From nttp.sc.s at bigsleep.org Wed Jun 1 03:34:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 31 22:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: On 31 May 2005 Sofa King Tyred of Lar Ting entered spamcop and left news:d7j1co$lma$1@news.spamcop.net: > Any thoughts or experiences to share? Any other theories? > I'd say you've done more than your share, did they offer to pay for the work they wanted you do do? I never visit spam sites unless I'm paid to do so. -- | Ric | From bar_n0ne at hotmail.com Wed Jun 1 10:39:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:40:03 2005 Subject: [SpamCop-List] threatening spam from catty shaq Message-ID: qoute: You are receiving this communication because your e-mail
address was included on a CD of 100 million e-mail addresses
we bought and you opted in to be on it. The can spam act
allows us to mail you with offers so please do not make false
complaints or we will be forced take legal action against
false complainants to recover any losses caused to us. end quote LART with extreme prejudice From bar_n0ne at hotmail.com Wed Jun 1 10:43:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:45:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > qoute: >SNIPPED, Oh, I forgot, that one was brought to me through auna.es from our friends at Above.net, ipowerweb.com and gblx.net, No, they are not getting the unmunged spam reports. Not this time. Let the jerks use their decoder rings for a change. From nospam at fuck-off-and-die.com Wed Jun 1 13:01:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 02:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Bud, , the sand-blind, donkey-raping retard, and servant who performs all the menial tasks, hummed: > But.....note their spelling. ("CattyShaq") Not to be confused with > the movie Caddyshack. No shit, Shylock? From bar_n0ne at hotmail.com Wed Jun 1 12:29:07 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 03:30:03 2005 Subject: [SpamCop-List] catty shaq, joe job? or? not? Message-ID: the connection to above.net, ipowerweb, and gblx makes me deeply suspicious of joe job claims. Anyone looked into this? From nobody at spamcop.net Wed Jun 1 10:08:04 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:04 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > LART with extreme prejudice Ooops - Did you consider the possibilty of a Joe-Job ? I got quite a few of these and reconsidered ! A site like this (est 2003) would be an ideal target - as discussed in nanae http://groups.google.co.uk/groups?q=cattyshaq&hl=en&lr=&c2coff=1&sa=N&tab=wg http://snipurl.com/fa8i Either way - They are officially denying knowledge of it :- http://www.cattyshaq.com/forum/modules.php?name=Forums&file=viewtopic&t=1708&sid=337c8d154c1af3da1e9aeb3fa11a87b0 http://snipurl.com/fa8h Ciao Meno From nobody at spamcop.net Wed Jun 1 10:09:51 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:07 2005 Subject: [SpamCop-List] Re: catty shaq, joe job? or? not? References: Message-ID: "Berny" wrote in message news:d7jo44$2u9$1@news.spamcop.net... > the connection to above.net, ipowerweb, and gblx makes me deeply > suspicious > of joe job claims. Anyone looked into this? > See original Topic / Thread you started ! Ciao Meno From nobody at spamcop.net Wed Jun 1 10:32:57 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:35:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhto$v2r$1@news.spamcop.net... > Oh, I forgot, that one was brought to me through auna.es from our friends > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > unmunged spam reports. Not this time. Let the jerks use their decoder > rings for a change. Both nameservers appear fairly clean at the moment. NS1.IPOWERWEB.NET 64.70.61.130 NS1.IPOWERDNS.COM 66.235.217.202 http://www.openrbl.org/ip/64/70/61/130.htm http://www.openrbl.org/ip/66/235/217/202.htm Ciao Meno From agent01413 at my-deja.com Wed Jun 1 09:54:39 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 04:55:26 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: Sofa King Tyred of Lar Ting wrote in news:d7j1co$lma$1@news.spamcop.net: > Hi, > > I've recently been forwarding the spams I get regarding sites that > offer MS software at cheap prices to piracy@microsoft.com. Most of > them go through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy >> leads to our team. >> >> The website linked in the email you forwarded is no longer valid or >> has been lost in the forwarding process. In order for us to process >> the lead, we need to have certain additional information regarding >> the company you are reporting. If you were able to capture >> information from the linked website prior to forwarding the email to >> piracy@microsoft.com, please send us all the information you have >> such as: >> >> Company name >> Company address including city and state >> Company phone number >> Company email address >> Company website >> >> With the above information we will be able to process the lead as >> requested. Again, thank you for your interest in our anti-piracy >> campaign. >> >> You may also visit our Internet site on >> http://www.microsoft.com/piracy and http://www.howtotell.com to >> review additional information on recognizing genuine Microsoft >> product and Microsoft's licensing policies. >> >> Again, thank you for your interest in our anti-piracy campaign. >> >> Microsoft Corporation >> Worldwide Sales Group > > What irks me about this, is that in most if not all of these cases, > the web site was *still* valid when I got the reply. On a couple of > the reports since then, I have even sent the DNStools and SpamCop > reports about the URLs along with the forwarded spams. They, too, have > come back saying the site was no longer active. Upon trying, I see > that it's still active. > > Here are a couple of theories that explain this: > > * Microsoft is trying to get me to do their dirty work (finding > company name, etc.) on bulletproof hosts. > * Microsoft's droid is a complete boob and sends out the wrong reply. > * The pirates are blocking HTTP access to their sites from the > anti-pirate droids @ microsoft. > > Any thoughts or experiences to share? Any other theories? > > I'm beginning to think it's a waste of mouse clicks to forward these > things to piracy@microsoft.com. Somehow I thought the legal power of > Microsoft could be used to good of spam fighting... > > I'm particularly offended if my first theory is correct, especially > given their monopoly status! > Your set of emails from MSFT matches mine, except that in my case I responded with a link from nanas to multiple sightings. The second response I got looked more like that coming from someone with clue pre- installed. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From agent01413 at my-deja.com Wed Jun 1 09:59:41 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 05:00:06 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Brian (SnSR)" wrote in news:d7jeo7$t0r$1@news.spamcop.net: > Bud wrote: >> Posted in .spam >> >> http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e >> 33z >> >> > > Careful with this one. Not certain yet, but looking at the sites, and > with the way the "spam" is written, my gut reaction is Joe job. > > Brian the site is claiming joe job the site isnt selling anything the site goes after spammers, especially those involved in fraud this screams joe job at me. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From bar_n0ne at hotmail.com Wed Jun 1 14:13:11 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 05:15:07 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "me-no-no" wrote in message news:d7jrrg$4ui$1@news.spamcop.net... > "Berny" wrote in message > news:d7jhto$v2r$1@news.spamcop.net... > > > Oh, I forgot, that one was brought to me through auna.es from our friends > > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > > unmunged spam reports. Not this time. Let the jerks use their decoder > > rings for a change. > > Both nameservers appear fairly clean at the moment. > > NS1.IPOWERWEB.NET 64.70.61.130 > NS1.IPOWERDNS.COM 66.235.217.202 > http://www.openrbl.org/ip/64/70/61/130.htm > http://www.openrbl.org/ip/66/235/217/202.htm > > Ciao > Meno Wasn't so long ago that corner of the web was considered pretty black hat, so the knee jerk reaction is to LART anything from there. Imagine not LARTing spams with links in Whoa.com space, imagine opening one to see! and what exactly is meet my computer dot com about? From bar_n0ne at hotmail.com Wed Jun 1 15:17:31 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 06:20:03 2005 Subject: [SpamCop-List] Re: XO spam (tradepointone,pinpointmoney,servingones etc. (dot) com) not CanSpam compliant References: Message-ID: "Cat" wrote in message news:d7dr7i$saj$1@news.spamcop.net... SNIPPED: > > resolutionteam@support.xohost.com, monica.henderson@xo.com, > jim.tobias@xo.com > > SNIPPED > > Please feel free to continue to send any complaints > regarding this issue to myself > monica.henderson@xo.com and also to Jim Tobias > jim.tobias@xo.com." How many letters did it take? I wrote a relatively polite letter (did not reveal the spammed address, but provided tracking links to SC-munged reports.) But the crap still comes. Maybe I need to visit the spamvertized sites and see if there is an "unsubscribe procedure", and "unsubscribe" the above. Others have written that they tried to unsubscribe in the past, with no success. Probably these addresses use a milter that /dev/null's anything with a link or mention of spamcop in it. From gezgin at spamcop.net Wed Jun 1 15:12:43 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Jun 1 07:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Bud" wrote > While I've been doing this, I just got eight more, > ("CattyShaq" ), but again all > different 'received: from' IPs. This guy don't like me. The spew from "mypants.com" seems to be abating. I haven't received one in about half an hour. (Knock wood.) -- Bob Kanyak's Doghouse http://www.kanyak.com From nobody at devnull.spamcop.net Wed Jun 1 08:24:16 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Wed Jun 1 07:25:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Socks the Whitehouse Cat wrote: > > this screams joe job at me. > Especially this part of the spam: You are receiving this communication because your e-mail address was included on a CD of 100 million e-mail addresses we bought and you opted in to be on it. The can spam act allows us to mail you with offers so please do not make false complaints or we will be forced take legal action against false complainants to recover any losses caused to us. demesy -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From Kilgallen at SpamCop.net Wed Jun 1 07:41:44 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: In article , "N. Miller" writes: > On 31 May 2005 15:42:27 -0500, Larry Kilgallen wrote: > >> In article , Sofa King Tyred of Lar Ting writes: >>> Hi there, >>> >>> I use spampal which is linked into spamcop's block list. Lately SpamPal >>> has been trashing legit emails sent via hotmail. For example, it claims >>> that 65.54.175.200 is listed on the SPCOP list. Using the SC reporting >>> page, I can confirm this as true as of the time of this post. >>> >>> My question: >>> >>> I assume that this is due to lax response on behalf of hotmail. >> >> I would say, rather, that this is due to a faulty business model on >> the part of Hotmail. My understanding is that in at least some cases >> they offer email access without charge, so there is no way they can >> charge spammers a cleanup fee. > > This is true for any free email service. If it is offered free, how can > they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and Yahoo! as > well. As I said, a faulty busines model (vis. a vis. spam). From Kilgallen at SpamCop.net Wed Jun 1 07:42:36 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:05 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: In article , Sofa King Tyred of Lar Ting writes: > Hi, > > I've recently been forwarding the spams I get regarding sites that offer > MS software at cheap prices to piracy@microsoft.com. Most of them go > through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy leads to our team. I have _never_ gotten such a response from piracy@microsoft.com. From nobody at spamcop.net Wed Jun 1 09:13:28 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 08:20:02 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > Looks like a joe-job. I am setting the two urls to innocent bystander. If