From nttp.sc.s at bigsleep.org Fri Jul 1 01:46:30 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 30 20:50:20 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506300357.1dNTVo6yc3Nl3oW0@strange.mail.mindspring.net> Message-ID: On 30 Jun 2005 Trish Roberts-Miller entered spamcop and left news:mailman.47.1120143425.169.spamcop-list@news.spamcop.net: > Fixed in 1.7.4, so upgrading will fix that. > -- > > You're a scholar and a gentleman. That's exactly the correct > description. Thanks! > > -- > Trish Roberts-Miller redball@mindspring.com > "I will put Chaos into fourteen lines" > You are welcome. Watch those little "sig delimiters" there, it's two dashes and a space, and it often makes everything grey below it, so you can snip that along with the sig. I think you can just remove the space too, which is what I did to the ones above. It's just a tip, because actually I almost didn't see your reply, my sig colors are so light I can hardly see sigs. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jul 1 01:54:57 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 30 20:55:03 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam References: <42C300D5.264E956C@SpamCop.net> Message-ID: On 30 Jun 2005 Porpoise entered spamcop and left news:da1b67$2sj$1@news.spamcop.net: > thereby enabling the webserver that served the image to log his IP > address and attach it to his email address Right, I thought I was being vaugely clear that they could insist that you signed up with an IP that they got from a tracking code. They have positive proof, you don't have any negative proof. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jul 1 03:06:55 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 30 22:10:03 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: On 30 Jun 2005 Mike Easter entered spamcop and left news:da18tg$1kt$1@news.spamcop.net: > You shouldn't be using spamcop as some kind of 'bludgeon' > in expressing a different point of view about being listwashed. I think this group, and/or the forum is a better place for that. I'm still not sure about HE myself. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jul 1 03:13:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 30 22:15:03 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506300357.1dNTVo6yc3Nl3oW0@strange.mail.mindspring.net> Message-ID: On 30 Jun 2005 Blammo entered spamcop and left news:Xns9685B4F46DBF7blammo@216.154.195.61: > Watch those little "sig delimiters" there, it's two dashes and a space Then again, maybe my fault for not adding a blank line there? It does start with a blank line and sometimes I type over that line, rather than adding another. -- | Ric | From bjtexas at hotmale.com Fri Jul 1 09:16:33 2005 From: bjtexas at hotmale.com (BJ) Date: Fri Jul 1 09:20:03 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam References: <42C300D5.264E956C@SpamCop.net> Message-ID: Porpoise wrote: || "BJ" wrote in message || news:da13sm$uat$1@news.spamcop.net... ||| Porpoise wrote: ||||| "Blammo" wrote in message ||||| news:Xns96855C7BED57blammo@216.154.195.61... |||||| On 29 Jun 2005 Miss Betsy entered spamcop and left |||||| news:d9vbl1$unh$1@news.spamcop.net: |||||| ||||||| What he did, apparently, was click on something ||||||| inadvertently, realize that he didn't want to be there, ||||||| and ||||||| did something to 'escape'. What is happening is that he ||||||| is ||||||| getting emails from that 'click' even though he didn't ||||||| complete registration. ||||||| |||||| |||||| He doesn't have to click anything, just loading the |||||| message |||||| so that it shows the image is enough. |||||| ||||| ||||| How would that get his email address? ||| ||| The picture is tagged to a specific message sent to a ||| specific ||| email address. || || || So what you're saying now, is that he didn't inadvertantly || click on something, but that he received an email with an || image in it that he || opened - thereby enabling the webserver that served the image || to log his IP address and attach it to his email address - || thereby verifying that his email address was "live"? || || Either I'm very confused, or that wasn't what you said first || time round - which I understood to be that he had || "inadvertantly clicked a link on a webpage" - which wouldn't || [AFAIK] have any way of possibly attaching that to an email || address (unless he actually sent an email during that || process). If his mail client is set to read in HTML then he wouldn't even have to click on the image. The action is reading the mail message would be enough. BJ -- http://www.clubvb.com/Spam/WhatIsSpam.htm From Kilgallen at SpamCop.net Fri Jul 1 10:43:53 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jul 1 10:45:03 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: In article , "Berny" writes: > Worthy Donees could be sue-spammers.org SC, and SPEWS Who is going to risk endorsing a check made out to SPEWS ? From no at spam.invalid Fri Jul 1 08:48:50 2005 From: no at spam.invalid (Michael Wise) Date: Fri Jul 1 10:50:03 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: In article , Blammo wrote: > > You shouldn't be using spamcop as some kind of 'bludgeon' > > in expressing a different point of view about being listwashed. > > I think this group, and/or the forum is a better place for that. > I'm still not sure about HE myself. HE is and has been a spam-tolerating hoster for years. Pretty much every mail server I admin _used_ to regularly get spam from their customers, and HE almost never even responds to LARTS...and certainly has never appropriately acted on one of the many I have sent them. Just use he.blackholes.us and be done with those morons. --Mike From no at spam.invalid Fri Jul 1 08:55:57 2005 From: no at spam.invalid (Michael Wise) Date: Fri Jul 1 11:00:02 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506281105.1dNhEa1743Nl3pw0@timothy.mail.atl.earthlink.net> Message-ID: In article , Trish Roberts-Miller wrote: > I'll save you folks the long story, as the short version is long and > complicated enough. For the second time, my laptop was stolen out of my > office (if you are associated with a college campus, this does not shock > you, although it probably amazes everyone else). It was my secondary > laptop, and they left the main and most important one (although they > stole all the peripherals necessary to make the laptop function well, > such as a powercord, etc.)... Why isn't your university's IT staff putting phone-home software on staff portables? --Mike From no at spam.invalid Fri Jul 1 09:01:19 2005 From: no at spam.invalid (Michael Wise) Date: Fri Jul 1 11:05:02 2005 Subject: [SpamCop-List] Re: Pump and Dump References: <200506290055.1dNuBp4Z03Nl3pK0@gideon.mail.atl.earthlink.net> Message-ID: In article , Trish Roberts-Miller wrote: >... > I had no network set up; it was the laptop I use for conferences and travel. > That's why it had only my email password. (Luckily.) It shouldn't be left easily used at all. If it's a Mac as well, you're IT dept. is being less than responsible if they do not ensure that all staff PowerBooks/iBooks are a) configured to require non-trivial passwords on boot-up b) have open firmware passwords set (to prevent password resets from an OS X install disk, and c) have phone-home software (such as LapCop) installed. --Mike From redball at mindspring.com Fri Jul 1 11:14:58 2005 From: redball at mindspring.com (Trish Roberts-Miller) Date: Fri Jul 1 11:20:21 2005 Subject: [SpamCop-List] Phone Home Software? (OT--was "pump and dump") In-Reply-To: <200507011100.1dOmZX2yk3Nl3qW0@watson.mail.atl.earthlink.net> References: <200507011100.1dOmZX2yk3Nl3qW0@watson.mail.atl.earthlink.net> Message-ID: <42C55DF2.8050504@mindspring.com> <>Date: Fri, 01 Jul 2005 07:55:57 -0700 From: Michael Wise Subject: [SpamCop-List] Re: Pump and Dump To: spamcop-list@news.spamcop.net Message-ID: In article , Why isn't your university's IT staff putting phone-home software on staff portables? --Mike ------------------------------ I don't know what that is. (Keep in mind--this is the place that still hasn't replaced glass windows on offices, although they've repeatedly had rashes of thefts where people simply broke the glass and cleaned out the offices. Since I'm well into rant-mode I'll mention that the campus police officer who took the report seriously suggested that I call the police every time I see a strange person in my hall--this in a classroom building on a campus of 50k students. The police and IT are fighting over the former's insistence that all computers be attached to tables with permanent cables--IT keeps trying to point out this makes the notion of a portable computer more than a little problematic.) -- Trish Roberts-Miller redball@mindspring.com http://www.cwrl.utexas.edu/~robertsmiller/homepage.html "though we could fool each other, we should consider-- lest the parade of our mutual life get lost in the dark." ("A Ritual to Read to Each Other" Wm. Stafford) From porpoise1954 at yahoo.co.uk Fri Jul 1 17:23:11 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Jul 1 11:25:03 2005 Subject: [SpamCop-List] Re: Phone Home Software? (OT--was "pump and dump") References: <200507011100.1dOmZX2yk3Nl3qW0@watson.mail.atl.earthlink.net> Message-ID: "Trish Roberts-Miller" wrote in message news:mailman.48.1120231221.169.spamcop-list@news.spamcop.net... ><>Date: Fri, 01 Jul 2005 07:55:57 -0700 > > (Keep in mind--this is the place that still hasn't replaced glass windows > on offices, although they've repeatedly had rashes of thefts where people > simply broke the glass and cleaned out the offices. Since I'm well into > rant-mode I'll mention that the campus police officer who took the report > seriously suggested that I call the police every time I see a strange > person in my hall--this in a classroom building on a campus of 50k > students. The police and IT are fighting over the former's insistence that > all computers be attached to tables with permanent cables--IT keeps trying > to point out this makes the notion of a portable computer more than a > little problematic.) Perhaps if they make the users who lost them paqy for them, they won't lose so many!!??!! I bet if they were their own, they wouldn't leave them laying around for people to walk off with........ From Kilgallen at SpamCop.net Fri Jul 1 14:00:35 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jul 1 14:05:03 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: In article , David Dean writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) wrote: > >> Who is going to risk endorsing a check made out to SPEWS ? > > You don't have to endorse with a signature, you can simply write "for > deposit only." Thus claiming that the account holder is rightfully SPEWS. From nobody at spamcop.net Fri Jul 1 19:19:52 2005 From: nobody at spamcop.net (StampOutSpam) Date: Fri Jul 1 14:25:02 2005 Subject: [SpamCop-List] Spammer phishing stupidity Message-ID: There was a bank phisher today that sent multiple copies of the same spam with the usual spammy mistakes in the message text. After reporting it, I entered some information, but when I tried to submit the form... JavaScript: "The card number is not valid." The spammer had disallowed the use of "0" in the credit card input field. That will keep a lot of people from being phished. From Kilgallen at SpamCop.net Fri Jul 1 15:16:41 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jul 1 15:20:03 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: In article , David Dean writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) wrote: > >> Thus claiming that the account holder is rightfully SPEWS. > > You don't have to specify what the account number is, and the bank is > not under any obligation to reveal it. But their processing systems typically stamp it on the back of the check. From no at spam.invalid Fri Jul 1 15:29:17 2005 From: no at spam.invalid (Michael Wise) Date: Fri Jul 1 17:30:04 2005 Subject: [SpamCop-List] Re: Phone Home Software? (OT--was "pump and dump") References: <200507011100.1dOmZX2yk3Nl3qW0@watson.mail.atl.earthlink.net> Message-ID: In article , Trish Roberts-Miller wrote: > In article , > > > Why isn't your university's IT staff putting phone-home software on > staff portables? > > --Mike > ------------------------------ > > I don't know what that is. Its software that sends out stealth emails to an admin/user-defined address whenever a computer's network environment has changed. These emails will usually contain the serial number, MAC address, and other identifying characteristics of the computer as well as the current IP address the computer is at or NAT'd behind. Armed with this info, it isn't very difficult to track down a stolen computer...should the thief be dumb enough to connect it to the Internet w/o reformatting the hard drive first (most thieves are that dumb when it comes to such things). The software I use for this on my and my clients' Macs, LapCop (http://homepage.mac.com/sweetcocoa/lapcop/), is $25...but educational pricing is only $4. > (Keep in mind--this is the place that still hasn't replaced glass > windows on offices, although they've repeatedly had rashes of thefts > where people simply broke the glass and cleaned out the offices. Since > I'm well into rant-mode I'll mention that the campus police officer who > took the report seriously suggested that I call the police every time I > see a strange person in my hall--this in a classroom building on a > campus of 50k students. The police and IT are fighting over the former's > insistence that all computers be attached to tables with permanent > cables--IT keeps trying to point out this makes the notion of a portable > computer more than a little problematic.) Perhaps your