From jeffg at spamcop.net Thu Dec 1 04:35:24 2005 From: jeffg at spamcop.net (Jeff G.) Date: Thu Dec 1 04:40:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: "Mike Easter" wrote in message news:dmkna7$lkc$1@news.spamcop.net... > jg wrote: > > and came up with (via Sam Spade): > > > How do 3 bogus rDNS entries pop up and is this the result of spammy? > > academic question... > > I think but I'm not sure that in this context 'bogus' simply means that > 'paranoid' lookup doesn't work. > > That is, if an IP will rDNS but the rDNS doesn't DNS to the original IP > that the report sez 'bogus' -- which seems like an unkind term for that > particular behavior. 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' would be a little long for such a purpose, don't you think? I think "bogus" fits because the rdns names (the right sides of the PTR Records) are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com (the person responsible for the zones in all three parent SOA records) for the whole mess. -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From devnull at spamcop.net Thu Dec 1 08:32:49 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 08:35:03 2005 Subject: [SpamCop-List] Re: Deserving of a LART - where would be a good address? References: Message-ID: "Ron B." | > www.spamcop.net/sc?id=z832218066z00305e1d2baeb27c894985a7f1404f35z | > | > | >>They are going to give away free pirated software - model citizens... | > | > | > You must be talking about something you read by clicking on one of the | > spamvertised links. There's nothing in the spam about free software. | > | | | Cut and paste: | | our corporation is doing what it can to help and has decided to give | away our services and software without cost to charities and nonprofits | in need, OT Might look at: http://www.compumentor.org/ http://www.techsoup.org/ If there is a need for free and very low cost software for NP. BTW there is a place on the techsoup.org web site to volunteer tech support if you are of a mind to do that. I'm doing that in this area on the premise that in the land of the blind the one eyed man in king. As little as I know I'm far better than most hear as there are clowns in this area charging $50-75+ per hour to bollix unsuspecting peoples computers. From devnull at spamcop.net Thu Dec 1 08:44:01 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Dec 1 09:05:02 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: | >>> Questioning to a local editor the technical accuracy of one of the few | >>> strips that does deal with spam is a bad move. | >> | >> This comment just brings more questions. Explain. | > | > You can cause the strip to get cancelled from the local paper as | > "too complicated". | | So? No skin off my teeth... We'd all be better served to get spammy canceled than a cartoon on spam canceled. From mwnospam at comcast.net Thu Dec 1 09:24:59 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 09:25:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmj0p3$pdo$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmi7gv$asc$1@news.spamcop.net... > > > > > > I mean somthing like > > > > http:/\ZEh<7Jssx.0>0.pha > > r/:#3\|maserious.com > > > > Well, AFAIC, anyone clicking on a link that looks like that deserves all > they get hit with... > > The URL is associated with an image ie bunch of colorful pills, a bottle of "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably deserves what they get. But unless they look at the bottom of the screen, they don't see the gibberish URL. From porpoise1954 at yahoo.co.uk Thu Dec 1 14:43:07 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 09:45:02 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmn13g$rkh$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmj0p3$pdo$1@news.spamcop.net... >> >> >> > > The URL is associated with an image ie bunch of colorful pills, a bottle > of > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > deserves what they get. But unless they look at the bottom of the > screen, > they don't see the gibberish URL. > > Yup! That's why you should always know what the link is before clicking it! I *think* that's why the browser shows you that info in the status bar - and, if there's any doubt, view the source............ Of course, if they're clicking links in email .......... smack 'em round the ear! From mwnospam at comcast.net Thu Dec 1 12:29:41 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 12:30:10 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "Porpoise" wrote in message news:dmn286$sb8$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmn13g$rkh$1@news.spamcop.net... > > > > "Porpoise" wrote in message > > news:dmj0p3$pdo$1@news.spamcop.net... > >> > >> > >> > > > > The URL is associated with an image ie bunch of colorful pills, a bottle > > of > > "muscle" enhancer, etc. Yes, somebody clicking on such a picture probably > > deserves what they get. But unless they look at the bottom of the > > screen, > > they don't see the gibberish URL. > > > > > > Yup! That's why you should always know what the link is before clicking it! > I *think* that's why the browser shows you that info in the status bar - > and, if there's any doubt, view the source............ Of course, if they're > clicking links in email .......... smack 'em round the ear! > > The point is, why should the browser allow the gibberish URL in the first place? From Kilgallen at SpamCop.net Thu Dec 1 12:34:42 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Dec 1 13:35:04 2005 Subject: [SpamCop-List] Re: [media] comic strip References: Message-ID: In article , baloo@ursine.ca writes: > Larry Kilgallen wrote: >> In article , baloo@ursine.ca writes: >>> Larry Kilgallen wrote: >>>> Questioning to a local editor the technical accuracy of one of the few >>>> strips that does deal with spam is a bad move. >>> >>> This comment just brings more questions. Explain. >> >> You can cause the strip to get cancelled from the local paper as >> "too complicated". > > So? No skin off my teeth... Whereas I believe that it is better to have the subject of spam come up frequently in the popular literature. Consider the Chicago quote "It does not matter what they say about you in the papers, just so they get your name right." Nobody believes popular literature completely anyway, and inaccuracy leading to discussion may be better than accuracy leading to lack of discussion. From porpoise1954 at yahoo.co.uk Thu Dec 1 23:14:35 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Dec 1 18:20:03 2005 Subject: [SpamCop-List] Re: Marriage of Browsers???? References: Message-ID: "spamacyde" wrote in message news:dmnbtp$1mf$1@news.spamcop.net... > > "Porpoise" wrote in message > news:dmn286$sb8$1@news.spamcop.net... >> >> >> Yup! That's why you should always know what the link is before clicking > it! >> I *think* that's why the browser shows you that info in the status bar - >> and, if there's any doubt, view the source............ Of course, if > they're >> clicking links in email .......... smack 'em round the ear! >> >> > > The point is, why should the browser allow the gibberish URL in the first > place? > Because a URL *can* be gibberish - same as any text - it's down to the user to determine whether it's meaningful gibberish. (NOTE: A "tiny" URL is gibberish, most URLs with session IDs are gibberish. There are plenty of legitimate URLs that are gibberish - but they are still valid URLs, so the browsers accept them as such). From zypher at spamcop.net Thu Dec 1 17:29:33 2005 From: zypher at spamcop.net (Ron B.) Date: Thu Dec 1 18:30:02 2005 Subject: [SpamCop-List] (MEDIA) -Mail Promising Tax Refund Is Phishing Scam Message-ID: -Mail Promising Tax Refund Is Phishing Scam Federal tax collectors are warning consumers not to be fooled by a bogus e-mail that appears to come from the Internal Revenue Service and promises a tax refund. The e-mail is an identity theft phishing scam that attempts to fool recipients into revealing personal and financial information. From borgholio at storymind.com Thu Dec 1 17:02:48 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Dec 1 20:05:02 2005 Subject: [SpamCop-List] SEC no longer accepting spam forwards? Message-ID: I used to forward my stock spams to the SEC as attachments...but today I get this: Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 12.154.80.37 failed after I sent the message. Remote host said: 550 Error: SECPFR For security reasons we reject attachments of this type Should I start forwarding the spam inline, even though that kills the headers? From MikeE at ster.invalid Thu Dec 1 17:24:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Dec 1 20:25:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but > today I get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. This is a permanent error; I've given up. Sorry it didn't > work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? Except for spamcop's submit addy, all spam I send to abuse desks and such is sent inline, not as an attachment -- but it is sent inline with complete headers. If the mail agent were OE, I would use File/ Properties/ Details/ Message Source button and copy the complete headers continuous with the unrendered spambody and paste that into the body of the email message after a delimitor and a brief 1 line explanation of why they're getting it. That has been the traditional way of doing it -- however, that method is actually 'inferior' to sending it as an attachment, because the mailuser agent will change what has been pasted into the body by adding linewraps -- so if someone really cares about 'evidence' insisting that it be put into the body is a dumb position to take because the evidence gets modified by the transmission. All in all it is a dumb position for anything as 'sophisticated' as an abuse desk or its equivalent to not be able to properly handle whichever format proper evidence comes in, attachment or not. My provider has some zany instructions for rendering spam and putting the full headers over a copy of the rendered spam -- but my provider has a host of stupid corporate and administrative policies and behaviors. Obviously there are some things that rendering would 'ruin' the evidence such as phish information. -- Mike Easter kibitzer, not SC admin From mwnospam at comcast.net Thu Dec 1 22:29:07 2005 From: mwnospam at comcast.net (spamacyde) Date: Thu Dec 1 22:30:03 2005 Subject: [SpamCop-List] Re: KIDC.NET References: Message-ID: "spamacyde" wrote in message news:dmcftc$33b$1@news.spamcop.net... > > "spamacyde" wrote in message > news:dmb622$g9b$1@news.spamcop.net... > > Most of my spam is spamvertising KIDC.NET. Is KIDC.NET "black hat?" > > > > Thanks > > > > > > It is South Korea, right? > > I just received spam from South Korea promoting mainland China watches. Go figure. From SC.10.myspamgobbler at spamcowboy.net Thu Dec 1 22:42:31 2005 From: SC.10.myspamgobbler at spamcowboy.net (Brian) Date: Fri Dec 2 01:50:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > I used to forward my stock spams to the SEC as attachments...but today I > get this: > > Hi. This is the qmail-send program at yahoo.com. > I'm afraid I wasn't able to deliver your message to the following > addresses. > This is a permanent error; I've given up. Sorry it didn't work out. > > : > 12.154.80.37 failed after I sent the message. > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type > > > Should I start forwarding the spam inline, even though that kills the > headers? I send multiple stock spam as attachments to SEC and am still getting their normal response that they've received it. Did you mistakenly include a malware laden message? -- Brian SC.10.myspamgobbler@spamcowboy.net From Kilgallen at SpamCop.net Fri Dec 2 08:32:52 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Dec 2 09:35:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: In article , Brian writes: > Borgholio wrote: >> I used to forward my stock spams to the SEC as attachments...but today I >> get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? I would hope the SEC is not using systems susceptible to malware. From nobody at spamcop.net Fri Dec 2 07:59:11 2005 From: nobody at spamcop.net (maulaf) Date: Fri Dec 2 11:00:03 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Borgholio wrote: > Remote host said: 550 Error: SECPFR For security reasons we reject > attachments of this type I formerly used to "Save As..." and then attached the result in a separate e-mail to SEC(*). When I first received this error, the implication was that attachments with a .eml extension were