anyone finds out differently let me know. And yes you can report each one you receive. Ellen From nospam at fuck-off-and-die.com Wed Jun 1 19:15:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 08:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: <27291f7437274731b7e1957c8dcfae5a@you.soft-nosed-putrefactive-baggage.net> Gezgin, , the sickly, gill-equipped curryaholic, and oxherder, reprobated: > (Knock wood.) You'll be less likely to get splinters in your knuckles if you smooth-plane your head first. From nobodyy at devnull.spamcop.net Wed Jun 1 10:39:20 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 09:40:03 2005 Subject: [SpamCop-List] Someone using my SpamCop account? or is it Spam? Message-ID: I am not sure I am posting this to the right SC newsgroup. I don't need the headers parsed but am posting the header that came in the body of an email seemingly from SpamCop. I have a SpamCop paid account that is still active, but have not been using it lately. I don't think I have used it in 4 months or so. But I receive email [several to date] saying there is an error in processing spam. I have not sprcessed any spam at SpamCop. The following is the full email, not headers from the spam. What is this and is it pure Spam or is someone using my paid SpamCop account? ------------------------------------------------ SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. The email which triggered this auto-response had the following headers: Return-Path: Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com [192.168.18.81]) by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 for ; Wed, 1 Jun 2005 05:56:16 -0700 (PDT) Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 Date: Thu, 02 Jun 2005 04:04:32 +0000 From: Sbtt Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super D1sc0unt To: Submit.kwop3bwk540ooff0 References: <9H7EH064914KBF0D@spam.spamcop.net> In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> Message-ID: <8I3EF8F24DIG548D@atari-portal.net> Reply-To: Stimconfessing Sender: K6j32 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit -- Stello From MikeE at ster.invalid Wed Jun 1 08:03:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:05:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > I am not sure I am posting this to the right SC newsgroup. I don't > need the headers parsed but am posting the header that came in the > body of an email seemingly from SpamCop. Yabbut, you are posting some headers which were in the body of a mail whose headers we are interested in. What would've been better would have been if you had pasted the entire mail into the parser, copied the tracking url, cancelled the report, and pasted the tracker in here. That way we could look at the headers of the item you received, as well as this content which you've pasted here, which not only takes up more 'space' than a tracker, but also isn't quite as informative as having the entire thing. If you wanted or needed to do some modest mungeing of the item before submitting it to the parser, you should make it clear in your post how much you have munged. > I have a SpamCop paid account that is still active, but have not been > using it lately. I don't think I have used it in 4 months or so. > But I receive email [several to date] saying there is an error in > processing spam. I have not sprcessed any spam at SpamCop. The > following is the full email, not headers from the spam. What is > this and is it pure Spam or is someone using my paid SpamCop account? Your signup authorization letter contains a pw and a submit code which are/were secret. This item contains a submit code in more than one place. It also includes headers with a bogus helo. I suspect that if you examine your authorization registration letter, you will find your submit code matches that for this item. > for > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) 58.75.37.29 no rDNS is the .kr boranet > Subject: Submit.kwop3bwk540ooff0, New ??" C1AL1S S0FTABS ??" at Super > To: Submit.kwop3bwk540ooff0 That looks to me like spamcop received a spam sourced from the boranet IP with your personal 'secret' submit code in the To. That could have happened by your computer being infected with a virus and 'passing out' the various addresses which can be found on its drives. Theoretically no one else should have your personal secret submit address. You should be fixing your spamcop account and checking out your system for virms and spyware. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Jun 1 16:06:53 2005 From: nobody at spamcop.net (Bodger) Date: Wed Jun 1 10:10:02 2005 Subject: [SpamCop-List] Re: phishing site References: Message-ID: good "Larry Kilgallen" wrote in message news:K5ZpWRSzQl81@eisner.encompasserve.org... > In article , "Bodger" writes: > > I wish you would ignore my posts. > > Don't worry, as soon as someone responds to a top-posting complaint > by top-posting they are quickly entered into many killfiles. From MikeE at ster.invalid Wed Jun 1 08:13:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Socks the Whitehouse Cat wrote: > "Brian (SnSR)" >> Careful with this one. Not certain yet, but looking at the sites, and >> with the way the "spam" is written, my gut reaction is Joe job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > > this screams joe job at me. The problem with analyzing joe jobs is that we must not forget about bogus joejobs, fake joejobs, and trick fake joejobs. I seem to recall an issue in which it was never completely clear to me about what was apparent a joejob on the darksecrets forum, which was also a forum and which also wasn't selling anything, but which had something to gain by the attention being brought to it, and which could easily 'coast' in their response to their site provider to say "This is obviously a joejob. You can't whack me for all that spam." In the case of the darksecrets issue, the elements were different. The darksecrets forum was a little 'darker' than this forum -- and the spam content was more bogus, since it was ostensibly promoting illegal weapons, narcotics, and kiddy pr0n. So, this /may/ be a joejob; but don't forget about the possibility of a trick fake joejob. The forum will benefit from this attention, and they can claim joejob and skate as far as being whacked by their website provider. -- Mike Easter kibitzer, not SC admin From newandrew at rump.dk Wed Jun 1 15:17:27 2005 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Wed Jun 1 10:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Socks the Whitehouse Cat mumbled in news:Xns96681E68F25CAagent01413MYDEJACOM@216.154.195.61: > "Brian (SnSR)" wrote in > news:d7jeo7$t0r$1@news.spamcop.net: >> Careful with this one. Not certain yet, but looking at the sites, >> and with the way the "spam" is written, my gut reaction is Joe >> job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > this screams joe job at me. Agree. 3 of my domains received over 400 of these mails sent to a few users, including SpamCop e-mail addresses!?! For some unknown reason SpamCop do find the JoeJob'ed sites but do not take them in to the calculation - I would have expected the site to have been reported and appealed but that doesn't show on the SpamCop reporting page. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From PossumTrot at dont.spam.me Wed Jun 1 08:32:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Larry Kilgallen" wrote in message news:IBlqYdt92LZ0@eisner.encompasserve.org... > In article , Sofa King Tyred of Lar Ting > writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. I have reported well over 100 times to the piracy@microsoft.com address and have never gotten a response like the ones referred to by Sofa. Sounds like some microsoftie is clueless. Has M$ maybe outsourced this function to India? From PossumTrot at dont.spam.me Wed Jun 1 08:36:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:40:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > -- > Bud Also known as the You Can Spam Act, since it _allows_ Spammy to continue to spam if he/she/it follows the rules. From nobodyy at devnull.spamcop.net Wed Jun 1 11:42:18 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 10:45:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Mike Easter" wrote in message news:d7kf6k$fk9$1@news.spamcop.net... > Stello wrote: > Yabbut, you are posting some headers which were in the body of a mail > whose headers we are interested in. What would've been better would > have been if you had pasted the entire mail into the parser, copied the > tracking url, cancelled the report, and pasted the tracker in here. Is this the newsgroup to post the full headers? > > That way we could look at the headers of the item you received, as well > as this content which you've pasted here, which not only takes up more > 'space' than a tracker, but also isn't quite as informative as having > the entire thing. If you wanted or needed to do some modest mungeing of > the item before submitting it to the parser, you should make it clear in > your post how much you have munged. The headers in the body of the email I posted were not true headers. They were in the body of the email I received, supposedly from SpamCop. I looked for my personal information and didn't see any, which is why I think it is a spam, phishing, or spoof. No viruses on board this machine or spyware or trojans. > > Your signup authorization letter contains a pw and a submit code which > are/were secret. This item contains a submit code in more than one > place. It also includes headers with a bogus helo. I suspect that if > you examine your authorization registration letter, you will find your > submit code matches that for this item. Well once upon a time I may have had an authorization letter with a submit code. I have had this paid account for so long, I only need to sign in using an email address. I have long forgotten the rest. Ill check out my account. > > > -- > Mike Easter > kibitzer, not SC admin > From wb8tyw at qsl.network Wed Jun 1 11:02:39 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Jun 1 11:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: <4EDqLduTR1iw@eisner.encompasserve.org> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , > Sofa King Tyred of Lar Ting writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. Are you reporting them as additional addresses on your spamcop larts? In that case, spamcop.net is probably deleting the robot replies. I am getting several variations of the bed-bug letters from Microsoft, and a few months ago, a new variant showed up. It requested more information because at the time the program at Microsoft processed the URL, it was unable to resolve the domain that the spammer was using. Since I forward such spam as attachments to piracy@microsoft.com from one of my other e-mail addresses along with copies to the spam@uce.gov address, I am now putting the spamcop.net parsing information for the URL in the body of the message. If the spamcop.net parser can not resolve the domain, I plug it into http://moensted.dk/spam/ and this gives me a handy link to spamhaus.org (spamhaus.org now requires cookies). I then paste the spamhaus.org listing in the body of the message. Now I am only getting the ones requesting more information when neither spamcop.net or moensted.dk can resolve the domain name. So something at piracy@microsoft.com is processing the reports and wants to know what the contact information is for the spamvertized domains. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Wed Jun 1 09:11:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > "Mike Easter" >> What would've been better would >> have been if you had pasted the entire mail into the parser, copied >> the tracking url, cancelled the report, and pasted the tracker in >> here. > > Is this the newsgroup to post the full headers? What I was trying to say was that posting a tracker is the best way to communicate about any mail which we might have occasion to discuss here. The tracker is a 'storage vault' for the entire item, from top to bottom, the whole enchilada/ magillicutty whether it is a spam, some kind of mysterymail, or something pretending to be from your Aunt Betsy. It is undesirable for several reasons to be posting spam and other mail of question into this newsgroup. Previously the newsgroup spamcop.spam was intended for that purpose, but that was long ago before the parser storage vault could save the entire spam for discussing. To get a tracker, you select the item in question, spam or mysterymail, then you perform the necessary steps to get the whole enchilada copied; in the case of OE Outlook Express, that would be File/ Properties/ Details tab/ Message source - then ctrl-A ctrl-C will get it copied and pasted into the parser. Then, after the parsing, copy the tracker, which looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z770183536z7f45882dcf03c22fb82536c4f2297d7dz We can use that tracker to examine the mail's headers, body, attachments -- everything and nothing else needs to be posted here. >> That way we could look at the headers of the item you received, as >> well as this content which you've pasted here, which not only takes >> up more 'space' than a tracker, but also isn't quite as informative >> as having the entire thing. > The headers in the body of the email I posted were not true headers. > They were in the body of the email I received, supposedly from > SpamCop. I understand exactly what they were. I also believe them to be true headers as spamcop received the item. But the point is that if we were looking at the tracker instead of just the body of the mail, we would be able to see it all and actually verify that our/my assumptions are correct about that being an item which came from spamcop as a result of an html spam being addressed to /your/ personal secret submit address > I looked for my personal information and didn't see any, > which is why I think it is a spam, phishing, or spoof. No viruses on > board this machine or spyware or trojans. How do you propose the spammer got your personal secret submit address? > Well once upon a time I may have had an authorization letter with a > submit code. I have had this paid account for so long, I only need > to sign in using an email address. I have long forgotten the rest. The authorization letter contains your password and the submit code. Unless there's something different about pay accounts, your login with the password doesn't last forever. It likely maxes out as a year. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Wed Jun 1 11:11:41 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 11:15:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: <4EDqLduTR1iw@eisner.encompasserve.org> Message-ID: In article <4EDqLduTR1iw@eisner.encompasserve.org>, wb8tyw@qsl.network (John E. Malmberg) writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) writes: >> In article , >> Sofa King Tyred of Lar Ting writes: >>> Hi, >>> >>> I've recently been forwarding the spams I get regarding sites that offer >>> MS software at cheap prices to piracy@microsoft.com. Most of them go >>> through with a standard, semi-automated thank-you response. >>> >>> However, about 5 or 6 have come back later with a response that reads: >>> >>>> Hello, >>>> >>>> Thank you for contacting the Microsoft Anti-Piracy Team. >>>> >>>> We appreciate that you have taken the time to forward anti-piracy leads >>>> to our team. >> >> I have _never_ gotten such a response from piracy@microsoft.com. > > Are you reporting them as additional addresses on your spamcop larts? Yes -- that is the only way I send reports to people, including to news.admin.net-abuse.sightings. From MikeE at ster.invalid Wed Jun 1 09:29:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:30:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > The authorization letter contains your password and the submit code. Oops. This may not be correct. The initial authorization letter contains the password. After the login, the page http://www.spamcop.net/ contains the submit code in this line which is 2 lines above the parser window:: Forward your spam to: submit.16charANcodeNMBR@spam.spamcop.net or: where the 16charANcodeNMBR is case sensitive alphas and numerics. So, since the submit code isn't contained in the authorization letter, that puts a different spin on the question of where/how the spammer could get the submit. That is, it means that scraping it from the authorization letter isn't on the list of possibilities, I guess, unless the pay accounts are handled differently than free accounts. Someone else will have to answer that question. Does any kind of spamcop mail about a paid account contain the submit code information, or only the password? -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Wed Jun 1 12:36:47 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 1 11:40:04 2005 Subject: [SpamCop-List] over 50% spam skips over URL Message-ID: The "bug" that causes SC's parser to skip reporting a URL even though it sort-of finds it is now more than 50% of my daily spam. At what point does it become important enough to warrant an investigation? Just curious. As a refresher, this is what the "bug" looks like Finding links in message body Recurse multipart: Parsing HTML part Parsing text part Resolving link obfuscation http://www.jnaz.net/world/ http://www.jnaz.net/un.php Please make sure this email IS spam: there should be something between these last two lines: either a cannot resolve or a time out or something -but not just a blank line jnaz.net parses perfectly normally, manually with the following reporting address Reporting addresses: s_mal@informtelecom.ru It's as if the software spins out a thread to look up the DNS and reporting address and the main program forgets about the thread and continues on its merry way. But that's only a guess. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Wed Jun 1 10:19:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 12:20:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > So, since the submit code isn't contained in the authorization letter, > that puts a different spin on the question of where/how the spammer > could get the submit. That is, it means that scraping it from the > authorization letter isn't on the list of possibilities, I guess, Other places a submit address could 'reside'.... - in your addressbook if you ever used that address to submit - in the mail received by any other entity if you addressed copies to others to whom you report a spam. The first example could occur if you clicked on the mailto on the parser page, which would start an email with the submit address, which address if R clicked would provide an opportunity to enter into the addressbook. The second if you were going to submit an item to the spamcop submit address and decided to also send it to someone/something else. I don't know why you would do that, but it is possible. The other would be if you copied that address for some reason -- or if the SC pay account communication contained the submit. -- Mike Easter kibitzer, not SC admin From davigarQUITAESTO at excite.com Wed Jun 1 19:48:06 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 12:50:02 2005 Subject: [SpamCop-List] No recent reports, no history available Message-ID: Return-Path: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 From: "svsxfsszjjf" To: , , , , , , , , , , Cc: x , Subject: oxxxxycontin no scriptt Date: Mon, 02 May 2005 09:24:58 -0800 Message-ID: <0056______________________998c@wlhjv> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01C54EF8.CF0F0090" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal X-Antivirus: avast! (VPS 0522-6, 01/06/2005), Inbound message X-Antivirus-Status: CleanView entire message Parsing header: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 221.151.230.227 found host 221.151.230.227 (getting name) no name Possible spammer: 221.151.230.227 Received line accepted Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 no date found 203.208.205.207 found host 203.208.205.207 (getting name) no name 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays Tracking message source: 221.151.230.227: Routing details for 221.151.230.227 [refresh/show] Cached whois for 221.151.230.227 : bonbu@kt.co.kr ip@ns.kornet.net abuse@kornet.net Using best contacts abuse@kornet.net Yum, this spam is fresh! Message is 0 hours old 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) 221.151.230.227 is an open proxy 221.151.230.227 not listed in accredit.habeas.com 221.151.230.227 not listed in plus.bondedsender.org 221.151.230.227 not listed in iadb.isipp.com Finding links in message body Recurse multipart: Parsing text part Parsing HTML part Resolving link obfuscation http://phersermeds.com/tx host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://charlescharleycheckerchock.com/tx host charlescharleycheckerchock.com (checking ip) ip not found ; charlescharleycheckerchock.com discarded as fake. http://phersermeds.com host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. http://noremore.com host noremore.com (checking ip) ip not found ; noremore.com discarded as fake. Tracking link: http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d No recent reports, no history available Cannot resolve http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d Tracking link: http://noremore.com No recent reports, no history available Cannot resolve http://noremore.com Tracking link: http://charlescharleycheckerchock.com/tx No recent reports, no history available Cannot resolve http://charlescharleycheckerchock.com/tx Tracking link: http://phersermeds.com/tx No recent reports, no history available Cannot resolve http://phersermeds.com/tx Tracking link: http://phersermeds.com No recent reports, no history available Cannot resolve http://phersermeds.com Please make sure this email IS spam: From: "svsxfsszjjf" (oxxxxycontin no scriptt) This is a multi-part message in MIME format. ------=_NextPart_000_0053_01C54EF8.CF0F0090 ------------------ END OF SPAM------------------------------------------------ Hi All false one? . Fake domains. Nobody to whom to complain? ,-) http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez Regards From null at null.com.none Wed Jun 1 18:52:14 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 12:55:03 2005 Subject: [SpamCop-List] NTL mailhosts wrong again Message-ID: Can a deputy please sort out the NTL mailhosts, new mailservers without proper hostnames have been added, tried re-adding them on my mailhosts but the mailhosts just complain and wont update, now I have lost my mailhosts completly for ntl. Can some rename them from Tesco to NTL too. Heres the submision that spamcop mailhosts wont accept, always worked ok in the past;- Return-Path: Received: from mta02-winn.ispmail.ntl.com (mta02-winn.ispmail.ntl.com [81.103.221.42]) by marti.mine.nu (8.12.6/8.12.6/SuSE Linux 0.6) with ESMTP id j51GNvxm003289 for ; Wed, 1 Jun 2005 17:23:57 +0100 X-Envelope-From: service@admin.spamcop.net Received: from aamta03-winn.ispmail.ntl.com ([81.103.221.35]) by mta02-winn.ispmail.ntl.com with ESMTP id <20050601162357.ZKWO19182.mta02-winn.ispmail.ntl.com@aamta03-winn.ispmail.ntl.com> for ; Wed, 1 Jun 2005 17:23:57 +0100 Received: from spamcop.net ([64.74.133.245]) by aamta03-winn.ispmail.ntl.com with SMTP id <20050601162356.ZDWH11190.aamta03-winn.ispmail.ntl.com@spamcop.net> for ; Wed, 1 Jun 2005 17:23:56 +0100 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 Received: from [81.106.206.105, 82.3.32.71] by spamcop.net with HTTP; Wed, 01 Jun 2005 16:23:53 GMT From: SpamCop robot To: x@ntlworld.com Subject: SpamCop account configuration email Precedence: list Message-ID: Date: Wed, 01 Jun 2005 16:23:53 GMT X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) via http://www.spamcop.net/ v1.456 X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/) X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on marti.mine.nu X-Spam-Level: *** X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_40, DNS_FROM_RFC_ABUSE,FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, FROM_HAS_MIXED_NUMS autolearn=no X-UIDL: #7A!!