IT department hasn't heard that there are cable locking systems for laptops...and have been pretty much since laptops existed. For example, see: http://www.kensington.com/html/1434.html I've seen a guy, Charles Soto, on the Mac Manager's mail list whose sig says he's the IT director for UT (Austin campus). Perhaps you should look him up and ask him about implementing these solutions for you. --Mike --Mike From anon at coks.net Fri Jul 1 15:50:29 2005 From: anon at coks.net (J G) Date: Fri Jul 1 17:50:02 2005 Subject: [SpamCop-List] misdirection bounces from SC? Message-ID: Guy named Aubrey @ comfluent sent me a msg and I parsed it - http://www.spamcop.net/sc?id=z780980255z289e997965034bd6cadda394f583d16fz As I posted and whined a couple days ago, someone is using (forging) my email addy in the from field, causing misdirection bounces. Since then, I've been reporting them with notes to the effect that they are misdirected. Here, looks like got one from SC itself, which I dutifully reported (ID in Aubrey's msg)- this sound correct? (I don't know who comfluent is...) And if so, is Aubrey having a problem due to my munging my iD as a reporter *AND/OR* in the munging process, doe the sys mung the /false/ From: field (me) as well in the munging process? Hope that can make sense to someone... From MikeE at ster.invalid Fri Jul 1 16:12:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jul 1 18:15:04 2005 Subject: [SpamCop-List] Re: misdirection bounces from SC? References: Message-ID: J G wrote: > Guy named Aubrey @ comfluent sent me a msg and I parsed it - www.spamcop.net/sc?id=z780980255z289e997965034bd6cadda394f583d16fz The tracker is a good way to show us the response to the SC report, but when you submit something to the parser for demonstration purposes, you should cancel the report. The tracker was 'live' and reportable when I got to it, so I cancelled it. > As I posted and whined a couple days ago, someone is using (forging) > my email addy in the from field, causing misdirection bounces. > Since then, I've been reporting them with notes to the effect that > they are misdirected. You are correct, they are SC reportable. > Here, looks like got one from SC itself, which I dutifully reported > (ID in Aubrey's msg)- this sound correct? (I don't know who comfluent > is...) This was a response to the report 1458265444 -- since that was your report you are able to actually retrieve the report for the misdirected bounce which caused that report. We who aren't you aren't able to derive the original spam from the report. You the reporter can. But, it is pretty clear from the body of the response to the report that Aubrey is confirming or asserting that they routinely misdirect bounce to bogus Froms, altho' not in so many words. > And if so, is Aubrey having a problem due to my munging my iD as a > reporter *AND/OR* in the munging process, doe the sys mung the /false/ > From: field (me) > as well in the munging process? No; Aubrey is claiming that they /should/ be performing misdirected bounces. If you were going to engage in further dialog with Aubrey, you could start by pointing her^1 to the SC faq about misdirected bounces at http://www.spamcop.net/fom-serve/cache/329.html#bounces Problem: Misdirected bounces > Hope that can make sense to someone... ^1 her vs hir -- I started to use the gender neutral pronous 'hir' as I didn't know if Aubrey was male or female - in the US there are about 23000 men named Aubrey and about 9000 women -- but the response was from Aubrey Ellen Shomo, so I'm going with her, not hir. -- Mike Easter kibitzer, not SC admin From none.of at your.biz Fri Jul 1 16:16:36 2005 From: none.of at your.biz (R. Asby Dragon) Date: Fri Jul 1 18:20:03 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam In-Reply-To: References: <42C300D5.264E956C@SpamCop.net> Message-ID: Robert Blair wrote: > On Wed, 29 Jun 2005 23:48:31 UTC, "Miss Betsy" > wrote: > > >>What he did, apparently, was click on something inadvertently, >>realize that he didn't want to be there, and did something to >>'escape'. What is happening is that he is getting emails from that >>'click' even though he didn't complete registration. > > > An inadvertent click is not a subscribe unless you also entered your > email address before you clicked. > > > >>My advice is to unsubscribe. Mainsleaze usually honors >>unsubscribes in 30 days. It's not really ethical, but it really >>isn't completely unsolicited either. > > > If you did not subscribe do not unsubscribe. > > > I have received many of what appears to be mainsleaze spam but have > not looked at them to track down if they are really mainsleaze (none > came from recognized sources so did not qualify to be "can spam" > complaint) or just a normal spammer trying to look legitimate. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ That's my take on much of the spam with "visible" company names. You have to read closely ; but often times there's disclaimer that they are coupons or time limited gift certificates with restrictions. I got a large number with $250 Starbucks stuff; called Starbucks (I'm local to the HQ); and then forwarded same with the WHOIS of the perps. Spam ceased .. including same spammer's offers for other "stuff". Spammer's URL and mailserver died as well. YMMV. From captain.sisko at deep.space.nine Fri Jul 1 19:20:09 2005 From: captain.sisko at deep.space.nine (Dwayne Conyers) Date: Fri Jul 1 18:25:02 2005 Subject: [SpamCop-List] Re: Spammer phishing stupidity In-Reply-To: References: Message-ID: StampOutSpam [mailto:nobody@spamcop.net] stamped out: > There was a bank phisher today that sent multiple > copies of the same spam with the usual spammy > mistakes in the message text. After reporting it, > I entered some information, but when I tried to > submit the form... > > JavaScript: "The card number is not valid." > > The spammer had disallowed the use of "0" in the > credit card input field. That will keep a lot > of people from being phished. I would say 30 days in the electric chair for those idiots... ____ The Runaway Bride... http://www.cafepress.com/dwacon/601709 From nttp.sc.s at bigsleep.org Sat Jul 2 00:47:09 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jul 1 19:50:02 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: On 01 Jul 2005 Michael Wise entered spamcop and left news:no- DB5D34.07484901072005@news.cesmail.net: > HE is and has been a spam-tolerating hoster for years. Pretty much every > mail server I admin _used_ to regularly get spam from their customers, > and HE almost never even responds to LARTS...and certainly has never > appropriately acted on one of the many I have sent them. > I have seen other regulars here say that they DO act on LARTS. So here I have conflicting statements, and actually very little spam from HE. In my view they seem insignificant compared to, say, thePlanet. -- | Ric | From nttp.sc.s at bigsleep.org Sat Jul 2 00:53:10 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jul 1 19:55:03 2005 Subject: [SpamCop-List] Re: Spammer phishing stupidity References: Message-ID: On 01 Jul 2005 StampOutSpam entered spamcop and left news:opss8yjebtyhmg4h@powermac.local: > The spammer had disallowed the use of "0" in the credit card input > field. That will keep a lot of people from being phished. > Maybe they're reading this and they'll fix that. -- | Ric | From nobody at devnull.spamcop.net Fri Jul 1 20:19:26 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Jul 1 20:15:02 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam References: <42C300D5.264E956C@SpamCop.net> Message-ID: > I got a large number with $250 Starbucks stuff; called Starbucks (I'm > local to the HQ); and then forwarded same with the WHOIS of the perps. > > Spam ceased .. including same spammer's offers for other "stuff". > Spammer's URL and mailserver died as well. Tried that with Procter & Gamble - still getting the spam for Pampers. Miss Betsy From Vangu at rd.invalid Fri Jul 1 22:58:19 2005 From: Vangu at rd.invalid (Vanguard) Date: Fri Jul 1 23:00:02 2005 Subject: [SpamCop-List] Re: misdirection bounces from SC? References: Message-ID: "Mike Easter" wrote in message news:da4f40$t01$1@news.spamcop.net... > ^1 her vs hir -- I started to use the gender neutral pronous 'hir' as > I > didn't know if Aubrey was male or female - in the US there are about > 23000 men named Aubrey and about 9000 women -- but the response was > from > Aubrey Ellen Shomo, so I'm going with her, not hir. I thought "they" was considered the genderless pronoun. Although at one time it was meant to pluralize a group, it has come to also mean one entity without gender. See: Usage Note at http://dictionary.reference.com/search?q=they http://www.editorscanberra.org/they.htm http://www.randomhouse.com/wotd/index.pperl?date=19980501 I've been slipping in "they" or "them" instead of "he", "she", "him", "her", "his or her", "his/her", and other clumsy strings for about 20 years and don't recall anyone not understanding its use. I remember back in college, and because of the upswell in the feminist movement at the time, that we were perplexed as what to use that was elegant but genderless (see second to last paragraph in the Random House article as to why we got stuck). From no at spam.invalid Fri Jul 1 22:02:09 2005 From: no at spam.invalid (Michael Wise) Date: Sat Jul 2 00:05:02 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: In article , Blammo wrote: > > HE is and has been a spam-tolerating hoster for years. Pretty much every > > mail server I admin _used_ to regularly get spam from their customers, > > and HE almost never even responds to LARTS...and certainly has never > > appropriately acted on one of the many I have sent them. > > > > I have seen other regulars here say that they DO act on LARTS. So here I > have conflicting statements, and actually very little spam from HE. In my > view they seem insignificant compared to, say, thePlanet. Compared to theplanet, they may be. However, please take into consideration that the sc newsgroups shouldn't be considered anything more than an augmentation resource when it comes to an understanding of overall spam trends and anti-spam dialog. Likewise, commentary from regulars to sc ng's is great, but still, an augmentation resource should be taken with a grain of salt. Although some, such as Mr. Easter, are frequenters at other resources, most are not. I'm not trying to denigrate or promote any source in particular...just point out that sc ng commentary is maybe 20-30% at best of basis to formulate an opinion on. But back to HE. I wouldn't exactly say they are black hat...but they are far from white hat. At present, I'm managing 12 mail servers with about 8,000 total accounts for clients as well as myself...and HE crops up quite frequently. The last spam run I witnessed from HE net space was two days ago. It was LART'd...and like so many LARTS to HE before it...was not even acknowledged by their abuse people. It has been my experience that HE responds to complaints rarely...and acts on them even more rarely. However, my comments shouldn't be accepted at face value and not as gospel. Please feel free to see for yourself. Also, Matthew Evans didn't create a special dnsbl for HE (he.blackholes.us) for no reason. --Mike From nttp.sc.s at bigsleep.org Sat Jul 2 06:25:26 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jul 2 01:30:04 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: On 01 Jul 2005 Michael Wise entered spamcop and left news:no- 430212.21020901072005@news.cesmail.net: > However, please take into > consideration that the sc newsgroups shouldn't be considered anything > more than an augmentation resource when it comes to an understanding of > overall spam trends and anti-spam dialog. Good point. > However, my comments shouldn't be accepted at face value and not as > gospel. Please feel free to see for yourself. Of course, I appreciate your input. I do have several mail servers to collect spam stats from, but of course it nowhere near "global". > Also, Matthew Evans didn't > create a special dnsbl for HE (he.blackholes.us) for no reason. > I don't pay that any credit based on his reasoning for verio.blackholes.us. Besides, I expect that he.blackholes.us will block Outblaze as well, and I have my doubts as to it's accuracy. I think doing my own research will give me a better blacklist. both Spamcop and Senderbase are helpful for network blocking info. -- | Ric | From nobody at spamcop.net Sat Jul 2 18:26:30 2005 From: nobody at spamcop.net (Aaron Lawrence) Date: Sat Jul 2 01:30:07 2005 Subject: [SpamCop-List] submit to blacklist without sending any email Message-ID: In the case where spamcop is going to send reports to the spammer, rather than the lengthy and often ignored case of asking for an override, i would prefer to submit the spam for the blacklist without sending any emails. Is that possible? It seems not, because spamcop accepts it but keeps the spam as unreported. -- aaronl at consultant dot com For every expert, there is an equal and opposite expert. - Arthur C. Clarke From SCNews.5.myspamgobbler at spamgourmet.com Fri Jul 1 23:31:37 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sat Jul 2 01:35:02 2005 Subject: [SpamCop-List] Re: misdirection bounces from SC? In-Reply-To: References: Message-ID: Vanguard wrote: > "Mike Easter" wrote in message > news:da4f40$t01$1@news.spamcop.net... > >> ^1 her vs hir -- I started to use the gender neutral pronous 'hir' as I >> didn't know if Aubrey was male or female - in the US there are about >> 23000 men named Aubrey and about 9000 women -- but the response was from >> Aubrey Ellen Shomo, so I'm going with her, not hir. > > > > I thought "they" was considered the genderless pronoun. Although at one > time it was