a problem to the SEC. I tried "Save As..." and simply specified that the result should be .txt file. E-mail with .txt attachments, it turns out, are just fine as far as the SEC is concerned. So, you could try that little trick. (*) Various reasons for sending separate e-mail rather than having the SEC as a "Public standard report recipient"; e.g. the sudden recent unannounced switch from unchecked by default to checked by default, the severe limit on the number of recipients that can be listed, etc. From borgholio at storymind.com Fri Dec 2 09:46:07 2005 From: borgholio at storymind.com (Borgholio) Date: Fri Dec 2 12:50:04 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? In-Reply-To: References: Message-ID: Brian wrote: > Borgholio wrote: > >> I used to forward my stock spams to the SEC as attachments...but today >> I get this: >> >> Hi. This is the qmail-send program at yahoo.com. >> I'm afraid I wasn't able to deliver your message to the following >> addresses. >> This is a permanent error; I've given up. Sorry it didn't work out. >> >> : >> 12.154.80.37 failed after I sent the message. >> Remote host said: 550 Error: SECPFR For security reasons we reject >> attachments of this type >> >> >> Should I start forwarding the spam inline, even though that kills the >> headers? > > > I send multiple stock spam as attachments to SEC and am still getting > their normal response that they've received it. Did you mistakenly > include a malware laden message? > Not that I'm aware of.... From nobody at spamcop.net Fri Dec 2 13:49:25 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 13:50:03 2005 Subject: [SpamCop-List] system problems? Message-ID: Just tried to report a spam, I should have been logged in without seeing the log in screen (I allow SC cookies), and I got that "password is incorrect" error message. And nuts, I seem to have lost my SC cookie! How the heck did that happen? From nobody at devnull.spamcop.net Fri Dec 2 13:47:55 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Dec 2 14:50:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. http://forum.spamcop.net/forums/index.php?act=module&automodule=custom&page=stats Would have to guess that you hit during that last "undocumented" dip ..... System outages/instability http://forum.spamcop.net/forums/index.php?showtopic=5288 From nobody at spamcop.net Fri Dec 2 14:54:52 2005 From: nobody at spamcop.net (indigo) Date: Fri Dec 2 14:55:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: WazoO wrote: > "indigo" wrote in message > news:dmq4vl$fl8$1@news.spamcop.net... > > Just tried to report a spam, I should have been logged in without > > seeing the log in screen (I allow SC cookies), and I got that > > "password is incorrect" error message. > > System outages/instability > http://forum.spamcop.net/forums/index.php?showtopic=5288 Hmmm....well, I reset my password and it worked....I hope Ellen won't spank me! ;-) P.S. Seems no one propogated the news over to the NNTP groups like she asked.....tsk, tsk....but thanks for replying, Waz. From nobody at nowhere.invalid Fri Dec 2 21:09:28 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Dec 2 15:10:02 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: On 2 Dec 2005 08:32:52 -0600, Larry Kilgallen coughed into spamcop and left this in : > I would hope the SEC is not using systems susceptible to malware. The chances are they're using M$-Windows desktops. Therefore not only are they susceptible to malware, but they're also already running it. -- Steve The original point and click interface was a Smith & Wesson. From nobody at spamcop.net Fri Dec 2 15:21:23 2005 From: nobody at spamcop.net (Ellen) Date: Fri Dec 2 15:30:04 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in message news:dmq4vl$fl8$1@news.spamcop.net... > Just tried to report a spam, I should have been logged in without seeing the > log in screen (I allow SC cookies), and I got that "password is incorrect" > error message. And nuts, I seem to have lost my SC cookie! How the heck did > that happen? > > I have been on the system all day and have not seen any problems. I just checked with ops and they have not seen any either. I have no idea where your cookie went -- maybe it just expired. I notice down the thread that you got back in so that is good. Ellen SpamCop From bud at telus.net Fri Dec 2 15:31:46 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:03 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:33:32 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:35:07 2005 Subject: [SpamCop-List] What else can I do? Message-ID: http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez I have been plagued for the last two weeks by spam coming from two IP addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open proxies. I have SC reported every one. I have reported each IP address to internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a standard response: "Thank you for your information regarding the alleged violation of the Shaw Internet Acceptable Use Policy. Based on the information provided, we have identified the offending computer and will take appropriate action(s). These actions may be: - Issue a warning by email indicating a complaint has been registered - Issue a warning that service may be suspended if activity continues - Suspend or terminate Shaw Internet connection to customer" Acceptable Use Policy Management Team Shaw High-Speed Internet Service Shaw Cablesystems G.P. 2400 - 32nd Avenue N.E. Calgary, Alberta, T2E 9A7 Telephone: (403)750-7420 Facsimile: (403)539-6831 (gb) I don't want to filter this spam because it's now become a crusade for me. I could phone, but I'm not sure at this stage I could keep my composure. What can I do to get through to this provider? -- Bud From bud at telus.net Fri Dec 2 15:36:38 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 18:40:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlkd$p48$2@news.spamcop.net... > http://www.spamcop.net/sc?id=z835474185z871b780bc0593092f83f33a6fb0f80d4z > http://www.spamcop.net/sc?id=z835474521z36a3156ae86a74751d9f638003ee7a0ez > > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are > open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: > > "Thank you for your information regarding the alleged violation of the > Shaw > Internet Acceptable Use Policy. > Based on the information provided, we have identified the offending > computer and will take appropriate action(s). > These actions may be: > - Issue a warning by email indicating a complaint has been registered > - Issue a warning that service may be suspended if activity continues > - Suspend or terminate Shaw Internet connection to customer" > > Acceptable Use Policy Management Team > Shaw High-Speed Internet Service > Shaw Cablesystems G.P. > 2400 - 32nd Avenue N.E. > Calgary, Alberta, T2E 9A7 > Telephone: (403)750-7420 > Facsimile: (403)539-6831 > > (gb) > > > I don't want to filter this spam because it's now become a crusade for me. > I could phone, but I'm not sure at this stage I could keep my composure. > What can I do to get through to this provider? > > -- > Bud I don't know how this got duplicated -- B. From porpoise1954 at yahoo.co.uk Fri Dec 2 23:51:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Dec 2 18:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Bud" wrote in message news:dmqlqa$pa3$1@news.spamcop.net... > SNIPPED >> >> I don't want to filter this spam because it's now become a crusade for >> me. >> I could phone, but I'm not sure at this stage I could keep my composure. >> What can I do to get through to this provider? >> >> -- >> Bud > I don't know how this got duplicated > -- > B. > Now it just got triplicated. ;-0 From MikeE at ster.invalid Fri Dec 2 16:06:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I don't know how this got duplicated Sometimes it is interesting to compare the msgid/s and timestamp/s, and sometimes it isn't. Date: Fri, 2 Dec 2005 15:31:46 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:33 +0000 (UTC) Date: Fri, 2 Dec 2005 15:33:32 -0800 Message-ID: NNTP-Posting-Date: Fri, 2 Dec 2005 23:33:34 +0000 (UTC) The only thing which is interesting to me about the comparison is the difference in seconds between the nntp date stamped by the server and the date stamped by your machine. Your machine sez a difference of 1min 46sec -- whereas the nntp stamp sez a difference of 1 sec. You would expect a hiccup to have closer times on your end than the newsserver's - I would think. Some people's news agents, I think OE does this, put stamp the item based on when the person starts editing the item. At least I think I formed that theory once upon a time when I was being the volunteer clock police person and would pull Ellen over for clock discrepancies. It seemed that the explanation was not based on her clock being set wrong, but the fact that she sometimes starts a news message and finishes it later and then posts it. Or something like that, I think. OTOH, if you were trying to imagine a scenario to make a longer time for your agent vs the newsserver, you would have your agent *not* stamping its time until it got 'hooked up' with the server. So, if it were having a delay in the hookup, then it would be waiting and waiting to get hooked up, and while it was waiting it would hiccup. Then, in the same second as the hiccup the agent and server hooked up - like hookup plus hiccup - and then the server would get 'both' of them almost simultaneously, ie 1 second apart. But, that scenario doesn't fit with my current concept of how a message gets dated by the user's agent. My provider's newsserver changes my date to its own, which annoys me as a newsserver behavior. I think it should leave it alone. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Dec 2 16:13:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 19:15:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume > are open proxies. Correct, and listed in proxytrojan spamtrap hits like CBL, also spamsource like spamcop, also nonresponsive provider, like spews. And others. The first is cbl, the 2nd is njabl, the 2nd isn't currently scbl/ed. Spews has a zillion shaws listed, just like it has a zillion comcasts. > I don't want to filter this spam because it's now become a crusade > for me. I could phone, but I'm not sure at this stage I could keep my > composure. What can I do to get through to this provider? If they don't respond to the larger community such as spews and others, they aren't likely to jump up and respond to you. Just keep doing your reporting and the source IPs will stay or get in SCbl. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sat Dec 3 00:18:08 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 19:20:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > I have been plagued for the last two weeks by spam coming from two IP > addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open > proxies. I have SC reported every one. I have reported each IP address to > internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a > standard response: I consider sjrb.ca as black hat. I also get a lot of spam from them and since they do not accept unmunged reports they do not get any of my reports. -- Robert Blair From jg at coks.net Fri Dec 2 16:47:12 2005 From: jg at coks.net (jg) Date: Fri Dec 2 19:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 4:18 PM Robert Blair scribbled: > On Fri, 2 Dec 2005 23:31:46 UTC, "Bud" wrote: > > >>I have been plagued for the last two weeks by spam coming from two IP >>addresses (24.108.176.223) (24.77.60.120) which I'm going to assume are open >>proxies. I have SC reported every one. I have reported each IP address to >>internet.abuse@sjrb.ca which is Shaw Cable. I received what I imagine is a >>standard response: > > > I consider sjrb.ca as black hat. I also get a lot of spam from them > and since they do not accept unmunged reports they do not get any of > my reports. > > I thought they didn't accept /munged/ reports - if they don't accept /unmunged/ reports, then they don't accept /any/ reports, which would decidely put them into the greyer shade of hat... From johnl at in.newsgroup.only Sat Dec 3 01:46:50 2005 From: johnl at in.newsgroup.only (JohnL) Date: Fri Dec 2 20:50:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: jg wrote in news:dmqpqj$rkj$1@news.spamcop.net: > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... They /do/ accept UNmunged reports. From MikeE at ster.invalid Fri Dec 2 18:06:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Dec 2 21:10:02 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: Bud wrote: > open proxies. > What can I do to get through to this provider? Buy them a gizmo: We're launching a new product called F-Secure Network Control Appliance based on this technology. It will tackle spam and computer zombies for service providers automatically. This box will monitor traffic from end-users at the network edge, automatically denying offending computers access to the network. Those using too much bandwidth or operating as spam zombies will automatically get redirected to a self-help web page, explaining what they have to do (like "clean your PC - install patches!") in order to regain network connectivity. This is smart compared to the current model where ISPs and other service providers are manually trying to figure out who is a zombie and who is not - and when they find one they will just cut the user off, leaving him wondering what's going on and making support calls. This technology works: it is already being used to monitor around half a million subscriber lines. http://www.f-secure.com/weblog/ http://www.f-secure.com/products/fsnc/ F-Secure Network Control for Service Providers pic http://www.f-secure.com/weblog/archives/fsnc1.gif -- Mike Easter kibitzer, not SC admin From bud at telus.net Fri Dec 2 19:24:47 2005 From: bud at telus.net (Bud) Date: Fri Dec 2 22:25:04 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: "Mike Easter" wrote in message news:dmquj3$u63$1@news.spamcop.net... > Bud wrote: > >> open proxies. > >> What can I do to get through to this provider? > > Buy them a gizmo: > > > We're launching a new product called F-Secure Network Control Appliance > based on this technology. It will tackle spam and computer zombies for > service providers automatically. This box will monitor traffic from > end-users at the network edge, automatically denying offending computers > access to the network. Those using too much bandwidth or operating as > spam zombies will automatically get redirected to a self-help web page, > explaining what they have to do (like "clean your PC - install > patches!") in order to regain network connectivity. > > This is smart compared to the current model where ISPs and other service > providers are manually trying to figure out who is a zombie and who is > not - and when they find one they will just cut the user off, leaving > him wondering what's going on and making support calls. > > This technology works: it is already being used to monitor around half a > million subscriber lines. > http://www.f-secure.com/weblog/ > http://www.f-secure.com/products/fsnc/ F-Secure Network Control for > Service Providers > > pic http://www.f-secure.com/weblog/archives/fsnc1.gif > > > -- > Mike Easter > kibitzer, not SC admin Terrific! Sent to Shaw and my own provider, Telus. We'll see what response I get. -- Bud From nobody at nowhere.not Sat Dec 3 04:52:01 2005 From: nobody at nowhere.not (Robert Blair) Date: Fri Dec 2 23:55:03 2005 Subject: [SpamCop-List] Re: What else can I do? References: Message-ID: On Sat, 3 Dec 2005 00:47:12 UTC, jg wrote: > > I consider sjrb.ca as black hat. I also get a lot of spam from them > > and since they do not accept unmunged reports they do not get any of > > my reports. > > > > > I thought they didn't accept /munged/ reports - if they don't accept > /unmunged/ reports, then they don't accept /any/ reports, which would > decidely put them into the greyer shade of hat... That was a BIG typo. I meant to say the do not accept munged reports (I wonder what my fingers thought my brain was sending to them, things do not function like they did in days gone by). -- Robert Blair From exfenestrate at spammers.invalid Fri Dec 2 22:22:40 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:25:03 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <5z4zq6wg26l4.dlg@grc.aosake.net> On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > "Mike Easter" wrote in message > news:dmkna7$lkc$1@news.spamcop.net... >> jg wrote: >>> and came up with (via Sam Spade): >>> >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? >>> academic question... >> I think but I'm not sure that in this context 'bogus' simply means >> that 'paranoid' lookup doesn't work. >> >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original >> IP that the report sez 'bogus' -- which seems like an unkind term for >> that particular behavior. > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > would be a little long for such a purpose, don't you think? I think > "bogus" fits because the rdns names (the right sides of the PTR Records) > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > (the person responsible for the zones in all three parent SOA records) > for the whole mess. Does it have an adverse affect on routing packets? These are intermediary routers, here, not end-point hosts. I should think that, as long as the packets are being properly routed, there is no _serious_ problem. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From exfenestrate at spammers.invalid Fri Dec 2 22:29:48 2005 From: exfenestrate at spammers.invalid (Norman Miller) Date: Sat Dec 3 01:30:02 2005 Subject: [SpamCop-List] Re: empty spam... References: Message-ID: <1u178mqi2xgi6.dlg@grc.aosake.net> On Wed, 30 Nov 2005 08:20:56 -0800, jg wrote: > Been getting a lot of these lately. > While looking for something more definitive as to origin (curiousity) I > did a trace on 24.22.212.4 > and came up with (via Sam Spade)... An unremarkable trace route. Comcast has a contract, or peering agreement with AT&T, whoops, that is now "at&t"; seriously. Since SBC has completed its purchase of AT&T, and changed the company name to, "at&t", and the "Deathstar" logo for good measure, there may be some changes in the routing. I expect that at&t may decide to adjust the routing computations to spread the load among all of the at&t backbone routers, including the former SBC backbone routers. Or not. In any case, the old AT&T backbone is known to Comcast customers for being a routing choke point, prone to high latency. Right, none of that, nor the lack of responsiveness of the customer host ti ICMP packets, has a lot of bearing on the spam source. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From edb2000 at spamcop.net Fri Dec 2 23:15:00 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Dec 3 02:20:02 2005 Subject: [SpamCop-List] nacio listwashing Message-ID: Another example of 'not clear on the concept'. I do not believe the SC report was a request to be listwashed, but they do. Beware of email lists hosted as *.lyris.net: > Date: Fri, 2 Dec 2005 15:30:37 -0800 From: Mindy Wallen > Subject: re: Spam Notification Organization: Lyris > Technologies > > Hello, > > Thanks for bringing this to our attention. I have removed your email > address from the mailing list SiteBrand_S5_List. I have also filed a > formal spam complaint on your behalf and a representative here will > investigate this list's activity. > > If you desire any further assistance, please let me know. > > Thanks & take care, Mindy Wallen Abuse Department > > > >>> Nacio has received the following SPAM complaints for your server. >>> Please investigate this matter and take appropriate action. Thank >>> you, NACIO Abuse Dept abuse@nacio.com > Subject : Spam Notification Date : Fri, 2 Dec 2005 10:33:00 -0800 > From : "ABUSE" > To : Cc : ABUSE > > > > > > Nacio has received the following SPAM complaints for your server. > Please investigate this matter and take appropriate action. > > Thank you, > > NACIO Abuse Dept > > abuse@nacio.com -- Don Wannit A paid SpamCop user since 1999 From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:51:32 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:13 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? > > Did you check for any crumbs under your desk? >snicker< :-D From redford_stone at INVERSE_OF_COLDmail.com Sat Dec 3 10:53:46 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Dec 3 05:55:18 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: Borgholio wrote in news:dmo6fa$g9v$1@news.spamcop.net: > > > Should I start forwarding the spam inline, even though that kills the > headers? > I'm assuming this is on Yahoo. I do a copy/paste of the headers over the quoted stuff on the inline. That usually works for me. From bar_n0ne at hotmail.com Sat Dec 3 16:10:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Dec 3 07:15:01 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Redstone" wrote in message SNIP > I do a copy/paste of the headers over the quoted stuff on the inline. That > usually works for me. I no longer bother, 2 reasons: 1) Default for Public non-standard recipients is checked on, I too often forgot to uncheck non-relevant ones.. 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes the gif and puts it in a separate folder. Larts only contain the name of the gif file, not the gif, so there is no payload my MUA choices (corporate) are Eudora or Outlook,, I have a nice workflow using outlook express to get complete spam (except in these cases), more work is not worth the trouble. From jg at coks.net Sat Dec 3 09:04:00 2005 From: jg at coks.net (jg) Date: Sat Dec 3 12:05:12 2005 Subject: [SpamCop-List] Re: What else can I do? In-Reply-To: References: Message-ID: On 12/2/2005 8:52 PM Robert Blair scribbled: > > That was a BIG typo. I meant to say the do not accept munged reports > (I wonder what my fingers thought my brain was sending to them, things > do not function like they did in days gone by). > > Don't feel like the Lone Ranger... From MikeE at ster.invalid Sat Dec 3 10:10:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 13:15:02 2005 Subject: [SpamCop-List] Re: a new kind of 419 References: Message-ID: Technomage Hawke wrote: > please see it in .spam. this one is new. Technomage Hawke wrote: > this arrived in my e-mail today. > I was rather a bit taken aback by this. > anyone know what to make of it? It is a spamscam sourced from a Belltech Lagos .ng IP via hotmail webmailer. The notifies are for the hotmailer usmanbello007@hotmail.com abuse@hotmail.com report_spam@hotmail.com (for hotmail.com) abuse@microsoft.com (for microsoft.com) abuse@msn.com (for msn.com) the source provider's admin/tech contact: bimboabubakar@yahoo.com and the AS25228 SkyVision for the general shabby condition of Belltech's Lagos contact listing in RIPE as well as no rDNS on the sourcce IP and thus no proper abuse.net listing for belltech's block ripeadm@sky-vision.net abuse@sky-vision.net Tatyana.Knaifel@sky-vision.net lir@sky-vision.net steve.birnbaum@sky-vision.net dimitry.raitses@sky-vision.net (for sky-vision.net) > Received: from 217.194.155.83 by by24fd.bay24.hotmail.msn.com with > HTTP; Fri, 02 Dec 2005 11:22:09 GMT > X-Originating-IP: [217.194.155.83] > X-Originating-Email: [usmanbello007@hotmail.com] > We have resolved to pay you immediately according to the directives > and mandate from the Ecowas heads of states and council of the ecowas > finance ministers. Immediately we hear from you, we shall give > directives to you on how to receive your fund. -- Mike Easter kibitzer, not SC admin -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Sat Dec 3 15:34:04 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Dec 3 15:35:03 2005 Subject: [SpamCop-List] Re: (MEDIA) -Mail Promising Tax Refund Is Phishing Scam References: Message-ID: In article , "Ron B." wrote: > -Mail Promising Tax Refund Is Phishing Scam > > Federal tax collectors are warning consumers not to be fooled by a bogus > e-mail that appears to come from the Internal Revenue Service and > promises a tax refund. > > The e-mail is an identity theft phishing scam that attempts to fool > recipients into revealing personal and financial information. > > Doesn't everybody know that the IRS only looks for you when you owe them money, not the other way around? -- D.F. Manno | dfm2a3l0t2@spymac.com Support the troops. Bring them home NOW! From newspost at deletethispart.hypercreations.com Sat Dec 3 21:08:40 2005 From: newspost at deletethispart.hypercreations.com (D. T.) Date: Sat Dec 3 16:10:02 2005 Subject: [SpamCop-List] Re: system problems? References: Message-ID: "indigo" wrote in news:dmq4vl$fl8$1@news.spamcop.net: > Just tried to report a spam, I should have been logged in without > seeing the log in screen (I allow SC cookies), and I got that > "password is incorrect" error message. And nuts, I seem to have lost > my SC cookie! How the heck did that happen? This has been happening on and off to ALL of us for months, so it has nothing to do with our local computers/browsers/connections/etc....it's