>hl!!d4-!!8^2"! Hello SpamCop user, This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account. Please return this complete email, preserving full headers and the special tracking codes below. Visit this address: http://www.spamcop.net/mcgi?action=mhreturn Alternately, you may submit via email. Forward the message as an attachment to this address. Or create a new message and paste this email into it. Either way, send it to to: mhconf.9sexhjZFc8O7NHr1@cmds.spamcop.net Some email software may only support one or the other of these submission methods. For information on your email software and to learn how to get full headers see this FAQ: http://www.spamcop.net/fom-serve/cache/19.html Special codes follow: ################################################################ X-SpamCop-Mx: smtpin.ntlworld.com. X-SpamCop-Mx-Ip: 81.103.221.10 X-SpamCop-Mh-Name: NTL X-SpamCop-Recip: x@ntlworld.com X-SpamCop-Unixtime: 1117643033 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 X-SpamCop-Randomness: G5rDTtfiE341UC1y X-SpamCop-Hash: b0600fb68b16f9e89106bf5eecfbbdc2 ################################################################ From nobody at spamcop.net Wed Jun 1 12:45:42 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:25:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: -- "Stello" wrote in message news:d7kdq7$epm$1@news.spamcop.net... > I am not sure I am posting this to the right SC newsgroup. I don't need the > headers parsed but am posting the header that came in the body of an email > seemingly from SpamCop. > > I have a SpamCop paid account that is still active, but have not been using > it lately. I don't think I have used it in 4 months or so. But I receive > email [several to date] saying there is an error in processing spam. I have > not sprcessed any spam at SpamCop. The following is the full email, not > headers from the spam. What is this and is it pure Spam or is someone using > my paid SpamCop account? > > ------------------------------------------------ > > SpamCop encountered errors while saving spam for processing: > Message forwarded in html wrapper. > > When forwarding spam, use a MIME attachment or text-type message with > the spam enclosed. Do not send spam in HTML format. Sometimes this > error is caused by using a "resend" feature to forward spam. > > HTML spam should be sent in text (source code) format. > > > The email which triggered this auto-response had the following headers: > Return-Path: > Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com > [192.168.18.81]) > by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 > for ; Wed, 1 Jun 2005 > 05:56:16 -0700 (PDT) > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) > by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 > Date: Thu, 02 Jun 2005 04:04:32 +0000 > From: Sbtt > Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super > D1sc0unt > To: Submit.kwop3bwk540ooff0 > References: <9H7EH064914KBF0D@spam.spamcop.net> > In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> > Message-ID: <8I3EF8F24DIG548D@atari-portal.net> > Reply-To: Stimconfessing > Sender: K6j32 > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > > > -- > Stello > > I have suspended the reporting privileges on the account with that auth code. Please write to service admin.spamcop.net now and include your registered SpamCop email address. Don will get this straightened out and new auth codesw assigned. Ellen SpamCop From nobody at spamcop.net Wed Jun 1 14:31:49 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:40:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. > Heres the submision that spamcop mailhosts wont accept, always worked ok in > the past;- > After I got the headers unmangled then I noticed that you had modified the special codes section and the system will not accept that. If you want to send a copy with complete headers unmodified to us at deputies admin.spamcop.net then we will try to get the probe accepted. Do you happen to know the IPs of the new mailservers? Ellen SpamCop From nobody at devnull.spamcop.net Wed Jun 1 13:37:06 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Jun 1 13:40:05 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. Had you tried the identified support spot for MailHost configuration, you'd have found proper precedures and addresses for direct contact for such personal assistance. http://forum.spamcop.net/forums/ > This email contains special codes and tracking information to help SpamCop > figure out your specific email configuration. Do not post this email in > public. It contains confidential information related to the security of > your SpamCop account. What a way to demonstrate that you can follow directions. Now you've created yet another issue that needs resolving. > Alternately, you may submit via email. Forward the message as an > attachment to this address. Or create a new message and paste this email > into it. Either way, send it to to: > > @cmds.spamcop.net Now that you've posted your 'secret' codes ... good luck on getting things straightened out. Perhaps Ellen will pass through here and take some pity ... From nobody at spamcop.net Wed Jun 1 15:04:50 2005 From: nobody at spamcop.net (Anti-Spam) Date: Wed Jun 1 14:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Possum Trot" wrote in message news:d7kh1p$grv$1@news.spamcop.net... > > "Larry Kilgallen" wrote in message > news:IBlqYdt92LZ0@eisner.encompasserve.org... > > In article , Sofa King Tyred of Lar Ting > > writes: > >> Hi, > >> > >> I've recently been forwarding the spams I get regarding sites that offer > >> MS software at cheap prices to piracy@microsoft.com. Most of them go > >> through with a standard, semi-automated thank-you response. > >> > >> However, about 5 or 6 have come back later with a response that reads: > >> > >>> Hello, > >>> > >>> Thank you for contacting the Microsoft Anti-Piracy Team. > >>> > >>> We appreciate that you have taken the time to forward anti-piracy leads > >>> to our team. > > > > I have _never_ gotten such a response from piracy@microsoft.com. > > I have reported well over 100 times to the piracy@microsoft.com address and > have never gotten a response like the ones referred to by Sofa. Sounds like > some microsoftie is clueless. Has M$ maybe outsourced this function to > India? > I forward at least a couple of spam a day to piracy@microsoft.com (direct, not through SC) and get responses in bunches every few days, although not necessarily for every spam. There are about three standard form letters, and this 'no address found' seems to make up maybe 25% of them (WAG). I'd guess that these 'no address found' ones have been around since at least as far back as the beginning of the year. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: if@pdczugidxvfbhrctp.com (generated by Webpoison) From MikeE at ster.invalid Wed Jun 1 12:40:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 14:45:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez The tracker is a link to the original spam which was parsed, and it also demonstrates how SC would parse the item at the time of access. You could have posted just that and the result that none of the links were resolved, either in your words or pasted in SC's, such as a part of what you pasted here: > Resolving link obfuscation > http://phersermeds.com/tx > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://charlescharleycheckerchock.com/tx > host charlescharleycheckerchock.com (checking ip) ip not found ; > charlescharleycheckerchock.com discarded as fake. > http://phersermeds.com > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d > host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not > found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. > http://noremore.com > host noremore.com (checking ip) ip not found ; noremore.com discarded as > fake. noremore is a bad 'catch' -- it isn't a link in the spam. Parser error My resolver sez: phersermeds.com DNS 221.229.119.105 charlescharleycheckerchock.com DNS 221.229.119.105 viccxodinnes-hydrooocodxes-painnnkillerxz.comm doesn't resolve, of course noremore.com doesn't resolve and shouldn't have been in there We could discuss why SC's resolver doesn't resolve them if anyone is interested. -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Wed Jun 1 21:54:37 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 15:55:02 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > I would uncheck the reports sent about the two links (caddyshaq and > meetmycomputer). I'm still not sure about this, but from the looks of > the sites, I don't believe that they would be likely to spam. I could > be wrong. Cattyshaq looks to be innocent and the target of a joe-job. On the other hand, Meetyourcomputer has several links through clickbank to the sites of some "anti-spyware" products of extremely dubious nature. The sort where the free version tells you that you have spyware when you don't and then invites you to buy the full version to remove the non-existent spyware. One of the sites it links to is adwaredeluxe, which you can read more about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm Interestingly enough, on further digging, both spamvertised sites are registered to the same person. The more I look into it, the less it feels like a joe-job and the more it looks like the usual rogue affiliate spammer. Either that, or somebody who is proporting to protect people from online scams is not competent enough to do due diligence on their advertising links. I reported around 50 of these things this morning without LARTing the web host. If I get any more, I think I'll change that. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 21:56:36 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >WazoO" wrote in message >news:d7kro3$nq5$1@news.spamcop.net... > > Had you tried the identified support spot for MailHost configuration, > you'd have found proper precedures and addresses for direct > contact for such personal assistance. > http://forum.spamcop.net/forums/ I dont use forums I use usenet, so get over it > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > Where in the email back from spamcop saying it failed does it give me directions to follow, it dosent!! > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... > Well to be honest, this problem of new mailservers needs sorting out with the spamcop mailhosts sytem, it somehow needs to be able to auto-add new ones, I shouldnt have to delete and re-add your mailhosts everytime this happens. Next time I wont bother doing or saying anything, I will just leave it for the inempt spamcop reporters to report the ntl mail servers has they did before and let spamcops reputation of blocking incorrect addresses get worse. From glnews030922 at highspot.net Wed Jun 1 22:01:00 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 16:00:07 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? In-Reply-To: References: Message-ID: Ellen wrote: > "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > >>Posted in .spam >> >>http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z >> >> > > Looks like a joe-job. I am setting the two urls to innocent bystander. If > anyone finds out differently let me know. And yes you can report each one > you receive. Hi Ellen, The more I dig into these, the less it looks like a joe-job to me. The second site has affiliate links pointing to some products whose marketing tactics border on the fraudulent. See my other post in this thread. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 22:27:58 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:30:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >Ellen" wrote in message >news:d7krlm$npm$1@news.spamcop.net... > > > After I got the headers unmangled then I noticed that you had modified > the > special codes section and the system will not accept that. > > If you want to send a copy with complete headers unmodified to us at > deputies admin.spamcop.net > then we will try to get the probe accepted. > > Do you happen to know the IPs of the new mailservers? > > Ellen > SpamCop > I appologise if my post has caused you problems Ellen. Has for helping any further I don't feel inclined to after the Flame I got from Wazoo, maybe he would like to offer to sort it out for you. I wont be posting here again, I will leave it for someone else to pick up the peices next time this happens, which it will, because my ISP will carry on adding more mailservers on a regular basis. Regards Martin From nobody at spamcop.net Wed Jun 1 17:48:47 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 16:55:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l5of$tou$1@news.spamcop.net... > > > I appologise if my post has caused you problems Ellen. > Has for helping any further I don't feel inclined to after the Flame I got > from Wazoo, maybe he would like to offer to sort it out for you. > I wont be posting here again, I will leave it for someone else to pick up > the peices next time this happens, which it will, because my ISP will carry > on adding more mailservers on a regular basis. > > Regards Martin > > I did get an email from elsewhere with the new NTL server IPs in it and set a flag for them so the system does know they are mailservers. If you want to pursue adding your mailhosts back and have a problem you can write to me at deputies admin.spamcop.net and we can get that straightened out. Ellen SpamCop From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:33:13 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:35:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: *plonk* From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 16:32:19 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 18:35:06 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: > Brian (SnSR) wrote: > > >> I would uncheck the reports sent about the two links (caddyshaq and >> meetmycomputer). I'm still not sure about this, but from the looks of >> the sites, I don't believe that they would be likely to spam. I could >> be wrong. > > > Cattyshaq looks to be innocent and the target of a joe-job. > > On the other hand, Meetyourcomputer has several links through clickbank > to the sites of some "anti-spyware" products of extremely dubious > nature. The sort where the free version tells you that you have spyware > when you don't and then invites you to buy the full version to remove > the non-existent spyware. > > One of the sites it links to is adwaredeluxe, which you can read more > about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm > > Interestingly enough, on further digging, both spamvertised sites are > registered to the same person. The more I look into it, the less it > feels like a joe-job and the more it looks like the usual rogue > affiliate spammer. Either that, or somebody who is proporting to protect > people from online scams is not competent enough to do due diligence on > their advertising links. > > I reported around 50 of these things this morning without LARTing the > web host. If I get any more, I think I'll change that. > The domains being registered to the same person does not have anything to do with it being or not being a joe job. It is likely that, if this is a joe job, that the scammer has been reading their forum and most likely it is common knowledge that the two sites are related. I tried to signup for the forum earlier this morning, but have not received my confirmation. How would an affiliate get paid? Do they offer affiliate programs? Think about what the Caddy Shaq site is doing. Might this not piss off some scammer? Same with the meetyourcomputer site. Their host, ipowerweb also seems to be clean, at least on a quick, preliminary check. I haven't had time to really dig, so I may be wrong. One reason for caution, is that bad reporting gives anti-spammers a bad image. The link for adwaredeluxe.com is problematic, I agree. Brian From davigarQUITAESTO at excite.com Thu Jun 2 01:36:17 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 18:40:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: "Mike Easter" escribió en el mensaje news:d7kvf6$q3r$1@news.spamcop.net... > Averroes wrote: > > Surely. It was a small "divertimento" after to process tons of sweepings with the technique of the camouflage of domains. Sorry ;-) > We could discuss why SC's resolver doesn't resolve them if anyone is > interested. Ok. I suppose that the difficulty of the dredges of Spam Cop is because "fake domain" is redirected. Find "the true" domain of spamer Saludos From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:42:26 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:45:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: eddie wrote in news:pan.2005.05.31.16.32.16.564000@eddie.web: > > Looks as if we hit a spamkiddy. I love the smell of fresh spam - > smells like - like - - victory. > Thanks, Dharmy-kid for letting us know we got through to you. > Om mani padme hung one on you. > That guy is an idiot. That hotmail account is only used specifically for newsgroups and sending LARTs to dubious ISPs. Basically just a throwaway. I've already posted it here before and I do receive spam through it. (But Microsoft's recent improvements on the spamfilters has reduced the spam flow to near nothing.) Either way.. he has been escalated to plonk-on-sight permanently. From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:45:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:50:04 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: Blammo wrote in news:Xns966730861A38Dblammo@216.154.195.61: >> >> Try Xnews. It's free. >> > > And you don't need to install anything, you can tuck it away in a > folder somewhere, noone but you needs to know. Though it's pretty much > news only. > > No registry crap to worry about.. nothing. It was the way everyone installed programs 15 years ago when the only thing in town was MS-DOS. Those were they days. :-) But back to Xnews, It's quite a powerful little application too. :-) From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:58:35 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:00:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: Kilgallen@SpamCop.net (Larry Kilgallen) wrote in news:tX6lula4D5zF@eisner.encompasserve.org: >> >> This is true for any free email service. If it is offered free, how >> can they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and >> Yahoo! as well. > > As I said, a faulty busines model (vis. a vis. spam). > They do have limits on out-going email. But if a spammer opens numerous accounts and uses an automated program to get through the web interface, that could be a problem until all those open bum accounts get the mallet. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:05:15 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:10:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Anti-Spam" wrote in news:d7ktca$ov1$1@news.spamcop.net: >> > >> > I have _never_ gotten such a response from piracy@microsoft.com. >> >> I have reported well over 100 times to the piracy@microsoft.com >> address and have never gotten a response like the ones referred to by >> Sofa. Sounds like some microsoftie is clueless. Has M$ maybe >> outsourced this function to India? >> > > I forward at least a couple of spam a day to > piracy@microsoft.com (direct, not through SC) > and get responses in bunches every few days, > although not necessarily for every spam. There > are about three standard form letters, and this > 'no address found' seems to make up maybe > 25% of them (WAG). I'd guess that these > 'no address found' ones have been around since > at least as far back as the beginning of the year. > > -- > Bring in the death penalty for repeat spammers. > Non-functional spambait addr: if@pdczugidxvfbhrctp.com > (generated by Webpoison) > > > I have a feeling that Microsoft may have an bot that screens the piracy reports for links to see if it is active and/or may have references to Microsoft's products. (All speculation of course.) But it is to keep in mind that many of these pirate sites rotate their IP addresses using hijacked proxies to provide a forwarding service. If the DNS points to an IP address that is dead, then the true site will never show up until it refereshes with a new IP address. From MikeE at ster.invalid Wed Jun 1 17:09:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 19:10:07 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > "Mike Easter" >> We could discuss why SC's resolver doesn't resolve them if anyone is >> interested. > > Ok. The last time I summarized it with links was here: news://news.spamcop.net/d754p4$2r8$1@news.spamcop.net Subject: Re: Strange error: SpamCop finds links, but doesn't report Date: Thu, 26 May 2005 11:33:09 -0700 Mike Easter wrote: > You will observe many types of body url parsing 'faults' > - SC can't resolve, but on refresh will > - SC can't resolve but spends a lot of time trying -- cause is > presumably either pokey nameservice, blocking SC's resolver, or both > - SC doesn't resolve and doesn't spend any time either -- cause might > be SC's prioritization of its resources > > These behaviors have been discussed here and also in the forum at some > length. Currently 8 pages of forum discussion start here > http://snipurl.com/f62o WazoO's May 7 comment can be seen here > http://snipurl.com/f62v which is in the topic "URLs not reported, SC > finds, but does not offer to LART!" > > There's also "SpamCop reporting of spamvertized URLs, Viewpoint(s)" > http://snipurl.com/f632 - which contains commentary from me from this > newsgroup news://news.spamcop.net/d56o3h$oia$1@news.spamcop.net > > Subject: Re: Error-why? Last question > Date: Mon, 2 May 2005 19:38:30 -0700 > Message-ID: > I suppose that the difficulty of the dredges of Spam Cop is because > "fake domain" is redirected. Find "the true" domain of spamer No. The problem is in the resolution. When you are reading the verbose, some things you take 'seriously' as meaningful; other things you take as 'that's just what SC sez' -- but not seriously as meaningful. In this case the words 'ip not found' are at the heart of the matter. In this specific case, that means that SC 'tried' [however much is another subject] to resolve the url, but was not successful. You can't tell from the words whether the failure was because SC resolver was blocked or just timed out. The words 'discarded as fake' aren't meaningful and they don't have anything to do with a website redirecting. The business of how SC 'documents' its verbose output could use some work, because it is sometimes misleading or confusing. In order to provide you with a notify address, SC has to resolve the url and go from there. If it doesn't resolve because SC doesn't try or because it tries and is unsuccessful, then it isn't going to be forthcoming with a notify address -- the notify address is obtained from using the IP and finding its netblock in the RIR, and then the contact for that provider. No IP, no notify offered. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Jun 2 00:13:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 1 19:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: On 01 Jun 2005 Mike Easter entered spamcop and left news:d7kn71$l67$1@news.spamcop.net: > Other places a submit address could 'reside'.... > > - in your addressbook if you ever used that address to submit > - in the mail received by any other entity if you addressed copies to > others to whom you report a spam. > If the Spamcop login page is cached by the browser, then a virus could find it. However since we haven't seen the original headers, so we don't even know if this actually came from Spamcop. If Ellen's post implies it is, then it could always be (besides the already mentioned) a user error, such as forwarding to all, inadvertantly including spamcop.net. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:15:40 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:20:02 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in news:d7jhlo$uuh$1 @news.spamcop.net: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will be forced take legal action against