meant to pluralize a group, it has come to also mean one > entity without gender. See: > > Usage Note at http://dictionary.reference.com/search?q=they > http://www.editorscanberra.org/they.htm > http://www.randomhouse.com/wotd/index.pperl?date=19980501 > > I've been slipping in "they" or "them" instead of "he", "she", "him", > "her", "his or her", "his/her", and other clumsy strings for about 20 > years and don't recall anyone not understanding its use. I remember > back in college, and because of the upswell in the feminist movement at > the time, that we were perplexed as what to use that was elegant but > genderless (see second to last paragraph in the Random House article as > to why we got stuck). I've also used they and them in the same manner very often. Maybe it stems from being involved in the women's liberation movement, though I was actively trying to make it a people's liberation movement. Men need(ed) liberation just as much, if not more so, as women. As for the middle name of Ellen, I have seen a few families that used a feminine middle name for the males. In the main scheme of things, what does it matter what gender someone is? Labels just have a tendency to separate us from each other. From MikeE at ster.invalid Fri Jul 1 23:41:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 01:45:03 2005 Subject: [SpamCop-List] Re: misdirection bounces from SC? References: Message-ID: Vanguard wrote: > "Mike Easter" >> ^1 her vs hir -- I started to use the gender neutral pronous 'hir' as >> I didn't know if Aubrey was male or female > I thought "they" was considered the genderless pronoun. Although at > one time it was meant to pluralize a group, it has come to also mean > one entity without gender. The gender neutral plural pronouns they and them are certainly used more frequently than the various 'awkward' choices or neologisms for the missing singular gender neutrals. To me, they and them sound plural, and don't seem to me to serve us well all of the time; consider this very application. When I was talking about Aubrey's system or servers, I actually used 'they' more than once. But when I shifted to discussing a conversation directly with Aubrey as a dialog, there needed to be a singular pronoun. Here's the context: "If you were going to engage in further dialog with Aubrey, you could start by pointing her^1 to the SC faq about misdirected bounces at ..." So, the usage of 'them' the plural in lieu of a singular pronoun would say "If you were going to engage in further dialog with Aubrey, you could start by pointing them to the SC faq about misdirected bounces at..." Seems kinda strange to me; but then 'pointing hir to the SC faq' probably seems strange to others. > because of the upswell in the feminist movement > at the time, I disagree with some of the 'manipulation' some feminist new-worders have tried to make on language to try to 'neutralize' words with 'er' or 'man' on them. Fortunately, modern women who are occupying a job with 'er' on it don't have any trouble being called an officer or an infantryman or a fireman, and actresses can proudly consider themselves screenactors as well. Since you cited some references supporting one point of view, I'll cite one that argues against using the plural pronouns in place of a gender neutral singular one. http://www.aetherlumina.com/gnp/ Gender Neutral Pronoun FAQ - 3.6. Why not just use "one", "they", "he/she", "it", "his or her"? ...and in that par cites such problems as we encountered with my example above "When Dr. Xia comes they will speak on the topic of blah blah" "If you see Aubrey, tell them that I need to get in touch with them." ... but the author of the faq sez that he uses them & they sometimes when appropriate. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jul 2 00:02:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 02:05:02 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: Aaron Lawrence wrote: > In the case where spamcop is going to send reports to the spammer, > rather than the lengthy and often ignored case of asking for an > override, i would prefer to submit the spam for the blacklist without > sending any emails. > > Is that possible? It seems not, because spamcop accepts it but keeps > the spam as unreported. No, I think that if you uncheck the source report, the source goes unreported and uncounted. I would like to see some changes in the spamvertiser URL handling, but I think that expecting the same kind of changes I would like for spamvertisers would be 'going too far' in the case of spamsource. I think SC's concept is that if a provider hasn't specifically requested to not be notified as a source, or if SC's system hasn't 'concluded' that the only notifies should be dev/nulled, that all source providers should be notified, except those hitting SC spamtraps. SC spamtraps get the treatment you want, but SC reporters don't get that option. I think that a reporter should be able to opt to report all spamvertisers to a devnull address without resolving the URL. In that way SC resources for resolving URLs, which are apparently in short supply, wouldn't be wasted just to get the URL to the statistics page -- which is of considerably less consequence than getting listed on the SCbl. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Jul 2 11:29:56 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jul 2 02:30:03 2005 Subject: [SpamCop-List] MCI pimping too now? Message-ID: In it's ever expanding search for new ventures to generate cash, MCI now offers sexual services: http://www.gjb.stellarfornow.com/wmld/fbs/ host www.gjb.stellarfornow.com (checking ip) = 63.105.204.171 host 63.105.204.171 (getting name) no name Tracking link: http://www.gjb.stellarfornow.com/wmld/fbs/ No recent reports, no history available Resolves to 63.105.204.171 Routing details for 63.105.204.171 Report routing for 63.105.204.171: abuse@mci.com http://leaveforwhat.net host leaveforwhat.net (checking ip) = 63.105.204.165 host 63.105.204.165 (getting name) no name http://leaveforwhat.net/index2.php Tracking link: http://leaveforwhat.net [report history] Resolves to 63.105.204.165 Routing details for 63.105.204.165 Report routing for 63.105.204.165: abuse@mci.com From nttp.sc.s at bigsleep.org Sat Jul 2 08:17:05 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jul 2 03:20:02 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: On 01 Jul 2005 Mike Easter entered spamcop and left news:da5amu$cep$1@news.spamcop.net: > SC spamtraps get the treatment you want, but SC reporters don't get > that option. > You just get a second account for mole reporting, wouldn't that satisfy that option? -- | Ric | From MikeE at ster.invalid Sat Jul 2 01:22:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 03:25:03 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: Blammo wrote: > You just get a second account for mole reporting, wouldn't that > satisfy that option? Aaron wants to be able to 'report' or rather spamsubmit and have his submission count toward the SCbl without notifying the source provider. A nonnotifying SC report. The result would be similar to those for which SC derived notifies have been determined to be nonfunctional and SC has turned them into dev/nulls. Mole reporting won't count toward the SCbl. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Sat Jul 2 08:28:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jul 2 03:30:03 2005 Subject: [SpamCop-List] Re: MCI pimping too now? References: Message-ID: On 01 Jul 2005 Berny entered spamcop and left news:da5c95$d7j$1@news.spamcop.net: > In it's ever expanding search for new ventures to generate cash, MCI now > offers sexual services: > I don't understand why this UUNet space is using mci for a contact, I'm sure there's a reason (what do I know?)... UUNET Technologies, Inc. 63.64.0.0/10 OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-mail@mci.com Senderbase says: Elimnet Co. LTD. (KR) 63.105.192.0/20 -- | Ric | From nttp.sc.s at bigsleep.org Sat Jul 2 08:37:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jul 2 03:40:03 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: On 02 Jul 2005 Mike Easter entered spamcop and left news:da5fc0$f6i$1@news.spamcop.net: > Mole reporting won't count toward the SCbl. > I think this has been discussed before, but you are saying that "registering reports in SpamCop's database" won't effect the blocking list in any way? That doesn't make any sense to me, what use is the database otherwise? Refering to: http://members.spamcop.net/fom-serve/cache/373.html Is this information perhaps used by Senderbase and other block lists? -- | Ric | From MikeE at ster.invalid Sat Jul 2 02:13:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 04:15:03 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: Blammo wrote: > Mike Easter >> Mole reporting won't count toward the SCbl. >> > > I think this has been discussed before, but you are saying that > "registering reports in SpamCop's database" won't effect the blocking > list in any way? That doesn't make any sense to me, what use is the > database otherwise? There's something Ellen sed down below. > Refering to: http://members.spamcop.net/fom-serve/cache/373.html http://spamcop.net/fom-serve/cache/373.html 373 is not well written in terms of clarifying that mole reports only count in the aggregate and don't contribute to the SCbl. > Is this information perhaps used by Senderbase and other block lists? Here's what WazoO sez that Ellen sez at http://forum.spamcop.net/forums/index.php?showtopic=2030 #3 Yes, mole reporting exists. No, they don't count towards the blocklist. Yes, we look at the mole reports when we are evaluating a specific IP or IP range or working on an issue. No, we never send mole report headers to an ISP/hosting company/etc. We do appreciate the fact that people continue to report as moles. ISPs can sign up for summary reports -- daily or hourly -- and many have signed up. The summary reports are just that -- lists of IPs and counts of spams -- and if looked at or scripted by an ISP/hosting company they do indicate where there are problems or emerging issues. /Ellen -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Sat Jul 2 09:28:59 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jul 2 04:30:02 2005 Subject: [SpamCop-List] Re: submit to blacklist without sending any email References: Message-ID: On 02 Jul 2005 Mike Easter entered spamcop and left news:da5ias$gsd$1@news.spamcop.net: >> Refering to: http://members.spamcop.net/fom-serve/cache/373.html > > http://spamcop.net/fom-serve/cache/373.html > > oops! Thanks. -- | Ric | From nobody at nowhere.invalid Sat Jul 2 11:45:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jul 2 04:50:30 2005 Subject: [SpamCop-List] Re: MCI pimping too now? References: Message-ID: On Sat, 2 Jul 2005 07:28:14 +0000 (UTC), Blammo coughed into spamcop and left this in : > I don't understand why this UUNet space is using mci for a contact, I'm > sure there's a reason (what do I know?)... It seems to be common practice with MCI/ScrewYouNet/WorldScum. Blocks SWIP'ed to clients still have MCI's abuse contact in the whois information. -- Steve I haven't lost my mind; I know exactly where I left it. From redford_stone at INVERSE_OF_COLDmail.com Sat Jul 2 15:23:29 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sat Jul 2 10:25:03 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: "John Marion" wrote in news:da1961$1pg$1 @news.spamcop.net: > Thank you Mike > > And that is indeed a valuable lesson. :-) Next time just bit-bucket it.. or if you are adventureous, respond. :-) From no at spam.invalid Sat Jul 2 08:43:03 2005 From: no at spam.invalid (Michael Wise) Date: Sat Jul 2 10:45:02 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: In article , Blammo wrote: > ... > > Also, Matthew Evans didn't > > create a special dnsbl for HE (he.blackholes.us) for no reason. > > > > I don't pay that any credit based on his reasoning for verio.blackholes.us. Verio has a well established (and well deserved) rep as as a spam sewer who ignores spam complaints. They have only themselves to blame for the existance of such a list. To be fair, after years of such incompetence and utter disregard for being a good netizen, they have cleaned their act up considerably. > Besides, I expect that he.blackholes.us will block Outblaze as well,... I don't get the connection? Do you have reason to believe Outblaze uses HE net space? >...and I have my doubts as to it's accuracy. Matthew does and always has made is zone data available for public viewing, so people are free to verify the accuracy of it. See: http://www.blackholes.us/zones/isp/he.txt > I think doing my own research will give me a better blacklist. both Spamcop > and Senderbase are helpful for network blocking info. Individual research and tailoring one's blacklists and other anti-spam methods to best suit their own situations is always best. SC, Spamhaus, blackholes.us, NANAE, the sc ng hierarchy, Spam-L, et al make great data points to take into consideration though. --Mike From windsorfoxNOSPAM at cox.net Sat Jul 2 14:23:45 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sat Jul 2 14:25:03 2005 Subject: [SpamCop-List] ALGX and XO Message-ID: I am recieving insessant, constant garbage from ultimate free laptops .com. I Did the unsubscribe for 2 weeks and they still come. Now, Spamcop reports them to abuse@algx.com , but it seems like it should goto abuse@xo.com ?? These people are glib and could not care less if you paid them to. From Kilgallen at SpamCop.net Sat Jul 2 14:37:46 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Jul 2 14:40:02 2005 Subject: [SpamCop-List] Re: ALGX and XO References: Message-ID: In article , "WindsorFox[SS]" writes: > I am