Subject: [SpamCop-List] Spamcop not reporting weblinks in spam Message-ID: Full spam posted in .spam. Manually reporting spam should report spamvertised sites, right? Well it's not, at least in this case. Most of the time it locates the links but doesn't report them, nor does it give any indication of why it's not reporting. What's up? From jeffg at spamcop.net Sat Dec 3 19:58:01 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:00:04 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: "Borgholio" wrote in message news:dmtdt2$6f6$1@news.spamcop.net... > Full spam posted in .spam. Manually reporting spam should report > spamvertised sites, right? Well it's not, at least in this case. Most of > the time it locates the links but doesn't report them, nor does it give any > indication of why it's not reporting. What's up? SNAFU. Refresh enough times and it should work. Please direct your complaints to SpamCop Admin. Ref: http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z and "FAQ Entry: The Link Analysis Process" at http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:02:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:05:03 2005 Subject: [SpamCop-List] Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Borgholio" a écrit dans le message de news: dmt5bk$14g$2@news.spamcop.net... > Anybody else getting a ton of spam from these idiots? The emails seem to > be coming from several different networks, all over the world. What's the > deal? I get LOTS of these spams from all over the world (many sources, most of them on dialup IP addresses of various ISPs, so this spam comes from PCs infected by viral worm that hosts a spamware). Unfortunately, the criminal that controls the list of abused PCs is using my own email address in ALL its repeated commands (so I receive a copy of this spam and scam since a couple of week at least 2 or 3 times PER MINUTE). It looks like a revenge against my past reports. I am currently reporting about 20 of these spams each day (only the most recent ones received in the last hour, when I check my emails), and I drop all the other copies. For now, my antispam system (hosted by my ISP) still does not detect it automatically, I had to add a manual exclusion to the blacklist for the subject line: Return-Path: Received: from mwinf5102.me-wanadoo.net (mwinf5102.me-wanadoo.net) by mwinb0306 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 9D2CD1C0FCE3 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from smtp12.wanadoo.fr (mwinf1207 [172.22.143.37]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 97D841C0FCE7 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 8C0F51C00098 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinb0403.me-wanadoo.net (mwinb0403 [172.22.165.25]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 823AB1C00090 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:31 +0100 (CET) X-ME-UUID: 20051204004031533.823AB1C00090@mwinf1207.wanadoo.fr Received: by mwinb0403.me-wanadoo.net (SMTP Server, from userid 1001) id 5D6AC18032; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinf1212.wanadoo.fr (mwinf1212.wanadoo.fr) by mwinb0403 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1212.wanadoo.fr (SMTP Server) with ESMTP id 2FA953C04B81 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from 193.252.22.89 (unknown [218.150.241.94]) by mwinf1212.wanadoo.fr (SMTP Server) with SMTP id EEB093C04B90 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:21 +0100 (CET) X-ME-UUID: 20051204004022977.EEB093C04B90@mwinf1212.wanadoo.fr Received: from 218.150.241.94 Message-ID: From: "TeamAaronShara" Reply-To: "TeamAaronShara" To: (hidden)@wanadoo.fr Subject: Want to make EASY Money? TeamAaronShara will show you how! Date: Sun, 04 Dec 2005 03:33:21 +0300 X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--115803255982665" X-Priority: 3 X-MSMail-Priority: Normal X-me-spamlevel: not-spam X-me-spamrating: 30.025481 X-Antivirus: AVG for E-mail 7.1.362 [267.13.11/191] ----115803255982665 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Untitled Document


= Want to make some fast extra CASH before the holidays? <= /font>Read on and TeamAaronShara walk you through the easy steps to easy money
and success. Aaron and I have been making money the easy way for many ye= ars now and sharing our knowledge and success with others
less fortunate than ourselves. Our followers have placed an unprecedente= d amount of trust in our judgement to bring them great HYIP
investment programs, money doublers, matrix programs, randomizers and ml= m programs. We are now bringing these programs directly to
you so that you can prosper with us. All our mon= ey making program picks are 100% safe to invest in!

http://www.teamaaronshara.com/daily.html

Our site walks you through = and holds your hand while investing in the many tried and tested easy wealth schem= es that are listed, all we ask is that
you join programs using our referral link so that we earn a little for t= he introduction. We show you where to get an online money account, how to
fund it and most importantly how to invest into the programs on offer an= d start earning immediately and all from the comfort of your armchair.

TeamAaronShara has a daily = newsletter so that you can learn about new money making opportunities the minute th= ey launch, all you need to do is
subscribe on our page to receive the latest news everyday. We have 1000'= s of subscribers already so come and join us and let's make our fortunes
together.

Learn how to use autorespon= ders, generate targeted email leads and get information on what tools to use f= or large mailing campaigns to your
hot prospects. We have it all and so can you! Remember, you will never lose money while following TeamAaronShara!

http://www.teamaaronshara.com/daily.html

Here Is A Recent Photo, its= not a very good one, but you can get an idea.. As You Can See We Are A Normal = Looking Couple, No Different Than Any
Of You :). Now You Can Put Faces With The Words, And For Some Of You The= Voices. We have a huge following on the www.moneymakergroup.com
discussion forum where we are both forum moderators and respected by all= We live in a wonderful new luxury home, have a new Mercedes, a new Lexus fo= r
Aaron and more money in the bank than we could ever have dreamed of. We = both wear gold Rolex watches set with diamonds, have a luxury ski boat, luxur= y
beach appartment in Florida and are completely without debt. You might a= sk how we managed to achieve all this wealth and that would be a very good ques= tion
which we will assume that you have already asked and will answer for you=

All our money is made from = the Internet by telling others about wonderful investment opportunities and being a p= art of them ourselves. Before we became switched
onto the Internet fountain of wealth we used to both work day jobs, Aaro= n would be away from home upto 12 hours a day working a construction job while I= worked
part time as an actress in adult movies. Neither of us were satisfied wi= th our jobs so we decided to radically change our careers and take our chances = on the Internet. It
turned out to be a wiser choice than we could ever have dreamed of and o= ur success can become your success too! Just visit our site to embark on your new w= ay of life
and the easy road to riches and success. We have now become one of the b= iggest and most followed promotors of HYIP programs on the web!

http://www.teamaaronshara.com/daily.html

Testim= onials:

Three months ago I was s= truggling to make ends meet in a country with a high inflation rate and things tha= t I can buy a year ago are now out of my budget. Add to the fact
that I have a 2-month old baby with growing needs, I thought I had to fi= nd another source of income. I turned to the internet and boy was that an eye opene= r! Opportunities
left and right bundled with scammers in abundance that it was truly a ga= mble which program to join and try to make money out of. After much research = on the net I came
across the TeamAaronShara Newsletter. A great resource for a newcomer li= ke me to get a grip on the trends and curveballs of the money making programs = of the internet
which is updated even if it's midnight in their time zone! Now I just st= ay home and "work" three hours a day on the internet and I get to play= with my 5-month old son all the
time and watch him grow right in front of my eyes. No more coming home t= o find out I miss his first smile or first crawl! :) I owe that to you TeamAaro= nShara! Thank you
from the bottom of my heart! Alvic C

TeamAaronShara is the best. There have been several times when I have ha= d a question or needed assistance concerning one of the programs that they o= ffered on the site.
Well, they ALWAYS answer my emails and return my phone calls with the co= rrect answer. They diligently study all the programs within their site and onl= y promote those
programs that pass a strict due diligence. If you are thinking about joi= ning any of the programs on this site I STRONGLY recommend that you sign up u= nder TeamAaronShara
because you will get the best support available anywhere on the internet= and the latest updates on what's hot and what's not. Brian K