system instability, and it's being watched and documented at the Forums, as Wazoo indicated. In fact, there was a total shutdown for some minutes today (Saturday, Dec. 3) that caused the same behaviour, in addition to some interesting errors from intermediate servers, such as: An error occurred while processing your request. Reference #97.bbfb746.1133641925.ae63253 and: Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.12bfb746.1133641841.42d6a15 Even though many of us accept and have even "protected" our SC cookies, it seems that the server problems cause FireFox to "forget" the memorized userid/password (login) information. I've seen it happen many times, and this isn't happening with *any* other sites I log in to. DT From borgholio at storymind.com Sat Dec 3 14:14:36 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 17:15:02 2005 Subject: [SpamCop-List] TeamAaronShara... Message-ID: Anybody else getting a ton of spam from these idiots? The emails seem to be coming from several different networks, all over the world. What's the deal? From jeffg at spamcop.net Sat Dec 3 17:56:07 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 18:00:04 2005 Subject: [SpamCop-List] Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Norman Miller" wrote in message news:5z4zq6wg26l4.dlg@grc.aosake.net... > On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: > > "Mike Easter" wrote in message > > news:dmkna7$lkc$1@news.spamcop.net... > >> jg wrote: > >>> and came up with (via Sam Spade): > >>> > >>> How do 3 bogus rDNS entries pop up and is this the result of spammy? > >>> academic question... > >> I think but I'm not sure that in this context 'bogus' simply means > >> that 'paranoid' lookup doesn't work. > >> > >> That is, if an IP will rDNS but the rDNS doesn't DNS to the original > >> IP that the report sez 'bogus' -- which seems like an unkind term for > >> that particular behavior. > > 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse > > IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" at > > http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 ' > > would be a little long for such a purpose, don't you think? I think > > "bogus" fits because the rdns names (the right sides of the PTR Records) > > are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, > > tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net > > authoritatively don't exist, and I blame rm-hostmaster[at]ems.att.com > > (the person responsible for the zones in all three parent SOA records) > > for the whole mess. > Does it have an adverse affect on routing packets? These are intermediary > routers, here, not end-point hosts. I should think that, as long as the > packets are being properly routed, there is no _serious_ problem. No, it does not "have an adverse affect on routing packets", but it does "have an adverse affect on troubleshooting of routing packets" -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. From jg at coks.net Sat Dec 3 16:11:29 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:10:07 2005 Subject: [SpamCop-List] OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 2:56 PM Jeff G. scribbled: > "Norman Miller" wrote in message > news:5z4zq6wg26l4.dlg@grc.aosake.net... > >>On Thu, 1 Dec 2005 04:35:24 -0500, Jeff G. wrote: >> >>>"Mike Easter" wrote in message >>>news:dmkna7$lkc$1@news.spamcop.net... >>> >>>>jg wrote: >>>> >>>>>and came up with (via Sam Spade): >>>>> >>>>>How do 3 bogus rDNS entries pop up and is this the result of > > spammy? > >>>>>academic question... >>>> >>>>I think but I'm not sure that in this context 'bogus' simply means >>>>that 'paranoid' lookup doesn't work. >>>> >>>>That is, if an IP will rDNS but the rDNS doesn't DNS to the > > original > >>>>IP that the report sez 'bogus' -- which seems like an unkind term > > for > >>>>that particular behavior. >>> >>>'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>>IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" > > at > >>>http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 > > ' > >>>would be a little long for such a purpose, don't you think? I think >>>"bogus" fits because the rdns names (the right sides of the PTR > > Records) > >>>are in fact "not genuine" because tbr1-p014001.la2ca.ip.att.net, >>>tbr1-cl3.sffca.ip.att.net, and tbr1-cb10.st6wa.ip.att.net >>>authoritatively don't exist, and I blame > > rm-hostmaster[at]ems.att.com > >>>(the person responsible for the zones in all three parent SOA > > records) > >>>for the whole mess. >> >>Does it have an adverse affect on routing packets? These are > > intermediary > >>routers, here, not end-point hosts. I should think that, as long as > > the > >>packets are being properly routed, there is no _serious_ problem. > > > No, it does not "have an adverse affect on routing packets", but it does > "have an adverse affect on troubleshooting of routing packets" > Jeff, you need QuoteFix to go along with your doubtlook client - I got cross eyed reading the orig of above post... sorry... From jg at coks.net Sat Dec 3 16:13:13 2005 From: jg at coks.net (jg) Date: Sat Dec 3 19:15:04 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 2:14 PM Borgholio scribbled: > Anybody else getting a ton of spam from these idiots? The emails seem to be > coming from several different networks, all over the world. What's the deal? Doesn't sound familiar here - So. Cal. - just as well, got enuff of my own idiots falling in... From borgholio at storymind.com Sat Dec 3 16:13:16 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:15:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: jg wrote: > On 12/3/2005 2:14 PM Borgholio scribbled: > > >>Anybody else getting a ton of spam from these idiots? The emails seem to be >>coming from several different networks, all over the world. What's the deal? > > Doesn't sound familiar here - So. Cal. - just as well, got enuff of my > own idiots falling in... I live in Burbank...the epitome of SoCal. :) From MikeE at ster.invalid Sat Dec 3 16:20:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 19:25:02 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: > Jeff, you need QuoteFix to go along with your doubtlook client - I got > cross eyed reading the orig of above post... > sorry... While I'm in favor of as many people using QuoteFix as need to, my QF fixed Jeff's post; see below. If yours did not, then your QF has run out of its 'memory leak space' buffer, and you need to: - configure QF to 'depend on OE' in its advanced options and - integrate OE & QF to be 'OE with QF' and - periodically shutdown the OE/QF integrated operation and restart it and - when you do, you are likely to find that QF works better to fix such things Jeff G. wrote: > "Norman Miller" >> Jeff G. wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> and came up with (via Sam Spade): >>>>> >>>>> How do 3 bogus rDNS entries pop up and is this the result of >>>>> spammy? academic question... >>>> I think but I'm not sure that in this context 'bogus' simply means >>>> that 'paranoid' lookup doesn't work. >>>> >>>> That is, if an IP will rDNS but the rDNS doesn't DNS to the >>>> original IP that the report sez 'bogus' -- which seems like an >>>> unkind term for that particular behavior. >>> 'violates Section "INSTRUCTIONS - Adding a host - Add the reverse >>> IN-ADDR entry" of RFC1033 "DOMAIN ADMINISTRATORS OPERATIONS GUIDE" >>> at >>> http://tools.ietf.org/tools/rfcmarkup/rfcmarkup.cgi?rfc=1033#page-11 >>> ' would be a little long for such a purpose, don't you think? I >>> think "bogus" fits because the rdns names (the right sides of the >>> PTR Records) are in fact "not genuine" because >>> tbr1-p014001.la2ca.ip.att.net, tbr1-cl3.sffca.ip.att.net, and >>> tbr1-cb10.st6wa.ip.att.net authoritatively don't exist, and I blame >>> rm-hostmaster[at]ems.att.com (the person responsible for the zones >>> in all three parent SOA records) for the whole mess. >> Does it have an adverse affect on routing packets? These are >> intermediary routers, here, not end-point hosts. I should think >> that, as long as the packets are being properly routed, there is no >> _serious_ problem. > > No, it does not "have an adverse affect on routing packets", but it > does "have an adverse affect on troubleshooting of routing packets" -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Sat Dec 3 16:40:26 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 19:45:03 2005 Subject: [SpamCop-List] Spamcop not reporting weblinks in spam Message-ID: Full spam posted in .spam. Manually reporting spam should report spamvertised sites, right? Well it's not, at least in this case. Most of the time it locates the links but doesn't report them, nor does it give any indication of why it's not reporting. What's up? From jeffg at spamcop.net Sat Dec 3 19:58:01 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:00:04 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: "Borgholio" wrote in message news:dmtdt2$6f6$1@news.spamcop.net... > Full spam posted in .spam. Manually reporting spam should report > spamvertised sites, right? Well it's not, at least in this case. Most of > the time it locates the links but doesn't report them, nor does it give any > indication of why it's not reporting. What's up? SNAFU. Refresh enough times and it should work. Please direct your complaints to SpamCop Admin. Ref: http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z and "FAQ Entry: The Link Analysis Process" at http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:02:04 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:05:03 2005 Subject: [SpamCop-List] Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Borgholio" a écrit dans le message de news: dmt5bk$14g$2@news.spamcop.net... > Anybody else getting a ton of spam from these idiots? The emails seem to > be coming from several different networks, all over the world. What's the > deal? I get LOTS of these spams from all over the world (many sources, most of them on dialup IP addresses of various ISPs, so this spam comes from PCs infected by viral worm that hosts a spamware). Unfortunately, the criminal that controls the list of abused PCs is using my own email address in ALL its repeated commands (so I receive a copy of this spam and scam since a couple of week at least 2 or 3 times PER MINUTE). It looks like a revenge against my past reports. I am currently reporting about 20 of these spams each day (only the most recent ones received in the last hour, when I check my emails), and I drop all the other copies. For now, my antispam system (hosted by my ISP) still does not detect it automatically, I had to add a manual exclusion to the blacklist for the subject line: Return-Path: Received: from mwinf5102.me-wanadoo.net (mwinf5102.me-wanadoo.net) by mwinb0306 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 9D2CD1C0FCE3 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from smtp12.wanadoo.fr (mwinf1207 [172.22.143.37]) by mwinf5102.me-wanadoo.net (SMTP Server) with ESMTP id 97D841C0FCE7 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 8C0F51C00098 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinb0403.me-wanadoo.net (mwinb0403 [172.22.165.25]) by mwinf1207.wanadoo.fr (SMTP Server) with ESMTP id 823AB1C00090 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:31 +0100 (CET) X-ME-UUID: 20051204004031533.823AB1C00090@mwinf1207.wanadoo.fr Received: by mwinb0403.me-wanadoo.net (SMTP Server, from userid 1001) id 5D6AC18032; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from mwinf1212.wanadoo.fr (mwinf1212.wanadoo.fr) by mwinb0403 (SMTP Server) with LMTP; Sun, 04 Dec 2005 01:40:31 +0100 X-Sieve: Server Sieve 2.2 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf1212.wanadoo.fr (SMTP Server) with ESMTP id 2FA953C04B81 for ; Sun, 4 Dec 2005 01:40:31 +0100 (CET) Received: from 193.252.22.89 (unknown [218.150.241.94]) by mwinf1212.wanadoo.fr (SMTP Server) with SMTP id EEB093C04B90 for <(hidden)@wanadoo.fr>; Sun, 4 Dec 2005 01:40:21 +0100 (CET) X-ME-UUID: 20051204004022977.EEB093C04B90@mwinf1212.wanadoo.fr Received: from 218.150.241.94 Message-ID: From: "TeamAaronShara" Reply-To: "TeamAaronShara" To: (hidden)@wanadoo.fr Subject: Want to make EASY Money? TeamAaronShara will show you how! Date: Sun, 04 Dec 2005 03:33:21 +0300 X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--115803255982665" X-Priority: 3 X-MSMail-Priority: Normal X-me-spamlevel: not-spam X-me-spamrating: 30.025481 X-Antivirus: AVG for E-mail 7.1.362 [267.13.11/191] ----115803255982665 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Untitled Document


