From nttp.sc.s at bigsleep.org Wed Jun 1 03:34:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue May 31 22:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: On 31 May 2005 Sofa King Tyred of Lar Ting entered spamcop and left news:d7j1co$lma$1@news.spamcop.net: > Any thoughts or experiences to share? Any other theories? > I'd say you've done more than your share, did they offer to pay for the work they wanted you do do? I never visit spam sites unless I'm paid to do so. -- | Ric | From bar_n0ne at hotmail.com Wed Jun 1 10:39:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:40:03 2005 Subject: [SpamCop-List] threatening spam from catty shaq Message-ID: qoute: You are receiving this communication because your e-mail
address was included on a CD of 100 million e-mail addresses
we bought and you opted in to be on it. The can spam act
allows us to mail you with offers so please do not make false
complaints or we will be forced take legal action against
false complainants to recover any losses caused to us. end quote LART with extreme prejudice From bar_n0ne at hotmail.com Wed Jun 1 10:43:18 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 01:45:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > qoute: >SNIPPED, Oh, I forgot, that one was brought to me through auna.es from our friends at Above.net, ipowerweb.com and gblx.net, No, they are not getting the unmunged spam reports. Not this time. Let the jerks use their decoder rings for a change. From nospam at fuck-off-and-die.com Wed Jun 1 13:01:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 02:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Bud, , the sand-blind, donkey-raping retard, and servant who performs all the menial tasks, hummed: > But.....note their spelling. ("CattyShaq") Not to be confused with > the movie Caddyshack. No shit, Shylock? From bar_n0ne at hotmail.com Wed Jun 1 12:29:07 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 03:30:03 2005 Subject: [SpamCop-List] catty shaq, joe job? or? not? Message-ID: the connection to above.net, ipowerweb, and gblx makes me deeply suspicious of joe job claims. Anyone looked into this? From nobody at spamcop.net Wed Jun 1 10:08:04 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:04 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhlo$uuh$1@news.spamcop.net... > LART with extreme prejudice Ooops - Did you consider the possibilty of a Joe-Job ? I got quite a few of these and reconsidered ! A site like this (est 2003) would be an ideal target - as discussed in nanae http://groups.google.co.uk/groups?q=cattyshaq&hl=en&lr=&c2coff=1&sa=N&tab=wg http://snipurl.com/fa8i Either way - They are officially denying knowledge of it :- http://www.cattyshaq.com/forum/modules.php?name=Forums&file=viewtopic&t=1708&sid=337c8d154c1af3da1e9aeb3fa11a87b0 http://snipurl.com/fa8h Ciao Meno From nobody at spamcop.net Wed Jun 1 10:09:51 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:10:07 2005 Subject: [SpamCop-List] Re: catty shaq, joe job? or? not? References: Message-ID: "Berny" wrote in message news:d7jo44$2u9$1@news.spamcop.net... > the connection to above.net, ipowerweb, and gblx makes me deeply > suspicious > of joe job claims. Anyone looked into this? > See original Topic / Thread you started ! Ciao Meno From nobody at spamcop.net Wed Jun 1 10:32:57 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 1 04:35:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in message news:d7jhto$v2r$1@news.spamcop.net... > Oh, I forgot, that one was brought to me through auna.es from our friends > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > unmunged spam reports. Not this time. Let the jerks use their decoder > rings for a change. Both nameservers appear fairly clean at the moment. NS1.IPOWERWEB.NET 64.70.61.130 NS1.IPOWERDNS.COM 66.235.217.202 http://www.openrbl.org/ip/64/70/61/130.htm http://www.openrbl.org/ip/66/235/217/202.htm Ciao Meno From agent01413 at my-deja.com Wed Jun 1 09:54:39 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 04:55:26 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: Sofa King Tyred of Lar Ting wrote in news:d7j1co$lma$1@news.spamcop.net: > Hi, > > I've recently been forwarding the spams I get regarding sites that > offer MS software at cheap prices to piracy@microsoft.com. Most of > them go through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy >> leads to our team. >> >> The website linked in the email you forwarded is no longer valid or >> has been lost in the forwarding process. In order for us to process >> the lead, we need to have certain additional information regarding >> the company you are reporting. If you were able to capture >> information from the linked website prior to forwarding the email to >> piracy@microsoft.com, please send us all the information you have >> such as: >> >> Company name >> Company address including city and state >> Company phone number >> Company email address >> Company website >> >> With the above information we will be able to process the lead as >> requested. Again, thank you for your interest in our anti-piracy >> campaign. >> >> You may also visit our Internet site on >> http://www.microsoft.com/piracy and http://www.howtotell.com to >> review additional information on recognizing genuine Microsoft >> product and Microsoft's licensing policies. >> >> Again, thank you for your interest in our anti-piracy campaign. >> >> Microsoft Corporation >> Worldwide Sales Group > > What irks me about this, is that in most if not all of these cases, > the web site was *still* valid when I got the reply. On a couple of > the reports since then, I have even sent the DNStools and SpamCop > reports about the URLs along with the forwarded spams. They, too, have > come back saying the site was no longer active. Upon trying, I see > that it's still active. > > Here are a couple of theories that explain this: > > * Microsoft is trying to get me to do their dirty work (finding > company name, etc.) on bulletproof hosts. > * Microsoft's droid is a complete boob and sends out the wrong reply. > * The pirates are blocking HTTP access to their sites from the > anti-pirate droids @ microsoft. > > Any thoughts or experiences to share? Any other theories? > > I'm beginning to think it's a waste of mouse clicks to forward these > things to piracy@microsoft.com. Somehow I thought the legal power of > Microsoft could be used to good of spam fighting... > > I'm particularly offended if my first theory is correct, especially > given their monopoly status! > Your set of emails from MSFT matches mine, except that in my case I responded with a link from nanas to multiple sightings. The second response I got looked more like that coming from someone with clue pre- installed. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From agent01413 at my-deja.com Wed Jun 1 09:59:41 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Wed Jun 1 05:00:06 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Brian (SnSR)" wrote in news:d7jeo7$t0r$1@news.spamcop.net: > Bud wrote: >> Posted in .spam >> >> http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e >> 33z >> >> > > Careful with this one. Not certain yet, but looking at the sites, and > with the way the "spam" is written, my gut reaction is Joe job. > > Brian the site is claiming joe job the site isnt selling anything the site goes after spammers, especially those involved in fraud this screams joe job at me. -- See NANAE kooks, including Barbara Schwarz: http://www.morningmist.org/nanae/kookfaq.html From bar_n0ne at hotmail.com Wed Jun 1 14:13:11 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 05:15:07 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "me-no-no" wrote in message news:d7jrrg$4ui$1@news.spamcop.net... > "Berny" wrote in message > news:d7jhto$v2r$1@news.spamcop.net... > > > Oh, I forgot, that one was brought to me through auna.es from our friends > > at Above.net, ipowerweb.com and gblx.net, No, they are not getting the > > unmunged spam reports. Not this time. Let the jerks use their decoder > > rings for a change. > > Both nameservers appear fairly clean at the moment. > > NS1.IPOWERWEB.NET 64.70.61.130 > NS1.IPOWERDNS.COM 66.235.217.202 > http://www.openrbl.org/ip/64/70/61/130.htm > http://www.openrbl.org/ip/66/235/217/202.htm > > Ciao > Meno Wasn't so long ago that corner of the web was considered pretty black hat, so the knee jerk reaction is to LART anything from there. Imagine not LARTing spams with links in Whoa.com space, imagine opening one to see! and what exactly is meet my computer dot com about? From bar_n0ne at hotmail.com Wed Jun 1 15:17:31 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 1 06:20:03 2005 Subject: [SpamCop-List] Re: XO spam (tradepointone,pinpointmoney,servingones etc. (dot) com) not CanSpam compliant References: Message-ID: "Cat" wrote in message news:d7dr7i$saj$1@news.spamcop.net... SNIPPED: > > resolutionteam@support.xohost.com, monica.henderson@xo.com, > jim.tobias@xo.com > > SNIPPED > > Please feel free to continue to send any complaints > regarding this issue to myself > monica.henderson@xo.com and also to Jim Tobias > jim.tobias@xo.com." How many letters did it take? I wrote a relatively polite letter (did not reveal the spammed address, but provided tracking links to SC-munged reports.) But the crap still comes. Maybe I need to visit the spamvertized sites and see if there is an "unsubscribe procedure", and "unsubscribe" the above. Others have written that they tried to unsubscribe in the past, with no success. Probably these addresses use a milter that /dev/null's anything with a link or mention of spamcop in it. From gezgin at spamcop.net Wed Jun 1 15:12:43 2005 From: gezgin at spamcop.net (Gezgin) Date: Wed Jun 1 07:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Bud" wrote > While I've been doing this, I just got eight more, > ("CattyShaq" ), but again all > different 'received: from' IPs. This guy don't like me. The spew from "mypants.com" seems to be abating. I haven't received one in about half an hour. (Knock wood.) -- Bob Kanyak's Doghouse http://www.kanyak.com From nobody at devnull.spamcop.net Wed Jun 1 08:24:16 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Wed Jun 1 07:25:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Socks the Whitehouse Cat wrote: > > this screams joe job at me. > Especially this part of the spam: You are receiving this communication because your e-mail address was included on a CD of 100 million e-mail addresses we bought and you opted in to be on it. The can spam act allows us to mail you with offers so please do not make false complaints or we will be forced take legal action against false complainants to recover any losses caused to us. demesy -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From Kilgallen at SpamCop.net Wed Jun 1 07:41:44 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: In article , "N. Miller" writes: > On 31 May 2005 15:42:27 -0500, Larry Kilgallen wrote: > >> In article , Sofa King Tyred of Lar Ting writes: >>> Hi there, >>> >>> I use spampal which is linked into spamcop's block list. Lately SpamPal >>> has been trashing legit emails sent via hotmail. For example, it claims >>> that 65.54.175.200 is listed on the SPCOP list. Using the SC reporting >>> page, I can confirm this as true as of the time of this post. >>> >>> My question: >>> >>> I assume that this is due to lax response on behalf of hotmail. >> >> I would say, rather, that this is due to a faulty business model on >> the part of Hotmail. My understanding is that in at least some cases >> they offer email access without charge, so there is no way they can >> charge spammers a cleanup fee. > > This is true for any free email service. If it is offered free, how can > they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and Yahoo! as > well. As I said, a faulty busines model (vis. a vis. spam). From Kilgallen at SpamCop.net Wed Jun 1 07:42:36 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 07:45:05 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: In article , Sofa King Tyred of Lar Ting writes: > Hi, > > I've recently been forwarding the spams I get regarding sites that offer > MS software at cheap prices to piracy@microsoft.com. Most of them go > through with a standard, semi-automated thank-you response. > > However, about 5 or 6 have come back later with a response that reads: > >> Hello, >> >> Thank you for contacting the Microsoft Anti-Piracy Team. >> >> We appreciate that you have taken the time to forward anti-piracy leads to our team. I have _never_ gotten such a response from piracy@microsoft.com. From nobody at spamcop.net Wed Jun 1 09:13:28 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 08:20:02 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > Looks like a joe-job. I am setting the two urls to innocent bystander. If anyone finds out differently let me know. And yes you can report each one you receive. Ellen From nospam at fuck-off-and-die.com Wed Jun 1 19:15:50 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Wed Jun 1 08:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: <27291f7437274731b7e1957c8dcfae5a@you.soft-nosed-putrefactive-baggage.net> Gezgin, , the sickly, gill-equipped curryaholic, and oxherder, reprobated: > (Knock wood.) You'll be less likely to get splinters in your knuckles if you smooth-plane your head first. From nobodyy at devnull.spamcop.net Wed Jun 1 10:39:20 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 09:40:03 2005 Subject: [SpamCop-List] Someone using my SpamCop account? or is it Spam? Message-ID: I am not sure I am posting this to the right SC newsgroup. I don't need the headers parsed but am posting the header that came in the body of an email seemingly from SpamCop. I have a SpamCop paid account that is still active, but have not been using it lately. I don't think I have used it in 4 months or so. But I receive email [several to date] saying there is an error in processing spam. I have not sprcessed any spam at SpamCop. The following is the full email, not headers from the spam. What is this and is it pure Spam or is someone using my paid SpamCop account? ------------------------------------------------ SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format. The email which triggered this auto-response had the following headers: Return-Path: Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com [192.168.18.81]) by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 for ; Wed, 1 Jun 2005 05:56:16 -0700 (PDT) Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 Date: Thu, 02 Jun 2005 04:04:32 +0000 From: Sbtt Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super D1sc0unt To: Submit.kwop3bwk540ooff0 References: <9H7EH064914KBF0D@spam.spamcop.net> In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> Message-ID: <8I3EF8F24DIG548D@atari-portal.net> Reply-To: Stimconfessing Sender: K6j32 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit -- Stello From MikeE at ster.invalid Wed Jun 1 08:03:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:05:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > I am not sure I am posting this to the right SC newsgroup. I don't > need the headers parsed but am posting the header that came in the > body of an email seemingly from SpamCop. Yabbut, you are posting some headers which were in the body of a mail whose headers we are interested in. What would've been better would have been if you had pasted the entire mail into the parser, copied the tracking url, cancelled the report, and pasted the tracker in here. That way we could look at the headers of the item you received, as well as this content which you've pasted here, which not only takes up more 'space' than a tracker, but also isn't quite as informative as having the entire thing. If you wanted or needed to do some modest mungeing of the item before submitting it to the parser, you should make it clear in your post how much you have munged. > I have a SpamCop paid account that is still active, but have not been > using it lately. I don't think I have used it in 4 months or so. > But I receive email [several to date] saying there is an error in > processing spam. I have not sprcessed any spam at SpamCop. The > following is the full email, not headers from the spam. What is > this and is it pure Spam or is someone using my paid SpamCop account? Your signup authorization letter contains a pw and a submit code which are/were secret. This item contains a submit code in more than one place. It also includes headers with a bogus helo. I suspect that if you examine your authorization registration letter, you will find your submit code matches that for this item. > for > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) 58.75.37.29 no rDNS is the .kr boranet > Subject: Submit.kwop3bwk540ooff0, New ??" C1AL1S S0FTABS ??" at Super > To: Submit.kwop3bwk540ooff0 That looks to me like spamcop received a spam sourced from the boranet IP with your personal 'secret' submit code in the To. That could have happened by your computer being infected with a virus and 'passing out' the various addresses which can be found on its drives. Theoretically no one else should have your personal secret submit address. You should be fixing your spamcop account and checking out your system for virms and spyware. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Jun 1 16:06:53 2005 From: nobody at spamcop.net (Bodger) Date: Wed Jun 1 10:10:02 2005 Subject: [SpamCop-List] Re: phishing site References: Message-ID: good "Larry Kilgallen" wrote in message news:K5ZpWRSzQl81@eisner.encompasserve.org... > In article , "Bodger" writes: > > I wish you would ignore my posts. > > Don't worry, as soon as someone responds to a top-posting complaint > by top-posting they are quickly entered into many killfiles. From MikeE at ster.invalid Wed Jun 1 08:13:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 10:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Socks the Whitehouse Cat wrote: > "Brian (SnSR)" >> Careful with this one. Not certain yet, but looking at the sites, and >> with the way the "spam" is written, my gut reaction is Joe job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > > this screams joe job at me. The problem with analyzing joe jobs is that we must not forget about bogus joejobs, fake joejobs, and trick fake joejobs. I seem to recall an issue in which it was never completely clear to me about what was apparent a joejob on the darksecrets forum, which was also a forum and which also wasn't selling anything, but which had something to gain by the attention being brought to it, and which could easily 'coast' in their response to their site provider to say "This is obviously a joejob. You can't whack me for all that spam." In the case of the darksecrets issue, the elements were different. The darksecrets forum was a little 'darker' than this forum -- and the spam content was more bogus, since it was ostensibly promoting illegal weapons, narcotics, and kiddy pr0n. So, this /may/ be a joejob; but don't forget about the possibility of a trick fake joejob. The forum will benefit from this attention, and they can claim joejob and skate as far as being whacked by their website provider. -- Mike Easter kibitzer, not SC admin From newandrew at rump.dk Wed Jun 1 15:17:27 2005 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Wed Jun 1 10:20:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Socks the Whitehouse Cat mumbled in news:Xns96681E68F25CAagent01413MYDEJACOM@216.154.195.61: > "Brian (SnSR)" wrote in > news:d7jeo7$t0r$1@news.spamcop.net: >> Careful with this one. Not certain yet, but looking at the sites, >> and with the way the "spam" is written, my gut reaction is Joe >> job. > the site is claiming joe job > the site isnt selling anything > the site goes after spammers, especially those involved in fraud > this screams joe job at me. Agree. 3 of my domains received over 400 of these mails sent to a few users, including SpamCop e-mail addresses!?! For some unknown reason SpamCop do find the JoeJob'ed sites but do not take them in to the calculation - I would have expected the site to have been reported and appealed but that doesn't show on the SpamCop reporting page. Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From PossumTrot at dont.spam.me Wed Jun 1 08:32:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:35:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Larry Kilgallen" wrote in message news:IBlqYdt92LZ0@eisner.encompasserve.org... > In article , Sofa King Tyred of Lar Ting > writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. I have reported well over 100 times to the piracy@microsoft.com address and have never gotten a response like the ones referred to by Sofa. Sounds like some microsoftie is clueless. Has M$ maybe outsourced this function to India? From PossumTrot at dont.spam.me Wed Jun 1 08:36:22 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Wed Jun 1 10:40:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > Posted in .spam > > http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z > > -- > Bud Also known as the You Can Spam Act, since it _allows_ Spammy to continue to spam if he/she/it follows the rules. From nobodyy at devnull.spamcop.net Wed Jun 1 11:42:18 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 10:45:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Mike Easter" wrote in message news:d7kf6k$fk9$1@news.spamcop.net... > Stello wrote: > Yabbut, you are posting some headers which were in the body of a mail > whose headers we are interested in. What would've been better would > have been if you had pasted the entire mail into the parser, copied the > tracking url, cancelled the report, and pasted the tracker in here. Is this the newsgroup to post the full headers? > > That way we could look at the headers of the item you received, as well > as this content which you've pasted here, which not only takes up more > 'space' than a tracker, but also isn't quite as informative as having > the entire thing. If you wanted or needed to do some modest mungeing of > the item before submitting it to the parser, you should make it clear in > your post how much you have munged. The headers in the body of the email I posted were not true headers. They were in the body of the email I received, supposedly from SpamCop. I looked for my personal information and didn't see any, which is why I think it is a spam, phishing, or spoof. No viruses on board this machine or spyware or trojans. > > Your signup authorization letter contains a pw and a submit code which > are/were secret. This item contains a submit code in more than one > place. It also includes headers with a bogus helo. I suspect that if > you examine your authorization registration letter, you will find your > submit code matches that for this item. Well once upon a time I may have had an authorization letter with a submit code. I have had this paid account for so long, I only need to sign in using an email address. I have long forgotten the rest. Ill check out my account. > > > -- > Mike Easter > kibitzer, not SC admin > From wb8tyw at qsl.network Wed Jun 1 11:02:39 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Jun 1 11:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: <4EDqLduTR1iw@eisner.encompasserve.org> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , > Sofa King Tyred of Lar Ting writes: >> Hi, >> >> I've recently been forwarding the spams I get regarding sites that offer >> MS software at cheap prices to piracy@microsoft.com. Most of them go >> through with a standard, semi-automated thank-you response. >> >> However, about 5 or 6 have come back later with a response that reads: >> >>> Hello, >>> >>> Thank you for contacting the Microsoft Anti-Piracy Team. >>> >>> We appreciate that you have taken the time to forward anti-piracy leads >>> to our team. > > I have _never_ gotten such a response from piracy@microsoft.com. Are you reporting them as additional addresses on your spamcop larts? In that case, spamcop.net is probably deleting the robot replies. I am getting several variations of the bed-bug letters from Microsoft, and a few months ago, a new variant showed up. It requested more information because at the time the program at Microsoft processed the URL, it was unable to resolve the domain that the spammer was using. Since I forward such spam as attachments to piracy@microsoft.com from one of my other e-mail addresses along with copies to the spam@uce.gov address, I am now putting the spamcop.net parsing information for the URL in the body of the message. If the spamcop.net parser can not resolve the domain, I plug it into http://moensted.dk/spam/ and this gives me a handy link to spamhaus.org (spamhaus.org now requires cookies). I then paste the spamhaus.org listing in the body of the message. Now I am only getting the ones requesting more information when neither spamcop.net or moensted.dk can resolve the domain name. So something at piracy@microsoft.com is processing the reports and wants to know what the contact information is for the spamvertized domains. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Wed Jun 1 09:11:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Stello wrote: > "Mike Easter" >> What would've been better would >> have been if you had pasted the entire mail into the parser, copied >> the tracking url, cancelled the report, and pasted the tracker in >> here. > > Is this the newsgroup to post the full headers? What I was trying to say was that posting a tracker is the best way to communicate about any mail which we might have occasion to discuss here. The tracker is a 'storage vault' for the entire item, from top to bottom, the whole enchilada/ magillicutty whether it is a spam, some kind of mysterymail, or something pretending to be from your Aunt Betsy. It is undesirable for several reasons to be posting spam and other mail of question into this newsgroup. Previously the newsgroup spamcop.spam was intended for that purpose, but that was long ago before the parser storage vault could save the entire spam for discussing. To get a tracker, you select the item in question, spam or mysterymail, then you perform the necessary steps to get the whole enchilada copied; in the case of OE Outlook Express, that would be File/ Properties/ Details tab/ Message source - then ctrl-A ctrl-C will get it copied and pasted into the parser. Then, after the parsing, copy the tracker, which looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z770183536z7f45882dcf03c22fb82536c4f2297d7dz We can use that tracker to examine the mail's headers, body, attachments -- everything and nothing else needs to be posted here. >> That way we could look at the headers of the item you received, as >> well as this content which you've pasted here, which not only takes >> up more 'space' than a tracker, but also isn't quite as informative >> as having the entire thing. > The headers in the body of the email I posted were not true headers. > They were in the body of the email I received, supposedly from > SpamCop. I understand exactly what they were. I also believe them to be true headers as spamcop received the item. But the point is that if we were looking at the tracker instead of just the body of the mail, we would be able to see it all and actually verify that our/my assumptions are correct about that being an item which came from spamcop as a result of an html spam being addressed to /your/ personal secret submit address > I looked for my personal information and didn't see any, > which is why I think it is a spam, phishing, or spoof. No viruses on > board this machine or spyware or trojans. How do you propose the spammer got your personal secret submit address? > Well once upon a time I may have had an authorization letter with a > submit code. I have had this paid account for so long, I only need > to sign in using an email address. I have long forgotten the rest. The authorization letter contains your password and the submit code. Unless there's something different about pay accounts, your login with the password doesn't last forever. It likely maxes out as a year. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Wed Jun 1 11:11:41 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Jun 1 11:15:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: <4EDqLduTR1iw@eisner.encompasserve.org> Message-ID: In article <4EDqLduTR1iw@eisner.encompasserve.org>, wb8tyw@qsl.network (John E. Malmberg) writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) writes: >> In article , >> Sofa King Tyred of Lar Ting writes: >>> Hi, >>> >>> I've recently been forwarding the spams I get regarding sites that offer >>> MS software at cheap prices to piracy@microsoft.com. Most of them go >>> through with a standard, semi-automated thank-you response. >>> >>> However, about 5 or 6 have come back later with a response that reads: >>> >>>> Hello, >>>> >>>> Thank you for contacting the Microsoft Anti-Piracy Team. >>>> >>>> We appreciate that you have taken the time to forward anti-piracy leads >>>> to our team. >> >> I have _never_ gotten such a response from piracy@microsoft.com. > > Are you reporting them as additional addresses on your spamcop larts? Yes -- that is the only way I send reports to people, including to news.admin.net-abuse.sightings. From MikeE at ster.invalid Wed Jun 1 09:29:01 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 11:30:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > The authorization letter contains your password and the submit code. Oops. This may not be correct. The initial authorization letter contains the password. After the login, the page http://www.spamcop.net/ contains the submit code in this line which is 2 lines above the parser window:: Forward your spam to: submit.16charANcodeNMBR@spam.spamcop.net or: where the 16charANcodeNMBR is case sensitive alphas and numerics. So, since the submit code isn't contained in the authorization letter, that puts a different spin on the question of where/how the spammer could get the submit. That is, it means that scraping it from the authorization letter isn't on the list of possibilities, I guess, unless the pay accounts are handled differently than free accounts. Someone else will have to answer that question. Does any kind of spamcop mail about a paid account contain the submit code information, or only the password? -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Wed Jun 1 12:36:47 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 1 11:40:04 2005 Subject: [SpamCop-List] over 50% spam skips over URL Message-ID: The "bug" that causes SC's parser to skip reporting a URL even though it sort-of finds it is now more than 50% of my daily spam. At what point does it become important enough to warrant an investigation? Just curious. As a refresher, this is what the "bug" looks like Finding links in message body Recurse multipart: Parsing HTML part Parsing text part Resolving link obfuscation http://www.jnaz.net/world/ http://www.jnaz.net/un.php Please make sure this email IS spam: there should be something between these last two lines: either a cannot resolve or a time out or something -but not just a blank line jnaz.net parses perfectly normally, manually with the following reporting address Reporting addresses: s_mal@informtelecom.ru It's as if the software spins out a thread to look up the DNS and reporting address and the main program forgets about the thread and continues on its merry way. But that's only a guess. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Wed Jun 1 10:19:48 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 12:20:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: Mike Easter wrote: > So, since the submit code isn't contained in the authorization letter, > that puts a different spin on the question of where/how the spammer > could get the submit. That is, it means that scraping it from the > authorization letter isn't on the list of possibilities, I guess, Other places a submit address could 'reside'.... - in your addressbook if you ever used that address to submit - in the mail received by any other entity if you addressed copies to others to whom you report a spam. The first example could occur if you clicked on the mailto on the parser page, which would start an email with the submit address, which address if R clicked would provide an opportunity to enter into the addressbook. The second if you were going to submit an item to the spamcop submit address and decided to also send it to someone/something else. I don't know why you would do that, but it is possible. The other would be if you copied that address for some reason -- or if the SC pay account communication contained the submit. -- Mike Easter kibitzer, not SC admin From davigarQUITAESTO at excite.com Wed Jun 1 19:48:06 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 12:50:02 2005 Subject: [SpamCop-List] No recent reports, no history available Message-ID: Return-Path: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 From: "svsxfsszjjf" To: , , , , , , , , , , Cc: x , Subject: oxxxxycontin no scriptt Date: Mon, 02 May 2005 09:24:58 -0800 Message-ID: <0056______________________998c@wlhjv> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01C54EF8.CF0F0090" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal X-Antivirus: avast! (VPS 0522-6, 01/06/2005), Inbound message X-Antivirus-Status: CleanView entire message Parsing header: Received: from adlon.se ([221.151.230.227]) by smtp03.retemail.es (InterMail vM.6.01.04.03 201-2131-118-103-20050206) with ESMTP id <20050601162507.NPPS1178.smtp03.retemail.es@adlon.se>; Wed, 1 Jun 2005 18:25:07 +0200 221.151.230.227 found host 221.151.230.227 (getting name) no name Possible spammer: 221.151.230.227 Received line accepted Received: from 203.208.205.207 by 111.218.42.30.atlasvanlines.ca (Postfix) with SMTP id 35270 no date found 203.208.205.207 found host 203.208.205.207 (getting name) no name 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) Open proxies untrusted as relays Tracking message source: 221.151.230.227: Routing details for 221.151.230.227 [refresh/show] Cached whois for 221.151.230.227 : bonbu@kt.co.kr ip@ns.kornet.net abuse@kornet.net Using best contacts abuse@kornet.net Yum, this spam is fresh! Message is 0 hours old 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 not listed in dnsbl.njabl.org 221.151.230.227 listed in cbl.abuseat.org ( 127.0.0.2 ) 221.151.230.227 is an open proxy 221.151.230.227 not listed in accredit.habeas.com 221.151.230.227 not listed in plus.bondedsender.org 221.151.230.227 not listed in iadb.isipp.com Finding links in message body Recurse multipart: Parsing text part Parsing HTML part Resolving link obfuscation http://phersermeds.com/tx host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://charlescharleycheckerchock.com/tx host charlescharleycheckerchock.com (checking ip) ip not found ; charlescharleycheckerchock.com discarded as fake. http://phersermeds.com host phersermeds.com (checking ip) ip not found ; phersermeds.com discarded as fake. http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. http://noremore.com host noremore.com (checking ip) ip not found ; noremore.com discarded as fake. Tracking link: http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d No recent reports, no history available Cannot resolve http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d Tracking link: http://noremore.com No recent reports, no history available Cannot resolve http://noremore.com Tracking link: http://charlescharleycheckerchock.com/tx No recent reports, no history available Cannot resolve http://charlescharleycheckerchock.com/tx Tracking link: http://phersermeds.com/tx No recent reports, no history available Cannot resolve http://phersermeds.com/tx Tracking link: http://phersermeds.com No recent reports, no history available Cannot resolve http://phersermeds.com Please make sure this email IS spam: From: "svsxfsszjjf" (oxxxxycontin no scriptt) This is a multi-part message in MIME format. ------=_NextPart_000_0053_01C54EF8.CF0F0090 ------------------ END OF SPAM------------------------------------------------ Hi All false one? . Fake domains. Nobody to whom to complain? ,-) http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez Regards From null at null.com.none Wed Jun 1 18:52:14 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 12:55:03 2005 Subject: [SpamCop-List] NTL mailhosts wrong again Message-ID: Can a deputy please sort out the NTL mailhosts, new mailservers without proper hostnames have been added, tried re-adding them on my mailhosts but the mailhosts just complain and wont update, now I have lost my mailhosts completly for ntl. Can some rename them from Tesco to NTL too. Heres the submision that spamcop mailhosts wont accept, always worked ok in the past;- Return-Path: Received: from mta02-winn.ispmail.ntl.com (mta02-winn.ispmail.ntl.com [81.103.221.42]) by marti.mine.nu (8.12.6/8.12.6/SuSE Linux 0.6) with ESMTP id j51GNvxm003289 for ; Wed, 1 Jun 2005 17:23:57 +0100 X-Envelope-From: service@admin.spamcop.net Received: from aamta03-winn.ispmail.ntl.com ([81.103.221.35]) by mta02-winn.ispmail.ntl.com with ESMTP id <20050601162357.ZKWO19182.mta02-winn.ispmail.ntl.com@aamta03-winn.ispmail.ntl.com> for ; Wed, 1 Jun 2005 17:23:57 +0100 Received: from spamcop.net ([64.74.133.245]) by aamta03-winn.ispmail.ntl.com with SMTP id <20050601162356.ZDWH11190.aamta03-winn.ispmail.ntl.com@spamcop.net> for ; Wed, 1 Jun 2005 17:23:56 +0100 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 Received: from [81.106.206.105, 82.3.32.71] by spamcop.net with HTTP; Wed, 01 Jun 2005 16:23:53 GMT From: SpamCop robot To: x@ntlworld.com Subject: SpamCop account configuration email Precedence: list Message-ID: Date: Wed, 01 Jun 2005 16:23:53 GMT X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) via http://www.spamcop.net/ v1.456 X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/) X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on marti.mine.nu X-Spam-Level: *** X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_40, DNS_FROM_RFC_ABUSE,FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, FROM_HAS_MIXED_NUMS autolearn=no X-UIDL: #7A!!>hl!!d4-!!8^2"! Hello SpamCop user, This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account. Please return this complete email, preserving full headers and the special tracking codes below. Visit this address: http://www.spamcop.net/mcgi?action=mhreturn Alternately, you may submit via email. Forward the message as an attachment to this address. Or create a new message and paste this email into it. Either way, send it to to: mhconf.9sexhjZFc8O7NHr1@cmds.spamcop.net Some email software may only support one or the other of these submission methods. For information on your email software and to learn how to get full headers see this FAQ: http://www.spamcop.net/fom-serve/cache/19.html Special codes follow: ################################################################ X-SpamCop-Mx: smtpin.ntlworld.com. X-SpamCop-Mx-Ip: 81.103.221.10 X-SpamCop-Mh-Name: NTL X-SpamCop-Recip: x@ntlworld.com X-SpamCop-Unixtime: 1117643033 X-SpamCop-Conf: 9sexhjZFc8O7NHr1 X-SpamCop-Randomness: G5rDTtfiE341UC1y X-SpamCop-Hash: b0600fb68b16f9e89106bf5eecfbbdc2 ################################################################ From nobody at spamcop.net Wed Jun 1 12:45:42 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:25:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: -- "Stello" wrote in message news:d7kdq7$epm$1@news.spamcop.net... > I am not sure I am posting this to the right SC newsgroup. I don't need the > headers parsed but am posting the header that came in the body of an email > seemingly from SpamCop. > > I have a SpamCop paid account that is still active, but have not been using > it lately. I don't think I have used it in 4 months or so. But I receive > email [several to date] saying there is an error in processing spam. I have > not sprcessed any spam at SpamCop. The following is the full email, not > headers from the spam. What is this and is it pure Spam or is someone using > my paid SpamCop account? > > ------------------------------------------------ > > SpamCop encountered errors while saving spam for processing: > Message forwarded in html wrapper. > > When forwarding spam, use a MIME attachment or text-type message with > the spam enclosed. Do not send spam in HTML format. Sometimes this > error is caused by using a "resend" feature to forward spam. > > HTML spam should be sent in text (source code) format. > > > The email which triggered this auto-response had the following headers: > Return-Path: > Received: from sc-smtp1.eq.ironport.com (sc-smtp1.eq.ironport.com > [192.168.18.81]) > by sc-app1.eq.ironport.com (Postfix) with ESMTP id B56A7A67A48 > for ; Wed, 1 Jun 2005 > 05:56:16 -0700 (PDT) > Received: from unknown (HELO mail.yahoo.com) (58.75.37.29) > by sc-smtp1.eq.ironport.com with SMTP; 01 Jun 2005 05:56:15 -0700 > Date: Thu, 02 Jun 2005 04:04:32 +0000 > From: Sbtt > Subject: Submit.kwop3bwk540ooff0, New â?" C1AL1S S0FTABS â?" at Super > D1sc0unt > To: Submit.kwop3bwk540ooff0 > References: <9H7EH064914KBF0D@spam.spamcop.net> > In-Reply-To: <9H7EH064914KBF0D@spam.spamcop.net> > Message-ID: <8I3EF8F24DIG548D@atari-portal.net> > Reply-To: Stimconfessing > Sender: K6j32 > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > > > -- > Stello > > I have suspended the reporting privileges on the account with that auth code. Please write to service admin.spamcop.net now and include your registered SpamCop email address. Don will get this straightened out and new auth codesw assigned. Ellen SpamCop From nobody at spamcop.net Wed Jun 1 14:31:49 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 13:40:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. > Heres the submision that spamcop mailhosts wont accept, always worked ok in > the past;- > After I got the headers unmangled then I noticed that you had modified the special codes section and the system will not accept that. If you want to send a copy with complete headers unmodified to us at deputies admin.spamcop.net then we will try to get the probe accepted. Do you happen to know the IPs of the new mailservers? Ellen SpamCop From nobody at devnull.spamcop.net Wed Jun 1 13:37:06 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Jun 1 13:40:05 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7kp3u$m5m$1@news.spamcop.net... > Can a deputy please sort out the NTL mailhosts, new mailservers without > proper hostnames have been added, tried re-adding them on my mailhosts but > the mailhosts just complain and wont update, now I have lost my mailhosts > completly for ntl. Can some rename them from Tesco to NTL too. Had you tried the identified support spot for MailHost configuration, you'd have found proper precedures and addresses for direct contact for such personal assistance. http://forum.spamcop.net/forums/ > This email contains special codes and tracking information to help SpamCop > figure out your specific email configuration. Do not post this email in > public. It contains confidential information related to the security of > your SpamCop account. What a way to demonstrate that you can follow directions. Now you've created yet another issue that needs resolving. > Alternately, you may submit via email. Forward the message as an > attachment to this address. Or create a new message and paste this email > into it. Either way, send it to to: > > @cmds.spamcop.net Now that you've posted your 'secret' codes ... good luck on getting things straightened out. Perhaps Ellen will pass through here and take some pity ... From nobody at spamcop.net Wed Jun 1 15:04:50 2005 From: nobody at spamcop.net (Anti-Spam) Date: Wed Jun 1 14:05:04 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Possum Trot" wrote in message news:d7kh1p$grv$1@news.spamcop.net... > > "Larry Kilgallen" wrote in message > news:IBlqYdt92LZ0@eisner.encompasserve.org... > > In article , Sofa King Tyred of Lar Ting > > writes: > >> Hi, > >> > >> I've recently been forwarding the spams I get regarding sites that offer > >> MS software at cheap prices to piracy@microsoft.com. Most of them go > >> through with a standard, semi-automated thank-you response. > >> > >> However, about 5 or 6 have come back later with a response that reads: > >> > >>> Hello, > >>> > >>> Thank you for contacting the Microsoft Anti-Piracy Team. > >>> > >>> We appreciate that you have taken the time to forward anti-piracy leads > >>> to our team. > > > > I have _never_ gotten such a response from piracy@microsoft.com. > > I have reported well over 100 times to the piracy@microsoft.com address and > have never gotten a response like the ones referred to by Sofa. Sounds like > some microsoftie is clueless. Has M$ maybe outsourced this function to > India? > I forward at least a couple of spam a day to piracy@microsoft.com (direct, not through SC) and get responses in bunches every few days, although not necessarily for every spam. There are about three standard form letters, and this 'no address found' seems to make up maybe 25% of them (WAG). I'd guess that these 'no address found' ones have been around since at least as far back as the beginning of the year. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: if@pdczugidxvfbhrctp.com (generated by Webpoison) From MikeE at ster.invalid Wed Jun 1 12:40:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 14:45:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > http://www.spamcop.net/sc?id=z770212554z0b9c739a59ff39e7ea046bce1f9b2e6ez The tracker is a link to the original spam which was parsed, and it also demonstrates how SC would parse the item at the time of access. You could have posted just that and the result that none of the links were resolved, either in your words or pasted in SC's, such as a part of what you pasted here: > Resolving link obfuscation > http://phersermeds.com/tx > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://charlescharleycheckerchock.com/tx > host charlescharleycheckerchock.com (checking ip) ip not found ; > charlescharleycheckerchock.com discarded as fake. > http://phersermeds.com > host phersermeds.com (checking ip) ip not found ; phersermeds.com > discarded as fake. > http://viccxodinnes-hydrooocodxes-painnnkillerxz.comm=3d > host viccxodinnes-hydrooocodxes-painnnkillerxz.comm (checking ip) ip not > found ; viccxodinnes-hydrooocodxes-painnnkillerxz.comm discarded as fake. > http://noremore.com > host noremore.com (checking ip) ip not found ; noremore.com discarded as > fake. noremore is a bad 'catch' -- it isn't a link in the spam. Parser error My resolver sez: phersermeds.com DNS 221.229.119.105 charlescharleycheckerchock.com DNS 221.229.119.105 viccxodinnes-hydrooocodxes-painnnkillerxz.comm doesn't resolve, of course noremore.com doesn't resolve and shouldn't have been in there We could discuss why SC's resolver doesn't resolve them if anyone is interested. -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Wed Jun 1 21:54:37 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 15:55:02 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > I would uncheck the reports sent about the two links (caddyshaq and > meetmycomputer). I'm still not sure about this, but from the looks of > the sites, I don't believe that they would be likely to spam. I could > be wrong. Cattyshaq looks to be innocent and the target of a joe-job. On the other hand, Meetyourcomputer has several links through clickbank to the sites of some "anti-spyware" products of extremely dubious nature. The sort where the free version tells you that you have spyware when you don't and then invites you to buy the full version to remove the non-existent spyware. One of the sites it links to is adwaredeluxe, which you can read more about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm Interestingly enough, on further digging, both spamvertised sites are registered to the same person. The more I look into it, the less it feels like a joe-job and the more it looks like the usual rogue affiliate spammer. Either that, or somebody who is proporting to protect people from online scams is not competent enough to do due diligence on their advertising links. I reported around 50 of these things this morning without LARTing the web host. If I get any more, I think I'll change that. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 21:56:36 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >WazoO" wrote in message >news:d7kro3$nq5$1@news.spamcop.net... > > Had you tried the identified support spot for MailHost configuration, > you'd have found proper precedures and addresses for direct > contact for such personal assistance. > http://forum.spamcop.net/forums/ I dont use forums I use usenet, so get over it > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > Where in the email back from spamcop saying it failed does it give me directions to follow, it dosent!! > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... > Well to be honest, this problem of new mailservers needs sorting out with the spamcop mailhosts sytem, it somehow needs to be able to auto-add new ones, I shouldnt have to delete and re-add your mailhosts everytime this happens. Next time I wont bother doing or saying anything, I will just leave it for the inempt spamcop reporters to report the ntl mail servers has they did before and let spamcops reputation of blocking incorrect addresses get worse. From glnews030922 at highspot.net Wed Jun 1 22:01:00 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 16:00:07 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? In-Reply-To: References: Message-ID: Ellen wrote: > "Bud" wrote in message news:d7j7l5$p5q$1@news.spamcop.net... > >>Posted in .spam >> >>http://www.spamcop.net/sc?id=z769975250z733d24375717e393110a52c7f77e6e33z >> >> > > Looks like a joe-job. I am setting the two urls to innocent bystander. If > anyone finds out differently let me know. And yes you can report each one > you receive. Hi Ellen, The more I dig into these, the less it looks like a joe-job to me. The second site has affiliate links pointing to some products whose marketing tactics border on the fraudulent. See my other post in this thread. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From null at null.com.none Wed Jun 1 22:27:58 2005 From: null at null.com.none (Martin) Date: Wed Jun 1 16:30:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: >Ellen" wrote in message >news:d7krlm$npm$1@news.spamcop.net... > > > After I got the headers unmangled then I noticed that you had modified > the > special codes section and the system will not accept that. > > If you want to send a copy with complete headers unmodified to us at > deputies admin.spamcop.net > then we will try to get the probe accepted. > > Do you happen to know the IPs of the new mailservers? > > Ellen > SpamCop > I appologise if my post has caused you problems Ellen. Has for helping any further I don't feel inclined to after the Flame I got from Wazoo, maybe he would like to offer to sort it out for you. I wont be posting here again, I will leave it for someone else to pick up the peices next time this happens, which it will, because my ISP will carry on adding more mailservers on a regular basis. Regards Martin From nobody at spamcop.net Wed Jun 1 17:48:47 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 16:55:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l5of$tou$1@news.spamcop.net... > > > I appologise if my post has caused you problems Ellen. > Has for helping any further I don't feel inclined to after the Flame I got > from Wazoo, maybe he would like to offer to sort it out for you. > I wont be posting here again, I will leave it for someone else to pick up > the peices next time this happens, which it will, because my ISP will carry > on adding more mailservers on a regular basis. > > Regards Martin > > I did get an email from elsewhere with the new NTL server IPs in it and set a flag for them so the system does know they are mailservers. If you want to pursue adding your mailhosts back and have a problem you can write to me at deputies admin.spamcop.net and we can get that straightened out. Ellen SpamCop From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:33:13 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:35:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: *plonk* From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 16:32:19 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 18:35:06 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: > Brian (SnSR) wrote: > > >> I would uncheck the reports sent about the two links (caddyshaq and >> meetmycomputer). I'm still not sure about this, but from the looks of >> the sites, I don't believe that they would be likely to spam. I could >> be wrong. > > > Cattyshaq looks to be innocent and the target of a joe-job. > > On the other hand, Meetyourcomputer has several links through clickbank > to the sites of some "anti-spyware" products of extremely dubious > nature. The sort where the free version tells you that you have spyware > when you don't and then invites you to buy the full version to remove > the non-existent spyware. > > One of the sites it links to is adwaredeluxe, which you can read more > about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm > > Interestingly enough, on further digging, both spamvertised sites are > registered to the same person. The more I look into it, the less it > feels like a joe-job and the more it looks like the usual rogue > affiliate spammer. Either that, or somebody who is proporting to protect > people from online scams is not competent enough to do due diligence on > their advertising links. > > I reported around 50 of these things this morning without LARTing the > web host. If I get any more, I think I'll change that. > The domains being registered to the same person does not have anything to do with it being or not being a joe job. It is likely that, if this is a joe job, that the scammer has been reading their forum and most likely it is common knowledge that the two sites are related. I tried to signup for the forum earlier this morning, but have not received my confirmation. How would an affiliate get paid? Do they offer affiliate programs? Think about what the Caddy Shaq site is doing. Might this not piss off some scammer? Same with the meetyourcomputer site. Their host, ipowerweb also seems to be clean, at least on a quick, preliminary check. I haven't had time to really dig, so I may be wrong. One reason for caution, is that bad reporting gives anti-spammers a bad image. The link for adwaredeluxe.com is problematic, I agree. Brian From davigarQUITAESTO at excite.com Thu Jun 2 01:36:17 2005 From: davigarQUITAESTO at excite.com (Averroes) Date: Wed Jun 1 18:40:03 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: "Mike Easter" escribió en el mensaje news:d7kvf6$q3r$1@news.spamcop.net... > Averroes wrote: > > Surely. It was a small "divertimento" after to process tons of sweepings with the technique of the camouflage of domains. Sorry ;-) > We could discuss why SC's resolver doesn't resolve them if anyone is > interested. Ok. I suppose that the difficulty of the dredges of Spam Cop is because "fake domain" is redirected. Find "the true" domain of spamer Saludos From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:42:26 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:45:03 2005 Subject: [SpamCop-List] Re: brownout in parserland? References: <61dde4e935bd480c9b4f9a8a02b76753@you.horizontally-enhanced-tricked-out-throat-scraping.net> Message-ID: eddie wrote in news:pan.2005.05.31.16.32.16.564000@eddie.web: > > Looks as if we hit a spamkiddy. I love the smell of fresh spam - > smells like - like - - victory. > Thanks, Dharmy-kid for letting us know we got through to you. > Om mani padme hung one on you. > That guy is an idiot. That hotmail account is only used specifically for newsgroups and sending LARTs to dubious ISPs. Basically just a throwaway. I've already posted it here before and I do receive spam through it. (But Microsoft's recent improvements on the spamfilters has reduced the spam flow to near nothing.) Either way.. he has been escalated to plonk-on-sight permanently. From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:45:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 18:50:04 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: Blammo wrote in news:Xns966730861A38Dblammo@216.154.195.61: >> >> Try Xnews. It's free. >> > > And you don't need to install anything, you can tuck it away in a > folder somewhere, noone but you needs to know. Though it's pretty much > news only. > > No registry crap to worry about.. nothing. It was the way everyone installed programs 15 years ago when the only thing in town was MS-DOS. Those were they days. :-) But back to Xnews, It's quite a powerful little application too. :-) From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 1 23:58:35 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:00:03 2005 Subject: [SpamCop-List] Re: hotmail server(s) listed... 65.54.175.200 References: Message-ID: Kilgallen@SpamCop.net (Larry Kilgallen) wrote in news:tX6lula4D5zF@eisner.encompasserve.org: >> >> This is true for any free email service. If it is offered free, how >> can they charge a cleanup fee? Goes for Netscape, Excite, Lycos, and >> Yahoo! as well. > > As I said, a faulty busines model (vis. a vis. spam). > They do have limits on out-going email. But if a spammer opens numerous accounts and uses an automated program to get through the web interface, that could be a problem until all those open bum accounts get the mallet. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:05:15 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:10:02 2005 Subject: [SpamCop-List] Re: Spam for pirated software d/l sites, piracy@microsoft.com References: Message-ID: "Anti-Spam" wrote in news:d7ktca$ov1$1@news.spamcop.net: >> > >> > I have _never_ gotten such a response from piracy@microsoft.com. >> >> I have reported well over 100 times to the piracy@microsoft.com >> address and have never gotten a response like the ones referred to by >> Sofa. Sounds like some microsoftie is clueless. Has M$ maybe >> outsourced this function to India? >> > > I forward at least a couple of spam a day to > piracy@microsoft.com (direct, not through SC) > and get responses in bunches every few days, > although not necessarily for every spam. There > are about three standard form letters, and this > 'no address found' seems to make up maybe > 25% of them (WAG). I'd guess that these > 'no address found' ones have been around since > at least as far back as the beginning of the year. > > -- > Bring in the death penalty for repeat spammers. > Non-functional spambait addr: if@pdczugidxvfbhrctp.com > (generated by Webpoison) > > > I have a feeling that Microsoft may have an bot that screens the piracy reports for links to see if it is active and/or may have references to Microsoft's products. (All speculation of course.) But it is to keep in mind that many of these pirate sites rotate their IP addresses using hijacked proxies to provide a forwarding service. If the DNS points to an IP address that is dead, then the true site will never show up until it refereshes with a new IP address. From MikeE at ster.invalid Wed Jun 1 17:09:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 1 19:10:07 2005 Subject: [SpamCop-List] Re: No recent reports, no history available References: Message-ID: Averroes wrote: > "Mike Easter" >> We could discuss why SC's resolver doesn't resolve them if anyone is >> interested. > > Ok. The last time I summarized it with links was here: news://news.spamcop.net/d754p4$2r8$1@news.spamcop.net Subject: Re: Strange error: SpamCop finds links, but doesn't report Date: Thu, 26 May 2005 11:33:09 -0700 Mike Easter wrote: > You will observe many types of body url parsing 'faults' > - SC can't resolve, but on refresh will > - SC can't resolve but spends a lot of time trying -- cause is > presumably either pokey nameservice, blocking SC's resolver, or both > - SC doesn't resolve and doesn't spend any time either -- cause might > be SC's prioritization of its resources > > These behaviors have been discussed here and also in the forum at some > length. Currently 8 pages of forum discussion start here > http://snipurl.com/f62o WazoO's May 7 comment can be seen here > http://snipurl.com/f62v which is in the topic "URLs not reported, SC > finds, but does not offer to LART!" > > There's also "SpamCop reporting of spamvertized URLs, Viewpoint(s)" > http://snipurl.com/f632 - which contains commentary from me from this > newsgroup news://news.spamcop.net/d56o3h$oia$1@news.spamcop.net > > Subject: Re: Error-why? Last question > Date: Mon, 2 May 2005 19:38:30 -0700 > Message-ID: > I suppose that the difficulty of the dredges of Spam Cop is because > "fake domain" is redirected. Find "the true" domain of spamer No. The problem is in the resolution. When you are reading the verbose, some things you take 'seriously' as meaningful; other things you take as 'that's just what SC sez' -- but not seriously as meaningful. In this case the words 'ip not found' are at the heart of the matter. In this specific case, that means that SC 'tried' [however much is another subject] to resolve the url, but was not successful. You can't tell from the words whether the failure was because SC resolver was blocked or just timed out. The words 'discarded as fake' aren't meaningful and they don't have anything to do with a website redirecting. The business of how SC 'documents' its verbose output could use some work, because it is sometimes misleading or confusing. In order to provide you with a notify address, SC has to resolve the url and go from there. If it doesn't resolve because SC doesn't try or because it tries and is unsuccessful, then it isn't going to be forthcoming with a notify address -- the notify address is obtained from using the IP and finding its netblock in the RIR, and then the contact for that provider. No IP, no notify offered. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Jun 2 00:13:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 1 19:15:02 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: On 01 Jun 2005 Mike Easter entered spamcop and left news:d7kn71$l67$1@news.spamcop.net: > Other places a submit address could 'reside'.... > > - in your addressbook if you ever used that address to submit > - in the mail received by any other entity if you addressed copies to > others to whom you report a spam. > If the Spamcop login page is cached by the browser, then a virus could find it. However since we haven't seen the original headers, so we don't even know if this actually came from Spamcop. If Ellen's post implies it is, then it could always be (besides the already mentioned) a user error, such as forwarding to all, inadvertantly including spamcop.net. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:15:40 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:20:02 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Berny" wrote in news:d7jhlo$uuh$1 @news.spamcop.net: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will be forced take legal action against
> false complainants to recover any losses caused to us. > > end quote > > LART with extreme prejudice > > I love these "frea speach" statements. LART with extreme prejudice? You bet. :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 00:20:29 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 1 19:25:03 2005 Subject: [SpamCop-List] Re: What is the 'can spam act'? References: Message-ID: "Ron B." wrote in news:d7j9br$qbm$1@news.spamcop.net: > > > LOL. Aren't you afraid that they will take legal action against your > "..false complaints..."? Yeah.. they'll retain Johnny Cochran to represent them. :-) From glnews030922 at highspot.net Thu Jun 2 01:34:19 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 1 19:35:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Brian (SnSR) wrote: > Graeme Leith wrote: > >> Cattyshaq looks to be innocent and the target of a joe-job. >> >> On the other hand, Meetyourcomputer has several links through >> clickbank to the sites of some "anti-spyware" products of extremely >> dubious nature. The sort where the free version tells you that you >> have spyware when you don't and then invites you to buy the full >> version to remove the non-existent spyware. >> >> One of the sites it links to is adwaredeluxe, which you can read more >> about here: http://www.spywarewarrior.com/rogue_anti-spyware.htm >> >> Interestingly enough, on further digging, both spamvertised sites are >> registered to the same person. The more I look into it, the less it >> feels like a joe-job and the more it looks like the usual rogue >> affiliate spammer. Either that, or somebody who is proporting to >> protect people from online scams is not competent enough to do due >> diligence on their advertising links. >> >> I reported around 50 of these things this morning without LARTing the >> web host. If I get any more, I think I'll change that. >> > > The domains being registered to the same person does not have anything > to do with it being or not being a joe job. It is likely that, if this > is a joe job, that the scammer has been reading their forum and most > likely it is common knowledge that the two sites are related. I tried to > signup for the forum earlier this morning, but have not received my > confirmation. Yes, being registered to the same person doesn't mean anything, but the grey area products being offered by the second site makes me very suspicious about the whole thing. > How would an affiliate get paid? Do they offer affiliate programs? The advertising links all go to cattyshaq.hop.clickbank.com and are then redirected to the product site. It's then easy for them to track who gets paid for the signup based on the referrer. > Think about what the Caddy Shaq site is doing. Might this not piss off > some scammer? Same with the meetyourcomputer site. Their host, ipowerweb > also seems to be clean, at least on a quick, preliminary check. True, but why are they advertising products who rely on possibly fraudulent techniques to get people to buy their software? > I haven't had time to really dig, so I may be wrong. One reason for > caution, is that bad reporting gives anti-spammers a bad image. I'm not saying it's definitely not a joe-job, but the affiliate links for dodgy software on the second site provide a method that could make money from the spam run. If they weren't there, I'd say 100% joe-job, but pushing often spamvertised software makes me have second thoughts. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From zypher at spamcop.net Wed Jun 1 19:34:02 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Jun 1 19:35:05 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: Graeme Leith wrote: (Major Snip) > > I'm not saying it's definitely not a joe-job, but the affiliate links > for dodgy software on the second site provide a method that could make > money from the spam run. If they weren't there, I'd say 100% joe-job, > but pushing often spamvertised software makes me have second thoughts. > If this is a joe-job, it's a slick one. If this isn't, then it is even slicker. From nobody at spamcop.net Wed Jun 1 22:52:44 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 1 22:15:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Ron B." wrote in message news:d7lglb$5dv$1@news.spamcop.net... > Graeme Leith wrote: > > (Major Snip) > > > > > I'm not saying it's definitely not a joe-job, but the affiliate links > > for dodgy software on the second site provide a method that could make > > money from the spam run. If they weren't there, I'd say 100% joe-job, > > but pushing often spamvertised software makes me have second thoughts. > > > > If this is a joe-job, it's a slick one. If this isn't, then it is even > slicker. At this point I am going to consider it a joe-job altho I take Graeme's comments under advisement. I suppose I am going to err on the side joe-job altho I am not 100% convinced. Ellen From Vangu at rd.invalid Wed Jun 1 22:41:25 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:45:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "WazoO" wrote in message news:d7kro3$nq5$1@news.spamcop.net... > "Martin" wrote in message > news:d7kp3u$m5m$1@news.spamcop.net... >> This email contains special codes and tracking information to help >> SpamCop >> figure out your specific email configuration. Do not post this email >> in >> public. It contains confidential information related to the security >> of >> your SpamCop account. > > What a way to demonstrate that you can follow directions. Now > you've created yet another issue that needs resolving. > >> Alternately, you may submit via email. Forward the message as an >> attachment to this address. Or create a new message and paste this >> email >> into it. Either way, send it to to: >> >> @cmds.spamcop.net > > Now that you've posted your 'secret' codes ... good luck on > getting things straightened out. Perhaps Ellen will pass through > here and take some pity ... Since Martin posted his secret code here (in the form of his username for his personalized submit e-mail address), shouldn't that qualify his account to get killed (so malcontents don't end up abusing his account)? Seems like Martin should be forced into creating a new account so now that he has been reminded to read the instructions then maybe he might comply with them. From Vangu at rd.invalid Wed Jun 1 22:46:18 2005 From: Vangu at rd.invalid (Vanguard) Date: Wed Jun 1 22:50:02 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Martin" wrote in message news:d7l3tl$seq$1@news.spamcop.net... > Where in the email back from spamcop saying it failed does it give me > directions to follow, it dosent!! Ummm, how about the very first paragraph that says: "This email contains special codes and tracking information to help SpamCop figure out your specific email configuration. Do not post this email in public. It contains confidential information related to the security of your SpamCop account." "Do not post this email in public" was something you could not fathom? What, you thought Usenet was some private "forum" in which you and only the SpamCop admins can post and read those posts? Now slap your forehead and say "Duh-Uhhhh". From SCNews.5.myspamgobbler at spamgourmet.com Wed Jun 1 20:56:10 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Wed Jun 1 23:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again In-Reply-To: References: Message-ID: Vanguard wrote: > "WazoO" wrote in message > news:d7kro3$nq5$1@news.spamcop.net... > >> "Martin" wrote in message >> news:d7kp3u$m5m$1@news.spamcop.net... >> >>> This email contains special codes and tracking information to help >>> SpamCop >>> figure out your specific email configuration. Do not post this email in >>> public. It contains confidential information related to the security of >>> your SpamCop account. >> >> >> What a way to demonstrate that you can follow directions. Now >> you've created yet another issue that needs resolving. >> >>> Alternately, you may submit via email. Forward the message as an >>> attachment to this address. Or create a new message and paste this >>> email >>> into it. Either way, send it to to: >>> >>> @cmds.spamcop.net >> >> >> Now that you've posted your 'secret' codes ... good luck on >> getting things straightened out. Perhaps Ellen will pass through >> here and take some pity ... > > > Since Martin posted his secret code here (in the form of his username > for his personalized submit e-mail address), shouldn't that qualify his > account to get killed (so malcontents don't end up abusing his account)? > Seems like Martin should be forced into creating a new account so now > that he has been reminded to read the instructions then maybe he might > comply with them. Let's not forget that we are all doing what we can, with what we know, to help deal with spam. Well, maybe some of the trolls don't fit into this category, but most of us do. We all have started from a place where we didn't know much about spam or the process of reporting it. Let's try to help each other out instead of being so critical and turning noobs away. Yes, there are certain 'ways' that this newsgroup functions best. But for those that aren't familiar with those ways, give some slack. They will hopefully find out on there own by observation. If they don't get it for awhile, then inform them. When I first quit lurking and started posting, I was attacked severely. If I wasn't so resilient, I would probably have immediately left, and no longer put forth any effort to combat spam and scams. And yes, I would still do what I did, after learning all that I have. :P We are in this together. Don't make it hard for someone to join in. Brian From ThePulse at SpamCop.net Wed Jun 1 23:59:37 2005 From: ThePulse at SpamCop.net (ThePulse) Date: Wed Jun 1 23:00:06 2005 Subject: [SpamCop-List] Spam Reporting...torturous Message-ID: I must say that reporting spam via SC is really a pain. Don't get me wrong, I love knowing that I'm taking a bite out of spam just as much as the next guy. But since I report spam coming into our servers for customers as well as myself, I need to be able to report about 100 pieces of email at a time. I'm currently sending them as an attachment, which I guess is the quickest way possible, but having to click through each one on the website takes about an hour. I don't have that kind of time to spend each day, it's just impossible. Is there hope? Vito The Pulse From nobodyy at devnull.spamcop.net Thu Jun 2 00:26:10 2005 From: nobodyy at devnull.spamcop.net (Stello) Date: Wed Jun 1 23:30:03 2005 Subject: [SpamCop-List] Re: Someone using my SpamCop account? or is it Spam? References: Message-ID: "Ellen" wrote in message news:d7kqvf$n9b$1@news.spamcop.net... > > > I have suspended the reporting privileges on the account with that auth > code. Please write to service admin.spamcop.net now and include your > registered SpamCop email address. Don will get this straightened out and > new auth codesw assigned. > > Ellen > SpamCop SpamCop admin found me at my registered email address and fixed the problem. Thanks for your help and the explanations the others gave. [Some of which I did not understand] I had no idea anything real that pertained to me was in the body of that email. Spammers have become tricky and obnoxious, but Spam is probably here to stay. It has made the electronic communication less than instant communication like it was supposed to be. I had the displeasure of experiencing and extreme way of getting control of the flood of spam. It was not pleasant. I emailed the person about a business matter, received an auto response with a link to follow to request my email address be allowed to pass the filter. Then I had to type a brief note about the business I was emailing about, and enter 4 random letters in a security box then click a button to send. Supposedly the person I was trying to contact will check the filter and admit my email. Geesh! Emailing has become "painful". :) -- Stello From nttp.sc.s at bigsleep.org Thu Jun 2 05:46:01 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 00:50:03 2005 Subject: [SpamCop-List] App to remove shareware from your computer? Message-ID: Yea, I know, I don't read spam, but this had unusual headers for one that originated from a Hanaro IP. The message plays on the (apparent) extreme stupidity of some people, offering the undoubtedly virus-laden "anti-spyware tool", but this one has the added feature of removing that dreaded ShareWare as well... 'As a member of the information industry, I was particularly outraged by this attack. I don't want what happened to me to happen to another single user. So right now I'm offering everyone the chance to have their computer "diagnosed" for both AdWare and ShareWare infections. I'm that serioius. I won't charge you a single dime to have it done. You can run your no-cost scan starting here:' -- | Ric | From nttp.sc.s at bigsleep.org Thu Jun 2 05:55:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 01:00:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 01 Jun 2005 ThePulse entered spamcop and left news:d7lsn2$bdf$1@news.spamcop.net: > But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a > time. I never report other people's spam, I'm tempted to but it's not my spam and I never know if it may be something they subscribed to. I certainly wouldn't do it for free, and you could certainly charge for doing it (so what are you complaining about?). Why don't you just block this spam and them them report their own spam? I don't think it's important to report fast, the number of reporters is more important. The odds are that someone will have time to report the ones you didn't have the time to. Multiple people can report many times faster than one. -- | Ric | From spamcram at spymac.com Wed Jun 1 23:03:10 2005 From: spamcram at spymac.com (Vernon Hardapple) Date: Thu Jun 2 01:05:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous In-Reply-To: References: Message-ID: I'm curious. Why do you report other people's spam? Are these clients of yours? From alfred at china-ken.com Thu Jun 2 16:02:58 2005 From: alfred at china-ken.com (Alfred) Date: Thu Jun 2 03:05:02 2005 Subject: [SpamCop-List] Please remove my IP from your spam list Message-ID: Dear sirs, I applied a commercial mail server at chinadds.com, but while I send emails, it's always returned. This IP is innocent, please remove it from your list. 61.129.102.51 -- Alfred CHEN Yanfei Manager of No. 2 Overseas Operation Dept. ----------------------------------------- Global Marketing Center SHANGHAI KEN TOOLS CO. LTD. #5 Xinrong Rd., Xinqiao Town Songjiang District, Shanghai 201612 P. R. China Web: http://www.china-ken.com From Ilgaz at spamcop.net Thu Jun 2 11:13:33 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:15:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 2005-06-02 10:02:58 +0300, "Alfred" said: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 You can't remove anything that way. Even you have a innocent site, your mails won't come here too since as a user I blocked whole China by my wish (defaults to OFF). You know who to blame if you check the statistics at www.spamcop.net Follow the links at www.spamcop.net ,"for mailers". Notice a huge population on Internet has blocked China, nobody can do anything about it except your government and companies start taking spam reports serious! Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:19:36 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:20:03 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: On 2005-06-01 08:39:03 +0300, "Berny" said: > qoute: > > You are receiving this communication because your e-mail
> address was included on a CD of 100 million e-mail addresses
> we bought and you opted in to be on it. The can spam act
> allows us to mail you with offers so please do not make false