> false complainants to recover any losses caused to us. > > end quote > > LART with extreme prejudice > > I love these "frea speach" statements. LART with extreme prejudice? You bet. :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:20:29 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:25:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Ron B." wrote in news:d7j9br$qbm$1@news.spamcop.net: > > > LOL. Aren't you afraid that they will take legal action against your > "..false complaints..."? Yeah.. they'll retain Johnny Cochran to represent them. :-) From glnews030922 at highspot.net Thu Jun 2 01:34:19 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 19:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Graeme Leith wrote: > >> Cattyshaq looks to be innocent and the target of a joe-job. >> >> On the other hand, Meetyourcomputer has several links through >> clickbank to the sites of some "anti-spyware" products of extremely >> dubious nature. The sort where the free version tells you that you >> have spyware when you don't and then invites you to buy the full >> version to remove the non-existent spyware. >> >> One of the sites it links to is adwaredeluxe, which you can read more >> about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm >> >> Interestingly enough, on further digging, both spamvertised sites are >> registered to the same person. The more I look into it, the less it >> feels like a joe-job and the more it looks like the usual rogue >> affiliate spammer. Either that, or somebody who is proporting to >> protect people from online scams is not competent enough to do due >> diligence on their advertising links. >> >> I reported around 50 of these things this morning without LARTing the >> web host. If I get any more, I think I'll change that. >> > > The domains being registered to the same person does not have anything > to do with it being or not being a joe job. It is likely that, if this > is a joe job, that the scammer has been reading their forum and most > likely it is common knowledge that the two sites are related. I tried to > signup for the forum earlier this morning, but have not received my > confirmation. Yes, being registered to the same person doesn't mean anything, but the grey area products being offered by the second site makes me very suspicious about the whole thing. > How would an affiliate get paid? Do they offer affiliate programs? The advertising links all go to cattyshaq.hop.clickbank.com and are then redirected to the product site. It's then easy for them to track who gets paid for the signup based on the referrer. > Think about what the Caddy Shaq site is doing. Might this not piss off > some scammer? Same with the meetyourcomputer site. Their host, ipowerweb > also seems to be clean, at least on a quick, preliminary check. True, but why are they advertising products who rely on possibly fraudulent techniques to get people to buy their software? > I haven't had time to really dig, so I may be wrong. One reason for > caution, is that bad reporting gives anti-spammers a bad image. I'm not saying it's definitely not a joe-job, but the affiliate links for dodgy software on the second site provide a method that could make money from the spam run. If they weren't there, I'd say 100% joe-job, but pushing often spamvertised software makes me have second thoughts. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From zypher at spamcop.net Wed Jun 1 19:34:02 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Jun 1 19:35:05 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: (Major Snip) > > I'm not saying it's definitely not a joe-job, but the affiliate links > for dodgy software on the second site provide a method that could make > money from the spam run. If they weren't there, I'd say 100% joe-job, > but pushing often spamvertised software makes me have second thoughts. > If this is a joe-job, it's a slick one. If this isn't, then it is even slicker. From nobody at spamcop.net Wed Jun 1 22:52:44 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 22:15:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Ron B." wrote in message news:d7lglb$5dv$1@news.spamcop.net... > Graeme Leith wrote: > > (Major Snip) > > > > > I'm not saying it's definitely not a joe-job, but the affiliate links > > for dodgy software on the second site provide a method that could make > > money from the spam run. If they weren't there, I'd say 100% joe-job, > > but pushing often spamvertised software makes me have second thoughts. > > > > If this is a joe-job, it's a slick one. If this isn't, then it is even > slicker. At this point I am going to consider it a joe-job altho I take Graeme's comments under advisement. I suppose I am going to err on the side joe-job altho I am not 100% convinced. Ellen From Vangu at rd.invalid Wed Jun 1 22:41:25 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:45:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "WazoO" wrote in message news:d7kro3$nq5$1@news.spamcop.net... > "Martin" wrote in message > news:d7kp3u$m5m$1@news.spamcop.net... >> This email contains special codes and tracking information to help >> SpamCop >> figure out your specific email configuration. Do not post this email >> in >> public. It contains confidential information related to the security >> of >> your SpamCop account. > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > >> Alternately, you may submit via email. Forward the message as an >> attachment to this address. Or create a new message and paste this >> email >> into it. Either way, send it to to: >> >> @cmds.spamcop.net > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... Since Martin posted his secret code here (in the form of his username for his personalized submit e-mail address), shouldn't that qualify his account to get killed (so malcontents don't end up abusing his account)? Seems like Martin should be forced into creating a new account so now that he has been reminded to read the instructions then maybe he might comply with them. From Vangu at rd.invalid Wed Jun 1 22:46:18 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:50:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l3tl$seq$1@news.spamcop.net... > Where in the email back from spamcop saying it failed does it give me > directions to follow, it dosent!! Ummm, how about the very first paragraph that says: "This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account." "Do not post this email in public" was something you could not fathom? What, you thought Usenet was some private "forum" in which you and only the SpamCop admins can post and read those posts? Now slap your forehead and say "Duh-Uhhhh". From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 20:56:10 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 23:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again In-Reply-To: References: Message-ID: Vanguard wrote: > "WazoO" wrote in message > news:d7kro3$nq5$1@news.spamcop.net... > >> "Martin" wrote in message >> news:d7kp3u$m5m$1@news.spamcop.net... >> >>> This email contains special codes and tracking information to help >>> SpamCop >>> figure out your specific email configuration. Do not post this email in >>> public. It contains confidential information related to the security of >>> your SpamCop account. >> >> >> What a way to demonstrate that you can follow directions. Now >> you've created yet another issue that needs resolving. >> >>> Alternately, you may submit via email. Forward the message as an >>> attachment to this address. Or create a new message and paste this >>> email >>> into it. Either way, send it to to: >>> >>> @cmds.spamcop.net >> >> >> Now that you've posted your 'secret' codes ... good luck on >> getting things straightened out. Perhaps Ellen will pass through >> here and take some pity ... > > > Since Martin posted his secret code here (in the form of his username > for his personalized submit e-mail address), shouldn't that qualify his > account to get killed (so malcontents don't end up abusing his account)? > Seems like Martin should be forced into creating a new account so now > that he has been reminded to read the instructions then maybe he might > comply with them. Let's not forget that we are all doing what we can, with what we know, to help deal with spam. Well, maybe some of the trolls don't fit into this category, but most of us do. We all have started from a place where we didn't know much about spam or the process of reporting it. Let's try to help each other out instead of being so critical and turning noobs away. Yes, there are certain 'ways' that this newsgroup functions best. But for those that aren't familiar with those ways, give some slack. They will hopefully find out on there own by observation. If they don't get it for awhile, then inform them. When I first quit lurking and started posting, I was attacked severely. If I wasn't so resilient, I would probably have immediately left, and no longer put forth any effort to combat spam and scams. And yes, I would still do what I did, after learning all that I have. :P We are in this together. Don't make it hard for someone to join in. Brian From ThePulse at SpamCop.net Wed Jun 1 23:59:37 2005 From: ThePulse at SpamCop.net (ThePulse) Date: Wed Jun 1 23:00:06 2005 Subject: [SpamCop-List] Spam Reporting...torturous Message-ID: I must say that reporting spam via SC is really a pain. Don't get me wrong, I love knowing that I'm taking a bite out of spam just as much as the next guy. But since I report spam coming into our servers for customers as well as myself, I need to be able to report about 100 pieces of email at a time. I'm currently sending them as an attachment, which I guess is the quickest way possible, but having to click through each one on the website takes about an hour. I don't have that kind of time to spend each day, it's just impossible. Is there hope? Vito The Pulse From nobodyy at devnull.spamcop.net Thu Jun 2 00:26:10 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 23:30:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Ellen" wrote in message news:d7kqvf$n9b$1@news.spamcop.net... > > > I have suspended the reporting privileges on the account with that auth > code. Please write to service admin.spamcop.net now and include your > registered SpamCop email address. Don will get this straightened out and > new auth codesw assigned. > > Ellen > SpamCop SpamCop admin found me at my registered email address and fixed the problem. Thanks for your help and the explanations the others gave. [Some of which I did not understand] I had no idea anything real that pertained to me was in the body of that email. Spammers have become tricky and obnoxious, but Spam is probably here to stay. It has made the electronic communication less than instant communication like it was supposed to be. I had the displeasure of experiencing and extreme way of getting control of the flood of spam. It was not pleasant. I emailed the person about a business matter, received an auto response with a link to follow to request my email address be allowed to pass the filter. Then I had to type a brief note about the business I was emailing about, and enter 4 random letters in a security box then click a button to send. Supposedly the person I was trying to contact will check the filter and admit my email. Geesh! Emailing has become "painful". :) -- Stello From nttp.sc.s at bigsleep.org Thu Jun 2 05:46:01 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 00:50:03 2005 Subject: [SpamCop-List] App to remove shareware from your computer? Message-ID: Yea, I know, I don't read spam, but this had unusual headers for one that originated from a Hanaro IP. The message plays on the (apparent) extreme stupidity of some people, offering the undoubtedly virus-laden "anti-spyware tool", but this one has the added feature of removing that dreaded ShareWare as well... 'As a member of the information industry, I was particularly outraged by this attack. I don't want what happened to me to happen to another single user. So right now I'm offering everyone the chance to have their computer "diagnosed" for both AdWare and ShareWare infections. I'm that serioius. I won't charge you a single dime to have it done. You can run your no-cost scan starting here:' -- | Ric | From nttp.sc.s at bigsleep.org Thu Jun 2 05:55:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 01:00:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 01 Jun 2005 ThePulse entered spamcop and left news:d7lsn2$bdf$1@news.spamcop.net: > But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a > time. I never report other people's spam, I'm tempted to but it's not my spam and I never know if it may be something they subscribed to. I certainly wouldn't do it for free, and you could certainly charge for doing it (so what are you complaining about?). Why don't you just block this spam and them them report their own spam? I don't think it's important to report fast, the number of reporters is more important. The odds are that someone will have time to report the ones you didn't have the time to. Multiple people can report many times faster than one. -- | Ric | From spamcram at spymac.com Wed Jun 1 23:03:10 2005 From: spamcram at spymac.com (Vernon Hardapple) Date: Thu Jun 2 01:05:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous In-Reply-To: References: Message-ID: I'm curious. Why do you report other people's spam? Are these clients of yours? From alfred at china-ken.com Thu Jun 2 16:02:58 2005 From: alfred at china-ken.com (Alfred) Date: Thu Jun 2 03:05:02 2005 Subject: [SpamCop-List] Please remove my IP from your spam list Message-ID: Dear sirs, I applied a commercial mail server at chinadds.com, but while I send emails, it's always returned. This IP is innocent, please remove it from your list. 61.129.102.51 -- Alfred CHEN Yanfei Manager of No. 2 Overseas Operation Dept. ----------------------------------------- Global Marketing Center SHANGHAI KEN TOOLS CO. LTD. #5 Xinrong Rd., Xinqiao Town Songjiang District, Shanghai 201612 P. R. China Web: http://www.china-ken.com From Ilgaz at spamcop.net Thu Jun 2 11:13:33 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:15:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 2005-06-02 10:02:58 +0300, "Alfred" said: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 You can't remove anything that way. Even you have a innocent site, your mails won't come here too since as a user I blocked whole China by my wish (defaults to OFF). You know who to blame if you check the statistics at www.spamcop.net Follow the links at www.spamcop.net ,"for mailers". Notice a huge population on Internet has blocked China, nobody can do anything about it except your government and companies start taking spam reports serious! Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:19:36 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:20:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: On 2005-06-01 08:39:03 +0300, "Berny" said: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will > I wouldn't wait a second if I was american to call/mail offices. It would teach them what it means to abuse a law by falsely referencing in any part of the world. A jerk bugged my mailbox 4-5 times that he is petrol minister of UAE (Dubai), I got finally bored from sending reports and his spam ended in hands of Dubai police. I said "Its your minister, your ISP, your criminal, fix it" at additional notes I didn't hear from him since ;) Oh believe or not, he was using a UAE ISP. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:25:44 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 2005-06-02 05:59:37 +0300, "ThePulse" said: > I must say that reporting spam via SC is really a pain. Don't get me > wrong, I love knowing that I'm taking a bite out of spam just as much > as the next guy. But since I report spam coming into our servers for > customers as well as myself, I need to be able to report about 100 > pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the > quickest way possible, but having to click through each one on the > website takes about an hour. I don't have that kind of time to spend > each day, it's just impossible. > > Is there hope? > > Vito > The Pulse > You shouldn'T report anyones spam. If they wish, there must be a way to report their own spam. The thing is, e.g. that recent "Ringo". It can sound like spam to you but there are actual people (no comment) who uses it actually! Also, e.g. yesterday a $100.000 episode of a turkish TV series was in my "held mail" , you can never be sure lol. Guy clicked "send mail" from Yahoo, attach word file, added nothing. Of course hitting some funny spam score. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:27:16 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 2005-06-02 07:46:01 +0300, Blammo said: > Yea, I know, I don't read spam, but this had unusual headers for one > that originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one > has the added feature of removing that dreaded ShareWare as well... > > > 'As a member of the information industry, I was particularly outraged > by this attack. I don't want what happened to me to happen to > another single user. So right now I'm offering everyone the chance to > have their computer "diagnosed" for both AdWare and ShareWare > infections. I'm that serioius. I won't charge you a single dime to > have it done. You can run your no-cost scan starting here:' Lol, now thats funny. Will forward to mac shareware authors I know Ilgaz From nttp.sc.s at bigsleep.org Thu Jun 2 09:06:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 04:10:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 02 Jun 2005 Ilgaz Ocal entered spamcop and left news:d7mbit$ipj$2@news.spamcop.net: > On 2005-06-02 10:02:58 +0300, "Alfred" said: > >> >> 61.129.102.51 > > You can't remove anything that way. Even you have a innocent site, > your mails won't come here too since as a user I blocked whole China > by my wish (defaults to OFF). You know who to blame if you check the > statistics at www.spamcop.net > Only excuse I need... http://njabl.org/cgi-bin/lookup.cgi?query=61.129.102.51 I think being listed Spamcop is pretty insignificant here. -- | Ric | From nospam at fuck-off-and-die.com Thu Jun 2 15:39:18 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 04:55:29 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: Alfred, , the obese, rectal flake, and employee who sweeps the floor, hee-hawed: > Web: http://www.china-ken.com AAARRRRGGGHHHHH!!!! I'm blind! I'm blind! From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:23:52 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:25:10 2005 Subject: [SpamCop-List] [MEDIA] ICANN approves .xxx domain names Message-ID: http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 quote: "CM contends the "xxx" web addresses, which it plans to sell for $60 a year, will protect children from online smut if adult sites voluntarily adopt the suffix so filtering software used by families can more effectively block access to those sites. The $60 price is roughly ten times higher than prices other companies charge for dot-com names." The key here is "voluntary". Somehow I heavily doubt that those sites involved in spamming will go for this domain name. Particularly since it would be easy to simply dev/null any spam with the .xxx domain name. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:35:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:40:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in news:d7mavo$iq4$1@news.spamcop.net: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send > emails, it's always returned. This IP is innocent, please remove it > from your list. > > 61.129.102.51 > > -- > Alfred CHEN Yanfei > Manager of No. 2 Overseas Operation Dept. > ----------------------------------------- > Global Marketing Center > SHANGHAI KEN TOOLS CO. LTD. > #5 Xinrong Rd., Xinqiao Town > Songjiang District, Shanghai > 201612 P. R. China > Web: http://www.china-ken.com > > According to this: http://www.spamcop.net/w3m?action=checkblock&ip=61.129.102.51 Spamcop does not have the IP address listed. But Spamcop is the least of your troubles.. http://www.moensted.dk/spam/?addr=61.129.102.51&Submit=Submit China is listed on several blacklists. Meaning it will be extremely difficult trying to remove that IP address. Particularly from here: http://spews.org/html/S2632.html From Kilgallen at SpamCop.net Thu Jun 2 08:40:48 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 08:45:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , Blammo writes: > Yea, I know, I don't read spam, but this had unusual headers for one that > originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one has > the added feature of removing that dreaded ShareWare as well... One of the reasons for not posting spam in this newsgroup is so the rest of us don't have to (start to) read your spam. We all get enough of our own. From nospam at fuck-off-and-die.com Thu Jun 2 19:29:37 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 08:45:05 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: <1d2c5d5337b24490a82aed6e2afb7eea@you.double-faced-tempest-swept-boxer.net> Larry Kilgallen, , the tuberculate, anaemic measle, and prison warder and gaol keeper, cackled: > In article , Blammo > writes: >> Yea, I know, I don't read spam, but this had unusual headers for one >> that originated from a Hanaro IP. >> >> The message plays on the (apparent) extreme stupidity of some people, >> offering the undoubtedly virus-laden "anti-spyware tool", but this >> one has the added feature of removing that dreaded ShareWare as >> well... > > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. He was illustrating a humorous point, you fucking stupid, humourless cunt. From nospam at fuck-off-and-die.com Thu Jun 2 20:02:07 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 09:20:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: <73af851bef4a44409c735793a571cc27@you.obscure-stiffened-fish.com> Blammo, , the perplexed, pesky honky, and pickled herring packer, evangelised: > I never report other people's spam, I'm tempted to but it's not my > spam and I never know if it may be something they subscribed to. Is that an admission that you read other people's emails? [Insert "my box, my rules, yadda yadda yadda" here] From nobody at spamcop.net Thu Jun 2 06:51:07 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 2 09:20:07 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in message news:d7mavo$iq4$1@news.spamcop.net... > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 > IP 61.129.102.51 is not listed in the SpamCop blocklist; it delisted: 5/26/2005 9:30:06 PM -0400 Ellen SpamCop From eddie at eddie.web Thu Jun 2 12:25:39 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following reporting > address > Reporting addresses: > s_mal@informtelecom.ru > Update: This morning it was 70% of the URLs that managed to escape the SC parser in this same way. When all the spammers catch on and the level is 100% will that make this bug a higher priority? I no longer do multiple refreshes "in the hopes" of SC eventually catching the URL. I simply skip on to the next piece of spam. Those reporting in bulk probably never notice this bug. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Thu Jun 2 12:27:35 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:09 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: On Thu, 02 Jun 2005 12:23:52 +0000, Redstone scratched out the following: > http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 > > > quote: > > "CM contends the "xxx" web addresses, which it plans to sell for $60 a > year, will protect children from online smut if adult sites voluntarily > adopt the suffix so filtering software used by families can more > effectively block access to those sites. The $60 price is roughly ten > times higher than prices other companies charge for dot-com names." > > > The key here is "voluntary". Somehow I heavily doubt that those sites > involved in spamming will go for this domain name. Particularly since it > would be easy to simply dev/null any spam with the .xxx domain name. why would whitehouse.com, for example switch to whitehouse.xxx? Why would a pornographer do anything that is "voluntary?" That's like asking a criminal to register his gun if he has the time :) -- Once movie theaters gave out steak knives Today they confiscate them From devnull at spamcop.net Thu Jun 2 12:28:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Jun 2 11:35:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "Redstone" | http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 | | quote: | | "CM contends the "xxx" web addresses, which it plans to sell for $60 a | year, will protect children from online smut if adult sites voluntarily | adopt the suffix so filtering software used by families can more | effectively block access to those sites. The $60 price is roughly ten times | higher than prices other companies charge for dot-com names." | | | The key here is "voluntary". Somehow I heavily doubt that those sites | involved in spamming will go for this domain name. Particularly since it | would be easy to simply dev/null any spam with the .xxx domain name. $60 per year is chum change. If I were doing that business I'd have duplicate registrations. One I could span the h*ll out of and one that for those who were seeking porn. that way I'd get them going and coming ... or is it coming and coming? (D&R) My question: if the registration process is 'intended' to be a service how come the $60 reg rate? can we spell -profit center- ? From wb8tyw at qsl.network Thu Jun 2 12:20:19 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Jun 2 12:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: In article , eddie writes: > On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > > Update: > This morning it was 70% of the URLs that managed to escape the SC parser > in this same way. When all the spammers catch on and the level is 100% > will that make this bug a higher priority? A spot check of the URLs that spamcop.net does not resolve when I report them reveals that about 10% of them do not resolve by other means. The remaining 90% resolve to a source already listed by the sbl.spamhaus.org. I do not have a large sample, but the trend is pretty convincing. Note that a spot check of the URLs that do resolve generally shows that they are also listed in the sbl.spamhaus.org. A web host with listings in the sbl.spamhaus.org is probably not going to do anything to disconnect their pet spammer regarless of how many spamcop.net or other larts that they receive. The