= Want to make some fast extra CASH before the holidays? <= /font>Read on and TeamAaronShara walk you through the easy steps to easy money
and success. Aaron and I have been making money the easy way for many ye= ars now and sharing our knowledge and success with others
less fortunate than ourselves. Our followers have placed an unprecedente= d amount of trust in our judgement to bring them great HYIP
investment programs, money doublers, matrix programs, randomizers and ml= m programs. We are now bringing these programs directly to
you so that you can prosper with us. All our mon= ey making program picks are 100% safe to invest in!

http://www.teamaaronshara.com/daily.html

Our site walks you through = and holds your hand while investing in the many tried and tested easy wealth schem= es that are listed, all we ask is that
you join programs using our referral link so that we earn a little for t= he introduction. We show you where to get an online money account, how to
fund it and most importantly how to invest into the programs on offer an= d start earning immediately and all from the comfort of your armchair.

TeamAaronShara has a daily = newsletter so that you can learn about new money making opportunities the minute th= ey launch, all you need to do is
subscribe on our page to receive the latest news everyday. We have 1000'= s of subscribers already so come and join us and let's make our fortunes
together.

Learn how to use autorespon= ders, generate targeted email leads and get information on what tools to use f= or large mailing campaigns to your
hot prospects. We have it all and so can you! Remember, you will never lose money while following TeamAaronShara!

http://www.teamaaronshara.com/daily.html

Here Is A Recent Photo, its= not a very good one, but you can get an idea.. As You Can See We Are A Normal = Looking Couple, No Different Than Any
Of You :). Now You Can Put Faces With The Words, And For Some Of You The= Voices. We have a huge following on the www.moneymakergroup.com
discussion forum where we are both forum moderators and respected by all= We live in a wonderful new luxury home, have a new Mercedes, a new Lexus fo= r
Aaron and more money in the bank than we could ever have dreamed of. We = both wear gold Rolex watches set with diamonds, have a luxury ski boat, luxur= y
beach appartment in Florida and are completely without debt. You might a= sk how we managed to achieve all this wealth and that would be a very good ques= tion
which we will assume that you have already asked and will answer for you=

All our money is made from = the Internet by telling others about wonderful investment opportunities and being a p= art of them ourselves. Before we became switched
onto the Internet fountain of wealth we used to both work day jobs, Aaro= n would be away from home upto 12 hours a day working a construction job while I= worked
part time as an actress in adult movies. Neither of us were satisfied wi= th our jobs so we decided to radically change our careers and take our chances = on the Internet. It
turned out to be a wiser choice than we could ever have dreamed of and o= ur success can become your success too! Just visit our site to embark on your new w= ay of life
and the easy road to riches and success. We have now become one of the b= iggest and most followed promotors of HYIP programs on the web!

http://www.teamaaronshara.com/daily.html

Testim= onials:

Three months ago I was s= truggling to make ends meet in a country with a high inflation rate and things tha= t I can buy a year ago are now out of my budget. Add to the fact
that I have a 2-month old baby with growing needs, I thought I had to fi= nd another source of income. I turned to the internet and boy was that an eye opene= r! Opportunities
left and right bundled with scammers in abundance that it was truly a ga= mble which program to join and try to make money out of. After much research = on the net I came
across the TeamAaronShara Newsletter. A great resource for a newcomer li= ke me to get a grip on the trends and curveballs of the money making programs = of the internet
which is updated even if it's midnight in their time zone! Now I just st= ay home and "work" three hours a day on the internet and I get to play= with my 5-month old son all the
time and watch him grow right in front of my eyes. No more coming home t= o find out I miss his first smile or first crawl! :) I owe that to you TeamAaro= nShara! Thank you
from the bottom of my heart! Alvic C

TeamAaronShara is the best. There have been several times when I have ha= d a question or needed assistance concerning one of the programs that they o= ffered on the site.
Well, they ALWAYS answer my emails and return my phone calls with the co= rrect answer. They diligently study all the programs within their site and onl= y promote those
programs that pass a strict due diligence. If you are thinking about joi= ning any of the programs on this site I STRONGLY recommend that you sign up u= nder TeamAaronShara
because you will get the best support available anywhere on the internet= and the latest updates on what's hot and what's not. Brian K