> complaints or we will > I wouldn't wait a second if I was american to call/mail offices. It would teach them what it means to abuse a law by falsely referencing in any part of the world. A jerk bugged my mailbox 4-5 times that he is petrol minister of UAE (Dubai), I got finally bored from sending reports and his spam ended in hands of Dubai police. I said "Its your minister, your ISP, your criminal, fix it" at additional notes I didn't hear from him since ;) Oh believe or not, he was using a UAE ISP. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:25:44 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:04 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 2005-06-02 05:59:37 +0300, "ThePulse" said: > I must say that reporting spam via SC is really a pain. Don't get me > wrong, I love knowing that I'm taking a bite out of spam just as much > as the next guy. But since I report spam coming into our servers for > customers as well as myself, I need to be able to report about 100 > pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the > quickest way possible, but having to click through each one on the > website takes about an hour. I don't have that kind of time to spend > each day, it's just impossible. > > Is there hope? > > Vito > The Pulse > You shouldn'T report anyones spam. If they wish, there must be a way to report their own spam. The thing is, e.g. that recent "Ringo". It can sound like spam to you but there are actual people (no comment) who uses it actually! Also, e.g. yesterday a $100.000 episode of a turkish TV series was in my "held mail" , you can never be sure lol. Guy clicked "send mail" from Yahoo, attach word file, added nothing. Of course hitting some funny spam score. Ilgaz From Ilgaz at spamcop.net Thu Jun 2 11:27:16 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Thu Jun 2 03:30:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 2005-06-02 07:46:01 +0300, Blammo said: > Yea, I know, I don't read spam, but this had unusual headers for one > that originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one > has the added feature of removing that dreaded ShareWare as well... > > > 'As a member of the information industry, I was particularly outraged > by this attack. I don't want what happened to me to happen to > another single user. So right now I'm offering everyone the chance to > have their computer "diagnosed" for both AdWare and ShareWare > infections. I'm that serioius. I won't charge you a single dime to > have it done. You can run your no-cost scan starting here:' Lol, now thats funny. Will forward to mac shareware authors I know Ilgaz From nttp.sc.s at bigsleep.org Thu Jun 2 09:06:29 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 04:10:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 02 Jun 2005 Ilgaz Ocal entered spamcop and left news:d7mbit$ipj$2@news.spamcop.net: > On 2005-06-02 10:02:58 +0300, "Alfred" said: > >> >> 61.129.102.51 > > You can't remove anything that way. Even you have a innocent site, > your mails won't come here too since as a user I blocked whole China > by my wish (defaults to OFF). You know who to blame if you check the > statistics at www.spamcop.net > Only excuse I need... http://njabl.org/cgi-bin/lookup.cgi?query=61.129.102.51 I think being listed Spamcop is pretty insignificant here. -- | Ric | From nospam at fuck-off-and-die.com Thu Jun 2 15:39:18 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 04:55:29 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: Alfred, , the obese, rectal flake, and employee who sweeps the floor, hee-hawed: > Web: http://www.china-ken.com AAARRRRGGGHHHHH!!!! I'm blind! I'm blind! From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:23:52 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:25:10 2005 Subject: [SpamCop-List] [MEDIA] ICANN approves .xxx domain names Message-ID: http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 quote: "CM contends the "xxx" web addresses, which it plans to sell for $60 a year, will protect children from online smut if adult sites voluntarily adopt the suffix so filtering software used by families can more effectively block access to those sites. The $60 price is roughly ten times higher than prices other companies charge for dot-com names." The key here is "voluntary". Somehow I heavily doubt that those sites involved in spamming will go for this domain name. Particularly since it would be easy to simply dev/null any spam with the .xxx domain name. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 2 13:35:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 08:40:03 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in news:d7mavo$iq4$1@news.spamcop.net: > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send > emails, it's always returned. This IP is innocent, please remove it > from your list. > > 61.129.102.51 > > -- > Alfred CHEN Yanfei > Manager of No. 2 Overseas Operation Dept. > ----------------------------------------- > Global Marketing Center > SHANGHAI KEN TOOLS CO. LTD. > #5 Xinrong Rd., Xinqiao Town > Songjiang District, Shanghai > 201612 P. R. China > Web: http://www.china-ken.com > > According to this: http://www.spamcop.net/w3m?action=checkblock&ip=61.129.102.51 Spamcop does not have the IP address listed. But Spamcop is the least of your troubles.. http://www.moensted.dk/spam/?addr=61.129.102.51&Submit=Submit China is listed on several blacklists. Meaning it will be extremely difficult trying to remove that IP address. Particularly from here: http://spews.org/html/S2632.html From Kilgallen at SpamCop.net Thu Jun 2 08:40:48 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 08:45:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , Blammo writes: > Yea, I know, I don't read spam, but this had unusual headers for one that > originated from a Hanaro IP. > > The message plays on the (apparent) extreme stupidity of some people, > offering the undoubtedly virus-laden "anti-spyware tool", but this one has > the added feature of removing that dreaded ShareWare as well... One of the reasons for not posting spam in this newsgroup is so the rest of us don't have to (start to) read your spam. We all get enough of our own. From nospam at fuck-off-and-die.com Thu Jun 2 19:29:37 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 08:45:05 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: <1d2c5d5337b24490a82aed6e2afb7eea@you.double-faced-tempest-swept-boxer.net> Larry Kilgallen, , the tuberculate, anaemic measle, and prison warder and gaol keeper, cackled: > In article , Blammo > writes: >> Yea, I know, I don't read spam, but this had unusual headers for one >> that originated from a Hanaro IP. >> >> The message plays on the (apparent) extreme stupidity of some people, >> offering the undoubtedly virus-laden "anti-spyware tool", but this >> one has the added feature of removing that dreaded ShareWare as >> well... > > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. He was illustrating a humorous point, you fucking stupid, humourless cunt. From nospam at fuck-off-and-die.com Thu Jun 2 20:02:07 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Thu Jun 2 09:20:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: <73af851bef4a44409c735793a571cc27@you.obscure-stiffened-fish.com> Blammo, , the perplexed, pesky honky, and pickled herring packer, evangelised: > I never report other people's spam, I'm tempted to but it's not my > spam and I never know if it may be something they subscribed to. Is that an admission that you read other people's emails? [Insert "my box, my rules, yadda yadda yadda" here] From nobody at spamcop.net Thu Jun 2 06:51:07 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 2 09:20:07 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: "Alfred" wrote in message news:d7mavo$iq4$1@news.spamcop.net... > Dear sirs, > > I applied a commercial mail server at chinadds.com, but while I send emails, > it's always returned. This IP is innocent, please remove it from your list. > > 61.129.102.51 > IP 61.129.102.51 is not listed in the SpamCop blocklist; it delisted: 5/26/2005 9:30:06 PM -0400 Ellen SpamCop From eddie at eddie.web Thu Jun 2 12:25:39 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following reporting > address > Reporting addresses: > s_mal@informtelecom.ru > Update: This morning it was 70% of the URLs that managed to escape the SC parser in this same way. When all the spammers catch on and the level is 100% will that make this bug a higher priority? I no longer do multiple refreshes "in the hopes" of SC eventually catching the URL. I simply skip on to the next piece of spam. Those reporting in bulk probably never notice this bug. -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Thu Jun 2 12:27:35 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 11:30:09 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: On Thu, 02 Jun 2005 12:23:52 +0000, Redstone scratched out the following: > http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 > > > quote: > > "CM contends the "xxx" web addresses, which it plans to sell for $60 a > year, will protect children from online smut if adult sites voluntarily > adopt the suffix so filtering software used by families can more > effectively block access to those sites. The $60 price is roughly ten > times higher than prices other companies charge for dot-com names." > > > The key here is "voluntary". Somehow I heavily doubt that those sites > involved in spamming will go for this domain name. Particularly since it > would be easy to simply dev/null any spam with the .xxx domain name. why would whitehouse.com, for example switch to whitehouse.xxx? Why would a pornographer do anything that is "voluntary?" That's like asking a criminal to register his gun if he has the time :) -- Once movie theaters gave out steak knives Today they confiscate them From devnull at spamcop.net Thu Jun 2 12:28:46 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Jun 2 11:35:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "Redstone" | http://www.wired.com/news/culture/0,1284,67716,00.html?tw=wn_tophead_4 | | quote: | | "CM contends the "xxx" web addresses, which it plans to sell for $60 a | year, will protect children from online smut if adult sites voluntarily | adopt the suffix so filtering software used by families can more | effectively block access to those sites. The $60 price is roughly ten times | higher than prices other companies charge for dot-com names." | | | The key here is "voluntary". Somehow I heavily doubt that those sites | involved in spamming will go for this domain name. Particularly since it | would be easy to simply dev/null any spam with the .xxx domain name. $60 per year is chum change. If I were doing that business I'd have duplicate registrations. One I could span the h*ll out of and one that for those who were seeking porn. that way I'd get them going and coming ... or is it coming and coming? (D&R) My question: if the registration process is 'intended' to be a service how come the $60 reg rate? can we spell -profit center- ? From wb8tyw at qsl.network Thu Jun 2 12:20:19 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Jun 2 12:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: In article , eddie writes: > On Wed, 01 Jun 2005 11:36:47 -0400, eddie scratched out the following: > > Update: > This morning it was 70% of the URLs that managed to escape the SC parser > in this same way. When all the spammers catch on and the level is 100% > will that make this bug a higher priority? A spot check of the URLs that spamcop.net does not resolve when I report them reveals that about 10% of them do not resolve by other means. The remaining 90% resolve to a source already listed by the sbl.spamhaus.org. I do not have a large sample, but the trend is pretty convincing. Note that a spot check of the URLs that do resolve generally shows that they are also listed in the sbl.spamhaus.org. A web host with listings in the sbl.spamhaus.org is probably not going to do anything to disconnect their pet spammer regarless of how many spamcop.net or other larts that they receive. The sbl.spamhaus.org is probably used by far more mail server and router owners than the bl.spamcop.net is. In addition, the spamhaus.org site is now posting something about having a list of I.P. ranges suitable for blocking at the router. Which means that none of those spammer web sites are accessable to the networks that take advantage of it. > I no longer do multiple refreshes "in the hopes" of SC eventually catching > the URL. I simply skip on to the next piece of spam. Those reporting in > bulk probably never notice this bug. The reports to the web hosts are mainly feeding internal spamcop statistics. As they are not feeding any blocking list, there is no teeth behind the larts. There have been posts from network owhers where one of these reports has alerted them to a zombie on their networks. There may be a case for not sending LARTs to sbl.spamhaus.org listed I.P. addresses. It is possible that the only thing being done with them is passing them through to the spammers who are using them to estimate how much of their spew made it through a mail server's filters. Most likely they are simply deleted unread as soon as they hit the mail server. -John wb8tyw@qsl.network Personal Opinion Only From jr70 at blackhole.invalid Thu Jun 2 11:51:47 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 13:55:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.01.15.36.46.675000@eddie.web... > The "bug" that causes SC's parser to skip reporting a URL even though it > sort-of finds it is now more than 50% of my daily spam. At what point does > it become important enough to warrant an investigation? > Just curious. > As a refresher, this is what the "bug" looks like > > Finding links in message body > Recurse multipart: > Parsing HTML part > Parsing text part > > Resolving link obfuscation > http://www.jnaz.net/world/ > http://www.jnaz.net/un.php > > Please make sure this email IS spam: > > there should be something between these last two lines: either a cannot > resolve or a time out or something -but not just a blank line > > jnaz.net parses perfectly normally, manually with the following > reporting address > Reporting addresses: > s_mal@informtelecom.ru > > It's as if the software spins out a thread to look up the DNS and > reporting address and the main program forgets about the thread and > continues on its merry way. But that's only a guess. I've been reporting this situation for months, but no one in the SC hierarchy seems very interested in it, only to the extent of making weak excuses. Something is seriously wrong. -- John Richards From jr70 at blackhole.invalid Thu Jun 2 11:59:40 2005 From: jr70 at blackhole.invalid (John Richards) Date: Thu Jun 2 14:00:03 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: "ThePulse" wrote in message news:d7lsn2$bdf$1@news.spamcop.net... >I must say that reporting spam via SC is really a pain. Don't get me wrong, > I love knowing that I'm taking a bite out of spam just as much as the next > guy. But since I report spam coming into our servers for customers as well > as myself, I need to be able to report about 100 pieces of email at a time. > > I'm currently sending them as an attachment, which I guess is the quickest > way possible, but having to click through each one on the website takes > about an hour. I don't have that kind of time to spend each day, it's just > impossible. > > Is there hope? I report only spam that has managed to slip through my ISP's spam filters. That way the numbers are still manageable (about 12 per day). If my ISP's filter catches and tags it, I figure that it's a known spammer not requiring further reporting. -- John Richards From nttp.sc.s at bigsleep.org Thu Jun 2 19:05:25 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 14:10:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 02 Jun 2005 Larry Kilgallen entered spamcop and left news:UhBky5HTBT09@eisner.encompasserve.org: > One of the reasons for not posting spam in this newsgroup is so the > rest of us don't have to (start to) read your spam. We all get enough > of our own. > And you only pick on me, if you love me, why don't you just come out and say it? -- | Ric | From eddie at eddie.web Thu Jun 2 15:11:58 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 14:15:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 10:51:47 -0700, John Richards scratched out the following: > "eddie" wrote in message > news:pan.2005.06.01.15.36.46.675000@eddie.web... >> The "bug" that causes SC's parser to skip reporting a URL even though it >> sort-of finds it is now more than 50% of my daily spam. At what point >> does it become important enough to warrant an investigation? Just >> curious. > > I've been reporting this situation for months, but no one in the SC > hierarchy seems very interested in it, only to the extent of making weak > excuses. Something is seriously wrong. Yes, I agree. But SC only cares if we report the sender. They don't care about the URLs, as has been pointed out before, even though I consider that caveman 20th century thinking, and backwards at that. If you "follow the money" you hit the URL first, not the spammer which is usually a moronic user with a zombie that will be quickly replaced. The URL is the key to killing spam. My suggestion, and I am seriously considering it, is to cancel any spam that does not parse properly. Repeatedly hitting the refresh to do SC's work is not what I get paid for. SC gets paid for their blockling lists, so by refusing to report anything if the parser fails will eventually get somebody's attention at SC because of the drop in reports. If a spammer is smart enough to figure out a way around the system, I acknowledge his intelligence and dilligence and even though I don't like spam, I might give him a pass for being clever. Otherwise, SC might never do anything. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at spamcop.net Thu Jun 2 16:05:56 2005 From: nobody at spamcop.net (indigo) Date: Thu Jun 2 15:10:03 2005 Subject: [SpamCop-List] Opinions wanted on Plaxo email service Message-ID: A friend of mine sent me a "request for personal info update" from Plaxo. I gave him my updated contact info (home address, phone numbers, etc.) but emailed it back to him, not thru Plaxo (if you hit "reply" the email goes to Plaxo, not your buddy). After a quick google search these two sites popped up in the first 4 sites listed and I did not like what I read. Opinions? Am I being over paranoid? I think not........ http://www.plaxo.com/css/about/wsj_20040227.html http://www.dynamoo.com/diary/plaxo-bebo-spam-spyware.htm From MikeE at ster.invalid Thu Jun 2 13:27:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 15:30:04 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Yes, I agree. But SC only cares if we report the sender. They don't > care about the URLs, as has been pointed out before, even though I > consider that caveman 20th century thinking, and backwards at that. > If you "follow the money" you hit the URL first, not the spammer > which is usually a moronic user with a zombie that will be quickly > replaced. The URL is the key to killing spam. The problem isn't that it isn't a good idea to do something about spamvertisers.... ... the problem is that the most common result of SC finding the url, resolving it to an IP, and notifying the provider for that IP block is not the result which you might wish. The most common result of a successful notify is that SC is sending a copy of the spam to a blackhat unresponsive provider. That is not a big plus, and it is sometimes accompanied by the spam containing unique content identifying the recipient/s. The other result is that nothing happens to the url except that it gets listed on the stats page for the sc-surbl scrape. If SC were notifying whitehat providers, the notify would have some value. Since that is rarely the case, the absence of the SC notify is very little loss. > My suggestion, and I am seriously considering it, is to cancel any > spam that does not parse properly. Repeatedly hitting the refresh to > do SC's work is not what I get paid for. I don't think hitting refresh is a good use of resources. It very very often wastes both your time and the parser resources. > SC gets paid for their > blockling > lists, so by refusing to report anything if the parser fails will > eventually get somebody's attention at SC because of the drop in > reports. SC isn't going to notice your failure to report amongst the millions of reports. It might not even notice 'a bunch' of standard reporters because of the 'weight' of the combination of spamtraps and quick reporters, neither of which are notifying spamvertiser providers. > If a spammer is smart enough to figure out a way around the > system, I acknowledge his intelligence and dilligence and even though > I don't like spam, I might give him a pass for being clever. > Otherwise, SC might never do anything. Your strategy for motivating SC to do something different about this isn't going to change whatever Julian is doing and thinking about. Personally, I would rather see the parser work differently, too. I would rather see it find the urls and offer to devnull [or not devnull] all of the spamvertisers and not even bother with trying to resolve them [as a reporter selected option.] Then, all of the spamvertisers which aren't IBs to the reporter would be getting onto the stats page. And the parser wouldn't be wasting its resources trying to deal with the resolution problem which just leads to a notify problem anyway. -- Mike Easter kibitzer, not SC admin From Kilgallen at SpamCop.net Thu Jun 2 15:43:25 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 2 15:45:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: <9SDQ96zXefPJ@eisner.encompasserve.org> I think they are still spammers, just as they were a year or so ago. From nttp.sc.s at bigsleep.org Thu Jun 2 21:05:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 16:10:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: This post subject should probably read "Spammer offers App to remove shareware from your computer?" Larry's post brings up an interesting thought... Why he read my post Why he thought it was spam Why he took the time to complain I used the best subject I could think of at the time, however it could be considered a valid question, then when one reads it they get annoyed that it's not a question at all. That goes to show how Larry got fooled into reading the message based on the subject, how I got fooled into reading the spam I posted about, and how some can get fooled into responding to spam. This type of "sympathy spam" is designed to trick you into reading the entire message, to better convince you. The written word is given more weight, probably because of the processes involved in converting a group of words into an idea. So we have to retrain our minds into recognizing a group of words as bullshit, especially when trying to recognize spam. Now I started to read this spam because of the unusual headers, and only continued to read it because of the way it was written, as I pointed out. Most won't be looking at the headers, but will have to mentally rate it as bullshit (or not), based on their own bullshit system. Those who are fooled likely don't realize how harmful this type of spam can be. This is the (mostly intentional) point of my post. Or maybe Larry is reading every single post, or every one of my posts. -- | Ric | From MikeE at ster.invalid Thu Jun 2 14:35:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 16:40:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Blammo wrote: > The written word is given more weight, probably because of the > processes involved in converting a group of words into an idea. So we > have to retrain our minds into recognizing a group of words as > bullshit, especially when trying to recognize spam. > Now I started to read this spam because of the unusual headers, and > only continued to read it because of the way it was written, as I > pointed out. I think your point is akin to a 'situation' or disagreement which I run into in alt.spam and to a lesser extent over here. I'm trying to sell a 'basic' to the 'masses' about not reading spam subject lines, and not opening spam to find out if it is spam or to see what it sez, and most importantly not doing any of that insecurely or 'interestedly'. Not only do I think the 'masses' shouldn't be reading their spam subjects or opening their spams, I don't even think [most/all] spamfighters should be reading their spams either. Once upon a time when I manually moved my crudely message ruled spam from my Inbox to my Junk folder I never opened spam but I read more spam subjects and Froms and also I might have to examine an item from its message properties to determine something about it. But not open it and not 'read' it for curiosity or to see 'what the spammers are doing now'. In my little game, the spammer gets all of the points if s/he gets you to read a spam to find out what it is about, or gets you to open a spam by misleading or 'catching' you with its subject, which you shouldn't have been reading that way in the first place Nowadays I very rarely manually move a spam, and all of my spams have been combed and inspected by SpamPal, so they have SP headers. So, there is absolutely no need to investigate an item to find out if it is spam or not, it has already been investigated. If I want to look at something, I can look at its headers while it is being SC reported. So, I'm always trying to get people to not read their spam; and I also think that spamfighters are guilty of reading spam when they shouldn't. Some people in alt.spam misunderstand me about that.. People, including spamfighters, make up all kinds of 'excuses' about why they need to read spam; but the fact of the matter is that they actually don't. They read spam because they want to read spam. In my little game of keeping score, we call spamreaders 'losers'. [That ought to get some people outraged.] So I'll put a smiley way over here :-) -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Thu Jun 2 21:46:44 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 16:50:02 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: On 02 Jun 2005 indigo entered spamcop and left news:d7nlal$9gf$1@news.spamcop.net: > A friend of mine sent me a "request for personal info update" from > Plaxo. I gave him my updated contact info (home address, phone > numbers, etc.) but emailed it back to him, not thru Plaxo A client also asked me about Plaxo, I replied with pretty much the same thing as what the Dynamoo site said. About a week after that discussion the client started getting flooded with ROKSO spam, some contain the client's name and address (not their company). This may be a coincidence, but we haven't yet been able to find any explanation, this address is not one they would be giving out, as in a reply to the eMail. -- | Ric | From dfm2a3l0t2 at spymac.com Thu Jun 2 17:50:53 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Thu Jun 2 16:55:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: In article , eddie wrote: > why would whitehouse.com, for example switch to whitehouse.xxx? > Why would a pornographer do anything that is "voluntary?" That's like > asking a criminal to register his gun if he has the time :) Because the .xxx domain gives sites that are _just_ porn sites legal cover. They can say to parents who might complain that all they have to do is filter out .xxx to protect the kiddies. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From usenet2 at DE.LETE.THISljvideo.com Thu Jun 2 22:01:58 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Thu Jun 2 17:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Waiving the right to remain silent, Kilgallen@SpamCop.net (Larry Kilgallen) said: > In article , Blammo > writes: >> Yea, I know, I don't read spam, but this had unusual headers >> for one that originated from a Hanaro IP. >> >> The message plays on the (apparent) extreme stupidity of some >> people, offering the undoubtedly virus-laden "anti-spyware >> tool", but this one has >> the added feature of removing that dreaded ShareWare as >> well... > > One of the reasons for not posting spam in this newsgroup is so > the rest of us don't have to (start to) read your spam. We all > get enough of our own. Geeze, dude. Find some joy in your life... -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From glnews030922 at highspot.net Thu Jun 2 23:09:05 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Thu Jun 2 17:10:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service In-Reply-To: References: Message-ID: indigo wrote: > A friend of mine sent me a "request for personal info update" from Plaxo. I > gave him my updated contact info (home address, phone numbers, etc.) but > emailed it back to him, not thru Plaxo (if you hit "reply" the email goes to > Plaxo, not your buddy). After a quick google search these two sites popped > up in the first 4 sites listed and I did not like what I read. Opinions? Am > I being over paranoid? I think not........ I haven't seen any reports of them abusing the information they have and their privacy policy says they will never sell your information to third parties. That said, any privacy policy isn't worth the paper it's printed on. They can change it any time they feel like it. Last time I checked, they only offered a free service, with plans to offer a corporate paid service in the future. Beware of corporations without a revenue stream holding your personal information. No evidence of them abusing the data they hold, but if anyone sent me a request through Plaxo, I'd ask them to remove all my information from the site on principal. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From eddie at eddie.web Thu Jun 2 18:07:33 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 17:10:08 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 12:27:21 -0700, Mike Easter scratched out the following: snip >> If a spammer is smart enough to figure out a way around the system, I >> acknowledge his intelligence and dilligence and even though I don't like >> spam, I might give him a pass for being clever. Otherwise, SC might >> never do anything. > > Your strategy for motivating SC to do something different about this isn't > going to change whatever Julian is doing and thinking about. > > Personally, I would rather see the parser work differently, too. I would > rather see it find the urls and offer to devnull [or not devnull] all of > the spamvertisers and not even bother with trying to resolve them [as a > reporter selected option.] Then, all of the spamvertisers which aren't > IBs to the reporter would be getting onto the stats page. And the parser > wouldn't be wasting its resources trying to deal with the resolution > problem which just leads to a notify problem anyway. While I agree that I am just a drop in the ocean, I no longer feel that I am accomplishing anything by reporting spam that SC cannot handle properly. Once again, these URLs parse perfectly when manually copied into the SC parser - - they only fail when the rest of the SC software is running. I will leave the spam reporting to the other people and I have already begun canceling any spam with this error - neither the URL nor the orginator the the spam are notified or added to any list. It saves me lots of time and I will now consider SC more of an anti-spam filter than a method to reduce global spam until this bug is fixed. The fact is that if everone did what I have started to do, SC would indeed fix it immediately, so I know I am doing the right thing, even if it is not very effective. After all, if the SC parser breaks when finding a URL, how can I trust that it found the right reporting address for the spam itself? Yes I know that's very sarcastic, but it's also true. -- Once movie theaters gave out steak knives Today they confiscate them From nttp.sc.s at bigsleep.org Thu Jun 2 22:09:03 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 17:10:13 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 02 Jun 2005 Mike Easter entered spamcop and left news:d7nqhr$d4b$1@news.spamcop.net: > Nowadays I very rarely manually move a spam, and all of my spams have > been combed and inspected by SpamPal, so they have SP headers. So, > there is absolutely no need to investigate an item to find out if it is > spam or not, it has already been investigated. If I want to look at > something, I can look at its headers while it is being SC reported. That's true for me as well, but some get by all the filters, and this one was not fed to Spamcop. We still need to use our bullshit detector on the ones that slip past, since computers aren't very good at detecting bullshit. This is especially important for those who allow their ISP to decide what they can read, and think that anything not tagged is "approved". I get inquiries asking "is this eMail legit", I usually don't even have to go past the first couple headers. If that fails or there are no headers supplied, the bullshit detector comes into play. -- | Ric | From MikeE at ster.invalid Thu Jun 2 15:26:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 17:30:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Once again, these URLs parse perfectly when manually > copied into the SC parser - - they only fail when the rest of the SC > software is running. Yabbut, part of what we are arguing about or discussing is that even if SC were to have resolved the url to the IP and offered to report to that corresponding provider, the most likely thing is that it would *not* have been a 'good' notify. Many many of SC's notifies are not healthy notifies. You are unhappy because the parser is doing a bad job and not making bad notifies. It seems to me like that frustration is misplaced. It seems that it would be better to either be frustrated because the parser/notifier determiner is not well configured to resolve the URLs to IPs, determine which of the 'standard' configuration notifies would be bad notifies and notify differently or not at all about them while putting the URL on the stats page -- OR -- be frustrated [like me] because the parser notifier does all kinds of whacky things on its way to offering to make a bad notify or pukes on the resolution, both of which are most likely going to lead to no posting of the url on the stats page for my report. But instead, you are frustrated because you want SC to be making a bad notify. I can assure you that you are not going to teach those bad ol' spamvertisers a lesson by burying their blackhat unresponsive providers in SC notify mail. Those unresponsive blackhats are going to be either devnulling the SC reports or using them to their own advantage. You are not helping the spamfighter cause by sending those notifies. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Thu Jun 2 21:08:51 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 20:10:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Thu, 02 Jun 2005 14:26:04 -0700, Mike Easter scratched out the following: > eddie wrote: >> Once again, these URLs parse perfectly when manually copied into the SC >> parser - - they only fail when the rest of the SC software is running. > > Yabbut, part of what we are arguing about or discussing is that even if SC > were to have resolved the url to the IP and offered to report to that > corresponding provider, the most likely thing is that it would *not* have > been a 'good' notify. > > Many many of SC's notifies are not healthy notifies. You are unhappy > because the parser is doing a bad job and not making bad notifies. No - the parser would be making good notifies because if I put the URL into the parser manually I get the correct notify address which I have checked on several occasions independently. The parser is simply failing when parsing the entire spam but not when parsing the URL as a separate item. This can only be a bug. If one refreshes the browser a few times, SC might "find" the reporting address as it normally does. The notify is as healthy as any other notify. Lately SC is larting zombies and ignoring the source of the zombies, the website. That's backwards. You kill a snake by cutting off its head, not its tail :) I just think SC programmers are doing other things these days. No big deal, it happens to all companies. And I am doing what I choose to do, which is only report full parses or parses where the message "cannot resolve ..." appears. This is understandable, but simply leaving a blank line as my example shows is a problem in synchronizing threads or something similar. It's a software bug - period. Nothing to do with health of notification. -- Once movie theaters gave out steak knives Today they confiscate them From cquinc at hotmail.com Thu Jun 2 19:15:59 2005 From: cquinc at hotmail.com (Quin) Date: Thu Jun 2 21:20:03 2005 Subject: [SpamCop-List] How do I submit my spam to spamcop? Message-ID: Hi, I know this isn't rocket science but I have registered with the site spamcop.net and logged in and then find a form to fill out with the instructions: Forward your spam to: submit.blah blah blah@spam.spamcop.net or: Paste entire spam (headers, blank line, body) - or - single address (one line only): I do not seem to get the type of response I expect. The email I signed up with was a hotmail account and it does not get any response. I thought I was suppost to get some sort of a letter to forward to the spammer ISP. Once I did get an addressed letter with no body information. Also should I not be able to just use the submit.blah blah blah@spam.spamcop.net adress to forward spam to? Then should I get some sort of response as to who to contact with the complaint? Does spamcop just send the complaint without my review? Reading the FAQ mostly just covers stuff like what is spam etc. Not what to expect from this site! Thanks! From nttp.sc.s at bigsleep.org Fri Jun 3 02:38:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 21:40:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 02 Jun 2005 Quin entered spamcop and left news:d7ob03$mtf$1@news.spamcop.net: > I do not seem to get the type of response I expect. The email I > signed up with was a hotmail account and it does not get any response. > I thought I was suppost to get some sort of a letter to forward to > the spammer ISP. Once I did get an addressed letter with no body > information. > The address you sign up with is the address spamcop replies to when you forward spam to "blah blah blah" address. Also this is your login name. > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get > some sort of response as to who to contact with the complaint? Does > spamcop just send the complaint without my review? > Close, but no cigar. You can forward spam as (single or multiple) attachments to the "blah blah blah" address, and then Spamcop replies with an eMail providing links to each report, where you can then review the report before sending it. Spamcop sends the reports for you, so you can report anonymously if you wish. This is known as "munging", where the Spamcop parser tries to hide your eMail address or anything that may contain that address (based I believe on the To: and Cc: headers, and possibly other headers), so that it isn't revealed in reports sent to providers and ISPs. Login to your Spamcop account and under Preferences you'll see where you can change these options. Some mail programs and some web mail programs can not forward complete original eMails. I know that mail.com works very well with Spamcop, not sure about any others. If you can't forward spam this way then one option is to login to Spamcop and past it into the submit box, that is assuming you can view the original message source, which also isn't often an option in web mail. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 03:04:48 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 22:05:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 02 Jun 2005 eddie entered spamcop and left news:pan.2005.06.03.00.08.51.521000@eddie.web: > This is understandable, but simply leaving a blank > line as my example shows is a problem in synchronizing threads or > something similar. We have talked about this before (and no I haven't checked the forum discussion on this, if that says anything new), and I have said something similar before: this isn't necessarily a bug, perhaps a "feature", though an unwanted one, that there is no output. The lack of output makes us wonder what's happening, timing out? not resolving? enough reports on this URL? skipping over a potential bug? The lack of a message there could simply mean there is no message. When I use grep on FreeBSD, and there is no match, it says nothing at all. Also it's been mentioned that the single line parser is different than the full parser. This is obvious because the output is completely different. I'm only disagreeing on your analysis of a "bug". You may be correct, but it's impossible for us to know. -- | Ric | From MikeE at ster.invalid Thu Jun 2 20:10:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 2 22:15:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: eddie wrote: > Mike Easter >> Many many of SC's notifies are not healthy notifies. You are unhappy >> because the parser is doing a bad job and not making bad notifies. > > No - the parser would be making good notifies because if I put the URL > into the parser manually I get the correct notify address which I have > checked on several occasions independently. When I say a 'bad' notify or an 'unhealthy' notify, I don't mean it isn't correct from the algorithm's point of view. I mean the algorithmic determination of the notify isn't 'desirable'. If the result of the notify is that it is going to a blackhat or an unresponsive provider, such as is listed in spews or spamhaus, that isn't a desirable notify regardless of whether the algorithm determines it from being put in independently or as a part of a spam. > The notify is as healthy as any other notify. I'm saying that a very very high percentage of SC derived spamvertiser notifies are unhealthy. The only kind of healthy notify would be a notify to a provider which has demonstrated to be more whitehat than blackhat. I don't think we are arguing the same point. If you name an example of a spamvertised URL, and how SC would notify for it, I'll describe to you what I mean, ie what is the problem with that notify -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Jun 2 22:44:52 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Jun 2 22:45:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns9669C2268758blammo@216.154.195.61... > > We have talked about this before (and no I haven't checked the forum > discussion on this, if that says anything new), Nothing 'new' over there ... Mike Easter has pointed out the links a few times now, one of which included my blurb, his blurb, and the eventual blurb I got Don to offer (and that was a modified bit of a blurb from Ellen) ... As pointed out here, there, everywhere, the only person that actually "knows" what's going on is Julian, and his posting of the "inside details" hasn't been an item of celebration in years. > Also it's been mentioned that the single line parser is different > than the full parser. This is obvious because the > output is completely different. I've pointed that out numerous times, but apparently those that don't do code can't seem to get a handle on that concept. The only connection between the single-line entry mode and the spam parse is that the single-line entry point was merged into the using the same form/window .... perhaps a bit of history might help or at least show the concept .... http://forum.spamcop.net/forums/index.php?showtopic=4162&view=findpost&p=28223 From nttp.sc.s at bigsleep.org Fri Jun 3 04:01:35 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 2 23:05:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 02 Jun 2005 WazoO entered spamcop and left news:d7og74$pm6$1@news.spamcop.net: > The only connection between the single-line entry mode and the > spam parse is that the single-line entry point was merged into > the using the same form/window They actually don't output the same form unless there is "nothing to do". -- | Ric | From eddie at eddie.web Fri Jun 3 00:06:17 2005 From: eddie at eddie.web (eddie) Date: Thu Jun 2 23:10:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Fri, 03 Jun 2005 02:04:48 +0000, Blammo scratched out the following: > On 02 Jun 2005 eddie entered spamcop and left > news:pan.2005.06.03.00.08.51.521000@eddie.web: > >> This is understandable, but simply leaving a blank line as my example >> shows is a problem in synchronizing threads or something similar. > > We have talked about this before (and no I haven't checked the forum > discussion on this, if that says anything new), and I have said something > similar before: this isn't necessarily a bug, perhaps a "feature", though > an unwanted one, that there is no output. The lack of output makes us > wonder what's happening, timing out? not resolving? enough reports on this > URL? skipping over a potential bug? The lack of a message there could > simply mean there is no message. When I use grep on FreeBSD, and there is > no match, it says nothing at all. Also it's been mentioned that the single > line parser is different than the full parser. This is obvious because the > output is completely different. > > I'm only disagreeing on your analysis of a "bug". You may be correct, but > it's impossible for us to know. My new rule is that if the parser returns an unexpected result, in this case a skipped line with no clue as to why, as in the example I posted earlier in this thread, the entire parse is suspect and I simply cancel the report completely, rather than send a partial one. If the parser simply said "I give up" or something to let me know what happened, I would send the report; but since it is obviously missing something, I kill it. -- Once movie theaters gave out steak knives Today they confiscate them From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:35:34 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:40:03 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "Frog Prince" wrote in news:d7n8t4$2h0$1@news.spamcop.net: > > $60 per year is chum change. If I were doing that business I'd have > duplicate registrations. One I could span the h*ll out of and one > that for those who were seeking porn. > > that way I'd get them going and coming ... or is it coming and coming? > (D&R) > Makes sense. Meaning this volunteer thing will not in any way stem the tide of porn spam. (Unless of course these porn sites are forced by law into accepting the .xxx domain.) > My question: if the registration process is 'intended' to be a > service how come the $60 reg rate? can we spell -profit center- ? > Major profits particularly with the money porn sites can draw in. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:37:46 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:40:07 2005 Subject: [SpamCop-List] Re: [MEDIA] ICANN approves .xxx domain names References: Message-ID: "D.F. Manno" wrote in news:dfm2a3l0t2- D6E7FB.16505302062005@news.cesmail.net: > >> why would whitehouse.com, for example switch to whitehouse.xxx? >> Why would a pornographer do anything that is "voluntary?" That's like >> asking a criminal to register his gun if he has the time :) > > Because the .xxx domain gives sites that are _just_ porn sites legal > cover. They can say to parents who might complain that all they have to > do is filter out .xxx to protect the kiddies. That would make it easier on the legal side regarding descency laws. But see Frog Princes hypothesis of what might happen. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 3 04:49:33 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 2 23:50:04 2005 Subject: [SpamCop-List] Response from Kornet Message-ID: Received this in response to a LART I sent earlier today: "This is Kornet Abuse Team of KT in Seoul We received your request of sending spam mails through our domain. As we recognize the complaint, we are trying to figure it out as soon as possible with our clients. Our domain is one of those who have many spammers, but most of our clients are not the real spammer but has been appropriated by spammers(ex. Open Relay..) Therefore we are always trying to protect our clients and work together to be free with spam.. Thank you for your request and please work with us till coming online world with our spam!!" I know that it can be difficult for those from other countries to write english.. but the last sentence threw me for a loop. :-) From nobody at spamcop.net Fri Jun 3 00:59:56 2005 From: nobody at spamcop.net (Dave Lerner) Date: Fri Jun 3 00:00:02 2005 Subject: [SpamCop-List] Re: Response from Kornet In-Reply-To: References: Message-ID: Redstone wrote on 06/02/2005 11:49 PM: > "This is Kornet Abuse Team of KT in Seoul > We received your request of sending spam mails through our domain. > As we recognize the complaint, we are trying to figure it out as soon as > possible with our clients. Our domain is one of those who have many > spammers, but most of our clients are not the real spammer but has been > appropriated by spammers(ex. Open Relay..) Therefore we are always trying > to protect our clients and work together to be free with spam.. Thank you > for your request and please work with us till coming online world with our > spam!!" > > > I know that it can be difficult for those from other countries to write > english.. but the last sentence threw me for a loop. :-) I think it means "All our spam are belong to you." From steve at prolynx.com Thu Jun 2 23:18:44 2005 From: steve at prolynx.com (Steve Sybesma) Date: Fri Jun 3 00:20:02 2005 Subject: [SpamCop-List] automation Message-ID: Hello, I'm new to this group. I would like to know how I can automate Outlook Express 6 in such a way as to right click on the highlighted messages I want to report, and have one of the context menu selections be "Forward As Attachment to SpamCop, then Send and Delete" so that the entire operation is done with only one click. This would make reporting spam exactly as easy as deleting the spam so that there would be no temptation to just say "Oh, not today". Of course I'm lazy, but computers are all about how to make things easier anyway. I don't know how to write macros for Outlook Express to do this, and I don't even know if it's possible, but I sure would find it valuable. I would like not to have to use a separate 3rd party program which gets me away from using OE, which otherwise takes care of all my other e-mail needs quite nicely. Thanks, Steve Sybesma Thornton, CO From nobody at devnull.spamcop.net Fri Jun 3 00:21:05 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 00:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > > I do not seem to get the type of response I expect. One would then have to ask what you might have actually been "expecting" ...???? > The email I signed up > with was a hotmail account and it does not get any response. Have you checked the Bulk Mail folder? Yes, you should have received a 'registration' e-mail .. and in the future, any e-mail from the SpamCop system will arrive at that address, but whether it shows up in the InBox or Bulk Folder is a bit nebulous. > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get some > sort of response as to who to contact with the complaint? Does spamcop just > send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not what to > expect from this site! Yes, you can forward your spam to that address ... however, that forwarding action has some stipulations. As you didn't seem to find what you needed in the www.spamcop.net FAQ, perhaps the expanded and single-page sourced Forum FAQ might help ... for sure the experiences of others should help fill in some gaps .. http://forum.spamcop.net/forums/ From nobody at devnull.spamcop.net Fri Jun 3 00:25:31 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 00:30:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns9669CBC6C1895blammo@216.154.195.61... > On 02 Jun 2005 WazoO entered spamcop and left > news:d7og74$pm6$1@news.spamcop.net: > > > The only connection between the single-line entry mode and the > > spam parse is that the single-line entry point was merged into > > the using the same form/window > > They actually don't output the same form unless there is "nothing to do". Not sure where the misunderstanding comes in here ... In the past the single-line entry point was in a separate box ... that separate box disappeared, the logic slipped into a decision point on the data entered into the remaining 'form/window' .. if a single line of text, it uses the old single-item entry look-up code branch ... if there is a new-line/carriage return at the end of the first line of text, the spam parser is invoked. From nobody at devnull.spamcop.net Fri Jun 3 01:45:03 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 3 01:50:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > for sure the experiences of others should help fill in some gaps .. > http://forum.spamcop.net/forums/ Since others have commented on your posts about this, I'm starting to notice it more as well. Why push the original poster to go to the web forum when there are enough people here in the newsgroups with the skills and knowledge to help with this? It's almost like you're trying to turn newbies away from the newsgroups as if the newsgroups aren't helpful enough. From jr70 at blackhole.invalid Fri Jun 3 00:31:45 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri Jun 3 02:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d7nmil$akn$1@news.spamcop.net... > > The problem isn't that it isn't a good idea to do something about > spamvertisers.... > > ... the problem is that the most common result of SC finding the url, > resolving it to an IP, and notifying the provider for that IP block is > not the result which you might wish. The most common result of a > successful notify is that SC is sending a copy of the spam to a blackhat > unresponsive provider. That is not a big plus, and it is sometimes > accompanied by the spam containing unique content identifying the > recipient/s. If the URL is known to be owned by an unresponsive blackhat, SC needs to go up the food chain and send the report to the provider's provider. At some point a responsible entity will be reached who has the power and integrity to take corrective action. I sometimes get the feeling that SC doesn't want to make any waves or rock the boat. -- John Richards From Vangu at rd.invalid Fri Jun 3 02:58:37 2005 From: Vangu at rd.invalid (Vanguard) Date: Fri Jun 3 03:00:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Brian (SnSR)" wrote in message news:d7lsi5$bcv$1@news.spamcop.net... > Vanguard wrote: >>> Now that you've posted your 'secret' codes ... good luck on >>> getting things straightened out. Perhaps Ellen will pass through >>> here and take some pity ... >> >> >> Since Martin posted his secret code here (in the form of his username >> for his personalized submit e-mail address), shouldn't that qualify >> his account to get killed (so malcontents don't end up abusing his >> account)? Seems like Martin should be forced into creating a new >> account so now that he has been reminded to read the instructions >> then maybe he might comply with them. > > Let's not forget that we are all doing what we can, with what we know, > to help deal with spam. Well, maybe some of the trolls don't fit into > this category, but most of us do. > > We all have started from a place where we didn't know much about spam > or the process of reporting it. Let's try to help each other out > instead of being so critical and turning noobs away. > We are in this together. Don't make it hard for someone to join in. Don't get too carried away here (i.e., don't bend over so far backwards that we see your smile between your knees). If Martin only has a freebie account, he should have no qualms about simply abandoning the old one (and it gets killed by an admin) and starting a new account. I've done that before. It's really easy. The only "thing" lost would the statistics on the user's reporting history but I don't need the ego-bloat stat of how fast I am at submitting spam reports. Martin won't lose much from his old account if he hasn't used it much (i.e., how valuable is it to him to review his past submitted reports?). It's not like some valuable asset has been lost if Martin has to start a new *freebie* account. If, however, Martin does have a paid SpamCop account then he will probably want to work with the admins (who should also change his submit username since he publicly exposed it). So he made a mistake. If all he had was a freebie reporting account, start another one (and disable/kill the old one). Pretty quick to do. There is lots of "slack" simply because creating another freebie account is so easy. From Vangu at rd.invalid Fri Jun 3 03:09:16 2005 From: Vangu at rd.invalid (Vanguard) Date: Fri Jun 3 03:10:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have registered with the site > spamcop.net and logged in and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - or - single address > (one line only): > > I do not seem to get the type of response I expect. The email I > signed up with was a hotmail account and it does not get any response. > I thought I was suppost to get some sort of a letter to forward to the > spammer ISP. Once I did get an addressed letter with no body > information. > > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get > some sort of response as to who to contact with the complaint? Does > spamcop just send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not > what to expect from this site! > > Thanks! > > If you forward the spam to SpamCop (using your submit e-mail address to SpamCop), make sure you forward it as an *attachment*. Forwarding inline will strip out all the headers from the original spam and make your report worthless. Configure your Hotmail account to forward as attachment. That way, the attached file will be the original message with the headers included. If you use the web form to copy/paste in the spam message, you need to see ALL of the headers. I don't believe Hotmail has a toggle option to let you switch between a normal view and a view showing all the headers. You'll need to go into to your global options to configure your Hotmail account to show ALL headers. However, whether spam or not, you'll then see all the headers for every e-mail that you view. Yahoo has a per-message toggle that lets you switch between normal and all-header view but Hotmail does not (except as a global option). If you use the web form, the parsing is immediate and you get the parse page with the option to send your report (which gets sent from the SpamCop domain, not by you). That eliminates the delay in waiting to get the submission response e-mail from SpamCop (which gets lower priority and may take several minutes to arrive). However, the trade-off is the nuisance of having to copy the headers, paste them, and then copy the body and paste that (and you should be copying the HTML code for an HTML-formatted message, *not* the rendered version of the spam). If you forward the spam as an attachment, you have to wait for SpamCop to send back a submission reply e-mail which provides a link for you to click on to get to the parser and submit page. If you have spam filtering enabled in your Hotmail account, you might have to whitelist e-mails coming from SpamCop. From nobody at nowhere.invalid Fri Jun 3 11:20:17 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Jun 3 04:25:03 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: On Thu, 2 Jun 2005 15:05:56 -0400, indigo coughed into spamcop and left this in : > A friend of mine sent me a "request for personal info update" from Plaxo. > > {snip} > > I being over paranoid? I think not........ Put it this way: how do you feel about giving your personal information to an unknown 3rd party offering a "free" service hosted on Internap, one of the worst sewers on the Internet? How do they pay for their infrastructure? Advertizing most likely, which means that they're either going to spam you themselves (and get away with it scot-free because they're on Intercrap) or they're going to sell your address to an ethikul direkt marketer. I too have had similar requests and the first thing I did was reply to the individual with a very stern e-mail demanding that my details be removed from the plaxo databases. -- Steve "I once had a rose named after me and I was very flattered. But I was not pleased to read the description in the catalogue: No good in a bed, but fine up against a wall." -- Eleanor Roosevelt From nospam at fuck-off-and-die.com Fri Jun 3 15:05:17 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Fri Jun 3 04:25:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: <3f64511aa7b04d2a80fac478ceed1f5d@you.two-a-penny-bonkers-heifer.com> Mike Easter, , the chopfallen, maniacal hoof, and sandwich board man, dribbled: > Not only do I think the 'masses' shouldn't be reading their spam > subjects or opening their spams, I don't even think Indeed. From Ilgaz at spamcop.net Fri Jun 3 13:07:38 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Jun 3 05:10:30 2005 Subject: [SpamCop-List] Re: Please remove my IP from your spam list References: Message-ID: On 2005-06-02 15:35:34 +0300, Redstone said: > "Alfred" wrote in > news:d7mavo$iq4$1@news.spamcop.net: > Dear sirs, >> >> I applied a commercial mail server at chinadds.com, but while I send >> emails, it's always returned. This IP is innocent, please remove it >> from your list. >> 61.129.102.51 >> >> -- >> Alfred CHEN Yanfei >> Manager of No. 2 Overseas Operation Dept. >> ----------------------------------------- >> Global Marketing Center >> SHANGHAI KEN TOOLS CO. LTD. >> #5 Xinrong Rd., Xinqiao Town >> Songjiang District, Shanghai >> 201612 P. R. China >> Web: http://www.china-ken.com >> >> >> >> > According to this: > > http://www.spamcop.net/w3m?action=checkblock&ip=61.129.102.51 > > Spamcop does not have the IP address listed. > > But Spamcop is the least of your troubles.. > > http://www.moensted.dk/spam/?addr=61.129.102.51&Submit=Submit > > China is listed on several blacklists. Meaning it will be extremely > difficult trying to remove that IP address. Particularly from here: > > http://spews.org/html/S2632.html > > I think there is still a way if they are sending legit mails. I can't > name any site as I never needed such thing. Get mail service from a zero tolerance commercial mailing host. ZERO as (0!) and don't buy it from China of course :) Ilgaz ps: E.g. Samsung does it, they can't send product updates to legit users so they get such a service as they are a Korean company (eek!) From Ilgaz at spamcop.net Fri Jun 3 13:14:29 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Fri Jun 3 05:15:05 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On 2005-06-03 06:49:33 +0300, Redstone said: > Received this in response to a LART I sent earlier today: > > > "This is Kornet Abuse Team of KT in Seoul > We received your request of sending spam mails through our domain. > As we recognize the complaint, we are trying to figure it out as soon > as possible with our clients. Our domain is one of those who have many > spammers, but most of our clients are not the real spammer but has been > appropriated by spammers(ex. Open Relay..) Therefore we are always > trying to protect our clients and work together to be free with spam.. > Thank you for your request and please work with us till coming online > world with our spam!!" > > > I know that it can be difficult for those from other countries to write > english.. but the last sentence threw me for a loop. :-) Go to some printshop and let them make it a good print with frame since you are one of rare persons in World got some sort of reply :) As I said couple of times, Kornet, hananet should be taken to parliament or something and their system should be taken to custody and every machine should be disconnected if they have simplest virus even. Its way beyond end user reports etc. If it wasn't politics, I'd say they should disconnect the entire IP block from outside planet until its fixed. I am amazed as LG, Samsung type giants aren't taking action as they are korean companies. At some point, I bet their business is effected too. Ilgaz From nospam at fuck-off-and-die.com Fri Jun 3 18:56:07 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Fri Jun 3 08:15:11 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: <8368ded094ca471a9dbf8ea180462bf0@you.clattering-doddering-frock.org> Martin, , the campy, gangling skunk, and silkworm breeder, averred: > Can a deputy please sort out the NTL mailhosts, new mailservers > without proper hostnames have been added, tried re-adding them on my > mailhosts but the mailhosts just complain and wont update, now I have > lost my mailhosts completly for ntl. Can some rename them from Tesco > to NTL too. Heres the submision that spamcop mailhosts wont accept, always > worked > ok in the past;- > > Return-Path: > Received: from mta02-winn.ispmail.ntl.com (mta02-winn.ispmail.ntl.com > [81.103.221.42]) > by marti.mine.nu (8.12.6/8.12.6/SuSE Linux 0.6) with ESMTP id > j51GNvxm003289 > for ; Wed, 1 Jun 2005 17:23:57 +0100 > X-Envelope-From: service@admin.spamcop.net > Received: from aamta03-winn.ispmail.ntl.com ([81.103.221.35]) > by mta02-winn.ispmail.ntl.com with ESMTP > id <20050601162357.ZKWO19182.mta02-winn.ispmail.ntl.com@aamta03-winn.ispmail.nt l.com> > for ; Wed, 1 Jun 2005 17:23:57 +0100 > Received: from spamcop.net ([64.74.133.245]) > by aamta03-winn.ispmail.ntl.com with SMTP > id > <20050601162356.ZDWH11190.aamta03-winn.ispmail.ntl.com@spamcop.net> > for ; Wed, 1 Jun 2005 17:23:56 +0100 > X-SpamCop-Conf: 9sexhjZFc8O7NHr1 > Received: from [81.106.206.105, 82.3.32.71] by spamcop.net > with HTTP; Wed, 01 Jun 2005 16:23:53 GMT > From: SpamCop robot > To: x@ntlworld.com > Subject: SpamCop account configuration email > Precedence: list > Message-ID: > Date: Wed, 01 Jun 2005 16:23:53 GMT > X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; > .NET CLR 1.1.4322) > via http://www.spamcop.net/ v1.456 > X-Virus-Scanned: by AMaViS - amavis-milter (http://www.amavis.org/) > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > marti.mine.nu X-Spam-Level: *** > X-Spam-Status: No, score=3.4 required=5.0 tests=AWL,BAYES_40, > DNS_FROM_RFC_ABUSE,FORGED_MUA_MOZILLA,FORGED_RCVD_HELO, > FROM_HAS_MIXED_NUMS autolearn=no > X-UIDL: #7A!!>hl!!d4-!!8^2"! > > Hello SpamCop user, > > This email contains special codes and tracking information to help > SpamCop figure out your specific email configuration. Do not post > this email in public. It contains confidential information related > to the security of your SpamCop account. > > Please return this complete email, preserving full headers and the > special tracking codes below. Visit this address: > http://www.spamcop.net/mcgi?action=mhreturn > > Alternately, you may submit via email. Forward the message as an > attachment to this address. Or create a new message and paste this > email into it. Either way, send it to to: > > mhconf.9sexhjZFc8O7NHr1@cmds.spamcop.net > > Some email software may only support one or the other of these > submission methods. For information on your email software and to > learn how to get full headers see this FAQ: > http://www.spamcop.net/fom-serve/cache/19.html > > Special codes follow: > ################################################################ > X-SpamCop-Mx: smtpin.ntlworld.com. > X-SpamCop-Mx-Ip: 81.103.221.10 > X-SpamCop-Mh-Name: NTL > X-SpamCop-Recip: x@ntlworld.com > X-SpamCop-Unixtime: 1117643033 > X-SpamCop-Conf: 9sexhjZFc8O7NHr1 > X-SpamCop-Randomness: G5rDTtfiE341UC1y > X-SpamCop-Hash: b0600fb68b16f9e89106bf5eecfbbdc2 > ################################################################ How fucking dense can you get? "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." "Do not post this email in public." From kenbrody at spamcop.net Fri Jun 3 10:57:03 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Jun 3 10:00:03 2005 Subject: [SpamCop-List] Road Runner viruses Message-ID: <42A061AF.90DA7289@spamcop.net> It looks like a recent change at Road Runner is now causing all sorts of problems on my end from virus-laden systems. I am getting several dozen of these a day. Can I consider it spam for the sake of SpamCop reporting? First, they "bounce" e-mail to the forged "from". (I understand that this is now permitted to be reported via SpamCop.) Now, in an attempt to "help", they purposely allow viruses sent from their clients to continue on their way, after stripping the virus. So, I am now bombarded with e-mails containing the following "helpful" text. The rest of the e-mail is a blank attachment, since (as is the case with probably 99+% of virus-laden e-mail) the only purpose of the e-mail was to send the virus. ========== ALERT! This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html. Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at abuse@rr.com. ========== Don't you just love the "Please be advised that Road Runner does not contact the original sender of the e-mail" part? (That, and the "contact the sender yourself" part as well.) So, viruses virtually always forge the "from", and tracking down the original sender would require skills beyond most Internet users, yet Road Runner puts the burden on the recipient rather than blocking it at its source, when Road Runner knows exactly who it is that is trying to send it. Also, note that the FAQ link requires that I fill in information about my ISP and location. (Naturally, the only choices for ISP are "Time Warner", "Bright House Networks", and "Insight", none of which apply to me.) The FAQ also requires cookies to view it. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From steve at prolynx.com Fri Jun 3 09:06:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Fri Jun 3 10:10:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I forgot to add that I have 'quick' reporting enabled. I'm trying to get this boiled down to absolutely the least amount of fuss possible. "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > Hello, > > I'm new to this group. > > I would like to know how I can automate Outlook Express 6 in such a way > as to right click on the highlighted messages I want to report, and have one > of > the context menu selections be "Forward As Attachment to SpamCop, then > Send and Delete" so that the entire operation is done with only one click. > > This would make reporting spam exactly as easy as deleting the spam so that > there would be no temptation to just say "Oh, not today". > > Of course I'm lazy, but computers are all about how to make things easier > anyway. > > I don't know how to write macros for Outlook Express to do this, and I don't > even > know if it's possible, but I sure would find it valuable. > > I would like not to have to use a separate 3rd party program which gets me > away > from using OE, which otherwise takes care of all my other e-mail needs > quite nicely. > > Thanks, > > Steve Sybesma > Thornton, CO > > From nobody at devnull.spamcop.net Fri Jun 3 11:20:48 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Jun 3 10:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have > registered with the site spamcop.net and logged in > and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah > blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - > or - single address (one line only): > > I do not seem to get the type of response I expect. > The email I signed up with was a hotmail account and > it does not get any response. I thought I was > suppost to get some sort of a letter to forward to > the spammer ISP. Once I did get an addressed letter > with no body information. > > Also should I not be able to just use the submit.blah > blah blah@spam.spamcop.net adress to forward spam to? > Then should I get some sort of response as to who to > contact with the complaint? Does spamcop just send > the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is > spam etc. Not what to expect from this site! > > Thanks! > > After reading the posts to date, I notice no one has suggested this yet, since you may have problems caused by Hotmail: -- Submit your spams by email. -- Wait a bit, then go and sign into Spamcop as though you were going to manually report a spam. -- On the page where you can paste in your spam, you'll find a note above the box that says something like "you have unreported spam saved", and there will be a REPORT NOW link. -- Click REPORT NOW, look each one over, and Send or Cancel it as appropriate. -- It comes back to the same REPORT NOW page after each spam, and when it's all gone, the REPORT NOW goes away. -- Those are the same spams that Spamcop sends you the email message to finish reporting with those links, which you don't seem to be getting. Downside: It can take varying amounts of time for the spam you email to show up as "saved spam" that you can REPORT NOW, but eventually you'll figure it out. Also if you don't clear out the saved spams daily, you're likely to start coming up with messages that the spam is too old to report. That can get to be a pain because you can only look at them one at a time. Actually, I prefer this method a lot of times when I've reported several spams; it's fewer clicks and a little faster most of the time. Not sure why nobody's mentioned this? It's very useful. Regards, Pop From MikeE at ster.invalid Fri Jun 3 08:42:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 10:45:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Cat wrote: > WazoO wrote: >> for sure the experiences of others should help fill in some gaps .. >> http://forum.spamcop.net/forums/ > Why push the original poster to go to the web > forum Yes. Those generic forum links which aren't actually pointed at an answer to a question which is residing in the forum are much more irritating. The message I see is that rather than the reply being an 'answer', it is an advertisement, like spam. "If you will go to the forum and post your question over there instead of in here, we will answer your question there." and "I'm not going to answer your question here, but someone may answer it over there." It is not at all the same as when a forum link is posted in which the site in the forum represents a specific answer to a specific question. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 3 11:59:47 2005 From: nobody at spamcop.net (indigo) Date: Fri Jun 3 11:00:02 2005 Subject: [SpamCop-List] Re: Opinions wanted on Plaxo email service References: Message-ID: Steven Maesslein wrote: > I too have had similar requests and the first thing I did was reply to > the individual with a very stern e-mail demanding that my details be > removed from the plaxo databases. Thanks for everyone who responded, you all backed up exactly what I figgered. I already sent my friend an email yesterday asking him to remove me from Plaxo, and sent him those web site links too. Haven't heard back from him yet, I'll be curious to hear his response. From pxpearson at spamxcop.net Fri Jun 3 09:26:10 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Fri Jun 3 11:25:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Quin wrote: > I do not seem to get the type of response I expect. The email I signed up > with was a hotmail account and it does not get any response. FWIW, I had a similar problem and discovered that my ISP (Charter Communications) was quietly discarding the email I was sending to Spamcop -- presumably because some filter recognized it as spam. I confirmed this diagnosis by CC'ing myself at another, non-Charter, email address. -- Remove the two x's to get a good email address. From cattysha at juno.com Fri Jun 3 16:22:59 2005 From: cattysha at juno.com (cattysha@juno.com) Date: Fri Jun 3 11:27:51 2005 Subject: [SpamCop-List] Re: Likely Joe job Message-ID: <20050603.082400.679.190935@webmail24.nyc.untd.com> My name is Brenda. I'm the owner of cattyshaq.com and meetyourcomputer.com. Even though you could rightly nail my hide to the wall for not investigating the software that I advertise at meetyourcomputer.com, I am innocent of the spamming. The people who participate at the cattyshaq.com forum would normally warn me that I should remove certain ads...perhaps they didn't realize themselves that there was a problem with the software. In an attempt to make a few dollars on the internet, I have signed up for several 'ad' programs but quickly had to remove them because they were based on key words which continually brought up 'get-rich-quick' sites, which is exactly what I warn AGAINST at cattyshaq.com. I originally had the site full of commission Junction ads but I lost the account because it made 0 profit in 6 months...I tried...and I will find something else if I ever get my site back. If any of you had a chance to visit cattyshaq.com, you should know that I am not out to scam anyone. My members won't even allow me to have Google ads on my site... I am the victim in this. I've lost my websites...just like the spammer intended. If any one in here helped me to lose my site, I'd like to ask you please to help me get it back. ___________________________________________________________________ Get Juno Platinum for as low as $4.97/month! Unlimited Internet Access with 250MB of Email Storage. Visit http://www.juno.com/half to sign up today! From nobody at devnull.spamcop.net Fri Jun 3 11:47:29 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 11:50:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7oqsn$v96$1@news.spamcop.net... > WazoO wrote: > > > for sure the experiences of others should help fill in some gaps .. > > http://forum.spamcop.net/forums/ > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Let's pick "this case" ... All the original poster provided was; 1. user 'registered at site" - one 'could' assume a free-reporting account 2. user talked about some form to fill in with some instructions (turns out 'we believe' he/she is talking about the logged-in www.spamcop.net web page ... 3.user's post headers indicate OE6 is use, but actually makes no mention of the e-mail application(s) involved ... again, on could 'assume' that the query is on use of OE6, but ...??? 4. user admitted that he/she had some kind of 'expectations' that were not seemingly met ...so there is still not a clue as to how / why SpamCop was located and registration process started 5. user manufactures a single paragraph out of nothing but questions, starting with e-mail submittals, which again brings up that the specific e-mail apps involved haven't been stated . 6. user states that "the FAQ" didn't answer the questions. Referral to the Forum seems to me to make perfect sense for this user ... and pointing to the "top" of the Forum to allow him/her to make his/her own decision on just what to go for first. Each 'component' section of the SpamCop tool-set has its own section. Problems with Reporting, go into the Reporting Help Forum, problems with the BL, go into the Block List Help section, etc ... The Forum FAQ started with making a single-page entry point of the www.spamcop.net FAQ to solve the issues some folks make about not being able to find things, too many mouse-clicks, etc, etc, etc (again, bringing up the years of complaints that it was never complete, stuff was out of date, etc. etc.) ... once that was done, then additional items were added to that FAQ, some new direct entries, some pointers to an discussion point, some items beat together by several users getting together and hammering out a consensus ... this also led to things like starting a Glossary (really triggered by the problem with the item now pretty much standardized name of "Tracking URL" .. and noting that this Glossary entry predates the parser code change that finally used those words to clear things up for the "rest of us") Between the Forum FAQ and the Forum contents, it should have popped up quickly that the e-mail apps involved need to be defined before an 'easy' answer could be provided for this user's questions. The original FAQ has the same data, but noting this user's description of that FAQ's contents "FAQ mostly just covers stuff like what is spam etc" This does sound like "How to get full headers" wasn't an item seen or read, such that it would have been apparent that this data would have been useful to mention in the original query. Newsgroup traffic ... at the time of this posting, I see three response that talk about how simple it is to "forward" the spam ... but I also note that the specific question of what (all) e-mail apps are in use had not been specifically asked. So if this user is tied to Outlook, the next batch of posts would be about how "Forwarding" only results in errors. Why not clear that up in the beginning? Had some of this data been provided in the original post, perhaps a specific Forum FAQ could have been pointed to. All I see is a lot of missing facts, so again, if I'm going to point, it only makes sense to point to the top of the Forum structure, thus allowing full view of the range of subject matter. As in this scenario, rather than having multiple response that go on at length, again pointing out that some of them are based on assumptions of what tools are in use, the skills and knowledge of the user, somehow ignoring that "expectations weren't met" situation ... even the original FAQ has some/most if that data existing. To keep it in the newsgroups, numerous previous posts could have been pulled up, an archive pointer could have been provided, all possibly leading to more confusion on the user's part, not knowing how to follow those links (adding that these posts do age off .. and the obvious that this user didn't spend a lot of time reading previous posts anyway) As I've stated before, I use NNTP, I use Forum applications, I use search engines, I use whatever tools I can find to solve the problem I'm dealing with at the time. I'll even state myself that Forum apps suck for the most part .... However, I also find it absurd to wade through newsgroup postings that ask the same question asked the day before, asked the week before, asked the month before, but the user didn't look at any of those previous posts, didn't recognize that the Subject line might have actually covered the query, only loaded the OE default of the last 100-300 posts, pick any reason, though usually none really a good/valid excuse .... I spent more and more time in the Forum as there were so few folks over there answering questions. I generated that (meant to be only temporary) Forum FAQ as an attempt to solve several issues ... solving the too-many-clicks complaints, the can't-find squat complaints, the out-of-date complaints, the incomplete complaints, making FAQ entries out of those Frequently Asked Questions ..... over time JT gave me more and more access to that application, I'm now modifying code, added a )Google) search function right at the top of the Forum page to help get around the limitations of the Forum search tool .... There are other knowledgeable folks volunteering their time there, especially pointing out that the only things I know about the e-mail side of the house are from reading all the problems posted. Bottom line, the Forum is another resource, many things are already documented there as either a Pinned entry in the specific /appropriate section or in the FAQ/Glossary ... entries into both of those items are always happening (flip the complaints about the www.spamcop.net FAQ not having enough data to the general complaint that the Forum FAQ contains too much data) There's even a link or two to pages that define "how to ask a question" that could have led to a better query from this original poster. Mike Easter does the hand-feeding thing, I point to research tools where the user may find other questions that hasn't come to his/her mind yet in addition to providing an already existing response to a particular query. I personally don't understand the animosity about another support point, actually still wondering why more folks wouldn't simply chip in and make it a better resource. I'll even do this a seventh time here ... JT offered to buy some software with the intent of building a knowledgeable as yet another support resource. Solving the www.spamcop.net FAQ issues, even taking the Forum FAQ out of the equation. Even the folks that bitch about either or both of these items have failed to actually get involved with responding to this request for interest. You'll note that the calls for a repeated "posting of the FAQ" have disappeared after Miss Betsy's attempt at the "Why am I Blocked" Forum FAQ entry and my posting of the Forum FAQ contents list. I'm done, as this has definitely gone on too long .... From nttp.sc.s at bigsleep.org Fri Jun 3 17:12:04 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:15:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 02 Jun 2005 Cat entered spamcop and left news:d7oqsn$v96$1@news.spamcop.net: > WazoO wrote: > > > >> for sure the experiences of others should help fill in some gaps .. >> http://forum.spamcop.net/forums/ > > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Rather than rant on WazoO, I have to wonder how the OP got here... If you click the help link you see Help Options: FAQ | Search | Forums Popular FAQs Search SpamCop [FAQ, forums, archive] Web-based Bulletin Boards Newsgroups (no spamcop.help listed) Seems to be plenty of links to the forums, and only one link here, which leads me to believe the OP opted to come here. Also, the questions are answered here (no login required) http://www.spamcop.net/fom-serve/cache/285.html http://www.spamcop.net/fom-serve/cache/166.html http://www.spamcop.net/fom-serve/cache/22.html Hey WazoO, just put a forums link in your sig. Well, you don't have one, but you could fake it. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:15:15 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:20:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 03 Jun 2005 Pop entered spamcop and left news:d7povs$eoo$1@news.spamcop.net: > Not sure why nobody's mentioned this? It's very > useful. > I thought about mentioning it, but wasn't sure what to say as it should be obvious when you login. I think you explained it better than I would have anyway. -- | Ric | From wb8tyw at qsl.network Fri Jun 3 12:17:24 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Jun 3 12:20:07 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: <0lwFLCUBIwf4@eisner.encompasserve.org> In article , "Pop" writes: > >> > After reading the posts to date, I notice no one has > suggested this yet, since you may have problems caused > by Hotmail: > > -- Submit your spams by email. > -- Wait a bit, then go and sign into Spamcop as though > you were going to manually report a spam. > -- On the page where you can paste in your spam, > you'll find a note above the box that says something > like "you have unreported spam saved", and there will > be a REPORT NOW link. > -- Click REPORT NOW, look each one over, and Send or > Cancel it as appropriate. > Not sure why nobody's mentioned this? It's very > useful. IIRC: The first mention of that technique that I saw was in the spamcop.help forum about a year or so ago. The poster was Larry Kilgallen. -John wb8tyw@qsl.network Personal Opinion Only From nospam at nowhere.com Fri Jun 3 13:21:45 2005 From: nospam at nowhere.com (Vito DeCarlo) Date: Fri Jun 3 12:25:02 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: I just starting reporting SPAM coming into all email addresses under our company domain, as well as a couple of client domains. My thought was that by quickly reporting SPAM of a larger volume, I would reduce the number of SPAM messages coming in. I now realize that was a impossible *dream*. Vito "Vernon Hardapple" wrote in message news:d7m3ug$f8v$1@news.spamcop.net... > I'm curious. Why do you report other people's spam? Are these clients of > yours? From nttp.sc.s at bigsleep.org Fri Jun 3 17:22:55 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:25:09 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 03 Jun 2005 Kenneth Brody entered spamcop and left news:42A061AF.90DA7289@spamcop.net: > So, viruses virtually always forge the "from", and tracking down the > original sender would require skills beyond most Internet users, yet > Road Runner puts the burden on the recipient rather than blocking it > at its source, when Road Runner knows exactly who it is that is trying > to send it. > I donno, I think Road Runner don't know what the hell they're doing. Perhaps if you explain this to them they will attempt to convince you that you don't know what you are talking about ;-) -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:29:39 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:30:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: On 03 Jun 2005 cattysha@juno.com entered spamcop and left news:mailman.21.1117812471.169.spamcop-list@news.spamcop.net: > Get Juno Platinum for as low as $4.97/month! > Unlimited Internet Access with 250MB of Email Storage. > Visit http://www.juno.com/half to sign up today! > That's spam in my book, and shows no respect for the people you communicate with. You can afford to run a website, but can't even afford to pay for an ISP. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 3 17:41:10 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 3 12:45:02 2005 Subject: [SpamCop-List] Re: Spam Reporting...torturous References: Message-ID: On 03 Jun 2005 Vito DeCarlo entered spamcop and left news:d7q02s$j2r$1@news.spamcop.net: > I just starting reporting SPAM coming into all email addresses under > our company domain, as well as a couple of client domains. My thought > was that by quickly reporting SPAM of a larger volume, I would reduce > the number of SPAM messages coming in. I now realize that was a > impossible *dream*. > If you want more spam to report, just get several eMail accounts (different ISPs and/or web mail), use the addresses on forums and newsgroups, then wait around for the spam flood. With some ISPs you don't even need to use the address anywhere. This may be more effective because the large ISPs probably get hit first, and you can use this information in your own block list. Actually opening spam should get you more as well. -- | Ric | From glnews030922 at highspot.net Fri Jun 3 19:49:06 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Fri Jun 3 13:45:03 2005 Subject: [SpamCop-List] Re: Likely Joe job In-Reply-To: References: Message-ID: cattysha@juno.com wrote: > My name is Brenda. I'm the owner of cattyshaq.com and > meetyourcomputer.com. Even though you could rightly nail my hide to > the wall for not investigating the software that I advertise at > meetyourcomputer.com, I am innocent of the spamming. The people who > participate at the cattyshaq.com forum would normally warn me that I > should remove certain ads...perhaps they didn't realize themselves > that there was a problem with the software. In an attempt to make a > few dollars on the internet, I have signed up for several 'ad' > programs but quickly had to remove them because they were based on > key words which continually brought up 'get-rich-quick' sites, which > is exactly what I warn AGAINST at cattyshaq.com. I originally had the > site full of commission Junction ads but I lost the account because > it made 0 profit in 6 months...I tried...and I will find something > else if I ever get my site back. Hi Brenda, thanks for taking the time to post here during what must be a traumatic time. I was the one who was suspicious that it wasn't a joe-job, based on the ads displayed on the site. Since you have come here openly, a thing spammers just wouldn't do, I now accept that it was indeed a joe-job attack on your sites and wish you the best of luck getting them up and running again. > If any of you had a chance to visit cattyshaq.com, you should know > that I am not out to scam anyone. My members won't even allow me to > have Google ads on my site... It may be possible for you to get specific ads delivered to your site instead of keyword based ones. I don't know a lot about the market, but it should be worth investigating. Why don't they like Google ads? They're pretty much the only ones I don't block. > I am the victim in this. I've lost my websites...just like the > spammer intended. If any one in here helped me to lose my site, I'd > like to ask you please to help me get it back. Although I expressed concerns that it wasn't a joe-job, I didn't actually report any of your sites, only the sources of the email. Ellen (a SpamCop employee) has since marked your sites as innocent bystanders and you shouldn't get any more reports. However, a lot of people probably reported them before they were marked as IB. It might be worth trying to get a dialog going between Ellen and your ISP. You can contact her at deputies >at< admin.spamcop.net. Best of luck getting things sorted out. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From nobody at devnull.spamcop.net Fri Jun 3 13:55:35 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 14:00:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Blammo" wrote in message news:Xns966A5DA7F1BFEblammo@216.154.195.61... > > Rather than rant on WazoO, I have to wonder how the OP got here... > If you click the help link you see > Help Options: FAQ | Search | Forums > Popular FAQs > Search SpamCop [FAQ, forums, archive] > Web-based Bulletin Boards > Newsgroups (no spamcop.help listed) > > Seems to be plenty of links to the forums, and only one link here, which > leads me to believe the OP opted to come here. No argument there, but also noting that had any of the Help stuff been read, the not-logged-in www.spamcop.net web page, or any of the starting www.spamcop.net FAQ been hit, one is lost on the "not working as expected" remarks. And as this is the post that even got Car excited, please explain where the "lack of answers" was in my original Reply. I re-read it and I see that I touched a couple of specifics. > Also, the questions are answered here (no login required) > http://www.spamcop.net/fom-serve/cache/285.html > http://www.spamcop.net/fom-serve/cache/166.html > http://www.spamcop.net/fom-serve/cache/22.html And once again pointing out that the poster had already stated that the www.spamcop.net FAQ had been looked at and answers weren't found. My statement in reply was; "As you didn't seem to find what you needed in the www.spamcop.net FAQ, perhaps the expanded and single-page sourced Forum FAQ might help ..." (noting also that there is no login required to "read" over there either. I'm really trying hard to figure out why there is such an uproar over that remark. > Hey WazoO, just put a forums link in your sig. Well, you don't have one, > but you could fake it. From nobody at devnull.spamcop.net Fri Jun 3 14:02:48 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 3 14:05:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Mike Easter" wrote in message news:d7pq8f$fjd$1@news.spamcop.net... > > Yes. Those generic forum links which aren't actually pointed at an > answer to a question which is residing in the forum are much more > irritating. As stated in another post, the original query was seen to ba lacking some specific details, what e-mail apps were in use for instance. Sire, one could assume OE as seen in the posting headers, but we all know that Outllok uses OE for NNTP ... so rather than make an assumption, suggesting hitting the Forum at the top seemed much wiser. > The message I see is that rather than the reply being an 'answer', it is > an advertisement, like spam. And again, this poster had already stated that the www.spamcop.net FAQ didn't answer his/her questions. And again noting that I had in fact touched a couple of specific issues before getting to the Forum FAQ suggestion. > "If you will go to the forum and post your question over there instead > of in here, we will answer your question there." and "I'm not going to > answer your question here, but someone may answer it over there." I didn't say squat about posting ... I was suggesting another resource for answers that may have been easier to use than the already described failed attempt at using the Help link from the web-page. > It is not at all the same as when a forum link is posted in which the > site in the forum represents a specific answer to a specific question. As so many questions and issues are wrapped up in that post, my logic is that the whole SpamCop experience seemed to be an issue for this poster. From nobody at spamcop.net Fri Jun 3 16:01:36 2005 From: nobody at spamcop.net (Ellen) Date: Fri Jun 3 15:05:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "Blammo" wrote in message news:Xns966A5F7EF460Dblammo@216.154.195.61... > On 03 Jun 2005 Kenneth Brody entered spamcop and left > news:42A061AF.90DA7289@spamcop.net: > > > So, viruses virtually always forge the "from", and tracking down the > > original sender would require skills beyond most Internet users, yet > > Road Runner puts the burden on the recipient rather than blocking it > > at its source, when Road Runner knows exactly who it is that is trying > > to send it. > > > > I donno, I think Road Runner don't know what the hell they're doing. > Perhaps if you explain this to them they will attempt to convince you that > you don't know what you are talking about ;-) > I was in contact with road runner abuse/security this AM. They are aware of the issue and working on it. No promises for an instant solution but the right people are in the loop. Ellen SpamCop From MikeE at ster.invalid Fri Jun 3 13:46:34 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 15:50:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WazoO wrote: > Let's pick "this case" ... All the original poster provided was; You have some very very valid arguments in here. > Referral to the Forum seems to me to make perfect sense > for this user ... and pointing to the "top" of the Forum to > allow him/her to make his/her own decision on just what > to go for first. That position is supported by your arguments. Your points are very valid. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 3 13:48:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 15:50:09 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WazoO wrote: > "Mike Easter" >> Yes. Those generic forum links which aren't actually pointed at an >> answer to a question which is residing in the forum are much more >> irritating. > > As stated in another post, the original query was seen to ba lacking > some specific details, Your points are well taken, detailed in the other post. -- Mike Easter kibitzer, not SC admin From cattysha at juno.com Fri Jun 3 21:02:19 2005 From: cattysha at juno.com (cattysha@juno.com) Date: Fri Jun 3 16:04:24 2005 Subject: [SpamCop-List] Re: Likely Joe job Message-ID: <20050603.130255.675.199524@webmail33.nyc.untd.com> "That's spam in my book, and shows no respect for the people you communicate with. You can afford to run a website, but can't even afford to pay for an ISP. -- | Ric |" Well aren't you just a ray of sunshine on a very dark day. Thanks, Ellen, and the others of you who were smart enough to see through this. Ipowerweb has now returned my sites! Now I will depart before Ric has a siezure. ___________________________________________________________________ Get Juno Platinum for as low as $4.97/month! Unlimited Internet Access with 250MB of Email Storage. Visit http://www.juno.com/half to sign up today! From jr70 at blackhole.invalid Fri Jun 3 14:14:26 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri Jun 3 16:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > I would like to know how I can automate Outlook Express 6 in such a way > as to right click on the highlighted messages I want to report, and have one > of > the context menu selections be "Forward As Attachment to SpamCop, then > Send and Delete" so that the entire operation is done with only one click. > > This would make reporting spam exactly as easy as deleting the spam so that > there would be no temptation to just say "Oh, not today". > > Of course I'm lazy, but computers are all about how to make things easier > anyway. > > I don't know how to write macros for Outlook Express to do this, and I don't > even > know if it's possible, but I sure would find it valuable. > > I would like not to have to use a separate 3rd party program which gets me > away > from using OE, which otherwise takes care of all my other e-mail needs > quite nicely. This sounds like something that the guy who developed OE-QuoteFix could easily do, but I'm not holding my breath. Meantime, I have spam reporting down to a minimum number of keystrokes: Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. -- John Richards From dfm2a3l0t2 at spymac.com Fri Jun 3 19:54:34 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Fri Jun 3 18:55:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , "Mike Easter" wrote: > So, I'm always trying to get people to not read their spam; and I also > think that spamfighters are guilty of reading spam when they shouldn't. > Some people in alt.spam misunderstand me about that.. > > People, including spamfighters, make up all kinds of 'excuses' about why > they need to read spam; but the fact of the matter is that they > actually don't. They read spam because they want to read spam. In my > little game of keeping score, we call spamreaders 'losers'. [That ought > to get some people outraged.] So I'll put a smiley way over here :-) Some of us use Eudora, which means we have to open the spam so we can cut and paste the headers and the body into the Web report page. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Fri Jun 3 17:02:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 19:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: D.F. Manno wrote: > "Mike Easter" >> So, I'm always trying to get people to not read their spam; > Some of us use Eudora, which means we have to open the spam so we can > cut and paste the headers and the body into the Web report page. That's too bad. I get very exasperated with apps or other instructions which require people to open their spam. The standard EarthLink instructions [depending upon which instructions you read, which iterations are actually inconsistent with each other] for submitting spam to EL's junkmail system, instruct people to open their spam so that they can copy the rendered html so that they can paste that rendered html below the spam headers. Very detailed instructions for getting the headers separately from the rendered html. Makes me crazy. I am at odds with the various EL admins who rarely pop up in EL support ng/s. I'm telling people to blow off EL's junkmail reporting system because my investigations cause me to believe that it is a worthless reporting system -- besides the fact that the instructions make me crazy. People should 'refuse' to submit anything to EL's junkmail if for no other reason than the fact that they shouldn't be opening their spam. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 3 20:28:30 2005 From: nobody at spamcop.net (Dave Lerner) Date: Fri Jun 3 19:30:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Mike Easter wrote on 06/02/2005 04:35 PM: > Not only do I think the 'masses' shouldn't be reading their spam > subjects or opening their spams, I don't even think [most/all] > spamfighters should be reading their spams either. I don't understand what's so bad about reading spam. I usually glance over spam prior to reporting it to ensure that it's legimately reportable. I also check for embedded use of my name or email address, which might not be munged by the reporting tool. The spammer hasn't benefitted from my reading his spam, since I'm not going to buy anything he's advertised, and I'm not going to visit a spamvertised web site unless it's to obtain more accurate reporting data. My email client (currently thunderbird on linux) is configured to display all email as plain text. That avoids any side effects of viewing rendered HTML, web bugs or embedded scripting. From nobody at xyzzy.claranet.de Sat Jun 4 04:00:14 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Jun 3 21:05:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A0FD1E.19A1@xyzzy.claranet.de> Kenneth Brody wrote: > a recent change at Road Runner is now causing all sorts of > problems on my end from virus-laden systems. Not exactly new, grep nanas for "symantec.invalid" for a few older RR follies. > they "bounce" e-mail to the forged "from". (I understand > that this is now permitted to be reported via SpamCop.) For ordinary bounces (user over quota etc.) you should IMHO have a very convincing reason to report it, like an SPF FAIL policy protecting your MAIL FROM. > Now, in an attempt to "help", they purposely allow viruses > sent from their clients to continue on their way, after > stripping the virus. Maybe they've upgraded the Symantec crapware, and that caused again its "let's spam the world" mode. Spamcop it, post it in nanas, _hurt_ them as hard as you can. Bye, Frank From wb8tyw at qsl.network Fri Jun 3 22:53:39 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Jun 3 21:55:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. Are they also the ones that understand bouncing spam/viruses to forged addresses is a bad thing? I was getting over 20 bounces/second from each of two of their mail servers during the last sober outbreak because of an infected system that appeared to be on the other side of the world. -John wb8tyw@qsl.network Personal Opinion Only From johnnospam at nospamatall.com Fri Jun 3 21:58:02 2005 From: johnnospam at nospamatall.com (John Marion) Date: Fri Jun 3 22:00:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > "Blammo" wrote in message > news:Xns966A5F7EF460Dblammo@216.154.195.61... > >>On 03 Jun 2005 Kenneth Brody entered spamcop and left >>news:42A061AF.90DA7289@spamcop.net: >> >> >>>So, viruses virtually always forge the "from", and tracking down the >>>original sender would require skills beyond most Internet users, yet >>>Road Runner puts the burden on the recipient rather than blocking it >>>at its source, when Road Runner knows exactly who it is that is trying >>>to send it. >>> >> >>I donno, I think Road Runner don't know what the hell they're doing. >>Perhaps if you explain this to them they will attempt to convince you that >>you don't know what you are talking about ;-) >> > > > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. > > Ellen > SpamCop > > Thank you, Ellen. From MikeE at ster.invalid Fri Jun 3 20:36:31 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 3 22:40:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Dave Lerner wrote: > Mike Easter wrote on 06/02/2005 04:35 PM: >> Not only do I think the 'masses' shouldn't be reading their spam >> subjects or opening their spams, I don't even think [most/all] >> spamfighters should be reading their spams either. > > I don't understand what's so bad about reading spam. I usually glance > over spam prior to reporting it to ensure that it's legimately > reportable. I also check for embedded use of my name or email > address, which might not be munged by the reporting tool. I don't object to some kind of 'system' for examining the body for a $string -- you can do that by searching the raw html. It isn't necessary to render-read a spam as the spammer intended. The standard opening and rendering is what the spammer wants. > The spammer hasn't benefitted from my reading his spam, since I'm not > going to buy anything he's advertised, and I'm not going to visit a > spamvertised web site unless it's to obtain more accurate reporting > data. It is reassuring to me to hear 'bells' of pledged-ness -- where pledged is to never aid a spammer. > My email client (currently thunderbird on linux) is configured to > display all email as plain text. That avoids any side effects of > viewing rendered HTML, web bugs or embedded scripting. It is also reassuring to me to hear bells of security. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Jun 3 23:47:55 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 3 23:50:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Mike Easter wrote: >>Some of us use Eudora, which means we have to open the spam so we can >>cut and paste the headers and the body into the Web report page. > > > That's too bad. > > I get very exasperated with apps or other instructions which require > people to open their spam. Same thing with Yahoo and Gmail. You can't just forward it. You have to open it. Then again, I've had a few times where something looked spammy, but I had to open it to find out that it was actually e-mail I wanted to receive. It's rare that something like that happens, but it's a good thing I checked those e-mails, or I would have missed out on something important. From MikeE at ster.invalid Fri Jun 3 21:58:08 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:00:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: cattysha@juno.com wrote: > Thanks, Ellen, and the others of you who were smart enough to see > through this. Ipowerweb has now returned my sites! Now I will depart > before Ric has a siezure. Maybe you got off too easy, all things considered. > Get Juno Platinum for as low as $4.97/month! > Unlimited Internet Access with 250MB of Email Storage. > Visit http://www.juno.com/half to sign up today! In case you haven't seen it, this is what Ric was complaining about, not 'having a seizure'. If you are going to spam every newsgroup with your posts, you can expect to have some complaints about it. If you are going to engage ads which are likely to affiliate-spam your website, you can expect to have repercussions about it. If you are going to get bent-outa-shape because some people criticize you for behaviors that are clearly effectively spammish and you get spammish treatment for it, you aren't going to be sympathized with by everyone. If you website has overall benefitted from spam and you only paid a price of transient 'confusion' by your provider and the spamreporting community, you have gotten off easily and benefitted from it. If you were playing them for the fool, then so far you've won.-- but while you're gloating, don't be rubbing it in and popping off about seizures. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Jun 3 23:56:46 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 00:00:07 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? In-Reply-To: References: Message-ID: Cat wrote: > Same thing with Yahoo and Gmail. You can't just forward it. You have to > open it. Then again, I've had a few times where something looked spammy, > but I had to open it to find out that it was actually e-mail I wanted to > receive. It's rare that something like that happens, but it's a good > thing I checked those e-mails, or I would have missed out on something > important. I meant to add also that I have html images turned off in those e-mail accounts. Fortunately, I don't get spam at my Gmail address, especially since very few people have that address...only a few people and a couple of other places online that I can trust won't give out my address to anyone. From MikeE at ster.invalid Fri Jun 3 22:04:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:05:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Cat wrote: > Mike Easter wrote: >> I get very exasperated with apps or other instructions which require >> people to open their spam. > > > > Same thing with Yahoo and Gmail. You can't just forward it. You have > to open it. Then again, I've had a few times where something looked > spammy, but I had to open it to find out that it was actually e-mail > I wanted to receive. It's rare that something like that happens, but > it's a good thing I checked those e-mails, or I would have missed out > on something important. The bad news about google is that you do have to open it to access the headers and/or original unrendered format. The good news about google is that its spamfilters are good in my experience. The bad news about google is that it is 'awkward' to report google spam. The overall result of that 'package' of google handling is that I don't report spam which has arrived at my google addy. Regarding handling unknowns. My choice of 'erring' about unknowns is to treat them as malware/ spam/ virus/ unsoliciteds/ for which they are cast into the suspicious/junk status and they are examined from their message properties *first* -- so that I'm never 'opening' an unknown mail without already knowing what is inside. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 3 22:43:38 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 00:45:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Mike Easter wrote: > My choice of 'erring' about unknowns is to treat them as malware/ > spam/ virus/ unsoliciteds/ for which they are cast into the > suspicious/junk status and they are examined from their message > properties *first* -- so that I'm never 'opening' an unknown mail > without already knowing what is inside. Maybe I should elaborate on that; perhaps it is at the 'heart' of my philosophy about not opening spam. I don't believe there should be any spam in my Inbox. Inbox mail is a different thing than spam. Inbox mail has some kind of reliable from. Spam and virms and such don't belong in the Inbox because of the element of From bogosity. If there were no other bogosity involved in the headers of something, bogus From is a 'sacrilege' and should be immediately purged from the Inbox. It doesn't belong there. So, if you look at your Inbox and it contains anything that doesn't represent 'your' Inbox mail -- it should not be in there. That is a different kind of problem for different kinds of people. For some people it is very very very simple. They could whitelist their friends and mailing lists and all of their spam would disappear and they would lose no wanted mail. For others, it is a little more complicated, because they have necessity to receive some kind of unknown wanted mail. Because of that, every mail recipient's 'problems' about spam have to be handled uniquely or individually -- but it isn't really all that hard. It is harder for some than others, to be sure. But it is highly likely that the vast majority of spam is going to have headers consistent with spam, and a tiny minority of spam would need to be evaluated by a filter on the basis of its body composition. If people are looking at spam subjects and froms to figure out if something is spam, and then being confused by the information they see, then they are doing something wrong about their spam filtering. -- Mike Easter kibitzer, not SC admin From bar_n0ne at hotmail.com Sat Jun 4 09:51:22 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 4 00:55:02 2005 Subject: [SpamCop-List] Re: threatening spam from catty shaq References: Message-ID: "Ilgaz Ocal" wrote in message news:d7mbu8$ipj$3@news.spamcop.net... > On 2005-06-01 08:39:03 +0300, "Berny" said: > > > qoute: > > > > You are receiving this communication because your e-mail
> > address was included on a CD of 100 million e-mail addresses
> > we bought and you opted in to be on it. The can spam act
> > allows us to mail you with offers so please do not make false
> > complaints or we will > > > I wouldn't wait a second if I was american to call/mail offices. > > It would teach them what it means to abuse a law by falsely referencing > in any part of the world. > > A jerk bugged my mailbox 4-5 times that he is petrol minister of UAE > (Dubai), I got finally bored from sending reports and his spam ended in > hands of Dubai police. I said "Its your minister, your ISP, your > criminal, fix it" at additional notes > > I didn't hear from him since ;) > > Oh believe or not, he was using a UAE ISP. > > Ilgaz > He ( the 419'er ) was playing a dangerous game, communication is heavily monitored, police and ISP are pretty competent, at best (for him) s/he's back in his/her home country and banned. (For many this means a return to extreme povery and unemployment) From bud at telus.net Fri Jun 3 22:58:25 2005 From: bud at telus.net (Bud) Date: Sat Jun 4 01:00:03 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: "Mike Easter" wrote in message news:d7r8sc$92k$1@news.spamcop.net... > cattysha@juno.com wrote: >> Thanks, Ellen, and the others of you who were smart enough to see >> through this. Ipowerweb has now returned my sites! Now I will depart >> before Ric has a siezure. > > Maybe you got off too easy, all things considered. > >> Get Juno Platinum for as low as $4.97/month! >> Unlimited Internet Access with 250MB of Email Storage. >> Visit http://www.juno.com/half to sign up today! >> If you were playing them for the fool, then so far you've won.-- but > while you're gloating, don't be rubbing it in and popping off about > seizures. > > -- > Mike Easter > kibitzer, not SC admin -- Amen Bud From bar_n0ne at hotmail.com Sat Jun 4 10:17:37 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 4 01:20:03 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: "Redstone" wrote in message news:Xns9668A07EEA16Etinlc@216.154.195.61... > Blammo wrote in > news:Xns966730861A38Dblammo@216.154.195.61: > > > >> > >> Try Xnews. It's free. > >> > > > > And you don't need to install anything, you can tuck it away in a > > folder somewhere, noone but you needs to know. Though it's pretty much > > news only. > > > > > > No registry crap to worry about.. nothing. It was the way everyone > installed programs 15 years ago when the only thing in town was MS-DOS. > Those were they days. :-) > > But back to Xnews, It's quite a powerful little application too. :-) Ummm.... what town where you in 15 years ago? There were semoe very internet competent OS "things" in my town; Mac, Amiga, Atari, OS/2, not to mention SunOS (BSD), VAX/VMS and others for those with heavier requirements and budgets. From nttp.sc.s at bigsleep.org Sat Jun 4 06:51:27 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 01:55:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 03 Jun 2005 Mike Easter entered spamcop and left news:d7r43c$6va$1@news.spamcop.net: > I don't object to some kind of 'system' for examining the body for a > $string -- you can do that by searching the raw html. It isn't > necessary to render-read a spam as the spammer intended. The standard > opening and rendering is what the spammer wants. > This is what I always do, I did that with my OP. In Mozilla you close the preview pane, select the message and press CTRL+U. Using IMAP I see the perfectly original message source (this is nothing new as far as Netscape/Mozilla goes), I actually copied from the source, only removing the html
at the end of each line. Also the spam filters and message filter rules do a good job of moving everything into the junk folder so I don't have to look at it. I don't need to add a [spam] tag to the subject because, like Eudora, Mozilla lets you make up rules for any header. Believe it or not, there is even a filter for "Sender not in my address book". Unfortunately it isn't quite perfect because it is effected by the case- sensitivity bug: http://bugzilla.mozilla.org/show_bug.cgi?id=129393 Also I don't know who all might be sending me eMail, so I do have to look at senders and subjects. Being a postmaster I have to check every single bounce, so I can't just assume it's all junk. On 03 Jun 2005 Mike Easter entered spamcop and left news:d7rbhm$agm$1@news.spamcop.net: > ... > So, if you look at your Inbox and it contains anything that doesn't > represent 'your' Inbox mail -- it should not be in there. > ... I almost said; for most people your logic works, but actually there are many who do business over the Internet or give out their address, and based on the false positives I see filters just don't work that good. People really do need to be careful, but I can't expect anyone to never look at a spam subject. -- | Ric | From nttp.sc.s at bigsleep.org Sat Jun 4 06:57:00 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 02:00:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 03 Jun 2005 WazoO entered spamcop and left news:d7q5in$m9u$1@news.spamcop.net: > I re-read it and I see that I touched a couple of specifics. I did notice that, which is why I'm not ranting on you. I find it funny that whenever we get on these long threads, we usually never see the OP again. I wonder if our bickering scares them away? -- | Ric | From nttp.sc.s at bigsleep.org Sat Jun 4 07:11:56 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 02:15:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: On 03 Jun 2005 cattysha@juno.com entered spamcop and left news:mailman.22.1117829065.169.spamcop-list@news.spamcop.net: > Well aren't you just a ray of sunshine on a very dark day. > Yes, I can be a jerk, could be because I ain't getting any. > > Now I will depart before Ric has a siezure. > Good, I won't have to look at those Juno ads. Nothing against you, I just hate those ads, I even bitch to my friends about them. -- | Ric | From nobody at spamcop.net Sat Jun 4 07:13:35 2005 From: nobody at spamcop.net (StampOutSpam) Date: Sat Jun 4 02:15:08 2005 Subject: [SpamCop-List] Re: Where's oc3@devnull? References: Message-ID: The OC3 spammers seem to be on a new ISP: http://www.spamcop.net/sc?id=z771133035z5e721f210b00e0639da4a1baae3fa4b1z 69.40.127.52 - abuse@alltel.net From nobody at nowhere.invalid Sat Jun 4 12:31:04 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 05:35:09 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On Fri, 3 Jun 2005 21:04:19 -0700, Mike Easter coughed into spamcop and left this in : > The bad news about google is that you do have to open it to access the > headers and/or original unrendered format. The good news about google > is that its spamfilters are good in my experience. The bad news about > google is that it is 'awkward' to report google spam. Have they fixed that stupidity whereby they *always* insert a Reply-To: header whether you want it or not (and which fscks up mailing list traffic)? -- Steve There's no place like ~ From nobody at spamcop.net Sat Jun 4 08:56:17 2005 From: nobody at spamcop.net (Ellen) Date: Sat Jun 4 08:00:07 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "John E. Malmberg" wrote in message news:d7r1j3$5ks$1@news.spamcop.net... > Ellen wrote: > > I was in contact with road runner abuse/security this AM. They are aware of > > the issue and working on it. No promises for an instant solution but the > > right people are in the loop. > > Are they also the ones that understand bouncing spam/viruses to forged > addresses is a bad thing? > > I was getting over 20 bounces/second from each of two of their mail > servers during the last sober outbreak because of an infected system > that appeared to be on the other side of the world. > In almost every case where I have spoken with an abuse person at an ISP of any size, the abuse person understands with crystal clarity the "bounce to forged from address" issue. Unfortunately fixing the problem is a whole lot harder than understanding it and involves getting all the various groups on board including the network architects, the security people, the marketing people, etc; getting upper level management to agree that it needs to be fixed and that it will cost $$ to do this; getting the project onto the fix schedule; architecting the way to fix it including hardware and software changes; buying the hardware to implement the fix; writing or modifying the software; testing hardware and software, setting up the schedule to implement and then implementing. One ISP of, I guess, small-medium size had most of the above steps already done when I talked to them -- i.e. they knew they needed to minimize the bounce problem dramatically to the point where it was basically a non-problem, they had the necessary agreements from the corporate sign-off chain, they had done the architecting, they had the POs to order equipment and it still took at least a couple of months to get it installed, tested and into production ... Solving this problem is not slam-dunk simple. And when all is said and done, the RFCs mandate bounces/NDRs if a message is received and then not delivered --- for non-spam they make sense. As do OOO, mailbox full and other random autobots ... I am not trying to excuse the flood of bounces -- I see them just as y'all do and for a while there last week some random ISP in Europe was happily sending the deputies address bounces -- but just trying to point out that the understanding/seeing the visible part of the problem is easy; fixing it is more complicated. Companies -- non-ISPs -- are way, way harder to convince that bounces are a problem. Sigh ... now if we could just get people to not click on attachments .... but that's a rant for another time .... Ellen From nobody at nowhere.invalid Sat Jun 4 15:05:14 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 08:10:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On Sat, 4 Jun 2005 07:56:17 -0400, Ellen coughed into spamcop and left this in : > Sigh ... now if we could just get people to not click on attachments .... ITYM: Sigh ... now if we could just get people to stop using software that doesn't need them to click on an attachment to run it .... -- Steve Why is it that people say they slept like a baby when babies wake up every two hours? From nospam at fuck-off-and-die.com Sat Jun 4 19:21:06 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Sat Jun 4 08:40:05 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: Steven Maesslein, , the befouled, disturbed miscreant, and seller of gorse for brooms, illumed: > On Sat, 4 Jun 2005 07:56:17 -0400, Ellen coughed into spamcop and left > this in : > >> Sigh ... now if we could just get people to not click on attachments >> .... > > ITYM: > > Sigh ... now if we could just get people to stop using software that > doesn't need them to click on an attachment to run it .... User-Agent: slrn/0.9.8.1 (Linux) Fucktard cunt. From nobody at devnull.spamcop.net Sat Jun 4 09:36:55 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Jun 4 08:40:12 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: ... > > I'm really trying hard to figure out why there is > such an uproar > over that remark. > >> Hey WazoO, just put a forums link in your sig. Well, >> you don't have one, >> but you could fake it. > > FWIW, same here. I just went down thru the whole thread, and jeepers, what a convoluted thing it turned into. That's not a cut, just an observation. I understand the want for keeping this group alive and well, so that's good as far as I'm concerned. I do think perhaps some people might be stretching themselves a little thin, so maybe the repetitive nature of things with those who are unfamiliar with SC is a result of that. I know there was a lot of work went on for the FAQs here, but I myself still don't find them very easy to navigate if/when I'm looking for something specific, although I have to admit that what IS there is excellent. It's not that anything is missing, but it's often hard to decide where to look and how far to read before deciding it's not going to have what I'm looking for. I can imagine how a new comer might feel, especially if they're upset to start with. Just my two cents, and I know, I've said all this before Pop From nobody at devnull.spamcop.net Sat Jun 4 09:39:09 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Jun 4 08:40:19 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: <0lwFLCUBIwf4@eisner.encompasserve.org> Message-ID: ... > > > >> Not sure why nobody's mentioned this? It's very >> useful. > > IIRC: The first mention of that technique that I saw > was in the spamcop.help > forum about a year or so ago. The poster was Larry > Kilgallen. > > -John > wb8tyw@qsl.network > Personal Opinion Only Sorry; I meant in this thread. I wasn't making any "explorer discovery" statement. Pop From nttp.sc.s at bigsleep.org Sat Jun 4 14:46:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sat Jun 4 09:50:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 04 Jun 2005 Ellen entered spamcop and left news:d7s50v$mqd$1@news.spamcop.net: > Companies -- non-ISPs -- are way, way harder to convince that bounces > are a problem. > I think you are in a position that ISPs at least will recognize that you are someone that probably knows what you are talking about. I don't have much patience going back and forth with some support guy that probably doesn't even understand the problem, even when I give detailed instructions on how to fix the problem. With some, I get no reply at all, which leads me to believe I'm simply ignored. Example Recipient: abuse@dishnetwork.com "EchoStar's server has intercepted an email from your mail account which caused a content filter to be triggered. Your message was not delivered to our EchoStar, DishNetwork or Eldon associate because it contains http graphics that are sourced from an Internet web site. Please remove the graphics and resend the message. Thank you." A message to abuse@dishnetwork.com, postmaster@echostar.com explaining they bounced my abuse report gets no reply at all. They aren't exactly an ISP (yes companies can be dense), but I've been ignored by ISPs as well. I know, the admins are probably over-worked (so am I). I'm sure grateful you have the tenacity to pursue these matters. -- | Ric | From MikeE at ster.invalid Sat Jun 4 08:06:04 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 10:10:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Steven Maesslein wrote: > Mike Easter >> The bad news about google is that you do have to open it to access >> the headers and/or original unrendered format. The good news about >> google is that its spamfilters are good in my experience. The bad >> news about google is that it is 'awkward' to report google spam. > > Have they fixed that stupidity whereby they *always* insert a > Reply-To: header whether you want it or not (and which fscks up > mailing list traffic)? I'm not crystal clear on your qx -- if I substitute 'gmail' for they, I see 'Has gmail fixed that stupidity whereby gmail always inserts a reply-to header?' I can configure so that I can use gmail's smtp server from my mua OE to send an email to myself. My test message to me has a From and a Return-Path, but it doesn't have a Reply-To. I recently invited a friend to have a gmail account [slightly interesting story about why he needs one] and the autoack which gmail sends about that came From gmail team, return-path gmail team, reply-to my friend. That makes sense. I haven't test emailed myself anything from gmail's webmail. What exactly are the circumstances under which the reply-to is added and unwanted and what kind of trouble does it cause? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 4 08:10:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 10:10:12 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: Mike Easter wrote: > I can configure so that I can use gmail's smtp server from my mua OE > to send an email to myself. To clarify, I can configure so that I can use gmail's smtp server from my mua OE to send an email to my EL account which I pop in my mua OE. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Sat Jun 4 12:34:45 2005 From: nobody at spamcop.net (Ellen) Date: Sat Jun 4 11:50:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "Blammo" wrote in message news:Xns966B44F7C14FEblammo@216.154.195.61... > On 04 Jun 2005 Ellen entered spamcop and left > news:d7s50v$mqd$1@news.spamcop.net: > > > I think you are in a position that ISPs at least will recognize that you > are someone that probably knows what you are talking about. Some do and some don't ... >I don't have > much patience going back and forth with some support guy that probably > doesn't even understand the problem, even when I give detailed instructions > on how to fix the problem. > > With some, I get no reply at all, which leads me to believe I'm simply > ignored. It's easier when they write to you first :-) Ellen SpamCop From nobody at nowhere.invalid Sat Jun 4 21:14:57 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 4 14:15:04 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On Sat, 4 Jun 2005 07:06:04 -0700, Mike Easter coughed into spamcop and left this in : > I haven't test emailed myself anything from gmail's webmail. > > What exactly are the circumstances under which the reply-to is added and > unwanted and what kind of trouble does it cause? The webmail interface is precisely the problem. Send an e-mail using it and you will see a Reply-To: header in the message, whether you requested it or not (unless they've unb0rked themselves). Now, there are 3 basic kinds of list management software: 1) Those that insert List-* headers and expect the MUA to reply either to the list or to the OP depending on what the user wants, with this behaviour being overridden by a Reply-To: header in the incoming mail forcing any and all replies to the address specified. 2) Those that do as above and also insert a Reply-To: the list, but only if there isn't already a Reply-To: header in the incoming mail. If there is, it leaves it as-is. 3) Those that do as 1) and *always* insert a Reply-To: the list, even if there was already a Reply-To: header in the incoming mail, in which case it clobbers it and puts its own. GMail, in their infinite wisdom, have broken both 1) and 2) above. TTBOMK, Yahpoo! groups are the only type 3) lists - or at least they're the only ones I've seen. -- Steve Sign spotted on a repair shop door: WE CAN REPAIR ANYTHING. (PLEASE KNOCK HARD ON THE DOOR - THE BELL DOESN'T WORK) From steve at prolynx.com Sat Jun 4 14:13:18 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 4 15:15:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Since I have 'quick' reporting enabled, all I would need to be able to do with such a macro would be to highlight all my spam, right click and choose the new "Forward As..." selection and be done with it. Just as easy as deleting it. Once this can be made as easy as deleting it, I think I can turn some people onto signing up with SpamCop and reporting their spam in this way, since it would be virtually no hassle whatsoever. "John Richards" wrote in message news:d7qdn2$rbv$1@news.spamcop.net... > "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > This sounds like something that the guy who developed OE-QuoteFix could > easily do, but I'm not holding my breath. > Meantime, I have spam reporting down to a minimum number of keystrokes: > Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. > > -- > John Richards From MikeE at ster.invalid Sat Jun 4 13:29:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 15:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Since I have 'quick' reporting enabled, all I would need to be able > to do with such a macro would be > to highlight all my spam, right click and choose the new "Forward > As..." selection and be done with it. There is a 'problem' with quick reporting, and that problem can be hazardous to your email account. > Just as easy as deleting it. > > Once this can be made as easy as deleting it, I think I can turn some > people onto signing up with SpamCop > and reporting their spam in this way, since it would be virtually no > hassle whatsoever. The problem with 'turning people on' to quick reporting is that some or many or a few of them will be unwittingly reporting their own provider's servers, whose mailservers will/may become spamcop blocklisted, which will/may interfere with the provider's client's mailings being successful, which /will/ be very upsetting to the provider, who may discipline the 'bad' spamcop quick reporters, possibly terminating their account. If I were a provider, I wouldn't be very comfortable having newbie spamcop quickreporters as clients. A lot of new spamcop reporters don't know the first thing about headers, spamsources, IP addresses, or which one is their provider's. The parser reporter is a tool which shouldn't be used carelessly or it will damage innocent people. You are suggesting using the tool on blind highspeed setting. The business of parsing and reporting with spamcop carries some responsibility with it. Do you know anything about the mailhosts configuring? -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 4 14:17:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 16:20:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I forgot to add that I have 'quick' reporting enabled. At one time, the quick reporting function for the submit address was considered to be a 'beta' trial -- and supposedly it is somewhat restricted by the fact that just any reporter who has signed up can't quick report without receiving some kind of 'clearance' or permission to be a quick reporter by emailing a deputy. Quick reporting is also temporarily put on hold while a person is configuring their mailhosts. Mailhosts is a condition which would like to reduce the chances of the reporter reporting hir own provider, but even mailhosts doesn't completely eliminate that possibility. So, altho' mailhosts configuration decreases errant parses when correctly configured, it may increase errant parses during configuration, and may also contribute to errant parses anyway when the provider's servers are changed or added. You may want to get a broader overview of quick reporting which isn't described in the faq, but which has some commentary in the forum at a few places: http://forum.spamcop.net/forums/index.php?showtopic=163&st=0&p=736&#entry736 FAQ Entry: What is Quick Reporting? http://forum.spamcop.net/forums/index.php?showtopic=1672&st=30&p=11991&#entry11991 Is quick reporting still considered "BETA"? http://forum.spamcop.net/forums/index.php?showtopic=793&st=0&p=4839&#entry4839 Julian on Mailhosts and Quick Reporting -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Sat Jun 4 14:54:30 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sat Jun 4 16:55:02 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Blammo wrote: > Good, I won't have to look at those Juno ads. Nothing against you, I just > hate those ads, I even bitch to my friends about them. Especially so when one can get free Gmail accounts, which don't send out any ads or promotional slogans. -- John Richards From nobody at devnull.spamcop.net Sat Jun 4 18:04:21 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Jun 4 18:00:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7oqsn$v96$1@news.spamcop.net... > WazoO wrote: > > > > > for sure the experiences of others should help fill in some gaps .. > > http://forum.spamcop.net/forums/ > > > Since others have commented on your posts about this, I'm starting to > notice it more as well. Why push the original poster to go to the web > forum when there are enough people here in the newsgroups with the > skills and knowledge to help with this? It's almost like you're trying > to turn newbies away from the newsgroups as if the newsgroups aren't > helpful enough. Did I miss it? Where are the answers in the ng? Miss Betsy From kenbrody at spamcop.net Fri Jun 3 18:44:41 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:05:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A0CF49.5A9DA09@spamcop.net> Ellen wrote: > > "Blammo" wrote in message > news:Xns966A5F7EF460Dblammo@216.154.195.61... > > On 03 Jun 2005 Kenneth Brody entered spamcop and left > > news:42A061AF.90DA7289@spamcop.net: > > > > > So, viruses virtually always forge the "from", and tracking down the > > > original sender would require skills beyond most Internet users, yet > > > Road Runner puts the burden on the recipient rather than blocking it > > > at its source, when Road Runner knows exactly who it is that is trying > > > to send it. > > > > > > > I donno, I think Road Runner don't know what the hell they're doing. > > Perhaps if you explain this to them they will attempt to convince you that > > you don't know what you are talking about ;-) > > > > I was in contact with road runner abuse/security this AM. They are aware of > the issue and working on it. No promises for an instant solution but the > right people are in the loop. And a public "thank you" to Ellen for contacting me offlist (via e-mail) to help figure things out and get things rolling at Road Runner. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From ob1db at spamcop.net Sat Jun 4 19:12:06 2005 From: ob1db at spamcop.net (David Butler) Date: Sat Jun 4 18:15:06 2005 Subject: [SpamCop-List] gkmahijd.healingsphere.info Message-ID: SC Sez gkmahijd.healingsphere.infowon't resolve, BUT openrbl.org resolves it !(So happy to see openrbl.org back! I Will have to make a donation sometime soon) Address: 213.135.64.93 resolved to gkmahijd.healingsphere.info AS: 213.135.64.0/19 AS8641 TeleCore network Autonomous Syst Moscow/Moskva Net 213.135.64-95 RU-TSR-20000406 Abuse-Whois telecore.net.ru: (64.135.213.in-addr.arpa; 64.135.213.in-addr.arpa)[Cached] [whois.abuse.net] abuse@telecore.net.ru (for telecore.net.ru) postmaster@telecore.net.ru (for telecore.net.ru) From ob1db at spamcop.net Sat Jun 4 19:20:09 2005 From: ob1db at spamcop.net (David Butler) Date: Sat Jun 4 18:25:03 2005 Subject: [SpamCop-List] savvis and webunited: black holes of spam or what ? Message-ID: I get 2 or 3 of these a day http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z where both the spam source and the hosting are savvis and webunited. They will not accept munging, so I manually LART every one of them. Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. Anyone had any luck with these putzes? Some upstream to start venting on ?? From MikeE at ster.invalid Sat Jun 4 16:32:58 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 18:35:02 2005 Subject: [SpamCop-List] Re: gkmahijd.healingsphere.info References: Message-ID: David Butler wrote: > SC Sez > gkmahijd.healingsphere.infowon't resolve, BUT openrbl.org resolves it > !(So happy to see openrbl.org back! I Will have to make a donation > sometime soon) Address: 213.135.64.93 resolved to > gkmahijd.healingsphere.info AS: 213.135.64.0/19 AS8641 TeleCore > network Autonomous Syst Moscow/Moskva Net 213.135.64-95 > RU-TSR-20000406 Abuse-Whois telecore.net.ru: > (64.135.213.in-addr.arpa; 64.135.213.in-addr.arpa)[Cached] > [whois.abuse.net] > abuse@telecore.net.ru (for telecore.net.ru) > postmaster@telecore.net.ru (for telecore.net.ru) Yabbut, spews S3054 shows 1, 213.135.64.0/24, Alexandr Anikin / telecore.net.ru 1, 213.135.64.0/22, Alexandr Anikin / telecore.net.ru 2, 213.135.64.0/19, Alexandr Anikin / telecore.net.ru 2, 195.208.67.2, Alexandr Anikin / spop3.telecore.net.ru showing a progression from the /24 to the /22 and threatening the /19 because of unresponsiveness and spamhaus SBL27216 lists the IP as the /32 for a ROKSO spammer and shows a string of spammer domainnames and nameservers hosted there. Telecore also has 4 other blocks of various sizes /20 /32 /23 & /24 spamhaused, indicating their unresponsiveness. So, SpamCop isn't 'missing anything' by failing to resolve that name to that IP and notify telecore. as8641 upstream is AS28809 NAUKANET-AS Naukanet Autonomous System whose contacts are vadim@online.ru vladimirds@mail.ru noc@naukanet.ru There's no reg'd abuse.net contact for naukanet.ru -- I suppose you could consider naukanet's upstreams. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Sat Jun 4 19:39:51 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:45:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: <42A22DB7.D2160584@spamcop.net> "John E. Malmberg" wrote: > > Ellen wrote: > > I was in contact with road runner abuse/security this AM. They are aware of > > the issue and working on it. No promises for an instant solution but the > > right people are in the loop. > > Are they also the ones that understand bouncing spam/viruses to forged > addresses is a bad thing? > > I was getting over 20 bounces/second from each of two of their mail > servers during the last sober outbreak because of an infected system > that appeared to be on the other side of the world. In this case, they're _not_ bouncing the virus/worm back to the forged sender. Rather, they're stipping the actual virus/worm, and sending it on to the indended victim. In fact, they explicitly state that they are not notifying the sender (which they could do, since it's coming from a RoadRunner client into a RoadRunner SMTP server). They could reject it at the SMTP level. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Sat Jun 4 19:42:34 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Sat Jun 4 18:45:11 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> <42A0FD1E.19A1@xyzzy.claranet.de> Message-ID: <42A22E5A.4A8A9308@spamcop.net> Frank Ellermann wrote: > > Kenneth Brody wrote: [...] > > Now, in an attempt to "help", they purposely allow viruses > > sent from their clients to continue on their way, after > > stripping the virus. > > Maybe they've upgraded the Symantec crapware, and that caused > again its "let's spam the world" mode. Spamcop it, > post it in nanas, _hurt_ them as hard as you can. Bye, Frank Per Ellen's request, I am not reporting these... yet. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at devnull.spamcop.net Sat Jun 4 18:51:53 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Jun 4 18:55:02 2005 Subject: [SpamCop-List] Re: problems with gmail reporting spam References: Message-ID: "Vernon Hardapple" wrote in message news:d7fmqm$qr9$1@news.spamcop.net... > Gmail, it seems, does not properly forward my spam to spamcop. Anyone > has have a fix for this? There is no fix ... however, after spending an inordinate amount of time trying to figure something else out, I've updated the entry in the "How to Use .... Reporting" section of the Forum to address this the only way I could come up with .... Submitting from Google's GMail, Web-page paste and e-mail http://forum.spamcop.net/forums/index.php?showtopic=3581 From MikeE at ster.invalid Sat Jun 4 17:49:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 4 19:50:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: David Butler wrote: > I get 2 or 3 of these a day > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > where both the spam source and the hosting are savvis and webunited. > They will not accept munging, so I manually LART every one of them. > Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. > > Anyone had any luck with these putzes? Some upstream to start venting > on ?? That spam is straightup, From = source = spamvertiser. No header bogosity at all. The IP is spamhaused as the /24 SBL20414 - spamhaus considers it part of ciberlynx for some reason, what radb sez is whois -h whois.radb.net 66.115.52.115 ... route: 66.115.0.0/18 descr: Webunited superblock origin: AS13488 remarks: this is non-portable space, no exceptions notify: noc@webunited.net mnt-by: ASN-CIBERLYNX-DB-FL changed: ivaldes@webunited.net 20050425 source: SAVVIS so, I see the ciberlynx in there. The upstream for AS13488 is Sprint. -- Mike Easter kibitzer, not SC admin From dfm2a3l0t2 at spymac.com Sat Jun 4 20:57:01 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Jun 4 20:00:02 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: In article , "Mike Easter" wrote: > I don't object to some kind of 'system' for examining the body for a > $string -- you can do that by searching the raw html. It isn't > necessary to render-read a spam as the spammer intended. The standard > opening and rendering is what the spammer wants. Well, I have Eudora configured _not_ to automatically download HTML graphics. If an e-mail turns out to be wanted mail in HTML format, I can always fetch the graphics. All I see when I open spam is plain text with a lot of HTML tags. The only reason I even look at the body is when it's not clear from the Subject header what type it is, for example, to verify that it's pharmacy spam so I can LART the FDA. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From cquinc at hotmail.com Sat Jun 4 20:11:02 2005 From: cquinc at hotmail.com (Quin) Date: Sat Jun 4 22:15:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: WOW! Look at what I started!!! I was pleased with all the answers to my post and I now have some information to work with. Several people mentioned that my questions should have included more information and I am sorry that I did not anticipate what was needed or phrase the questions with better detail as to what I was looking for. I also admit that more detailed reading on my part may have helped. To help settle one part of the discussion I should say that I was happy to receive the http://forum.spamcop.net/forums/ link from WazoO. I like having other sources of information. Maybe everyone who asks a question does not want a referral but I for one do. Having said that, I have to say that Vanguard posted a message that was very helpful. I found some of the things I was doing wrong by reading his post. His comment to forward as an attachment and not inline was especially helpful and was probably part of the problem. (In Outlook if you hit the forward button on only one message it will place it inline). Also I was using Outlook to forward the spam messages but expected replies to Hotmail. (One Outlook account is set up with a return address to Hotmail). I post to newsgroups using Outlook Express. Three email systems! Apparently I need to use the spamcop email address that I signed up with to do everything. right? I may have more questions in the future after I get a chance to experiment and read some more but for now I thank you all.It is clear that people who do not like spam are a passionate group. I look forward to reading more comments from all of you. Quin "Quin" wrote in message news:d7ob03$mtf$1@news.spamcop.net... > Hi, > > I know this isn't rocket science but I have registered with the site > spamcop.net and logged in and then find a form to fill out with the > instructions: > > Forward your spam to: submit.blah blah blah@spam.spamcop.net or: > Paste entire spam (headers, blank line, body) - or - single address > (one line only): > > I do not seem to get the type of response I expect. The email I signed up > with was a hotmail account and it does not get any response. I thought I > was suppost to get some sort of a letter to forward to the spammer ISP. > Once I did get an addressed letter with no body information. > > Also should I not be able to just use the submit.blah blah > blah@spam.spamcop.net adress to forward spam to? Then should I get some > sort of response as to who to contact with the complaint? Does spamcop > just send the complaint without my review? > > Reading the FAQ mostly just covers stuff like what is spam etc. Not what > to expect from this site! > > Thanks! > > > From krazikat at krazi.kat Fri Jun 3 17:29:39 2005 From: krazikat at krazi.kat (krazikat) Date: Sat Jun 4 23:10:04 2005 Subject: [SpamCop-List] Re: Likely Joe job References: Message-ID: Blammo wrote: > On 03 Jun 2005 cattysha@juno.com entered spamcop and left > news:mailman.21.1117812471.169.spamcop-list@news.spamcop.net: > > >>Get Juno Platinum for as low as $4.97/month! >>Unlimited Internet Access with 250MB of Email Storage. >>Visit http://www.juno.com/half to sign up today! >> > > > That's spam in my book, and shows no respect for the people you communicate > with. You can afford to run a website, but can't even afford to pay for an > ISP. STFU you goddam troll. From nobody at devnull.spamcop.net Sat Jun 4 23:13:30 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 23:15:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: Mike Easter wrote: > Cat wrote: >>Why push the original poster to go to the web >>forum > > > Yes. Those generic forum links which aren't actually pointed at an > answer to a question which is residing in the forum are much more > irritating. > > The message I see is that rather than the reply being an 'answer', it is > an advertisement, like spam. > > "If you will go to the forum and post your question over there instead > of in here, we will answer your question there." and "I'm not going to > answer your question here, but someone may answer it over there." > > It is not at all the same as when a forum link is posted in which the > site in the forum represents a specific answer to a specific question. Yeah, I can see if it was mentioned sort of like "there's similar discussion going on over here where this particular question has come up and been answered. You might look over there at *insert forum link to answer to specific question here* in addition to any discussion that goes on here" that would be ok. I think what bothered me about it was that WazoO's forum promoting could make a new person feel like he/she did the wrong thing by posting to the newsgroups first. I think it's good to make people feel that either place is equally fine for posting questions and that the poster should do whatever feels most comfortable. From nobody at devnull.spamcop.net Sat Jun 4 23:32:49 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 4 23:35:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > "Cat" wrote in message > news:d7oqsn$v96$1@news.spamcop.net... > >>WazoO wrote: > Let's pick "this case" ... All the original poster provided was; > 1. user 'registered at site" - one 'could' assume a free-reporting account > 2. user talked about some form to fill in with some instructions > (turns out 'we believe' he/she is talking about the logged-in > www.spamcop.net web page ... > 3.user's post headers indicate OE6 is use, but actually makes > no mention of the e-mail application(s) involved ... again, > on could 'assume' that the query is on use of OE6, but ...??? > 4. user admitted that he/she had some kind of 'expectations' > that were not seemingly met ...so there is still not a clue as > to how / why SpamCop was located and registration process > started > 5. user manufactures a single paragraph out of nothing but questions, > starting with e-mail submittals, which again brings up that the > specific e-mail apps involved haven't been stated . > 6. user states that "the FAQ" didn't answer the questions. > > Referral to the Forum seems to me to make perfect sense > for this user ... and pointing to the "top" of the Forum to > allow him/her to make his/her own decision on just what > to go for first. Those are all good points which explain your reasoning much better. Someone else mentioned though that Quin obviously chose to ask a question here after seeing the choice between forum and newsgroup. Like I said in my reply to Mike Easter, it also has a lot to do with how you present the web forum option. Sometimes your posts come across as "You should have asked over there instead" and a general attitude that the web forum is better than the newsgroup. See below for more of my comments on this. > Bottom line, the Forum is another resource, many things are > already documented there as either a Pinned entry in the > specific /appropriate section or in the FAQ/Glossary ... > entries into both of those items are always happening > (flip the complaints about the www.spamcop.net FAQ > not having enough data to the general complaint that the > Forum FAQ contains too much data) There's even a > link or two to pages that define "how to ask a question" > that could have led to a better query from this original > poster. Mike Easter does the hand-feeding thing, I > point to research tools where the user may find other > questions that hasn't come to his/her mind yet in addition > to providing an already existing response to a particular > query. I personally don't understand the animosity about > another support point, actually still wondering why more > folks wouldn't simply chip in and make it a better resource. It's not so much animosity toward the newsgroup is it is more like you tend to unintentionally put out the idea that the forum is better than the newsgroup, and sometimes it seems like you're trying to turn people away from the idea of using the newsgroups as a source of help. Some of us also prefer the newsgroup option. Some of us have also been around long enough to remember when SpamCop originally went from web forum to newsgroup and aren't particularly eager to go back to a web forum format. As I mentioned before in the case of someone who is new to SpamCop or not as knowledgeable about computers, your posts may make them feel like they did the wrong thing by posting to the newsgroup instead of the web forum. From steve at prolynx.com Sun Jun 5 00:21:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 5 01:25:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I looked at the OE-QuoteFix website. What I need isn't related to that. What I need is essentially a macro. I don't know how to create macros, and don't know if they can be used with OE. I need some way to save keystrokes by a hot key or something that will allow to combine several functions into one key. Steve "John Richards" wrote in message news:d7qdn2$rbv$1@news.spamcop.net... > "Steve Sybesma" wrote in message news:d7olga$sog$1@news.spamcop.net... > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > This sounds like something that the guy who developed OE-QuoteFix could > easily do, but I'm not holding my breath. > Meantime, I have spam reporting down to a minimum number of keystrokes: > Ctrl-F3, Ctrl-A, Ctrl-C, Alt-F4, paste into SC web report form. > > -- > John Richards From nttp.sc.s at bigsleep.org Sun Jun 5 06:47:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 01:50:03 2005 Subject: [SpamCop-List] Re: App to remove shareware from your computer? References: Message-ID: On 04 Jun 2005 D.F. Manno entered spamcop and left news:dfm2a3l0t2- AF074B.19570104062005@news.cesmail.net: > The only reason I even look at the body is when it's not clear from the > Subject header what type it is, for example, to verify that it's > pharmacy spam so I can LART the FDA. > I usually do that from the Spamcop parser, if necessary. -- | Ric From nobody at devnull.spamcop.net Sun Jun 5 01:51:30 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 01:55:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7tqkq$j0d$1@news.spamcop.net... > > Yeah, I can see if it was mentioned sort of like "there's similar > discussion going on over here where this particular question has come up > and been answered. You might look over there at *insert forum link to > answer to specific question here* in addition to any discussion that > goes on here" that would be ok Something like that found at d7tba9$bia$1@news.spamcop.net Subject: Re: problems with gmail reporting spam Thread started at 5/30/05 1342 ...????? >. I think what bothered me about it was > that WazoO's forum promoting could make a new person feel like he/she > did the wrong thing by posting to the newsgroups first. I think it's > good to make people feel that either place is equally fine for posting > questions and that the poster should do whatever feels most comfortable. What I see here is a matter of perspective. I generally don't say anything about "posting" ... it's usually that the answers already exist in the Forum (FAQ) .... hinting that just a bit of research would have found those answers before posting. The same comments have been applied to newsgroup postings themselves .. that "pick your subject" (say a system outage) that brings in the hundreds of "thought someone should know that the system is down" lunacy by those that didn't take those few precious seconds to note that 99+ people had posted the same thing within the last hour .... Please also be advised that volunteering time to support SpamCop is not the only thing I do. I also deal with the Microsoft peer-to-peer newsgroups (yet another example of the same 300 questions a day, every day, day after day ...) I went to the IPB (Forum app) support forum looking for help and ended up answering other people's queries over there, once again, the questions I ask aren't in the standard set of most posters there ..... but believe it or not, no one there had any clue on how to handle spam, how to work issues involved in e-mail, how to read headers, on and on ... (and even there, I'll point back to the SpamCop Forum rather than sit there and re-type the same answer over and over ...) The specific "posting" comments deal with the MailHost configuration .. that request to keep that in the Forum came from Julian http://forum.spamcop.net/forums/index.php?showtopic=1091 Take a look at the fallout caused within the week when someone brought this tidbit to the newsgroups .... one starting point is seen at http://news.spamcop.net/pipermail/spamcop-list/2004-March/077205.html The only other "posting" comments are towards those queries that are about a SpamCop Filtered e-mail account which should have been posted into the spamcop.mail newsgroup (that is basically dead) or the Forum where JT wanted that support to happen .. again noting that the newsgroups and e-mail accounts are all hosted on his servers .... Again, my perspective is that there is a support vehicle in place that was built to hold "answers" ... these answers are "there" for anyone to access and the thought is to make it easier to find both the answer needed and the hints to other issues that may exist, discovered while perusing the 'Table of Contents' if you will .... From nttp.sc.s at bigsleep.org Sun Jun 5 07:09:02 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 02:10:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: On 04 Jun 2005 Quin entered spamcop and left news:d7tmva$h50$1@news.spamcop.net: > Apparently I need > to use the spamcop email address that I signed up with to do everything. > right? No, it doesn't matter what address you send from, the Spamcop replies go to the address you registered with. I forward spam (usually) from the same address that I received the spam at, and I have many addresses and several ISP accounts. I have a paid account and a free account, each has a different submit. address and each reply to a different eMail address. I don't often use the free account, so then all Spamcop replies go to the same address. But, I don't really look at the replies, they just notify me that the spam is ready to report on. I may forward several batches, and when I get the first reply I know I can log into Spamcop and start sending reports. Or I could just sit on the Spamcop login page and refresh it occasionally until the Report Spam link shows up. -- | Ric From nobody at devnull.spamcop.net Sun Jun 5 02:21:23 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 02:25:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: "Cat" wrote in message news:d7trp1$jjr$1@news.spamcop.net... > > Those are all good points which explain your reasoning much better. > Someone else mentioned though that Quin obviously chose to ask a > question here after seeing the choice between forum and newsgroup. Like > I said in my reply to Mike Easter, it also has a lot to do with how you > present the web forum option. Sometimes your posts come across as "You > should have asked over there instead" and a general attitude that the > web forum is better than the newsgroup. See below for more of my > comments on this. And as in another post, that maybe your perception, but I don't agree with that take at all. The "asking" thing only deals with the MailHost configuration (that came from Julian) and the the suggested (almost dead) spamcop.mail newsgroup and/or the Forum for SpamCop Filtered -Mail accounts (which was a request by JT) .... any other comments / pointers to the Forum is based on the fact that the "answers" are already "over there" > It's not so much animosity toward the newsgroup is it is more like you > tend to unintentionally put out the idea that the forum is better than > the newsgroup, and sometimes it seems like you're trying to turn people > away from the idea of using the newsgroups as a source of help. Some of > us also prefer the newsgroup option Again, pointing out that the answer has already been developed and posted so that it could have been researched prior to posting is my main point. One can also point to the newsgroup archives and pretty much state that dang near everything that can be asked has already been asked in one form or another, but .... we all know that researching the previous posts isn't done by most folks. I'm not saying the Forum is "better" (I've even admitted that they suck) ... but I am saying that it is a resource with known good data, and that data is continuously being added to. > Some of us have also been around long enough to remember > when SpamCop originally went from web forum to newsgroup > and aren't particularly eager to go back to a web forum format. ??? not sure if you're preaching to me or not there. Can you say AnyBoard? Can you say "SpamCop yellow pages?" Can you remember when Julian posted "a lot?" > As I mentioned before in the case of someone who is new to > SpamCop or not as knowledgeable about computers, your posts > may make them feel like they did the wrong thing by posting to > the newsgroup instead of the web forum And again, I say perspective .... other than the above mentioned two situations, I've not "pushed for posting the query in the Forum". I've only pointed out that the answer is already typed up and available for perusal. For the umpteenth time, the FAQ has been a complaint item since those 'yellow page' days (and even at that time any user could insert their data items into the FAQ-o-Matic, but most chose to bitch and complain about the lack of content) The Forum FAQ was a Saturday morning hack that has taken on a life of its own. And I'll admit that it's even a failure for some folks. Just a few days ago, a user registered "there" so he/she could post a complaint that "the web pages don't have any way to contact someone at SpamCop" Let's note that the Forum FAQ has two entries, the first titled "How can I contact a SpamCop representative?" which in fact points back to http://www.spamcop.net/fom-serve/cache/401.html an entry in the "original" FAQ and is found via the Help link on the www.spamcop.net web-page. Now just where do you see me saying "the Forum is better" in any of this? From nobody at devnull.spamcop.net Sun Jun 5 02:35:21 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Jun 5 02:40:02 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? In-Reply-To: References: Message-ID: WazoO wrote: > "Cat" wrote in message > news:d7trp1$jjr$1@news.spamcop.net... >>Some of us have also been around long enough to remember >>when SpamCop originally went from web forum to newsgroup >>and aren't particularly eager to go back to a web forum format. > > > ??? not sure if you're preaching to me or not there. Can you say > AnyBoard? Can you say "SpamCop yellow pages?" Can you > remember when Julian posted "a lot?" No, I'm not preaching there. I'm sorry if it came across that way. Printed words don't always get across the meaning or expression that you're attempting. I'm one of the long time SpamCop regulars who has been around since Anyboard, the yellow web site, and when Julian posted more often. I'm just pointing out that some of us do remember the old days of web forum only and still prefer to stick with the newsgroup...although Anyboard was definitely not nearly as good as the current web forum. From nobody at nowhere.invalid Sun Jun 5 12:27:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Jun 5 05:30:11 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: On Sat, 4 Jun 2005 23:21:31 -0600, Steve Sybesma coughed into spamcop and left this in : > I don't know how to create macros, and don't know if they can be used > with OE. They can't. Simply because OE is not OLE-Automatable. -- Steve Profanity is the one language all programmers know best. From prilok.the.criminal-tripper at you.forsaken-damaged-fucker.org Sun Jun 5 12:53:06 2005 From: prilok.the.criminal-tripper at you.forsaken-damaged-fucker.org (Prilok the criminal-tripper) Date: Sun Jun 5 05:55:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: <6ae4571aae824fb1a82e9c9d08f8aaf8@you.befouled-stepwise-gossiper.net> Steven Maesslein, wrote: > On Sat, 4 Jun 2005 23:21:31 -0600, Steve Sybesma coughed into spamcop > and left this in : > >> I don't know how to create macros, and don't know if they can be used >> with OE. > > They can't. Simply because OE is not OLE-Automatable. Want to make a bet, monkeyfucker? From MikeE at ster.invalid Sun Jun 5 04:40:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 06:45:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I looked at the OE-QuoteFix website. You are topposting which means that you are making a remark about something which isn't there where you are remarking. I gave a little lecture about that in the .spam newsgroup where there's a conversation going on which doesn't really belong there either. When this housekeeping problem starts getting out of control, we have to temporarily talk about housekeeping more than we want. Here's a reference to how to place your remarks into trimmed context of what you are talking about http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings Quote-Fix is not a solution to keypress macros for automating your OE sending. Perhaps the reason that John mentioned QF was because he tho't maybe it would fix the problem about your line lengths, which are another housekeeping problem, but I don't like to attack too many problems all at one time. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 5 04:49:21 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 06:50:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I need some way to save keystrokes by a hot key or something that > will allow to > combine several functions into one key. Here's another housekeeping problem created by 'crazy' line lengths. If you 'back up' and look at your posts from the perspective of reading them rather than writing them, you will see that they typically have some kind of linelength problem. My cite above has changed the original condition, but the original condition is full of 'shortlines' It isn't always possible to guess at how someone's lines 'degenerated' into what I call shortlines, but it is usually caused by lines too long. That is, if you type longlines, and then the longlines get reformatted into a not-so-long line, the not-so-long line will be followed by a shortline and then another not-so-long line. That is, in the beginning you type longline longline longline and it becomes normal short normal short normal short. Now, the question is, how come you are typing longlines. I suspect you may be either typing and putting in your own returns, or you are typing in some other editor and pasting the result into your OE newsreader. If you type paragraphs into your newsreader without returns except between paragraphs, and if your newsreader is configured to wrap its lines at 72-74, none of that will happen. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 5 07:05:59 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 09:10:03 2005 Subject: [SpamCop-List] Re: How do I submit my spam to spamcop? References: Message-ID: Quin wrote: > WOW! Look at what I started!!! Heh. > (In Outlook if you hit the forward button on > only one message it will place it inline). Also I was using Outlook > to forward the spam messages but expected replies to Hotmail. (One > Outlook account is set up with a return address to Hotmail). I post > to newsgroups using Outlook Express. Three email systems! Outlook OL doesn't really make a good spam reporting tool compared to OE Outlook Express. Altho' their names are similar, they are very very different about how they handle mail. OE saves mail in its original condition and it is very easy to retrieve the original item and submit it to the spamcop parser by webform or emailed attachment. OL 'destroys' the original mail first, before/during storing it as a MAPI derivative of the original, because its true purpose is to function as a MAPI client for MS Office. If you want to submit a mail to spamcop, spamcop wants its original condition, which has been lost, so OL tries to make one up out of the mapi store, and then SC tries to adapt what OL has made up into a semblance of an original. Too many derivatives of derivatives. The faqs describe some of the adjustments OL users have to make to use SC and the adjustments SC has to make to accommodate OL mail derivatives. > Apparently I need to use the spamcop email address that I signed up > with to do everything. right? Your SC identity and codes are attached to the email of your authorization and that is where SC will send you parser links. We also have to get you to stop top posting. The best way to communicate in a newsgroup is to trim and contextualize. -- Mike Easter kibitzer, not SC admin From not at home.today Sun Jun 5 15:48:28 2005 From: not at home.today (Ant) Date: Sun Jun 5 09:50:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > Here's another housekeeping problem created by 'crazy' line lengths. [snip] I realise you're talking about line-breaks in original text, but while we're on the subject of housekeeping, here's some info for those who have XP SP2 and are considering OE-Quotefix (which hasn't been updated since Aug 2003). "Outlook Express fixes in WinXP SP2": http://support.microsoft.com/?id=886340 "Word-wrapping of text is incorrect when you read messages in a newsgroup." "When you read messages in a newsgroup, the text that follows angle brackets (">") are not correctly word-wrapped to the next line." I wonder if this means they've fixed the broken quotes for *posting* (they mention *reading*)? I don't have XP here. Perhaps Quotefix is now not so useful for OE users. In fact SP2 breaks it somewhat: http://www.insideoe.com/resources/tools.htm#oequotefix "Warning for WinXP Service Pack 2 users!" [...] "Furthermore, SP2 makes changes in OE's Read all messages in plain text feature. Instead of using an IE control, it now uses the RichEdit control. OE-QuoteFix will not function at all if you enable the plain text feature in OE under Tools| Options| Read." From MikeE at ster.invalid Sun Jun 5 08:28:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 10:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Ant wrote: > I realise you're talking about line-breaks in original text, but while > we're on the subject of housekeeping, here's some info for those who > have XP SP2 and are considering OE-Quotefix (which hasn't been updated > since Aug 2003). OEQF was designed and built because of important problems with OE's editor. Since then, the editor has been changed - which is a big deal - and also incidentally the sig delimitor has been fixed since OE6. I'm not using XP SP2, so presently I don't have to worry about those problems you're describing.. I don't think I ever plan to use XP. I expect that I will 'gravitate' toward some non-Win OS from Win98se, most likely Linux, but perhaps also OS X, while keeping some Win98 or possibly even a Win2K OS around, if I had one. I also think that OEQF has some problems. Since its whole purpose is to fix OE, when I eventually migrate away from Win, I'll also be migrating away from OE. So, then I'll be rid of the problems with OE, the problems with OEQF, and the problems with Win OSes. -- Mike Easter kibitzer, not SC admin From rcarlton at spamcop.net Sun Jun 5 11:04:53 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sun Jun 5 13:05:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? In-Reply-To: References: Message-ID: David Butler wrote: > I get 2 or 3 of these a day > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > where both the spam source and the hosting are savvis and webunited. They > will not accept munging, so I manually LART every one of them. Does not seem > to have ANY effect. Somtimes it is even 4 or 5 per day. > > Anyone had any luck with these putzes? Some upstream to start venting on ?? They're hired by Adteractive/Adprofile From the State Licenses link on the landing page: STATE DISCLOSURES "ADT Interactive, LLC and ADT Mortgage, Inc. (collectively, ADT) operate this website. This Site is not a lender and does not originate loans as a broker. ADT has obtained the licenses listed below to enable it to offer consumer the lender marketing services provided on this Site. ADT does not endorse, warrant or guarantee service or products of any lender or broker and does not guarantee and makes no representations of any rates, points and loan programs posted by advertising lenders and brokers. All information is subject to change without notice. ADT shall not be responsible or liable for any products, services, information or other materials displayed, purchased, or obtained as a result of any information or offer in or results of any kind obtained in connection with this site, including, without limitation, any agent referrals, loan recommendations, application, approval, pre-qualification, loan or interest rate analysis. Nothing on this web site contains an offer, promise or otherwise, either to make a specific loan or that any participating lender or broker will make any loan for any purpose or on any specific terms." ADT INTERACTIVE, LLC 490 SECOND STREET, SUITE 103 SAN FRANCISCO, CA 94107 From jr70 at blackhole.invalid Sun Jun 5 12:14:14 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 14:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steve Sybesma" wrote in message news:d7u24s$mjj$1@news.spamcop.net... >I looked at the OE-QuoteFix website. > > What I need isn't related to that. > > What I need is essentially a macro. I mentioned OE-QuoteFix, not as a solution to your exact issue, but as an example of a successful third party add-on for OE. Obviously, OE's code is not so closed that one couldn't write add-ons for it, whether that be a macro add-on or a quote-fix add-on. -- John Richards From jr70 at blackhole.invalid Sun Jun 5 12:26:17 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 14:30:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote in message news:d7ukqn$vfe$1@news.spamcop.net... > You are topposting which means that you are making a remark about > something which isn't there where you are remarking. > > I gave a little lecture about that in the .spam newsgroup where there's > a conversation going on which doesn't really belong there either. I seem to recall a fairly recent post from deputy Ellen, saying in effect that we should not be hassling posters about the bottom-posting versus top-posting issue. I have no difficulty with either convention. We all know what the original Usenet convention was, but times and circumstances change. I say live and let live. -- John Richards From MikeE at ster.invalid Sun Jun 5 12:48:54 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 14:50:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: John Richards wrote: > I seem to recall a fairly recent post from deputy Ellen, saying in > effect If there is a post from Ellen saying something, it is important that what she said is what she said, not something else as you might have perceived it. A message ID would be very helpful. I don't think we should be 'hasseling each other' -- there's been a long standing 'policy' about being nice, especially to newbies. -- Mike Easter kibitzer, not SC admin From ob1db at spamcop.net Sun Jun 5 16:27:09 2005 From: ob1db at spamcop.net (David Butler) Date: Sun Jun 5 15:30:04 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: "Mike Easter" wrote in message news:d7temg$da5$1@news.spamcop.net... > David Butler wrote: > > I get 2 or 3 of these a day > > > > > http://www.spamcop.net/sc?id=z771367745zfe642553d1634c85be99fe7014161437z > > > > where both the spam source and the hosting are savvis and webunited. > > They will not accept munging, so I manually LART every one of them. > > Does not seem to have ANY effect. Somtimes it is even 4 or 5 per day. > > > > Anyone had any luck with these putzes? Some upstream to start venting > > on ?? > > That spam is straightup, From = source = spamvertiser. No header > bogosity at all. > > The IP is spamhaused as the /24 SBL20414 - spamhaus considers it part of > ciberlynx for some reason, what radb sez is > > whois -h whois.radb.net 66.115.52.115 ... > route: 66.115.0.0/18 > descr: Webunited superblock > origin: AS13488 > remarks: this is non-portable space, no exceptions > notify: noc@webunited.net > mnt-by: ASN-CIBERLYNX-DB-FL > changed: ivaldes@webunited.net 20050425 > source: SAVVIS > > so, I see the ciberlynx in there. > Cyberlynx also shows up on openrbl.org for this particular IP range. Address: 66.115.52.115 resolved to mx4.plutomailer.com AS: 66.115.0.0/18 AS13488 CiberLynx, Inc. Deerfield Beach/Florida Net 66.115.0-63 CIBERLYNX-NET2 Abuse-Whois ciberlynx.net: (ARIN/CIBERLYNX-NET2) [Cached] [whois.abuse.net] abuse@webunited.net (for ciberlynx.net) postmaster@ciberlynx.net (for ciberlynx.net) netadm#ciberlynx.net (for ciberlynx.net) What tool do you use for upstrems these days ? Netlantis is still down. Never have found anything else as intuitive as their tools... Thanks David From MikeE at ster.invalid Sun Jun 5 14:32:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 16:35:03 2005 Subject: [SpamCop-List] Re: savvis and webunited: black holes of spam or what ? References: Message-ID: David Butler wrote: > What tool do you use for upstrems these days ? Netlantis is still > down. Never have found anything else as intuitive as their tools... Potaroo. I don't like it as much as netatlantis. http://bgp.potaroo.net/cidr/ or http://bgp.potaroo.net/cidr/indext.html the latter might load a little faster Down at the bottom is a slot for the AS Enter an AS here to generate an aggregation report for the AS. Enter AS (e.g. "AS1221") The result comes in 4 parts, one of which is: AS Adjancency Report -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Sun Jun 5 15:27:41 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 5 17:30:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote in message news:d7vhek$f5p$1@news.spamcop.net... > John Richards wrote: >> I seem to recall a fairly recent post from deputy Ellen, saying in effect [pertinent snipped part reinserted]: >> that we should not be hassling posters about the bottom-posting versus >>top-posting issue. > > If there is a post from Ellen saying something, it is important that > what she said is what she said, not something else as you might have > perceived it. A message ID would be very helpful. Sorry, my news provider has no retention prior to 3/15/05. The Ellen post I was referring to may have been in early March. Does anyone else recollect it? -- John Richards From MikeE at ster.invalid Sun Jun 5 15:55:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 18:00:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: John Richards wrote: > Sorry, my news provider has no retention prior to 3/15/05. > The Ellen post I was referring to may have been in early March. > Does anyone else recollect it? You can search the pipermail archives with google advanced web The archives all start with news.spamcop.net/pipermail/spamcop-list unless it was in a different list than spamcop. So, there would be Ellen and there would be one of the forms of toppost, such as top-post or top post or toppost. I did some looking but I couldn't find it. The pipermail archives are current including June and go back to 2000 by months. If you needed to search the ng spamcop.help, it is http://news.spamcop.net/pipermail/spamcop-help/ -- Mike Easter kibitzer, not SC admin From none at none.none Sun Jun 5 20:00:13 2005 From: none at none.none (no1) Date: Sun Jun 5 19:05:02 2005 Subject: [SpamCop-List] No data / Too much data Message-ID: It started just 1-2 days ago, tying to report a spam (attached), getting the following error msg: ***************************** No data / Too much data You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from this posting and try again. SpamCop will no longer accept email larger than 50.0K bytes. Other possibilities: You may have a firewall which prevents HTTP POST commands, you may have linked to the wrong URL or your browser does not handle binary submissions correctly (try a different browser) ***************************** As you can see the size is only 1.35 kb. Have no problem reporting most of the other spam, so I'm out of suggested possibilities... Any idea what's wrong? Thanks in advance From none at none.none Sun Jun 5 20:03:00 2005 From: none at none.none (no1) Date: Sun Jun 5 19:05:08 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: sorry forgot to attach the spam "no1" wrote in message news:d8005i$ncl$1@news.spamcop.net... > It started just 1-2 days ago, tying to report a spam (attached), getting the following error msg: > > ***************************** > No data / Too much data > You are most likely submitting a very large email. Please trim some of the unnecessary data (noting where this has been done) from > this posting and try again. SpamCop will no longer accept email larger than 50.0K bytes. > Other possibilities: You may have a firewall which prevents HTTP POST commands, you may have linked to the wrong URL or your > browser > does not handle binary submissions correctly (try a different browser) > ***************************** > > As you can see the size is only 1.35 kb. > Have no problem reporting most of the other spam, so I'm out of suggested possibilities... > > Any idea what's wrong? > > Thanks in advance > > > > begin 666 No data Too much data .txt M4F5C96EV960Z(&9R;VT@6S@R+C,R+C$P-2XS.5T@8GD@;7@W,2YM>7-I=&4T M;F]W+F-O;2!;-C8N,3@V+C@N-S%=('=I=&@@4VUA"!F M;W(@>#L@4W5N+" P-2!*=6X@,C P-2 P-CHS-3HR-B M,#"U!=71H57-E M71E0&-O+G5K/@T*5&\Z('@-"E@M4V5N9&5R.B!B6]P:'ET94!C;RYU:PT*6"U&:6(M06PM35A)9#H@.39C M-F(W865F-S1A-S$R-C6]U(&-U2!P87EI;F<@ M;W9E6]U6]U(&QO=V5R('1H870@=&]D87DA#0I!;G-W97(@;VYL>2!A(&9E=R!Q=65S M=&EO;G,@86YD('=E(&-A;B!G:79E('EO=2!A;B!A<'!R;W9A;"!I;B!U;F1E M6]U('-A=FEN9R!Y;W5R(&UO;F5Y(&EN(&YO('1I;64A#0I! M6]U(')E861Y('1O('-A=F4@>6]U3\@:'1T<#HO+U!F0BYB M Message-ID: "Mike Easter" wrote in message news:d7vsbu$lfp$1@news.spamcop.net... > > You can search the pipermail archives with google advanced web > > The archives all start with > news.spamcop.net/pipermail/spamcop-list I'll go with news.spamcop.net/pipermail/spamcop(something) > If you needed to search the ng spamcop.help, it is > http://news.spamcop.net/pipermail/spamcop-help/ And here we go again .... the search function is already built in at two spots .... naturally, I'll point out that I added this to the top of the Forum pages http://forum.spamcop.net/forums/ and way back when Courtney (IronPort staffer) was doing some www.spamcop.net FAQ changes/updates/etc. I and another Forum user or two convinced/coerced her into adding the Forum to the search input 'form' found via the "Help" link http://www.spamcop.net/help.shtml#search (The "Old Discussion" is a bit of a misnomer, as posts are 'archived' immediately it would appear) Historically, the spamcop.help was supposed to be the place to wear the soft gloves, but due to those changes in "where to get help" almost all newsgroup traffic has ended up in 'this' newsgroup .. again historically, the more "technical" side of the house for SpamCop and related issues .. going with the philosophy of professional to professional as compared with newbie stuff .... Though a post like that may exist, I don't recall it, definitely not as a significant event. I read everything, used to remember almost everything, but admitting that old age is showing at times. From MikeE at ster.invalid Sun Jun 5 17:15:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 19:20:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: no1 wrote: > sorry forgot to attach the spam Errm. That's actually not the ideal way to share/show the problem. Here's what I get when I parse that item: http://www.spamcop.net/sc?id=z771710584z487368b1360f818b9efd7c6be8a17816z That link is a tracker to SC's storage of the spam and it will freshly reparse the item whenever it is accessed. Before cancelling, the parse declined to resolve the spamvertised urls and offered to report the source: Resolving link obfuscation http://pfb.bra1ns.com/p2.asp http://whrl.vo1ces.net/p2.asp http://pcxb.vo1ces.net/p2.asp Report Spam to: Re: 82.32.105.39 (Administrator of network where email originates) To: abuse@blueyonder.co.uk (Notes) >> Any idea what's wrong? A hiccup? The tracker is the most efficient way to post a spam; posting spam pasted into the body of the discussion groups or attached has traditionally been a no-no. That tradition has partly been based on the fact that some people access the discussion groups by email -- but that probably doesn't happen very much at all anymore. The tracker is best, but if you can't get enough parse to get a tracker, you have to put the item somewhere somehow. Personally I don't care whether it goes into .spam or not. Personally I don't care if it is an attachment or not, in fact I would rather see there be an attachment than a bent spam pasted into a message body. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Mon Jun 6 00:39:21 2005 From: nobody at nowhere.not (Robert Blair) Date: Sun Jun 5 19:40:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Sun, 5 Jun 2005 23:00:13 UTC, "no1" wrote: > No data / Too much data >From my experience it is spamcop running out of some resource. I just wait a few minutes and retry. -- Robert Blair From dfm2a3l0t2 at spymac.com Sun Jun 5 21:12:59 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sun Jun 5 20:15:03 2005 Subject: [SpamCop-List] Network administrator AND interested third party? Message-ID: Here's the tracker: http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z This is the latest in a series of spams where the SpamCop reports are listed as going to spam@anet.net.tw as both the administrator of the network where the email originates _and_ as a third party interested in the email source. How can they be both? -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Sun Jun 5 19:47:42 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 21:50:03 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: D.F. Manno wrote: > Here's the tracker: > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z The tracker provides two different Routing details for 219.81.238.229 One of them goes to http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=17 and the other http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=12,15 The first provides contacts based on apnic ting_tseng@twfn.com.tw & spam@anet.net.tw The 2nd provides contacts based on corrupt data and 'tuned up' to reflect part of the apnic data and part apparently left over from the corruption. That's not a very good explanation, but I'm just out here with you looking at what I can get. > This is the latest in a series of spams where the SpamCop reports are > listed as going to spam@anet.net.tw as both the administrator of the > network where the email originates _and_ as a third party interested > in the email source. > > How can they be both? Some old bad stuff which should probably be jettisoned rather than persistent. It isn't useful. It's about a proxy/trojanized spamsource of a .tw provider whose diligence in policing trojans might not be so good. Neither is EL's. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Jun 5 21:56:58 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 5 22:00:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: "no1" wrote in message news:d800b4$nfi$1@news.spamcop.net... > sorry forgot to attach the spam > Recently went round and round with a Forum user that offered sample that looked like your attached post .. bottom line, a third-party tool was being used in conjunction with some version of Outlook (final resolution appears to be setting up Outlook encoding to MIME, but ,,,) as the attached sample was not the "actual" spam, I'm going to take the stab that the 'real' spam had some alternate character set stuff, probably in the Subject: line .... at least this is the historical reason for that error on a 'small' spam. From nobody at spamcop.net Sun Jun 5 22:56:12 2005 From: nobody at spamcop.net (Ellen) Date: Sun Jun 5 22:05:05 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: "D.F. Manno" wrote in message news:dfm2a3l0t2-F3A258.20125905062005@news.cesmail.net... > Here's the tracker: > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z > > This is the latest in a series of spams where the SpamCop reports are > listed as going to spam@anet.net.tw as both the administrator of the > network where the email originates _and_ as a third party interested in > the email source. > > How can they be both? > -- At some point in the past apparently over a year ago, I had a manual override in there to send 3rd party reports. Manual overrides just stay in the system until they are manually removed. The problem apparently solved itself. It doesn't break anything to have it there nor will the system send 2 reports for each spam but I removed it ... Thanks for noticing. Ellen From nobody at spamcop.net Sun Jun 5 22:58:27 2005 From: nobody at spamcop.net (Ellen) Date: Sun Jun 5 22:05:11 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: "Mike Easter" wrote in message news:d809vr$u0j$1@news.spamcop.net... > > The 2nd provides contacts based on corrupt data and 'tuned up' to > reflect part of the apnic data and part apparently left over from the > corruption. > Actually the "corruption" was a crash of the notes database where the system managed to keep the notes but lose the date that a note was entered into the database. Ellen From nttp.sc.s at bigsleep.org Mon Jun 6 03:30:03 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 5 22:35:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 WazoO entered spamcop and left news:d80ah9$ub1$1@news.spamcop.net: > "no1" wrote in message > news:d800b4$nfi$1@news.spamcop.net... >> sorry forgot to attach the spam >> > Recently went round and round with a Forum user that offered > sample that looked like your attached post .. bottom line, a > third-party tool was being used in conjunction with some > version of Outlook (final resolution appears to be setting up > Outlook encoding to MIME, but ,,,) as the attached sample > was not the "actual" spam, I'm going to take the stab that > the 'real' spam had some alternate character set stuff, > probably in the Subject: line .... at least this is the > historical reason for that error on a 'small' spam. > > Does Spamcop even work with eMail attachments sent as base64? -- | Ric From MikeE at ster.invalid Sun Jun 5 21:00:38 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 5 23:05:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Does Spamcop even work with eMail attachments sent as base64? Yes. But that particular spam example wasn't b64 encoded. The original spam was plaintext. The b64 encoding occurred when the OP attached it to a newsgroup message. I'm not sure exactly how s/he was configured in order to get that result. The newsreader was OE6. It is possible that s/he was configured in news sending format plaintext settings MIME encode text using b64 -- but I haven't experimented to get that same result of plaintext body with b64 attachment. -- Mike Easter kibitzer, not SC admin From steve at prolynx.com Sun Jun 5 23:40:08 2005 From: steve at prolynx.com (Steve Sybesma) Date: Mon Jun 6 00:45:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Getting back to the subject, I guess: If anyone knows of a macro or keyboard utility or some other kind of utility that can be used to combine operations, including operations dealing with selections the context menu (right-click menu) - I'd be very grateful. Thanks, Steve "Steve Sybesma" wrote in message news:d7po5d$eb2$1@news.spamcop.net... > I forgot to add that I have 'quick' reporting enabled. > > I'm trying to get this boiled down to absolutely the least amount of fuss > possible. > > "Steve Sybesma" wrote in message > news:d7olga$sog$1@news.spamcop.net... > > Hello, > > > > I'm new to this group. > > > > I would like to know how I can automate Outlook Express 6 in such a way > > as to right click on the highlighted messages I want to report, and have > one > > of > > the context menu selections be "Forward As Attachment to SpamCop, then > > Send and Delete" so that the entire operation is done with only one click. > > > > This would make reporting spam exactly as easy as deleting the spam so > that > > there would be no temptation to just say "Oh, not today". > > > > Of course I'm lazy, but computers are all about how to make things easier > > anyway. > > > > I don't know how to write macros for Outlook Express to do this, and I > don't > > even > > know if it's possible, but I sure would find it valuable. > > > > I would like not to have to use a separate 3rd party program which gets me > > away > > from using OE, which otherwise takes care of all my other e-mail needs > > quite nicely. > > > > Thanks, > > > > Steve Sybesma > > Thornton, CO > > > > > > From none at none.none Mon Jun 6 01:48:27 2005 From: none at none.none (no1) Date: Mon Jun 6 00:50:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: just tried again - went through just fine. sorry for posting the spam on the discussion group, but as you sad, there was no way for me to get a tracker... Thanks again "Mike Easter" wrote in message news:d8012s$o55$1@news.spamcop.net... > no1 wrote: >> sorry forgot to attach the spam > > Errm. That's actually not the ideal way to share/show the problem. > > Here's what I get when I parse that item: > > http://www.spamcop.net/sc?id=z771710584z487368b1360f818b9efd7c6be8a17816z > > That link is a tracker to SC's storage of the spam and it will freshly > reparse the item whenever it is accessed. > > Before cancelling, the parse declined to resolve the spamvertised urls > and offered to report the source: > > Resolving link obfuscation > http://pfb.bra1ns.com/p2.asp > http://whrl.vo1ces.net/p2.asp > http://pcxb.vo1ces.net/p2.asp > > Report Spam to: > Re: 82.32.105.39 (Administrator of network where email originates) > To: abuse@blueyonder.co.uk (Notes) > > >>> Any idea what's wrong? > > A hiccup? > > The tracker is the most efficient way to post a spam; posting spam > pasted into the body of the discussion groups or attached has > traditionally been a no-no. That tradition has partly been based on the > fact that some people access the discussion groups by email -- but that > probably doesn't happen very much at all anymore. The tracker is best, > but if you can't get enough parse to get a tracker, you have to put the > item somewhere somehow. > > Personally I don't care whether it goes into .spam or not. Personally I > don't care if it is an attachment or not, in fact I would rather see > there be an attachment than a bent spam pasted into a message body. > > > > -- > Mike Easter > kibitzer, not SC admin > From nttp.sc.s at bigsleep.org Mon Jun 6 07:07:07 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 02:10:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 Mike Easter entered spamcop and left news:d80e8j$mn$1@news.spamcop.net: > The b64 encoding occurred when the OP attached it to a > newsgroup message. THAT'S WHAT I'M TALKING ABOUT! Oh, sorry, was I shouting? I'm sure there's a setting in OE for Mime or Base64. Maybe it's set that way for mail and Spamcop has a hard time with that. Though I've seen that error myself once or twice for no particular reason. But still wondering. -- | Ric | From MikeE at ster.invalid Mon Jun 6 00:42:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 02:45:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Mike Easter >> The b64 encoding occurred when the OP attached it to a >> newsgroup message. > > THAT'S WHAT I'M TALKING ABOUT! You're going to have to holler louder or something, I'm not getting your point. Or, we have different theories. > I'm sure there's a setting in OE for Mime or Base64. Maybe it's set > that way for mail and Spamcop has a hard time with that. What I'm saying is that the OP posted here and attached a .txt file that represented hir copy of the spam in its 'original' format, which wasn't b64. It appeared to me that the OP had copied the original spam from someplace like OE's message source, which message source was all plaintext, no b64. That is the condition of the spam that the OP submitted to the online parser or perhaps emailed as an attachment. S/he didn't submit any b64 [IMO]. In order to demonstrate hir point, the OP took that same plaintext and saved it as a file named 'No data Too much data .txt' whereupon s/he started talking about the problem in the ng and posted a msg and attached the file which resided on hir disk as a plaintext file to the newsgroup message. When s/he did that, OE 'converted' the plaintext file into a b64 attachment [is my theory]. SC was never confronted with b64 to parse, IMO. If SC gets a spam submitted to it 'composed' of b64, it has no problem with that either, but that wasn't the case here, IMO. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 01:04:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 03:05:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: I don't know if saying more will add to or reduce confusion, but I'll do it. Whatever else someone may like or dislike about attachments in newsgroups, including .txt attachments in b64, the 2nd message of the OP with the attachment was a properly constructed MIME message, which consisted of what looks to me like the 'modern' or newfangled OE editor version and headers indicating its MIME, followed by a plaintext body followed by a standard MIME b64 attachment configuration 'begin 666' That configuration can be handled without causing any kind of noncompliance problems. OE has been guilty of compliance problems in various or many areas in the past, but there isn't anything in that message to cause any noncompliance problems. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Mon Jun 6 10:16:09 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 05:20:12 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 05 Jun 2005 Mike Easter entered spamcop and left news:d80r8j$7ff$1@news.spamcop.net: > If SC gets a spam submitted to it 'composed' of b64, it has no problem > with that either, but that wasn't the case here, IMO. > I suppose that answers my question, short of trying it myself. I was contemplating that if the OP posted it here as base64, then it may have been sent to Spamcop that way as well. -- | Ric | From nobody at nowhere.invalid Mon Jun 6 12:44:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 05:45:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Sun, 5 Jun 2005 20:00:38 -0700, Mike Easter coughed into spamcop and left this in : > But that particular spam example wasn't b64 encoded. The original spam > was plaintext. The b64 encoding occurred when the OP attached it to a > newsgroup message. Actually, that was an inline uuencoded attachment. Nothing to do with base64... -- Steve There are only 10 kinds of people in the world: Those who understand binary, and those who don't. From nobody at nowhere.invalid Mon Jun 6 12:45:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 05:50:02 2005 Subject: [SpamCop-List] Truth in spamvertising Message-ID: This subject line just struck me as funny - and telling of the quality of spammy's dick pills. Subject: Get Hard In 15 Min collapse -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From HHAnderson at hotmail.com Mon Jun 6 05:10:04 2005 From: HHAnderson at hotmail.com (HHAnderson) Date: Mon Jun 6 06:15:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d7oe6v$ok1$1@news.spamcop.net... ---clip --- If you name an example of | a spamvertised URL, and how SC would notify for it, I'll describe to you | what I mean, ie what is the problem with that notify | -- | Mike Easter | kibitzer, not SC admin | Mike, I've also noticed the condition Eddie's speaking of a lot lately, and I'd like to know the reason for not reporting. A recent example: http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and isn't reported. ---- Start of stand-alone parse ---------- Parsing input: http://pbqa.she7d9s3pkazpta.sophbisoph8.com host pbqa.she7d9s3pkazpta.sophbisoph8.com (checking ip) = 221.11.133.42 host 221.11.133.42 (getting name) no name Routing details for 221.11.133.42 [refresh/show] Cached whois for 221.11.133.42 : abuse@cnc-noc.net Using abuse net on abuse@cnc-noc.net abuse net cnc-noc.net = postmaster@cnc-noc.net, abuse@cnc-noc.net, antispam@public.zz.ha.cn Using best contacts postmaster@cnc-noc.net abuse@cnc-noc.net antispam@public.zz.ha.cn postmaster@cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net@devnull.spamcop.net for statistical tracking. antispam@public.zz.ha.cn redirects to abuse@chinanet.cn.net Statistics: 221.11.133.42 not listed in bl.spamcop.net More Information.. 221.11.133.42 not listed in dnsbl.njabl.org 221.11.133.42 not listed in dnsbl.njabl.org 221.11.133.42 not listed in cbl.abuseat.org 221.11.133.42 listed in dnsbl.sorbs.net ( 127.0.0.6 ) 221.11.133.42 not listed in relays.ordb.org. Reporting addresses: abuse@cnc-noc.net abuse@chinanet.cn.net --- End parse of url ----- Just a few hours ago I had one with url: http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also resolved to 221.11.133.42 and it was reported to both of the abuse reporting addresses. What is the difference between the two, and why isn't the more recent one being reported? Thanks for your explanation, From nttp.sc.s at bigsleep.org Mon Jun 6 11:12:01 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:15:15 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d80shf$8ga$1@news.spamcop.net: > Whatever else someone may like or dislike about attachments in > newsgroups, including .txt attachments in b64, the 2nd message of the OP > with the attachment was a properly constructed MIME message, which > consisted of what looks to me like the 'modern' or newfangled OE editor > version and headers indicating its MIME, followed by a plaintext body > followed by a standard MIME b64 attachment configuration 'begin 666' > Uhm, I don't see any mime headers, could you point them out? The lack of any mime headers makes me wonder if Spamcop can handle that, as in a forwarded message not the spam itself. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 11:18:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:20:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Steven Maesslein entered spamcop and left news:slrnda86nb.3c1.nobody@127.0.0.1: > Actually, that was an inline uuencoded attachment. Nothing to do with > base64... > Oh, right. Man, I always get them mixed up. There are no Mime headers for that, is there? -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 11:21:58 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 06:25:04 2005 Subject: [SpamCop-List] Re: Truth in spamvertising References: Message-ID: It helps to mentally insert the comma. Still, for some guys it's an improvement ;-) -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:01:39 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:05:02 2005 Subject: [SpamCop-List] Re: Big Brother... (Text Repost) References: Message-ID: "Berny" wrote in news:d7rdhl$bmj$1@news.spamcop.net: > > Ummm.... what town where you in 15 years ago? > > There were semoe very internet competent OS "things" in my town; > > Mac, Amiga, Atari, OS/2, not to mention SunOS (BSD), VAX/VMS and > others for those with heavier requirements and budgets. > > Been to VAX/VMS land when I went to college.. learned Fortran there too. :-) From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:08:57 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:10:04 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Ilgaz Ocal wrote in news:d7p71l$57s$2@news.spamcop.net: > Go to some printshop and let them make it a good print with frame > since you are one of rare persons in World got some sort of reply :) > I used to get flat out bounces. :-) > As I said couple of times, Kornet, hananet should be taken to > parliament or something and their system should be taken to custody > and every machine should be disconnected if they have simplest virus > even. > With this new Mytob virus running around, it is a sure bet that the number of unpatched machines on Kornet will end up as full blown spamachines. > I am amazed as LG, Samsung type giants aren't taking action as they > are korean companies. At some point, I bet their business is effected > too. > Only if their email ends up bouncing.. otherwise they definitely won't take any pro-active action. From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:08:59 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:10:10 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Dave Lerner wrote in news:d7okjn$s2j$1@news.spamcop.net: > > I think it means "All our spam are belong to you." Been finding that out for a while. :-) From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 6 12:14:16 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 6 07:15:02 2005 Subject: [SpamCop-List] Re: Truth in spamvertising References: Message-ID: Blammo wrote in news:Xns966D22500B36Bblammo@ 216.154.195.61: > It helps to mentally insert the comma. Still, for some guys it's an > improvement ;-) > > Namely those who should never reproduce. (We don't need a new generation of kids who buy from dirty spammers.) From nobody at nowhere.invalid Mon Jun 6 14:26:06 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 07:30:02 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On Mon, 6 Jun 2005 10:18:18 +0000 (UTC), Blammo coughed into spamcop and left this in : >> Actually, that was an inline uuencoded attachment. Nothing to do with >> base64... > > Oh, right. Man, I always get them mixed up. There are no Mime headers for > that, is there? Correct. It's embedded in the text, inline between begin and end tags. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From nobody at nowhere.invalid Mon Jun 6 14:28:02 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 07:30:08 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On Mon, 6 Jun 2005 11:08:57 +0000 (UTC), Redstone coughed into spamcop and left this in : > With this new Mytob virus running around, it is a sure bet that the > number of unpatched machines on Kornet will end up as full blown > spamachines. Isn't that what they already are? They'll just end up being exploited by even more proxy hijackers. -- Steve Are Linux users lemmings collectively jumping off of the cliff of reliable, well-engineered commercial software? -- Matt Welsh From bar_n0ne at hotmail.com Mon Jun 6 17:23:39 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 6 08:25:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: "Steven Maesslein" wrote in message news:slrnda86nb.3c1.nobody@127.0.0.1... > On Sun, 5 Jun 2005 20:00:38 -0700, Mike Easter coughed into spamcop and > left this in : > > SNIP, I've seen a lot of "No/Too much" with C&P of spams into the webform, I find if I strip off trailing "blanks" to the last ASCII character it prevents this problem, I think there are often a lot of "tab" C/R, and LF and possibly a few other non renderable characters (limited by the ASCII that mail may transmit) at the end of these bodies and these somehow screw up SC's input buffer. Oddly, mail submissions rarely have a problem like that, but my mua, (OE) may be cleaning that up itself when generating or sending the message. From MikeE at ster.invalid Mon Jun 6 09:07:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:10:04 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Steven Maesslein wrote: > Mike Easter >> But that particular spam example wasn't b64 encoded. The original >> spam was plaintext. The b64 encoding occurred when the OP attached >> it to a newsgroup message. > > Actually, that was an inline uuencoded attachment. Nothing to do with > base64... You're correct, that was uue not b64. I said a lot of things wrong in this thread, I guess I'll fix them all over the place. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:11:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:15:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > Blammo wrote: >> Does Spamcop even work with eMail attachments sent as base64? > > Yes. > > But that particular spam example wasn't b64 encoded. The original > spam was plaintext. The b64 encoding occurred when the OP attached > it to a newsgroup message. That particular spam example wasn't b64 encoded. The original spam was plaintext. The OP used uue encoding and attached the plaintext to a newsgroup message. > I'm not sure exactly how s/he was configured in order to get that > result. The newsreader was OE6. It is possible that s/he was > configured in news sending format plaintext settings MIME encode text > using b64 -- but I haven't experimented to get that same result of > plaintext body with b64 attachment. Now I know how s/he was configured because I've recreated the effect in a test newsgroup posting. OE was configured to use plaintext with UUE encoding and not MIME. That results in plaintext in the body, and then when a plaintext file is attached, it is UUE encoded. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:13:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:15:10 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > Blammo wrote: >> Mike Easter > >>> The b64 encoding occurred when the OP attached it to a >>> newsgroup message. >> >> THAT'S WHAT I'M TALKING ABOUT! > > You're going to have to holler louder or something, I'm not getting > your point. Or, we have different theories. > >> I'm sure there's a setting in OE for Mime or Base64. Maybe it's set >> that way for mail and Spamcop has a hard time with that. > > What I'm saying is that the OP posted here and attached a .txt file > that represented hir copy of the spam in its 'original' format, which > wasn't b64. It appeared to me that the OP had copied the original > spam from someplace like OE's message source, which message source > was all plaintext, no b64. That is the condition of the spam that > the OP submitted to the online parser or perhaps emailed as an > attachment. S/he didn't submit any b64 [IMO]. This is still correct. > In order to demonstrate hir point, the OP took that same plaintext and > saved it as a file named 'No data Too much data .txt' whereupon s/he > started talking about the problem in the ng and posted a msg and > attached the file which resided on hir disk as a plaintext file to the > newsgroup message. When s/he did that, OE 'converted' the plaintext > file into a b64 attachment [is my theory]. That is still correct right down to the last line which should say 'OE converted the plaintext file into a uue attachment.' > SC was never confronted with b64 to parse, IMO. > > If SC gets a spam submitted to it 'composed' of b64, it has no problem > with that either, but that wasn't the case here, IMO. That is still correct. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Jun 6 12:21:40 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 11:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Mon, 06 Jun 2005 04:10:04 -0600, HHAnderson scratched out the following: snip > > Just a few hours ago I had one with url: > http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also > resolved to 221.11.133.42 and it was reported to both of the abuse > reporting addresses. What is the difference between the two, and why > isn't the more recent one being reported? > > Thanks for your explanation, If Mike has an account such as ours (I don't think he does) he would better understand what I call a "bug" Either SC has changed their software recently or spammers have found a trick to avoid getting caught most of the time. Since SC, we were told, considers a report to the wrong IP the worst error, I now completely cancel any report which does not parse properly, perhaps giving the spammers a break but eventually making SC look into the bug, assuming more people take this action. I assume that if any part of the parse has an error, the entire parse is worthless since I have been offered no explanation for this problem. SC is still working in the pre-zombie world, where nailing the spammer was of more importance than nailing the URL's ISP. That is no longer the case, and we can see that sending zillions of reports to zombie hosts has little effect on the spam volume. The trick is to go after the URL these days, but SC has the policy that this is not important, which is why, in my opinion, this "bug" is not addressed. It's not important to report the URL ISP, in SC's 20th century world. Lately I have been canceling over 60% of my spam reports because of this bug, but it does have the benefit of saving me lots of time. What used to take perhaps a half-hour of reporting now takes a few minutes. If SC does not parse properly the first time, I cancel the report. And if I get a sigalarm timeout, I cancel the entire bunch. Lately, SC has essentially become simply a good spam filter, and the reporting side has slipped markedly. The other bug of hitting "source" and occasionally finding yourself back in the inbox is still with us because nobody can either find it or nobody cares. I suspect the latter, so I don't care either, anymore. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Mon Jun 6 09:22:37 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:25:15 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Mike Easter wrote: > I don't know if saying more will add to or reduce confusion, but I'll > do it. > > Whatever else someone may like or dislike about attachments in > newsgroups, including .txt attachments in b64, the 2nd message of the > OP with the attachment was a properly constructed MIME message, which > consisted of what looks to me like the 'modern' or newfangled OE > editor version and headers indicating its MIME, followed by a > plaintext body followed by a standard MIME b64 attachment > configuration 'begin 666' This is totally incorrect. What it should say is, the 2nd message of the OP was an attachment using uue encoding. The OP's OE editor is an 'advanced' version 6.00.3790.1830 but the structure isn't MIME, it is uue. There is a plaintext body followed by a standard UUE attachment whose structure is 'begin 666'. > That configuration can be handled without causing any kind of > noncompliance problems. Unfortunately, there can be noncompliant inconsistencies in OE's rendition of uue, I don't know if they occurred here. UUE is unix to unix encoding. Apparently OE may handle that differently than other non-unix newsagents. I haven't researched this problem very far. > OE has been guilty of compliance problems in various or many areas in > the past, but there isn't anything in that message to cause any > noncompliance problems. OE's uue may be incompatible with some other newsagent's uue. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 09:32:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 11:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: HHAnderson wrote: > Mike, I've also noticed the condition Eddie's speaking of a lot > lately, and I'd like to know the reason for not reporting. I don't know the answer. I have a theory. > A recent example: > http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, > which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and > isn't reported. Correct, and when I parsed it, there wasn't any 'effort' to resolve the link. > Just a few hours ago I had one with url: > http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which > also resolved to 221.11.133.42 and it was reported to both of the > abuse reporting addresses. What is the difference between the two, > and why isn't the more recent one being reported? I don't know. When I copied the spam from your tracker item up there and resubmitted it, SC didn't offer to try to resolve the url, but simply offered to report the source. When I refreshed [which I'm not recommending that one do on a routine basis when the parser fails to offer to report a url] -- then the parser offered to report the spamvertiser: Report Spam to: Re: 80.82.50.220 (Administrator of network where email originates) To: alexf@vsi.ru (Notes) To: alexs@vsi.ru (Notes) Re: 80.82.50.220 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of network hosting website referenced in spam) To: postmaster@chinatietong.com (Notes) To: crnet_mgr@chinatietong.com (Notes) To: crnet_tec@chinatietong.com (Notes) which I cancelled. My theory is that it is a matter of assigning resources. Depending upon how short the supply of resources, the parser will abort any effort to try to resolve a url -- if it 'feels like it'. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Jun 6 13:15:23 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 12:20:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Mon, 06 Jun 2005 08:32:53 -0700, Mike Easter scratched out the following: > HHAnderson wrote: > >> Mike, I've also noticed the condition Eddie's speaking of a lot lately, >> and I'd like to know the reason for not reporting. > > I don't know the answer. I have a theory. > >> A recent example: >> > http://www.spamcop.net/sc?id=z771855424ze0661e2215477f19ea615afffdaa50c7z, >> which contains url: http://pbqa.she7d9s3pkazpta.sophbisoph8.com and >> isn't reported. > > Correct, and when I parsed it, there wasn't any 'effort' to resolve the > link. > >> Just a few hours ago I had one with url: >> http://www.adduction.hitchiclah.com/?1m3c3oxhxbejirx22564a16, which also >> resolved to 221.11.133.42 and it was reported to both of the abuse >> reporting addresses. What is the difference between the two, and why >> isn't the more recent one being reported? > > I don't know. When I copied the spam from your tracker item up there and > resubmitted it, SC didn't offer to try to resolve the url, but simply > offered to report the source. When I refreshed [which I'm not > recommending that one do on a routine basis when the parser fails to offer > to report a url] -- then the parser offered to report the spamvertiser: > > Report Spam to: > Re: 80.82.50.220 (Administrator of network where email originates) > To: alexf@vsi.ru (Notes) > To: alexs@vsi.ru (Notes) > > Re: 80.82.50.220 (Third party interested in email source) > To: Cyveillance spam collection (Notes) > > Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of network > hosting website referenced in spam) > To: postmaster@chinatietong.com (Notes) To: crnet_mgr@chinatietong.com > (Notes) To: crnet_tec@chinatietong.com (Notes) > > which I cancelled. > > My theory is that it is a matter of assigning resources. Depending upon > how short the supply of resources, the parser will abort any effort to try > to resolve a url -- if it 'feels like it'. I agree, Mike, but I call it a "bug." The parser should at least say "I give up" or something instead of simply feeding a blank line. As I noted, when this happens, I cancel the entire report rather than have a possible erroneous report going out to the wrong ISP. -- Once movie theaters gave out steak knives Today they confiscate them From none at none.none Mon Jun 6 14:50:33 2005 From: none at none.none (no1) Date: Mon Jun 6 13:55:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: guys, sorry I cased so much confusion, let me try to clarify: The original spam message source was copied from OE and saved as .txt with Notepad, that's the source (just plain ASCII text) I always use to report spam through SC website. Later that .txt was attached to my newsgroup message. My OE is set to send newsgroup messages in plain text with Uuencode Message Format. Thank again "Mike Easter" wrote in message news:d81pns$oua$1@news.spamcop.net... > Mike Easter wrote: >> I don't know if saying more will add to or reduce confusion, but I'll >> do it. >> >> Whatever else someone may like or dislike about attachments in >> newsgroups, including .txt attachments in b64, the 2nd message of the >> OP with the attachment was a properly constructed MIME message, which >> consisted of what looks to me like the 'modern' or newfangled OE >> editor version and headers indicating its MIME, followed by a >> plaintext body followed by a standard MIME b64 attachment >> configuration 'begin 666' > > This is totally incorrect. > > What it should say is, the 2nd message of the OP was an attachment using > uue encoding. The OP's OE editor is an 'advanced' version > 6.00.3790.1830 but the structure isn't MIME, it is uue. There is a > plaintext body followed by a standard UUE attachment whose structure is > 'begin 666'. > >> That configuration can be handled without causing any kind of >> noncompliance problems. > > Unfortunately, there can be noncompliant inconsistencies in OE's > rendition of uue, I don't know if they occurred here. UUE is unix to > unix encoding. Apparently OE may handle that differently than other > non-unix newsagents. I haven't researched this problem very far. > >> OE has been guilty of compliance problems in various or many areas in >> the past, but there isn't anything in that message to cause any >> noncompliance problems. > > OE's uue may be incompatible with some other newsagent's uue. > > -- > Mike Easter > kibitzer, not SC admin > > From rob at southernfrance.com Mon Jun 6 21:23:26 2005 From: rob at southernfrance.com (Rob) Date: Mon Jun 6 14:25:02 2005 Subject: [SpamCop-List] SPEWS listing a virgin DNS Message-ID: I'm sorry if I'm mailing into the wrong thread, I do not really know how these news groups work. I do not undertand why my dns is blocked by Spews. I have just switched server, there are no spamming sites on my server and yet the DNS 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do with me or my server http://spews.org/html/S2983.html Is there a way of getting off this list and how on earth did I get onto it? Rob From HHAnderson at hotmail.com Mon Jun 6 13:34:13 2005 From: HHAnderson at hotmail.com (HHAnderson) Date: Mon Jun 6 14:35:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Mike Easter" wrote in message news:d81qb4$pe5$1@news.spamcop.net... ... clip ...| | Re: http://pbqa.she7d9s3pkazpta.sophbisoph8.com (Administrator of | network hosting website referenced in spam) | To: postmaster@chinatietong.com (Notes) | To: crnet_mgr@chinatietong.com (Notes) | To: crnet_tec@chinatietong.com (Notes) | | which I cancelled. | | My theory is that it is a matter of assigning resources. Depending upon | how short the supply of resources, the parser will abort any effort to | try to resolve a url -- if it 'feels like it'. | | ... clip ... Mike, maybe it has something to do with the name server, as when I did it at 3am this morning the IP resolved for the url was 221.11.133.42 and not 222.51.98.245 as it was resolved when you (& I) did it 6 hours later. I had also pinged the url earlier and now, and the pinged IP was 221.11.133.42 earlier and 222.51.98.245 now. Also the reporting addresses earlier were: abuse@cnc-noc.net and abuse@chinanet.cn.net, and not the chinatietong.com ones they are now. Do you know if it's possible that Spamcop might use more than one namesever and if the results from both are not the same IP it may revert to the no report condition? Just a theory, but as there are many namesevers there has to be a window of time when some have been dynamically updated and others haven't yet been. But, as Eddie said, whatever the case, the parser should be enhanced/(bug fixed) to indicate the reason for the none resolution. IMHO :) You seem to be on top of this board, so do you know if my out of sync namesevers theory has been expounded in prior discussions of this condition? Harvey From MikeE at ster.invalid Mon Jun 6 12:59:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:00:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: HHAnderson wrote: > "Mike Easter" >> My theory is that it is a matter of assigning resources. Depending >> upon how short the supply of resources, the parser will abort any >> effort to try to resolve a url -- if it 'feels like it'. >> >> ... clip ... > > Mike, maybe it has something to do with the name server, as when I > did it at 3am this morning the IP resolved for the url was > 221.11.133.42 and not 222.51.98.245 as it was resolved when you (& I) > did it 6 hours later. I had also pinged the url earlier and now, and > the pinged IP was 221.11.133.42 earlier and 222.51.98.245 now. Also > the reporting addresses earlier were: abuse@cnc-noc.net and > abuse@chinanet.cn.net, and not the chinatietong.com ones they are > now. What I can 'see' re this spamvertiser issue is: - sometimes SC will not attempt to resolve - sometimes on those, refreshing results in resolution - sometimes SC will attempt to resolve but fail - sometimes on those, refreshing will resolve It has always been true that if something changes from one time to the next, like DNS, that that can result in a different result than observed previously. The parser reparses an item whenever it is accessed, and results can change. That is even discussed in the faq http://www.spamcop.net/fom-serve/cache/32.html Why does SpamCop show different results from one day to the next? > Do you know if it's possible that Spamcop might use more than > one namesever and if the results from both are not the same IP it may > revert to the no report condition? I don't know what nameserver/s SC uses or even 'how' it uses its nameserver/s [the way the nameservers at dnsstuff work is different than the way my own nameserver querying console works] -- But, part of my theory is that SC doesn't even 'bother' querying for resolution. > Just a theory, but as there are > many namesevers there has to be a window of time when some have been > dynamically updated and others haven't yet been. But, as Eddie > said, whatever the case, the parser should be enhanced/(bug fixed) to > indicate the reason for the none resolution. IMHO :) I certainly wouldn't want to pass my time trying to imagine myself reading Julian's mind as he configures the algorithm, but it is commonly observed around here that sometimes the philosophy appears to be "The less the spammers are able to learn about how some parts of the spamcop system work, the better." It is possible that the failure to give information about why the url isn't attempted to resolve is intentional. >You seem to > be on top of this board, so do you know if my out of sync namesevers > theory has been expounded in prior discussions of this condition? I don't recall seeing it in the ng, but it could have been discussed in the forum and I wouldn't know. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 6 13:15:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:20:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Rob wrote: > I'm sorry if I'm mailing into the wrong thread, I do not really know > how these news groups work. This is spamcop, the spews faq is over thataway => http://www.spews.org/faq.html > I do not undertand why my dns is blocked by Spews. I have just > switched server, there are no spamming sites on my server and yet the > DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to > do with me or my server http://spews.org/html/S2983.html 63.247.78.250 rDNS sky.securenet-server.net of gnax is spews listed as a part of a /25, a block of 128 individual IP addresses The evidence page shows this: 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) which means that 63.247.78.218 rDNS mail.cs-server30.com got itself listed for those websites in the top line, and perhaps something else. When gnax failed to do anything about the reports, the single IP was expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. That /25 in CIDR notation includes your 63.247.78.250 The spews faq covers the subject of your IP being an 'innocent bystander' caught up in a spews block of your provider. If it feels any better, think of it as your provider being blocked, not you. > Is there a way of getting off this list and how on earth did I get > onto it? You could motivate your provider to get rid of its spammers and to report that riddance into the newsgroups news.admin.net-abuse.blocklisting or news.admin.net-abuse.email You can also discuss your plight in one of those newsgroups. Besides reading the spews faq I posted above, you might also like to read Bill Cole's faq on dealing with being blocklisted http://www.scconsult.com/bill/dnsblhelp.html Blacklists, Blocklists, DNSBL's, and survival: -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Mon Jun 6 22:31:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 6 15:35:05 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left this in : > I'm sorry if I'm mailing into the wrong thread, I do not really know how > these news groups work. To start with, they have nothing to do with e-mail so I don't understand the comment about "mailing" to the wrong thread, especially as yo just started a new thread. <*shrug*> > I do not undertand why my dns is blocked by Spews. I have just switched > server, there are no spamming sites on my server and yet the DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do with > me or my server http://spews.org/html/S2983.html Three points. 1) SpamCop has nothing to do with SPEWS. 2) The evidence file contains these lines: 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) ^^^^^^^^^^^^^^^^ How can you claim that this has nothing to do with you? 3) YOU are not listed. Your ISP, Global Net Access (gnax.net) is. If I read the evidence file correctly, they were listed for hosting the spammer mentioned at IP address 63.247.78.218 and ignoring complaints. The listing was escalated to the /25 you're in because of the lack of complaints. Since then, arizonagoldprospectors.org has moved elsewhere (also to space listed by SPEWS). virilitypillsvp-rx.com and dietandverilitypills.com have not been termed by gnax.net, rather they have been moved to "clean" space on the same provider, which will probably result in an EXPANSION of the SPEWS listing. Note that you also have a ROKSO spammer (one of the worst spammers) Eric Reinersten hosted very close to you, although admittedly only since yesterday: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27762 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27761 > Is there a way of getting off this list There are 2 ways of doing that: a) Get gnax.net to boot all of their spammers and thus prove that their IP space is trustworthy (good luck in attempting that), or b) Move to a clean provider, not a cesspit. > and how on earth did I get onto it? By signing up with an ISP that willingly does business with spammers. -- Steve Some days you are the bug; some days you are the windshield. From nobody at spamcop.net Mon Jun 6 16:32:07 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 6 15:35:13 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Mike Easter wrote: > > I don't think we should be 'hasseling each other' -- there's been a > long standing 'policy' about being nice, especially to newbies. Erm, IIRC (and I'm pretty sure I do) that "be nice to newbies" policy was for the defunct NNTP NG spamcop.help, but _this_ NG was acknowledged to be for folks who already knew to put on their asbestos undies prior to posting...... From dfm2a3l0t2 at spymac.com Mon Jun 6 16:35:27 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Mon Jun 6 15:35:20 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: In article , "Ellen" wrote: > "D.F. Manno" wrote in message > > > Here's the tracker: > > > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z > > > > This is the latest in a series of spams where the SpamCop reports are > > listed as going to spam@anet.net.tw as both the administrator of the > > network where the email originates _and_ as a third party interested in > > the email source. > > > > How can they be both? > > At some point in the past apparently over a year ago, I had a manual > override in there to send 3rd party reports. Manual overrides just stay in > the system until they are manually removed. The problem apparently solved > itself. It doesn't break anything to have it there nor will the system send > 2 reports for each spam but I removed it ... Thanks for noticing. You're welcome. Thanks for satisfying my curiousity. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Mon Jun 6 13:35:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 15:40:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Mike Easter wrote: > The evidence page shows this: > > 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / > arizonagoldprospectors.org (cs.cs-server30.com) > 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) > > which means that 63.247.78.218 rDNS mail.cs-server30.com got itself > listed for those websites in the top line, and perhaps something else. > > When gnax failed to do anything about the reports, the single IP was > expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. > That /25 in CIDR notation includes your 63.247.78.250 Since we're just puttering around here, we can mess with some other CIDR blocks in this neighborhood. gnax is Global Net Access and it owns a /19 here, which is 8192 IPs or 32 class Cs. OrgName: Global Net Access, LLC NetRange: 63.247.64.0 - 63.247.95.255 CIDR: 63.247.64.0/19 NetName: GNAXNET So that little spews 'potshot' at blocking 128 of them is 'nothing' - but it is spews warning gnax. Sometimes spews will 'emphasize' that warning by listing a bigger chunk as a spews2. Another little chunk you would be interested in is a little /29 of 8 IPs network:Network-Name:AceNet572-1 network:IP-Network:63.247.78.248/29 Those 8 IPs are assigned by gnax to AceNet, and your IP in question is in those 8, and those 8 are 'caught up' in the block of 128 that spews chose for its expansion to try to communicate with gnax more effectively. It appears that your domainname southernfrance.com rDNS 63.247.78.250 and that is its MX, which is also sky.securenet-server.net There's also a webserver and a number of sites there, 423 different domains, including yours http://www.southernfrance.com -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Mon Jun 6 21:01:42 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:05:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 no1 entered spamcop and left news:d822d2$til$1@news.spamcop.net: > Later that .txt was attached to my newsgroup message. > My OE is set to send newsgroup messages in plain text with Uuencode > Message Format. > That's what I figured, I was just "supposing" maybe that was the problem. You posted that the problem cleared up, so I figured that wasn't it. I think we're just having fun confusing ourselves now. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:04:06 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:05:14 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d81pns$oua$1@news.spamcop.net: > OE's uue may be incompatible with some other newsagent's uue. > I don't notice any problems with it. There are sometimes errors in UUE transmissions (or corruption on the news server) that can make it hard or impossible to decode. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:20:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:25:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d826f1$hf$1@news.spamcop.net: > It is possible that the failure to give information about why the url > isn't attempted to resolve is intentional. > I see a lot of good theories here, I'll add another. If we looked in the parser code we might see a comment like "do this later", where it mentions that other parts of the parser need to be modified so that we can return a meaningful response. I do this myself all the time, where I try to "look ahead" to what I might want to do and make a comment in the right place, so I remember it later. And the inverse as well, where I want to add a feature but the old code isn't friendly to that idea, and I make a comment that that part needs to be rewritten to allow it. I believe the cause of this "bug" is known, likely caused by some external event, like (maybe) what Harvey mentioned or server load like Mike mentions (see no evidence of that though). Fixing it may take quite some rewriting. It never seems to fail on anything that's really worth larting. -- | Ric | From MikeE at ster.invalid Mon Jun 6 14:33:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 16:35:03 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: Blammo wrote: > Mike Easter >> OE's uue may be incompatible with some other newsagent's uue. > I don't notice any problems with it. There are sometimes errors in UUE > transmissions (or corruption on the news server) that can make it > hard or impossible to decode. I was reading this article by Michael Santovec about OE's 'old' editor and the old, I guess, Netscape not handling uue the same way. Particularly a section of this section http://pages.prodigy.net/michael_santovec/decode.htm#uuencode "Problems can occur due to inconsistent encoding/decoding in different mail and news programs. For example, Microsoft Outlook Express will use a blank (x'20') as an encoding character. (Some other encoders will use the ` character (x'60') instead of a blank.) If the blank ends up as the last character in a line, Outlook Express will then drop the blank resulting in a short line. If Netscape decodes this attachment, it will assume that the short line is padded with nulls (x'00) rather than blanks. This can result with what was orginally a x'40', x'80' or x'C0' byte becoming a 'x00'. This problem only occurs when a x'40', x'80' or x'C0' byte was orinally at the 45th byte of the file, or a multiple there of (e.g. 90th, 135th, etc.)." I didn't research any further into that. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Mon Jun 6 21:44:35 2005 From: nobody at nowhere.not (Robert Blair) Date: Mon Jun 6 16:45:02 2005 Subject: [SpamCop-List] is go.com really that clueless? Message-ID: This is their response to "Subject: RESULT: AWARD NOTIFICATION !!!" spam I received. **** go.com response Thank you for informing us of this situation. Spammers "spoof" e-mail addresses in the header to hide their true sources. You might be informed of this when you receive a message such as a non-deliverable notification. This type of messages are sent back to the original e-mailer (which is you since your address was spoofed in the header). Unfortunately there is no way for us to stop these e-mails from being sent. Should you have additional questions or comments, please feel free to let us know. **** end of go.com response Here are the receive headers Received: from wmailmta04of.seamail.go.com (wmailmta04of.seamail.go.com [199.181.134.41]) by mx4.pacifier.net (Postfix) with SMTP id 1A94480DAF for ; Mon, 6 Jun 2005 09:25:42 -0700 (PDT) Received: (qmail 9878 invoked from network); 6 Jun 2005 16:23:59 -0000 Received: from wmailweba04.seamail.go.com (HELO WMAILWEBA04) (10.192.72.78) by wmailmta04o.seamail.go.com with SMTP; 6 Jun 2005 16:23:59 -0000 This is not a bounce looks like spam sent through there web mail interface. -- Robert Blair From m at remove.this.part.rtij.nl Mon Jun 6 23:44:44 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Mon Jun 6 16:50:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: On Mon, 06 Jun 2005 20:23:26 +0200, Rob wrote: > I'm sorry if I'm mailing into the wrong thread, I do not really know how > these news groups work. It's not the wrong thread, it's the wrong newsgroup. You want news.admin.net-abuse.blocklisting. However, you'll find the same answers as I'll give you, although more detail. This group is only about the spamcop system, which has zero, nada, nop to do with spews, except that they both publish blocklists. Spamcop is a system that lists IPs that have generated a lot of complaints. "A lot of" is defined somewhere in the FAQ. Spews is the Spam Early Warning System. It lists IPs that have spammed or have given spam support. If nothing is done, the listing is widened to the netblock. If still nothing is done, the listing is widenend until at last it compasses the entire ISP. You'll notice this may list a lot of other customers of that same ISP. This is intentional. This is probably what happened to you. The problem is that some ISPs done give a fart about spamming customers and 1) Either don't do anything, or 2) Even worse, move the spammers around to avoid private blocklists To put pressure on those ISPs to remove their spamming customers some block the complete ISP. SPEWS is just an automated system that does about the same, it lists netblocks that are likely to emit spam. > I do not undertand why my dns is blocked by Spews. I have just switched > server, there are no spamming sites on my server and yet the DNS > 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do > with me or my server http://spews.org/html/S2983.html > > Is there a way of getting off this list and how on earth did I get onto > it? Lets see. 0, 65.61.216.13, making-online-money.com (dead) 1, 65.61.216.92, teensoncam.net 1, 65.61.216.83, penis-pills-review.com 2, 65.61.216.0/24, doteasy.com (making-online-money.com) 0, 66.79.174.150, virilitypillsvp-rx.com 0, 69.72.142.42, virilitypillsvp-rx.com / dietandverilitypills.com (pwebtech.com) 0, 69.72.142.0/26, pwebtech.com (virilitypillsvp-rx.com / dietandverilitypills.com) 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) 0, 162.42.209.64, desertjewels.com (cybertrails.com) 0, 69.56.158.170, making-online-money.com (theplanet.com) 0, 69.56.158.128/26, theplanet.com (making-online-money.com) 1, 72.34.32.200, desertjewels.com (ihnetworks.net) 1, 209.51.152.43, virilitypillsvp-rx.com / dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) 2, 209.51.152.0/26, gnax.net (virilitypillsvp-rx.com / dietandverilitypills.com) 1, 69.50.201.75, arizonagoldprospectors.org (atjeu.com) You didn't give your IP, so I cannot say which of those lines applies to you. However the first number is the level. Level 0 means de-listed and is documentary. Level 1 means block. Level 2 means, whatch out, this may go level 1. See http://www.spews.org/faq.html for more info. The second number is the IP range in question. After that is why this IP range is listed. Ask in nanabl (news.admin.net-abuse.blocklisting) people there are very good at explaining spews listings and giving details. Let me just say that I recognize two names there, gnax and the planet. Both harbor spammers and don't give a shit. The rest seems to be about their pet pill spammers, which has not escalated yet to the ISP level. Let me put it this way. You seem to have chosen connectivity through a bad neighborhood. Gnax and the planet are block on sight for many, spews may just be the least of your problems, just the first you got aware of. Your options mainly are: 1) Live with it. 2) Smarthost your email, which means you send your outgoing email to some server in untainted IP space. Can be had for a couple of bucks a month. 3) Ask your provider why they are listed an get them to do something about it. 4) Terminate your contract because the provider does not deliver as promised and get connectivity elsewhere. Let me repeat, spews is just an indication of the problems if you are on gnax or the planet. HTH, M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From nttp.sc.s at bigsleep.org Mon Jun 6 21:47:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 16:50:11 2005 Subject: [SpamCop-List] Re: No data / Too much data References: Message-ID: On 06 Jun 2005 Mike Easter entered spamcop and left news:d82buq$529$1@news.spamcop.net: > I was reading this article by Michael Santovec about OE's 'old' editor > and the old, I guess, Netscape not handling uue the same way. > Good find. Yes, I think that was Communicator and some old Outlook version. The problems I see now seem to involve the last few bytes of the file. I have a program that's supposed to fix that, but often destroys the file. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 6 21:57:54 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 6 17:00:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On 06 Jun 2005 Robert Blair entered spamcop and left news:TECQXhvKj0FX-pn2- T4b3dViC6P7G@dsl-206-55-144-107.tstonramp.com: > **** go.com response > Thank you for informing us of this situation. Spammers "spoof" e-mail > I might reply to them if I can think of something good to say... When I do I change my address to that which they sent to. Maybe Ellen can offer some good advise, she can be helpful with this type of thing. I got one like that from Cox, who apparently want's my eMail address since the rest of the message isn't enough for them. BTW: Welcome to Mr. Palin's Hell -- | Ric | From MikeE at ster.invalid Mon Jun 6 14:58:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 6 17:00:10 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Robert Blair wrote: > Spammers "spoof" e-mail > addresses in the header to hide their true sources. > Unfortunately there is no way for us to stop these e-mails from being > sent. > This is not a bounce looks like spam sent through there web mail > interface. You haven't proven your point yet by posting partial headers. If we are going to talk about a disagreement between you and some provider about what was the source of a spam, it is necessary to talk about the entire headers, not just your selected part of them. The way to post access to the entire headers would be to put the headers into the tracker for a parse, copy the tracking url, and paste the url here. So, you didn't post 'enough'. You posted 'too much'. Tracker. -- Mike Easter kibitzer, not SC admin From not at home.today Tue Jun 7 03:01:23 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > I don't think I ever plan to use XP. I expect that I will 'gravitate' > toward some non-Win OS from Win98se, most likely Linux, but perhaps also > OS X, while keeping some Win98 or possibly even a Win2K OS around, if I > had one. I might go 'nix at some point. I haven't upgraded my W2k past SP2 because I don't like MS' supplemental EULAs. I get the feeling they're moving to the point of saying "All your data are belong to us". I like the control you get with unix style OS's, but I think their GUIs are primitive. I'm quite happy at the command line, but I also like fast functional graphics. Perhaps things are improving in this area; my experience is based on an old version of Red Hat and various flavours of Solaris (I have an old Sun SPARCstation 20 which I play with occasionally). From not at home.today Tue Jun 7 03:13:03 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:15 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Mike Easter" wrote: > I don't think I ever plan to use XP. I expect that I will 'gravitate' > toward some non-Win OS from Win98se, most likely Linux, but perhaps also > OS X, while keeping some Win98 or possibly even a Win2K OS around, if I > had one. I might go 'nix at some point. I haven't upgraded my W2k past SP2 because I don't like MS' supplemental EULAs. I get the feeling they're moving to the point of saying "All your data are belong to us". I like the control you get with unix style OS's, but I think their GUIs are primitive. I'm quite happy at the command line, but I also like fast functional graphics. Perhaps things are improving in this area; my experience is based on an old version of Red Hat and various flavours of Solaris (I have an old Sun SPARCstation 20 which I play with occasionally). From not at home.today Tue Jun 7 03:13:35 2005 From: not at home.today (Ant) Date: Mon Jun 6 21:15:19 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote: > I believe the cause of this "bug" is known, likely caused by some external > event, like (maybe) what Harvey mentioned or server load like Mike > mentions (see no evidence of that though). Fixing it may take quite some > rewriting. It never seems to fail on anything that's really worth larting. I've been resolving some of these URLs separately. All my recent ones are hosted by China Railway Telecoms (chinatietong). This provider appears to be *the* major bullet proof host at present. Apparently they've contacted Steve Linford of Spamhaus to discuss removing their blocks, so they know they have a problem and they know what to do! Perhaps the software can't cope with such a huge number of look-ups to one domain at peak times. From eddie at eddie.web Mon Jun 6 23:23:40 2005 From: eddie at eddie.web (eddie) Date: Mon Jun 6 22:25:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On Tue, 07 Jun 2005 02:13:35 +0100, Ant scratched out the following: > "Blammo" wrote: > >> I believe the cause of this "bug" is known, likely caused by some >> external event, like (maybe) what Harvey mentioned or server load like >> Mike mentions (see no evidence of that though). Fixing it may take quite >> some rewriting. It never seems to fail on anything that's really worth >> larting. > > I've been resolving some of these URLs separately. All my recent ones are > hosted by China Railway Telecoms (chinatietong). This provider appears to > be *the* major bullet proof host at present. Apparently they've contacted > Steve Linford of Spamhaus to discuss removing their blocks, so they know > they have a problem and they know what to do! > > Perhaps the software can't cope with such a huge number of look-ups to one > domain at peak times. I have pasted the URL into the report box and it resolves immediately. Then, when I paste the spam back into the box I get the same blank line error. If I paste the URL again, it resolves. It's the software that the parser uses, not the lookup software, as far as I can tell. And I am sure the spammers know what they are doing. -- Once movie theaters gave out steak knives Today they confiscate them From RobertTaylor at SpamCop.net Mon Jun 6 23:55:05 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:00:03 2005 Subject: [SpamCop-List] Phony SC-Message? Message-ID: Hello Group, This evening, this landed in my inbox: (quote)
Dear Valued Member,

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

http: //www dot spamcop dot net/confirm dot php?email=roberttaylor at spamcop dot net
[ (The above href is all on one line in the original message, as you see from the
s. RT) ]
Thank you for your attention to this question. We apologize for any inconvenience.