recieving insessant, constant garbage from ultimate free > laptops .com. I Did the unsubscribe for 2 weeks and they still come. NEVER unsubscribe from something to which you did not subscribe. There is no reason to believe that someone so unethical as to subscribe you without permission would behave honorably with regard to unsubscription. No major provider suggests its customer should reply to spammers but many advise against it. http://www.spamhaus.org/removelists.html From pxpearson at spamxcop.net Sat Jul 2 15:40:41 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Sat Jul 2 17:50:06 2005 Subject: [SpamCop-List] Using IMAP for more flexible filtering Message-ID: I'm thinking of writing a Python program to create an IMAP connection to Spamcop and move the really blatant spam from my held-mail folder into my spam-for-sure folder. If anybody has advice or instructive insults, please tell. Motivation: I scan my held-mail folder for false positives, which while rare are frequent and important enough that I must. The chance I'll overlook a false positive is increased by the large number of obvious-spam messages, so I'd like to move the obvious-spam messages into my spam-for-sure folder, which I think would be easy with processing slightly more sophisticated than that allowed by Spamcop's filters. I could just pull all the messages to my computer and filter there, but then I lose the great convenience of reporting the whole bunch with three mouse clicks (select all, report as spam, OK). Does this sound reasonable? -- Peter Remove the two x's to get a good email address. From noone at nowhere.com Sat Jul 2 19:31:30 2005 From: noone at nowhere.com (Bob Itguy) Date: Sat Jul 2 18:35:03 2005 Subject: [SpamCop-List] SC still can't parse these links, needs updated Message-ID: http://www.spamcop.net/sc?id=z781341014z2b8c43c6aa34cf8458f6b0aa49d1eb52z From MikeE at ster.invalid Sat Jul 2 16:33:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 18:35:05 2005 Subject: [SpamCop-List] Re: Using IMAP for more flexible filtering References: Message-ID: Peter Pearson wrote: > Motivation: I scan my held-mail folder for false positives, > which while rare are frequent and important enough that I > must. What is your analysis of what causes those false positives? Say for your last 10 false positives, why were they positive? It would be very very good if you didn't have to dig thru' a big pile of spam to find the occasional false positive. You would be better off with a little bit of leak in the filter for a few missed spam than an occasional false positive -- if you could trade that off somehow. A little bit loose is more efficient than a little too tight. That spam pile is ugly. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jul 2 16:55:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 18:55:03 2005 Subject: [SpamCop-List] Re: SC still can't parse these links, needs updated References: Message-ID: Bob Itguy wrote: www.spamcop.net/sc?id=z781341014z2b8c43c6aa34cf8458f6b0aa49d1eb52z The gig there is a graphic that shows a pharm promo and a link which is 'broken' with a space so SC can't deobfuscate. http://fnkwhwg.com. .cjsa96ckds97w2r8n1u.saveonpillz.info/#ycesfzxprn%2Eorg The browser or a GET function will convert that to http://fnkwhwg.com.cjsa96ckds97w2r8n1u.saveonpillz.info/#ycesfzxprn%2Eorg which does a frame thing to get to http://fnkwhwg.com.cjsa96ckds97w2r8n1u.saveonpillz.info/ES001/?affiliate_id=233670&campaign_id=21005 which is where the payload is. SC can parse it if there isn't a dot space dot, and determine the IP as 221.7.209.72 which is .cn - CNC Guangxi which is spamhaused for the ROKSO Leo Kuvayev / BadCow. -- which spamhause refers to as 'bulletproof spamhosting'. http://www.spamhaus.org/SBL/sbl.lasso?query=SBL28376 Maybe you wish SC could do the notify, but you actually aren't missing much or anything by it failing the deobfuscation step. The notify would be falling on deaf ears. The only benefit there would have been to deobfuscating it would be to publish the URL on the stats page for sc-surbl to scrape for its db. If SC had deobfuscated, its notify for that IP is a devnull Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jul 2 17:10:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jul 2 19:15:03 2005 Subject: [SpamCop-List] Re: SC still can't parse these links, needs updated References: Message-ID: Mike Easter wrote: > The only benefit there would have > been to deobfuscating it would be to publish the URL on the stats > page for sc-surbl to scrape for its db. Which brings up a different but related question. If SC deobfuscates a URL for the statistics page, how does it publish the URL, in the original form? Or in the deobfuscated form? And, if a person is using the sc-surbl or spamcopURI to filter -- how does that work for broken URLs? I'm not clear on this. Does the filter filter on the obfuscated string? It would see that it would have to. I think the SpamPal URL body plugin converts the URL to an IP and runs that IP against the chosen DNSBLs. -- Mike Easter kibitzer, not SC admin From notformail0405 at comcast.net Sat Jul 2 22:18:21 2005 From: notformail0405 at comcast.net (Gunter Herrmann) Date: Sat Jul 2 21:20:02 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) In-Reply-To: References: Message-ID: Hi! Larry Kilgallen wrote: > Who is going to risk endorsing a check made out to SPEWS ? Sergei ''Chip'' Didorenko from Irkutsk, the admin-c and tech-c for SPEWS? brgds -- Gunter Herrmann Naples, Florida, USA From devnull at spamcop.net Sun Jul 3 00:58:53 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Jul 3 00:05:03 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: "Blammo" wrote in message news:Xns9686AAE4816C4blammo@216.154.195.61... | On 01 Jul 2005 Michael Wise entered spamcop and left news:no- | DB5D34.07484901072005@news.cesmail.net: | | > HE is and has been a spam-tolerating hoster for years. Pretty much every | > mail server I admin _used_ to regularly get spam from their customers, | > and HE almost never even responds to LARTS...and certainly has never | > appropriately acted on one of the many I have sent them. | > | | I have seen other regulars here say that they DO act on LARTS. So here I | have conflicting statements, and actually very little spam from HE. In my | view they seem insignificant compared to, say, thePlanet. | This is part of a begging response from the spammer in response to a hammer note from admin @ he.net From: abuse@he.net [mailto:abuse@he.net] Sent: Thursday, June 30, 2005 7:24 PM To: netops Subject: [HE_ABUSE#970275] Complaints regarding ce0830 You have received the following complaint regarding ce0830. You MUST respond directly to the complaintants within 48 hours, and respond to this email letting us know that every ones concerns have been addressed. From devnull at spamcop.net Sun Jul 3 01:00:53 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Jul 3 00:05:09 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: "David Dean" | > But their processing systems typically stamp it on the back of the check. | | This didn't happen at the bank I worked for, but may be true for some | banks. | These days they don't even send the cancled check to the bank. From agent01413 at my-deja.com Sun Jul 3 07:32:57 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Sun Jul 3 02:35:04 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: "Frog Prince" wrote in news:da7nvh$j0t$2 @news.spamcop.net: > > "David Dean" > >| > But their processing systems typically stamp it on the back of the > check. >| >| This didn't happen at the bank I worked for, but may be true for some >| banks. >| > These days they don't even send the cancled check to the bank. > > the info is easily subpoenaed -- Be careful about reading health books. You may die of a misprint. ~Mark Twain From nobody at nowhere.invalid Sun Jul 3 13:20:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Jul 3 06:25:14 2005 Subject: [SpamCop-List] Re: The Anti-Spam Litigation Shop (Wired News) References: Message-ID: On Sun, 3 Jul 2005 06:32:57 +0000 (UTC), Socks the Whitehouse Cat coughed into spamcop and left this in : > the info is easily subpoenaed >From Russia? -- Steve Recorded message on an answerphone: "This is not an answering machine, this is a telepathic thought-recording device. After the tone, think about your name, your number, and your reason for calling.... and I'll think about returning your call." From anon at coks.net Sun Jul 3 12:48:32 2005 From: anon at coks.net (J G) Date: Sun Jul 3 14:50:03 2005 Subject: [SpamCop-List] Mail Admin Reply... Message-ID: http://www.spamcop.net/sc?id=z781639333z0cb4ca8a5a8832a64cdc77c79a0458eaz http://www.spamcop.net/sc?id=z781640398z98d59d4eafa4683ac3ac9678662678a0z SC can't parse these, probably due to bad headers if they are anything like the others I've received.. This was an attempt to report the redirection bounce. The 1st one was rejected by my ISP with the msg. This IP is blocked for relay by Administrator The 2nd seems to block my own address (?) I requested clarification from Cox on that, but this is all giving me a headache. What can I infer from this? From nobody at devnull.spamcop.net Sun Jul 3 15:17:53 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jul 3 15:20:02 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... References: Message-ID: "J G" wrote in message news:da9bra$d0d$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z781639333z0cb4ca8a5a8832a64cdc77c79a0458eaz > http://www.spamcop.net/sc?id=z781640398z98d59d4eafa4683ac3ac9678662678a0z > > SC can't parse these, probably due to bad headers if they are anything > like the others I've received.. I don't see a "valid" header in any of that stuff. Noting your penchant for the "/*" to indicate a quote, the 'easy (could be wrong)' guess is that you are "building" your own submittal by doing a cut/paste, perhaps into some text processor ..?? Then forwarding all this new construct "in-line" ... The lack of header data at the top could be because (you suggest) that this traffic was all internal to Cox, but the SpamCop parser simply sees that the header is incomplete, and the construct of the "included" spam is seen as not much more than "more text" ...???? The one header section that looks like it comes close to complete has white-space / new-line issues ... the stuff at the top has no 'real' "handling" data included (no IP addresses,. no hand-offs, etc ..) From anon at coks.net Sun Jul 3 13:44:19 2005 From: anon at coks.net (J G) Date: Sun Jul 3 15:45:03 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... In-Reply-To: References: Message-ID: On 7/3/2005 12:17 PM WazoO scribbled: > "J G" wrote in message news:da9bra$d0d$1@news.spamcop.net... > >>http://www.spamcop.net/sc?id=z781639333z0cb4ca8a5a8832a64cdc77c79a0458eaz >>http://www.spamcop.net/sc?id=z781640398z98d59d4eafa4683ac3ac9678662678a0z >> >>SC can't parse these, probably due to bad headers if they are anything >>like the others I've received.. > > > I don't see a "valid" header in any of that stuff. Noting your > penchant for the "/*" to indicate a quote, the 'easy (could be > wrong)' guess is that you are "building" your own submittal > by doing a cut/paste, perhaps into some text processor ..?? > Then forwarding all this new construct "in-line" ... The lack > of header data at the top could be because (you suggest) > that this traffic was all internal to Cox, but the SpamCop > parser simply sees that the header is incomplete, and the > construct of the "included" spam is seen as not much more > than "more text" ...???? > > The one header section that looks like it comes close to > complete has white-space / new-line issues ... the stuff > at the top has no 'real' "handling" data included (no IP > addresses,. no hand-offs, etc ..) > > You could have a point about my added note. For the redirectional bounces side of incoming crap, I am using http://www.spamid.net/ since they dig out the offending sites better than SC, which, as I stated, has a problem with the headers. Spamid prepares an email for you and that is where I plug in the note, then paste in the whole misdirect spam. Thunderbird has an extension Quicktext which makes adding that note easier, but I'm probably spinning my wheels there. And some of these misdirects freeze up SpamID, so I then switch to Abuse for the Lart. I simply don't have the free time to do manual parsing and maintain my sanity at the same time, and as soon I I learn 1 thing, spammers come with something else - you know the story... From MikeE at ster.invalid Sun Jul 3 14:14:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jul 3 16:15:04 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... References: Message-ID: J G wrote: www.spamcop.net/sc?id=z781639333z0cb4ca8a5a8832a64cdc77c79a0458eaz > This was an attempt to report the redirection bounce. The 1st one was > rejected by my ISP That is a complicated structure with 6 sets of headers, I'll number them from 1 to 6 from the top down. It would probably be better to start from the bottom, so I'll start from the top :-) At the top #1 is the header put directly in your mailbox by your cox system, no Received line in which cox is telling you it can't mail the item, but the submission to the parser obfuscated the To: Jumping down to the bottom #6 is the header of a spam sourced at/from 219.128.170.142 a multilisted .cn proxytrojan -- no body -- handled by an amadis.com server for recipients. That spam header was emailed as a newmail DSN by the amadis to a cox account, presumably yours. The next thing up the structure we see is you #5 trying to forward that mail to several addresses which the parser has munged out, and cox is trying to tell you that all of those addresses, whatever they are, are no good for various reasons, deactivated mailbox x 2, not a valid mailbox x2. The MTA which is telling that information is 66.28.189.140 rDNS mw140.mail2world.com so apparently those addresses must've called up that MX for some reason that I don't know. Now, jumping back up to the top #2 to find out what cox was telling you it couldn't mail we find you trying to mail something to 5 different obfuscated x/s and calling it a misdirected bounce, but the misdirected bounce you are trying to report is your own provider telling you that it can't mail something, which is header #3. So, now that we're closing in on the middle, I'll list the headers from top to bottom. - internal cox to you - you trying to email - internal cox to you - you trying to email - misdirected bounce - original spam headers In this case, feeding such a thing to the parser makes things more confusing than they would have been if you had posted it in .spam, because the parser munges out all of the important addresses which are causing the problem. The problems are several, not the least of which is you trying to report your own provider for 'misdirected bounces' when it is telling you that it can't complete the mail the way you have addressed it. In all of those headers, there is only one which belongs to a misdirected bounce; that is #5, all the rest of the headers are due to you doing something wrong. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jul 3 14:32:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jul 3 16:35:03 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... References: Message-ID: Mike Easter wrote: > So, now that we're closing in on the middle, I'll list the headers > from top to bottom. > > - internal cox to you > - you trying to email > - internal cox to you > - you trying to email > - misdirected bounce > - original spam headers This is from #4, you trying to email: From: Jeff Goodwin To: x, x, x, x Subject: Fwd [Spam Report]: Delivery Status Notification This is a misdirection bounce... whoever was those x/es, or at least one of those x/es didn't fly, so your mail admin told you that^1 in #3. ^1 Recipient: Reason: This IP is blocked for relay by Administrator When your admin told you that in #3, you tried to forward that cox admin mail with this #2 from you: From: Jeff Goodwin To: x, x, x, x, x Subject: Fwd [Spam Report]: Mail System Error - Returned Mail This is a misdirection bounce... Whoever or at least one of what was in those 5 x/es led to the same problem as before, resulting in the #1 headers with a similar 'content' as ^1 above. -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Sun Jul 3 14:41:21 2005 From: borgholio at storymind.com (Borgholio) Date: Sun Jul 3 16:45:04 2005 Subject: [SpamCop-List] Need advice with misdirected bounces. Message-ID: Got a reply from an ISP admin after reporting a misdirected bounce. Here's a snippet from the conversation. I'm not an expert in mailservers, so I'm wondering where I should go from here? Hello, On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: B> A true bounce is when the SMTP server refuses to accept delivery of the B> mail, and it is bounced back to the actual sender. There are a lot of conditions when server can generate bounce only after receiving message to queue. B> What your server does, B> is it actually accepts the email, decides it's invalid, then composes a B> whole new email and "bounces" it back to an invalid return address. This behaviour does not violate the standard. B> Thus, I receive a bounce for an email I never sent. I'm sorry. Server of our customer did this according to standard. The most of servers would do the same in such case. From anon at coks.net Sun Jul 3 14:42:25 2005 From: anon at coks.net (J G) Date: Sun Jul 3 16:45:07 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... In-Reply-To: References: Message-ID: On 7/3/2005 1:32 PM Mike Easter scribbled: > Mike Easter wrote: > >>So, now that we're closing in on the middle, I'll list the headers >>from top to bottom. >> >> - internal cox to you >> - you trying to email >> - internal cox to you >> - you trying to email >> - misdirected bounce >> - original spam headers > > > This is from #4, you trying to email: > > > From: Jeff Goodwin > To: x, x, x, x > Subject: Fwd [Spam Report]: Delivery Status Notification > > This is a misdirection bounce... > > > whoever was those x/es, or at least one of those x/es didn't fly, so > your mail admin told you that^1 in #3. > > ^1 > Recipient: > Reason: This IP is blocked for relay by Administrator > > > When your admin told you that in #3, you tried to forward that cox admin > mail with this #2 from you: > > > From: Jeff Goodwin > To: x, x, x, x, x > Subject: Fwd [Spam Report]: Mail System Error - Returned Mail > > This is a misdirection bounce... > > > Whoever or at least one of what was in those 5 x/es led to the same > problem as before, resulting in the #1 headers with a similar 'content' > as ^1 above. > > good grief.... From anon at coks.net Sun Jul 3 15:11:15 2005 From: anon at coks.net (J G) Date: Sun Jul 3 17:10:02 2005 Subject: [SpamCop-List] Re: Mail Admin Reply... In-Reply-To: References: Message-ID: On 7/3/2005 1:14 PM Mike Easter scribbled: > J G wrote: > www.spamcop.net/sc?id=z781639333z0cb4ca8a5a8832a64cdc77c79a0458eaz > > >>This was an attempt to report the redirection bounce. The 1st one was >>rejected by my ISP > > > That is a complicated structure with 6 sets of headers, I'll number them > from 1 to 6 from the top down. It would probably be better to start > from the bottom, so I'll start from the top :-) > > At the top #1 is the header put directly in your mailbox by your cox > system, no Received line in which cox is telling you it can't mail the > item, but the submission to the parser obfuscated the To: > > Jumping down to the bottom #6 is the header of a spam sourced at/from > 219.128.170.142 a multilisted .cn proxytrojan -- no body -- handled by > an amadis.com server for recipients. That spam header was emailed as a > newmail DSN by the amadis to a cox account, presumably yours. What was sent to me was the misdirect bounce, not the spam, but for what I can tell, that could be what you are saying. > > The next thing up the structure we see is you #5 trying to forward that > mail to several addresses which the parser has munged out, and cox is > trying to tell you that all of those addresses, whatever they are, are > no good for various reasons, deactivated mailbox x 2, not a valid > mailbox x2. As mentioned in another post, I was using SpamID to parse the misdirect because it correctly, I believe, identified the source and automatically supplied abuse addys to Lart to - also as previously stated, I do not have the experience you do and need to rely on those addys as correct, but it seems we are all dealing with moving targets here which makes comprehension difficult at best. Net, net, SC just serves up the sender of the misdirected bounce,, which is about al I can say I can do myself. The only munging being done by this whole process is SC - everything I send with SpamID goes out raw. And the mails to Cox in this case are just my cluing in their spam report desk, not their abuse desk. > > The MTA which is telling that information is 66.28.189.140 rDNS > mw140.mail2world.com so apparently those addresses must've called up > that MX for some reason that I don't know. not do I - sorry to say this is where it becomes greek to me... > > Now, jumping back up to the top #2 to find out what cox was telling you > it couldn't mail we find you trying to mail something to 5 different > obfuscated x/s and calling it a misdirected bounce, but the misdirected > bounce you are trying to report is your own provider telling you that it > can't mail something, which is header #3. that is pretty obtuse, but, again, net net, could be me shooting myself in the foot and hitting my brain... > > So, now that we're closing in on the middle, I'll list the headers from > top to bottom. > > - internal cox to you > - you trying to email > - internal cox to you > - you trying to email > - misdirected bounce > - original spam headers > > In this case, feeding such a thing to the parser makes things more > confusing than they would have been if you had posted it in .spam, > because the parser munges out all of the important addresses which > are causing the problem. > > The problems are several, not the least of which is you trying to report > your own provider for 'misdirected bounces' when it is telling you that > it can't complete the mail the way you have addressed it. > > In all of those headers, there is only one which belongs to a > misdirected bounce; that is #5, all the rest of the headers are due to > you doing something wrong. > I have a headache - I have many more screwups to perform before I rest... Are you in the CIA?? p.s. Thanks for the efforts - you do your Phd thesis on this stuff? From MikeE at ster.invalid Sun Jul 3 15:14:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jul 3 17:15:04 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: Borgholio wrote: > Got a reply from an ISP admin after reporting a misdirected bounce. > Here's a snippet from the conversation. I'm not an expert in > mailservers, so I'm wondering where I should go from here? This is a common discussion in nanae. The problem and the 'right and wrong' of it can almost always be configured in a more healthy manner than the 'old fashioned' way of doing business which is now abusive. > On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: >> A true bounce is when the SMTP server refuses to accept delivery of >> the mail, and it is bounced back to the actual sender. > > There are a lot of conditions when server can generate bounce > only after receiving message to queue. ... but that doesn't justify 'routinely' configuring to send newmails to misdirected Froms. >> What your server does, >> is it actually accepts the email, decides it's invalid, then >> composes a whole new email and "bounces" it back to an invalid >> return address. You are correct about that. > This behaviour does not violate the standard. It may not violate the standard, but it is abusive, and it is reportable, and it will be reported, and those reports will get the server listed, and that is not a good situation for the server or for its clients -- so the server's admin should be reconfiguring according to some less abusive options which other and wiser admins are doing. And, at that point, there is also some information at the SC faq http://www.spamcop.net/fom-serve/cache/329.html#bounces Problem: Misdirected bounces -- [the faq gives information for Qmail and Exchange, and also supports the notion that this problem can be solved by configuring correctly] >> Thus, I receive a bounce for an email I never sent. > > I'm sorry. Server of our customer did this according to standard. > The most of servers would do the same in such case. Less and less and less servers are doing that now that servers are getting themselves blocklisted for doing it. -- Mike Easter kibitzer, not SC admin From anon at coks.net Sun Jul 3 15:23:44 2005 From: anon at coks.net (J G) Date: Sun Jul 3 17:25:02 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. In-Reply-To: References: Message-ID: Thank you Borgholio, I am not feeling so alone... > It may not violate the standard, but it is abusive, and it is > reportable, and it will be reported, and those reports will get the > server listed, and that is not a good situation for the server or for > its clients -- so the server's admin should be reconfiguring according > to some less abusive options which other and wiser admins are doing. > > And, at that point, there is also some information at the SC faq > http://www.spamcop.net/fom-serve/cache/329.html#bounces Problem: > Misdirected bounces -- [the faq gives information for Qmail and > Exchange, and also supports the notion that this problem can be solved > by configuring correctly] > Which is what caused me to open up cans of worms and doing so... > > Less and less and less servers are doing that now that servers are > getting themselves blocklisted for doing it. > oh that the results were faster acoming... From nobody at nowhere.invalid Mon Jul 4 00:28:23 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Jul 3 17:30:02 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: On Sun, 03 Jul 2005 13:41:21 -0700, Borgholio coughed into spamcop and left this in : > Got a reply from an ISP admin after reporting a misdirected bounce. Here's > a snippet from the conversation. I'm not an expert in mailservers, so I'm > wondering where I should go from here? > > Hello, > > On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: > B> A true bounce is when the SMTP server refuses to accept delivery of the > B> mail, and it is bounced back to the actual sender. Actually, in this case it isn't a bounce, it's a rejection. They're 2 totally different things, which you appear to know, but it would be useful to get the terminology right when discussing the matter with a mail admin - even if said mail admin doesn't get it right. > There are a lot of conditions when server can generate bounce > only after receiving message to queue. There are also a lot of conditions in which this unfortunate situation can be avoided entirely. > B> What your server does, > B> is it actually accepts the email, decides it's invalid, then composes a > B> whole new email and "bounces" it back to an invalid return address. > > This behaviour does not violate the standard. The standard, RFC821, was drafted in August 1982. Spam didn't account for 90+% SMTP connections in August 1982. It does now. Times have changed, needs have changed. > B> Thus, I receive a bounce for an email I never sent. > > I'm sorry. Server of our customer did this according to standard. > The most of servers would do the same in such case. Not as sorry as everyone else. Server of your customer will find itself in countless personal blocklists as a result of this irresponsible behaviour. -- Steve A lot of money is tainted. 