=

http://www.teamaaronshara.com/daily.html

= Have a Great Day!!
Aaron and Shara
http://www.teamaaronshara.com

----115803255982665-- From verdy_p at wanadoo.fr Sun Dec 4 02:16:39 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:20:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" a écrit dans le message de news: dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. > > I am currently reporting about 20 of these spams each day (only the most > recent ones received in the last hour, when I check my emails), and I drop > all the other copies. These spams are constantly reported to spamcop@imaphost.com which seems to be the owner of the networks where all the zombies are installed. It's strange that a service provider like imaphost.com which has signed an agreement with SpamCop.Net to get special reports doesnot take any action to block these repeted emails at its source before it lets its users forwards these emails worldwide. Is imaphost.com really serious? I am quite ready to blacklist imaphost.com completely... From g.hyde at bigpond.net.au Sun Dec 4 11:18:09 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: "Mike Easter" wrote in message news:dmtcom$5tt$1@news.spamcop.net... > jg wrote: > >> Jeff, you need QuoteFix to go along with your doubtlook client - I got >> cross eyed reading the orig of above post... >> sorry... > > While I'm in favor of as many people using QuoteFix as need to, my QF > fixed Jeff's post; see below. > > If yours did not, then your QF has run out of its 'memory leak space' > buffer, and you need to: I think what he meant was that Jeff needs to download and install the QF client, and that Jeff doesn't have it installed - for one reason or another. -- Cheers ... Geoffrey Hyde From g.hyde at bigpond.net.au Sun Dec 4 11:25:52 2005 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Dec 3 20:30:08 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Philippe Verdy" wrote in message news:dmtf7l$7cg$1@news.spamcop.net... > > "Borgholio" a écrit dans le message de news: > dmt5bk$14g$2@news.spamcop.net... >> Anybody else getting a ton of spam from these idiots? The emails seem to >> be coming from several different networks, all over the world. What's >> the deal? > > I get LOTS of these spams from all over the world (many sources, most of > them on dialup IP addresses of various ISPs, so this spam comes from PCs > infected by viral worm that hosts a spamware). > > Unfortunately, the criminal that controls the list of abused PCs is using > my own email address in ALL its repeated commands (so I receive a copy of > this spam and scam since a couple of week at least 2 or 3 times PER > MINUTE). It looks like a revenge against my past reports. Are you saying that your ISP can't/won't stop address bounce errors?? If so, perhaps you should explain the problem to them, if you can get ahold of a reasonably intelligent real-life tech support guy at the other end of the phone support number. If not, you need to find out where the infected PC that is sending the spam is located, and have them and their service provider notified so that they can shut off spammy's flow. Much of which has been described in various ways here. If you are finding that the problem is your ISP doesn't seem sympathetic or is clueless, I'd recommend switching to one who is not as clueless. Cheers ... Geoffrey Hyde From jeffg at spamcop.net Sat Dec 3 20:37:22 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:40:02 2005 Subject: [SpamCop-List] Popgate "Cannot contact server" Message-ID: All of my MSN Hotmail and Yahoo! Accounts at POP Configuration are showing "Cannot contact server" with Error Counts from 11 to 12 (indicating errors going back 165 minutes (2.75 hours) to 180 minutes (3.0 hours)). Are others of you having the same problem? I have notified JT. Updates to this situation will be at http://forum.spamcop.net/forums/index.php?showtopic=5462&view=findpost&p=37149 . -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:40:57 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 20:45:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Geoffrey Hyde" a écrit dans le message de news: dmtgj3$87e$2@news.spamcop.net... > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold > of a reasonably intelligent real-life tech support guy at the other end of > the phone support number. There's no bounce error. These are real spams sent directly from known open relays. > If not, you need to find out where the infected PC that is sending the > spam is located, and have them and their service provider notified so that > they can shut off spammy's flow. Much of which has been described in > various ways here. Not needed. I let Spamcop determine the source itself and report spams correctly to the appropriate abuse desks. Regarding this spam, all the Spamcop-generated reports seem to go to spamcop@imaphost.com (in addition to another ISP). This looks like imaphost.com is acting as a relay for the infected PCs that are running zomby viral spamwares, and imaphost.com currently does not close the relay authorization from its customers. > If you are finding that the problem is your ISP doesn't seem sympathetic > or is clueless, I'd recommend switching to one who is not as clueless. There's no problem at my ISP. The problem is at the source network that is hosting the open-relays, apparently all of them being related to imaphost.com (that's not my ISP). The effective propagation is: - spammer sends instructions and posts lists of emails to some IRC server, where the zombies can discover themselves andact as a large spamming network. - infected PCs are listening for instructions from this IRC server, and they download lists of emails addresses to send spam to - the infected PCs (that are acting as open-relays) are sending a copy of the spam email to their current email provider (imaphost.com) - imaphost.com relays those spams, because it currently trusts these sources that appear to be among their subscribed customers - imaphost.com relays the spam to my ISP that accepts it because it currently trusts (doesnot block) imaphost.com - these spams fill my mailbox despite I have subscribed (and paid) an antispam option that should direct them to another folder with limited capacity. - I have informed my ISP that its antispam filter is currently not blocking those spams as it should; I am waiting for them to update their filter) - for now I need to setup my own personal blocking list on top of my ISP's filter. From jeffg at spamcop.net Sat Dec 3 20:47:54 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 20:50:02 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > [copy of spam with headers] Why did you post that spam in this newsgroup? Philippe Verdy wrote: > These spams are constantly reported to spamcop@imaphost.com which > seems to be the owner of the networks where all the zombies are > installed. > > It's strange that a service provider like imaphost.com which has > signed an agreement with SpamCop.Net to get special reports doesnot > take any action to block these repeted emails at its source before it > lets its users forwards these emails worldwide. > > Is imaphost.com really serious? I am quite ready to blacklist > imaphost.com completely... That's Cyveillance. Google is your friend. :) -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 02:58:11 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > Philippe Verdy wrote: >> [copy of spam with headers] > > Why did you post that spam in this newsgroup? I forgot that rule for posting here (it's been a long time since I have used this newsgroup, given that my antispam systems are now working very effectively to block almost all of them, about 400 to 800 spams each day, and only a few not blocked; but this TeamAaronShara spamisthe most active one and it currently escapes from the blocking rules,andI don't know why,given that it has a static content and a very easily identifiable signature). In fact I avoid newsgroups most of the time, as they are the *easiest* way for spammers to collect more active email addresses in their illegal databases (and they often know the various tricks used in newsgroups to "encypher" personnal email addresses like this in this message, using various string transformations, such as automatic removal of parenthesized comments in email addresses, transformation of "(at)" into "@", and so on...) > Philippe Verdy wrote: >> These spams are constantly reported to spamcop@imaphost.com which >> seems to be the owner of the networks where all the zombies are >> installed. > > That's Cyveillance. Google is your friend. :) OK, thanks for noting that (in the past Cyveillance used other (hidden) report addresses, I did not know that it was changed to use imaphost.com). Well Spamcop also always reports to a second address. I should have read more carefully the Spamcop processing messages. From jeffg at spamcop.net Sat Dec 3 21:03:09 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 21:05:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" wrote in message > news:dmtcom$5tt$1@news.spamcop.net... >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I didn't have it running because for viewing it is incompatible with my new light-on-dark color scheme. Sorry for the inconvenience. I ran it again as a test just for you. It is "Version 1.19.2", http://flash.to/oblivion appears to have been taken over, and that is the latest version per http://home.in.tum.de/~jain/software/oe-quotefix/downloads.php . -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From verdy_p at wanadoo.fr Sun Dec 4 03:04:29 2005 From: verdy_p at wanadoo.fr (Philippe Verdy (n.o-s.p.a.m+abuse)) Date: Sat Dec 3 21:10:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: "Jeff G." a écrit dans le message de news: dmthsu$94h$1@news.spamcop.net... > I have been a SpamCop User/Member/Customer since 1999 and am a > Moderator of the new web-based forums (now the primary method for > getting help, http://forum.spamcop.net). Please contact me via Forum > only. I do not provide Official SpamCop.Net Customer Support - please > see "How To Get Official SpamCop.Net Customer Support" at > http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. Thanks for pointing this information in your signature. I did not know that there was a web forum now. I think it's best for me to post there instead of this unsecure newsgroup, because the forum will protect the privacy of my email address. From MikeE at ster.invalid Sat Dec 3 18:08:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Dec 3 21:10:06 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: Geoffrey Hyde wrote: > "Mike Easter" >> jg wrote: >> >>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>> got cross eyed reading the orig of above post... >>> sorry... >> >> While I'm in favor of as many people using QuoteFix as need to, my QF >> fixed Jeff's post; see below. >> >> If yours did not, then your QF has run out of its 'memory leak space' >> buffer, and you need to: > > I think what he meant was that Jeff needs to download and install the > QF client, and that Jeff doesn't have it installed - for one reason > or another. I understand what he meant; and what I meant and described in detail was that what jg posted to demonstrate what was the 'problem' with Jeff's post demonstrated instead what was wrong with the way jg's OE/QF was working, so I was telling jg how to fix his OE/QF so that it would work properly. Properly functioning, OEQF is designed to fix existent formatting problems as well as prevent them. The reformatting works 'all over the place'. But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't working right it malfunctions; if you configure it properly, you can unscramble its 'limited' brainpower and 'force' it to work properly again. I was providing a formula to jg for doing that, as well as a demonstration of the difference between a properly working QF and a 'sick' one. Downloading and installing OE/QF is one thing. Making it work right is another. We're way beyond downloading it; now we're talking about mastering it. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Sat Dec 3 21:58:55 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sat Dec 3 22:00:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: Philippe Verdy wrote: > "Jeff G." a ?crit dans le message de news: > dmthsu$94h$1@news.spamcop.net... >> I have been a SpamCop User/Member/Customer since 1999 and am a >> Moderator of the new web-based forums (now the primary method for >> getting help, http://forum.spamcop.net). Please contact me via Forum >> only. I do not provide Official SpamCop.Net Customer Support - >> please see "How To Get Official SpamCop.Net Customer Support" at >> http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. > > Thanks for pointing this information in your signature. I did not > know that there was a web forum now. I think it's best for me to post > there instead of this unsecure newsgroup, because the forum will > protect the privacy of my email address. You're quite welcome! -- Best Regards, Jeff G. [rest of sig above] From borgholio at storymind.com Sat Dec 3 19:25:02 2005 From: borgholio at storymind.com (Borgholio) Date: Sat Dec 3 22:25:03 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam In-Reply-To: References: Message-ID: Jeff G. wrote: > "Borgholio" wrote in message > news:dmtdt2$6f6$1@news.spamcop.net... > >>Full spam posted in .spam. Manually reporting spam should report >>spamvertised sites, right? Well it's not, at least in this case. > > Most of > >>the time it locates the links but doesn't report them, nor does it > > give any > >>indication of why it's not reporting. What's up? > > > SNAFU. Refresh enough times and it should work. Please direct your > complaints to SpamCop Admin. Ref: > http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z > and "FAQ Entry: The Link Analysis Process" at > http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? From rwcs at spamcop.net Sat Dec 3 23:16:31 2005 From: rwcs at spamcop.net (BMW) Date: Sat Dec 3 23:20:02 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: Borgholio wrote: > Anybody else getting a ton of spam from these idiots? The emails seem > to be coming from several different networks, all over the world. > What's the deal? I have read through the threads in this discussion, and I'm not seeing what to do about TeamAaronShara. It is blatantly obvious to the casual observer that spamcop reports only fuel the fire, and no amount of reporting is going to deter this spammer. Sure would like to find an effective solution to this problem. From borgholio at storymind.com Sun Dec 4 00:03:08 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 03:05:07 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: BMW wrote: > Borgholio wrote: > >> Anybody else getting a ton of spam from these idiots? The emails seem >> to be coming from several different networks, all over the world. >> What's the deal? > > > I have read through the threads in this discussion, and I'm not seeing > what to do about TeamAaronShara. It is blatantly obvious to the casual > observer that spamcop reports only fuel the fire, and no amount of > reporting is going to deter this spammer. Sure would like to find an > effective solution to this problem. I'm manually reporting them in hopes of getting the spamvertised sites shut down too...or at least "harassed". But Spamcop is acting wanky right now and isn't reporting spamvertised links. :-/ From borgholio at storymind.com Sun Dec 4 01:52:52 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Dec 4 04:55:25 2005 Subject: [SpamCop-List] Update on TeamAaronShara - they claim it's a joe job Message-ID: Here's their link: http://www.teamaaronshara.com/daily.html Based on how it's a pretty decent sized flood that came out of nowhere, I'm half-inclined to believe them. Some forum posts I found on Google were from people who claimed TAS was a scam organization...so that if this is a joe-job, that's the culprit. From redford_stone at INVERSE_OF_COLDmail.com Sun Dec 4 11:03:51 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sun Dec 4 06:05:11 2005 Subject: [SpamCop-List] Re: SEC no longer accepting spam forwards? References: Message-ID: "Berny" wrote in news:dms20c$fmn$1@news.spamcop.net: > > 2) Almost all stock spam is in embedded Gifs nowadays, Eudora de-mimes > the gif and puts it in a separate folder. Larts only contain the name > of the gif file, not the gif, so there is no payload > There are always exceptions.. this is one of them. (Looks like we are being spammed by the same spammer.) When I have time, I'm going to try an OCR program to convert it to a text document. From nobody at nowhere.invalid Sun Dec 4 12:12:07 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Dec 4 06:15:03 2005 Subject: [SpamCop-List] Re: Subject: Want to make EASY Money? TeamAaronShara will show you how! References: Message-ID: On Sun, 4 Dec 2005 11:25:52 +1000, Geoffrey Hyde coughed into spamcop and left this in : > Are you saying that your ISP can't/won't stop address bounce errors?? If > so, perhaps you should explain the problem to them, if you can get ahold of > a reasonably intelligent real-life tech support guy at the other end of the > phone support number. There's no such thing as a "reasonably intelligent" life form in the whole organisation of his ISP: Wanadoo.fr. -- Steve Linux: the choice of a GNU generation -- ksh @ cis . ufl . edu put this on Tshirts in '93 From jeffg at spamcop.net Sun Dec 4 06:32:00 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 06:45:02 2005 Subject: [SpamCop-List] Re: Spamcop not reporting weblinks in spam References: Message-ID: Borgholio wrote: > Jeff G. wrote: >> "Borgholio" wrote in message >> news:dmtdt2$6f6$1@news.spamcop.net... >> >>> Full spam posted in .spam. Manually reporting spam should report >>> spamvertised sites, right? Well it's not, at least in this case. >>> Most of the time it locates the links but doesn't report them, nor >>> does it give any indication of why it's not reporting. What's up? >> SNAFU. Refresh enough times and it should work. Please direct your >> complaints to SpamCop Admin. Ref: >> http://www.spamcop.net/sc?id=z835981547z1cc59f8b5bc5b1c493545b5b9ac164b6z >> and "FAQ Entry: The Link Analysis Process" at >> http://forum.spamcop.net/forums/index.php?showtopic=4345&hl=link+analysis > K I'm having a memory lapse...where do I contact spamcop admin? You can email service[at]admin.spamcop.net or see the bottom link in my sig below. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 08:54:10 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 08:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: Borgholio wrote: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, > I'm half-inclined to believe them. Some forum posts I found on Google > were from people who claimed TAS was a scam organization...so that if > this is a joe-job, that's the culprit. Help me out here, What is a joe-job? From rwcs at spamcop.net Sun Dec 4 08:58:33 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 09:00:03 2005 Subject: [SpamCop-List] Spamcop Blacklist Message-ID: Does SC accept any IP block syntax in the blacklist? Does the Blacklist apply to the "Held Mail"? From jeffg at spamcop.net Sun Dec 4 09:45:23 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: I assume you are referring to the SCBL (the SpamCop Blocking List). Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL for details. BMW wrote: > Does SC accept any IP block syntax in the blacklist? No, IP Addresses wind up on the SCBL by way of having been Reported as having been the source of spam using the SpamCop Parsing and Reporting System. Please see http://www.spamcop.net/fom-serve/cache/297.html for more details. > Does the Blacklist apply to the "Held Mail"? That depends on the personal preference of the SpamCop Email System Customer, specifically the status of the Checkbox for it on https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more details. -- Thanks and Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From jeffg at spamcop.net Sun Dec 4 09:50:03 2005 From: jeffg at spamcop.net (Jeff G.) Date: Sun Dec 4 09:55:03 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job References: Message-ID: BMW wrote: > Borgholio wrote: >> Here's their link: >> >> http://www.teamaaronshara.com/daily.html >> >> Based on how it's a pretty decent sized flood that came out of >> nowhere, I'm half-inclined to believe them. Some forum posts I >> found on Google were from people who claimed TAS was a scam >> organization...so that if this is a joe-job, that's the culprit. > Help me out here, What is a joe-job? Per http://forum.spamcop.net/forums/index.php?showtopic=4473&st=0&p=29916&#Joe : 1. A "joe job" is a spam run forged to appear to come from another innocent party, with the intention of generating complaints about the victim and damaging their reputation. 2. A Joe job is an e-mail spam designed to tarnish the reputation of an innocent third party. Despite having existed since at least 1996, Joe jobs are uncommon compared to other types of spam because they provide no commercial benefit to the Joe jobber. 3. A "joe job" is something far above and distinct from the all too typical spammer construct of a "From" Address Forgery For more info: "Why am I getting all these bounces?" at http://forum.spamcop.net/forums/index.php?showtopic=203 http://spamlinks.net/faqs-joejob.htm http://en.wikipedia.org/wiki/Joe_jobs -- Best Regards, Jeff G. I have been a SpamCop User/Member/Customer since 1999 and am a Moderator of the new web-based forums (now the primary method for getting help, http://forum.spamcop.net). Please contact me via Forum only. I do not provide Official SpamCop.Net Customer Support - please see "How To Get Official SpamCop.Net Customer Support" at http://forum.spamcop.net/forums/index.php?showtopic=5517 for that. From rwcs at spamcop.net Sun Dec 4 11:07:00 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 11:10:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Jeff G. wrote: > I assume you are referring to the SCBL (the SpamCop Blocking List). > Please see http://forum.spamcop.net/forums/index.php?showtopic=2238#SCBL > for details. > > BMW wrote: > >>Does SC accept any IP block syntax in the blacklist? > > > No, IP Addresses wind up on the SCBL by way of having been Reported as > having been the source of spam using the SpamCop Parsing and Reporting > System. Please see http://www.spamcop.net/fom-serve/cache/297.html for > more details. > > >>Does the Blacklist apply to the "Held Mail"? > > > That depends on the personal preference of the SpamCop Email System > Customer, specifically the status of the Checkbox for it on > https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php or > http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php . Please > see http://forum.spamcop.net/forums/index.php?showtopic=3692 for more > details. > No, I am not referring to SCBL. Please be patient with my rant, I'm growing increasingly frustrated with the SC service. 1) I'm configured to "Block All", which means if the sender isn't on my whitelist the email remains in my "Held Mail". This is most effective in blocking 99.99% of the Spam directed at my email addresses. My problem is with a lack of control and filtering of my Held Mail. There seems to be NO way to reject mail from chronic, persistent sources. 2) I understand SC's mission, and I wish to be cooperative up to a point. That point is were SC is obviously ineffective. Please don't think I'm ragging on SC and it's efforts, they are a great team and a noble effort BUT they can't control everyone or everything. There are spammers and providers that SC can't affect. There are enough other people reporting this stuff, I don't need to be bothered with it. 3) This morning was a perfect example of my problem. . . 140 messages in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net address). As this clutter increases, my error rate follows. . . mail reported when it shouldn't be, important messages missed, etc. I don't believe for a nanosecond that reporting yet another message from TeamAaronShara is going to have ANY positive effect. I need a way to simply block or reject messages from my SC account and I need it NOW. 4) SC has to address this problem SOON or I will be forced to drop the service, because it is not working for me. From jg at coks.net Sun Dec 4 08:26:59 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:25:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... In-Reply-To: References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: On 12/3/2005 6:08 PM Mike Easter scribbled: > Geoffrey Hyde wrote: > >>"Mike Easter" >> >>>jg wrote: >>> >>> >>>>Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>got cross eyed reading the orig of above post... >>>>sorry... >>> >>>While I'm in favor of as many people using QuoteFix as need to, my QF >>>fixed Jeff's post; see below. >>> >>>If yours did not, then your QF has run out of its 'memory leak space' >>>buffer, and you need to: >> >>I think what he meant was that Jeff needs to download and install the >>QF client, and that Jeff doesn't have it installed - for one reason >>or another. > > > I understand what he meant; and what I meant and described in detail > was that what jg posted to demonstrate what was the 'problem' with > Jeff's post demonstrated instead what was wrong with the way jg's OE/QF > was working, so I was telling jg how to fix his OE/QF so that it would > work properly. > > Properly functioning, OEQF is designed to fix existent formatting > problems as well as prevent them. The reformatting works 'all over the > place'. > > But, OE/QF is 'b0rken' and doen't work 'perfectly'. When it isn't > working right it malfunctions; if you configure it properly, you can > unscramble its 'limited' brainpower and 'force' it to work properly > again. I was providing a formula to jg for doing that, as well as a > demonstration of the difference between a properly working QF and a > 'sick' one. > > Downloading and installing OE/QF is one thing. Making it work right is > another. We're way beyond downloading it; now we're talking about > mastering it. > > Geoff had it right... I don't use OE so QF won't do me much good, thanks anyway. From jg at coks.net Sun Dec 4 08:29:02 2005 From: jg at coks.net (jg) Date: Sun Dec 4 11:30:03 2005 Subject: [SpamCop-List] Re: TeamAaronShara... In-Reply-To: References: Message-ID: On 12/3/2005 4:13 PM Borgholio scribbled: > jg wrote: > >>On 12/3/2005 2:14 PM Borgholio scribbled: >> >> >> >>>Anybody else getting a ton of spam from these idiots? The emails seem to be >>>coming from several different networks, all over the world. What's the deal? >> >>Doesn't sound familiar here - So. Cal. - just as well, got enuff of my >>own idiots falling in... > > > I live in Burbank...the epitome of SoCal. :) It was for Johnny Carson, but IMHO Venice is the epitome.. From MikeE at ster.invalid Sun Dec 4 08:44:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 11:45:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: >>> Does SC accept any IP block syntax in the blacklist? >>> Does the Blacklist apply to the "Held Mail"? > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. I don't use SC mail, so I'm only speaking as a total 'outsider' who can't even see the SC mailsystem configuration page. But I understand what you are saying. > 1) I'm configured to "Block All", which means if the sender isn't on > my whitelist the email remains in my "Held Mail". That would be what I call 'whitelisteds only'. I use a client side spamfilter. I could configure it in that way. I could even configure the primitive mailuseragent OE to put only my whitelisteds into my Inbox. However, my client is not a server. A server is capable of rejecting mail during the smtp transaction. I don't have that capability. > This is most > effective in blocking 99.99% of the Spam directed at my email > addresses. My problem is with a lack of control and filtering of my > Held Mail. There seems to be NO way to reject mail from chronic, > persistent sources. You are correct. Your SC mailbox is not a server. I suppose there /might/ be some way to automatically delete some of your held mail but I can't see the SC mail place.. > 2) I understand SC's mission, and I wish to be cooperative up to a > point. That point is were SC is obviously ineffective. Please don't > think I'm ragging on SC and it's efforts, they are a great team and a > noble effort BUT they can't control everyone or everything. There are > spammers and providers that SC can't affect. There are enough other > people reporting this stuff, I don't need to be bothered with it. I understand that you are saying that some subset of your held mail you don't want held [any longer than being diverted there] and you don't want to report it, you just want it to disappear. You want a function with 3 forks, inbox, held, and deleted by being blocked from inbox or held. My provider's spamblocker setting on high provides 3 forks, known, suspect, and inbox for whitelisteds. My gmail account has a 'crude' filter system for from, to, subject, or words which gmail would handle according to my wishes. > 3) This morning was a perfect example of my problem. . . 