Sincerely,Spamcop Security Department Assistant.
(/quote). Return-Path: From: webmaster at spamcop dot net [ shows as a valid eMail address. ] All I could find on <209 dot 67 dot 220 dot 164> is that it's registered to . If this is legit, I have no idea what it's all about. I'm close to a "charter" member of SC, and have never had a problem. Anyone? Regards, Robert -- eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm NOTARY SOJAC (Dizzy Gillespie, Prop.) From RobertTaylor at SpamCop.net Tue Jun 7 00:06:16 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:15:03 2005 Subject: [SpamCop-List] Correction Message-ID: Sorry, the reference to reverse dot layered dot com in my previous post should have read: < reverse dot layeredtech dot com > Robert -- eMail: RobertTaylor@SpamCop.net From nobody at devnull.spamcop.net Mon Jun 6 23:24:45 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 6 23:25:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Robert Taylor" wrote in message news:d832a8$j5n$1@news.spamcop.net... > This evening, this landed in my inbox: > >
Dear Valued Member,
>
According to our site policy you will have to confirm your account by > the following link or else your account will be suspended within 24 hours > for security reasons.
>
http: //www dot spamcop dot > net/confirm dot php?email=roberttaylor at spamcop dot net
> > If this is legit, I have no idea what it's all about. I'm close to a > "charter" member of SC, and have never had a problem. For being a long-time SpamCop user, why are you the second person today to find this baffling? Please check recent responses over in the spamcop.help newsgroup to pretty much the same query on the same spam. Yes, it's a phish, yes it should be handled as your normal spam, no you shouldn't have posted all the garbage "here" .. the use of a Tracking URL would by much simpler and wiser ... if you need help on "Tracking URL" please see the Glossary provided as a link off of the Forum FAQ found at http://forum.spamcop.net/forums/ From nobody at devnull.spamcop.net Mon Jun 6 23:54:04 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 6 23:55:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.07.02.23.40.130000@eddie.web... > > I have pasted the URL into the report box and it resolves > immediately. Then, when I paste the spam back into the box I get the same > blank line error. If I paste the URL again, it resolves. It's the software > that the parser uses, not the lookup software, as far as I can tell. And I > am sure the spammers know what they are doing. Maybe it's the kill-file in action, but not sure how many times I've pointed that out .. the single-line entry look-up and the parser use different code. The only thing in common is that both tools are using the same form entry box for data submittal. Jeff G. started an item for another FAQ entry on this issue. Care to add some 'helpful' commentary so threads like this can be minimized? http://forum.spamcop.net/forums/index.php?showtopic=4345 From RobertTaylor at SpamCop.net Tue Jun 7 00:53:46 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Mon Jun 6 23:55:15 2005 Subject: [SpamCop-List] Re: Phony SC=Message? Message-ID: Disregard "Phony SC=Message?"-post: the message from the so-called "" is fake. Regards, Robert -- Robert eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm (1506 nix nix - Dizzy Gillespie, foo Mgr.) From nttp.sc.s at bigsleep.org Tue Jun 7 06:29:06 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 01:30:08 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: On 06 Jun 2005 Robert Taylor entered spamcop and left news:d832a8$j5n$1@news.spamcop.net: > Return-Path: > From: webmaster at spamcop dot net > Do Spamcop mail account members not know anything about reading headers? The only thing you posted that couldn't be forged was your eMail address. Why didn't you post the source IP so that we could confirm it didn't come from spamcop.net/ironport.com, and you wouldn't have to waste your time looking up the phishing link. Thanks for taking the time to munge all that stuff though. -- | Ric From rob at southernfrance.com Tue Jun 7 08:31:09 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 01:35:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Thank you for that. I like the way you sniff down and you are right there on the button. 63.247.78.250 is celestialhost.com which is my private hoster, hosting southernfrance.com and other southernfrance names. Celestialhost is hosted by ace etc etc. I've only just moved to ace from my old host who developed chronic downtime problems. But thanks for your time. "Mike Easter" a écrit dans le message de news: d828i0$2da$1@news.spamcop.net... > Mike Easter wrote: >> The evidence page shows this: >> >> 1, 63.247.78.218, virilitypillsvp-rx.com / dietandverilitypills.com / >> arizonagoldprospectors.org (cs.cs-server30.com) >> 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / >> dietandverilitypills.com) >> >> which means that 63.247.78.218 rDNS mail.cs-server30.com got itself >> listed for those websites in the top line, and perhaps something else. >> >> When gnax failed to do anything about the reports, the single IP was >> expanded to 128 IPs from 63.247.78.128 to 63.247.78.255 inclusive. >> That /25 in CIDR notation includes your 63.247.78.250 > > Since we're just puttering around here, we can mess with some other CIDR > blocks in this neighborhood. > > gnax is Global Net Access and it owns a /19 here, which is 8192 IPs or > 32 class Cs. > > OrgName: Global Net Access, LLC > NetRange: 63.247.64.0 - 63.247.95.255 > CIDR: 63.247.64.0/19 > NetName: GNAXNET > > So that little spews 'potshot' at blocking 128 of them is 'nothing' - > but it is spews warning gnax. Sometimes spews will 'emphasize' that > warning by listing a bigger chunk as a spews2. > > Another little chunk you would be interested in is a little /29 of 8 IPs > > network:Network-Name:AceNet572-1 > network:IP-Network:63.247.78.248/29 > > Those 8 IPs are assigned by gnax to AceNet, and your IP in question is > in those 8, and those 8 are 'caught up' in the block of 128 that spews > chose for its expansion to try to communicate with gnax more > effectively. > > It appears that your domainname southernfrance.com rDNS 63.247.78.250 > and that is its MX, which is also sky.securenet-server.net > > There's also a webserver and a number of sites there, 423 different > domains, including yours http://www.southernfrance.com > > > -- > Mike Easter > kibitzer, not SC admin > > From RobertTaylor at SpamCop.net Tue Jun 7 02:31:52 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Tue Jun 7 01:35:13 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: In news:Xns966DE4CDAEF0Cblammo@216.154.195.61, Blammo sent: > On 06 Jun 2005 Robert Taylor entered spamcop and left > news:d832a8$j5n$1@news.spamcop.net: > >> Return-Path: >> From: webmaster at spamcop dot net >> > > Do Spamcop mail account members not know anything about reading headers? > The only thing you posted that couldn't be forged was your eMail address. > Why didn't you post the source IP so that we could confirm it didn't come > from spamcop.net/ironport.com, and you wouldn't have to waste your time > looking up the phishing link. > Thanks for taking the time to munge all that stuff though. > >> Ric You're most welcome. :) Robert From RobertTaylor at SpamCop.net Tue Jun 7 02:32:49 2005 From: RobertTaylor at SpamCop.net (Robert Taylor) Date: Tue Jun 7 01:35:20 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: In news:d8341u$k48$1@news.spamcop.net, WazoO sent: > "Robert Taylor" wrote in message > news:d832a8$j5n$1@news.spamcop.net... >> This evening, this landed in my inbox: >> >>
Dear Valued Member,
[...] > For being a long-time SpamCop user, why are you the second > person today to find this baffling? [...] > the use of a Tracking URL would > by much simpler and wiser ... [...] This may come as a shock to you, but I find the Theory of Groups, and Number Theory generally, infinitely more interesting (no pun intended) than Tracking URLs (and eMail headers, generally), and hence am unable to dedicate time to study of the latter. Judging by your urbane, polished, and courteous remarks, I feel sure that you will find it in your heart to forgive this vice which, in the kosmic scheme of things, is relatively minor. Regards, -- Robert eMail: RobertTaylor@SpamCop.net Web-Address: http://users.rcn.com/robertt.nh.ultranet/Web-SitePg1.htm (1506 nix nix - Dizzy Gillespie, foo Mgr.) From rob at southernfrance.com Tue Jun 7 08:35:48 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 01:40:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: Thank you for the reply, now I understand. Can you make any recommendations about <<2) Smarthost your email, which means you send your outgoing email to some server in untainted IP space. Can be had for a couple of bucks a month >> Don't want to jump out the frying pan into the the whatever it is , and having just moved and having to rejig sites to fit in withh different constraints on the hosts..... seems a good host is so mighty hard to find, why I'd give all the gold........ Best, Rob "Martijn Lievaart" a écrit dans le message de news: s6pen2-mp3.ln1@news.rtij.nl... > On Mon, 06 Jun 2005 20:23:26 +0200, Rob wrote: > >> I'm sorry if I'm mailing into the wrong thread, I do not really know how >> these news groups work. > > It's not the wrong thread, it's the wrong newsgroup. You want > news.admin.net-abuse.blocklisting. However, you'll find the same answers > as I'll give you, although more detail. > > This group is only about the spamcop system, which has zero, nada, nop to > do with spews, except that they both publish blocklists. > > Spamcop is a system that lists IPs that have generated a lot of > complaints. "A lot of" is defined somewhere in the FAQ. > > Spews is the Spam Early Warning System. It lists IPs that have spammed or > have given spam support. If nothing is done, the listing is widened to the > netblock. If still nothing is done, the listing is widenend until at last > it compasses the entire ISP. > > You'll notice this may list a lot of other customers of that same ISP. > This is intentional. This is probably what happened to you. > > The problem is that some ISPs done give a fart about spamming customers > and > 1) Either don't do anything, or > 2) Even worse, move the spammers around to avoid private blocklists > > To put pressure on those ISPs to remove their spamming customers some > block the complete ISP. SPEWS is just an automated system that does about > the same, it lists netblocks that are likely to emit spam. > >> I do not undertand why my dns is blocked by Spews. I have just switched >> server, there are no spamming sites on my server and yet the DNS >> 63.247.78.250 is blocked and the DATA / EVIDENCE page is nothing to do >> with me or my server http://spews.org/html/S2983.html >> >> Is there a way of getting off this list and how on earth did I get onto >> it? > > Lets see. > > 0, 65.61.216.13, making-online-money.com (dead) 1, 65.61.216.92, > teensoncam.net > 1, 65.61.216.83, penis-pills-review.com 2, 65.61.216.0/24, doteasy.com > (making-online-money.com) 0, 66.79.174.150, virilitypillsvp-rx.com 0, > 69.72.142.42, virilitypillsvp-rx.com / dietandverilitypills.com > (pwebtech.com) 0, 69.72.142.0/26, pwebtech.com (virilitypillsvp-rx.com / > dietandverilitypills.com) 1, 63.247.78.218, virilitypillsvp-rx.com / > dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) > 1, 63.247.78.128/25, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) 0, 162.42.209.64, desertjewels.com > (cybertrails.com) 0, 69.56.158.170, making-online-money.com > (theplanet.com) 0, 69.56.158.128/26, theplanet.com > (making-online-money.com) 1, 72.34.32.200, desertjewels.com > (ihnetworks.net) 1, 209.51.152.43, virilitypillsvp-rx.com / > dietandverilitypills.com / arizonagoldprospectors.org (cs.cs-server30.com) > 2, 209.51.152.0/26, gnax.net (virilitypillsvp-rx.com / > dietandverilitypills.com) 1, 69.50.201.75, arizonagoldprospectors.org > (atjeu.com) > > You didn't give your IP, so I cannot say which of those lines applies to > you. > > However the first number is the level. Level 0 means de-listed and is > documentary. Level 1 means block. Level 2 means, whatch out, this may go > level 1. See http://www.spews.org/faq.html for more info. > > The second number is the IP range in question. > > After that is why this IP range is listed. > > Ask in nanabl (news.admin.net-abuse.blocklisting) people there are very > good at explaining spews listings and giving details. Let me just say that > I recognize two names there, gnax and the planet. Both harbor spammers and > don't give a shit. The rest seems to be about their pet pill spammers, > which has not escalated yet to the ISP level. > > Let me put it this way. You seem to have chosen connectivity through a bad > neighborhood. Gnax and the planet are block on sight for many, spews may > just be the least of your problems, just the first you got aware of. > > Your options mainly are: > 1) Live with it. > 2) Smarthost your email, which means you send your outgoing email to some > server in untainted IP space. Can be had for a couple of bucks a month. 3) > Ask your provider why they are listed an get them to do something about > it. > 4) Terminate your contract because the provider does not deliver as > promised and get connectivity elsewhere. > > Let me repeat, spews is just an indication of the problems if you are on > gnax or the planet. > > HTH, > M4 > > -- > Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering > their time inventing and implementing new, exciting ways for software > to suck. -- Toni Lassila in the Monastry > From nttp.sc.s at bigsleep.org Tue Jun 7 06:57:40 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 02:00:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 06 Jun 2005 eddie entered spamcop and left news:pan.2005.06.07.02.23.40.130000@eddie.web: > And I am sure the spammers know what they are doing. I'm not so sure. I didn't know really where to post this, but I just noticed this... X-Spam-Status: Yes, ... tests=...,URIBL_AB_SURBL, URIBL_OB_SURBL,URIBL_SC_SURBL I think URIBL_SC_SURBL is Spamcop, though I haven't checked these Spamassassin rules to know for sure. The URL with *.speedtuesday.info doesn't make it through the parser this time, but the domain is listed. And it received a generous 12.7 score from spamassassin. -- | Ric From nobody at devnull.spamcop.net Tue Jun 7 03:54:17 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Jun 7 03:55:08 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Blammo" wrote in message news:Xns966DE9A61C6F4blammo@216.154.195.61... > > X-Spam-Status: Yes, ... tests=...,URIBL_AB_SURBL, > URIBL_OB_SURBL,URIBL_SC_SURBL > > I think URIBL_SC_SURBL is Spamcop, though I haven't checked these > Spamassassin rules to know for sure. The URL with *.speedtuesday.info > doesn't make it through the parser this time, but the domain is listed. And > it received a generous 12.7 score from spamassassin. http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf urirhssub URIBL_SC_SURBL multi.surbl.org. A 2 body URIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL') describe URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist tflags URIBL_SC_SURBL net http://www.surbl.org/lists.html sc.surbl.org - SpamCop message-body URI domains As described in the sc Data section, sc.surbl.org contains domains and a few web site IP addresses processed from SpamCop URI reports, also known as "spamvertised" sites. Many reports for a given domain or IP address must be received before it is included, and a whitelist is used to prevent any legitimate, non-spam domains from getting onto the list. Entries in sc.surbl.org expire automatically as described in the Data section. If you know of any legitimate domains that are on this SURBL or any others, please report them to whitelist at surbl dot org so they can be removed. When writing, please send us the original message with full headers and an explanation of why the domain should not be listed. Please see the List Removal section below. Note that this list is not the same as bl.spamcop.net, which is an RBL of spam-sending source IP addresses found in message headers. From redford_stone at INVERSE_OF_COLDmail.com Tue Jun 7 09:04:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Jun 7 04:05:02 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Steven Maesslein wrote in news:slrnda8cq2.492.nobody@127.0.0.1: > > Isn't that what they already are? They'll just end up being exploited by > even more proxy hijackers. > Unfortunately, that appears to be the case. I'm hoping something is going to "break" someplace over there and it will shake them up to actually take action. From nobody at nowhere.not Tue Jun 7 09:16:44 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 04:20:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Mon, 6 Jun 2005 20:58:39 UTC, "Mike Easter" wrote: > You haven't proven your point yet by posting partial headers. While I did not post all the headers I did post all the receive headers but here is what you want. http://www.spamcop.net/sc?id=z772255444z234e8e5c69ac56da441f2a1e9f7155 dbz -- Robert Blair From porpoise1954 at yahoo.co.uk Tue Jun 7 10:11:05 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 04:20:11 2005 Subject: [SpamCop-List] spam injecting forged anti-spam headers Message-ID: Tracker: http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z This is an interesting variation, injecting forged "X-AntiAbuse" headers and obfuscated links to your own domains in order to make it such that, if you were to report the spam, it makes the parser find your own domain as the spamvertised link - which it would then want to report. Needless to say, it was cancelled and no reports sent. (So spammy achieved that objective at least). Clever new tactic by spammy? Like I'm *really* likely to want to be on their after them spamming me and trying to make it look like it came from me, to avoid being reported. **************** Looking at the originating IP [from - ] gives us: OrgName: Everyones Internet, Inc. OrgID: EVRY Address: 2600 Southwest Freeway Address: Suite 500 City: Houston StateProv: TX PostalCode: 77098 Country: US NetRange: 67.15.0.0 - 67.15.175.255 CIDR: 67.15.0.0/17, 67.15.128.0/19, 67.15.160.0/20 NetName: EVRY-BLK-15 NetHandle: NET-67-15-0-0-1 Parent: NET-67-0-0-0-0 NetType: Direct Allocation NameServer: NS1.EV1.NET NameServer: NS2.EV1.NET Comment: RegDate: 2004-02-06 Updated: 2004-10-11 which I take to be the genuine originating IPand the being forged. ***************** Then, looking at the forged headers: X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ibiza.micfo.com X-AntiAbuse: Original Domain - srenterprises.co.uk X-AntiAbuse: Originator/Caller UID/GID - [99 504] / [47 12] X-AntiAbuse: Sender Address Domain - ibiza.micfo.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: 1st-buy-and-sell.com:/public_html/discount/mail Envelope-To: x X-Spam-Flag: No X-Spam-Level: 2/3 is obviously forged I take to be some sort of tracker for spammy to identify the spammee. ****************** Then, from the body, the following makes the parser think that Apnea is a spamvertiser from an obfuscated URL: Please specify the URL where you have placed the back link to our WEB site in the form below: http://www.discount-prices.biz/links.php?action=addlink&lcat_id=3328&link_id=99597 The following information was added into our database already: - Title: APNEA - URL: http://www.apnea.co.uk - Description: Freediving and spearfishing equipment and supplies, scuba equipment and accessories, and UK agents for Imersion. - Keywords: Freediving and spearfishing equipment and supplies, scuba equipment and accessories, and UK agents f ****************** From nobody at spamcop.net Tue Jun 7 10:30:05 2005 From: nobody at spamcop.net (TimeLord) Date: Tue Jun 7 04:35:03 2005 Subject: [SpamCop-List] Re: NTL mailhosts wrong again References: Message-ID: "Brian (SnSR)" wrote in message news:d7lsi5$bcv$1@news.spamcop.net... > Vanguard wrote: > We all have started from a place where we didn't know much about spam or > the process of reporting it. Let's try to help each other out instead of > being so critical and turning noobs away. Well said. Even the most experienced make the odd stupid mistake - the difference generally being their refusal to admit it. kev From nttp.sc.s at bigsleep.org Tue Jun 7 09:51:04 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 04:55:29 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: On 07 Jun 2005 WazoO entered spamcop and left news:d83jrb$sor$1@news.spamcop.net: > Note that this list is not the same as bl.spamcop.net, which is an RBL of > spam-sending source IP addresses found in message headers. > Yea, that would be "RCVD_IN_BL_SPAMCOP_NET" Thanks for the info. -- | Ric From nobody at nowhere.invalid Tue Jun 7 12:12:16 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jun 7 05:15:27 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: On Tue, 7 Jun 2005 02:01:23 +0100, Ant coughed into spamcop and left this in : > I like the control you get with unix style OS's, but I think their > GUIs are primitive. May have been true a few years ago but nowadays both KDE and GNOME have plenty of features - to the point where some consider them overbloated. Of course, that's one of the advantages of a 'nix system running XFree86 or xorg: you get to choose which GUI you use. If you like a full desktop manager the go for KDE or GNOME. If you prefer something much lighter then go for a simple window manager like IceWM, BlackBox or twm. > I'm quite happy at the command line, but I also like fast functional > graphics. Perhaps things are improving in this area; They are - definitely. > my experience is based on an old version of Red Hat How old? If more than, say, 2 years (which is about when RH9 was released) then you'll hardly recognize it now. > and various flavours of Solaris (I have an old Sun SPARCstation 20 > which I play with occasionally). I suspect the GUI on that machine is a little outdated :) If you want to play around with a distro before installing it then take a look at this: http://www.knopper.net/knoppix/index-en.html (assuming you have a broadband connection and a CD burner) -- Steve Cat, n: Lapwarmer with built-in buzzer. From scamper at trisk.com Tue Jun 7 04:16:41 2005 From: scamper at trisk.com (Garen Erdoisa) Date: Tue Jun 7 05:20:05 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers In-Reply-To: References: Message-ID: Porpoise wrote: > Tracker: > http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z [snip] > X-AntiAbuse: Original Domain - srenterprises.co.uk These types of headers are not uncommon. I've seen two to three a day like that over the last year or so. Don't know if this will help in your case unless you can run procmail but what I do in this case is use a procmail filter to append a new header prior to running it through my spam filter software that would look something like this: X-srenterprises.co.uk: Forged Header Detected (X-AntiAbuse: Original Domain - srenterprises.co.uk) Then go ahead and send the report as normal. I've yet to see spamcop's parser be fooled by this. ALso looking at your tracker, It doesn't look like spamcop's parser was fooled by this one either. [snip] Garen From nttp.sc.s at bigsleep.org Tue Jun 7 10:19:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 05:20:13 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: On 07 Jun 2005 Porpoise entered spamcop and left news:d83lb0$tsf$1@news.spamcop.net: > This is an interesting variation, injecting forged "X-AntiAbuse" > headers and obfuscated links to your own domains in order to make it > such that, if you were to report the spam, it makes the parser find > your own domain as the spamvertised link - which it would then want to > report. I don't get it, I don't see any obfuscated links, just the one in the message body (other than discount-prices) that the parser picked up on. I've seen the same thing with my domain in "Original Domain", spamcop never tried to report it, and so big deal, like they can't figure that out from the headers? Or track it in their own database. I think you're being paranoid, but whatever. -- | Ric From nobody at nowhere.invalid Tue Jun 7 12:21:56 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jun 7 05:25:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On Tue, 7 Jun 2005 08:04:28 +0000 (UTC), Redstone coughed into spamcop and left this in : > Unfortunately, that appears to be the case. I'm hoping something is > going to "break" someplace over there and it will shake them up to > actually take action. The only thing that'll get .kr's attention is if someone backhoes their pipe to the 'Net. .kr is probably the country with the highest penetration of high-speed connections to the house. Given that they all use bootleg copies of Windows in Asia and that they're therefore scared to grab updates from windowsupdate.microsoft.com, .kr has a huge concentration of trojanned machines connected to the 'Net. ISPs in .kr (in particular kornet, hananet and boranet) have repeatedly shown their unwillingness (or incompetence?) to deal with the problem, so the only way that the "clean" side of the Internet can deal with it is to depeer with .kr. The problem is the same for .cn, .tw and .hk. -- Steve "Mothers all want their sons to grow up to be President, but they don't want them to become politicians in the process." -- John F. Kennedy From nobody at spamcop.net Tue Jun 7 09:07:48 2005 From: nobody at spamcop.net (Ellen) Date: Tue Jun 7 08:15:02 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Robert Taylor" wrote in message news:d832a8$j5n$1@news.spamcop.net... > Hello Group, > > This evening, this landed in my inbox: > > (quote) > > >
Dear Valued Member,
>
According to our site policy you will have to confirm your account by > the following link or else your account will be suspended within 24 hours > for security reasons Yes it is is a phish/forgery mail -- we do not have a webmaster account/email address, we do not ask you to confirm your account for security reasons. If someone would send me one of these with complete headers and body source, pasted into an email to deputies admin.spamcop.net I would appreciate it. If anyone gets one with a functioning body url and can copy/paste the webpage that would also be useful. Has anyone seen one with a functioning phish page? Legit mail will come from me, Don or Richard about your reporting account and from Jeff about your filtered email account, if there is an issue with your account. We never write in HTML. We just ask you to respond to us with more information about a report or ask you to set-up mailhosts or to explain your process in submitting spam or some such thing. We will never ask for your password. If for some reason we wanted you to log into your account, we would ask you to log in as usual to the system and do blahblahblah. Thanks Ellen SpamCop P.S. -- folks, please lets not jump on people who receive one of these and show up here concerned about what is going on. We have many many thousands members who have never posted in the newsgroups, who have been members for years and who are rightly alarmed by receiving this. Whilst it may seem remarkable, there are lots of members who have never had parse problems and who have never learned to, or needed to learn to, read headers. So let's cut them a tiny little bit of slack. Of course if they do it a second time, why then you can beat them up :-) As always, but never said said frequently enough, thanks to the regular and irregular denizens of the groups and forums who offer help day in and day out. Your knowledge and helpfulness keeps us afloat! From nospam at fuck-off-and-die.com Tue Jun 7 19:10:06 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Tue Jun 7 08:30:03 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: Message-ID: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Steven Maesslein, , the heavy, low-necked flap-dragon, and monastery door keeper, cooed: > On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left > this in : >> I do not really know >> how these news groups work. > > To start with, they have nothing to do with e-mail so I don't > understand > the comment about "mailing" to the wrong thread, especially as yo just > started a new thread. You total fucking arse. I hope you turn blue and die of asphyxiation. Slowly and horribly. From nttp.sc.s at bigsleep.org Tue Jun 7 14:09:31 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 09:10:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: On 07 Jun 2005 Ellen entered spamcop and left news:d8432a$66b$1@news.spamcop.net: > ... who have never learned to, or needed to learn to, read headers. I just don't understand how you can be a spam reporter and not know a little about reading headers. > So let's cut them a tiny little bit of slack. I don't know why, they should know what their server's (or spamcop's) Received headers look like, at the very least. I guess if one can use the Spamcop mail service and never send any reports (none of their spam ever gets reported), then I can give them some slack. -- | Ric From MikeE at ster.invalid Tue Jun 7 07:43:12 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 09:45:02 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Robert Blair wrote: > "Mike Easter" >> You haven't proven your point yet by posting partial headers. > > While I did not post all the headers I did post all the receive > headers but here is what you want. > > http://www.spamcop.net/sc?id=z772255444z234e8e5c69ac56da441f2a1e9f7155 > dbz It is definitely more 'fun' and more informative to look at the whole item. Those Received headers are 'boring' but the key to the truth.. When we look at the tracker we get to see just what a spam generated from go.com's webmailer looks like. Altho' anything of this can be forged by the spammer, when it all 'fits together' then it is likely real. headerlines X-Mailer: GoMail 3.0.1 bodytrailer Check-out GO.com GO get your free GO E-Mail account with expanded storage of 6 MB! http://mail.go.com We also get to see the go.com From and Return-Path which is surely the account at go joymoorejo and altho' the tracker only provides an obfuscated msgid, it also corresponds 6380__rejo@WMAILWEBA04 and we also get to see that go.com does *not* put in an X-line indicating the IP of the person connecting to their webmailer, also giving another clue to go.com's cluelessness. Since these kinds of things can sometimes lead to further correspondence with a provider like go, all of this information is fodder for some subjects in that correspondence. Also, if/when you re-communicate with the provider's abuse contact, you want to include some of these addresses from the arin registration: whois -h whois.arin.net 199.181.134.41 ... OrgName: Disney Worldwide Services, Inc. AbuseEmail: ms_support@help.go.com NOCEmail: servicedesk@ticket.disneyonline.com TechEmail: noc@dig.com OrgTechEmail: michael.jenkins@disney.com So, when you are writing back and including the inane response to a legitimate notify, you are also including all of those people who get to look at the stupidity of their abuse desk's response. They also get to see what other criticisms you have about the missing X-line for the IP That is a deficiency of a webmailer which should be fixed IMO. Now, see? Isn't that more fun than just looking at Received lines? -- Mike Easter kibitzer, not SC admin From rob at southernfrance.com Tue Jun 7 17:00:06 2005 From: rob at southernfrance.com (Rob) Date: Tue Jun 7 10:05:02 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Message-ID: Thanks for taking the time to reply. :) "Kadaitcha Man" a écrit dans le message de news: 78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org... > Steven Maesslein, , the heavy, low-necked > flap-dragon, and monastery door keeper, cooed: > >> On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left >> this in : > >>> I do not really know >>> how these news groups work. >> >> To start with, they have nothing to do with e-mail so I don't >> understand >> the comment about "mailing" to the wrong thread, especially as yo just >> started a new thread. > > You total fucking arse. I hope you turn blue and die of asphyxiation. > Slowly > and horribly. > From glnews030922 at highspot.net Tue Jun 7 16:20:33 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 10:20:03 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL In-Reply-To: References: Message-ID: Ant wrote: > I've been resolving some of these URLs separately. All my recent ones > are hosted by China Railway Telecoms (chinatietong). This provider > appears to be *the* major bullet proof host at present. Apparently > they've contacted Steve Linford of Spamhaus to discuss removing their > blocks, so they know they have a problem and they know what to do! http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 211.155.0.0/20 is listed on the Spamhaus Block List (SBL) ... Spamhaus is blocking all IP space belonging to China Railway Telecommunications Center (CRTC). This is because of very large world-wide spam problems caused by the managers of China Railway Telecommunications Center allowing American spammers to operate web sites hosted by CRTC selling illegal pornography, drugs and money scams. I thought he said they had contacted him a week or so ago. This escalation only took place on Sunday. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 08:20:33 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 10:25:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: Mike Easter wrote: > whois -h whois.arin.net 199.181.134.41 ... > OrgName: Disney Worldwide Services, Inc. > AbuseEmail: ms_support@help.go.com > NOCEmail: servicedesk@ticket.disneyonline.com > TechEmail: noc@dig.com > OrgTechEmail: michael.jenkins@disney.com > > So, when you are writing back and including the inane response to a > legitimate notify, you are also including all of those people who get > to look at the stupidity of their abuse desk's response. Another way to include some more people when you correspond with go about how to go about being an abuse desk receiving and responding to notifies is to use these: whois -h whois.radb.net 199.181.132.132 ... route: 199.181.132.0/24 descr: Walt Disney Internet Group origin: AS8137 notify: bob.lemons@dig.com whois -h whois.abuse.net dig.com ... dns-ops@dig.com postmaster@dig.com (for dig.com) SC's notify is abuse@go.com which is based on the abuse.net lookup of the abuse addy in arin AbuseEmail: ms_support@help.go.com whois -h whois.abuse.net help.go.com ... abuse@go.com (for go.com) But I think that when an abuse desk drops the ball and makes some kind of really stupid unresponsive response to a notify, that 'others' need to be included in the next communication which includes that reply. Sometimes others is the parent, sometimes it can even be an upstream. The idea is to 'hold their feet to the fire' ongoing communication with them which also includes those other people who they don't want to look stupid in front of. I get very irritated when someone who has a fulltime abuse desk job with benefits, paid vacations, healthcare, unemployment insurance, a parking place, and perhaps daycare for their children -- whose job's most important primary function^1 is to receive a spam notify and determine whether or not the item was sourced from their client -- responds to that notify stupidly. That also means that they received their notify from spamcop, which parser should be better than some amateur spam recipients notifying; and also the headers of the mail aren't 'complicated' -- how dumb is that? ^1 It is possible that there may not be a 'real' fulltime job at abuse@go.com -- they may have tossed the responsibilities of that job onto someone who has a myriad of other more important things to do. All the more reason to include those other people in the next communication. -- Mike Easter kibitzer, not SC admin From notmyrealaddress at nospam.com Tue Jun 7 11:22:23 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 10:25:11 2005 Subject: [SpamCop-List] Is American Express promoting SPAM?? Message-ID: When I received my AX bill the other day I noticed that they were pushing some kind of E-Mail Marketing thing..maybe I totally misunderstand this..but can someone take a look at this scan of part of my bill and tell me if they are encouraging SPAM..if so..I will be taking my business elsewhere http://www.kineticowater.com/images/AXSpam.jpg -- Thanks, Cherie From zypher at spamcop.net Tue Jun 7 10:40:58 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Jun 7 10:45:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? In-Reply-To: References: Message-ID: Cherie wrote: > When I received my AX bill the other day I noticed that they were pushing > some kind of E-Mail Marketing thing..maybe I totally misunderstand this..but > can someone take a look at this scan of part of my bill and tell me if they > are encouraging SPAM..if so..I will be taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg > The company _claims_ not to be spammers: http://open.constantcontact.com/anti_spam.jsp From glnews030922 at highspot.net Tue Jun 7 16:44:26 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 10:45:12 2005 Subject: [SpamCop-List] Re: Phony SC-Message? In-Reply-To: References: Message-ID: Robert Taylor wrote: http: //www dot spamcop dot > net/confirm dot php?email=roberttaylor at spamcop dot net jwhois 209.67.220.164 [Querying whois.arin.net] [whois.arin.net] Savvis SAVVIS (NET-209-67-0-0-1) 209.67.0.0 - 209.67.255.255 Layered Technologies, Inc. CW-209-67-208 (NET-209-67-208-0-1) 209.67.208.0 - 209.67.223.255 Looks like Layered has closed the server down. It doesn't respond on port 80. They possibly firewalled it and are dropping the packets. Attempts to reach it via various protocols and ports all seem to get no response after 216.39.69.226 on the Layered network. Hopefully this means that they isolated the machine for a forensic investigation rather than just nuking it. If it had just been closed down, I'd expect to get some form of meaningful ICMP response packets from connection attempts. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 08:44:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 10:45:17 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: Graeme Leith wrote: > Ant wrote: >> I've been resolving some of these URLs separately. All my recent ones >> are hosted by China Railway Telecoms (chinatietong). This provider >> appears to be *the* major bullet proof host at present. Apparently >> they've contacted Steve Linford of Spamhaus to discuss removing their >> blocks, so they know they have a problem and they know what to do! > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 > > > 211.155.0.0/20 is listed on the Spamhaus Block List (SBL) > Spamhaus is blocking all IP space belonging to China Railway > Telecommunications Center (CRTC). > I thought he said they had contacted him a week or so ago. This > escalation only took place on Sunday. There's a lot more at spamhaus than that /20, including a lot of 'corporate escalations' http://www.spamhaus.org/sbl/listings.lasso?isp=crc.net.cn Found 80 SBL listings for IPs under the responsibility of crc.net.cn Just picking the 'big ones' which aren't /32s, but things like /11s down to /24s SBL27701 211.155.0.0/20 crc.net.cn SBL27372 222.36.42.0/24 crc.net.cn SBL25864 61.232.205.0/24 crc.net.cn SBL25797 221.172.0.0/14 crc.net.cn SBL25609 222.32.0.0/11 crc.net.cn SBL25319 222.47.122.0/24 crc.net.cn SBL24912 222.47.183.0/24 crc.net.cn SBL21980 222.47.0.0/16 crc.net.cn SBL21747 222.51.91.0/24 crc.net.cn SBL21240 222.47.72.0/24 crc.net.cn SBL20492 222.51.208.0/24 crc.net.cn SBL20364 222.34.5.0/24 crc.net.cn SBL20363 61.237.252.0/22 crc.net.cn SBL20236 222.47.93.0/24 crc.net.cn SBL20047 222.51.98.0/24 crc.net.cn SBL19608 222.47.62.0/24 crc.net.cn SBL16401 222.55.10.0/24 crc.net.cn SBL15138 61.233.138.0/24 crc.net.cn SBL14685 61.236.229.0/24 crc.net.cn SBL12641 61.234.218.0/24 crc.net.cn SBL5309 61.232.0.0/14 crc.net.cn SBL5191 211.98.0.0/16 crc.net.cn SBL3845 61.236.0.0/15 crc.net.cn -- Mike Easter kibitzer, not SC admin From glnews030922 at highspot.net Tue Jun 7 17:05:45 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Tue Jun 7 11:05:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL In-Reply-To: References: Message-ID: Mike Easter wrote: > Graeme Leith wrote: > >>Ant wrote: >> >>>I've been resolving some of these URLs separately. All my recent ones >>>are hosted by China Railway Telecoms (chinatietong). This provider >>>appears to be *the* major bullet proof host at present. Apparently >>>they've contacted Steve Linford of Spamhaus to discuss removing their >>>blocks, so they know they have a problem and they know what to do! >> >>http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27701 >> >> >>211.155.0.0/20 is listed on the Spamhaus Block List (SBL) > > >>Spamhaus is blocking all IP space belonging to China Railway >>Telecommunications Center (CRTC). > > >>I thought he said they had contacted him a week or so ago. This >>escalation only took place on Sunday. > > > There's a lot more at spamhaus than that /20, including a lot of > 'corporate escalations' > > http://www.spamhaus.org/sbl/listings.lasso?isp=crc.net.cn > Found 80 SBL listings for IPs under the responsibility of crc.net.cn Yeah, I picked that particular listing because it states that Spamhaus now considers the whole of AS9394 persona non grata. Corporate escalations are rare, but do happen. As far as I am aware, this is the 1st time they've listed an entire ISP that isn't owned by a ROKSO listed spammer. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From MikeE at ster.invalid Tue Jun 7 09:08:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 11:10:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Cherie wrote: > When I received my AX bill the other day I noticed that they were > pushing some kind of E-Mail Marketing thing.. Yes, they are promoting and 'in bed with' an email marketing entity. > maybe I totally > misunderstand this..but can someone take a look at this scan of part > of my bill and tell me if they are encouraging SPAM..if so..I will be > taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg Email marketing is a 'healthy' concept which has very unhealthy 'overtones'. Wanted email marketing is just fine. Spam email marketing is not just fine. Whenever there's a company in the business of marketing, you have to look upon them suspiciously. Marketers like to market. Whether or not constantcontact is a grayhat might depend on which side of them you are looking at. If you look at their antispam page you see one thing, if you look at some other marketing page, you see another thing. Here's a page about mailing list management http://open.constantcontact.com/features/email-list-management.jsp This par from a different page gives me a little bit of a positive feeling "Quick Start Service - Too busy to get started on your own? Let us help. For a small one-time fee our team will help you import your permission-based list, define interest categories and help you build your first email campaign." If their hat were a little darker, they would be offering a mailing list. The fact that constantcontact chose to advertiser their services by making a deal with amex to include promotion in their bills is a positive sign that they don't believe in spam. -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Tue Jun 7 09:22:32 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Jun 7 11:25:03 2005 Subject: [SpamCop-List] Re: Phony SC-Message? In-Reply-To: References: Message-ID: Ellen wrote: > "Robert Taylor" wrote in message > news:d832a8$j5n$1@news.spamcop.net... > >>Hello Group, >> >>This evening, this landed in my inbox: >> >>(quote) >> >> >>
Dear Valued Member,
>>
According to our site policy you will have to confirm your account by >>the following link or else your account will be suspended within 24 hours >>for security reasons > > > > Yes it is is a phish/forgery mail -- we do not have a webmaster > account/email address, we do not ask you to confirm your account for > security reasons. If someone would send me one of these with complete > headers and body source, pasted into an email to deputies > admin.spamcop.net I would appreciate it. If anyone gets one with a > functioning body url and can copy/paste the webpage that would also be > useful. Has anyone seen one with a functioning phish page? > > Legit mail will come from me, Don or Richard about your reporting account > and from Jeff about your filtered email account, if there is an issue with > your account. We never write in HTML. We just ask you to respond to us > with more information about a report or ask you to set-up mailhosts or to > explain your process in submitting spam or some such thing. We will never > ask for your password. If for some reason we wanted you to log into your > account, we would ask you to log in as usual to the system and do > blahblahblah. > > > > Thanks > > > Ellen > SpamCop > > P.S. -- folks, please lets not jump on people who receive one of these and > show up here concerned about what is going on. We have many many thousands > members who have never posted in the newsgroups, who have been members for > years and who are rightly alarmed by receiving this. Whilst it may seem > remarkable, there are lots of members who have never had parse problems and > who have never learned to, or needed to learn to, read headers. So let's > cut them a tiny little bit of slack. Of course if they do it a second time, > why then you can beat them up :-) > > As always, but never said said frequently enough, thanks to the regular and > irregular denizens of the groups and forums who offer help day in and day > out. Your knowledge and helpfulness keeps us afloat! > > Thanks Ellen http://209.67.220.164/ now redirects to http://12.120.124.56/ Notice to AT&T Internet Customers You have been directed to this AT&T Web page as a result of having clicked a link within an e-mail that you recently received which has been suspected of fraudulent activity. This e-mail message and its content is unauthorized by AT&T and should be disregarded. The e-mail likely appeared to have been sent by AT&T and requested that you either update your billing information or verify personal data associated with your current AT&T Internet account. You may have been asked to provide personal information such as: driver's license, mother's maiden name, or your credit card account information. AT&T has taken the necessary steps in order to block access to this suspected fraudulent Web site and has diverted you to this notification page to protect you against possible credit card fraud and/or identity theft. To facilitate our investigation into this incident, please forward the complete e-mail message you have received (with header information attached) to scam@abuse-att.net. To obtain important information pertinent to protecting yourself against identity theft, you may wish to visit the US Federal Trade Commission's Identity Theft Web site, which is located at http://www.consumer.gov/idtheft/. Thank you for your cooperation. From jr70 at blackhole.invalid Tue Jun 7 10:35:41 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Jun 7 12:40:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "eddie" wrote in message news:pan.2005.06.06.15.21.39.616000@eddie.web... > Since SC, we were told, considers a report to the wrong IP the worst > error, I now completely cancel any report which does not parse properly, > perhaps giving the spammers a break but eventually making SC look into > the bug, assuming more people take this action. I assume that if any part > of the parse has an error, the entire parse is worthless since I have been > offered no explanation for this problem. There is no error in the header analysis that SC completes, it's just a failure to complete the URL search in the body of the spam. I'd go ahead and submit the report, because the source analysis is still valid. -- John Richards From nobody at spamcop.net Tue Jun 7 13:41:36 2005 From: nobody at spamcop.net (Ellen) Date: Tue Jun 7 12:50:02 2005 Subject: [SpamCop-List] Re: Phony SC-Message? References: Message-ID: "Blammo" wrote in message news:Xns966E3EB739B76blammo@216.154.195.61... > On 07 Jun 2005 Ellen entered spamcop and left > news:d8432a$66b$1@news.spamcop.net: > > > ... who have never learned to, or needed to learn to, read headers. > > I just don't understand how you can be a spam reporter and not know a > little about reading headers. There are lots of people with nice clean boring headers stamped by their ISP or company mailserver who just report spam and while I am sure they are mildly cognizant about headers they have never scrutinized them in detail. While I am not going to state the number, I do know how many SC users report spam weekly -- let me just say that if even 1/10th of them showed up here or in the forums we would never be able to wade thru the posts :-) > > > So let's cut them a tiny little bit of slack. > > I don't know why, they should know what their server's (or spamcop's) > Received headers look like, at the very least. > I guess if one can use the Spamcop mail service and never send any reports > (none of their spam ever gets reported), then I can give them some slack. And yes there are also lots of filtered email users who actually never report spam. Ellen From MikeE at ster.invalid Tue Jun 7 11:02:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 13:05:02 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: John Richards wrote: > "eddie" >> Since SC, we were told, considers a report to the wrong IP the worst >> error, I now completely cancel any report which does not parse >> properly, perhaps giving the spammers a break but eventually making >> SC look into the bug, assuming more people take this action. I >> assume that if any part of the parse has an error, the entire parse >> is worthless since I have been offered no explanation for this >> problem. > > There is no error in the header analysis that SC completes, it's just > a failure to complete the URL search in the body of the spam. I'd go > ahead and submit the report, because the source analysis is still valid. eddie isn't trying to be 'logical' about this issue. He's having what a friend of mine calls a little 'tanty' -- a nick for childhood tantrums. He's upset because SC isn't offering to notify the spamvertiser providers and he's going to stamp his foot and pout and 'show' SC by refusing to confirm any source reports which include failed spamvertiser provider notifies. He refuses to hear anything about the fact that the vast majority of those notifies would have been harmful rather than good, and the best which could be hoped for almost all of them would be useless. It seems as if he thinks spamvertiser provider notifies are 'disciplinary' or something. He refuses to acknowledge that his foot stamping is counterproductive to antispam rather than constructive.in any way. At the very least/best nonproductive. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Jun 7 19:03:57 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:20:05 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d83ols$i3$1@news.spamcop.net... > Porpoise wrote: > >> Tracker: >> http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z > [snip] > > I've yet to see spamcop's parser be fooled by this. ALso looking at your > tracker, It doesn't look like spamcop's parser was fooled by this one > either. Well it does to me because it would have reported it: If reported today, reports would be sent to: Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) abuse@schlund.de So it was obviously fooled by that one. From porpoise1954 at yahoo.co.uk Tue Jun 7 19:07:13 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:20:15 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Blammo" wrote in message news:Xns966E17BA43BE7blammo@216.154.195.61... > On 07 Jun 2005 Porpoise entered spamcop and left > news:d83lb0$tsf$1@news.spamcop.net: > >> This is an interesting variation, injecting forged "X-AntiAbuse" >> headers and obfuscated links to your own domains in order to make it >> such that, if you were to report the spam, it makes the parser find >> your own domain as the spamvertised link - which it would then want to >> report. > > I don't get it, I don't see any obfuscated links, just the one in the > message body (other than discount-prices) that the parser picked up on. > I've seen the same thing with my domain in "Original Domain", spamcop > never > tried to report it, and so big deal, like they can't figure that out from > the headers? Or track it in their own database. I think you're being > paranoid, but whatever. > well it does think it was obfuscated: Resolving link obfuscation http://www.apnea.co.uk host www.apnea.co.uk (checking ip) = 212.227.127.219 host 212.227.127.219 = kundenserver.de (cached) and it would have reported it: If reported today, reports would be sent to: Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) abuse@schlund.de So, yes, it is a concern and, no, I consider I'm being paranoid when it *would* have reported it. From notmyrealaddress at nospam.com Tue Jun 7 14:19:19 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 13:20:20 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Don't they ALL though? :O) -- Thanks, Cherie "Ron B." wrote in message news:d84blq$b88$1@news.spamcop.net... > Cherie wrote: >> When I received my AX bill the other day I noticed that they were pushing >> some kind of E-Mail Marketing thing..maybe I totally misunderstand >> this..but >> can someone take a look at this scan of part of my bill and tell me if >> they >> are encouraging SPAM..if so..I will be taking my business elsewhere >> >> http://www.kineticowater.com/images/AXSpam.jpg >> > > > The company _claims_ not to be spammers: > > http://open.constantcontact.com/anti_spam.jsp From usenet2 at DE.LETE.THISljvideo.com Tue Jun 7 18:23:33 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Tue Jun 7 13:25:02 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Waiving the right to remain silent, "Cherie" said: > When I received my AX bill the other day I noticed that they > were pushing some kind of E-Mail Marketing thing..maybe I > totally misunderstand this..but can someone take a look at this > scan of part of my bill and tell me if they are encouraging > SPAM..if so..I will be taking my business elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg Not necessarily. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail The United States is the greatest country in the world..! Twenty-five million illegal aliens can't be wrong. From porpoise1954 at yahoo.co.uk Tue Jun 7 19:15:18 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 13:25:09 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: "Cherie" wrote in message news:d84aie$ab0$1@news.spamcop.net... > When I received my AX bill the other day I noticed that they were pushing > some kind of E-Mail Marketing thing..maybe I totally misunderstand > this..but can someone take a look at this scan of part of my bill and tell > me if they are encouraging SPAM..if so..I will be taking my business > elsewhere > > http://www.kineticowater.com/images/AXSpam.jpg > Hmmmm...... Looks like it...... From MikeE at ster.invalid Tue Jun 7 11:26:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 13:30:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: Porpoise wrote: > Tracker: www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z Reports regarding this spam have already been sent: Reportid: 1442154104 To: cancelled@devnull.spamcop.net You could've handled that differently, depending on what you 'think of' ev1. When I have SC parse that item, it offers to: Report Spam to: Re: 67.15.82.42 (Administrator of network where email originates) To: abuse@ev1.net (Notes) Re: 67.15.82.42 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://www.apnea.co.uk (Administrator of network hosting website referenced in spam) To: abuse@schlund.de (Notes) Re: http://www.discount-prices.biz (Administrator of network hosting website referenced in spam) To: abuse@ev1.net (Notes) Cyveillance is automatically unchecked for me; and you could also uncheck apnea, while leaving the notifies to ev1 for the source and spamvertiser intact. That contributes the source to the blocklist. If you don't want to give the copy of the spam to ev1, you 'have to' cancel the report. -- Mike Easter kibitzer, not SC admin From notmyrealaddress at nospam.com Tue Jun 7 14:40:32 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Tue Jun 7 13:45:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: "Mike Easter" wrote in message news:d84d96$cek$1@news.spamcop.net... > The fact that constantcontact chose to advertiser their services by > making a deal with amex to include promotion in their bills is a > positive sign that they don't believe in spam.> -- > Mike Easter > kibitzer, not SC admin When ya do a search for "constantcontact" spam..I pull up all kinds of stuff...like you say..it depends on which way ya look at it.... Thanks for you input C From spamcop at 1bigthink.com Tue Jun 7 14:54:27 2005 From: spamcop at 1bigthink.com (spamcop) Date: Tue Jun 7 13:54:38 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? In-Reply-To: References: Message-ID: <6.1.2.0.0.20050607135209.05f43c70@mx.1bigthink.com> At 01:15 PM 6/7/2005, you wrote: >"Cherie" wrote in message >news:d84aie$ab0$1@news.spamcop.net... > > When I received my AX bill the other day I noticed that they were pushing > > some kind of E-Mail Marketing thing..maybe I totally misunderstand > > this..but can someone take a look at this scan of part of my bill and tell > > me if they are encouraging SPAM..if so..I will be taking my business > > elsewhere > > > > http://www.kineticowater.com/images/AXSpam.jpg > > > > >Hmmmm...... Looks like it...... Yep, and most of the credit card companies do this too (partnering, junk mail packaging). If your credit card company sends you mail-order advertising along with their bill.. what's the difference? Of course this opt-in offer they've sent you could keep you on the hook forever. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From MikeE at ster.invalid Tue Jun 7 12:12:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 7 14:15:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: Cherie wrote: > When ya do a search for "constantcontact" spam..I pull up all kinds of > stuff...like you say..it depends on which way ya look at it.... Of significance that includes spews http://spews.org/html/S1641.html for roving/constantcontact -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Tue Jun 7 21:43:02 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Jun 7 15:55:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Mike Easter" wrote in message news:d84lbu$ht6$1@news.spamcop.net... > Porpoise wrote: >> Tracker: > www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z > > Reports regarding this spam have already been sent: > Reportid: 1442154104 To: cancelled@devnull.spamcop.net > > You could've handled that differently, depending on what you 'think of' > ev1. Well, I think ev1 are a load of............ but I preferred to cancel rather than report and risk damaging the innocent URL by it appearing in the report. > > When I have SC parse that item, it offers to: > > Report Spam to: > Re: 67.15.82.42 (Administrator of network where email originates) > To: abuse@ev1.net (Notes) > Re: 67.15.82.42 (Third party interested in email source) > To: Cyveillance spam collection (Notes) > Re: http://www.apnea.co.uk (Administrator of network hosting website > referenced in spam) > To: abuse@schlund.de (Notes) > Re: http://www.discount-prices.biz (Administrator of network hosting > website referenced in spam) > To: abuse@ev1.net (Notes) > > > > Cyveillance is automatically unchecked for me; and you could also > uncheck apnea, while leaving the notifies to ev1 for the source and > spamvertiser intact. I usually have them unchecked too > > That contributes the source to the blocklist. If you don't want to give > the copy of the spam to ev1, you 'have to' cancel the report. That was one reason for cancelling the report. :-( Cheers Mike From nobody at nowhere.not Tue Jun 7 23:00:38 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 18:05:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Tue, 7 Jun 2005 14:20:33 UTC, "Mike Easter" wrote: > > AbuseEmail: ms_support@help.go.com > > NOCEmail: servicedesk@ticket.disneyonline.com > > TechEmail: noc@dig.com > > OrgTechEmail: michael.jenkins@disney.com > notify: bob.lemons@dig.com > dns-ops@dig.com > abuse@go.com Thanks for all of those email addresses, they all got my response. -- Robert Blair From nobody at nowhere.not Tue Jun 7 23:41:59 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Jun 7 18:45:03 2005 Subject: [SpamCop-List] Re: is go.com really that clueless? References: Message-ID: On Tue, 7 Jun 2005 14:20:33 UTC, "Mike Easter" wrote: So far two messages have been returned as not deliverable. ********** > > NOCEmail: servicedesk@ticket.disneyonline.com The E-mail you sent has not resulted in the registration or update of a Service Call. - The following error(s) occurred: --------------------------------------------------- No Person found for your E-mail address: "Bob" --------------------------------------------------- ERROR: "No Person found for your E-mail address:" SOLUTION: Call 1-866-DIG-HELP and request that your Person record be registered with us (required one time only) ********** What a crock! I guess they do want to hear about it either. So maybe go.com is just following along like sheep, nobody wants to know. > notify: bob.lemons@dig.com ********** : host mail.disney.com[204.128.192.15] said: 550 No such address (in reply to RCPT TO command) ********** This did not surprise me. -- Robert Blair From nttp.sc.s at bigsleep.org Wed Jun 8 01:02:47 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Tue Jun 7 20:05:04 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: On 07 Jun 2005 Porpoise entered spamcop and left news:d84knj$h4h$2@news.spamcop.net: > > well it does think it was obfuscated: > > Resolving link obfuscation Yea, I thought about that after I posted, however: ob·fus·cate - To make so confused or opaque as to be difficult to perceive or understand. So it's just another generic Spamcop message, it wasn't obfuscated, but the process is referred to by Spamcop as a "de-obfuscation" process. > > and it would have reported it: > Only if you had left the box checked. If you are worried about the spammer getting a copy of the report and seeing an unmunged link, which they had put there in the first place, then I think you are being paranoid. But that's your right. However I think the spammer wins by making you paranoid and thereby taking away if bit of your freedom. -- | Ric | From nospam at fuck-off-and-die.com Wed Jun 8 07:27:45 2005 From: nospam at fuck-off-and-die.com (Kadaitcha Man) Date: Tue Jun 7 20:45:04 2005 Subject: [SpamCop-List] Re: SPEWS listing a virgin DNS References: <78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org> Message-ID: <7118fb499d2146f98168321da74755e3@you.rawboned-cursed-flatfoot.com> Rob, , the tree-hugging, flakey inbreed, and claimer of charity intended for the indigent, oozed: > Thanks for taking the time to reply. > :) You made it clear that you weren't sure of either the technology or the correct terms to use, yet, to those of us who have reasonable minds, your intent was quite clear. The blithering pillock took /you/ to task for /his/ brain-dead confusion. Apart from that, good on you for checking out how to avoid being labelled a spammer. However despite your best efforts, you may still end up getting BL'd. You only have to read some of the tripe churned out by the power-crazy, frothing loons who ask odd-ball questions in the spam groups. There was one guy in one the spam groups recently who proved beyond any doubt that, as the new owners of a range of IPs after a company takeover, they had booted all spammers, at great financial cost to themselves, and proved that their network had been squeaky clean for a full year. One moron stated any staff that had transitioned from the old company to the new owner's company, and I quote, "need to be re-indoctrinated." In a fucking Chinese bootcamp, no doubt. The implication being, "We will not lift the BL unless you prove you have re-indoctrinated your staff." As it was, the gibbering oaf had no authority whatsoever to create such an implication. As for the spam avoidance, the best advice you can get is this: 1. Use confirmed opt-in and keep the confirmations. Do not refer to it as "double opt-in". The phrase is frowned upon because it implies double work on behalf of someone when no additional work took place. 2. Create a strict ant-spam TOS and police it ruthlessly. 3. Keep records of any terminations of association you've enacted. They will come in handy if you ever do get BL'd. You should also be very careful about the privacy of your spammers. Some of the retards who have replied to you have advocated that you should "out" spammers on a website. You should check your local privacy laws before taking that piece of insane tripe as a worthy morsel of advice. If you were to do that in this great land where I live, you would no sooner be estimating the worth of your liquidated assets and looking forward to a long sojourn with Bubba at the pleasure of Her Majesty or the President of France, as the case may be. The legal status of unenforceable Terms of Service conditions not withstanding. Take the 'tards with a bag of salt and you'll be right, mate. > "Kadaitcha Man" a écrit dans le message > de news: > 78be001719b74efbbe8c65ef5045b888@you.armchair-smug-custard.org... >> Steven Maesslein, , the heavy, low-necked >> flap-dragon, and monastery door keeper, cooed: >> >>> On Mon, 6 Jun 2005 20:23:26 +0200, Rob coughed into spamcop and left >>> this in : >> >>>> I do not really know >>>> how these news groups work. >>> >>> To start with, they have nothing to do with e-mail so I don't >>> understand >>> the comment about "mailing" to the wrong thread, especially as yo >>> just started a new thread. >> >> You total fucking arse. I hope you turn blue and die of asphyxiation. >> Slowly and horribly. From scamper at trisk.com Tue Jun 7 20:00:01 2005 From: scamper at trisk.com (Garen Erdoisa) Date: Tue Jun 7 21:05:02 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers In-Reply-To: References: Message-ID: Porpoise wrote: > "Garen Erdoisa" wrote in message > news:d83ols$i3$1@news.spamcop.net... > >>Porpoise wrote: >> >> >>>Tracker: >>>http://www.spamcop.net/sc?id=z772117400z31026dee997b25b9f55e661b6a1ff6d8z >> >>[snip] > > >>I've yet to see spamcop's parser be fooled by this. ALso looking at your >>tracker, It doesn't look like spamcop's parser was fooled by this one >>either. > > > > Well it does to me because it would have reported it: > > > If reported today, reports would be sent to: > Re: http://www.apnea.co.uk (Administrator of network hosting website > referenced in spam) > > abuse@schlund.de > > > > > > So it was obviously fooled by that one. > > The above link "http://www.apnea.co.uk" was in the body of the message, I didn't see it anywhere in the header. I didn't look at the message body before since your original post were referring to the message headers. :/ quote - from the message body - Title: APNEA - URL: http://www.apnea.co.uk unquote So, I still don't see spamcop being fooled by the X-AntiAbuse: headers. I'm pretty sure spamcop's parser ignores them since I've submitted hundreds of spam reports with those kinds of headers and I'd have seen and reported a problem by now if there were one. The parser in this case found the link in the message body as it should have, and flagged the admin of that site to recieve one of the spam reports since that web site was referenced in the spam message body. I think that the admin of that site or network can then go in and flag the site as an innocent bystander once they have the report in hand. Or as others have suggested in this thread, leave it unchecked for receiving a report. If it were me reporting it, I'd go ahead and send the report but either munge the web site to prevent the parser from flagging it, or add in a comment specific to that administrator that you think that that particular web site refrenced in the spam is an innocent bystander. Also, if I were concerned that it may be added to the SURBL, I would notifiy the spamcop deputies about the issue along with references to the spam report. My 2 cents. Garen From nobody at devnull.spamcop.net Tue Jun 7 21:32:54 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Jun 7 21:35:02 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d85ful$1f1$1@news.spamcop.net... > > So, I still don't see spamcop being fooled by the X-AntiAbuse: headers. > I'm pretty sure spamcop's parser ignores them since I've submitted > hundreds of spam reports with those kinds of headers and I'd have seen > and reported a problem by now if there were one. As X-Lines: can be added anywhere, by anyone, for any reason, the passer pays them no mind. From not at home.today Wed Jun 8 04:22:01 2005 From: not at home.today (Ant) Date: Tue Jun 7 22:25:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Steven Maesslein" wrote: > On Tue, 7 Jun 2005 02:01:23 +0100, Ant coughed into spamcop and left > this in : >> my experience is based on an old version of Red Hat > > How old? If more than, say, 2 years (which is about when RH9 was > released) then you'll hardly recognize it now. Yes, it was RH9 on a Dell PII or PIII. Very clunky file manager (can't remember which one), and some of the configuration options didn't work properly. I only used it for a specialised compiler we had, and the odd game. Even some of the pre-installed games had files missing or wouldn't run. >> and various flavours of Solaris (I have an old Sun SPARCstation 20 >> which I play with occasionally). > > I suspect the GUI on that machine is a little outdated :) Solaris 8 (I think the latest is 10). The SS20 is really too slow to run the newer CDE, which I don't much like anyway, so I prefer to use the older OpemWindows. > If you want to play around with a distro before installing it then take > a look at this: > > http://www.knopper.net/knoppix/index-en.html I'm aware of the bootable CD versions of Linux, so I may try them at some point. The problem is inertia. I have so much knowledge invested in MS OS's and software that I'm reluctant to start over with 'nix. I know only the minimum to get by with that; whereas nothing in MS-DOS 3 through to NT 5 is much of a problem for me. From not at home.today Wed Jun 8 04:24:06 2005 From: not at home.today (Ant) Date: Tue Jun 7 22:25:14 2005 Subject: [SpamCop-List] Re: over 50% spam skips over URL References: Message-ID: "Graeme Leith" wrote: [CRTC block] > I thought he said they had contacted him a week or so ago. Middle of April according to a reply to him I can see in NANAE. > This escalation only took place on Sunday. Obviously they don't want to play, or they don't understand! From eddie at eddie.web Wed Jun 8 01:37:24 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 8 00:40:03 2005 Subject: [SpamCop-List] China Orders All Web Sites to Register Message-ID: You mean they don't have to now??? SHANGHAI, China - Authorities have ordered all China-based Web sites and blogs to register or be closed down, in the latest effort by the communist government to police the world of cyberspace. http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_hi_te/china_policing_the_net_2 -- Once movie theaters gave out steak knives Today they confiscate them From billk at no.spam Tue Jun 7 23:44:32 2005 From: billk at no.spam (Bill K.) Date: Wed Jun 8 01:45:02 2005 Subject: [SpamCop-List] Paypal Phish Message-ID: See news://news.spamcop.net/d8606d$9ma$1@news.spamcop.net Tricky one this one is. The link contained in it actually appears as an actual paypal link in the body of the message, but the address that turns up on the browser is completely different, as seen in this bit of HTML code: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Bill K. From nttp.sc.s at bigsleep.org Wed Jun 8 07:18:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 02:20:03 2005 Subject: [SpamCop-List] Re: Paypal Phish References: Message-ID: On 07 Jun 2005 Bill K. entered spamcop and left news:d860j9$9v2$1@news.spamcop.net: > Tricky one this one is. The link contained in it actually appears as an > actual paypal link in the body of the message, but the address that > turns up on the browser is completely different, as seen in this bit of > HTML code: > Yes, that's very common. It's also very common for a bit of Javascript code to change the text in the status bar, so you can't even rely on that to show the the real URL. With eMail, if you have Javascript disabled there, and the link locations show in the status bar, then it should show the real URL. With the browser though, you're not likely to have Javascript off. So to be safe, copy the URL by using the context menu (right-click - copy link location/shortcut), paste it into the location box of the browser. Before you hit Enter you can check the real URL text. -- | Ric | From bar_n0ne at hotmail.com Wed Jun 8 12:21:26 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Jun 8 03:25:06 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: "eddie" wrote in message news:pan.2005.06.08.04.37.22.664000@eddie.web... > You mean they don't have to now??? > > SHANGHAI, China - Authorities have ordered all China-based Web sites and > blogs to register or be closed down, in the latest effort by the communist > government to police the world of cyberspace. > > http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_hi_te/china_policing_the_net_2 > > -- > Once movie theaters gave out steak knives > Today they confiscate them They must be exempting Pill, porno and webcam sites at CRC and CNC, or making sure they null route within China. AFAIC China is basically a very large criminal enterprise with 1 billion employees. From nobody at nowhere.invalid Wed Jun 8 12:14:16 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Jun 8 05:15:27 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: [ Followup set to spamcop.geeks ] On Wed, 8 Jun 2005 03:22:01 +0100, Ant coughed into spamcop and left this in : >> How old? If more than, say, 2 years (which is about when RH9 was >> released) then you'll hardly recognize it now. > > Yes, it was RH9 on a Dell PII or PIII. Very clunky file manager (can't > remember which one), and some of the configuration options didn't work > properly. IIRC the default desktop manager that installs with RH is GNOME. Personally, I don't like it and prefer KDE. KDE-3.4.0 is quite usable, I built it from source and installed it here a couple of days after it was released. Both KDE and GNOME can be used with RH, or rather with Fedore Core as the Free version of Red Hat is now called. http://fedora.redhat.com/ > I only used it for a specialised compiler we had, and the odd game. > Even some of the pre-installed games had files missing or wouldn't > run. That, unfortunately, is typical of RH. RH is about the worst distro as far as respecting the Linux File Hierarchy is concerned. There are always incidents of RH putting files in directories other than where applications not built specifically for RH would expect to find them. That's the main reason why I switched away from RH about 4 years ago and went for Slackware instead. > I'm aware of the bootable CD versions of Linux, so I may try them at > some point. The problem is inertia. I have so much knowledge invested > in MS OS's and software that I'm reluctant to start over with 'nix. I > know only the minimum to get by with that; whereas nothing in MS-DOS 3 > through to NT 5 is much of a problem for me. I used to be like that. I used to earn my living writing, among other things, software for DOS/Windows. I still shudder at the amount of time and money I poured into the O/S itself to start with, then compilers, debuggers, keeping up to date... I did that from about 1989 until 1999, 10 years of my life that I regret bitterly and consider, not to put too fine a point on it, wasted. Nowadays I have forgotten most of the techniques involved in coding for M$ operating systems and won't touch those pieces of crap with a barge pole. There's plenty of work to do "behind the scenes" where unixy systems are predominant - working for end users is the perfect illustration of the 80/20 principle, 80% of the problems for 20% of the income, and I'm just not prepared to do that any more. I'll settle for a 20% loss of income if it means removing the bulk of the problems (which are often chronic cases of PEBKAC anyway). Sometimes people call me asking how to do this that or the other on their machines, and I can *truthfully* say that I don't know how to do it on a Windows system. I have never used Windows-XP more than a few minutes at a time on clients' machines, and it just drives me round the bend. You even have to hunt down the console - not that you can do anywhere near as much with it as with a unix console anyway... Having used various unix systems (mostly Linux but also various BSD's) for the past 5 years or so, it's Windows that I find prevents me from doing what I want to do, that I find "clunky", especially the file management. There are so many operations on files that are dead easy to do on the command line in any unix system but that can only be done using the file manager in Windows unless you download specialized software. That's just my own personal opinion, though. But now that I've spent long enough using both systems, I know for sure that I'd never consider going back to Windows. And I haven't even mentioned the system security nightmare until right now... -- Steve In most countries selling harmful things like drugs is punishable. Then how come people can sell Microsoft software and go unpunished? -- Hasse Skrifvars From wb8tyw at qsl.network Wed Jun 8 09:06:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Jun 8 08:10:02 2005 Subject: [SpamCop-List] Re: Road Runner viruses In-Reply-To: References: <42A061AF.90DA7289@spamcop.net> Message-ID: Ellen wrote: > "John E. Malmberg" wrote in message > news:d7r1j3$5ks$1@news.spamcop.net... >> >>I was getting over 20 bounces/second from each of two of their mail >>servers during the last sober outbreak because of an infected system >>that appeared to be on the other side of the world. >> > In almost every case where I have spoken with an abuse person > at an ISP of > any size, the abuse person understands with crystal clarity the "bounce to > forged from address" issue. Unfortunately fixing the problem is a whole lot > harder than understanding it and involves getting all the various groups on > board including the network architects, ... The problem seemed to get worse just before spamcop.net made these bounces reportable. And it seems that it may be related to an article written by some "genius" in something that is widely read by non-technical e-mail and network managers. I have not found the orgininal article but have seen a few postings from independent sources that claim to be quoting it. What that writer is quoted as stating is that in the interest of security, mail servers should no longer ever use SMTP rejects as spammers are using them to figure out what E-mail addresses are valid. Instead all mail/spam/viruses should be accepted and then the undeliverable messages bounced to their alleged senders. Of course the genius and his loyal fans have overlooked is that the only thing that has accomplished for the spammers that were doing the harvesting now think all e-mail addresses for a domain doing it are valid, so this does not reduce the amount of spam targetted at that domain's users at all. A few mail server operators that bounce instead of reject seem to be using this anti-harvesting argument as their main excuse of not switching to SMTP rejects, or their recent change to switch to abusive bouncing. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Wed Jun 8 10:30:42 2005 From: nobody at spamcop.net (Ellen) Date: Wed Jun 8 09:50:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: "John E. Malmberg" wrote in message news:d86n0t$naa$1@news.spamcop.net... > > What that writer is quoted as stating is that in the interest of > security, mail servers should no longer ever use SMTP rejects as > spammers are using them to figure out what E-mail addresses are valid. I think that was the "accepted knowledge" a couple of years ago before the whole thing got totally out of hand with the advent of the spammer to virus writer merger and means little or nothing nowadays. > > A few mail server operators that bounce instead of reject seem to be > using this anti-harvesting argument as their main excuse of not > switching to SMTP rejects, or their recent change to switch to abusive > bouncing. What I hear mostly as the reason is that people have now got firewalls and AV and anti-spam servers and other appliances and hardware stacked in front of the mailservers and that the internet facing and intermediary servers just don't have access to the valid email address list so they are accepting everything. It is not trivial in most of these configurations to SMTP reject. However many admins are actually trying to severely minimize the number of these that they send or at least justify the hardware and software and network engineering $$ needed to do that. But yes there are some companies that are adamant that they are not going to do anything about it and because the RFCs say they are supposed to send bounces then they are going to send bounces :-( Ellen SpamCop > > -John > wb8tyw@qsl.network > Personal Opinion Only From porpoise1954 at yahoo.co.uk Wed Jun 8 16:20:01 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:30:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Blammo" wrote in message news:Xns966EAD7AAA699blammo@216.154.195.61... > On 07 Jun 2005 Porpoise entered spamcop and left > news:d84knj$h4h$2@news.spamcop.net: > > > Only if you had left the box checked. > If you are worried about the spammer getting a copy of the report and > seeing an unmunged link, which they had put there in the first place, then > I think you are being paranoid. But that's your right. However I think the > spammer wins by making you paranoid and thereby taking away if bit of your > freedom. > Actually, thinking about it............... other people will have received the same spam and will have reported it "as-is", so you're probably right - I was being a bit paranoid. :-() From porpoise1954 at yahoo.co.uk Wed Jun 8 16:23:25 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:35:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Garen Erdoisa" wrote in message news:d85ful$1f1$1@news.spamcop.net... > > If it were me reporting it, I'd go ahead and send the report but either > munge the web site to prevent the parser from flagging it, or add in a > comment specific to that administrator that you think that that particular > web site refrenced in the spam is an innocent bystander. > Also, if I were concerned that it may be added to the SURBL, I would > notifiy the spamcop deputies about the issue along with references to the > spam report. > Thanks for your input. Too late to report that one now but if (splorf! - I mean when) I get another one, I'll go ahead and report it. From porpoise1954 at yahoo.co.uk Wed Jun 8 16:24:40 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 10:35:11 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "WazoO" wrote in message news:d85hs6$2k7$1@news.spamcop.net... > "Garen Erdoisa" wrote in message > news:d85ful$1f1$1@news.spamcop.net... > As X-Lines: can be added anywhere, by anyone, for any reason, > the passer pays them no mind. That's all very well but what does the *parser* do with them? ;-) From nttp.sc.s at bigsleep.org Wed Jun 8 16:14:17 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 11:15:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 04 Jun 2005 Ellen entered spamcop and left news:d7sic9$th0$1@news.spamcop.net: >>I don't have >> much patience going back and forth with some support guy that probably >> doesn't even understand the problem, even when I give detailed > instructions >> on how to fix the problem. >> >> With some, I get no reply at all, which leads me to believe I'm simply >> ignored. > > It's easier when they write to you first :-) > I sent a report to RR (not even thinking about this thread), the report contained over 800 lines from my log showing successive hits from the same IP over the course of two days. I just got a reply back saying I didn't send enough info, they didn't say specifically what, but the only thing missing is my server IP. Very annoyed I replied: "If you are too stupid to figure it out without my IP address, which is in this eMail header, then I'll just block your entire network. I don't have the time to hold your hand and walk you through the process." I just can't deal with it. -- | Ric | From nttp.sc.s at bigsleep.org Wed Jun 8 16:23:16 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 11:25:03 2005 Subject: [SpamCop-List] Re: Road Runner viruses References: <42A061AF.90DA7289@spamcop.net> Message-ID: On 08 Jun 2005 John E. Malmberg entered spamcop and left news:d86n0t$naa$1@news.spamcop.net: > What that writer is quoted as stating is that in the interest of > security, mail servers should no longer ever use SMTP rejects as > spammers are using them to figure out what E-mail addresses are valid. > That's idiotic, by bouncing you are at least doubling your server load, then forced to do virus/spam filtering for your users, which probably quadruples your server load. They may as well do nothing at all, dump more money into memory and bandwidth and let users worry about their own virus/spam problem. -- | Ric | From nttp.sc.s at bigsleep.org Wed Jun 8 16:30:54 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 11:35:02 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: On 08 Jun 2005 Porpoise entered spamcop and left news:d86var$rif$1@news.spamcop.net: > Actually, thinking about it............... other people will have > received the same spam and will have reported it "as-is", so you're > probably right - I was being a bit paranoid. :-() > > It probably won't have the same domain in it, I mean it won't have your domain, it will have their's. I only report domains that look like spam domains, same or familiar provider as the rest, a "spammy" name. If I am in doubt I uncheck the box. If I don't know the domain I never really know for sure without spending more time than I have. It helps to come here and read what other's post, like the cattyshaq post. -- | Ric | From eddie at eddie.web Wed Jun 8 12:33:15 2005 From: eddie at eddie.web (eddie) Date: Wed Jun 8 11:35:11 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: On Wed, 08 Jun 2005 11:21:26 +0400, Berny scratched out the following: > > "eddie" wrote in message > news:pan.2005.06.08.04.37.22.664000@eddie.web... >> You mean they don't have to now??? snip > > They must be exempting Pill, porno and webcam sites at CRC and CNC, or > making sure they null route within China. > > AFAIC China is basically a very large criminal enterprise with 1 billion > employees. They may be exempting all profit-making websites :) Besides, ordering or saying is very different from doing. The rule is to observe what people do and not what they say. Good intentions are just that - and I believe that the road to hell is paved with them. -- Once movie theaters gave out steak knives Today they confiscate them From borgholio at storymind.com Wed Jun 8 10:44:49 2005 From: borgholio at storymind.com (Borgholio) Date: Wed Jun 8 12:45:02 2005 Subject: [SpamCop-List] What to say to this? Message-ID: Here's a response I got after sending a Spamcop report on a "fake" bounce message: Hello SpamCop user, Please, look carefully for letters to report. What am I supposed to say to this? From porpoise1954 at yahoo.co.uk Wed Jun 8 18:01:59 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 13:05:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Blammo" wrote in message news:Xns966F56B14E665blammo@216.154.195.61... > On 08 Jun 2005 Porpoise entered spamcop and left > news:d86var$rif$1@news.spamcop.net: > >> Actually, thinking about it............... other people will have >> received the same spam and will have reported it "as-is", so you're >> probably right - I was being a bit paranoid. :-() >> >> > > It probably won't have the same domain in it, I mean it won't have your > domain, it will have their's. Hmm... That's a thought... > I only report domains that look like spam domains, same or familiar > provider as the rest, a "spammy" name. If I am in doubt I uncheck the box. > If I don't know the domain I never really know for sure without spending > more time than I have. It helps to come here and read what other's post, > like the cattyshaq post. > I must admit, I do read some spam (sorry Mike, I know you don't subscribe to that) in order to determine whether or not it *is* actually spam. If they seem to be correctly targeted commercial email (as in - related to our business) then I won't report them as spam. If, however, they are the usual Ciali* Pr0n Wiagr4 etc. rubbish, or seem to be totally indiscriminate / random / harvested address type spam then they definitely get reported. The point being, I have to give them the once-over to make sure that we don't report what would be legitimate offers/requests from manufacturers / suppliers / retailers, etc. From porpoise1954 at yahoo.co.uk Wed Jun 8 18:03:34 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 13:05:14 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: "Borgholio" wrote in message news:d8779q$k5$1@news.spamcop.net... > Here's a response I got after sending a Spamcop report on a "fake" bounce > message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? Bollocks? ;-) From nobody at devnull.spamcop.net Wed Jun 8 13:05:48 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Jun 8 13:10:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "Porpoise" wrote in message news:d86vjj$ro8$1@news.spamcop.net... > > "WazoO" wrote in message > news:d85hs6$2k7$1@news.spamcop.net... > > > As X-Lines: can be added anywhere, by anyone, for any reason, > > the passer pays them no mind. > > That's all very well but what does the *parser* do with them? ;-) Dang, I don't know Man, that sure seemed glaring enough this morning when I read it .. but as JT has the cancel thing killed ... From borgholio at storymind.com Wed Jun 8 11:09:53 2005 From: borgholio at storymind.com (Borgholio) Date: Wed Jun 8 13:10:12 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Porpoise wrote: > "Borgholio" wrote in message > news:d8779q$k5$1@news.spamcop.net... > >>Here's a response I got after sending a Spamcop report on a "fake" bounce >>message: >> >> >> >>Hello SpamCop user, >> >>Please, look carefully for letters to report. >> >> >> >>What am I supposed to say to this? > > > Bollocks? ;-) > > Ordinarily, yes. :) But he's either stupid, clueless, or well-meaning yet needing education. From porpoise1954 at yahoo.co.uk Wed Jun 8 18:15:22 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 13:15:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: "WazoO" wrote in message news:d878hc$1ps$1@news.spamcop.net... > "Porpoise" wrote in message > news:d86vjj$ro8$1@news.spamcop.net... >> >> "WazoO" wrote in message >> news:d85hs6$2k7$1@news.spamcop.net... >> >> > As X-Lines: can be added anywhere, by anyone, for any reason, >> > the passer pays them no mind. >> >> That's all very well but what does the *parser* do with them? ;-) > > Dang, I don't know > > Man, that sure seemed glaring enough this morning when I > read it .. but as JT has the cancel thing killed ... > Got the T-shirt, seen the video.............. From porpoise1954 at yahoo.co.uk Wed Jun 8 18:17:32 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 13:20:03 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: "Borgholio" wrote in message news:d878oq$1uu$1@news.spamcop.net... > Porpoise wrote: >> "Borgholio" wrote in message >> news:d8779q$k5$1@news.spamcop.net... >> >>>Here's a response I got after sending a Spamcop report on a "fake" bounce >>>message: >>> >>> >>> >>>Hello SpamCop user, >>> >>>Please, look carefully for letters to report. >>> >>> >>> >>>What am I supposed to say to this? >> >> >> Bollocks? ;-) > > Ordinarily, yes. :) But he's either stupid, clueless, or well-meaning > yet needing education. Perhaps just wait until he's on several blocklists, then send him all that data and say "See! Told you so!" ;-) From zypher at spamcop.net Wed Jun 8 13:16:55 2005 From: zypher at spamcop.net (Ron B.) Date: Wed Jun 8 13:20:11 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Borgholio wrote: > Here's a response I got after sending a Spamcop report on a "fake" > bounce message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? Say, "I don't have to look, they come to me." From porpoise1954 at yahoo.co.uk Wed Jun 8 18:23:43 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 13:25:02 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: "Ron B." wrote in message news:d87967$28l$1@news.spamcop.net... > Borgholio wrote: >> Here's a response I got after sending a Spamcop report on a "fake" >> bounce message: >> >> >> >> Hello SpamCop user, >> >> Please, look carefully for letters to report. >> >> >> >> What am I supposed to say to this? > > > Say, "I don't have to look, they come to me." LOL! From glnews030922 at highspot.net Wed Jun 8 20:02:28 2005 From: glnews030922 at highspot.net (Graeme Leith) Date: Wed Jun 8 14:05:03 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Borgholio wrote: > Here's a response I got after sending a Spamcop report on a "fake" > bounce message: > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > What am I supposed to say to this? Hello SysAdmin luser, Please, look carefully for servers you support. -- Evidence shows Cyveillance abuse internet resources. I recommend unchecking their box in SpamCop reports. Cyveillance are part of the problem. They are not part of the solution. From borgholio at storymind.com Wed Jun 8 12:09:39 2005 From: borgholio at storymind.com (Borgholio) Date: Wed Jun 8 14:10:03 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Graeme Leith wrote: > Borgholio wrote: > >>Here's a response I got after sending a Spamcop report on a "fake" >>bounce message: >> >> >>Hello SpamCop user, >> >>Please, look carefully for letters to report. >> >>What am I supposed to say to this? > > > Hello SysAdmin luser, > > Please, look carefully for servers you support. > Seriously? That sounds pretty good... :) From nobody at spamcop.net Wed Jun 8 15:32:15 2005 From: nobody at spamcop.net (N. Miller) Date: Wed Jun 8 17:35:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: Message-ID: <1avz4yn76ey32$.dlg@news.spamcop.net> On Wed, 8 Jun 2005 17:01:59 +0100, Porpoise wrote: > I must admit, I do read some spam (sorry Mike, I know you don't subscribe to > that) in order to determine whether or not it *is* actually spam. I think Mike refers to your effort to determine if it is spam as "spam inspection". I generally don't have to inspect my spam, because, as a home user, I don't have to deal with "chameleon" commercial messages. I can see how a business user could be seeing imitative Subject lines that warrant a closer inspection. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From porpoise1954 at yahoo.co.uk Wed Jun 8 23:09:42 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Jun 8 18:10:03 2005 Subject: [SpamCop-List] Re: spam injecting forged anti-spam headers References: <1avz4yn76ey32$.dlg@news.spamcop.net> Message-ID: "N. Miller" wrote in message news:1avz4yn76ey32$.dlg@news.spamcop.net... > On Wed, 8 Jun 2005 17:01:59 +0100, Porpoise wrote: > >> I must admit, I do read some spam (sorry Mike, I know you don't subscribe >> to >> that) in order to determine whether or not it *is* actually spam. > > I think Mike refers to your effort to determine if it is spam as "spam > inspection". I generally don't have to inspect my spam, because, as a home > user, I don't have to deal with "chameleon" commercial messages. I can see > how a business user could be seeing imitative Subject lines that warrant a > closer inspection. > Well, some of them are obviously spam but some are legitimate business to business enquiries, so we have to be careful of false-positives. From nttp.sc.s at bigsleep.org Thu Jun 9 04:20:51 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 8 23:25:04 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: On 08 Jun 2005 Borgholio entered spamcop and left news:d8779q$k5$1@news.spamcop.net: > Here's a response I got after sending a Spamcop report on a "fake" > bounce message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? Unlike the others, I don't find any humor in this since you don't give us enough detail to make any kind of judgement. I won't bother making any assumptions. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 06:19:12 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 01:20:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Steven Maesslein wrote in news:slrndaappk.2re.nobody@127.0.0.1: > > .kr is probably the country with the highest penetration of high-speed > connections to the house. Given that they all use bootleg copies of > Windows in Asia and that they're therefore scared to grab updates from > windowsupdate.microsoft.com, .kr has a huge concentration of trojanned > machines connected to the 'Net. > Hmm, this gave me a bit of thought. Now since China has a problem with this too, I wonder if they have a vested interest in trojaned machines. Having everyone's PC in China hijacked, they could put in all sorts of interesting spyware and keyloggers. That way they could see if anyone is going to any "subversive" sites that isn't on their "blocklist". Who cares if their own people end up losing everything to phishers, as long as Beijing can keep "control" its worth the risk. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 06:20:59 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 01:25:03 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: Borgholio wrote in news:d8779q$k5$1@news.spamcop.net: > Here's a response I got after sending a Spamcop report on a "fake" > bounce message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? "All your base belong to us." :-) From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 06:25:38 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 01:30:03 2005 Subject: [SpamCop-List] Someone should slap telecore.ru Message-ID: So I sent them a manual lart from my Yahoo account to report one of their longtime holed up scumbags whose money they so love.. and I get this back: : 213.135.64.7 does not like recipient. Remote host said: 554 5.7.1 Rejected 206.190.37.54 found in dnsbl.sorbs.net Giving up on 213.135.64.7. SORBS? They are using SORBS when they know very well that they have known troublemakers on their network and do nothing about it. http://spews.org/html/S3054.html http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27216 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27217 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL20296 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10484 There is NO ISP on this planet that can feign "I didn't know" about the spam problem. None. Any that do ought to be firewalled off permanently. Stupid telecore freaks. From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 06:28:12 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 01:30:11 2005 Subject: [SpamCop-List] Truth in spammers spam. Message-ID: While rifling through the spam in order to conduct my LART offensive I find these little tidbits of truth within them. "" They got that right. Nothing they sell is ever legit. "http://deceptive.org.blustery.ru.circumflex. .com/gb/rm.php" First word "deceptive", quite the warning, eh? From nobody at nowhere.not Thu Jun 9 06:32:48 2005 From: nobody at nowhere.not (Robert Blair) Date: Thu Jun 9 01:35:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On Fri, 3 Jun 2005 03:49:33 UTC, Redstone wrote: > I know that it can be difficult for those from other countries to write > english.. but the last sentence threw me for a loop. :-) I think the response I got is funnier but it just shows how incompetent they are. IP in question 211.55.192.86 Dear Whom It MAy Concern.. Hello This is Kornet Abuse Team of KT in Seoul. We recieved your Spam report mail. But we couldn't find who the client is, because the client using the IP is under the service that cannot find in our system.. (ex. Ntopia, which is share a static IP with others.. Like for Apartment.. therefore we cannot find..) Sorry about that.. -- Robert Blair From nobody at spamcop.net Wed Jun 8 23:33:28 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Thu Jun 9 01:35:14 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: On Wed, 08 Jun 2005 12:33:15 -0400, eddie wrote: > On Wed, 08 Jun 2005 11:21:26 +0400, Berny scratched out the following: >> "eddie" wrote in message >> news:pan.2005.06.08.04.37.22.664000@eddie.web... >>> You mean they don't have to now??? > snip >> >> They must be exempting Pill, porno and webcam sites at CRC and CNC, or >> making sure they null route within China. >> >> AFAIC China is basically a very large criminal enterprise with 1 billion >> employees. > > They may be exempting all profit-making websites :) Besides, ordering or > saying is very different from doing. The rule is to observe what people do > and not what they say. Good intentions are just that - and I believe that > the road to hell is paved with them. Even though much (most) spam comes from infected or intentional hosts in the East, most of the actual spammers are based in the US. So, perhaps China is criminal, but their corrupted hosts are just doing what people here ask of them. Anyway, it doesn't matter if people are registered or not. Saying everyone should register is not an indication they are paying any attention to spam. Indeed, as the article mentions, '"The Internet has profited many people but it also has brought many problems, such as sex, violence and feudal superstitions and other harmful information that has seriously poisoned people's spirits" ... at least 54 people have been jailed for posting essays or other content deemed subversive online.' I don't see any mention of spam. - Lazlo From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 06:51:21 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 01:55:02 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: Lazlo Toth wrote in news:pan.2005.06.09.05.33.27.675212@spamcop.net: > [snip] > > I don't see any mention of spam. > > - Lazlo > I'm willing to bet that the spammers and their Chinese hosts are paying for the government to look the other way. They try really hard to squeeze their people, but have no qualms letting foriegn criminals to run amok on their networks. Talk about subversive.. Beijing is way subversive. From nobody at devnull.spamcop.net Thu Jun 9 15:52:03 2005 From: nobody at devnull.spamcop.net (Patto) Date: Thu Jun 9 01:55:11 2005 Subject: [SpamCop-List] bad_tracking@devnull.spamcop.net ? Message-ID: http://www.spamcop.net/sc?id=z772997457z0d5e67f7f7c0dd8729160fd9bf3c41e8z What is 'bad_tracking@devnull.spamcop.net' ? From redford_stone at INVERSE_OF_COLDmail.com Thu Jun 9 07:02:05 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 02:05:03 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: "Cherie" wrote in news:d84ku5$hap$1 @news.spamcop.net: > Don't they ALL though? :O) > http://groups-beta.google.com/groups?q=%22constant+contact%22 +spam&hl=en&lr=&sa=N&tab=wg http://tinyurl.com/byq7n Makes one wonder sometimes. From nospam at dev.null Thu Jun 9 13:20:47 2005 From: nospam at dev.null (Anty Spam) Date: Thu Jun 9 06:25:10 2005 Subject: [SpamCop-List] Re: Someone should slap telecore.ru References: Message-ID: "Redstone" wrote in message news:Xns966FE42A79F8Etinlc@216.154.195.61... > So I sent them a manual lart from my Yahoo account to report one of > their longtime holed up scumbags whose money they so love.. and I get > this back: .. SNIP > > There is NO ISP on this planet that can feign "I didn't know" about the > spam problem. None. Any that do ought to be firewalled off permanently. > > Stupid telecore freaks. > Remove their LAN points by reclaiming Cu and fibre more likely. Header Cu is fetching good prices there! :-) From nospam at dev.null Thu Jun 9 13:33:10 2005 From: nospam at dev.null (Anty Spam) Date: Thu Jun 9 06:35:02 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register References: Message-ID: "eddie" wrote in message news:pan.2005.06.08.04.37.22.664000@eddie.web... > You mean they don't have to now??? > > SHANGHAI, China - Authorities have ordered all China-based Web sites and > blogs to register or be closed down, in the latest effort by the communist > government to police the world of cyberspace. > > http://news.yahoo.com/news?tmpl=story&u=/ap/20050607/ap_on_hi_te/china_policing_the_net_2 > > -- > Once movie theaters gave out steak knives > Today they confiscate them Imagine this. FOr every Chinese related spam: ============= "Dear Chinese Authorities ; We have received this mail relating to a server in your country. Please advise if this site is registered with you. We are try to ensure that your citizens meet your requirements. If we do not receive a postive response, we will consider this an illegal site and blacklist it on all routers to China. ============= Bit of a catch 22 ??? Guess I may dream on ...:-) From nobody at devnull.spamcop.net Thu Jun 9 07:18:27 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Thu Jun 9 07:15:03 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: "Borgholio" wrote in message news:d87c8r$4d4$1@news.spamcop.net... > > Hello SysAdmin luser, > > > > Please, look carefully for servers you support. > > > > Seriously? That sounds pretty good... :) Seriously, something simple might be best. It sounds like a translation, but if not, then whoever is not strong on communication skills. Myself, I would have said. 'I did look carefully at this letter. It does not come from me. It should not have been returned to me. Please, look carefully at spamcop reports.' Miss Betsy From MikeE at ster.invalid Thu Jun 9 05:56:09 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 08:00:04 2005 Subject: [SpamCop-List] Re: bad_tracking@devnull.spamcop.net ? References: Message-ID: Patto wrote: www.spamcop.net/sc?id=z772997457z0d5e67f7f7c0dd8729160fd9bf3c41e8z > > What is 'bad_tracking@devnull.spamcop.net' ? SC's parser determines the source to be 178.81.61.102 -- but that is 'impossible' to report because all of 178 is IANA reserved, typically not used for internet IP addresses, so it uses a devnull to count that IP toward the SCbl. I would report it differently. I would report it to the provider of the 'apparent' relay which SC trusts to be a server. That relay/server is already SCbl listed. Abbreviated Received lines *comment from (rtbph1.raabnet.net [217.197.149.72]) by spf3.us4.outblaze.com *I say source, SC sez relay from [178.81.61.102] (port=4494 helo=[buffer]) by rtbph1.raabnet.net *bad line When SC parses that, it determines 178.81.61.102 to be the source by parsing the chain thru' 217.197.149.72 rDNS rtbph1.raabnet.net to get down to the next line. >From a human parser point of view, I don't feel 'comfortable' doing that. There is no such thing as an MX for raabnet.net or rtbph1.raabnet.net - altho' it does have some nameservice. So, imagining that some 'real' non-routing IP relayed the spam to me thru' the alleged server doesn't suit me and so I have to call 217.197.149.72 the source. It is 'too bad' that SC wants to say that 217.197.149.72 isn't the source, because then your report won't name that IP, which is currently SC blocklisted, and as a result it will eventually age off the blocklist. I think it should remain blocklisted and I think some deputy should untrust 217.197.149.72 as a relay. 217.197.149.72 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours. System has sent mail to SpamCop spam traps in the past week -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Jun 9 08:32:16 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 9 08:35:03 2005 Subject: [SpamCop-List] Re: bad_tracking@devnull.spamcop.net ? References: Message-ID: "Patto" wrote in message news:d88le3$qv9$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z772997457z0d5e67f7f7c0dd8729160fd9bf3c41e8z > > What is 'bad_tracking@devnull.spamcop.net' ? It's a setting we use for IPs in non-allocated netblocks. Ellen SpamCop From notmyrealaddress at nospam.com Thu Jun 9 10:30:53 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Thu Jun 9 09:35:02 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? References: Message-ID: OOh..now that's some good stuff there..I might e-mail AX with the link and tell them that I am thinking about breaking off my relationship with them because of this -- Thanks, Cherie "Redstone" wrote in message news:Xns966FEA580CBEEtinlc@216.154.195.61... > "Cherie" wrote in news:d84ku5$hap$1 > @news.spamcop.net: > >> Don't they ALL though? :O) >> > > > http://groups-beta.google.com/groups?q=%22constant+contact%22 > +spam&hl=en&lr=&sa=N&tab=wg > > http://tinyurl.com/byq7n > > > Makes one wonder sometimes. > From nobody at spamcop.net Thu Jun 9 11:20:11 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 9 10:30:03 2005 Subject: [SpamCop-List] Re: bad_tracking@devnull.spamcop.net ? References: Message-ID: "Mike Easter" wrote in message news:d89aon$6od$1@news.spamcop.net... > Patto wrote: > www.spamcop.net/sc?id=z772997457z0d5e67f7f7c0dd8729160fd9bf3c41e8z > > > > What is 'bad_tracking@devnull.spamcop.net' ? > > > It is 'too bad' that SC wants to say that 217.197.149.72 isn't the > source, because then your report won't name that IP, which is currently > SC blocklisted, and as a result it will eventually age off the > blocklist. I think it should remain blocklisted and I think some deputy > should untrust 217.197.149.72 as a relay. > now it will .... E From ob1db at spamcop.net Thu Jun 9 12:32:41 2005 From: ob1db at spamcop.net (David Butler) Date: Thu Jun 9 11:35:03 2005 Subject: [SpamCop-List] Spamcop reporting 203.94.254.0/24 to devnull ? Message-ID: Spamcop sez: Tracking message source: 203.94.254.70: Routing details for 203.94.254.70 [refresh/show] Cached whois for 203.94.254.70 : mtnlco@giasdl01.vsnl.net.in Using last resort contacts mtnlco@giasdl01.vsnl.net.in mtnlco@giasdl01.vsnl.net.in bounces (129 sent : 65 bounces) But openrbl.org shows: Address: 203.94.254.70 (unresolved) AS: 203.94.254.0/24 AS17813 Mahanagar Telephone Nigam Ltd. New Delhi/Delhi Metropolitan Are Net 203.94.224-255 MTNL Abuse-Whois vsnl.net.in: (APNIC/MTNL)[Cached][whois.abuse.net]postmaster@vsnl.net.in (for vsnl.net.in) abuse@vsnl.net (for vsnl.net.in)abuse@vsnl.com (for vsnl.net.in) I DO see: IP-Whois 203.94.254.70: (APNIC/MTNL)[Cached] [whois.apnic.net] % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 203.94.224.0 - 203.94.255.255 netname: MTNL descr: Mahanagar Telephone Nigam Ltd., ISP Division, New Delhi descr: Planning Development and Operation of Telecom. Services. country: IN admin-c: DC59-AP tech-c: DC59-AP mnt-by: APNIC-HM changed: hostmaster#apnic.net 19981224 status: ALLOCATED PORTABLE source: APNIC person: Deepak Chanduka address: Mahanagar Telephone Nigam Ltd., Jeevan Bharati Building, address: Tower 1, 12th Floor, 124, Connaught Circus, New Delhi country: IN phone: +91-11-3732212 fax-no: +91-11-3718117 e-mail: mtnlco#giasdl01.vsnl.net.in nic-hdl: DC59-AP mnt-by: MAINT-NULL changed: hostmaster#apnic.net 19981224 source: APNICbut no mention of that being an abuse contact. What am I missing ? From ob1db at spamcop.net Thu Jun 9 12:42:47 2005 From: ob1db at spamcop.net (David Butler) Date: Thu Jun 9 11:45:03 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: "Mike Easter" wrote in message news:d809vr$u0j$1@news.spamcop.net... > D.F. Manno wrote: > > Here's the tracker: > > > > > http://www.spamcop.net/sc?id=z771724237z92cabd7de2dec47f4eda5093733f9816z > > The tracker provides two different > > Routing details for 219.81.238.229 > > One of them goes to > http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=17 > > and the other > http://www.spamcop.net/sc?action=showroute;ip=219.81.238.229;typecodes=12,15 > > The first provides contacts based on apnic ting_tseng@twfn.com.tw & > spam@anet.net.tw > I have argued with this parsing numerous times over in .routing and never gotten a reply ! I see this info from openrbl.org: Address: 219.81.238.229 resolved to 219-81-238-229.static.tfn.net.tw AS: 219.80.0.0/15 AS9924 Taiwan Fixed Network, Telco and San-Chung/Tai-Pei Hsien Net 219/8 APNIC-AP ? Milton, New South Wales Abuse-Whois tfn.net.tw: (219-81-238-229.static.tfn.net.tw; 238.81.219.in-...)[Cached] [whois.abuse.net] postmaster@tfn.net.tw (for tfn.net.tw) spam@anet.net.tw (for tfn.net.tw)via APNIC, I get abuse@tfn.net.tw, postmaster@tfn.net.tw, eric_wu@twfn.com.tw which I have suggested before. I see ting_tseng@twfn.com.tw only under the RADB data. Any reason these seemingly superior routings are not being used ? Same for ALL TFN.tw blocks! David From ob1db at spamcop.net Thu Jun 9 13:08:28 2005 From: ob1db at spamcop.net (David Butler) Date: Thu Jun 9 12:10:03 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: "David Butler" wrote in message news:d89nem$dr6$1@news.spamcop.net... > Spamcop sez: > > > Tracking message source: 203.94.254.70: > Routing details for 203.94.254.70 > [refresh/show] Cached whois for 203.94.254.70 : mtnlco@giasdl01.vsnl.net.in > Using last resort contacts mtnlco@giasdl01.vsnl.net.in > mtnlco@giasdl01.vsnl.net.in bounces (129 sent : 65 bounces) > > But openrbl.org shows: > Address: 203.94.254.70 (unresolved) AS: 203.94.254.0/24 AS17813 Mahanagar > Telephone Nigam Ltd. New Delhi/Delhi Metropolitan Are Net 203.94.224-255 > MTNL Abuse-Whois vsnl.net.in: > (APNIC/MTNL)[Cached][whois.abuse.net]postmaster@vsnl.net.in (for > vsnl.net.in) > abuse@vsnl.net (for vsnl.net.in)abuse@vsnl.com (for vsnl.net.in) > I DO see: > postmaster@vsnl.net.in appears to bounce... From DougThegarden at invalid.com Thu Jun 9 18:43:18 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Thu Jun 9 12:45:04 2005 Subject: [SpamCop-List] Re: China Orders All Web Sites to Register In-Reply-To: References: Message-ID: Anty Spam wrote: > > Imagine this. FOr every Chinese related spam: ============= "Dear > Chinese Authorities ; > > We have received this mail relating to a server in your country. > Please advise if this site is registered with you. > > We are try to ensure that your citizens meet your requirements. > > If we do not receive a postive response, we will consider this an > illegal site and blacklist it on all routers to China. > > I prefer the e-mail, I think I first saw suggested here, to the site owner: Dear , The Falun Gong thank you for your kind message of support and financial donation to our cause. Yours etc Doug From MikeE at ster.invalid Thu Jun 9 10:49:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 12:50:04 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: David Butler wrote: > [refresh/show] Cached whois for 203.94.254.70 : > mtnlco@giasdl01.vsnl.net.in Using last resort contacts > mtnlco@giasdl01.vsnl.net.in mtnlco@giasdl01.vsnl.net.in bounces (129 > sent : 65 bounces) Your apnic shows mtnlco username at that vsnl subdomain. > But openrbl.org shows: > Address: 203.94.254.70 (unresolved) AS: 203.94.254.0/24 AS17813 > Mahanagar Telephone Nigam Ltd. New Delhi/Delhi Metropolitan Are Net > 203.94.224-255 MTNL Abuse-Whois vsnl.net.in: > (APNIC/MTNL)[Cached][whois.abuse.net]postmaster@vsnl.net.in (for > vsnl.net.in) > abuse@vsnl.net (for vsnl.net.in)abuse@vsnl.com (for vsnl.net.in) Your usage of the vsnl domainname at abuse.net is a good strategy, but you can get a more 'direct' or 'pertinent' notify addy than the vsnl one. Vsnl is a huge provider, and in this case they aren't directly involved with taking care of Mahanagar Telephone Nigam Ltd's business. However, if I sniff around a little bit, I can find out that Mahanagar has a domainname mtnl.net.in -- and not only that, but abuse.net has a host of notify addresses for that domainname. dns mtnl.net.in Mail for mtnl.net.in is handled by mx1.bol.net.in mx.mtnl.net.in Canonical name: mtnl.net.in Addresses: 203.94.243.88 inetnum: 203.94.224.0 - 203.94.255.255 netname: MTNL descr: Mahanagar Telephone Nigam Ltd., ISP Division, New Delhi whois -h whois.abuse.net mtnl.net.in ... anandpatil@bol.net.in ( compaq1@bol.net.in postmaster@bol.net.in rajpk@bol.net.in sdeisp3@bol.net.in dgmvas@bol.net.in (for mtnl.net.in) > I DO see: > mnt-by: MAINT-NULL > changed: hostmaster#apnic.net 19981224 > source: APNICbut no mention of that being an abuse contact. > What am I missing ? 'changed' and mnt-by are almost never used for contacts, except in some unusual circumstances in which the provider some useful information that is akin to upstream information. That is not a good place to be going to get a notify. It is OK to 'look at' - but rarely is it appropriate to notify. Obviously hostmaster@apnic isn't an appropriate notify. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 9 10:50:05 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 12:50:16 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: David Butler wrote: > postmaster@vsnl.net.in appears to bounce... vsnl isn't as appropriate as mtnl.net.in anyway. -- Mike Easter kibitzer, not SC admin From borgholio at storymind.com Thu Jun 9 10:59:58 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Jun 9 13:00:03 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Blammo wrote: > On 08 Jun 2005 Borgholio entered spamcop and left > news:d8779q$k5$1@news.spamcop.net: > > >>Here's a response I got after sending a Spamcop report on a "fake" >>bounce message: >> >> >> >>Hello SpamCop user, >> >>Please, look carefully for letters to report. >> >> >> >>What am I supposed to say to this? > > > Unlike the others, I don't find any humor in this since you don't give us > enough detail to make any kind of judgement. I won't bother making any > assumptions. > That IS the detail. Those two lines comprise the entire response to a spamcop report I sent regarding a fake bounce message. From borgholio at storymind.com Thu Jun 9 11:00:18 2005 From: borgholio at storymind.com (Borgholio) Date: Thu Jun 9 13:00:12 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Redstone wrote: > Borgholio wrote in > news:d8779q$k5$1@news.spamcop.net: > > >>Here's a response I got after sending a Spamcop report on a "fake" >>bounce message: >> >> >> >>Hello SpamCop user, >> >>Please, look carefully for letters to report. >> >> >> >>What am I supposed to say to this? > > > > "All your base belong to us." :-) > Actually I threw the "Spanish Inquisition" line and left it at that. :) From MikeE at ster.invalid Thu Jun 9 11:02:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 13:05:04 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: David Butler wrote: Subject: Spamcop reporting 203.94.254.0/24 to devnull ? and we're talking about a /19 here, not a /24. Actually MTNL has a /19, a /22, and another chunk of 28 class Cs If we could arrive at a good notify for them, it would cover a lot of .in space whois -h whois.apnic.net mtnl ... inetnum: 203.94.224.0 - 203.94.255.255 netname: MTNL descr: Mahanagar inetnum: 203.94.220.0 - 203.94.223.255 netname: MTNL descr: Mahanagar inetnum: 203.94.192.0 - 203.94.219.255 netname: MTNL descr: Mahanagar all of that space is supposed to notify DC59-AP = mtnlco@giasdl01.vsnl.net.in but the AS17813 information looks better aut-num: AS17813 as-name: MTNL-AP descr: Mahanagar admin-c: DC59-AP tech-c: DC59-AP notify: dgmvas2@bol.net.in notify: sdeisp3@bol.net.in Those bol.net/s match up with what we had for the notifies for mtnl.net.in bol.net.in = 203.94.243.85 Mail for bol.net.in is handled by mx.mtnl.net.in mx1.bol.net.in whois -h whois.abuse.net bol.net.in ... sdeisp3@bol.net.in anandpatil@bol.net.in dgmvas@bol.net.in compaq1@bol.net.in postmaster@bol.net.in (for bol.net.in) You can compare that to what we got for mtnl.net whois -h whois.abuse.net mtnl.net.in ... anandpatil@bol.net.in ( compaq1@bol.net.in postmaster@bol.net.in rajpk@bol.net.in sdeisp3@bol.net.in dgmvas@bol.net.in (for mtnl.net.in) -- Mike Easter kibitzer, not SC admin From notmyrealaddress at nospam.com Thu Jun 9 14:03:18 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Thu Jun 9 13:05:13 2005 Subject: [SpamCop-List] IP numbers of places OUTSIDE of USA Message-ID: I have a few guestbooks on some of my sites..there is no reason in the world why anyone outside of the USA would have any interest in these websites...I would like to ban all "outsiders" from posting to the guestbook..I have had at least 25 spam messages on one guestbook today only..I have banned the IP's and ALL of them are from outside of USA....this is time consuming..does anyone have a list of IPs that are of places outside of USA..that I can copy/paste into the ban box?? -- Thanks, Cherie From MikeE at ster.invalid Thu Jun 9 11:24:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 13:25:02 2005 Subject: [SpamCop-List] Re: Network administrator AND interested third party? References: Message-ID: David Butler wrote: > "Mike Easter" >> Routing details for 219.81.238.229 > I have argued with this parsing numerous times over in .routing and > never gotten a reply ! OK; let's talk about 219.81.238.229 -- and more importantly about tfn.net.tw, which is a very big outfit. > I see this info from openrbl.org: > > Address: 219.81.238.229 resolved to 219-81-238-229.static.tfn.net.tw > AS: 219.80.0.0/15 AS9924 Taiwan Fixed Network, Telco and > San-Chung/Tai-Pei Hsien Net 219/8 APNIC-AP ? Milton, New South Wales > Abuse-Whois tfn.net.tw: (219-81-238-229.static.tfn.net.tw; > 238.81.219.in-...)[Cached] [whois.abuse.net] > postmaster@tfn.net.tw (for tfn.net.tw) > spam@anet.net.tw (for tfn.net.tw)via APNIC, I get > abuse@tfn.net.tw, postmaster@tfn.net.tw, eric_wu@twfn.com.tw > > which I have suggested before. I see ting_tseng@twfn.com.tw only > under the RADB data. If I put 219.81.238.229 into the tracker naked I get at the bottom line: Reporting addresses: spam@anet.net.tw > Any reason these seemingly superior routings are not being used ? > > Same for ALL TFN.tw blocks! Well, that's why I would look at all the tfn.net.tw blocks. We should look in apnic and we should look in whois.twnic.net inetnum: 219.80.0.0 - 219.81.255.255 netname: TFN-NET descr: Taiwan Fixed Network CO.,LTD. admin-c: TT164-AP = ting_tseng@twfn.com.tw tech-c: SH376-AP = steve_huang@howin.com.tw person: Spam spam e-mail: spam@anet.net.tw person: Abuse abuse e-mail: abuse@tfn.net.tw Here's why we need a good notify: whois -h whois.apnic.net tfn-net inetnum: 211.78.208.0 - 211.78.223.255 netname: TFN-NET inetnum: 61.30.0.0 - 61.30.255.255 netname: TFN-NET inetnum: 219.80.0.0 - 219.81.255.255 netname: TFN-NET inetnum: 61.31.0.0 - 61.31.255.255 netname: TFN-NET inetnum: 219.86.0.0 - 219.87.255.255 netname: TFN-NET inetnum: 60.198.0.0 - 60.198.255.255 netname: TFN-NET And, lastly we see how they do it at twnic whois -h whois.twnic.net 219.81.238.229 ... Taiwan Fixed Network CO.,LTD. 7Fl., No. 498, Ruei-Guang Rd., Nei-Hu Taipei TW Netname: TFN-NET Netblock: 219.81.224.0/20 Administrator contact: Spam spam (SS97-TW) spam@anet.net.tw +886-2-6606-9898 Technical contact: Linghao Chen (LC625-TW) linghao_chen@twfn.com.tw So, I would say the A-1 best spam contact is spam@anet.net.tw In this particular case, the domainname of the preferred contact doesn't resemble the domainname of the target. You can also do it the other way; rDNS the original IP and then abuse.net the result nslookup 219.81.238.229 Canonical name: 219-81-238-229.static.tfn.net.tw whois -h whois.abuse.net 219-81-238-229.static.tfn.net.tw ... postmaster@tfn.net.tw spam@anet.net.tw (for tfn.net.tw) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 9 11:37:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 13:40:03 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: Cherie wrote: > I have a few guestbooks on some of my sites..there is no reason in > the world why anyone outside of the USA would have any interest in > these websites...I would like to ban all "outsiders" from posting to > the guestbook..I have had at least 25 spam messages on one guestbook > today only..I have banned the IP's and ALL of them are from outside > of USA....this is time consuming..does anyone have a list of IPs that > are of places outside of USA..that I can copy/paste into the ban box?? I don't know that the way you are thinking about going about solving your problem of spam messages in the guestbook is the best way to do it, but for the moment we'll address your interest in 'geographitizing' IP addresses. BTW, why allow 'far away' states from whatever it is you are selling or talking about, when there are nearby other countries such as Canada and Mexico? Central America? S. Amer? You can get a look at the size of the problem if you look at some lists at blackholes.us and look at some of the country IP lists http://blackholes.us/ Or, if you wanted to try to do it 'positively' by whitelisting US IPs, I would look at the list at nerd-zz which appears to be down right now. http://countries.nerd.dk/ Here's a very brief description of what nerd-zz does from moensted + NERD-ZZ ISO 3166 Number codes encoded in the last two octets: zz.countries.nerd.dk -> 127.0.3.72 us about: The zone does NOT contain known spammers, nor open relays about: Please see our webpage for more information about: This zone lists ONLY based on geographic information -- Mike Easter kibitzer, not SC admin From tfm3 at nospam.teleproc.com Thu Jun 9 13:37:57 2005 From: tfm3 at nospam.teleproc.com (Thomas Mooney) Date: Thu Jun 9 13:40:13 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: "Cherie" wrote in message news:d89snv$i45$1@news.spamcop.net... > I have a few guestbooks on some of my sites..there is no reason in the world > why anyone outside of the USA would have any interest in these websites...I > would like to ban all "outsiders" from posting to the guestbook..I have had > at least 25 spam messages on one guestbook today only..I have banned the > IP's and ALL of them are from outside of USA....this is time consuming..does > anyone have a list of IPs that are of places outside of USA..that I can > copy/paste into the ban box?? Take a look at www.blackholes.us - you may find something helpful there. -- TFM3 Note: Spam-resistant e-mail address From 79ytka802 at sneakemail.com Thu Jun 9 19:39:05 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Thu Jun 9 13:40:18 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA In-Reply-To: References: Message-ID: Cherie wrote: > I have a few guestbooks on some of my sites..there is no reason in the world > why anyone outside of the USA would have any interest in these websites...I > would like to ban all "outsiders" from posting to the guestbook..I have had > at least 25 spam messages on one guestbook today only..I have banned the > IP's and ALL of them are from outside of USA....this is time consuming..does > anyone have a list of IPs that are of places outside of USA..that I can > copy/paste into the ban box?? I know this is off-topic, but for once I won't apologise. This is an international newsgroup read and contributed to by people all over the world. Has it occurred to you that a posting like this may be just a little bit offensive to those of us who don't live in the USA, especially those of us here in the UK, supposedly your "special friends"? You seem to be equating "outside the USA" with "bad", and you seem to think that only people outside the USA produce spam - when the truth is that the USA generates more spam than most other countries. And, talking in practical terms - are you sure that none of those that your web site is aimed at are ever going to travel outside the USA? From notmyrealaddress at nospam.com Thu Jun 9 14:55:34 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Thu Jun 9 14:00:03 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: Sorry you read my post wrong..I was not associating outside of US with BAD...I was trying to avoid a lengthy explanation to which I am now forced to do ..this website is for an organization..and only those who belong or may be thinking about joining are the only ones that would be interested in visiting.. this particular organization ONLY has chapters in USA I would not block outsiders from the website..just the guestbook...the guestbook is...after all ..for members only (sorta)..soooooOOOoOO ....blocking outside USA ips will not only put a large dent in blocking out guestbook spam, but it will help to keep guestbook comments allowable for members (or prospective members) only and just for the record..I do believe that a large portion of spam comes from US citizens using foreign hosts to do their dirty work....my method would get them too, huh? -- Thanks, Cherie "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:d89urm$jhl$1@news.spamcop.net... > > > Cherie wrote: > >> I have a few guestbooks on some of my sites..there is no reason in the >> world why anyone outside of the USA would have any interest in these >> websites...I would like to ban all "outsiders" from posting to the >> guestbook..I have had at least 25 spam messages on one guestbook today >> only..I have banned the IP's and ALL of them are from outside of >> USA....this is time consuming..does anyone have a list of IPs that are of >> places outside of USA..that I can copy/paste into the ban box?? > > I know this is off-topic, but for once I won't apologise. > > This is an international newsgroup read and contributed to by people all > over the world. Has it occurred to you that a posting like this may be > just a little bit offensive to those of us who don't live in the USA, > especially those of us here in the UK, supposedly your "special friends"? > > You seem to be equating "outside the USA" with "bad", and you seem to > think that only people outside the USA produce spam - when the truth is > that the USA generates more spam than most other countries. > > And, talking in practical terms - are you sure that none of those that > your web site is aimed at are ever going to travel outside the USA? From spammers at suck.com Thu Jun 9 11:59:10 2005 From: spammers at suck.com (IHateSpam) Date: Thu Jun 9 14:00:12 2005 Subject: [SpamCop-List] Help! - Mortgage offers Message-ID: Help!!!! I'm being flooded by those stupid mortgage offers... and I don't even own a home. Today I got 20 spams in the morning and 12 of them were mortgage offers. Yes, I'm submitting to Spamcop but I've submitted literally hundreds and hundreds of spams from these peole and nothing has changed. So I decided to try one of their removal pages. I know, I know... dumb idea. Now they've doubled their spam. Anyone know how to get them off your back? Please? Any advice? From nobody at spamcop.net Thu Jun 9 20:22:40 2005 From: nobody at spamcop.net (TimeLord) Date: Thu Jun 9 14:25:02 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: "Cherie" wrote in message news:d89vpu$kbj$1@news.spamcop.net... > Sorry you read my post wrong..I was not associating outside of US with > BAD...I was trying to avoid a lengthy explanation to which I am now forced > to do > > ..this website is for an organization..and only those who belong or may be > thinking about joining are the only ones that would be interested in > visiting.. this particular organization ONLY has chapters in USA > > I would not block outsiders from the website..just the guestbook...the > guestbook is...after all ..for members only (sorta)..soooooOOOoOO > > ....blocking outside USA ips will not only put a large dent in blocking > out guestbook spam, but it will help to keep guestbook comments allowable > for members (or prospective members) only > > and just for the record..I do believe that a large portion of spam comes > from US citizens using foreign hosts to do their dirty work....my method > would get them too, huh? > > -- > Thanks, > Cherie > > > > "Aviatrix" <79ytka802@sneakemail.com> wrote in message > news:d89urm$jhl$1@news.spamcop.net... >> >> >> Cherie wrote: >> >>> I have a few guestbooks on some of my sites..there is no reason in the >>> world why anyone outside of the USA would have any interest in these >>> websites...I would like to ban all "outsiders" from posting to the >>> guestbook..I have had at least 25 spam messages on one guestbook today >>> only..I have banned the IP's and ALL of them are from outside of >>> USA....this is time consuming..does anyone have a list of IPs that are >>> of places outside of USA..that I can copy/paste into the ban box?? >> >> I know this is off-topic, but for once I won't apologise. >> >> This is an international newsgroup read and contributed to by people all >> over the world. Has it occurred to you that a posting like this may be >> just a little bit offensive to those of us who don't live in the USA, >> especially those of us here in the UK, supposedly your "special friends"? >> >> You seem to be equating "outside the USA" with "bad", and you seem to >> think that only people outside the USA produce spam - when the truth is >> that the USA generates more spam than most other countries. >> >> And, talking in practical terms - are you sure that none of those that >> your web site is aimed at are ever going to travel outside the USA? > > Guestbook spam - to take another tack altogether, I found a very successful approach (for me anyway) in blocking guestbook spamming was by just blocking the posting of strings contaning 'http', 'www' and '@' in the appropriate fields - blocked over a thousand without a failure :-). Though it depends if you want your guests to be able to post URL's or email addresses. Kev From porpoise1954 at yahoo.co.uk Thu Jun 9 20:39:57 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Jun 9 14:45:03 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:d89urm$jhl$1@news.spamcop.net... > > > Cherie wrote: > >> I have a few guestbooks on some of my sites..there is no reason in the >> world why anyone outside of the USA would have any interest in these >> websites...I would like to ban all "outsiders" from posting to the >> guestbook..I have had at least 25 spam messages on one guestbook today >> only..I have banned the IP's and ALL of them are from outside of >> USA....this is time consuming..does anyone have a list of IPs that are of >> places outside of USA..that I can copy/paste into the ban box?? > > I know this is off-topic, but for once I won't apologise. > > This is an international newsgroup read and contributed to by people all > over the world. Has it occurred to you that a posting like this may be > just a little bit offensive to those of us who don't live in the USA, > especially those of us here in the UK, supposedly your "special friends"? Yes. Quite so! > > You seem to be equating "outside the USA" with "bad", and you seem to > think that only people outside the USA produce spam - when the truth is > that the USA generates more spam than most other countries. Erm.... I think that should probably be "All other countries put together". > > And, talking in practical terms - are you sure that none of those that > your web site is aimed at are ever going to travel outside the USA? Best bet is probably to not bother having a "Guest" page......... but maybe have a properly constructed form/script combination which will only forward direct input from the webform that the would-be spammers can't lift any submission addresses from. (thereby not getting any addresses to be able to spam). From porpoise1954 at yahoo.co.uk Thu Jun 9 20:42:17 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Jun 9 14:45:11 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: "Cherie" wrote in message news:d89vpu$kbj$1@news.spamcop.net... > Sorry you read my post wrong..I was not associating outside of US with > BAD...I was trying to avoid a lengthy explanation to which I am now forced > to do > > ..this website is for an organization..and only those who belong or may be > thinking about joining are the only ones that would be interested in > visiting.. this particular organization ONLY has chapters in USA > > I would not block outsiders from the website..just the guestbook...the > guestbook is...after all ..for members only (sorta)..soooooOOOoOO So make it only available to valid login for members only - problem solved! > > ....blocking outside USA ips will not only put a large dent in blocking > out guestbook spam, but it will help to keep guestbook comments allowable > for members (or prospective members) only > > and just for the record..I do believe that a large portion of spam comes > from US citizens using foreign hosts to do their dirty work....my method > would get them too, huh? > From notmyrealaddress at nospam.com Thu Jun 9 17:09:37 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Thu Jun 9 16:10:03 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: only problem with that is that PROSPECTIVE members won't be able to sign it:::::sigh:: I fixed it I do believe..I put a flood check for 3 days on it..and I have human verification mod on it:::crossing fingers:::: thanks, -- Thanks, Cherie "Porpoise" wrote in message news:d8a2if$m5k$1@news.spamcop.net... > > "Cherie" wrote in message > news:d89vpu$kbj$1@news.spamcop.net... >> Sorry you read my post wrong..I was not associating outside of US with >> BAD...I was trying to avoid a lengthy explanation to which I am now >> forced to do >> >> ..this website is for an organization..and only those who belong or may >> be thinking about joining are the only ones that would be interested in >> visiting.. this particular organization ONLY has chapters in USA >> >> I would not block outsiders from the website..just the guestbook...the >> guestbook is...after all ..for members only (sorta)..soooooOOOoOO > > So make it only available to valid login for members only - problem > solved! > >> >> ....blocking outside USA ips will not only put a large dent in blocking >> out guestbook spam, but it will help to keep guestbook comments allowable >> for members (or prospective members) only >> >> and just for the record..I do believe that a large portion of spam comes >> from US citizens using foreign hosts to do their dirty work....my method >> would get them too, huh? >> > > From nttp.sc.s at bigsleep.org Fri Jun 10 00:06:59 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 9 19:10:02 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: On 09 Jun 2005 IHateSpam entered spamcop and left news:d8a01f$khr$1@news.spamcop.net: > Yes, I'm submitting to Spamcop but I've submitted > literally hundreds and hundreds of spams from these peole and nothing > has changed. That won't do much to stop that type of spam. You need an ISP that blocks open proxies, or even Spamassassin would filter them out for you. You can change your eMail address, but if your ISP is open to dictionary attacks that won't help much either unless you use a very obscure address. Thunderbird has very good spam filter, once you have it trained it should pick those out for you and you won't have to look at them, you'll still have to download them of course. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 10 00:15:39 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 9 19:20:02 2005 Subject: [SpamCop-List] Re: bad_tracking@devnull.spamcop.net ? References: Message-ID: On 09 Jun 2005 Ellen entered spamcop and left news:d89crl$817$1@news.spamcop.net: > > > "Patto" wrote in message > news:d88le3$qv9$1@news.spamcop.net... >> http://www.spamcop.net/sc?id=z772997457z0d5e67f7f7c0dd8729160fd9bf3c41 >> e8z >> >> What is 'bad_tracking@devnull.spamcop.net' ? > > It's a setting we use for IPs in non-allocated netblocks. > So does sending to 'bad_tracking' help fix the problem? That's probably a dumb question, but I've been wondering what to do when Spamcop tries to report an IP that I think is in a forged header. -- | Ric | From MikeE at ster.invalid Thu Jun 9 17:23:25 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 19:25:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: IHateSpam wrote: > Help!!!! I'm being flooded by those stupid mortgage offers... and I > don't even own a home. Today I got 20 spams in the morning and 12 > of them were mortgage offers. You are describing/manifesting a symptom of improper mail/inbox management. > Yes, I'm submitting to Spamcop but > I've submitted literally hundreds and hundreds of spams from these > peole and nothing has changed. Spamcop reporting is *not* the first step in proper inbox management, or even an important or useful step in the critical responsibility of managing your inbox properly; which means to handle your wanted mail and its location conveniently and non-frustratingly. > So I decided to try one of their > removal pages. I know, I know... dumb idea. You shouldn't even been opening and and reading the spam, much less believing your spam and clicking on its "I believe you, spam!" button links. > Now they've doubled > their spam. Of course. That's what you signalled them to do. You told them that you open and read your spam, you believe your spam, and you click on your spam's links. Now you are on a special mailing list of worthwhile people to send more spam to. > Anyone know how to get them off your back? Please? Any > advice? There is basically nothing you can do to cause less spam to be sent to the email address in question, with the possible exception being to stop opening it. The most likely future for spam and that email address is for there to be more. However, you /can/ make everything all right with your Inbox. The most important thing you can do is to configure so that the spam disappears and your behavior and frustration completely change from being aggravated by spam and 'looking at' spam and seeing spam and reading spam. What you /can/ do is to cause about 99% of the spam to disappear from your inbox so that you don't have to see it there anymore. What you do with the 'disappeared' spam when you go visit it at your convenience is up to you. You can delete it all unopened or you can report it. You need a good spamfilter. -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Fri Jun 10 00:27:53 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Thu Jun 9 19:30:02 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA References: Message-ID: On 09 Jun 2005 Cherie entered spamcop and left news:d89vpu$kbj$1@news.spamcop.net: > I would not block outsiders from the website..just the guestbook...the > guestbook is...after all ..for members only (sorta)..soooooOOOoOO > I think you should try this method and see how well it works. If you have problems you can always try something else. Look into other solutions as well, for example there may be a preview feature, if you force the preview that will make it much harder for automated submissions. -- | Ric | From MikeE at ster.invalid Thu Jun 9 17:42:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 19:45:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: Mike Easter wrote: > IHateSpam wrote: >> Help!!!! I'm being flooded by those stupid mortgage offers... and I >> don't even own a home. Today I got 20 spams in the morning and 12 >> of them were mortgage offers. > > You are describing/manifesting a symptom of improper mail/inbox > management. > You need a good spamfilter. SpamCop's mail system is a mail handling system which tags spam and keeps it out of your inbox, and facilitates easy reporting. It costs $30/y. A free spamfilter is SpamPal. SP is powerful and configurable and stands between your provider's mailserver and your OE Outlook Express. It causes all spam to have a 'tag' which OE can recognize and divert away from your Inbox into its own Junk folder with a simple message rule. There would be almost no spam arriving into your Inbox, and the occasional item which showed up could be manually moved into Junk. Whenever you felt like it, you could go visit your spam and do whatever you want with it. You should learn how to not read spamsubjects with interest or curiosity and you should learn how to be disciplined and pledged to never aid/support a spammer, which includes to never open a spam. If you ever want to know more about the interior of a spam, you should know how to access its message properties and look at its interior and headers and their X-line analysis rather than opening it. Good mail discipline and proper spamhandling are part of never being frustrated by spam. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 9 17:57:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 9 20:00:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: Mike Easter wrote: > IHateSpam wrote: >> Yes, I'm submitting to Spamcop but >> I've submitted literally hundreds and hundreds of spams from these >> peole and nothing has changed. > > Spamcop reporting is *not* the first step in proper inbox management, > or even an important or useful step in the critical responsibility of > managing your inbox properly; which means to handle your wanted mail > and its location conveniently and non-frustratingly. Examples of improper configuration and spamhandling are: - having an inbox full of spam because it hasn't been automatically put into the Junk folder - handling spam badly during spamcop reporting, causing yourself to get more spam What? How does bad spamhandling cause more spam? If your OE is configured to open or preview and render spam online, you activate webbugs on the way to copying the message source for submitting to the spamcop parser. In that way, improper prioritizing plus putting bad spamhandling before good mailbox handling causes the spamcop reporter to get more spam for their efforts, not less. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Jun 9 21:00:13 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 9 20:05:03 2005 Subject: [SpamCop-List] Re: bad_tracking@devnull.spamcop.net ? References: Message-ID: "Blammo" wrote in message news:Xns9670A57D27217blammo@216.154.195.61... > On 09 Jun 2005 Ellen entered spamcop and left > news:d89crl$817$1@news.spamcop.net: > > > So does sending to 'bad_tracking' help fix the problem? That's probably a > dumb question, but I've been wondering what to do when Spamcop tries to > report an IP that I think is in a forged header. > Well no unfortunately it doesn't really fix anything nowadays. Back in the good old days when there were maybe 15 or 20 bad trackings a day, a lot less mail and zombies didn't number in the millions, I used to look at each one manually and adjust the report. When it got to a couple hundred and more a day it became pretty impossible. We also have some other netblocks on there that are routable but not routed and/or not used. If you see the system trying to report a forged header send us the tracking url. Ellen SpamCop From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 10 03:51:06 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 22:55:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Robert Blair" wrote in news:TECQXhvKj0FX-pn2- d5gz1gFeH7ov@dsl-206-55-144-107.tstonramp.com: > [snip] > > Dear Whom It MAy Concern.. > > Hello This is Kornet Abuse Team of KT in Seoul. > We recieved your Spam report mail. > But we couldn't find who the client is, because the client using the > IP is under the service that cannot find in our system.. (ex. Ntopia, > which is share a static IP with others.. Like for Apartment.. > therefore we cannot find..) > Sorry about that.. > > So basicly it is being used as a big proxy and one or more of their terminally clueless users zombified one or more PCs connected to this proxy. And Kornet is saying "they don't feel like" tracking this down. A very cheap cop-out. Whenever I hear any of these Asian ISPs say they are being active in stopping spam, I simply have a hard time believing any of it. (Particularly when they "demand" that their blacklistings be removed.) From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 10 03:52:02 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 22:55:20 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: Borgholio wrote in news:d89sih$hjl$3 @news.spamcop.net: >> >> >> >> "All your base belong to us." :-) >> > > Actually I threw the "Spanish Inquisition" line and left it at that. :) > Watch them come back with a statement requiring "badges". :-) From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 10 03:54:32 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 9 22:55:26 2005 Subject: [SpamCop-List] Re: Someone should slap telecore.ru References: Message-ID: "Anty Spam" wrote in news:d8956o$42a$1@news.spamcop.net: >> > > Remove their LAN points by reclaiming Cu and fibre more likely. Header > Cu is fetching good prices there! :-) > > Gee, is that kind of looting that big in Russia? I know it is pretty big in Africa. :-) From steve at prolynx.com Thu Jun 9 22:01:23 2005 From: steve at prolynx.com (Steve Sybesma) Date: Thu Jun 9 23:05:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Just for my part, if I might further add two cents to the destruction of this thread's purpose: I post the way I want to post and if someone doesn't like it, well, that's basically too bad. I'm not anal retentive or pedantic and I don't have that much respect for people that are. I was looking for info. The usefulness of a newsgroup consists of people trading useful info, not in browbeating over utter pettiness and triviality. If it happened that valuable info came to you chopped up in a way that offended your uppity sensibilities, well get over it because you're going to end up on the losing end of the trade. Steve "indigo" wrote in message news:d828bn$1t8$1@news.spamcop.net... > > > Mike Easter wrote: > > > > I don't think we should be 'hasseling each other' -- there's been a > > long standing 'policy' about being nice, especially to newbies. > > Erm, IIRC (and I'm pretty sure I do) that "be nice to newbies" policy was > for the defunct NNTP NG spamcop.help, but _this_ NG was acknowledged to be > for folks who already knew to put on their asbestos undies prior to > posting...... > > From spammers at suck.com Thu Jun 9 21:52:49 2005 From: spammers at suck.com (IHateSpam) Date: Thu Jun 9 23:55:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: > You are describing/manifesting a symptom of improper mail/inbox > management. Pretty big assumption. I have a spam filter. I use it. I don't typically click on any links. I have HTML turned off. Cookies turned off. And a tough, tough firewall. But I find this attitude of "just filter it" to be lazy and just sweeping dirt under a rug. I want to stop these lazy-ass losers. I used to get between 80-100 spams a day in my spam folder. That came from on-line purchases and your method of ignoring it. Through spamcop I got it down to 10-20. Now with these mortgage jerks, I'm back up to 40 a day. Maybe your approach is to ignore it. Not mine. I'm looking for practical advice on how to battle these people. That's the help I'm hoping to get. So, please, if anyone has any practical help... let me know. From SCNews.5.myspamgobbler at spamgourmet.com Thu Jun 9 22:53:01 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Fri Jun 10 00:55:03 2005 Subject: [SpamCop-List] Re: Response from Kornet In-Reply-To: References: Message-ID: Redstone wrote: > "Robert Blair" wrote in news:TECQXhvKj0FX-pn2- > d5gz1gFeH7ov@dsl-206-55-144-107.tstonramp.com: > > >>[snip] >> >>Dear Whom It MAy Concern.. >> >> Hello This is Kornet Abuse Team of KT in Seoul. >> We recieved your Spam report mail. >> But we couldn't find who the client is, because the client using the >>IP is under the service that cannot find in our system.. (ex. Ntopia, >>which is share a static IP with others.. Like for Apartment.. >>therefore we cannot find..) >> Sorry about that.. >> >> > > > > So basicly it is being used as a big proxy and one or more of their > terminally clueless users zombified one or more PCs connected to this > proxy. > > And Kornet is saying "they don't feel like" tracking this down. A very > cheap cop-out. > > Whenever I hear any of these Asian ISPs say they are being active in > stopping spam, I simply have a hard time believing any of it. > (Particularly when they "demand" that their blacklistings be removed.) > I'm not so sure that they are not telling the truth. I have a friend on cable with a virtual IP. I think that maybe all the people in the apartment building have the same visible IP and they are all behind a router. It may not be possible to find the client, or at the least, not very easily. I wonder how many connections are set this way. I had never thought of it much, especially how it relates to spam. I've never had much reason to pay much attention to my router logs. Can they be configured to log all activity so they can determine which computer is compromised? From nobody at devnull.spamcop.net Fri Jun 10 01:49:37 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 10 01:50:04 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Just for my part, if I might further add two cents to the destruction of > this thread's purpose: > I post the way I want to post and if someone doesn't like it, well, > that's basically too bad. > I'm not anal retentive or pedantic and I don't have that much respect > for people that are. > > I was looking for info. The usefulness of a newsgroup consists of people > trading useful info, > not in browbeating over utter pettiness and triviality. > > If it happened that valuable info came to you chopped up in a way that > offended your uppity > sensibilities, well get over it because you're going to end up on the > losing end of the trade. I don't see how anyone was being "uppity" to you, as you put it, but you should understand that your continued insistance on top posting will most likely land you in the killfiles of those who are best qualified to help you when you have a serious problem. You have to understand that when you insist on top posting while everyone else is posting in logical order with comments added below each quoted point and unnecessary parts snipped out, it makes it a whole lot harder to understand the context of your posts and forces people to waste time trying to make sense of your posts. You have to understand that if you think constructing your messages in a better, more logical order for newsgroup posting, then don't be surprised when everyone else finds it beneath themselves to read your message. Sorry to put it that way, but that's pretty much the reaction you'll get if you can't be polite to other people here. Check out these links for top posting netiquette: http://linux.sgms-centre.com/misc/netiquette.php (specifically #6) http://www.river.com/users/share/etiquette/ (#1 and #2) From nobody at devnull.spamcop.net Fri Jun 10 01:50:56 2005 From: nobody at devnull.spamcop.net (Cat) Date: Fri Jun 10 01:55:02 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Just for my part, if I might further add two cents to the destruction of > this thread's purpose: > I post the way I want to post and if someone doesn't like it, well, > that's basically too bad. > I'm not anal retentive or pedantic and I don't have that much respect > for people that are. > > I was looking for info. The usefulness of a newsgroup consists of people > trading useful info, > not in browbeating over utter pettiness and triviality. > > If it happened that valuable info came to you chopped up in a way that > offended your uppity > sensibilities, well get over it because you're going to end up on the > losing end of the trade. I don't see how anyone was being "uppity" to you, as you put it, but you should understand that your continued insistance on top posting will most likely land you in the killfiles of those who are best qualified to help you when you have a serious problem. You have to understand that when you insist on top posting while everyone else is posting in logical order with comments added below each quoted point and unnecessary parts snipped out, it makes it a whole lot harder to understand the context of your posts and forces people to waste time trying to make sense of your posts. You have to understand that if you think constructing your messages in a better, more logical order for newsgroup posting is beneath you, then don't be surprised when everyone else finds it beneath themselves to read your message. Sorry to put it that way, but that's pretty much the reaction you'll get if you can't be polite to other people here. Check out these links for top posting netiquette: http://linux.sgms-centre.com/misc/netiquette.php (specifically #6) http://www.river.com/users/share/etiquette/ (#1 and #2) From nttp.sc.s at bigsleep.org Fri Jun 10 08:31:14 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 10 03:35:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On 09 Jun 2005 Brian (SnSR) entered spamcop and left news:d8b6e7$c5p$1@news.spamcop.net: > I wonder how many connections are set this way. I had never thought of > it much, especially how it relates to spam. I've never had much reason > to pay much attention to my router logs. Can they be configured to log > all activity so they can determine which computer is compromised? > Yes they can. I noticed this option when I was setting up a wireless router. I was curious where it would write this log to, perhaps there was an option to specify that, or it certainly could have enough memory for at least a couple days of logging. -- | Ric | From nttp.sc.s at bigsleep.org Fri Jun 10 08:37:44 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 10 03:40:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: On 09 Jun 2005 IHateSpam entered spamcop and left news:d8b2qs$a9d$1@news.spamcop.net: > I want to stop these lazy-ass > losers. I used to get between 80-100 spams a day in my spam folder. > That came from on-line purchases and your method of ignoring it. > Through spamcop I got it down to 10-20. Now with these mortgage > jerks, I'm back up to 40 a day. Are you sending munged reports? -- | Ric | From nobody at nowhere.invalid Fri Jun 10 11:21:26 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Jun 10 04:25:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: On Thu, 9 Jun 2005 21:01:23 -0600, Steve Sybesma coughed into spamcop and left this in : > I post the way I want to post and if someone doesn't like it, well, > that's basically too bad. > I'm not anal retentive or pedantic and I don't have that much respect > for people that are. s/that are// <*PLONK*> -- Steve The three "R"s of Microsoft support: Retry, Reboot, Reinstall. From MikeE at ster.invalid Fri Jun 10 04:21:43 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 10 06:25:10 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: IHateSpam wrote: > I have a spam filter. I use it. Then almost all of your spam should be in your spam folder, not 'flooding' anything. Spam in the folder doesn't cause... "Help!!!! I'm being flooded by those stupid mortgage offers... " > I don't > typically click on any links. I have HTML turned off. Someone filtering and handling mail securely is a far cry from the start of this thread you started with your flooding and your clicking remove "So I decided to try one of their removal pages." > "just filter it" to be lazy and just sweeping dirt under a rug. The purpose of the filtering I'm describing is to tag and segregate spam to keep it from causing inbox frustration. There's nothing about that kind of filtering which prevents reporting. Reporters whose spam is in a folder don't generally sound so confused and frustrated. They might calmly ask for advice on how they can report their spam better than standard spamcop reporting. > I want to stop these lazy-ass losers. You have very little 'power' over spammers. The business of reporting allows you to report spamsources which are probably trojan proxies, but not necessarily. So far we haven't talked about a single specific example. Spamcop reporting also contributes sources to the spamcop blocklist, which helps with filters for tagging. If you are motivated and can develop better reporting skills than spamcop, reporting spamvertisers can generally be done better than the result of a standard spamcop notify. Spamcop tends to fail to resolve some spamvertisers, which results in the provider not being notified. Spamcop's standard notify algorithm for the ones which it resolves generally tends to notify unresponsive providers. Using additional tools or lookups can often improve on those notifies to include parents or upstreams. We can discuss that here whenever we start talking about specific spam examples instead of generalities. Specific spam examples start with your posting a tracker of the parsing of one of your annoying spams. > I used to get between 80-100 > spams a day in my spam folder. Having a spamfolder is a plus undescribed in the 1st post. > That came from on-line purchases and > your method of ignoring it. Errm, you are mischaracterizing my message. My message starts with 'Protect your Inbox!' If you throw an email address around loosely, that isn't protecting your inbox. The second part of my message is to filter/tag the spam so that it doesn't get into the inbox. That isn't the same as 'ignoring' it - it is managing the inbox. The part of my message about not opening and reading spam which is directed at the deleters should be considered deleting unread as opposed to reading, but you can call that ignoring if you like. If a person is properly in control of their inbox and secure in their spamhandling, the additional step of spam reporting is of value. Some reporting will help source providers secure their proxy trojans, and all reporting will help contribute to the SCbl. Some other spamvertiser reporting will inform some whitehat provider who will squash a spamvertiser. A very high percentage of spamvertiser reporting will be directed at unresponsive providers. In many cases that reporting can be improved upon by discussing it here and learning how. > Through spamcop I got it down to 10-20. > Now with these mortgage jerks, I'm back up to 40 a day. Maybe your > approach is to ignore it. Not mine. I'm looking for practical > advice on how to battle these people. That's the help I'm hoping to > get. So, please, if anyone has any practical help... let me know. I suggest we start with a single example. Post a tracker for a spam. We can use that example of how SC notifies for it and discuss whether or not the notification can be improved. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 10 05:17:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 10 07:20:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: Mike Easter wrote: > I suggest we start with a single example. Post a tracker for a spam. > We can use that example of how SC notifies for it and discuss whether > or not the notification can be improved. Here's what a tracker looks like and its environment at the top of the parse Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z773461900z01c46ac69539f51ad885c14087bfc12az -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Fri Jun 10 11:03:21 2005 From: jr70 at blackhole.invalid (John Richards) Date: Fri Jun 10 13:05:04 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Cat wrote: > You have to understand that > when you insist on top posting while everyone else is posting in logical > order with comments added below each quoted point and unnecessary > parts snipped out That's quite an assumption. Unfortunately "everyone else", even in this newsgroup does not snip out all unnnecesssary parts. Even the post of yours that I'm replying to had so much quoted text that I had to scroll down to see all of the reply. I hate scrolling through messy quoted text. I already was familiar with the comment you were responding to, so it wasn't necessary for me to read the quoted text. Unless you suffer from really poor recollection you shouldn't need to reread text you've read moments before in a prior post. -- John Richards From spammers at suck.com Fri Jun 10 12:08:45 2005 From: spammers at suck.com (IHateSpam) Date: Fri Jun 10 14:10:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: Nevermind. I got it stopped. From ob1db at spamcop.net Fri Jun 10 16:10:14 2005 From: ob1db at spamcop.net (David Butler) Date: Fri Jun 10 15:15:03 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: "Mike Easter" wrote in message news:d89snc$i3u$1@news.spamcop.net... > David Butler wrote: > Subject: Spamcop reporting 203.94.254.0/24 to devnull ? > > and we're talking about a /19 here, not a /24. > I took that straight from APNIC on the /24. I keep forgetting which is larger, the /24 or the /19 ? Thanks for the other analytics... From MikeE at ster.invalid Fri Jun 10 13:35:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 10 15:40:03 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? References: Message-ID: David Butler wrote: > "Mike Easter" >> David Butler wrote: >> Subject: Spamcop reporting 203.94.254.0/24 to devnull ? >> >> and we're talking about a /19 here, not a /24. >> > > I took that straight from APNIC on the /24. I keep forgetting which is > larger, the /24 or the /19 ? /19 is the larger. In IPv4 this is a dotted quad, 4 octets, 203.94.254.0 - where 0 is the 4th octet in this case The /24 is all 256 of the last octet of the dotted quad, 0-255. The /19 is 32 of those things. If you don't want to do any of the math, just remember about 3 of them to be in the ballpark or to frame the ones in between. A /32 is a single IP, a /24 is 256 of them, the last quad. A /16 is 256 of those 256/s, the last 2 quads [or octets]. If you actually multiply 256 x 256 out, that sould be 65,536 individual IPs > Thanks for the other analytics... YW -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Fri Jun 10 16:56:04 2005 From: eddie at eddie.web (eddie) Date: Fri Jun 10 16:00:02 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: On Thu, 09 Jun 2005 10:59:10 -0700, IHateSpam scratched out the following: > Help!!!! I'm being flooded by those stupid mortgage offers... and I don't > even own a home. Today I got 20 spams in the morning and 12 of them were > mortgage offers. Yes, I'm submitting to Spamcop but I've submitted > literally hundreds and hundreds of spams from these peole and nothing has > changed. So I decided to try one of their removal pages. I know, I > know... dumb idea. Now they've doubled their spam. Anyone know how to > get them off your back? Please? Any advice? It won't reduce the spam, but it might make you feel better. Use one of the many credit-card number generators, access the websites via an anonymous browser and fill in as many applications as you have time for. Include telephone numbers of the people who run the websites, usually available at netsol.com, and have fun. After all, you didn't ask for it, but if they can't take it, they shouldn't give it out. You might also use something like friedspam.com to keep their websites busy. Is it legal? I don't know but it's fun :) -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Fri Jun 10 16:58:47 2005 From: eddie at eddie.web (eddie) Date: Fri Jun 10 16:00:13 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: On Wed, 08 Jun 2005 09:44:49 -0700, Borgholio scratched out the following: > Here's a response I got after sending a Spamcop report on a "fake" bounce > message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? You could tell them you will restrict your reports to letters between a and z on weekends and only use the others on mondays. -- Once movie theaters gave out steak knives Today they confiscate them From masfjorden at spamcop.net Fri Jun 10 23:28:14 2005 From: masfjorden at spamcop.net (helge) Date: Fri Jun 10 16:30:02 2005 Subject: [SpamCop-List] Re: Spamcop reporting 203.94.254.0/24 to devnull ? In-Reply-To: References: Message-ID: Mike Easter wrote: > David Butler wrote: snip >> >>I took that straight from APNIC on the /24. I keep forgetting which is >>larger, the /24 or the /19 ? > > > /19 is the larger. > > In IPv4 this is a dotted quad, 4 octets, 203.94.254.0 - where 0 is the > 4th octet in this case > > The /24 is all 256 of the last octet of the dotted quad, 0-255. The > /19 is 32 of those things. > > If you don't want to do any of the math, just remember about 3 of them > to be in the ballpark or to frame the ones in between. > > A /32 is a single IP, a /24 is 256 of them, the last quad. A /16 is 256 > of those 256/s, the last 2 quads [or octets]. If you actually multiply > 256 x 256 out, that sould be 65,536 individual IPs snip I remember these numbers by 1. the rule that the number of IPs of a /n is two to the power of 32-n and 2. two to the power of 10 is approximately equal to ten to the power of three, or 1000 (actually 1024) That makes a /24 two to the power of 8, or 256 as you say, and a /19 two to the power of 13 (32-19) or approx. 8000, and my approximation to a /16 is then 64000, not far from your exact number 65536. helge From nobody at devnull.spamcop.net Sat Jun 11 01:19:46 2005 From: nobody at devnull.spamcop.net (Glenn Daniels) Date: Sat Jun 11 00:20:02 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: "IHateSpam" wrote in message news:d8ckvf$4l6$1@news.spamcop.net... > Nevermind. I got it stopped. > How, I would like to know. Thanks, Glenn From bar_n0ne at hotmail.com Sat Jun 11 10:47:02 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 11 01:50:02 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Redstone" wrote in message news:Xns966FE3130C8E4tinlc@216.154.195.61... > Steven Maesslein wrote in > news:slrndaappk.2re.nobody@127.0.0.1: > > > > > .kr is probably the country with the highest penetration of high-speed > > connections to the house. Given that they all use bootleg copies of > > Windows in Asia and that they're therefore scared to grab updates from > > windowsupdate.microsoft.com, .kr has a huge concentration of trojanned > > machines connected to the 'Net. > > > > Hmm, this gave me a bit of thought. Now since China has a problem with > this too, I wonder if they have a vested interest in trojaned machines. > Having everyone's PC in China hijacked, they could put in all sorts of > interesting spyware and keyloggers. That way they could see if anyone is > going to any "subversive" sites that isn't on their "blocklist". Who > cares if their own people end up losing everything to phishers, as long > as Beijing can keep "control" its worth the risk. > In China at least, most have little if anything to lose to PHISHers, as they don't do online banking for the most part, it's all the north american (for the most part) wankers who respond to phishes and spam who will be victims. I don't doubt for a moment that the Government of ROC keeps a log of every CC transaction and number (and paswords in the case of Phishes) that passes through it's net space. That data, I am sure, is being fed to a good data base also. Suppose we go to war? wouldn't it be handy to quickly drain hundreds of thousdands of CC and bank accounts in the enemies territory?, Sure, in the mdium/long run the attempt would fail, but the short term disruption and chaos would be worth the effort. From yeah at right.com Sat Jun 11 00:36:39 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 02:40:03 2005 Subject: [SpamCop-List] spam an ASSHOLE! Message-ID: A certain acquaintance of mine is a total ASSHOLE! I want to spam the SHIT out of his email box, and I know his email address. Is there a good place on the internet where I can enter his email address so the spammers can spam the shit out of this fucker? From bounces at this.address Sat Jun 11 07:48:35 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 02:50:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Spaz wrote: > A certain acquaintance of mine is a total ASSHOLE! I want to spam the SHIT > out of his email box, and I know his email address. Is there a good place > on the internet where I can enter his email address so the spammers can spam > the shit out of this fucker? > > No. Now go away. From DougThegarden at invalid.com Sat Jun 11 10:56:39 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Jun 11 05:00:31 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Spaz wrote: > A certain acquaintance of mine is a total ASSHOLE! I want to spam the SHIT > out of his email box, and I know his email address. Is there a good place > on the internet where I can enter his email address so the spammers can spam > the shit out of this fucker? > > Its funny how people often refer to themselves as "a friend of mine" when they want to ask an embarassing question. Doug From MikeE at ster.invalid Sat Jun 11 04:57:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 07:00:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Spaz wrote: > and I know his email address. - how do you /know/ you have an address? > Is > there a good place on the internet where I can enter his email > address so the spammers can spam the shit out of this fucker? - you're in the wrong group for seeking internet abuse - if you get yourself involved in escalating newsgroup spats you may get in trouble with your own provider - or retaliation if it's someone who's better at it than you are -- Mike Easter kibitzer, not SC admin From r_buecheler at hotmail.com Sat Jun 11 07:00:45 2005 From: r_buecheler at hotmail.com (Robi) Date: Sat Jun 11 07:05:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Doug Thegarden wrote in message news:d8e905$vv1$1@news.spamcop.net... > Spaz wrote: >> A certain acquaintance of mine is a total ASSHOLE! I want to spam the SHIT >> out of his email box, and I know his email address. Is there a good place >> on the internet where I can enter his email address so the spammers can spam >> the shit out of this fucker? > > Its funny how people often refer to themselves as "a friend of mine" > when they want to ask an embarassing question. Not to be pedantic, but since when is acquaintance = friend? Spaz, you might want to consult a shrink; why would you ask such a question in the anti-spam community? It's like asking about having an abortion to an anti-abortion activist. Unless you're a troll, but then you need to go back under the tree or boulder you came from Robi From bar_n0ne at hotmail.com Sat Jun 11 16:34:12 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Jun 11 07:35:03 2005 Subject: [SpamCop-List] CR spammer (was ATMLinkinc/Calpop/MCI/SBC/XO/Whoa hottesttingaround) latest Message-ID: Nothing in sightings since the 6th, (groups NANAS pinpointmoney OR freeserving OR servingones OR tradepointone) After XO ignored my first missive, I added the 3 addresses Cat mentioned to reports for XO spam and it stopped for about 2-3 days and then returned with one turdlet out of ATT space, (XO still hosting spamvertizers). LARTED that also to the aforementioned and nothing since (3 days now). I haven't had such a rest from this spammer since the startup stutters back whenever (December?) I guess the spammer didn't have his/her next provider lined up in time or s/he's listwashed all the complainers and NANAS posters, XO maybe forced him/her to get the decoder ring out and identify the bitchers? I wonder how long before this poop turns up in CRC-tietong? The following is the whois from the smtp source of the last turdlet, (the spamvertized hosting was the same old places in Whoa/XO space) (as of Wednesday or so) source 12.178.223.12 WHOIS results for 12.178.223.12 Generated by www.DNSstuff.com Location: United States NOTE: More information appears to be available at NET-12-178-220-0-1. AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 AT&T WorldNet Services ATTSVCM-12-178-208-0 (NET-12-178-208-0-1) 12.178.208.0 - 12.178.223.255 MICHAEL SACHT JEWELERS MICHAEL-10-220 (NET-12-178-220-0-1) 12.178.220.0 - 12.178.223.255 # ARIN WHOIS database, last updated 2005-06-08 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. ---------------------------------------------------------- WHOIS results for !NET-12-178-220-0-1 Generated by www.DNSstuff.com Location: Unknown Looking up !NET-12-178-220-0-1 at whois.arin.net. NOTE: More information appears to be available at SSM49-ARIN. Using 16 day old cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address). OrgName: MICHAEL SACHT JEWELERS OrgID: MSJ-4 Address: 177 BOLLINGER RD City: KUNKLETOWN StateProv: PA PostalCode: 18058 Country: US NetRange: 12.178.220.0 - 12.178.223.255 CIDR: 12.178.220.0/22 NetName: MICHAEL-10-220 NetHandle: NET-12-178-220-0-1 Parent: NET-12-178-208-0-1 NetType: Reassigned Comment: RegDate: 2005-05-17 Updated: 2005-05-17 OrgTechHandle: SSM49-ARIN OrgTechName: Smith, Sidney OrgTechPhone: +1-732-597-5107 OrgTechEmail: ************@ispenterprises.com # ARIN WHOIS database, last updated 2005-05-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. From DougThegarden at invalid.com Sat Jun 11 13:40:28 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Jun 11 07:45:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Robi wrote: > > Not to be pedantic, but since when is acquaintance = friend? > To be pedantic: friend n. A person whom one knows; an *acquaintance*. (American Heritage Dictionary) acquaintance (Concise Oxford Dictionary) an intimate acquaintance (Chambers 20th Century Dictionary) You were saying? Doug ;-) From MikeE at ster.invalid Sat Jun 11 05:55:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 08:00:04 2005 Subject: [SpamCop-List] Re: CR spammer (was ATMLinkinc/Calpop/MCI/SBC/XO/Whoa hottesttingaround) latest References: Message-ID: Berny wrote: > source 12.178.223.12 > MICHAEL SACHT JEWELERS MICHAEL-10-220 (NET-12-178-220-0-1) > 12.178.220.0 - 12.178.223.255 See spamhaus page on sacht http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27948 12.178.220.0/22 is listed on the Spamhaus Block List (SBL) 11-Jun-2005 11:45 GMT | SR02 MICHAEL SACHT JEWELERS Massive spam-source network. Senderbase: Addresses in 12.178.220.0/22 used to send email Showing 1 - 50 out of 54 http://www.senderbase.org/search?searchString=12.178.220.0&whichOthers=%2F22 Currently your 12.178.223.12 doesn't show any significant activity. Some people in nanae are critical of senderbase's accuracy. -- Mike Easter kibitzer, not SC admin From devnull at spamcop.net Sat Jun 11 10:13:21 2005 From: devnull at spamcop.net (Frog Prince) Date: Sat Jun 11 09:45:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Doug Thegarden" | > Not to be pedantic, but since when is acquaintance = friend? | To be pedantic: | | friend n. | | A person whom one knows; an *acquaintance*. (American Heritage Dictionary) | acquaintance (Concise Oxford Dictionary) | an intimate acquaintance (Chambers 20th Century Dictionary) | | You were saying? | | Doug ;-) One might be acquainted with someone (GWB for example) does that make them a friend? From r_buecheler at hotmail.com Sat Jun 11 10:59:58 2005 From: r_buecheler at hotmail.com (Robi) Date: Sat Jun 11 11:05:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Doug Thegarden wrote in message news:d8eijb$56s$1@news.spamcop.net... > Robi wrote: >> >> Not to be pedantic, but since when is acquaintance = friend? >> > > To be pedantic: > > friend n. > > A person whom one knows; an *acquaintance*. (American Heritage Dictionary) > > acquaintance (Concise Oxford Dictionary) > > an intimate acquaintance (Chambers 20th Century Dictionary) > > You were saying? yes, a friend might be an acquaintance, but an acquaintance is not necessarily a friend > > Doug ;-) >From WordNet (r) 2.0 (wn) acquaintance n 1: personal knowledge or information about someone or something [syn: {familiarity}, {conversance}, {conversancy}] 2: a relationship less intimate than friendship [syn: {acquaintanceship}] 3: a person with whom you are acquainted; "I have trouble remembering the names of all my acquaintances"; >From THE DEVIL'S DICTIONARY ((C)1911 Released April 15 1993) (devils) ACQUAINTANCE, n. A person whom we know well enough to borrow from, but not well enough to lend to. A degree of friendship called slight when its object is poor or obscure, and intimate when he is rich or famous. -------------------- now before you say there it is, friendship -> friend I hate it when someone who I barely know calls me friend. Acquaintance, that's ok - occasionally we talk. ;-) a "degree of friendship" is like a thermometer where 30 degrees can be freezing cold or pretty hot; this of course if one is Farenheit and the other Celsius. It is also like 18 degrees Celsius; companies tend to set the office temperature to 18 Celsius, which for me is way too cold and uncomfortable, whereas others see it just right. For some an acquaintance might be a friend, whereas to others a friend is more than just an acquaintance. english is such a weird language with words that have weird meanings The shower was in the show room but nobody paid any attention to his exhibitions but I digress From yeah at right.com Sat Jun 11 09:05:28 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 11:10:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Doug Thegarden" wrote in message news:d8e905$vv1$1@news.spamcop.net... > > Its funny how people often refer to themselves as "a friend of mine" He's not a friend, dumbass. He's an ASSHOLE. Perhaps you need to re-read my original post. > when they want to ask an embarassing question. Embarassed? Where did you get the idea I was embarassed? I want to nail this asshole, plain and simple. From DougThegarden at invalid.com Sat Jun 11 17:06:42 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Jun 11 11:10:14 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Robi wrote: > > I hate it when someone who I barely know calls me friend. > What have you got against the Quakers, Friend Robi? > > english is such a weird language with words that have weird meanings > > The shower was in the show room but nobody paid any attention to his > exhibitions > You mean like driving on the parkway and parking on the driveway? Doug ;-) From yeah at right.com Sat Jun 11 09:12:44 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 11:15:05 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Mike Easter" wrote in message news:d8eg3f$3tj$1@news.spamcop.net... > > - how do you /know/ you have an address? Because I have it on a business card sitting right in front of me. > - you're in the wrong group for seeking internet abuse Really? I thought a group like this would have alot of information about spam. Guess not. > - if you get yourself involved in escalating newsgroup spats I just asked a question. You started the spat, dumbass. Perhaps you should also re-read my original message. Jeeze, is everybody in this group fucking stupid? > you may get in trouble with your own provider Oh, so now you're going to try to make trouble for me? > - or retaliation if it's someone who's better at it than you are OOOOOOOOOOOOOOO, you SCARE me! Got any more threats you'd like to make to me? From yeah at right.com Sat Jun 11 09:16:10 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 11:20:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Robi" wrote in message news:d8eg8l$416$1@news.spamcop.net... > > Spaz, you might want to consult a shrink; why would you ask such a > question > in the anti-spam community? All I asked is if you know of a website that's notorious for taking an email address and sending it to the spammers. > It's like asking about having an abortion to an anti-abortion activist. Ya, but this asshole is someone who DESERVES it. > Unless you're a troll, but then you need to go back under the tree or > boulder > you came from FUCK YOU, ASSHOLE! From steve at prolynx.com Sat Jun 11 10:42:50 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 11:45:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: You're singing my tune John. I've been posting to Usenet for 12 years now and I proudly don't follow netiquette faithfully (as has been seen). I know what 'netiquette' is, and I've seen how some people that push the heck out of it to the point they often fail good 'netiquette' themselves. My view is that the most important netiquette of all is not to be rude to your fellow posters. Frankly, it's true that top-posting can be viewed as an easier way to read a post. I used to post the other way that the browbeaters are indicating they want to see, but it's more labor-intensive. There's no reason I have to hit every point of their posts when I reply. "John Richards" wrote in message news:d8ch4q$2j4$1@news.spamcop.net... > Cat wrote: > > You have to understand that > > when you insist on top posting while everyone else is posting in logical > > order with comments added below each quoted point and unnecessary > > parts snipped out > > That's quite an assumption. Unfortunately "everyone else", even in this > newsgroup does not snip out all unnnecesssary parts. Even the post > of yours that I'm replying to had so much quoted text that I had to > scroll down to see all of the reply. I hate scrolling through messy quoted > text. I already was familiar with the comment you were responding to, > so it wasn't necessary for me to read the quoted text. Unless you > suffer from really poor recollection you shouldn't need to reread text > you've read moments before in a prior post. > > -- > John Richards > > > From steve at prolynx.com Sat Jun 11 10:43:58 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 11:45:17 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Same to you. C'ya! "Steven Maesslein" wrote in message news:slrndaijc6.qqt.nobody@127.0.0.1... > On Thu, 9 Jun 2005 21:01:23 -0600, Steve Sybesma coughed into spamcop > and left this in : > > > I post the way I want to post and if someone doesn't like it, well, > > that's basically too bad. > > I'm not anal retentive or pedantic and I don't have that much respect > > for people that are. > > s/that are// > > <*PLONK*> > > -- > Steve > > The three "R"s of Microsoft support: > Retry, Reboot, Reinstall. From r_buecheler at hotmail.com Sat Jun 11 11:46:06 2005 From: r_buecheler at hotmail.com (Robi) Date: Sat Jun 11 11:50:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Spaz wrote in message news:d8ev7o$bqf$1@news.spamcop.net... > Robi wrote in message news:d8eg8l$416$1@news.spamcop.net... >> >> Spaz, you might want to consult a shrink; why would you ask such a >> question in the anti-spam community? > > All I asked is if you know of a website that's notorious for taking an email > address and sending it to the spammers. I don't see any reason why someone (you) would want to sink to the lowest level of scum. >> It's like asking about having an abortion to an anti-abortion activist. > > Ya, but this asshole is someone who DESERVES it. > >> Unless you're a troll, but then you need to go back under the tree or >> boulder >> you came from > > FUCK YOU, ASSHOLE! See, I was going to suggest a few possibilities you could do, but ISTM that you have your own business card in front of you and you are talking about yourself. furrfu! What a luser. I'm outta here. From steve at prolynx.com Sat Jun 11 10:51:01 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 11:55:04 2005 Subject: [SpamCop-List] Re: automation Message-ID: By all means. Kill file me. You and all your ilk, that is if my top-posting just trips you up that much. I'd advise you to get past it and not miss anything. I tend to think that people who can think outside of an imposed limitation of posting style, are the same people that come up with new ideas and fixes for things. The world is run by people with average IQs who often can't think outside the box. I tend to think in a big-picture and linear style and my postings reflects that. I don't like a lot of broken discourse. From: "Cat" Subject: Re: automation Date: Thursday, June 09, 2005 11:50 PM Steve Sybesma wrote: > Just for my part, if I might further add two cents to the destruction of > this thread's purpose: > I post the way I want to post and if someone doesn't like it, well, > that's basically too bad. > I'm not anal retentive or pedantic and I don't have that much respect > for people that are. > > I was looking for info. The usefulness of a newsgroup consists of people > trading useful info, > not in browbeating over utter pettiness and triviality. > > If it happened that valuable info came to you chopped up in a way that > offended your uppity > sensibilities, well get over it because you're going to end up on the > losing end of the trade. I don't see how anyone was being "uppity" to you, as you put it, but you should understand that your continued insistance on top posting will most likely land you in the killfiles of those who are best qualified to help you when you have a serious problem. You have to understand that when you insist on top posting while everyone else is posting in logical order with comments added below each quoted point and unnecessary parts snipped out, it makes it a whole lot harder to understand the context of your posts and forces people to waste time trying to make sense of your posts. You have to understand that if you think constructing your messages in a better, more logical order for newsgroup posting is beneath you, then don't be surprised when everyone else finds it beneath themselves to read your message. Sorry to put it that way, but that's pretty much the reaction you'll get if you can't be polite to other people here. Check out these links for top posting netiquette: http://linux.sgms-centre.com/misc/netiquette.php (specifically #6) http://www.river.com/users/share/etiquette/ (#1 and #2) From nobody at nowhere.invalid Sat Jun 11 19:27:32 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sat Jun 11 12:30:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: On Sat, 11 Jun 2005 16:06:42 +0100, Doug Thegarden coughed into spamcop and left this in : >> english is such a weird language with words that have weird meanings >> >> The shower was in the show room but nobody paid any attention to his >> exhibitions > > You mean like driving on the parkway and parking on the driveway? Or sending something by ship and calling it cargo, or sending it by car and calling it a shipment. -- Steve In most countries selling harmful things like drugs is punishable. Then how come people can sell Microsoft software and go unpunished? -- Hasse Skrifvars From DougThegarden at invalid.com Sat Jun 11 18:44:40 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Jun 11 12:45:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Spaz wrote: > "Doug Thegarden" wrote in message > news:d8e905$vv1$1@news.spamcop.net... > >>Its funny how people often refer to themselves as "a friend of mine" > > > He's not a friend, dumbass. He's an ASSHOLE. Perhaps you need to re-read > my original post. > > >>when they want to ask an embarassing question. > > > Embarassed? Where did you get the idea I was embarassed? I want to nail > this asshole, plain and simple. > > Whoosh!!!!! Doug From DougThegarden at invalid.com Sat Jun 11 18:48:31 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sat Jun 11 12:50:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Spaz wrote: > > FUCK YOU, ASSHOLE! > > You are cyclotouriste and ICMFP http://makeashorterlink.com/?B52012E3B (one of the funniest forum threads I've read in a long while) Doug From jeffclarke at ntlworld.com Sat Jun 11 19:10:40 2005 From: jeffclarke at ntlworld.com (Jeff Clarke) Date: Sat Jun 11 13:15:02 2005 Subject: [SpamCop-List] Request for help Message-ID: I am a recent lurker to this forum who is now seeking some advice/guidance on using Spamcop from within Mail Washer Pro. I am a registered user of MWP and have a Spamcop account which allows me to send spam email straight from the MWP Preview Pane to Spamcop. This has worked very well, with receipt of the email "Spamcop has accepted..." usually very quickly. Following the supplied link has enabled reporting to be done quickly and without hassle. In recent weeks two problems have started. First, no response emails were being received from Spamcop. Investigating this on spamcop.net my account page told me my SMTP address was wrong. It wasn't but I reset it and now the acceptance emails are being received again. However, on clicking the link to report the spam on each occasion recently one line of the reporting page says "No source IP address found, cannot proceed". I have also tried copy/pasting the same emails into Spamcop with the same result. MWP should send the whole message, I think; I have copied/pasted from the Message Source page in OE. I am a relative novice in the field of spam reporting; discussion of "parsing" and other techniques on this forum means very little to me so if anyone could talk me slowly through what might be wrong with my submissions to spamcop I would be very grateful. From MikeE at ster.invalid Sat Jun 11 11:57:27 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 14:00:04 2005 Subject: [SpamCop-List] Re: Request for help References: Message-ID: Jeff Clarke wrote: > I am a recent lurker to this forum who is now seeking some > advice/guidance on using Spamcop from within Mail Washer Pro. This seems like a MWP question rather than a SC question. The issue is that SC isn't getting a proper item to parse from MWP, I think. > However, on clicking the link to report the spam on each occasion > recently one line of the reporting page says "No source IP address > found, cannot proceed". I have also tried copy/pasting the same > emails into Spamcop with the same result. MWP should send the whole > message, I think; I have copied/pasted from the Message Source page > in OE. I'm not sure I understand all parts of the 2nd half of that par. If you receive an item in OE and putting it into the webparser gives a result of no source IP address, then the fault lies at how the server stamped its line and we should examine such an item by your pasting its tracker^1 here. If MWP sends an item to SC and you get a no source IP address, but the same item submitted by pasting from OE gives a proper report, then the problem lies with MWP and the way to troubleshoot a MWP induced problem would be to have MWP send the item it is sending to SC to your own address so you can look at what is wrong with it -- or to paste the tracker for the MWP sent item here, perhaps pasting both the OE tracker above and the MWP tracker just described for the same item. ^1 A tracker link is at the top of a parse result in this environment. Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z773461900z01c46ac69539f51ad885c14087bfc12az -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 11 12:01:47 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 14:05:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > By all means. Kill file me. You and all your ilk, that is > if my top-posting just trips you up that much. Your topposting is self-centered and screws up a conversation we all all trying to have.. Read this from the news.newusers.questions faq http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings Q2: How should I use the quoted text and arrange it with my own text? Q7: Why shouldn't I put my comments above the quoted material? Q10: Shouldn't we be paying attention to what a person says, rather than the cosmetic details of how it's said? -- Mike Easter kibitzer, not SC admin From steve at prolynx.com Sat Jun 11 13:13:23 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 14:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Your rudeness is self-centered. Also, speak for yourself and not others. Not everyone agrees with you. I'm not hard on other people's posting styles, so you need to stop being hard on mine. Also, I'm not a 'newbie'. I'm more of a rebel. ;-) "Mike Easter" wrote in message news:d8f8u9$iff$1@news.spamcop.net... > Steve Sybesma wrote: > > By all means. Kill file me. You and all your ilk, that is > > if my top-posting just trips you up that much. > > Your topposting is self-centered and screws up a conversation we all all > trying to have.. > > Read this from the news.newusers.questions faq > http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in > Newsgroup Postings > > Q2: How should I use the quoted text and arrange it with my own text? > Q7: Why shouldn't I put my comments above the quoted material? > Q10: Shouldn't we be paying attention to what a person says, rather than > the cosmetic details of how it's said? > > -- > Mike Easter > kibitzer, not SC admin > > From steve at prolynx.com Sat Jun 11 13:19:09 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 14:20:04 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Furthermore, I started this thread, and YOU personally ruined it by your stinking uppity attitude. "Mike Easter" wrote in message news:d8f8u9$iff$1@news.spamcop.net... > Steve Sybesma wrote: > > By all means. Kill file me. You and all your ilk, that is > > if my top-posting just trips you up that much. > > Your topposting is self-centered and screws up a conversation we all all > trying to have.. > > Read this from the news.newusers.questions faq > http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in > Newsgroup Postings > > Q2: How should I use the quoted text and arrange it with my own text? > Q7: Why shouldn't I put my comments above the quoted material? > Q10: Shouldn't we be paying attention to what a person says, rather than > the cosmetic details of how it's said? > > -- > Mike Easter > kibitzer, not SC admin > > From MikeE at ster.invalid Sat Jun 11 12:19:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 14:20:14 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Spaz wrote: > "Mike Easter" >> - if you get yourself involved in escalating newsgroup spats I wasn't talking about this spat, I was talking about your other spats in other newsgroups. I assumed you were wanting to cause trouble for someone in one of the newsgroups where you get into disagreements. http://snipurl.com/fief http://snipurl.com/fiee alt.battlestar-galactica http://snipurl.com/fiel soc.culture.palestine + zany crossposted groups in both > I just asked a question. You started the spat, dumbass. Perhaps you > should also re-read my original message. Jeeze, is everybody in > this group fucking stupid? > >> you may get in trouble with your own provider > > Oh, so now you're going to try to make trouble for me? You misunderstand me, but it isn't important. >> - or retaliation if it's someone who's better at it than you are > > OOOOOOOOOOOOOOO, you SCARE me! Got any more threats you'd like to > make to me? I wasn't threatening you. I don't threaten. I just ignore. I was talking about people who use the internet to cause trouble get into trouble with their own provider and also stir up retaliation by the person they are causing trouble. -- Mike Easter kibitzer, not SC admin From steve at prolynx.com Sat Jun 11 13:30:25 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 14:35:02 2005 Subject: [SpamCop-List] Automation Message-ID: Here we go again folks: (Browbeaters use your kill files please.) I use Win98SE and OE6. (By preference, not necessity.) Looking for some way to automate the sending of spam to the 'quick' e-mail address I use for SpamCop. I would like to selectively highlight mail that I consider spam (which is why I don't want to use a program like MailWasher, etc.), then be able to right-click and have a context menu item similar to "Forward As Attachment" which takes it the next few steps so that I don't have to select the group send that I use (SpamCop, the FTC and my ISP) and I don't have to hit 'Send'. I want to make it every bit as easy to report spam as it is to delete it. This will be an encouragement to anyone who still uses Outlook Express 6 to do their spam reports. Steve Thornton, CO From steve at prolynx.com Sat Jun 11 13:38:15 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 14:40:03 2005 Subject: [SpamCop-List] Re: Automation References: Message-ID: I forgot. At the end it should Delete after it performs Send. "Steve Sybesma" wrote in message news:d8fak1$jhs$1@news.spamcop.net... > Here we go again folks: > > (Browbeaters use your kill files please.) > > I use Win98SE and OE6. > (By preference, not necessity.) > > Looking for some way to automate > the sending of spam to the 'quick' > e-mail address I use for SpamCop. > > I would like to selectively highlight > mail that I consider spam (which is > why I don't want to use a program > like MailWasher, etc.), then be able > to right-click and have a context menu > item similar to "Forward As Attachment" > which takes it the next few steps so that > I don't have to select the group send that > I use (SpamCop, the FTC and my ISP) > and I don't have to hit 'Send'. > > I want to make it every bit as easy to > report spam as it is to delete it. This will > be an encouragement to anyone who > still uses Outlook Express 6 to do their > spam reports. > > Steve > Thornton, CO > > From jeffclarke at ntlworld.com Sat Jun 11 20:57:51 2005 From: jeffclarke at ntlworld.com (Jeff Clarke) Date: Sat Jun 11 15:00:02 2005 Subject: [SpamCop-List] Re: Request for help References: Message-ID: "Mike Easter" wrote in message news:d8f8m5$i37$1@news.spamcop.net... > Jeff Clarke wrote: >> I am a recent lurker to this forum who is now seeking some >> advice/guidance on using Spamcop from within Mail Washer Pro. > > This seems like a MWP question rather than a SC question. > > The issue is that SC isn't getting a proper item to parse from MWP, I > think. I would agree, except that I get the same result whether sending from MWP or copy/pasting from OE. > >> However, on clicking the link to report the spam on each occasion >> recently one line of the reporting page says "No source IP address >> found, cannot proceed". I have also tried copy/pasting the same >> emails into Spamcop with the same result. MWP should send the whole >> message, I think; I have copied/pasted from the Message Source page >> in OE. > > I'm not sure I understand all parts of the 2nd half of that par. > > If you receive an item in OE and putting it into the webparser gives a > result of no source IP address, then the fault lies at how the server > stamped its line and we should examine such an item by your pasting its > tracker^1 here. I hope I understand what you are asking for: http://www.spamcop.net/sc?id=z773875913z6447a1f30d848b63aac6f5962acdf3d3z > > If MWP sends an item to SC and you get a no source IP address, but the > same item submitted by pasting from OE gives a proper report, then the > problem lies with MWP and the way to troubleshoot a MWP induced problem > would be to have MWP send the item it is sending to SC to your own > address so you can look at what is wrong with it -- or to paste the > tracker for the MWP sent item here, perhaps pasting both the OE tracker > above and the MWP tracker just described for the same item. See comment above, (The result is the same whether copy/pasted from OE or sent straight from MWP_ > > > ^1 A tracker link is at the top of a parse result in this environment. > > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z773461900z01c46ac69539f51ad885c14087bfc12az > > > -- > Mike Easter > kibitzer, not SC admin > > Thanks for any assistance From MikeE at ster.invalid Sat Jun 11 13:17:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 15:20:03 2005 Subject: [SpamCop-List] Re: Request for help References: Message-ID: Jeff Clarke wrote: > "Mike Easter" >> If you receive an item in OE and putting it into the webparser gives >> a result of no source IP address, then the fault lies at how the >> server stamped its line and we should examine such an item by your >> pasting its tracker^1 here. > > I hope I understand what you are asking for: > http://www.spamcop.net/sc?id=z773875913z6447a1f30d848b63aac6f5962acdf3d3z I like to talk about Received headers by abbreviating them and just displaying the 'from' and 'by' fields Abbreviated Received headers *comment from aamta01-winn.ispmail.ntl.com ([81.103.221.35]) by mta05-winn.ispmail.ntl.com *serves you from [81.103.221.10] (really [218.1.150.77]) by aamta01-winn.ispmail.ntl.com *sourceline, flakey stamp Those headers show 218.1.150.77 source [calling itself 81.103.221.10 in its bogus helo] to your ntl server which passed it to a different ntl. That 'really' business in the 2nd 'from field is odd, but I don't know if it is the cause, see below. Your tracker is that of a mailhost, and apparently SC doesn't like the 2nd line in mailhost configuration. I'm not mailhosted, so I can parse the item and SC will provide a correct result http://www.spamcop.net/sc?id=z773915609z4b670f1a92c03e758f8477528edd3749z If reported today, reports would be sent to: Re: 218.1.150.77 (Administrator of network where email originates) SC handles mailhosts differently than non-mailhosts in several regards, so I'm not sure if the barf/choke is because of the flakey configuration of 'really [218.1.150.77]' or something else that I'm not seeing. Sometimes a deputy has to handle a mailhost issue. Do you have any more items to send thru' the tracker to see if this 'really' business is being stamped every time? -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Sat Jun 11 16:18:06 2005 From: eddie at eddie.web (eddie) Date: Sat Jun 11 15:20:13 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: On Fri, 10 Jun 2005 23:36:39 -0700, Spaz scratched out the following: > A certain acquaintance of mine is a total ASSHOLE! I want to spam the > SHIT out of his email box, and I know his email address. Is there a good > place on the internet where I can enter his email address so the spammers > can spam the shit out of this fucker? Sure - just post your email address here and we will take care of the whole situation promptly. We will email you the instructions. -- Once movie theaters gave out steak knives Today they confiscate them From MikeE at ster.invalid Sat Jun 11 13:43:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 15:45:03 2005 Subject: [SpamCop-List] Re: Request for help References: Message-ID: Mike Easter wrote: > Abbreviated Received headers *comment > from aamta01-winn.ispmail.ntl.com ([81.103.221.35]) by > mta05-winn.ispmail.ntl.com *serves you > from [81.103.221.10] (really [218.1.150.77]) by > aamta01-winn.ispmail.ntl.com *sourceline, flakey stamp > Your tracker is that of a mailhost, and apparently SC doesn't like the > 2nd line in mailhost configuration. I'm not mailhosted, so I can > parse the item and SC will provide a correct result We can't always tell which line SC chokes on, but it might be the first line Parsing header: 0: Received: from aamta01-winn.ispmail.ntl.com ([81.103.221.35]) by mta05-winn.ispmail.ntl.com with ESMTP id <20050611151334.NVOA5816.mta05-winn.ispmail.ntl.com@aamta01-winn.ispmail .ntl.com> for ; Sat, 11 Jun 2005 16:13:34 +0100 Hostname verified: host81-103-221-35.not-set-yet.ntli.net Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header What is going on there looks like SC doesn't like the topline, which resolves 'strangely' to me. What's with this 'ntli.net' instead of ntl.net? But, anyway, whyever ntl chooses to have ntli, SC doesn't mind it when it parses not as a mailhost, this shows the topline being accepted. 81.103.221.35 found host 81.103.221.35 = host81-103-221-35.not-set-yet.ntli.net (cached) host81-103-221-35.not-set-yet.ntli.net is 81.103.221.35 Possible spammer: 81.103.221.35 Received line accepted Relay trusted (81.103.221.35) That step isn't happening on your mailhosted parse, so the parser has nothing to work with because you are mailhosted and your mailhost didn't get accepted. It looks like you need to be reconfiguring your mailhost, but I don't know if they all look the same or not. Where 'they all' means if all of the headers from your mailhost look the same. -- Mike Easter kibitzer, not SC admin From Ilgaz at spamcop.net Sun Jun 12 00:23:34 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Sat Jun 11 16:25:03 2005 Subject: [SpamCop-List] Re: Help! - Mortgage offers References: Message-ID: On 2005-06-09 20:59:10 +0300, "IHateSpam" said: > Help!!!! I'm being flooded by those stupid mortgage offers... and I > don't even own a home. Today I got 20 spams in the morning and 12 of > them were mortgage offers. Yes, I'm submitting to Spamcop but I've > submitted literally hundreds and hundreds of spams from these peole and > nothing has changed. So I decided to try one of their removal pages. > I know, I know... dumb idea. Now they've doubled their spam. Anyone > know how to get them off your back? Please? Any advice? > Hi, Just don't forget english is not my native language, so the thing worked for me would create problems. I think their "Season" came again. At yahoo, I have setup a filter as "if it contains mortgage word trash it". Should be easier on your actual mail program. The problem is, do you get or will get a legit mail having that word? Ilgaz From kimandre at NOSPAMbetadome.com Sun Jun 12 01:01:28 2005 From: kimandre at NOSPAMbetadome.com (Kim André Akerø) Date: Sat Jun 11 18:05:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Spaz" skrev i melding news:d8ev1a$bjl$1@news.spamcop.net... > "Mike Easter" wrote in message > news:d8eg3f$3tj$1@news.spamcop.net... > > > > - how do you /know/ you have an address? > > Because I have it on a business card sitting right in front of me. And you think filling his inbox with spam is going to make him less of an "asshole" (as you're calling him)? > > - you're in the wrong group for seeking internet abuse > > Really? I thought a group like this would have alot of information about > spam. Guess not. Yes, but this is like asking a police officer or crime scene investigator how to perform the perfect crime or for a person or organization to perform a perfect crime for you. Or even asking a firefighter where to find an arsonist to set fire to someone's house. > > - if you get yourself involved in escalating newsgroup spats > I just asked a question. You started the spat, dumbass. Perhaps you should > also re-read my original message. Jeeze, is everybody in this group > fucking stupid? > > > you may get in trouble with your own provider > > Oh, so now you're going to try to make trouble for me? He never did say that. Someone who's the source of unsolicited e-mail messages is bound to be punished, one way or another. And then by the person who reports in to the proper authorities. What if your "aquaintance" is a regular reader/poster of the spamcop newsgroups? He'll know who to blame the second the amount of spam is his inbox escalates. > > - or retaliation if it's someone who's better at it than you are > > OOOOOOOOOOOOOOO, you SCARE me! Got any more threats you'd like to make to > me? He never did threaten you. Get your facts straight. He just says, in his own words, "what goes around, comes around". Any illegal and/or immoral scheme is bound to backfire at some point or another. Your proposed victim might have better contacts or knowledge than you in the Internet industry, which might make him able to trace back the perpetrator (in this case, you) and get your Internet connection disappear due to breaches in your terms of service with your Internet service provider. -- Kim André Akerø - kimandre@NOSPAMbetadome.com (remove NOSPAM to contact me directly) From yeah at right.com Sat Jun 11 19:17:41 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 21:20:02 2005 Subject: [SpamCop-List] Re: Automation References: Message-ID: "Steve Sybesma" wrote in message news:d8fak1$jhs$1@news.spamcop.net... > Here we go again folks: > > (Browbeaters use your kill files please.) > > I use Win98SE and OE6. > (By preference, not necessity.) No wonder you're having problems. From nobody at devnull.spamcop.net Sat Jun 11 21:30:31 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 21:35:04 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: John Richards wrote: > Cat wrote: > >> You have to understand that >> when you insist on top posting while everyone else is posting in logical >> order with comments added below each quoted point and unnecessary >> parts snipped out > > > That's quite an assumption. Assumption of what? > Unfortunately "everyone else", even in this > newsgroup does not snip out all unnnecesssary parts. I actually have at least one long time regular in my killfile for repeatedly quoting things several posts deep just to reply to a very small part of a reply. Most of the people in my killfile are there for either top posting or never snipping. Most people in this newsgroup snip and post within reason and politely. > Even the post > of yours that I'm replying to had so much quoted text that I had to > scroll down to see all of the reply. I hate scrolling through messy quoted > text. Gee, eight lines of text in a paragraph and notes for a couple of helpful links under that. There was nothing messy in the quoted part that I included, and I don't think a reply of that length is anything to bother complaining about. If I had only added one line of text or less than a line, that would have been something to complain about. > I already was familiar with the comment you were responding to, so > it wasn't necessary for me to read the quoted text. Unless you > suffer from really poor recollection you shouldn't need to reread text > you've read moments before in a prior post. Since I was responding to his complaining as a whole, I couldn't decide which parts I wanted to snip and which to leave. I suppose I could have added a bit and left maybe a line, but I feel that you're just looking for an excuse to nitpick and encourage him to continue being obnoxious. From nobody at devnull.spamcop.net Sat Jun 11 21:53:11 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 21:55:03 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: (Top posting corrected AGAIN) Steve Sybesma wrote: > I've been posting to Usenet for 12 years now and I proudly don't > follow netiquette faithfully (as has been seen). Where I come from, being intentionally obnoxious and rude isn't anything to be proud of. Like I said before, don't be surprised when you post with a real problem some day and don't get the answer you hoped for because everyone who could have helped you has already added you to their killfiles. > My view is that the most important netiquette of all is not to be rude > to > your fellow posters. Funny you should talk about not being rude to fellow posters as being the most important netiquette because continued stubborn insistance on rebelling against changing your posting method falls under that "be rude to your fellow posters" thing. To quote your own words from above, "I've been posting to Usenet for 12 years now and I proudly don't follow netiquette faithfully (as has been seen)" seems pretty rude and obnoxious to me and to many other regular readers here. You should remember the "when in Rome" line of thought. > Frankly, it's true that top-posting can be viewed > as an easier way to read a post. I used to post the other way that the > browbeaters are indicating they want to see, but it's more > labor-intensive. And you don't think it's more labor intensive for people to have to reconstruct your posts in a way that makes since to keep up with the context of replies? When everyone else is posting inline quoting and snipping and someone else comes along and insists on top posting and not snipping, it causes people to have to spend extra time reading and understanding the context of your posts. If you were to go over to England, would you insist on driving on the right side of the road instead of driving on the left side like they do? That's certainly the type of attitude you're applying here. Do you regularly read pages in books and magazines from the bottom of the page to the top or answer questions on tests/forms/whatever above the question instead of below? > There's no reason I have to hit every point of their posts when I > reply. Um, please do tell where exactly you saw me say that you had to reply to every point. My exact words were "when you insist on top posting while everyone else is posting in logical order with comments added below each quoted point and unnecessary parts snipped out" which means snip what you aren't replying to and post your own comments BELOW each quoted point that you are replying to. From nobody at devnull.spamcop.net Sat Jun 11 22:11:22 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:15:03 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > My view is that the most important netiquette of all is not to be rude > to > your fellow posters. I realize that my previous reply was rather long-winded, but I'm just absolutely amazed that in the same message, you talk about not being rude to fellow posters, yet being intentionally selfish and annoying about your chosen method of posting is extremely rude. Maybe you don't mind scrolling back and forth to read comments that aren't posted in a logical order, but most of us do mind. From steve at prolynx.com Sat Jun 11 21:13:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:15:23 2005 Subject: [SpamCop-List] Re: Automation References: Message-ID: OE works just fine. I just want to do one thing, really. The one thing wouldn't justify me using Outlook, which I don't really care for. Thanks "Spaz" wrote in message news:d8g2fi$10v$1@news.spamcop.net... > "Steve Sybesma" wrote in message > news:d8fak1$jhs$1@news.spamcop.net... > > Here we go again folks: > > > > (Browbeaters use your kill files please.) > > > > I use Win98SE and OE6. > > (By preference, not necessity.) > > No wonder you're having problems. > > From steve at prolynx.com Sat Jun 11 21:14:44 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:15:28 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Well, I can't make everyone happy. ;-) "Cat" wrote in message news:d8g5k7$2ku$1@news.spamcop.net... > Steve Sybesma wrote: > > > > > My view is that the most important netiquette of all is not to be rude > > to > > your fellow posters. > > > > I realize that my previous reply was rather long-winded, but I'm just > absolutely amazed that in the same message, you talk about not being > rude to fellow posters, yet being intentionally selfish and annoying > about your chosen method of posting is extremely rude. Maybe you don't > mind scrolling back and forth to read comments that aren't posted in a > logical order, but most of us do mind. From steve at prolynx.com Sat Jun 11 21:16:29 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:20:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Cat, Either cough up your hairball and get over the top-posting bogeyman or put people that disagree with you in your killfile, OK? You're wasting my time and yours. "Cat" wrote in message news:d8g37i$1bq$1@news.spamcop.net... > John Richards wrote: > > Cat wrote: > > > >> You have to understand that > >> when you insist on top posting while everyone else is posting in logical > >> order with comments added below each quoted point and unnecessary > >> parts snipped out > > > > > > That's quite an assumption. > > Assumption of what? > > > Unfortunately "everyone else", even in this > > newsgroup does not snip out all unnnecesssary parts. > > I actually have at least one long time regular in my killfile for > repeatedly quoting things several posts deep just to reply to a very > small part of a reply. Most of the people in my killfile are there for > either top posting or never snipping. Most people in this newsgroup snip > and post within reason and politely. > > > Even the post > > of yours that I'm replying to had so much quoted text that I had to > > scroll down to see all of the reply. I hate scrolling through messy quoted > > text. > > Gee, eight lines of text in a paragraph and notes for a couple of > helpful links under that. There was nothing messy in the quoted part > that I included, and I don't think a reply of that length is anything to > bother complaining about. If I had only added one line of text or less > than a line, that would have been something to complain about. > > > I already was familiar with the comment you were responding to, so > > it wasn't necessary for me to read the quoted text. Unless you > > suffer from really poor recollection you shouldn't need to reread text > > you've read moments before in a prior post. > > Since I was responding to his complaining as a whole, I couldn't decide > which parts I wanted to snip and which to leave. I suppose I could have > added a bit and left maybe a line, but I feel > that you're just looking for an excuse to nitpick and encourage him to > continue being obnoxious. From steve at prolynx.com Sat Jun 11 21:16:52 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:20:19 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I'll let you do the work, but I'm not paying you! ;-) "Cat" wrote in message news:d8g4i2$238$1@news.spamcop.net... > (Top posting corrected AGAIN) > > Steve Sybesma wrote: > > > > > I've been posting to Usenet for 12 years now and I proudly don't > > follow netiquette faithfully (as has been seen). > > > > Where I come from, being intentionally obnoxious and rude isn't anything > to be proud of. Like I said before, don't be surprised when you post > with a real problem some day and don't get the answer you hoped for > because everyone who could have helped you has already added you to > their killfiles. > > > My view is that the most important netiquette of all is not to be rude > > to > > your fellow posters. > > Funny you should talk about not being rude to fellow posters as being > the most important netiquette because continued stubborn insistance on > rebelling against changing your posting method falls under that "be rude > to your fellow posters" thing. To quote your own words from above, "I've > been posting to Usenet for 12 years now and I proudly don't follow > netiquette faithfully (as has been seen)" seems pretty rude and > obnoxious to me and to many other regular readers here. You should > remember the "when in Rome" line of thought. > > > Frankly, it's true that top-posting can be viewed > > as an easier way to read a post. I used to post the other way that the > > browbeaters are indicating they want to see, but it's more > > labor-intensive. > > And you don't think it's more labor intensive for people to have to > reconstruct your posts in a way that makes since to keep up with the > context of replies? When everyone else is posting inline quoting and > snipping and someone else comes along and insists on top posting and not > snipping, it causes people to have to spend extra time reading and > understanding the context of your posts. If you were to go over to > England, would you insist on driving on the right side of the road > instead of driving on the left side like they do? That's certainly the > type of attitude you're applying here. Do you regularly read pages in > books and magazines from the bottom of the page to the top or answer > questions on tests/forms/whatever above the question instead of below? > > > There's no reason I have to hit every point of their posts when I > > reply. > > Um, please do tell where exactly you saw me say that you had to reply to > every point. My exact words were "when you insist on top posting while > everyone else is posting in logical order with comments added below > each quoted point and unnecessary parts snipped out" which means snip > what you aren't replying to and post your own comments BELOW each quoted > point that you are replying to. From steve at prolynx.com Sat Jun 11 21:18:38 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:20:26 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: By the way, you seem not to have any answers. All you can seem to do is bitch. You have just as much chance of missing out as I do. "Cat" wrote in message news:d8g4i2$238$1@news.spamcop.net... > (Top posting corrected AGAIN) > > Steve Sybesma wrote: > > > > > I've been posting to Usenet for 12 years now and I proudly don't > > follow netiquette faithfully (as has been seen). > > > > Where I come from, being intentionally obnoxious and rude isn't anything > to be proud of. Like I said before, don't be surprised when you post > with a real problem some day and don't get the answer you hoped for > because everyone who could have helped you has already added you to > their killfiles. > > > My view is that the most important netiquette of all is not to be rude > > to > > your fellow posters. > > Funny you should talk about not being rude to fellow posters as being > the most important netiquette because continued stubborn insistance on > rebelling against changing your posting method falls under that "be rude > to your fellow posters" thing. To quote your own words from above, "I've > been posting to Usenet for 12 years now and I proudly don't follow > netiquette faithfully (as has been seen)" seems pretty rude and > obnoxious to me and to many other regular readers here. You should > remember the "when in Rome" line of thought. > > > Frankly, it's true that top-posting can be viewed > > as an easier way to read a post. I used to post the other way that the > > browbeaters are indicating they want to see, but it's more > > labor-intensive. > > And you don't think it's more labor intensive for people to have to > reconstruct your posts in a way that makes since to keep up with the > context of replies? When everyone else is posting inline quoting and > snipping and someone else comes along and insists on top posting and not > snipping, it causes people to have to spend extra time reading and > understanding the context of your posts. If you were to go over to > England, would you insist on driving on the right side of the road > instead of driving on the left side like they do? That's certainly the > type of attitude you're applying here. Do you regularly read pages in > books and magazines from the bottom of the page to the top or answer > questions on tests/forms/whatever above the question instead of below? > > > There's no reason I have to hit every point of their posts when I > > reply. > > Um, please do tell where exactly you saw me say that you had to reply to > every point. My exact words were "when you insist on top posting while > everyone else is posting in logical order with comments added below > each quoted point and unnecessary parts snipped out" which means snip > what you aren't replying to and post your own comments BELOW each quoted > point that you are replying to. From steve at prolynx.com Sat Jun 11 21:20:46 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:25:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Getting nasty and in-your-face as you do and telling other people how they have to post is rude, period. No one is making YOU read ANYTHING. You choose the post to read and you need to stop sniveling if it's a form you don't like. You aren't paying me. "Cat" wrote in message news:d8g5k7$2ku$1@news.spamcop.net... > Steve Sybesma wrote: > > > > > My view is that the most important netiquette of all is not to be rude > > to > > your fellow posters. > > > > I realize that my previous reply was rather long-winded, but I'm just > absolutely amazed that in the same message, you talk about not being > rude to fellow posters, yet being intentionally selfish and annoying > about your chosen method of posting is extremely rude. Maybe you don't > mind scrolling back and forth to read comments that aren't posted in a > logical order, but most of us do mind. From nobody at devnull.spamcop.net Sat Jun 11 22:21:40 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:25:22 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Your rudeness is self-centered. Mike isn't the one being rude. YOU are. If you want to talk about someone being self-centered and rude, look in a mirror. > Also, speak for yourself and not others. Mike speaks for the majority in this newsgroup. If you don't like it, no one is forcing you to stick around. > Not everyone agrees with you. There are a lot of things that people may or may not agree with, but that doesn't make it ok to do something anyway. By that argument, you could rationalize doing away with every rule or law in society because someone somewhere will do it anyway. In this case, your insistance on "not agree(ing) with" the majority is just rude. From nobody at devnull.spamcop.net Sat Jun 11 22:22:31 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:25:28 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > I'll let you do the work, but I'm not paying you! ;-) What work are you talking about? From steve at prolynx.com Sat Jun 11 21:22:41 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:25:35 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: John Richards is right. He's a voice of sanity in an uptight world run by people like you. I'm sure he can deal with worse and yet have far more grace about it than you. Kudos John! "Cat" wrote in message news:d8g37i$1bq$1@news.spamcop.net... > John Richards wrote: > > Cat wrote: > > > >> You have to understand that > >> when you insist on top posting while everyone else is posting in logical > >> order with comments added below each quoted point and unnecessary > >> parts snipped out > > > > > > That's quite an assumption. > > Assumption of what? > > > Unfortunately "everyone else", even in this > > newsgroup does not snip out all unnnecesssary parts. > > I actually have at least one long time regular in my killfile for > repeatedly quoting things several posts deep just to reply to a very > small part of a reply. Most of the people in my killfile are there for > either top posting or never snipping. Most people in this newsgroup snip > and post within reason and politely. > > > Even the post > > of yours that I'm replying to had so much quoted text that I had to > > scroll down to see all of the reply. I hate scrolling through messy quoted > > text. > > Gee, eight lines of text in a paragraph and notes for a couple of > helpful links under that. There was nothing messy in the quoted part > that I included, and I don't think a reply of that length is anything to > bother complaining about. If I had only added one line of text or less > than a line, that would have been something to complain about. > > > I already was familiar with the comment you were responding to, so > > it wasn't necessary for me to read the quoted text. Unless you > > suffer from really poor recollection you shouldn't need to reread text > > you've read moments before in a prior post. > > Since I was responding to his complaining as a whole, I couldn't decide > which parts I wanted to snip and which to leave. I suppose I could have > added a bit and left maybe a line, but I feel > that you're just looking for an excuse to nitpick and encourage him to > continue being obnoxious. From nobody at devnull.spamcop.net Sat Jun 11 22:23:31 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:25:42 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > By the way, you seem not to have any answers. All you can seem to do > is bitch. Obviously, things aren't always as they seem. > You have just as much chance of missing out as I do. Missing out on what? From steve at prolynx.com Sat Jun 11 21:26:13 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:30:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: You wrote: "(Top posting corrected AGAIN)" ...on your previous post "Cat" wrote in message news:d8g692$3c9$2@news.spamcop.net... > Steve Sybesma wrote: > > I'll let you do the work, but I'm not paying you! ;-) > > What work are you talking about? From steve at prolynx.com Sat Jun 11 21:28:11 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:30:17 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Keep in mind your threats of retaliation (aka killfile) works both ways. That's what I'm saying. You have not shown to offer anymore than I'm able to offer. I've been at this newsgroup stuff possibly longer than you, and I have expertise in areas you might be able to make use of. "Cat" wrote