'Taint yours and 'taint mine. From nospam at dev.null Mon Jul 4 02:21:39 2005 From: nospam at dev.null (Anty Spam) Date: Sun Jul 3 19:25:04 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: "Steven Maesslein" wrote in message news:slrndcgm3n.tgs.nobody@127.0.0.1... > On Sun, 03 Jul 2005 13:41:21 -0700, Borgholio coughed into spamcop and > left this in : > > > Got a reply from an ISP admin after reporting a misdirected bounce. Here's > > a snippet from the conversation. I'm not an expert in mailservers, so I'm > > wondering where I should go from here? .... SNIP..... > > This behaviour does not violate the standard. > > The standard, RFC821, was drafted in August 1982. > > Spam didn't account for 90+% SMTP connections in August 1982. It does > now. Times have changed, needs have changed. > Well put. Just as there is no law forcing you to lock your doors before going on holiday. But you do! From hwolfe at spamcop.net Sun Jul 3 19:26:43 2005 From: hwolfe at spamcop.net (Herb Wolfe) Date: Sun Jul 3 19:30:04 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam In-Reply-To: References: <42C300D5.264E956C@SpamCop.net> Message-ID: Porpoise wrote: > "Mike Easter" wrote in message > news:da1kfp$7sd$1@news.spamcop.net... > >>I think this is where I came in. >> >> >>I wonder if Michael could clarify precisely what was clicked. Could it >>have been a subscription confirmatory link? >> >>I don't have a full picture of how insecurely he does whatever he does >>in email or websites or subscribing or accidentally clicking things and >>where he is and what he is doing when he is accidentally clicking them. > > > > I'm struggling with the same picture..... or, rather, lack of - it's not at > all clear what he "actually" did....... > > The impression I get from the original message is that Michael was dragging a scroll bar, the mouse slipped off the scroll bar and caused a click on an ad, which subscribed him to some list. As for how they got his home e-mail, rather than his hotmail address, it's rather simple. If he has that address stored in his browser settings, it can be read. From nobody at xyzzy.claranet.de Mon Jul 4 02:43:44 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Jul 3 19:55:02 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: <42C87830.404C@xyzzy.claranet.de> Steven Maesslein wrote: > Actually, in this case it isn't a bounce, it's a rejection. > They're 2 totally different things | Delivery SMTP systems MAY reject ("bounce") such messages | rather than deliver them. RfC 2821 disagrees with you. And I disagree with RfC 2821, so maybe we're on the same side: From my POV "reject" is the opposite of "accept", a "reject" is a 4xx or 5xx SMTP error. As soon as you have two MTAs B and C, B forwarding mails to C (e.g. B = MX and C = MDA, or B = outsourced backup MX), and A sends a mail to B, B does not necessarily know what C will do. Therefore B might decide to "accept" the mail from A. Later C could "reject" it (user over quota or other non-obvious trouble from B's POV). Because B had accepted it, right or wrong, it then must create a "bounce message". One perfectly sane situation is A = user (MUA), B = smart host (MSA), and C = MX. If C rejects the mail, B has to inform its own user, by a "bounce message" to A. > There are also a lot of conditions in which this unfortunate > situation can be avoided entirely. Yes, but not with the massive abuse supported by SpamCop, that will only destroy the reliability SMTP: B desperately needs a fair chance to identify potential "misdirected bounces" before it ever gets in this situation. It could use radical blocking if it is a backup MX. It could have some kind of access on the list of valid users before C says "no such user". It's very tricky for a "user over quota": At the moment there's no protocol to check the latter problem with C before B's decision to "accept" the mail. Afterwards it's too late. B can't simply delete the mail only because a user is over quota, any legit sender A wants to know that the mail didn't make it. The only real chance at the moment is to identify a potential "misdireted bounce" when B decides about "accept" vs. "reject". And for that the "return path" (the MAIL FROM in the mail sent to B) needs an SPF-FAIL sender policy, and B has to check it. Or B uses some way to guess like radical blocking. >> This behaviour does not violate the standard. > The standard, RFC821, was drafted in August 1982. RfC 2821 has exactly the same concept "accept => responsible", and 2821 was published April 2001 - not April the first I hope. > Spam didn't account for 90+% SMTP connections in August 1982. > It does now. Times have changed, needs have changed. Except from implementing SPF on the side of B, and publishing a sender policy allowing to identify and "reject" forgeries B has absolutely no chance in many common situations. And the SPF RfC is less than ten days old, it doesn't have an RfC number yet, that can take months. > Not as sorry as everyone else. Server of your customer will > find itself in countless personal blocklists as a result of > this irresponsible behaviour. What you say and what SpamCop does, that is irresponsible, you are forcing MTAs like B to silently ignore errors. Bye, Frank From smcgarrett at hawaii.com Sun Jul 3 20:04:47 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Sun Jul 3 20:05:03 2005 Subject: [SpamCop-List] Re: Using IMAP for more flexible filtering In-Reply-To: References: Message-ID: Peter Pearson wrote: > I'm thinking of writing a Python program to create an IMAP > connection to Spamcop and move the really blatant spam > from my held-mail folder into my spam-for-sure folder. > If anybody has advice or instructive insults, please tell. I do this already by using Thunderbird's IMAP support to access my held mail folder, then using Thunderbird's filters to move blatant spam to my spam-for-sure folder. I then manually move the remaining spam to my spam-for-sure folder. Finally, I log in to webmail to release and whitelist any false positives and quick report the messages in my spam-for-sure folder. The only problem I've been having lately is the spammers who've been sending out messages with sizes of 10-40k. These can cause the total size of the messages in my spam-for-sure folder to top the 100k limit allowed for a single report. BTW, I also have a search folder set up to search my Inbox for messages with the subject "SpamCop Quick reporting data" and the phrase "sent to: " in the body. This allows me to see if quick reporting is accidentally reporting my ISP's inbound mail server. It hasn't in over two years of checking, but it never hurts to be safe. Details: I never get legitimate email from China, Korea, Brazil, Argentina or Nigeria, so I have these blacklists, along with others, turned on in my SpamCop Tools. I also have my SpamAssassin limit set to 5. I've discovered that any false positives I get never have SpamAssassin scores higher than 7, although a good bit of the spam I get has scores of 5 or 6. The Thunderbird filters move messages in which "X-SpamCop-Disposition" contains "korea.services.net", "cn.rbl.cluecentral.net", etc. to my spam-for-sure folder. They also move messages in which "X-Spam-Level" contains "*******" (meaning SpamAssassin score is 7 or higher) to my spam-for-sure folder. What remains in my Held Mail folder is email trapped by various blocklists (including the SCBL) with a SpamAssassin score of six or lower. There are few enough of these to be handled manually with ease. Hope this helps. Aloha, McGarrett "LART 'em, Danno!" From nttp.sc.s at bigsleep.org Mon Jul 4 08:09:41 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jul 4 03:10:04 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: On 02 Jul 2005 Michael Wise entered spamcop and left news:no-588B28.07430302072005@news.cesmail.net: >> Besides, I expect that he.blackholes.us will block Outblaze as well,... > > I don't get the connection? Do you have reason to believe Outblaze uses > HE net space? > According to Senderbase, some Outblaze servers are on HE http://www.senderbase.org/search?searchString=64.62.181.91 and some are on XO http://www.senderbase.org/search?searchString=205.158.62.67 As far as Verio goes, we now have the problem of Verio and NTT sharing IP space (I suppose), though the spam sourced from NTT space seems to be dropping, for me anyway. My major peeve right now is Kornet, and various ROKSO networks (long list, includes XO for one). -- | Ric | From nttp.sc.s at bigsleep.org Mon Jul 4 08:37:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jul 4 03:40:03 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: On 03 Jul 2005 Borgholio entered spamcop and left news:da9igl$gtj$1@news.spamcop.net: > On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: > B> A true bounce is when the SMTP server refuses to accept delivery of > the B> mail, and it is bounced back to the actual sender. > > There are a lot of conditions when server can generate bounce > only after receiving message to queue. > Perhaps they are using qmail, which always queues then bounces. There is always a way, such as for qmail there's at least one patch http://www.google.com/search?q=qmail-badrcptto.patch But then I've never had much luck explaining this type of thing to mail admins, who usually think they know everything. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jul 4 08:45:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jul 4 03:50:03 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: Message-ID: On 04 Jul 2005 Blammo entered spamcop and left news:Xns9689687C90EDblammo@216.154.195.61: > http://www.google.com/search?q=qmail-badrcptto.patch > Would have been better to alter that search to http://www.google.com/search?q=qmail+badrcptto+patch -- | Ric | From pete+usenet at heypete.com Mon Jul 4 02:12:50 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Mon Jul 4 04:15:03 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: In article , Blammo wrote: > I have seen other regulars here say that they DO act on LARTS. So here I > have conflicting statements, and actually very little spam from HE. In my > view they seem insignificant compared to, say, thePlanet. I host with HE specifically because they act against complaints[1], a fact which I've confirmed through discussion with HE abuse staff personnel and some Spamhaus.org staffers I know from my previous employment. While HE does do direct-sales to customers (such as myself), their facility is mostly geared toward resellers and organizations who buy resources by the rack. Occasionally those resellers have their own resellers, adding another hop for the abuse staff to chase the spammer through. Even if HE and their resellers nuke a particular spammer, the spammer could easily (purposely or inadvertently) move to another HE reseller. One of the disadvantages of being a major hosting provider offering reseller services is that you'll constantly have to be nuking spammers with no easy means of centralized account-denial. That said, HE does remarkably well with nuking spammers in my experience. My only connection to HE is as a customer; I have no financial interest in the company. Your mileage may vary. [1] They also offer the services I want at a reasonable price, of course. -- Pete Stephenson HeyPete.com From nobody at nowhere.invalid Mon Jul 4 13:12:09 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jul 4 06:15:12 2005 Subject: [SpamCop-List] Re: HE.net's spammer Yfdirect talks References: Message-ID: On Mon, 4 Jul 2005 07:09:41 +0000 (UTC), Blammo coughed into spamcop and left this in : > As far as Verio goes, we now have the problem of Verio and NTT sharing > IP space (I suppose), Hardly surprising given that Verio is owned by NTT... -- Steve Maintainer's Motto: If we can't fix it, it ain't broke. From glnews030922 at highspot.net Mon Jul 4 13:42:37 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Mon Jul 4 07:40:02 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. In-Reply-To: <42C87830.404C@xyzzy.claranet.de> References: <42C87830.404C@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote: > Steven Maesslein wrote: > > >>Actually, in this case it isn't a bounce, it's a rejection. >>They're 2 totally different things > > > | Delivery SMTP systems MAY reject ("bounce") such messages > | rather than deliver them. > > RfC 2821 disagrees with you. And I disagree with RfC 2821, so > maybe we're on the same side: From my POV "reject" is the > opposite of "accept", a "reject" is a 4xx or 5xx SMTP error. Although RFC2821 widely implemented, it is not an internet standard[1]. RFC821 makes no provision for rejection after the SMTP transaction is complete. So you could argue that rejection after receipt violates the official mail standard. ;-) [1]: http://rfc.net/std1.html -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From crappy.trappy at ntlworld.com Mon Jul 4 17:22:15 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Mon Jul 4 11:25:03 2005 Subject: [SpamCop-List] [MEDIA] China signs anti-spam pact Message-ID: http://www.theregister.co.uk/2005/07/04/china_spam/ Heh, we will have to wait and see! From porpoise1954 at yahoo.co.uk Mon Jul 4 19:27:47 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Jul 4 13:30:03 2005 Subject: [SpamCop-List] Re: Mainsleaze Spam References: <42C300D5.264E956C@SpamCop.net> Message-ID: "Herb Wolfe" wrote in message news:da9s6n$mja$1@news.spamcop.net... > Porpoise