140 messages > in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net > address). As this clutter increases, my error rate follows. . . mail > reported when it shouldn't be, important messages missed, etc. I > don't believe for a nanosecond that reporting yet another message from > TeamAaronShara is going to have ANY positive effect. I need a way to > simply block or reject messages from my SC account and I need it NOW. I don't know if SC has a 3 fork system or not. Many spam filters like to handle an item as 'positive' or 'negative' as a 2 fork process. > 4) SC has to address this problem SOON or I will be forced to drop the > service, because it is not working for me. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Dec 4 09:00:55 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: Mike Easter wrote: > BMW wrote: > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > >> 1) I'm configured to "Block All", which means if the sender isn't on >> my whitelist the email remains in my "Held Mail". I understand that there is also a personal blacklist, but I don't know what happens to something which you put there. http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal Blacklist and Whitelist -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 12:06:13 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:10:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > BMW wrote: > > >>>>Does SC accept any IP block syntax in the blacklist? > > >>>>Does the Blacklist apply to the "Held Mail"? > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > I don't use SC mail, so I'm only speaking as a total 'outsider' who > can't even see the SC mailsystem configuration page. But I understand > what you are saying. > > >>1) I'm configured to "Block All", which means if the sender isn't on >>my whitelist the email remains in my "Held Mail". > > > That would be what I call 'whitelisteds only'. I use a client side > spamfilter. I could configure it in that way. I could even configure > the primitive mailuseragent OE to put only my whitelisteds into my > Inbox. > > However, my client is not a server. A server is capable of rejecting > mail during the smtp transaction. I don't have that capability. > > >>This is most >>effective in blocking 99.99% of the Spam directed at my email >>addresses. My problem is with a lack of control and filtering of my >>Held Mail. There seems to be NO way to reject mail from chronic, >>persistent sources. > > > You are correct. Your SC mailbox is not a server. I suppose there > /might/ be some way to automatically delete some of your held mail but I > can't see the SC mail place.. > > >>2) I understand SC's mission, and I wish to be cooperative up to a >>point. That point is were SC is obviously ineffective. Please don't >>think I'm ragging on SC and it's efforts, they are a great team and a >>noble effort BUT they can't control everyone or everything. There are >>spammers and providers that SC can't affect. There are enough other >>people reporting this stuff, I don't need to be bothered with it. > > > I understand that you are saying that some subset of your held mail you > don't want held [any longer than being diverted there] and you don't > want to report it, you just want it to disappear. You want a function > with 3 forks, inbox, held, and deleted by being blocked from inbox or > held. > > My provider's spamblocker setting on high provides 3 forks, known, > suspect, and inbox for whitelisteds. My gmail account has a 'crude' > filter system for from, to, subject, or words which gmail would handle > according to my wishes. > > >>3) This morning was a perfect example of my problem. . . 140 messages >>in Held Mail, 133 from TeamAaronShara (all directed at my spamcop.net >>address). As this clutter increases, my error rate follows. . . mail >>reported when it shouldn't be, important messages missed, etc. I >>don't believe for a nanosecond that reporting yet another message from >>TeamAaronShara is going to have ANY positive effect. I need a way to >>simply block or reject messages from my SC account and I need it NOW. > > > I don't know if SC has a 3 fork system or not. Many spam filters like > to handle an item as 'positive' or 'negative' as a 2 fork process. > > >>4) SC has to address this problem SOON or I will be forced to drop the >>service, because it is not working for me. > > I have a web presence, and my contact info "routes" through SC. I really can't afford to miss new business. So the SC system of block all works well 99% of the time (first contact is delayed for review). The problem becomes one of clutter. It is unfortunate that SC is ineffective against the determined spammers, BUT it is a fact of life. SC admin PLEASE PLEASE PLEASE develop a solution! From rwcs at spamcop.net Sun Dec 4 12:14:36 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 12:15:04 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: > >>BMW wrote: > > >>I don't use SC mail, so I'm only speaking as a total 'outsider' who >>can't even see the SC mailsystem configuration page. But I understand >>what you are saying. >> >> >>>1) I'm configured to "Block All", which means if the sender isn't on >>>my whitelist the email remains in my "Held Mail". > > > I understand that there is also a personal blacklist, but I don't know > what happens to something which you put there. > > http://www.spamcop.net/fom-serve/cache/302.html FAQ about the Personal > Blacklist and Whitelist > > > It is my understanding ALL filters, blacklists, and the like, affect what is allowed through to your Inbox. I'm becoming painfully aware there is no solution here for the TeamAaronShara's of the world when it comes to your Held Mail box. (SC wants the stuff reported rather than deleted or rejected). The paradox is that reporting is ineffective as a control in some cases. From MikeE at ster.invalid Sun Dec 4 09:16:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:20:03 2005 Subject: [SpamCop-List] Re: OT Re: empty spam... References: <5z4zq6wg26l4.dlg@grc.aosake.net> Message-ID: jg wrote: >Mike Easter scribbled: >> Geoffrey Hyde wrote: >>> "Mike Easter" >>>> jg wrote: >>>>> Jeff, you need QuoteFix to go along with your doubtlook client - I >>>>> got cross eyed reading the orig of above post... >>>>> sorry... >>>> >>>> While I'm in favor of as many people using QuoteFix as need to, my >>>> QF fixed Jeff's post; see below. > Geoff had it right... > I don't use OE so QF won't do me much good, thanks anyway. Oh, I get it now. You were telling Jeff to dl and use QF with his OE, but not because /you/ were using QF. Furrfu. If you *had* been using OE with QF, you wouldn't have been having the problem with seeing what you were seeing with Tbird or Mozilla or whatever it is you use. That is, as bad as OE is about its formatting problem, the improvement in the reading of badly formatted posts which QF provides is much better than what you get with your newsreader -- Mike Easter kibitzer, not SC admin From jg at coks.net Sun Dec 4 09:27:05 2005 From: jg at coks.net (jg) Date: Sun Dec 4 12:25:02 2005 Subject: [SpamCop-List] Re: Update on TeamAaronShara - they claim it's a joe job In-Reply-To: References: Message-ID: On 12/4/2005 1:52 AM Borgholio scribbled: > Here's their link: > > http://www.teamaaronshara.com/daily.html > > Based on how it's a pretty decent sized flood that came out of nowhere, I'm > half-inclined to believe them. Some forum posts I found on Google were from > people who claimed TAS was a scam organization...so that if this is a > joe-job, that's the culprit. Given their chosen /business/ , I would expect joejob to be a normal and recurring event. Nothing pisses you off more than losing money with your own stupidity. And if you beleive this system, you are stupid... From MikeE at ster.invalid Sun Dec 4 09:34:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:35:02 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Mike Easter wrote: >> I understand that there is also a personal blacklist, but I don't >> know what happens to something which you put there. > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants th69.174.179.116e stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. I can't help finetune or 'subfilter' something I can't see. But I know that on all of my mail systems ie my provider EL and my gmail account and my SpamPal proxy filter and my primitive mailuseragent OE, that I could segregate a specific item such as TeamAaronShara and handle it differently by putting it into its own folder or deleting it automatically. I could have it in a gmail folder or trashed. My EL could keep it out of my other unknown nonwhitelisteds by blacklisting it on a high spamblocker setting. My OE could autodelete it or put it in its own folder. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Sun Dec 4 11:47:38 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Dec 4 12:50:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: In article , BMW writes: > No, I am not referring to SCBL. Please be patient with my rant, I'm > growing increasingly frustrated with the SC service. If you had posted in spamcop.mail, the notion that you are referring to the SpamCop Filtering Service would be more clear. From MikeE at ster.invalid Sun Dec 4 09:48:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 12:50:07 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > It is my understanding ALL filters, blacklists, and the like, affect > what is allowed through to your Inbox. I'm becoming painfully aware > there is no solution here for the TeamAaronShara's of the world when > it comes to your Held Mail box. (SC wants the stuff reported rather > than deleted or rejected). The paradox is that reporting is > ineffective as a control in some cases. You don't have to report anything which is SC held that you don't want to report. When I read about other mail services, such as cotse, those services allow you to mail discriminate at the server^1 level. Also, the blacklisting process works like this: 'Blacklisting Sender(s) is a useful tool for preventing specific individuals, specific organizations, or entire domains from contacting you via email. Any time you receive an email you don't want, you can blacklist the sender or domain for the future by simply clicking a link while the email is open in your webmail interface (i.e., when you are looking at the message page). You can also manually edit your blacklist to add or delete particular senders or domains. All mail from blacklisted sources will be delivered to your Trash folder, deleted, or rejected, at your option." ^1 Whereas most systems deliver mail to your inbox and then apply filters, Cotse's filters are server-side, i.e., they are applied before the mail ever gets to you. Note that you do not need to choose among spam filtering methods: you can enable any or all of the following: http://www.cotse.net/emailfilters.html Of course, cotse is a lot of other things besides just a mail service, so it doesn't cost $30/y, it costs about $6/mo for the whole enchilada, but you get a lot. Oho, I see here that cotse now has an email only account of $50/y purchasable as 6 mos. Personally if I were going to buy cotse's email, I would buy the whole thing for about $22/y more. -- Mike Easter kibitzer, not SC admin From rwcs at spamcop.net Sun Dec 4 13:41:52 2005 From: rwcs at spamcop.net (BMW) Date: Sun Dec 4 13:45:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , BMW writes: > > >>No, I am not referring to SCBL. Please be patient with my rant, I'm >>growing increasingly frustrated with the SC service. > > > If you had posted in spamcop.mail, the notion that you are referring > to the SpamCop Filtering Service would be more clear. Yet another layer of frustration, SC has seven, count them, 7 forums. How can anyone (any casual user) figure out which one is most appropriate for any given issue? Some of us are NOT interested in becoming geeks, we just want easy to use, effective services. In retrospect I can see how stupid I've been posting spamcop issues on the spamcop forum! I have got to go find some other answer, you guys really don't get it! From MikeE at ster.invalid Sun Dec 4 11:00:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Dec 4 14:05:03 2005 Subject: [SpamCop-List] Re: Spamcop Blacklist References: Message-ID: BMW wrote: > Larry Kilgallen wrote: >> If you had posted in spamcop.mail, the notion that you are referring >> to the SpamCop Filtering Service would be more clear. > > Yet another layer of frustration, SC has seven, count them, 7 forums. Actually news.spamcop.net has 10 ng/s - counting test, control, and control cancel > How can anyone (any casual user) figure out which one is most > appropriate for any given issue? That is a fair question and the answer is not handled well at SC at all -- I've been crabbing about that subject for a long time. There are several sources of answers. First of all, you can use your newsreader to acquire an nntp description of all of the groups. Without posting all of the descriptions here, I'll just point out that appropriate descriptions exist for geeks and social and all of the rest but one and also that the descriptions of the groups spamcop, mail, and help are as follows: spamcop: General SpamCop Discussion spamcop.help: Help with spam and using spamcop spamco