=

http://www.teamaaronshara.com/daily.html

= Have a Great Day!!
Aaron and Shara
http://www.teamaaronshara.com

----115803255982665-- From verdy_p at wanadoo.fr Sun Dec 4 02:16:39 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:20:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" a écrit dans le message de news: dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. > > I am currently reporting about 20 of these spams each day (only the most > recent ones received in the last hour, when I check my emails), and I drop > all the other copies. These spams are constantly reported to spamcop@imaphost.com which seems to be the owner of the networks where all the zombies are installed. It's strange that a service provider like imaphost.com which has signed an agreement with SpamCop.Net to get special reports doesnot take any action to block these repeted emails at its source before it lets its users forwards these emails worldwide. Is imaphost.com really serious? I am quite ready to blacklist imaphost.com completely... From g.hyde at bigpond.net.au Sun Dec 4 11:18:09 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Mike Easter" wrote in message news:dmtcom$5tt$1@news.spamcop.net... > jg wrote: > >> Jeff, you need QuoteFix to go along with your doubtlook client - I got >> cross eyed reading the orig of above post... >> sorry... > > While I'm in favor of as many people using QuoteFix as need to, my QF > fixed Jeff's post; see below. > > If yours did not, then your QF has run out of its 'memory leak space' > buffer, and you need to: I think what he meant was that Jeff needs to download and install the QF client, and that Jeff doesn't have it installed - for one reason or another. -- Cheers ... Geoffrey Hyde From g.hyde at bigpond.net.au Sun Dec 4 11:25:52 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:08 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" wrote in message news:dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. Are you saying that your ISP can't/won't stop address bounce errors?? If so, perhaps you should explain the problem to them, if you can get ahold of a reasonably intelligent real-life tech support guy at the other end of the phone support number. If not, you need to find out where the infected PC that is sending the spam is located, and have them and their service provider notified so that they can shut off spammy's flow. Much of which has been described in various ways here. If you are finding that the problem is your ISP doesn't seem sympathetic or is clueless, I'd recommend switching to one who is not as clueless. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sat Dec 3 20:37:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:40:02 2005 Subject: [SpamCop-List] Popgate "Cannot contact server" Message-ID: All of my MSN Hotmail and Yahoo! Accounts at POP Configuration are showing "Cannot contact server" with Error Counts from 11 to 12 (indicating errors going back 165 minutes (2.75 hours) to 180 minutes (3.0 hours)). Are others of you having the same problem? I have notified JT. Updates to this situation will be at http://forum.spamcop.net/forums/index.php?showtopic=5462&view=findpost&p=37149 . -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:40:57 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:45:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Geoffrey Hyde" a écrit dans le message de news: dmtgj3$87e$2@news.spamcop.net... > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold > of a reasonably intelligent real-life tech support guy at the other end of > the phone support number. There's no bounce error. These are real spams sent directly from known open relays. > If not, you need to find out where the infected PC that is sending the > spam is located, and have them and their service provider notified so that > they can shut off spammy's flow. Much of which has been described in > various ways here. Not needed. I let Spamcop determine the source itself and report spams correctly to the appropriate abuse desks. Regarding this spam, all the Spamcop-generated reports seem to go to spamcop@imaphost.com (in addition to another ISP). This looks like imaphost.com is acting as a relay for the infected PCs that are running zomby viral spamwares, and imaphost.com currently does not close the relay authorization from its customers. > If you are finding that the problem is your ISP doesn't seem sympathetic > or is clueless, I'd recommend switching to one who is not as clueless. There's no problem at my ISP. The problem is at the source network that is hosting the open-relays, apparently all of them being related to imaphost.com (that's not my ISP). The effective propagation is: - spammer sends instructions and posts lists of emails to some IRC server, where the zombies can discover themselves andact as a large spamming network. - infected PCs are listening for instructions from this IRC server, and they download lists of emails addresses to send spam to - the infected PCs (that are acting as open-relays) are sending a copy of the spam email to their current email provider (imaphost.com) - imaphost.com relays those spams, because it currently trusts these sources that appear to be among their subscribed customers - imaphost.com relays the spam to my ISP that accepts it because it currently trusts (doesnot block) imaphost.com - these spams fill my mailbox despite I have subscribed (and paid) an antispam option that should direct them to another folder with limited capacity. - I have informed my ISP that its antispam filter is currently not blocking those spams as it should; I am waiting for them to update their filter) - for now I need to setup my own personal blocking list on top of my ISP's filter. From jeffg at spamcop.net Sat Dec 3 20:47:54 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:50:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > [copy of spam with headers] Why did you post that spam in this newsgroup? Philippe Verdy wrote: > These spams are constantly reported to spamcop@imaphost.com which > seems to be the owner of the networks where all the zombies are > installed. > > It's strange that a service provider like imaphost.com which has > signed an agreement with SpamCop.Net to get special reports doesnot > take any action to block these repeted emails at its source before it > lets its users forwards these emails worldwide. > > Is imaphost.com really serious? I am quite ready to blacklist > imaphost.com completely... That's Cyveillance. Google is your friend. :) -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:58:11 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > Philippe Verdy wrote: >> [copy of spam with headers] > > Why did you post that spam in this newsgroup? I forgot that rule for posting here (it's been a long time since I have used this newsgroup, given that my antispam systems are now working very effectively to block almost all of them, about 400 to 800 spams each day, and only a few not blocked; but this TeamAaronShara spamisthe most active one and it currently escapes from the blocking rules,andI don't know why,given that it has a static content and a very easily identifiable signature). In fact I avoid newsgroups most of the time, as they are the *easiest* way for spammers to collect more active email addresses in their illegal databases (and they often know the various tricks used in newsgroups to "encypher" personnal email addresses like this in this message, using various string transformations, such as automatic removal of parenthesized comments in email addresses, transformation of "(at)" into "@", and so on...) > Philippe Verdy wrote: >> These spams are constantly reported to spamcop@imaphost.com which >> seems to be the owner of the networks where all the zombies are >> installed. > > That's Cyveillance. Google is your friend. :) OK, thanks for noting that (in the past Cyveillance used other (hidden) report addresses, I did not know that it was changed to use imaphost.com). Well Spamcop also always reports to a second address. I should have read more carefully the Spamcop processing messages. From jeffg at spamcop.net Sat Dec 3 21:03:09 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 21:05:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" wrote in message > news:dmtcom$5tt$1@news.spamcop.net... >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I didn't have it running because for viewing it is incompatible with my new light-on-dark color scheme. Sorry for the inconvenience. I ran it again as a test just for you. It is "Version 1.19.2", http://flash.to/oblivion appears to have been taken over, and that is the latest version per http://home.in.tum.de/~jain/software/oe-quotefix/downloads.php . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 03:04:29 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:10:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. I do not provide Official SpamCop.Net Customer Support - please > see "How To Get Official SpamCop.Net Customer Support" at > http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. Thanks for pointing this information in your signature. I did not know that there was a web forum now. I think it's best for me to post there instead of this unsecure newsgroup, because the forum will protect the privacy of my email address. From MikeE at ster.invalid Sat Dec 3 18:08:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 21:10:06 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I understand what he meant; and what I meant and described in detail was that what jg posted to demonstrate what was the 'problem' with Jeff's post demonstrated instead what was wrong with the way jg's OE/QF was working, so I was telling jg how to fix his OE/QF so that it would work properly. Properly functioning, OEQF is designed to fix existent formatting problems as well as prevent them. The reformatting works 'all over the place'. But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't working right it malfunctions; if you configure it properly, you can unscramble its 'limited' brainpower and 'force' it to work properly again. I was providing a formula to jg for doing that, as well as a demonstration of the difference between a properly working QF and a 'sick' one. Downloading and installing OE/QF is one thing. Making it work right is another. We're way beyond downloading it; now we're talking about mastering it. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Dec 3 21:58:55 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 22:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > "Jeff G." a ?crit dans le message de news: > dmthsu$94h$1@news.spamcop.net... >> I have been a SpamCop User/Member/Customer since 1999 and am a >> Moderator of the new web-based forums (now the primary method for >> getting help, http://forum.spamcop.net). Please contact me via Forum >> only. I do not provide Official SpamCop.Net Customer Support - >> please see "How To Get Official SpamCop.Net Customer Support" at >> http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. > > Thanks for pointing this information in your signature. I did not > know that there was a web forum now. I think it's best for me to post > there instead of this unsecure newsgroup, because the forum will > protect the privacy of my email address. You're quite welcome! -- Best Regards, Jeff G. [rest of sig above] From borgholio at storymind.com Sat Dec 3 19:25:02 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 22:25:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam In-Reply-To: References: Message-ID: Jeff G. wrote: > "Borgholio" wrote in message > news:dmtdt2$6f6$1@news.spamcop.net... > >>Full spam posted in .spam. Manually reporting spam should report >>spamvertised sites, right? Well it's not, at least in this case. > > Most of > >>the time it locates the links but doesn't report them, nor does it > > give any > >>indication of why it's not reporting. What's up? > > > SNAFU. Refresh enough times and it should work. Please direct your > complaints to SpamCop Admin. Ref: > http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z > and "FAQ Entry: The Link Analysis Process" at > http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? From rwcs at spamcop.net Sat Dec 3 23:16:31 2005 From: rwcs at spamcop.net (BMW) Date: Sat Dec 3 23:20:02 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: Borgholio wrote: > Anybody else getting a ton of spam from these idiots? The emails seem > to be coming from several different networks, all over the world. > What's the deal? I have read through the threads in this discussion, and I'm not seeing what to do about TeamAaronShara. It is blatantly obvious to the casual observer that spamcop reports only fuel the fire, and no amount of reporting is going to deter this spammer. Sure would like to find an effective solution to this problem. From borgholio at storymind.com Sun Dec 4 00:03:08 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 03:05:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: BMW wrote: > Borgholio wrote: > >> Anybody else getting a ton of spam from these idiots? The emails seem >> to be coming from several different networks, all over the world. >> What's the deal? > > > I have read through the threads in this discussion, and I'm not seeing > what to do about TeamAaronShara. It is blatantly obvious to the casual > observer that spamcop reports only fuel the fire, and no amount of > reporting is going to deter this spammer. Sure would like to find an > effective solution to this problem. I'm manually reporting them in hopes of getting the spamvertised sites shut down too...or at least "harassed". But Spamcop is acting wanky right now and isn't reporting spamvertised links. :-/ From borgholio at storymind.com Sun Dec 4 01:52:52 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 04:55:25 2005 Subject: [SpamCop-List] Update on TeamAaronShara - they claim it's a joe job Message-ID: Here's their link: http://www.teamaaronshara.com/daily.html Based on how it's a pretty decent sized flood that came out of nowhere, I'm half-inclined to believe them. Some forum posts I found on Google were from people who claimed TAS was a scam organization...so that if this is a joe-job, that's the culprit. From redford_stone at INVERSE_OF_COLDmail.com Sun Dec 4 11:03:51 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sun Dec 4 06:05:11 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Berny" wrote in news:dms20c$fmn$1@news.spamcop.net: > > 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes > the gif and puts it in a separate folder. Larts only contain the name > of the gif file, not the gif, so there is no payload > There are always exceptions.. this is one of them. (Looks like we are being spammed by the same spammer.) When I have time, I'm going to try an OCR program to convert it to a text document. From nobody at nowhere.invalid Sun Dec 4 12:12:07 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 4 06:15:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Sun, 4 Dec 2005 11:25:52 +1000, Geoffrey Hyde coughed into spamcop and left this in : > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold of > a reasonably intelligent real-life tech support guy at the other end of the > phone support number. There's no such thing as a "reasonably intelligent" life form in the whole organisation of his ISP: Wanadoo.fr. -- Steve Linux: the choice of a GNU generation -- ksh @ cis . ufl . edu put this on Tshirts in '93 From jeffg at spamcop.net Sun Dec 4 06:32:00 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 06:45:02 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: Borgholio wrote: > Jeff G. wrote: >> "Borgholio" wrote in message >> news:dmtdt2$6f6$1@news.spamcop.net... >> >>> Full spam posted in .spam. Manually reporting spam should report >>> spamvertised sites, right? Well it's not, at least in this case. >>> Most of the time it locates the links but doesn't report them, nor >>> does it give any indication of why it's not reporting. What's up? >> SNAFU. Refresh enough times and it should work. Please direct your >> complaints to SpamCop Admin. Ref: >> http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z >> and "FAQ Entry: The Link Analysis Process" at >> http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? You can email service[at]admin.spamcop.net or see the bottom link in my sig below. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 08:54:10 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 08:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: Borgholio wrote: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, > I'm half-inclined to believe them. Some forum posts I found on Google > were from people who claimed TAS was a scam organization...so that if > this is a joe-job, that's the culprit. Help me out here, What is a joe-job? From rwcs at spamcop.net Sun Dec 4 08:58:33 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 09:00:03 2005 Subject: [SpamCop-List] Spamcop Blacklist Message-ID: Does SC accept any IP block syntax in the blacklist? Does the Blacklist apply to the "Held Mail"? From jeffg at spamcop.net Sun Dec 4 09:45:23 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: I assume you are referring to the SCBL (the SpamCop Blocking List). Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL for details. BMW wrote: > Does SC accept any IP block syntax in the blacklist? No, IP Addresses wind up on the SCBL by way of having been Reported as having been the source of spam using the SpamCop Parsing and Reporting System. Please see http://www.spamcop.net/fom-serve/cache/297.html for more details. > Does the Blacklist apply to the "Held Mail"? That depends on the personal preference of the SpamCop Email System Customer, specifically the status of the Checkbox for it on https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more details. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Sun Dec 4 09:50:03 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job References: Message-ID: BMW wrote: > Borgholio wrote: >> Here's their link: >> >> http://www.teamaaronshara.com/daily.html >> >> Based on how it's a pretty decent sized flood that came out of >> nowhere, I'm half-inclined to believe them. Some forum posts I >> found on Google were from people who claimed TAS was a scam >> organization...so that if this is a joe-job, that's the culprit. > Help me out here, What is a joe-job? Per http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916&#Joe : 1. A "joe job" is a spam run forged to appear to come from another innocent party, with the intention of generating complaints about the victim and damaging their reputation. 2. A Joe job is an e-mail spam designed to tarnish the reputation of an innocent third party. Despite having existed since at least 1996, Joe jobs are uncommon compared to other types of spam because they provide no commercial benefit to the Joe jobber. 3. A "joe job" is something far above and distinct from the all too typical spammer construct of a "From" Address Forgery For more info: "Why am I getting all these bounces?" at http://forum.spamcop.net/forums/index.php?showtopic=203 http://spamlinks.net/faqs-joejob.htm http://en.wikipedia.org/wiki/Joe_jobs -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 11:07:00 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 11:10:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Jeff G. wrote: > I assume you are referring to the SCBL (the SpamCop Blocking List). > Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL > for details. > > BMW wrote: > >>Does SC accept any IP block syntax in the blacklist? > > > No, IP Addresses wind up on the SCBL by way of having been Reported as > having been the source of spam using the SpamCop Parsing and Reporting > System. Please see http://www.spamcop.net/fom-serve/cache/297.html for > more details. > > >>Does the Blacklist apply to the "Held Mail"? > > > That depends on the personal preference of the SpamCop Email System > Customer, specifically the status of the Checkbox for it on > https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or > http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please > see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more > details. > No, I am not referring to SCBL. Please be patient with my rant, I'm growing increasingly frustrated with the SC service. 1) I'm configured to "Block All", which means if the sender isn't on my whitelist the email remains in my "Held Mail". This is most effective in blocking 99.99% of the Spam directed at my email addresses. My problem is with a lack of control and filtering of my Held Mail. There seems to be NO way to reject mail from chronic, persistent sources. 2) I understand SC's mission, and I wish to be cooperative up to a point. That point is were SC is obviously ineffective. Please don't think I'm ragging on SC and it's efforts, they are a great team and a noble effort BUT they can't control everyone or everything. There are spammers and providers that SC can't affect. There are enough other people reporting this stuff, I don't need to be bothered with it. 3) This morning was a perfect example of my problem. . . 140 messages in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net address). As this clutter increases, my error rate follows. . . mail reported when it shouldn't be, important messages missed, etc. I don't believe for a nanosecond that reporting yet another message from TeamAaronShara is going to have ANY positive effect. I need a way to simply block or reject messages from my SC account and I need it NOW. 4) SC has to address this problem SOON or I will be forced to drop the service, because it is not working for me. From jg at coks.net Sun Dec 4 08:26:59 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:25:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 6:08 PM Mike Easter scribbled: > Geoffrey Hyde wrote: > >>"Mike Easter" >> >>>jg wrote: >>> >>> >>>>Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>got cross eyed reading the orig of above post... >>>>sorry... >>> >>>While I'm in favor of as many people using QuoteFix as need to, my QF >>>fixed Jeff's post; see below. >>> >>>If yours did not, then your QF has run out of its 'memory leak space' >>>buffer, and you need to: >> >>I think what he meant was that Jeff needs to download and install the >>QF client, and that Jeff doesn't have it installed - for one reason >>or another. > > > I understand what he meant; and what I meant and described in detail > was that what jg posted to demonstrate what was the 'problem' with > Jeff's post demonstrated instead what was wrong with the way jg's OE/QF > was working, so I was telling jg how to fix his OE/QF so that it would > work properly. > > Properly functioning, OEQF is designed to fix existent formatting > problems as well as prevent them. The reformatting works 'all over the > place'. > > But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't > working right it malfunctions; if you configure it properly, you can > unscramble its 'limited' brainpower and 'force' it to work properly > again. I was providing a formula to jg for doing that, as well as a > demonstration of the difference between a properly working QF and a > 'sick' one. > > Downloading and installing OE/QF is one thing. Making it work right is > another. We're way beyond downloading it; now we're talking about > mastering it. > > Geoff had it right... I don't use OE so QF won't do me much good, thanks anyway. From jg at coks.net Sun Dec 4 08:29:02 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:30:03 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 4:13 PM Borgholio scribbled: > jg wrote: > >>On 12/3/2005 2:14 PM Borgholio scribbled: >> >> >> >>>Anybody else getting a ton of spam from these idiots? The emails seem to be >>>coming from several different networks, all over the world. What's the deal? >> >>Doesn't sound familiar here - So. Cal. - just as well, got enuff of my >>own idiots falling in... > > > I live in Burbank...the epitome of SoCal. :) It was for Johnny Carson, but IMHO Venice is the epitome.. From MikeE at ster.invalid Sun Dec 4 08:44:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 11:45:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: >>> Does SC accept any IP block syntax in the blacklist? >>> Does the Blacklist apply to the "Held Mail"? > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. I don't use SC mail, so I'm only speaking as a total 'outsider' who can't even see the SC mailsystem configuration page. But I understand what you are saying. > 1) I'm configured to "Block All", which means if the sender isn't on > my whitelist the email remains in my "Held Mail". That would be what I call 'whitelisteds only'. I use a client side spamfilter. I could configure it in that way. I could even configure the primitive mailuseragent OE to put only my whitelisteds into my Inbox. However, my client is not a server. A server is capable of rejecting mail during the smtp transaction. I don't have that capability. > This is most > effective in blocking 99.99% of the Spam directed at my email > addresses. My problem is with a lack of control and filtering of my > Held Mail. There seems to be NO way to reject mail from chronic, > persistent sources. You are correct. Your SC mailbox is not a server. I suppose there /might/ be some way to automatically delete some of your held mail but I can't see the SC mail place.. > 2) I understand SC's mission, and I wish to be cooperative up to a > point. That point is were SC is obviously ineffective. Please don't > think I'm ragging on SC and it's efforts, they are a great team and a > noble effort BUT they can't control everyone or everything. There are > spammers and providers that SC can't affect. There are enough other > people reporting this stuff, I don't need to be bothered with it. I understand that you are saying that some subset of your held mail you don't want held [any longer than being diverted there] and you don't want to report it, you just want it to disappear. You want a function with 3 forks, inbox, held, and deleted by being blocked from inbox or held. My provider's spamblocker setting on high provides 3 forks, known, suspect, and inbox for whitelisteds. My gmail account has a 'crude' filter system for from, to, subject, or words which gmail would handle according to my wishes. > 3) This morning was a perfect example of my problem. . . 140 messages > in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net > address). As this clutter increases, my error rate follows. . . mail > reported when it shouldn't be, important messages missed, etc. I > don't believe for a nanosecond that reporting yet another message from > TeamAaronShara is going to have ANY positive effect. I need a way to > simply block or reject messages from my SC account and I need it NOW. I don't know if SC has a 3 fork system or not. Many spam filters like to handle an item as 'positive' or 'negative' as a 2 fork process. > 4) SC has to address this problem SOON or I will be forced to drop the > service, because it is not working for me. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 4 09:00:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: Mike Easter wrote: > BMW wrote: > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > >> 1) I'm configured to "Block All", which means if the sender isn't on >> my whitelist the email remains in my "Held Mail". I understand that there is also a personal blacklist, but I don't know what happens to something which you put there. http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal Blacklist and Whitelist -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 12:06:13 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:10:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > BMW wrote: > > >>>>Does SC accept any IP block syntax in the blacklist? > > >>>>Does the Blacklist apply to the "Held Mail"? > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > > >>1) I'm configured to "Block All", which means if the sender isn't on >>my whitelist the email remains in my "Held Mail". > > > That would be what I call 'whitelisteds only'. I use a client side > spamfilter. I could configure it in that way. I could even configure > the primitive mailuseragent OE to put only my whitelisteds into my > Inbox. > > However, my client is not a server. A server is capable of rejecting > mail during the smtp transaction. I don't have that capability. > > >>This is most >>effective in blocking 99.99% of the Spam directed at my email >>addresses. My problem is with a lack of control and filtering of my >>Held Mail. There seems to be NO way to reject mail from chronic, >>persistent sources. > > > You are correct. Your SC mailbox is not a server. I suppose there > /might/ be some way to automatically delete some of your held mail but I > can't see the SC mail place.. > > >>2) I understand SC's mission, and I wish to be cooperative up to a >>point. That point is were SC is obviously ineffective. Please don't >>think I'm ragging on SC and it's efforts, they are a great team and a >>noble effort BUT they can't control everyone or everything. There are >>spammers and providers that SC can't affect. There are enough other >>people reporting this stuff, I don't need to be bothered with it. > > > I understand that you are saying that some subset of your held mail you > don't want held [any longer than being diverted there] and you don't > want to report it, you just want it to disappear. You want a function > with 3 forks, inbox, held, and deleted by being blocked from inbox or > held. > > My provider's spamblocker setting on high provides 3 forks, known, > suspect, and inbox for whitelisteds. My gmail account has a 'crude' > filter system for from, to, subject, or words which gmail would handle > according to my wishes. > > >>3) This morning was a perfect example of my problem. . . 140 messages >>in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net >>address). As this clutter increases, my error rate follows. . . mail >>reported when it shouldn't be, important messages missed, etc. I >>don't believe for a nanosecond that reporting yet another message from >>TeamAaronShara is going to have ANY positive effect. I need a way to >>simply block or reject messages from my SC account and I need it NOW. > > > I don't know if SC has a 3 fork system or not. Many spam filters like > to handle an item as 'positive' or 'negative' as a 2 fork process. > > >>4) SC has to address this problem SOON or I will be forced to drop the >>service, because it is not working for me. > > I have a web presence, and my contact info "routes" through SC. I really can't afford to miss new business. So the SC system of block all works well 99% of the time (first contact is delayed for review). The problem becomes one of clutter. It is unfortunate that SC is ineffective against the determined spammers, BUT it is a fact of life. SC admin PLEASE PLEASE PLEASE develop a solution! From rwcs at spamcop.net Sun Dec 4 12:14:36 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:15:04 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>BMW wrote: > > >>I don't use SC mail, so I'm only speaking as a total 'outsider' who >>can't even see the SC mailsystem configuration page. But I understand >>what you are saying. >> >> >>>1) I'm configured to "Block All", which means if the sender isn't on >>>my whitelist the email remains in my "Held Mail". > > > I understand that there is also a personal blacklist, but I don't know > what happens to something which you put there. > > http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal > Blacklist and Whitelist > > > It is my understanding ALL filters, blacklists, and the like, affect what is allowed through to your Inbox. I'm becoming painfully aware there is no solution here for the TeamAaronShara's of the world when it comes to your Held Mail box. (SC wants the stuff reported rather than deleted or rejected). The paradox is that reporting is ineffective as a control in some cases. From MikeE at ster.invalid Sun Dec 4 09:16:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:20:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: >Mike Easter scribbled: >> Geoffrey Hyde wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>> got cross eyed reading the orig of above post... >>>>> sorry... >>>> >>>> While I'm in favor of as many people using QuoteFix as need to, my >>>> QF fixed Jeff's post; see below. > Geoff had it right... > I don't use OE so QF won't do me much good, thanks anyway. Oh, I get it now. You were telling Jeff to dl and use QF with his OE, but not because /you/ were using QF. Furrfu. If you *had* been using OE with QF, you wouldn't have been having the problem with seeing what you were seeing with Tbird or Mozilla or whatever it is you use. That is, as bad as OE is about its formatting problem, the improvement in the reading of badly formatted posts which QF provides is much better than what you get with your newsreader -- Mike Easter kibitzer, not SC admin From jg at coks.net Sun Dec 4 09:27:05 2005 From: jg at coks.net (jg) Date: Sun Dec 4 12:25:02 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: On 12/4/2005 1:52 AM Borgholio scribbled: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, I'm > half-inclined to believe them. Some forum posts I found on Google were from > people who claimed TAS was a scam organization...so that if this is a > joe-job, that's the culprit. Given their chosen /business/ , I would expect joejob to be a normal and recurring event. Nothing pisses you off more than losing money with your own stupidity. And if you beleive this system, you are stupid... From MikeE at ster.invalid Sun Dec 4 09:34:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:35:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Mike Easter wrote: >> I understand that there is also a personal blacklist, but I don't >> know what happens to something which you put there. > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants th69.174.179.116e stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. I can't help finetune or 'subfilter' something I can't see. But I know that on all of my mail systems ie my provider EL and my gmail account and my SpamPal proxy filter and my primitive mailuseragent OE, that I could segregate a specific item such as TeamAaronShara and handle it differently by putting it into its own folder or deleting it automatically. I could have it in a gmail folder or trashed. My EL could keep it out of my other unknown nonwhitelisteds by blacklisting it on a high spamblocker setting. My OE could autodelete it or put it in its own folder. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sun Dec 4 11:47:38 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Dec 4 12:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , BMW writes: > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. If you had posted in spamcop.mail, the notion that you are referring to the SpamCop Filtering Service would be more clear. From MikeE at ster.invalid Sun Dec 4 09:48:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:50:07 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants the stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. You don't have to report anything which is SC held that you don't want to report. When I read about other mail services, such as cotse, those services allow you to mail discriminate at the server^1 level. Also, the blacklisting process works like this: 'Blacklisting Sender(s) is a useful tool for preventing specific individuals, specific organizations, or entire domains from contacting you via email. Any time you receive an email you don't want, you can blacklist the sender or domain for the future by simply clicking a link while the email is open in your webmail interface (i.e., when you are looking at the message page). You can also manually edit your blacklist to add or delete particular senders or domains. All mail from blacklisted sources will be delivered to your Trash folder, deleted, or rejected, at your option." ^1 Whereas most systems deliver mail to your inbox and then apply filters, Cotse's filters are server-side, i.e., they are applied before the mail ever gets to you. Note that you do not need to choose among spam filtering methods: you can enable any or all of the following: http://www.cotse.net/emailfilters.html Of course, cotse is a lot of other things besides just a mail service, so it doesn't cost $30/y, it costs about $6/mo for the whole enchilada, but you get a lot. Oho, I see here that cotse now has an email only account of $50/y purchasable as 6 mos. Personally if I were going to buy cotse's email, I would buy the whole thing for about $22/y more. -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 13:41:52 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 13:45:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , BMW writes: > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > If you had posted in spamcop.mail, the notion that you are referring > to the SpamCop Filtering Service would be more clear. Yet another layer of frustration, SC has seven, count them, 7 forums. How can anyone (any casual user) figure out which one is most appropriate for any given issue? Some of us are NOT interested in becoming geeks, we just want easy to use, effective services. In retrospect I can see how stupid I've been posting spamcop issues on the spamcop forum! I have got to go find some other answer, you guys really don't get it! From MikeE at ster.invalid Sun Dec 4 11:00:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 14:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Larry Kilgallen wrote: >> If you had posted in spamcop.mail, the notion that you are referring >> to the SpamCop Filtering Service would be more clear. > > Yet another layer of frustration, SC has seven, count them, 7 forums. Actually news.spamcop.net has 10 ng/s - counting test, control, and control cancel > How can anyone (any casual user) figure out which one is most > appropriate for any given issue? That is a fair question and the answer is not handled well at SC at all -- I've been crabbing about that subject for a long time. There are several sources of answers. First of all, you can use your newsreader to acquire an nntp description of all of the groups. Without posting all of the descriptions here, I'll just point out that appropriate descriptions exist for geeks and social and all of the rest but one and also that the descriptions of the groups spamcop, mail, and help are as follows: spamcop: General SpamCop Discussion spamcop.help: Help with spam and using spamcop spamcop.mail: Notice that the description for spamcop.mail is empty. Another source of information is on this page http://www.spamcop.net/help.shtml#nntp which names and describes 4 of the groups, but doesn't even mention help or mail.-- as if they didn't exist on the newsserver. > Some of us are NOT interested in > becoming geeks, we just want easy to use, effective services. In > retrospect I can see how stupid I've been posting spamcop issues on > the spamcop forum! I have got to go find some other answer, you guys > really don't get it! The powers that be who perform most of the support for mail are partial to the webforum, and some links to the forum discussions have been posted here in the very earliest reply message. However, at the time of that posting, the confusion over the intent of your original post was prevalent. There's a whole section for spamcop mail related questions in the forum at http://forum.spamcop.net/forums/index.php?showforum=4 SpamCop Email System & Accounts Subforums -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 14:03:25 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 14:05:09 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , BMW writes: > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > If you had posted in spamcop.mail, the notion that you are referring > to the SpamCop Filtering Service would be more clear. FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail forum. (Lists only 4 of the 7 forums available). I've looked at the .mail forum and I'm not having ANY problems with my Inbox filters. From jg at coks.net Sun Dec 4 11:11:20 2005 From: jg at coks.net (jg) Date: Sun Dec 4 14:10:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/4/2005 9:16 AM Mike Easter scribbled: > > That is, as bad as OE is about its formatting problem, the improvement > in the reading of badly formatted posts which QF provides is much better > than what you get with your newsreader > > Errr, whatever, Mike, and your point is?? /Everyone/ should use OE and QF so that they don't see the problem? OE did the bad formatting and I should find a way to fix it? Thanks anyway... From MikeE at ster.invalid Sun Dec 4 11:31:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 14:35:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: > Mike Easter scribbled: >> >> That is, as bad as OE is about its formatting problem, the >> improvement in the reading of badly formatted posts which QF >> provides is much better than what you get with your newsreader >> >> > Errr, whatever, Mike, and your point is?? That ideally newsreaders shouldn't format badly, but many of them do, and OE is one of the worst. Because so many newsreaders do format badly or imperfectly, ideally newsreaders should reformat, to undo what bad newsreader formatting has been done, and many do. > /Everyone/ should use OE and QF so that they don't see the problem? No. I agree with your premise that OE users should use QF to prevent its bad formatting problems. > OE did the bad formatting and I should find a way to fix it? Correct. See above 'because so many newsreaders format badly, ideally newsreaders should reformat to undo what bad newsreader formatting has done'. In the case of OE, it is necessary to use a 3rd party addon to do that reformatting as well as prevent the bad formatting in the first place. In the case of other newsreaders, the reformatting is built-in. > Thanks anyway... In the case of Tbird mozilla, the bad formatting behavior seen in OE doesn't appear to be much of a problem, but the reformatting of bad formatting isn't done as well as other 'reformatting' newsreaders or as well as QF's reformatting. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sun Dec 4 14:54:37 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 15:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "BMW" wrote in message news:dmv473$22k$1@news.spamcop.net... > Jeff G. wrote: > > I assume you are referring to the SCBL (the SpamCop Blocking List). > No, I am not referring to SCBL. Sorry about the confusion. I suggest that you use the Webmail Filters on your "Held Mail" mailbox/Folder (you have to press the little funnel icon each time you want to do this) to delete the TeamAaronShara messages and any others that you'd rather delete than Report. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From borgholio at storymind.com Sun Dec 4 12:15:19 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 15:15:02 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: jg wrote: > On 12/3/2005 4:13 PM Borgholio scribbled: > > >>jg wrote: >> >> >>>On 12/3/2005 2:14 PM Borgholio scribbled: >>> >>> >>> >>> >>>>Anybody else getting a ton of spam from these idiots? The emails seem to be >>>>coming from several different networks, all over the world. What's the deal? >>> >>>Doesn't sound familiar here - So. Cal. - just as well, got enuff of my >>>own idiots falling in... >> >> >>I live in Burbank...the epitome of SoCal. :) > > It was for Johnny Carson, but IMHO Venice is the epitome.. It was when it actually had canals. :) From borgholio at storymind.com Sun Dec 4 12:16:19 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 15:20:02 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: jg wrote: > On 12/4/2005 1:52 AM Borgholio scribbled: > > >>Here's their link: >> >>http://www.teamaaronshara.com/daily.html >> >>Based on how it's a pretty decent sized flood that came out of nowhere, I'm >>half-inclined to believe them. Some forum posts I found on Google were from >>people who claimed TAS was a scam organization...so that if this is a >>joe-job, that's the culprit. > > Given their chosen /business/ , I would expect joejob to be a normal and > recurring event. > Nothing pisses you off more than losing money with your own stupidity. > And if you beleive this system, you are stupid... I agree completely, they're definitely dubious...if not outright scammers. But if what they're doing is not outright illegal, it makes sense they'd piss someone off enough to joe-job them. From not at home.today Sun Dec 4 20:22:53 2005 From: not at home.today (Ant) Date: Sun Dec 4 15:25:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Mike Easter" wrote: > [...] In the case of OE, it is necessary to use a 3rd party addon to > do that reformatting as well as prevent the bad formatting in the first > place. Bah! No add-ons or plugins necessary. Set OE line length to the max, and use a text editor (capable of showing line length) to format your posts and repair bad cites. Then what you see is what you post is what everyone else gets. From / at /.cn Mon Dec 5 07:29:55 2005 From: / at /.cn (Petzl) Date: Sun Dec 4 15:35:03 2005 Subject: [SpamCop-List] Re: TeamAaronShara... References: Message-ID: "Borgholio" wrote in message news:dmu7r1$j67$1@news.spamcop.net... > BMW wrote: >> Borgholio wrote: >> >>> Anybody else getting a ton of spam from these idiots? The emails seem >>> to be coming from several different networks, all over the world. >>> What's the deal? >> >> >> I have read through the threads in this discussion, and I'm not seeing >> what to do about TeamAaronShara. It is blatantly obvious to the casual >> observer that spamcop reports only fuel the fire, and no amount of >> reporting is going to deter this spammer. Sure would like to find an >> effective solution to this problem. > > I'm manually reporting them in hopes of getting the spamvertised sites > shut down too...or at least "harassed". But Spamcop is acting wanky right > now and isn't reporting spamvertised links. :-/ The site mentioned by this spammer are a JoeJob Quick reporting is adequate to keep the and any injection point IP listed and blocked SpamAssassin is 100% accurate in sorting this junk into my Very Easy Reporting folder None is getting to my in box Have checked some of the source IP's and all are listed by SCBL Petzl From jg at coks.net Sun Dec 4 12:45:56 2005 From: jg at coks.net (jg) Date: Sun Dec 4 15:45:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/4/2005 11:31 AM Mike Easter scribbled: > In the case of Tbird mozilla, the bad formatting behavior seen in OE > doesn't appear to be much of a problem, but the reformatting of bad > formatting isn't done as well as other 'reformatting' newsreaders or as > well as QF's reformatting. > Kinda hard to make a silk purse out of a sow's ear - my Mom says... From rwcs at spamcop.net Sun Dec 4 17:12:52 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 17:15:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Jeff G. wrote: > "BMW" wrote in message > news:dmv473$22k$1@news.spamcop.net... > >>Jeff G. wrote: >> >>>I assume you are referring to the SCBL (the SpamCop Blocking List). >> >>No, I am not referring to SCBL. > > > Sorry about the confusion. I suggest that you use the Webmail Filters > on your "Held Mail" mailbox/Folder (you have to press the little funnel > icon each time you want to do this) to delete the TeamAaronShara > messages and any others that you'd rather delete than Report. > Good idea thanks, I didn't know that existed. . . can you use the selection feature to "Report"? From rwcs at spamcop.net Sun Dec 4 17:14:39 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 17:15:06 2005 Subject: [SpamCop-List] Seeking Advice Message-ID: This is my third and last thread on the subject. I'm not getting through the maze of these forums with a usable answer for me and my business. Please if you don't use the paid service, and you are not familiar with how it differs from the free service, Please don't muddy the waters with irrelevant responses. Things in my email world have to change. My current structure has things that work well and things that are seriously broken, with little prospect for a solution. My structure - I have multiple domains at which I receive email, some of which are posted as contact info on my web sites (spam is a given in this situation). I need the new business so I'm unwilling to remove the email addresses from my web pages. SC collects mail from these domain POPs and places them in my "Held Mailbox". Also the mail that is sent directly to my spamcop.net account also goes into my Held Mail. If the mail "passes" through a filter it is moved to my Inbox. My domain POPs offer filtering so that the "TeamAaronShara's" are easily controlled. BUT SC doesn't. When I get these mail bombs it is very difficult and time consuming to sort through hundreds of messages in Held Mail looking for legit communications. The frustrating part is that SC doesn't offer any filter for the Held Mailbox, NO select by string, so mail sent directly to the spamcop address always ends up in the Held Mail NO MATTER What, and selection of the messages is all or individual clicks. I'm thinking I'm at least going to have to change my spamcop.net address. . . and not give it out to anyone (as inconvenient as that is). Forcing all communications through my domain POP, were I have a fighting chance to mitigate the effects of the un-controllable. At the point were I'm ready to surrender my spamcop.net address I need to evaluate whether or not I need to continue to pay SC for an account. There are lots of spam control competitors out there. I'm going to have to restructure, and I'm looking for ideas. . . Gotta get it right this time. From skiwi at spamcop.net Sun Dec 4 14:39:49 2005 From: skiwi at spamcop.net (Skiwi) Date: Sun Dec 4 17:40:02 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] In-Reply-To: References: Message-ID: BMW wrote: [snip] > The frustrating part is that SC doesn't offer > any filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual clicks. [snip] I just: - logged into my paid account - went to webmail (i.e., the portal from where my local client POPs it off) - clicked the filters icon in the tool bar - clicked 'edit your filter rules' under filter setting - clicked 'new rule' on the following screen - named the new rule, selected my conditions ("TeamAaronShara" in body as an example), and set the 'do this' to discard - saved it Am I missing something that you wanted to do? (I think I found what you were after amongst your postings verbiage...) From MikeE at ster.invalid Sun Dec 4 14:59:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 18:00:02 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > I'm not getting > through the maze of these forums with a usable answer for me and my > business. Not forums. Typically newsgroups are called newsgroups, and web based forums are called forums. While forums can be anything from newsgroups to old fashioned bulletin boards to mailing lists -- in the context of spamcop, there is a webforum community and an nntp newsgroup community. This is the nntp newsgroup community, the webforum community is over there ==> > Please if you don't use the paid service, and you are not familiar > with how it differs from the free service, Please don't muddy the > waters with irrelevant responses. Re Please I'm sure anyone will comment who feels like it. You are being the muddying one. Spamcop reporting comes in free and paid. Spamcop mail is always paid, never free, and the users of the spamcop mail system have reporting facilitated for them. > Things in my email world have to change. My current structure has > things that work well and things that are seriously broken, with > little prospect for a solution. Then you should keep your ears open for suggestions. > My structure - I have multiple domains at which I receive email, some > of which are posted as contact info on my web sites (spam is a given > in this situation). There are a 'zillion' ways to publish easily mailable web addresses without hanging naked mailto/s out there for the webbots to scrape up. One site that has about half a zillion different demonstrated ways is this one -- oops, the link isn't accessible right now for me to finetune, so I'll get back to it later. > I need the new business so I'm unwilling to > remove the email addresses from my web pages. You should fix them so that they aren't naked mailto/s. The link came back up. I'll put it at the bottom^1 > SC collects mail from > these domain POPs and places them in my "Held Mailbox". You haven't actually described how SC gets the mail from some other mailbox, but you used the word pop, so I'm going to assume that you are popping them to spamcop rather than forwarding them. When you forward, there is an opportunity to exert some filtering influence by the forwarding system. And, actually it isn't SC which writes the rules for things going to your held mailbox, but you. That is, you tell SC how to put things into your held mailbox. > Also the > mail that is sent directly to my spamcop.net account also goes into > my Held Mail. According to your own rules. > If the mail "passes" through a filter it is moved to > my Inbox. My domain POPs offer filtering so that the > "TeamAaronShara's" are easily controlled. BUT SC doesn't. If you were forwarding instead of popping to SC you might be able to use some of your domain's server's filtering. Maybe. > When I get > these mail bombs it is very difficult and time consuming to sort > through hundreds of messages in Held Mail looking for legit > communications. One of the advantages of using a whitelisting only system is that the whitelisted mail is very 'clean'. One of the disadvantages of using a whitelisted only system is that if you get unknown unwhitelisted but wanted mail, it is going to be all mixed up with tons of spam. So as a result you are going to be 'digging through' tons of spam to find your uknown unwhitelisted. You would be better off with a better discriminatory system than whitelisted only if you are in the business of getting unknown wanted mail. The only people who can use whitelisted only easily are the people who only get mail from their friends or mailing lists and not uknown wanted. You aren't choosing a good strategy for your needs. >The frustrating part is that SC doesn't offer any > filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual > clicks. That's the part I have no comment on. > I'm thinking I'm at least going to have to change my spamcop.net > address. . . and not give it out to anyone (as inconvenient as that > is). Forcing all communications through my domain POP, were I have a > fighting chance to mitigate the effects of the un-controllable. > > At the point were I'm ready to surrender my spamcop.net address I need > to evaluate whether or not I need to continue to pay SC for an > account. There are lots of spam control competitors out there. You are correct. > I'm going to have to restructure, and I'm looking for ideas. . . Gotta > get it right this time. ^1 http://spamlinks.net/prevent-spambots-hiding.htm Generalised Hiders and Descriptions Javascript Email Encoders HTML Character Entities CSS Encoding Passive Web-based Scripts Web-based Contact Pages Other Methods Manual Address Munging -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 18:56:14 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 19:00:03 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] In-Reply-To: References: Message-ID: Skiwi wrote: > BMW wrote: > > [snip] > >> The frustrating part is that SC doesn't offer any filter for the Held >> Mailbox, NO select by string, so mail sent directly to the spamcop >> address always ends up in the Held Mail NO MATTER What, and selection >> of the messages is all or individual clicks. > > > [snip] > > I just: > > - logged into my paid account > > - went to webmail (i.e., the portal from where my local client POPs it > off) > > - clicked the filters icon in the tool bar > > - clicked 'edit your filter rules' under filter setting > > - clicked 'new rule' on the following screen > > - named the new rule, selected my conditions ("TeamAaronShara" in body > as an example), and set the 'do this' to discard > > - saved it > > Am I missing something that you wanted to do? (I think I found what you > were after amongst your postings verbiage...) I admit I have been using the http://mailsc.spamcop.net/reportheld?action=heldlog as opposed to http://webmail.spamcop.net. . . as far as I know the filter you refer to effects the contents of the Inbox, and my problem is sorting through Held Mail. I have tried some of the filters and they seem to have NO effect on the Held Mail Box. . . I could be wrong or missed something. From pxpearson at spamxcop.net Sun Dec 4 16:09:08 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Dec 4 19:10:03 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > My structure - I have multiple domains at which I receive email, some of > which are posted as contact info on my web sites (spam is a given in > this situation). Have you considered presenting your email address as an image, rather than as text? That makes it harder for automated address-scrapers to retrieve. > . . .. The frustrating part is that SC doesn't offer > any filter for the Held Mailbox, NO select by string, so mail sent > directly to the spamcop address always ends up in the Held Mail NO > MATTER What, and selection of the messages is all or individual clicks. You can define and apply filters to your Held Mail folder. I use this myself, as described at http://dodin.org/mediawiki/index.php/SpamCop (French). After clicking my way to my Held Mail folder, I click on the "filter" icon (located down on the line that begins "Held Mail"; not the filter on the higher toolbar line), and the filters I've defined move the obvious spam into a folder named "Spam for sure". I then review the surviving Held Mail messages myself (seldom finding even a single non-Spam there, which is a credit to the way Spamcop sorted my messages into Inbox versus Held Mail), select them all, report them as spam, change to my Spam For Sure folder, select all, report as spam. It helps if you configure your Held Mail page to display many many messages (e.g., 100) simultaneously, rather than just a handful. My only filtering strategies are (1) specific words that I'm sure no prospective client would use in the subject line of his introductory email, and (2) Spam Assassin ratings. If your business is selling kumquats, you might use a filter to steer messages mentioning kumquats back to your Inbox. I have a Python program that establishes an IMAP4 SSL connection to Spamcop and does fancier filtering, moving messages from Held Mail into Spam For Sure based on rules like mixing digits with letters, and I'd be happy to share it with you, but personally I haven't found it as useful as I hoped, and I don't run it any more. I hope you won't despair. Spamcop has been very effective for me, and I strongly suspect that you're having trouble only because Spamcop's powers are hidden behind a haze of poor documentation. The contributors to this newsgroup can help a lot. -- Remove the two x's to get a good email address. From pxpearson at spamxcop.net Sun Dec 4 16:14:56 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sun Dec 4 19:15:03 2005 Subject: [SpamCop-List] Re: Seeking Advice [filter rules seem self evident for discard] References: Message-ID: BMW wrote: > . . . as far as I know the > filter you refer to effects the contents of the Inbox, and my problem is > sorting through Held Mail. I have tried some of the filters and they > seem to have NO effect on the Held Mail Box. . . I could be wrong or > missed something. If I view my Held Mail folder and click the funnel icon that appears to the right of the words Held Mail, the filters seem to get applied to the Held Mail folder. I've made random guesses in attempts to get the filters applied automatically (e.g., at login), but to no avail; so I have to do an extra mouse click (namely, on the funnel icon) and wait for one screen refresh to arrive at the point where I'm looking at my filtered Held Mail folder. -- Remove the two x's to get a good email address. From verdy_p at wanadoo.fr Mon Dec 5 01:18:26 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sun Dec 4 19:20:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Steven Maesslein" a écrit dans le message de news: slrndp5jo7.4cg.nobody@127.0.0.1... > On Sun, 4 Dec 2005 11:25:52 +1000, Geoffrey Hyde coughed into spamcop > and left this in : > >> Are you saying that your ISP can't/won't stop address bounce errors?? If >> so, perhaps you should explain the problem to them, if you can get ahold >> of >> a reasonably intelligent real-life tech support guy at the other end of >> the >> phone support number. > > There's no such thing as a "reasonably intelligent" life form in the > whole organisation of his ISP: Wanadoo.fr. Stop ranting. This is clearly not the purpose of my report and you are out of topic. There are MUCH MUCH more worse ISPs than Wanadoo in the world. Wanadoo is acting reasonnably well given its size, and acts quite fast to spam reports, although it's not perfect. I have still never received any spam from Wanadoo customers, even on my other mailboxes hosted in other systems (MSN, Hotmail, Yahoo, and others, not all French ISPs). It may happen sometime, but will not persist as long as it is for other ISPs that are hosting LOTS of customers with indected PCs running viral spamware acting as open-relays. Almost all the spams I receive comes from a small subset of ISPs that are hosted in US, China, Brasil and Portugal, and often theses ISPs are much smaller than Wanadoo in terms of the volime of emails they are legitimately relaying for their customers, so they connect invoke a problem of size. Today, most Wanadoo customers use a external device (named "LiveBox") that is acting as a NAT router, a basic firewall that blocks outgoing SMTP connections, offers a VoIP decoder, a digital TV router over ATM connections, and so on. The effective spams that remain from Wanadoo customers is constantly going down. Also the spam/mail ratio is extremely low. Note that Wanadoo has been listed in the past for issues that it could not resolve itself (for example regarding reported emails for which the sender is no longer the customer, and for which Wanadoo and already dropped the account; there are still reports persisting in reporting those sites despite they are no longer in use since long by the spamming customer.) Note that French law still limits the time under which email relying logs canbekept by the ISP; this time has been recently extended by law, and these extended logs are now required for justice investigation, and a French ISP is now directly responsible for the illegal content it can help transfering, but is allowed now to act preemptively, a recent law against which several groups for the defense of freedom of expression and privacy are protesting, because it requires the ISP monitoring email that is no longer consider like private snail mail; the French law is insprired and was in fact required by the European EUDC Act, which is also a reponse to the US sollicitation to help secure the net against abuses and criminal or terrorist actions. From jg at coks.net Sun Dec 4 16:44:16 2005 From: jg at coks.net (jg) Date: Sun Dec 4 19:45:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! In-Reply-To: References: Message-ID: On 12/4/2005 4:18 PM Philippe Verdy scribbled: > > Note that French law still limits the time under which email relying logs > canbekept by the ISP; this time has been recently extended by law, and these > extended logs are now required for justice investigation, and a French ISP > is now directly responsible for the illegal content it can help transfering, > but is allowed now to act preemptively, a recent law against which several > groups for the defense of freedom of expression and privacy are protesting, > because it requires the ISP monitoring email that is no longer consider like > private snail mail; the French law is insprired and was in fact required by > the European EUDC Act, which is also a reponse to the US sollicitation to > help secure the net against abuses and criminal or terrorist actions. > > I for one am glad to hear of such positive things coming out of wanadoo, since from my end of the world, I receive a substantial amount of spam from that both .fr and .es wanadoos - had 1 yesterday. I wouldn't put them in the same class as kornet or cert.br or comcor.ru or *cn, leastwise by volume. From jg at coks.net Sun Dec 4 16:52:56 2005 From: jg at coks.net (jg) Date: Sun Dec 4 19:55:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! In-Reply-To: References: Message-ID: On 12/4/2005 4:44 PM jg scribbled: > On 12/4/2005 4:18 PM Philippe Verdy scribbled: > > > >>Note that French law still limits the time under which email relying logs >>canbekept by the ISP; this time has been recently extended by law, and these >>extended logs are now required for justice investigation, and a French ISP >>is now directly responsible for the illegal content it can help transfering, >>but is allowed now to act preemptively, a recent law against which several >>groups for the defense of freedom of expression and privacy are protesting, >>because it requires the ISP monitoring email that is no longer consider like >>private snail mail; the French law is insprired and was in fact required by >>the European EUDC Act, which is also a reponse to the US sollicitation to >>help secure the net against abuses and criminal or terrorist actions. >> >> > > I for one am glad to hear of such positive things coming out of wanadoo, > since from my end of the world, I receive a substantial amount of spam > from that both .fr and .es wanadoos - had 1 yesterday. I wouldn't put > them in the same class as kornet or cert.br or comcor.ru or *cn, > leastwise by volume. > Here's one from a minute ago... http://www.spamcop.net/sc?id=z836463173z5d511313386620ef170ee647677cb6acz From rwcs at spamcop.net Sun Dec 4 20:14:00 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 20:15:03 2005 Subject: [SpamCop-List] Re: Seeking Advice In-Reply-To: References: Message-ID: Mike Easter wrote: > BMW wrote: > > >> I'm not getting >>through the maze of these forums with a usable answer for me and my >>business. > > > Not forums. > > Typically newsgroups are called newsgroups, and web based forums are > called forums. While forums can be anything from newsgroups to old > fashioned bulletin boards to mailing lists -- in the context of spamcop, > there is a webforum community and an nntp newsgroup community. This is > the nntp newsgroup community, the webforum community is over there ==> > >>Please if you don't use the paid service, and you are not familiar >>with how it differs from the free service, Please don't muddy the >>waters with irrelevant responses. > > > Re Please > > I'm sure anyone will comment who feels like it. You are being the > muddying one. Spamcop reporting comes in free and paid. Spamcop mail > is always paid, never free, and the users of the spamcop mail system > have reporting facilitated for them. > > >>Things in my email world have to change. My current structure has >>things that work well and things that are seriously broken, with >>little prospect for a solution. > > > Then you should keep your ears open for suggestions. > > >>My structure - I have multiple domains at which I receive email, some >>of which are posted as contact info on my web sites (spam is a given >>in this situation). > > > There are a 'zillion' ways to publish easily mailable web addresses > without hanging naked mailto/s out there for the webbots to scrape up. > One site that has about half a zillion different demonstrated ways is > this one -- oops, the link isn't accessible right now for me to > finetune, so I'll get back to it later. > > >> I need the new business so I'm unwilling to >>remove the email addresses from my web pages. > > > You should fix them so that they aren't naked mailto/s. The link came > back up. I'll put it at the bottom^1 > > >> SC collects mail from >>these domain POPs and places them in my "Held Mailbox". > > > You haven't actually described how SC gets the mail from some other > mailbox, but you used the word pop, so I'm going to assume that you are > popping them to spamcop rather than forwarding them. When you forward, > there is an opportunity to exert some filtering influence by the > forwarding system. And, actually it isn't SC which writes the rules for > things going to your held mailbox, but you. That is, you tell SC how to > put things into your held mailbox. > > >>Also the >>mail that is sent directly to my spamcop.net account also goes into >>my Held Mail. > > > According to your own rules. > > >>If the mail "passes" through a filter it is moved to >>my Inbox. My domain POPs offer filtering so that the >>"TeamAaronShara's" are easily controlled. BUT SC doesn't. > > > If you were forwarding instead of popping to SC you might be able to use > some of your domain's server's filtering. Maybe. > > >>When I get >>these mail bombs it is very difficult and time consuming to sort >>through hundreds of messages in Held Mail looking for legit >>communications. > > > One of the advantages of using a whitelisting only system is that the > whitelisted mail is very 'clean'. One of the disadvantages of using a > whitelisted only system is that if you get unknown unwhitelisted but > wanted mail, it is going to be all mixed up with tons of spam. So as a > result you are going to be 'digging through' tons of spam to find your > uknown unwhitelisted. You would be better off with a better > discriminatory system than whitelisted only if you are in the business > of getting unknown wanted mail. > > The only people who can use whitelisted only easily are the people who > only get mail from their friends or mailing lists and not uknown wanted. > You aren't choosing a good strategy for your needs. > > >>The frustrating part is that SC doesn't offer any >>filter for the Held Mailbox, NO select by string, so mail sent >>directly to the spamcop address always ends up in the Held Mail NO >>MATTER What, and selection of the messages is all or individual >>clicks. > > > That's the part I have no comment on. > > >>I'm thinking I'm at least going to have to change my spamcop.net >>address. . . and not give it out to anyone (as inconvenient as that >> is). Forcing all communications through my domain POP, were I have a >>fighting chance to mitigate the effects of the un-controllable. >> >>At the point were I'm ready to surrender my spamcop.net address I need >>to evaluate whether or not I need to continue to pay SC for an >> account. There are lots of spam control competitors out there. > > > You are correct. > > >>I'm going to have to restructure, and I'm looking for ideas. . . Gotta >>get it right this time. > > > > ^1 http://spamlinks.net/prevent-spambots-hiding.htm > > Generalised Hiders and Descriptions > Javascript Email Encoders > HTML Character Entities > CSS Encoding > Passive Web-based Scripts > Web-based Contact Pages > Other Methods > Manual Address Munging > Thanks for the VERY relevant comments, they really are appreciated. I'd like to understand his difference between having SC "pop fetch" and setting up a "forwarding" system. I think I found a check-box that allows filters to be applied to ALL mailboxes. This could work. I would like to find a script (could be CGI or perl) that would open YOUR mail client with To & Subject filled in. The "TO" mail address could be buried in the script, and not available to bots. There will always be problems like D&B who will sell your address etc. Thanks again Mike for taking the time to understand my problem and suggest solutions. From nobody at spamcop.net Mon Dec 5 00:11:31 2005 From: nobody at spamcop.net (RW) Date: Mon Dec 5 01:15:14 2005 Subject: [SpamCop-List] Re: Seeking Advice In-Reply-To: References: Message-ID: BMW wrote: > I would like to find a script (could be CGI or perl) that would open > YOUR mail client with To & Subject filled in. The "TO" mail address > could be buried in the script, and not available to bots. There will > always be problems like D&B who will sell your address etc. Such scripts are available. In the meantime, since you are already living with your addresses exposed on your websites, you could change the links to a mailto:/subject link so the subject is already inserted when someone clicks on it. i.e. subject=example.com feedback. Then, you could write up a filter rule based on the subject lines you choose and have that delivered to your inbox, or even to a new 'my website mail' folder. I know this isn't the reason for your post, but it would lessen the amount of ham in your held mail making the sorting there easier. Richard From bar_n0ne at hotmail.com Mon Dec 5 10:24:39 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 5 01:25:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: "Borgholio" wrote in message news:dmtdt2$6f6$1@news.spamcop.net... > Full spam posted in .spam. Manually reporting spam should report > spamvertised sites, right? Well it's not, at least in this case. Most of > the time it locates the links but doesn't report them, nor does it give any > indication of why it's not reporting. What's up? This is the first time you've noticed this? This has been going on for ages, for a while it was mostly happening to links in Tietong space, now mainly it is links in Geocities and Lycos (tripod) space, but it can happen with any link. As jg points out in another post, refreshes can cause the links to get parsed. From nobody at nowhere.invalid Mon Dec 5 11:22:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:25:10 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Sun, 04 Dec 2005 13:41:52 -0500, BMW coughed into spamcop and left this in : > Yet another layer of frustration, SC has seven, count them, 7 forums. ??? I'm only aware of one. There is, however, more than one newsgroup. -- Steve QUARK: The sound made by a well-bred duck: From nobody at nowhere.invalid Mon Dec 5 11:23:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:25:20 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left this in : > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail > forum. (Lists only 4 of the 7 forums available). I've looked at the > .mail forum and I'm not having ANY problems with my Inbox filters. Please.... Newsgroups are not forums. -- Steve QUARK: The sound made by a well-bred duck: From nobody at nowhere.invalid Mon Dec 5 11:50:29 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 05:55:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop and left this in : >> There's no such thing as a "reasonably intelligent" life form in the >> whole organisation of his ISP: Wanadoo.fr. > > Stop ranting. This is clearly not the purpose of my report and you are out > of topic. > > There are MUCH MUCH more worse ISPs than Wanadoo in the world. And your point is? FWIW they get blocked, too. Just because wanadoo is the lesser of two evils doesn't mean that everything's peachy again. > Wanadoo is acting reasonnably well given its size, and acts quite fast > to spam reports, although it's not perfect. Doesn't look like it from here. Until I blocked them outright I was being spammed by the same spammer THROUGH WANADOO'S OFFICIAL SMTP CHANNEL (not trojanned windows machines) for months on end. From spamcop's POV, abuse@wanadoo.fr is wired to /dev/null and postmaster bounces. > I have still never received any spam from Wanadoo customers, 90% of the mail I used to see from wanadoo customers was spam. > Today, most Wanadoo customers use a external device (named "LiveBox") that > is acting as a NAT router, a basic firewall that blocks outgoing SMTP > connections, offers a VoIP decoder, a digital TV router over ATM > connections, and so on. The effective spams that remain from Wanadoo > customers is constantly going down. Also the spam/mail ratio is extremely > low. This is inaccurate. I happen to live in France and use a FreeBox myself. *New* wanadoodoo subscribers are being issued a LiveBox, but existing customers are still using their old SpeedTouch, HiFocus or Sagem F@st900 modem. Furthermore, the LiveBox is "usually" connected as a layer-2 bridge over a USB connection, meaning that it is acting as anything but a NAT/firewall even though it can. Your average cluetard using a Windows machine wouldn't know a network card if they saw one (last time I had any contact with that species it was because they connected the phone line to the NIC), but a USB plug is something they can neither stick in the wrong hole, nor in the right hole but the wrong way round. > Note that Wanadoo has been listed in the past for issues that it could not > resolve itself (for example regarding reported emails for which the sender > is no longer the customer, and for which Wanadoo and already dropped the > account; there are still reports persisting in reporting those sites despite > they are no longer in use since long by the spamming customer.) What does this have to do with the multiple *real* causes for listing? > Note that French law still limits the time under which email relying logs > can be kept by the ISP; If (whatever masquerades as) the wanadoo abuse desk acted *promptly* on abuse comnplaints then there wouldn't be any need for logs going back for months. And wanadoo wouldn't have the reputation it now has either. > this time has been recently extended by law, and these extended logs > are now required for justice investigation, and a French ISP is now > directly responsible for the illegal content it can help transfering, > but is allowed now to act preemptively, a recent law against which > several groups for the defense of freedom of expression and privacy > are protesting, because it requires the ISP monitoring email that is > no longer consider like private snail mail; It never was. Anyone thinking that e-mail offers any form of privacy whatsoever (short of encryption) needs their head looked at. Furthermore, there have been content filters on outbound mail chez wanadoo for years, literally. I was one of their unfortunate clients until 2 years ago and there were cases of mail of mine being rejected at the SMTP level by their content filters. I was therefore unable to send mail with certain keywords and when I enquired about it with the hotline, I was told to double-check my Outlook Express settings, despite the fact that I use Linux and despite the fact that it was obviously something fishy going on their end. > the French law is insprired and was in fact required by the European > EUDC Act, which is also a reponse to the US sollicitation to help > secure the net against abuses and criminal or terrorist actions. Maybe so. However, it neither explains nor cancels out the persistent, corporate lack of $clue within wanadoo/FT/orange/whatever_they_call_ themselves_today. -- Steve Give a man a fish and he will eat for a day. Teach him how to fish, and he will sit in a boat and drink beer all day. From MikeE at ster.invalid Mon Dec 5 05:59:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 5 09:00:04 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: BMW wrote: > Mike Easter wrote: >> You haven't actually described how SC gets the mail from some other >> mailbox, but you used the word pop, so I'm going to assume that you >> are popping them to spamcop rather than forwarding them. > I'd like to understand his difference between having SC "pop fetch" > and setting up a "forwarding" system. According to the mail faq, forwarding is the first choice over popping, if your mail account has the feature to forward. My provider does and my gmail does, and my gmail filters work on the mail before it is forwarded. Gmail has very good spamfilters, and now they are also filtering viruses. You configure your email provider to forward to the SC mail account. For my provider and gmail that is done by logging into the webmail account. That forwarding is done at the time of initial setup instead of configuring SC to access your mailprovider mailbox with your username and pw. I don't know how to 'unsetup' the popping. http://www.spamcop.net/ces/setup_step1.shtml SpamCop Email Setup Step 1 -- Getting mail into SpamCop -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Dec 5 11:35:28 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 11:45:03 2005 Subject: [SpamCop-List] Re: Seeking Advice References: Message-ID: "Mike Easter" wrote in message news:dn1h49$f22$1@news.spamcop.net... > I don't know how to 'unsetup' the popping. Stopping SpamCop from POPping on your behalf is pretty simple: on your "POP Configuration" page https://webmail.spamcop.net/horde/imp/spamcop/popconfig.php or http://webmail.spamcop.net/horde/imp/spamcop/popconfig.php , Click the "Delete this Entry" Checkbox for each appropriate Entry, then Click the "Modify" Button. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Mon Dec 5 11:40:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 11:45:07 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "Steven Maesslein" wrote in message news:slrndp858f.upd.nobody@127.0.0.1... > On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left > this in : > > > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail > > forum. (Lists only 4 of the 7 forums available). I've looked at the > > .mail forum and I'm not having ANY problems with my Inbox filters. > > Please.... Newsgroups are not forums. Prior to two years ago, these SpamCop Newsgroups were referred to as the Forums. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Mon Dec 5 11:48:33 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 12:15:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: "BMW" wrote in message news:dmvpl2$f59$1@news.spamcop.net... > Jeff G. wrote: > > "BMW" wrote in message > > news:dmv473$22k$1@news.spamcop.net... > >>Jeff G. wrote: > >>>I assume you are referring to the SCBL (the SpamCop Blocking List). > >>No, I am not referring to SCBL. > > Sorry about the confusion. I suggest that you use the Webmail Filters > > on your "Held Mail" mailbox/Folder (you have to press the little funnel > > icon each time you want to do this) to delete the TeamAaronShara > > messages and any others that you'd rather delete than Report. > Good idea thanks, I didn't know that existed. . . You're welcome. > can you use the selection feature to "Report"? You can use the selection checkboxes to the left of the messages to "Quick Report" using the "Report as Spam" button, or to forward as attachment to your Confidential Submit Address for normal/slow/full reporting. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From Kilgallen at SpamCop.net Mon Dec 5 11:32:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Dec 5 12:35:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , "Jeff G." writes: > Prior to two years ago, these SpamCop Newsgroups were referred to as the > Forums. Not by those with respect for established terminology. From nobody at spamcop.net Mon Dec 5 12:40:00 2005 From: nobody at spamcop.net (indigo) Date: Mon Dec 5 12:40:03 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: Redstone wrote: > "indigo" wrote in > news:dmq4vl$fl8$1@news.spamcop.net: > > > Just tried to report a spam, I should have been logged in without > > seeing the log in screen (I allow SC cookies), and I got that > > "password is incorrect" error message. And nuts, I seem to have lost > > my SC cookie! How the heck did that happen? > > > > > > > Did you check for any crumbs under your desk? >snicker< :-D Shaddup, you, you......californian you..... From geary at fnord.io.com Mon Dec 5 20:07:47 2005 From: geary at fnord.io.com (Mark Geary) Date: Mon Dec 5 15:10:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , Steven Maesslein wrote: < On Sun, 04 Dec 2005 14:03:25 -0500, BMW coughed into spamcop and left < this in : < < > FYI http://www.spamcop.net/help.shtml#forums has NO mention of the .mail < > forum. (Lists only 4 of the 7 forums available). I've looked at the < > .mail forum and I'm not having ANY problems with my Inbox filters. < < Please.... Newsgroups are not forums. It seems to me that the set of Newsgroups is a subset of the set of forums (or fora). Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From geary at fnord.io.com Mon Dec 5 20:23:02 2005 From: geary at fnord.io.com (Mark Geary) Date: Mon Dec 5 15:25:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , Larry Kilgallen wrote: < In article , "Jeff G." < writes: < < > Prior to two years ago, these SpamCop Newsgroups were referred to as the < > Forums. < < Not by those with respect for established terminology. Can you supply references for your assertion? Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From nobody at nowhere.invalid Mon Dec 5 21:41:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Dec 5 15:45:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: On Mon, 5 Dec 2005 11:40:02 -0500, Jeff G. coughed into spamcop and left this in : > Prior to two years ago, these SpamCop Newsgroups were referred to as the > Forums. And it would have been incorrect back then, too. Forums are run on a webserver. The "postings" are stored in a unique location (the server running the forum or the database back-end) and accessed via HTTP. These are newsgroups, which are accessed - and propagated - by NNTP. The postings are stored in as many locations as there are news servers carrying the newsgroup in question. Unless you're in the unfortunate situation where you can only access newsgroups via a web2news gateway (such as googlegropes) then you access the postings using an NNTP client, aka newsreader. Some of these SpamCop newsgroups are also hooked up to a mail2news gateway, which allows you to participate using an e-mail client. -- Steve Doctors can be frustrating. You wait six weeks for an appointment and he says, "I wish you'd come to me sooner." From Kilgallen at SpamCop.net Mon Dec 5 16:06:01 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Dec 5 17:10:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , geary@fnord.io.com (Mark Geary) writes: > In article , > Larry Kilgallen wrote: > < In article , "Jeff G." > < writes: > < > < > Prior to two years ago, these SpamCop Newsgroups were referred to as the > < > Forums. > < > < Not by those with respect for established terminology. > > Can you supply references for your assertion? It is impossible to prove a negative. From porpoise1954 at yahoo.co.uk Tue Dec 6 00:46:58 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 5 19:50:08 2005 Subject: [SpamCop-List] CIA Spoof Message-ID: Haven't seen one of these before. Is this what some others have been talking about recently? http://www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez From anthony.edwards at uk.easynet.net Tue Dec 6 01:08:36 2005 From: anthony.edwards at uk.easynet.net (Anthony Edwards) Date: Mon Dec 5 20:10:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Tue, 6 Dec 2005 00:46:58 -0000, Porpoise wrote: > Haven't seen one of these before. Is this what some others have been talking > about recently? > > http://www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez Highly likely to be an email generated by a machine infected by the recently discovered W32/Sober@MM!M681 email borne virus: http://vil.nai.com/vil/content/v_137072.htm If you yourself have opened the attachment that it contained, your own machine is now likely to be infected. The freely downloadable McAfee AVERT Stinger tool can identify and remove this virus: http://vil.nai.com/vil/stinger/ -- Anthony Edwards * anthony.edwards@uk.easynet.net Abuse Team Manager * Tel: 0800 053 0588 Easynet Ltd * DDI: 0161 227 0707 http://www.uk.easynet.net * Fax: 0845 333 4503 From MikeE at ster.invalid Mon Dec 5 17:19:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 5 20:20:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > Haven't seen one of these before. Is this what some others have been > talking about recently? > www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez Presumably the b64 encoded bqj522.zip attach contains a sober variant. If you want to characterize it accurately, you can isolate the b64 part and decode it into the zip and then unzip the executable into a folder and use your AV agent on the target. That way you can also test that your AV recognizes it, and if it isn't recognized you can submit it to a virus submission place. If you feel like fooling with it. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Dec 5 23:25:44 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 5 23:30:02 2005 Subject: [SpamCop-List] SpamCop Email System Not Responding Message-ID: pop, imap, webmail, and mail all seem to be affected. I have notified JT. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From g.hyde at bigpond.net.au Tue Dec 6 19:17:48 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Dec 6 04:20:03 2005 Subject: [SpamCop-List] How to find lost tracker URLs? Message-ID: I just reported a spoofed paypal spam, purporting to be from paypal until I started sniffing around the headers which revealed it was from anywhere but paypal.com - unfortunately I've lost the tracker URL for it. It was a pretty good spam email which might have fooled some people if I hadn't had my email client in plaintext mode. Permanently, thanks to scammers and spooofers. Unfortunately SpamCop didn't recognize it as a paypal spoof email. I've manually forwarded this onto the spoof [at] paypal [dot] com address. I don't know of any more useful addresses I can forward it onto but I'm sure someone out there has a list? This is the submission date of the spam: Tuesday, December 06, 2005 7:01:07 PM +1000: Cheers ... Geoffrey Hyde From nobody at devnull.spamcop.net Tue Dec 6 05:01:45 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 05:05:09 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" did this: > I just reported a spoofed paypal spam, purporting to be from paypal until I > started sniffing around the headers which revealed it was from anywhere but > paypal.com - unfortunately I've lost the tracker URL for it. It was a > pretty good spam email which might have fooled some people if I hadn't had > my email client in plaintext mode. Permanently, thanks to scammers and > spooofers. But he did not do this (as only he or an Admin might): 1). login and click on "Past Reports" tab. 2). click on link "View recent reports" 3). find the item and click on the report # (looks like this: 1570792830 where the URL is http://www.spamcop.net/mcgi?action=gettrack&reportid=1570792830) 4). Find link marked "Parse" which is anchored to the parse tracker as looks like: http://www.spamcop.net/sc?id=z834404702z3dc61c6ae47176feb4bd7f2761cd7b37z Pls post your parse tracker... I work evil spells on PayPal phishing sites for personal entertainment. I have a cluster of addies for reporting such things as does magical and wondrous unmentionable things to shams and scams. Tx, Glenn From porpoise1954 at yahoo.co.uk Tue Dec 6 10:32:17 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 05:35:12 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn2ouc$4pm$1@news.spamcop.net... > Porpoise wrote: >> Haven't seen one of these before. Is this what some others have been >> talking about recently? >> > www.spamcop.net/sc?id=z836979091z933009081f7fa370b760f7d6d637cc8ez > > Presumably the b64 encoded bqj522.zip attach contains a sober variant. > > If you want to characterize it accurately, you can isolate the b64 part > and decode it into the zip and then unzip the executable into a folder > and use your AV agent on the target. That way you can also test that > your AV recognizes it, and if it isn't recognized you can submit it to a > virus submission place. > > If you feel like fooling with it. > Got around to having a look this morning: Scanning Report 06 December 2005 10:25:59 - 10:26:35 Computer name: XXXXXXX Target: C:\TEMP\bqj522.zip Result: 1 viruses found C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx F-Secure site has this to say: http://www.f-secure.com/v-descs/agent.shtml From g.hyde at bigpond.net.au Tue Dec 6 20:37:45 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Tue Dec 6 05:40:03 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: http://www.spamcop.net/sc?id=z837127930z25cdeed42a189669e727ef44630570bdz Well, there you go - I knew someone around here knows a lot. :) Hope that helps. BTW the PayPal team is already working *their* magic on it ... ;) Cheers ... Geoffrey Hyde "Glenn Daniels" wrote in message news:dn3nhs$kpg$1@news.spamcop.net... > "Geoffrey Hyde" did this: >> I just reported a spoofed paypal spam, purporting to be from paypal until > I >> started sniffing around the headers which revealed it was from anywhere > but >> paypal.com - unfortunately I've lost the tracker URL for it. It was a >> pretty good spam email which might have fooled some people if I hadn't >> had >> my email client in plaintext mode. Permanently, thanks to scammers and >> spooofers. > > But he did not do this (as only he or an Admin might): > 1). login and click on "Past Reports" tab. > 2). click on link "View recent reports" > 3). find the item and click on the report # > (looks like this: 1570792830 where the URL is > http://www.spamcop.net/mcgi?action=gettrack&reportid=1570792830) > 4). Find link marked "Parse" which is anchored to the parse tracker > as looks like: > http://www.spamcop.net/sc?id=z834404702z3dc61c6ae47176feb4bd7f2761cd7b37z > > Pls post your parse tracker... I work evil spells on PayPal > phishing sites for personal entertainment. I have a cluster > of addies for reporting such things as does magical and > wondrous unmentionable things to shams and scams. > > Tx, > Glenn > > From nobody at devnull.spamcop.net Tue Dec 6 06:28:56 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 06:30:02 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" wrote in message news:dn3pln$lv3$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z837127930z25cdeed42a189669e727ef44630570bdz > > Well, there you go - I knew someone around here knows a lot. :) > > Hope that helps. BTW the PayPal team is already working *their* magic on it > ... ;) > > > Cheers ... > Yeppers, you betcha! Is already "404 compliant". They (tint) just do not want me to have any fun! Thanks for trying, Glenn From nobody at nowhere.invalid Tue Dec 6 13:09:38 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 07:10:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop and left this in : > There are MUCH MUCH more worse ISPs than Wanadoo in the world. Wanadoo is > acting reasonnably well given its size, Ptooooey.... They're accepting and then bouncing virus-laden mail to non-existent users now (duly reported to the SCBL in the hope that it'll get wanacloo's outbound SMTP servers sh*tlisted). Geez... How clueless can you get? -- Steve 'Palladium' is an answer to a question no one asked. You want safety, trusted code and no viruses? Get Linux. From BNRAGMAOKKXT at spammotel.com Tue Dec 6 12:59:45 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 08:00:08 2005 Subject: [SpamCop-List] Submiting Via Yahoo Mail Message-ID: Anyone having any problems with this? Since my IP, ntlworld, implemented aggressive spam filtering which has been blocking submissions to SpamCop I have been using Yahoo Mail for this. Over the last few days connection to Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it doesn't happen with ordinary mail and I suspect Yahoo may have implemented bad spam filters on outgoing mail. -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at nowhere.invalid Tue Dec 6 14:17:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 08:20:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus coughed into spamcop and left this in : > Over the last few days connection to Yahoo Mail via pop3 has dropped > whenever I try to submit spam via it, You got me lost there. How do you submit spam via POP3? -- Steve unix soit qui mal y pense From BNRAGMAOKKXT at spammotel.com Tue Dec 6 13:24:53 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 08:25:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Steven Maesslein on 06/12/2005 wrote: >On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus coughed into spamcop >and left this in : > >>Over the last few days connection to Yahoo Mail via pop3 has dropped >>whenever I try to submit spam via it, > >You got me lost there. How do you submit spam via POP3? By using my mail client configured to connect to Yahoo Mail using pop3 to send spam to SpamCop using my Yahoo account as compared to using the Yahoo Mail web form. Yahoo like many other web based mail facilities can be accessed from a mail client using the pop3 protocol, I'm surprised you don't know this considering you fight spam and would know a little about mail protocol. -- Rob http://www.flickr.com/photos/canopus_archives/ From MikeE at ster.invalid Tue Dec 6 06:00:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 09:05:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > Result: 1 viruses found > C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx > > F-Secure site has this to say: > http://www.f-secure.com/v-descs/agent.shtml -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 6 06:33:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 09:35:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Mike Easter wrote: > Porpoise wrote: >> Result: 1 viruses found >> C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx >> >> F-Secure site has this to say: >> http://www.f-secure.com/v-descs/agent.shtml What I meant to say before that got away, was that that description at fsecure is a very 'quaint' effect; in which the infected gets their Word files posted onto newsgroups. Then I went looking for a description at other AV places that use the term Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I didn't find enough to suit me there, and nothing using the term at symantec. So then I decided to look at the item myself, but that didn't work out very well either. The b64 turned into bqj522.zip ok -- but my unzipper wasn't happy with the structure of the zip, and said "End of central directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk/s of this archive." and it didn't extract qform.exe I used a hex viewer on bqj522.zip which looks like it should extract to the name you found, qform.exe. I also used my AV agent AVG on the folder of the zip and it did not detect anything. I'm accustomed to AVs not finding virms which are zipped up, but I'm surprised at the several differences between your results and mine. I'm wondering if you isolated the bqj522.zip in a different manner, say from the original mail itself, and somehow had something better to work with than what I got from the tracker's attachment. I was working with what I isolated from the original post's tracker's attachment, selecting the b64 in isolation, b64 decoding into the zip, and working with that zip. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Dec 6 14:46:37 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 09:50:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn47fq$tgh$1@news.spamcop.net... > Mike Easter wrote: > > I used a hex viewer on bqj522.zip which looks like it should extract to > the name you found, qform.exe. I also used my AV agent AVG on the > folder of the zip and it did not detect anything. I'm accustomed to AVs > not finding virms which are zipped up, but I'm surprised at the several > differences between your results and mine. I'm wondering if you > isolated the bqj522.zip in a different manner, say from the original > mail itself, and somehow had something better to work with than what I > got from the tracker's attachment. > > I was working with what I isolated from the original post's tracker's > attachment, selecting the b64 in isolation, b64 decoding into the zip, > and working with that zip. > Errr.... Yes. I isolated it from the email into a temporary folder and went to work on it from there. F-Secure also wouldn't scan it whilst still encapsulated within the email but the result I posted was from scanning the resulting temporarily saved .zip file. I haven't yet pulled it into Winhex to analyse it. The most important aspect for me though, was that it's not being picked up by virus-scanners whilst it's still embedded within the email structure. That makes it more dangerous to the unedified, who might be temped to open the .zip file - on the basis that their virus-scanner hadn't sed it was a virus. From MikeE at ster.invalid Tue Dec 6 07:01:40 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 10:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > The most important > aspect for me though, was that it's not being picked up by > virus-scanners whilst it's still embedded within the email structure. > That makes it more dangerous to the unedified, who might be temped to > open the .zip file - on the basis that their virus-scanner hadn't sed > it was a virus. Well, a b64 encoded zip of an executable is pretty wrapped up. The AV which can see inside the zip should see it when the mua decodes the b64 into the zip attachment; the AV which can't see inside the zip should see it when the unwitting target tries to unzip the executable. Last chance would be at the attempt to open the executable itself. Naturally all of that depends upon the target's running a AV with a .dat for the viral template. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Tue Dec 6 16:28:51 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 6 10:30:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: On Tue, 6 Dec 2005 13:24:53 +0000 (UTC), Canopus coughed into spamcop and left this in : > By using my mail client configured to connect to Yahoo Mail using pop3 to > send spam.......... Bzzzzzzzzzzzzt. POP3 is used for *receiving* mail, not sending it. -- Steve From geary at fnord.io.com Tue Dec 6 15:47:14 2005 From: geary at fnord.io.com (Mark Geary) Date: Tue Dec 6 10:50:02 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: In article , Steven Maesslein wrote: < On Mon, 5 Dec 2005 11:40:02 -0500, Jeff G. coughed into spamcop and left < this in : < < > Prior to two years ago, these SpamCop Newsgroups were referred to as the < > Forums. < < And it would have been incorrect back then, too. < < Forums are run on a webserver. The "postings" are stored in a unique < location (the server running the forum or the database back-end) and < accessed via HTTP. Yes, this is a newsgroup, but it is also a forum. Newsgroups are a subset of forums (or fora, if you prefer). Consider the entry in the _New Hacker's Dictionary_ (aka Jargon file): forum n. [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group accessible through a dial-in BBS, a mailing list, or a newsgroup (see the network). A forum functions much like a bulletin board; users submit postings for all to read and discussion ensues. Contrast real-time chat via talk mode or point-to-point personal email. Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From MikeE at ster.invalid Tue Dec 6 08:12:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 11:15:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mark Geary wrote: > Yes, this is a newsgroup, but it is also a forum. Newsgroups are a > subset of forums (or fora, if you prefer). Consider the entry in the > _New Hacker's Dictionary_ (aka Jargon file): > > forum n. > > [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group > accessible through a dial-in BBS, a mailing list, or a newsgroup > (see the network). A forum functions much like a bulletin board; > users submit postings for all to read and discussion > ensues. Contrast real-time chat via talk mode or point-to-point > personal email. Notice the ancient history in that definition. Back in the 80s I was very active in the Atari ST 'forums' [ie RoundTables] on GEnie, which was a commercial BBS with a different 'style' than CompuServe. At the time I was using a 2400 baud modem, the Atari ST had 1 meg of ram and no hdd, and my Flash telecom app used its capture buffer and some Basic types of macro commands so that I could automate zooming around to the various Atari groups. Amazingly the 1 meg of ram and The Atari-ites mostly hung around on GEnie, which had a 'good deal' on connectivity. General Electric had a network of modems nationwide, so you were able to get unlimited local access in the evenings. The commercial BBS was moderated -- an important Atari ST moderator was Darlah Hudson later Potechin. I suppose we could go back to the Roman forum to be all inclusive about what a forum is and isn't. These definitions evolve with time. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Tue Dec 6 10:20:36 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Tue Dec 6 11:25:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4201$q4r$1@news.spamcop.net... > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. > > -- > Rob > > http://www.flickr.com/photos/canopus_archives/ Is NTL blocking your outbound e-mails to SpamCop? Or is NTL blocking the inbound e-mails with SpamCop's response and URL link (for you to complete the submission)? If NTL has a spam filter on your inbound e-mails, do they let YOU opt in to it? Having a spam filter that doesn't let the user choose to enable or disable it is a disservice to users. It is up to YOU as to whether you want ANY mails tagged and handled as spam. Since NTL has the option to spam tag inbound mails, they probably also have a whitelist function. So add SpamCop's e-mail address or domain to your server-side whitelist. POP3 is used to *RECEIVE* mails, not send them. So while you may have POP3 access to *receive* mails from your Yahoo account, like the SpamCop response with the URL link to complete your submission at SpamCop's web form, perhaps you are still using NTL's SMTP server to *send* your mails to SpamCop. From MikeE at ster.invalid Tue Dec 6 08:24:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 11:25:07 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: > Amazingly the 1 meg of ram and Oops, that was supposed to be a separate sentence relating to the 1 meg of ram and the Motorola 68000 16/32 bit architecture [thereby ST] running at 8 MHz with an efficient little OS loaded from a ROM chip. My preferred monitor was B&W which came in a 'hirez' 640x400 which looked much better than the ugly color 320x200. Amazing that such a tiny OS on a rom chip could do so much -- the interface was entirely graphical. > The Atari-ites mostly hung around on GEnie, -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Dec 6 16:30:04 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 11:35:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn4943$uev$1@news.spamcop.net... > Naturally all of that depends upon the target's running a AV with a .dat > for the viral template. And a fair proportion of those not even understanding what you just sed there, doesn't bode well for them knowing what to do about it. From jeffg at spamcop.net Tue Dec 6 11:39:01 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 12:10:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4201$q4r$1@news.spamcop.net... > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. What exact error message are you getting? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Tue Dec 6 11:43:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 12:10:08 2005 Subject: [SpamCop-List] Re: How to find lost tracker URLs? References: Message-ID: "Geoffrey Hyde" wrote in message news:dn3kvo$jif$1@news.spamcop.net... > paypal spoof email. ... I > don't know of any more useful addresses I can forward it onto but I'm sure > someone out there has a list? My current list is: spoof[at]paypal.com, reportphishing[at]antiphishing.org, spoof[at]millersmiles.co.uk, nophishing[at]cbbb.bbb.org, submit[at]phishcop.net -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From geary at eris.io.com Tue Dec 6 17:22:00 2005 From: geary at eris.io.com (Mark Geary) Date: Tue Dec 6 12:25:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: In article , Mike Easter wrote: < Mark Geary wrote: < > Yes, this is a newsgroup, but it is also a forum. Newsgroups are a < > subset of forums (or fora, if you prefer). Consider the entry in the < > _New Hacker's Dictionary_ (aka Jargon file): < > < > forum n. < > < > [Usenet, GEnie, CI$; pl. `fora' or `forums'] Any discussion group < > accessible through a dial-in BBS, a mailing list, or a newsgroup < > (see the network). A forum functions much like a bulletin board; < > users submit postings for all to read and discussion < > ensues. Contrast real-time chat via talk mode or point-to-point < > personal email. < < Notice the ancient history in that definition. Back in the 80s I was < very active in the Atari ST 'forums' [ie RoundTables] on GEnie, which < was a commercial BBS with a different 'style' than CompuServe. < < [example of ancient history delete] < < I suppose we could go back to the Roman forum to be all inclusive about < what a forum is and isn't. These definitions evolve with time. So, what term do we use today when we want to refer to all web-based forums, newsgroups, and other on-line discussions? Mark Geary -- "It's going to be a tough one Sam...Ziggy hasn't got a clue and the guy in the waiting room keeps asking me if I want a jelly baby." From nobody at devnull.spamcop.net Tue Dec 6 12:26:56 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Tue Dec 6 12:30:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message > Mike Easter wrote: > > Porpoise wrote: > >> Result: 1 viruses found > >> C:\TEMP\bqj522.zip\qform.exe Infection: Trojan-Proxy.Win32.Agent.hx > >> > >> F-Secure site has this to say: > >> http://www.f-secure.com/v-descs/agent.shtml > > What I meant to say before that got away, was that that description at > fsecure is a very 'quaint' effect; in which the infected gets their > Word files posted onto newsgroups. Then I went looking for a > description at other AV places that use the term > Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I didn't > find enough to suit me there, and nothing using the term at symantec. > Look here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html > So then I decided to look at the item myself, but that didn't work out > very well either. The b64 turned into bqj522.zip ok -- but my unzipper > wasn't happy with the structure of the zip, and said "End of central > directory signature not found. Either this file is not a zipfile, or it > constitutes one disk of a multi-part archive. In the latter case the > central directory and zipfile comment will be found on the last disk/s > of this archive." and it didn't extract qform.exe > > I used a hex viewer on bqj522.zip which looks like it should extract to > the name you found, qform.exe. I also used my AV agent AVG on the > folder of the zip and it did not detect anything. I'm accustomed to AVs > not finding virms which are zipped up, but I'm surprised at the several > differences between your results and mine. I'm wondering if you > isolated the bqj522.zip in a different manner, say from the original > mail itself, and somehow had something better to work with than what I > got from the tracker's attachment. > > I was working with what I isolated from the original post's tracker's > attachment, selecting the b64 in isolation, b64 decoding into the zip, > and working with that zip. > Mebbe you b0rked it. ;-) I fetched the email from the tracker, (after turning off my AV as that denied access to the page). The recreated .eml scanned positive for "Agent-FE", and I encountered no problemo saving the .zip to disk and extracting the qform.exe for addition to my bug collection. Scanning qform.exe with Norton's brings in their name for it as "Trojan.danmec" as I used to acquire the URL above. Want McAfee or Trend descriptors? Laters, G From bar_n0ne at hotmail.com Tue Dec 6 21:36:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 6 12:40:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: "Mike Easter" wrote in message news:dn4dul$1al$1@news.spamcop.net... > Mike Easter wrote: > > Amazingly the 1 meg of ram and > > Oops, that was supposed to be a separate sentence relating to the 1 meg > of ram and the Motorola 68000 16/32 bit architecture [thereby ST] > running at 8 MHz with an efficient little OS loaded from a ROM chip. My > preferred monitor was B&W which came in a 'hirez' 640x400 which looked > much better than the ugly color 320x200. Amazing that such a tiny OS on > a rom chip could do so much -- the interface was entirely graphical. > > > The Atari-ites mostly hung around on GEnie, Mike, So, You were one of the guys that dissed the Amiga in Forums.? :-)) NO No, where's the extinguisher mom? From MikeE at ster.invalid Tue Dec 6 10:07:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 13:10:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Berny wrote: > "Mike Easter" >> Oops, that was supposed to be a separate sentence relating to the 1 >> meg of ram and the Motorola 68000 16/32 bit architecture [thereby ST] >> running at 8 MHz with an efficient little OS loaded from a ROM chip. >> My preferred monitor was B&W which came in a 'hirez' 640x400 which >> looked much better than the ugly color 320x200. Amazing that such a >> tiny OS on a rom chip could do so much -- the interface was entirely >> graphical. >> >>> The Atari-ites mostly hung around on GEnie, > > > Mike, > > So, You were one of the guys that dissed the Amiga in Forums.? :-)) Yes. The OS wars were very intense in those days. My OS is better than your OS. The Atari-ites believed that their OS was better than the Amiga's, the Apple's, definitely the IBM & DOS related rigs. Even tho' the Amiga developed some rather advanced features compared to the others. Some of us tinkered with emulating Macs with a gizmo called the Magic Sac. It had a set of Mac roms in a cartridge and you could boot up in Mac mode -- but the Mac system was so much less efficient than the Atari TOS that it wasn't really an enjoyable experience to me. The Amiga surpassed the ST and its offspring kinfolks in sales worldwide, altho' I think the Atari outsold Amiga in the US. And, the Amiga is still 'alive' today, whereas Atari is only a game name. > NO No, where's the extinguisher mom? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 6 10:07:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 13:10:10 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: > The Atari-ites mostly hung around on GEnie, I never had anything to do with the Atari 8 bit game machines at all, and never played games on the ST, but I just ran into this little tidbit of ancient Warner Comm [yes, the Warner later to be TW & AOL/TW] history which I didn't know about. The 70s were the Atari 8bit era. // Bushnell sold Atari to Warner Communications in 1976 for an estimated $28-$32 million, using part of the money to buy the Folgers Mansion. [...] At its peak, Atari accounted for a third of Warner's annual income and became the fastest-growing company in the history of the United States (at the time).// Wikipedia. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Tue Dec 6 13:55:00 2005 From: mwnospam at comcast.net (spamacyde) Date: Tue Dec 6 13:55:02 2005 Subject: [SpamCop-List] Soft on Sale Message-ID: Been receiving a lot of spam from Soft on Sale(TM in superscript, (yeh, right)). It's safe to assume that they are selling pirated software. Who should I forward t hese messages to besides Spamcop. Thanks From MikeE at ster.invalid Tue Dec 6 10:57:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 14:00:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Glenn Daniels wrote: > "Mike Easter" >> Then I went looking for a >> description at other AV places that use the term >> Trojan-Proxy.Win32.Agent.hx such as sophos and kaspersky, but I >> didn't find enough to suit me there, and nothing using the term at >> symantec. >> > > Look here: > http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html Well, I saw that, but I didn't want to get into why I said 'nothing' at symantec. But the term nothing wasn't accurate. Symantec has the danmec discussion and has the Agent.hx attached to that discussion. But I wasn't satisfied about that. Notice how much difference there is in that discussion and the fsecure discussion and how that is different from what is 'supposed to be' in the cia & fbi virms. But clearly this is a danmec type, not a sober. >> So then I decided to look at the item myself, but that didn't work >> out very well either. The b64 turned into bqj522.zip ok -- but my >> unzipper wasn't happy with the structure of the zip, and said "End >> of central directory signature not found. Either this file is not a >> zipfile, or it constitutes one disk of a multi-part archive. In the >> latter case the central directory and zipfile comment will be found >> on the last disk/s of this archive." and it didn't extract qform.exe >> >> I used a hex viewer on bqj522.zip which looks like it should extract >> to the name you found, qform.exe. I also used my AV agent AVG on the >> folder of the zip and it did not detect anything. I'm accustomed to >> AVs not finding virms which are zipped up, but I'm surprised at the >> several differences between your results and mine. I'm wondering if >> you isolated the bqj522.zip in a different manner, say from the >> original mail itself, and somehow had something better to work with >> than what I got from the tracker's attachment. >> >> I was working with what I isolated from the original post's tracker's >> attachment, selecting the b64 in isolation, b64 decoding into the >> zip, and working with that zip. >> > > Mebbe you b0rked it. ;-) Maybe/apparently so -- I have a different set of results from the above now, but..... > I fetched the email from the tracker, (after turning off my AV > as that denied access to the page). The recreated .eml scanned > positive for "Agent-FE", and I encountered no problemo > saving the .zip to disk and extracting the qform.exe for > addition to my bug collection. > > Scanning qform.exe with Norton's brings in their name for it > as "Trojan.danmec" as I used to acquire the URL above. My latest efforts were to start all over again on the attachment isolation from the tracker. This time I cut off the last part of the last line of the b64 at the '=' sign -- because I didn't like the way it was making the b64 line too long. As per above, the b64 becomes bqj522.zip -- but now I can unzip the bqj522.zip without any unzipper complaint into qform.exe However, my AVG free with the latest updates fresh as of today does not see a virus in the .zip or the .exe > Want McAfee or Trend descriptors? Well, I see the general direction that the crossreference places for different names of viruses are going -- definitely not sober. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Tue Dec 6 14:33:02 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 14:35:03 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "spamacyde" wrote in message news:dn4mq1$6vr$1@news.spamcop.net... > spam ... selling pirated software. Who should I forward t hese messages to besides Spamcop. I usually forward them to software[at]bsa.org, danglin[at]siia.net, piracy[at]microsoft.com, piracy[at]adobe.com. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Tue Dec 6 20:35:24 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 6 14:40:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Steven Maesslein" a écrit dans le message de news: slrndp86rl.upd.nobody@127.0.0.1... > On Mon, 5 Dec 2005 01:18:26 +0100, Philippe Verdy coughed into spamcop > and left this in : > >>> There's no such thing as a "reasonably intelligent" life form in the >>> whole organisation of his ISP: Wanadoo.fr. >> >> Stop ranting. This is clearly not the purpose of my report and you are >> out >> of topic. >> >> There are MUCH MUCH more worse ISPs than Wanadoo in the world. > > And your point is? FWIW they get blocked, too. Just because wanadoo is > the lesser of two evils doesn't mean that everything's peachy again. > >> Wanadoo is acting reasonnably well given its size, and acts quite fast >> to spam reports, although it's not perfect. > > Doesn't look like it from here. Until I blocked them outright I was > being spammed by the same spammer THROUGH WANADOO'S OFFICIAL SMTP > CHANNEL (not trojanned windows machines) for months on end. From > spamcop's POV, abuse@wanadoo.fr is wired to /dev/null and postmaster > bounces. > >> I have still never received any spam from Wanadoo customers, > > 90% of the mail I used to see from wanadoo customers was spam. > >> Today, most Wanadoo customers use a external device (named "LiveBox") >> that >> is acting as a NAT router, a basic firewall that blocks outgoing SMTP >> connections, offers a VoIP decoder, a digital TV router over ATM >> connections, and so on. The effective spams that remain from Wanadoo >> customers is constantly going down. Also the spam/mail ratio is extremely >> low. > > This is inaccurate. I happen to live in France and use a FreeBox myself. And Free hasa much longer history of inaction against spam. Look at the various logs on the Internet and you'll see that Wanadoo is VERY FAR WAY at the bottom of the spam sources, after hundreds of ISPs of various sizes. On the opposite, Iliad/Online.net/Free.fr are listed in the top 30 spam sources, and often within the weekly top 10 ones. Free.fr isnot expensive foronegood reason: insufficient humane resources working to monitor their network activity, little proactive actions to enforce usage policies, nothing invested in research to help improve the efficiency of this activity. Free is better known as a commercial only company very interested only in advertizing, putting lots of pressure on its workers, and with many of its most competent workers leaving this company which has very antisocial behavior. Don't be surprised if Free.fr is wellknown for its very poor customer support, for its expensive and lengthy support phone number. Free.fr is really a unmanned company that makes huges profits for the benefit of a few share holders. Free.fr used to be agood service provider. Now that they have enough clients, they really neglect them, have a long history of legal actions against them (probably the longest one in France, with so many unsolved problems, and abusive contracts with customers that can't even get any connection with them for months, despite they are paying for it, and when they want to leave it, they have to support very expensive fees, and must even continue to pay a full year after their contract is canceled; Free.fr isalso using expensive bill recovery services against these unsatisfied clients,despite Free.fr has failed to provide any service for these customers). I won't trust Free.fr at any time now. Lookat the statistics on spamcop.net: Free.fr is almost constantly listed in the top worldwide sources, and the volume of spams coming from it is constantly increasing: Free has not invested any euro to support the growth of their existing customer base. For most cases, either you are lucky when your connection works, else you'll have a lot of difficulties to make it work or just to leave this non-working service. Free.fr is constantly using illegal arguments trying to convince their clients that they are not responsible for the defects of a service they are fully selling themselves. (WhenFree.fr invokes repsonsability of FranceTelecom, most often it is completely false, and anyway, even if thiswas the case, under French law, they are responsible for their customer, andcustomers don't need to know the details that links Free to FranceTelecom for providing the connection to the local loop. Free clearly ignores all check procedures that are needed when they accept a newsubscription. all they want is a subscription, and they absolutely don't care about the quality of their service, and constantly report their own reponsability to the customers (illegal: Free has been condamned many times with the help of consumer associations. Look at the UFC/Que Choisir web site for the long bad history of Free whose abusive contractual claused are cancelled by justice, but still applied. Free equals AOL under this perspective, with false advertizing). From BNRAGMAOKKXT at spammotel.com Tue Dec 6 20:58:28 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 16:00:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Vanguard on 06/12/2005 wrote: >Is NTL blocking your outbound e-mails to SpamCop? Or is NTL blocking the >inbound e-mails with SpamCop's response and URL link (for you to complete >the submission)? > It's blocking outbound to SpamCop, no submissions are received by SpamCop. >If NTL has a spam filter on your inbound e-mails, do they let YOU opt in >to it? Having a spam filter that doesn't let the user choose to enable or >disable it is a disservice to users. It is up to YOU as to whether you >want ANY mails tagged and handled as spam. > I can turn it on or off, no other options. >Since NTL has the option to spam tag inbound mails, they probably also >have a whitelist function. So add SpamCop's e-mail address or domain to >your server-side whitelist. > No Whitelist functions available, that's the first thing I explored when it started happening. >POP3 is used to RECEIVE mails, not send them. So while you may have POP3 >access to receive mails from your Yahoo account, like the SpamCop response >with the URL link to complete your submission at SpamCop's web form, >perhaps you are still using NTL's SMTP server to send your mails to >SpamCop. OK, I got it the wrong way around and it should have been SMTP. However, Yahoo mail *is* going through Yahoo servers not NTL servers, mail client is set up correctly for this. It's tending to be more sparodic at present, could be just a major hiccup with Yahoo, hence why I asked original question of whether anyone else is having this problem. -- Rob http://www.flickr.com/photos/canopus_archives/ From masfjorden at spamcop.net Tue Dec 6 21:59:00 2005 From: masfjorden at spamcop.net (helge) Date: Tue Dec 6 16:00:09 2005 Subject: [SpamCop-List] nomaster interested in email source? Message-ID: http://www.spamcop.net/sc?id=z837387162z9bb19892815665441294cdc0ad2e063dz "Re: 196.1.176.53 (Third party interested in email source) nomaster@devnull.spamcop.net spamcop@imaphost.com " helge From BNRAGMAOKKXT at spammotel.com Tue Dec 6 21:00:03 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 6 16:05:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Jeff G. on 06/12/2005 wrote: >What exact error message are you getting? Can't remember exact wording, but, to the effect that Yahoo purposely closed the connection -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at spamcop.net Tue Dec 6 16:08:58 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 6 16:10:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: Mike Easter wrote: Some of us tinkered with emulating Macs with a gizmo > called the Magic Sac. I think I got a spam about one of those the other day.....different purpose though... From not at home.today Tue Dec 6 21:17:20 2005 From: not at home.today (Ant) Date: Tue Dec 6 16:20:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote: > Glenn Daniels wrote: >> http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html > > [...] But clearly this is a danmec type, not a sober. I can confirm that. Sophos detected it as Troj/Danmec-F http://www.sophos.com/virusinfo/analyses/trojdanmecf.html I received another exactly the same, with the FBI text, today. > However, my AVG free with the latest updates fresh as of today does not > see a virus in the .zip or the .exe The Sophos update was released yesterday. BTW, the exe is packed with UPX 1.92. I unpacked it, but couldn't find any interesting strings inside. From cpollock at earthlink.net Tue Dec 6 19:06:49 2005 From: cpollock at earthlink.net (Chris) Date: Tue Dec 6 20:10:03 2005 Subject: [SpamCop-List] Blacklisting, what does it take? Message-ID: I've been reporting this ip 66.162.83.183, for about 3 or 4 days now. I've sent in probably about 50 or so reports. This ip has been sending out the sober.* worm for over a week now. It belongs to the mccombs.com netblock which is in turn part of twtelecom.net. It was previously being sent out with the *.190 ip however, after multi reports to abuse@twtelecom.net I received a reply stating this from someone at mccombshq.com: Please note that the propagation of this address is spoofed. The address you are questioning is a global IP for a firewall and is not sending or passing the virus. from one of the contacts listed for this ip. When I argued that something must be wrong then because the virus is comeing from his ip, he replied with: I can assure you that it is indeed a mistake. These need to be removed at once or this will get very ugly! I received a message from someone at IP Security for twtelecom.net saying this was due to the sober.* worm, gee, no kidding. Below are headers from one of the messages, does anyone disagree with me that these are indeed coming from 66.162.83.183? Status: U Return-Path: Received: from pop.earthlink.net [209.86.93.201] ????????by localhost with POP3 (fetchmail-6.2.5) ????????for cpollock@localhost (single-drop); Tue, 06 Dec 2005 18:16:32 -0600 (CST) Received: from ijthkqvgn.com ([66.162.83.183]) ????????by mx-nebolish.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1eJMXh6uj3Nl3490 ????????Tue, 6 Dec 2005 19:14:37 -0500 (EST) From: postmaster@mccombshq.com To: zfreemailer7495@earthlink.net Date: Tue, 06 Dec 2005 23:49:57 UTC Subject: Your Password Importance: Normal X-Priority: 3 (Normal) Message-ID: <8c261691ee.69bf51bf@lxmcb.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="72e6fe5772e048db7d1ea" Content-Transfer-Encoding: 7bit X-SenderIP: 66.162.83.183 X-ASN: ASN-4323 X-CIDR: 66.162.80.0/20 So, guess my actual question here is just what does it take for an ip to get blacklisted by spamcop? One other side note, since the 24th of Nov I've reported this ip netblock, whether it was 66.162.83.190 or 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really been done about it. -- Chris RLU 283774 Mandriva 10.1 Official 18:51:56 up 3 days, 1:54, 1 user, load average: 1.07, 0.67, 0.41 From MikeE at ster.invalid Tue Dec 6 17:16:22 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 20:20:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Posted to spamcop & .spam, f/ups to spamcop Robert Williams wrote: > I JUST received an e-mail, and SpamCop listed it as too old. After > looking at the header I can see why. Below is a copy of the e-mail. > From what it looks like, the sending mail server held onto the spam > until it was too late for anyone to report it. Those headers, apparently including your mailhost, are a mess. Your mailhost seems to me to be a problem -- or perhaps your mailhost configuration is not correct. www.spamcop.net/sc?id=z837423240z31f18c639a0d6e1f671ab56cd75c7392z "Hostname verified: mail.cleartel.net" When you post a tracker like you did, you don't need to post the spam, and actually you shouldn't, because the spam is available at the tracker. The ng .spam is only for posting spam, not for discussing it. The ng/s spamcop or help are for discussions, but no spam is allowed in them. Sooo, it is better to post just the tracker, no spam, and to post the tracker into the discussion group, not .spam, so that it can be discussed where you posted the tracker. F/ups accordingly. Abbreviated Received lines *comment from mail.cleartel.net ([206.72.209.41]) by server1.DANJONENGINEERING.LOCAL from [206.72.209.49] (helo=mail.4-serv.com) by mail.cleartel.net with esmtp *timestamp 17d, servesyou, bogushelo from 4technology.net ([90.66.225.30]) by mwcp.4technology.net *bogusline SC seems to think that cleartel is your mailhost, but cleartel is a crazy bogus helo stamping server, so that 'upsets' me. In this spam's case, the reason SC sez the spam is too old is that SC sez that your mailhost is cleartel. Cleartel is who was holding that spam for 17 days. Cleartel is also who is using a totally bogus helo 'mail.4-serv.com' -- which I have no explanation for, except that it is very problematic. If that spam were in my mailbox, I would be calling cleartel [=albany.net] the source, as this tracker demonstrates. http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz Report Spam to: Re: 206.72.209.49 (Administrator of network where email originates) To: postmaster@albany.net (Notes) But, if you could approve the report [which you had no option to do, because of the age problem with a mailhosted account] -- you would be reporting your own provider [according to SC's mailhost configuration handling] -- so I guess it is 'lucky' that your own provider decided to stick the mail for 17 days. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 01:18:22 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 6 20:20:08 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn4muc$737$1@news.spamcop.net... > Glenn Daniels wrote: > > My latest efforts were to start all over again on the attachment > isolation from the tracker. > > This time I cut off the last part of the last line of the b64 at the '=' > sign -- because I didn't like the way it was making the b64 line too > long. > > As per above, the b64 becomes bqj522.zip -- but now I can unzip the > bqj522.zip without any unzipper complaint into qform.exe > > However, my AVG free with the latest updates fresh as of today does not > see a virus in the .zip or the .exe That doesn't bode very well for AVG......... > >> Want McAfee or Trend descriptors? > > Well, I see the general direction that the crossreference places for > different names of viruses are going -- definitely not sober. > I haven't yet had time to Winhex it yet either.... From MikeE at ster.invalid Tue Dec 6 18:01:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 6 21:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Porpoise wrote: > "Mike Easter" >> However, my AVG free with the latest updates fresh as of today does >> not see a virus in the .zip or the .exe Finally AVG sees it. Trojan horse Proxy ASZ > That doesn't bode very well for AVG....... Now I 'manually' updated AVG from the program accessing from the grisoft server and now it sees the virus in both the zip and the exe. The previous updating which was performed earlier today was an automatic one, also from the grisoft server I was beginning to think I should go get Avast and take it for a spin, but after reading some comparisons between the two, I think I'll stick with AVG. There are some things I don't exactly like about configuration choices, but I can live with them. > I haven't yet had time to Winhex it yet either.... -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Dec 7 12:02:37 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 6 22:05:03 2005 Subject: [SpamCop-List] Re: Soft on Sale In-Reply-To: References: Message-ID: Jeff G. wrote: > "spamacyde" wrote in message > news:dn4mq1$6vr$1@news.spamcop.net... >> spam ... selling pirated software. Who should I forward t hese > messages to besides Spamcop. > > > I usually forward them to software[at]bsa.org, danglin[at]siia.net, > piracy[at]microsoft.com, piracy[at]adobe.com ...and, depending who else's pirated software is mentioned: piracy[at]symantec.com piracy[at]alias.com piracy[at]apple.com piracy[at]autodesk.com piracy[at]borland.com nopiracy[at]corel.com tip[at]macromedia.com The Microsoft piracy address recently bounces anything that looks like spam. The SIIA address I know is piracy[at]siia.net From vanguard.code at comcastNIX.net Tue Dec 6 22:42:49 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Tue Dec 6 23:45:04 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Canopus" wrote in message news:dn4u4j$bqh$1@news.spamcop.net... > Jeff G. on 06/12/2005 wrote: > >>What exact error message are you getting? > > Can't remember exact wording, but, to the effect that Yahoo purposely > closed the connection > > -- > Rob > > http://www.flickr.com/photos/canopus_archives/ Maybe looking at SpamCop shows Yahoo is getting blacklisted, so Yahoo retaliates by blacklisting SpamCop. Hey, it's possible (i.e. blacklisting the blacklisters). Yahoo doesn't want to bother getting any more complaints from SpamCop for their lack of spam control (including outbound spewage from trojaned users) so they think that throttling their own users might be a way to reduce the complaint mails they get from SpamCop. Of course, maybe you didn't go through the process of adding your mailhosts to your SpamCop account so your own mail servers wouldn't get included in your spam reports (i.e., you ended up adding your mail servers to the spam report rather than for the spammer). I've seen mentioned of where users shot themself in their foot by actually reporting themself as the spammer. Have you gone through SpamCop's procedure to add your mailhosts to your account at SpamCop? From jeffg at spamcop.net Tue Dec 6 23:44:15 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 6 23:45:11 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "Patto" wrote in message news:dn5jce$oil$1@news.spamcop.net... > Jeff G. wrote: > > danglin[at]siia.net > The SIIA address I know is piracy[at]siia.net I had some sort of problem with that address some time ago, but I can't find the details at present. I'll try using that address again. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Wed Dec 7 00:02:13 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 7 00:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn5fpk$ml2$1@news.spamcop.net... > Porpoise wrote: > > "Mike Easter" > >> However, my AVG free with the latest updates fresh as of today does > >> not see a virus in the .zip or the .exe > Finally AVG sees it. Trojan horse Proxy ASZ > > That doesn't bode very well for AVG....... > Now I 'manually' updated AVG from the program accessing from the grisoft > server and now it sees the virus in both the zip and the exe. The > previous updating which was performed earlier today was an automatic > one, also from the grisoft server Does Grisoft have a set time of day (with timezone) after which it's best to get an update? -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From MikeE at ster.invalid Tue Dec 6 21:18:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 00:20:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Jeff G. wrote: > "Mike Easter" >> Finally AVG sees it. Trojan horse Proxy ASZ >> Now I 'manually' updated AVG from the program accessing from the >> grisoft server and now it sees the virus in both the zip and the >> exe. The previous updating which was performed earlier today was an >> automatic one, also from the grisoft server > Does Grisoft have a set time of day (with timezone) after which it's > best to get an update? Probably, but I don't know the answer. I've always just let the auto-updates do the work. When I was reading a comparison between AVG and Avast, apparently some people had complaints about the free AVG being 'slow' [I considered that to be a complaint of slow in processing, not slow as in 'behind' in viral templates] compared to the pay AVG .dat serving. The website also seems to imply that there is more likely to be a slowness problem with the free .dat servers vs the paid ones on the comparison page. I guess the concept is that there are so many free AVG users and therefore so much .dat serving that the servers get behind, since the .dat updates are very frequent, often daily. This is the first time I've had the experience of 'fetching' a .dat file more or less manually and then that newer .dat, which presumably I would've gotten by the auto-update process tomorrow, being more uptodate than the .dat file I got earlier today, this morning. I haven't experienced 'slowness' in terms of the AVG server being pokey -- in terms of the 'process' of hooking up or downloading the update files -- it seems reasonable to me. Very seldom do the updates require rebooting, altho' the one from this morning did. All of that autoupdate requiring reboot for implementation had all been accomplished before I messed with the virus we're talking about here. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Wed Dec 7 09:23:00 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:25:03 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn5cj9$kle$1@news.spamcop.net... SNIP > So, guess my actual question here is just what does it take for an ip to > get blacklisted by spamcop? One other side note, since the 24th of Nov > I've reported this ip netblock, whether it was 66.162.83.190 or > 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really > been done about it. Virus emitters, are usually only sending to email addresses that can be dredged up from the infected machines hard drives. Depending on the nature of business use of the machine in question that is typically a small number of addresses, or at least a small number of addresses outside the local net. Odds of hitting more than one, or even one SC reporter thus can be very small indeed. For a listing, at leaset 2 independent spam reporters need to report the address, and then the total number of reports is still normalized relative to the "typical email output" as determined by Ironport. So, unless a viral propagator has access to a millions CD, odds are it's not going to get listed. If you're the only reporter receiving from that machine it definitely will never get listed. From bar_n0ne at hotmail.com Wed Dec 7 09:29:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:30:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: "Vanguard" wrote in message news:dn5p89$rpk$1@news.spamcop.net... > "Canopus" wrote in message > news:dn4u4j$bqh$1@news.spamcop.net... > > Jeff G. on 06/12/2005 wrote: BLAH BLAH I don't know about SMTP mail from Yahoo, I lost that ability years ago sometime after Yahoo bought GeoCities, however, Yahoo is forwarding my spam to SC just fine using its web interface, with the occasional aggravation of having to respond to a CAPTCHA prompt. From bar_n0ne at hotmail.com Wed Dec 7 09:52:10 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 00:55:03 2005 Subject: [SpamCop-List] Re: newsgroup vs. forum References: Message-ID: "Mike Easter" wrote in message news:dn4k00$52v$1@news.spamcop.net... > Berny wrote: > > "Mike Easter" > Yes. The OS wars were very intense in those days. My OS is better than > your OS. The Atari-ites believed that their OS was better than the > Amiga's, the Apple's, definitely the IBM & DOS related rigs. Even tho' > the Amiga developed some rather advanced features compared to the > others. Some of us tinkered with emulating Macs with a gizmo called the > Magic Sac. It had a set of Mac roms in a cartridge and you could boot > up in Mac mode -- but the Mac system was so much less efficient than the > Atari TOS that it wasn't really an enjoyable experience to me. Hmm,, I had a software emulator for the mac (Shareware) on my amiga, and while the graphics were about the same, it was as fast as or faster than the mac on the same hardware. And it was sure nice to have a real multitasking machine, something none of the others provided until Win95 (sort of) and Mac OS8 (sort of). I had been spoiled working on VM370 (IBM) using TSO, and CMS, and I just couldn't concieve of using a computer that could only run one application and that had never heard of intertask communication, and that didn't have a common macro language (REXX) that could address most well written applications as well as the OS. Well since leaving the Amiga behind, I still don't have most of that. The OS supplied text editors for Win and UNIX/Linux frankly suck compared to IBM XEDIT, none of the macro languages or Command line shells can talk to each other let alone an application. The closest thing now is Virtual Basic, but it only talks to primarily M$oft applications, and not all of them. No modern computers allow dedicated hardware access by user/task without expensive add ons, so we now have LANS where when you put a tape or a CD in a drive it belongs to everybody unless it's on your own CPU. Sigh,,, If you want to talk a real operating system the closest you come to it is VaxVMS nowadays, ugly as it may be. From exfenestrate at spammers.invalid Tue Dec 6 23:42:14 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 7 02:45:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: <3lxwynkoa4wf.dlg@grc.aosake.net> On Tue, 6 Dec 2005 12:59:45 +0000 (UTC), Canopus wrote: > Anyone having any problems with this? Since my IP, ntlworld, implemented > aggressive spam filtering which has been blocking submissions to SpamCop I > have been using Yahoo Mail for this. Over the last few days connection to > Yahoo Mail via pop3 has dropped whenever I try to submit spam via it, it > doesn't happen with ordinary mail and I suspect Yahoo may have implemented > bad spam filters on outgoing mail. I haven't used the Yahoo! SMTP servers to submit spam lately. But I tried it tonight, and the submission went through. I pulled the headers of my submission and submitted them to SpamCop for a parse, with these results: http://www.spamcop.net/sc?id=z837597217z1b646e93723f9351d345309c96f740b7z So I don't think Yahoo! has a generic block in place. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at xyzzy.claranet.de Wed Dec 7 09:10:20 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 03:15:03 2005 Subject: [SpamCop-List] RIPE lookup bug (?) Message-ID: <439698EC.2241@xyzzy.claranet.de> Hi, for occupantware.com = 193.238.120.4 in... http://www.spamcop.net/sc?id=z837595270ze1994f1c6190543387ad38764cb2e68fz ...I get "No reporting addresses found for 193.238.120.4, using devnull for tracking." The "display data" for "whois 193.238.120.4@whois.ripe.net" says: | inetnum: 193.238.120.0 - 193.238.123.255 | netname: POLIVEKTOR-JSC | descr: Polivektor JSC network | country: RU | org: ORG-POLI1-RIPE | admin-c: POLI2-RIPE | tech-c: POLI2-RIPE [...] | organisation: ORG-POLI1-RIPE | org-name: Polivektor JSC | org-type: NON-REGISTRY | address: kalanchevskaya st. 4, Moscow Russia, 194568 | e-mail: admin@polivektor.com [...] | person: Polivektor Techical | address: 194568, Kalanchevkaya st. 4, Moscow Russia | phone: +7 (095) 780-22-87 | nic-hdl: POLI2-RIPE [...] No mail address for tech-c / admin-c, but there is an address for the organization. It's also the only item on the left side with an "@" in the filtered RIPE output. SC ignores this and tries "Lookup poli2-ripe@whois.ripe.net". That's wrong, it got handle POLI2-RIPE already for its first query. Asking again won't change the fact that there's no mail address in this object. Bye, Frank From nobody at xyzzy.claranet.de Wed Dec 7 09:30:54 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 03:35:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: <43969DBE.6FBB@xyzzy.claranet.de> Jeff G. wrote: > see the bottom link in my sig below. JFTR, that's an excessively annoying sig. Bye, Frank From nobody at devnull.spamcop.net Wed Dec 7 17:52:00 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Dec 7 03:55:03 2005 Subject: [SpamCop-List] Re: Soft on Sale In-Reply-To: References: Message-ID: Jeff G. wrote: > "Patto" wrote in message > news:dn5jce$oil$1@news.spamcop.net... >> Jeff G. wrote: >>> danglin[at]siia.net >> The SIIA address I know is piracy[at]siia.net > > I had some sort of problem with that address some time ago, but I can't > find the details at present. I'll try using that address again. Actually I remembered incorrectly, I used netpiracy[at]siia.net in the past. This seems to be the correct address to report Internet piracy. See http://www.siia.net/piracy/report/internet.asp From nobody at xyzzy.claranet.de Wed Dec 7 09:51:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 7 04:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: <4396A2AB.4F71@xyzzy.claranet.de> Philippe Verdy wrote: > There are MUCH MUCH more worse ISPs than Wanadoo in the > world Maybe they're getting better, no Wanadoo in SC's "hall of shame". 2003/04 (in the times of SWEN) "WannaSpew" was a pest only trumped by SpamCast. Bye, Frank From pantheus at suespammers.org Wed Dec 7 01:18:19 2005 From: pantheus at suespammers.org (Ken Knull) Date: Wed Dec 7 04:20:02 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: On Wed, 07 Dec 2005 09:30:54 +0100, Frank Ellermann wrote: > Jeff G. wrote: > >> see the bottom link in my sig below. > > JFTR, that's an excessively annoying sig. Bye, Frank I agree ... that 7 line sig is 4-5 lines too many, especially when it isn't trimmed. -- In a world without walls and fences nobody needs Windows and Gates! User #104362 with the Linux Counter, http://counter.li.org From spam_hjp at yahoo.com Wed Dec 7 05:05:20 2005 From: spam_hjp at yahoo.com (Jim) Date: Wed Dec 7 05:10:29 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail In-Reply-To: References: Message-ID: I just let SpamCop WebMail pop my Yahoo and Hotmail email. It has work good most of the time. A few delays lately because of the traffic on Yahoo and Hotmail servers because of the worms. From bar_n0ne at hotmail.com Wed Dec 7 14:31:36 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 05:35:03 2005 Subject: [SpamCop-List] what's up with "messenger.msn.click-url.com" Message-ID: Anyone know what this website on savvis is that keeps appearing in "cam-dating" spam? from a parse: -Quote-- Tracking link: http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ [report history] ISP does not wish to receive report regarding http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ Resolves to 216.39.69.75 Routing details for 216.39.69.75 [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net Using abuse net on abuse@savvis.net abuse net savvis.net = abuse@savvis.net Using best contacts abuse@savvis.net ISP does not wish to receive reports regarding http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date available http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been appealed previously. -EndQuote- This thing looks fishy enough to me at least outwardly, because official messenger related sites would be in msn, or microsoft domains. Anybody braved a look at it? From bar_n0ne at hotmail.com Wed Dec 7 14:35:35 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 05:40:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: <4396A2AB.4F71@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:4396A2AB.4F71@xyzzy.claranet.de... > Philippe Verdy wrote: > > > There are MUCH MUCH more worse ISPs than Wanadoo in the > > world > > Maybe they're getting better, no Wanadoo in SC's "hall of > shame". 2003/04 (in the times of SWEN) "WannaSpew" was a > pest only trumped by SpamCast. > Bye, Frank Yabbut, Kornet and Hanaro almost never make a showing there either, and until very recently 50% of my considerable spam originated there. So I'm not sure what that really means. I still get way more spam from either of those than from SpamCast, or WannaSpew, across email accounts. From cpollock at earthlink.net Wed Dec 7 06:07:45 2005 From: cpollock at earthlink.net (Chris) Date: Wed Dec 7 07:10:03 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: Berny wrote: > > "Chris" wrote in message > news:dn5cj9$kle$1@news.spamcop.net... > SNIP >> So, guess my actual question here is just what does it take for an ip to >> get blacklisted by spamcop? One other side note, since the 24th of Nov >> I've reported this ip netblock, whether it was 66.162.83.190 or >> 66.162.83.183 192 times to abuse@twtelecom and as yet nothing has really >> been done about it. > > Virus emitters, are usually only sending to email addresses that can be > dredged up from the infected machines hard drives. > Depending on the nature of business use of the machine in question that > is typically a small number of addresses, or at least a small number of > addresses outside the local net. Odds of hitting more than one, or even > one SC reporter thus can be very small indeed. For a listing, at leaset 2 > independent spam reporters need to report the address, and then the total > number of reports is still normalized relative to the "typical email > output" as determined by Ironport. > > So, unless a viral propagator has access to a millions CD, odds are it's > not going to get listed. If you're the only reporter receiving from that > machine it definitely will never get listed. Thanks Berny, odd thing, I've never done bussiness with McCombs Enterprises. Although none of these are personally addressed to me, I assume that the BCC is. -- Chris RLU 283774 Mandriva 10.1 Official 06:03:49 up 3 days, 13:06, 1 user, load average: 0.44, 1.07, 1.14 From bar_n0ne at hotmail.com Wed Dec 7 17:00:53 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 08:05:02 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn6jai$b7s$1@news.spamcop.net... > Berny wrote: SNIP > Thanks Berny, odd thing, I've never done bussiness with McCombs > Enterprises. Although none of these are personally addressed to me, I > assume that the BCC is. You might simply be a CC one some mail the McCombs guy has. you might be in the cc list on a spam item in his mail folders, or have a mutal acquaintance, or business contact, or mutual FWD:FWD:FWD mailer Those can have a wide spread.. From nobody at spamcop.net Wed Dec 7 06:30:58 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 08:30:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: -- "Mike Easter" wrote in message news:dn5rac$t6v$1@news.spamcop.net... > > This is the first time I've had the experience of 'fetching' a .dat file > more or less manually and then that newer .dat, which presumably I > would've gotten by the auto-update process tomorrow, being more uptodate > than the .dat file I got earlier today, this morning. I do auto-update also and every so often I throw in a manual update just to see if a new one has shown up on days when I see a lot of "news" about new virus/wrom/trojan releases. This AM -- reading this thread -- I clicked update manually and blink there was an update downloaded. The little message at the bottom of the control center when it ended seemed to imply there was yet another update waiting so I clicked update again -- bingo a second update downloaded. After that finished I clicked update a 3rd time and yet another one. Same thing on another machine. Very odd. Never seen that before. > > I haven't experienced 'slowness' in terms of the AVG server being > pokey -- in terms of the 'process' of hooking up or downloading the > update files -- it seems reasonable to me. Very seldom do the updates > require rebooting, altho' the one from this morning did. All of that > autoupdate requiring reboot for implementation had all been accomplished > before I messed with the virus we're talking about here. Interesting the one of the ones from this AM did not ask me to reboot but it did demand that eudora be closed before proceeding. The updates are fast -- and have been the last 8mths? year? since they apparently installed new hardware or rewrote the software. There was a period a year ago? longer? where it was just about impossible to get an update downloaded, that went on for several weeks. As to whether the scanning of the mail is slow when you get new mail, sometimes it seems slower than others altho I can't positively identify if that is AVG or just that my system desperately needs more memory. But of all the AVs I have tried over the years this is the one that hasn't screwed up my system or done other intensely annoying things. Ellen From nobody at spamcop.net Wed Dec 7 06:38:35 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 08:30:09 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: "Chris" wrote in message news:dn5cj9$kle$1@news.spamcop.net... > I've been reporting this ip 66.162.83.183, for about 3 or 4 days now. Yeah I see it in the database. >I've > sent in probably about 50 or so reports. This ip has been sending out the > sober.* worm for over a week now. Nah -- more like 95 since 12/3 >It belongs to the mccombs.com netblock > which is in turn part of twtelecom.net. It was previously being sent out > with the *.190 ip however, Nope don't see reports for 66.162.83.190 >after multi reports to abuse@twtelecom.net I > received a reply stating this from someone at mccombshq.com: > > Please note that the propagation of this address is spoofed. The address > you are questioning is a global IP for a firewall and is not sending or > passing the virus. They are very wrong. They have a compromised machine sending viruses thru that IP. Unfortunately they are not sending to traps or other SC users. > > from one of the contacts listed for this ip. When I argued that something > must be wrong then because the virus is comeing from his ip, he replied > with: > > I can assure you that it is indeed a mistake. These need to be removed > at once or this will get very ugly! You can refer that to us if you hear from them again. deputies admin.spamcop.net > > > So, guess my actual question here is just what does it take for an ip to > get blacklisted by spamcop? More than one reporter unfortunately. Ellen From borisgomez at alphait.ws Wed Dec 7 08:28:30 2005 From: borisgomez at alphait.ws (Boris) Date: Wed Dec 7 09:30:03 2005 Subject: [SpamCop-List] Domain Problems Message-ID: Some times that our user send mail, appear a message box inform that spamcop.net is blocking theirs mail messages because theirs domain mail was marked how spam mail. How can I do to unmark our domain name from spam list?? Thanks for your help From bar_n0ne at hotmail.com Wed Dec 7 18:40:43 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 7 09:45:03 2005 Subject: [SpamCop-List] Re: Domain Problems References: Message-ID: "Boris" wrote in message news:dn6rij$gbd$1@news.spamcop.net... > Some times that our user send mail, appear a message box inform that > spamcop.net is blocking theirs mail messages because theirs domain mail was > marked how spam mail. How can I do to unmark our domain name from spam > list?? > > Thanks for your help Well the only effective way is to stay off the list. Make sure your network doesn;t have spamming clients. Make sure that auto-responses are not being "bounced" to forged senders (recieved and then returned to the reply to address. From MikeE at ster.invalid Wed Dec 7 07:16:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 10:20:03 2005 Subject: [SpamCop-List] Re: Domain Problems References: Message-ID: Boris wrote: > Some times that our user send mail, appear a message box inform that > spamcop.net is blocking theirs mail messages because theirs domain > mail was marked how spam mail. How can I do to unmark our domain name > from spam list?? SCbl SpamCop blocklist does not block mail, but the SCbl is used by people and servers to defend against spam, including to reject mail from a listed IP address. SCbl does not list domainnames, only IP addresses. Your own posting IP 200.13.167.202 no rDNS is listed in SCbl as a spamsource and CBL as hitting spamtraps & appearing as a proxy/trojan. And there are other IPs of your provider which are similarly listed which are not the output server for ladylee.com or the same netblock, but have higher output volumes, presumably in the form of spam 200.13.167.30 scbl, cbl, njabl, sorbs 200.13.167.228 scbl, cbl 200.13.167.202 scbl, cbl 200.13.167.58 outmail.ladylee.com -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 7 08:10:50 2005 From: nobody at spamcop.net (Antispam Knight) Date: Wed Dec 7 11:15:02 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: "Berny" wrote in message news:dn6dma$85a$1@news.spamcop.net... > Anyone know what this website on savvis is that keeps appearing in > "cam-dating" spam? > > from a parse: > > -Quote-- > Tracking link: > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > [report history] > ISP does not wish to receive report regarding > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > Resolves to 216.39.69.75 > Routing details for 216.39.69.75 > [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net > Using abuse net on abuse@savvis.net > abuse net savvis.net = abuse@savvis.net > Using best contacts abuse@savvis.net > > ISP does not wish to receive reports regarding > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date > available > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been > appealed previously. > -EndQuote- > > This thing looks fishy enough to me at least outwardly, because official > messenger related sites would be in msn, or microsoft domains. > > Anybody braved a look at it? > > It redirects to http://click.atdmt.com/go/onm00200471ave/direct/01/ atdmt.com is registered to: http://www.networksolutions.com Registrant: aQuantive Inc. 821 2nd Avenue Suite 1700 SEATTLE, WA 98104 US Domain Name: ATDMT.COM Administrative Contact, Technical Contact: aQuantive Inc. domains@aquantive.com 821 2nd Avenue Suite 1700 SEATTLE, WA 98104 US 206 816 8700 fax: 206 816 8909 Record expires on 17-Aug-2006. Record created on 17-Aug-2001. Database last updated on 7-Dec-2005 11:06:16 EST. Domain servers in listed order: DAL1GLB01.AQUANTIVE.COM 216.39.68.40 SEA1GLB01.AQUANTIVE.COM 216.34.88.151 WHK1GLB01.AQUANTIVE.COM 64.14.42.151 REGISTRY WHOIS: Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ATDMT.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: SEA1GLB01.AQUANTIVE.COM Name Server: WHK1GLB01.AQUANTIVE.COM Name Server: DAL1GLB01.AQUANTIVE.COM Status: REGISTRAR-LOCK Updated Date: 06-dec-2005 Creation Date: 17-aug-2001 Expiration Date: 17-aug-2006 >>> Last update of whois database: Wed, 7 Dec 2005 02:26:26 EST <<< From exfenestrate at spammers.invalid Wed Dec 7 08:13:43 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 7 11:15:08 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: <1thybjvflw3qy$.dlg@grc.aosake.net> On Wed, 7 Dec 2005 14:31:36 +0400, Berny wrote: > Anyone know what this website on savvis is that keeps appearing in > "cam-dating" spam? The actual domain is just the part ahead of the TLD; "click-url.com" in this case. I use "msn" as a host name for my domain, but only so I can identify incoming email related to my MSN stuff. I don't use it as a web site host name. You are correct, it looks "phishy". -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jg at coks.net Wed Dec 7 08:42:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 11:45:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 3:30 AM Ellen scribbled: curious as to how this will look /had to quote differently - you left Mike's sig deliniter in/ Interesting the one of the ones from this AM did not ask me to reboot but it did demand that eudora be closed before proceeding. /I had to close Excel/ The updates are fast -- and have been the last 8mths? year? since they apparently installed new hardware or rewrote the software. /I've always considered them fast - the process- using a mem disadvantaged machine as well/ There was a period a year ago? longer? where it was just about impossible to get an update downloaded, that went on for several weeks. /That seemed to be server overload back then - Grisoft often recommended to 'try later' - they were getting slash dotted for awhile/ As to whether the scanning of the mail is slow when you get new mail, sometimes it seems slower than others altho I can't positively identify if that is AVG or just that my system desperately needs more memory. /I dropped using that - never caught anything tho I don't know if thats my ISP catching the virus 1st or if I just don't get any - I've never played with the gifs the way you guys do - do you consider it useful? I don't like the added header lines - I'm confused enough/ But of all the AVs I have tried over the years this is the one that hasn't screwed up my system or done other intensely annoying things. /I agree, tho it conflicts with Firefox - which should probably be closed anyway while running AVG/ From jg at coks.net Wed Dec 7 08:53:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 11:55:01 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 8:42 AM jg scribbled: > On 12/7/2005 3:30 AM Ellen scribbled: > curious as to how this will look > /had to quote differently - you left Mike's sig deliniter in/ > apologies to Jeff G. - I chided him on Quote Fix the other day and here I am screwing up this post... Guess the / only works on the same line... From SC.10.myspamgobbler at spamcowboy.net Wed Dec 7 08:53:27 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Wed Dec 7 12:00:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: Ellen wrote: "Mike Easter" wrote in message news:dn5rac$t6v$1@news.spamcop.net... > > > > I haven't experienced 'slowness' in terms of the AVG server being > > pokey -- in terms of the 'process' of hooking up or downloading the > > update files -- it seems reasonable to me. Very seldom do the updates > > require rebooting, altho' the one from this morning did. All of that > > autoupdate requiring reboot for implementation had all been accomplished > > before I messed with the virus we're talking about here. >Interesting the one of the ones from this AM did not ask me to reboot >but it did demand that eudora be closed before proceeding. The updates >are fast and have been the last 8mths? year? since they apparently >installed new hardware or rewrote the software. There was a period a >year ago? longer? where it was just about impossible to get an update >downloaded, that went on for several weeks. > >As to whether the scanning of the mail is slow when you get new mail, >sometimes it seems slower than others altho I can't positively identify >if that is AVG or just that my system desperately needs more memory. > >But of all the AVs I have tried over the years this is the one that >hasn't screwed up my system or done other intensely annoying things. The reboot was required for my Win98 laptop, which, IIRC, is what Mike is using (Win98 that is, not my laptop :) I don't recall it being required on my XP machine, but I've been very busy and don't always notice. I have installed AVG on a large number of computers and I am very satisfied with the way it works. Many of my clients are very computer illiterate and AVG is one program that I've had extremely few support issues with. -- Brian SC.10.myspamgobbler@spamcowboy.net From nobody at spamcop.net Wed Dec 7 11:07:13 2005 From: nobody at spamcop.net (Antispam Knight) Date: Wed Dec 7 14:10:02 2005 Subject: [SpamCop-List] Re: what's up with "messenger.msn.click-url.com" References: Message-ID: "Antispam Knight" wrote in message news:dn71ib$k02$1@news.spamcop.net... > > "Berny" wrote in message > news:dn6dma$85a$1@news.spamcop.net... >> Anyone know what this website on savvis is that keeps appearing in >> "cam-dating" spam? >> >> from a parse: >> >> -Quote-- >> Tracking link: >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> [report history] >> ISP does not wish to receive report regarding >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> Resolves to 216.39.69.75 >> Routing details for 216.39.69.75 >> [refresh/show] Cached whois for 216.39.69.75 : abuse@savvis.net >> Using abuse net on abuse@savvis.net >> abuse net savvis.net = abuse@savvis.net >> Using best contacts abuse@savvis.net >> >> ISP does not wish to receive reports regarding >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - no date >> available >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ has been >> appealed previously. >> -EndQuote- >> >> This thing looks fishy enough to me at least outwardly, because official >> messenger related sites would be in msn, or microsoft domains. >> >> Anybody braved a look at it? >> >> > > It redirects to http://click.atdmt.com/go/onm00200471ave/direct/01/ > > atdmt.com is registered to: > > http://www.networksolutions.com > > Registrant: > aQuantive Inc. > 821 2nd Avenue > Suite 1700 > SEATTLE, WA 98104 > US > > Domain Name: ATDMT.COM > > Administrative Contact, Technical Contact: > aQuantive Inc. domains@aquantive.com > 821 2nd Avenue > Suite 1700 > SEATTLE, WA 98104 > US > 206 816 8700 fax: 206 816 8909 > > Record expires on 17-Aug-2006. > Record created on 17-Aug-2001. > Database last updated on 7-Dec-2005 11:06:16 EST. > > Domain servers in listed order: > > DAL1GLB01.AQUANTIVE.COM 216.39.68.40 > SEA1GLB01.AQUANTIVE.COM 216.34.88.151 > WHK1GLB01.AQUANTIVE.COM 64.14.42.151 > > REGISTRY WHOIS: > > Whois Server Version 1.3 > > Domain names in the .com and .net domains can now be registered with many > different competing registrars. Go to http://www.internic.net for detailed > information. > > > Domain Name: ATDMT.COM > Registrar: NETWORK SOLUTIONS, LLC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: SEA1GLB01.AQUANTIVE.COM > Name Server: WHK1GLB01.AQUANTIVE.COM > Name Server: DAL1GLB01.AQUANTIVE.COM > Status: REGISTRAR-LOCK > Updated Date: 06-dec-2005 > Creation Date: 17-aug-2001 > Expiration Date: 17-aug-2006 > >>>> Last update of whois database: Wed, 7 Dec 2005 02:26:26 EST <<< > As a further note, Aquantive is a Washington State corporation. The Registered Agent and the domain registration have the same address, so one might infer that Linda Schoemaker is a principal in the corporation. Or, they might just be using a third party for both: Corporations Division - Registration Data Search AQUANTIVE, INC. UBI Number 601 857 172 Category Regular Corporation Profit/Nonprofit Profit Active/Inactive Active State of Incorporation WA Date of Incorporation 02/27/1998 License Expiration Date 02/28/2006 Registered Agent Information Agent Name LINDA SCHOEMAKER Address 821 SECOND AVE # 1800 City SEATTLE State WA ZIP 98104 From nobody at spamcop.net Wed Dec 7 14:04:15 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 14:50:02 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "jg" wrote in message news:dn739j$l89$1@news.spamcop.net... > On 12/7/2005 3:30 AM Ellen scribbled: > curious as to how this will look > /had to quote differently - you left Mike's sig deliniter in/ sorry > > As to whether the scanning of the mail is slow when you get new mail, > sometimes it seems slower than others altho I can't positively identify if > that is AVG or just that my system desperately needs more memory. > > /I dropped using that - never caught anything tho I don't know if thats > my ISP catching the virus 1st or if I just don't get any - I've never > played with the gifs the way you guys do - do you consider it useful? I > don't like the added header lines - I'm confused enough/ I never play with gifs. I suppose I could turn it off also -- all my mail passes thru at least one other AV filtering system -- and sometimes two before I see it. And I don't open attachments anyway. > > /I agree, tho it conflicts with Firefox - which should probably be > closed anyway while running AVG/ I run firefox -- I don't see any interference. What are you seeing? Ellen From BNRAGMAOKKXT at spammotel.com Wed Dec 7 20:10:31 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Wed Dec 7 15:15:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: Norman Miller on 07/12/2005 wrote: >So I don't think Yahoo! has a generic block in place. No, I don't think so either. I've been doing a little experimenting since yesterday with my NTL account and also further error info for my Yahoo account. NTL: Neither forwarding spam to SpamCop as pasted to body nor as attachment now works with NTL accounts. No notifications from NTL that they are blocked or deleted, they just don't get through. Attempted to submit 25 spam to SpamCop at 1330 hrs GMT using Yahoo SMTP, 20 were sent before following error message was generated: "Connection intensionally closed. SMTP server returned unexpected error 521." About 20 minutes later I tried again with a further spam. Error message as above plus the following: "Yahoo.com closing transmissions channel. User is over the limit for messages allowed to be sent in a single day." I've never seen this before and I can't find any info on this limit on the Yahoo Mail site. I've mailed them about it. At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. The five mails submitted successfully, which in turn seems to contradict the previous error message. -- Rob http://www.flickr.com/photos/canopus_archives/ From nobody at spamcop.net Wed Dec 7 15:54:22 2005 From: nobody at spamcop.net (John Anderson) Date: Wed Dec 7 16:55:03 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: An error occurred while processing your request. Reference #97.8042d33f.1133992346.e76741 This is what I get trying to login! John Anderson From jg at coks.net Wed Dec 7 14:03:27 2005 From: jg at coks.net (jg) Date: Wed Dec 7 17:05:02 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 11:04 AM Ellen scribbled:> > > I run firefox -- I don't see any interference. What are you seeing? > > Ellen > > Just a /real/ slowdown - but like I mentioned, my box is memory disadvantaged. From nobody at devnull.spamcop.net Wed Dec 7 17:13:43 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Dec 7 17:15:02 2005 Subject: [SpamCop-List] Roxio traces to doubleclick? Message-ID: http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z Hi, I've had a lot of phishing spam/scams of late and I -think- this is one, tracker above, but something interesting happened when I submitted it manually for parsing. The reporting addresses are all to doubleclick.net, a long-ago banned outfit from my systems. At least to me, that doesn't make sense.?.? So, am I right, that it is another phishing scam? And what's with double-click being the listed source? I assume it's just forgery, but if not, well ... ? TIA, Pop -- --- twaynesdomain.com: Best little website in the North Country! From MikeE at ster.invalid Wed Dec 7 14:20:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 17:25:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: jg wrote: > /had to quote differently - you left Mike's sig deliniter in/ There was a sig delimitor at the top of Ellen's post, which makes things a little tricker, but I think it wasn't mine left over, but hers, as an 'empty sig'. However, this turns into another QF discussion again. OE doesn't trim sigs all by itself, I configure OEQF to trim sigs for me. In the case of Ellen's post, I would have /thought/ my sig trimmer would've 'wiped out' her entire post, making the cite problem difficult to deal with; so I was planning on demonstrating here how I could turn off my sig trimmer [by reconfiguring QF or disabling it] and cause Ellen's post to work right. But, when I went to Ellen's post to demonstrate the wipeout effect to myself, I discovered that her post didn't get wiped out at all. For some reason my system with sig trimming enabled didn't trim away her post. I don't think I understand yet why not. But, my point is that I would assume that you jg can optionally disable MozTbird's sig trimming so you wouldn't have to struggle with that citing problem. -- Mike Easter kibitzer, not SC admin From jg at coks.net Wed Dec 7 14:32:31 2005 From: jg at coks.net (jg) Date: Wed Dec 7 17:35:02 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 2:20 PM Mike Easter scribbled: > I don't think I understand yet why not. > > But, my point is that I would assume that you jg can optionally disable > MozTbird's sig trimming so you wouldn't have to struggle with that > citing problem. > > It wasn't really a struggle - just took me a couple of minutes to figure out why Ellen's post didn't quote. Day in and out, this is a rare occurence for me but it gave me some exercise. There is no way to turn that off via normal settings with Tbird - I could probably find a reset somewhere in prefs.js but haven't had the need as of yet. Isn't the use of this delimiter and its behavior pretty much universal? From porpoise1954 at yahoo.co.uk Wed Dec 7 22:48:24 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 17:50:03 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: Well, a minor update. Have managed to Winhex the file but there is nothing that jumps out at me (that I can decypher). Basically just another variant of the Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything strange or unusual....... !??! From MikeE at ster.invalid Wed Dec 7 14:50:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 17:55:03 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: jg wrote: > Isn't the use of this delimiter and its behavior pretty much > universal? The ever-noncompliant OE is a huge leader in the field of sig noncompliance. In the first place, OE has 'always' had the problem of its autosig going at the top where it doesn't belong -- forcing the OE users who need to trim and contextualize their news replies to turn off the autosig and 'manually' [by clicking something] put in their sig after they have trimmed and contextualized their replies. Then, the next noncompliance of OE is that the OE sig wasn't a properly constructed sig delimitor, because the OE editor eliminated the space which comes at the end of dash dash space -- so the OE sigs [used to] not be auto-trimmable by all of the newsreaders with sig trimmers. Nowadays OE can finally make a proper sig delimitor. Unfortunately, it still can't autosig anywhere but the top of a reply and it still can't autotrim sigs. So, except for OE, most of the rest of the world of newsreaders have been handling sigs compliantly for a long time. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 22:55:59 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 18:00:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: "Canopus" wrote in message news:dn7fjn$ttd$1@news.spamcop.net... > Norman Miller on 07/12/2005 wrote: > >>So I don't think Yahoo! has a generic block in place. > > No, I don't think so either. I've been doing a little experimenting since > yesterday with my NTL account and also further error info for my Yahoo > account. > > NTL: Neither forwarding spam to SpamCop as pasted to body nor as > attachment now works with NTL accounts. No notifications from NTL that > they are blocked or deleted, they just don't get through. > > Attempted to submit 25 spam to SpamCop at 1330 hrs GMT using Yahoo SMTP, > 20 were sent before following error message was generated: > > "Connection intensionally closed. SMTP server returned unexpected error > 521." > > About 20 minutes later I tried again with a further spam. Error message > as above plus the following: > > "Yahoo.com closing transmissions channel. User is over the limit for > messages allowed to be sent in a single day." > > I've never seen this before and I can't find any info on this limit on the > Yahoo Mail site. I've mailed them about it. > > At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. > The five mails submitted successfully, which in turn seems to contradict > the previous error message. It seems to me that they have put a choke on the SMTP server(s) in an attempt to thwart spam runs, by limiting users to sending only a limited number of emails within a given period. In one way, it could be seen as a *good* idea (reduces the amount of spam) but could be construed as a PITA for those who may have need to send tons of 'legitimate' emails every day. Although, it could be argued that anyone needing to send that number of legitimate emails on a daily basis ought to have a "proper" email account for such a purpose ......... From MikeE at ster.invalid Wed Dec 7 15:06:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:10:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: Pop wrote: www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. Pop is saying he's reporting a phish, but... > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? ... it doesn't make sense to him that doubleclick is the report addy. > So, am I right, that it is another phishing scam? So, now he's saying, "Is this a phish?" ... which means 'we' are going to have to look at/ read/ a spam. There are 'rules' around here for reading spams. #1 rule is that anytime we are getting ready to read a spam, we read/ analyze/ the headers first. > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? The headers show a straightup item, in which the From = the source = the spamvertiser. There is no header bogosity. From: "Roxio" Received: from (mta.email.sonic.com [198.31.62.67]) Spamvertise: http://email.sonic.com/cgi-bin15/DM/y/mUyZ0G3Ll50Ctg0MLR0HA&email=x This condition is often associated with legitimate communications to a registrant. Body content: If you would like to receive new product information and exclusive promotional offers from Roxio, including a one-time 50% off the latest version of Easy Media Creator, just click here: If you do not reply, you will not receive any software update email notifications from us. First line: As a registered owner of Easy Media Creator, we feel you should know we have released [...] If you are a reg'd user of Easy Media Creator, then that's why you got this offer to optin. It appears to be an optin to a reg'd user, not an optout. email.sonic.com and its output mailserver are DoubleClick. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 7 15:12:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:15:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: Mike Easter wrote: > Body content: I meant appears to be optin, of course. > If you are a reg'd user of Easy Media Creator, then that's why you got > this offer to optin. It appears to be an optin to a reg'd user, not > an optout. email.sonic.com and its output mailserver are DoubleClick. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Dec 7 18:01:43 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 18:15:08 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "Mike Easter" wrote in message news:dn7n7b$38s$1@news.spamcop.net... > > But, when I went to Ellen's post to demonstrate the wipeout effect to > myself, I discovered that her post didn't get wiped out at all. For > some reason my system with sig trimming enabled didn't trim away her > post. > > I don't think I understand yet why not. > Your system is smart enough to know not to wipe out my posts .... or else .... Ellen From nobody at spamcop.net Wed Dec 7 18:05:50 2005 From: nobody at spamcop.net (Ellen) Date: Wed Dec 7 18:15:14 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: "Pop" wrote in message news:dn7mqm$2t3$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > > Hi, > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? > > So, am I right, that it is another phishing scam? > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? > Looks like mail about Roxio -- doesn't look like a phish to me. Ellen From nobody at nowhere.not Wed Dec 7 23:17:46 2005 From: nobody at nowhere.not (Robert Blair) Date: Wed Dec 7 18:20:06 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Wed, 7 Dec 2005 22:32:31 UTC, jg wrote: > It wasn't really a struggle - just took me a couple of minutes to figure > out why Ellen's post didn't quote. Day in and out, this is a rare > occurence for me but it gave me some exercise. > There is no way to turn that off via normal settings with Tbird - I > could probably find a reset somewhere in prefs.js but haven't had the > need as of yet. > Isn't the use of this delimiter and its behavior pretty much universal? My news reader truncates Ellen's entire message as would be expected. But if I highlight a portion of the text it gets quoted properly. I very seldom reply without highlighting (for trimming) so I seldom see this kind of problem. -- Robert Blair From MikeE at ster.invalid Wed Dec 7 15:20:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 7 18:25:05 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: Ellen wrote: > "Mike Easter" >> But, when I went to Ellen's post to demonstrate the wipeout effect to >> myself, I discovered that her post didn't get wiped out at all. For >> some reason my system with sig trimming enabled didn't trim away her >> post. >> >> I don't think I understand yet why not. > Your system is smart enough to know not to wipe out my posts .... or > else .... Heh heh. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 7 23:59:56 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 19:05:04 2005 Subject: [SpamCop-List] Another SysAdmin that requires a clue Message-ID: http://www.spamcop.net/sc?id=z837926949zf94cbbdc94fb6f33ea222dedbf02c2aez As well as sending reports, I also sent a mail to the sender advising them (with link to the FAQ) why sending "newmails" to forged From: is really not a very clever thing to be doing. From cpollock at earthlink.net Wed Dec 7 19:20:24 2005 From: cpollock at earthlink.net (Chris) Date: Wed Dec 7 20:25:04 2005 Subject: [SpamCop-List] Re: Blacklisting, what does it take? References: Message-ID: Ellen wrote: >> >> Please note that the propagation of this address is spoofed. The address >> you are questioning is a global IP for a firewall and is not sending or >> passing the virus. > > They are very wrong. They have a compromised machine sending viruses thru > that IP. Unfortunately they are not sending to traps or other SC users. And they won't admit it either. > >> >> from one of the contacts listed for this ip. When I argued that >> something must be wrong then because the virus is comeing from his ip, >> he replied with: >> >> I can assure you that it is indeed a mistake. These need to be removed >> at once or this will get very ugly! > > You can refer that to us if you hear from them again. deputies > admin.spamcop.net Will do, in the meantime I've again addressed this issue to all contacts listed that I can find minus the individual at mccombshqs.com who denies that he has a compromised machine. > >> So, guess my actual question here is just what does it take for an ip to >> get blacklisted by spamcop? > > More than one reporter unfortunately. I understand that now, I must be the only one getting hit from this ip then. > > > Ellen Thanks Ellen for your feedback. -- Chris RLU 283774 Mandriva 10.1 Official 19:15:55 up 4 days, 2:18, 1 user, load average: 0.20, 0.40, 0.35 From not at home.today Thu Dec 8 01:41:24 2005 From: not at home.today (Ant) Date: Wed Dec 7 20:45:02 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: "Porpoise" wrote: > Have managed to Winhex the file but there is nothing that jumps out at me > (that I can decypher). Basically just another variant of the > Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything > strange or unusual....... !??! The exe is packed with UPX 1.93 (not 1.92 as I stated earlier). Did you run UPX on it? More strings become visible, but nothing special. From porpoise1954 at yahoo.co.uk Thu Dec 8 01:56:36 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 7 21:00:03 2005 Subject: [SpamCop-List] Re: CIA Spoof - Winhexed References: Message-ID: "Ant" wrote in message news:dn830a$eik$1@news.spamcop.net... > "Porpoise" wrote: > >> Have managed to Winhex the file but there is nothing that jumps out at me >> (that I can decypher). Basically just another variant of the >> Trojan-Proxy.Win32.Agent.hx as far as I can see - without being anything >> strange or unusual....... !??! > > The exe is packed with UPX 1.93 (not 1.92 as I stated earlier). Did > you run UPX on it? More strings become visible, but nothing special. > No. Just done the usual notifies and moved on........ From jg at coks.net Wed Dec 7 18:07:15 2005 From: jg at coks.net (jg) Date: Wed Dec 7 21:10:04 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 2:50 PM Mike Easter scribbled: > jg wrote: > > >>Isn't the use of this delimiter and its behavior pretty much >>universal? > > > The ever-noncompliant OE is a huge leader in the field of sig > noncompliance. In the first place, OE has 'always' had the problem of > its autosig going at the top where it doesn't belong -- forcing the OE > users who need to trim and contextualize their news replies to turn off > the autosig and 'manually' [by clicking something] put in their sig > after they have trimmed and contextualized their replies. > > Then, the next noncompliance of OE is that the OE sig wasn't a properly > constructed sig delimitor, because the OE editor eliminated the space > which comes at the end of dash dash space -- so the OE sigs [used to] > not be auto-trimmable by all of the newsreaders with sig trimmers. > > Nowadays OE can finally make a proper sig delimitor. Unfortunately, it > still can't autosig anywhere but the top of a reply and it still can't > autotrim sigs. > > So, except for OE, most of the rest of the world of newsreaders have > been handling sigs compliantly for a long time. > > you sound like the parent of an ugly child - OE has a face only a mother could love... From jg at coks.net Wed Dec 7 18:11:56 2005 From: jg at coks.net (jg) Date: Wed Dec 7 21:10:11 2005 Subject: [SpamCop-List] Re: CIA Spoof In-Reply-To: References: Message-ID: On 12/7/2005 3:17 PM Robert Blair scribbled: > On Wed, 7 Dec 2005 22:32:31 UTC, jg wrote: > > >>It wasn't really a struggle - just took me a couple of minutes to figure >>out why Ellen's post didn't quote. Day in and out, this is a rare >>occurence for me but it gave me some exercise. >>There is no way to turn that off via normal settings with Tbird - I >>could probably find a reset somewhere in prefs.js but haven't had the >>need as of yet. >>Isn't the use of this delimiter and its behavior pretty much universal? > > > My news reader truncates Ellen's entire message as would be expected. > But if I highlight a portion of the text it gets quoted properly. I > very seldom reply without highlighting (for trimming) so I seldom see > this kind of problem. > > just when I thought the thread was done... where do you highlight? in the orig msg pane? and that overrides truncation by the delimiter? ya just gotta love computers - 2000 ways to blow your nose... From edb2000 at spamcop.net Wed Dec 7 20:48:56 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Wed Dec 7 23:50:02 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? In-Reply-To: References: Message-ID: Pop wrote: > http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z > > Hi, > I've had a lot of phishing spam/scams of late and I -think- > this is one, tracker above, but something interesting happened > when I submitted it manually for parsing. > The reporting addresses are all to doubleclick.net, a long-ago > banned outfit from my systems. At least to me, that doesn't make > sense.?.? > > So, am I right, that it is another phishing scam? > And what's with double-click being the listed source? > I assume it's just forgery, but if not, well ... ? No, it's legit (or what I would call legit). They are sending an invitation to opt in to a mailing list to receive info about their software deals, and they are sending this one-time invite to users who registered their software products and provided an email address. I got two myself, for two registered products. You would have to be pretty hard-core to consider this spam. But it's certainly not a phishing expedition. -- Don Wannit A paid SpamCop user since 1999 From jeffg at spamcop.net Thu Dec 8 00:25:48 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 00:30:02 2005 Subject: [SpamCop-List] Re: Soft on Sale References: Message-ID: "Patto" wrote in message news:dn67rg$4h3$1@news.spamcop.net... > Actually I remembered incorrectly, I used netpiracy[at]siia.net in the > past. This seems to be the correct address to report Internet piracy. > See http://www.siia.net/piracy/report/internet.asp Interestingly, I see netpiracy@spa.org on that page. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Thu Dec 8 00:48:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 00:50:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:43969DBE.6FBB@xyzzy.claranet.de... > Jeff G. wrote: > > > see the bottom link in my sig below. > JFTR, that's an excessively annoying sig. Bye, Frank And yours looks like you are saying "Bye" to yourself. Is the following better? -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From g.hyde at bigpond.net.au Thu Dec 8 16:24:24 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 01:25:02 2005 Subject: [SpamCop-List] I am getting more messages from this .pk server about listserver messages I can do nothing about. Message-ID: http://www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z OK this is getting ridiculous. I keep getting failure messages due in part to an improperly configured listserver which contain news messages I've posted somewhere. This is to me a spam email, as there is NOTHING, I repeat, NOTHING that I can do about it. Do I report this as a spam item or what? I would like for the listserver owner to be notified so they can fix this problem with their listserver, however, that doesn't seem likely unless I can pin down the reason it is listing me as the original sender. It is currently sitting unreported on the above tracker URL. If deputies would like to submit it as a spam to someone in particular, please do so. Cheers ... Geoffrey Hyde From borgholio at storymind.com Wed Dec 7 22:35:44 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 8 01:40:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > http://www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z > > OK this is getting ridiculous. I keep getting failure messages due in part > to an improperly configured listserver which contain news messages I've > posted somewhere. This is to me a spam email, as there is NOTHING, I > repeat, NOTHING that I can do about it. > > Do I report this as a spam item or what? I would like for the listserver > owner to be notified so they can fix this problem with their listserver, > however, that doesn't seem likely unless I can pin down the reason it is > listing me as the original sender. > > It is currently sitting unreported on the above tracker URL. If deputies > would like to submit it as a spam to someone in particular, please do so. > > > Cheers ... > > Geoffrey Hyde > > > Misdirected bounces ARE considered spam by Spamcop and should be reported. I get dozens per day...sometimes after a virus swarm or spam swarm I wake up with hundreds in my box. I report them all. From jeffg at spamcop.net Thu Dec 8 01:38:06 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 8 01:40:09 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "John Anderson" wrote in message news:dn7llq$1qj$1@news.spamcop.net... > An error occurred while processing your request. > Reference #97.8042d33f.1133992346.e76741 > > > > This is what I get trying to login! Yes, there was a drop (SpamCop Parsing and Reporting System Outage AKA "down and dead" status) at the time per http://alpha.cesmail.net/graphics/spamstats.gif , displays of it at http://www.spamcop.net/spamgraph.shtml?spamstats and http://forum.spamcop.net/forums/index.php?showtopic=5247 and http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats , and my analysis in the Announcement at http://forum.spamcop.net/forums/index.php?showtopic=5288 (specifically at http://forum.spamcop.net/forums/index.php?showtopic=5288&view=findpost&p=37370 ) . Also, please be aware of the following Post by Don at http://forum.spamcop.net/forums/index.php?showtopic=5514&st=0&p=37151&#entry37151 . ----- Begin Quote ----- Those errors *can* be caused by an Akamai server with a problem, but it is extremely rare, and always isolated. What you're seeing is the result of SpamCop being down and dead at the time. It's caused by our database crashing, which brings down the whole system because the database is the heart. Fortunately, we have developed alarm systems that alert us to the problem when it starts, and methods of bringing the database back up rapidly when it goes down. In many cases, the outage is only for a few minutes, and sometimes during dire straights, a few hours. As far as the users and deputies go, there isn't anything we can do but wait for the system to come back up. We're acutely aware of the problem, I assure you. We all access SpamCop from outside, just like everybody else, so we're often the first to know. If the duty engineer isn't already on the problem, which they usually are, we page them. Unfortunately, our database and the way we use it is *hugely* complicated and we haven't found the root cause of the problem. We've found and fixed several little items that help keep things from going awry, but not everything. All I can ask is that you bear with us while we work on the problem. - Don D'Minion - SpamCop Admin - ----- End Quote ----- -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From bar_n0ne at hotmail.com Thu Dec 8 11:06:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Dec 8 02:10:03 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: <3lxwynkoa4wf.dlg@grc.aosake.net> Message-ID: "Canopus" wrote in message news:dn7fjn$ttd$1@news.spamcop.net... > Norman Miller on 07/12/2005 wrote: > > > At 1700 hrs GMT I attempted to submit spam via Yahoo using SMTP again. > The five mails submitted successfully, which in turn seems to contradict > the previous error message. the 24 hour definition may be X mails between 00:00 and 24:00 in some particular timezone , say PST or EST From porpoise1954 at yahoo.co.uk Thu Dec 8 08:39:42 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 8 03:45:04 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: "jg" wrote in message news:dn84lc$g0s$1@news.spamcop.net... > On 12/7/2005 3:17 PM Robert Blair scribbled: > just when I thought the thread was done... > where do you highlight? > in the orig msg pane? > and that overrides truncation by the delimiter? > ya just gotta love computers - 2000 ways to blow your nose... Isn't it XP ways to blow your nose now?? ;-) From redford_stone at INVERSE_OF_COLDmail.com Thu Dec 8 09:12:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Dec 8 04:15:03 2005 Subject: [SpamCop-List] Question regarding "\x[hexnumber]" code. Message-ID: I'm curious to know exactly what kind of code "\x" is. The spammer who hides behind Geocities sites appear to be using this type of code as means to hide the final site. It is coded in this manner: "\x[hex number]" Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." I've tried digging around but Gargle doesn't give me much of anything meaningful I can use for decrapting this. From g.hyde at bigpond.net.au Thu Dec 8 19:37:29 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 04:40:04 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: http://www.google.com.au/search?hl=en&q=backslash+x+%5Bnnn%5D&meta= Try that - you might need to put in the equals sign, though that's what I came up with. after inserting '\backslash x [nnn]' into google. (without the quotes) HTH. :-) http://www.google.com.au/search?hl=en&q=backslash+x+%5Bxxxx%5D&meta= - also this, after a bit of refining of the string. Cheers ... Geoffrey Hyde "Redstone" wrote in message news:Xns9726C63D293Dtinlc@216.154.195.61... > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. > From bar_n0ne at hotmail.com Thu Dec 8 14:17:27 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Dec 8 05:20:12 2005 Subject: [SpamCop-List] "spamcopped" Message-ID: Well, I am pleased and displeased, Pleased to see that there really are folks using SC to block incoming mail. Displeased because (one of) the corporate mailserver(s) I use was blocked. Strangely, the party I was sending to has specific addresses set up for use by my employer, which is a fairly major client, so you;d think we'd have been whitelisted in this particular case. Seems we are blocked for back-scatter. I guess lot's of people still ahve auto responders or vacation notices, and I can verify that the spam blocking/filtering/miltering is far from leakproof, theres enough getting through that backscatter would be a problem. Anyway I sent a note to our security people, It's not my mess to deal with. Ah well. From nobody at nowhere.invalid Thu Dec 8 11:45:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 8 05:50:04 2005 Subject: [SpamCop-List] Re: CIA Spoof References: Message-ID: On Wed, 07 Dec 2005 14:32:31 -0800, jg coughed into spamcop and left this in : > Isn't the use of this delimiter and its behavior pretty much universal? Yes. Which probably explains why Outlook Express doesn't know about it. -- Steve From nobody at devnull.spamcop.net Thu Dec 8 08:33:18 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Dec 8 08:35:03 2005 Subject: [SpamCop-List] Re: Roxio traces to doubleclick? References: Message-ID: "Pop" wrote in message news:dn7mqm$2t3$1@news.spamcop.net... : http://www.spamcop.net/sc?id=z837889025z8bafdb2bc46493d5c1e87634aff2aca5z : : Hi, : I've had a lot of phishing spam/scams of late and I -think- ... : So, am I right, that it is another phishing scam? : And what's with double-click being the listed source? : I assume it's just forgery, but if not, well ... ? : Huh; OK, thanks for your inputs & consideration. I tried to check the Roxio site yesterday too since I am a registered owner, but must have tried it at the same time everyone else did; couldn't get a screen to paint completely. I'll try again later today. I was still confused about doubleclick, so I checked out their site; haven't done that in years. Also interesting how doubleclick and double-click go to two different places. Doubleclick actually looks relatively respectable if all the hype and name-dropping there is true. Double-click looks a lot spammier, but nothign immediately scary, redirecting to http://www.dartmotif.com/, (which is doubleclick's) apparently one of their marketing strategies. Neither site tried to place any cookies or probe anything - near as I could tell - THAT surprised me! They do like to throw unannounced PDF's at you, but otherwise nothing actually looked wrong. Maybe they're legit nowadays, dunno. IMO, it's still "bad" when I receive a mail from a roxio that in no way traces to a roxio though; but then it's their choice to use such methods. Thanks again, Pop From nobody at example.com Thu Dec 8 14:25:40 2005 From: nobody at example.com (John Smith) Date: Thu Dec 8 09:30:02 2005 Subject: [SpamCop-List] phishing or virus? Message-ID: This spam seems to link to a PDF file (which has probably already been removed by the webmaster). Is it phishing, a virus, or something else? Short link to the spam: http://babyurl.com/AfsRBh Full link: http://www.spamcop.net/sc?id=z838211460zc5e8b37e973105a86e8035ba50a34d64z;action=display From blacklist-me at davjam.org Thu Dec 8 14:23:55 2005 From: blacklist-me at davjam.org (David Bolt) Date: Thu Dec 8 09:35:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: On Thu, 8 Dec 2005, Redstone wrote:- >I'm curious to know exactly what kind of code "\x" is. > >The spammer who hides behind Geocities sites appear to be using this type >of code as means to hide the final site. > >It is coded in this manner: "\x[hex number]" > >Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > >I've tried digging around but Gargle doesn't give me much of anything >meaningful I can use for decrapting this. Try this: There's both Linux and Windows (Cygwin) versions and it handles that sort of encoding, and the %xx type, very nicely. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11 AMD2400(32) 768Mb SUSE 10.0 | RPC600 129Mb RISCOS 3.6 | Falcon 14Mb TOS 4.02 AMD2600(64) 512Mb SUSE 10.0 | A4000 4Mb RISCOS 3.11 | STE 4Mb TOS 1.62 From MikeE at ster.invalid Thu Dec 8 07:09:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:10:03 2005 Subject: [SpamCop-List] Re: phishing or virus? References: Message-ID: John Smith wrote: > This spam seems to link to a PDF file (which has probably already been > removed by the webmaster). Is it phishing, a virus, or something else? Not .pdf, which would be a 'portable document format' developed by Adobe, but .pif which is an executable 'program information file' developed by TopView, extended by DesqView, and dominated by MicroSoft You should make yourself a mental list of all of the 'dangerous' or executable file extenders .bat .com .pif .exe .scr .lnk .cmd and also enable your system to be able to see all the extenders. Such file extensions are typically dangerous to clickon. www.spamcop.net/sc?id=z838211460zc5e8b37e973105a86e8035ba50a34d64z The html was designed to make the link look like it was going to http://www.THE-ADDRESS-OF-THE-SPAMCOP-REPORTER@cellectivity.com/confirm.php?account=cellectivity.com but instead it was going to the .pif file named Confirmation_Sheet.pif at 84.94.228.177 rDNS 84.94.228.177.static.012.net.il The words say "According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons. [...] After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience." I can't get the payload with my GET function. You don't have permission to access /~nesher/Confirmation_Sheet.pif on this server. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 07:28:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Borgholio wrote: > Geoffrey Hyde wrote: www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z >> >> OK this is getting ridiculous. I keep getting failure messages due >> in part to an improperly configured listserver which contain news >> messages I've posted somewhere. Can you figure out where you posted the message? >> This is to me a spam email, as >> there is NOTHING, I repeat, NOTHING that I can do about it. Part of the problem with reporting this is that what you received is not /exactly/ a misdirected bounce, as you were the 'originator' of the message which bounced -- except that you didn't send your message to the server which bounced it, but I think you are saying you sent it to a newsserver somewhere. The 'offending' server is actually a linux group's server news-gateway@lugnet.com >> Do I report this as a spam item or what? I would like for the >> listserver owner to be notified so they can fix this problem with >> their listserver, however, that doesn't seem likely unless I can pin >> down the reason it is listing me as the original sender. >From my reading of it, you /are/ the original sender -- but [perhaps] to a newsgroup, not an email recipient. But, I can't find the original newsgroup posted item, so perhaps it was posted to a webforum or something like that. >> It is currently sitting unreported on the above tracker URL. If >> deputies would like to submit it as a spam to someone in particular, >> please do so. I think it would be more worthwhile to figger out what is going on here than report the 'innocent' server which received something which it shouldn't have received. > Misdirected bounces ARE considered spam by Spamcop and should be > reported. I get dozens per day...sometimes after a virus swarm or > spam swarm I wake up with hundreds in my box. I report them all. This isn't a 'normal' misdirected bounce. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 07:53:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 10:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: www.spamcop.net/sc?id=z838045406z81bbbf9b881010fbd41626d417d73586z > > OK this is getting ridiculous. I keep getting failure messages due > in part to an improperly configured listserver which contain news > messages I've posted somewhere. Now I remember. We had a discussion about this in late Sep early Oct There are some missing pieces in the thread here: http://news.spamcop.net/pipermail/spamcop-list/2005-October/105110.html Newsgroups: spamcop Subject: Re: What the blazes happened here? Date: Fri, 30 Sep 2005 07:14:04 -0700 ..but I still have my copies, which show some initial confusion which I eventually straightened out. At that time I was able to access the lugnet.robotics system. The gist is that there is a webforum integrated with an nntp newsserver and the webforum is also integrated with a mailing list -- so people can signup to have the forum posts [which are also news posts] mailed to them. You post to the nntp newsserver using a good addy. That post gets mailed to a mailing list recipient whose server bounces your item, for whatever reason. That isn't the bouncing server's fault. That is the fault of the way the lego robotics system is configured. > This is to me a spam email, as there > is NOTHING, I repeat, NOTHING that I can do about it. What you should do is use an invalid addy in your postings to that group or newsserver. Which I said back then. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 08:08:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 11:10:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > The 'offending' server is actually a linux group's server > news-gateway@lugnet.com Not linux -- lego and lego robotics http://www.lugnet.com/ http://news.lugnet.com/ LUGNET News Server Server: lugnet.com News-by-mail -- Mail Setup subscribe to any group as a mailing list. Here's the message which you posted corresponding to the tracker item http://news.lugnet.com/robotics/?n=24691 Subject: Re: New contest Author: Geoffrey Hyde Newsgroups: lugnet.robotics Date: Thu, 8 Dec 2005 00:33:30 GMT It would appear to have a munged From and Reply-To -- but I can't tell everything I need to tell from your tracker which replaces some parts with 'x' Somehow your mungeing doesn't prevent the recipient of the mailing list which your news posts feeds into from bouncing your news2mail post back to you. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 08:13:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 11:15:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > It would appear to have a munged From and Reply-To Au contraire -- you do *NOT* have a munged From. Here is the original -- the mungeing only shows on the html version; the original format as you posted shows your good email From clearly http://news.lugnet.com/news/raw.cgi?lugnet.robotics,24691 You should configure your newsreader to put an invalid address into the >From [and reply-to] for that newsserver. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 09:03:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 12:05:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > Here's the message which you posted corresponding to the tracker item > http://news.lugnet.com/robotics/?n=24691 > > Subject: Re: New contest > Author: Geoffrey Hyde > Newsgroups: lugnet.robotics > Date: Thu, 8 Dec 2005 00:33:30 GMT I can also access your message with its unmunged From on the newsserver lugnet.com if I use port 1119, as its port 119 doesn't work for me. Newsgroups: lugnet.robotics Subject: Re: New contest Message-ID: Date: Thu, 8 Dec 2005 00:33:30 GMT The lugnet terms of use here http://www.lugnet.com/admin/terms/agreement in items #3 & 4 would seem to prohibit posting unless there is a human decipherable good email address in the From -- but antispam mungeing is permitted. There's also some 'research material' about the interface here: "Mailing list format - Note: The lugnet.robotics newsgroup and the lugnet.robotics@lugnet.com mailing lists are gatewayed with the lego-robotics@crynwr.com mailing list. (See Russell Nelson's LEGO Mindstorms Internals webpage http://www.crynwr.com/lego-robotics/ for more details about the lego-robotics@crynwr.com mailing list or how to unsubscribe from it.)" http://news.lugnet.com/robotics/ -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Dec 8 13:02:39 2005 From: nobody at spamcop.net (John Anderson) Date: Thu Dec 8 14:05:04 2005 Subject: [SpamCop-List] Spamcop is not accepting my password! Message-ID: I have been trying to sign in with my registered password, but spamcop keeps asking for something else, does not accept the one I have registered. John Anderson From spam_hjp at yahoo.com Thu Dec 8 14:10:01 2005 From: spam_hjp at yahoo.com (Jim) Date: Thu Dec 8 14:15:03 2005 Subject: [SpamCop-List] Re: Spamcop is not accepting my password! In-Reply-To: References: Message-ID: > http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats shows it as being down From tmcgraw at spamcop.net Thu Dec 8 11:10:34 2005 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Dec 8 14:15:09 2005 Subject: [SpamCop-List] Re: Spamcop is not accepting my password! In-Reply-To: References: Message-ID: I'm getting "No user found for input: tmcgraw" and resetting pswd does not generate a new pswd by email... but I am able to log into my web mail inbox. John Anderson wrote: > I have been trying to sign in with my registered password, but > spamcop keeps asking for something else, does not accept > the one I have registered. > > John Anderson From snowbat at geocities.com Thu Dec 8 17:46:27 2005 From: snowbat at geocities.com (Snowbat) Date: Thu Dec 8 14:50:02 2005 Subject: [SpamCop-List] Re: Submiting Via Yahoo Mail References: Message-ID: Steven Maesslein wrote: > On Tue, 6 Dec 2005 13:24:53 +0000 (UTC), Canopus coughed into spamcop > and left this in : > >> By using my mail client configured to connect to Yahoo Mail using pop3 to >> send spam.......... > > Bzzzzzzzzzzzzt. > > POP3 is used for *receiving* mail, not sending it. Not always - XTND XMIT is supported by one of the three POP3 servers I use. http://musicm.mcgill.ca/msi/http/pop3xtndxmit.html From MikeE at ster.invalid Thu Dec 8 12:41:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 15:45:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: posted to .spam and spamcop, f/ups to spamcop Robert Williams wrote: > Here is what I get out of the header: Your message is badly deformatted by the wrapping and extra EOLs. It would be helpful to me if you would post a *TRACKER* /not/ a spam, of a 'normally' parsing spam in reply to this message without changing the newsgroup back to .spam so that I can see what your normal headers look like. -- Mike Easter kibitzer, not SC admin From RobertW at danjonengineering.com Thu Dec 8 13:10:19 2005 From: RobertW at danjonengineering.com (Robert Williams) Date: Thu Dec 8 16:15:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Ok, Mike, here is a Tracker: http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 "Mike Easter" wrote in message news:dna5ol$l4d$1@news.spamcop.net... > posted to .spam and spamcop, f/ups to spamcop > > Robert Williams wrote: > > Here is what I get out of the header: > > Your message is badly deformatted by the wrapping and extra EOLs. > > It would be helpful to me if you would post a *TRACKER* /not/ a spam, of > a 'normally' parsing spam in reply to this message without changing the > newsgroup back to .spam so that I can see what your normal headers look > like. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Thu Dec 8 13:26:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 16:30:04 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Robert Williams wrote: > Ok, Mike, here is a Tracker: > > http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 Well, we're getting closer. That reportid link can be used by *you* -- but not by me -- to access the /real/ tracker. The way you could give me/us a tracker out of that reportid would be for you to access that reportid, and at the very top of the spam with headers which only you can see is a link called 'Parse'. That 'Parse' link is the tracker I/we need. You can right click it and copy it and paste it in here, or you can click it and then copy the tracker url from the addressline of your browser. If I click on your link [converted from a members only link] -- I would get what you would get if you click on this link http://www.spamcop.net/mcgi?action=gettrack&reportid=1577656720 It doesn't work for you to click on a reportid as above which is only for me, and it doesn't work for me to click on a reportid which is only for you. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 8 13:34:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 16:35:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Mike Easter wrote: > Robert Williams wrote: >> Ok, Mike, here is a Tracker: >> >> http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 > > Well, we're getting closer. That reportid link can be used by *you* > -- but not by me -- to access the /real/ tracker. Oh, I forgot to mention. Here's the format of a real tracker http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz After the id= comes the unique coding for the parse, consisting of 2 'z' segments. The first z field is a 9 digit decimal number; the 2nd z field is a 32 digit hexadecimal number A reportid link is 'just' a 10 digit decimal after the reportid= -- Mike Easter kibitzer, not SC admin From RobertW at danjonengineering.com Thu Dec 8 13:50:06 2005 From: RobertW at danjonengineering.com (Robert Williams) Date: Thu Dec 8 16:55:03 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Sorry about that, I somehow had a feeling I was supposed to click the Parse link. Anyways, http://members.spamcop.net/sc?id=z838364690zf1b826e68318eb9ee341bae5588d527az This should give you some idea of what my headers normally look like. "Mike Easter" wrote in message news:dna8t2$nbv$1@news.spamcop.net... > Mike Easter wrote: > > Robert Williams wrote: > >> Ok, Mike, here is a Tracker: > >> > >> http://members.spamcop.net/mcgi?action=gettrack&reportid=1579621535 > > > > Well, we're getting closer. That reportid link can be used by *you* > > -- but not by me -- to access the /real/ tracker. > > Oh, I forgot to mention. Here's the format of a real tracker > > http://www.spamcop.net/sc?id=z837472390z84b14efb1dea6cc026aab5999e35323bz > > After the id= comes the unique coding for the parse, consisting of 2 'z' > segments. > > The first z field is a 9 digit decimal number; the 2nd z field is a 32 > digit hexadecimal number > > A reportid link is 'just' a 10 digit decimal after the reportid= > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Thu Dec 8 14:20:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 17:20:02 2005 Subject: [SpamCop-List] Re: Old E-Mail??? References: Message-ID: Robert Williams wrote: > http://members.spamcop.net/sc?id=z838364690zf1b826e68318eb9ee341bae5588d527az > > This should give you some idea of what my headers normally look like. Okey dokey thanks. Oh, I see. You don't have anything to do with cleartel. I misinterpreted something that SC said in the verbose^1 and tho't it cleartel had something to do with you. It isn't the first time I have misunderstood something SC sez about a mailhost. ^1 "Hostname verified: mail.cleartel.net" In that case, I will revise my earlier abbreviated headers of the item this all started wtih. Abbreviated Received lines *comment from mail.cleartel.net ([206.72.209.41]) by server1.DANJONENGINEERING.LOCAL *sourceline vs relay output from [206.72.209.49] (helo=mail.4-serv.com) by mail.cleartel.net *timestamp 17d, bogushelo, ?bogusline vs sourceIP from 4technology.net ([90.66.225.30]) by mwcp.4technology.net *bogusline >From a human parser's point of view, the notified source would be albany.net for cleartel in any case, it is just a matter of whether you want to say the source IP is the cleartel output server or a userIP behind it. The server IP is also listed in PSBL, which gives evidence which looks like your spamitem, ie the same IP 'behind' the server and the same 'modus' of a bogus helo in that line. http://psbl.surriel.com/evidence?ip=206.72.209.41&action=Check+evidence I personally think the problem is an insecurity between 206.72.209.49 & its server -- that the spam may be being injected at .49 and going out thru' the server 'belatedly' [getting stuck there] and getting the timestamp discrepancy. The other possibility is that the server is insecure and the timestamp problem line is bogus. It is worse for the server to be listed than the user IP, because the server is the #1 output server for the cleartel. -- Mike Easter kibitzer, not SC admin From not at home.today Thu Dec 8 23:35:22 2005 From: not at home.today (Ant) Date: Thu Dec 8 18:40:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: "Redstone" wrote: > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. Create an html document as shown below, paste the encoded text into the form window, and press "Decode" as many times as needed to get clear text. Will unscramble hex values coded with "\x" or "%". (thanks to Spamless for the idea)