wrote: > >> "Mike Easter" wrote in message >> news:da1kfp$7sd$1@news.spamcop.net... >> >> >> I'm struggling with the same picture..... or, rather, lack of - it's not >> at all clear what he "actually" did....... > > The impression I get from the original message is that Michael was > dragging a scroll bar, the mouse slipped off the scroll bar and caused a > click on an ad, That was my understanding of his original post. > which subscribed him to some list. As for how they got his home e-mail, > rather than his hotmail address, it's rather simple. If he has that > address stored in his browser settings, it can be read. That's the bit I'm struggling with. From borgholio at storymind.com Mon Jul 4 13:35:10 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Jul 4 15:40:04 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. In-Reply-To: References: Message-ID: Mike Easter wrote: > Borgholio wrote: > >>Got a reply from an ISP admin after reporting a misdirected bounce. >>Here's a snippet from the conversation. I'm not an expert in >>mailservers, so I'm wondering where I should go from here? > > > This is a common discussion in nanae. The problem and the 'right and > wrong' of it can almost always be configured in a more healthy manner > than the 'old fashioned' way of doing business which is now abusive. > > >>On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: >> >>>A true bounce is when the SMTP server refuses to accept delivery of >>>the mail, and it is bounced back to the actual sender. >> >>There are a lot of conditions when server can generate bounce >>only after receiving message to queue. > > > ... but that doesn't justify 'routinely' configuring to send newmails to > misdirected Froms. > > >>>What your server does, >>>is it actually accepts the email, decides it's invalid, then >>>composes a whole new email and "bounces" it back to an invalid >>>return address. > > > You are correct about that. > > >>This behaviour does not violate the standard. > > > It may not violate the standard, but it is abusive, and it is > reportable, and it will be reported, and those reports will get the > server listed, and that is not a good situation for the server or for > its clients -- so the server's admin should be reconfiguring according > to some less abusive options which other and wiser admins are doing. > > And, at that point, there is also some information at the SC faq > http://www.spamcop.net/fom-serve/cache/329.html#bounces Problem: > Misdirected bounces -- [the faq gives information for Qmail and > Exchange, and also supports the notion that this problem can be solved > by configuring correctly] > > >>>Thus, I receive a bounce for an email I never sent. >> >>I'm sorry. Server of our customer did this according to standard. >>The most of servers would do the same in such case. > > > Less and less and less servers are doing that now that servers are > getting themselves blocklisted for doing it. > Thanks for all the info, Mike. As I said, I know the basics, but I feel ill-equipped to argue with a professional mail admin. What should I tell him? Or should I simply ignore him and continue to report these fake bounces, as he's obviously not going to stop? From nobody at devnull.spamcop.net Mon Jul 4 17:59:00 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Jul 4 17:00:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: "Tim" wrote in message news:dabk60$j14$1@news.spamcop.net... > http://www.theregister.co.uk/2005/07/04/china_spam/ > > Heh, we will have to wait and see! I hope they come up with something better than the (u-)CAN SPAM Act! The US record is pathetic, and what public efforts have happened are just not big enough to seriously impact it. We're still working on avoiding spam, not killing the spammers on the spot, which is what's needed. ISP ethics? What's that!? Pop From nobody at nowhere.invalid Tue Jul 5 00:20:50 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jul 4 17:25:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: On Mon, 04 Jul 2005 16:22:15 +0100, Tim coughed into spamcop and left this in : > http://www.theregister.co.uk/2005/07/04/china_spam/ > > Heh, we will have to wait and see! Spam coming from China is far less of a problem than they make out because most people block China anyway. The real problem is spammers' sites hosted in China. Cut China off from the rest of the Internet. Problem solved. -- Steve There's no place like ~ From anon at coks.net Mon Jul 4 15:28:27 2005 From: anon at coks.net (J G) Date: Mon Jul 4 17:30:03 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. In-Reply-To: References: Message-ID: On 7/4/2005 12:35 PM Borgholio scribbled: > Mike Easter wrote: > >>Borgholio wrote: >> >> >>>Got a reply from an ISP admin after reporting a misdirected bounce. >>>Here's a snippet from the conversation. I'm not an expert in >>>mailservers, so I'm wondering where I should go from here? >> >> >>This is a common discussion in nanae. The problem and the 'right and >>wrong' of it can almost always be configured in a more healthy manner >>than the 'old fashioned' way of doing business which is now abusive. >> >> >> >>>On Sat, Jul 02, 2005 at 09:49:36AM -0700, Borgholio wrote: >>> >>> >>>>A true bounce is when the SMTP server refuses to accept delivery of >>>>the mail, and it is bounced back to the actual sender. >>> >>>There are a lot of conditions when server can generate bounce >>>only after receiving message to queue. >> >> >>... but that doesn't justify 'routinely' configuring to send newmails to >>misdirected Froms. >> >> >> >>>>What your server does, >>>>is it actually accepts the email, decides it's invalid, then >>>>composes a whole new email and "bounces" it back to an invalid >>>>return address. >> >> >>You are correct about that. >> >> >> >>>This behaviour does not violate the standard. >> >> >>It may not violate the standard, but it is abusive, and it is >>reportable, and it will be reported, and those reports will get the >>server listed, and that is not a good situation for the server or for >>its clients -- so the server's admin should be reconfiguring according >>to some less abusive options which other and wiser admins are doing. >> >>And, at that point, there is also some information at the SC faq >>http://www.spamcop.net/fom-serve/cache/329.html#bounces Problem: >>Misdirected bounces -- [the faq gives information for Qmail and >>Exchange, and also supports the notion that this problem can be solved >>by configuring correctly] >> >> >> >>>>Thus, I receive a bounce for an email I never sent. >>> >>>I'm sorry. Server of our customer did this according to standard. >>>The most of servers would do the same in such case. >> >> >>Less and less and less servers are doing that now that servers are >>getting themselves blocklisted for doing it. >> > > > Thanks for all the info, Mike. As I said, I know the basics, but I feel > ill-equipped to argue with a professional mail admin. What should I tell > him? Or should I simply ignore him and continue to report these fake > bounces, as he's obviously not going to stop? FWIW, I continued reporting misdirects I was receiving recently and, for the past 30 hours anyway, they stopped, down from 50 a day for a week.. From nobody at devnull.spamcop.net Mon Jul 4 18:29:31 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Jul 4 17:30:07 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: "Steven Maesslein" wrote in message news:slrndcja1i.2ss.nobody@127.0.0.1... > On Mon, 04 Jul 2005 16:22:15 +0100, Tim coughed into > spamcop and left > this in : > >> http://www.theregister.co.uk/2005/07/04/china_spam/ >> >> Heh, we will have to wait and see! > > Spam coming from China is far less of a problem than > they make out > because most people block China anyway. > > The real problem is spammers' sites hosted in China. > > Cut China off from the rest of the Internet. Problem > solved. > > -- > Steve > > There's no place like ~ The US and Canada is a bigger spammer than China is. Cut the US and Canada off from the rest of the world, and problem solved too. Pop From borgholio at storymind.com Mon Jul 4 15:53:01 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Jul 4 17:55:02 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. In-Reply-To: References: Message-ID: J G wrote: > > FWIW, I continued reporting misdirects I was receiving recently and, for > the past 30 hours anyway, they stopped, down from 50 a day for a week.. Oh yeah same here. Over the past month, misdirected bounces have dropped from dozens per day to only a handful. It seems pretty consistent too. From nospam at dev.null Tue Jul 5 01:48:09 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jul 4 18:50:07 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: "Pop" wrote in message news:dac9nh$usa$1@news.spamcop.net... > > "Steven Maesslein" wrote in > message news:slrndcja1i.2ss.nobody@127.0.0.1... ... SNIP.... > > Cut China off from the rest of the Internet. Problem > > solved. ....SNIP.... > Cut the US and Canada off from the rest of the world, > and problem solved too. ....SNIP And there lies the problem. How many days did I not wish I was in control of spamblocks. Our country has a lot of commercial ties with China. Likewise America. Likewise 419'ers :-( Likewise a very efficent 419legal.org. If the economy had to suffer only "ONE" day at a time internationally, the equivalent of a internet Union strike, with all internet connectivity being cut off for a day, that would send a very clear message with little long term effects. This will send the message to the relevant goverments to sit up and do what they are supposed to do: PROTECT THE INTERNET. There lies the rub as well - This is where politics comes into play and parties and goverments try to build power bases. The internet is a world wide resource, not China, USA, Brazil or any other country's property. The golden path is protect and not control. Another thought: What is the ratio of spammers vs population of China, USA, Brazil etc. Nigeria (419's ;-) Cheers E From anon at coks.net Mon Jul 4 17:45:18 2005 From: anon at coks.net (J G) Date: Mon Jul 4 19:50:04 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact In-Reply-To: References: Message-ID: On 7/4/2005 3:48 PM Anty Spam scribbled: > And there lies the problem. How many days did I not wish I was in control of > spamblocks. Our country has a lot of commercial ties with China. Likewise > America. Then you must be Canuck - born there myself, so no ax to grind. But your slightly more socialist bend appears in the next paragraph... > > If the economy had to suffer only "ONE" day at a time internationally, the > equivalent of a internet Union strike, with all internet connectivity being > cut off for a day, that would send a very clear message with little long > term effects. This will send the message to the relevant goverments to sit > up and do what they are supposed to do: > PROTECT THE INTERNET. Nice thought, but not the job of government - Lord help us, getting the wags involved. > > There lies the rub as well - This is where politics comes into play and > parties and goverments try to build power bases. The internet is a world > wide resource, not China, USA, Brazil or any other country's property. > > The golden path is protect and not control. > but not the govy.. > Another thought: What is the ratio of spammers vs population of China, USA, > Brazil etc. Nigeria (419's ;-) Given population numbers, China probably shows well n this regard. What with all the the technology available, the Net should be able to take care of /itself/. Wishful thinking, maybe, but who brought up SC, open source, free ware, etc.? No doubt economically driven in the final analysis, but a lot of folks just helping out in between, which continues as I speak, and that was the idea at the start. That is what will control the net - you and me (when I learn a few more things)... From no at spam.invalid Mon Jul 4 18:23:51 2005 From: no at spam.invalid (Michael Wise) Date: Mon Jul 4 20:25:02 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: In article , "Pop" wrote: > > Spam coming from China is far less of a problem than > > they make out > > because most people block China anyway. > > > > The real problem is spammers' sites hosted in China. > > > > Cut China off from the rest of the Internet. Problem > > solved. > > > > -- > > Steve > > > > There's no place like ~ > > The US and Canada is a bigger spammer than China is. > Cut the US and Canada off from the rest of the world, > and problem solved too. It's not so much _where_ spam comes from...as most comes from 0wned Windoze PC's on broadband links (since the US leads the world in numbers of broadband connected boxes, it makes sense, that they also lead the work in0wened PC's...and therefor spam sources) as much as _who_ is hosting the spamvertised sites....and China takes the #1 honors for that. --Mike From nospam at dev.null Tue Jul 5 03:55:49 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jul 4 20:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: "J G" wrote in message news:dachme$3it$1@news.spamcop.net... > On 7/4/2005 3:48 PM Anty Spam scribbled: > > > And there lies the problem. How many days did I not wish I was in control of > > spamblocks. Our country has a lot of commercial ties with China. Likewise > > America. > > Then you must be Canuck - born there myself, so no ax to grind. But > your slightly more socialist bend appears in the next paragraph... Nope: White in Southern Africa :-) Not socialisitic whatsover either. The years and many scars have taught me that everything is a tool. Law, mass action etc - unfortunately normally used for the wrong purpose. Okay, so you'll next ask who will be the judge of that ...;-) > > > > If