sbl.spamhaus.org is probably used by far more mail server and router owners than the bl.spamcop.net is. In addition, the spamhaus.org site is now posting something about having a list of I.P. ranges suitable for blocking at the router. Which means that none of those spammer web sites are accessable to the networks that take advantage of it. > I no longer do multiple refreshes "in the hopes" of SC eventually catching > the URL. I simply skip on to the next piece of spam. Those reporting in > bulk probably never notice this bug. The reports to the web hosts are mainly feeding internal spamcop statistics. As they are not feeding any blocking list, there is no teeth behind the larts. There have been posts from network owhers where one of these reports has alerted them to a zombie on their networks. There may be a case for not sending LARTs to sbl.spamhaus.org listed I.P. addresses. It is possible that the only thing being done with them is passing them through to the spammers who are using them to estimate how much of their spew made it through a mail server's filters. Most likely they are simply deleted unread as soon as they hit the mail server. -John wb8tyw@qsl.network Personal Opinion Only From jr70 at blackhole.invalid Thu Jun 2 11:51:47 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 13:55:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.01.15.36.46.675000@eddie.web... > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? > Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following > reporting address > Reporting addresses: > s_mal@informtelecom.ru > > It's as if the software spins out a thread to look up the DNS and > reporting address and the main program forgets about the thread and > continues on its merry way. But that's only a guess. I've been reporting this situation for months, but no one in the SC hierarchy seems very interested in it, only to the extent of making weak excuses. Something is seriously wrong. -- John Richards From jr70 at blackhole.invalid Thu Jun 2 11:59:40 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 14:00:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: "ThePulse" wrote in message news:d7lsn2$bdf$1@news.spamcop.net... >I must say that reporting spam via SC is really a pain. Don't get me wrong, > I love knowing that I'm taking a bite out of spam just as much as the next > guy. But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the quickest > way possible, but having to click through each one on the website takes > about an hour. I don't have that kind of time to spend each day, it's just > impossible. > > Is there hope? I report only spam that has managed to slip through my ISP's spam filters. That way the numbers are still manageable (about 12 per day). If my ISP's filter catches and tags it, I figure that it's a known spammer not requiring further reporting. -- John Richards From nttp.sc.s at bigsleep.org Thu Jun 2 19:05:25 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 14:10:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 02 Jun 2005 Larry Kilgallen entered spamcop and left news:UhBky5HTBT09@eisner.encompasserve.org: > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. > And you only pick on me, if you love me, why don't you just come out and say it? -- | Ric | From eddie at eddie.web Thu Jun 2 15:11:58 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 14:15:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 10:51:47 -0700, John Richards scratched out the following: > "eddie" wrote in message > news:pan.2005.06.01.15.36.46.675000@eddie.web... >> The "bug" that causes SC's parser to skip reporting a URL even though it >> sort-of finds it is now more than 50% of my daily spam. At what point >> does it become important enough to warrant an investigation? Just >> curious. > > I've been reporting this situation for months, but no one in the SC > hierarchy seems very interested in it, only to the extent of making weak > excuses. Something is seriously wrong. Yes, I agree. But SC only cares if we report the sender. They don't care about the URLs, as has been pointed out before, even though I consider that caveman 20th century thinking, and backwards at that. If you "follow the money" you hit the URL first, not the spammer which is usually a moronic user with a zombie that will be quickly replaced. The URL is the key to killing spam. My suggestion, and I am seriously considering it, is to cancel any spam that does not parse properly. Repeatedly hitting the refresh to do SC's work is not what I get paid for. SC gets paid for their blockling lists, so by refusing to report anything if the parser fails will eventually get somebody's attention at SC because of the drop in reports. If a spammer is smart enough to figure out a way around the system, I acknowledge his intelligence and dilligence and even though I don't like spam, I might give him a pass for being clever. Otherwise, SC might never do anything. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Thu Jun 2 16:05:56 2005 From: nobody at spamcop.net (indigo) Date: Thu Jun 2 15:10:03 2005 Subject: [SpamCop-List] Opinions wanted on Plaxo email service Message-ID: A friend of mine sent me a "request for personal info update" from Plaxo. I gave him my updated contact info (home address, phone numbers, etc.) but emailed it back to him, not thru Plaxo (if you hit "reply" the email goes to Plaxo, not your buddy). After a quick google search these two sites popped up in the first 4 sites listed and I did not like what I read. Opinions? Am I being over paranoid? I think not........ http://www.plaxo.com/css/about/wsj_20040227.html http://www.dynamoo.com/diary/plaxo-bebo-spam-spyware.htm From MikeE at ster.invalid Thu Jun 2 13:27:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 15:30:04 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Yes, I agree. But SC only cares if we report the sender. They don't > care about the URLs, as has been pointed out before, even though I > consider that caveman 20th century thinking, and backwards at that. > If you "follow the money" you hit the URL first, not the spammer > which is usually a moronic user with a zombie that will be quickly > replaced. The URL is the key to killing spam. The problem isn't that it isn't a good idea to do something about spamvertisers.... ... the problem is that the most common result of SC finding the url, resolving it to an IP, and notifying the provider for that IP block is not the result which you might wish. The most common result of a successful notify is that SC is sending a copy of the spam to a blackhat unresponsive provider. That is not a big plus, and it is sometimes accompanied by the spam containing unique content identifying the recipient/s. The other result is that nothing happens to the url except that it gets listed on the stats page for the sc-surbl scrape. If SC were notifying whitehat providers, the notify would have some value. Since that is rarely the case, the absence of the SC notify is very little loss. > My suggestion, and I am seriously considering it, is to cancel any > spam that does not parse properly. Repeatedly hitting the refresh to > do SC's work is not what I get paid for. I don't think hitting refresh is a good use of resources. It very very often wastes both your time and the parser resources. > SC gets paid for their > blockling > lists, so by refusing to report anything if the parser fails will > eventually get somebody's attention at SC because of the drop in > reports. SC isn't going to notice your failure to report amongst the millions of reports. It might not even notice 'a bunch' of standard reporters because of the 'weight' of the combination of spamtraps and quick reporters, neither of which are notifying spamvertiser providers. > If a spammer is smart enough to figure out a way around the > system, I acknowledge his intelligence and dilligence and even though > I don't like spam, I might give him a pass for being clever. > Otherwise, SC might never do anything. Your strategy for motivating SC to do something different about this isn't going to change whatever Julian is doing and thinking about. Personally, I would rather see the parser work differently, too. I would rather see it find the urls and offer to devnull [or not devnull] all of the spamvertisers and not even bother with trying to resolve them [as a reporter selected option.] Then, all of the spamvertisers which aren't IBs to the reporter would be getting onto the stats page. And the parser wouldn't be wasting its resources trying to deal with the resolution problem which just leads to a notify problem anyway. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Thu Jun 2 15:43:25 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 15:45:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: <9SDQ96zXefPJ@eisner.encompasserve.org> I think they are still spammers, just as they were a year or so ago. From nttp.sc.s at bigsleep.org Thu Jun 2 21:05:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 16:10:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: This post subject should probably read "Spammer offers App to remove shareware from your computer?" Larry's post brings up an interesting thought... Why he read my post Why he thought it was spam Why he took the time to complain I used the best subject I could think of at the time, however it could be considered a valid question, then when one reads it they get annoyed that it's not a question at all. That goes to show how Larry got fooled into reading the message based on the subject, how I got fooled into reading the spam I posted about, and how some can get fooled into responding to spam. This type of "sympathy spam" is designed to trick you into reading the entire message, to better convince you. The written word is given more weight, probably because of the processes involved in converting a group of words into an idea. So we have to retrain our minds into recognizing a group of words as bullshit, especially when trying to recognize spam. Now I started to read this spam because of the unusual headers, and only continued to read it because of the way it was written, as I pointed out. Most won't be looking at the headers, but will have to mentally rate it as bullshit (or not), based on their own bullshit system. Those who are fooled likely don't realize how harmful this type of spam can be. This is the (mostly intentional) point of my post. Or maybe Larry is reading every single post, or every one of my posts. -- | Ric | From MikeE at ster.invalid Thu Jun 2 14:35:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 16:40:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Blammo wrote: > The written word is given more weight, probably because of the > processes involved in converting a group of words into an idea. So we > have to retrain our minds into recognizing a group of words as > bullshit, especially when trying to recognize spam. > Now I started to read this spam because of the unusual headers, and > only continued to read it because of the way it was written, as I > pointed out. I think your point is akin to a 'situation' or disagreement which I run into in alt.spam and to a lesser extent over here. I'm trying to sell a 'basic' to the 'masses' about not reading spam subject lines, and not opening spam to find out if it is spam or to see what it sez, and most importantly not doing any of that insecurely or 'interestedly'. Not only do I think the 'masses' shouldn't be reading their spam subjects or opening their spams, I don't even think [most/all] spamfighters should be reading their spams either. Once upon a time when I manually moved my crudely message ruled spam from my Inbox to my Junk folder I never opened spam but I read more spam subjects and Froms and also I might have to examine an item from its message properties to determine something about it. But not open it and not 'read' it for curiosity or to see 'what the spammers are doing now'. In my little game, the spammer gets all of the points if s/he gets you to read a spam to find out what it is about, or gets you to open a spam by misleading or 'catching' you with its subject, which you shouldn't have been reading that way in the first place Nowadays I very rarely manually move a spam, and all of my spams have been combed and inspected by SpamPal, so they have SP headers. So, there is absolutely no need to investigate an item to find out if it is spam or not, it has already been investigated. If I want to look at something, I