From g.hyde at bigpond.net.au Fri Dec 9 09:53:17 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Dec 8 18:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dn9ksf$aqo$1@news.spamcop.net... > Geoffrey Hyde wrote: >> This is to me a spam email, as there >> is NOTHING, I repeat, NOTHING that I can do about it. > > What you should do is use an invalid addy in your postings to that group > or newsserver. Which I said back then. Which would do nothing but infuriate some poor random user somewhere who does get my message due to the server not figuring out who it should go to. The worst case scenario is that nobody gets it and nobody does anything about it and it just fills up some mailbox somewhere until a human administrator examines it and determines it was my munged from address that filled the mailbox up in the first place, so cancels my account. I don't need unexpected account cancellations thank you very much, Mr. Easter. So I would really prefer to leave things unmunged - spammers may have my address but they WILL get reported. Unfortunately, the only possible resolution here is if the .pk server wakes up and stops bouncing listserver email to places that a human observer could quite easily see it should NOT go to. And why, of all places, does it have to be .pk - or Pakistan? Because everyone elsewhere seems to know how to properly configure their mailserver in order to avoid misdirected bounces like this one. If I could, I'd have it SC reported to admin@lugnet.com, since you seem to have identified them as the listserver owner. I'm pretty sure this spam email is breaking more than a few RFC protocols. If the mailserver at lugnet is the sender, it should be the recipient, or at the very least the Reply-to:, which it isn't. Cheers ... Geoffrey Hyde From mwnospam at comcast.net Thu Dec 8 18:59:29 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 8 19:00:03 2005 Subject: [SpamCop-List] Spamcop and Comcast Message-ID: Is Comcast using Spamcop to screen email for Spam? If not, should I lobby Comcast to do so? Thanks From vanguard.code at comcastNIX.net Thu Dec 8 18:20:31 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Thu Dec 8 19:25:03 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "spamacyde" wrote in message news:dnahco$st7$1@news.spamcop.net... > Is Comcast using Spamcop to screen email for Spam? If not, should I lobby > Comcast to do so? SpamCop is considered, even amonst the DNSBLs, as an aggressive blacklist. ISPs might add some spam filtering but they don't want to be overly aggressive. They would get far more angry complaints from their customers regarding lost "good" mails (false positives) than for spam that got past the ISP's filter. Comcast uses Brightmail for spam filtering. Read http://www.comcast.com/Support/Corp1/FAQ/FaqDetail_1560.html. Lobbying Comcast to make changes won't work. Never has. Ever use their webmail interface to your mail account. Sucks. As yet, and after many years of repeated asking, they still don't let users define server-side rules to get rid of spam so the user doesn't have to waste CPU cycles and bandwidth to get rid of unwanted messages, or even to let webmail-only customers organize their e-mails. From usenet2 at DE.LETE.THISljvideo.com Fri Dec 9 00:43:40 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Dec 8 19:45:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: Waiving the right to remain silent, "Vanguard" said: > "spamacyde" wrote in message > news:dnahco$st7$1@news.spamcop.net... >> Is Comcast using Spamcop to screen email for Spam? If not, >> should I lobby Comcast to do so? > > > SpamCop is considered, even amonst the DNSBLs, as an aggressive > blacklist. ISPs might add some spam filtering but they don't > want to be overly aggressive. They would get far more angry > complaints from their customers regarding lost "good" mails > (false positives) than for spam that got past the ISP's filter. My mailhost, Futurequest, allows the use of SpamCop's BL, but recommends against it for those reasons. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "I've come here to enjoy nature. Don't talk to me about the environment!" - 'Denny Crane' From MikeE at ster.invalid Thu Dec 8 17:43:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 8 20:45:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> Geoffrey Hyde wrote: >>> This is to me a spam email, as there >>> is NOTHING, I repeat, NOTHING that I can do about it. >> >> What you should do is use an invalid addy in your postings to that >> group or newsserver. Which I said back then. > > Which would do nothing but infuriate some poor random user somewhere > who does get my message due to the server not figuring out who it > should go to. Your message is going to appear on the newsserver and the webforum and the mailing list. What do you mean 'get my message not figuring out who it should go to'? The mailing list recipients are those who sign up for lugnet.robotics. If this scenario unfolds in which a mailing list recipient's mailbox server wants to belatedly bounce to a From, the belated bounce would be emailed to an invalid addy, which goes nowhere. >The worst case scenario is that nobody gets it and > nobody does anything about it and it just fills up some mailbox > somewhere until a human administrator examines it and determines it > was my munged from address that filled the mailbox up in the first > place, so cancels my account. That scenario doesn't work at all. And antispam mungeing is expected and normal behavior -- antispam mungeing of a From doesn't cause you adverse effects. > I don't need unexpected account cancellations thank you very much, Mr. > Easter. So I would really prefer to leave things unmunged - spammers > may have my address but they WILL get reported. You are reporting a server which is doing nothing wrong. That is *not* a good scenario. It is arguably bad reporting by spamcop, which /can/ get you in trouble. > Unfortunately, the only possible resolution here is if the .pk server > wakes up and stops bouncing listserver email to places that a human > observer could quite easily see it should NOT go to. The .pk server is receiving a mail which was posted by you, with your >From and belatedly bouncing it to you. That is not /exactly/ misdirected. The problem is that you are intereacting with a system which is causing that to happen. Using SpamCop as a bludgeon against the .pk server is not the same thing as using SC for 'normal' misdirected bounces. Normally misdirected bounces are bouncing an item to an abused forged From. In this case the bounces are going to the /real/ From, not a forged one.. > And why, of all places, does it have to be .pk - or Pakistan? Because > everyone elsewhere seems to know how to properly configure their > mailserver in order to avoid misdirected bounces like this one. If I > could, I'd have it SC reported to admin@lugnet.com, since you seem to > have identified them as the listserver owner. I think that lugnet needs to be dealing with this situation. It is their setup which is causing your news post to go flying around the mail system and causing trouble for mail servers. > I'm pretty sure this spam email is breaking more than a few RFC > protocols. If the mailserver at lugnet is the sender, it should be > the recipient, or at the very least the Reply-to:, which it isn't. Correct. The ideal situation would be that the lugnet process would be stamping the mail in a proper way, and that the .pk server would be rejecting a mail it can't deliver and that the rejection would be 'signalled' to the lugnet server, which should know if a mailing list recipient's mail isn't working properly. But, as a general rule, the advisability of your From being munged is an almost universal bit of advice. Very very few people think you should be posting to 'some' newsservers with an unmunged From. I can see that you use an unmunged From here, and this is a private newsserver like the lugnet one -- so maybe it is your conviction that this type of newsserver should get a real From -- so I can't argue strongly about that decision. I'm just saying that IMO this is not a normal spamcop misdirected bounce. It is not misdirected because it is directed at a true unforged From, not a bogus or forged From. So, if the bounce isn't misdirected, then it isn't reportable. I say that if you wish you can leave your addy unmunged for this newsserver, but you can't spamcop report the bounce which isn't misdirected. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Thu Dec 8 21:43:46 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Thu Dec 8 22:45:04 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "Larry J." wrote in message news:Xns9726B457777AEthefrogprince@216.154.195.61... > Waiving the right to remain silent, "Vanguard" > said: > >> "spamacyde" wrote in message >> news:dnahco$st7$1@news.spamcop.net... >>> Is Comcast using Spamcop to screen email for Spam? If not, >>> should I lobby Comcast to do so? >> >> >> SpamCop is considered, even amonst the DNSBLs, as an aggressive >> blacklist. ISPs might add some spam filtering but they don't >> want to be overly aggressive. They would get far more angry >> complaints from their customers regarding lost "good" mails >> (false positives) than for spam that got past the ISP's filter. > > My mailhost, Futurequest, allows the use of SpamCop's BL, but > recommends against it for those reasons. > > -- > Larry J. - Remove spamtrap in ALLCAPS to e-mail > > "I've come here to enjoy nature. Don't talk to me > about the environment!" - 'Denny Crane' Some ISPs (the smaller ones) might also give the user a sliding scale of aggressiveness so the user can configure what they are comfortable with for false positives (non-spam marked as spam) and false negatives (spam not detected as spam). My ISP's spam filter is sloppy but I like it that way. It pretty much guarantees that it doesn't have false positives. I've checked the Screened Mail (aka Junk) folder where the spam-tagged mails get moved (which is in a webmail folder on the server that gets emptied once a week) and I cannot recall ever seeing a false positive. However, it still does detect lots of spam that gets moved out of the Inbox and which local e-mail client never has to waste resources to download its headers and/or body. Think of like a mining sluice where the first mesh screens (i.e., server-side filters) are very coarse and only take out the big rocks and the last mesh filter (i.e., your client-side filters) take out the small-grained dirt so you are left with having to search through a lot less dross (i.e., spam) at the end of the chute. You want to scan the fine-grained stuff at the end of the chute rather than have to bother with all the obvious dross at the front end. If my ISP's spam filter were overly "tight" (lots of false positives), I would have to turn it off and waste the time to download it all to have my client-side spam filter get rid of the dross. When you fill your car's gas tank, do you want to insert a restrictive filter funnel into the spout and waste time with the slower funneling and filtering because the gasoline wasn't prefiltered? Even though the gasoline is prefiltered, are you really going to remove that fuel filter in your car's fuel line? Catch the big turds first to reduce the resources later needed to filter out the little turds. From caroljean52 at yahoo.com Thu Dec 8 20:31:11 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Thu Dec 8 23:35:03 2005 Subject: [SpamCop-List] [media] AvTech Direct fined $3 million for spamming Message-ID: $3 million in fines for spamming school district http://seattlepi.nwsource.com/local/251271_kcbriefs08.html From yea at right.com Thu Dec 8 20:34:48 2005 From: yea at right.com (Spaz) Date: Thu Dec 8 23:35:10 2005 Subject: [SpamCop-List] OEM Soft Store? Message-ID: I keep getting spam advertising Microsoft software at very cheap prices. I sent the email to piracy@microsoft.com and they emailed me back saying the link in the email didn't work and asked me to give them information from the website such as name, location, phone number and email address. The link worked for me and it took me to a website called OEM Soft Store. The spam email completely obfuscates the web address but once I got to the website, I got the following link. http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ Of course, the bastards give no location or contact information and they obfuscate all their web links. Does anyone have any info on these jerks? From uheep2 at comcast.net Thu Dec 8 23:45:09 2005 From: uheep2 at comcast.net (Alex Gitlin) Date: Thu Dec 8 23:50:04 2005 Subject: [SpamCop-List] Spam from China Message-ID: A lot of spam comes from China. What are the statistics like - are those spam reports we submit actually useful, are they paying off? (Or do the Chinese sysadmins simply ignore them?) So far I'm not seeing much improvement on the amount of spam coming in, but I've only been on Spamcop for a couple of weeks. Alex. From g.hyde at bigpond.net.au Fri Dec 9 16:04:28 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 01:10:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnanek$l7$1@news.spamcop.net... > Geoffrey Hyde wrote: >> "Mike Easter" >>> Geoffrey Hyde wrote: >>>> This is to me a spam email, as there >>>> is NOTHING, I repeat, NOTHING that I can do about it. >>> >>> What you should do is use an invalid addy in your postings to that >>> group or newsserver. Which I said back then. >> >> Which would do nothing but infuriate some poor random user somewhere >> who does get my message due to the server not figuring out who it >> should go to. > > Your message is going to appear on the newsserver and the webforum and > the mailing list. What do you mean 'get my message not figuring out who > it should go to'? The mailing list recipients are those who sign up for > lugnet.robotics. If this scenario unfolds in which a mailing list > recipient's mailbox server wants to belatedly bounce to a From, the > belated bounce would be emailed to an invalid addy, which goes nowhere. So you say. But then again, I came across a situation which would enable the recipient to see my email regardless of whether there was a valid address or not. >>The worst case scenario is that nobody gets it and >> nobody does anything about it and it just fills up some mailbox >> somewhere until a human administrator examines it and determines it >> was my munged from address that filled the mailbox up in the first >> place, so cancels my account. > > That scenario doesn't work at all. And antispam mungeing is expected > and normal behavior -- antispam mungeing of a From doesn't cause you > adverse effects. If I wanted it munged, yes. But I don't want it munged. QED. >> I don't need unexpected account cancellations thank you very much, Mr. >> Easter. So I would really prefer to leave things unmunged - spammers >> may have my address but they WILL get reported. > > You are reporting a server which is doing nothing wrong. That is *not* > a good scenario. It is arguably bad reporting by spamcop, which /can/ > get you in trouble. IF it is bad SC reporting, as you say, the SC admins will have to improve their servers to handle the problems. Their SC parser isn't built to handle listserver messages at all. And I wouldn't doubt that they could handle this problem somewhat differently IF they choose to. >> Unfortunately, the only possible resolution here is if the .pk server >> wakes up and stops bouncing listserver email to places that a human >> observer could quite easily see it should NOT go to. > > The .pk server is receiving a mail which was posted by you, with your > From and belatedly bouncing it to you. That is not /exactly/ > misdirected. Not quite, the headers don't properly indicate the From: field and I would say there is quite a bit of noncompliant header information in there. > The problem is that you are intereacting with a system which is causing > that to happen. Using SpamCop as a bludgeon against the .pk server is > not the same thing as using SC for 'normal' misdirected bounces. I am not the person asking it to send me an email message about a failure message triggered by another user. If you cannot see this, you cannot see that I see this as spam. Again, QED. (Unless you get a clue, and start reading things properly.) > Normally misdirected bounces are bouncing an item to an abused forged > From. In this case the bounces are going to the /real/ From, not a > forged one.. Or in this case, a From which has not been properly inserted in the headers of the email message, a From which should indicate the lugnet server as the origiator of the email, not me. Again, QED. >> And why, of all places, does it have to be .pk - or Pakistan? Because >> everyone elsewhere seems to know how to properly configure their >> mailserver in order to avoid misdirected bounces like this one. If I >> could, I'd have it SC reported to admin@lugnet.com, since you seem to >> have identified them as the listserver owner. > > I think that lugnet needs to be dealing with this situation. It is > their setup which is causing your news post to go flying around the mail > system and causing trouble for mail servers. Got that right. But how to convince you that this problem is something I can't do anything about, and is therefore spam? (QED, btw.) >> I'm pretty sure this spam email is breaking more than a few RFC >> protocols. If the mailserver at lugnet is the sender, it should be >> the recipient, or at the very least the Reply-to:, which it isn't. > > Correct. The ideal situation would be that the lugnet process would be > stamping the mail in a proper way, and that the .pk server would be > rejecting a mail it can't deliver and that the rejection would be > 'signalled' to the lugnet server, which should know if a mailing list > recipient's mail isn't working properly. You're getting warmer. And closer to the real problem at hand. But take this bit of advice with you when you examine these emails - I did not ask for the lugnet server to set me up as the Failure-notice recipient. Therefore, it is causing me to be spammed by the .pk mailserver. Spam. And, once again, QED. > But, as a general rule, the advisability of your From being munged is an > almost universal bit of advice. Very very few people think you should > be posting to 'some' newsservers with an unmunged From. I can see that > you use an unmunged From here, and this is a private newsserver like the > lugnet one -- so maybe it is your conviction that this type of > newsserver should get a real From -- so I can't argue strongly about > that decision. I'm just saying that IMO this is not a normal spamcop > misdirected bounce. It is not misdirected because it is directed at a > true unforged From, not a bogus or forged From. So, if the bounce isn't > misdirected, then it isn't reportable. I don't /want/ or /need/ an unmunged From: - why do I want one? You haven't answered that question at all, and unless you have something more concrete than not receiving stupid mailserver bounces, again, QED. > I say that if you wish you can leave your addy unmunged for this > newsserver, but you can't spamcop report the bounce which isn't > misdirected. I can if I think it is spam. And I've ample evidence, backed up by you, which will make further emails of this type be SC reported, unless SC fixes the parser to handle mailserver bounce messages. FWIW, the listserver protocol is probably very out-of-date, I still consider these to be spam messages, and by no means did I sign up anywhere for any of it. So you can take your "this isn't spam" and "this isn't spamcop reportable" and STUFF IT!! QED. Cheers ... Geoffrey Hyde From borgholio at storymind.com Thu Dec 8 22:48:33 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Dec 9 01:50:03 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: Alex Gitlin wrote: > A lot of spam comes from China. What are the statistics like - are those > spam reports we submit actually useful, are they paying off? (Or do the > Chinese sysadmins simply ignore them?) So far I'm not seeing much > improvement on the amount of spam coming in, but I've only been on Spamcop > for a couple of weeks. > > Alex. > > Terrible. I have a blacklist that blocks the whole damn country, and I've never seen even one legit email get caught...probably because there isn't any such thing. :) From yea at right.com Thu Dec 8 23:09:33 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 02:10:03 2005 Subject: [SpamCop-List] I want more spam! Message-ID: I'm creating a database of spam messages but I only get 3-6 spams about every other day. What's the best way for me to get on a good spam list? I'm going to set up a special email address just for spam. From yea at right.com Thu Dec 8 23:13:17 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 02:15:03 2005 Subject: [SpamCop-List] Re: [media] AvTech Direct fined $3 million for spamming References: Message-ID: Cool! How do I get on their spam list? If they have that kind of money, I want to sue them too! "caroljean52" wrote in message news:dnb1ah$602$1@news.spamcop.net... > $3 million in fines for spamming school district > http://seattlepi.nwsource.com/local/251271_kcbriefs08.html > > From porpoise1954 at yahoo.co.uk Fri Dec 9 08:37:11 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 9 03:40:03 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: Message-ID: "Justin" wrote in message news:dnbbuf$bgm$1@news.spamcop.net... over in spamcop.spam. As they don't give a web address where you can go and see their product catalogue/contact details etc., I would say it is most likely a scam - or they don't have a clue on how to conduct business........ From joseph_k at invalid.com Fri Dec 9 02:06:24 2005 From: joseph_k at invalid.com (Joseph_K) Date: Fri Dec 9 05:10:28 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: On Thu, 8 Dec 2005 20:34:48 -0800, "Spaz" wrote: >I keep getting spam advertising Microsoft software at very cheap >prices. I sent the email to piracy@microsoft.com and they emailed >me back saying the link in the email didn't work and asked me to >give them information from the website such as name, location, phone >number and email address. The link worked for me and it took me to a >website called OEM Soft Store. The spam email completely obfuscates >the web address but once I got to the website, I got the following >link. > >http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ Forward this still working URL to them. You have done your part. If they cannot do their own leg work, well.... -- ---------+---------+---------+---------+---------+---------+---------+ Joseph K Seattle, WA, USA From 96q7vwa02 at sneakemail.com Fri Dec 9 01:10:27 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 05:15:13 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: Message-ID: "Porpoise" wrote in message news:dnbfpt$dph$1@news.spamcop.net... > > "Justin" wrote in message > news:dnbbuf$bgm$1@news.spamcop.net... > over in spamcop.spam. > Not most likely but absolutely it is spam. Variation of the 419 variety Fred k. From nobody at nowhere.invalid Fri Dec 9 11:51:00 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 9 05:55:07 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and left this in : > Terrible. I have a blacklist that blocks the whole damn country, and I've > never seen even one legit email get caught...probably because there isn't > any such thing. :) Ditto here. You can say the same for all of APNIC space except Australia and New Zealand. Most of it *isn't* in the local BL here - because it's in the firewall. There's no point allowing the connection to happen and an instance of sendmail to be started when I know full well it's going to be spam knocking on my door, so I don't even allow these areas access to my port 25. Saves CPU cycles and allows the machine to get on with more useful tasks. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From MikeE at ster.invalid Fri Dec 9 06:57:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 10:00:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> antispam mungeing of a From doesn't cause you >> adverse effects. > > If I wanted it munged, yes. But I don't want it munged. QED. I'm not trying to /convince/ you to munge your From -- I believe that it is your 'right' to maintain a good From, and I support the arguments of those who argue for using a good From instead of mungeing it. Normally the reasons for mungeing the From are to counteract the effect of addresses harvesters which scrape the From addies from the overview. In this case I suggested or recommended mungeing the From because you are posting into a system which you and I both know is going onto a webforum board which /does/ munge your From automatically as an antispam measure and is also going out a mailing list which is causing you to be receiving belated bounces addressed to your From. Which belated bounces are *not* misdirected in terms of spamcop reportability. >> You are reporting a server which is doing nothing wrong. That is >> *not* a good scenario. It is arguably bad reporting by spamcop, >> which /can/ get you in trouble. > > IF it is bad SC reporting, as you say, the SC admins will have to > improve their servers to handle the problems. There are several SC 'strategies' to prevent problems. One of the strategies is to make rules for the reporters. For example, there are rules about not reporting mailing list spam, unless you are reporting it as the mailing list admin. Another rule used to be to not report misdirected bounces. Now, the rules have been changed to allow reporting of a misdirected bounce which are received as a consequence of a forged or bogus From. But this situation we are discussing isn't covered precisely in the rules as written. What I'm saying is that your situation is closer to being that of a problem caused by a mailing list condition, which you are not supposed to report. What I'm also saying is that your situation is *not* that of receiving a misdirected bounce due to a forged or bogus From, because the bounce you are receiving is not misdirected because it /is/ your From. > Their SC parser isn't > built to handle listserver messages at all. The SC rules are that you aren't supposed to report mailing list spam. > Not quite, the headers don't properly indicate the From: field and I > would say there is quite a bit of noncompliant header information in > there. There is a big problem for mailservers to handle all of the different varieties of headers which mailing lists present to them. I'm going to give one example further down. >> The problem is that you are intereacting with a system which is >> causing that to happen. Using SpamCop as a bludgeon against the .pk >> server is not the same thing as using SC for 'normal' misdirected >> bounces. > > I am not the person asking it to send me an email message about a > failure message triggered by another user. You are [indirectly] sending to a mailing list. Receiving unwanted items as a result of 'misadventures' of mailing list traffic is not spamcop reportable. As a personal example: I belong to a DShield mailing list whose headers I'll talk about below. I have received 'out of office' bounces because of that mailing list. I do *NOT* report such an outofoffice bounce as spam to the spamcop system because the bounce is a 'manifestation' of my mailing list 'condition'. While it is true that I shouldn't have gotten the bounce and while it is also true that we have 'discussed' in the list the potential for outofoffice responders to get themselves spamcop reported, I didn't find what I received to be an appropriate report. > If you cannot see this, > you cannot see that I see this as spam. It is /definitely/ not a 'spam' by definition. It is an unwanted mail. It is a bounce of your own mail to a mailing list. > (Unless you get > a clue, and start reading things properly.) We are disagreeing about the interpretation of the reportability. >> Normally misdirected bounces are bouncing an item to an abused forged >> From. In this case the bounces are going to the /real/ From, not a >> forged one.. > > Or in this case, a From which has not been properly inserted in the > headers of the email message, a From which should indicate the lugnet > server as the origiator of the email, not me. You are mistaken. It is 'normal' and acceptable for mailing list items to maintain the From of the sender. There are many many different ways for mailing list headers to contain information. Perhaps we should start a subthread and discuss that, but I'm going to show one example below. >> I think that lugnet needs to be dealing with this situation. It is >> their setup which is causing your news post to go flying around the >> mail system and causing trouble for mail servers. > > Got that right. But how to convince you that this problem is > something I can't do anything about, and is therefore spam? (QED, > btw.) It is not spam. It is a bounce of your contribution to a mailing list. What we agree on is that it is unwanted and that the bounce should be going to the lugnet server and not you. > I > did not ask for the lugnet server to set me up as the Failure-notice > recipient. There isn't an official 'failure-notice' condition here. > Therefore, it is causing me to be spammed by the .pk > mailserver. Not spammed > I don't /want/ or /need/ an unmunged From: - why do I want one? OK. I won't argue about that with you. >> I say that if you wish you can leave your addy unmunged for this >> newsserver, but you can't spamcop report the bounce which isn't >> misdirected. > > I can if I think it is spam. Not spam. We are currently discussing if such a report is against the rules because it pertains to mailing list problems and also that it is not included in the rules because it is not a misdirected bounce. It is definitely not spam. Now I'm here at the bottom and I'll mention one mailing lists headers. My gmail address subscribes to the dshield list. The dshield list goes to my gmail which is forwarded to my earthlink address. I'll leave out the headers that involve the forwarding and truncate the various other headers here. From: Subscriber's address To: "'General DShield Discussion List'" Sender: list-bounces@lists.dshield.org Errors-To: list-bounces@lists.dshield.org If a list someone's outofoffice were misconfigured and my addy were in the From and I got the outofoffice bounce, I would not report it, because it is a consequence of my involvement with a mailing list. There are many other variations of the above headers of mailing list items. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Fri Dec 9 18:59:41 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Dec 9 10:00:11 2005 Subject: [SpamCop-List] Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! Message-ID: Aren't I privileged?. If you are really keen on reading this PHISH here's a tracker. http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez But honestly, don't bother. From MikeE at ster.invalid Fri Dec 9 07:26:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 10:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Mike Easter wrote: > It is not spam. It is a bounce of your contribution to a mailing > list. > > What we agree on is that it is unwanted and that the bounce should be > going to the lugnet server and not you. > There are many other variations of the above headers of mailing list > items. Here are the headers of the item to the .pk university server nu.edu.pk [namely National University of Computer and Emerging Sciences which has campuses at Islamabad, Karachi, Lahore, and Peshawar] From: Geoffrey Hyde [unmunged] Sender: news-gateway@lugnet.com Reply-To: Geoffrey Hyde [munged] To: funky addy at nu.edu.pk Subject: Re: New contest When you report such an item, you list the .pk university server. That isn't what SC wants to be doing. Naturally the item should be rejected during the transaction or if newmailed, it should be newmailed to the Sender. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Dec 9 07:43:05 2005 From: nobody at spamcop.net (Antispam Knight) Date: Fri Dec 9 10:45:03 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: "Redstone" wrote in message news:Xns9726C63D293Dtinlc@216.154.195.61... > I'm curious to know exactly what kind of code "\x" is. > > The spammer who hides behind Geocities sites appear to be using this type > of code as means to hide the final site. > > It is coded in this manner: "\x[hex number]" > > Sort of like this: "....\x76\x61\x72\x25\x32\x30\x74\..." > > I've tried digging around but Gargle doesn't give me much of anything > meaningful I can use for decrapting this. > I just paste it into notepad, go to the beginning of the file, hit "replace" or ctrl-h. In the "find" window, type in \x, in the "replace with" window type in %. Open a browser window at http://scriptasylum.com/tutorials/encdec/encode-decode.html and paste the decoded script from notepad into the right window above, and hit the arrow pointing to the left (<-). Paste the unescaped string in the left window into notepad (I paste it right below the original % script). Do a search for http (this will tell you win what directory the URL resides (ie. you might find http:http%3A//fix.%27%3B%0D%0A... which tells you that the spamvertised sites will all be of the form http://fix.someurl.com). Now go back to the beginning of this long string and do a search for .com. Each hit will be one of the spamvertised sites. This spammer used to use about 10-20 different sites per geocities webpage. The script alternates between all of them, one at a time. It changes each time one visits or refreshes the geocities site. Lately, he's been using 2-4 addresses per geocities webpage. All of the final sites above which I have uncovered, resolve to : 222.168.100.164 218.12.197.160 222.60.14.176 222.60.14.175 218.106.35.211 218.104.136.188 222.168.100.163 218.106.35.213 and maybe a few others I've overlooked. All of the whois data is with BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN. Almost all of the data is bogus, and has been reported. I have yet to see the registrar nuke any of the literally hundreds I have reported, and a complaint has been filed with ICANN, for all the good it'll do. Hope this data helps someone. AK From nobody at spamcop.net Fri Dec 9 10:56:02 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 11:00:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > Is Comcast using Spamcop to screen email for Spam? If not, should I > lobby Comcast to do so? > > Thanks No. I suggest that you use SpamPal if you have Comcast (I do). Brightmail sucks donkey balls. From nobody at spamcop.net Fri Dec 9 10:56:39 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 11:00:09 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: Spaz wrote: > I'm creating a database of spam messages but I only get 3-6 spams > about every other day. What's the best way for me to get on a good > spam list? I'm going to set up a special email address just for spam. Are you off your meds or what?!? Want mine? From nospam at nospam.com Fri Dec 9 09:59:57 2005 From: nospam at nospam.com (Justin) Date: Fri Dec 9 11:00:15 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: References: Message-ID: <4399A9FD.8080806@nospam.com> Fred K. wrote: > "Porpoise" wrote in message > news:dnbfpt$dph$1@news.spamcop.net... >> "Justin" wrote in message >> news:dnbbuf$bgm$1@news.spamcop.net... >> over in spamcop.spam. >> > Not most likely but absolutely it is spam. Variation of the 419 variety > > Fred k. > > Yeah I am thinking about playing along with this spam just to have a little bit of fun with this spammer any ideas on some things i could do . From jg at coks.net Fri Dec 9 08:12:45 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:03 2005 Subject: [SpamCop-List] meds spam Message-ID: http://www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z Been getting a flood (for me) of these sourced by various blackhat networks with spamverts hosted by comcor. I am unable to get any info on these sites beyond comcor - are all these /originating/ from ru? Or is the spammer able to bury his id - I'm tinking he's in the U.S. somewhere but am missing something (or am wrong on that...) From jg at coks.net Fri Dec 9 08:15:31 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:09 2005 Subject: [SpamCop-List] x- line in header question... Message-ID: http://www.spamcop.net/sc?id=z838748053z80e0379c1c062b745f52a2dbf306449cz One of the header lines relates to pgp - whats with this? From jg at coks.net Fri Dec 9 08:17:08 2005 From: jg at coks.net (jg) Date: Fri Dec 9 11:15:15 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast In-Reply-To: References: Message-ID: On 12/9/2005 7:56 AM indigo scribbled: > No. I suggest that you use SpamPal if you have Comcast (I do). Brightmail > sucks donkey balls. > > pretty descriptive... From MikeE at ster.invalid Fri Dec 9 08:38:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 11:40:03 2005 Subject: [SpamCop-List] Re: x- line in header question... References: Message-ID: jg wrote: www.spamcop.net/sc?id=z838748053z80e0379c1c062b745f52a2dbf306449cz > > One of the header lines relates to pgp - whats with this? An X-line in a normal mail without forged headers has 'meaning' to something on one end or the other and are extemely variable in the type of information they might hold. An X-line in spam which is likely to contain forged headers may be a 'normal' xline with meaning to something on one end or the other, or it may be totally bogus. It is not normally a valuable expenditure of time to determine whether or not the spam's x-line is bogus or real, or if bogus why the spammer chose that bogosity, or if real what difference it makes. It is sometimes educational to research what an xline means when it is real, but that is an entirely different subject than what a similar xline means in a particular spamitem. A normal X-PGP-Key line is a means of the sender communicating something about their own pgp key information, such as where it can be found or what the keyid is. Normally a keyid is a hexadecimal value such as 0x0DC67BE6 or a fingerprint such as 295F A899 A81A 156D B522 48A7 6394 F08A 0DC6 7BE6 or a location on a website or keyserver This value is OjoHgrn2KwN72f30YIaihLzpcOeQF2gZIqAayYyVkj8IdztndJfi4nTakkz4Xanm which I don't recognize and wouldn't spend much time trying to decipher. -- Mike Easter kibitzer, not SC admin From devnull at spamcop.net Fri Dec 9 11:15:53 2005 From: devnull at spamcop.net (Frog Prince) Date: Fri Dec 9 11:40:11 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Spaz" wrote in message news:dnb1h7$618$1@news.spamcop.net... | I keep getting spam advertising Microsoft software at very cheap prices. I sent the email to | piracy@microsoft.com and they emailed me back saying the link in the email didn't work and asked me | to give them information from the website such as name, location, phone number and email address. | The link worked for me and it took me to a website called OEM Soft Store. The spam email completely | obfuscates the web address but once I got to the website, I got the following link. | | http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ | | Of course, the bastards give no location or contact information and they obfuscate all their web | links. Does anyone have any info on these jerks? Speaks well for MS technical ability ... can't even do the leg work necessary to protect their products/market. From nobody at spamcop.net Fri Dec 9 10:16:51 2005 From: nobody at spamcop.net (Ellen) Date: Fri Dec 9 11:55:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Steven Maesslein" wrote in message news:slrndpiock.52e.nobody@127.0.0.1... > On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and > left this in : > > > Terrible. I have a blacklist that blocks the whole damn country, and I've > > never seen even one legit email get caught...probably because there isn't > > any such thing. :) > > Ditto here. You can say the same for all of APNIC space except Australia > and New Zealand. Most of it *isn't* in the local BL here - because it's > in the firewall. There's no point allowing the connection to happen and > an instance of sendmail to be started when I know full well it's going > to be spam knocking on my door, so I don't even allow these areas access > to my port 25. Saves CPU cycles and allows the machine to get on with > more useful tasks. > Well actually we *are* hearing from admins in China nowadays. This is a nice change. Of course, it is a large country (obviously) and the ones we are hearing from are cleaning up their little bits of it. So things are improving altho it may not be terribly obvious yet. Ellen From jg at coks.net Fri Dec 9 09:02:39 2005 From: jg at coks.net (jg) Date: Fri Dec 9 12:05:03 2005 Subject: [SpamCop-List] Re: x- line in header question... In-Reply-To: References: Message-ID: On 12/9/2005 8:38 AM Mike Easter scribbled: > This value is > OjoHgrn2KwN72f30YIaihLzpcOeQF2gZIqAayYyVkj8IdztndJfi4nTakkz4Xanm which I > don't recognize and wouldn't spend much time trying to decipher. > Thanks, Mike, I won't waste anymore time. Goodness, a bogusity - surprise... From MikeE at ster.invalid Fri Dec 9 09:06:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 12:10:03 2005 Subject: [SpamCop-List] Re: meds spam References: Message-ID: jg wrote: www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z The tracker has a verbose. The verbose says about the source 220.116.205.97 listed in cbl.abuseat.org 220.116.205.97 is an open proxy Administrator of network where email originates abuse@kornet.net > I am unable to get any info on these sites beyond comcor - are all > these /originating/ from ru? What do you mean, exactly? Originating as in spamsource? When an item is spamsourced from an open proxy you can't tell who was manipulating and injecting the spam behind the proxy. Originating as in who is 'behind' the spamvertiser domainname? The IP of the spamvertiser is spamhaused as an SBL here http://www.spamhaus.org/SBL/sbl.lasso?query=SBL35314 Your current item is named zanozav.com which is reg'd in whois.nic.ru like this: Contact Name: Yulia A Fridman Contact Organization: Yulia A Contact Street1: 87, 188 Tallinkskaya Contact City: Moscow which is similar to the spamhaus information > Or is the spammer able to bury his id - I'm tinking he's in the U.S. > somewhere but am missing something (or am wrong on that...) Using terms like 'spammer' and 'from' is ambiguous. We have spamvertisers which are domainnames for the URL at a website provider, and we have spamsources which are sourced at a provider and which are often open proxies or trojans. We can notify the source and/or webspace providers or not. We can notify an interested agency or not. We can be vigilantes or not. We can notify appropriate upstream adjacencies or not. We can sleuth around and try to guess at the meatspace identities behind or orchestrating a particular spam 'type' or not. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Fri Dec 9 17:21:44 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Fri Dec 9 12:25:03 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: Berny wrote: > > But honestly, don't bother. > > Heh, I know what you mean. It's becoming so much S2D2 (Same Shit, Different Day). From jg at coks.net Fri Dec 9 09:24:10 2005 From: jg at coks.net (jg) Date: Fri Dec 9 12:25:09 2005 Subject: [SpamCop-List] Re: meds spam In-Reply-To: References: Message-ID: On 12/9/2005 9:06 AM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z838741156zb9b24d8ece5e8396630e8913038e2c99z > > The tracker has a verbose. The verbose says about the source > abuse@kornet.net I know that is the source.... > >>I am unable to get any info on these sites beyond comcor - are all >>these /originating/ from ru? > > What do you mean, exactly? Originating as in spamsource? When an item > is spamsourced from an open proxy you can't tell who was manipulating > and injecting the spam behind the proxy. Originating as in who is > 'behind' the spamvertiser domainname? > > The IP of the spamvertiser is spamhaused as an SBL here > http://www.spamhaus.org/SBL/sbl.lasso?query=SBL35314 > > Your current item is named zanozav.com which is reg'd in whois.nic.ru > like this: > > Contact Name: Yulia A Fridman > Contact Organization: Yulia A > Contact Street1: 87, 188 Tallinkskaya > Contact City: Moscow > > which is similar to the spamhaus information > > >... try to guess at the meatspace identities behind or > orchestrating a particular spam 'type' or not. > I guess I was trying to guess at the "meatspace" (new term to me) - I just had the feeling it was somewhere outside ru space, it being so similiar to a spammer that was recently indicted in -?- So. Carolina... From 96q7vwa02 at sneakemail.com Fri Dec 9 08:28:53 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 12:40:03 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) References: <4399A9FD.8080806@nospam.com> Message-ID: "Justin" wrote in message news:4399A9FD.8080806@nospam.com... > Yeah I am thinking about playing along with this spam just to have a > little bit of fun with this spammer any ideas on some things i could do . Reply to the email address in the body as long as you use an email address that you can throw away when that address gets spread around the spammer world. Fred k From MikeE at ster.invalid Fri Dec 9 09:49:10 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 12:50:03 2005 Subject: [SpamCop-List] Re: meds spam References: Message-ID: jg wrote: > I guess I was trying to guess at the "meatspace" (new term to me) The concept of meatspace is sometimes for those who are interested in identity sleuthing. When sleuthing, we typically 'see' the cyberspace persona. Your cyberspace persona here in the SC ng/s is jg. We can derive your posting IP and if we 'follow you around' sufficiently as a sleuthing process, we learn to recognize your 'handwriting' from your posts here and we might find other and alternate cyberspace identity characteristics, such as email addies and different handles. After we develop a thorough cyberspace profile which might involve quite a number of eml addies and handles and handwriting characteristics, we would put that together with other search techniques to try to determine who/what the meatspace persona is, which would be the realname, snail address, telno and then expand that into ownership or registration information or drivers license information or social security number or bank account and routing information or CC #s or PINS or whatever. Most identity sleuths who do it for the fun of it are only interested in 'modest' amounts of meatspace identity information -- they are not into embarassing or harassing or stealing the identity or the resources of the target. Speaking of 'meat' -- there's a very old 'story' or skit called "They're Made out of Meat" which was written by Terry Bisson and won a Nebula award and was published in Omni mag almost 15 years ago which circulates around the internet which I like. Here's a link to it http://www.terrybisson.com/meat.html THEY'RE MADE OUT OF MEAT There are a lot of links for the story, some in 'prettier' html, but I chose the one which is at Terry's site -- Mike Easter kibitzer, not SC admin From yea at right.com Fri Dec 9 11:21:17 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 14:25:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Frog Prince" wrote in message news:dncbuo$uhs$1@news.spamcop.net... > > Speaks well for MS technical ability ... can't even do the leg work > necessary to protect their products/market. Here's their response in case you're interested. ----- Original Message ----- From: "Microsoft Anti-Piracy Team" To: <> Sent: Thursday, December 08, 2005 6:26 PM Subject: spam piracy [Incident: 051207-000098] Subject --------------------------------------------------------------- spam piracy Discussion Thread --------------------------------------------------------------- Response (+) - 12/08/2005 07:26 PM Hello, Thank you for contacting the Microsoft Anti-Piracy Team. We appreciate that you have taken the time to forward anti-piracy leads to our team. The website linked in the email you forwarded is no longer valid or has been lost in the forwarding process. In order for us to process the lead, we need to have certain additional information regarding the company you are reporting. If you were able to capture information from the linked website prior to forwarding the email to piracy@microsoft.com, please send us all the information you have such as: Company name Company address including city and state Company phone number Company email address Company website With the above information we will be able to process the lead as requested. Again, thank you for your interest in our anti-piracy campaign. You may also visit our Internet site on http://www.microsoft.com/piracy and http://www.howtotell.com to review additional information on recognizing genuine Microsoft product and Microsoft's licensing policies. Again, thank you for your interest in our anti-piracy campaign. Microsoft Corporation Worldwide Sales Group Date Received 12/07/2005 08:28 AM ==================== Message Attachment ==================== ==================== text File Attachment ==================== Attachment 1.txt, 1362 bytes, added to incident ==================== image File Attachment ==================== Ebd.GIF, 7551 bytes, added to incident Auto-Response - 12/07/2005 08:28 AM Microsoft Corporation thanks you for your recent correspondence to our Anti-Piracy team. As an international company that believes in protecting intellectual property, Microsoft devotes substantial time and effort towards fighting software piracy, and we appreciate your shared interest in this cause. Our staff promptly handles questions or requests for information on software piracy. We actively pursue all reports of possible unauthorized copying and/or distribution of Microsoft software. Due to the sensitive legal nature of these matters, it is not possible for us to provide feedback or updates about actions taken on your submission. However, this in no way reduces the importance of your submission to us. Please be assured that every submission is taken seriously, investigated, and followed by whatever action is deemed necessary. Microsoft makes available valuable information you can use to protect yourself from pirated software, as well as information about Microsoft initiatives designed to protect customers and combat software piracy. To find out more, visit www.microsoft.com/genuine and www.microsoft.com/piracy where you can learn to recognize genuine Microsoft software and learn more about Microsoft's licensing policies. Additional information - Reporting Software Piracy to Microsoft Online: https://microsoft.com/resources/howtotell/ww/reports/report.aspx --------------------------------------------------------------------------------- Reporting Software Piracy to Microsoft within USA or Canada: Call 1-800-RU-LEGIT --------------------------------------------------------------------------------- Reporting Software Piracy to Microsoft outside of USA or Canada: Visit http://www.microsoft.com/piracy/Reporting_out.mspx for local telephone numbers --------------------------------------------------------------------------------- For information on recognizing genuine Microsoft software acquired with a new PC: Visit http://www.microsoft.com/piracy/howtotell --------------------------------------------------------------------------------- Microsoft Authorized Distributors: Visit http://www.microsoft.com/directaccess. --------------------------------------------------------------------------------- Microsoft Authorized OEM Distributors: Visit http://www.microsoft.com/oem --------------------------------------------------------------------------------- Listing of Microsoft volume licensing programs: Visit http://www.microsoft.com/licensing --------------------------------------------------------------------------------- Additional information about Anti-Piracy from the Business Software Alliance: Visit http://www.bsa.org. Once again, we thank you for your interest and participation in fighting software piracy! Yours sincerely, Microsoft Corporation Anti-Piracy Team From mwnospam at comcast.net Fri Dec 9 14:49:15 2005 From: mwnospam at comcast.net (spamacyde) Date: Fri Dec 9 14:50:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: Ok, If Comcast isn't using Spamcop, should I report my spam to Brightmail or Spampal rather than Spamcop? "spamacyde" wrote in message news:dnahco$st7$1@news.spamcop.net... > Is Comcast using Spamcop to screen email for Spam? If not, should I lobby > Comcast to do so? > > Thanks > > From MikeE at ster.invalid Fri Dec 9 12:07:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 15:10:04 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > If Comcast isn't using Spamcop, should I report my spam to Brightmail > or Spampal rather than Spamcop? Brightmail allegedly has a process in place for the enterprise level subscribers [ie EL or comcast] to their services to allow users to submit spam via the corporate client -- eg EL subscribers submit items to a junkmail addy that allegedly feeds the Brightmail system.... . .. but, Brightmail executives have said at conferences that such spam contributions which are made by the end users are not a good source of 'information' for their filter building, because the endusers aren't reliable and the endusers report all kinds of things which shouldn't have been considered in the spam 'pile'. Brightmail actually prefers their own 'methods' for improving their filters rather than user input. That user unreliability index is also supported here by comments from SC deputies who confirm that mistakes from entirely automatic nonhuman spamtrap reports are less common than mistakes made by spamcop reporters, who are supposed to have read and follow the rules. My own opinion is that such as Brightmail almost completely disregards any input from the end users of their corporate clients. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Fri Dec 9 20:37:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 9 15:40:02 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! References: Message-ID: "Tim" wrote in message news:dncedo$lc$1@news.spamcop.net... > Berny wrote: >> >> But honestly, don't bother. >> >> > Heh, I know what you mean. > > It's becoming so much S2D2 (Same Shit, Different Day). 2S2D From nobody at spamcop.net Fri Dec 9 15:53:32 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 9 15:55:03 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: spamacyde wrote: > Ok, > > If Comcast isn't using Spamcop, should I report my spam to Brightmail > or Spampal rather than Spamcop? > SpamPal is a user-configureable client-side filter that uses a collection of public blocklists, nobody to report spam to ..... From yea at right.com Fri Dec 9 14:21:47 2005 From: yea at right.com (Spaz) Date: Fri Dec 9 17:25:02 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "indigo" wrote in message news:dnc9fo$sm8$1@news.spamcop.net... > > Are you off your meds or what?!? Want mine? No, but I would like to know how you got them so I can start receiving them too. From nobody at devnull.spamcop.net Fri Dec 9 17:34:36 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Dec 9 17:35:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: You would be better to lobby them to close open proxies and notify customers of trojans. All my porn spam comes from Comcast. And they pay absolutely no attention to reports. Miss Betsy From 96q7vwa02 at sneakemail.com Fri Dec 9 13:50:07 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 9 17:55:03 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Spaz" wrote in message news:dnd01q$bfu$1@news.spamcop.net... > No, but I would like to know how you got them so I can start receiving > them too. > Go to spamvertized sites and unsubscribe/opt out with the addy you want spammed. It might take a while, but eventually you get what you want. For more places to use, follow tracker links to spamverized sites. Fred k. From g.hyde at bigpond.net.au Sat Dec 10 09:27:57 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 18:30:04 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnc7mh$qr6$1@news.spamcop.net... > When you report such an item, you list the .pk university server. That > isn't what SC wants to be doing. I've asked you, repeatedly, to point to guidelines - /excluding/ the SC website - that say this is what normal mailing list behaviour should be, and that these are normal behaviours regarding servers which handle mailing list mails. You haven't provided one shred of evidence so far to support your theories. > Naturally the item should be rejected during the transaction or if > newmailed, it should be newmailed to the Sender. Therefore, until such time as you post the requested information above, I will be ignoring any further debate or discussion with you on this topic. As far as I'm concerned, it's spam and will be fed to SC for reporting. And I don't care what the SC reporting guidelines are, I want to know what the internet "RFC" or current equivalent protocol states about internet mailing list emails. Google wasn't of much help ... Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Dec 9 15:52:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 18:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> When you report such an item, you list the .pk university server. >> That isn't what SC wants to be doing. > > I've asked you, repeatedly, to point to guidelines - /excluding/ the > SC website - that say this is what normal mailing list behaviour > should be, and that these are normal behaviours regarding servers > which handle mailing list mails. You haven't provided one shred of > evidence so far to support your theories. Let me refresh you about what we agree on and what we disagree on. We agree that your posts to a newsserver are going to a webforum and a mailing list and that those posts contain your unmunged From. We agree that the optimal management of the server handling the mailing list's mail should be to reject it from the sending server which is lugnet or at the worst belatedly bounce it to the Sender line of the item and not the From. We also agree that you have the right to let your From be unmunged, if you so wish. What we disagree on is that what you are reporting is called 'spam' and we disagree on whether or not spamcop reporting it breaks the spamcop rules and we disagree on how to approach this problem. The people you should be having this longwinded conversation with is not me, but the lugnet 'system' which is handling your newsmessage and turning it into a mail which they are not getting bounces for when undelivered. Both you and lugnet agree that they want that mail item and you don't. The lugnet system isn't a system which *I* am having a problem with. The lugnet system is a system which *you* are having a problem with. If anyone should be looking around for something, it should be you, not me. >> Naturally the item should be rejected during the transaction or if >> newmailed, it should be newmailed to the Sender. > > Therefore, until such time as you post the requested information > above, I will be ignoring any further debate or discussion with you > on this topic. As far as I'm concerned, it's spam and will be fed to > SC for reporting. I'm only a kibitzer around here, not any kind of admin. Generally the punishment for breaking a rule, especially if the situation is fuzzy, shouldn't be too harsh. The way it would unfold is that a provider who gets spamcop blocklisted and whose mail delivery is interfered with, such as the .pk university server's admin, takes a look at the reports of alleged spam which they are receiving copies of. When that admin looks at something which is not spam whose report causes their server to become listed, then they contact the deputy at spamcop and tell them that a reporter is making false reports of something which is not spam, but instead is something which was mailed to a mailing list. Then, the deputy takes a look at the situation based on the reportid or tracker and determines that it is not spam and that it is something which was sent to a mailing list by you and then the deputy determines that it was a bad report and against the rules. Hopefully all that will happen is that the deputy will 'admonish' you to not be making those kinds of reports in the future rather than being more severe because of all of this conversation you and I are having --- in which there was plenty of opportunity for you to determine that those reports weren't really a good idea, all things considered. So, you could take the attitude that you will continue to report them until such time as you are admonished by a real admin. Or, you could try to help out lugnet by letting them know about the problem and letting lugnet and the .pk server admin talk to each other on a server admin to server admin level. > And I don't care what the SC reporting guidelines are, You should *DEFINITELY* care what the SC reporting guidelines are if we are talking about you making a SC report. If we are not talking about making a SC report, then the SC reporting guidelines don't make any difference for just chatting about here. > I want to know > what the internet "RFC" or current equivalent protocol states about > internet mailing list emails. Google wasn't of much help ... The way it works is that there are some major majordomos or listservs which do things a particular way, and there are some RFCs which are 'integrated' with those softwares and there are some server softwares which are also configured accordingly so that normally things work the way they are supposed to -- which is where you don't get the bounce which is 'soft' or belated and the list server does get a bounce which is either hard as a rejection or soft as a belated newmail to the Sender line. That is the part you and I agree on. We are debating how to manage the current problem in the meantime. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Sat Dec 10 10:06:34 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Fri Dec 9 19:10:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnd5b9$e7t$1@news.spamcop.net... > Geoffrey Hyde wrote: >> "Mike Easter" >> I've asked you, repeatedly, to point to guidelines - /excluding/ the >> SC website - that say this is what normal mailing list behaviour >> should be, and that these are normal behaviours regarding servers >> which handle mailing list mails. You haven't provided one shred of >> evidence so far to support your theories. > > Let me refresh you about what we agree on and what we disagree on. We > agree that your posts to a newsserver are going to a webforum and a [snip] QED, mate. You were asked, you haven't responded, goodbye. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Fri Dec 9 17:10:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 20:10:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > QED, mate. Now that we've finished discussing the issue which initiated this thread, let me remark on your usage of Q.E.D. in a discussion or debate or disagreement of this nature -- because I also disagree with your usage of that term or abbreviation, which has appeared a number of times lately. quod erat demonstrandum means, at the bottom of the mathematical proof, that the 'which was to be demonstrated' has, in fact, been demonstrated. In the course of a discussion or 'debate', throwing a premature qed into the conversation isn't at all effective in the debate process. It falls quite flat, even in implying that the user is comfortable throwing around Latin phrases or their abbreviations. Especially when it doesn't come at the 'conclusion' of some kind of irrefutable evidence. Then it is just so much junk cluttering up the corners like a dust bunny. ergo Geoffrey's QED = a dust bunny mathematically speaking, of course -- Mike Easter kibitzer, not SC admin From villandra at austin.rr.com Fri Dec 9 19:32:15 2005 From: villandra at austin.rr.com (Dora Smith) Date: Fri Dec 9 20:35:03 2005 Subject: [SpamCop-List] How do I get my e-mail address UNBLOCKED?????? Message-ID: How do I get spamwhatever to UNBLOCK my work e-mail address? I do not want to hear what I have to tell my sytem adminstrator that he isn't going to do anyway. I don't want to hear what extra measures he has to do to satisfy spamwhatever. I merely want to know how to tell it that e-mail coming from me at a certain IP address, which of all the addresses my work mail server uses spamwhatever selectively blocks, and that inconsistently, to the Anglican mailing list! How do I or the adminstrator of my mailing list inform Spamwhatever to stop blocking my mail server IP? Yours, Dora Smith From not at home.today Sat Dec 10 02:29:07 2005 From: not at home.today (Ant) Date: Fri Dec 9 21:30:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote: > In the course of a discussion or 'debate', throwing a premature qed > into the conversation isn't at all effective in the debate process. The only things I see being thrown are teddy bears ;) > Geoffrey's QED = a dust bunny Quite Evidently Dust. From MikeE at ster.invalid Fri Dec 9 18:35:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 21:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: Dora Smith wrote: > How do I get spamwhatever to UNBLOCK my work e-mail address? You have provided absolutely zero information as pertains to problems with some IP address having trouble with its mail out. spamwhatever? myworkemailaddress? Typically email addresses, as in username@work.com are not what a server blocks. A server blocks an IP address, such as 70.112.162.119 -- which is not a blocked IP address. > I do not want to hear what I have to tell my sytem adminstrator that > he isn't going to do anyway. OK. However, if you are planning on sending mail out an IP address which is blocked, you should be working on either seeing if anything you can do will help to get the IP address unblocked, or if your recipients can whitelist your mail [which whitelisting can be based on username@work.com, depending] or else you should find a different way to send your mailout so that you don't have to use a blocked or blocklisted server. > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Does this mean that you are quite accustomed to using a server for your mail out which finds itself listed by a blocklist or blocklists a lot? Mayhaps you should be sending your mail another way. > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server > uses spamwhatever selectively blocks, and that inconsistently, to the > Anglican mailing list! Let me see if I can follow what you are saying. You want to know how to tell 'it' [undefined it, let us assume that is the recipient's server's spamwhatever's [where spamwhatever = some kind of DNSBL blocklisting filter] that email coming from your IP address [no that method isn't going to work] and then things you are saying get all jumbled up. What is the Anglican mailing list? Do you have a meaningfuly delivery status notification failed which might be helpful about some of the things which you are concealing? Does this mean that there is an Anglican mailing list and that when you email to it via your work server -- which is named what? you should know the name of the server which you use to mail from -- and from your experience with this issue, you probably also know the IP address which is blocked but you are being purposely obscure. Name the Anglican mailing list's domainname. Name your work smtp server's domainname. > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? You can't do it that way, probably. You might be able to get the recipient to ask their server admin to whitelist an address. -- Mike Easter kibitzer, not SC admin From jg at coks.net Fri Dec 9 19:09:23 2005 From: jg at coks.net (jg) Date: Fri Dec 9 22:10:02 2005 Subject: [SpamCop-List] Re: meds spam In-Reply-To: References: Message-ID: On 12/9/2005 9:49 AM Mike Easter scribbled: > Most identity sleuths who do it for the fun of it are only interested in > 'modest' amounts of meatspace identity information -- they are not into > embarassing or harassing or stealing the identity or the resources of > the target. > I wasn't speaking of anysuch thing here - I was looking for the actual spammer behind the spamvert and didn't believe it was some russki in Moscow trying to sell me via*gra. But I couldn't get any further than Moscow, so I thought I was doing something wrong. meatspace - gotta google that. > Speaking of 'meat' -- there's a very old 'story' or skit called "They're > Made out of Meat" which was written by Terry Bisson and won a Nebula > award and was published in Omni mag almost 15 years ago which circulates > around the internet which I like. > > Here's a link to it http://www.terrybisson.com/meat.html THEY'RE MADE > OUT OF MEAT That sounds awfully familiar, but if it was in Omni, had to be over 20 yrs ago, since thats when I last had a subscription. Then again, I may have read it in one of those Nebula award winners compilations - I find one about once a year somewhere... Dhalgren is one of my favorites... From jg at coks.net Fri Dec 9 19:13:28 2005 From: jg at coks.net (jg) Date: Fri Dec 9 22:15:02 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: On 12/9/2005 6:59 AM Berny scribbled: > Aren't I privileged?. > > If you are really keen on reading this PHISH here's a tracker. > > http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez > > But honestly, don't bother. > > Whatever you do, "Please Make Sure This /is/ spam"... From h9vzc2i02 at sneakemail.com Fri Dec 9 19:21:15 2005 From: h9vzc2i02 at sneakemail.com (Anon_) Date: Fri Dec 9 22:20:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. > > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server uses > spamwhatever selectively blocks, and that inconsistently, to the > Anglican mailing list! > > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? > > Yours, > Dora Smith *** The best way to get your server unblocked is to quit having spam sent from it. If your server IS on Spamcop's blocklist, it means that your server has sent spam either to people who do not want the mail sent therefrom or that your server has sent mail to a 'spamtrap' (an address that has not sent any mail TO anyone, therefore its address is not available to anyone 'out there'.) Most important, Spamcop.net does NOT block anyone's mail - it is unable to have any direst affect on YOUR or anyone else's mail. If you want any further help form this newsgroup, please furnish your IP address (copying the 'reject message' which includes this needed IP address would help.) -- A SpamCop user and forum reader, Not Admin *** From mwnospam at comcast.net Fri Dec 9 22:31:10 2005 From: mwnospam at comcast.net (spamacyde) Date: Fri Dec 9 22:35:02 2005 Subject: [SpamCop-List] XXX@devnul.spamcop.net Message-ID: For reports sent to devnul.spamcop.net, What does devnul mean? Is this going to Spamcop or the offending ISP? Thanks From MikeE at ster.invalid Fri Dec 9 19:59:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 9 23:00:02 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > For reports sent to devnul.spamcop.net, > > What does devnul mean? > > Is this going to Spamcop or the offending ISP? devnul is an abbreviation for null device, a unix term for a file/device that takes input and causes it to go away nowhere. A particular at devnul is a mechanism for dropping a notification for some reason, for example: postmaster#wanadoo.fr[at]devnull.spamcop.net is dropping what would otherwise be a notification to the wanadoo.fr pm. -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Fri Dec 9 22:28:20 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Fri Dec 9 23:30:02 2005 Subject: [SpamCop-List] Re: Spamcop and Comcast References: Message-ID: "spamacyde" wrote in message news:dncn3f$6br$1@news.spamcop.net... > Ok, > > If Comcast isn't using Spamcop, should I report my spam to Brightmail or > Spampal rather than Spamcop? > > "spamacyde" wrote in message > news:dnahco$st7$1@news.spamcop.net... >> Is Comcast using Spamcop to screen email for Spam? If not, should I >> lobby >> Comcast to do so? For spam that leaks past the Brightmail filter (as Comcast has configured it) then send them a copy of the missed spam to: missed-spam@comcast.net You can also configure your SpamCop preferences to add this e-mail contact so whenever you submit a report then this recipient will also be included and selected by default (so all spams that you report through SpamCop will have a copy of the report sent to Comcast). Read: http://www.comcast.net/help/faq/index.jsp?faq=EmailSpam17785 From jeffg at spamcop.net Fri Dec 9 23:29:39 2005 From: jeffg at spamcop.net (Jeff G.) Date: Fri Dec 9 23:30:12 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Spaz" wrote in message news:dnbajd$aos$1@news.spamcop.net... > What's the best way for me to get on a good spam list? In addition to what the others have written, you could also: read your spam, with HTML rendered subscribe to news.admin.net-abuse.sightings follow the links in the spam messages found above, unsubscribing at the unsubscribe links post to news.admin.net-abuse.email and alt.test If you are serious and will accept misdirected bounces as spam, I have a spigot of a few hundred misdirected bounces per day that I could direct at your mailbox. :) -- Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From vanguard.code at comcastNIX.net Fri Dec 9 22:31:31 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Fri Dec 9 23:35:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. > > I merely want to know how to tell it that e-mail coming from me at a > certain IP address, which of all the addresses my work mail server uses > spamwhatever selectively blocks, and that inconsistently, to the Anglican > mailing list! > > How do I or the adminstrator of my mailing list inform Spamwhatever to > stop blocking my mail server IP? Geez, and when did the *company's* network and mail server become your personal property? Not yours, so not your choice. Duh. The IP address is THEIR IP address, not yours. If they don't want to desist on sending spam then you are trapped by that e-mail provider's decisions. So obviously your remaining decision is to use a different e-mail provider. From nospam at nospam.com Fri Dec 9 23:03:45 2005 From: nospam at nospam.com (Justin) Date: Sat Dec 10 00:05:02 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: References: <4399A9FD.8080806@nospam.com> Message-ID: <439A61B1.2090109@nospam.com> Fred K. wrote: > "Justin" wrote in message > news:4399A9FD.8080806@nospam.com... > >> Yeah I am thinking about playing along with this spam just to have a >> little bit of fun with this spammer any ideas on some things i could do . > > Reply to the email address in the body as long as you use an email address > that you can throw away when that address gets spread around the spammer > world. > > Fred k > > Yeah I was trying to think of something to say to the spammer to play a long with the scam. I think this guy is a newbie cause i think he left his real address in the reply . I really would like to trick him into spamming his ISP but I don't think im that good :) From g.hyde at bigpond.net.au Sat Dec 10 15:21:27 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 00:25:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: "Mike Easter" wrote in message news:dnd9si$grc$1@news.spamcop.net... > Geoffrey Hyde wrote: > >> QED, mate. > > Now that we've finished discussing the issue which initiated this > thread, let me remark on your usage of Q.E.D. in a discussion or debate > or disagreement of this nature -- because I also disagree with your > usage of that term or abbreviation, which has appeared a number of times > lately. Gee mate, I didn't think you'd taken to nitpicking. But if you insist, go right ahead. > quod erat demonstrandum means, at the bottom of the mathematical proof, > that the 'which was to be demonstrated' has, in fact, been demonstrated. How about Qibbled with, Exhaustively discussed, and Dismissed? ;-) Of course, that leaves some of the letters out but abbreviations are rife on the internet nowadays. > In the course of a discussion or 'debate', throwing a premature qed into > the conversation isn't at all effective in the debate process. It falls > quite flat, even in implying that the user is comfortable throwing > around Latin phrases or their abbreviations. I could say that I've demonstrably argued that it is spam I'm dealing with, and that I'm trying to end my demonstration of what is spam about it, with you. > Especially when it doesn't come at the 'conclusion' of some kind of > irrefutable evidence. Then it is just so much junk cluttering up the > corners like a dust bunny. Per aspera ad astra. And yes, I looked it up so I know what it means. If I want further discussion from you, mate, I'll give it to you. :-) Cheers ... Geoffrey Hyde From borgholio at storymind.com Fri Dec 9 21:23:41 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 10 00:25:09 2005 Subject: [SpamCop-List] Re: hong kong importer /exporter scam ? :) In-Reply-To: <439A61B1.2090109@nospam.com> References: <4399A9FD.8080806@nospam.com> <439A61B1.2090109@nospam.com> Message-ID: Justin wrote: > Fred K. wrote: > >> "Justin" wrote in message >> news:4399A9FD.8080806@nospam.com... >> >>> Yeah I am thinking about playing along with this spam just to have a >>> little bit of fun with this spammer any ideas on some things i could >>> do . >> >> >> Reply to the email address in the body as long as you use an email >> address that you can throw away when that address gets spread around >> the spammer world. >> >> Fred k >> > > Yeah I was trying to think of something to say to the spammer to play a > long with the scam. I think this guy is a newbie cause i think he left > his real address in the reply . I really would like to trick him into > spamming his ISP but I don't think im that good :) With the nigerian scams, I use an automated generator to create a reply, then if they bite, I string them along until they get tired of me (or until their email accounts get cancelled. When they ask for phone numbers, I give them the numbers of other nigerian scammers that I dealt with in the past. Same with addresses. I got this one guy to drive to a city about 6 hours away from Lagos to get a wire transfer that I "mistakenly" sent there, instead of directly to him. He sure was a bit upset when he got back. :) From nobody at nowhere.not Sat Dec 10 06:26:33 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Dec 10 01:30:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: On Sat, 10 Dec 2005 05:21:27 UTC, "Geoffrey Hyde" wrote: > I could say that I've demonstrably argued that it is spam I'm dealing with, > and that I'm trying to end my demonstration of what is spam about it, with > you. It is not spam from my point of view. Unwanted yes, spam no. -- Robert Blair From joseph_k at invalid.com Fri Dec 9 22:29:42 2005 From: joseph_k at invalid.com (Joseph_K) Date: Sat Dec 10 01:35:02 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: <50tkp1hlopr44grnh10vlnkdoh83p08qrh@4ax.com> On Fri, 9 Dec 2005 11:21:17 -0800, "Spaz" wrote: >"Frog Prince" wrote in message news:dncbuo$uhs$1@news.spamcop.net... >> >> Speaks well for MS technical ability ... can't even do the leg work >> necessary to protect their products/market. > >Here's their response in case you're interested. > > >----- Original Message ----- >From: "Microsoft Anti-Piracy Team" >To: <> >Sent: Thursday, December 08, 2005 6:26 PM >Subject: spam piracy [Incident: 051207-000098] > > > >Subject >--------------------------------------------------------------- >spam piracy > > >Discussion Thread >--------------------------------------------------------------- >Response (+) - 12/08/2005 07:26 PM >Hello, > >Thank you for contacting the Microsoft Anti-Piracy Team. > >We appreciate that you have taken the time to forward anti-piracy leads to our team. > I have received those, too. And each time I would go to my original reporting email and test the unobfuscated URL and every time it was still valid and active. Oh, well. -- ---------+---------+---------+---------+---------+---------+---------+ Joseph K Seattle, WA, USA From bar_n0ne at hotmail.com Sat Dec 10 10:32:27 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 01:35:10 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! References: Message-ID: "jg" wrote in message news:dndh0m$k9b$2@news.spamcop.net... > On 12/9/2005 6:59 AM Berny scribbled: > > > Aren't I privileged?. > > > > If you are really keen on reading this PHISH here's a tracker. > > > > http://www.spamcop.net/sc?id=z838718779z972728d44071c3110b331a7f5acdf29ez > > > > But honestly, don't bother. > > > > > Whatever you do, "Please Make Sure This /is/ spam"... A PHISH, the one time I browsed ebay, I had no hotmail accounts. From bar_n0ne at hotmail.com Sat Dec 10 10:37:20 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 01:40:02 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:dncq0t$84u$1@news.spamcop.net... > > "Tim" wrote in message SNIP > > It's becoming so much S2D2 (Same Shit, Different Day). > > 2S2D Nope, Tim's correct, SSDD = S2D2 (S squared, D squared) From baloo at ursine.ca Fri Dec 9 22:24:40 2005 From: baloo at ursine.ca (baloo@ursine.ca) Date: Sat Dec 10 02:10:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: <8u8q63-h52.ln1@ursine.ca> Dora Smith wrote: > How do I get spamwhatever to UNBLOCK my work e-mail address? Search the FAQ. Answer is there already. You should have done this before posting. > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. Then you should switch to a different network provider if your sysadmin isn't going to do anything. Or if it's your company network, take it up with your sysadmin's boss. > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Then you are spam friendly. Nice knowing you. Have a nice day. From g.hyde at bigpond.net.au Sat Dec 10 17:34:12 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 02:35:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: It is spam because it fulfils the following conditions: 1. It is private listserver email intended for the original recipient who sent a mailing list setup to it. Not me. Because of some non-compliant header botchup that places me in the From: field. Therefore, spam. 2. Whoever or whatever sent the email that triggered this caused the server to spam me, because I have an apparently valid From: in there, instead of the address of the list server. See point #1 above. This to me means it is spamming me. 3. It's also breaking rules in that it shouldn't be sending me failure-notice messages, only to itself or to a null: email address and the original sender. The reason it's spamming me with this totally useless information is because my From: address is in there, despite the Reply-To being munged. Below is the full message source that was received. It apparently fills me in as the From: recipient, which I understand is very bad practice if you are running a mailing list server. The only place mailing list failures should go is to the mailing list server that originally sent it out, which, incidentally, hasn't done it's job very well, either, having not put itself in as the From: recipient. It's also spam because for a very long time the LugNet admins have been supposed to take care of this problem, however, they apparently haven't fixed it yet. Longer than two years is in my book an awfully long time to fix a listserver problem. Cheers ... Geoffrey Hyde Return-Path: <> Received: from highway.nu.edu.pk ([202.83.174.53]) by imta06sl.mx.bigpond.com with ESMTP id <20051208035327.HXSM112.imta06sl.mx.bigpond.com@highway.nu.edu.pk> for ; Thu, 8 Dec 2005 03:53:27 +0000 Received: by ntc.net.pk with Internet Mail Service (5.5.2656.59) id ; Thu, 8 Dec 2005 08:49:49 +0500 Message-ID: <3B848F4FAFB98A43A09D301DAA62A778057925C6@ntc.net.pk> From: System Administrator To: g.hyde@bigpond.net.au Subject: Undeliverable: Re: New contest Date: Thu, 8 Dec 2005 08:49:48 +0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) X-MS-Embedded-Report: Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C5FBAA.6FA6F781" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C5FBAA.6FA6F781 Content-Type: text/plain; charset="iso-8859-1" Your message To: lugnet.robotics@lugnet.com Subject: Re: New contest Sent: Thu, 8 Dec 2005 05:33:30 +0500 did not reach the following recipient(s): 664@NU.EDU.PK on Thu, 8 Dec 2005 08:49:45 +0500 The recipient name is not recognized The MTS-ID of the original message is: c=us;a= ;p=fast;l=HIGHWAY0512080349YBAH0F7L MSEXCH:IMS:FAST:lhr:HIGHWAY 0 (000C05A6) Unknown Recipient ------_=_NextPart_000_01C5FBAA.6FA6F781 Content-Type: message/rfc822 Message-ID: From: Geoffrey Hyde Sender: news-gateway@lugnet.com Reply-To: Geoffrey Hyde To: lugnet.robotics@lugnet.com Subject: Re: New contest Date: Thu, 8 Dec 2005 05:33:30 +0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2656.59) X-MS-Embedded-Report: X-Loop: lugnet.robotics@lugnet.com X-MDRemoteIP: 65.163.27.210 X-Return-Path: g.hyde@bigpond.net.au X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) X-Spam-Report: X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.64 X-Spam-Processed: mydomain.local, Thu, 08 Dec 2005 08:46:48 +0500 X-MDAV-Processed: mydomain.local, Thu, 08 Dec 2005 08:46:48 +0500 X-MDaemon-Deliver-To: 664@nu.edu.pk Content-Type: text/plain; charset="iso-8859-1" "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-NCeTjTkPqlkW@dsl-206-55-144-107.tstonramp.com... > On Sat, 10 Dec 2005 05:21:27 UTC, "Geoffrey Hyde" > wrote: > >> I could say that I've demonstrably argued that it is spam I'm dealing >> with, >> and that I'm trying to end my demonstration of what is spam about it, >> with >> you. > > It is not spam from my point of view. Unwanted yes, spam no. > > > -- > Robert Blair From porpoise1954 at yahoo.co.uk Sat Dec 10 08:35:28 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 10 03:40:03 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Berny" wrote in message news:dndt32$rgg$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dncq0t$84u$1@news.spamcop.net... >> >> "Tim" wrote in message > SNIP >> > It's becoming so much S2D2 (Same Shit, Different Day). >> >> 2S2D > > Nope, Tim's correct, SSDD = S2D2 (S squared, D squared) No, no. It's not S x S x D x D (S squared x D squared) It's S + S, D + D (2 x S, 2 x D) = 2S, 2D From / at /.cn Sat Dec 10 20:27:12 2005 From: / at /.cn (Petzl) Date: Sat Dec 10 04:30:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Alex Gitlin" wrote in message news:dnb24h$6e1$1@news.spamcop.net... >A lot of spam comes from China. What are the statistics like - are those >spam reports we submit actually useful, are they paying off? (Or do the >Chinese sysadmins simply ignore them?) So far I'm not seeing much >improvement on the amount of spam coming in, but I've only been on Spamcop >for a couple of weeks. > > Alex. Personally I'm seeing China responding to spam complaints more and now and possibly being more active than many USa providers Not sure how many in China have computers accessing the Internet but suspect it is a huge number but there still is a lot of spam coming from China Very little spam comes from India which also has a huge Population The worst spam friendly tolerant country is no doubt Brazil where reported spam is simply ignored Ideally one should not accept a ISP's forced email account automatically from ones provider if they do not have this following criteria (if they do not offer these tell them you will not use there email and ask for a cost reduction You are not getting their dis-service for free) (1) offer spam and virus filtering allowing you to select a number of spam filters, blocklists, including the ability to block problem Countries like China Brazil etc, Most effective blocklist is the SpamCop Blocklist (SCBL) which blocks spam while it is being sent not after, releasing that IP only when it stops sending filth (2) Allows SpamCop Very Easy Reporting (VER) to ensure spamming IP's remain blocked by the SCBL (3) offer whitelist (this allows all whitelisted email to pass no matter what Black/Blocklist is selected) If you need (and everyone does) get a US$30 SpamCop email account. Which will accurately sort all email from all your existing accounts. (Hotmail Yahoo etc included) Email only, going to your inbox and spam going to your VER folder, reporting and blocking all of spam in VER takes three clicks of your mouse (after a quick check it is spam) Very easy and simple to do check it out http://www.spamcop.net/fom-serve/cache/323.html I'm from Sydney Australia and my reason to plug SpamCop is in the false hope that it may get ISP's to brush up there act instead of just milking credit cards and showing little interests in customers or the spam problem. I'm just another SpamCop user no other connections to SpamCop than this Merry Christmas to all Petzl From bar_n0ne at hotmail.com Sat Dec 10 13:44:30 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 10 04:45:31 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:dne432$vbf$1@news.spamcop.net... > No, no. It's not S x S x D x D (S squared x D squared) > It's S + S, D + D (2 x S, 2 x D) = 2S, 2D Arrrghghhhh :-\ From porpoise1954 at yahoo.co.uk Sat Dec 10 09:59:39 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 10 05:05:31 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Berny" wrote in message news:dne820$1of$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dne432$vbf$1@news.spamcop.net... >> No, no. It's not S x S x D x D (S squared x D squared) >> It's S + S, D + D (2 x S, 2 x D) = 2S, 2D > > Arrrghghhhh :-\ He, he, he.......... From Kilgallen at SpamCop.net Sat Dec 10 07:06:51 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 10 08:10:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: In article , Joseph_K writes: > On Thu, 8 Dec 2005 20:34:48 -0800, "Spaz" wrote: > >>I keep getting spam advertising Microsoft software at very cheap >>prices. I sent the email to piracy@microsoft.com and they emailed >>me back saying the link in the email didn't work and asked me to >>give them information from the website such as name, location, phone >>number and email address. The link worked for me and it took me to a >>website called OEM Soft Store. The spam email completely obfuscates >>the web address but once I got to the website, I got the following >>link. >> >>http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ > > Forward this still working URL to them. You have done your part. If > they cannot do their own leg work, well.... While I am not typically a defender of Microsoft technical ability, it is certainly possible the spammer arranged DNS to not provide proper answers to queries from Microsoft IP addresses. That sort of thing has certainly happened to SpamCop. From jg at coks.net Sat Dec 10 07:30:44 2005 From: jg at coks.net (jg) Date: Sat Dec 10 10:30:07 2005 Subject: [SpamCop-List] Re: Amazing, after not having used or browsed E-Bay since 1997, I have won a PowerSeller Account! In-Reply-To: References: Message-ID: On 12/9/2005 10:32 PM Berny scribbled:>>> >> >>Whatever you do, "Please Make Sure This /is/ spam"... > > > A PHISH, the one time I browsed ebay, I had no hotmail accounts. > > I was parodying the SC admonition on the report page - whenever I get a full screen full of reports going to chinatietong, that little warning makes me laugh... From 96q7vwa02 at sneakemail.com Sat Dec 10 09:29:24 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Sat Dec 10 13:45:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > Nobody can be as clueless as the post suggests. Sounds to me like this is a troll. Fred k. From kenbrody at spamcop.net Sat Dec 10 14:31:47 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Dec 10 14:45:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: <439B2D23.2BB9F169@spamcop.net> "Fred K." wrote: > > "Dora Smith" wrote in message > news:dndb6m$hf1$1@news.spamcop.net... > > How do I get spamwhatever to UNBLOCK my work e-mail address? > > > Nobody can be as clueless as the post suggests. You've never worked in tech support, have you? :-) > Sounds to me like this is a troll. Perhaps. But given the number of "why is spamcop blocking my email" or "why is spamcop calling me a spammer" posts that we get here, it's just as likely to be for real. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From DougThegarden at invalid.com Sat Dec 10 20:20:30 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Dec 10 15:25:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: <439B2D23.2BB9F169@spamcop.net> References: <439B2D23.2BB9F169@spamcop.net> Message-ID: Kenneth Brody wrote: > > Perhaps. But given the number of "why is spamcop blocking my email" > or "why is spamcop calling me a spammer" posts that we get here, it's > just as likely to be for real. > Personally I think most of those are trolls too. Doug From vanguard.code at comcastNIX.net Sat Dec 10 14:40:45 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Sat Dec 10 15:45:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnf7iq$hr7$1@news.spamcop.net... > > "Dora Smith" wrote in message > news:dndb6m$hf1$1@news.spamcop.net... >> How do I get spamwhatever to UNBLOCK my work e-mail address? >> > Nobody can be as clueless as the post suggests. Sounds to me like this is > a troll. User: I was working on the computer but then the screen went completely blank. Tech: Is the monitor on? User: Yes. Tech: By blank, do you mean the monitor is off or that you get a background or blank window? User: It is completely dark just like it was powered off. Tech: How do you know the monitor is on? Is there an LED to show the power status? User: I was using it and then it went blank. Tech: Can you toggle the power switch, please? Do it twice but wait a few seconds after each push. User: No change when pushing the power switch. Tech: Sounds like the monitor has no power. Can you check if the power cord is plugged into the back of the monitor, or see if it is permanently attached? User: The cord is pushed all the way in. Tech: Is it possible the power cord got kicked so it was yanked out of the outlet? User: After a pause to crawl under the desk to look) It is plugged in. Tech: Is the video cable plugged into the back of the monitor? User: Yep. Tech: Is the video cable plugged into the back of the computer? User: Yep. Tech: Can you power cycle the computer please to reboot it? User: It won't reboot. No beeps, no disk whine, no fan noise. Tech: Can you check if the power cord is attached to the backside of the computer? User: Yep, it's plugged in. Tech: How about the other end of the power cord? User: I can't see that end because it is in an outlet behind the desk. Tech: If there is room between the desk and wall, or if you can pull out the desk a little, can you see if the cord is plugged in? User: It is too dark to see down there. Tech: Are there any lights you can turn on to look down behind the desk. User: Nope. There is a power outage so the room is dark. Tech: (Pause while tech clenches fist and mutes his phone so the user doesn't hear the obscenities.) There's a power outage? User: Yes. Tech: So where would the computer get its power to stay on when everything is off? Do you have a UPS? User: Don't know. Figured the computer would just stay on. What's a UPS? Tech: You'll have to wait until power is restored so you computer can get some. Is there anything else I can help you with. (Crosses fingers and hopes the dumbfuck user says No.) Because users can hit keys on a keyboard and do some minimal work which is the electronic equivalent of using the old mechanical devices (i.e., typewriters), they think they are computer users. Nope, they're just slightly smarter than monkeys (well, some are, some aren't). I like the story about the idiot that complained that their fax software wouldn't work because their document would not get scanned in while holding the document against the monitor. No wonder Stars Wars awed so many viewers. From devnull at spamcop.net Sat Dec 10 10:03:32 2005 From: devnull at spamcop.net (Frog Prince) Date: Sat Dec 10 15:50:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Larry Kilgallen" | >>I keep getting spam advertising Microsoft software at very cheap | >>prices. I sent the email to piracy@microsoft.com and they emailed | >>me back saying the link in the email didn't work and asked me to | >>give them information from the website such as name, location, phone | >>number and email address. The link worked for me and it took me to a | >>website called OEM Soft Store. The spam email completely obfuscates | >>the web address but once I got to the website, I got the following | >>link. | >> | >>http://awc8hdxu7.2fgqxu3j1vpb78ou717721ju2m1eojjj.cancelerkg.com/xvawl/ | > | > Forward this still working URL to them. You have done your part. If | > they cannot do their own leg work, well.... | | While I am not typically a defender of Microsoft technical ability, | it is certainly possible the spammer arranged DNS to not provide | proper answers to queries from Microsoft IP addresses. | | That sort of thing has certainly happened to SpamCop. And MS is not sharp enough to figure that out or do a work around? Do they hire their security staff from the homicide detective pool in Aruba? From yea at right.com Sat Dec 10 13:06:05 2005 From: yea at right.com (Spaz) Date: Sat Dec 10 16:10:03 2005 Subject: [SpamCop-List] Re: OEM Soft Store? References: Message-ID: "Frog Prince" wrote in message news:dnff0b$l9e$1@news.spamcop.net... > > And MS is not sharp enough to figure that out or do a work around? MS has become fat, dumb and happy with their market position. Why bother with petty little inconveniences when you're rolling in billions? > Do they hire their security staff from the homicide detective pool in Aruba? Their "security staff" is there just for show, not for results. I doubt they have the brains to hit the refresh button on their own web browser when a link doesn't load the first time. From nobody at devnull.spamcop.net Sat Dec 10 16:18:24 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Dec 10 16:20:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote in message news:dnfegd$l3r$1@news.spamcop.net... This is not a troll, IMHO. I think they did read the 'Why Am I blocked FAQ' on the forum, but decided not to post there - hopefully being a little bit more clued in. Email is not rocket science. It is not much more complicated than running an automobile. However, I really did know someone who threw away a tire because it went flat. Miss Betsy From nobody at spamcop.net Sat Dec 10 15:23:32 2005 From: nobody at spamcop.net (John Anderson) Date: Sat Dec 10 16:25:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Steven Maesslein" wrote in message news:slrndpiock.52e.nobody@127.0.0.1... > On Thu, 08 Dec 2005 22:48:33 -0800, Borgholio coughed into spamcop and > left this in : > >> Terrible. I have a blacklist that blocks the whole damn country, and >> I've >> never seen even one legit email get caught...probably because there isn't >> any such thing. :) > > Ditto here. You can say the same for all of APNIC space except Australia > and New Zealand. Most of it *isn't* in the local BL here - because it's > in the firewall. There's no point allowing the connection to happen and > an instance of sendmail to be started when I know full well it's going > to be spam knocking on my door, so I don't even allow these areas access > to my port 25. Saves CPU cycles and allows the machine to get on with > more useful tasks. > Australia and NZ need to get on a different block, so that we in the west can ignore one huge solid block of the internet !! From kenbrody at spamcop.net Sat Dec 10 16:48:16 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Dec 10 16:50:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: <439B2D23.2BB9F169@spamcop.net> Message-ID: <439B4D20.293D9B37@spamcop.net> Doug Thegarden wrote: > > Kenneth Brody wrote: > > > > Perhaps. But given the number of "why is spamcop blocking my email" > > or "why is spamcop calling me a spammer" posts that we get here, it's > > just as likely to be for real. > > > > Personally I think most of those are trolls too. Well, at least some of them are because the sysadmin at another site decided to word the rejection message along the lines of "blocked by SpamCop". -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From DougThegarden at invalid.com Sat Dec 10 22:12:11 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Dec 10 17:15:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Vanguard wrote: > > I like the story about the idiot that complained that their fax software > wouldn't work because their document would not get scanned in while > holding the document against the monitor. > During a conference of European Leaders in the late 90's French President Chirac pointed to the projection screen with his mouse and wondered why it wasn't working. The Dutch Prime Minister Wim Kok didn't fare much better and had the misfortune to be caught on video: http://www.idemployee.id.tue.nl/g.w.m.rauterberg/presentations/UCD-works/wim_kok.avi (15Mb) Doug From nobody at spamcop.net Sat Dec 10 23:20:54 2005 From: nobody at spamcop.net (TimeLord) Date: Sat Dec 10 18:25:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Dora Smith" wrote in message news:dndb6m$hf1$1@news.spamcop.net... > How do I get spamwhatever to UNBLOCK my work e-mail address? > > I do not want to hear what I have to tell my sytem adminstrator that he > isn't going to do anyway. > > I don't want to hear what extra measures he has to do to satisfy > spamwhatever. Then I doubt you will get your mail unblocked. kev From not at home.today Sat Dec 10 23:31:59 2005 From: not at home.today (Ant) Date: Sat Dec 10 18:35:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote: > User: I was working on the computer but then the screen went completely > blank. [snip] > Tech: Are there any lights you can turn on to look down behind the desk. > User: Nope. There is a power outage so the room is dark. "A power... A power outage? Aha! Okay, we've got it licked now. Do you still have the boxes and manuals and packing stuff your computer came in?" "Well, yes. I keep them in the closet." "Good! Go get them and unplug your system and pack it up just like it was when you got it. Then take it back to the store you bought it from." "Really! Is it that bad?" "Yes, I'm afraid it is." "Well, all right then, I suppose. What do I tell them?" "Tell them you're too stupid to own a computer." http://www.snopes.com/humor/business/wordperf.htm From vanguard.code at comcastNIX.net Sat Dec 10 19:45:44 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Sat Dec 10 20:50:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Ant" wrote in message news:dnfohl$q9l$1@news.spamcop.net... > "Vanguard" wrote: > >> User: I was working on the computer but then the screen went completely >> blank. > > [snip] > >> Tech: Are there any lights you can turn on to look down behind the desk. >> User: Nope. There is a power outage so the room is dark. > > "A power... A power outage? Aha! Okay, we've got it licked now. Do you > still have the boxes and manuals and packing stuff your computer came in?" > > "Well, yes. I keep them in the closet." > > "Good! Go get them and unplug your system and pack it up just like it > was when you got it. Then take it back to the store you bought it from." > > "Really! Is it that bad?" > > "Yes, I'm afraid it is." > > "Well, all right then, I suppose. What do I tell them?" > > "Tell them you're too stupid to own a computer." > > http://www.snopes.com/humor/business/wordperf.htm > > Guess you haven't seen a guy banging on a television remote control without trying to replace the batteries. In the computer realm, the equivalent is the idiot banging his cordless mouse, whining about it in the newsgroups, and finally realizing that batteries do get exhausted. From nobody at nowhere.not Sun Dec 11 01:58:39 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Dec 10 21:00:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: On Sat, 10 Dec 2005 07:34:12 UTC, "Geoffrey Hyde" wrote: spam = UCE or UBE, your unwanted reply is neither of these. > It apparently fills me > in as the From: recipient, which I understand is very bad practice if you > are running a mailing list server. All of the mailing lists I belong to leave my email address in the FROM. Most also will insert a REPLY-TO (to the mailing list) if I do not insert a REPLY-TO in the headers. If I insert a REPLY-TO into the headers then the mailing list will pass it through so the reply will go to where ever I have set. -- Robert Blair From not at home.today Sun Dec 11 02:53:42 2005 From: not at home.today (Ant) Date: Sat Dec 10 21:55:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Vanguard" wrote: > "Ant" wrote: >> "Tell them you're too stupid to own a computer." >> >> http://www.snopes.com/humor/business/wordperf.htm > > Guess you haven't seen a guy banging on a television remote control > without trying to replace the batteries. I am that man! Well, almost. I replaced the batteries and the damn thing still didn't work. Or rather, it does work but the TV ignores it! One of these days I'll get around to replacing the set. I don't watch it much anyhow. From g.hyde at bigpond.net.au Sun Dec 11 13:53:51 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 10 22:55:03 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Well, I talked to someone (who probably would not want to be named anyway) in private mail and they said it's a very grey area, and whether it's spam is MY call. Next one I get WILL be considered spam. And it is highly annoying spam to boot. What I would like to be able to do though, is have the lugnet address recognized as a 3rd party which will need to be notifed of these - since they own the listserver, the spam problem is theirs to fix, not mine, and certainly their fault for not having set the damn thing up right in the first place. BTW, the following is the MAIN reason I consider it spam, and why I find it ought to be reportable as such: [paste] Your message To: lugnet.robotics@lugnet.com Subject: Re: New contest Sent: Thu, 8 Dec 2005 05:33:30 +0500 did not reach the following recipient(s): 664@NU.EDU.PK on Thu, 8 Dec 2005 08:49:45 +0500 The recipient name is not recognized The MTS-ID of the original message is: c=us;a= ;p=fast;l=HIGHWAY0512080349YBAH0F7L MSEXCH:IMS:FAST:lhr:HIGHWAY 0 (000C05A6) Unknown Recipient [end paste] The person it's trying to find @nu.edu.pk is the person it's supposed to be sending to. Since either it's a listserver or a mail server handling listserver traffic, it's most definitely not allowed to be spamming NON-mailing-list recipients (AFAIK, I once was on a very similar mailing list a long time ago, and one of the rules was that non-mailing-list recipients should not get spammed under any circumstances.) Because this is a gateway for so-called "news-by-mail" I am very annoyed at getting spammed because I already browse the newsgroups with Outlook and I certainly don't need the news server mailing list gateway spamming me or cauisng another server to be spamming me with regurgitated posts like this. Cheers ... Geoffrey Hyde "Robert Blair" wrote in message news:TECQXhvKj0FX-pn2-GK1fwdbcLq6J@dsl-206-55-144-107.tstonramp.com... > On Sat, 10 Dec 2005 07:34:12 UTC, "Geoffrey Hyde" > wrote: > > spam = UCE or UBE, your unwanted reply is neither of these. > > >> It apparently fills me >> in as the From: recipient, which I understand is very bad practice if you >> are running a mailing list server. > > All of the mailing lists I belong to leave my email address in the > FROM. Most also will insert a REPLY-TO (to the mailing list) if I do > not insert a REPLY-TO in the headers. If I insert a REPLY-TO into the > headers then the mailing list will pass it through so the reply will > go to where ever I have set. From MikeE at ster.invalid Sat Dec 10 20:19:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 10 23:20:02 2005 Subject: [SpamCop-List] Re: I am getting more messages from this .pk server about listserver messages I can do nothing about. References: Message-ID: Geoffrey Hyde wrote: > What I would like to be able to do though, is have the lugnet address > recognized as a 3rd party which will need to be notifed of these - > since they own the listserver, the spam problem is theirs to fix, not > mine, and certainly their fault for not having set the damn thing up > right in the first place. You could just email the whole enchilada [bounce with your attached post] and an explanation of what is going on to lugnet and nu.edu.pk and leave SC reporting out of the loop. At the very least lugnet would remove/unsub the .pk subscriber and stop your pain. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sat Dec 10 22:35:17 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Dec 10 23:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: In article , "Vanguard" writes: > Guess you haven't seen a guy banging on a television remote control without > trying to replace the batteries. Actually, that works for me quite often. I figure it to be oxidation on the battery contacts. From mwnospam at comcast.net Sat Dec 10 23:56:38 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Dec 11 00:00:03 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: "Mike Easter" wrote in message news:dndjq8$mqv$1@news.spamcop.net... > spamacyde wrote: > > For reports sent to devnul.spamcop.net, > > > > What does devnul mean? > > > > Is this going to Spamcop or the offending ISP? > > devnul is an abbreviation for null device, a unix term for a file/device > that takes input and causes it to go away nowhere. > > A particular at devnul is a mechanism for dropping a notification for > some reason, for example: > > postmaster#wanadoo.fr[at]devnull.spamcop.net > > is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > -- > Mike Easter > kibitzer, not SC admin > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going nowhere. Now did Spamcop choose this null address to receive reports or is the ISP not interested in receiving a report? Thanks From mwnospam at comcast.net Sat Dec 10 23:58:49 2005 From: mwnospam at comcast.net (spamacyde) Date: Sun Dec 11 00:00:11 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: "Mike Easter" wrote in message news:dndjq8$mqv$1@news.spamcop.net... > spamacyde wrote: > > For reports sent to devnul.spamcop.net, > > > > What does devnul mean? > > > > Is this going to Spamcop or the offending ISP? > > devnul is an abbreviation for null device, a unix term for a file/device > that takes input and causes it to go away nowhere. > > A particular at devnul is a mechanism for dropping a notification for > some reason, for example: > > postmaster#wanadoo.fr[at]devnull.spamcop.net > > is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > -- > Mike Easter > kibitzer, not SC admin As far as your example goes, did wanadoo.fr not want to see the report so they chose a null email address? Thanks From MikeE at ster.invalid Sat Dec 10 21:21:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 00:25:03 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going > nowhere. Now did Spamcop choose this null address to receive reports > or is the ISP not interested in receiving a report? I recently learned that you can't tell what is going on from the language in the verbose. What I had previously interpreted as a provider not wanting SC reports by the 'refuses' language robin.rain@sungard.com refuses SpamCop reports Using robin.rain#sungard.com@devnull.spamcop.net for statistical tracking. ... doesn't necessarily mean what it sez. The same word condition can prevail if a deputy has decided that SC doesn't want to send the address reports anymore for any number of reasons. Ellen sez: "We turn off addresses for various reasons including but limited to listwshing, ROKSO spammer, obviously ignoring reports, passing reports to inappropriate places, etc." news://news.spamcop.net/dn4vii$csk$1@news.spamcop.net -- Mike Easter kibitzer, not SC admin From jg at coks.net Sat Dec 10 22:19:44 2005 From: jg at coks.net (jg) Date: Sun Dec 11 01:20:03 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: On 12/10/2005 1:23 PM John Anderson scribbled: > one huge solid block of the internet !! > > > and the world... From MikeE at ster.invalid Sat Dec 10 22:19:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 01:20:12 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: spamacyde wrote: > So if Spamcop sends a report to XXX@devnul.spamcop.net, it's going > nowhere. Now did Spamcop choose this null address to receive reports > or is the ISP not interested in receiving a report? Another point I think is worth considering. Some people think that notifying a provider is a method or force of 'making' them do something. I think of SC notifying a provider as a 'courtesy' to the provider -- to let the provider know that if they would like to do something about a spamvertiser, here is evidence of spamvertising, but it is purely up to the spamvertiser provider to accept and act on the notify. Or not -- there are no consequences to ignoring the report. Similarly, if a spamsource provider wants to know about spam being sourced from their IP, here is the evidence, but it is purely up to the spamsource provider to accept or read or trash the notify. However, the report will still be counting toward the SCbl regardless of whether or not the spamsource provider wants to see the report or not. SC is very very cooperative with providers. If they don't want reports, they don't have to get them. If they want these kinds of reports but not those kinds of reports, SC will certainly oblige them -- any which way they want it, report or no report or some reports. SC is fundamentally toothless where it comes to spamvertisers except for what happens with the sc-surbl listings; and SC is a rather powerful force where it comes to spamsource listings. Whether any providers get any reports or not. If a whitehat provider for a spamvertiser is going to not only accept a report, but evaluate the situation and remedy something -- that's wonderful. If a blackhat provider for a spamvertiser doesn't want to hear anything, that's not wonderful, but it is immaterial. Not because of not getting a report, but because the provider is a blackhat. There is no point in sending a report to a provider who doesn't want to hear it; whether it gets devnulled on this end or on that end. Which brings me around to my argument that I think that spamvertiser providers don't *need* to be notified -- since there is virtually no consequence except for sc-surbl -- and the SC reporter should be able to configure to not resolve or notify spamvertisers. That way all of the spamvertisers which the reporter doesn't call IBs get devnull notified and sent to the statistics page or sc-surbl system and SC doesn't have to bother with resolving them at all. -- Mike Easter kibitzer, not SC admin From DougThegarden at invalid.com Sun Dec 11 08:26:05 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Dec 11 03:30:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Vanguard wrote: > > User: I was working on the computer but then the screen went completely > blank. > Tech: Is the monitor on?......... Users don't have the monopoly on stoopidity. User: "The computer boots up without any warning beeps, but nothing shows up on the screen." Tech: "Is the monitor connected." User: "Yes, but there is no display." Tech: "Did you install the drivers for the VGA card?" User: "How can I install them before I'm in DOS?" Tech: "You have to install the drivers first before you can get a display." User: "You don't need VGA drivers to boot to DOS like you do for Windows. I should be able to boot to DOS." Tech: "Well, insert the floppy you received with your card. Go to the A:\Utilities directory. Type 'readme.com'." User: "I cannot see anything. How do you expect me to read a file on the screen?" Tech: "Read the file, and it will explain everything." Doug From g.hyde at bigpond.net.au Sun Dec 11 19:21:42 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Dec 11 04:25:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Doug Thegarden" wrote in message news:dngnqu$ap8$1@news.spamcop.net... > Vanguard wrote: >> >> User: I was working on the computer but then the screen went completely >> blank. >> Tech: Is the monitor on?......... > > Users don't have the monopoly on stoopidity. > [snip joke] Actually, because most cards pop up a display by default nowadays, that's not half as funny as it sounds. You just plug the card in, put the monitor on the card, boot the computer, install drivers etc, and away it goes. What is funny is when you have an older computer where you have to disable the old display adapater (sometimes an onboard chip on the motherboard) and you have to disable the old display adapter before putting the graphics card into the machine. Cheers ... Geoffrey Hyde From DougThegarden at invalid.com Sun Dec 11 09:36:40 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Dec 11 04:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? In-Reply-To: References: Message-ID: Geoffrey Hyde wrote: > > Actually, because most cards pop up a display by default nowadays, that's > not half as funny as it sounds. > > You just plug the card in, put the monitor on the card, boot the computer, > install drivers etc, and away it goes. > Unless you have been supplied with a DOA monitor as in this case. I get tired of dealing with tech support that are convinced it is the user's incompetence not their product that's the problem. It took me 15 mins on Monday to convince the Vodafone 3G tech support to check their network status in the locality where I was having problems. They wanted me to check my computer, check my drivers, uninstall and reinstall software. Eventually by answering each attempt to get me to do something with "Would you please check your network status in this area" they eventually agreed to and lo and behold, they discovered their network was down Doug From yea at right.com Sun Dec 11 02:01:34 2005 From: yea at right.com (Spaz) Date: Sun Dec 11 05:05:30 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnd1na$cbd$1@news.spamcop.net... > Go to spamvertized sites and unsubscribe/opt out with the addy you want > spammed. It might take a while, but eventually you get what you want. For > more places to use, follow tracker links to spamverized sites. I found a few unsubscribe web pages but it hasn't worked so far; however, I did notice that these websites had good references like company name, email address, and overall professional webpage, so I think they truely were functional unsubscribe webpages. I doubt I can find the ones I want through google searches. Do you have some I could start with? Thanks! From g.hyde at bigpond.net.au Sun Dec 11 21:38:55 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Dec 11 06:40:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: "Doug Thegarden" wrote in message news:dngrv9$d67$1@news.spamcop.net... > Unless you have been supplied with a DOA monitor as in this case. > > I get tired of dealing with tech support that are convinced it is the > user's incompetence not their product that's the problem. It took me 15 > mins on Monday to convince the Vodafone 3G tech support to check their > network status in the locality where I was having problems. They wanted > me to check my computer, check my drivers, uninstall and reinstall > software. Eventually by answering each attempt to get me to do something > with "Would you please check your network status in this area" they > eventually agreed to and lo and behold, they discovered their network was > down I get tired of having to get tech support to figure out what is wrong, ADSL went down just recently, coincidentally, the computer I was on had it's power cord come unplugged (it was a power strip connected to a 3m extension lead, power strip plug became just detached enough from the extension lead socket to cause the electricity to stop flowing) and I had the feeling that had the ADSL not come back just when I'd started the chat with the tech support guy for the ADSL, that I would've been drawn into a long-winded version of shut computer down, reboot, etc etc. And there have been times when I know it is not me, it is them, and they still want to press on with this ridiculously long procedure they have to follow. Sometimes I'd like for them to toss it into the nearest paper shredder. There have been times when the computer network they were on was working fine one minute and the next it had shut down, that was interesting - Tech: "Hold on a minute here, my login seems to have stopped working" or "The network seems to have crashed, just hold the line while I get maintenance to look into it" etc. Fun fun fun. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sun Dec 11 09:18:15 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 09:20:02 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Ellen" wrote in message news:dn4vii$csk$1@news.spamcop.net... > We turn off [reporting] addresses > for various reasons including but limited to listwshing, ROKSO > spammer, obviously ignoring reports, passing reports to > inappropriate places, etc. Ellen, did you mean "listwashing" rather than "listwshing" and "not limited" rather than "limited"? -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From nobody at spamcop.net Sun Dec 11 10:43:18 2005 From: nobody at spamcop.net (Ellen) Date: Sun Dec 11 10:45:02 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Jeff G." wrote in message news:dnhchg$l45$1@news.spamcop.net... > "Ellen" wrote in message > news:dn4vii$csk$1@news.spamcop.net... > > We turn off [reporting] addresses > > for various reasons including but limited to listwshing, ROKSO > > spammer, obviously ignoring reports, passing reports to > > inappropriate places, etc. > > Ellen, did you mean "listwashing" rather than "listwshing" and "not > limited" rather than "limited"? > yes We turn off [reporting] addresses for various reasons including, but not limited to, listwashing, ROKSO listing, obviously ignoring reports, passing reports to inappropriate places, etc. Ellen From nobody at xyzzy.claranet.de Sun Dec 11 17:46:01 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 11:50:02 2005 Subject: [SpamCop-List] list washing (was: Contact for NET-66-179-0-0-1) References: Message-ID: <439C57C9.31C0@xyzzy.claranet.de> Ellen wrote: > We turn off [reporting] addresses for various reasons > including, but not limited to, listwashing, ROKSO listing, > obviously ignoring reports, passing reports to > inappropriate places, etc. BTW, when "my" spammer tested the effect of SPF FAIL with my vanity host for two weeks in August I switched to "unmunged", and later sticked to it. This had no positive effect on the amount of spam I get, and maybe I get even more now. Whatever Leo does, "listwashing" is apparently not in his book. Maybe he has an upper limit for the same campaign sent to the same domain per day, but more likely he just doesn't care about this detail. If Leo uses the number of SC-reported spams as pseudo-evidence for his spamvertizing customers, then limiting the "dupes" to Message-IDs and other catchall addresses could be counter- productive from his POV. I assume that he already optimizes the usage of his zombies with the SCBL (as far as possible). Bye, Frank From nobody at xyzzy.claranet.de Sun Dec 11 18:15:15 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 12:20:02 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: <439C5EA3.56AE@xyzzy.claranet.de> spamacyde wrote: > As far as your example goes, did wanadoo.fr not want to see > the report so they chose a null email address? No, these situations are indicated differently in the "show technical details" style of output. xxx@devnull.spamcop often comes with "(x reports sent, y bounces)" counters, that's for cases where SC determined that address xxx should be (one of) the possible proper reporting addreses, but SC reports sent to xxx were rejected / bounced. The switch from "try xxx" to "give up" (= xxx@devnull.spamcop) is apparently automatical. The admins can reset the counters manually. Maybe the counters also expire automatically. If SC uses xxx@devnull.spamcop _without_ showing the counters it's a manual decision on the side of SC, not by xxx. Ellen just explained how that works in this thread. Bye, Frank From nobody at xyzzy.claranet.de Sun Dec 11 18:36:19 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 12:40:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: <439C6393.6481@xyzzy.claranet.de> Alex Gitlin wrote: > A lot of spam comes from China. What are the statistics like > - are those spam reports we submit actually useful, are they > paying off? Clueful admins hating spam exist everywhere. Admittedly I only "met" one in China so far (infected Win-box at an university), but with my setup trying to report (SC or manual) can't hurt. There are nice guys'n'gals worldwide (e.g. RU). Bye, Frank From jeffg at spamcop.net Sun Dec 11 13:14:55 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 13:15:03 2005 Subject: [SpamCop-List] Re: Contact for NET-66-179-0-0-1 References: Message-ID: "Ellen" wrote in message news:dnhhho$nhi$1@news.spamcop.net... > We turn off [reporting] addresses > for various reasons including, but not limited to, listwashing, ROKSO > listing, obviously ignoring reports, passing reports to > inappropriate places, etc. Thanks, Ellen! -- Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 From nobody at xyzzy.claranet.de Sun Dec 11 19:37:37 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 11 13:45:02 2005 Subject: [SpamCop-List] Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> Message-ID: <439C71F1.4C2B@xyzzy.claranet.de> Jeff G. wrote: > And yours looks like you are saying "Bye" to yourself. That's no "signature" (= the lines after a line "-- "), it's a bad case of DEnglish on my side. I know that "Cheers, Frank" is possible, and for formal mails I try "Regards, F.Ellermann". What's good for news and mailing lists if I don't want to use "Cheers", is "Greets" better ? [signature] > Is the following better? Yes for the size and your intention to display a link to the forum. Maybe say "for personal replies and more about me see" (or something in this direction) instead of "see my full sig": The case where I first stumbled over your old signature wasn't here but on your "recent SC glitches" forum page - a bunch of short entries (two or three lines) with the timetamps of some recent problems followed by the old long signature, resulting in a forum page, where most of it content were copies of your signature. That's apparently a technical problem with the forum software: There are already links to some personal info about the author of each entry, but ?showuser=2041 doesn't work for guests. In other words, the link in your new sig doesn't work for me (= no forum member, only an occasional reader). Probably for privacy reasons, maybe you need some kind of "public profile" in addition to the member-only-info-pages. Using signatures within forum articles because guests (among them GoogleBot, me, spammers, who knows) can't use ?showuser= is an odd kludge, it litters the forum. $TBD, Frank -- Suggestions for $TBD better than "bye" or "cheeers" welcome. From nobody at spamcop.net Sun Dec 11 12:57:15 2005 From: nobody at spamcop.net (RW) Date: Sun Dec 11 14:00:04 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net In-Reply-To: References: Message-ID: spamacyde wrote: > "Mike Easter" wrote in message >> >>A particular at devnul is a mechanism for dropping a notification for >>some reason, for example: >> >>postmaster#wanadoo.fr[at]devnull.spamcop.net >> >>is dropping what would otherwise be a notification to the wanadoo.fr pm. > > > As far as your example goes, did wanadoo.fr not want to see the report so > they chose a null email address? > Thanks It depends on the reason the address was sent to devnul. With wanadoo.fr, abuse.net returns both postmaster@ and abuse@. We may have heard from wanadoo.fr telling us they don't need/want two copies of each report and to send to abuse@ only, so we'd devnull mail to postmaster@. In the case of wanadoo.fr though, postmaster@ has bounced more than 50% of reports sent, so the system set the account to bouncing and devnulls reports destined for the address. Richard From edb2000 at spamcop.net Sun Dec 11 11:53:58 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sun Dec 11 14:55:02 2005 Subject: [SpamCop-List] spam subject of the week Message-ID: Subject: triumphal gonorrhoea [yeah, it always wins in the end...] From MikeE at ster.invalid Sun Dec 11 12:10:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 15:15:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Jeff G. wrote: > >> And yours looks like you are saying "Bye" to yourself. > > That's no "signature" (= the lines after a line "-- "), it's a > bad case of DEnglish on my side. I know that "Cheers, Frank" > is possible, and for formal mails I try "Regards, F.Ellermann". > > What's good for news and mailing lists if I don't want to use > "Cheers", is "Greets" better ? Don't you want whatever it is to be a 'signing off' -- like a 'signature'. A signature on a handwritten note sez, "I'm the one who wrote this, and now I'm thru' writing here and so I'm leaving -- signed Frank. But, we don't want signed Frank as a part of our reply to Frank in a news message. That's why sig delimitors were created, so that signed Frank is automatically removed when we reply. If you write bye Frank as a part of the last line of your post, it would have to be manually removed, or left in there, which doesn't make any sense to me. >> Is the following better? where Jeff is asking Frank to compare this: Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. with this: Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?showuser=2041 > Yes for the size and your intention to display a link to the > forum. And I agree with Frank that Jeff's lengthy sig was, well, excessive. Some even have 'rules' for sigs that they can't exceed 4 lines and such. I would rather see no more than 2, myself. Personally I don't think that sigs need to have 'unnecessary' flourishes in them like thanks and best regards, but then that may be the nature of my personality, so that is just the opinion of one opinionated person. In fact, I think the sig should be 'efficient' if it is trying to carry a message about something and that it not only doesn't need thanks or best regards, it doesn't even need 'please' > $TBD, Frank "Suggestions for $TBD better than "bye" or "cheeers" welcome." I think whatever you determine should go below a sig delimitor, not above it. -- Mike Easter kibitzer, not SC admin From jg at coks.net Sun Dec 11 12:15:14 2005 From: jg at coks.net (jg) Date: Sun Dec 11 15:15:17 2005 Subject: [SpamCop-List] Re: spam subject of the week In-Reply-To: References: Message-ID: On 12/11/2005 11:53 AM Don Wannit scribbled: > Subject: triumphal gonorrhoea > > [yeah, it always wins in the end...] which end??? From jg at coks.net Sun Dec 11 12:19:57 2005 From: jg at coks.net (jg) Date: Sun Dec 11 15:20:04 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: <439C71F1.4C2B@xyzzy.claranet.de> References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: On 12/11/2005 10:37 AM Frank Ellermann scribbled: > > Using signatures within forum articles because guests (among > them GoogleBot, me, spammers, who knows) can't use ?showuser= > is an odd kludge, it litters the forum. > > $TBD, Frank Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a teapot... From MikeE at ster.invalid Sun Dec 11 12:35:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 15:40:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: jg wrote: > Frank Ellermann scribbled: >> $TBD, Frank > > Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a > teapot... When you reply to Frank, do you leave it - bye Frank - in or manually trim it from Frank's quote? -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sun Dec 11 15:36:21 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 15:40:14 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:439C71F1.4C2B@xyzzy.claranet.de... > That's apparently a technical problem with the forum software: > > There are already links to some personal info about the author > of each entry, but ?showuser=2041 doesn't work for guests. > > In other words, the link in your new sig doesn't work for me > (= no forum member, only an occasional reader). Probably for > privacy reasons, Yes, Wazoo changed this for privacy reasons - please see the discussion at http://forum.spamcop.net/forums/index.php?showtopic=5311 for details. > maybe you need some kind of "public profile" > in addition to the member-only-info-pages. Please feel free to suggest that there, but I don't think IPB supports it out-of-the-box. Is the following sig better? -- Thanks and Best Regards, Jeff G. Please see my full sig at http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Sun Dec 11 15:42:26 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 15:45:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: "Mike Easter" wrote in message news:dni13h$vlk$1@news.spamcop.net... > In fact, I think the sig should be 'efficient' if it is trying to carry > a message about something and that it not only doesn't need thanks or > best regards, it doesn't even need 'please' The following is the smallest I'm willing to make it (unless you think I should go with a tinyurl, shorturl, or similar, for which recommendations would be helpful). I will continue to add "Thanks and " when and as appropriate. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Sun Dec 11 15:45:29 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 11 15:50:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: "Mike Easter" wrote in message news:dni2hq$qc$1@news.spamcop.net... > jg wrote: > > Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a > > teapot... > When you reply to Frank, do you leave it - bye Frank - in or manually > trim it from Frank's quote? I manually trim it. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From 96q7vwa02 at sneakemail.com Sun Dec 11 11:47:15 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Sun Dec 11 16:00:03 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Spaz" wrote in message news:dngtdu$e2l$1@news.spamcop.net... > I found a few unsubscribe web pages but it hasn't worked so far; however, > I did notice that these > websites had good references like company name, email address, and overall > professional webpage, so > I think they truely were functional unsubscribe webpages. I doubt I can > find the ones I want > through google searches. Do you have some I could start with? Thanks! > Give it time. They will come. Professional looking is an oxymoron where spamvertized sites are concerned. Pick up spamvertized links from trackers posted by other reporters. Fred k. From nobody at nowhere.invalid Sun Dec 11 22:01:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 11 16:05:04 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: On Fri, 9 Dec 2005 10:16:51 -0500, Ellen coughed into spamcop and left this in : > Well actually we *are* hearing from admins in China nowadays. You unblock us network or we throw egg rolls at you. We email not nation unfriendly disaster. We email allowed marketing happy song message. > This is a nice change. Of course, it is a large country (obviously) > and the ones we are hearing from are cleaning up their little bits of > it. So things are improving altho it may not be terribly obvious yet. I don't think there will be much of a difference until the government in China becomes less corrupt. All websites in China have to be registered with a government body so that they can "ensure" a pr0n-free and politically correct Chinese Internet and clamp down on illegal sites. You can bet your sweet bottom dollar that a Chinese citizen setting up an Internet pharmacy site would go before a firing squad and his/her family charged for the bullets. I assume (maybe incorrectly) that the spammers get away with it because they know whose palm to grease. -- Steve Shin, n. : a device for finding furniture in the dark. From MikeE at ster.invalid Sun Dec 11 13:05:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 16:10:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Jeff G. wrote: > The following is the smallest I'm willing to make it (unless you > think I should go with a tinyurl, shorturl, or similar, for which > recommendations would be helpful). I use snurls which are snipped urls pretty often, but whenever I do it I also 'show' the original long url, because some people are 'averse' to using tiny, snipped, short, or other urls because they are so variable in their 'function'. That is, they are complex in what the system is programmed to 'feed back' to the person who provided the shortened link about 'who' and whatall is clicking on it. Some people don't want to click a shortened url because of privacy reasons and they don't want to try to figure out or remember which tiny short snipped do what snooping or not. If I show both regular and snurl, the person can choose to click what they want. So, where your space is limited and is supposed to be efficient, you can't be putting both a short and a normal url. If an url isn't so long that it is in danger of getting wrapped, it doesn't matter [IMO] if it is 57 chars long or 17. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 11 13:10:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 16:15:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum (was: Spamcop not reporting weblinks in spam) References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Jeff G. wrote: > The following is the smallest I'm willing to make it My previous was a longwinded way of saying that isn't too long and I would recommend that instead of such as a tiny. -- Mike Easter kibitzer, not SC admin From crappy.trappy at ntlworld.com Sun Dec 11 21:31:26 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Sun Dec 11 16:35:04 2005 Subject: [SpamCop-List] Re: spam subject of the week In-Reply-To: References: Message-ID: jg wrote: > On 12/11/2005 11:53 AM Don Wannit scribbled: > > >>Subject: triumphal gonorrhoea >> >>[yeah, it always wins in the end...] > > which end??? Keep it clean guys ;) From munged at nomorespamithurts.com Sun Dec 11 21:48:47 2005 From: munged at nomorespamithurts.com (KD) Date: Sun Dec 11 16:50:02 2005 Subject: [SpamCop-List] Where's the spam gone ? Message-ID: Hi all, Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per day is now down to almost 0 and has been for nearly a week. Has there been a downturn in spam or is it likely that my ISP have finally subscribed to a block list or something (Talktalk UK). Cheers, Keith From nobody at devnull.spamcop.net Sun Dec 11 19:21:55 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Dec 11 19:25:03 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "KD" wrote in message news:dni6r4$3hb$1@news.spamcop.net... > Hi all, > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per day > is now down to almost 0 and has been for nearly a week. Has there been a > downturn in spam or is it likely that my ISP have finally subscribed to a > block list or something (Talktalk UK). I'd vote for your ISP doing some filtering. However, spam does seem to go in cycles. It might be a combination of the two. I have not seen a change in my spam. Miss Betsy an almost new internet user From MikeE at ster.invalid Sun Dec 11 16:49:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 19:50:02 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: KD wrote: > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ > per day is now down to almost 0 and has been for nearly a week. Has > there been a downturn in spam or is it likely that my ISP have > finally subscribed to a block list or something (Talktalk UK). You must surely be the one who is in the best position to evaluate what is going on at your provider than the rest of us. Or, is it you concept that suddenly all the spam in the world has fallen to zero and we are all hanging about in here talking about it? Let me see, which scenario is the most likely? That - your mailserver is totally broken, causing you to get some tiny fraction of all of your mail, including spam - your mailserver has introduced some kind of spamfilter, good, bad, or indifferent, which is causing you to 'lose' most of your mail, including spam, goodmail, and other - your mailserver has introduced a perfect spamfilter, which only eliminates all of your spam and none of your goodmail - suddenly all of the spam in the world has disappeared Choose one of the above. -- Mike Easter kibitzer, not SC admin From 96q7vwa02 at sneakemail.com Sun Dec 11 16:03:44 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Sun Dec 11 20:05:02 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "KD" wrote in message news:dni6r4$3hb$1@news.spamcop.net... > Hi all, > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per > day If your ISP has iniated spam filtering, you should see the filtered spam on their server in a spam folder. Spam filters do give false positives, and they should wind up in the spam box on their server. You have to be able to check the email they classified as spam. Otherwise you could loose email that they declare as spam when it really is something from somebody that you don't want to miss. Not being able to see the email they classify as spam is a bad thing. Fred k. From munged at nomorespamithurts.com Mon Dec 12 01:13:06 2005 From: munged at nomorespamithurts.com (KD) Date: Sun Dec 11 20:15:03 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "Mike Easter" wrote in message news:dnihe5$90b$1@news.spamcop.net... > KD wrote: >> Obviously I'm being a bit thick here but my usual 'spam load' of 50+ >> per day is now down to almost 0 and has been for nearly a week. Has >> there been a downturn in spam or is it likely that my ISP have >> finally subscribed to a block list or something (Talktalk UK). > > You must surely be the one who is in the best position to evaluate what > is going on at your provider than the rest of us. > > Or, is it you concept that suddenly all the spam in the world has fallen > to zero and we are all hanging about in here talking about it? > > Let me see, which scenario is the most likely? That > > - your mailserver is totally broken, causing you to get some tiny > fraction of all of your mail, including spam > - your mailserver has introduced some kind of spamfilter, good, bad, or > indifferent, which is causing you to 'lose' most of your mail, including > spam, goodmail, and other > - your mailserver has introduced a perfect spamfilter, which only > eliminates all of your spam and none of your goodmail > - suddenly all of the spam in the world has disappeared > > Choose one of the above. > > -- > Mike Easter > kibitzer, not SC admin > Hi Mike, I'd kind of hoped that "all of the spam in the world has disappeared" and I was the last to know :O) To be honest I suspect that there's a problem with my ISP but they're so evasive about anything they do that I didn't want to have to confront them about yet another issue. There is so very little functionality about my ISP's mail handling that I suspect that they have no concept of false positive - it may have all gone 'bye bye', spam or not. Thanks, Keith From nobody at devnull.spamcop.net Mon Dec 12 11:58:02 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Dec 11 22:00:04 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: Alex Gitlin wrote: > A lot of spam comes from China. What are the statistics like - are those > spam reports we submit actually useful, are they paying off? (Or do the > Chinese sysadmins simply ignore them?) So far I'm not seeing much > improvement on the amount of spam coming in, but I've only been on Spamcop > for a couple of weeks. I am having trouble with the word 'from' in your subject line. Although a lot of spam comes from servers located in China, almost 100% of my spam "from" China originates from spammers in the U.S. I get about 1 spam message a month that is in Chinese, and about 2 in Russian. The rest is in English, advertising "services" that is often restricted to US citizens only, and originate from well-known spammers in Florida and elsewhere in the US. Not to mention that they often exploit servers in China and the rest of the world without knowledge and/or permission of the owners. But of course it's always easy to blame the Chinese, and Asians in general, and their corrupt governments. From nobody at devnull.spamcop.net Mon Dec 12 12:02:25 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Dec 11 22:05:02 2005 Subject: [SpamCop-List] Re: I want more spam! In-Reply-To: References: Message-ID: Spaz wrote: > I'm creating a database of spam messages but I only get 3-6 spams about every other day. What's the > best way for me to get on a good spam list? I'm going to set up a special email address just for > spam. Create a website with the target email address prominently displayed. Make sure your website is listed in Google and Yahoo. Post in newsgroups like this with the target email address in the From header. Use "unsubscribe" links in received spam to subscribe to more spam. From jg at coks.net Sun Dec 11 19:21:39 2005 From: jg at coks.net (jg) Date: Sun Dec 11 22:20:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: On 12/11/2005 12:35 PM Mike Easter scribbled: > jg wrote: > >>Frank Ellermann scribbled: > > >>> $TBD, Frank >> >>Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a >>teapot... > > > When you reply to Frank, do you leave it - bye Frank - in or manually > trim it from Frank's quote? > I don't pay attention to it - its a gnat on an elephants ass - I have enough other shit in life to bother me. Sorry... From MikeE at ster.invalid Sun Dec 11 19:25:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 22:30:02 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: Patto wrote: > Alex Gitlin wrote: >> A lot of spam comes from China. > I am having trouble with the word 'from' in your subject line. > Although a lot of spam comes from servers located in China, almost > 100% of my spam "from" China originates from spammers in the U.S. The problem with this 'conversation' is that you two haven't consolidated your terminology so that you are actually conversing with each other [or anyone else, for that matter] meaningfully about what you are talking about. It is a very bad idea to use terms like 'spammer' and/or 'from' in very or such ambiguous ways. To some, such terms refer to the 'entity' which is behind some spamvertisement. Others, the reg'd domainname spamvertised 'persona'. To others, 'from' means spamsource. And, to the rank amateur, from means what it sez in the From field. If you want to engage in a conversation about 'from' entities, you should henceforth use such terms as spamvertisers [or something else] and spamsource because from and spammer have no consistent meaning. Or, you can use 'from' and 'spammer' if you would like, but each time you use such a term, you should define it, which takes away the entire convenience or meaning of a term. Terms are supposed to save space, not confuse an issue. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 11 19:40:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 11 22:40:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: jg wrote: > Mike Easter >> jg wrote: >>> Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a >>> teapot... >> When you reply to Frank, do you leave it - bye Frank - in or manually >> trim it from Frank's quote? >> > I don't pay attention to it - its a gnat on an elephants ass - I have > enough other shit in life to bother me. I'm not quite clear. I like to understand the elements of a discussion. Do you consider 'bye Frank' an 'enjoyment' or a 'gnat on an elephants ass'? It doesn't seem logical to have it both ways. Nor neither. And, yet another option is 'I never thought about it one way or the other.' -- or somesuch. The issue of 'why are we discussing this?' -- is yet another subject which could probably go into another different thread. -- Mike Easter kibitzer, not SC admin From edb2000 at spamcop.net Sun Dec 11 21:08:39 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Mon Dec 12 00:10:04 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: <439C71F1.4C2B@xyzzy.claranet.de> References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > $TBD, Frank The "Bye, Frank" always made me think of 'Say goodnight, Dick.' 'Goodnight, Dick!' (Dan Rowan and Dick Martin, a running gag on Rowan & Martin's Laugh-In on US TV in the '60s and early '70s) From jg at coks.net Sun Dec 11 21:31:03 2005 From: jg at coks.net (jg) Date: Mon Dec 12 00:30:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: On 12/11/2005 7:40 PM Mike Easter scribbled: > jg wrote: > >>Mike Easter >> >>>jg wrote: > > >>>>Sorry, I sort of enjoy the Bye, Frank - this seems a tempest in a >>>>teapot... > > >>>When you reply to Frank, do you leave it - bye Frank - in or manually >>>trim it from Frank's quote? >>> >> >>I don't pay attention to it - its a gnat on an elephants ass - I have >>enough other shit in life to bother me. > > > I'm not quite clear. I like to understand the elements of a discussion. Not many elements to this subject nor is there any heavy understanding to be done. I apoligize for stepping into your little discussion but cannot find the offense in 'bye'... > > Do you consider 'bye Frank' an 'enjoyment' or a 'gnat on an elephants > ass'? > > It doesn't seem logical to have it both ways. Nor neither. > > And, yet another option is 'I never thought about it one way or the > other.' -- or somesuch. > > The issue of 'why are we discussing this?' -- is yet another subject > which could probably go into another different thread. Indeed... > > I took note of his signature signature and thought it mildly amusing and totally non-threatening, nor in bad taste or anything. I find the point of the discussion of same to be the gnat. Nor do I take it as seriously as you, so I'll beg out of the discussion and let you adults fight it out. Frankly Mike, you're more fun to tlak postal codes with... From bar_n0ne at hotmail.com Mon Dec 12 09:36:30 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Dec 12 00:40:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Mike Easter" wrote in message news:dniqid$e6s$1@news.spamcop.net... > > If you want to engage in a conversation about 'from' entities, you > should henceforth use such terms as spamvertisers [or something else] > and spamsource because from and spammer have no consistent meaning. Or, > you can use 'from' and 'spammer' if you would like, but each time you > use such a term, you should define it, which takes away the entire > convenience or meaning of a term. Terms are supposed to save space, not > confuse an issue. To my mind , in general there are 3 "spammers" 1) There is the gang/person that delivers spam somehow as a service, I think of them as "spammer" 2)There is the spamvertizer, who may be the same as 1 or a client of 1 3)there is the "owner" of the injecting machinery Then there are of course all kinds of willing accomplices, Most egregious are the registrars, second are black hat hosters. From MikeE at ster.invalid Mon Dec 12 08:06:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 12 11:10:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: jg wrote: > I took note of his signature signature and thought it mildly amusing > and totally non-threatening, nor in bad taste or anything. > I find the point of the discussion of same to be the gnat. Nor do I > take it as seriously as you, so I'll beg out of the discussion and let > you adults fight it out. > Frankly Mike, you're more fun to tlak postal codes with... Don't forget that I wasn't the one who started the sig discussion - which was initially about Jeff's excessive sig and evolved into Jeff critiqueing Frank's bye and Frank asking for input from us about that. I only joined at the 'input' request stage at which time I began my 'typical' or inimitable precision-oriented 'dissection' of the discussion. Our your and mine jg & Mike interaction about this came when you joined in during the dissection operation. You were interested in the dissection of the USPS state codes but not this dissection of a sig discussion. -- Mike Easter kibitzer, not SC admin From n4jwyfo02 at sneakemail.com Mon Dec 12 16:46:17 2005 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Mon Dec 12 11:50:04 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? In-Reply-To: References: Message-ID: Fred K. wrote: > "KD" wrote in message > news:dni6r4$3hb$1@news.spamcop.net... > >>Hi all, >>Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per >>day > > > If your ISP has iniated spam filtering, you should see the filtered spam on > their server in a spam folder. You *should* - in theory. In practice you often don't... and in many cases the senders don't even see bounce messages any more. Suspected spam just gets dropped to the floor and no one is ever any the wiser. From jg at coks.net Mon Dec 12 08:54:27 2005 From: jg at coks.net (jg) Date: Mon Dec 12 11:55:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: On 12/12/2005 8:06 AM Mike Easter scribbled: > > You were interested in the dissection of the USPS state codes but not > this dissection of a sig discussion. > Actually, Mike, all of your dissections interest me... From bill_beyer at excite.cXoYmZ Mon Dec 12 09:26:37 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Mon Dec 12 12:30:03 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnii9i$9jh$1@news.spamcop.net... > > "KD" wrote in message > news:dni6r4$3hb$1@news.spamcop.net... > > Hi all, > > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per > > day > > If your ISP has iniated spam filtering, you should see the filtered spam on > their server in a spam folder. Spam filters do give false positives, and > they should wind up in the spam box on their server. You have to be able to > check the email they classified as spam. Otherwise you could loose email > that they declare as spam when it really is something from somebody that you > don't want to miss. Not being able to see the email they classify as spam is > a bad thing. This is an interesting thread. I was actually going to post a query about the effectiveness/relevance of blacklists. I have 2 main email addresses on different providers. 1 uses the SCBl and the other uses Brightmail. On both accounts I have seen a significant increase in spam emails which make it past both filters. Clearly some spammers are finding effective ways to get past the listings by hopping IPs. I have no way on either account to check the mail that gets blocked. It goes away and I don't ever see it. From jeffg at spamcop.net Mon Dec 12 12:59:03 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 12 13:00:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: "Don Wannit" wrote in message news:dnj0la$hnu$1@news.spamcop.net... > Frank Ellermann wrote: > > $TBD, Frank > The "Bye, Frank" always made me think of > 'Say goodnight, Dick.' > 'Goodnight, Dick!' > > (Dan Rowan and Dick Martin, a running gag on Rowan & Martin's > Laugh-In on US TV in the '60s and early '70s) I think Rowan & Martin borrowed that gag from earlier husband-and-wife comedy team Burns & Allen (George Burns and Gracie Allen): George: 'Say goodnight, Gracie.' Gracie: 'Goodnight, Gracie.' -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From exfenestrate at spammers.invalid Mon Dec 12 10:52:16 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Mon Dec 12 13:55:03 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: <1j4330awxrcqs.dlg@grc.aosake.net> On Sun, 11 Dec 2005 21:48:47 -0000, KD wrote: > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ per day > is now down to almost 0 and has been for nearly a week. Has there been a > downturn in spam or is it likely that my ISP have finally subscribed to a > block list or something (Talktalk UK). I have no way to know the answer to your context. I have seen a slight decline in spam landing in the "Bulk" folder of two accounts with Yahoo!'s SpamGuard in effect; with no corresponding increase in spam to the Inbox. Because, in theory, SpamGuard is only diverting spam to the "Bulk" folder, leaving me to sort out any false positives, I have to assume that the spammers are not targeting the affected accounts so much. OTOH, I have seen what seems to be an increase in attempts to deliver spam to my domain MX server. They run afoul of the Spamhaus and NJABL lists, mostly, or my own transaction filter, which rejects for certain specific reasons (HELO "localhost", or RCPT TO: ). I think it is really a futile exercise to understand anything spammers do, except that, in a general sense, they do what they do because they can do it. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From kenbrody at spamcop.net Mon Dec 12 16:31:14 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 12 16:40:02 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: Message-ID: <439DEC22.95E3188F@spamcop.net> Doug Thegarden wrote: > > Geoffrey Hyde wrote: > > > > Actually, because most cards pop up a display by default nowadays, that's > > not half as funny as it sounds. > > > > You just plug the card in, put the monitor on the card, boot the computer, > > install drivers etc, and away it goes. > > > > Unless you have been supplied with a DOA monitor as in this case. > > I get tired of dealing with tech support that are convinced it is the > user's incompetence not their product that's the problem. It took me 15 > mins on Monday to convince the Vodafone 3G tech support to check their > network status in the locality where I was having problems. They wanted > me to check my computer, check my drivers, uninstall and reinstall > software. Eventually by answering each attempt to get me to do > something with "Would you please check your network status in this area" > they eventually agreed to and lo and behold, they discovered their > network was down The problem is that there is no well-defined "I am a competent end-user and I would like to skip the luser-checks" protocol. Tech support has to talk to so many clueless people all day, that they have no way of knowing that you actually know what you're talking about. And, of course, the reverse is true as well -- you have no way of knowing the competency level of the support person, or whether the person knows anything beyond the script, and wouldn't know a netmask from a Halloween mask. My story involves my parents' computer, which they hadn't used to get online for several months. When I tried getting online, it would give me an error that the username/password wasn't valid. (Or something along those lines -- it was a few years ago.) After my mother verified that, yes, she had been paying the monthly fee, I called support to track down the problem. Well, you know how it goes... check the control panel, try this, verify that. Considering that the error indicated that it wasn't getting far enough for any of those settings to matter, I kept pushing for trying another route. (At the same time, I gave him the answers he wanted me to find. Perhaps that was my error, in actually answering his questions?) Well, to make a long story short (why do people always say that well past the time of it being "short"?), it turned out that the phone number being dialed was no longer valid. It happened to still have a modem at the other end answering the call, but it was no longer a valid dialup number for the ISP. A 5-second fix (type in a new number), and all was well. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Mon Dec 12 16:35:05 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Dec 12 16:40:12 2005 Subject: [SpamCop-List] Re: spam subject of the week References: Message-ID: <439DED09.CDB9AC68@spamcop.net> Don Wannit wrote: > > Subject: triumphal gonorrhoea [...] My vote is for: Final attempt to reach you My thought was "if only". -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at devnull.spamcop.net Mon Dec 12 18:18:30 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Dec 12 18:20:03 2005 Subject: [SpamCop-List] Re: How do I get my e-mail address UNBLOCKED?????? References: <439DEC22.95E3188F@spamcop.net> Message-ID: "Kenneth Brody" wrote in message news:439DEC22.95E3188F@spamcop.net... > Well, to make a long story short (why do people always say that well > past the time of it being "short"?), it turned out that the phone number > being dialed was no longer valid. It happened to still have a modem at > the other end answering the call, but it was no longer a valid dialup > number for the ISP. A 5-second fix (type in a new number), and all was > well. That's like the poster in Geeks who had McAfee trying to use an old password and causing problems. I have my own problems now that are probably caused by a similar 'only would occur to a geek' problem. Computers and software are not as simple as they seem! However, people who are not technically fluent need to see ITs in the same light as they do mechanics for their automobiles. If only the local computer shop would give me a 'loaner' while they work on mine! Miss Betsy From nobody at spamcop.net Tue Dec 13 00:12:58 2005 From: nobody at spamcop.net (I Hate Spam) Date: Mon Dec 12 19:10:02 2005 Subject: [SpamCop-List] Spamcop down Message-ID: An error occurred while processing your request. Reference #97.532eec40.1134432511.4840d72 From MikeE at ster.invalid Mon Dec 12 16:21:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 12 19:25:02 2005 Subject: [SpamCop-List] Re: Spamcop down References: Message-ID: I Hate Spam wrote: > An error occurred while processing your request. > Reference #97.532eec40.1134432511.4840d72 http://alpha.cesmail.net/graphics/spamstats.gif Notice the 'zero-ness' of the far right edge of the .gif. at 2005.Dec.12 4:20 PM PST UTC-0800 -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Dec 12 21:40:06 2005 From: jeffg at spamcop.net (Jeff G.) Date: Mon Dec 12 22:05:06 2005 Subject: [SpamCop-List] Re: Spamcop down References: Message-ID: "Mike Easter" wrote in message news:dnl461$lu6$1@news.spamcop.net... > I Hate Spam wrote: > > An error occurred while processing your request. > > Reference #97.532eec40.1134432511.4840d72 > > http://alpha.cesmail.net/graphics/spamstats.gif > > Notice the 'zero-ness' of the far right edge of the .gif. > > at 2005.Dec.12 4:20 PM PST UTC-0800 Recovery should have completed by about 19:55 EST -0500 (00:55 UTC -0000, 16:55 PST -0800). For more info, please see http://forum.spamcop.net/forums/index.php?showtopic=5288&view=findpost&p=37626 -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From edb2000 at spamcop.net Mon Dec 12 20:30:08 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Mon Dec 12 23:35:06 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum In-Reply-To: References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: Jeff G. wrote: > I think Rowan & Martin borrowed that gag from earlier husband-and-wife > comedy team Burns & Allen (George Burns and Gracie Allen): > George: 'Say goodnight, Gracie.' > Gracie: 'Goodnight, Gracie.' > Right you are! From nobody at devnull.spamcop.net Tue Dec 13 14:01:12 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 13 00:05:02 2005 Subject: [SpamCop-List] Re: Soft on Sale In-Reply-To: References: Message-ID: Jeff G. wrote: > "Patto" wrote in message > news:dn67rg$4h3$1@news.spamcop.net... >> Actually I remembered incorrectly, I used netpiracy[at]siia.net in the >> past. This seems to be the correct address to report Internet piracy. >> See http://www.siia.net/piracy/report/internet.asp > > Interestingly, I see HREF="MAILTO:netpiracy@spa.org">netpiracy@spa.org on that page. You are right. Doing a Google on 'netpiracy' on the siia.net site actually yields 3 addresses: netpiracy@siia.net - http://www.siia.net/piracy/report/cap_corp_form.asp netpiracy@siia.org - http://www.siia.net/piracy/pubs/WhatToDo.pdf netpiracy@spa.org - http://www.siia.net/piracy/report/internet.asp From munged at nomorespamithurts.com Tue Dec 13 07:40:34 2005 From: munged at nomorespamithurts.com (KD) Date: Tue Dec 13 02:45:02 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "KD" wrote in message news:dniiq5$9ts$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:dnihe5$90b$1@news.spamcop.net... >> KD wrote: >>> Obviously I'm being a bit thick here but my usual 'spam load' of 50+ >>> per day is now down to almost 0 and has been for nearly a week. Has >>> there been a downturn in spam or is it likely that my ISP have >>> finally subscribed to a block list or something (Talktalk UK). >> >> You must surely be the one who is in the best position to evaluate what >> is going on at your provider than the rest of us. >> >> Or, is it you concept that suddenly all the spam in the world has fallen >> to zero and we are all hanging about in here talking about it? >> >> Let me see, which scenario is the most likely? That >> >> - your mailserver is totally broken, causing you to get some tiny >> fraction of all of your mail, including spam >> - your mailserver has introduced some kind of spamfilter, good, bad, or >> indifferent, which is causing you to 'lose' most of your mail, including >> spam, goodmail, and other >> - your mailserver has introduced a perfect spamfilter, which only >> eliminates all of your spam and none of your goodmail >> - suddenly all of the spam in the world has disappeared >> >> Choose one of the above. >> >> -- >> Mike Easter >> kibitzer, not SC admin >> > Hi Mike, > I'd kind of hoped that "all of the spam in the world has disappeared" > and I was the last to know :O) To be honest I suspect that there's a > problem with my ISP but they're so evasive about anything they do that I > didn't want to have to confront them about yet another issue. There is so > very little functionality about my ISP's mail handling that I suspect that > they have no concept of false positive - it may have all gone 'bye bye', > spam or not. > > Thanks, > Keith > ahaaaa ... just spotted it. Tesco dot net (mail server) have now introduced the default setting 'Delete Spam Immediately'. I'll just turn that bit off and see what happens :O( Thanks all, Keith From verdy_p at wanadoo.fr Tue Dec 13 13:08:54 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 07:15:03 2005 Subject: [SpamCop-List] Re: Where's the spam gone ? References: Message-ID: "Bill Beyer" a écrit dans le message de news: dnkbpn$874$1@news.spamcop.net... > > "Fred K." <96q7vwa02@sneakemail.com> wrote in message > news:dnii9i$9jh$1@news.spamcop.net... >> >> "KD" wrote in message >> news:dni6r4$3hb$1@news.spamcop.net... >> > Hi all, >> > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ >> > per >> > day >> >> If your ISP has iniated spam filtering, you should see the filtered spam >> on their server in a spam folder. Spam filters do give false positives, >> and >> they should wind up in the spam box on their server. You have to be able >> to check the email they classified as spam. Otherwise you could loose >> email that they declare as spam when it really is something from >> somebody that you don't want to miss. Not being able to see the >> email they classify as spam is a bad thing. > > This is an interesting thread. I was actually going to post a query about > the effectiveness/relevance of blacklists. I have 2 main email addresses > on > different providers. 1 uses the SCBl and the other uses Brightmail. On > both > accounts I have seen a significant increase in spam emails which make it > past both filters. Clearly some spammers are finding effective ways to get > past the listings by hopping IPs. > > I have no way on either account to check the mail that gets blocked. It > goes > away and I don't ever see it. My ISP has a subscription option for its antispam, but does not publish which RBL list it uses. It may have a positive effect if spammers can't test their campaign against known lists. May be it uses its own list of known spams and spammers, based on the reported emails marked by its users using "this is spam", and from various secret honey pots that silently monitors incoming spams (trying to reach an address which has been initially advertized in some "don't reply" messages posted to some newsgroups that are known to be used by spammers. Or by subscribing and immediately subscribing to known unsafe lists.) Well, its detection rate is very high, and it puts the spams in a "undesirable" folder, which can be cleaned automatically after 1 week or left for analysis by the mailbox owner. I sometimes look at this folder, only once or twice a week, to verify the content it has filtered, or when I still can't see an email that I am expecting. I have still not seen any false positive since several months I use it (and this filter collects about 150 to 250 spams each day per email address), so now I don't have to report them (instead I concentrate on reporting now only the few spams that can still pass through the filter). So the detection rate is about 98% with 0% false positive. This really saved me lot of time, much more than when I was usinga single RBL list, andwith muchless false positives than with SCBL alone. (Note that I don't count virus messages as spams, because my ISP also includesa separate optionfor filtering virus silently; although I also have my own local antivirus installed, it saves lots of space in my mailbox, and I don't need to report them or care about them). The occurence of virus reaching my mailboxwithout being detected by the ISP is extremely small. When this occurs, this is most often not detected by my local antivirus installation, but they are still easy to identify as small compressed attachments from random sources and subjectslineswith no meaning for me. There's no reasonfor me to even open and read the messageand not even its attachment, soI silently drop them. This generally occurs for a very short time, for new virus variants. In more than 8 months since I subscribed this option, my local antivirus has quarantined automatically only 3 viral attachments, for some new SOBIG variants). In some weeks, with the new EUDC-related law, my ISP will be able to create comparable fingerprints of all emails coming to or going from its email servers, meaning that it should be able to autodetect spams based on content, statistics, location of the mailing lists and identification of the sender, all that automatically even without needing any user report (note that the law will require my ISP to extend its usage logging from 2 months to 2 years, that's a bad thing in my opinion for privacy, because these logs will be shareable across ISPs and private security agencies, including some with weak behavior and discutable commercial practices). From verdy_p at wanadoo.fr Tue Dec 13 14:07:28 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 08:10:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Patto" a écrit dans le message de news: dniovt$d6c$1@news.spamcop.net... > I am having trouble with the word 'from' in your subject line. Although a > lot of spam comes from servers located in China, almost 100% of my spam > "from" China originates from spammers in the U.S. I get about 1 spam > message a month that is in Chinese, and about 2 in Russian. The rest is in > English, advertising "services" that is often restricted to US citizens > only, and originate from well-known spammers in Florida and elsewhere in > the US. Not to mention that they often exploit servers in China and the > rest of the world without knowledge and/or permission of the owners. > > But of course it's always easy to blame the Chinese, and Asians in > general, and their corrupt governments. I fully agree with this. In fact the few emails written in Chinese I receive sometime do not come from Chinese spamvertizers (in PRC) but from Taiwan or Singapore. China is wellknown to have setup a very intrusive filtering system that can really track the activities of its citizens and of small businesses that still refuse to pay the price of corruption. Now the bigget problem in China comes with its regionalized structure of its very large ISPs (china net com for example), which are locally corruptible by large businesses installed in Hong Kong, Beijing and Shangai, and that provide and sell expensive bullet proof hosting to US spammers. There's evidence that these bulletproof hosting services are getting lots of precious dollars which is then used to corrupt and compromize local filters and security enforcement teams. China seems to be blind to such activity because it does not harm its own business and does not violate the antidemocratic control of its citizens, and because it collects taxes and profits a lot to its external commercial balance. But if you look further, you'llsee that China is not the only one in cause: large US bandwidth providers installed in China are complice of this activity because they sell their bandwidth to Chinese bulletproof service providers, and because they want to profit from other businesses in China with its explosive economic growth. Here I see what MCI/UUNET, Level3 and Sprint are doing in China: they are blind to the problem, because they do not host themselves the spamming services but do provide a general connectivity that allows them to sell telecommunication services, or to transport computing activites made at low price in China. Lots of US companies (including IBM, Apple, Dell, Gateway, Acer, Microsoft...) are complice of this, each time they are delocating their computing activities in China: they want low cost jobs, and low cost connections, so they permit that US telcos provide general connectivity with China and don't want filters. Clearly China is bad, and India still doesnot have the same level of problems, depsite it has a now large computing business and large phone and Internet market, with lots of quality programmers. The difference is that India is a democracy, which is much easier to control by its own public without being threatened by its police. Less corruption in India means more respectuous behavior. Brasil is approximately in the same situation as India but its still recent economic crisis and its long history with narco-trafficants and organized crime has left a high level of corruption. This country is still very dangerous for its citizensbecause the law isnot applied the way it should be. Large cities inBrasilare still among the most dangerous ones in the world (with rapts and lots of murders against businessmen if they don't pay enough for their own physical security). So it's not surprizing that Brasil gets the same high level of spam coming from hosts located there. But I don't want to accuse more China and Brasil. It's a fact that spam is operated by large gangs with lot of money, and enough money to corrupt lots of people, but also to pay hackers around the world so that they will write for them the firearms that they will be able to use worldwide. Today's most important problem is the money of spamgangs, and the lack of application of existing laws in the most developed countries (where these gangs are operating to corrupt the rest of the world). It should be time to consider these gangs for what they are: Gangsters! Today, even the most criminal gangsters and trafficants are organizing their spam activities on the Net because it is FAR LESS dangerous and MUCH MORE profitable than legacy traffics (the price of illegal drugs is now constantly dropping, they can't find the economic growth they need in their "business", so they invest nowa lot in more profitable activities): they create and finance affiliate programs, finance spywares and spamwares, and even sell their illegal service to existing legal businesses that are already exposed to growth problems in markets with lots of competitors. They steal revenue from affiliation programs, illegally sell drugs on the Internet (if they only deliver something to their abused customers!), constantly make bank robberies (by stealing credit card numbers). From nobody at xyzzy.claranet.de Tue Dec 13 14:10:59 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 13 08:15:02 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: <439EC863.4C68@xyzzy.claranet.de> Jeff G. wrote: > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 Yes, that works. Thanks, Frank From verdy_p at wanadoo.fr Tue Dec 13 14:27:36 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 08:30:02 2005 Subject: [SpamCop-List] Re: I want more spam! References: Message-ID: "Jeff G." a écrit dans le message de news: dndljm$no6$1@news.spamcop.net... > "Spaz" wrote in message > news:dnbajd$aos$1@news.spamcop.net... >> What's the best way for me to get on a good spam list? > > In addition to what the others have written, you could also: > read your spam, with HTML rendered reading a spam with HTML rendered is not dangerous by itself and doesnot generate more spam. What is really dangerous is the cross-site linking, with external documents (scripts, images, stylesheets, objects...) loaded from URLs on the internet instead of within the HTML email itself. These links contain hidden cookies that allow spammers getting a confirmation that the email has reached its recipient, and allow them to create profiles of users possibly interested in similar "products", and for which it will be profitable to send more related spams until they buy something or give their credit card number. Spammers are using the same marketing strategies also used by legal companies, except that they absolutely don't care about privacy and laws. Their business is really unfair and opposed to all acceptable commercial practices that legal businesses can't use without becoming outlaws. Don't be surprized then, when legal business are fed up of the constraints that put them in unequal position for competition, and when they are new too often tempted to use some of the same unfair practices (see the Sony rootkit affair, or violation of distribution rights by the largest media distributors). Spammers are a clear threat to democracy, to the protection of citizen freedoms, and to the stability of countries. The various disorders they insuflate in the economy have now a very huge cost (probably much more now than the existing narcotraffics or even terrorism). The threat they have caused have had so much impact on our lives thatthey could be the cause of international instability (caused by destabilisation of economic rules, the abandon of the application of existing laws, and the creation of new laws that profit only to a minority of large businesses). Tomorrow, if nothing is done, they will directly create political instabilities, hainous behaviors and speeches against minorities or foreign countries, and finally wars. From nobody at xyzzy.claranet.de Tue Dec 13 14:49:48 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 13 08:55:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> Message-ID: <439ED17C.239B@xyzzy.claranet.de> Mike Easter wrote: > I think whatever you determine should go below a sig > delimitor, not above it. That's a small problem, often I have to fix typos / links in a finished mail or article: Edit file "outbox" before clicking "send now". My editor (and I) don't believe in trailing blanks, so that would replace the "-- " by "--". Unless I create a special profile to force "trailing on". But then I'd also preserve all unnecessary trailing blanks. Admittedly "...last line... $TBD, Frank" is too terse, but the $TBD sign off _before_ the signature (in a separate line) is better for my combination of newsreader / editor. Found in slrn's manual.txt (version 0.9.7.3): | 4.2.100. signoff_string | Type: string | Default: (unset) | The value of this variable will be inserted before the signature. This | is useful for people who want to sign off their messages with their | name, like it is common in some groups. | Note: If you use this feature, do not append much more than your name | with it, or you will annoy your readers. If you want to tell people | the URL of your homepage or append some funny quote to your postings, | put it in your ``signature file''. So actually I'm looking for something better than "Bye, ", "Cheers, ", or "Regards, ", but not "-- " ;-) -- begin 644 greets.txt /1W)E971S+"!& <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> <439ED17C.239B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> I think whatever you determine should go below a sig >> delimitor, not above it. > > That's a small problem, often I have to fix typos / links > in a finished mail or article: Edit file "outbox" before > clicking "send now". My editor (and I) don't believe in > trailing blanks, so that would replace the "-- " by "--". I don't understand yet. Further down you are saying that your newsreader is slrn, but it is my understanding that slrn has a compliant sig delimitor. But your description of the editor stripping the trailing space sounds like the age-old problem of why OE couldn't have a compliant sig delimitor until whatever changes came along in some OE6 version. > Unless I create a special profile to force "trailing on". > But then I'd also preserve all unnecessary trailing blanks. I wonder how OE6 'recently' resolved the issue between wanting an editor which deleted trailing spaces and wanting a compliant sig. > Admittedly "...last line... $TBD, Frank" is too terse, but > the $TBD sign off _before_ the signature (in a separate > line) is better for my combination of newsreader / editor. > > Found in slrn's manual.txt (version 0.9.7.3): > >> 4.2.100. signoff_string > >> Type: string >> Default: (unset) > >> The value of this variable will be inserted before the signature. >> This is useful for people who want to sign off their messages with >> their name, like it is common in some groups. > >> Note: If you use this feature, do not append much more than your name >> with it, or you will annoy your readers. If you want to tell people >> the URL of your homepage or append some funny quote to your postings, >> put it in your ``signature file''. I'm afraid I don't understand the meaning of those pars. Is that saying that somehow the signoff string is something different from a sig? My confusion is over my belief that slrn has a compliant sig delimitor and that yet there is something about your usage of slrn that prevents you from using slrn's sig delimitor. In spite of the discussion so far, I can't resolve that confusion. Is everyone else who uses slrn using it differently than you? > So actually I'm looking for something better than "Bye, ", > "Cheers, ", or "Regards, ", but not "-- " ;-) -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Tue Dec 13 11:23:43 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Dec 13 11:40:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: Message-ID: <439EF58F.59B79199@spamcop.net> Don Wannit wrote: > > Subject: triumphal gonorrhoea > > [yeah, it always wins in the end...] Subject: longlasting erectlions I don't know about you, but I prefer my lions nice and relaxed. Especially after reading stories like this one: http://www.azcentral.com/offbeat/articles/1212lionbite12-ON.html -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Tue Dec 13 08:59:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 12:00:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Kenneth Brody wrote: > I don't know about you, but I prefer my lions nice and relaxed. > Especially after reading stories like this one: > > http://www.azcentral.com/offbeat/articles/1212lionbite12-ON.html I know it always makes you folks crazy about my nit-picking, but.... Let me see, I have a mental picture of a lion's dentition, and I also have a mental image of the term 'tip' as it applies to a finger. That is a finger 'tip' is not very much finger(tip) -- it certainly wouldn't be everything from the last joint, or shouldn't be, somewhere between the tippy tip end and somewhere up the fingernail. So, how does a lion bite off the 'tip' of someone's finger? I can see it being someone's finger, but the tip? And another thing. Why does the article make the sentence say "And ate it." For goodness sakes. They are acting like a lion biting off something and then subsequently eating it are two separate operations. If so, I would certainly like to see that. Like, I can see a lion biting off a zebra's leg and then eating it -- but how does a lion bite off a finger tip in the first place and *THEN* eat it? Inquiring minds want to know. I need a video and a closeup macro shot of the finger sans tip post lion nip. And another thing. What kind of flowers were those in the lion cage, anyway? I have to figure out whether this adventure into the cage was more or less stupid than the Japanese man who jumped into the lion cage and demanded that the lion bite him. -- Mike Easter kibitzer, not SC admin From tking at brazoslogsitics.com Tue Dec 13 12:30:49 2005 From: tking at brazoslogsitics.com (Tommy King) Date: Tue Dec 13 13:40:03 2005 Subject: [SpamCop-List] BlackList Help Message-ID: I have thouroghly looked over our exchange server and cannot detect any milicous activity. No sober.* virus' detected. List is currently blocking my dedicated IP Address block. help! From nobody at xyzzy.claranet.de Tue Dec 13 19:35:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 13 13:40:11 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> <439ED17C.239B@xyzzy.claranet.de> Message-ID: <439F1466.3AA8@xyzzy.claranet.de> Mike Easter wrote: > Further down you are saying that your newsreader is slrn No, I tested it some years ago and still have the old manual. > it is my understanding that slrn has a compliant sig > delimitor. For sigs = signatures, of course. Not for a sign off line, as quoted from the manual, sign off comes before signature (or it's the end without signature). > Is that saying that somehow the signoff string is something > different from a sig? Yes. $TBD, Frank From bar_n0ne at hotmail.com Tue Dec 13 23:40:24 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 13 14:45:03 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: "Tommy King" wrote in message news:dnn49b$np1$1@news.spamcop.net... > I have thouroghly looked over our exchange server and cannot detect any > milicous activity. No sober.* virus' detected. List is currently blocking > my dedicated IP Address block. help! > > Exactly how can we help? Our ESP is not working so we don't know what IP (Mail server) is blocked, much less can we find out why. All we can do is point you to the help available through the web site, perhaps you will find some illumination there. If everything is clean on your end, the most likely cause is an autoresponder responding to a spam or viral message who's "reply to" or "from" was faked. (They almost all are). If such messages reach a spamtrap or a Spamcop user they can cause a listing. If you can reply with the blocking message you got or your outgoing mailserver IP then we might be able to help. You mentioned your address block, which is more serious, Spamcop never lists blocks unless coincidentally all IP's in the block are sending spam. So that is most unlikely unless all of your machines are infected with spamming trojans From verdy_p at wanadoo.fr Tue Dec 13 20:43:55 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 14:50:03 2005 Subject: [SpamCop-List] Re: XXX@devnul.spamcop.net References: Message-ID: "RW" a écrit dans le message de news: dnhsq6$tcq$1@news.spamcop.net... > With wanadoo.fr, abuse.net returns both postmaster@ and abuse@. We may > have heard from wanadoo.fr telling us they don't need/want two copies of > each report and to send to abuse@ only, so we'd devnull mail to > postmaster@. > > In the case of wanadoo.fr though, postmaster@ has bounced more than 50% of > reports sent, so the system set the account to bouncing and devnulls > reports destined for the address. True for the postmaster@ address which is clearly ineffective. Even the Wanadoo support does not indicate its existence to its own subscribers. The abuse@ address however is effectively working and effectively logged and archived for treatment. When calling their support by phone, I could even get information about a few of reports I had sent either through SpamCop or manually from another ISP or directly from Wanadoo. It is even possible to get contact when there's some technical difficulties or issues with the handling of some spams (for example when there are incorrect indentification, or broken headers during its transmission through several relays, or when some IP address is incorrectly reported due to missing or incorrect reverse DNS resolution caused by data that should have expired) But for general case, I don't expect a personnal response to the reports I may send them, because this is already too much work for me alone with only the spams I already receive. Don't expect that any ISP will pay one support worker at its abuse desk for each of their customer, just to solve the problems they have wirth the spam they individually receive. Solutions are then necessarily global with compromizes taken so that it will not disrupt the normal email service for most people. This necessarily involves automated processes which, like filters for incoming emails, can't be completely perfect, because it's impossible to build a fully trustable and equally mutual relationship mesh with millions of parties. From jeffg at spamcop.net Tue Dec 13 14:40:44 2005 From: jeffg at spamcop.net (Jeff G.) Date: Tue Dec 13 14:50:12 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: "Tommy King" wrote in message news:dnn49b$np1$1@news.spamcop.net... > I have thouroghly looked over our exchange server and cannot detect any > milicous activity. No sober.* virus' detected. List is currently blocking > my dedicated IP Address block. help! Sorry, I can't figure out from your post what exchange server you wrote about. As I wrote in "Want to post about your email being blocked?" at http://forum.spamcop.net/forums/index.php?showtopic=5597 , "Please help us to help you figure out why your email message (either to you or from you) was blocked. Specifically, please post the complete email message indicating the blockage, which would usually include the IP Address that was blocked, the IP Address of the server doing the blocking, the domain the sender was trying to send to, and the domain the sender was trying to send from, as well as any other IP Addresses being used by other systems that handled the message (either in the headers of the block message or in the headers of the message that was blocked). We don't need the left side (user portion) of either email address, just the right side (domain portion). Also, please see "Why am I Blocked?" at http://forum.spamcop.net/forums/index.php?showtopic=972 ." -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From verdy_p at wanadoo.fr Tue Dec 13 20:47:44 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 14:50:17 2005 Subject: [SpamCop-List] forwarded spams to SC not acknowledged today - SC queue halted? Message-ID: I've sent since this morning about 20 forwarding emails to my SC account report address, and none of them are acknowledged. I have checked that the emails I wassending to third party mail providers (to email accounts that I own) are working, somy ISP can't be the cause. Is SC incoming report queue halted? From spambait at whodat.net Tue Dec 13 14:05:14 2005 From: spambait at whodat.net (Darrel Toepfer) Date: Tue Dec 13 15:10:03 2005 Subject: [SpamCop-List] Re: forwarded spams to SC not acknowledged today - SC queue halted? In-Reply-To: References: Message-ID: Philippe Verdy wrote: > I've sent since this morning about 20 forwarding emails to my SC account > report address, and none of them are acknowledged. I have checked that the > emails I wassending to third party mail providers (to email accounts that I > own) are working, somy ISP can't be the cause. > > Is SC incoming report queue halted? I'm getting reports to process back, but in a very delayed fashion. Its been this way all morning... From nobody at nowhere.invalid Tue Dec 13 21:30:46 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 13 15:35:03 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: On Tue, 13 Dec 2005 12:30:49 -0600, Tommy King coughed into spamcop and left this in : > I have thouroghly looked over our exchange server and cannot detect any > milicous activity. Exchange itself running counts as "milicious[sic] activity" in my books. -- Steve Profanity is the one language all programmers know best. From verdy_p at wanadoo.fr Tue Dec 13 21:29:35 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 15:35:11 2005 Subject: [SpamCop-List] Re: forwarded spams to SC not acknowledged today - SC queue halted? References: Message-ID: "Darrel Toepfer" a écrit dans le message de news: dnn9hi$qpv$1@news.spamcop.net... > Philippe Verdy wrote: >> I've sent since this morning about 20 forwarding emails to my SC account >> report address, and none of them are acknowledged. I have checked that >> the emails I wassending to third party mail providers (to email accounts >> that I own) are working, somy ISP can't be the cause. >> >> Is SC incoming report queue halted? > > I'm getting reports to process back, but in a very delayed fashion. Its > been this way all morning... More than 12 hours now since transmission. Much to late for submitting these reports usefully. I wantto maintain a 3 hours limit, and will simply drop too old spams. I won't be able to report them manually now (because I've deleted my local copies) From BNRAGMAOKKXT at spammotel.com Tue Dec 13 20:40:31 2005 From: BNRAGMAOKKXT at spammotel.com (Canopus) Date: Tue Dec 13 15:45:03 2005 Subject: [SpamCop-List] Re: forwarded spams to SC not acknowledged today - SC queue halted? References: Message-ID: Philippe Verdy on 13/12/2005 wrote: >I've sent since this morning about 20 forwarding emails to my SC account >report address, and none of them are acknowledged. I have checked that the >emails I wassending to third party mail providers (to email accounts that >I own) are working, somy ISP can't be the cause. > >Is SC incoming report queue halted? I thought Yahoo Mail was running slow so I changed my returns address from SpamCop to my Googlemail account which I know is almost instantaneous. Now I'm not even getting the confirmation mail from SpamCop to activate my account on my new address so I'm doubly knackered (UK term 8?)) -- Rob http://www.flickr.com/photos/canopus_archives/ From MikeE at ster.invalid Tue Dec 13 12:46:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 15:50:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> <439ED17C.239B@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >> I think whatever you determine should go below a sig >> delimitor, not above it. > > That's a small problem, often I have to fix typos / links > in a finished mail or article: Edit file "outbox" before > clicking "send now". My editor (and I) don't believe in > trailing blanks, so that would replace the "-- " by "--". I'm still trying to understand this better. I understand that if the trailing space is deleted, that a sig delimiter won't work. I also understand that some editors are or can be configured to eliminate that trailing space, which I think can do something to help with the way wrap reformatting works. Your header has this line: X-Mailer: Mozilla 3.0 (OS/2; U) I can only interpret that to mean you are using some /n/x newsagent -- and that some who use /n/x newsagents use an external editor -- so I'm fuzzy on how that works in your specific case. You choose to use an external editor for your newsposts, yes? What is the sequence from external editor to newsposting? Does something go from editor to newsagent or from newsagent to editor or both or what? > Unless I create a special profile to force "trailing on". > But then I'd also preserve all unnecessary trailing blanks. How do most /n/x folks who use an external editor which can remove or not remove trailing spaces deal with the issue of compliant sig delimiters, as it is a very common condition to see /n/x newsreaders with compliant sigs. Do they all use an external editor with the deletion of trailing space turned off? >> The value of this variable will be inserted before the signature. >> This is useful for people who want to sign off their messages with >> their name, like it is common in some groups. I understand this now. That it is not a delimited sig. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 13 13:00:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 16:05:03 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: Steven Maesslein wrote: > Tommy King >> I have thouroghly looked over our exchange server and cannot detect >> any milicous activity. > > Exchange itself running counts as "milicious[sic] activity" in my > books. As long as we are going to get to spell our words however we like, I think I vote for 'mailicious'. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Dec 13 16:35:44 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 13 16:40:05 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > Kenneth Brody wrote: > > I don't know about you, but I prefer my lions nice and relaxed. > > Especially after reading stories like this one: > > > > http://www.azcentral.com/offbeat/articles/1212lionbite12-ON.html > > I know it always makes you folks crazy about my nit-picking, but.... > Mike, has anyone ever told you that you've a troubled soul? ;-) From MikeE at ster.invalid Tue Dec 13 13:54:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 16:55:02 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: indigo wrote: > Mike Easter wrote: >> Kenneth Brody wrote: >>> I don't know about you, but I prefer my lions nice and relaxed. >>> Especially after reading stories like this one: >>> >>> http://www.azcentral.com/offbeat/articles/1212lionbite12-ON.html >> >> I know it always makes you folks crazy about my nit-picking, but.... >> > > Mike, has anyone ever told you that you've a troubled soul? ;-) Researching this issue..... The woman and a man were spotted in the zoo about 30 minutes after closing time and were asked to leave. "It was at this point that the couple said the woman had been bitten on the finger by a lion," Mr Gibbons said. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 13 13:58:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 17:00:02 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > indigo wrote: >> Mike, has anyone ever told you that you've a troubled soul? ;-) > > Researching this issue..... > > > The woman and a man were spotted in the zoo about 30 minutes after > closing time and were asked to leave. > > "It was at this point that the couple said the woman had been bitten > on the finger by a lion," Mr Gibbons said. > "a woman leaned close enough for one to bite one of her fingers" No 'tip off', no 'and ate it' What is the story here? And what kind of flowers was it? -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Dec 13 17:02:04 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 13 17:05:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > > "a woman leaned close enough for one to bite one of her fingers" > > No 'tip off', no 'and ate it' > > What is the story here? And what kind of flowers was it? Lemmee guess....the first report was from Faux News....am I close? From MikeE at ster.invalid Tue Dec 13 14:02:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 17:05:11 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > "a woman leaned close enough for one to bite one of her fingers" > > No 'tip off', no 'and ate it' > > What is the story here? And what kind of flowers was it? // A spokeswoman for the hospital said she was unable to give any details about the treatment the woman was given, without knowing her name, because "we don't just record it as a lion bite". // ... or a cat bite, for that matter. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 13 14:10:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 17:15:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: >> Researching this issue..... > What is the story here? And what kind of flowers was it? // agapanthus flower [...] the holidaying Tasmanian woman lost the top of her middle finger [...] too embarrassed to reveal her identity [...] and has since returned to Tasmania // -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Tue Dec 13 23:27:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 13 17:30:04 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: On Tue, 13 Dec 2005 11:23:43 -0500, Kenneth Brody coughed into spamcop and left this in <439EF58F.59B79199@spamcop.net>: > Subject: longlasting erectlions No kitty porn here, please... -- Steve Do molecular biologists wear designer genes? From nobody at spamcop.net Tue Dec 13 17:28:48 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 13 17:30:12 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > Mike Easter wrote: > > > "a woman leaned close enough for one to bite one of her fingers" > > > > No 'tip off', no 'and ate it' > > > > What is the story here? And what kind of flowers was it? > > // A spokeswoman for the hospital said she was unable to give any > details about the treatment the woman was given, without knowing her > name, because "we don't just record it as a lion bite". // > > ... or a cat bite, for that matter. Don't just? Or just don't? From 96q7vwa02 at sneakemail.com Tue Dec 13 13:48:57 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Tue Dec 13 17:50:03 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: "Tommy King" wrote in message news:dnn49b$np1$1@news.spamcop.net... >I have thouroghly looked over our exchange server and cannot detect any > milicous activity. No sober.* virus' detected. List is currently > blocking > my dedicated IP Address block. help! I could be wrong, but it looks like a troller to me as in How do I get my e-mail address UNBLOCKED?????? Just like that "Dora Smith", there probably will not be any reply from "Tommy King". Fred k. From MikeE at ster.invalid Tue Dec 13 14:59:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 18:00:03 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: Fred K. wrote: > "Tommy King" wrote in message >> I have thouroghly looked over our exchange server and cannot detect >> any milicous activity. No sober.* virus' detected. List is >> currently blocking >> my dedicated IP Address block. help! > > I could be wrong, but it looks like a troller to me as in > How do I get my e-mail address UNBLOCKED?????? Just like that "Dora > Smith", there probably will not be any reply from "Tommy King". Dora Smith is a real person with a website and an interesting posting history. brazoslogsitics is a misspelling here of brazoslogistics.com and there are listings for Tommy King and others as contacts for the company, which also has a website and is a trucking and logistics company But, I still don't know what IP is blocklisted. brazoslogistics MX doesn't have that name. -- Mike Easter kibitzer, not SC admin From jg at coks.net Tue Dec 13 15:02:28 2005 From: jg at coks.net (jg) Date: Tue Dec 13 18:05:03 2005 Subject: [SpamCop-List] New one to me... Message-ID: http://www.spamcop.net/sc?id=z840988452za1413d802ac7a2562ede217691c28ffbz Whats with all the different folks in the source listing. Also, this is 2nd parse and it shows sbc as refusing reports on the spamvert. In the 1st parse, I got a check box labeled "Experts Only - will be reviewed by SC Admin." Well, I'm certainly not an expert. However, the spamvert site is still up and it IS a spamvert so I checked the box and reported it with a note stating such, as requested. Haven't seen this before - is it something new? From jg at coks.net Tue Dec 13 15:11:11 2005 From: jg at coks.net (jg) Date: Tue Dec 13 18:10:04 2005 Subject: [SpamCop-List] Re: spam subject of the week In-Reply-To: References: <439EF58F.59B79199@spamcop.net> Message-ID: On 12/13/2005 1:58 PM Mike Easter scribbled: > No 'tip off', no 'and ate it' > > What is the story here? And what kind of flowers was it? > what kind of flowers were it, or what kind of flower was it, since we are getting technical... From MikeE at ster.invalid Tue Dec 13 15:42:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 18:45:02 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: jg wrote: > Mike Easter scribbled: >> What is the story here? And what kind of flowers was it? >> > what kind of flowers were it, or what kind of flower was it, since we > are getting technical... kind is singular. What kind was it? But, I like your reconstruction better, what kind of flower was it, which flows better, especially since the foolish and intrepid reach was actually for /a/ flower, just one, like you normally pick them, one at a time. The imperative would be, just exactly what (kind of) flower was she stupidly reaching for.... And, in fact 'kind of' is not really a very sophisticated terminology for addressing various flowers -- which is a nice orderly situation -- where the agapanthus has a genus, subfamily, and family; and that belongs to an order, class, and division in the plant kingdom^1. .... when her hand with its peripheral fingers, especially the middle one, became snapped up or nipped in the lion's teeth, probably causing her to reflexly jerk her hand back while the finger was entrapped in the sharp cusps of a young lion's 'bite' -- where bite is the meeting or approximation of the teeth upon closure. That jerking out of the bite in the closed sharp approximation most likely avulsed some flesh, quanitity unknown, but I suspect its torn 'pieces' remained attached to her finger and there was some repair at the hospital. But, biting the tip off and then eating it is not what the dainty lion did. ^1 Kingdom: Plantae Division: Magnoliophyta Class: Liliopsida Order: Asparagales Family: Agapanthaceae Subfamily: Agapanthoideae Genus: Agapanthus -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Dec 14 00:46:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 13 18:50:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: On Tue, 13 Dec 2005 15:11:11 -0800, jg coughed into spamcop and left this in : > what kind of flowers were it, or what kind of flower was it, since we > are getting technical... s/were it/were they/ -- Steve Before you criticize someone, you should walk a mile in their shoes. That way, when you criticize them, you're a mile away and you have their shoes. From verdy_p at wanadoo.fr Wed Dec 14 01:32:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 19:35:03 2005 Subject: [SpamCop-List] Re: forwarded spams to SC not acknowledged today - SC queue resumed with LACNIC problems References: Message-ID: "Canopus" a écrit dans le message de news: dnnbju$rv2$1@news.spamcop.net... > Philippe Verdy on 13/12/2005 wrote: > >>I've sent since this morning about 20 forwarding emails to my SC account >>report address, and none of them are acknowledged. I have checked that the >>emails I wassending to third party mail providers (to email accounts that >>I own) are working, somy ISP can't be the cause. >> >>Is SC incoming report queue halted? > > I thought Yahoo Mail was running slow so I changed my returns address from > SpamCop to my Googlemail account which I know is almost instantaneous. > Now I'm not even getting the confirmation mail from SpamCop to activate my > account on my new address so I'm doubly knackered (UK term 8¬)) Spamcop seems to have recovered most of its delays. It is however still very slow to reply. In addition, most resolutions of IPs in the LACNIC area are producing timeouts (and the local cache in SpamCop does not help, because LACNIC records have expired, and SpamCop's limitation on query rate means that it will take timeto recover). This just creates devnull'ed listings in SCBL for spam sources identified by IP, but no report. SpamCop needs some accesses to third-party DNS caches regarding LACNIC, and the IP-to-ASN resolution (and whois data) for the LACNIC address space needs to be solved. Shouldn't Spamcop sollicitate help from major US ISPs to get an access to those alternate caches, notably those with large connectivity such as AT&T and MCI/UUNet, when the local cache fails? If LACNIC is fialing in last ressort, shouldn't Spamcop try with alternate large RIRs (notably ARIN and RIPE NCC) ? I do think that all RIRs should provide excellent and unbreakable connectivity from caches run but all the other RIRs, simply to help serve more efficiently their effective area. I don't think that SpamCop actually requires authoritative data from the original RIR only. Recently I helped solving inconsistencies found in AfriNIC database (they came from preexisting entries that existed in ARIN before the ERX transfer to AfriNIC). I think that those secured links that allowed switching nearly instantly the authority from the origin RIR to the slave cache of ghe target RIR should still exist today to help managing the traffic in a scalable and geographically andtopologically efficient way (if SpamCop gives some trust to any RIR for resolving addresses or getting whoisdata, it should give similar trust to all of them for their regional caches; it's the natural way Internet works and scales: "authoritative" records are not needed constantlyunless the level of trust between anauthority and cache is different). From MikeE at ster.invalid Tue Dec 13 16:37:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 19:40:02 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: > // agapanthus flower [...] the holidaying Tasmanian woman lost the > top of her middle finger [...] too embarrassed to reveal her > identity [...] and has since returned to Tasmania // The two best articles re 'accuracy' refer to the 'top of the middle finger'. I'm dealing with a 'language barrier' here. If you are Australian, and of course it is now summertime and the African sourced agapanthus is in bloom, what does the top of your middle finger mean? I think of the 'top' as being the dorsal side; you have a palm and a palmar surface of your hand and fingers, and you have a 'dorsal' surface which is opposite your palmar surface, as in the 'back of' your finger. OTOH, if your finger had a 'top' [end] based on holding your hands up, with your hands and fingers pointed to the sky, as if you were an arrested perpetrator or a convict banished to the Australian penal colonies in the 18th century, then the 'top' of your finger might be the uppermost or highest or most distal phalanx -- ie the 'end' of your finger, not the 'top'. Anyway, here's a very good lead par + // Zoo director John Gibbons said today the woman, in her 20s, was picking agapanthus inside a barricade next to the enclosure when she was bitten by a young male lion. She lost the top of her middle finger in the attack, which occurred last Thursday.// Excellent lead; except for What the hell is the 'top of her middle finger'? Is this an aussie thing? Any oz in here? Or even a kiwi? We need a translation into 'merican engrish. -- Mike Easter kibitzer, not SC admin From verdy_p at wanadoo.fr Wed Dec 14 01:39:48 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 19:45:03 2005 Subject: [SpamCop-List] unreported Japanese spam from References: Message-ID: TRACKING URL: http://www.spamcop.net/sc?id=z840985084zbd706a6876f266d6c0221e5addf19979z Too many links, spamvertized websites not reported: http://ms1101.fc2web.com/michel/ Host ms1101.fc2web.com (checking ip) = 66.160.207.214 host 66.160.207.214 (getting name) no name http://s15.j-a-net.jp/gateway/click.cgi?a=02054&d=47619&u Host s15.j-a-net.jp (checking ip) = 59.106.30.169 host 59.106.30.169 (getting name) = new_click.j-a-net.jp. http://www.sukiya-nen.com/ Host www.sukiya-nen.com (checking ip) = 211.133.243.24 host 211.133.243.24 (getting name) no name http://www.h3.dion.ne.jp/~twz-2002 Host www.h3.dion.ne.jp (checking ip) = 203.181.105.113 host 203.181.105.113 = dhwww2.dion.ne.jp (cached) http://symply.net/kogane-5/ Host symply.net (checking ip) = 210.188.205.137 host 210.188.205.137 = sv318.lolipop.jp (cached) http://mobikuji.jp/?i=tq4ky Host mobikuji.jp (checking ip) = 202.218.36.194 host 202.218.36.194 = ns3.bizmail.jp (cached) http://an.lib.net/ringo/ Host an.lib.net (checking ip) = 220.213.225.23 host 220.213.225.23 = ss02.comax.net (cached) http://ism.rdy.jp/kunkun/ Host ism.rdy.jp (checking ip) = 202.181.99.17 host 202.181.99.17 = www297.sakura.ne.jp (cached) http://nt.lib.net/0505/ Host nt.lib.net (checking ip) = 220.213.225.22 host 220.213.225.22 = ss03.comax.net (cached) Note of them reported! Not even the link in the plain-text part: Reducing redundant links for s15.j-a-net.jp Reducing redundant links for www.sukiya-nen.com From: =?ISO-2022-JP?B?GyRCIVobKEIxGyRCS3wxX0V2JGshWyVeJSwlOCVzJDkkLSRkJE0kcyEqOHg8MCVeJSwlOCVzGyhC?= Subject: =?ISO-2022-JP?B?GyRCIiEhfklPSzMkSyU1JWglSiVpIUEbKEIoGyRCIl4bKEIwGyRCIl4bKEIpGyRCIT8bKEJ+fn4bJEIhfiIhGyhC?= I don't read Japanese, but this is one of the longest spam that contain lots of links to Japanese products, with many links going to http://www.sukiya-nen.com/ This spam comes from Tracking message source: 202.218.36.201: Routing details for 202.218.36.201 [refresh/show] Cached whois for 202.218.36.201 : info@bizmail.jp Using abuse net on info@bizmail.jp No abuse net record for bizmail.jp Using default postmaster contacts postmaster@bizmail.jp postmaster@bizmail.jp bounces (101 sent : 51 bounces) Using postmaster#bizmail.jp@devnull.spamcop.net for statistical tracking From MikeE at ster.invalid Tue Dec 13 16:57:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 13 20:00:03 2005 Subject: [SpamCop-List] Re: unreported Japanese spam from References: Message-ID: Philippe Verdy wrote: www.spamcop.net/sc?id=z840985084zbd706a6876f266d6c0221e5addf19979z > > Too many links, spamvertized websites not reported: Under my recommended optional reporter preference, all of those links [or none of them] would/could have been passed along to sc-surbl, and no SC resources would have been spend performing all of those useless resolutions, which turned out to not be good for anything anyway. By my reporter option, none of the spamvertisers would have been notified, but instead all of the notifies would have gone to a devnull based on their domainname. I didn't look at your tracker because I saw what was in .spam -- so it wouldn't be possible for someone who didn't have the char set and recognized .jp to be able to properly discern the IBs. > I don't read Japanese, but this is one of the longest spam that > contain lots of links to Japanese products, with many links going to > http://www.sukiya-nen.com/ -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Wed Dec 14 00:59:57 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 13 20:05:03 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: "jg" wrote in message news:dnnkab$1rq$2@news.spamcop.net... > On 12/13/2005 1:58 PM Mike Easter scribbled: > > >> No 'tip off', no 'and ate it' >> >> What is the story here? And what kind of flowers was it? >> > what kind of flowers were it, or what kind of flower was it, since we > are getting technical... Or, if we're getting *really* technical,,,,,, What kind of flowers were THEY - you can't have *were* with *it*. From verdy_p at wanadoo.fr Wed Dec 14 02:06:02 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 13 20:10:03 2005 Subject: [SpamCop-List] Re: unreported Japanese spam from References: Message-ID: "Mike Easter" a écrit dans le message de news: dnnqko$5re$1@news.spamcop.net... > Philippe Verdy wrote: > www.spamcop.net/sc?id=z840985084zbd706a6876f266d6c0221e5addf19979z >> >> Too many links, spamvertized websites not reported: > > Under my recommended optional reporter preference, all of those links > [or none of them] would/could have been passed along to sc-surbl, and no > SC resources would have been spend performing all of those useless > resolutions, which turned out to not be good for anything anyway. > > By my reporter option, none of the spamvertisers would have been > notified, but instead all of the notifies would have gone to a devnull > based on their domainname. > > I didn't look at your tracker because I saw what was in .spam -- so it > wouldn't be possible for someone who didn't have the char set and > recognized .jp to be able to properly discern the IBs. I found no way to transmit this message in .spam exactly like the one I received, because once encoded, it genererated too long lines that may upper news server rejects. Unfortunately, I can't choose the same 7-bit ISO-2022-JP for sending the message, so the message is full of escape sequences that don't cross my news server. If I encode the exact ASCII only content, then the ESCAPE characters present in the spam are translated into 8-bit form using quoted printable, and this generates too long lines (and there's no way to recover from that error because lines are not splitted as they should, using quoted printable, to bypass this limit, notably in lines that don't contain any space). I see no way to transmit an exact copy of the mailI received to your newsserver. Anyway, there are enough evidence, by the number of links related to the same domain, that sukiya-nen.com is spamming, and that its sender is accurate (the other links seem to be links to affiliation programs). So these spams without spaces are a problem, and this will allow spammers in chinese, japanese, korean to easily avoiding reporting. After saying that, the same technic becomes applicable for other languages, including English if they replace all spacesby ideographic spaces, and change to full-width ASCII, sent in a ISO-2022 charset. This looks like a way to prevent reporting of spamvertized sites (so all we canreport if one of the millions of open-proxies running in PCs worldwide infected by viral spamware, those being the least effective to close after abuse reports, because their users are not even aware that their PC is harvested this way to relay spam). From tmcgraw at spamcop.net Tue Dec 13 17:37:07 2005 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Dec 13 20:40:02 2005 Subject: [SpamCop-List] Re: spam subject of the week In-Reply-To: <439EF58F.59B79199@spamcop.net> References: <439EF58F.59B79199@spamcop.net> Message-ID: Kenneth Brody wrote: > > Subject: longlasting erectlions > > I don't know about you, but I prefer my lions nice and relaxed. Especially > after reading stories like this one: > > http://www.azcentral.com/offbeat/articles/1212lionbite12-ON.html http://www.jsonline.com/news/metro/dec05/377189.asp From nobody at spamcop.net Wed Dec 14 08:18:47 2005 From: nobody at spamcop.net (Tuatara) Date: Wed Dec 14 03:20:04 2005 Subject: [SpamCop-List] ISP Failure to Block Spam Message-ID: <439fd1b2.110153203@news.spamcop.net> First off, I know what the logical solution to my problem is: Find another ISP, but... My ISP, Earthlink, touts their SpamBlocker as being able to block nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect Email folder. There's the one spammer whose spam SpamBlocker never catches. I have asked Earthlink's technical support about resolving this, and all I have gotten is the literal run-around. I don't think that their tech support staff even READS my e-mail. They seem to dole out canned responses. OK, they have incompetent technical support. As a matter of principle, if any spam makes it though the ISP's spam blocking, it's a victory for the spammer. I duly report the spam via SpamCop as well as Earthlink's manual spam reporting facility. Beyond their technical support, I cannot get through to anyone at Earthlink or their vaunted SpamBlocker facility to resolve this problem. Even though I have set the SpamBlocker to its highest setting, I'll get about 15 spam per day for every 2-3 it catches. That's a poor track record for blocking spam. How do I get through to anyone competent at Earthlink to resolve this? Their bumbling and worthless tech support staff are effective at deflecting the issue by feeding me a load of tripe. Does anyone know of any Earthlink contacts to escalate the issue beyond tech support? From g.hyde at bigpond.net.au Wed Dec 14 21:16:32 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed Dec 14 06:20:12 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: A couple of things you can do. The first you already suggested. The second is to get a spamblocking program like SpamAssassin or whatever is out there currently, and let it feed on these nasty spam emails that make it through the Earthlink filter. Thirdly, I wouldn't recommend trying to get someone intelligent at Earthlink to talk to - they probably think their spam filter blocks it all or don't have the time to care about one or two customers who do have problems with it. So it's really up to you to go out and find a solution that will block the unwanted emails. Lastly, but not least, report all of the spams that you get to SpamCop - if you report them you will at least be providing data for blocking or blacklisting servers and spammers, and getting their connections shut down. If it is a suspect spam and you're not sure if you should report it, post it in spamcop.spam and point it out here. Someone will tell you if it's a real spam email or not. As for the issue with long lines, I would recommend pasting the full source of the message from your mail reader, I use Outlook Express so it's just a matter of right-clicking the offending spam email, choosing Properties, Details, Message Source, and then right-clicking in the resulting window you get, choosing "select all" with the menu that pops up on the RMB, hiting Ctrl-c, and pasting that into the SpamCop "report spam" input window with ctrl-v or paste function. Outlook may have undesirable side-effects, such as tracking images in spam used to confirm your address is valid, so if you don't mind missing all the lovely pictures, you can view it in plain text or use a different mail client you're more familiar with, that doesn't run HTML code or let images load - as long as you can cut and paste the message source unaltered, SpamCop should be able to parse it. I hope these suggestions help with your problem. Cheers ... Geoffrey Hyde "Tuatara" wrote in message news:439fd1b2.110153203@news.spamcop.net... > First off, I know what the logical solution to my problem is: Find > another ISP, but... > > My ISP, Earthlink, touts their SpamBlocker as being able to block > nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect > Email folder. > > There's the one spammer whose spam SpamBlocker never catches. I have > asked Earthlink's technical support about resolving this, and all I > have gotten is the literal run-around. I don't think that their tech > support staff even READS my e-mail. They seem to dole out canned > responses. OK, they have incompetent technical support. > > As a matter of principle, if any spam makes it though the ISP's spam > blocking, it's a victory for the spammer. I duly report the spam via > SpamCop as well as Earthlink's manual spam reporting facility. > > Beyond their technical support, I cannot get through to anyone at > Earthlink or their vaunted SpamBlocker facility to resolve this > problem. Even though I have set the SpamBlocker to its highest > setting, I'll get about 15 spam per day for every 2-3 it catches. > That's a poor track record for blocking spam. > > How do I get through to anyone competent at Earthlink to resolve this? > Their bumbling and worthless tech support staff are effective at > deflecting the issue by feeding me a load of tripe. Does anyone know > of any Earthlink contacts to escalate the issue beyond tech support? > > From nobody at spamcop.net Wed Dec 14 08:38:24 2005 From: nobody at spamcop.net (indigo) Date: Wed Dec 14 08:40:08 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: Mike Easter wrote: "palmar surface"? Did you just make that up or is that a real term? From kenbrody at spamcop.net Tue Dec 13 19:03:27 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 14 09:45:02 2005 Subject: [SpamCop-List] Re: BlackList Help References: Message-ID: <439F614F.43FFB14E@spamcop.net> Mike Easter wrote: > > Steven Maesslein wrote: > > Tommy King > > >> I have thouroghly looked over our exchange server and cannot detect > >> any milicous activity. > > > > Exchange itself running counts as "milicious[sic] activity" in my > > books. > > As long as we are going to get to spell our words however we like, I > think I vote for 'mailicious'. Mmmm... E-mail... -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Wed Dec 14 10:15:46 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 14 10:20:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: <43A03722.2CB5F890@spamcop.net> Tuatara wrote: > > First off, I know what the logical solution to my problem is: Find > another ISP, but... > > My ISP, Earthlink, touts their SpamBlocker as being able to block > nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect > Email folder. [...] This may sound strange to some, but I specifically have not enabled my ISP's spam filtering, simply because I don't want to miss anything based on a false positive. At least with SpamCop's method of divering all suspects into another folder, rather than deleting or rejecting them, I get a chance to scan the subjects of everything in the "held mail" folder for any gray-area items for manual checking. Yes, I've missed some on occasion, and lost "real" e-mail, but that's the rare exception, and I'm sure much less often than had I left it up to my ISP to decide for me. I also receive some newsletters via e-mail that occasionally start with something along the lines of "it appears that aggressive spam filters caused some of you to not receive the last issue... again." -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Wed Dec 14 08:06:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 11:10:01 2005 Subject: [SpamCop-List] Re: spam subject of the week References: <439EF58F.59B79199@spamcop.net> Message-ID: indigo wrote: > "palmar surface"? Did you just make that up or is that a real term? Real. Synonym 'volar' which some people like. The advantage of volar is that it covers the sole of the foot as well, whereas I don't think of the sole of the foot as being a palm on a human. See MW below. Encarta: pal?mar adjective Definitions: of inner hand: relating to the palm of the hand or to the underside of an animal's forefoot [Mid-17th century. < Latin palmaris < palma "palm of the hand"] MW: adj : relating to the palm of the hand or the sole of the foot; "the volar surface"; "the palmar muscle" [syn: volar] -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 14 08:14:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 11:15:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: Tuatara wrote: > First off, I know what the logical solution to my problem is: Find > another ISP, but... There are a number of serious things wrong with EL. There are also some good points. > My ISP, Earthlink, touts their SpamBlocker as being able to block > nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect > Email folder. Spamblocker on high has a known spam and a suspect which is everything which isn't known or whitelisted. > There's the one spammer whose spam SpamBlocker never catches. I have > asked Earthlink's technical support about resolving this, and all I > have gotten is the literal run-around. I don't think that their tech > support staff even READS my e-mail. They seem to dole out canned > responses. OK, they have incompetent technical support. EL's support method is/ methods are/ extremely seriously flawed. I don't have time here to go into a description of how bad off EL's support is. Basically EL has decided that the best way for them to be competive is to have the kind of tech support which they have, and if that doesn't work for you and you need something else, you should hit the road, toad. > As a matter of principle, if any spam makes it though the ISP's spam > blocking, it's a victory for the spammer. I duly report the spam via > SpamCop as well as Earthlink's manual spam reporting facility. I also believe that EL's junkmail system is a waste of time, but EL admins have said that it is channeled where it is supposed to go -- but I'm not sure the Brightmail system where it is supposed to end up isn't a waste of time. > Beyond their technical support, I cannot get through to anyone at > Earthlink or their vaunted SpamBlocker facility to resolve this > problem. Even though I have set the SpamBlocker to its highest > setting, I'll get about 15 spam per day for every 2-3 it catches. > That's a poor track record for blocking spam. If you have your spamblocker on high, you should only receive the items which you whitelist, all the rest should be in suspect or known. > How do I get through to anyone competent at Earthlink to resolve this? You don't. If 'we' -- you and I or some other person here or on an EL support group such as earthlink.support.email can't figure out what is wrong, it won't get figured out. There is no EL support. > Their bumbling and worthless tech support staff are effective at > deflecting the issue by feeding me a load of tripe. Does anyone know > of any Earthlink contacts to escalate the issue beyond tech support? On the EL support ng/s, one person thinks he has a contact, but he's wrong. He doesn't. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 14 08:18:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 11:20:04 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: Tuatara wrote: > My ISP, Earthlink, touts their SpamBlocker as being able to block > nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect > Email folder. BTW, I have one main account setup at EL with spamblocker turned off, and I use SpamPal client side filtering to filter all of its mail and SP is pretty close to 100% effective, with no false positives and very few false negatives. I also have one minor account setup at EL with spamblocker on high. That account functions exactly as advertised, with 0% of spam coming thru' and 100% of my whitelisted mail being handled properly. I also have that suspect folder configured to not challenge, which is an extremely important configuration, which you should know about if you are using high spamblocker. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Wed Dec 14 11:18:56 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 11:25:04 2005 Subject: [SpamCop-List] Re: New one to me... References: Message-ID: "jg" wrote in message news:dnnjq1$1rq$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z840988452za1413d802ac7a2562ede217691c28ffbz > > Whats with all the different folks in the source listing. This is because of all the different folks listed at RIPE, as follows: 12/14/05 11:14:21 whois 62.43.145.167@whois.ripe.net whois -h whois.ripe.net 62.43.145.167 ... % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Note: the default output of the RIPE Whois server % is changed. Your tools may need to be adjusted. See % http://www.ripe.net/db/news/abuse-proposal-20050331.html % for more details. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '62.42.0.0 - 62.43.255.255' inetnum: 62.42.0.0 - 62.43.255.255 org: ORG-OA4-RIPE netname: ES-ONO-20000503 descr: ONO descr: Provider Local Registry country: ES admin-c: OIM1-RIPE tech-c: OIM1-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: ONO-MNT mnt-routes: ONO-MNT mnt-domains: ONO-MNT source: RIPE # Filtered organisation: ORG-OA4-RIPE org-name: ONO org-type: LIR address: C/Basauri 7 y 9 Urbanizacion La Florida address: 28023 address: Madrid address: Spain phone: +34 911809300 fax-no: +34 911809366 e-mail: ripe-admin@ono.es admin-c: MJS15-RIPE admin-c: VRS3-RIPE admin-c: FRL9-RIPE admin-c: JMD-RIPE admin-c: MJC7-RIPE admin-c: JABM1-RIPE admin-c: MFPC-RIPE mnt-ref: ONO-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered role: ONO IP MANAGER address: C/ Basauri, 5 address: Urbanizacion La Florida address: E-28023 Aravaca, Madrid address: SPAIN phone: +34911809300 fax-no: +34911809245 e-mail: ripe-tech@ono.es admin-c: JMD-RIPE tech-c: JMD-RIPE tech-c: JABM1-RIPE tech-c: MJS6-RIPE tech-c: MJC7-RIPE tech-c: AGG20-RIPE tech-c: FRL9-RIPE tech-c: MFPC-RIPE nic-hdl: OIM1-RIPE source: RIPE # Filtered % Information related to '62.43.0.0/16AS6739' route: 62.43.0.0/16 descr: Cableuropa - Ono descr: Ono network in whole Spain origin: AS6739 remarks: mail spam reports: abuse@ono.com remarks: security incidents: security@ono.com mnt-by: ONO-MNT source: RIPE # Filtered > Also, this is 2nd parse and it shows sbc as refusing reports on the > spamvert. In the 1st parse, I got a check box labeled "Experts Only - > will be reviewed by SC Admin." Well, I'm certainly not an expert. > However, the spamvert site is still up and it IS a spamvert so I checked > the box and reported it with a note stating such, as requested. > Haven't seen this before - is it something new? No, you correctly appealed SBC's denial of responsibility. Please note that SBC may have taken action, as now the Parser would send Reports to "best contacts dom_tech@gaoland.net postmaster@gaoland.net abuse@gaoland.net abuse@teleglobe.com". -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Wed Dec 14 08:33:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 11:35:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: Tuatara wrote: > Even though I have set the SpamBlocker to its highest > setting, I'll get about 15 spam per day for every 2-3 it catches. Do you have any addresses or domainnames whitelisted? Or blacklisted? The other day someone in EL support related that a great 'collection' of domainnames had somehow inexplicably gotten onto his blacklist without his doing it. Do you have your challenges for suspect mail turned off? -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Wed Dec 14 11:35:16 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 11:40:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: "Mike Easter" wrote in message news:dnpgj2$239$1@news.spamcop.net... > I also have one minor account setup at EL with spamblocker on high. > That account functions exactly as advertised, with 0% of spam coming > thru' and 100% of my whitelisted mail being handled properly. > > I also have that suspect folder configured to not challenge, which is an > extremely important configuration, which you should know about if you > are using high spamblocker. Mike is right about this - please don't configure anything to challenge. I Reported so many EarthLink misdirected challenges that Mark John, Network Abuse Engineer with EarthLink Network Abuse called me about them. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From mwnospam at comcast.net Wed Dec 14 11:45:08 2005 From: mwnospam at comcast.net (spamacyde) Date: Wed Dec 14 11:50:04 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Philippe Verdy" wrote in message news:dnmh4n$d4q$1@news.spamcop.net... > "Patto" a écrit dans le message de news: > dniovt$d6c$1@news.spamcop.net... > > I am having trouble with the word 'from' in your subject line. Although a > > lot of spam comes from servers located in China, almost 100% of my spam > > "from" China originates from spammers in the U.S. I get about 1 spam > > message a month that is in Chinese, and about 2 in Russian. The rest is in > > English, advertising "services" that is often restricted to US citizens > > only, and originate from well-known spammers in Florida and elsewhere in > > the US. Not to mention that they often exploit servers in China and the > > rest of the world without knowledge and/or permission of the owners. > > > > But of course it's always easy to blame the Chinese, and Asians in > > general, and their corrupt governments. > > I fully agree with this. In fact the few emails written in Chinese I receive > sometime do not come from Chinese spamvertizers (in PRC) but from Taiwan or > Singapore. > > China is wellknown to have setup a very intrusive filtering system that can > really track the activities of its citizens and of small businesses that > still refuse to pay the price of corruption. > > Now the bigget problem in China comes with its regionalized structure of its > very large ISPs (china net com for example), which are locally corruptible > by large businesses installed in Hong Kong, Beijing and Shangai, and that > provide and sell expensive bullet proof hosting to US spammers. There's > evidence that these bulletproof hosting services are getting lots of > precious dollars which is then used to corrupt and compromize local filters > and security enforcement teams. > > China seems to be blind to such activity because it does not harm its own > business and does not violate the antidemocratic control of its citizens, > and because it collects taxes and profits a lot to its external commercial > balance. > > But if you look further, you'llsee that China is not the only one in cause: > large US bandwidth providers installed in China are complice of this > activity because they sell their bandwidth to Chinese bulletproof service > providers, and because they want to profit from other businesses in China > with its explosive economic growth. Here I see what MCI/UUNET, Level3 and > Sprint are doing in China: they are blind to the problem, because they do > not host themselves the spamming services but do provide a general > connectivity that allows them to sell telecommunication services, or to > transport computing activites made at low price in China. > > Lots of US companies (including IBM, Apple, Dell, Gateway, Acer, > Microsoft...) are complice of this, each time they are delocating their > computing activities in China: they want low cost jobs, and low cost > connections, so they permit that US telcos provide general connectivity with > China and don't want filters. > > Clearly China is bad, and India still doesnot have the same level of > problems, depsite it has a now large computing business and large phone and > Internet market, with lots of quality programmers. The difference is that > India is a democracy, which is much easier to control by its own public > without being threatened by its police. Less corruption in India means more > respectuous behavior. > > Brasil is approximately in the same situation as India but its still recent > economic crisis and its long history with narco-trafficants and organized > crime has left a high level of corruption. This country is still very > dangerous for its citizensbecause the law isnot applied the way it should > be. Large cities inBrasilare still among the most dangerous ones in the > world (with rapts and lots of murders against businessmen if they don't pay > enough for their own physical security). So it's not surprizing that Brasil > gets the same high level of spam coming from hosts located there. > > But I don't want to accuse more China and Brasil. It's a fact that spam is > operated by large gangs with lot of money, and enough money to corrupt lots > of people, but also to pay hackers around the world so that they will write > for them the firearms that they will be able to use worldwide. > > Today's most important problem is the money of spamgangs, and the lack of > application of existing laws in the most developed countries (where these > gangs are operating to corrupt the rest of the world). It should be time to > consider these gangs for what they are: Gangsters! > > Today, even the most criminal gangsters and trafficants are organizing their > spam activities on the Net because it is FAR LESS dangerous and MUCH MORE > profitable than legacy traffics (the price of illegal drugs is now > constantly dropping, they can't find the economic growth they need in their > "business", so they invest nowa lot in more profitable activities): they > create and finance affiliate programs, finance spywares and spamwares, and > even sell their illegal service to existing legal businesses that are > already exposed to growth problems in markets with lots of competitors. They > steal revenue from affiliation programs, illegally sell drugs on the > Internet (if they only deliver something to their abused customers!), > constantly make bank robberies (by stealing credit card numbers). > > Ok, I am reportinga spam now and one of the administrators of a spamvertised web wants the report sent to cnc-abuse@abuse.sprint.net. Who are these people? What is their nationality? What is the color of their hat (har, har, har)? From nobody at nowhere.invalid Wed Dec 14 18:16:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 14 12:20:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: On Wed, 14 Dec 2005 11:35:16 -0500, Jeff G. coughed into spamcop and left this in : > I Reported so many EarthLink misdirected challenges that Mark John, > Network Abuse Engineer with EarthLink Network Abuse called me about > them. I assume you explained why you were reporting them as spam. What was his reaction to that? Just out of interest... -- Steve Sign spotted on a repair shop door: WE CAN REPAIR ANYTHING. (PLEASE KNOCK HARD ON THE DOOR - THE BELL DOESN'T WORK) From MikeE at ster.invalid Wed Dec 14 09:21:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 12:25:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: Tuatara wrote: > My ISP, Earthlink, touts their SpamBlocker as being able to block > nearly all spam. What SpamBlocker doesn't catch, ends up in a Suspect > Email folder. This configuration works the way it is supposed to work for me. > I have > asked Earthlink's technical support about resolving this EL's tech support doesn't work that way. Some providers are equipped to 'deal with' any kind of user question which comes along in one way or another. That is not the case at EL. EL's mail support results in what appears to be an unintelligent form of artificial intelligence trying to make a reply -- but the A-un-I - artificial unintelligence rarely even makes a meaningless reply to the correct subject, altho' sometimes it does make a meaningless reply to the correct subject. That's as good as it gets. Telephone support is generally accompanied by both a language barrier and a competency barrier. The way the competency barrier works is that if the user is incompetent, then the support functions as the blind leading the blind. If the user is highly competent, then it becomes the user leading the incompetent tech -- but even a competent user is not able to 'use' the tech to access a higher level of tech competency. EL's system for channeling to a higher level competency tech doesn't work the way most systems do. Chat support is somewhat more 'complex' -- because unlike mail, there's a real human correspondent. There are some who believe that you can crack the code of using chat effectively. I have used chat presumably successfully to 'notify' EL about some kind of problem -- because I know that notifying EL about a problem by mail or web feedback form doesn't work. > I don't think that their tech > support staff even READS my e-mail. I agree with that analysis. > They seem to dole out canned > responses. OK, they have incompetent technical support. Correct. > Even though I have set the SpamBlocker to its highest > setting, I'll get about 15 spam per day for every 2-3 it catches. > That's a poor track record for blocking spam. One way you could 'set this up' to be able to demonstrate what is going on to chat tech support would be to create a scenario in which someone can see with their own eyes what is going on. You would configure to not access your mailbox by pop for a period of time sufficient for it to get some mail. You would check it by webmail to see that it was properly configured re no whitelists and no challenges and also to demonstrate that nonwhitelisted mail was getting into the inbox. Then you would contact the EL chat support system and give the chat person access to your mailbox so that the chat support could see for themselves while they were online with your conversation what the condition of the inbox was. > How do I get through to anyone competent at Earthlink to resolve this? I would setup the demo as described and contact chat. Chat has been more effective than the other channels if the target problem is able to be demonstrated to the chat person. -- Mike Easter kibitzer, not SC admin From n4jwyfo02 at sneakemail.com Wed Dec 14 18:26:25 2005 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Wed Dec 14 13:30:02 2005 Subject: [SpamCop-List] Spamcop web site down? Message-ID: Am I right in thinking the Spamcop web site is down? An error occurred while processing your request. Reference #97.45f0d9c2.1134584660.b283e5 From jeffg at spamcop.net Wed Dec 14 13:30:06 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 13:35:02 2005 Subject: [SpamCop-List] Re: Spamcop web site down? References: Message-ID: "Aviatrix" wrote in message news:dnpo3k$78l$1@news.spamcop.net... > Am I right in thinking the Spamcop web site is down? Yes, you are, sorry to say. The stats graph is at http://alpha.cesmail.net/graphics/spamstats.gif , and my analysis is at http://forum.spamcop.net/forums/index.php?showtopic=5288&view=findpost&p=37831 . -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Dec 14 13:34:08 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 13:35:12 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: "Steven Maesslein" wrote in message news:slrndq0kqm.tp6.nobody@127.0.0.1... > On Wed, 14 Dec 2005 11:35:16 -0500, Jeff G. coughed into spamcop and > left this in : > > > I Reported so many EarthLink misdirected challenges that Mark John, > > Network Abuse Engineer with EarthLink Network Abuse called me about > > them. > > I assume you explained why you were reporting them as spam. What was his > reaction to that? > > Just out of interest... Yes, I did. He said he's been trying to apply pressure upwards to stop the confirmation system, but has been getting lots of resistance. :( On the upside, he didn't ask me to stop Reporting them. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Dec 14 13:44:53 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 13:50:05 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "spamacyde" wrote in message news:dnpi6i$36q$1@news.spamcop.net... > > "Philippe Verdy" wrote in message > news:dnmh4n$d4q$1@news.spamcop.net... > > "Patto" a ?crit dans le message de news: > > dniovt$d6c$1@news.spamcop.net... > > > I am having trouble with the word 'from' in your subject line. Although > a > > > lot of spam comes from servers located in China, almost 100% of my spam > > > "from" China originates from spammers in the U.S. I get about 1 spam > > > message a month that is in Chinese, and about 2 in Russian. The rest is > in > > > English, advertising "services" that is often restricted to US citizens > > > only, and originate from well-known spammers in Florida and elsewhere in > > > the US. Not to mention that they often exploit servers in China and the > > > rest of the world without knowledge and/or permission of the owners. > > > > > > But of course it's always easy to blame the Chinese, and Asians in > > > general, and their corrupt governments. > > > > I fully agree with this. In fact the few emails written in Chinese I > receive > > sometime do not come from Chinese spamvertizers (in PRC) but from Taiwan > or > > Singapore. > > > > China is wellknown to have setup a very intrusive filtering system that > can > > really track the activities of its citizens and of small businesses that > > still refuse to pay the price of corruption. > > > > Now the bigget problem in China comes with its regionalized structure of > its > > very large ISPs (china net com for example), which are locally corruptible > > by large businesses installed in Hong Kong, Beijing and Shangai, and that > > provide and sell expensive bullet proof hosting to US spammers. There's > > evidence that these bulletproof hosting services are getting lots of > > precious dollars which is then used to corrupt and compromize local > filters > > and security enforcement teams. > > > > China seems to be blind to such activity because it does not harm its own > > business and does not violate the antidemocratic control of its citizens, > > and because it collects taxes and profits a lot to its external commercial > > balance. > > > > But if you look further, you'llsee that China is not the only one in > cause: > > large US bandwidth providers installed in China are complice of this > > activity because they sell their bandwidth to Chinese bulletproof service > > providers, and because they want to profit from other businesses in China > > with its explosive economic growth. Here I see what MCI/UUNET, Level3 and > > Sprint are doing in China: they are blind to the problem, because they do > > not host themselves the spamming services but do provide a general > > connectivity that allows them to sell telecommunication services, or to > > transport computing activites made at low price in China. > > > > Lots of US companies (including IBM, Apple, Dell, Gateway, Acer, > > Microsoft...) are complice of this, each time they are delocating their > > computing activities in China: they want low cost jobs, and low cost > > connections, so they permit that US telcos provide general connectivity > with > > China and don't want filters. > > > > Clearly China is bad, and India still doesnot have the same level of > > problems, depsite it has a now large computing business and large phone > and > > Internet market, with lots of quality programmers. The difference is that > > India is a democracy, which is much easier to control by its own public > > without being threatened by its police. Less corruption in India means > more > > respectuous behavior. > > > > Brasil is approximately in the same situation as India but its still > recent > > economic crisis and its long history with narco-trafficants and organized > > crime has left a high level of corruption. This country is still very > > dangerous for its citizensbecause the law isnot applied the way it should > > be. Large cities inBrasilare still among the most dangerous ones in the > > world (with rapts and lots of murders against businessmen if they don't > pay > > enough for their own physical security). So it's not surprizing that > Brasil > > gets the same high level of spam coming from hosts located there. > > > > But I don't want to accuse more China and Brasil. It's a fact that spam is > > operated by large gangs with lot of money, and enough money to corrupt > lots > > of people, but also to pay hackers around the world so that they will > write > > for them the firearms that they will be able to use worldwide. > > > > Today's most important problem is the money of spamgangs, and the lack of > > application of existing laws in the most developed countries (where these > > gangs are operating to corrupt the rest of the world). It should be time > to > > consider these gangs for what they are: Gangsters! > > > > Today, even the most criminal gangsters and trafficants are organizing > their > > spam activities on the Net because it is FAR LESS dangerous and MUCH MORE > > profitable than legacy traffics (the price of illegal drugs is now > > constantly dropping, they can't find the economic growth they need in > their > > "business", so they invest nowa lot in more profitable activities): they > > create and finance affiliate programs, finance spywares and spamwares, and > > even sell their illegal service to existing legal businesses that are > > already exposed to growth problems in markets with lots of competitors. > They > > steal revenue from affiliation programs, illegally sell drugs on the > > Internet (if they only deliver something to their abused customers!), > > constantly make bank robberies (by stealing credit card numbers). > > > > > > Ok, > > I am reportinga spam now and one of the administrators of a spamvertised > web wants the report sent to > cnc-abuse@abuse.sprint.net. > > Who are these people? What is their nationality? What is the color of > their hat (har, har, har)? These people appear to be specialists at Sprint (either in the US or China) highly trained in ignoring the problems China's network is imposing on the rest of the world through Sprint. :) OTOH, they could also be nonexistent (a black hole) or diligently working with teaspoons trying to stem the tide of international corruption. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Dec 14 13:55:53 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 14 14:00:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: Jeff G. wrote: > "spamacyde" wrote in message > news:dnpi6i$36q$1@news.spamcop.net... >> I am reportinga spam now and one of the administrators of a >> spamvertised web wants the report sent to >> cnc-abuse@abuse.sprint.net. >> >> Who are these people? What is their nationality? What is the color >> of their hat (har, har, har)? > These people appear to be specialists at Sprint (either in the US or > China) highly trained in ignoring the problems China's network is > imposing on the rest of the world through Sprint. :) > > OTOH, they could also be nonexistent (a black hole) or diligently > working with teaspoons trying to stem the tide of international > corruption. Sorry, I forgot to trim and left OE-QF off. :( -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From mike at okean.invalid Wed Dec 14 11:26:43 2005 From: mike at okean.invalid (Michael Wise) Date: Wed Dec 14 14:30:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: In article , Patto wrote: > > A lot of spam comes from China. What are the statistics like - are those > > spam reports we submit actually useful, are they paying off? (Or do the > > Chinese sysadmins simply ignore them?) So far I'm not seeing much > > improvement on the amount of spam coming in, but I've only been on Spamcop > > for a couple of weeks. > > I am having trouble with the word 'from' in your subject line. Although > a lot of spam comes from servers located in China, almost 100% of my > spam "from" China originates from spammers in the U.S. I get about 1 > spam message a month that is in Chinese, and about 2 in Russian. The > rest is in English, advertising "services" that is often restricted to > US citizens only, and originate from well-known spammers in Florida and > elsewhere in the US. Not to mention that they often exploit servers in > China and the rest of the world without knowledge and/or permission of > the owners. > > But of course it's always easy to blame the Chinese, and Asians in > general, and their corrupt governments. Indeed it is easy to blame them, as they are the ones who provide bullet proof email and web hosting to spam gangs. I don't care who hired them...they are taking the money and looking the other way. China needs to be firewalled completely until they get with the program. http://www.okean.com/antispam/china.html --Mike From 96q7vwa02 at sneakemail.com Wed Dec 14 11:44:46 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Wed Dec 14 15:45:02 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Michael Wise" wrote in message news:mike-53C66C.11263714122005@news.cesmail.net... > In article , > Patto wrote: > > > http://www.okean.com/antispam/china.html > > --Mike Mike Wise from FAA? From nobody at nowhere.invalid Wed Dec 14 22:11:30 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 14 16:15:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: On Wed, 14 Dec 2005 13:34:08 -0500, Jeff G. coughed into spamcop and left this in : > He said he's been trying to apply pressure upwards to stop the > confirmation system, but has been getting lots of resistance. :( Ah, the age-old problem of manglement thinking something incredibly idiotic is a good idea. *Sigh* Perhaps they will get the message after massive blocklisting. -- Steve Why is it that people say they slept like a baby when babies wake up every two hours? From mike at okean.invalid Wed Dec 14 13:27:50 2005 From: mike at okean.invalid (Michael Wise) Date: Wed Dec 14 16:30:02 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: In article , "Fred K." <96q7vwa02@sneakemail.com> wrote: > "Michael Wise" wrote in message > news:mike-53C66C.11263714122005@news.cesmail.net... > > In article , > > Patto wrote: > > > > > > > http://www.okean.com/antispam/china.html > > > > --Mike > > Mike Wise from FAA? Nope. --Mike From nobody at spamcop.net Wed Dec 14 21:55:32 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Dec 14 17:00:02 2005 Subject: [SpamCop-List] Soloway Loses Again - Oops ! References: Message-ID: NIM / Soloway - Oh Dear :-( As per NANAE - http://tinyurl.com/7pqxj No surprise there - but this takes stupidity to new heights ! & STILL spamming "opt-in" role / domain accounts - as per :- http://uk.geocities.com/sjwest01/broadcastspam.html#Blogish http://blog.opsan.com/archive/2005/07/29/1148.aspx?Pending=true Geocities redirects - Still alive and well, and still courtesy of mtu.ru http://83.237.66.218/wm http://83.237.66.218/broadcastemail/ Ciao Meno From nobody at spamcop.net Wed Dec 14 21:57:04 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Dec 14 17:00:12 2005 Subject: [SpamCop-List] Soloway Loses Again - Oops ! Message-ID: (With apologies for the duplication in wrong thread). NIM / Soloway - Oh Dear :-( As per NANAE - http://tinyurl.com/7pqxj No surprise there - but this takes stupidity to new heights ! & STILL spamming "opt-in" role / domain accounts - as per :- http://uk.geocities.com/sjwest01/broadcastspam.html#Blogish http://blog.opsan.com/archive/2005/07/29/1148.aspx?Pending=true Geocities redirects - Still alive and well, and still courtesy of mtu.ru http://83.237.66.218/wm http://83.237.66.218/broadcastemail/ Ciao Meno From nobody at devnull.spamcop.net Wed Dec 14 18:47:28 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Dec 14 18:50:04 2005 Subject: [SpamCop-List] Gone OT: Re: Soloway Loses Again - Oops ! References: Message-ID: "me-no-no" reminds me of the punch line: me no know, me no tell; me push button, run like hell! Bet you don't recall what the setup was though! From borgholio at storymind.com Wed Dec 14 15:54:41 2005 From: borgholio at storymind.com (Borgholio) Date: Wed Dec 14 18:55:03 2005 Subject: [SpamCop-List] Need help finding reporting address. Message-ID: Nigerian scam with henryokoye@box.az as the return address. Can't find a reporting address for box.az...little help? From nobody at spamcop.net Thu Dec 15 00:23:19 2005 From: nobody at spamcop.net (Tuatara) Date: Wed Dec 14 19:25:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: <43a0b4f3.5276890@news.spamcop.net> On Wed, 14 Dec 2005 08:33:47 -0800, "Mike Easter" wrote: >Tuatara wrote: > >> Even though I have set the SpamBlocker to its highest >> setting, I'll get about 15 spam per day for every 2-3 it catches. > >Do you have any addresses or domainnames whitelisted? Or blacklisted? > In that one e-mail account, I have nothing whitelisted or blacklisted. (I have three EL e-mail accounts: My main e-mail account (e-mail account #1) works fine with SpamBlocker--99.9% of "known" spam is caught. In EL e-mail account #2, I have set SpamBlocker to the same settings as EL e-mail account #1. I had never used this EL e-mail account #2 for a few years, but suspect that spammer got it via dictionary attack. However, e-mail account receives 15-17 spam msgs per day in the Suspect Email folder, with only 2-5 per per day in the known spam folder. >The other day someone in EL support related that a great 'collection' of >domainnames had somehow inexplicably gotten onto his blacklist without >his doing it. > >Do you have your challenges for suspect mail turned off? > Challenges are turned off. __However__ (and very unfortunately), when EL first introduced SpamBlocker, the default to challenge was ON. What does this do but confirm to a spam racketeer that he or she has a "live"--and essentially a confirmed--e-mail address. There's a pattern to this one spam racketeer's spam: The subject line and body contain a bunch of words and phrases that don't make much sense. The spam's actual message is in the hosted GIF. I never see the GIF because I have turned of rendering of images (to avoid sending params back to the host). This spammer seems to do a round robin of e-mail providers or sources--the usual stuff via China, Korea, Russia, Israel, plus a few domestic ones, namely the notorious CHARTER.NET, RR.NET, COMCAST, and that ilk. >-- >Mike Easter >kibitzer, not SC admin > From jg at coks.net Wed Dec 14 16:27:29 2005 From: jg at coks.net (jg) Date: Wed Dec 14 19:30:02 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. In-Reply-To: References: Message-ID: On 12/14/2005 3:54 PM Borgholio scribbled: > Nigerian scam with henryokoye@box.az as the return address. Can't find a > reporting address for box.az...little help? per DNSStuff, not a valid address - surprise... From 96q7vwa02 at sneakemail.com Wed Dec 14 15:51:27 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Wed Dec 14 19:55:02 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: "Borgholio" wrote in message news:dnqbbo$9li$1@news.spamcop.net... > Nigerian scam with henryokoye@box.az as the return address. Can't find a > reporting address for box.az...little help? Put it into the tracker to find the sending ISP. The contact address is usually in the body. Fred k. From 96q7vwa02 at sneakemail.com Wed Dec 14 15:56:56 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Wed Dec 14 20:00:03 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:dnqeml$lc2$1@news.spamcop.net... > Put it into the tracker to find the sending ISP. The contact address is > usually in the body. mail.box.az. 10 216.55.169.4 [US] RTechHandle: AD384-ORG-ARIN RTechName: A Net DNS Administrator RTechPhone: +1-858-410-6900 RTechEmail: dns@aplus.net OrgTechHandle: ANETS-ARIN OrgTechName: A Net Support OrgTechPhone: +1-858-410-6900 OrgTechEmail: support@aplus.net Fred k. From Nobody at Spamcop.net.dev.null Wed Dec 14 21:05:18 2005 From: Nobody at Spamcop.net.dev.null (Michael Brennan) Date: Wed Dec 14 22:10:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> Message-ID: <43A0DD6E.44ED334B@Spamcop.net.dev.null> Geoffrey Hyde wrote: > > > Outlook may have undesirable side-effects, such as tracking images in spam > used to confirm your address is valid, so if you don't mind missing all the > lovely pictures, you can view it in plain text or use a different mail > client you're more familiar with, that doesn't run HTML code or let images > load - as long as you can cut and paste the message source unaltered, > SpamCop should be able to parse it. > You raise an interesting question for me about my Outlook Express. I use Netscape Communicator configured for text-only for ng's. My ordinary e-mail I pull up with OE, configured to read MIME, HTML, etc. etc. I typically download my e-mail from my ISP's server to OE, and then, before separating out my spam manually to a spam folder, I disconnect and handle everything offline. I don't allow the IMG SRC lines in HTML spams to phone home. However, I notice that numbers of the "phony Rolex" and "mortgage-application" personal-data phishing spams (*I* think they're phishes, anyway) have Base 64 imagery preloaded, with lines in the message source pointing to .GIF files on a server somewhere. Example: http://www.spamcop.net/sc?id=z840650587zc6089ee7be97c42eb56a4ea137aa34b0z The lines of interest here are two, munging the indicated URL's:
and, further down, just before the Base 64 tarball, Content-Type: image/gif; name="bookcase.0.gif" Content-Transfer-Encoding: base64 Content-ID: <9.0.0.37.0.41231711379149.41152853@[munged].[mungeddomain].com.jo.7> Content-Disposition: inline; filename="bookcase.0.gif" As I said, when I preview the message (offline) in Outlook Express's preview window, or when I open the message to sort it by type of spam (to send different types to different interested parties: stock-pumping spams to SEC, e.g., and "Doctor" spams to FDA's Anti-Diversion project, etc.), the Base 64-encoded .GIF is visible and legible. Judging by the source code, it's apparently been retrieved and downloaded before I queue the message up in the previewer. So I have had a couple of concerns. Does the spammer get a receipt when my ISP accepts the spam for delivery, when the image downloads to my inbox at the ISP's server? If that's the case, the spammers have been receiving a stream of receipts from my ISP. Do these image lines constitute web beacons or receipts? If (annoying feature of OE) I delete a read message and OE automatically pulls up and opens one of these spams as "next in line" (I hate that -- can't find a way to turn it off, though), does the spammer get a read receipt if I happen to be online when OE pulls up the spam image? TIA, Michael From nobody at xyzzy.claranet.de Thu Dec 15 04:28:04 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 14 22:40:03 2005 Subject: [SpamCop-List] Re: Signatures in SC news and forum References: <43969DBE.6FBB@xyzzy.claranet.de> <439C71F1.4C2B@xyzzy.claranet.de> <439ED17C.239B@xyzzy.claranet.de> Message-ID: <43A0E2C4.120E@xyzzy.claranet.de> Mike Easter wrote: > Your header has this line: > X-Mailer: Mozilla 3.0 (OS/2; U) In other words a Netscape 2.02 GUI with a Netscape 3.0 engine compiled for OS/2 and the "unrestricted" US version (some old business about SSL3 crypto not for export, ignore it... :-) > I can only interpret that to mean you are using some /n/x > newsagent -- and that some who use /n/x newsagents use an > external editor -- so I'm fuzzy on how that works in your > specific case. Among others it has two options for all mail and news I write: "immediate delivery" (send when I click "send") or "deferred delivery" (= save finished mail or news in mbox file "outbox" until I click "send now" Ctrl-H). While the ready to be sent mails and news wait in file "outbox" I can edit it, it's an ordinary text file in mbox format, i.e. lines starting with "From " (case sensitive) separate messages. I have a simple script starting my normal text editor on this file, going to the last "From " above the end of file, that's the begin of the last message. There's one additional "magic" line X-Mozilla-Status: (a pseudo header field, you never see it, it's not sent later) for each message in this file, where Netscape notes if a message already has been sent / flagged / read / and other stuff, I rarely touch it. For news articles there's another special pseudo-header field noting the news server for later posting (NNTP). The smart host (aka MSA) for mail submissions (SMTP) is determined with another mechanism outside of the "outbox" file, and this also dictates which MAIL FROM mail will get. Otherwise that's the raw message as it will be sent or posted later, when I click "send now". If I try to close my browser with pending messages it will ask me "pending mail, send now ?" When I compress the "outbox" or all mail folders (triggered when I start the browser or use "empty trash folder") then old already sent messages are removed from "outbox". I still have a copy in mail folder (mbox file) "sent" or "posted" in this case, but I digress. > How do most /n/x folks who use an external editor which can > remove or not remove trailing spaces deal with the issue of > compliant sig delimiters, as it is a very common condition to > see /n/x newsreaders with compliant sigs. I think that I'm the last user of "Mozilla 3.0" worldwide, and that other users would stay away from editing file "outbox". But I kind of like that, testing links in "outbox", and fix it when there's a typo, trim the MIME overhead to a bare minimum if I post or mail multiparts with text/html, etc. Sometimes it's absolutely necessary, "Mozilla 3.0" does not trim References, and some news servers reject execessively long References. Or if there's a typo in To: or Newsgroups: the MSA or news server would reject it: In that case I'd end up with a bad pending message in "outbox" even if I'd use "immediate delivery". I can then fix (= edit) or delete it, and to fix it I need an external editor. $TBD, Frank From g.hyde at bigpond.net.au Thu Dec 15 13:39:03 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed Dec 14 22:40:20 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43A0DD6E.44ED334B@Spamcop.net.dev.null> Message-ID: With regards to Outlook Express, if you have *any* connection to the internet, it may be autodetecting it and using it. Inline images encoded with Base64 or whatever will not need to be downloaded from a server. Although it would appear that what you are experiencing is either image caching (possibly from previous spams already downloaded) or your computer has caught a virus infecton, so your PC is always online whether you think it's online or not. There is a possibility the spammer has installed or is using some kind of spyware/adware to silently download data to your PC without your knowledge, and the images in the spam are a part of this. What you need to do first though is make sure your PC is clean from viruses and doesn't have spyware/adware on it. Then proceed further down the chain of possible infections until you find what is causing your particular problem. You did say you were using Earthlink, the possibility is very great that you caught some kind of spyware or adware and didn't even realize it. Earthlink don't seem to have a very effective virus cleanup program, if they have one at all. Cheers ... Geoffrey Hyde "Michael Brennan" wrote in message news:43A0DD6E.44ED334B@Spamcop.net.dev.null... > Geoffrey Hyde wrote: >> > >> >> Outlook may have undesirable side-effects, such as tracking images in >> spam >> used to confirm your address is valid, so if you don't mind missing all >> the >> lovely pictures, you can view it in plain text or use a different mail >> client you're more familiar with, that doesn't run HTML code or let >> images >> load - as long as you can cut and paste the message source unaltered, >> SpamCop should be able to parse it. >> > > > You raise an interesting question for me about my Outlook Express. > > I use Netscape Communicator configured for text-only for ng's. My > ordinary e-mail I pull up with OE, configured to read MIME, HTML, etc. > etc. I typically download my e-mail from my ISP's server to OE, and > then, before separating out my spam manually to a spam folder, I > disconnect and handle everything offline. I don't allow the IMG SRC > lines in HTML spams to phone home. > > However, I notice that numbers of the "phony Rolex" and > "mortgage-application" personal-data phishing spams (*I* think they're > phishes, anyway) have Base 64 imagery preloaded, with lines in the > message source pointing to .GIF files on a server somewhere. Example: > > http://www.spamcop.net/sc?id=z840650587zc6089ee7be97c42eb56a4ea137aa34b0z > > The lines of interest here are two, munging the indicated URL's: > > href="http://YTVjNjE4NmM3MmE3YzhkNjM3NWI4ODQ0.[mungeddealerdomain].com"> alt="" > > src="cid:9.0.0.37.0.41231711379149.41152853@[munged].[mungeddomain].com.jo.7" > border="0">
> > and, further down, just before the Base 64 tarball, > > Content-Type: image/gif; > name="bookcase.0.gif" > Content-Transfer-Encoding: base64 > Content-ID: > <9.0.0.37.0.41231711379149.41152853@[munged].[mungeddomain].com.jo.7> > Content-Disposition: inline; > filename="bookcase.0.gif" > > As I said, when I preview the message (offline) in Outlook Express's > preview window, or when I open the message to sort it by type of spam > (to send different types to different interested parties: stock-pumping > spams to SEC, e.g., and "Doctor" spams to FDA's Anti-Diversion project, > etc.), the Base 64-encoded .GIF is visible and legible. Judging by the > source code, it's apparently been retrieved and downloaded before I > queue the message up in the previewer. > > So I have had a couple of concerns. > > Does the spammer get a receipt when my ISP accepts the spam for > delivery, when the image downloads to my inbox at the ISP's server? If > that's the case, the spammers have been receiving a stream of receipts > from my ISP. > > Do these image lines constitute web beacons or receipts? If (annoying > feature of OE) I delete a read message and OE automatically pulls up and > opens one of these spams as "next in line" (I hate that -- can't find a > way to turn it off, though), does the spammer get a read receipt if I > happen to be online when OE pulls up the spam image? > > TIA, > Michael From MikeE at ster.invalid Wed Dec 14 19:56:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 23:00:02 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: Borgholio wrote: > Nigerian scam with henryokoye@box.az as the return address. Can't > find a reporting address for box.az...little help? If I were going to notify for a box.az addy I would look at this situation: Mail for box.az is handled by mail.box.az both box.az & mail.box.az are 216.55.169.4 OrgName: Abacus America Inc. OrgID: ABAC NetRange: 216.55.128.0 - 216.55.191.255 CIDR: 216.55.128.0/18 so I would want to send my notify to 'abacus', not the reg'd arin contacts at dsn & support at aplus.net The nameservice is abac.com and there are reg'd abuse.net addies whois -h whois.abuse.net ns1.abac.com ... postmaster@abac.com abuse@abac.com (for abac.com) The route for abac is abac.net AS10316 whose notify is larry at abac.net and abac.net also has the reg'd abuse.net notifies whois -h whois.abuse.net abac.net ... abuse@abac.com postmaster@abac.com (for abac.net) I'm not real sure what the Azerbaijan tld means in this context. All of these netblocks and notifies are San Diego CA. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Dec 14 20:10:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 14 23:10:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> Message-ID: Tuatara wrote: > "Mike Easter" >> Do you have your challenges for suspect mail turned off? > Challenges are turned off. __However__ (and very unfortunately), when > EL first introduced SpamBlocker, the default to challenge was ON. What > does this do but confirm to a spam racketeer that he or she has a > "live"--and essentially a confirmed--e-mail address. The discussion of challenges has some complexities which are not /completely/ bad, if you could eliminate all spam and other sources which have bogus Froms from the challenging. EL makes an effort to do that by eliminating known spam from challenges. However, EL's known spam isn't actually a very good effort to remove spam from the challenging situation -- so as a result, there is a lot of spam in what is challenged by EL's default challenge configuration for the optional spamblocker configuration of high. Some bogus Froms which are challenged are truly bogus and die. A really lot of bogus Froms are legitimate ordinary innocent addresses the same as the To and other spammed addresses. Then, some unknown mail is good mail with a legitimate From. I have some problems with even the idea of challenging goodmail with a real From. I feel that unknown wanted mail should be handled in a non-challenge way, and I definitely feel that bogus Froms shouldn't be challenged, which abuses the innocent forged Froms. However, your concern about challenging spam, which has bogus From almost entirely, doesn't confirm anything to the spammer, because the spammer never sees the challenge to the bogus From. > There's a pattern to this one spam racketeer's spam: The subject line > and body contain a bunch of words and phrases that don't make much > sense. The spam's actual message is in the hosted GIF. I never see the > GIF because I have turned of rendering of images (to avoid sending > params back to the host). The business of describing a spam to me is a waste of time. If you want to 'portray' a spam, you should post a tracker to it, so the real spam can be examined rather than a description of a hypothetical spam. A tracker looks like this: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z841456668z873e936b468da52d0fe1f7f3ac353cfcz You get it from submitting a spam to the parser and copying that link from the top of the parse before cancelling or confirming it. -- Mike Easter kibitzer, not SC admin From verdy_p at wanadoo.fr Thu Dec 15 05:16:45 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Wed Dec 14 23:20:03 2005 Subject: [SpamCop-List] patent-fr Message-ID: This is a new type of spam that I did not see before : now targetting the sales of patents on software/hardware (note that software patents are still not legal in France, and the EUDC european directive on copyright is still not applicable too, because there is no associated French law enforcing it). This spam author is targetting the patents registered in France, whose text and ownership is not freely available and details requires payment or subscription to get access the official French registry(free consultation of the registry is only possible, without copying it, in the local INPI offices; certified copies require payment, and there's no right to even get free photocopies of original documents). I can't even verify if the proposed patent is effectively owned by the sender of this email, but anyway, this owner seems to be located in South Korea, and sent its email (written in French) using the Korean standard character set (very unlikely from a french source). The text of the patent, if it is valid, has no real originality and is probably not valued the price indicated (it's just a keyboard with some multimedia functions, nothing very original there). Anyway, the sender is especially targetting those that have written specifications for keyboards (for example me), but also famous french research laboratories or people working for them. It clear that the sender has used some "professional directory" or some web search engine trying to reachthose that have written contents on the Internet related to keyboard designs. And then he has sent his email without prior consent, using basic mailing lists, which does not even try to keep the privacy of each targeted recipient (I can see the other recipients in the email I received,alld of them with email addresses in various subdomains of .fr). This is clear spam i.e. unsollicitated business email (UBE) and unsollicitated commercial email (UCE). The way it is sent without prior personnal contact and without even trying to protect the privacy of the recipient makes it unsollicitated. And the fact that I diud not ever know the sender, when he was doing that makes that this "business" has violated the French andEuropean laws that protects my privacy. Given that the patent business is now growing internationally with the new WIPO rules and EUDC and DMCA rules, I think this is a new form similar to other "get rich quick" scheme, with pyramidal sales of patents registered with no real new invention and no effective application by the registrant, and lots of invalid claims for prior arts, making the patent nearly void in value. See an email sample in spamcop.spam (same date, same title, sent by me). Should I seek advice at the French registry (the INPI, Institut National de la Propri?t? Intellectuelle) ? I fear that it is also illegal business, or that the patent claims are all invalid (so the value given is false, because there's no service for the payed value, and this email also constitutes false advertizing), all of them being criminalized in France. From nobody at nowhere.invalid Thu Dec 15 07:13:57 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Dec 15 01:15:03 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: On Wed, 14 Dec 2005 15:54:41 -0800, Borgholio coughed into spamcop and left this in : > Nigerian scam with henryokoye@box.az as the return address. Can't find a > reporting address for box.az...little help? $ dig box.az in mx ; <<>> DiG 9.3.1 <<>> box.az in mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26847 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;box.az. IN MX ;; ANSWER SECTION: box.az. 86400 IN MX 10 mail.box.az. ;; AUTHORITY SECTION: box.az. 86400 IN NS ns.azdata.net. box.az. 86400 IN NS ns1.azdata.net. box.az. 86400 IN NS ns4.azdata.net. ;; ADDITIONAL SECTION: mail.box.az. 86400 IN A 216.55.169.4 ns.azdata.net. 172800 IN A 212.38.114.16 ns1.azdata.net. 172800 IN A 212.38.114.17 ;; Query time: 707 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Dec 15 07:09:59 2005 ;; MSG SIZE rcvd: 156 $ whois -h whois.arin.net 216.55.169.4 OrgName: Abacus America Inc. OrgID: ABAC Address: 5276 Eastgate Mall City: San Diego StateProv: CA PostalCode: 92121 Country: US NetRange: 216.55.128.0 - 216.55.191.255 CIDR: 216.55.128.0/18 NetName: ABAC1999A NetHandle: NET-216-55-128-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: NS1.ABAC.COM NameServer: NS2.ABAC.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-05-28 Updated: 2000-11-02 $ whois -h whois.abuse.net abac.com postmaster@abac.com (for abac.com) <======== abuse@abac.com (for abac.com) <======== -- Steve "I once had a rose named after me and I was very flattered. But I was not pleased to read the description in the catalogue: No good in a bed, but fine up against a wall." -- Eleanor Roosevelt From verdy_p at wanadoo.fr Thu Dec 15 07:22:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Thu Dec 15 01:25:02 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: "Borgholio" a ?crit dans le message de news: dnqbbo$9li$1@news.spamcop.net... > Nigerian scam with henryokoye@box.az as the return address. Can't find a > reporting address for box.az...little help? Don't report emailreturn addresses. They are most often forged. Nothing can be done with your indication. The only significant part of the email is the top set of "received:" header lines (starting from your own ISP down to the effective spammer), and the rendered content of the body for the message (when it contains links to tracking images or malicious scripts, or contacts addresses, phone numbers, fax numbers...) Don't be fooled by the "from:" or "To:" or "Cc:" or "Return-Address" headers asthey are almostalways fake for most spams (especially for 419-like nigerian scams). From borgholio at storymind.com Wed Dec 14 22:48:02 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 15 01:50:03 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. In-Reply-To: References: Message-ID: Philippe Verdy wrote: > "Borgholio" a ?crit dans le message de news: dnqbbo$9li$1@news.spamcop.net... > >>Nigerian scam with henryokoye@box.az as the return address. Can't find a >>reporting address for box.az...little help? > > > Don't report emailreturn addresses. They are most often forged. > Nothing can be done with your indication. The only significant part of the email is the top set of "received:" header lines (starting from your own ISP down to the effective spammer), and the rendered content of the body for the message (when it contains links to tracking images or malicious scripts, or contacts addresses, phone numbers, fax numbers...) > > Don't be fooled by the "from:" or "To:" or "Cc:" or "Return-Address" headers asthey are almostalways fake for most spams (especially for 419-like nigerian scams). > Oh I know quite well that the "from" addresses are false, but the Nigerian scammers depend on you responding to them. The "reply-to" addressees, or email addresses in the message body are often valid. From 96q7vwa02 at sneakemail.com Wed Dec 14 22:41:37 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Thu Dec 15 02:45:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43A0DD6E.44ED334B@Spamcop.net.dev.null> Message-ID: "Michael Brennan" wrote in message news:43A0DD6E.44ED334B@Spamcop.net.dev.null... > Do these image lines constitute web beacons or receipts? If (annoying > feature of OE) I delete a read message and OE automatically pulls up and > opens one of these spams as "next in line" (I hate that -- can't find a > way to turn it off, though), does the spammer get a read receipt if I > happen to be online when OE pulls up the spam image? > > TIA, > Michael When "previewing " an email in OE, you are opening it, and anything goes. To stop that open "View" on your main page select "Layout" and uncheck the preview box. You can also select viewing in text mode in "Tools", "Options and the "Read" tab. Fred k. From jompaa at spray.se Thu Dec 15 14:57:26 2005 From: jompaa at spray.se (jompaa) Date: Thu Dec 15 09:00:04 2005 Subject: [SpamCop-List] Re: Need help finding reporting address. References: Message-ID: Parsing input: henryokoye@box.az 216.55.169.4 is an mx ( 10 ) for box.az host 216.55.169.4 = box.az (cached) No recent reports, no history available 216.55.169.4 is an mx ( 10 ) for box.az Routing details for 216.55.169.4 [refresh/show] Cached whois for 216.55.169.4 : dns@aplus.net Using abuse net on dns@aplus.net abuse net aplus.net = abuse@aplus.net Using best contacts abuse@aplus.net Statistics: 216.55.169.4 not listed in bl.spamcop.net More Information.. 216.55.169.4 not listed in dnsbl.njabl.org 216.55.169.4 not listed in dnsbl.njabl.org 216.55.169.4 not listed in cbl.abuseat.org 216.55.169.4 not listed in dnsbl.sorbs.net 216.55.169.4 not listed in relays.ordb.org. Reporting addresses: abuse@aplus.net "Borgholio" skrev i meddelandet news:dnqbbo$9li$1@news.spamcop.net... > Nigerian scam with henryokoye@box.az as the return address. Can't find a > reporting address for box.az...little help? From me at privacy.net Thu Dec 15 22:00:55 2005 From: me at privacy.net (Michael R N Dolbear) Date: Thu Dec 15 17:05:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: <01c601c2$1a4d6200$LocalHost@default> Philippe Verdy wrote > This is a new type of spam that I did not see before : now targetting the sales of patents on software/hardware (note that software patents are still not legal in France, and the EUDC european directive on copyright is still not applicable too, because there is no associated French law enforcing it). > This spam author is targetting the patents registered in France, whose text and ownership is not freely available and details requires payment or subscription to get access the official French registry(free consultation of the registry is only possible, without copying it, in the local INPI offices; certified copies require payment, and there's no right to even get free photocopies of original documents). > I can't even verify if the proposed patent is effectively owned by the sender of this email, but anyway, this owner seems to be located in South Korea, and sent its email (written in French) using the Korean standard character set (very unlikely from a french source). > The text of the patent, if it is valid, has no real originality and is probably not valued the price indicated (it's just a keyboard with some multimedia functions, nothing very original there). Anyway, the sender is especially targetting those that have written specifications for keyboards (for example me), but also famous french research laboratories or people working for them. It clear that the sender has used some "professional directory" or some web search engine trying to reachthose that have written contents on the Internet related to keyboard designs. > And then he has sent his email without prior consent, using basic mailing lists, which does not even try to keep the privacy of each targeted recipient (I can see the other recipients in the email I received,alld of them with email addresses in various subdomains of .fr). This is clear spam i.e. unsollicitated business email (UBE) and unsollicitated commercial email (UCE). The way it is sent without prior personnal contact and without even trying to protect the privacy of the recipient makes it unsollicitated. And the fact that I diud not ever know the sender, when he was doing that makes that this "business" has violated the French andEuropean laws that protects my privacy. > Given that the patent business is now growing internationally with the new WIPO rules and EUDC and DMCA rules, I think this is a new form similar to other "get rich quick" scheme, with pyramidal sales of patents registered with no real new invention and no effective application by the registrant, and lots of invalid claims for prior arts, making the patent nearly void in value. See an email sample in spamcop.spam (same date, same title, sent by me). > Should I seek advice at the French registry (the INPI, Institut National de la Propriété Intellectuelle) ? I fear that it is also illegal business, or that the patent claims are all invalid (so the value given is false, because there's no service for the payed value, and this email also constitutes false advertizing), all of them being criminalized in France. By all means try the INPI or a French investigating magistrate but only if you have lots of spare time ! My guess is that they won't wish to use their resources to investigate cross-frontier crimes unless a lot of money is involved. Even then to extradite from South Korea would probably require proof the sender knew he was offering something worthless even if French law requires only that it * is * worthless. Considering any violations of EU spam and data protection laws, it is not clear that they apply to activities where everyone except the victim is outside the EU. On a related topic the EU directive on direct marketing telephone calls does not consider the possiblity of cross-frontier calls. Hence there is no violation of British or French law when someone in France calls me in Britain (provided they don't do so on behalf of a British company or a company with a British branch) even though I am on the TPS list (British Do-not-call list). -- Mike D From MikeE at ster.invalid Thu Dec 15 14:11:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 15 17:15:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Philippe Verdy wrote: Content-Transfer-Encoding: quoted-printable X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 Don't forget that if you post with OE in QP quoted printable mode, your formatting will be 'incompatible' in one way or another with anyone who is not also running OE or OE with QF, because of the way MS 'does things'. When I read your post, it is wrapped to the window edge for me. Other people are going to see it differently, depending on their newsreader. Why I cite your post, it is cited 'correctly' if I have my OEQF quotefix enabled, but it is not cited/ marked with quote/cite marks at all if I run OE natively. Notice that Michael Dolbear probably had to 'manually' handle the quote marks for your cite. None of those things are very compatible with the variety of newsreaders which people are going to be using here, so if you will recall from previous discussions, it is better if you configure your OE plaintext configuration to not use OE QP in OE/ Tools/ Options/ Send/ News sending format - Plaintext settings - MIME - Encode text using - choose None instead of Quoted Printable. -- Mike Easter kibitzer, not SC admin From me at privacy.net Thu Dec 15 19:01:26 2005 From: me at privacy.net (MikeV06) Date: Thu Dec 15 20:05:03 2005 Subject: [SpamCop-List] Results of Reporting Message-ID: I have been reporting to spamcop for years. I wish it were possible to see a little positive feedback once in a while suggesting that the effort has been worth it. Maybe a notation in the list of reports (or something) saying the ISP removed the account, etc. Do any of them ever take action against the spammers? From MikeE at ster.invalid Thu Dec 15 17:31:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 15 20:35:03 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: MikeV06 wrote: > I have been reporting to spamcop for years. I wish it were possible > to see a little positive feedback once in a while suggesting that the > effort has been worth it. Maybe a notation in the list of reports (or > something) saying the ISP removed the account, etc. > > Do any of them ever take action against the spammers? Only a tiny fraction of reporting is going to have a result, but 'we' report so many because of the possibility of an effect. If we report a spamsource to the provider, the provider could fix whatever caused that IP to be the spamsource. Long long ago, the spam used to 'intentionally' originate from an account belonging to the person who was the spamsource. That is, the source IP could be 'attached' to an account belonging to the spam generator/ mailer. That ancient configuration could lead to the spamsource provider squashing the spam mailer's account. Later, such spamsourcers began to use open smtp relays, some of which were anonymizing and some which weren't. The spamcop process could result in the open relay being informed of its condition and turned over to open smtp relay listers which motivated the open relay to get fixed. The relays which weren't anonymizing would show a trail back to the spamsource mailer who could lose hir account similar to the par above. Those direct consequences toward a spamsourcer's account with the spamsource provider are almost never seen today, with the exception of some free mail accounts. Today, most of the spam is sourced from abused proxy/trojan user IPs -- where the user is someone just like you, except for the minor condition of having become trojanized or a spam zombie. The providers for those zombified users find that it is too much trouble to act decisively on that condition, so their attitude is that everyone has to defend themselves against the problem, and that the provider 'can't' do anything about its proxy/trojan spamsources. Under that scenario, the spamcop report doesn't have the effect of causing the IP to get fixed or 'disconnected' -- but the report /does/ have the effect of causing an IP to become SC blocklisted, which aids those who use the scbl as part of an antispam strategy. So, in that particular spamsource evolved scenario, the spamcop report has gone from one kind of effective to another different kind of effective -- but not so you would notice an actual descrease in your spam, but rather the ability to filter or tag it. And all of that palaver is just the story of the spamsource problem; the story of the spamvertiser provider is even more bleak. If there were a whitehat spamvertiser provider, then the spamcop notify would lead to the whitehat provider squashing the spamvertiser. However, there is no such similar 'consequence' of being a spamvertiser provider as there is being a spamsource IP which becomes sc blocklisted, as there is no blocklisting of spamvertiser providers. If there were no whitehat spamvertiser providers, but all of them were blackhat, then there would be absolutely no effect on the spamvertisers, because they wouldn't care whether there were a spamcop report or not. Mostly the spamvertiser providers are blackhat, so the spamcop report is ignored and there is no effect, no consequence. If you somehow could 'magically' tell that the condition of a spam was such that there was going to be no consequence of the notification of the spamvertiser was a complete waste of time, you wouldn't even bother with the extra time and resources of the evaluation of the spambody, you would simply report the spamsource to contribute to the SCbl and you wouldn't expect any other consequence than the 'condition' of the SCbl being a very 'frisky' and dynamic blocklist to be fed and used -- and you would forget all about any actual reduction in your spam or any providers doing anything about any spam notifications. Except for some very small percentage which isn't so blackhat or unresponsive. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Dec 15 21:25:20 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Dec 15 21:25:03 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: "Mike Easter" wrote in message news:dnt5d4$5g9$1@news.spamcop.net... > MikeV06 wrote: > > I have been reporting to spamcop for years. I wish it were possible > > to see a little positive feedback once in a while suggesting that the > > effort has been worth it. Maybe a notation in the list of reports (or > > something) saying the ISP removed the account, etc. but the report /does/ have the effect > of causing an IP to become SC blocklisted, which aids those who use the > scbl as part of an antispam strategy. And being listed does get a number of server admins to correct problems and is beginning to get some end users interested in persuading their providers to be more responsible (or changing to a more responsible ISP). Miss Betsy From nobody at xyzzy.claranet.de Fri Dec 16 05:04:28 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Dec 15 23:10:05 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: <43A23CCC.2BB0@xyzzy.claranet.de> MikeV06 wrote: > Do any of them ever take action against the spammers? Sometimes (rarely) I get some feedback - I've configured the "forward only feedback from sentient people" option in my "preferences". Or rather, that's the default, and I didn't touch it: With quick reporting I sometimes see "ISP has already taken action" (or similar). Probably some other ISPs do something, but don't bother to inform SC, let alone all reporters. Last but not least, even if they do nothing at all the IPs are still SCBLed, and throw-away domains of spamvertized URLs end up on sc.surbl.org (=> blocked / deleted by SpamAssassin). Like you I'd love to see some more direct effect: SC should display if the IP is already "known" (SCBLed), or if it was my report that caused it to be SCBLed. That would satisfy me deeply. But maybe there's a way to abuse this somehow, sigh. Greets, Frank From verdy_p at wanadoo.fr Fri Dec 16 05:20:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Thu Dec 15 23:25:01 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Mike Easter" a ?crit dans le message de news: dnspme$uv4$1@news.spamcop.net... > Philippe Verdy wrote: > Content-Transfer-Encoding: quoted-printable > X-Newsreader: Microsoft Outlook Express 6.00.2900.2670 > > Don't forget that if you post with OE in QP quoted printable mode, your > formatting will be 'incompatible' in one way or another with anyone who > is not also running OE or OE with QF, because of the way MS 'does > things'. > > When I read your post, it is wrapped to the window edge for me. Other > people are going to see it differently, depending on their newsreader. > > Why I cite your post, it is cited 'correctly' if I have my OEQF quotefix > enabled, but it is not cited/ marked with quote/cite marks at all if I > run OE natively. Notice that Michael Dolbear probably had to 'manually' > handle the quote marks for your cite. > > None of those things are very compatible with the variety of newsreaders > which people are going to be using here, so if you will recall from > previous discussions, it is better if you configure your OE plaintext > configuration to not use OE QP in OE/ Tools/ Options/ Send/ News sending > format - Plaintext settings - MIME - Encode text using - choose None > instead of Quoted Printable. It WAS my initial setting to not use quoted-printable for newsgroup, until recently, when I was COMPLETELY unable to transfer to spamcop.spam a copy of a spam I received. Without quoted-printable, the email copy was constantly REJECTED by the newsserver, because it violated maximum line length (not because of my own message, but because of the way the message body was specially crafted by the spam author to bypass this limitation.) So for sending an exact copy of an EMAIL, I need to be able to use the same options in the spamcop.spam NEWSGROUP, that allows keeping the format of the original email, without stupid line-length limitations caused by the absence of quoted-printable in rare newsreaders. Spammers DO use MIME formating, and DO use other charsets. To send a coherent copy to the newsgroup, I need to be able to send the email the way it was originally, or the newsgrader agent will break its structure, maiking it completely unrenderable (the issue ispresent for CJK languages, but could be used as well very easily for Western European languages, encoded for example with Big5 or using special substitutes allowed by Unicode such as fullwidth variants, special spaces, etc...) Sorry, but this is the *SPAMCOP*'s newsgroup that *forced* me to change this setting. I really don't see why standard MIME formats used in almost all email readers (that alsointegrate newsgroup readers) should not be used here (and notably when speaking about EMAIL abuses: we need to support the same formats as used in EMAILS, and those that use outdated antiquity newgroup readers need to change their reader if they want to be able to get copies of email abuses). Unfortunately, there's a single newsgroup setting for specifying the prefered default newsgroup format. From MikeE at ster.invalid Thu Dec 15 21:07:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 00:10:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Philippe Verdy wrote: > It WAS my initial setting to not use quoted-printable for newsgroup, Not using QP would be best for compatibility. > until recently, when I was COMPLETELY unable to transfer to > spamcop.spam a copy of a spam I received. IMO spam should be portrayed by posting the tracker, not posting into .spam. Alternatively, we have experimented with various agents, including OE, and found that one useful way to post into .spam is to post it as an attachment. In the case of OE, when you save a spam as an .eml file, it is saved in a standard text format which is 'compatible' with the unix standard mbox file. If you post it as an attachment, you won't have to worry about various adverse effects which are typically caused by the message formatting process. >Without quoted-printable, > the email copy was constantly REJECTED by the newsserver, because it > violated maximum line length (not because of my own message, but > because of the way the message body was specially crafted by the spam > author to bypass this limitation.) But that story, which has a number of ways of being avoided, isn't a good excuse for posting in a discussion group in an incompatible format which you are partial to. > So for sending an exact copy of an EMAIL, I need to be able to use > the same options in the spamcop.spam NEWSGROUP, that allows keeping > the format of the original email, without stupid line-length > limitations caused by the absence of quoted-printable in rare > newsreaders. Spammers DO use MIME formating, and DO use other > charsets. To send a coherent copy to the newsgroup, I need to be able > to send the email the way it was originally, or the newsgrader agent > will break its structure, maiking it completely unrenderable (the > issue ispresent for CJK languages, but could be used as well very > easily for Western European languages, encoded for example with Big5 > or using special substitutes allowed by Unicode such as fullwidth > variants, special spaces, etc...) Balderdash. You could/should have posted your spam as a tracker only and not posted anything in .spam.and which tracker you did post as http://www.spamcop.net/sc?id=z841638466z29a055a41377bc307f911930fc2d0e58z in the .spam post right after you posted the spam. > Sorry, but this is the *SPAMCOP*'s newsgroup that *forced* me to > change this setting. That is not so. You have expressed your preference for QP in the past. This whole business about having to post in QP just isn't true. I can access the spam in question. I can post it into .spam as an attachment which will protect it from the line wraps. I can also post it into .spam in the 'normal' way and let it get 'wrecked' by line wraps. The solution to the .spam problem is not QP, because that will cause a different kind of spurious entries into the spam and even if for some reason QP were appropriate for posting into .spam, which I insist it is not, it still wouldn't be appropriate to be posting like that here and now. You are posting like that here and now because you like it even tho' it is incompatible. No one can force you to do anything, but you are wrong to be posting into these discussion groups in QP even if you like it. > I really don't see why standard MIME formats > used in almost all email readers (that alsointegrate newsgroup > readers) should not be used here (and notably when speaking about > EMAIL abuses: we need to support the same formats as used in EMAILS, > and those that use outdated antiquity newgroup readers need to change > their reader if they want to be able to get copies of email abuses). This is the part where you are giving your age-old arguments about how much you prefer QP and wish that you could use it even tho' it doesn't work here to be relating and interacting with everyone else. > Unfortunately, there's a single newsgroup setting for specifying the > prefered default newsgroup format. If you want to use QP in your email correspondence with someone else OE, go ahead, but it isn't appropriate for a newsgroup which has to interact with various agents which are not OE and which most importantly need to be able to do the cite/quoting correctly. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 15 21:20:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 00:20:04 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: ===== Phlippe's quote ===== "Philippe Verdy" I really don't see why standard MIME formats used in almost all email readers (that alsointegrate newsgroup readers) should not be used here ===== Phlippe's quote ===== Your post above is left unmarked with standard > cite or quote marks. That doesn't work. It also gets worse and worse when there needs to be a hierarchy of quotes during a conversation. That result above is what someone using OE and probably some other newsreaders has to do to 'artificially' create a quote for your post. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 15 21:36:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 00:40:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Philippe Verdy wrote: > I really don't see why standard MIME formats > used in almost all email readers (that alsointegrate newsgroup > readers) should not be used here The only reason this one is properly formatted with > quote marks is because I used OE QF. A plain or native OE will handle your post improperly as demonstrated in the earlier message. It is not appropriate that you post in a way that requires 'normal' non-QuoteFixed OE users to not be able to cite your posts correctly. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 15 21:48:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 00:50:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Mike Easter wrote: > It is not appropriate that you post in a way that requires 'normal' > non-QuoteFixed OE users to not be able to cite your posts correctly. Here is a 'monster' thread about this same subject: http://news.spamcop.net/pipermail/spamcop-list/2003-June/045909.html [SpamCop-List] Philippe Verdy's Posts Sun Jun 8 01:55:33 EDT 2003 -- Mike Easter kibitzer, not SC admin From vanguard.code at comcastNIX.net Fri Dec 16 00:32:17 2005 From: vanguard.code at comcastNIX.net (Vanguard) Date: Fri Dec 16 01:35:03 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: "MikeV06" wrote in message news:g4ul7luqe6ob$.dlg@mycomputer06.invalid.com... >I have been reporting to spamcop for years. I wish it were possible to see > a little positive feedback once in a while suggesting that the effort has > been worth it. Maybe a notation in the list of reports (or something) > saying the ISP removed the account, etc. > > Do any of them ever take action against the spammers? I figure it is a crap shoot (and I do mean CRAP) if the recipient's of SpamCop's reports ever do anything about spam. I use SpamCop's blacklist in my anti-spam product. That's why I, you, and hopefully lots of others report the crap so we can maintain our own list of turd spewing amorals out there. I rely little on SpamCop making a dent in the sources of the spam fixing their problems but mostly to provide a blacklist that is maintained by SpamCop regarding those spam sources. While I expect little reaction from the ISPs that get the complaints from non-customers receiving spam from them, I do include my own ISP for my e-mail accounts with them to report spam that their filter missed. While my ISP might not take better measures to combat spam, hopefully the missed spam reports that they get from me actually get used to tweak their anti-spam filter so the server-side spam filter gets rid of some of the spam so I don't have to waste CPU cycles after downloading it to get rid of it. I report to SpamCop to get SpamCop's own blacklist updated. I include my ISP in the hope that they will better tweak their spam filter. If there are any effects beyond those, it's just gravy. With all the spam reports coming from their own customers, I bet a lot of ISPs simply auto-delete spam reports coming from non-customers (which would include SpamCop). That is, they're already drowning in complaints and can't handle anymore. -- __________________________________________________ Post replies to the newsgroup - Share with others. E-mail: Remove "NIX" and append "#LAH" to Subject. __________________________________________________ From nobody at nowhere.invalid Fri Dec 16 12:15:34 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 16 06:20:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Thu, 15 Dec 2005 14:11:54 -0800, Mike Easter coughed into spamcop and left this in : > When I read your post, it is wrapped to the window edge for me. Other > people are going to see it differently, depending on their newsreader. It just goes off the edge of the screen here. Royal PITA - I don't bother reading stuff like that. -- Steve Everything that can be invented has been invented. -- Charles Duell, Director of U.S. Patent Office, 1899 From nobody at devnull.spamcop.net Fri Dec 16 10:39:12 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Dec 16 10:40:03 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: "Mike Easter" wrote in message news:dnt5d4$5g9$1@news.spamcop.net... : MikeV06 wrote: : > I have been reporting to spamcop for years. I wish it were possible : > to see a little positive feedback once in a while suggesting that the : > effort has been worth it. Maybe a notation in the list of reports (or : > something) saying the ISP removed the account, etc. : > : > Do any of them ever take action against the spammers? : : Only a tiny fraction of reporting is going to have a result, but 'we' : report so many because of the possibility of an effect. : : If we report a spamsource to the provider, the provider could fix : whatever caused that IP to be the spamsource. Long long ago, the spam : used to 'intentionally' originate from an account belonging to the : person who was the spamsource. That is, the source IP could be : 'attached' to an account belonging to the spam generator/ mailer. That : ancient configuration could lead to the spamsource provider squashing : the spam mailer's account. : : Later, such spamsourcers began to use open smtp relays, some of which : were anonymizing and some which weren't. The spamcop process could : result in the open relay being informed of its condition and turned over : to open smtp relay listers which motivated the open relay to get fixed. : The relays which weren't anonymizing would show a trail back to the : spamsource mailer who could lose hir account similar to the par above. : : Those direct consequences toward a spamsourcer's account with the : spamsource provider are almost never seen today, with the exception of : some free mail accounts. : : Today, most of the spam is sourced from abused proxy/trojan user IPs -- : where the user is someone just like you, except for the minor condition : of having become trojanized or a spam zombie. : : The providers for those zombified users find that it is too much trouble : to act decisively on that condition, so their attitude is that everyone : has to defend themselves against the problem, and that the provider : 'can't' do anything about its proxy/trojan spamsources. Under that : scenario, the spamcop report doesn't have the effect of causing the IP : to get fixed or 'disconnected' -- but the report /does/ have the effect : of causing an IP to become SC blocklisted, which aids those who use the : scbl as part of an antispam strategy. : : So, in that particular spamsource evolved scenario, the spamcop report : has gone from one kind of effective to another different kind of : effective -- but not so you would notice an actual descrease in your : spam, but rather the ability to filter or tag it. : : And all of that palaver is just the story of the spamsource problem; : the story of the spamvertiser provider is even more bleak. : : If there were a whitehat spamvertiser provider, then the spamcop notify : would lead to the whitehat provider squashing the spamvertiser. : However, there is no such similar 'consequence' of being a spamvertiser : provider as there is being a spamsource IP which becomes sc blocklisted, : as there is no blocklisting of spamvertiser providers. : : If there were no whitehat spamvertiser providers, but all of them were : blackhat, then there would be absolutely no effect on the spamvertisers, : because they wouldn't care whether there were a spamcop report or not. : : Mostly the spamvertiser providers are blackhat, so the spamcop report is : ignored and there is no effect, no consequence. : : If you somehow could 'magically' tell that the condition of a spam was : such that there was going to be no consequence of the notification of : the spamvertiser was a complete waste of time, you wouldn't even bother : with the extra time and resources of the evaluation of the spambody, you : would simply report the spamsource to contribute to the SCbl and you : wouldn't expect any other consequence than the 'condition' of the SCbl : being a very 'frisky' and dynamic blocklist to be fed and used -- and : you would forget all about any actual reduction in your spam or any : providers doing anything about any spam notifications. : : Except for some very small percentage which isn't so blackhat or : unresponsive. : : -- : Mike Easter : kibitzer, not SC admin : Yup, makes lots of sense. There are SO many sources for obtaining spam addresses anyway and SO many ISPs around the world that shutting down sites these days is only an annoyance to a determined spammer. It's my belief though, that IFF (if an only if) you have: - a responsible ISP (not good, just responsible in the sense of the net), - a half-assed safe-surfing attitude - a special email address that you can throw away, - a few years of experiences, You CAN keep spam to your inbox under control. I'm trying to say that education is woefully missing. These things aren't rocket science, but they're also totally news to vitrually EVERY new internet user I've ever met or communicated with in any way. Even the schools with all the computer equipment don't seem to know anything about it. OH well ... Pop From bill_beyer at excite.cXoYmZ Fri Dec 16 11:11:27 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Fri Dec 16 14:10:03 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: "Mike Easter" wrote in message news:dnt5d4$5g9$1@news.spamcop.net... > And all of that palaver is just the story of the spamsource problem; > the story of the spamvertiser provider is even more bleak. > > If there were a whitehat spamvertiser provider, then the spamcop notify > would lead to the whitehat provider squashing the spamvertiser. > However, there is no such similar 'consequence' of being a spamvertiser > provider as there is being a spamsource IP which becomes sc blocklisted, > as there is no blocklisting of spamvertiser providers. > > If there were no whitehat spamvertiser providers, but all of them were > blackhat, then there would be absolutely no effect on the spamvertisers, > because they wouldn't care whether there were a spamcop report or not. > > Mostly the spamvertiser providers are blackhat, so the spamcop report is > ignored and there is no effect, no consequence. > > If you somehow could 'magically' tell that the condition of a spam was > such that there was going to be no consequence of the notification of > the spamvertiser was a complete waste of time, you wouldn't even bother > with the extra time and resources of the evaluation of the spambody, you > would simply report the spamsource to contribute to the SCbl and you > wouldn't expect any other consequence than the 'condition' of the SCbl > being a very 'frisky' and dynamic blocklist to be fed and used -- and > you would forget all about any actual reduction in your spam or any > providers doing anything about any spam notifications. > > Except for some very small percentage which isn't so blackhat or > unresponsive. > > -- > Mike Easter > kibitzer, not SC admin Something I just discovered after re-enabling SpamAssasin on one of my email accounts is that the SpamAssasin program looks at the list of spamvertised URLs that are reported through SpamCop. These sites are compiled into something called the SC SURBL and SpamAssasin checks that list when scoring spam. There are several other SURBL lists as well with various weights associated with them The SC SURBL seems to carry a significant amount of weight in the scoring which helps push the score up quickly. From nobody at devnull.spamcop.net Fri Dec 16 13:56:29 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Dec 16 15:00:02 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: "Bill Beyer" wrote in message news:dnv3ds$6ig$1@news.spamcop.net... > > Something I just discovered after re-enabling SpamAssasin on one of my email > accounts is that the SpamAssasin program looks at the list of spamvertised > URLs that are reported through SpamCop. These sites are compiled into > something called the SC SURBL and SpamAssasin checks that list when scoring > spam. There are several other SURBL lists as well with various weights > associated with them The SC SURBL seems to carry a significant amount of > weight in the scoring which helps push the score up quickly. SC-FAQ :: SpamCop Parsing & Reporting Service :: SpamCop interaction with other Resources :: How does SpamCop interface with SURBL? http://forum.spamcop.net/forums/index.php?act=faq&article=41 From nobody at xyzzy.claranet.de Fri Dec 16 21:49:11 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Dec 16 15:55:03 2005 Subject: [SpamCop-List] "Too many links" counter could be smarter Message-ID: <43A32847.1AD@xyzzy.claranet.de> Hi, when the parser "sees" dozens of links to site A, followed by one link to site B, followed by more links to A, then it should count A as one and B as two. Or ignore A = paypal.com Bye, Frank http://www.spamcop.net/sc?id=z842542139z25bd8b8ba3d3eba2a05fbe9264f3d13dz From nobody at xyzzy.claranet.de Fri Dec 16 22:43:06 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Dec 16 16:50:02 2005 Subject: [SpamCop-List] OE, QP, flowed, MIME, and all the rest (was: patent-fr) References: Message-ID: <43A334EA.5762@xyzzy.claranet.de> Philippe Verdy wrote: > It WAS my initial setting to not use quoted-printable for > newsgroup, until recently, when I was COMPLETELY unable to > transfer to spamcop.spam a copy of a spam I received. QP and the _visible_ line lengths are not directly related. With QP the "real" (on the wire line) length is limited to 76 IIRC, but if it ends with '=' the receiver is supposed to concatenate it with the next line. Example: a = bb = ccc = dddd That should be shown as one line "a bb ccc dddd". If it's too long it goes off the edge with some newreaders (see also Steven's reply). With my stoneage-ersatz-newsreader I can activate "wrap long lines" maybe getting something like: a bb ccc dddd So far it works for some of us (excl. Steven), and I never note that I have to trim quotes in replies manually: > a bb ccc dddd That's what I get, after I fixed it manually it will be: > a bb ccc > dddd But there's a bug in my old newsreader, if the visible line is extremely long and I try to reply, it truncates the quoted paragraph... :-( In about ten (?) years, when all newsreader and MUAs support RFC 3676, it will be better. No research needed, the solution is clear (3676), but it will take ages until all software uses it. My UA is vintage '97, RFC 3676 was published 2004. Better stay away from QP if it has odd side-effects with your software. I've enabled it for messages with non-ASCII char.s. > I really don't see why standard MIME formats used in almost > all email readers (that alsointegrate newsgroup readers) > should not be used here There's nothing wrong with MIME and QP, use it as you see fit. But OE gets it wrong, as always. Add another piece of broken software on the other side (my UA, or Steven's, or another OE configured differently), and it's a complete mess. The line length issue is an old battle, OE didn't invent it: Most users want mono-spaced fonts with "hard" line breaks and relatively short (73..79) lines. Some users prefer proportional fonts, "soft" line breaks, and let the other side fold (format=flowed) it depending on their font and window width. It's no new problem and not your fault. Today I use a mixed strategy, short lines (73..79) with "hard" line breaks, but URLs all in one line, no matter how long it is, > we need to support the same formats as used in EMAILS, and > those that use outdated antiquity newgroup readers need to > change their reader if they want to be able to get copies of < email abuses No, I'd just *PLONK* you. The line length limit is precisely the same in mail (998 + CR + LF = 1000) for text/plain, that is a MIME limit, not some fancy rule only for news. Of course spammers do NOT follow the MIME rules, what else is new ? Bye, Frank From nobody at nowhere.invalid Fri Dec 16 23:04:35 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 16 17:05:02 2005 Subject: [SpamCop-List] Re: OE, QP, flowed, MIME, and all the rest (was: patent-fr) References: <43A334EA.5762@xyzzy.claranet.de> Message-ID: On Fri, 16 Dec 2005 22:43:06 +0100, Frank Ellermann coughed into spamcop and left this in <43A334EA.5762@xyzzy.claranet.de>: > too long it goes off the edge with some newreaders (see also > Steven's reply). I could get it to wrap at the screen's edge, but even then it's still far less readable than something that wraps at a reasonable width in the first place. -- Steve Everyone has a photographic memory. Some just don't have film. From MikeE at ster.invalid Fri Dec 16 14:18:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 17:20:04 2005 Subject: [SpamCop-List] Re: Results of Reporting References: Message-ID: Bill Beyer wrote: > "Mike Easter" >> the story of the spamvertiser provider is even more bleak. >> Mostly the spamvertiser providers are blackhat, so the spamcop >> report is ignored and there is no effect, no consequence. > Something I just discovered after re-enabling SpamAssasin on one of > my email accounts is that the SpamAssasin program looks at the list > of spamvertised URLs that are reported through SpamCop. Correct. > These sites > are compiled into something called the SC SURBL and SpamAssasin > checks that list when scoring spam. Correct. > There are several other SURBL > lists as well with various weights associated with them Correct. > The SC SURBL > seems to carry a significant amount of weight in the scoring which > helps push the score up quickly. And I think the spamcop reporters reporting spam and causing contributions to go to the sc-surbl is valuable. I also think that the sc-surbl effect could be much improved on by making an alternate configuration for the SC reporter. At the present configuration of the parser, the parser *must* be able to deobfuscate all of the spamvertisers, and *then* resolve all of the spamvertisers into IPs, and *then* derive some kind of reporting address for the resolved IPs, and *then* get the reporters OK that the spamvertiser is indeed a spamvertiser and not an IB innocent bystander. For a variety of reasons, SC chooses or is forced to bail on that process if it requires too much time especially as regards the resolving business or how many spamvertisers there are or what SC is in the mood to do right now because of busy-ness or whatever. That is an 'unnecessary' interference with the business of the SC reporter who wants to put the spamvertiser into the sc-surbl -- since the sc-surbl is the only thing which is going on useful, since SC has no teeth or listing power regards spamvertisers. So, I think the SC reporter should be able to configure to report the spamvertisers to a devnull address based on the URL's name and those spamvertisers would be fed into the sc-surbl instead of not being fed in there because SC can't or doesn't feel like resolving them or there are too many or SC is too busy. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Dec 17 00:42:50 2005 From: nobody at spamcop.net (Tuatara) Date: Fri Dec 16 19:45:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> Message-ID: <43a35ee6.2170921@news.spamcop.net> On Wed, 14 Dec 2005 20:10:27 -0800, "Mike Easter" wrote: >A tracker looks like this: >Here is your TRACKING URL - it may be saved for future reference: >http://www.spamcop.net/sc?id=z841456668z873e936b468da52d0fe1f7f3ac353cfcz > >You get it from submitting a spam to the parser and copying that link >from the top of the parse before cancelling or confirming it. > I guess that this is the tracking URL: http://www.spamcop.net/sc?id=z842457158z00980c0dc43379a5d6fc6d0c1afce12fz > >-- >Mike Easter >kibitzer, not SC admin > From MikeE at ster.invalid Fri Dec 16 17:20:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 20:20:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> Message-ID: Tuatara wrote: > "Mike Easter" >> A tracker looks like this: > I guess that this is the tracking URL: > http://www.spamcop.net/sc?id=z842457158z00980c0dc43379a5d6fc6d0c1afce12fz Correct. I don't know whatall you want to discuss about this item, so I'll just ramble about it for a few lines. It is sourced from 203.160.178.55 no rDNS of PTTNET in the .ph [Phillipines] which is blocklisted various places, most importantly CBL for hitting spamtraps and looking like a proxytrojan and spamcop for hitting spamtraps and reporters and ... In the past 15.3 days, it has been listed 4 times for a total of 6.0 days and there are other IPs in its neighborhood with SC reports. It is spamvertising an obfuscated URL http:\\DddKidgELT1S5%2Ea0fzy0fhg2fekaslxas3xsaa.manolisgg%2Eco%4D which SC deobfuscates to http://dddkidgelt1s5.a0fzy0fhg2fekaslxas3xsaa.manolisgg.coM/ and for which a GET provides a frame ref which leads to the payload for a pharm spamvertiser whose webhost is at 193.124.55.111 193.124.55.111 no rDNS is of the .ru [Russian] IN-Telecom-NET whose non-responsiveness is demonstrated by their spamhaus listing as well as a spews2 threat. The spamhaus is http://www.spamhaus.org/SBL/sbl.lasso?query=SBL35893 about counterfeit Rolexes. The spam contains a b64 gif which was snipped off, but it looks like it was designed to have the promotion in the gif and then you click the gif and it takes you to the website with the frame access for the payload. If the discussion is still about how come it should pass your high spamblocker at EL, we can't tell that from the spam, and you would have to chat with EL tech support while both of you were looking in your webmail so that any highblocker leakage would be demonstrable to the chat tech in realtime. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 16 17:27:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 16 20:30:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> Message-ID: Mike Easter wrote: > [Phillipines] Philippines Philippines Philippines Philippines Philippines Philippines Philippines Philippines Philippines Philippines Philippines No pasting allowed for public disciplinary spelling atonement. There are 11, I threw in one extra for good measure. -- Mike Easter kibitzer, not SC admin From verdy_p at wanadoo.fr Sat Dec 17 08:42:15 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 02:45:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Mike Easter" a ?crit dans le message de news: dntkfb$df6$1@news.spamcop.net... > Mike Easter wrote: > >> It is not appropriate that you post in a way that requires 'normal' >> non-QuoteFixed OE users to not be able to cite your posts correctly. > > Here is a 'monster' thread about this same subject: > > http://news.spamcop.net/pipermail/spamcop-list/2003-June/045909.html > > [SpamCop-List] Philippe Verdy's Posts > Sun Jun 8 01:55:33 EDT 2003 Plonk me if you wish, but I won't change back this, due to antiquity mail/news readers. Those that persist in using them are supporting the immobility that caused newgroups to not evolve andbecome now unusable (and died for almost all users). The email system is now nearly reaching the point of non-usability due to lack of evolution to make it moresecure and more usable as well. Compare that to the evolution of the web, and don't be surprised that it nowreally favors all users (and those that complain now are those that don't like HTML and the legacy proprietary software and support XHTML as amuch better standard supported in open-source programs). The problem of newsgroups (and now emails as well) is the lack of support for standards. MIME has been standardized since more than 15 years; an eternity face to the OSes andsoftwares we all use today even when using email and posting to newsgroups. That lack of standardization really something that I cannot understand and I really can't understand the resistance of users to not adopt newer better standards and live only with legacy intiquities, refusing all evolutions, when spammers have strongly made extensive use and abuse of them to increase the efficiency of their business. Things will evolve in softwares as long as users really start to accept these evolutions. From porpoise1954 at yahoo.co.uk Sat Dec 17 09:27:34 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 17 04:30:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> Message-ID: "Mike Easter" wrote in message news:dnvpgk$jog$1@news.spamcop.net... > Mike Easter wrote: >> [Phillipines] > > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > Philippines > > No pasting allowed for public disciplinary spelling atonement. > > There are 11, I threw in one extra for good measure. > Or even....... Filipinos....... From nobody at nowhere.invalid Sat Dec 17 12:13:40 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Dec 17 06:15:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Sat, 17 Dec 2005 08:42:15 +0100, Philippe Verdy coughed into spamcop and left this in : > Plonk me if you wish With pleasure. Feel free to do likewise. -- Steve NOTICE: -- THE ELEVATORS WILL BE OUT OF ORDER TODAY -- (The nearest working elevators are in the building across the street.) From nobody at xyzzy.claranet.de Sat Dec 17 15:58:17 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sat Dec 17 10:00:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: <43A42789.373D@xyzzy.claranet.de> *PLONK* From not at home.today Sat Dec 17 15:01:03 2005 From: not at home.today (Ant) Date: Sat Dec 17 10:05:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" wrote: > Plonk me if you wish, but I won't change back this, due to antiquity > mail/news readers. It's not really about old newsreaders, but more to do with the accepted behaviour in newsgroups. You are effectively saying you won't play nicely with other members of this group. What happens when you need to cite someone else who is using quoted-printable? I think you will find your OE6 won't handle it properly. > Those that persist in using them are supporting > the immobility that caused newgroups to not evolve Utter nonsense. New message formats are are not required for groups to evolve. Newsgroups are primarily for discussion, and nothing more than plain-text is required. A line-length limit has no impact. > andbecome now unusable (and died for almost all users). The only thing that makes groups unusable is Hipcrime-style floods. The rest is solvable with a killfile. [snip] > That lack of standardization really something that I cannot > understand and I really can't understand the resistance of users to > not adopt newer better standards and live only with legacy > intiquities [...] So why are you using OE? It still doesn't understand multipart/signed messages from those posters who like to use it for PGP signatures. From verdy_p at wanadoo.fr Sat Dec 17 19:30:11 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 13:35:04 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Ant" a ?crit dans le message de news: do197i$cm5$1@news.spamcop.net... > It's not really about old newsreaders, but more to do with the > accepted behaviour in newsgroups. You are effectively saying you won't > play nicely with other members of this group. What happens when you > need to cite someone else who is using quoted-printable? I think you > will find your OE6 won't handle it properly. I think I'm nice enough. I'm not *requiring* others to quote me, and nobody's required to consider my message. I said that I HAD to change the setting because of a severe limitation of the newsgroup server that did not allow me to post a copy of a spam in the spamcop.spam newsgroup (transaction rejected because of line too long). So I may get backto the initial setting, but having to change this setting each time is not something I consider useful or practical. I initially forgot to change the setting back after posting the email to the .spam group, and I really disliked that others consider my next message posted here, and describing the copy of the spam posted in .spam to be abusive. You're just arguing on such technical detail that exasperates me, because this should not be up to users to decide about it, but to standards. Unfortunately, the newsgroup standard has never existed (the RFC editor is not a standard body, because it has no commitee and the docs published there are only considered and discussed seriously, as there's simply no standard place to discuss or review it. So each RFC remains in the area of work of those that have promoted each RFC, and there's no decision process to really change it). If only the IETF (which normally runs the RFC "standard" track) was really reviewing them, the newsgroups would have been fixed more than 10 years ago, and it would have evolved in a more solid standard that does not exasperate international users due to its support of European languages only (and mostly English only because charsets are not even handled correctly due to absence of requirement for supporting MIME which was made especially to address this issue, and later integrated in Email and HTTP exactly for this purpose). Note that MIME was created long ago as a RFC too, and its support should have been merged with the newsgroup NNTP standard, in a revized RFC replacing the old RFC. I think it's really a pity that NNTP was not reviewed since so many years to solve most of its known problems, and then supported by BCP. (Note that the solutions you are proposing here are NOT in any BCP, this is asolution supported only by US geek users that only want English present in newsgroups; also the format of messages posted here is NOT documented in the Spamcop newgroup server usage policy as a requirement; it just expresses the *opinion* and *preferences* of some users here). Well, newsgroups have not evolved, and the abuses do not come from users using various settings trying to fix its technical limitations, but from spammers that have completely filled theml with crossposted spew (this is the major reason why effective users of NNTP newsgroups have abnandoned it in favor of IM, online forumsandblogs, also because online forums better preserve their privacy). The tricks that you are supporting here are really inconvenient and do not allow client softwares to evolve. All this discussion is going nowhere. This is out of topic and does not even address the issue that I wanted to disucss here. If you think you want to continue on this subject, I suggest you change the topic. Until now, nobody has even replied on the initial message, that I am requoting here because it may have been lost from your newsgroup server: ------------ This is a new type of spam that I did not see before : now targetting the sales of patents on software/hardware (note that software patents are still not legal in France, and the EUDC european directive on copyright is still not applicable too, because there is no associated French law enforcing it). This spam author is targetting the patents registered in France, whose text and ownership is not freely available and details requires payment or subscription to get access the official French registry(free consultation of the registry is only possible, without copying it, in the local INPI offices; certified copies require payment, and there's no right to even get free photocopies of original documents). I can't even verify if the proposed patent is effectively owned by the sender of this email, but anyway, this owner seems to be located in South Korea, and sent its email (written in French) using the Korean standard character set (very unlikely from a french source). The text of the patent, if it is valid, has no real originality and is probably not valued the price indicated (it's just a keyboard with some multimedia functions, nothing very original there). Anyway, the sender is especially targetting those that have written specifications for keyboards (for example me), but also famous french research laboratories or people working for them. It clear that the sender has used some "professional directory" or some web search engine trying to reachthose that have written contents on the Internet related to keyboard designs. And then he has sent his email without prior consent, using basic mailing lists, which does not even try to keep the privacy of each targeted recipient (I can see the other recipients in the email I received,alld of them with email addresses in various subdomains of .fr). This is clear spam i.e. unsollicitated business email (UBE) and unsollicitated commercial email (UCE). The way it is sent without prior personnal contact and without even trying to protect the privacy of the recipient makes it unsollicitated. And the fact that I diud not ever know the sender, when he was doing that makes that this "business" has violated the French andEuropean laws that protects my privacy. Given that the patent business is now growing internationally with the new WIPO rules and EUDC and DMCA rules, I think this is a new form similar to other "get rich quick" scheme, with pyramidal sales of patents registered with no real new invention and no effective application by the registrant, and lots of invalid claims for prior arts, making the patent nearly void in value. See an email sample in spamcop.spam (same date, same title, sent by me). Should I seek advice at the French registry (the INPI, Institut National de la Propri?t? Intellectuelle) ? I fear that it is also illegal business, or that the patent claims are all invalid (so the value given is false, because there's no service for the payed value, and this email also constitutes false advertizing), all of them being criminalized in France. From verdy_p at wanadoo.fr Sat Dec 17 19:41:32 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 13:45:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Ant" a écrit dans le message de news: do197i$cm5$1@news.spamcop.net... > "Philippe Verdy" wrote: > >> Plonk me if you wish, but I won't change back this, due to antiquity >> mail/news readers. > > It's not really about old newsreaders, but more to do with the > accepted behaviour in newsgroups. Wrong. There does not exist any such *accepted* behaviour:accepted by whom? (Note that "behaviour" is related to the content of messages, respect of persons, topics, and crossposting policies, but not about the technical ways through which the messages can be posted.) MIME is a RFC standard like newsgroups (but MIME has evolved more gracefully than NNTP which looks like a dynosaur today). MIME was intended to support all message formats independantly of the transport used (so it was created for NNTP too, not only for SMTP). Its updates do represent a better view of state-of-the-art solutions foraddressing international issues. News readers that donot interpret correctly the plain-text flow and *display* long lines instead of wrapping are not helping users. Also I have not seen any Spamcop policy about such required message format. From verdy_p at wanadoo.fr Sat Dec 17 19:53:46 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 13:55:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" a écrit dans le message de news: do1m6h$jbo$1@news.spamcop.net... > "Ant" a écrit dans le message de news: > do197i$cm5$1@news.spamcop.net... >> "Philippe Verdy" wrote: >> >>> Plonk me if you wish, but I won't change back this, due to antiquity >>> mail/news readers. >> >> It's not really about old newsreaders, but more to do with the >> accepted behaviour in newsgroups. > > Wrong. There does not exist any such *accepted* behaviour:accepted by > whom? (Note that "behaviour" is related to the content of messages, > respect of persons, topics, and crossposting policies, but not about the > technical ways through which the messages can be posted.) > > MIME is a RFC standard like newsgroups (but MIME has evolved more > gracefully than NNTP which looks like a dynosaur today). MIME was intended > to support all message formats independantly of the transport used (so it > was created for NNTP too, not only for SMTP). Its updates do represent a > better view of state-of-the-art solutions foraddressing international > issues. Another note: NNTP, published more than 16 years ago as RFC 977 (augmented by RFC 1036 in 1987 for interoperability of newsgroup mirror servers), has never evolved into a approved standard. Its only update is in RFC 2980 (which is "informational" only, even less than RFC977 which was at least a "proposed standard", and it does not address any issue related to message format). Even in 2000, when the NNTP extensions were discussed, the contributors were only writers of very outdated clients targeting UNIX implementations only, and only the server-side part of the protocol was addressed. From jeffg at spamcop.net Sat Dec 17 13:45:16 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 17 14:05:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: *PLONK* From verdy_p at wanadoo.fr Sat Dec 17 20:22:09 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 14:25:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" a écrit dans le message de news: do1m6h$jbo$1@news.spamcop.net... > "Ant" a écrit dans le message de news: > do197i$cm5$1@news.spamcop.net... >> "Philippe Verdy" wrote: >> >>> Plonk me if you wish, but I won't change back this, due to antiquity >>> mail/news readers. >> >> It's not really about old newsreaders, but more to do with the >> accepted behaviour in newsgroups. > > Wrong. There does not exist any such *accepted* behaviour:accepted by > whom? (Note that "behaviour" is related to the content of messages, > respect of persons, topics, and crossposting policies, but not about the > technical ways through which the messages can be posted.) > > MIME is a RFC standard like newsgroups (but MIME has evolved more > gracefully than NNTP which looks like a dynosaur today). MIME was intended > to support all message formats independantly of the transport used (so it > was created for NNTP too, not only for SMTP). Its updates do represent a > better view of state-of-the-art solutions foraddressing international > issues. > > News readers that donot interpret correctly the plain-text flow and > *display* long lines instead of wrapping are not helping users. > > Also I have not seen any Spamcop policy about such required message > format. For those interested in an ongoing proposed change to the very old RFC977 (20 years old!). Look at ftp://ftp.isi.edu/internet-drafts/draft-ietf-nntpext-base-27.txt (see the comments starting at page 104). It is already accepted that conformance to MIME is highly desirable, but in fact the link to MIME already exists implicitly in RFC 977, because it references RFC850 that states that newsgroup messages should be compatible with Email (RFC850 speaks about ARPA Mail as an alternate transport for publishing orforwarding news messages using stadnard email and the "newsmail" format; it clearly states that NNTP headers are correlated to Email headers, and that NNTP message bodies are correlated to Email message bodies. MIME directly interfers with both of them). The NNTPext-base extension (version 27) above discusses about interoperability problems, and correctly describes what is considered as best practices. It also states that NNTP implementations shouldbe8-bit clean, to support multiple charsets, and that MIME is the prefered method to encapsulate the charset and content-type meta-data specification. Let's hope that this will address the problems that most users are experiencing, and that users won't resist to this change, when new clients will be written or updated to support the newly described best practices. From verdy_p at wanadoo.fr Sat Dec 17 21:32:28 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 15:35:02 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Jeff G." a écrit dans le message de news: do1nb0$k2g$1@news.spamcop.net... > *PLONK* What a marvelousway to terminate a discussion... Thanks, because none of this thread has discussedto the question that wasinitiated in this thread. From verdy_p at wanadoo.fr Sat Dec 17 21:38:23 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 15:40:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Resent here, because it seems that somerefuse to read the initial message due to its initial format. This is a courtesy for them, but I don't like this geek behavior. ---- This is a new type of spam that I did not see before : now targetting the sales of patents on software/hardware (note that software patents are still not legal in France, and the EUDC european directive on copyright is still not applicable too, because there is no associated French law enforcing it). This spam author is targetting the patents registered in France, whose text and ownership is not freely available and details requires payment or subscription to get access the official French registry(free consultation of the registry is only possible, without copying it, in the local INPI offices; certified copies require payment, and there's no right to even get free photocopies of original documents). I can't even verify if the proposed patent is effectively owned by the sender of this email, but anyway, this owner seems to be located in South Korea, and sent its email (written in French) using the Korean standard character set (very unlikely from a french source). The text of the patent, if it is valid, has no real originality and is probably not valued the price indicated (it's just a keyboard with some multimedia functions, nothing very original there). Anyway, the sender is especially targetting those that have written specifications for keyboards (for example me), but also famous french research laboratories or people working for them. It clear that the sender has used some "professional directory" or some web search engine trying to reachthose that have written contents on the Internet related to keyboard designs. And then he has sent his email without prior consent, using basic mailing lists, which does not even try to keep the privacy of each targeted recipient (I can see the other recipients in the email I received,alld of them with email addresses in various subdomains of .fr). This is clear spam i.e. unsollicitated business email (UBE) and unsollicitated commercial email (UCE). The way it is sent without prior personnal contact and without even trying to protect the privacy of the recipient makes it unsollicitated. And the fact that I diud not ever know the sender, when he was doing that makes that this "business" has violated the French andEuropean laws that protects my privacy. Given that the patent business is now growing internationally with the new WIPO rules and EUDC and DMCA rules, I think this is a new form similar to other "get rich quick" scheme, with pyramidal sales of patents registered with no real new invention and no effective application by the registrant, and lots of invalid claims for prior arts, making the patent nearly void in value. See an email sample in spamcop.spam (same date, same title, sent by me). Should I seek advice at the French registry (the INPI, Institut National de la Propriété Intellectuelle) ? I fear that it is also illegal business, or that the patent claims are all invalid (so the value given is false, because there's no service for the payed value, and this email also constitutes false advertizing), all of them being criminalized in France. From verdy_p at wanadoo.fr Sat Dec 17 21:46:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 15:50:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Mike Easter" a écrit dans le message de news: dnti11$c39$1@news.spamcop.net... > If you want to use QP in your email correspondence with someone else OE, > go ahead, but it isn't appropriate for a newsgroup which has to interact > with various agents which are not OE and which most importantly need to > be able to do the cite/quoting correctly. "importantly need"? Why that? I think you're worng here. Nobody needsto wuote someone, given thatquoting is normally done with permission. Also the tracker is not a solution, because it does not contain the message content, only the (parsed) mail headers. And I wanted to discussabout the content (there was no special problem in the way Spamcop parsed the headers and allowed me to send the reports). From verdy_p at wanadoo.fr Sat Dec 17 22:09:12 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 16:15:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Mike Easter" a écrit dans le message de news: dntkfb$df6$1@news.spamcop.net... > Mike Easter wrote: > >> It is not appropriate that you post in a way that requires 'normal' >> non-QuoteFixed OE users to not be able to cite your posts correctly. > > Here is a 'monster' thread about this same subject: > > http://news.spamcop.net/pipermail/spamcop-list/2003-June/045909.html > > [SpamCop-List] Philippe Verdy's Posts > Sun Jun 8 01:55:33 EDT 2003 Quotation not permitted. This is privacy abuse after such a long time. From verdy_p at wanadoo.fr Sat Dec 17 22:20:11 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 16:25:04 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" a écrit dans le message de news: do1urf$o5e$1@news.spamcop.net... > "Mike Easter" a écrit dans le message de news: > dntkfb$df6$1@news.spamcop.net... >> Mike Easter wrote: >> >>> It is not appropriate that you post in a way that requires 'normal' >>> non-QuoteFixed OE users to not be able to cite your posts correctly. >> >> Here is a 'monster' thread about this same subject: >> >> http://news.spamcop.net/pipermail/spamcop-list/2003-June/045909.html >> >> [SpamCop-List] Philippe Verdy's Posts >> Sun Jun 8 01:55:33 EDT 2003 > > Quotation not permitted. This is privacy abuse after such a long time. AlsoI just discovered this long thread (I did not participate in it, and my name was used without permission in completely unrelated discussions that were also completely out of topic). It's strange that you reuse this long thread to imply that I participated to it. This is really not fair practice. Well look at the thread itself, and it contains lots of interesting discussions that expose the problems we, users, have to workwith when it should be solved as part of a technical standard that still does not exists! Newsgroups currently DON'T HAVE any standard. From MikeE at ster.invalid Sat Dec 17 14:00:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 17 17:00:05 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: Regarding the use of Philippe's posting OE's QP in newsgroups including this one and quoting or citing him OE is a very very noncompliant newsreader, one of the worst. There are a lot of interesting discussions all over the place regarding how well things would or could work if 'universally' compliant and compatible newsreaders were to use universally compliant and compatible quoted printable in newsgroups or email. Those discussions and discussions of RFCs and MIME and accepted practices and compliant compatibility of a MIME standard are not appropriate to discuss in the context of Philippe's posting noncomplaintly with OE. In addition to the noncompliance on Philippe's posting end, there is the additional aggravation of the problem because of the number of people here who use the noncomplaint OE to answer those noncompliant posts noncompliantly. Answering noncompliant OE QP with noncompliant native OE creates its own set of problems. Answering OE's QP with other, non-OE newsreaders has a variable result, depending on the extreme variability of the incompatibility and noncompliances. The best solution to all of that is to not use OE QP or QP at all in newsgroups which don't have univeral compatibility. An additional solution to some other posting problems of OE is to use OE QF QuoteFix to straighten out a variety of problems -- but it is not appropriate for anyone to be 'forcing' others to use QF to make newsgroup conversations work properly re quoting. Quoting or citing in newsgroups is normal practice and essential, where the previous person's words are used as a context for the responder's words and is clearly a 'fair use' in the context of copyright issues. Philippe has no /enforceable/ copyright powers as regards such quoting or citing. That quoting or citing custom is to use cite/quote or attribution marks - which usage is discussed all over the place -- such as http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Sat Dec 17 22:26:31 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 17 17:30:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" wrote in message news:do1urf$o5e$1@news.spamcop.net... > "Mike Easter" a écrit dans le message de news: > dntkfb$df6$1@news.spamcop.net... >> Mike Easter wrote: >> >>> It is not appropriate that you post in a way that requires 'normal' >>> non-QuoteFixed OE users to not be able to cite your posts correctly. >> >> Here is a 'monster' thread about this same subject: >> >> http://news.spamcop.net/pipermail/spamcop-list/2003-June/045909.html >> >> [SpamCop-List] Philippe Verdy's Posts >> Sun Jun 8 01:55:33 EDT 2003 > > Quotation not permitted. This is privacy abuse after such a long time. At the risk of adding to an already boring thread. Privacy doesn't apply in a public forum. This is a (semi) public forum, not private email. From porpoise1954 at yahoo.co.uk Sat Dec 17 22:27:55 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Dec 17 17:30:13 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" wrote in message news:do1vg2$ogo$1@news.spamcop.net... > > > AlsoI just discovered this long thread (I did not participate in it, and > my name was used without permission in completely unrelated discussions > that were also completely out of topic). That's why being able to use correct citing and threading is so important - as previously suggested. From verdy_p at wanadoo.fr Sun Dec 18 00:41:42 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 18:45:03 2005 Subject: [SpamCop-List] Re: NNTP and Usenet have NO standards, NO compliance can't be claimed (was: patent-fr) References: Message-ID: "Mike Easter" a écrit dans le message de news: do21ob$pih$1@news.spamcop.net... > Regarding the use of Philippe's posting OE's QP in newsgroups including > this one and quoting or citing him > > OE is a very very noncompliant newsreader, one of the worst. Once again, you can't claim any compliance with a standard that DOES NOT EXIST. The NNTP protocol has never reached the standard level, and has been left behind by the IETF in a temporary unterminated state since 20 years, with lots of known problems. And it has NEVER been considered for standardizationby the IESG. Claiming compliance is completely illusory. So what remainsis a de facto standard created by the martket, where OE clearly dominates by far. Attempting to change this situation is a lost batlle until a standard is effectively published. When I look at the list of people that initiated the RFC proposed in 1986, most of them,which signed it, are no longer working onthe subject and have stopped promoting it since long. So, even that RFC is dead as historic because it hasnot been maintained. The "request for comment" was followed by a complete lack of action. Those that have commented it have contributed fr nothing. This is dead work. Don't blame OE that hascreated something that effectively interacts correctly for most users. The geeks that continue to use the dead and unmaintained references should better complain against the inaction of the IESG. Many of those that support what they call a standard are part of the working teams at the IESG. So blame yourself for your absence of work since 20 years (even more when you consider the prior started work before the initial temporary publication of what was called a "proposed standard". Don't blame users to whom you have provided an unfinish tool.) Nothing had been done except listing some informative extensions (including security extensions) which can't be standardized andmade interoperable as long as the base standard doesnot exist. The IESG and IETF have proven their lack of responsability and their incompetence within the Usenet community, andwhat remains now is a very unsecure network, based on flawed protocols which is extremely US-centric, managed by people that claim competence in a standard that they have not even helped to make it trustable, and now attempting to solve the most serious problem that Usenet suffers today: spam (even worse than with email, because nobody is liable for its inaction). So before claiming standard compliance, first militate and finance the working groups to create a true interoperable standard. I think that nobody really wantsto invest in it now, because there are better and more profitable networks now (including blogs that are much easier to control and manage for users that wish to discuss in working groups, and that really better protect the privacy of their users against obvious harnessing by spammers). From verdy_p at wanadoo.fr Sun Dec 18 01:24:30 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 17 19:30:02 2005 Subject: [SpamCop-List] Re: NNTP and Usenet have NO standards, NO compliance can't be claimed (was: patent-fr) References: Message-ID: "David Dean" a écrit dans le message de news: ozchzhq02-8B14F8.18532617122005@frylock.local... > In article , > "Philippe Verdy" wrote: > >> Once again, you can't claim any compliance with a standard that DOES NOT >> EXIST. > > > > Maybe not an internationally recognized standard, but a hell of a > good one to follow. And as well an unfinished work, with many non existing referencesor references to works that have been abandonned (notably the IETF NNTP Working Group which no longer existsandnever produced something useable). And as well the UseFor working group has only produced drafts that also compete with other drafts published temporarily by the IETF. When I look at the RFC-editor site (wish is the first official clearing house for IETF RFCs before they caneven get to the standard level at IESG), all these documents are obsoleted before reaching any good consensus and something usable. What got wrong is that insteadofpromoting small amendments to progressively adopt a better working protocol and set of conventions for use on Usenet, attempts have been made to integrate too many things at the same time, some of them experimental and some not even discussed before the draft publication. ITis impossible to reach a consensus from such controversy works. It's impossible for the Usenet community to reach a consensus, except if decisions are taken by the IESG itself, with a formal procedure and votes, like in ISO and Unicode commitee working groups, with open membership that does not favor a vote for another. But apparently nobody seems to volonteer such a work at the IESG (the ISPs that could finance such project are in fact not interested into participating into that project bydedicating some of their teams to such working group, and software makers are absent or can't pay the necessary membership subscription. It's been along time since the various ISP have abandonned the Usenet activity which just cost them money, with noprofit and a real lack of collaboration. For theses reasons almost all newsgroups are undersupported. Even YahooGroups is not commited to work into this project, because it does not need the IESG to make an alternative web interface where they can generate revenue with advertizing andwith their shopping links). From bert at iphouse.com Sun Dec 18 01:20:42 2005 From: bert at iphouse.com (Bert Hyman) Date: Sat Dec 17 20:25:03 2005 Subject: [SpamCop-List] An error on the Web site when reporting ... Message-ID: Just submitted a report via email and went to the Web site to finalize the report. At the top of the results page is: putRow Table 'spamcop2.ipcnt' doesn't exist (1146)/sc? Everything else on the page looks as it always done. -- Bert Hyman St. Paul, MN bert@iphouse.com From nobody at nowhere.not Sun Dec 18 03:40:37 2005 From: nobody at nowhere.not (Robert Blair) Date: Sat Dec 17 22:45:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Fri, 16 Dec 2005 11:15:34 UTC, Steven Maesslein wrote: > > When I read your post, it is wrapped to the window edge for me. Other > > people are going to see it differently, depending on their newsreader. > > It just goes off the edge of the screen here. > > Royal PITA - I don't bother reading stuff like that. What I do not understand is why people use newsreaders that do not do the job (most of the time MS crap). If you can not read a message it is because your newsreader is broken. Same problem with quoting a message, if it does not wrap correctly why continue to use a broken product. Some people use patches to get around broken code but why, change to a product that works, there are plenty. I think this thread is a waste of time. Why try to convince someone to change their newsreader when yours is broken. Get a program that works! Mine is broken in some respects but I never have a problem reading any message posted to a newsgroup. -- Robert Blair From g.hyde at bigpond.net.au Sun Dec 18 14:26:29 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 17 23:30:03 2005 Subject: [SpamCop-List] Re: An error on the Web site when reporting ... References: Message-ID: It sounds like you encountered one of those rare SpamCop errors, can you please look in your report history for the spam and check what the results say for it? I believe if it wasn't successfully submitted, that SC should give you the option to report it the next time you login, although I don't know if this is always the case. If you do find the spma in your report history, you can of course see where the reports were sent to or open the tracking URL and resubmit from that page, if it will allow you, but I think spam has to be less than 2 days old for that to happen. Cheers ... Geoffrey Hyde "Bert Hyman" wrote in message news:Xns972FC4CF3FEB0VeebleFetzer@216.154.195.61... > Just submitted a report via email and went to the Web site to finalize the > report. At the top of the results page is: > > putRow Table 'spamcop2.ipcnt' doesn't exist (1146)/sc? > > Everything else on the page looks as it always done. > > -- > Bert Hyman St. Paul, MN bert@iphouse.com From jg at coks.net Sat Dec 17 20:39:41 2005 From: jg at coks.net (jg) Date: Sat Dec 17 23:40:03 2005 Subject: [SpamCop-List] spam is NOT 10 days old to me - got it this a.m. Message-ID: http://www.spamcop.net/sc?id=z843137878z680ac484063db058a223f47733cded0bz SpamCop tells me this spam is from 12/7, as it says. whats spamee doing now, or could the system have lost it for 10 days?? From MikeE at ster.invalid Sat Dec 17 21:03:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 18 00:05:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: jg wrote: www.spamcop.net/sc?id=z843137878z680ac484063db058a223f47733cded0bz > > SpamCop tells me this spam is from 12/7, as it says. > whats spamee doing now, or could the system have lost it for 10 days?? We've seen this before, same kind of headers. SC does a bad job of dating a spam if you are mailhosted. Abbreviated Received lines *comment from fed1rmgxi04.cox.net ([207.181.89.35]) by fed1rmmtai19.cox.net *serves you from mail.business.allstream.net ([207.181.89.35]) by fed1rmgxi04.cox.net *sourceline from mx1.georgegroup.com (host-052.arcese.com [207.245.14.52]) by mail.business.allstream.net *bogusline, timestamp 10d from rkf.mt.com ([54.160.115.61]) by ksig.mt.com *bogusline SC is able to figure out to not trust the allstream because you are mailhosted, so it gets the source right, but it gets the timestamp wrong. "Sorry, this email is too old to file a spam report. " If you run those headers with a non-mailhosted account, SC makes a mistake and trusts the allstream MX [I thought the deputy had fixed that MX to be untrusted] and parses back to the user IP behind the allstream server [which we decided previously was wrong], but calls the timestamp the topline, not one of those down-under lines. http://www.spamcop.net/sc?id=z843144518zf19912699a09006fd180f20b88360363z Message is 4 hours old If reported today, reports would be sent to: Re: 207.245.14.52 (Administrator of network where email originates) abuse@allstream.com securitysupport#allstream.com@devnull.spamcop.net -- Mike Easter kibitzer, not SC admin From Nospam at Here.com Sun Dec 18 10:10:49 2005 From: Nospam at Here.com (David Purdy) Date: Sun Dec 18 05:15:16 2005 Subject: [SpamCop-List] Gateway Timeout/slowness Message-ID: Spamcop has been inordinately slow today in forwarding messages after having traced the ISP sources, making it unusable. And the last message timed out: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.ece98cd4.1134900460.10fbd980 Regards, Dave. From nobody at nowhere.invalid Sun Dec 18 12:19:14 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 18 06:20:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Sun, 18 Dec 2005 03:40:37 +0000 (UTC), Robert Blair coughed into spamcop and left this in : > I think this thread is a waste of time. Why try to convince someone > to change their newsreader when yours is broken. Get a program that > works! Mine does work, perfectly well TYVM. It is being fed lines of text that it is being told to display on a single line (quoted printable with line continuations), and it is doing just that: displaying it on a single line. What's broken about that? -- Steve NOTICE: -- THE ELEVATORS WILL BE OUT OF ORDER TODAY -- (The nearest working elevators are in the building across the street.) From nobody at nowhere.invalid Sun Dec 18 12:19:57 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 18 06:20:16 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: On Sat, 17 Dec 2005 20:39:41 -0800, jg coughed into spamcop and left this in : > SpamCop tells me this spam is from 12/7, as it says. > whats spamee doing now, or could the system have lost it for 10 days?? That looks more like just over 5 months to me! -- Steve Exclusive dedication to necessitous chores without interludes of hedonistic diversion renders John a hebetudinous fellow. From not at home.today Sun Dec 18 15:16:00 2005 From: not at home.today (Ant) Date: Sun Dec 18 10:20:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Philippe Verdy" wrote: >"Ant" a écrit: >> It's not really about old newsreaders, but more to do with the >> accepted behaviour in newsgroups. You are effectively saying you won't >> play nicely with other members of this group. What happens when you >> need to cite someone else who is using quoted-printable? I think you >> will find your OE6 won't handle it properly. > I think I'm nice enough. I'm not *requiring* others to quote me, and > nobody's required to consider my message. By convention some quoting is needed to give context to a reply, like I'm doing here. > I said that I HAD to change the setting because of a severe > limitation of the newsgroup server that did not allow me to post a > copy of a spam in the spamcop.spam newsgroup (transaction rejected > because of line too long). As stated earlier, you could have posted a tracker. In reply to that, you said: "the tracker is not a solution, because it does not contain the message content". In fact it *does* contain a link to the complete message. Another alternative is to post the spam as a base64 or UUencoded attachment. That way, the original content and format is preserved. > [...] I really disliked that others consider my next message posted > here, and describing the copy of the spam posted in .spam to be > abusive. I wouldn't call it abusive - just a nuisance when parts need to be cited. > [...] Unfortunately, the newsgroup standard has never existed All the more reason to use a simple format which all newsreaders can handle. [snip] > All this discussion is going nowhere. This is out of topic and does > not even address the issue that I wanted to disucss here. [...] What you want to discuss is also off-topic here (not that I mind). From jg at coks.net Sun Dec 18 08:52:45 2005 From: jg at coks.net (jg) Date: Sun Dec 18 11:55:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/18/2005 3:19 AM Steven Maesslein scribbled: > On Sat, 17 Dec 2005 20:39:41 -0800, jg coughed into spamcop and left > this in : > > >>SpamCop tells me this spam is from 12/7, as it says. >>whats spamee doing now, or could the system have lost it for 10 days?? > > > That looks more like just over 5 months to me! > In California, 12/7 is Dec. 7, not July 12. 12M is 12,000, not 12 million. Mike, you probably have a few more... From jeffg at spamcop.net Sun Dec 18 11:42:54 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 18 12:00:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "jg" wrote in message news:do2p27$63f$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z843137878z680ac484063db058a223f47733cded0bz > > SpamCop tells me this spam is from 12/7, as it says. > whats spamee doing now, or could the system have lost it for 10 days?? mail.business.allstream.net ([207.181.89.35]) appears to be one of your Mailhosts, and appears to be running about 10 days, 14 hours, 12 minutes, and 15 seconds behind (or holding your email messages hostage for that period of time). If you are supposed to be receiving email messages through that server, please complain to MTS Allstream Inc about their server. If you are not supposed to be receiving email messages through that server, please remove it from your Mailhosts. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jg at coks.net Sun Dec 18 10:11:15 2005 From: jg at coks.net (jg) Date: Sun Dec 18 13:10:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/18/2005 8:42 AM Jeff G. scribbled: > "jg" wrote in message > news:do2p27$63f$1@news.spamcop.net... > > http://www.spamcop.net/sc?id=z843137878z680ac484063db058a223f47733cded0bz > >>SpamCop tells me this spam is from 12/7, as it says. >>whats spamee doing now, or could the system have lost it for 10 days?? > > > mail.business.allstream.net ([207.181.89.35]) appears to be one of your > Mailhosts, and appears to be running about 10 days, 14 hours, 12 > minutes, and 15 seconds behind (or holding your email messages hostage > for that period of time). If you are supposed to be receiving email > messages through that server, please complain to MTS Allstream Inc about > their server. If you are not supposed to be receiving email messages > through that server, please remove it from your Mailhosts. > No, it is not "1 of" my mailhosts - I have only 1 and that ain't it. Since it isn't '1 of" my mailhosts, I can't remove it. Thoughts? From nobody at nowhere.invalid Sun Dec 18 19:11:14 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 18 13:15:05 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: On Sun, 18 Dec 2005 08:52:45 -0800, jg coughed into spamcop and left this in : > In California, 12/7 is Dec. 7, not July 12. Pretty much everywhere outside the US and Canada it's July 12th. Either way round, it's ambiguous, and you're not writing for a purely Californian audience. Maybe something less ambiguous like 07/DEC or 07/XII (if Roman numerals are used they represent the month) could be used. > 12M is 12,000, not 12 million. 12,000 would be written 12K here and 12M would indeed be 12?10^6. -- Steve "Mothers all want their sons to grow up to be President, but they don't want them to become politicians in the process." -- John F. Kennedy From nobody at nowhere.not Sun Dec 18 18:22:55 2005 From: nobody at nowhere.not (Robert Blair) Date: Sun Dec 18 13:25:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Sun, 18 Dec 2005 11:19:14 UTC, Steven Maesslein wrote: > > I think this thread is a waste of time. Why try to convince someone > > to change their newsreader when yours is broken. Get a program that > > works! > > Mine does work, perfectly well TYVM. > > It is being fed lines of text that it is being told to display on a > single line (quoted printable with line continuations), and it is doing > just that: displaying it on a single line. > > What's broken about that? You are the one complaining that you can not read his messages. I do not have a problem with his messages. So if you do not have the option of having your newsreader wrap the message then I say it is your newsreader that is broken. -- Robert Blair From nobody at xyzzy.claranet.de Sun Dec 18 19:30:58 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 18 13:35:03 2005 Subject: [SpamCop-List] Re: NNTP and Usenet have NO standards, NO compliance can't be claimed References: Message-ID: <43A5AAE2.111A@xyzzy.claranet.de> David Dean wrote: > > Maybe not an internationally recognized standard, but a > hell of a good one to follow. JFTR: That's used as input for the IETF WG USEFOR (USEnet article FORmat). The chances that they ever create new RFCs in 2006 are slightly better than zero... The GNKSA stuff is admittedly at the bottom of the USEFOR prioririties, but some things are clear: MIME as well as RFCs 2822 and 3676 are for all messages, not only mail, and the news format is a proper subset of message/rfc822. There's a SHOULD 78 in chapter 2.1.1 of RFC 2822, and SHOULD generally means "cut your throat before violating it", unless you know what you're doing - e.g. that limit 78 is of course irrelevant for text/html outside of Base64 or QP, and in that case the next limit is a MUST 998. Bye, Frank From nobody at xyzzy.claranet.de Sun Dec 18 19:50:49 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Dec 18 13:55:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: <43A5AF89.3C38@xyzzy.claranet.de> jg wrote: > Thoughts? Your tracker says "Trusted site 207.181.89.35", trusting that mail.business.allstream.net is not FUBAR. But that box is broken and _not_ trustworthy if it queues mail for more than 100 hours. Maybe inform deputies@ that SC's list of "trusted sites" has an erroneous entry 207.181.89.35. Bye, Frank From nobody at nowhere.invalid Sun Dec 18 21:10:48 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 18 15:15:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: On Sun, 18 Dec 2005 18:22:55 +0000 (UTC), Robert Blair coughed into spamcop and left this in : > You are the one complaining that you can not read his messages. I do > not have a problem with his messages. So if you do not have the > option of having your newsreader wrap the message then I say it is > your newsreader that is broken. You may or may not have noticed that I said further up the thread that I *could* get it to wrap, but that it was still awkward to read. Text more than 70-80 characters wide *is* awkward to read in any case. -- Steve Profanity is the one language all programmers know best. From jeffg at spamcop.net Sun Dec 18 15:11:52 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 18 15:30:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A5AF89.3C38@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:43A5AF89.3C38@xyzzy.claranet.de... > inform deputies@ that SC's list of "trusted sites" has > an erroneous entry 207.181.89.35. That's a good idea. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jg at coks.net Sun Dec 18 12:51:17 2005 From: jg at coks.net (jg) Date: Sun Dec 18 15:50:02 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/18/2005 10:11 AM Steven Maesslein scribbled: > On Sun, 18 Dec 2005 08:52:45 -0800, jg coughed into spamcop and left > this in : > > >>In California, 12/7 is Dec. 7, not July 12. > > > Pretty much everywhere outside the US and Canada it's July 12th. Either > way round, it's ambiguous, and you're not writing for a purely > Californian audience. Maybe something less ambiguous like 07/DEC or > 07/XII (if Roman numerals are used they represent the month) could be > used. Ok, this isn't the subject of this group, but have to comment, Steve: Don't know where you are, but the U.S. and Canada represent a lot of the geographic area of 1/2 the literate world, so using the common abbrev used in that area is not anywhere close to ambiguous, your own feelings notwithstanding. And I wasn't addressing California, but I'll assume you were being jocular, as was I. Never /heard/ of using Roman numerals in dates, and I took 4 years of Latin way back when - and if I did, I'd get flack for that from the speakers of non-romance... > > >>12M is 12,000, not 12 million. > > 12,000 would be written 12K here and 12M would indeed be 12?10^6. > That may be so, but after working on Wall St. (actually, Trinity Place and Church St., looking down Wall) since 1968 anyway, mm indicated million in all printed matter, especially bonds. Your feelings on the matter are your feelings - and we don't use the metric system yet either, tho its getting closer.. Hey, we're still in the colonial stage, historically - imagine where we'll be when we get to the age of, say, merry ole England (if we make it there)... From jg at coks.net Sun Dec 18 12:58:29 2005 From: jg at coks.net (jg) Date: Sun Dec 18 16:00:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: <43A5AF89.3C38@xyzzy.claranet.de> References: <43A5AF89.3C38@xyzzy.claranet.de> Message-ID: On 12/18/2005 10:50 AM Frank Ellermann scribbled: > jg wrote: > > >>Thoughts? > > > Your tracker says "Trusted site 207.181.89.35", trusting that > mail.business.allstream.net is not FUBAR. But that box is > broken and _not_ trustworthy if it queues mail for more than > 100 hours. tracker says "Trusted site 207.181.89.35 received mail from 207.181.89.35". At least said trusted site can go from its left hand to the right one, or vice versa. What exactly is that statement saying to me, or anyone? > > Maybe inform deputies@ that SC's list of "trusted sites" has > an erroneous entry 207.181.89.35. > Bye, Frank > Guess I'll do that, as Jeff G. advised as well... Thanks... From MikeE at ster.invalid Sun Dec 18 14:13:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 18 17:15:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Steven Maesslein wrote: > jg >> SpamCop tells me this spam is from 12/7, > That looks more like just over 5 months to me! 'People' including the US and EU countries, shouldn't use dates in ambiguous formats. Ideally, dates would be written in ISO 8601 format, and abbreviated dates would be written in abbreviated ISO 8601 formats. Under those circumstances, 12/7 wouldn't be appropriate for either December 7 or July 12, using English language for the dates, and 7/12 also wouldn't be appropriate for whatever language you wanted to say July 12 or December 7 in either. It is one thing to have some language incompatibilities, it is quite another to have date format incompatibilities. BTW, I am US, and my 'favorite' calendar which is sitting on my desk has the days of the week starting with Monday, and the weeks of the year starting in ISO 8601 style. The next new year's week 1 will start Mon Jan 2. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 18 15:13:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 18 18:15:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Mike Easter wrote: > Ideally, dates would be written in ISO 8601 format, and abbreviated > dates would be written in abbreviated ISO 8601 formats. > > Under those circumstances, 12/7 wouldn't be appropriate for either > December 7 or July 12, using English language for the dates, and 7/12 > also wouldn't be appropriate for whatever language you wanted to say > July 12 or December 7 in either. The business of abbreviating iso 8601 causes more controversy or argument than does writing out the format as YYYY-MM-DD, because if you take the year out, the 'order' of the date and month begins to resemble the US style. The century can be assumed, and the separators are always hyphens, not dots or slashes. So, Dec 7 would be 05-12-07, however, if you are going to assume the year, you are supposed to prepend some dashes, as either --1207 or --12-07. I would also comment that the US military, which once wrote their dates backwards, as 7 Dec 2005, is doing a pretty good job of converting over to ISO forms of year month date instead of date month year. YMD is more logical, to put the year, then the month, then the day/date, just like we do our numbers and alphabetization, with the big end on the left and the little end on the right. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 18 15:19:28 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 18 18:20:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Mike Easter wrote: > The business of abbreviating iso 8601 causes more controversy or > argument than does writing out the format as YYYY-MM-DD, Not the least argument is that iso 8601 is supposed to 'cure' ambiguity. If an iso 8601 date is ambiguous, it hasn't cured anything. > So, Dec 7 would be 05-12-07, That's a problem, obviously. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Dec 19 00:12:53 2005 From: nobody at spamcop.net (Tuatara) Date: Sun Dec 18 19:15:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> Message-ID: <43a5f627.171963359@news.spamcop.net> On Fri, 16 Dec 2005 17:20:27 -0800, "Mike Easter" wrote: >Tuatara wrote: >> "Mike Easter" > >>> A tracker looks like this: > > >If the discussion is still about how come it should pass your high >spamblocker at EL, we can't tell that from the spam, and you would have >to chat with EL tech support while both of you were looking in your >webmail so that any highblocker leakage would be demonstrable to the >chat tech in realtime. > > > >-- >Mike Easter >kibitzer, not SC admin > Wow. Thanks for the information, Mike! Ah, fake Rolexes via Russian hosted sites: mobsters, bar none. Structurally, all of these spam messages that are making it through the high SpamBlocker setting are the same. Only the gibberish "text" contents, forged names, phony e-mail addresses, and e-mail sources change. I've tried all available means of discussing this with Earthlink tech support via: e-mail, online chat, voice (phone), and their online Q&A. With all sincerity, discussing this matter with Earthlink's tech support is like talking with a demented Jabberwalkie. The problem is that Earthlink's support reps are pretty much clueless about solving SpamBlocker problems beyond verifying what the user's settings are. There's no escalation to anyone who knows anything. (One rep told me to set Suspect Email to trash everything every day.) I don't do my own spam blocking as a matter of principle since my ISP should be doing that. Any spam that's not blocked though an ISP is a victory for the spammer. I may abandon that e-mail address--another victory for the spamming mobsters. Like conventional marketers, mobsters, racketeers, and spammers consider the Internet _their_ turf, which is why we also have spyware, fraud, phishing schemes, etc., etc., ad nauseum. From g.hyde at bigpond.net.au Mon Dec 19 10:43:50 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sun Dec 18 19:55:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: "Tuatara" wrote in message news:43a5f627.171963359@news.spamcop.net... Don't abandon it, filter it for known good emails/replies, and SC the rest! Spammers seem to disappear faster if they keep getting reported. > I may abandon that e-mail address--another victory for the spamming > mobsters. Like conventional marketers, mobsters, racketeers, and > spammers consider the Internet _their_ turf, which is why we also have > spyware, fraud, phishing schemes, etc., etc., ad nauseum. If you abandon it, it *will* be a victory for the spammers. However, your email address is not their "turf", and I think you should investigate spamblockers and script filters in order to keep them off your email address. It can be quite effective, even if it does get some spam. -- Cheers ... Geoffrey Hyde From MikeE at ster.invalid Sun Dec 18 17:23:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 18 20:25:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: Tuatara wrote: > "Mike Easter" >> If the discussion is still about how come it should pass your high >> spamblocker at EL > Structurally, all of these spam messages that are making it through > the high SpamBlocker setting are the same. When you say 'making it through' do you mean are being called Suspect instead of Spam, or something else? I don't see how it is possible for something which isn't whitelisted to get into the Inbox. To me, it seems more likely that something is wrong with the configuration of the spamblocked account than something being 'magical' about the spam -- since the account which I have set on high works perfectly. You never did say if you have investigated everything about how the account is setup, most particularly about whitelisting anything. I think I would completely take the spamblocker apart -- completely remove spamblocker alltogether by editing in the My Account section and then sign out. In a different session, log back in to MyAccount and recreate it with the editing function. Then go to the webmail and make sure that there is *nothing* whitelisted, as an address or as a domainname. In that condition, it would seem to me that everything that comes into that account would be in the Spam or the Suspect folder. Nothing in the Inbox. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Dec 19 07:06:58 2005 From: nobody at spamcop.net (Tuatara) Date: Mon Dec 19 02:10:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: <43a65b1d.197809609@news.spamcop.net> On Mon, 19 Dec 2005 10:43:50 +1000, "Geoffrey Hyde" wrote: > >"Tuatara" wrote in message >news:43a5f627.171963359@news.spamcop.net... > >Don't abandon it, filter it for known good emails/replies, and SC the rest! >Spammers seem to disappear faster if they keep getting reported. > >Geoffrey Hyde > As a matter of principle, that's the reason why I have not (at least not yet) abandoned the e-mail account. I don't use that e-mail account for any useful purpose other than reporting spam. That said, I do report all spam the evades the SpamBlocker, but that hasn't stopped that one particular spammer. It's amazing that even spewage via charter.net isn't even blocked by SpamBlocker. Nothing legiimate cames from that spam racketeering host. From nobody at spamcop.net Mon Dec 19 07:15:13 2005 From: nobody at spamcop.net (Tuatara) Date: Mon Dec 19 02:20:02 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: <43a65c49.198110109@news.spamcop.net> On Sun, 18 Dec 2005 17:23:37 -0800, "Mike Easter" wrote: >Tuatara wrote: >> "Mike Easter" > > >To me, it seems more likely that something is wrong with the >configuration of the spamblocked account than something being 'magical' >about the spam -- since the account which I have set on high works >perfectly. > >You never did say if you have investigated everything about how the >account is setup, most particularly about whitelisting anything. > >I think I would completely take the spamblocker apart -- completely >remove spamblocker alltogether by editing in the My Account section and >then sign out. > >In a different session, log back in to MyAccount and recreate it with >the editing function. Then go to the webmail and make sure that there >is *nothing* whitelisted, as an address or as a domainname. In that >condition, it would seem to me that everything that comes into that >account would be in the Spam or the Suspect folder. Nothing in the >Inbox. > Ah, I have long suspected that my account configuration may be corrupted. And in fact, I deleted _everything_ in the Address book, but I could not locate any whitelisted domains. I thought that was odd, since I had thought that I had a few. I've tried to mention that possibility to EL's support reps, and I sensed that that was like shining headlights at a deer in the middle of a road on a dark night. I wonder if EL would let me delete the account, log out, and add it back. My account's settings are to automatically delete "known spam" and to put anything that is not on either my Address Book or whitelisted-domains into the Suspect Email folder. This spammer's spam ends up in the Suspect Email folder--as if SpamBlocker doesn't ever "know" it's spam. From MikeE at ster.invalid Sun Dec 18 23:55:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 02:55:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> <43a65c49.198110109@news.spamcop.net> Message-ID: Tuatara wrote: > My account's settings are to automatically delete "known spam" and to > put anything that is not on either my Address Book or > whitelisted-domains into the Suspect Email folder. This spammer's spam > ends up in the Suspect Email folder--as if SpamBlocker doesn't ever > "know" it's spam. OOhhh! I get it now. You are only seeing the effect of EL's spamblocker not recognizing something as spam. That's nothing! Everyone knows that EL's spamblocker misses spam all the time. That's what everyone complains about. Now I understand that the spamblocker is working as it is supposed to -- you are just seeing the effect of a leaky known spam filter. The concept of the suspect or the high setting is to catch everything which the known spamblocker didn't catch which is very useful for the people who can whitelist all of their mail. Then the problem is how to manage the suspect folder. If it is likely to be getting unknown wanted mail 'often' -- then I would have it send me a summary of its contents daily. If it is very unlikely to be getting unknown wanted mail, then I would have it send me a summary of its contents weekly. The big problem with the suspect folder is that it is going to be full of spam, so digging into it for any stragglers of goodmail would be like diving into the dumpster for something you think you threw away. If you find the management of the suspect folder to be 'tedious' because of those features and the fact that you aren't getting much information about the suspect folder's mail's characteristics -- then you need a 'real' spamfilter instead of a toy one. For my main mail account at EL, as I said, I have the EL spamfilter turned off, because it isn't really very good. I use SpamPal for tagging all of my mail so that its interior has been 'digested' or combed using its blocklists and regex body filter which somewhat resembles SpamAssassin. Alternatively a person could subscribe to a powerful filter like spamcop's -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Dec 19 08:10:02 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 19 03:15:03 2005 Subject: [SpamCop-List] Re: patent-fr References: Message-ID: "Steven Maesslein" wrote in message news:slrndqbgi8.7uq.nobody@127.0.0.1... > > Text more than 70-80 characters wide *is* awkward to read in any case. Not on a 132 column printer - it reads just fine. From MikeE at ster.invalid Mon Dec 19 00:15:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 03:20:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> <43a65c49.198110109@news.spamcop.net> Message-ID: Mike Easter wrote: > Tuatara wrote: >> This spammer's >> spam ends up in the Suspect Email folder--as if SpamBlocker doesn't >> ever "know" it's spam. > If you find the management of the suspect folder to be 'tedious' > because of those features and the fact that you aren't getting much > information about the suspect folder's mail's characteristics -- then > you need a 'real' spamfilter instead of a toy one. > I use SpamPal for tagging all of my mail so that its interior has been > 'digested' or combed using its blocklists and regex body filter which > somewhat resembles SpamAssassin. Incidentally, the spam you posted the tracker for would have been caught by my SpamPal by several different mechanisms, seeing as how the source IP was [and is] listed in CBL and was also listed in spamcop's blocklist at the time of the tracker, but not now -- plus all of the spammish characteristics of the interior. The advantages of a configurable filter such as spampal's or spamcop's or other 'high-powered' filters compared to something like EL's which you don't even know how it is working -- is that you can control the blocklists you are using or even tune up your regex body filter if you like. As a separate issue, there's a little problem with your deleting sight unseen all of your known 'spam' that EL catches. That means that you have no clue as to whether or not EL is making any mistakes in what it catches or identifies as spam. Obviously it makes mistakes on the spam it misses; why would you believe that it doesn't make mistakes on the spam it filters? -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Dec 19 08:18:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 19 03:20:13 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: "Tuatara" wrote in message news:43a5f627.171963359@news.spamcop.net... > On Fri, 16 Dec 2005 17:20:27 -0800, "Mike Easter" > wrote: > > I don't do my own spam blocking as a matter of principle since my ISP > should be doing that. Any spam that's not blocked though an ISP is a > victory for the spammer. > The only problem with that scenario is that, if the customer doesn't even know what their unknown good mail is going to be, how the hell is the ISP supposed to know? One person's spam is another person's wanted newsletter/introduction/mailing list....... I don't want my ISP blocking emails from potential far-eastern business partners thank you very much! From MikeE at ster.invalid Mon Dec 19 00:34:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 03:35:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> <43a65c49.198110109@news.spamcop.net> Message-ID: Mike Easter wrote: > The advantages of a configurable filter such as spampal's or spamcop's > or other 'high-powered' filters compared to something like EL's which > you don't even know how it is working -- is that you can control the > blocklists you are using or even tune up your regex body filter if you > like. What I mean by not knowing how EL's filter is working is that EL's known spam filter is a 'blackbox' which you have no control or configurability of. EL doesn't explain how the filter is formulated, and you can't tighten or loosen it -- with the exceptions of the usage of the high filtering with whitelists, which are very useful, and from domain blacklists which aren't. My understanding is that EL uses Brightmail's technology and filters -- sometimes in the past you could find logos like 'powered by Brightmail' -- but I haven't seen any of those in a while. The concept of an outfit like Brightmail, which I think provides filtering technology for a number of big enterprise level providers, is that Brightmail provides the filters and EL uses them. That makes the controllability of the filters a long way from you -- since we don't even know how much control EL has of the Brightmail filter -- maybe none. Or maybe Brightmail gives the enterprise provider a high and low setting depending upon how 'afraid' the provider is of filtering wanted mail vs how many complaints the provider is getting about a leaky filter. In any case, there's no way that anyone's filter is going to be perfect -- filters leak and filters catch wanted mail. That's what they do. Like concrete is gray and it's hard and it cracks. That's what concrete does. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Mon Dec 19 08:33:22 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 19 04:15:03 2005 Subject: [SpamCop-List] Re: ISP Failure to Block Spam References: <439fd1b2.110153203@news.spamcop.net> <43a0b4f3.5276890@news.spamcop.net> <43a35ee6.2170921@news.spamcop.net> <43a5f627.171963359@news.spamcop.net> Message-ID: "Porpoise" wrote in message news:do5qbt$n70$1@news.spamcop.net... > > "Tuatara" wrote in message > news:43a5f627.171963359@news.spamcop.net... >> On Fri, 16 Dec 2005 17:20:27 -0800, "Mike Easter" >> wrote: > >> >> I don't do my own spam blocking as a matter of principle since my ISP >> should be doing that. Any spam that's not blocked though an ISP is a >> victory for the spammer. >> > > The only problem with that scenario is that, if the customer doesn't even > know what their unknown good mail is going to be, how the hell is the ISP > supposed to know? One person's spam is another person's wanted > newsletter/introduction/mailing list....... I don't want my ISP blocking > emails from potential far-eastern business partners thank you very much! > Sorry, I meant my hosting company - not my ISP. My ISP only provides my broadband connection. From nobody at xyzzy.claranet.de Mon Dec 19 10:39:32 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Mon Dec 19 04:45:32 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: <43A67FD4.790C@xyzzy.claranet.de> Mike Easter wrote: > If an iso 8601 date is ambiguous, it hasn't cured anything. >> So, Dec 7 would be 05-12-07, > That's a problem, obviously. Let's stick to yyyy-mm-dd till 2031. RfC 3339 does a good job to eliminate less common ISO 8601 "features", for starters it has a clear MUST yyyy: http://tools.ietf.org/html/3339#page-4 BTW, it affects not only old US dates, old DE dates dd.mm.yy (or dd.mm.yyyy) are also obsolete. Bye, Frank From porpoise1954 at yahoo.co.uk Mon Dec 19 10:17:11 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Dec 19 05:35:10 2005 Subject: [SpamCop-List] 1&1 Mailservers Down Message-ID: Oh dear! Seems 1&1 are having major problems with their mailservers. Must have been hit with something major, as all their support lines are set to just hang up too! Wonder if it's a Datacentre problem or just a local server problem!?! From jg at coks.net Mon Dec 19 07:27:07 2005 From: jg at coks.net (jg) Date: Mon Dec 19 10:25:03 2005 Subject: [SpamCop-List] Mispelling in parsing report... Message-ID: http://www.spamcop.net/sc?id=z843868481z244ca2317904a4b6b009959d4bb156faz Under the link tracking reports, abuse@cocmor.ru. Looks like spammee work... From jg at coks.net Mon Dec 19 07:40:40 2005 From: jg at coks.net (jg) Date: Mon Dec 19 10:40:02 2005 Subject: [SpamCop-List] Mial host problem? Message-ID: http://www.spamcop.net/sc?id=z843873381zde015582cff744ec70eae99aef7779f9z Been receiving several spams a day from my own ISP - here's the latest. In the past Cox has been critiqued for badly formed headers - might that be the case here? Or is it likely that I am in fact getting spam via their network. I looked at my mailhost setup and it /looks/ ok... Non response from abuse desk beyond autoacks, no surprise there. But I've not gotten spam from them in past 4 years until 4 days ago. The header parse looks correct... From MikeE at ster.invalid Mon Dec 19 08:15:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 11:20:03 2005 Subject: [SpamCop-List] Re: Mispelling in parsing report... References: Message-ID: jg wrote: www.spamcop.net/sc?id=z843868481z244ca2317904a4b6b009959d4bb156faz > > Under the link tracking reports, abuse@cocmor.ru. > Looks like spammee work... The error actually needs to be corrected in ripe whois -h whois.ripe.net 82.138.63.64 ... inetnum: 82.138.63.64 - 82.138.63.71 netname: MNW descr: Network for Collocated equipment of MNW country: RU admin-c: IM1555-RIPE person: Pavel Ilyn e-mail: abuse@cocmor.ru address: Moscow, Russia nic-hdl: IM1555-RIPE -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Dec 19 08:32:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 11:35:04 2005 Subject: [SpamCop-List] Re: Mial host problem? References: Message-ID: jg wrote: www.spamcop.net/sc?id=z843873381zde015582cff744ec70eae99aef7779f9z That is a completely different mailhost configuration than your other post http://www.spamcop.net/sc?id=z843868481z244ca2317904a4b6b009959d4bb156faz > Been receiving several spams a day from my own ISP - here's the > latest. In the past Cox has been critiqued for badly formed headers > - might that be the case here? I would say 'yes'. When your mailhost's headers are screwed up or different from the configured -- it is a problem. Whether or not that cox IP 68.1.16.117 no rDNS 'should' be reported [or rather source] is problematic. It definitely parses as the source, so reporting is one way to bring it to the attention of cox, if they are paying attention.. That is, it should be reported -- whether it is the source or whether it is a cox MTA is hard to tell. > Or is it likely that I am in fact getting spam via their network. > I looked at my mailhost setup and it /looks/ ok... It could be just a spam from within cox. > Non response from abuse desk beyond autoacks, no surprise there. But > I've not gotten spam from them in past 4 years until 4 days ago. > The header parse looks correct... The parse is 'correct' -- the question is whether or not cox is stamping its lines appropriately in the top tracker which is different from your other tracker. The IP is close numerically to some cox output servers, and it is newly listed in spamcop, and it is showing a burst of activity in senderbase. 68.1.16.117 listed in bl.spamcop.net reported system as a source of spam about 70 times delisted automatically in approximately 23 hours. System has been listed for 3.0 days. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 3.4 25987% Last 30d 1.8 647% Average 0.9 monofont for columns -- Mike Easter kibitzer, not SC admin From jg at coks.net Mon Dec 19 13:56:01 2005 From: jg at coks.net (jg) Date: Mon Dec 19 16:55:03 2005 Subject: [SpamCop-List] Re: Mial host problem? In-Reply-To: References: Message-ID: On 12/19/2005 8:32 AM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z843873381zde015582cff744ec70eae99aef7779f9z > > That is a completely different mailhost configuration than your other > post BTSOM how they got changed - I didn't touch anything. Now I totally bewildered - guess its a visit to the mailhost FAQ... > > http://www.spamcop.net/sc?id=z843868481z244ca2317904a4b6b009959d4bb156faz > > > I would say 'yes'. When your mailhost's headers are screwed up or > different from the configured -- it is a problem. Time to ask just how that happens.... > > Whether or not that cox IP 68.1.16.117 no rDNS 'should' be reported [or > rather source] is problematic. It definitely parses as the source, so > reporting is one way to bring it to the attention of cox, if they are > paying attention.. That is, it should be reported -- whether it is the > source or whether it is a cox MTA is hard to tell. > > > The parse is 'correct' -- the question is whether or not cox is stamping > its lines appropriately in the top tracker which is different from your > other tracker. see above... > > The IP is close numerically to some cox output servers, and it is newly > listed in spamcop, and it is showing a burst of activity in senderbase. > > 68.1.16.117 listed in bl.spamcop.net > reported system as a source of spam about 70 times > delisted automatically in approximately 23 hours. > System has been listed for 3.0 days. > > Volume Statistics for this IP > Magnitude Vol Change vs. Average > Last day 3.4 25987% > Last 30d 1.8 647% > Average 0.9 > monofont for columns > When you say system above, does that mean cox or the system which belongs to that IP, which may/may not be cox? Thanks for your patience... From MikeE at ster.invalid Mon Dec 19 15:41:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 19 18:45:02 2005 Subject: [SpamCop-List] Re: Mial host problem? References: Message-ID: jg wrote: > Mike Easter scribbled: >> The IP is close numerically to some cox output servers, and it is >> newly listed in spamcop, and it is showing a burst of activity in >> senderbase. >> >> 68.1.16.117 listed in bl.spamcop.net >> reported system as a source of spam about 70 times >> delisted automatically in approximately 23 hours. >> System has been listed for 3.0 days. That par w/ 'system' is a collection of snippings of SC's words -- it means the IP in this context -- that is, the IP is SCbl listed, has been reported by reporters [and no spamtraps] about 70x in the past week, and has/had currently been listed for 3d > When you say system above, does that mean cox or the system which > belongs to that IP, which may/may not be cox? The IP, which is a cox IP, has been reported to cox and listed because there are plenty of SC reports. -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Mon Dec 19 21:49:20 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Tue Dec 20 00:50:04 2005 Subject: [SpamCop-List] Dutch lottery spam Message-ID: Re: http://www.spamcop.net/sc?id=z844174867z4c2494f7db1c9bb3076218bd3382e9a8z Full spam posted in .spam This one worries me because SpamCop wants to send reports to Yahoo addresses--and I don't mean abuse@ or any other administrative sort of address. (These same addresses are also listed under third party.) This looks especially fishy to me since as far as I can tell the whole thing was actually sent from Hotmail/MSN, yet they *aren't* getting a report. Don't want to send reports to the spammers themselves but don't want to just let this slide either. Any suggestions? Carol Seattle USA From nobody at xyzzy.claranet.de Tue Dec 20 07:07:16 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 20 01:10:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: <43A79F94.7401@xyzzy.claranet.de> caroljean52 wrote: > Any suggestions? Looking at the whois details in your tracker: http://www.spamcop.net/sc?action=showcmd;cmd=whois%20213.185.118.195%40whois.ripe.net It's a set of 64 IPs, at least a small company / ISP. "Vienna Technologies" in NG = Nigeria. Well, those are the Tech-C and Admin-C addresses offered by them. I'd send the reports. Bye From 96q7vwa02 at sneakemail.com Mon Dec 19 21:23:12 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Tue Dec 20 01:30:02 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: "caroljean52" wrote in message news:do8615$ua0$1@news.spamcop.net... > Re: > http://www.spamcop.net/sc?id=z844174867z4c2494f7db1c9bb3076218bd3382e9a8z > You should also report TOS violation at Yahoo for the exposed contact email address dfccbv_van@yahoo.de. It is valid, and Yahoo will terminate the account. mx1.mail.yahoo.com. - 67.28.113.11 [Successful connect: Got a good response [250 recipient ok]] mx1.mail.yahoo.com. - 67.28.113.10 [Could not connect: Could not connect to mail server (timed out).] mx1.mail.yahoo.com. - 4.79.181.15 [Successful connect: Got a good response [250 recipient ok]] mx1.mail.yahoo.com. - 4.79.181.14 [Successful connect: Got a good response [250 recipient ok]] Fred k. From nobody at spamcop.net Mon Dec 19 22:56:57 2005 From: nobody at spamcop.net (Antispam Knight) Date: Tue Dec 20 02:00:02 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in message news:do884q$vit$1@news.spamcop.net... > > "caroljean52" wrote in message > news:do8615$ua0$1@news.spamcop.net... >> Re: >> http://www.spamcop.net/sc?id=z844174867z4c2494f7db1c9bb3076218bd3382e9a8z >> > > You should also report TOS violation at Yahoo for the exposed contact > email address dfccbv_van@yahoo.de. It is valid, and Yahoo will terminate > the account. > > mx1.mail.yahoo.com. - 67.28.113.11 [Successful connect: Got a good > response [250 recipient ok]] > mx1.mail.yahoo.com. - 67.28.113.10 [Could not connect: Could not > connect to mail server (timed out).] > mx1.mail.yahoo.com. - 4.79.181.15 [Successful connect: Got a good > response [250 recipient ok]] > mx1.mail.yahoo.com. - 4.79.181.14 [Successful connect: Got a good > response [250 recipient ok]] > > Fred k. > > You should be aware that yahoo will always return a 250 recipient ok, even for an invalid address. Yahoo accepts the transaction, then bounces it after the smtp. Try your method with a bogus address, such as bogus545644832132@yahoo.com. The only way to verify a yahoo address is to actually send it something (via a throwaway or sneakemail account), then see if it bounces, unlike hotmail, which rejects it at the smtp stage. AK From rene at kabis.org Mon Dec 19 23:45:18 2005 From: rene at kabis.org (=?UTF-8?B?UmVuw6kgS2FiaXM=?=) Date: Tue Dec 20 02:50:03 2005 Subject: [SpamCop-List] SpamCop - Web Service available? Message-ID: Greetings. I submit spam using MailWasher v.5.0, and I am looking for a more efficient method of reporting the spam. I currently have to log in at SpamCop, and use the "Unreported Spam Saved: Report Now", "Send Spam Report(s) Now" tennis-tag-team method to confirm and report spam. I find this to be horrible inefficient, and I am looking to "mash up" my own solution. For this, I need to know if SpamCop provides a web service alternative. That is, is there a SOAP/XML web service by which I could make use of. I would want to create a AJAX project that consumes SOAP/XML feeds straight off of SpamCop. My only current alternative is to use ASP.NET's screen scraping features to "read" out the current pages, search for specific content, and integrate it into my project. This is clunky at best, and highly sensitive to any changes to SpamCop's page structure at worst. Does anyone know of any SOAP/XML web service feeds from SpamCop that I can make use of? A quick look around the public section didn't turn up anything. Sincerely, Ren? Kabis From nobody at devnull.spamcop.net Tue Dec 20 16:57:25 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 20 03:00:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam In-Reply-To: References: Message-ID: Antispam Knight wrote: > "Fred K." <96q7vwa02@sneakemail.com> wrote in message > news:do884q$vit$1@news.spamcop.net... >> "caroljean52" wrote in message >> news:do8615$ua0$1@news.spamcop.net... >>> Re: >>> http://www.spamcop.net/sc?id=z844174867z4c2494f7db1c9bb3076218bd3382e9a8z >>> >> You should also report TOS violation at Yahoo for the exposed contact >> email address dfccbv_van@yahoo.de. It is valid, and Yahoo will terminate >> the account. >> >> mx1.mail.yahoo.com. - 67.28.113.11 [Successful connect: Got a good >> response [250 recipient ok]] >> mx1.mail.yahoo.com. - 67.28.113.10 [Could not connect: Could not >> connect to mail server (timed out).] >> mx1.mail.yahoo.com. - 4.79.181.15 [Successful connect: Got a good >> response [250 recipient ok]] >> mx1.mail.yahoo.com. - 4.79.181.14 [Successful connect: Got a good >> response [250 recipient ok]] >> >> Fred k. >> >> > You should be aware that yahoo will always return a 250 recipient ok, even > for an invalid address. Yahoo accepts the transaction, then bounces it after > the smtp. Try your method with a bogus address, such as > bogus545644832132@yahoo.com. > The only way to verify a yahoo address is to actually send it something (via > a throwaway or sneakemail account), then see if it bounces, unlike hotmail, > which rejects it at the smtp stage. > AK You can always check the profile if the account is active: http://de.profiles.yahoo.com/dfccbv_van From rene at kabis.org Tue Dec 20 00:18:17 2005 From: rene at kabis.org (=?UTF-8?B?UmVuw6kgS2FiaXM=?=) Date: Tue Dec 20 03:20:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Sun, 18 Dec 2005 08:52:45 -0800, jg coughed into spamcop and left > this in : > >>In California, 12/7 is Dec. 7, not July 12. > > Pretty much everywhere outside the US and Canada it's July 12th. Either > way round, it's ambiguous, and you're not writing for a purely > Californian audience. Maybe something less ambiguous like 07/DEC or > 07/XII (if Roman numerals are used they represent the month) could be > used. Actually, in Canada the standard is ddMMyy. The only reason that certain companies do it MMddyy is because they are direct subsidiaries of US companies. In fact, the US is the only country that: Makes official use of AM/PM (the rest of the world is officially 24hr) Royally screws up dates (MMddyy instead of the much more logical ddMMyy) Makes use of Standard measurements in EVERYTHING (even GB is going metric) >>12M is 12,000, not 12 million. > > 12,000 would be written 12K here and 12M would indeed be 12?10^6. > How does one manage to associate 12M with 12,000??? What possible rationale is there? ?M? is the SI unit for Million (10^6) across the entire planet and every branch of Science and Mathematics. It's as simple as that. SI abbreviations: Y - Yotta 10^21 E - Exa 10^18 P - Peta 10^15 T - Tera 10^12 G - Giga 10^9 M - Mega 10^6 k - Kilo 10^3 h - hecto 10^2 da - deka 10^1 **base unit** (grams, metre, second etc.) d - deci 10^-1 c - centi 10^-2 m - milli 10^-3 ? - micro 10^-6 n - nano 10^-9 p - pico 10^-12 f - femto 10^-15 a - atto 10^-18 From jg at coks.net Tue Dec 20 08:26:26 2005 From: jg at coks.net (jg) Date: Tue Dec 20 11:25:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/20/2005 12:18 AM Ren? Kabis scribbled: > How does one manage to associate 12M with 12,000??? What possible > rationale is there? >From the Roman numeral M, which is 1,000. Rational enough for me. I've got a feeling that "logic" or "rational" is in the eyes of the beholder. If you grew up using one date format, it becomes logical to you. I fail to see logic involved between placement of dd and mm and yy. Really makes no diff to me - where does logic come into play? rhetorical question... From MikeE at ster.invalid Tue Dec 20 08:26:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 11:30:02 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: caroljean52 wrote: www.spamcop.net/sc?id=z844174867z4c2494f7db1c9bb3076218bd3382e9a8z > > Full spam posted in .spam > > This one worries me because SpamCop wants to send reports to Yahoo > addresses--and I don't mean abuse@ or any other administrative sort of > address. The yahoo addies are the ripe listed admin and tech contacts for the little .ng IP block called Vienna tech ltd. The parent is intelstat. > (These same addresses are also listed under third party.) > This looks especially fishy to me since as far as I can tell the > whole thing was actually sent from Hotmail/MSN, yet they *aren't* > getting a report. You are correct. The vivienne_0007@msn.com account should be notified to all of the ususal confused notifies abuse@hotmail.com abuse@msn.com > Don't want to send reports to the spammers themselves but don't want > to just let this slide either. Whether you consider the .ng IP block the 'spammer' or not will have to remain a product of your own imagination. I would notify the yahoo addies, the addies associated with the msn account, and the intelstat > suggestions? You have several reasons to justify notifying the tiny .ng netblock's upstream, which is intelsat. inetnum: 213.185.118.192 - 213.185.118.255 netname: INTELSAT-CUST-VIENNA-TECHNOLOGIES-NG remarks: For issues of abuse related to this IP address block, remarks: including spam, please send email to at: remarks: borngirl@yahoo.com remarks: oriagome@yahoo.com route: 213.185.118.0/24 descr: Intelsat Specific route within RIPE LIR allocation abuse@intelsat.com First, the IP doesn't rDNS. Second, Vienna tech ltd doesn't seem to have a domainname for its little 64 IPs block, which is probably a .ng cybercafe. Third, the IP is not only blocklisted in spamcop, but also PBL for hitting spamtraps. Fourth, 4 of its neighbor IPs are also SCbl listed at the time of this posting. 213.185.118.195 listed in bl.spamcop.net SpamCop spam traps users have reported about 60 times past 6.8 days, it has been listed 2 times for a total of 6.6 days 213.185.118.221 213.185.118.223 213.185.118.224 213.185.118.225 are also currently listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 08:45:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 11:45:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: jg wrote: > I've got a feeling that "logic" or "rational" is in the eyes of the > beholder. That is true. The concept of big endian vs little endian pertains. But our numerical or deciaml system is big endian. Not very many such systems are little endian. But the 'people' who don't seem to want to come to some kind of global agreement seem to be the US and some Europeans which are big endian decimal societies. The US isn't even properly metricated, for chrissakes. It is really going to be hard to get it to iso its customary time expressions. > If you grew up using one date format, it becomes logical to > you. I fail to see logic involved between placement of dd and mm and > yy. Really makes no diff to me - where does logic come into play? I consider it, endian-ness, to be 'logic' - but some other terminologies such as 'one dimensional sequencing methods' can be used > rhetorical question... The decimal system is big endian. The ISO time expressing system is big endian. To me, it is 'illogical' for a time expressing system to not be consistently big endian. -- Mike Easter kibitzer, not SC admin From exfenestrate at spammers.invalid Tue Dec 20 09:19:24 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Tue Dec 20 12:20:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: On Tue, 20 Dec 2005 08:45:01 -0800, Mike Easter wrote: > The decimal system is big endian. The ISO time expressing system is big > endian. To me, it is 'illogical' for a time expressing system to not be > consistently big endian. Some places are "big endian" WRT to addresses, as well. City, province, street, building. That sort of thing. OTOH, when people are comfortable with doing things a specific way, inertia sets in, and change can be anywhere from difficult to impossible. I once had a stranger ask me if he could examine my monthly manga anthology. I handed it to him properly oriented. He grasped the book in his left hand and attempted to flip through the pages with his right; it didn't work, of course! ;) He then re-oriented the book so he could grasp the binding with his left hand and flip the pages with his right hand; which brought the back cover to the front. He then rotated the book so the front cover was up, and the binding was in his left hand; which inverted the book. At last he returned the book to the orientation it was in when I handed it to him; but he still couldn't wrap his mind around the fact that a Japanese publication opens opposite (mostly) to a U.S. publication. He returned the book to me, muttering about never being able to understand it. I expect he was referring as much to the reverse orientation of the media as the language. Me, I am flexible. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From porpoise1954 at yahoo.co.uk Tue Dec 20 20:06:29 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 20 15:10:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "jg" wrote in message news:do9b7b$ihr$1@news.spamcop.net... > On 12/20/2005 12:18 AM René Kabis scribbled: > > >> How does one manage to associate 12M with 12,000??? What possible >> rationale is there? > > From the Roman numeral M, which is 1,000. > Rational enough for me. > I've got a feeling that "logic" or "rational" is in the eyes of the > beholder. If you grew up using one date format, it becomes logical to > you. I fail to see logic involved between placement of dd and mm and yy. > Really makes no diff to me - where does logic come into play? > rhetorical question... Start with the smallest unit, then the medium size unit, then the largest unit..... gives you.... dd.mm.yy From MikeE at ster.invalid Tue Dec 20 12:17:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 15:20:06 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Norman Miller wrote: > Mike Easter wrote: > >> The decimal system is big endian. The ISO time expressing system is >> big endian. To me, it is 'illogical' for a time expressing system >> to not be consistently big endian. > > Some places are "big endian" WRT to addresses, as well. City, > province, street, building. That sort of thing. The way the USPS handles the 'jumble' which is the 'traditional' way US people handle their address writing is to 're-address' the postal piece with a human /and/ machine readable zip+9 and a machinereadable 'postnet' encoding, which resembles a bar code and can contain either/any of the options of the five digit ZIP Code (32 bars), a nine digit ZIP + 4 code (52 bars) or an eleven digit Delivery Point code (62 bars) down on the bottom edge of the postalpiece. That 'improved' and bigendian addressing system is machine printed and machine readable by the automated machines encountered along the way after the human who addressed the item has sent it. Naturally things which are bulkrated have to play by stricter rules than those which aren't. I think that if the postal office's optical reading gizmos don't work properly, the item is shunted over for a real actual human eyeball/brain to interpret and stamp the machine code onto. Naturally with the 'overload' at Xmas time, such a manual handling would significantly slow down an item. > OTOH, when people are comfortable with doing things a specific way, > inertia sets in, and change can be anywhere from difficult to > impossible. There have been various studies which have figured out the best way to metricate countries. Guess what; gradually doesn't get it. > Me, I am flexible. The problem is when flexibility collides with ambiguity. That's how we started here, in this particular subthread. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 12:19:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 15:20:18 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Porpoise wrote: > Start with the smallest unit, then the medium size unit, then the > largest unit..... gives you.... dd.mm.yy ... which would be little endian, which seems as illogical and unnatural to me as would be using little endian for a decimal system. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Dec 20 20:27:33 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 20 15:30:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "Mike Easter" wrote in message news:do9p0i$q4p$1@news.spamcop.net... > Porpoise wrote: > >> Start with the smallest unit, then the medium size unit, then the >> largest unit..... gives you.... dd.mm.yy > > ... which would be little endian, which seems as illogical and unnatural > to me as would be using little endian for a decimal system. I wasn't touching the little/big issue, just the logic of going small -> medium -> large - rather than medium -> small -> large. I agree, however, that large -> medium -> small (ISO - yyyy.mm.dd) would be the logical, unambiguous, solution. From nobody at spamcop.net Tue Dec 20 15:54:44 2005 From: nobody at spamcop.net (indigo) Date: Tue Dec 20 15:55:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Mike Easter wrote: > Porpoise wrote: > > > Start with the smallest unit, then the medium size unit, then the > > largest unit..... gives you.... dd.mm.yy > > ... which would be little endian, which seems as illogical and > unnatural to me as would be using little endian for a decimal system. Right. How would $1234.56 look reversed in order? Pretty stupid IMO....and wouldn't scientific notation be impossible? From MikeE at ster.invalid Tue Dec 20 12:58:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 16:00:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Porpoise wrote: > I wasn't touching the little/big issue, just the logic of going small > -> medium -> large - rather than medium -> small -> large. Yes - we agree. Being *ANY* or either kind of endian, big or little, would be better or rather more logical than inconsistent in the order. -- Mike Easter kibitzer, not SC admin From stephenbye at byedesign.freeserve.co.uk Tue Dec 20 21:15:32 2005 From: stephenbye at byedesign.freeserve.co.uk (Stephen Bye) Date: Tue Dec 20 16:20:03 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:dne90v$2ge$1@news.spamcop.net... > > "Berny" wrote in message > news:dne820$1of$1@news.spamcop.net... >> >> "Porpoise" wrote in message >> news:dne432$vbf$1@news.spamcop.net... >>> No, no. It's not S x S x D x D (S squared x D squared) >>> It's S + S, D + D (2 x S, 2 x D) = 2S, 2D >> >> Arrrghghhhh :-\ > > He, he, he.......... > He3, surely? From caroljean52 at yahoo.com Tue Dec 20 13:26:45 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Tue Dec 20 16:30:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "Porpoise" wrote > > Start with the smallest unit, then the medium size unit, then the largest > unit..... gives you.... dd.mm.yy This makes perfect sense to me. However, in daily life I generally use the mm/dd/yy format. And then I started having to deal with computer files with dates for names. The only way to get "chronological = alphabetical" is to do it exactly opposite: yyyy-mm-dd. On the other hand, because of the confusion internationally, genealogists everywhere, who deal with records from all times and places, have standardized dates this way: 20 Dec 2005. Day-month-year. Always four digits for the year. (Well, to be picky, if you go back far enough you can end up with 3-, 2-, or 1 digit years--or even B.C.) Always with the month spelled out, not numbers. And even then you frequently have to specify what calendar was in use when the record was made and adjust accordingly! This whole date issue goes way, way back! Standardization would be nice but I don't think it's going to happen any time soon. (And even it does ever happen, there will always be older records to deal with anyway...) Carol Seattle USA From porpoise1954 at yahoo.co.uk Tue Dec 20 21:50:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Dec 20 16:55:02 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Stephen Bye" wrote in message news:do9s9m$sk0$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dne90v$2ge$1@news.spamcop.net... >> >> "Berny" wrote in message >> news:dne820$1of$1@news.spamcop.net... >>> >>> "Porpoise" wrote in message >>> news:dne432$vbf$1@news.spamcop.net... >>>> No, no. It's not S x S x D x D (S squared x D squared) >>>> It's S + S, D + D (2 x S, 2 x D) = 2S, 2D >>> >>> Arrrghghhhh :-\ >> >> He, he, he.......... >> > He3, surely? Or, if you're Thai 5,5,5,5,5,5,5,5,5,5. http://www.learningthai.com/numbers.html click on 5 to hear the sound and you'll see what I mean..... ;-) From nospam at spammerssuck.com Tue Dec 20 16:44:46 2005 From: nospam at spammerssuck.com (Steve Holmes) Date: Tue Dec 20 17:45:02 2005 Subject: [SpamCop-List] Beware of LARTING NAC.net Message-ID: <43A8895E.A7EDA5EC@spammerssuck.com> http://www.spamcop.net/sc?id=z842013442z1475e124eb39f2dd3e626444e571efb6z (hope this is the type of tracker I've seen posted here) And here is the reply from NetAccess Corporation to my additional LART: "Your abuse complaint entitled "Spam from NAC - 66.246.220.9" has been received. It is being tracked under Trouble Ticket ID : 1625709. We have processed your request, AND we have determined that the IP address (66.246.220.9) has been delegated To: (), email address: (stanleyr (at) mails1.com) [Steve's note: The reply came from that e-mail address] We have forwarded a copy of this complaint To them AND ask that you contact them directly should you have any additional queries." [end of reply] So do I have this right? They sent my complaint to the spammer AND suggest I contact the spammer directly to fight any future spam? Has anyone else ever dealt with this ISP? Grey hat? Black hat? Thank you in advance. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From nospam at spammerssuck.com Tue Dec 20 16:48:47 2005 From: nospam at spammerssuck.com (Steve Holmes) Date: Tue Dec 20 17:50:02 2005 Subject: [SpamCop-List] Boycotting Spam Allies? Message-ID: <43A88A4F.4CF933A4@spammerssuck.com> How much do you let your spamfighting affect your pocketbook? Sprint sells a lot of bandwidth to Chinese spammers, yet Sprint has the best mobile phone deal for my calling habits. I'd prefer not to do business with companies that help spammers, but I'd also like to save $10 a month. I know I'm the only one who can decide what's right for me, and that the Sprint mobile phone people have nothing to do with propagating spam. I'm just curious about how far other people handle similar situations when it's money vs. principle. Thanks in advance. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From MikeE at ster.invalid Tue Dec 20 14:50:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 17:55:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: Patto wrote: > You can always check the profile if the account is active: > http://de.profiles.yahoo.com/dfccbv_van I'm not sure how that works. I went to the English version of Member Directory http://members.yahoo.com/ , but I still don't understand. I don't think that is a place for verifying a yahoo email address, and I know that yahoo servers will say 250 OK to any recipient, real or bogus. -- Mike Easter kibitzer, not SC admin From 1213 at nanonoz.com Tue Dec 20 22:54:30 2005 From: 1213 at nanonoz.com (sidio) Date: Tue Dec 20 17:55:15 2005 Subject: [SpamCop-List] no response from spamcop when submitting spam ! Message-ID: Hi, I have been getting spam for the last week from the same people, but when I send it to spamcop I get no response at all. I sent a test to spamcop and it worked fine. Have spamcop stopped sending a response to submitted spam if the isp concerned does not want spamcop reports sent to them ?. Thanks From MikeE at ster.invalid Tue Dec 20 14:53:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 17:55:21 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: Mike Easter wrote: > Patto wrote: > >> You can always check the profile if the account is active: >> http://de.profiles.yahoo.com/dfccbv_van > > I'm not sure how that works. > > I went to the English version of Member Directory > http://members.yahoo.com/ , but I still don't understand. > > I don't think that is a place for verifying a yahoo email address, > and I know that yahoo servers will say 250 OK to any recipient, real > or bogus. Also, the profile help page sez Note: Some public profiles won't show up in a Member Directory search because the profile owner has not chosen to make the profile publically searchable. http://help.yahoo.com/help/us/md/md-03.html I suppose it might mean something if you found something, but it doesn't mean anything if you don't. -- Mike Easter kibitzer, not SC admin From stephenbye at byedesign.freeserve.co.uk Wed Dec 21 00:14:53 2005 From: stephenbye at byedesign.freeserve.co.uk (Stephen Bye) Date: Tue Dec 20 19:15:04 2005 Subject: [SpamCop-List] Re: Amazing,(OT) References: Message-ID: "Porpoise" wrote in message news:do9uco$u0u$1@news.spamcop.net... > > "Stephen Bye" wrote in message > news:do9s9m$sk0$1@news.spamcop.net... >> >> "Porpoise" wrote in message >> news:dne90v$2ge$1@news.spamcop.net... >>> >>> "Berny" wrote in message >>> news:dne820$1of$1@news.spamcop.net... >>>> >>>> "Porpoise" wrote in message >>>> news:dne432$vbf$1@news.spamcop.net... >>>>> No, no. It's not S x S x D x D (S squared x D squared) >>>>> It's S + S, D + D (2 x S, 2 x D) = 2S, 2D >>>> >>>> Arrrghghhhh :-\ >>> >>> He, he, he.......... >>> >> He3, surely? > > Or, if you're Thai 5,5,5,5,5,5,5,5,5,5. > > http://www.learningthai.com/numbers.html > > click on 5 to hear the sound and you'll see what I mean..... ;-) > Well, LOL, literally! From MikeE at ster.invalid Tue Dec 20 16:18:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 19:20:03 2005 Subject: [SpamCop-List] Re: Beware of LARTING NAC.net References: <43A8895E.A7EDA5EC@spammerssuck.com> Message-ID: Steve Holmes wrote: www.spamcop.net/sc?id=z842013442z1475e124eb39f2dd3e626444e571efb6z > > (hope this is the type of tracker I've seen posted here) That is a proper tracker. It shows a spam sourced from 66.246.220.9 rDNS 343440.ds.nac.net which naming configuration is compatible with the output servers from nac.net and in fact falls into about 27th place in terms of volume output of nac servers. The IP is online, but it rejects a port 25 connection. The headers showed a funky but 'plausible' helo from the server: Received: from 15minserver669 (343440.ds.nac.net [66.246.220.9]) The From is not the same as the source nor the spamvertiser, but the headers don't contain any forged Received lines. The spam alleges subscription and offers a remove. If there were more correlation between source and From and spamvertiser that would be more 'believable'. > And here is the reply from NetAccess Corporation to my additional > LART: > > "Your abuse complaint entitled "Spam from NAC - 66.246.220.9" has been > received. It is being tracked under Trouble Ticket ID : 1625709. > > We have processed your request, AND we have determined that the IP > address > (66.246.220.9) has been delegated To: (), email address: (stanleyr > (at) mails1.com) [Steve's note: The reply came from that e-mail > address] I don't understand what you said/meant in the square brackets there, but the system allows for your report to go to a report address and for a reply to your report to come back blinded to you via SC's reportid address. > We have forwarded a copy of this complaint To them AND ask that you > contact > them directly should you have any additional queries." That is the provider believing that you were a subscribed recipient and believing that you should correspond with the spamsource and believe the content of the spam. That is a provider believing their client, not believing that the item was an optout, and not able to facilitate listwashing for their client and expecting you to cooperate with the spamsource and to not be notifying them about this client's spam. You would call that response - non-responsive - in my words. That is the kind of response which you copy and submit to the provider's upstream. > So do I have this right? They sent my complaint to the spammer AND > suggest I contact the spammer directly to fight any future spam? Has > anyone else ever dealt with this ISP? Grey hat? Black hat? You have it right. You can check your memory bank and make sure that you didn't subscribe to this missive and then send it to the upstream provider. First, the ASN parent for the IP is the same as that provider you notified: whois -h whois.radb.net 66.246.220.9 ... route: 66.246.192.0/19 descr: Net Access Corporation 1719 Route 10 Suite 318 Parsippany, NJ 07054 origin: AS8001 So, then you find the upstream adjacency for the ASN8001 8001 NET-ACCESS-CORP - Net Access Corporation Adjacency: 36 Upstream: 1 Downstream: 35 Upstream Adjacent AS list AS4637 REACH Reach Network Border AS whois -h whois.abuse.net reach.com ... abuse@pccw.com eckung@PCG-GROUP.COM carmen.m.chow@reach.com abuse@telstra.net abuse@reach.com postmaster@reach.com (for reach.com) Reach has a lot of addresses listed in abuse.net, which 'entitles' you to notify all of them. So, when you send copies of this stuff to all of the reach notify addresses for nac being unresponsive, you also include a copy to the nac address so that nac can see you notifying all of those reach people. You also do that from the spammed address, so that nac can see your real address instead of just the spamcop notify addy. If you want to be listwashed, that might do it. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 16:26:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 19:30:03 2005 Subject: [SpamCop-List] Re: Beware of LARTING NAC.net References: <43A8895E.A7EDA5EC@spammerssuck.com> Message-ID: Steve Holmes wrote: > We have processed your request, AND we have determined that the IP > address (66.246.220.9) has been delegated To: (), email address: (stanleyr > (at) mails1.com) [Steve's note: The reply came from that e-mail > address] I meant to say something else too, even tho' I was confused [but I know Steve is you]. mails1.com's MX is a name-services.com server That is the same domainname as the MX for the From: of your spam b2bsmails.com That is, the concept is that the From of your spam was a 'legitimate' From. That increases the likelihood that the spamsystem is more likely to listwash than not. The spamsystem wants to email people and the ones who don't want it can optout. Whether they really optout or not or whether they are just moved onto other lists is for your conjecture. In addition, the spamsystem wants to get the bounces of the To/s so that they can listwash them. These characteristics are in contradistinction to those spammers which use forged Received lines, bogus Froms, abused proxytrojans. This spammer considers hirself to be following the rules of CANSPAM - the 'you can spam' act - so that the spam isn't breaking the canspam law -- no bogosity, an available remove mechanism. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 16:43:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 19:45:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: Steve Holmes wrote: > How much do you let your spamfighting affect your pocketbook? Sprint > sells a lot of bandwidth to Chinese spammers, yet Sprint has the best > mobile phone deal for my calling habits. I'd prefer not to do business > with companies that help spammers, but I'd also like to save $10 a > month. You could spend a little more [time and energy] and be notifying Sprint [email doesn't really count for these notifications] by snailmail and fax if you have it easily accessible -- in which you briefly express your evidence that Sprint isn't a good provider for you because of their spamsupport. What is that evidence? So, it is sortofa 'semi-serious' [because it is snailed or faxed instead of emailed or phoned] quasi-thread to drop the mobile phone service because of some corporate misbehavior. > I know I'm the only one who can decide what's right for me, and that > the Sprint mobile phone people have nothing to do with propagating > spam. I'm just curious about how far other people handle similar > situations when it's money vs. principle. I would assume most people here are pledged to never buy or profit a spammer -- so they aren't shopping their spam for a 'good deal'. I realize that that isn't the same as dropping a provider because you aren't happy with some policy. I dropped a broadband provider because their newsserver was upsetting me and because they developed sloppy antispamsource policies. My current broadband provider has similar sloppy antispamsource policies plus an abusive challenge system which is configurable to be nonoperational. It also has hideous support policies. I 'can't' drop them as a broadband provider because my only choices are RR, EL, & AOL for cable connectivity. RR is who I dropped and EL has some better email options than RR had, and I refuse to use AOL. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 16:56:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 20:00:02 2005 Subject: [SpamCop-List] Re: no response from spamcop when submitting spam ! References: Message-ID: sidio wrote: > I have been getting spam for the last week from the same people, > but when I send it to spamcop I get no response at all. Something isn't clear so I'll state how it works. When you submit a spam to spamcop, your preferences control whether or not you want to hear from only sentient humans, to be defined later. The default configuration is sentient. If you are websubmitting, you approve the notify then and there. If you are email submitting, you get an email reply from SC requiring your web approval for the submission. > I sent a test to spamcop and it worked fine. Naturally I don't know the definition of your 'test'. > Have spamcop stopped sending a response to submitted spam if the > isp concerned does not want spamcop reports sent to them ?. SC has more than one response. There is the response I described above when you email a spam submission. You 'must' always get that response because absent your approval of the report for the item you submitted by email, there isn't any report. SC has no other 'direct to you' responses. However, SC mediates a response from a notified provider to a reportid address. When a sentient-classified provider answers to a reportid address, SC forwards that reportid response to your address. SC deems a provider as sentient by using a challenge response system. In the preferences options for your configuration the explanation sez "SpamCop challenges "administrators" by making them respond to an email to determine if they are people or robots. Only human replies which require action from you are forwarded to your attention by default. - You may override this behavior if you would rather receive every reply, robotic or otherwise. " So, unless you have configured to hear from robots or autoacks, you aren't likely to hear from very many providers. However, you will /always' hear from SC when you mail submit your spam that its tracker URL is ready to be reported. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Dec 21 09:58:09 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 20 20:00:13 2005 Subject: [SpamCop-List] Re: Dutch lottery spam In-Reply-To: References: Message-ID: Mike Easter wrote: > Patto wrote: > >> You can always check the profile if the account is active: >> http://de.profiles.yahoo.com/dfccbv_van > > I'm not sure how that works. > > I went to the English version of Member Directory > http://members.yahoo.com/ , but I still don't understand. > > I don't think that is a place for verifying a yahoo email address, and I > know that yahoo servers will say 250 OK to any recipient, real or bogus. We are talking about different things. I don't know about Yahoo servers and 250, but I know how to check if a profile (Yahoo account) is active, or it has been deleted by Yahoo. If you have an email address like peoplelotte@yahoo.com (from a 419 a few days ago), you can check http://profiles.yahoo.com/peoplelotte if the profile is alive. It was when I reported it to Yahoo; it is not now. International accounts like for dfccbv_van@yahoo.de in yesterday's post you can check at http://de.profiles.yahoo.com/dfccbv_van - obviously it is still active. Similarly sunshinegems50@yahoo.com.hk you'd check at http://hk.profiles.yahoo.com/sunshinegems50 or smithagent2005@yahoo.co.uk at http://uk.profiles.yahoo.com/smithagent2005 It has worked like that since the beginning of time, and I don't see why this method is suddenly supposed not to be reliable. I also don't know what you expect to find at http://members.yahoo.com/ ? As you write on your next post, profiles can be non-searchable. From nobody at devnull.spamcop.net Wed Dec 21 10:24:57 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Dec 20 20:25:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? In-Reply-To: <43A88A4F.4CF933A4@spammerssuck.com> References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: Steve Holmes wrote: > How much do you let your spamfighting affect your pocketbook? Sprint > sells a lot of bandwidth to Chinese spammers, yet Sprint has the best > mobile phone deal for my calling habits. I'd prefer not to do business > with companies that help spammers, but I'd also like to save $10 a > month. > > I know I'm the only one who can decide what's right for me, and that the > Sprint mobile phone people have nothing to do with propagating spam. I'm > just curious about how far other people handle similar situations when > it's money vs. principle. "Chinese spammers" - here we go again. How come that all these Chinese spammers have names like Ralsky, Richter, or Cunningham, and live in Florida rather than Shanghai? You sound like an American; if there is something bad, it must be foreign. Nevermind that most of the world's spam is sent from the United States, the fact that your spammers send it through hijacked computers all over the world is enough to accuse Chinese, Koreans, Japanese, or Brazilians to be the spammers. From MikeE at ster.invalid Tue Dec 20 17:33:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 20 20:35:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: Patto wrote: > Mike Easter wrote: >> Patto wrote: >> >>> You can always check the profile if the account is active: >>> http://de.profiles.yahoo.com/dfccbv_van >> >> I'm not sure how that works. >> >> I went to the English version of Member Directory >> http://members.yahoo.com/ , but I still don't understand. >> >> I don't think that is a place for verifying a yahoo email address, >> and I know that yahoo servers will say 250 OK to any recipient, real >> or bogus. > > We are talking about different things. I don't know about Yahoo > servers and 250, but I know how to check if a profile (Yahoo account) > is active, or it has been deleted by Yahoo. If you have an email > address like peoplelotte@yahoo.com (from a 419 a few days ago), you > can check http://profiles.yahoo.com/peoplelotte if the profile is > alive. It was when I reported it to Yahoo; it is not now. When I was messing with the members link I posted above, it would try to look at a 'profile' just like you posted just above. I go from the above link of mine to the advanced search and then I use advanced search on the email address like you just posted When I do that, I get "Found 0 categories and 0 members" instead of what you get at your profiles link for that username, which is "Sorry, the page you requested was not found". > It has worked like that since the beginning of time, and I don't see > why this method is suddenly supposed not to be reliable. I also don't > know what you expect to find at http://members.yahoo.com/ ? As you > write on your next post, profiles can be non-searchable. If profiles can be non-searchable [I don't know what the word profiles or yahooID means, but I want to mean a yahoo username attached to a yahoo address] then why do you think profiles of yahoo usernameaddresses is a reliable way to check on a username@yahoo.com ? Rather than show me a yahoo addy that doesn't work, show me a yahoo addy that does work, but it can't be someone who has decided to publish their yahoo profile. -- Mike Easter kibitzer, not SC admin From jg at coks.net Tue Dec 20 17:51:53 2005 From: jg at coks.net (jg) Date: Tue Dec 20 20:50:02 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/20/2005 12:06 PM Porpoise scribbled: > > > Start with the smallest unit, then the medium size unit, then the largest > unit..... gives you.... dd.mm.yy > > Well, thats logical to you - never ran into anyone that rationalized dates as such - *I* don't sit around thinking about such - only logic I ever used in dates was when I learned the way a computer computes them and the only issue there was which date one used to start counting. IIRC, dos used one date, Macs used another. C/Unix wasn't within my little world at that time (I /beleive/ C was just being developed then @ Bell Labs...) From nobody at devnull.spamcop.net Tue Dec 20 20:51:25 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Dec 20 20:50:13 2005 Subject: [SpamCop-List] Re: no response from spamcop when submitting spam ! References: Message-ID: "Mike Easter" wrote in message news:doa97c$4nf$1@news.spamcop.net... > However, you will /always' hear from SC when you mail >submit your spam that its tracker URL is ready to be reported. > Only if everything goes right. Something could happen to the email on its way to spamcop; spamcop might not accept it because it is too large; the receiving isp might filter it out There is a User Created FAQ in the Forum on how to troubleshoot the problem: http://forum.spamcop.net/forums/index.php?showtopic=1848 Miss Betsy From mwnospam at comcast.net Tue Dec 20 21:38:52 2005 From: mwnospam at comcast.net (spamacyde) Date: Tue Dec 20 21:40:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Alex Gitlin" wrote in message news:dnb24h$6e1$1@news.spamcop.net... > A lot of spam comes from China. What are the statistics like - are those > spam reports we submit actually useful, are they paying off? (Or do the > Chinese sysadmins simply ignore them?) So far I'm not seeing much > improvement on the amount of spam coming in, but I've only been on Spamcop > for a couple of weeks. > > Alex. > > www.insultmonger.com is useful for constructing a reply to Chinese spam. Now the question is, for addresses ending in .cn / for mainland China, do I want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question with a completely straight face. From nobody at xyzzy.claranet.de Wed Dec 21 05:11:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 20 23:20:02 2005 Subject: [SpamCop-List] Verifying yahoo addresses (was: Dutch lottery spam) References: Message-ID: <43A8D60D.365A@xyzzy.claranet.de> Mike Easter wrote: > I suppose it might mean something if you found something, > but it doesn't mean anything if you don't. If Patto has it right there's another possibility: All active user@yahoo.DOM addreses always have a "profile" http://DOM.profiles.yahoo.com/user If you know the addresss you also know the URL, therefore it's irrelevant if that URL is covered by their "profile search". Besides "profile" pages can be completely empty like http://de.profiles.yahoo.com/dfccbv_van for the active (?) address dfccbv_van@yahoo.de, and searching for this empty profile of course won't work. Apparently there's a special rule for DOM = com, the URL is then http://profiles.yahoo.com/user for user@yahoo.com instead of a clumsy http://com.profiles.yahoo.com/user Maybe there are also special rules for DOM = co.uk and similar domains (?) I'd try to replace say co.uk by uk. Very interesting if Patto has it right, it would allow to verify yahoo addresses without actually sending mail, and that would be a major step forward in the WDPRS business. Bye, Frank From nobody at xyzzy.claranet.de Wed Dec 21 05:29:35 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 20 23:35:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: <43A8DA2F.A8C@xyzzy.claranet.de> =?UTF-8?B?UmVuw6kgS2FiaXM=?