the economy had to suffer only "ONE" day at a time internationally, the > > equivalent of a internet Union strike, with all internet connectivity being > > cut off for a day, that would send a very clear message with little long > > term effects. This will send the message to the relevant goverments to sit > > up and do what they are supposed to do: > > PROTECT THE INTERNET. > > Nice thought, but not the job of government - Lord help us, getting the > wags involved. How else could you enforce anti abuse measures? Not talking USA style either, heaven forbid! We only have to consider China Tiengtong. As such the small ray of hope reading the article that started this thread. Agreements will not solve the problem of spam. Punishment in terms of money is always the best. Unfortunately to do that effectively, you needs laws. Business tends to be creative and uses money to bypass restrictions. > > > > There lies the rub as well - This is where politics comes into play and > > parties and goverments try to build power bases. The internet is a world > > wide resource, not China, USA, Brazil or any other country's property. > > > > The golden path is protect and not control. > > > but not the govy.. The goverment should do so on the basis of international agreements. It is a sad fact that business will do anything for money. It is also a sad fact that money buys whatever is required to make more money. We only need to look at what is happening with ICANN. Was a good idea at the time? As such the likes of big ISPs/Telecoms companies will not be candidates. OK, what about individuals? How do I enforce spamcop rules via a pop account? I am too low in the chain. That's why there has to be a form of punishment if J Blogg living around the corner decides to sell porn via the internet to some poor 12 yr old kid in Russia or wherever. Look at Nigeria where 419's is not only a big source of revenue, it is also seen as a disgrace if you are caught 419ing. Note - caught. On paper it is illegal, in reality... > > > Another thought: What is the ratio of spammers vs population of China, USA, > > Brazil etc. Nigeria (419's ;-) > > Given population numbers, China probably shows well n this regard. > What with all the the technology available, the Net should be able to > take care of /itself/. Wishful thinking, maybe, but who brought up SC, > open source, free ware, etc. Good point and agreed 101% > No doubt economically driven in the final analysis, but a lot of folks > just helping out in between, which continues as I speak, and that was > the idea at the start. That is what will control the net - you and me > (when I learn a few more things)... Yes. No. www.spamcon.org ? All but a shell due to unwise laws. As such one for you argument. But then again, what would have happend if certian state spam laws were enacted, the ones cut off by CAN SPAM. The opposite I am sure. Nothing motivates certain individuals to sniff out spammers as the lure of $$$. I used to publish a lot of less know spammer info when I dug it up. This was well used :-) Cheers E From MikeE at ster.invalid Mon Jul 4 19:08:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jul 4 21:10:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: Anty Spam wrote: > Punishment in > terms of money is always the best. Unfortunately to do that > effectively, you needs laws. If you were king/emporer of the planet, exactly what antispam law would you make/dictate? That is, exactly what would be against the law, and exactly how would that law be policed and enforced? -- Mike Easter kibitzer, not SC admin From nospam at dev.null Tue Jul 5 04:54:40 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jul 4 21:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact References: Message-ID: "Mike Easter" wrote in message news:dacmhi$67u$1@news.spamcop.net... > Anty Spam wrote: > > Punishment in > > terms of money is always the best. Unfortunately to do that > > effectively, you needs laws. > > If you were king/emporer of the planet, exactly what antispam law would > you make/dictate? In a nutshell. Respect for my fellow netizens. As such, if A does not want spam, it is illegal, whatever his reason. If I am a Islamic and do not wish to recieve porno spam, so be it. If I am against pornography in my childrens' mailbox, so be it. If I do no believe in whatever - i do not recieve it. Ah yes, no tricks that I as spammer now change domain name and suddenly repeat the spam. I think you get the idea. It is more than spamming. It is abuse in general of the internet. > That is, exactly what would be against the law, and exactly how would > that law be policed and enforced? > If in Russia, a law that stops my citizens from blasting the USA. If Usa Joe prooves that Igor Ruskie has been spamming him , Igor gets a fine. The money can be used for whatever charitable cause as decided by whatever appropriate body. Repeat offences can escalate to the guilty be imprisoned. Likewise USA Joe would get a fine or ??? in the USA for blasting Chung in China etc ... Enforcement should be done via the local goverment's officials getting the complaints, escalating abroad if required. Interpol style internatioanl coordinating group? The rules will not be one counrty's, but international by common consent. The law will only be applied locally based on the rules. The mechanism could be opt out or opt in. But a common mechanism is required. Not like the current situation I know this is idealistic, but I do not know a country where stealing is condoned. Even Nigeria will not publicly condone it. Spamming should have the same status. If this is not done, new technologies will replace the internet, only to have the circle repeat itself. Mail spam, Fax spam, currently email spam, ... The internet challenges are different to the predecessors in as far as their is not a cost differentiation in spamming Chung vs Joe to the abuser. However, chances of getting into trouble for spamming internationally is less for the individual, though not the bandwidth supplier/ISP. As such the spammer moving to a new net to repeat the excercise. American's using China? "I have a dream ..." :-) Cheers E From windsorfoxNOSPAM at cox.net Tue Jul 5 00:51:51 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Tue Jul 5 00:50:10 2005 Subject: [SpamCop-List] Re: ALGX and XO In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , "WindsorFox[SS]" writes: > >> I am recieving insessant, constant garbage from ultimate free >>laptops .com. I Did the unsubscribe for 2 weeks and they still come. > > > > NEVER unsubscribe from something to which you did not subscribe. > There is no reason to believe that someone so unethical as to > subscribe you without permission would behave honorably with > regard to unsubscription. > > No major provider suggests its customer should reply to spammers > but many advise against it. > > http://www.spamhaus.org/removelists.html Thanks for the news flash. Any idea why Spamcops reporting info is out of date and how to get it fixed?? From nobody at spamcop.net Mon Jul 4 23:10:13 2005 From: nobody at spamcop.net (Dar) Date: Tue Jul 5 01:15:03 2005 Subject: [SpamCop-List] Holidays for spammers... Message-ID: Holidays for spammers just means more time to send spam! I received at least twice the number of spam messages today. Sorry -- just my little venting rant. Dar From nobody at spamcop.net Mon Jul 4 23:10:55 2005 From: nobody at spamcop.net (Dar) Date: Tue Jul 5 01:15:07 2005 Subject: [SpamCop-List] Re: Holidays for spammers... References: Message-ID: > Holidays for spammers just means more time to send spam! > I received at least twice the number of spam messages today. > Sorry -- just my little venting rant. > > Dar I know, I know... it was only a holiday for the U.S. From bar_n0ne at hotmail.com Tue Jul 5 10:27:41 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Jul 5 01:30:02 2005 Subject: [SpamCop-List] MCI's business Plan gets even stranger Message-ID: Now into Celebrity sex videos: Tracking message source: 63.13.186.44: Routing details for 63.13.186.44 Report routing for 63.13.186.44: abuse@mci.com Yum, this spam is fresh! and Tracking link: http://i9i9innn.com/2/ [report history] Resolves to 63.105.204.171 Routing details for 63.105.204.171 Report routing for 63.105.204.171: abuse@mci.com From anon at coks.net Mon Jul 4 23:51:58 2005 From: anon at coks.net (J G) Date: Tue Jul 5 01:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact In-Reply-To: References: Message-ID: On 7/4/2005 5:55 PM Anty Spam scribbled: > > Nope: White in Southern Africa :-) Not socialisitic whatsover either. The > years and many scars have taught me that everything is a tool. Law, mass > action etc - unfortunately normally used for the wrong purpose. Okay, so > you'll next ask who will be the judge of that ...;-) Sorry, "our country" just sounded closer to home... Unfortunately to do that effectively, you needs laws. Business > tends to be creative and uses money to bypass restrictions. But business, by and large, follows laws, without which we have no business - and we already have laws which are not followed as it is. Why more laws to be not followed? > >>>There lies the rub as well - This is where politics comes into play and >>>parties and goverments try to build power bases. The internet is a world >>>wide resource, not China, USA, Brazil or any other country's property. >>> >>>The golden path is protect and not control. Golden path? Whose map? > The goverment should do so on the basis of international agreements. bullshit It is a sad fact that business will do anything for money. thats business, but so will people do the same and that is what? human nature, the root problem It is also a sad fact that money buys whatever is required to make more money. thats business, again, and human nature, again. Human nature is capitalistic - better learn to deal wit it if you haven't already. How do I enforce spamcop rules via a pop account? ?? That's why there has to be a form of punishment if J Blogg living around the corner decides to sell porn... there are countless laws on the books of hundreds of countries that need only be enforced - we don't need another wheel, we need a people willing to enforce the laws they have all agreed to live under. People with spine... > Yes. No. www.spamcon.org ? All but a shell due to unwise laws. huh? As such one for you argument. But then again, what would have happend if certian state spam laws were enacted, the ones cut off by CAN SPAM. about 2000 more millionaire laywers and a few challenges to the constiutional law as written - and no, the net won't move the supreme court, painful as that may be. The opposite I am sure. Nothing motivates certain individuals to sniff out spammers as the > lure of $$$. Same lure as attracts spammers, and in the end the same result - bulls and bears make money, pigs get slaughtered. Figure out how to control sex and you may be onto something... > > Cheers > > E > BTW, using OE, you might want to look into quotefix... From anon at coks.net Mon Jul 4 23:56:16 2005 From: anon at coks.net (J G) Date: Tue Jul 5 02:00:02 2005 Subject: [SpamCop-List] Re: [MEDIA] China signs anti-spam pact In-Reply-To: References: Message-ID: On 7/4/2005 6:54 PM Anty Spam scribbled: > "I have a dream ..." :-) good grief... > > Cheers > > E > > > From nobody at devnull.spamcop.net Tue Jul 5 17:24:34 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Jul 5 03:25:03 2005 Subject: [SpamCop-List] Re: Holidays for spammers... In-Reply-To: References: Message-ID: Dar wrote: >>Holidays for spammers just means more time to send spam! >>I received at least twice the number of spam messages today. >> Sorry -- just my little venting rant. >> >>Dar > > > I know, I know... it was only a holiday for the U.S. Well, that's where most of the spammers reside... From redford_stone at INVERSE_OF_COLDmail.com Tue Jul 5 11:05:45 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Jul 5 06:10:03 2005 Subject: [SpamCop-List] Re: Holidays for spammers... References: Message-ID: "Dar" wrote in news:dad4p7$dfk$1@news.spamcop.net: >> Holidays for spammers just means more time to send spam! >> I received at least twice the number of spam messages today. >> Sorry -- just my little venting rant. >> >> Dar > > I know, I know... it was only a holiday for the U.S. > > Meaning that many abuse desks is closed. You aren't alone. Going to be a rude awakening for someone to open the abuse@ inbox to find a ton of reports. From bar_n0ne at hotmail.com Tue Jul 5 15:19:15 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Jul 5 06:20:03 2005 Subject: [SpamCop-List] Wierd one, parsiong through localhosts Message-ID: http://www.spamcop.net/sc?id=z782280845z8e0e6f789f003b1353a324e368e322baz it finds the correct ISP, but parses right past the first received line through 2 "localhosts" to find another (perhaps forged?) received line from bezequint. I think 192.115.104.18 is the correct source, perhaps those local hosts are internal relays, but how can they be trusted? - tres etrange From nobody at xyzzy.claranet.de Tue Jul 5 13:19:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Tue Jul 5 06:25:03 2005 Subject: [SpamCop-List] Re: Need advice with misdirected bounces. References: <42C87830.404C@xyzzy.claranet.de> Message-ID: <42CA5EA6.6FF5@xyzzy.claranet.de> Graeme Leith wrote: > Although RFC2821 widely implemented, it is not an internet > standard[1]. It's a "proposed standard", the first first step of the normal standards process. The author intends to start working on a 2821bis this week, and he apparently hopes that this could be a "draft standard", the second step. The old RfC 821 is still a "full standard" (STD 10), but some of it is really obsolete today. Anything with ESMTP