= wrote: > How does one manage to associate 12M with 12,000??? What > possible rationale is there? M, mille, roman number for thousand, this year is MMV for popular calendars used in many parts of the world. > ???M??? is the SI unit for Million (10^6) across the > entire planet and every branch of Science and Mathematics. M, mega, as you say 10**6 = (10**3)**2 = 1000*1000 = 1000000 But there's also M: 2**20 = (2**10)**2 = 1024*1024 = 1048576 > It's as simple as that. Well, in theory I know how to decode your UTF-8, it's simple. In practice I'm a bit lazy ;-) Bye, Frank From bill_beyer at excite.cXoYmZ Tue Dec 20 20:39:37 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Tue Dec 20 23:40:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: "Patto" wrote in message news:doaata$5p8$1@news.spamcop.net... > Steve Holmes wrote: > > How much do you let your spamfighting affect your pocketbook? Sprint > > sells a lot of bandwidth to Chinese spammers, yet Sprint has the best > > mobile phone deal for my calling habits. I'd prefer not to do business > > with companies that help spammers, but I'd also like to save $10 a > > month. > > > > I know I'm the only one who can decide what's right for me, and that the > > Sprint mobile phone people have nothing to do with propagating spam. I'm > > just curious about how far other people handle similar situations when > > it's money vs. principle. > > "Chinese spammers" - here we go again. How come that all these Chinese > spammers have names like Ralsky, Richter, or Cunningham, and live in > Florida rather than Shanghai? You sound like an American; if there is > something bad, it must be foreign. Nevermind that most of the world's > spam is sent from the United States, the fact that your spammers send it > through hijacked computers all over the world is enough to accuse > Chinese, Koreans, Japanese, or Brazilians to be the spammers. You'd better do a little more research before you start spouting nationalistic rubbish like that. Ralsky, Richter & Cunningham aren't even in the Top Ten anymore. The Top Ten has names like Panov, Kuvayev, Ibragimov, Pavka and Camargo. Granted they're not Chinese but they're certainly not American either. Yes the US has the most listings in the SBL but China is #2 and their servers are extremely spam friendly. From nobody at xyzzy.claranet.de Wed Dec 21 05:49:20 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Dec 20 23:55:02 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: <43A8DED0.13DB@xyzzy.claranet.de> jg wrote: > I fail to see logic involved between placement of dd and mm > and yy. Really makes no diff to me - where does logic come > into play? rhetorical question... It's quite real and not only rhetorical if you try to sort dates lexicographically: yyyy-mm-dd works, most other formats don't work. For yy instead of yyyy, or formats where you can omit a leading zero, logic could fail miserably. But I'd still say that year is more than month, and month is more than day. Both dd-mm-yy or yy-mm-dd could relect this. mm-dd-yy is tricky, is it a shorthand for MMM dd, yyyy ? The tiny clock on my desktop says Wed Dec 21 05:49:00 2005. Bye From bar_n0ne at hotmail.com Wed Dec 21 08:50:50 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Dec 20 23:55:13 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: "Patto" wrote in message news:doaata$5p8$1@news.spamcop.net... > Steve Holmes wrote: SNIPPED > "Chinese spammers" - here we go again. How come that all these Chinese > spammers have names like Ralsky, Richter, or Cunningham, and live in > Florida rather than Shanghai? You sound like an American; if there is > something bad, it must be foreign. Nevermind that most of the world's > spam is sent from the United States, the fact that your spammers send it > through hijacked computers all over the world is enough to accuse > Chinese, Koreans, Japanese, or Brazilians to be the spammers. Well, mainly because the Chinese happily take their money to provide these guys with bulletproof hosting since they are unable to host their spamvertisements in the US any longer, unless they are willing to pay MCI or Internappies the premium pink rate like the Spur-M and enlargement guy seems to do nowadays. So without the Chinese, Korean and Brazilian collaboration they'd have a hard time selling anything, hence a hard time carrying on spamming. Hosting and name services are the key collaborators, so in that regard I lump Germany (Jokester) and UK (SpewCows) in with the other foreign countries you mention above. of course there are collaborators in the US too, we all know who they are. From nobody at xyzzy.claranet.de Wed Dec 21 06:04:47 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 00:10:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: <43A8E26F.1000@xyzzy.claranet.de> Mike Easter wrote: >> dd.mm.yy > ... which would be little endian, which seems as illogical > and unnatural to me as would be using little endian for a > decimal system. We do little endian from 13 to 19 in languages like en and de, In Arab script (right to left) all decimal numbers are little endian, nothing wrong with that. We use the decimal numbers designed for right-to-left as is in our left-to-right scripts, not exactly natural. -- Frank From MikeE at ster.invalid Tue Dec 20 21:10:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 00:10:16 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses (was: Dutch lottery spam) References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > If Patto has it right there's another possibility: If Patto has it right. Right now there a gap between me and Patto -- where Patto is confident and I haven't yet become convinced. An issue came up just now in nanae that was an ideal circumstance for me to post one [altho' I temporarily and now I see secondarily screwed it up] -- which will invite someone who is watching in nanae to confirm or deny or even correct me -- since I spouted that I denied the veracity of it. The example I posted, /after/ correction was http://profiles.yahoo.ca/LamontJaramillocymety but I didn't handle your DOM rule for that properly. By your rule, it should have been http://ca.profiles.yahoo.com/LamontJaramillocymety which also doesn't resolve in this case > Maybe there are also special rules for DOM = co.uk and > similar domains (?) I'd try to replace say co.uk by uk. > > Very interesting if Patto has it right, it would allow to > verify yahoo addresses without actually sending mail, and > that would be a major step forward in the WDPRS business. It would be great if Patto were right, but I remain skeptical until I've seen something 'real'. There's a Missouri 'Show me' In fact, I just now looked up the background: // Missouri became known as the Show Me State in 1899, when Congressman Willard D. Vandiver said: "I come from a country that raises corn and cotton and cockleburs and Democrats, and frothy eloquence neither convinces nor satisfies me. I'm from Missouri. You've got to show me." // -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Wed Dec 21 09:12:55 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 21 00:15:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "spamacyde" wrote in message news:doaf7r$88f$1@news.spamcop.net... > SNIPPED > > www.insultmonger.com is useful for constructing a reply to Chinese spam. > Now the question is, for addresses ending in .cn / for mainland China, do I > want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question > with a completely straight face. Trade you answers: 1) Mandarin is the "Official" Language of the PRC, all of it. 2) While insults will vary, Chinese, being ideographic, the same message should produce the same (or essentially the same) text in all Chinese languages provided you are not using the phonetic symbols. for this question How would I suggest they are (pejorative relating to eyes omitted) monkeys working the begging bowl for a spammer? (in Mandarin) :-) From nospam at spammerssuck.com Tue Dec 20 23:35:26 2005 From: nospam at spammerssuck.com (Steve Holmes) Date: Wed Dec 21 00:40:04 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: <43A8E99E.73F1C243@spammerssuck.com> Patto wrote: > (snip) > "Chinese spammers" - here we go again. How come that all these Chinese > spammers have names like Ralsky, Richter, or Cunningham, and live in > Florida rather than Shanghai? You sound like an American; if there is > something bad, it must be foreign. And exactly how well do you know me? You sound like someone who believes if there's something bad, it must be American. Geez, can't we all get along? I expect many of the spammers working through Chinese ISPs are American, but the bottom line **for the purposes of my original question** is that the Chinese ISPs and the American company Sprint are tossing aside ethical considerations to bring this crap to me. Mike, thank you for your input on my ethical question. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From MikeE at ster.invalid Tue Dec 20 21:35:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 00:40:17 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8E26F.1000@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: > >>> dd.mm.yy > >> ... which would be little endian, which seems as illogical >> and unnatural to me as would be using little endian for a >> decimal system. > > We do little endian from 13 to 19 in languages like en and de, If you mean the number names such as xxx-teens for English, I seem to recall that German puts the digits before the tens in the names of a lot more numbers than just those teens, like vier und zwanzig > In Arab script (right to left) all decimal numbers are little > endian, nothing wrong with that. We use the decimal numbers > designed for right-to-left as is in our left-to-right scripts, > not exactly natural. '/designed/ for right to left?' As if the shape of a 9 or a 6 or a 3 was 'designed' to 'flow' from right to left? I never heard of such a thing. -- Mike Easter kibitzer, not SC admin From nospam at spammerssuck.com Tue Dec 20 23:37:17 2005 From: nospam at spammerssuck.com (Steve Holmes) Date: Wed Dec 21 00:40:24 2005 Subject: [SpamCop-List] Re: Beware of LARTING NAC.net References: <43A8895E.A7EDA5EC@spammerssuck.com> Message-ID: <43A8EA0D.5805BA@spammerssuck.com> Mike Easter wrote: > Steve Holmes wrote: > www.spamcop.net/sc?id=z842013442z1475e124eb39f2dd3e626444e571efb6z > > > > (hope this is the type of tracker I've seen posted here) > > That is a proper tracker. It shows a spam sourced from 66.246.220.9 > rDNS 343440.ds.nac.net which naming configuration is compatible with the > output servers from nac.net and in fact falls into about 27th place in > terms of volume output of nac servers. The IP is online, but it rejects > a port 25 connection. > > The headers showed a funky but 'plausible' helo from the server: > > Received: from 15minserver669 (343440.ds.nac.net [66.246.220.9]) > > The From is not the same as the source nor the spamvertiser, but the > headers don't contain any forged Received lines. The spam alleges > subscription and offers a remove. If there were more correlation > between source and From and spamvertiser that would be more > 'believable'. > > > And here is the reply from NetAccess Corporation to my additional > > LART: > > > > "Your abuse complaint entitled "Spam from NAC - 66.246.220.9" has been > > received. It is being tracked under Trouble Ticket ID : 1625709. > > > > We have processed your request, AND we have determined that the IP > > address > > (66.246.220.9) has been delegated To: (), email address: (stanleyr > > (at) mails1.com) [Steve's note: The reply came from that e-mail > > address] > > I don't understand what you said/meant in the square brackets there, but > the system allows for your report to go to a report address and for a > reply to your report to come back blinded to you via SC's reportid > address. > > > We have forwarded a copy of this complaint To them AND ask that you > > contact > > them directly should you have any additional queries." > > That is the provider believing that you were a subscribed recipient and > believing that you should correspond with the spamsource and believe the > content of the spam. That is a provider believing their client, not > believing that the item was an optout, and not able to facilitate > listwashing for their client and expecting you to cooperate with the > spamsource and to not be notifying them about this client's spam. > > You would call that response - non-responsive - in my words. That is > the kind of response which you copy and submit to the provider's > upstream. > > > So do I have this right? They sent my complaint to the spammer AND > > suggest I contact the spammer directly to fight any future spam? Has > > anyone else ever dealt with this ISP? Grey hat? Black hat? > > You have it right. You can check your memory bank and make sure that > you didn't subscribe to this missive and then send it to the upstream > provider. > > First, the ASN parent for the IP is the same as that provider you > notified: > > whois -h whois.radb.net 66.246.220.9 ... > route: 66.246.192.0/19 > descr: Net Access Corporation > 1719 Route 10 > Suite 318 > Parsippany, NJ 07054 > origin: AS8001 > > So, then you find the upstream adjacency for the ASN8001 > > 8001 NET-ACCESS-CORP - Net Access Corporation > Adjacency: 36 Upstream: 1 Downstream: 35 > > Upstream Adjacent AS list > AS4637 REACH Reach Network Border AS > > whois -h whois.abuse.net reach.com ... > abuse@pccw.com eckung@PCG-GROUP.COM carmen.m.chow@reach.com > abuse@telstra.net abuse@reach.com postmaster@reach.com (for > reach.com) > > Reach has a lot of addresses listed in abuse.net, which 'entitles' you > to notify all of them. So, when you send copies of this stuff to all of > the reach notify addresses for nac being unresponsive, you also include > a copy to the nac address so that nac can see you notifying all of those > reach people. > > You also do that from the spammed address, so that nac can see your real > address instead of just the spamcop notify addy. If you want to be > listwashed, that might do it. > > -- > Mike Easter > kibitzer, not SC admin Thank you, Mike. You are my spamfighting MVP. -- Steve Holmes Executive Producer "The New Ball Game" "RailFAN" 319-337-9507 From MikeE at ster.invalid Tue Dec 20 21:47:45 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 00:50:02 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: Berny wrote: > 1) Mandarin is the "Official" Language of the PRC, all of it. I was just reading some stuff about China the other day, and something I read about languages surprised me. Let me see if i can find it. OK. I've got it. It would be too much to put the whole thing, so I'll do some extractions to get the essence in a little space. The Han speak several mutually unintelligible tongues, [..] spoken variants are usually not written; the exception is Standard Cantonese,[..] The different ethnic groups in China speak a great variety of languages, called the Zhongguo Yuwen meaning "languages of China". These languages span six linguistic families and most of them are dissimilar morphologically and phonetically.[...] Hi-rez map of chinese linguistic groups: http://upload.wikimedia.org/wikipedia/en/5/55/China_linguistic_map.jpg So, while Mandarin is official and pervasive, the people are busy speaking lots of different mutually unintelligible 'tongues' which are not called dialects but instead are called 'topolects' or local languages. -- Mike Easter kibitzer, not SC admin From jg at coks.net Tue Dec 20 22:27:05 2005 From: jg at coks.net (jg) Date: Wed Dec 21 01:25:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. In-Reply-To: References: Message-ID: On 12/20/2005 12:58 PM Mike Easter scribbled: > Yes - we agree. Being *ANY* or either kind of endian, big or little, > would be better or rather more logical than inconsistent in the order. > > Right, bye, jg From jg at coks.net Tue Dec 20 22:51:29 2005 From: jg at coks.net (jg) Date: Wed Dec 21 01:50:04 2005 Subject: [SpamCop-List] Do You Yahoo? Message-ID: http://www.spamcop.net/sc?id=z844711907z2b046c27829f002fb04c79cced71dc62z From jg at coks.net Tue Dec 20 22:57:34 2005 From: jg at coks.net (jg) Date: Wed Dec 21 02:00:03 2005 Subject: [SpamCop-List] Re: Spam from China In-Reply-To: References: Message-ID: On 12/20/2005 9:47 PM Mike Easter scribbled: > Berny wrote: > > >>1) Mandarin is the "Official" Language of the PRC, all of it. > > > I was just reading some stuff about China the other day, and something I > read about languages surprised me. > > Let me see if i can find it. > > OK. I've got it. It would be too much to put the whole thing, so I'll > do some extractions to get the essence in a little space. > > The Han speak several mutually unintelligible tongues, [..] spoken > variants are usually not written; the exception is Standard > Cantonese,[..] The different ethnic groups in China speak a great > variety of languages, called the Zhongguo Yuwen meaning "languages of > China". These languages span six linguistic families and most of them > are dissimilar morphologically and phonetically.[...] > > Hi-rez map of chinese linguistic groups: > > http://upload.wikimedia.org/wikipedia/en/5/55/China_linguistic_map.jpg > > So, while Mandarin is official and pervasive, the people are busy > speaking lots of different mutually unintelligible 'tongues' which are > not called dialects but instead are called 'topolects' or local > languages. > Sounds like just your kind of place, Mike... From MikeE at ster.invalid Tue Dec 20 22:55:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 02:00:18 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8E26F.1000@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > In Arab script (right to left) all decimal numbers are little > endian, nothing wrong with that. Arabic and Hebrew are written right to left, but those languages write the decimal 'arabic' numbers left to right, so it is a mixed directional written language in that sense. "numbers are written with the most significant digit positioned left-most." http://www.i18nguy.com/MiddleEastUI.html > We use the decimal numbers > designed for right-to-left as is in our left-to-right scripts, > not exactly natural. They aren't even Arabic numerals. // What are known in English as "Arabic numerals" were neither invented nor widely used by the Arabs. Instead, they were developed in India by the Hindus around 400 BC. However, because it was Arabs who transmitted this system to the West after the Hindu numerical system found its way to Persia, the numeral system became known as "Arabic". Arabs themselves call the numerals "Indian numerals," and they use their own distinct set of Arabic symbols for numerals. // http://en.wikipedia.org/wiki/Arabic_numerals The article goes on to describe the origins of the numerals and how they got to Persia from India. Subsequently went further west. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Dec 20 23:24:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 02:25:03 2005 Subject: [SpamCop-List] Re: Do You Yahoo? References: Message-ID: jg wrote: www.spamcop.net/sc?id=z844711907z2b046c27829f002fb04c79cced71dc62z I'm not sure I understand that. That is, I'm not perceiving a scam gig. The payload concept is that you are supposed to call the 800 number of the real company Health Care America at its 800# at the extension of some Micah Penny who must surely be there. There's no website in the spam, but they have one http://hcabenefits.net/index.html If you look around the web, you can find some complaints, but I can't see thru' a scam here -- it looks like someone who is employed by the company is promoting the company's product by sending you an email thru' the yahoo webmailer accessing it from their DSL account at Bellsouth. Very curious. Not that you should read your spam's body content until you have explored its headers, but it sez "am not sure if you are the customer that went to www.google.com or www.yahoo.com and typed in ADOVA HEALTH and had confusion with the on line enrollment process? " The other possibility that comes to mind is that maybe someone forge inquired for you. -- Mike Easter kibitzer, not SC admin From jg at coks.net Tue Dec 20 23:42:50 2005 From: jg at coks.net (jg) Date: Wed Dec 21 02:45:03 2005 Subject: [SpamCop-List] Re: Do You Yahoo? In-Reply-To: References: Message-ID: On 12/20/2005 11:24 PM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z844711907z2b046c27829f002fb04c79cced71dc62z > > I'm not sure I understand that. That is, I'm not perceiving a scam gig. > > The payload concept is that you are supposed to call the 800 number of > the real company Health Care America at its 800# at the extension of > some Micah Penny who must surely be there. > > There's no website in the spam, but they have one > http://hcabenefits.net/index.html > > If you look around the web, you can find some complaints, but I can't > see thru' a scam here -- it looks like someone who is employed by the > company is promoting the company's product by sending you an email thru' > the yahoo webmailer accessing it from their DSL account at Bellsouth. > > Very curious. > > Not that you should read your spam's body content until you have > explored its headers, but it sez "am not sure if you are the customer > that went to www.google.com or www.yahoo.com and typed in ADOVA HEALTH > and had confusion with the on line enrollment process? " > > The other possibility that comes to mind is that maybe someone forge > inquired for you. > > Thanks for falling on your sword and reading the spam - it took me awhile to figure out just where you were coming from. Alas, I was just referring to all of yaHoo's contacts shown in a single report, mundane speculation to your ilk... From nobody at devnull.spamcop.net Wed Dec 21 17:14:33 2005 From: nobody at devnull.spamcop.net (Patto) Date: Wed Dec 21 03:15:02 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? In-Reply-To: <43A8E99E.73F1C243@spammerssuck.com> References: <43A88A4F.4CF933A4@spammerssuck.com> <43A8E99E.73F1C243@spammerssuck.com> Message-ID: Steve Holmes wrote: > Patto wrote: > >> (snip) >> "Chinese spammers" - here we go again. How come that all these Chinese >> spammers have names like Ralsky, Richter, or Cunningham, and live in >> Florida rather than Shanghai? You sound like an American; if there is >> something bad, it must be foreign. > > And exactly how well do you know me? > > You sound like someone who believes if there's something bad, it must be > American. Geez, can't we all get along? I expect many of the spammers working > through Chinese ISPs are American, but the bottom line **for the purposes of > my original question** is that the Chinese ISPs and the American company > Sprint are tossing aside ethical considerations to bring this crap to me. I do not know you, and I did not mean my response to be a personal attack on you. What I resent is that for years and years I see the same expressions thrown around in this group "cut off China from the Internet and the spam problem is solved"; "cut all of Asia off the Internet and there will be no more spam." I receive about 1 spam from China in a month; most of the rest originates in the U.S. of A. I know that your original question was reasonable; I just stopped reading at the term "Chinese spammers". From MikeE at ster.invalid Wed Dec 21 01:03:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 04:05:04 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> <43A8E99E.73F1C243@spammerssuck.com> Message-ID: Patto wrote: > I receive about 1 spam from China in a month; most of the rest > originates in the U.S. of A. Most of the spam I see originates/ is sourced/ from abused proxies all over the world -- that doesn't define how the spam comes about, but which user IPs in the .us .cn .kr and everywhere else have become zombie trojans to serve as spamsources. A great deal of spam has spamvertisers whose webspace is derived from .cn providers who are unresponsive. Spamhaus has a big list of ROKSO spammers and beside each rokso is an assigned country. The top of the list is Alan Ralsky who is assigned as a US spamgang and many other gangs are called US. Spamhaus also has a writeup of Alan Ralksy here http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK1290 In that writeup it describes the role of the .cn providers for Ralsky's operation - and others. "Nowadays Ralsky hosts 'offshore' in China to evade US authorities. But the offshore hosts are soon blocked and terminated so he's forced to hop from one Chinese provider to the next like most of the spam gangs." > I know that your original question was reasonable; I just stopped > reading at the term "Chinese spammers". There is a big problem with .cn spamvertiser providers and their unresponsiveness. -- Mike Easter kibitzer, not SC admin From nobody at xyzzy.claranet.de Wed Dec 21 10:02:00 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 04:05:14 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8E26F.1000@xyzzy.claranet.de> Message-ID: <43A91A08.1BA5@xyzzy.claranet.de> Mike Easter wrote: > German puts the digits before the tens in the names of a lot > more numbers than just those teens, like vier und zwanzig Yes, from 13 to 99, strange, but not worse than the French 80. > '/designed/ for right to left?' If you read decimal numbers from right to left you immediately know that the first digit is 0..9, the second adds 10..90, etc. If you read it left to right you need an "algorithm" to decode it, the first digit is the most significant. You'll only know "how" significant it is until you've reached the last digit. Not the same situation as for the "endinanness" of numbers in computers, because there you normally work with fixed lengths like say 64 bits (16 hex. digits). [in your other article] > http://www.i18nguy.com/MiddleEastUI.html Yes, their written numbers look precisely like our numbers. But their general direction is right to left, so what's "big endian" for us is "little endian" for them: | Although text is written from right-to-left, numbers are | generally written the same way as with left-to-right | languages. That is, numbers are written with the most | significant digit positioned left-most. [...] | Although Arabic text is written right-to-left, numbers are | written the same way as in left-to-right languages, with the | most significant digit on the left. So the number 123 (one | hundred and twenty three) is written ١٢٣ | ("123", not "321"). I _think_ that's just expressed awkwardly, and they write: tfel <- ot <- thgir <- 1 <- 2 <- 3 <- tfel <- ot <- thgir So the result is how we know it for the number, but the first written digit is 3, then 2, then 1, right to left. Maybe I'm wrong, convince me... ;-) We could also ask Tex, he's one of the Unicode / I18N / language / script experts. > http://en.wikipedia.org/wiki/Arabic_numerals Yeah, they didn't invent it: | The numeral system came to be known to both the Persian | mathematician Al-Khwarizmi, whose book On the Calculation | with Hindu Numerals written about 825, and the Arab | mathematician Al-Kindi, who wrote four [...] I didn't know that the word "Algebra" is derived from the title of this book written by Al-Khwarizmi, but I knew that the word http://en.wikipedia.org/wiki/Algorithm is derived from his name (Al-Khwarizmi). After some digging I found "all lndic scripts run left to right". OTOH I also found that the Persian script is based on Arab, also used for some time in India, Okay, beats me, no idea what the "original endianness" of the decimal numbers was. For Al-Khwarizmi probably right-to-left little endian. Bye, Frank From porpoise1954 at yahoo.co.uk Wed Dec 21 09:24:30 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Dec 21 04:25:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "spamacyde" wrote in message news:doaf7r$88f$1@news.spamcop.net... > > www.insultmonger.com is useful for constructing a reply to Chinese spam. > Now the question is, for addresses ending in .cn / for mainland China, do > I > want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question > with a completely straight face. Hmmm....... Manderine??........ Is that some variety like Tangerine? Or did you mean the language, Mandarin? In which case, that's the one I'd go for, as it's the one they all learn in school. From MikeE at ster.invalid Wed Dec 21 01:54:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 04:55:37 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8E26F.1000@xyzzy.claranet.de> <43A91A08.1BA5@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Mike Easter wrote: >> '/designed/ for right to left?' > > If you read decimal numbers from right to left you immediately > know that the first digit is 0..9, the second adds 10..90, etc. > > If you read it left to right you need an "algorithm" to decode > it, the first digit is the most significant. You'll only know > "how" significant it is until you've reached the last digit. Ha ha. No no no. Us humans aren't computers that read a several digit number one digit at a time. Us humans look at the whole number and know how many digits it has and that's how we know that the first digit is, say hundreds. > Not the same situation as for the "endinanness" of numbers in > computers, because there you normally work with fixed lengths > like say 64 bits (16 hex. digits). The computer needs some kind of help to know, such as fixed lengths. We humans often need some help too, crude help like commas. Or, we just throw up our eyeballs/hands and use scientific notation. How come I said we humans down here and us humans twice up there? Hmm. It just came naturally and I'm going to leave it up there. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Dec 21 12:11:30 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 21 06:15:15 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: On Tue, 20 Dec 2005 08:45:01 -0800, Mike Easter coughed into spamcop and left this in : > The US isn't even properly metricated, for chrissakes. Not only that but a US gallon is not the same thing as a gallon elsewhere. As a child I was always taught that "a pint of pure water weighs a pound and a quarter", ie: 20oz, and that a gallon was 8 pints. Converting that over to metric, one gallon is approx. 4.5 litres. However, a US gallon is nearer 3.5 litres. So what went wrong? -- Steve Some days you are the bug; some days you are the windshield. From nobody at devnull.spamcop.net Wed Dec 21 06:18:00 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Dec 21 06:20:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: "Steve Holmes" wrote in message news:43A88A4F.4CF933A4@spammerssuck.com... >I'm just curious about how far other people handle similar situations >when it's money vs. principle. As in anything else, some will sacrifice a lot and others rationalize that it doesn't make a lot of difference. But, in the end, it will be the consumer who will turn the tide against spam. One person objecting with their pocketbook won't, IMHO, do much. However, if there were someone like Ralph Nader to get the ball rolling and publicize how sprint and others are not doing anything to stop spam, something might happen. There is a book about the Turning Point that might interest you. Miss Betsy From nobody at nowhere.invalid Wed Dec 21 12:19:12 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 21 06:20:13 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: Message-ID: On Mon, 19 Dec 2005 10:17:11 -0000, Porpoise coughed into spamcop and left this in : > Oh dear! Seems 1&1 are having major problems with their mailservers. Pumping out a little too much spam for them to handle, maybe? :) -- Steve Don't be irreplaceable. If you can't be replaced, you can't be promoted. From bar_n0ne at hotmail.com Wed Dec 21 15:52:16 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 21 06:55:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "Steven Maesslein" wrote in message news:slrndqie32.43h.nobody@127.0.0.1... > On Tue, 20 Dec 2005 08:45:01 -0800, Mike Easter coughed into spamcop and > left this in : > > > The US isn't even properly metricated, for chrissakes. > > Not only that but a US gallon is not the same thing as a gallon > elsewhere. > > As a child I was always taught that "a pint of pure water weighs a pound > and a quarter", ie: 20oz, and that a gallon was 8 pints. > > Converting that over to metric, one gallon is approx. 4.5 litres. > However, a US gallon is nearer 3.5 litres. So what went wrong? Around the time of the US revolt, thte Brits went "metric", and the gallon was redefined as 10lbs of water. Other standards were also changed which is why the American foot is slightly different from imperial. (Surveyors know this). At that time the official position of the US was that it would go metric and there are references to that in some of the early legislation and perhaps even the constitution, so there was no point in following Imperial standards, if they were going to go "French" so to speak, and besides, at that time they "warn't gonna do like England nohow". From bar_n0ne at hotmail.com Wed Dec 21 15:53:23 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Dec 21 06:55:15 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: Message-ID: "Steven Maesslein" wrote in message news:slrndqiehg.43h.nobody@127.0.0.1... > On Mon, 19 Dec 2005 10:17:11 -0000, Porpoise coughed into spamcop and > left this in : > > > Oh dear! Seems 1&1 are having major problems with their mailservers. > > Pumping out a little too much spam for them to handle, maybe? :) Who are 1&1?. From nobody at nowhere.invalid Wed Dec 21 13:25:07 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 21 07:30:01 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: Message-ID: On Wed, 21 Dec 2005 15:53:23 +0400, Berny coughed into spamcop and left this in : >> > Oh dear! Seems 1&1 are having major problems with their mailservers. >> >> Pumping out a little too much spam for them to handle, maybe? :) > > Who are 1&1?. Schlund. -- Steve The journey of a thousand miles begins with a broken fan belt and a leaky tyre. From exfenestrate at spammers.invalid Wed Dec 21 04:58:14 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 08:00:04 2005 Subject: [SpamCop-List] Re: Do You Yahoo? References: Message-ID: On Tue, 20 Dec 2005 23:42:50 -0800, jg wrote: > Thanks for falling on your sword and reading the spam - it took me > awhile to figure out just where you were coming from. Alas, I was just > referring to all of yaHoo's contacts shown in a single report, mundane > speculation to your ilk... Actually, you only posted a link, with a vague comment in the Subject line. What did it mean? From where I stand, Yahoo! is the conduit, the Bellsouth customer is the spammer. Reports should go to both Yahoo!, to get the spammer's Yahoo! account terminated (hopefully), and to Bellsouth, so BS can take whatever TOS enforcement that they are inclined to impose upon their customer. If Yahoo! doesn't want to accept SpamCop reports, feel free to complain to them directly on your own dime. I do that all of the time, when SC either can't, or won't forward notifies. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Wed Dec 21 05:09:21 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 08:10:02 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: <1cao8ryv4cgaz.dlg@grc-is-valid.aosake.net> On Tue, 20 Dec 2005 16:57:25 +0900, Patto wrote: > You can always check the profile if the account is active: > http://de.profiles.yahoo.com/dfccbv_van Or not... http://profiles.yahoo.com/hard2findanamenotused -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Wed Dec 21 05:20:56 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 08:25:03 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: On Wed, 21 Dec 2005 05:11:57 +0100, Frank Ellermann wrote: > Maybe there are also special rules for DOM = co.uk and > similar domains (?) I'd try to replace say co.uk by uk. http://profiles.yahoo.co.jp/xxxxxx It works for my email account, there. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Wed Dec 21 05:53:34 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 08:55:03 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: On Wed, 21 Dec 2005 05:20:56 -0800, Norman Miller wrote: > On Wed, 21 Dec 2005 05:11:57 +0100, Frank Ellermann wrote: >> Maybe there are also special rules for DOM = co.uk and >> similar domains (?) I'd try to replace say co.uk by uk. > http://profiles.yahoo.co.jp/xxxxxx > > It works for my email account, there. Following your example of self replies. I was reluctant to give up an example from which a working email address can be derived; but Yahoo! Profiles can also consist of an ID which is not the username part of an email address. So here is a working link to such a profile overseas: http://profiles.yahoo.co.jp/weirdnessisfun And an SBC Yahoo! DSL Service account: http://profiles.yahoo.com/hard2findanamenotused I created both as "Proofs of Concept"; the concept being the revelation of the email address of the sending account in the message headers. Here are a pair of trackers, one for each of the Yahoo! accounts I am testing this with. http://www.spamcop.net/sc?id=z844857899zfdc7bba70ef534ff74b0afa83777e60az http://www.spamcop.net/sc?id=z844859810z56fac4a633abdee520956d183d84a7eaz I used my non-mailhosted SpamCop reporting account for those. I would point out that a Yahoo! user normally would log in to their appropriate SMTP server (smtp.mail.yahoo.co.jp for the first one, and smtp.pacbell.yahoo.com for the second one, of my two examples) using either the username part of their email address (for @yahoo.com, @yahoo.co.jp, etc.), or their full email address (for @pacbell.net). However, if one creates at least one additional Yahoo! Profile ID, and sets that up as the Default Yahoo! Profile ID, it will work, alone, for the SMTP login. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Wed Dec 21 07:37:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 10:40:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: Miss Betsy wrote: > But, in the end, it will be the consumer who will turn the tide > against spam. One person objecting with their pocketbook won't, > IMHO, do much. However, if there were someone like Ralph Nader to > get the ball rolling and publicize how sprint and others are not > doing anything to stop spam, something might happen. There is a > book about the Turning Point that might interest you. But, the politicians see the public whining and whining about spam -- just like they whine and whine about paid advertising like TV ads being excessive and about junk mail -- while they continue to patronize the wide spectrum of spam from fraudulent and immoral to mailsleaze canspam legal. So, those politicians buy into the DMA arguments that spam is 'just another' bulk advertising that is good for the economy in some way. The politicians don't see it the same way as the 'anti-s' antispammers who seem to have their own point of view, similar to environmentalists being considered treehuggers who interfere with some form of capitalism or another. So, the idea that the politicians are going to come up with some good law better than 'you can spam' is an anti-'s pipedream. I can't even imagine yet what that law would be. I can imagine some revisions in 'how things are done' and in some licensing that I've spouted off about -- but I don't think any of that is going to happen. In order to get a politician to do something, you have to serve hir up a written law that is politically achievable -- the DMA can do that and the anti-s can't. BTW, I haven't read Turning Point, first published in 1982, but the tons of reviews available sound excellent, and I'll either get a copy from my library or buy a used one -- paperbacks or hardcover are currently very cheap -- about $2-4 not counting postage. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Wed Dec 21 09:37:58 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Dec 21 10:40:14 2005 Subject: [SpamCop-List] Re: Do You Yahoo? References: Message-ID: In article , jg writes: > http://www.spamcop.net/sc?id=z844711907z2b046c27829f002fb04c79cced71dc62z I am not going to view material at that URL since you have offered no reason why I should. But in answer to the question, after a year of spam from the same source, even though it has now stopped, I do not participate in any "Yahoo Groups". But I will use maps.yahoo.com, since Google requires some of cookies/javascript, etc. From jg at coks.net Wed Dec 21 08:23:29 2005 From: jg at coks.net (jg) Date: Wed Dec 21 11:25:03 2005 Subject: [SpamCop-List] Re: Do You Yahoo? In-Reply-To: References: Message-ID: On 12/21/2005 4:58 AM Norman Miller scribbled: > > If Yahoo! doesn't want to accept SpamCop reports, feel free to complain to > them directly on your own dime. I do that all of the time, when SC either > can't, or won't forward notifies. > Actually, I was fighting with my own ISP over spam and in a bad mood. I'm getting more and more spam with 10-15 yahoo contacts listed, but its probably not so new to a lot of you folks - sorry for any confusion caused. From kenbrody at spamcop.net Wed Dec 21 11:59:28 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Wed Dec 21 12:05:03 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: Message-ID: <43A989F0.134B2AF7@spamcop.net> Steven Maesslein wrote: > > On Mon, 19 Dec 2005 10:17:11 -0000, Porpoise coughed into spamcop and > left this in : > > > Oh dear! Seems 1&1 are having major problems with their mailservers. > > Pumping out a little too much spam for them to handle, maybe? :) Are these the same people who put multi-page ads in PC Magazine for their domain/webhost/email services? I take it they're black hat? -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From jeffg at spamcop.net Wed Dec 21 13:32:13 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 21 13:35:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: "Patto" wrote in message news:do8dh5$2n9$1@news.spamcop.net... > You can always check the profile if the account is active: > http://de.profiles.yahoo.com/dfccbv_van That's fine if you understand the German Language and/or you want to see Yahoo!'s ads for German audiences (substitute your own ccTLD but not us). If, however, you prefer English, the link would be http://profiles.yahoo.com/dfccbv_van . I have three web-based Yahoo! accounts (no relationship to any SBC Yahoo! DSL account) for which such a link works, even though I have never authorized publication of profile information and two have email accounts at yahoo.com and one has an email account at yahoo.co.uk (the last established for SMTP purposes but not really used because Yahoo! stamps the bottom of any email message sent through them with advertising). If the account accountid is with yahoo.com, the bit at the bottom of http://profiles.yahoo.com/accountid will state "For quick access to this page, bookmark http://profiles.yahoo.com/accountid", whereas if the account is with yahoo.ccTLD, the bit at the bottom of http://profiles.yahoo.com/accountid will state "For quick access to this page, bookmark http://ccTLD.profiles.yahoo.com/accountid". Please note that for some ccTLDs, responses are still in English, and for other ccTLDs, ccTLD.profiles.yahoo.com doesn't exist. Also please note that for those in the UK, you can get your ads with prices in Pounds at http://uk.profiles.yahoo.com/accountid . And yes, "accountid" does appear to be a valid Yahoo! account at yahoo.com, but I have no relationship with it, it just satisfied my search for a generic term. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jzeitlin at spamcop.net Wed Dec 21 13:36:53 2005 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Wed Dec 21 13:40:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: On Tue, 20 Dec 2005 21:38:52 -0500, "spamacyde" wrote: >"Alex Gitlin" wrote in message >news:dnb24h$6e1$1@news.spamcop.net... >> A lot of spam comes from China. What are the statistics like - are those >> spam reports we submit actually useful, are they paying off? (Or do the >> Chinese sysadmins simply ignore them?) So far I'm not seeing much >> improvement on the amount of spam coming in, but I've only been on Spamcop >> for a couple of weeks. >> Alex. >www.insultmonger.com is useful for constructing a reply to Chinese spam. >Now the question is, for addresses ending in .cn / for mainland China, do I >want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question >with a completely straight face. Mandarin; it's the official common Chinese language. But the written language is the same for all of the dialects, anyway. -- E?nw? (SpamCop subscriber, not staff/admin) From caroljean52 at yahoo.com Wed Dec 21 11:11:56 2005 From: caroljean52 at yahoo.com (caroljean52) Date: Wed Dec 21 14:15:04 2005 Subject: [SpamCop-List] [media] "FTC says federal spam law has worked" Message-ID: Just the headline had me laughing. Guess it depends on what your definition of "worked" is! Carol Seattle USA From MikeE at ster.invalid Wed Dec 21 11:55:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 15:00:02 2005 Subject: [SpamCop-List] Re: [media] "FTC says federal spam law has worked" References: Message-ID: caroljean52 wrote: > Just the headline had me laughing. Guess it depends on what your > definition of "worked" is! That's the problem with 'thinking' [ie assuming] that a headline that we see actually accurately expresses the content and the meaning of an article, which you would think it /should/ do, or at least 'sorta'. The article in question is here: http://news.com.com/FTC+says+federal+spam+law+has+worked/2100-1028_3-6003071.html That article is mostly a reporter telling you what something else said. The link also has one of those neat interactively dynamic graphics that CNET makes that they call The Big Picture. The something else that said is a press release based on this publication http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf and which was delivered to congress previously. Personally, my position is that if a reporter is getting ready to tell me what something said or what something means, I prefer to read the original 'raw' material first. Then I can better appreciate what the reporter understood correctly, and what the reporter didn't understand correctly, what kind of spin the original material was trying to put on something and then what kind of spin is being put by the person or publication which is so kindly 'explaining' the meaning of things to me so that I will understand it 'correctly'. There are all kinds of scientific articles in which the interpretation by the media doesn't even get close to what the article said, and also that the original scientists can't be 'trusted' or assumed to be able to properly perform the presentation of the raw scientific data they acquired and which the reporter doesn't have the scientific comprehension to understand what was wrong with the scientific article in the first place, much less be in a position to explain what it didn't actually say to someone else. In this case, the original .pdf is 116 pages, so encapsulating it in a few words isn't really appropriate -- and the CNN article doesn't really say what the headline for the article and the subject of this thread sez. So, if we were going to discuss it here, the first thing 'we' the discussants would have to do would be to read both articles and discuss what the articles say, not what the article title sez. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Dec 21 21:20:23 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 21 15:25:04 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: <43A989F0.134B2AF7@spamcop.net> Message-ID: On Wed, 21 Dec 2005 11:59:28 -0500, Kenneth Brody coughed into spamcop and left this in <43A989F0.134B2AF7@spamcop.net>: >> > Oh dear! Seems 1&1 are having major problems with their mailservers. >> >> Pumping out a little too much spam for them to handle, maybe? :) > > Are these the same people who put multi-page ads in PC Magazine for > their domain/webhost/email services? > > I take it they're black hat? Ya think? :) They're Germany's answer to MCI or completel. -- Steve Light travels faster than sound. That is why some people appear bright until you hear them speak. From jeffg at spamcop.net Wed Dec 21 16:30:51 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 21 16:35:05 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: "Steven Maesslein" wrote in message news:slrndqie32.43h.nobody@127.0.0.1... > On Tue, 20 Dec 2005 08:45:01 -0800, Mike Easter coughed into spamcop and > left this in : > > > The US isn't even properly metricated, for chrissakes. > > Not only that but a US gallon is not the same thing as a gallon > elsewhere. > > As a child I was always taught that "a pint of pure water weighs a pound > and a quarter", ie: 20oz, and that a gallon was 8 pints. Here in the US (from growing up here), for liquid measure we commonly have the Gallon, or gal. (properly US Gallon). It is comprised of exactly 4 Quarts or qt. (properly US qt.), 8 Pints or pt. (properly US pt.), 32 Gills or gi. (properly US gi., not so common) and 128 Ounces or oz. (properly Fluid Ounces or fl. oz. or fl oz, by volume). Converting to metric, one fl. oz. is 29.57353 cc (cubic centimeters), so exactly 128 fl. oz. (exactly 1 US gal.) is 3785.412 cc, or 3.785412 l (liters). As far as weight/mass, exactly 1 cc or ml of pure water is exactly 1 g (gram) at STP, so 3785.412 of those (exactly 1 US gal.) should weigh 3785.412 g or 3.785412 kg. At 28.34952 g per oz. av. (Ounces Aviordupois or oz. avdp., by weight), that should be 133.5265 oz. av., or at exactly 16 oz. av. per lb (pound), that should be 8.345405 lbs. Using the m-w table below and its exact British imperial terminology, 20 fl. oz. is exactly 4 gi. and exactly 1 pt., so from Steven's perspective, his instructors would have been more correct to say "a pint of pure water is a pound and 4.045 ounces", because a British imperial pint is really 568.26 ml or cc weighing 568.26 g or 20.045 oz. av. or 1 pound 4.045 oz. av at STP. However, they were only low by 0.22%, or they may have been working at non-standard lower temperature (than exactly 72 Farenheit or 22 2/9 Celcius/Centigrade) or pressure (than exactly 1 atm or 14.69595 psi or 1.0332 kg per square cm), as their calculations would put the Specific Gravity of pure water in their lab at only 0.9978. I have come to the conclusion that the Specific Gravity at which 1 oz. av. = 1 fl. oz. is 0.95861, and that sour cream appears to have very close to that Specific Gravity. > Converting that over to metric, one gallon is approx. 4.5 litres. > However, a US gallon is nearer 3.5 litres. So what went wrong? A British imperial gallon is 4.546 liters, whereas a US gallon is 3.785412 liters. From your perspective, what went wrong is that you were confusing British imperial measure with US measure. From the British perspective, what went wrong is that the American Colonies got too big for their britches (or too uppity). From the American perspective, what went wrong is that the British were too heavy-handed with the Americans, applying taxation without allocating representation in Parliament. In any case, it appears that no British imperial units of mass or volume/capacity have exact equivalents to US units of mass or volume/capacity, except the cubic inch and its multiples, which are derived from their shared inch, which is now legally exactly 2.54 cm. References: http://www.m-w.com/mw/table/weight.htm and http://www.metrication.com/conversions/tables.htm (but many of the terms there are Imperial, not US) and http://www.chemie.fu-berlin.de/chemistry/general/units_en.html . -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Wed Dec 21 16:54:52 2005 From: jeffg at spamcop.net (Jeff G.) Date: Wed Dec 21 16:55:04 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8DA2F.A8C@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:43A8DA2F.A8C@xyzzy.claranet.de... > But there's also M: 2**20 = (2**10)**2 = 1024*1024 = 1048576 The International Electrotechnical Commission (IEC) has redefined 2^20 AKA 2**20 AKA (2**10)**2 as IEC International Standard mebi or Mi or megabinary - please see "IEC 60027-2, Second edition, 2000-11, Letter symbols to be used in electrical technology - Part 2: Telecommunications and electronics" or its citation at http://physics.nist.gov/cuu/Units/binary.html for details. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at nowhere.invalid Wed Dec 21 23:30:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Dec 21 17:35:02 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: On Wed, 21 Dec 2005 16:30:51 -0500, Jeff G. coughed into spamcop and left this in : > Here in the US (from growing up here), for liquid measure we commonly > have the Gallon, or gal. (properly US Gallon). It is comprised of > exactly 4 Quarts or qt. (properly US qt.), 8 Pints or pt. (properly US > pt.), 32 Gills or gi. (properly US gi., not so common) and 128 Ounces There's the difference. With your system, the pint is 16 floz. This side of the pond it's 20 floz. -- Steve If carrots are so good for the eyes, how come I see so many dead rabbits on the highway? From MikeE at ster.invalid Wed Dec 21 15:33:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Dec 21 18:35:02 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: Message-ID: Steven Maesslein wrote: > There's the difference. With your system, the pint is 16 floz. This > side of the pond it's 20 floz. >From a beer drinker's perspective, I like the idea of a 20 oz pint. -- Mike Easter kibitzer, not SC admin From exfenestrate at spammers.invalid Wed Dec 21 16:25:15 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 19:30:06 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: <8emymihzfdnj.dlg@grc-is-valid.aosake.net> On Wed, 21 Dec 2005 13:32:13 -0500, Jeff G. wrote: > That's fine if you understand the German Language and/or you want to see > Yahoo!'s ads for German audiences (substitute your own ccTLD but not > us). If, however, you prefer English, the link would be > http://profiles.yahoo.com/dfccbv_van . I have three web-based Yahoo! > accounts (no relationship to any SBC Yahoo! DSL account) for which such > a link works, even though I have never authorized publication of profile > information and two have email accounts at yahoo.com and one has an > email account at yahoo.co.uk (the last established for SMTP purposes but > not really used because Yahoo! stamps the bottom of any email message > sent through them with advertising). http://profiles.yahoo.com/weirdnessisfun; also http://uk.profiles.yahoo.com/weirdnessisfun; and http://jp.profiles.yahoo.com/weirdnessisfun The browser churns for many seconds; perhaps up to a minute, or more, then returns: | Sorry, the page you requested was not found. | | Additionally, a 404 Not Found error was encountered while trying to use | an ErrorDocument to handle the request. http://profiles.yahoo.co.jp/weirdnessisfun Takes you to the page; but your complaint about the German page is probably exacerbated by the need for a CJK font to properly display this page! -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Wed Dec 21 16:27:05 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 19:30:24 2005 Subject: [SpamCop-List] Re: Do You Yahoo? References: Message-ID: <1pqwnu9p598yw.dlg@grc-is-valid.aosake.net> On 21 Dec 2005 09:37:58 -0600, Larry Kilgallen wrote: > But I will use maps.yahoo.com, since Google > requires some of cookies/javascript, etc. And maps.yahoo.com does not? Odd; everything else Yahoo! requires both cookies, and JavaScript, in order to work properly; probably ActiveX in MS Internet Explorer, as well. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Wed Dec 21 19:49:29 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Dec 21 19:50:03 2005 Subject: [SpamCop-List] Re: [media] "FTC says federal spam law has worked" References: Message-ID: A large enough quantity of monkeys sitting before a large enough quantity of typewriters ... "caroljean52" wrote in message news:doc9du$aul$1@news.spamcop.net... : Just the headline had me laughing. Guess it depends on what your definition : of "worked" is! : : Carol : Seattle USA : : From nobody at devnull.spamcop.net Wed Dec 21 19:53:04 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Dec 21 19:55:03 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> <43A8E99E.73F1C243@spammerssuck.com> Message-ID: "Patto" wrote in message news:dob2ta$keo$1@news.spamcop.net... : Steve Holmes wrote: : > Patto wrote: : > : >> (snip) : >> "Chinese spammers" - here we go again. How come that all these Chinese : >> spammers have names like Ralsky, Richter, or Cunningham, and live in : >> Florida rather than Shanghai? You sound like an American; if there is : >> something bad, it must be foreign. : > : > And exactly how well do you know me? : > : > You sound like someone who believes if there's something bad, it must be : > American. Geez, can't we all get along? I expect many of the spammers working : > through Chinese ISPs are American, but the bottom line **for the purposes of : > my original question** is that the Chinese ISPs and the American company : > Sprint are tossing aside ethical considerations to bring this crap to me. : : I do not know you, and I did not mean my response to be a personal : attack on you. : : What I resent is that for years and years I see the same expressions : thrown around in this group "cut off China from the Internet and the : spam problem is solved"; "cut all of Asia off the Internet and there : will be no more spam." : : I receive about 1 spam from China in a month; most of the rest : originates in the U.S. of A. : : I know that your original question was reasonable; I just stopped : reading at the term "Chinese spammers". You should have stopped reading sooner; and not responded, either. From exfenestrate at spammers.invalid Wed Dec 21 17:04:57 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Wed Dec 21 20:05:02 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: On Tue, 20 Dec 2005 21:10:01 -0800, Mike Easter wrote: > Frank Ellermann wrote: >> Very interesting if Patto has it right, it would allow to >> verify yahoo addresses without actually sending mail, and >> that would be a major step forward in the WDPRS business. > It would be great if Patto were right, but I remain skeptical until I've > seen something 'real'. I have created several Yahoo! Mail accounts, and several SBC Yahoo! DSL Service sub accounts, which incorporate the features of Yahoo! Mail Plus accounts, and two Yahoo! IDs, which are Yahoo! accounts without the @yahoo.com email (you need to bring your own email address to the latter because they want to verify your accounts). Every single one of them results in a Yahoo! Profile ID. Some of the Yahoo! IDs are the @yahoo.com email address, some are @pacbell.net email addresses, and the two without @yahoo.com email addresses are just what would be the username part of an @yahoo.com email address. I have also set up some of Yahoo!'s "AddressGuard" disposable email addresses, which are in the yahoo.com domain. An email address in the yahoo.com domain may, or may not have an associate Yahoo! Profile. If it is a Yahoo! Mail email address it will have a Profile, but an AddressGuard email address will not have a Profile. A Yahoo! Profile may not have an @yahoo.com email address associated, if it is just a Yahoo! ID, or it may have an @isp.tld.invalid email address if it is one of the co-branded ISP Yahoo! services. http://profiles.yahoo.com/Yahoo_ID works, for any Yahoo! Profile created for a Yahoo! account, whether there is an associated email address, or not. http://profiles.yahoo.com/AddressGuard_Base_Name-ID does not work. Period. Examples: http://profiles.yahoo.com/tsudohnimu-unsub032 won't work. BTW, not even works. But is a working email address. For now; if it gets scarfed up by a spamming 'bot, I will kill it. WRT the "AddressGuard_Base_Name-ID", "tsudohnimu" is the "AddressGuard_Base_Name", and "-unsub032" is the "-ID". http://profiles.yahoo.com/hard2findanamenotused works, but doesn't work. --------------------------------------------------------------------------- For any @yahoo.com email address, which isn't an AddressGuard email address, the Yahoo! Profiles link will reveal whether the account is active, or not. For any @yahoo.com email address, which is an AddressGuard email address, the Yahoo! Profiles link will return an error. You will have to send an email and check for the bounce. For any @ISP-domain.invalid, such as @sbcglobal.net, where the ISP has a co-branding agreement with Yahoo!, the Yahoo! Profiles link will reveal whether the account is active, or not. For any Yahoo! ID, which is just the username part of an email address, the Yahoo! Profiles link will reveal whether the account is active, or not; but you won't know if there is a working @yahoo.com email address unless you attempt to send email, and checking for a bounce. For any Yahoo! email address which is based on a country domain outside of the U.S., the format of the link appears to be: http://profiles.yahoo.co.CC/Yahoo!_ID -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at xyzzy.claranet.de Thu Dec 22 03:14:08 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 21:15:11 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: <43AA0BF0.2F16@xyzzy.claranet.de> Mike Easter wrote: >> However, if there were someone like Ralph Nader [...] > those politicians buy into the DMA arguments that spam is > 'just another' bulk advertising that is good for the economy That's not about Nader, or is it ? After the EFF whining that users of a domain with SPF FAIL policy can't spam US senators as easily as before I'm ready for the worst, Bye, Frank From nobody at xyzzy.claranet.de Thu Dec 22 03:31:40 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 21:35:03 2005 Subject: [SpamCop-List] Re: spam is NOT 10 days old to me - got it this a.m. References: <43A8DA2F.A8C@xyzzy.claranet.de> Message-ID: <43AA100C.74F7@xyzzy.claranet.de> Jeff G. wrote: > http://physics.nist.gov/cuu/Units/binary.html for details. Sales person: That's our newest with two 128 GB hard disks and 2048 MB RAM. Customer: Is that GiB and MiB or GB and MB ? Thanks for the URL, bookmarked. Frank From nobody at xyzzy.claranet.de Thu Dec 22 03:51:49 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 21:55:02 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: Message-ID: <43AA14C5.7D05@xyzzy.claranet.de> Jeff G. wrote: > If, however, you prefer English, the link would be > http://profiles.yahoo.com/dfccbv_van So far for the http://DOM.profiles.yahoo.com/user theory :-( And I get a German page at your URL even without DE Maybe it's because my browser sends no "Accept-Language", and they then guess based on the IP. > for those in the UK, you can get your ads with prices in > Pounds at http://uk.profiles.yahoo.com/accountid Okay, so what you say is that the LHS of any Yahoo! address is the "accountid", and http://profiles.yahoo.com/accountid is an URL working for all active accountids, worldwide (?) That would be still good enough to verify Yahoo! addresses in whois data. -- Frank From nobody at xyzzy.claranet.de Thu Dec 22 04:01:19 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 22:05:02 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: <43AA16FF.1689@xyzzy.claranet.de> Norman Miller wrote: > Following your example of self replies. Credits to Mike, please... For WDPRS (whois data problem report system) the _invalid_ Yahoo! addresses are important - you can't complain about valid addresses in the whois data ;-) From nobody at xyzzy.claranet.de Thu Dec 22 04:18:49 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 22:20:03 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> Message-ID: <43AA1B19.333@xyzzy.claranet.de> Norman Miller wrote: > A Yahoo! Profile may not have an @yahoo.com email address > associated, if it is just a Yahoo! ID, or it may have an > @isp.tld.invalid email address if it is one of the co-branded > ISP Yahoo! services. No issue for verifying active Yahoo! addresses... > For any @yahoo.com email address, which isn't an AddressGuard > email address, the Yahoo! Profiles link will reveal whether > the account is active, or not. ...still working as desired... > For any @yahoo.com email address, which is an AddressGuard > email address, the Yahoo! Profiles link will return an error. > You will have to send an email and check for the bounce. ...but here it fails miserably. If "AddressGuard" is what I think it is, then it could make perfect sense to use this in whois data. Well, we tried. Back to the normal "try to send data" procedure, actually it's fun, my standard text: "Your domains $DOM-LIST are abused for spam, for some evidence see $TRACKER-LIST." All I want is a bounce for submissions to RFCI and WDPRS, not a debate with Leo about his humour (his names are often funny). -- Frank From nobody at xyzzy.claranet.de Thu Dec 22 04:24:06 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Dec 21 22:25:03 2005 Subject: [SpamCop-List] Re: 1&1 Mailservers Down References: <43A989F0.134B2AF7@spamcop.net> Message-ID: <43AA1C56.69CE@xyzzy.claranet.de> Kenneth Brody wrote: > I take it they're black hat? Not that I know. Above all they're not clueless. Bye, Frank From exfenestrate at spammers.invalid Wed Dec 21 22:31:58 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Thu Dec 22 01:35:03 2005 Subject: [SpamCop-List] Re: Dutch lottery spam References: <43AA14C5.7D05@xyzzy.claranet.de> Message-ID: <1iy5u7bm6iyy8$.dlg@grc-is-valid.aosake.net> On Thu, 22 Dec 2005 03:51:49 +0100, Frank Ellermann wrote: > That would be still good enough to verify Yahoo! addresses > in whois data. >From what I can determine, you would use http://profiles.yahoo.com/%Yahoo_ID% for any "@yahoo.com" email address; but you would use http://profiles.yahoo.co.CC for any "@yahoo.co.CC" email address. The exception would be a Yahoo! AddressGuard email address, because that email address has no associated Profile. FWIW, Yahoo! does not allow the creation of a Yahoo! account with a dash ("-") in the username, so any "@yahoo.com" email address with a dash ("-")in it is, automatically, an AddressGuard email address. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Wed Dec 21 22:38:43 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Thu Dec 22 01:40:02 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> <43A8E99E.73F1C243@spammerssuck.com> Message-ID: <162bfweki08i2$.dlg@grc-is-valid.aosake.net> On Wed, 21 Dec 2005 17:14:33 +0900, Patto wrote: > I receive about 1 spam from China in a month; most of the rest > originates in the U.S. of A. By "from", do you mean the actual source, or the traceable source. The majority of the traceable spam I get comes through Chinese and Korean hosts. They aren't the spammer, as far as the "Ultimate Source", but they are the computers trying to connect to my MX server; and cutting them off does reduce the spam flow. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From jeffg at spamcop.net Thu Dec 22 01:59:28 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 22 02:20:03 2005 Subject: [SpamCop-List] Re: Verifying yahoo addresses References: <43A8D60D.365A@xyzzy.claranet.de> <43AA16FF.1689@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:43AA16FF.1689@xyzzy.claranet.de... > Norman Miller wrote: > > > Following your example of self replies. > > Credits to Mike, please... For WDPRS (whois data problem > report system) the _invalid_ Yahoo! addresses are important - > you can't complain about valid addresses in the whois data ;-) Not to WDPRS or RFC-I, but you can to Yahoo! :) -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From bar_n0ne at hotmail.com Thu Dec 22 13:56:59 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Dec 22 05:00:33 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "Eönwë" wrote in message news:j48jq15f4ce8ioi0tcd83ne7estt6p3fov@4ax.com... SNIPPED > > Mandarin; it's the official common Chinese language. But the written > language is the same for all of the dialects, anyway. Actually languages, not dialects, the spoken phonetics and words are mostly completely and often entirely unrelated, as different as Basque and Italian sometimes, only the ideograms are the same. From MikeE at ster.invalid Thu Dec 22 06:09:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 22 09:10:13 2005 Subject: [SpamCop-List] Re: [media] "FTC says federal spam law has worked" References: Message-ID: Mike Easter wrote: > The article in question is here: > http://news.com.com/FTC+says+federal+spam+law+has+worked/2100-1028_3-6003071.html The article tells the story that there was an ftc report and something of what the report sed, and the article also points out that significant statements in the ftc report are patently 'false' - by which false I mean where you make a statement and back it up with documentation, but the 'statement' or fact doesn't tell the truth that it was meant to. > The something else that said is a press release based on this > publication http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf > and which was delivered to congress previously. This report is 118 pages if you include the 7 appendices, which are useful content. One little example of a 'statement' or factoid from the report, which the cnet article fleshed out a little bit was the story of how much spam has 'decreased' -- that is that "the number of spam messages is leveling off or even declining" The report documents some old stats from MX Logic which say spam went from 77% of the its mail analysis to 68%. But in reality the actual *number* of spams even according to mxlogic has /increased/ [that is, the percentage is lower but the number is more], and technical methods decreased the number getting to the inboxes, not the actual spamload to the provider. And the cnet article points out that Cloudmark reported a 62 percent *increase* in the number of spam messages in the past year, with a concomitant increased cost in the logistics for handling that problem. > So, if we were going to discuss it here, the first thing 'we' the > discussants would have to do would be to read both articles and > discuss what the articles say, not what the article title sez. One of the things which is quite striking when you begin to read the report about the effect of the canspam law as an 'anti-' -- is the realization that we anti-s are not on the same page with the FTC in very very many ways. The canspam act is a DMA act which legitimizes spam which is optout and compliant. We anti-s don't believe we should be opting out, so it seems kinda crazy that the spammers are being 'forced' to perform according to the FTCs optout rules which we anti- recipients aren't 'complying' with. There's something wrong with that picture. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Thu Dec 22 13:30:38 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 22 13:35:02 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: Ok, What dialect do they speak in Hong Kong? Thanks "spamacyde" wrote in message news:doaf7r$88f$1@news.spamcop.net... > > "Alex Gitlin" wrote in message > news:dnb24h$6e1$1@news.spamcop.net... > > A lot of spam comes from China. What are the statistics like - are those > > spam reports we submit actually useful, are they paying off? (Or do the > > Chinese sysadmins simply ignore them?) So far I'm not seeing much > > improvement on the amount of spam coming in, but I've only been on Spamcop > > for a couple of weeks. > > > > Alex. > > > > > > www.insultmonger.com is useful for constructing a reply to Chinese spam. > Now the question is, for addresses ending in .cn / for mainland China, do I > want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question > with a completely straight face. > > > From MikeE at ster.invalid Thu Dec 22 11:42:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 22 14:45:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: spamacyde wrote: > What dialect do they speak in Hong Kong? Wiki is your friend.... // Used in government matters, Cantonese is spoken by most of the local Chinese population at home and in the office, although English is also widely understood and spoken by more than one-third of the population. Since the Handover, a new group of immigrants from mainland China have increased the ethnic diversity of the Chinese population and enhanced the developement of Mandarin in the territory.// And here's an interesting little blurb from a different section of that article on HK // The majority of Hong Kong's population practices ancestor worship due to the strong Confucian influence. // Of course, before you accept all of that as fact, you might want to look around a little bit for some confirmation. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Dec 22 12:25:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 22 15:30:04 2005 Subject: [SpamCop-List] Re: [media] "FTC says federal spam law has worked" References: Message-ID: Mike Easter wrote: > One of the things which is quite striking when you begin to read the > report about the effect of the canspam law as an 'anti-' -- is the > realization that we anti-s are not on the same page with the FTC in > very very many ways. The ftc considers the spammers who are canspam compliant to be 'legitimate emarketers' and those who aren't to be the bad ol' spammers - like DMA-speak. When the DMA has the FTC using DMAspeak you know you are in trouble. Here are a couple of pars from one of the appendices of the ftc report to congress // The Commission sought data regarding the percentage of recipients that avail themselves of the right to opt out. Data from before the passage of the Act showed that the great majority of consumers simply deleted or ignored unsolicited email from an unknown sender.49 These data are borne out by some of those consulted for this Report, who expressed skepticism about recipients' willingness to use opt-out mechanisms, given the commonly-held belief that opting out merely signals to spammers that they have found a "live" address, and could therefore result in more spam.50 None of those interviewed were able to provide any evidence that this is, in fact, the case, but clearly the perception persists that opting out leads to more spam. This perception remains despite previous FTC research suggesting that opting out does not result in the receipt of increased amounts of spam,51 and the conclusion of experts that it is unlikely that tracking optout requests is an especially effective means for spammers to gather "live" addresses.52 One potentially troubling concern regarding the safety of opting out has come to light. Some reports in the media in late 2004 suggested that clicking on an opt-out link in an email may have even more dire consequences than receipt of more spam, such as the introduction of malware onto the computer of the individual opting out.53 The Commission has sought data regarding such opt-out exploits from those it consulted with in preparation of this Report, as well as from the experts retained in preparation of this Report. In the view of those experts, while there is a risk of harm when using a web-based opt out link, there is little evidence to suggest any pattern of such abuse.54 // Those are reference numbers in there. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Fri Dec 23 00:32:36 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 22 19:35:12 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: "spamacyde" wrote in message news:doerbu$p4k$1@news.spamcop.net... > Ok, > > What dialect do they speak in Hong Kong? > Cantonese is the most widely spoken but they also speak Mandarin, Shanghainese and other Chinese dialects are also spoken, as well as English of course. From 96q7vwa02 at sneakemail.com Thu Dec 22 15:28:07 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Thu Dec 22 19:35:34 2005 Subject: [SpamCop-List] Re: [media] "FTC says federal spam law has worked" References: Message-ID: "Mike Easter" wrote in message news:dof24g$t0q$1@news.spamcop.net... > Mike Easter wrote: > // The Commission sought data regarding the percentage of recipients > that avail themselves of the right to opt out. Data from before the > passage of the Act showed that the great majority of consumers simply > deleted or ignored unsolicited email from an unknown sender.49 These > data are borne out by some of those consulted for this Report, who > expressed skepticism about recipients' willingness to use opt-out > mechanisms, given the commonly-held belief that opting out merely > signals to spammers that they have found a "live" address, and could > therefore result in more spam.50 None of those interviewed were able to > provide any evidence that this is, in fact, the case, but clearly the > perception persists that opting out leads to more spam. This perception > remains despite previous FTC research suggesting that opting out does > not result in the receipt of increased amounts of spam,51 and the > conclusion of experts that it is unlikely that tracking optout requests > is an especially effective means for spammers to gather "live" > addresses.52 I can attest to the fact that Opt-out will get you spam. I tested it with a throw away sneakemail address expressly established for that purpose. I opted out using a spam email received at another address. It took 3 to 4 weeks before the spam started. So far it seems localized to the Meds site spammer that I opted out on. It gets 4 to 7 spams per day. In time I expect that address to be spread to other spammers. Fred k. From nobody at devnull.spamcop.net Thu Dec 22 22:22:13 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Dec 22 22:25:09 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: "Mike Easter" wrote in message news:dobsrd$39a$1@news.spamcop.net... > So, the idea that the politicians are going to come up with some good > law better than 'you can spam' is an anti-'s pipedream. I can't even > imagine yet what that law would be. I can imagine some revisions in > 'how things are done' and in some licensing that I've spouted off > about -- but I don't think any of that is going to happen. In order to > get a politician to do something, you have to serve hir up a written law > that is politically achievable -- the DMA can do that and the anti-s > can't. I should remember, but I can't be specific, but wasn't Ralph Nader's real success in 'raising consciousness' or IOW educating consumers on what was going on and how to register opinion? There may have been laws that resulted, but most of what he did was to get people aware that consumers /do/ have a voice. IMHO, laws are useless while pure consumer choice would conquer spam. Miss Betsy From AHaumer_gmxnet at nopspam.invalid Fri Dec 23 06:36:19 2005 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Fri Dec 23 00:40:07 2005 Subject: [SpamCop-List] Spamcop down? Message-ID: <43AB8CD3.AB5CE8EE@nopspam.invalid> Sumbission by email works, I get answers, but the website seems to be completely down? Does anybody know what's going on? Toni From nobody at devnull.spamcop.net Fri Dec 23 00:56:06 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Fri Dec 23 01:00:04 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <43AB8CD3.AB5CE8EE@nopspam.invalid> Message-ID: "Anton Haumer" wrote in message > Sumbission by email works, I get answers, > but the website seems to be completely down? > Does anybody know what's going on? Site seems to be working fine from here at 12:54AM EST in USA. -g From AHaumer_gmxnet at nopspam.invalid Fri Dec 23 07:36:45 2005 From: AHaumer_gmxnet at nopspam.invalid (Anton Haumer) Date: Fri Dec 23 01:40:03 2005 Subject: [SpamCop-List] Re: Spamcop down? References: <43AB8CD3.AB5CE8EE@nopspam.invalid> Message-ID: <43AB9AFD.E37A792A@nopspam.invalid> Glenn Daniels schrieb: > > "Anton Haumer" wrote in message > > Sumbission by email works, I get answers, > > but the website seems to be completely down? > > Does anybody know what's going on? > > Site seems to be working fine from here at 12:54AM EST in USA. > > -g Not it works fine (and quick) here (Europe), too. Toni From bill_beyer at excite.cXoYmZ Thu Dec 22 23:06:22 2005 From: bill_beyer at excite.cXoYmZ (Bill Beyer) Date: Fri Dec 23 02:05:06 2005 Subject: [SpamCop-List] Re: Boycotting Spam Allies? References: <43A88A4F.4CF933A4@spammerssuck.com> Message-ID: "Miss Betsy" wrote in message news:dofqed$a0e$1@news.spamcop.net... > > I should remember, but I can't be specific, but wasn't Ralph > Nader's real success in 'raising consciousness' or IOW educating > consumers on what was going on and how to register opinion? There > may have been laws that resulted, but most of what he did was to > get people aware that consumers /do/ have a voice. > > IMHO, laws are useless while pure consumer choice would conquer > spam. > > Miss Betsy If by raising consciousness you mean using junk science, manipulating statistics and creating mountains out of molehills then yes, that's what ol' Ralphie boy did to make a name for himself. From l18hyuk02 at sneakemail.com Fri Dec 23 09:52:23 2005 From: l18hyuk02 at sneakemail.com (Roman) Date: Fri Dec 23 03:55:03 2005 Subject: [SpamCop-List] Funny subject Message-ID: Maybe a retiring spammer ? "Wanna hold a brick on your dick? Try our Soft Cialis Tabs. (Warning: don't try it). " Merry Christmas and Happy Holidays to everyone Roman From bar_n0ne at hotmail.com Fri Dec 23 13:07:56 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Dec 23 04:10:03 2005 Subject: [SpamCop-List] fsck'in st0ck spammers Message-ID: Latest "trick": sending spam with lots of medium to large and occasionally well known names in the subject line, and in the body, a link to some article in biz.yahoo, or bloomberg etc. so the payload for whatever (probably a penny stock) is supplied by one of the various news outlets, Basically those are innocents, sample: subject: Brokers-Call, Share Builder, Boise Cascade Corporation, Borders Group, Marathon Oil Corporation link: (almost the entire body) http://quote.bloomberg.com/apps/news?pid=conewssto.....(incomplete) The usual bogosity in headers 3 so far today, 2 using bloomberg, another biz.yahoo... I have not pursued the links, I'm not interested, but I doubt these asswipes are promoting the companies in the subject lines. you'd have to own enough stock to be reqwured to report every transaction to the sec to move them anywhere. Also the turdlets are not even pretending to be can spam compliant. Almost makes me wonder if a lot of the spam I get is purely sent to annoy me. From jg at coks.net Fri Dec 23 08:29:46 2005 From: jg at coks.net (jg) Date: Fri Dec 23 11:30:04 2005 Subject: [SpamCop-List] Re: fsck'in st0ck spammers In-Reply-To: References: Message-ID: On 12/23/2005 1:07 AM Berny scribbled: > Almost makes me wonder if a lot of the spam I get is purely sent to annoy > me. > > > Sheesh, all the time I've been thinking it was /me/ they were trying to annoy. From bar_n0ne at hotmail.com Fri Dec 23 20:57:47 2005 From: bar_n0ne at hotmail.com (Berny) Date: Fri Dec 23 12:00:03 2005 Subject: [SpamCop-List] Re: fsck'in st0ck spammers References: Message-ID: "jg" wrote in message news:doh8hg$2iq$1@news.spamcop.net... > On 12/23/2005 1:07 AM Berny scribbled: > > Almost makes me wonder if a lot of the spam I get is purely sent to annoy > > me. > > > > > > > Sheesh, all the time I've been thinking it was /me/ they were trying to > annoy. Paranaoia strikes deep, into your heart it will creep...* *Buffalo Springfield, Stills I think. From jg at coks.net Fri Dec 23 09:14:49 2005 From: jg at coks.net (jg) Date: Fri Dec 23 12:15:02 2005 Subject: [SpamCop-List] cumcor spam... Message-ID: http://www.spamcop.net/sc?id=z845935753z15a0b2291b74fc6159a30af9f356116ez Seems thr russkis spamvert ain't getting enough responses to the lame bouncing link routine, i.e., kkkkhu.com to kjkjjh.com to ad nausium.com, so they're trying to put them all into a single spam? Of the 50-60 spam I get every day, 50-90% carry comcor.ru hosted spamverts/payloads/, almost exclusively meds. I know I'm not alone in this - who is this guy? From jg at coks.net Fri Dec 23 09:33:51 2005 From: jg at coks.net (jg) Date: Fri Dec 23 12:35:03 2005 Subject: [SpamCop-List] Re: fsck'in st0ck spammers In-Reply-To: References: Message-ID: On 12/23/2005 8:57 AM Berny scribbled: > "jg" wrote in message news:doh8hg$2iq$1@news.spamcop.net... > >>On 12/23/2005 1:07 AM Berny scribbled: >> >>>Almost makes me wonder if a lot of the spam I get is purely sent to > > annoy > >>>me. >>> >>> >>> >> >>Sheesh, all the time I've been thinking it was /me/ they were trying to >>annoy. > > > Paranaoia strikes deep, > into your heart it will creep...* > > *Buffalo Springfield, Stills I think. > > You are correct, OT, and over 30... merry xmas... From 96q7vwa02 at sneakemail.com Fri Dec 23 08:34:49 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Fri Dec 23 12:45:02 2005 Subject: [SpamCop-List] Yahoo does care Message-ID: It had been awhile since I submitted a LART to abuse at yahoo. So I sent them a Lottery Scam as an attachment complaining about TOS, because the contact addy was at Yahoo. The addy was valid because I got a reply to my sneakemail addy from the perp. I REAL person at Yahoo sent me an email to please resubmit So I did. Fred k. From mike at okean.invalid Fri Dec 23 11:22:59 2005 From: mike at okean.invalid (Michael Wise) Date: Fri Dec 23 14:25:03 2005 Subject: [SpamCop-List] Re: Spam from China References: Message-ID: In article , "spamacyde" wrote: > > A lot of spam comes from China. What are the statistics like - are those > > spam reports we submit actually useful, are they paying off? (Or do the > > Chinese sysadmins simply ignore them?) So far I'm not seeing much > > improvement on the amount of spam coming in, but I've only been on Spamcop > > for a couple of weeks. > > > > Alex. > > > > > > www.insultmonger.com is useful for constructing a reply to Chinese spam. > Now the question is, for addresses ending in .cn / for mainland China, do I > want to use Cantonese, Hakka, Hokkien or Manderine. I ask this question > with a completely straight face. The written language is the same between all of them. It's the spoken language which is different. --Mike From nobody at nowhere.invalid Sat Dec 24 11:14:41 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Dec 24 05:15:14 2005 Subject: [SpamCop-List] Re: cumcor spam... References: Message-ID: On Fri, 23 Dec 2005 09:14:49 -0800, jg coughed into spamcop and left this in : > I know I'm not alone in this - who is this guy? Probably Leo Kuvayev. http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Leo%20Kuvayev%20/%20BadCow -- Steve If a listener nods his head when you're explaining your program, wake him up. From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 24 12:11:12 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 24 07:15:05 2005 Subject: [SpamCop-List] Re: Question regarding "\x[hexnumber]" code. References: Message-ID: "Antispam Knight" wrote in news:dnc8ma$s62$1@news.spamcop.net: > All of the whois data is with > BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN. Almost all > of the data is bogus, and has been reported. I have yet to see the > registrar nuke any of the literally hundreds I have reported, and a > complaint has been filed with ICANN, for all the good it'll do. > Hope this data helps someone. > AK > > Yup, everything I get in these spams all lead to to scamsites in China. Figures. Thanks to Antispam Knight, Ant, Mr. Bolt, and Mr. Hyde for the assist. And thanks for adding to my arsenal. Now all I need to do is wait for that SOB to send me another Geocities link with that encraption. From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 24 12:18:06 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 24 07:20:04 2005 Subject: [SpamCop-List] Re: Yahoo does care References: Message-ID: "Fred K." <96q7vwa02@sneakemail.com> wrote in news:dohct7$4ss$1@news.spamcop.net: > It had been awhile since I submitted a LART to abuse at yahoo. So I > sent them a Lottery > Scam as an attachment complaining about TOS, because the contact addy > was at Yahoo. > The addy was valid because I got a reply to my sneakemail addy from > the perp. > I REAL person at Yahoo sent me an email to please resubmit So I did. > > Fred k. > > > Umm.. I think ti was more of the bot saying it couldn't really read your attachment and asked to resubmission of it. I received a bazillion such responses.. all boilerplates. When they do whack a luser spammer, they do and send a response back. But as of recent, a bunch of my LARTs received acknowledgement of it being received.. but not much else. (Plus there is the issue where the bot is having trouble forwarding reports to their UK division..) From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 24 12:31:39 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 24 07:35:04 2005 Subject: [SpamCop-List] Re: cumcor spam... References: Message-ID: jg wrote in news:dohb5v$41d$1@news.spamcop.net: > http://www.spamcop.net/sc? id=z845935753z15a0b2291b74fc6159a30af9f356116ez > > Seems thr russkis spamvert ain't getting enough responses to the lame > bouncing link routine, i.e., kkkkhu.com to kjkjjh.com to ad > nausium.com, so they're trying to put them all into a single spam? > Of the 50-60 spam I get every day, 50-90% carry comcor.ru hosted > spamverts/payloads/, almost exclusively meds. > I know I'm not alone in this - who is this guy? > > Got the same garbage today and tried to hide behind Geocities redirects. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL11047 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL28550 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35314 http://spews.org/html/S2188.html Comcor is nothing more than a spammer septic tank. Treat it as such. From jg at coks.net Sat Dec 24 09:02:46 2005 From: jg at coks.net (jg) Date: Sat Dec 24 12:05:03 2005 Subject: [SpamCop-List] Re: cumcor spam... In-Reply-To: References: Message-ID: On 12/24/2005 4:31 AM Redstone scribbled: > Got the same garbage today and tried to hide behind Geocities redirects. > > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL11047 > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL28550 > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35314 > http://spews.org/html/S2188.html > > Comcor is nothing more than a spammer septic tank. Treat it as such. > > > Thanks, I figured that much.. From edb2000 at spamcop.net Sat Dec 24 10:27:06 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Dec 24 13:30:04 2005 Subject: [SpamCop-List] Re: Spamcop down? In-Reply-To: <43AB9AFD.E37A792A@nopspam.invalid> References: <43AB8CD3.AB5CE8EE@nopspam.invalid> <43AB9AFD.E37A792A@nopspam.invalid> Message-ID: Anton Haumer wrote: > Glenn Daniels schrieb: > >>"Anton Haumer" wrote in message >> >>>Sumbission by email works, I get answers, >>>but the website seems to be completely down? >>>Does anybody know what's going on? >> >>Site seems to be working fine from here at 12:54AM EST in USA. >> >>-g > > > Not it works fine (and quick) here (Europe), too. > > Toni From Northern California, www.spamcop.net is pingable but the web server does not respond to my web browser. SC webmail (webmail.spamcop.net) is working fine. When I telnet to www.spamcop.net, I get a response from an Akamai server: HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 187 Expires: Sat, 24 Dec 2005 18:24:39 GMT Date: Sat, 24 Dec 2005 18:24:39 GMT Connection: close So maybe there's a hiccup in Akamai land that is causing SC to drop out in some parts of the net and work fine in others. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Mon Dec 26 12:15:06 2005 From: nobody at devnull.spamcop.net (Patto) Date: Sun Dec 25 22:20:04 2005 Subject: [SpamCop-List] Re: Yahoo does care In-Reply-To: References: Message-ID: Redstone wrote: > "Fred K." <96q7vwa02@sneakemail.com> wrote in > news:dohct7$4ss$1@news.spamcop.net: > >> It had been awhile since I submitted a LART to abuse at yahoo. So I >> sent them a Lottery >> Scam as an attachment complaining about TOS, because the contact addy >> was at Yahoo. >> The addy was valid because I got a reply to my sneakemail addy from >> the perp. >> I REAL person at Yahoo sent me an email to please resubmit So I did. >> >> Fred k. >> >> >> > > > Umm.. I think ti was more of the bot saying it couldn't really read your > attachment and asked to resubmission of it. > > I received a bazillion such responses.. all boilerplates. When they do > whack a luser spammer, they do and send a response back. But as of > recent, a bunch of my LARTs received acknowledgement of it being > received.. but not much else. (Plus there is the issue where the bot is > having trouble forwarding reports to their UK division..) Actually in my experience the UK division reacts very quickly. When I sent them a report last week about a Yahoo UK address in a 419 scam, it took them just a few hours to cancel the account. From 96q7vwa02 at sneakemail.com Mon Dec 26 09:42:38 2005 From: 96q7vwa02 at sneakemail.com (Fred K.) Date: Mon Dec 26 13:45:05 2005 Subject: [SpamCop-List] Re: Yahoo does care References: Message-ID: "Patto" wrote in message news:donn7r$equ$1@news.spamcop.net... > Actually in my experience the UK division reacts very quickly. When I sent > them a report last week about a Yahoo UK address in a 419 scam, it took > them just a few hours to cancel the account. AExactly my experience. abuse at yahoo.com also reacts quickly if you make sure you are reporting the use of a yahoo contact address in the body for the 419/lottery scams. Fred k. From g.hyde at bigpond.net.au Tue Dec 27 09:31:47 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Mon Dec 26 18:35:13 2005 Subject: [SpamCop-List] Xmas holidays are over - as far as spammers are concerned! Message-ID: http://www.spamcop.net/sc?id=z847341158z629eafdb7b46d56de70ffc72f739e505z Looks like some spammers never learn. And want Xmas gifts to boot - don't give em any, Santa! -- Cheers ... Geoffrey Hyde From verdy_p at wanadoo.fr Tue Dec 27 00:51:20 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Mon Dec 26 18:55:02 2005 Subject: [SpamCop-List] THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? Message-ID: Tracking URL: http://www.spamcop.net/sc?id=z847344570z70746c60e7171004fc80b6d4e736aa7fz Since Christmas, I have started receiving LOTS of copies of this spam coming from everywhere. SpamCop seems to behave differently now: before,itdidnot detect any link in the spam, now it says: "Too many links." And it does not report the spamvertized hosts, which are apparently all resolved through DNS to dynamic IP: http://www.ontarioconstructionreport.com Host www.ontarioconstructionreport.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) http://www.triangleconstructionnews.com Host www.triangleconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.hurricanereconstructionnews.com Host www.hurricanereconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.louisianaconstructionnews.com Host www.louisianaconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://construction-reportcom/corporate/list_employment.asp host construction-reportcom (getting name) no name construction-reportcom is not a hostname http://www.gtaconstructionreport.com Host www.gtaconstructionreport.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) http://www.neworleansconstructionnews.com Host www.neworleansconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.atlantaconstructionnews.com Host www.atlantaconstructionnews.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) http://www.maineconstructionnews.com Host www.maineconstructionnews.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) http://www.batonrougeconstructionnews.com Host www.batonrougeconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://construction-reportcom/corporate/subscribe.html host construction-reportcom (getting name) no name construction-reportcom is not a hostname http://www.ottawaconstructionnews.com Host www.ottawaconstructionnews.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) http://www.baltimoreconstructionnews.com Host www.baltimoreconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.charlotteconstructionnews.com Host www.charlotteconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.washingtonconstructionnews.com Host www.washingtonconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.gulfcoastconstructionnews.com Host www.gulfcoastconstructionnews.com (checking ip) = 68.178.175.17 host 68.178.175.17 = ip-68-178-175-17.ip.secureserver.net (cached) http://www.construction-report.com Host www.construction-report.com (checking ip) = 64.26.129.91 host 64.26.129.91 = www.construction-report.com (cached) Apparently a viral worm is using the christmas period to activate its nefast behavior to send its spew in mass, undetected by users that have left their PC active for holidays. The problem: I get about 2 or 3 copies per minute, and it is still notdetected by my antispamfilter, so it fills megabytes in my mailbox. I came back this evening from 2-day holiday, and saw one of my mailbox filled by several THOUSANDS copies of this spam, starting at the christmas eve. From MikeE at ster.invalid Mon Dec 26 16:51:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Dec 26 19:55:02 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: Philippe Verdy wrote: > Tracking URL: www.spamcop.net/sc?id=z847344570z70746c60e7171004fc80b6d4e736aa7fz > The problem: > I get about 2 or 3 copies per minute, and it is still notdetected by > my antispamfilter, so it fills megabytes in my mailbox. I came back > this evening from 2-day holiday, and saw one of my mailbox filled by > several THOUSANDS copies of this spam, starting at the christmas eve. My provider's spamfilter has options which include my being able to blacklist a From address or domainname and that puts those items into a Spam folder for autodeletion [if so configured] and/or in any case the spamfolder contents don't count against my mailbox size limitations. It appears that these all have a Construction-Report.Com From or rather construction-report.com Otherwise you have to enlist the aid of your mail provider to prevent mailbox full problems. -- Mike Easter kibitzer, not SC admin From not at home.today Tue Dec 27 02:22:25 2005 From: not at home.today (Ant) Date: Mon Dec 26 21:25:03 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: "Philippe Verdy" wrote: > Tracking URL: > http://www.spamcop.net/sc?id=z847344570z70746c60e7171004fc80b6d4e736aa7fz > > Since Christmas, I have started receiving LOTS of copies of this spam coming > from everywhere. > SpamCop seems to behave differently now: before,itdidnot detect any link in > the spam, now it says: > > "Too many links." > > And it does not report the spamvertized hosts, which are apparently all > resolved through DNS to dynamic IP: [snip] Thread in NANAE "construction-report.com, et. al..." talks about a Joe Job. From nobody at spamcop.net Mon Dec 26 23:53:42 2005 From: nobody at spamcop.net (RandallW) Date: Tue Dec 27 02:55:06 2005 Subject: [SpamCop-List] Re: Xmas holidays are over - as far as spammers are concerned! References: Message-ID: "Geoffrey Hyde" wrote in message news:dopugv$jql$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z847341158z629eafdb7b46d56de70ffc72f739e505z > "Your Paypal account has been violated!" What a horrid filthy crime. From nobody at spamcop.net Tue Dec 27 08:26:04 2005 From: nobody at spamcop.net (Ellen) Date: Tue Dec 27 08:30:19 2005 Subject: [SpamCop-List] System is down Message-ID: Hi -- we have encountered a system problem and the system is down. I have paged operations. I do not have an ETA as to when the system will be back up again. We appreciate your patience. -- Ellen SpamCop From nobody at spamcop.net Tue Dec 27 07:27:34 2005 From: nobody at spamcop.net (John Anderson) Date: Tue Dec 27 08:30:34 2005 Subject: [SpamCop-List] Spamcop down? Message-ID: I cannot get in to the reporting website. My password is not being accepted. Usually that means that the system is down. John Anderson From nobody at spamcop.net Tue Dec 27 07:32:45 2005 From: nobody at spamcop.net (John Anderson) Date: Tue Dec 27 08:35:03 2005 Subject: [SpamCop-List] Re: System is down References: Message-ID: "Ellen" wrote in message news:dorfeg$cca$1@news.spamcop.net... > Hi -- we have encountered a system problem and the system is down. I have > paged operations. I do not have an ETA as to when the system will be back > up > again. We appreciate your patience. > > -- > > Ellen > SpamCop > > > Ok, just was wondering if that was the case. Thank You John Anderson From nobody at nowhere.invalid Tue Dec 27 14:37:20 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 27 08:40:03 2005 Subject: [SpamCop-List] Re: Xmas holidays are over - as far as spammers are concerned! References: Message-ID: On Mon, 26 Dec 2005 23:53:42 -0800, RandallW coughed into spamcop and left this in : > "Your Paypal account has been violated!" > > What a horrid filthy crime. Especially as I don't even have a friggin' PayPal account... -- Steve Okay, so what is the speed of dark? From nobody at nowhere.invalid Tue Dec 27 14:52:51 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 27 08:55:03 2005 Subject: [SpamCop-List] Re: System is down References: Message-ID: On Tue, 27 Dec 2005 08:26:04 -0500, Ellen coughed into spamcop and left this in : > Hi -- we have encountered a system problem and the system is down. I have > paged operations. I do not have an ETA as to when the system will be back up > again. We appreciate your patience. FWIW this only seems to be affecting the reporting side of SC - mail appears to be working fine. -- Steve Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. From nobody at spamcop.net Tue Dec 27 08:56:31 2005 From: nobody at spamcop.net (Ellen) Date: Tue Dec 27 09:00:03 2005 Subject: [SpamCop-List] Re: System is down References: Message-ID: "Steven Maesslein" wrote in message news:slrndr2hpj.556.nobody@127.0.0.1... > On Tue, 27 Dec 2005 08:26:04 -0500, Ellen coughed into spamcop and left > this in : > > > Hi -- we have encountered a system problem and the system is down. I have > > paged operations. I do not have an ETA as to when the system will be back up > > again. We appreciate your patience. > > FWIW this only seems to be affecting the reporting side of SC - mail > appears to be working fine. > Right -- I should have mentioned that in my post - this affects the reporting system only. Operations is working on the problem so we should be back up soon. Ellen SpamCop From nobody at spamcop.net Tue Dec 27 09:14:49 2005 From: nobody at spamcop.net (Ellen) Date: Tue Dec 27 09:20:07 2005 Subject: [SpamCop-List] System is back up was: Re: System is down References: Message-ID: Things should be back to normal now. Let me know if you see any problems. And as always, thanks for your patience. Ellen SpamCop From gezgin at spamcop.net Tue Dec 27 16:18:34 2005 From: gezgin at spamcop.net (gezgin) Date: Tue Dec 27 09:20:23 2005 Subject: [SpamCop-List] Re: System is down References: Message-ID: "Ellen" wrote > reporting system only. Operations is working on the problem so we should > be > back up soon. It is now. -- Bob http://www.kanyak.com From newspost at deletethispart.hypercreations.com Tue Dec 27 15:52:37 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Tue Dec 27 10:55:03 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: "Ellen" wrote in news:dori9l$e69$1@news.spamcop.net: > Things should be back to normal now. Let me know if you see any problems. > And as always, thanks for your patience. > No, not "normal" when I logged into all the various services about 20 minutes ago. This was well after the "restoration" of services. What I saw, from ALL of the various systems (mail.spamcop.net, forums, etc.) looked very much like a system under an extreme DOS attack, in that I could connect, but only a trickle of data was coming to me. I started to post something on the forums about it, and then all the systems suddenly and simultaneously sprang back to full speed. So, there were additional, serious issues long after your "all clear" posts, Ellen. DT From newspost at deletethispart.hypercreations.com Tue Dec 27 16:14:54 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Tue Dec 27 11:15:03 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: Clarification: by "all," I meant "all but the reporting system." I think that all of the systems in Georgia were barely reachable...it looks like there were connectivity problems on JT's end. DT From nobody at nowhere.invalid Tue Dec 27 17:42:02 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 27 11:45:02 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: On Tue, 27 Dec 2005 09:14:49 -0500, Ellen coughed into spamcop and left this in : > Things should be back to normal now. Let me know if you see any > problems. And as always, thanks for your patience. The reporting system appears to be up but the IMAP server is down now :( -- Steve Tomorrow is cancelled due to lack of interest. From newspost at deletethispart.hypercreations.com Tue Dec 27 16:57:07 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Tue Dec 27 12:00:03 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: > ...it looks like > there were connectivity problems on JT's end. and now (9:56am, MST) the mail server is timing out (people other than me are reporting it in the forums) :-( DT From nobody at nowhere.invalid Tue Dec 27 18:11:17 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Dec 27 12:15:03 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: On Tue, 27 Dec 2005 17:42:02 +0100, Steven Maesslein coughed into spamcop and left this in : > The reporting system appears to be up but the IMAP server is down now :( Looks back up again. I can go flatten some more spammer nads now :) -- Steve The First Commandment for Technicians: Beware the lightening that lurketh in the undischarged capacitor, lest it cause thee to bounce upon thy buttocks in a most untechnician-like manner. From nobody at spamcop.net Tue Dec 27 11:54:36 2005 From: nobody at spamcop.net (Ellen) Date: Tue Dec 27 12:35:02 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: "D. T." wrote in message news:Xns97395A4D0889Anewsaddresshypercrea@216.154.195.61... > "Ellen" wrote in news:dori9l$e69$1@news.spamcop.net: > > > Things should be back to normal now. Let me know if you see any problems. > > And as always, thanks for your patience. > > > > No, not "normal" when I logged into all the various services about 20 > minutes ago. This was well after the "restoration" of services. What I saw, > from ALL of the various systems (mail.spamcop.net, forums, etc.) looked > very much like a system under an extreme DOS attack, in that I could > connect, but only a trickle of data was coming to me. > Remember that I was talking only about the reporting systems. Not mail, newsgroups or forums. Ellen SpamCop From johnl at in.newsgroup.only Tue Dec 27 17:39:02 2005 From: johnl at in.newsgroup.only (JohnL) Date: Tue Dec 27 12:40:02 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: "Ellen" wrote in news:dortt9$kpp$1@news.spamcop.net: > Remember that I was talking only about the reporting systems. Not mail, > newsgroups or forums. I was going to post that the reporting seems pretty slow this morning. A lot of reports backlogged? From nobody at spamcop.net Tue Dec 27 12:58:07 2005 From: nobody at spamcop.net (Ellen) Date: Tue Dec 27 13:15:02 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: "JohnL" wrote in message news:Xns97396C5AECE38innewsgrouponly@216.154.195.61... > "Ellen" wrote in news:dortt9$kpp$1@news.spamcop.net: > > > Remember that I was talking only about the reporting systems. Not mail, > > newsgroups or forums. > > I was going to post that the reporting seems pretty slow this morning. > A lot of reports backlogged? When we have a problem as we did this AM, the mailservers keep collecting the mail waiting to dump it onto the application servers and database servers, so yes I suspect that the other servers had a bunch to plow thru. Ellen SpamCop From newspost at deletethispart.hypercreations.com Tue Dec 27 18:43:28 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Tue Dec 27 13:45:03 2005 Subject: [SpamCop-List] Re: System is back up was: Re: System is down References: Message-ID: "Ellen" wrote in news:dortt9$kpp$1@news.spamcop.net: > Remember that I was talking only about the reporting systems. Not > mail, newsgroups or forums. Yes, I was a bit hasty....someone else had posted that the other systems weren't affected, but the other system were indeed having serious problems today. The two outages/incidents were surely unrelated. DT From verdy_p at wanadoo.fr Tue Dec 27 20:14:36 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Tue Dec 27 14:20:04 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: "Mike Easter" a écrit dans le message de news: doq35u$m98$1@news.spamcop.net... > Philippe Verdy wrote: >> Tracking URL: > www.spamcop.net/sc?id=z847344570z70746c60e7171004fc80b6d4e736aa7fz > >> The problem: >> I get about 2 or 3 copies per minute, and it is still notdetected by >> my antispamfilter, so it fills megabytes in my mailbox. I came back >> this evening from 2-day holiday, and saw one of my mailbox filled by >> several THOUSANDS copies of this spam, starting at the christmas eve. > > My provider's spamfilter has options which include my being able to > blacklist a From address or domainname and that puts those items into a > Spam folder for autodeletion [if so configured] and/or in any case the > spamfolder contents don't count against my mailbox size limitations. Yesthe list of spamvertized domains is constant, but not the "from". What I did was to add a filter on the subject line. This still continues. However, my ISP just puts the spams in the "undesirable mails" IMAP folder (which is not read through POP3, but managed through the webmail interface). But there's no option to automatically delete some messages (I have the option to drop spams, but this affects all undesirable messages, and I prefer being able to review them; undesirable messages are dropped automatically after 1 week, too slow for this spam). Unfortunately, the space used by this folder is taken as part of the maximum volume, so I still need to clean this folder manually, so this does not prevent my mailbox of becoming full after 2 days only . The solution I took was to forward allemailsexcept spams to another secret mailbox. > It appears that these all have a Construction-Report.Com From or rather > construction-report.com Yes but in the HTML part of the body. I don't use filters on message content, as they only work on the text-only part, and it is VERY unreliable on HTML. > Otherwise you have to enlist the aid of your mail provider to prevent > mailbox full problems. 20MB per mailboxis my maximum, there's no option to get a larger mailbox. What I did was to request assistance so that this spam would be detected specially and deleted before reaching my mailbox (i.e. not put into my undesirable folder). I reallycan't understand why spammers use such stupid bots that will enlist my email address into hundreds of open-relays that will all send a copy of the same spam in parallel every hour. Only some of the open-relays are listed as such in various RBLs. (they are probably running spambots, and there are at least two types of bots, because the spam whose visible text is identifical, has two encoding forms to specify the list of sites in the HTML part). It looks like there's a spambot that not only receives a list of email addresses to spam and the text ofthe message,but also a dynamic list of target URLs toinsert in the message body. I have no idea if the web sites are real. You suggest this is a joe job, but then why some of them resolve to hosts with dynamic IPs that change every few minutes? I do think this is effectively alist of malicious websites installed by spammers to steal the identities or personnal info of people. From MikeE at ster.invalid Tue Dec 27 11:31:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 27 14:35:02 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: Philippe Verdy wrote: > I have no idea if the web sites are real. You suggest this is a joe > job, but then why some of them resolve to hosts with dynamic IPs that > change every few minutes? Actually it was not I but Ant who sed Ant wrote: > Thread in NANAE "construction-report.com, et. al..." talks about a > Joe Job. Personally I haven't received any of those spams nor have I read the nanae joejob thread nor have I read any of these spams posted in sightings to research my own opinion of the issue. There are a lot of threads in nanae I don't read, and I certainly don't believe what I hear about is being said over there unless I determine it for myself. > I do think this is effectively alist of > malicious websites installed by spammers to steal the identities or > personnal info of people. -- Mike Easter kibitzer, not SC admin From not at home.today Tue Dec 27 21:57:51 2005 From: not at home.today (Ant) Date: Tue Dec 27 17:00:03 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: "Mike Easter" wrote: > Philippe Verdy wrote: >> I have no idea if the web sites are real. You suggest this is a joe >> job, but then why some of them resolve to hosts with dynamic IPs that >> change every few minutes? > > Actually it was not I but Ant who sed [snip] Yep; I said it, but have not researched it. I simply pass on the info for what it's worth (which may be nothing). The thread starts with this post on 25 Dec, in case anyone wants to read or join in: news:1135553207.429937.264410@g44g2000cwa.googlegroups.com From MikeE at ster.invalid Tue Dec 27 14:35:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Dec 27 17:40:04 2005 Subject: [SpamCop-List] Re: THOUSANDS copies of: Construction-Report.Com , Subscribe, Advertise or Work from Home? References: Message-ID: Ant wrote: > "Mike Easter" wrote: >> Philippe Verdy wrote: >>> I have no idea if the web sites are real. You suggest this is a joe >>> job, but then why some of them resolve to hosts with dynamic IPs >>> that change every few minutes? That isn't what a poster in nanae said. He said that all of the *constructionnews.com sites and other contained links resolved to 2 IPs. 68.178.175.17 and 64.26.129.91 -- the later of which rDNSes to www.construction-report.com and the former to ip-68-178-175-17.ip.secureserver.net >> Actually it was not I but Ant who sed [snip] > > Yep; I said it, but have not researched it. I simply pass on the info > for what it's worth (which may be nothing). The thread starts with > this post on 25 Dec, in case anyone wants to read or join in: > news:1135553207.429937.264410@g44g2000cwa.googlegroups.com I've read the thread, including the item which has a letter from the 'joe' explaining the 'job' news:41a0coF1dqh3vU1@individual.net and