in message news:d8g6au$3c9$3@news.spamcop.net... > Steve Sybesma wrote: > > By the way, you seem not to have any answers. All you can seem to do > > is bitch. > > Obviously, things aren't always as they seem. > > > You have just as much chance of missing out as I do. > > Missing out on what? From nobody at devnull.spamcop.net Sat Jun 11 22:29:28 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:30:24 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Getting nasty and in-your-face as you do and telling other people how > they have to post is rude, period. You don't think that insisting on selfishly doing things YOUR way no matter how annoying is nasty and in-your-face rude? I am certainly not being rude to you, and if you mistakenly think than I am, then go home and cry to your mommy. I started out being very nice to you and pointing to helpful links for posting netiquette. YOU are the one who has repeatedly on doing the written equivalent of covering your ears and stomping your feet like a toddler just because several people have asked you to stop doing something and pointed to reasons why your method is undesirable. Don't blame me or Mike or anyone else for any difficulties you have in dealing with people in this newsgroup. From steve at prolynx.com Sat Jun 11 21:31:36 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:35:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: As far as mirrors: Standing right next to you of course. As far as laws in society: Get some perspective, would you? Top posting doesn't rise to the level of murder! Top posting isn't even as serious as spitting on the damned sidewalk! ;-) "Cat" wrote in message news:d8g67f$3c9$1@news.spamcop.net... > Steve Sybesma wrote: > > > Your rudeness is self-centered. > > Mike isn't the one being rude. YOU are. If you want to talk about > someone being self-centered and rude, look in a mirror. > > > Also, speak for yourself and not others. > > Mike speaks for the majority in this newsgroup. If you don't like it, no > one is forcing you to stick around. > > > Not everyone agrees with you. > > There are a lot of things that people may or may not agree with, but > that doesn't make it ok to do something anyway. By that argument, you > could rationalize doing away with every rule or law in society because > someone somewhere will do it anyway. In this case, your insistance on > "not agree(ing) with" the majority is just rude. From nobody at devnull.spamcop.net Sat Jun 11 22:35:13 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 22:40:05 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Keep in mind your threats of retaliation (aka killfile) works both > ways. That's what I'm saying. Awww, poor me. Some obnoxious selfish brat wants to killfile ME for not agreeing with his selfishness. Cry me a river. > You have not shown to offer anymore than I'm able to offer. I have yet to see you offer anything useful to this newsgroup. > I've been > at this newsgroup stuff > possibly longer than you, You shouldn't make assumptions about things which you obviously know nothing. > and I have expertise in areas you might be > able to make use of. I learn a lot in this newsgroup from plenty of other people who are much more respectful and polite to other people and much less selfish than you are. From bounces at this.address Sun Jun 12 03:37:15 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 22:40:16 2005 Subject: [SpamCop-List] Ping "spaz" - You've been outed Message-ID: Thank you for playing. Now go infest some other group. Usenet trolling: http://tinyurl.com/7g2kn http://tinyurl.com/d9jut "cyclotouriste" in this thread: http://tinyurl.com/dkotz His deranged-ramblings website: http://tinyurl.com/byyg7 More looniness: http://tinyurl.com/cndkw http://tinyurl.com/9v7lx http://tinyurl.com/acsg2 From steve at prolynx.com Sat Jun 11 21:52:26 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:55:04 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I'm not the one threatening to do that, you are. You're incapable of seeing your own hypocrisy. At least I'm honest about my intentions and don't pretend to be something I'm not. "Cat" wrote in message news:d8g70t$4kd$1@news.spamcop.net... > Steve Sybesma wrote: > > Keep in mind your threats of retaliation (aka killfile) works both > > ways. That's what I'm saying. > > Awww, poor me. Some obnoxious selfish brat wants to killfile ME for not > agreeing with his selfishness. Cry me a river. > > > > You have not shown to offer anymore than I'm able to offer. > > I have yet to see you offer anything useful to this newsgroup. > > > I've been > > at this newsgroup stuff > > possibly longer than you, > > You shouldn't make assumptions about things which you obviously know > nothing. > > > and I have expertise in areas you might be > > able to make use of. > > I learn a lot in this newsgroup from plenty of other people who are much > more respectful and polite to other people and much less selfish than > you are. From steve at prolynx.com Sat Jun 11 21:53:01 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 22:55:18 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: EVERY BIT AS RUDE AS YOU ARE, YOU HYPOCRITE! "Cat" wrote in message news:d8g6m3$42l$1@news.spamcop.net... > Steve Sybesma wrote: > > > Getting nasty and in-your-face as you do and telling other people how > > they have to post is rude, period. > > You don't think that insisting on selfishly doing things YOUR way no > matter how annoying is nasty and in-your-face rude? I am certainly not > being rude to you, and if you mistakenly think than I am, then go home > and cry to your mommy. I started out being very nice to you and pointing > to helpful links for posting netiquette. YOU are the one who has > repeatedly on doing the written equivalent of covering your ears and > stomping your feet like a toddler just because several people have asked > you to stop doing something and pointed to reasons why your method is > undesirable. Don't blame me or Mike or anyone else for any difficulties > you have in dealing with people in this newsgroup. From bounces at this.address Sun Jun 12 03:57:20 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:00:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > EVERY BIT AS RUDE AS YOU ARE, YOU HYPOCRITE! Awwwwwwwww.... Poor widdle pussyboi's getting his ass kicked by a girl. Lol! From yeah at right.com Sat Jun 11 20:59:01 2005 From: yeah at right.com (Spaz) Date: Sat Jun 11 23:00:15 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: ping your own asshole and infest yourself, jerkoff! From steve at prolynx.com Sat Jun 11 22:03:56 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:05:04 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Coward! "e-mail to this address bounces" wrote in message news:d8g89u$5gl$1@news.spamcop.net... > Steve Sybesma wrote: > > > EVERY BIT AS RUDE AS YOU ARE, YOU HYPOCRITE! > > Awwwwwwwww.... > > Poor widdle pussyboi's getting his ass kicked by a girl. Lol! From bounces at this.address Sun Jun 12 04:05:17 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:10:02 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: Spaz wrote: > ping your own asshole and infest yourself, jerkoff! Lol! Thank you for outing yourself better than we ever could. :-) Buh-bye, luser. From steve at prolynx.com Sat Jun 11 22:08:41 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:10:15 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: You are gutless and immature, whoever you are. "e-mail to this address bounces" wrote in message news:d8g8op$60f$1@news.spamcop.net... > Spaz wrote: > > > ping your own asshole and infest yourself, jerkoff! > > Lol! Thank you for outing yourself better than we ever could. :-) > > Buh-bye, luser. From bounces at this.address Sun Jun 12 04:08:55 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:10:22 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Coward! > Poltroon ! From steve at prolynx.com Sat Jun 11 22:09:58 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:10:29 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Anus! "e-mail to this address bounces" wrote in message news:d8g8vu$64p$1@news.spamcop.net... > Steve Sybesma wrote: > > > Coward! > > > > Poltroon ! From steve at prolynx.com Sat Jun 11 22:14:41 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:15:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: At least I don't change my address to get around someone's kill file, CAT! "e-mail to this address bounces" wrote in message news:d8g8vu$64p$1@news.spamcop.net... > Steve Sybesma wrote: > > > Coward! > > > > Poltroon ! From bounces at this.address Sun Jun 12 04:16:42 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:20:03 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Anus! If you're going to solicit people for gay sex you might have better luck with someone who swings that way. But figures that an asshole would be obsessed with "anus". Lol! From bounces at this.address Sun Jun 12 04:18:46 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:20:16 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > CAT! PUSSY! From steve at prolynx.com Sat Jun 11 22:20:31 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:25:05 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Homo? Not me, thank you. "e-mail to this address bounces" wrote in message news:d8g9eg$6pc$1@news.spamcop.net... > Steve Sybesma wrote: > > > Anus! > > If you're going to solicit people for gay sex you might have > better luck with someone who swings that way. > > But figures that an asshole would be obsessed with "anus". Lol! From bounces at this.address Sun Jun 12 04:21:04 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:25:30 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: Steve Sybesma wrote: > You are gutless and immature, whoever you are. And you're a pathetic little nancyboi who's whining because he got beat up by a girl. Lol! From steve at prolynx.com Sat Jun 11 22:21:47 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:25:38 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I'll accept DICK, but not PUSSY, PUSSY! People who call others PUSSY make the assumption that in a face to face meeting, they'd come out standing up. You'd be down on your knees. "e-mail to this address bounces" wrote in message news:d8g9i4$6q2$1@news.spamcop.net... > Steve Sybesma wrote: > > > CAT! > > PUSSY! From steve at prolynx.com Sat Jun 11 22:22:53 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:25:45 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: You got beat up by what? My dick? ROFLMAO "e-mail to this address bounces" wrote in message news:d8g9mt$70h$1@news.spamcop.net... > Steve Sybesma wrote: > > > You are gutless and immature, whoever you are. > > And you're a pathetic little nancyboi who's whining because he got > beat up by a girl. Lol! From bounces at this.address Sun Jun 12 04:23:32 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:25:50 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Homo? Not me, thank you. In denial? That's even worse than admitting to being gay, fagboi. From steve at prolynx.com Sat Jun 11 22:24:58 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:25:57 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Wow! That one backfired! ROFLMAO Anyway, you can call me a DICK any time you want, PUSSY! "Steve Sybesma" wrote in message news:d8g9oa$751$1@news.spamcop.net... > I'll accept DICK, but not PUSSY, PUSSY! > > People who call others PUSSY make the assumption that in a face to > face meeting, they'd come out standing up. > > You'd be down on your knees. > > "e-mail to this address bounces" wrote in > message news:d8g9i4$6q2$1@news.spamcop.net... > > Steve Sybesma wrote: > > > > > CAT! > > > > PUSSY! > > From steve at prolynx.com Sat Jun 11 22:25:57 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:30:04 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: I'm done with you, CAT TROLL! "e-mail to this address bounces" wrote in message news:d8g9rg$75m$1@news.spamcop.net... > Steve Sybesma wrote: > > > Homo? Not me, thank you. > > In denial? That's even worse than admitting to being gay, fagboi. From bounces at this.address Sun Jun 12 04:26:07 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:30:24 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I'll accept DICK, but not PUSSY, PUSSY! See, I knew you were a gayboi. > People who call others PUSSY make the assumption that in a face to > face meeting, they'd come out standing up. > > You'd be down on your knees. /me zips up pants. Now wipe off your chin, sonny. From bounces at this.address Sun Jun 12 04:28:15 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:30:32 2005 Subject: [SpamCop-List] Re: Ping "spaz" - You've been outed References: Message-ID: Steve Sybesma wrote: > You got beat up by what? My dick? Grow one and then maybe we'll have something to talk about. From nobody at devnull.spamcop.net Sat Jun 11 23:29:26 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 23:30:38 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > At least I don't change my address to get around someone's kill file, > CAT! You need to be careful about wrongfully accusing people. If you think those other replies to you are me under a different posting name and address, then you aren't particularly bright. Look at the full headers on my posts and the other posts, and you can see that's not me. For someone who claims to be such a self-important know-it-all, you aren't too bright or you'd have known to look at the posting headers. Now you owe me an apology for accusing me of changing my posting name and address. From bounces at this.address Sun Jun 12 04:30:10 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:35:05 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > I'm done with you, CAT TROLL! You don't read headers very well, do you pussyboi? From steve at prolynx.com Sat Jun 11 22:31:11 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:35:22 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: You owe me an apology too, so I'm calling it even, even if you won't. "Cat" wrote in message news:d8ga6h$7rg$1@news.spamcop.net... > Steve Sybesma wrote: > > At least I don't change my address to get around someone's kill file, > > CAT! > > You need to be careful about wrongfully accusing people. If you think > those other replies to you are me under a different posting name and > address, then you aren't particularly bright. Look at the full headers > on my posts and the other posts, and you can see that's not me. For > someone who claims to be such a self-important know-it-all, you aren't > too bright or you'd have known to look at the posting headers. Now you > owe me an apology for accusing me of changing my posting name and address. From nobody at devnull.spamcop.net Sat Jun 11 23:33:17 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sat Jun 11 23:35:30 2005 Subject: [SpamCop-List] Re: automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > I'm done with you, CAT TROLL! That's not me, you friggin' moron! Learn how to read e-mail headers! Or maybe this will be more on your line of understanding: !headers e-mail read to how Learn !moron friggin' you, me not That's From bounces at this.address Sun Jun 12 04:34:00 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sat Jun 11 23:35:38 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: Steve Sybesma wrote: > Wow! That one backfired! Nice self-spank there, pussyboi. Got any more devastating lames up your sleeve? I'd suggest you go play in the litterbox but Cat would bury you. Lol! From MikeE at ster.invalid Sat Jun 11 21:37:32 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 23:40:05 2005 Subject: [SpamCop-List] Top posting works in a few places. Not here. Message-ID: Top posting works in a few places. Some corporate email systems require a top posting compliance which maintains whatever was written before in 'unblemished' and intact fashion under a corresponding post -- the so called corporate TOFU - text over fullquote under. That corporate environment's enforcement for its email causes some emailers to habitually email correspond with top posting. The resemblance between email and news and the 'rigidification' of habits leads to some very small number of newsgroups where top posting is actually preferred. However, top posting doesn't fit at all into a trimmed contextualized conversation which is the standard for newgroup posts, which are conversational, not corporate tofu. In almost all newsgroups top posting simply doesn't work. Can't work. In those groups it is necessary to both trim and contextualize for the flow and sequence of the conversation about very specific and precise line entities, such as Received lines or other precise elements of a spam header. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 11 21:39:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 23:40:17 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Mike Easter wrote: > In almost all newsgroups top posting simply doesn't work. Can't work. A post at the top lacks the contextualization, to say nothing of the trimming and disrupts the function. It isn't a matter of 'opinion' - like which is prettier, blue or green - or that anyone who wants to post this way can do this, and anyone who wants to post that way can do that - anymore than it is 'freestyle' about which side of the road you drive on. When you are in a country in which you drive on the right, you drive on the right. When you are in a country in which you drive on the left, you drive on the left. One can't say, 'I'm a bit of a rebel, so I'm going to drive on the left on these right side driving roads and everyone else should just dodge and dart haphazardly around me.' Or maybe the whole country should change to suit the rebel's tastes. Some top posters can't seem to get over the fact that trimming and contextualizing is somewhat different than simply getting some kind of idea in their head, hitting the reply button, and beginning to bang away at the keyboard. They never quite learned how to do it, so they just 'can't' get it done. I think it is the trimming prior to the contextualizing that is their nemesis, because they can't adjust to the mechanics of getting their words right down under the exact ones they should be talking about. Instead, they get ready to type while they are still reading, so they just stop reading and start typing - but they aren't typing in context to anything. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sat Jun 11 21:41:56 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sat Jun 11 23:45:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Mike Easter wrote: > but they aren't typing in context to anything. But/And typically they don't actually respond exactly appropriately to the text which isn't in front of them, and their remarks aren't appropriately directed nor right on the point. It is a sloppy communication which doesn't work in the groups which require more precision and exactness. It also wouldn't work in a group about poetry. And, then there's the part about their 'attitude' about wanting their words right up there on top, as if they were standing on a soapbox or dais -- with the attitude that all of the rest of you people must've assembled your words as a platform for mine -- and now I have spoken. It isn't necessary for anything else to come after. This isn't an ongoing conversation of which my part fits in here. This is a pronouncement above everything else. -- Mike Easter kibitzer, not SC admin From steve at prolynx.com Sat Jun 11 22:52:44 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sat Jun 11 23:55:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Top-posting is a personal taste issue which you seem to think is Nazi-istically mandatory (for lack of a better word). I don't and neither do many others. Enforce your rules upon yourself and I will enforce my rules upon myself and together well get along just fine. Capisci? To each their own. Live and let live. "Mike Easter" wrote in message news:d8galp$8pf$1@news.spamcop.net... > Top posting works in a few places. Some corporate email systems require > a top posting compliance which maintains whatever was written before in > 'unblemished' and intact fashion under a corresponding post -- the so > called corporate TOFU - text over fullquote under. > > That corporate environment's enforcement for its email causes some > emailers to habitually email correspond with top posting. The > resemblance between email and news and the 'rigidification' of habits > leads to some very small number of newsgroups where top posting is > actually preferred. However, top posting doesn't fit at all into a > trimmed contextualized conversation which is the standard for newgroup > posts, which are conversational, not corporate tofu. > > In almost all newsgroups top posting simply doesn't work. Can't work. > In those groups it is necessary to both trim and contextualize for the > flow and sequence of the conversation about very specific and precise > line entities, such as Received lines or other precise elements of a > spam header. > > > -- > Mike Easter > kibitzer, not SC admin > > From bounces at this.address Sun Jun 12 04:57:08 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sun Jun 12 00:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Steve Sybesma wrote: > Top-posting is a personal taste issue which > you seem to think is Nazi-istically mandatory Godwin-in-one. Thread over. But thanks for playing, pussyboi. :-) From windsorfoxNOSPAM at cox.net Sun Jun 12 01:30:03 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:30:02 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA In-Reply-To: References: Message-ID: Aviatrix wrote: > I know this is off-topic, but for once I won't apologise. > > This is an international newsgroup read and contributed to by people all > over the world. Has it occurred to you that a posting like this may be > just a little bit offensive to those of us who don't live in the USA, > especially those of us here in the UK, supposedly your "special friends"? > > You seem to be equating "outside the USA" with "bad", and you seem to > think that only people outside the USA produce spam - when the truth is > that the USA generates more spam than most other countries. > > And, talking in practical terms - are you sure that none of those that > your web site is aimed at are ever going to travel outside the USA? I think *someone* is a little too sensative. From windsorfoxNOSPAM at cox.net Sun Jun 12 01:31:09 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:30:15 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA In-Reply-To: References: Message-ID: Porpoise wrote: > "Cherie" wrote in message > news:d89vpu$kbj$1@news.spamcop.net... > >>Sorry you read my post wrong..I was not associating outside of US with >>BAD...I was trying to avoid a lengthy explanation to which I am now forced >>to do >> >>..this website is for an organization..and only those who belong or may be >>thinking about joining are the only ones that would be interested in >>visiting.. this particular organization ONLY has chapters in USA >> >>I would not block outsiders from the website..just the guestbook...the >>guestbook is...after all ..for members only (sorta)..soooooOOOoOO > > > So make it only available to valid login for members only - problem solved! That would preclude "potential members." From windsorfoxNOSPAM at cox.net Sun Jun 12 01:32:26 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:35:04 2005 Subject: [SpamCop-List] Re: IP numbers of places OUTSIDE of USA In-Reply-To: References: Message-ID: Cherie wrote: > only problem with that is that PROSPECTIVE members won't be able to sign > it:::::sigh:: > I fixed it I do believe..I put a flood check for 3 days on it..and I have > human verification mod on it:::crossing fingers:::: > thanks, > That was going to be my recomentdation. It still will not stop the jackasses who personally post their affilate crap or who want you to "help them get a free iPod." From nobody at spamcop.net Sat Jun 11 23:31:50 2005 From: nobody at spamcop.net (N. Miller) Date: Sun Jun 12 01:35:16 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: <14gqeng8etywe.dlg@news.spamcop.net> On Sat, 11 Jun 2005 21:52:44 -0600, Steve Sybesma wrote: > Top-posting is a personal taste issue... In any given culture, personal taste does not trump public taste; not unless you advocate anarchy. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From windsorfoxNOSPAM at cox.net Sun Jun 12 01:34:19 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:35:22 2005 Subject: [SpamCop-List] Re: Is American Express promoting SPAM?? In-Reply-To: References: Message-ID: Ron B. wrote: > Cherie wrote: > >>When I received my AX bill the other day I noticed that they were pushing >>some kind of E-Mail Marketing thing..maybe I totally misunderstand this..but >>can someone take a look at this scan of part of my bill and tell me if they >>are encouraging SPAM..if so..I will be taking my business elsewhere >> >>http://www.kineticowater.com/images/AXSpam.jpg >> > > > > The company _claims_ not to be spammers: > > http://open.constantcontact.com/anti_spam.jsp See rule #1. They ALL say that... From steve at prolynx.com Sun Jun 12 00:43:07 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 01:45:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: That's only true if you live in China. This is America and personal taste is not anarchy. Thanks but no thanks. I stand by my opinion and respect you for standing by yours, but the insinuation of yours is unwelcome. "N. Miller" wrote in message news:14gqeng8etywe.dlg@news.spamcop.net... > On Sat, 11 Jun 2005 21:52:44 -0600, Steve Sybesma wrote: > > > Top-posting is a personal taste issue... > > In any given culture, personal taste does not trump public taste; not > unless you advocate anarchy. > > -- > Norman > ~Win dain a lotica, En vai tu ri, Si lo ta > ~Fin dein a loluca, En dragu a sei lain > ~Vi fa-ru les shutai am, En riga-lint From windsorfoxNOSPAM at cox.net Sun Jun 12 01:46:35 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:45:12 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Spaz wrote: > "Doug Thegarden" wrote in message > news:d8e905$vv1$1@news.spamcop.net... > >>Its funny how people often refer to themselves as "a friend of mine" > > > He's not a friend, dumbass. He's an ASSHOLE. Perhaps you need to re-read > my original post. > > >>when they want to ask an embarassing question. > > > Embarassed? Where did you get the idea I was embarassed? I want to nail > this asshole, plain and simple. > > No, I'd say YOU are the asshole.... From windsorfoxNOSPAM at cox.net Sun Jun 12 01:55:55 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 01:55:03 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Spaz wrote: > "Mike Easter" wrote in message >>- you're in the wrong group for seeking internet abuse > > > Really? I thought a group like this would have alot of information about > spam. Guess not. We do. You're on the wrong side of the fence and don't even know it. > >>- if you get yourself involved in escalating newsgroup spats > > I just asked a question. You started the spat, dumbass. Perhaps you should > also re-read my original message. Jeeze, is everybody in this group > fucking stupid? > A really stupid question, paramount to "A cop gave me a ticket for jay walking, how can I gouge his eyes out so he won't see me do it next time" 95% or so of the reders in this group fully understood your question on the first read, you can be assured. > >>you may get in trouble with your own provider > > Oh, so now you're going to try to make trouble for me? > Yes. > >>- or retaliation if it's someone who's better at it than you are > OOOOOOOOOOOOOOO, you SCARE me! Got any more threats you'd like to make to > me? > Okay, are you a 14 yo, an emotionally immature 23 yo with the mind of a 14 yo, or just another one of those Comcast subscribers that is so totally unaware that you don't even know you are not the primary operator of your own PC?? If you take serious offense to that question, you should realize that you ARE one and or two, if you do not then you are number 3. From windsorfoxNOSPAM at cox.net Sun Jun 12 02:01:49 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 02:00:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Spaz wrote: > >> >> FUCK YOU, ASSHOLE! >> > > You are cyclotouriste and ICMFP > http://makeashorterlink.com/?B52012E3B (one of the funniest forum > threads I've read in a long while) > > > Doug How do you *know* this? Although I must say this post is very amusing.... "No hard feelings Mark R? Yes there are, and I strongly suggest you avoid crossing my path for the rest of your days. Better yet, I strongly suggest you do not let me discover your real identity and location, and that if I do, you are far enough away that it is too much trouble to confront you in person. You have absolutely no call or reason to suggest what you do here. Your behavior is libelous and cowardly." He calls someone elses post libelous and cowardly in the same post as his death threat ROFL!! From windsorfoxNOSPAM at cox.net Sun Jun 12 02:03:34 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 02:05:05 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: eddie wrote: > We will email you the instructions. > A few times, ROFL!! From bounces at this.address Sun Jun 12 07:07:10 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sun Jun 12 02:10:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Steve Sybesma wrote: > That's only true if you live in China. > > This is America and personal taste is not anarchy. > > Thanks but no thanks. > > I stand by my opinion and respect you for standing > by yours, but the insinuation of yours is unwelcome. Hey sissyboi, haven't you spanked yourself enough for one night? From windsorfoxNOSPAM at cox.net Sun Jun 12 02:39:40 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 02:40:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Top-posting is a personal taste issue which > you seem to think is Nazi-istically mandatory > (for lack of a better word). I don't and neither > do many others. > > Enforce your rules upon yourself and I will > enforce my rules upon myself and together > well get along just fine. Capisci? > > To each their own. Live and let live. > It has nothing to do with personal taste. It has to do both with ettiquette and being able to understand what is written. It's more to do with a power issue than taste ie: "I will top post if I wanna and you can't stop me, you're NOT the bossa me!!" Most people will either not look at your posts or killfile you and move on. I'm the latter. From windsorfoxNOSPAM at cox.net Sun Jun 12 02:41:09 2005 From: windsorfoxNOSPAM at cox.net (WindsorFox[SS]) Date: Sun Jun 12 02:40:13 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Borgholio wrote: > Here's a response I got after sending a Spamcop report on a "fake" > bounce message: > > > > Hello SpamCop user, > > Please, look carefully for letters to report. > > > > What am I supposed to say to this? Reply with an Amazon link to a book teaching proper usage of English? From Kilgallen at SpamCop.net Sun Jun 12 03:45:52 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Jun 12 03:50:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: In article , "Steve Sybesma" writes: > I've been posting to Usenet for 12 years now and I proudly don't > follow netiquette faithfully (as has been seen). That's ok. Most newsreaders have a killfile for those who answer a request to post properly by posting improperly. Plonk. From porpoise1954 at yahoo.co.uk Sun Jun 12 09:53:21 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jun 12 03:55:02 2005 Subject: [SpamCop-List] Re: automation References: Message-ID: "Cat" wrote in message news:d8g5k7$2ku$1@news.spamcop.net... > Steve Sybesma wrote: > SNIP I'm just amazed how much feeding the troll is getting here........ this whole thread is just following nothing about anything........ From porpoise1954 at yahoo.co.uk Sun Jun 12 10:04:39 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jun 12 04:05:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "Mike Easter" wrote in message news:d8gau0$96a$1@news.spamcop.net... > Mike Easter wrote: > And, then there's the part about their 'attitude' about wanting their > words right up there on top, as if they were standing on a soapbox or > dais -- with the attitude that all of the rest of you people must've > assembled your words as a platform for mine -- and now I have spoken. > It isn't necessary for anything else to come after. This isn't an > ongoing conversation of which my part fits in here. This is a > pronouncement above everything else. > I always suspect them of being trolls Mike, because the thread always ends up being nothing about anything except a bunch of kids arguing and bitching meaninglessly. (Which is generally what trolls *play* for!) From nttp.sc.s at bigsleep.org Sun Jun 12 09:13:07 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 04:15:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: On 11 Jun 2005 Steve Sybesma entered spamcop and left news:d8gi1b$d2a$1@news.spamcop.net: > This is America and personal taste is not anarchy. > You're delusional. I drive on the left-hand side of the road, noone can stop me, I'm an American and I am completely free to do what I want. Wake up! -- | Ric From porpoise1954 at yahoo.co.uk Sun Jun 12 10:29:48 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jun 12 04:30:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: "Blammo" wrote in message news:Xns9673C7A97CE1blammo@216.154.195.61... > On 11 Jun 2005 Steve Sybesma entered spamcop and left > news:d8gi1b$d2a$1@news.spamcop.net: > >> This is America and personal taste is not anarchy. >> > > You're delusional. I drive on the left-hand side of the road, noone can > stop me, I'm an American and I am completely free to do what I want. > Yabbut, nobbut, yabbut ....... Can you *please* just cut down on the rape & pillage? Oh, and please also stop shooting people randomly in the street? Oh, and can you please stop taking and using my car without my permission? Oh, and...... Oh, sorry, I forgot! You're free to do anything you want...... Drat! ;-) (The satire will probably be lost on the OP - Oh well.) From nttp.sc.s at bigsleep.org Sun Jun 12 09:51:48 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 04:55:16 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: On 12 Jun 2005 Porpoise entered spamcop and left news:d8grpv$id0$1@news.spamcop.net: > Oh, and can you please stop taking and using my car without my > permission? > I'm gonna take it to England and drive it down the left side of the road, I understand that they really don't care. -- | Ric From baloo at ursine.ca Sun Jun 12 02:31:43 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 05:10:25 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Mike Easter wrote: > Top posting works in a few places. Some corporate email systems require > a top posting compliance which maintains whatever was written before in > 'unblemished' and intact fashion under a corresponding post -- the so > called corporate TOFU - text over fullquote under. More reasons against top posting (and why bottom-posting also isn't always the answer) at http://ursine.ca/Top_Posting -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 02:35:02 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 05:10:43 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Steve Sybesma wrote: > I stand by my opinion and respect you for standing > by yours, but the insinuation of yours is unwelcome. You must be new. Welcome to the internet. Have a look at RFC1855 sometime. http://ursine.ca/Top_Posting#RFC_1855.C2.A0.28http%3A.2F.2Fwww.faqs.org.2Frfcs.2Frfc1855.html.29 -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From redford_stone at INVERSE_OF_COLDmail.com Sun Jun 12 11:38:21 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sun Jun 12 06:40:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Berny" wrote in news:d8dtsp$ql3$1@news.spamcop.net: > > In China at least, most have little if anything to lose to PHISHers, > as they don't do online banking for the most part, it's all the north > american (for the most part) wankers who respond to phishes and spam > who will be victims. I don't doubt for a moment that the Government of > ROC keeps a log of every CC transaction and number (and paswords in > the case of Phishes) that passes through it's net space. That data, I > am sure, is being fed to a good data base also. > That is changing. Since China's economy is on overdrive, there is an increase in demand for conveniences that the rest of the world enjoys, including online banking. As for Chinese citizen's access on the Internet, there is definitely a growing number of people on broadband. (As we have seen in the increase of zombies from China's space.) And if they don't have personal access, they have a HUGE number of Internet cafes. > Suppose we go to war? wouldn't it be handy to quickly drain hundreds > of thousdands of CC and bank accounts in the enemies territory?, > > Sure, in the mdium/long run the attempt would fail, but the short term > disruption and chaos would be worth the effort. > The amount of disruption and chaos would dependent on their people's dependency on CCs. They are still primarily cash driven, but that will change as well. From redford_stone at INVERSE_OF_COLDmail.com Sun Jun 12 11:40:16 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Sun Jun 12 06:45:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: Blammo wrote in news:Xns967155DDC5E0blammo@216.154.195.61: > > Yes they can. I noticed this option when I was setting up a wireless > router. I was curious where it would write this log to, perhaps there > was an option to specify that, or it certainly could have enough > memory for at least a couple days of logging. > I believe that logs can be forwarded in some form (email perhaps) to a sysadmin. Linux can do this. From bar_n0ne at hotmail.com Sun Jun 12 15:51:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Jun 12 06:55:04 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Redstone" wrote in message news:Xns96732506C9383tinlc@216.154.195.61... > "Berny" wrote in > news:d8dtsp$ql3$1@news.spamcop.net: > SNIP > > Suppose we go to war? wouldn't it be handy to quickly drain hundreds > > of thousdands of CC and bank accounts in the enemies territory?, > > > > Sure, in the mdium/long run the attempt would fail, but the short term > > disruption and chaos would be worth the effort. > > > > The amount of disruption and chaos would dependent on their people's > dependency on CCs. They are still primarily cash driven, but that will > change as well. ummm... I was talking about us, disruption in the west. From DougThegarden at invalid.com Sun Jun 12 12:58:09 2005 From: DougThegarden at invalid.com (Doug Thegarden) Date: Sun Jun 12 07:00:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! In-Reply-To: References: Message-ID: WindsorFox[SS] wrote: > > How do you *know* this? Although I must say this post is very > amusing.... > My favourite was "Chickenshit poltroon" which now has pride of place in my dictionary of insults. Doug ;-) From nobody at devnull.spamcop.net Sun Jun 12 07:49:00 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Jun 12 07:45:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "Mike Easter" wrote in message news:d8galp$8pf$1@news.spamcop.net... > Top posting works in a few places. .............. > In almost all newsgroups top posting simply doesn't work. Can't work. > In those groups it is necessary to both trim and contextualize for the > flow and sequence of the conversation about very specific and precise > line entities, such as Received lines or other precise elements of a > spam header. Excellent template. Add this paragraph at the end. For those of you who think that top posting is a matter of personal choice: "In any given culture, personal taste does not trump public taste; not unless you advocate anarchy," N. Miller " It has nothing to do with personal taste. It has to do both with ettiquette and being able to understand what is written," WindsorFox "More reasons against top posting (and why bottom-posting also isn't always the answer) at http://ursine.ca/Top_Posting" Paul Johnson And post once a week (or whenever necessary). Miss Betsy From notmyrealaddress at nospam.com Sun Jun 12 08:56:57 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Sun Jun 12 08:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: ya know..when I am reading a long thread..going through each post..one by one..I HATE when I start reading the same dern sentence..over and over..I know what the thread says..I'm looking for the responses...and it makes it easy for me if they are on the top..see..ya'll didn't have to read all the crap below..probably didn't even have to scroll..to each his own -- Thanks, Cherie "Miss Betsy" wrote in message news:d8h74d$o45$1@news.spamcop.net... > "Mike Easter" wrote in message > news:d8galp$8pf$1@news.spamcop.net... >> Top posting works in a few places. .............. >> In almost all newsgroups top posting simply doesn't work. Can't > work. >> In those groups it is necessary to both trim and contextualize > for the >> flow and sequence of the conversation about very specific and > precise >> line entities, such as Received lines or other precise elements > of a >> spam header. > > Excellent template. Add this paragraph at the end. > > For those of you who think that top posting is a matter of personal > choice: > "In any given culture, personal taste does not trump public taste; > not unless you advocate anarchy," N. Miller > " It has nothing to do with personal taste. It has to do both with > ettiquette and being able to understand what is written," > WindsorFox > > "More reasons against top posting (and why bottom-posting also > isn't always > the answer) at http://ursine.ca/Top_Posting" Paul Johnson > > And post once a week (or whenever necessary). > > Miss Betsy > > From nobody at devnull.spamcop.net Sun Jun 12 08:11:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Jun 12 08:10:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: And I had no idea what you were talking about. I presume you are one of the impolite people who insist on top posting and refuse to snip (which is very callous behavior - there are still people who pay for downloads) even after being asked to stop. Well, I will now know whose posts to skip over. Miss Betsy From Kilgallen at SpamCop.net Sun Jun 12 09:28:03 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Jun 12 09:30:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: In article , "Cherie" writes: > ya know..when I am reading a long thread..going through each post..one by > one..I HATE when I start reading the same dern sentence..over and over..I > know what the thread says..I'm looking for the responses...and it makes it > easy for me if they are on the top..see..ya'll didn't have to read all the > crap below..probably didn't even have to scroll..to each his own No, _not_ to each his own. That is the nature of society, and the reason you will find many people no longer reading your posts. It is one thing to be clueless, and a different thing to actively flaunt society. From steve at prolynx.com Sun Jun 12 09:08:43 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:10:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: 1. No one's going to give me a ticket for top-posting that a court will recognize, and; 2. No one's safety is in danger (that's why #1 is true) 3. GET SOME PERSPECTIVE!!! "Blammo" wrote in message news:Xns9673C7A97CE1blammo@216.154.195.61... > On 11 Jun 2005 Steve Sybesma entered spamcop and left > news:d8gi1b$d2a$1@news.spamcop.net: > > > This is America and personal taste is not anarchy. > > > > You're delusional. I drive on the left-hand side of the road, noone can > stop me, I'm an American and I am completely free to do what I want. > > Wake up! > > -- > | Ric From steve at prolynx.com Sun Jun 12 09:11:19 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:15:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: 1. Been on the internet longer than you, and that's almost certain unless you were one of the few pre-1993 2. I DON'T GIVE A RAT'S BEHIND ABOUT ALL THE DETAILS OF 'NETIQUETTE' 3. GET OFF MY BACK! "Paul Johnson" wrote in message news:mm8tn2-4ga.ln1@ursine.ca... > Steve Sybesma wrote: > > > I stand by my opinion and respect you for standing > > by yours, but the insinuation of yours is unwelcome. > > You must be new. Welcome to the internet. Have a look at RFC1855 sometime. > > http://ursine.ca/Top_Posting#RFC_1855.C2.A0.28http%3A.2F.2Fwww.faqs.org.2Frfcs.2Frfc1855.html.29 > > -- > Paul Johnson > Email and Instant Messenger (Jabber): baloo@ursine.ca > http://ursine.ca/~baloo/ From steve at prolynx.com Sun Jun 12 09:12:33 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:15:14 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: By all means, kill file me you petty idiot. "WindsorFox[SS]" wrote in message news:d8gl6l$esp$1@news.spamcop.net... > Steve Sybesma wrote: > > Top-posting is a personal taste issue which > > you seem to think is Nazi-istically mandatory > > (for lack of a better word). I don't and neither > > do many others. > > > > Enforce your rules upon yourself and I will > > enforce my rules upon myself and together > > well get along just fine. Capisci? > > > > To each their own. Live and let live. > > > > It has nothing to do with personal taste. It has to do both with > ettiquette and being able to understand what is written. It's more to do > with a power issue than taste ie: "I will top post if I wanna and you > can't stop me, you're NOT the bossa me!!" Most people will either not > look at your posts or killfile you and move on. I'm the latter. From steve at prolynx.com Sun Jun 12 09:16:16 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:20:04 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: STOP BEING SO SMALL-MINDED! TOP-POSTING IS ACCEPTABLE TO ALL BUT A FEW ANAL-RETENTIVE PEOPLE LIKE YOU BTW, POSTING TO NEWSGROUPS HAS BEEN ON A STEADY DECLINE FOR YEARS (PERCENTAGE-WISE), COMPARED TO POSTING TO OTHER FORUMS, BLOGS AND MESSAGE BOARDS. IT'S FRANKLY BECAUSE OF _SOME_ OF THIS 'NETIQUETTE' IDIOCY THAT THAT IS THE CASE. "Porpoise" wrote in message news:d8gqap$hnc$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:d8gau0$96a$1@news.spamcop.net... > > Mike Easter wrote: > > And, then there's the part about their 'attitude' about wanting their > > words right up there on top, as if they were standing on a soapbox or > > dais -- with the attitude that all of the rest of you people must've > > assembled your words as a platform for mine -- and now I have spoken. > > It isn't necessary for anything else to come after. This isn't an > > ongoing conversation of which my part fits in here. This is a > > pronouncement above everything else. > > > > I always suspect them of being trolls Mike, because the thread always ends > up being nothing about anything except a bunch of kids arguing and bitching > meaninglessly. (Which is generally what trolls *play* for!) > > From nttp.sc.s at bigsleep.org Sun Jun 12 15:16:38 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 10:20:16 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On 12 Jun 2005 Redstone entered spamcop and left news:Xns9673255A7597Etinlc@216.154.195.61: > Blammo wrote in > news:Xns967155DDC5E0blammo@216.154.195.61: > >> >> Yes they can. I noticed this option when I was setting up a wireless >> router. I was curious where it would write this log to, perhaps there >> was an option to specify that, or it certainly could have enough >> memory for at least a couple days of logging. >> > > I believe that logs can be forwarded in some form (email perhaps) to a > sysadmin. Linux can do this. > > > Oh, yes, I'm sure that was an option, or even the only option. -- | Ric From steve at prolynx.com Sun Jun 12 09:16:54 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:20:28 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: I couldn't care LESS. "Paul Johnson" wrote in message news:fg8tn2-4ga.ln1@ursine.ca... > Mike Easter wrote: > > > Top posting works in a few places. Some corporate email systems require > > a top posting compliance which maintains whatever was written before in > > 'unblemished' and intact fashion under a corresponding post -- the so > > called corporate TOFU - text over fullquote under. > > More reasons against top posting (and why bottom-posting also isn't always > the answer) at http://ursine.ca/Top_Posting > > -- > Paul Johnson > Email and Instant Messenger (Jabber): baloo@ursine.ca > http://ursine.ca/~baloo/ From steve at prolynx.com Sun Jun 12 09:20:41 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: God bless you for that Cherie. I completely agree. I used to do as these other anal-retentives do, but I quit that years ago. I've been posting to newsgroups over the years and you know something? Post how you want and ignore the petty pricks who keep hounding you like they were your parents or something. I have been systematically adding them to the ignore list, so I won't see their responses. The only people's responses I care about hearing are people who can think outside the box, and probably are smart enough to figure out the answers I'm looking for anyway. "Cherie" wrote in message news:d8h7ta$oeu$1@news.spamcop.net... > ya know..when I am reading a long thread..going through each post..one by > one..I HATE when I start reading the same dern sentence..over and over..I > know what the thread says..I'm looking for the responses...and it makes it > easy for me if they are on the top..see..ya'll didn't have to read all the > crap below..probably didn't even have to scroll..to each his own > > -- > Thanks, > Cherie > > > > "Miss Betsy" wrote in message > news:d8h74d$o45$1@news.spamcop.net... > > "Mike Easter" wrote in message > > news:d8galp$8pf$1@news.spamcop.net... > >> Top posting works in a few places. .............. > >> In almost all newsgroups top posting simply doesn't work. Can't > > work. > >> In those groups it is necessary to both trim and contextualize > > for the > >> flow and sequence of the conversation about very specific and > > precise > >> line entities, such as Received lines or other precise elements > > of a > >> spam header. > > > > Excellent template. Add this paragraph at the end. > > > > For those of you who think that top posting is a matter of personal > > choice: > > "In any given culture, personal taste does not trump public taste; > > not unless you advocate anarchy," N. Miller > > " It has nothing to do with personal taste. It has to do both with > > ettiquette and being able to understand what is written," > > WindsorFox > > > > "More reasons against top posting (and why bottom-posting also > > isn't always > > the answer) at http://ursine.ca/Top_Posting" Paul Johnson > > > > And post once a week (or whenever necessary). > > > > Miss Betsy > > > > > > From steve at prolynx.com Sun Jun 12 09:21:21 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:25:16 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: I DON'T WANT IDIOTS LIKE YOU READING MY POSTS! PLEASE KILL FILE ME ASAP! GEEZ! "Larry Kilgallen" wrote in message news:GLJm7wP0CKiD@eisner.encompasserve.org... > In article , "Cherie" writes: > > ya know..when I am reading a long thread..going through each post..one by > > one..I HATE when I start reading the same dern sentence..over and over..I > > know what the thread says..I'm looking for the responses...and it makes it > > easy for me if they are on the top..see..ya'll didn't have to read all the > > crap below..probably didn't even have to scroll..to each his own > > No, _not_ to each his own. That is the nature of society, and the > reason you will find many people no longer reading your posts. > > It is one thing to be clueless, and a different thing to actively > flaunt society. From nttp.sc.s at bigsleep.org Sun Jun 12 15:22:13 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 10:25:23 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: On 12 Jun 2005 Steve Sybesma entered spamcop and left news:d8hfl9$sck$1@news.spamcop.net: > 1. No one's going to give me a ticket for top-posting that a court > will recognize, and; > > 2. No one's safety is in danger (that's why #1 is true) > > 3. GET SOME PERSPECTIVE!!! > Well I'm no longer going to reply to you, so you may as well type Chinese. How's that for PERSPECTIVE? -- | Ric From steve at prolynx.com Sun Jun 12 09:35:58 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 10:40:08 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: PDAA (pretty damned assinine analogy) "Porpoise" wrote in message news:d8grpv$id0$1@news.spamcop.net... > > "Blammo" wrote in message > news:Xns9673C7A97CE1blammo@216.154.195.61... > > On 11 Jun 2005 Steve Sybesma entered spamcop and left > > news:d8gi1b$d2a$1@news.spamcop.net: > > > >> This is America and personal taste is not anarchy. > >> > > > > You're delusional. I drive on the left-hand side of the road, noone can > > stop me, I'm an American and I am completely free to do what I want. > > > > > Yabbut, nobbut, yabbut ....... Can you *please* just cut down on the rape & > pillage? Oh, and please also stop shooting people randomly in the street? > Oh, and can you please stop taking and using my car without my permission? > Oh, and...... > > Oh, sorry, I forgot! You're free to do anything you want...... Drat! ;-) > > (The satire will probably be lost on the OP - Oh well.) > > From nttp.sc.s at bigsleep.org Sun Jun 12 15:38:46 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 10:40:20 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On 12 Jun 2005 Cherie entered spamcop and left news:d8h7ta$oeu$1@news.spamcop.net: > ya know..when I am reading a long thread..going through each post..one > by one..I HATE when I start reading the same dern sentence..over and > over..I know what the thread says..I'm looking for the responses...and > it makes it easy for me if they are on the top..see..ya'll didn't have > to read all the crap below..probably didn't even have to scroll..to > each his own > This problem is likely created by newsreaders that don't format threads in a logical manner. Poorly designed programs create bad habits and imaginary "standards". In other words, a good program will solve this "problem" for you, so you would never be aware of any "problem". Ref: The Computer's Guide to World Domination - Section 58: How to train your human. -- | Ric From mrichter at cpl.net Sun Jun 12 08:48:48 2005 From: mrichter at cpl.net (Mike Richter) Date: Sun Jun 12 10:50:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Top-posting is a personal taste issue which > you seem to think is Nazi-istically mandatory > (for lack of a better word). I don't and neither > do many others. Bottom posting has distinct advantages which make it preferable for general discussion. A minor point is that it keeps message and signature together. A more substantial one is that it encourages editing prior material to eliminate the irrelevant. That it is also courteous has little impact on those who consider it a matter of taste and therefore somehow political. Mike -- mrichter@cpl.net http://www.mrichter.com/ From steve at prolynx.com Sun Jun 12 10:03:21 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 11:05:04 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: It's not political, but like many things, it's used in a political way. You have a 'clique' here who enjoys breast-beating their 'superiority' and insinuating they are better, more mature, etc. than people that refuse to follow 'netiquette' 100%, like of course, myself. I don't go for snotty attitudes and hounding other people to get them to conform to the 'ideal'. I tell them off and encourage them to killfile me. Like you, I only value certain posts. In my case, I value the posts of people who don't browbeat others, who can think outside the box and who probably have a higher IQ anyway. Some details of 'netiquette' I'm usually with, but some I willingly ignore. Netiquette has become a bit outdated and needs to be revised to be a bit more tolerant so that it doesn't lend itself to easily to legalistic creeps who enjoy exercising their power-trips upon people who don't agree with them. "Mike Richter" wrote in message news:d8hi03$uh4$1@news.spamcop.net... > Steve Sybesma wrote: > > > Top-posting is a personal taste issue which > > you seem to think is Nazi-istically mandatory > > (for lack of a better word). I don't and neither > > do many others. > > Bottom posting has distinct advantages which make it preferable for > general discussion. A minor point is that it keeps message and signature > together. A more substantial one is that it encourages editing prior > material to eliminate the irrelevant. > > That it is also courteous has little impact on those who consider it a > matter of taste and therefore somehow political. > > Mike > -- > mrichter@cpl.net > http://www.mrichter.com/ > From jr70 at blackhole.invalid Sun Jun 12 09:50:43 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 11:55:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Mike Easter wrote: > > In almost all newsgroups top posting simply doesn't work. Can't work. Mike, do you ever browse the groups under msnews.microsoft.com? Fully 80% of the posts there are top-posted, including the ones by Microsoft employees. It really works out well, as long as everyone follows the same convention. My motto is, when in Rome, do as the Romans do. -- John Richards From MikeE at ster.invalid Sun Jun 12 09:53:00 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 12 11:55:13 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John Richards wrote: > Mike Easter wrote: >> >> In almost all newsgroups top posting simply doesn't work. Can't >> work. > > Mike, do you ever browse the groups under msnews.microsoft.com? > Fully 80% of the posts there are top-posted, including the ones by > Microsoft employees. It really works out well, as long as everyone > follows the same convention. > My motto is, when in Rome, do as the Romans do. I can get along in the MS groups. This isn't a MS group and changing these groups over to top posting wouldn't work. -- Mike Easter kibitzer, not SC admin From jr70 at blackhole.invalid Sun Jun 12 09:58:18 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Miss Betsy wrote: > And I had no idea what you were talking about. > > I presume you are one of the impolite people who insist on top > posting and refuse to snip (which is very callous behavior - there > are still people who pay for downloads) even after being asked to > stop. > > Well, I will now know whose posts to skip over. > > Miss Betsy Usenet etiquette also dictates that you quote at least a snippet of the post you're responding to. You didn't do that. Pot...kettle...black. -- John Richards From Kilgallen at SpamCop.net Sun Jun 12 12:07:00 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Jun 12 12:10:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: In article , "John Richards" writes: > Mike Easter wrote: >> >> In almost all newsgroups top posting simply doesn't work. Can't work. > > Mike, do you ever browse the groups under msnews.microsoft.com? > Fully 80% of the posts there are top-posted, including the ones by > Microsoft employees. But certainly those are a small fraction of the total number of newsgroups. From steve at prolynx.com Sun Jun 12 11:13:11 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 12:15:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: For Mike (since I've killfiled him) Yeah, Mike. 'Netiquette is neither universally adopted, nor is it mandatory. It is someone's suggestion that many people have adopted and many people have not. To me, it's breaks the train of thought when I'm posting. I prefer to not go point-by-point. NOW, if the moderator says it's mandatory, then he can flat out remove my posts for not 'falling in line'. I don't see that happening yet. John, We live in a tolerant society where every community has to tolerate minor differences in style. At least I don't post in HTML and I don't attach files to my posts. People ought to recognize those things are much worse than top posting and stop hounding others. Very rude to get personal with people as some here have. I've flamed back, but now that I've killfiled many of these people, I no longer feel the necessity. "John Richards" wrote in message news:d8hlkm$md$1@news.spamcop.net... > Mike Easter wrote: > > > > In almost all newsgroups top posting simply doesn't work. Can't work. > > Mike, do you ever browse the groups under msnews.microsoft.com? > Fully 80% of the posts there are top-posted, including the ones by > Microsoft employees. It really works out well, as long as everyone > follows the same convention. > My motto is, when in Rome, do as the Romans do. > > -- > John Richards > > > From jr70 at blackhole.invalid Sun Jun 12 10:17:50 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:20:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Larry Kilgallen wrote: > In article , "John Richards" > writes: >> Mike Easter wrote: >>> >>> In almost all newsgroups top posting simply doesn't work. Can't work. >> >> Mike, do you ever browse the groups under msnews.microsoft.com? >> Fully 80% of the posts there are top-posted, including the ones by >> Microsoft employees. > > But certainly those are a small fraction of the total number of newsgroups. That's not the point. I was using them as an example of how top-posting can work effectively. -- John Richards From jr70 at blackhole.invalid Sun Jun 12 10:22:12 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Steve Sybesma wrote: > John, > We live in a tolerant society where every community has > to tolerate minor differences in style. At least I don't post > in HTML and I don't attach files to my posts. People > ought to recognize those things are much worse than > top posting and stop hounding others. Very rude to > get personal with people as some here have. I agree to some extent. I would never criticize anyone on the basis of whether they top-post or bottom-post. It's a tempest in a tea pot. -- John Richards From jr70 at blackhole.invalid Sun Jun 12 10:30:09 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:35:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Mike Easter wrote: > A post at the top lacks the contextualization, to say nothing of the > trimming and disrupts the function. It isn't a matter of 'opinion' - > like which is prettier, blue or green - or that anyone who wants to > post this way can do this, and anyone who wants to post that way can do > that - anymore than it is 'freestyle' about which side of the road you > drive on. When you are in a country in which you drive on the right, > you drive on the right. When you are in a country in which you drive on > the left, you drive on the left. That analogy is quite a stretch. Countries have laws dictating on which side of the road one must drive. Non-compliance results in head-on accidents and severe penalties. There are no *laws* about posting style, only some old Usenet conventions (which are creaking at the seams). Deadly accidents don't happen when one posts in a style that is contrary to the prevailing convention. So, lighten up. -- John Richards From steve at prolynx.com Sun Jun 12 11:33:53 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 12:35:13 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John, you are a good man. You can get much further with me on suggestions when you don't force them, as you are NOT doing. Thanks, Steve "John Richards" wrote in message news:d8hnfk$28g$1@news.spamcop.net... > Steve Sybesma wrote: > > John, > > We live in a tolerant society where every community has > > to tolerate minor differences in style. At least I don't post > > in HTML and I don't attach files to my posts. People > > ought to recognize those things are much worse than > > top posting and stop hounding others. Very rude to > > get personal with people as some here have. > > I agree to some extent. I would never criticize anyone on the > basis of whether they top-post or bottom-post. > It's a tempest in a tea pot. > > -- > John Richards > > > From steve at prolynx.com Sun Jun 12 11:38:03 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 12:40:04 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: With you 100% John. They are making a mountain out of a molehill. It's like, don't these browbeaters have a life? We're here to offer solutions, not jump on each other. Geez! Mike (if you can still see my posts, don't know), take a chill pill bud, and come out of your outmoded netiquette cocoon and enjoy the sunshine. "John Richards" wrote in message news:d8hnuh$2jj$1@news.spamcop.net... > Mike Easter wrote: > > A post at the top lacks the contextualization, to say nothing of the > > trimming and disrupts the function. It isn't a matter of 'opinion' - > > like which is prettier, blue or green - or that anyone who wants to > > post this way can do this, and anyone who wants to post that way can do > > that - anymore than it is 'freestyle' about which side of the road you > > drive on. When you are in a country in which you drive on the right, > > you drive on the right. When you are in a country in which you drive on > > the left, you drive on the left. > > That analogy is quite a stretch. Countries have laws dictating on which > side of the road one must drive. Non-compliance results in head-on > accidents and severe penalties. There are no *laws* about posting > style, only some old Usenet conventions (which are creaking at the > seams). Deadly accidents don't happen when one posts in a style that > is contrary to the prevailing convention. So, lighten up. > > -- > John Richards > > > From jr70 at blackhole.invalid Sun Jun 12 10:38:36 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:40:14 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: N. Miller wrote: > On Sat, 11 Jun 2005 21:52:44 -0600, Steve Sybesma wrote: > >> Top-posting is a personal taste issue... > > In any given culture, personal taste does not trump public taste; not > unless you advocate anarchy. By definition, "taste" is personal. Anarchy pertains to laws, a totally different thing. -- John Richards From jr70 at blackhole.invalid Sun Jun 12 10:40:32 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:45:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Blammo wrote: > On 11 Jun 2005 Steve Sybesma entered spamcop and left > news:d8gi1b$d2a$1@news.spamcop.net: > >> This is America and personal taste is not anarchy. >> > > You're delusional. I drive on the left-hand side of the road, noone can > stop me, I'm an American and I am completely free to do what I want. What does driving on the left side of the road have to do with it? You're confusing style and taste with laws. -- John Richards From jr70 at blackhole.invalid Sun Jun 12 10:46:40 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 12:50:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Although it's not so much a problem in this newsgroup, the worst aspect of bottom-posting occurs when the thread is long and there are several levels of quoting. Few people nowadays will take the time to trim quotes judiciously. Top-posting satisfies the need to save time, i.e., I can read the response immediately without having to scroll through a screen or two of prior quotes. -- John Richards Cherie wrote: > ya know..when I am reading a long thread..going through each post..one by > one..I HATE when I start reading the same dern sentence..over and over..I > know what the thread says..I'm looking for the responses...and it makes it > easy for me if they are on the top..see..ya'll didn't have to read all the > crap below..probably didn't even have to scroll..to each his own From MikeE at ster.invalid Sun Jun 12 10:52:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 12 12:55:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John Richards wrote: > Although it's not so much a problem in this newsgroup, the worst > aspect of bottom-posting occurs when the thread is long and there are > several levels of quoting. I don't like the term or the concept of 'bottom posting'. The number one concept is context. Context requires both trimming and contextualizing, which is next, not bottom. It only ends up on the bottom if that is the end. The last line of the post is the only bottom. -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Sun Jun 12 11:14:53 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Jun 12 13:20:02 2005 Subject: [SpamCop-List] Netiquette vs. Spamcop newsgroup Message-ID: Are we here to discuss netiquette or how to deal with spam? Lets move on and agree to disagree. This is NOT a newsgroup about Netiquette nor grammar. I agree that there are conventions that make it easier for some/many/most. Those same conventions make it more bothersome for others. What is important is that most of us are here for learning how to or helping others deal with spam. Most people will pick up the conventions of the group by following other poster's example and will want to adapt (or not) according to their own preference or needs at the time. Is it really that crucial that EVERYONE follows YOUR ways? Isn't this the reason so many wars are started? If it bothers you that much to have to read a top posted message, plonk-em. This is much less disruptive to this newsgroup and to your blood pressure. Let other's that don't get so bothered by it deal with them. Or let them go unanswered, which is often what happens anyway because the discussion changes to 'correctness.' From notmyrealaddress at nospam.com Sun Jun 12 14:18:57 2005 From: notmyrealaddress at nospam.com (Cherie) Date: Sun Jun 12 13:20:13 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: OK..so if I change my "program" all your posts will be on the top??? -- Thanks, Cherie "Blammo" wrote in message news:Xns96734DDE596CCblammo@216.154.195.61... > On 12 Jun 2005 Cherie entered spamcop and left > news:d8h7ta$oeu$1@news.spamcop.net: > >> ya know..when I am reading a long thread..going through each post..one >> by one..I HATE when I start reading the same dern sentence..over and >> over..I know what the thread says..I'm looking for the responses...and >> it makes it easy for me if they are on the top..see..ya'll didn't have >> to read all the crap below..probably didn't even have to scroll..to >> each his own >> > > This problem is likely created by newsreaders that don't format threads in > a logical manner. Poorly designed programs create bad habits and imaginary > "standards". > In other words, a good program will solve this "problem" for you, so you > would never be aware of any "problem". > > Ref: The Computer's Guide to World Domination - Section 58: How to train > your human. > -- > | Ric From krazikat at krazi.kat Sun Jun 12 18:37:32 2005 From: krazikat at krazi.kat (krazikat) Date: Sun Jun 12 13:40:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "Brian (SnSR)" wrote in message news:d8hql2$4o8$1@news.spamcop.net... > Are we here to discuss netiquette or how to deal with spam? Lets move on > and agree to disagree. This is NOT a newsgroup about Netiquette nor > grammar. > > I agree that there are conventions that make it easier for > some/many/most. Those same conventions make it more bothersome for > others. What is important is that most of us are here for learning how > to or helping others deal with spam. > > Most people will pick up the conventions of the group by following other > poster's example and will want to adapt (or not) according to their own > preference or needs at the time. Is it really that crucial that EVERYONE > follows YOUR ways? Isn't this the reason so many wars are started? > > If it bothers you that much to have to read a top posted message, > plonk-em. This is much less disruptive to this newsgroup and to your > blood pressure. Let other's that don't get so bothered by it deal with > them. Or let them go unanswered, which is often what happens anyway > because the discussion changes to 'correctness.' STFU, troll. From nobody at devnull.spamcop.net Sun Jun 12 14:22:11 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Jun 12 14:20:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "Brian (SnSR)" wrote in message news:d8hql2$4o8$1@news.spamcop.net... > Are we here to discuss netiquette or how to deal with spam? Lets move on > and agree to disagree. This is NOT a newsgroup about Netiquette nor > grammar. I agree with you that it is best to move on than to continue to argue about netiquette. OTOH, as a newbie to newsgroups, I was very appreciative of Mike Easter and others who explained to me what the customs are. To post Mike's Top Posting template (with my addition) every once in a while makes it non-accusatory, helps those who are just ignorant, and makes it clear that your top post may be ignored by a number of people. Miss Betsy From nobody at devnull.spamcop.net Sun Jun 12 14:27:36 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Jun 12 14:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "John Richards" wrote in message news:d8hm2q$11q$1@news.spamcop.net... > Usenet etiquette also dictates that you quote at least a snippet > of the post you're responding to. You didn't do that. > Pot...kettle...black. Yes, I was being rude. But on purpose - partly to demonstrate a point. When I read her post, that's what it looked like to me - no context. And partly because I didn't take the time to find a way to be polite. I have no patience with people who persist in being rude and ignorant after it has been pointed out to them. Miss Betsy From SCNews.5.myspamgobbler at spamgourmet.com Sun Jun 12 13:12:52 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Jun 12 15:15:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup In-Reply-To: References: Message-ID: Miss Betsy wrote: > "Brian (SnSR)" wrote in > message news:d8hql2$4o8$1@news.spamcop.net... > >>Are we here to discuss netiquette or how to deal with spam? Lets > > move on > >>and agree to disagree. This is NOT a newsgroup about Netiquette > > nor > >>grammar. > > > I agree with you that it is best to move on than to continue to > argue about netiquette. OTOH, as a newbie to newsgroups, I was > very appreciative of Mike Easter and others who explained to me > what the customs are. To post Mike's Top Posting template (with my > addition) every once in a while makes it non-accusatory, helps > those who are just ignorant, and makes it clear that your top post > may be ignored by a number of people. > > Miss Betsy > > I agree wholeheartedly. This is how I'd prefer to have it. Another thing that you may want to add is the preferable line length of posted messages. Actually, I'm not sure if the reason your OE is breaking quoted lines is from the composing side or the receiving side. I don't have time to start up OE right now to check what may be causing this. But, don't let me tell anyone else how it SHOULD be done ;) From dfm2a3l0t2 at spymac.com Sun Jun 12 16:23:12 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sun Jun 12 15:25:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: In article , "Steve Sybesma" wrote: > STOP BEING SO SMALL-MINDED! > TOP-POSTING IS ACCEPTABLE TO ALL BUT A FEW ANAL-RETENTIVE PEOPLE LIKE > YOU > > BTW, POSTING TO NEWSGROUPS HAS BEEN ON A STEADY DECLINE FOR YEARS > (PERCENTAGE-WISE), > COMPARED TO POSTING TO OTHER FORUMS, BLOGS AND MESSAGE BOARDS. > > IT'S FRANKLY BECAUSE OF _SOME_ OF THIS 'NETIQUETTE' IDIOCY THAT THAT > IS THE CASE. Top-posting _and_ shouting indicates to me that you do not and will never have anything to say that I want to listen to. *plonk* -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From MikeE at ster.invalid Sun Jun 12 13:50:51 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 12 15:55:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: Brian (SnSR) wrote: > Another thing that you may want to add is the preferable line length > of posted messages. Actually, I'm not sure if the reason your OE is > breaking quoted lines is from the composing side or the receiving > side. I don't have time to start up OE right now to check what may be > causing this. But, don't let me tell anyone else how it SHOULD be > done ;) MB's OE is 'notorious' for cited shortlines. OE's editor is inherently seriously flawed in that area, so it is very intolerant of deviations from 'optimal' linelengths; and then, even with optimizing, when line lengths start 'growing' from the cite marks, things come unraveled. Hers comes from the composing/send side, she's configured on the 'shy' side of optimal linelengths rather than the 'generous' side of optimal. The advantage to her of being shy is that it prevents people's cites of her posts from getting shortlined. The disadvantage is that it starts the chopping of others' cites sooner or right away in the citing business. The first 'step' in remedying is optimizing at say 72-74 instead of shy or generous, but it actually won't get her very far because of OE's inherent weakness, and also depends on how optimal someone else's lines are. The real significant step would be to use the 3rd party addon OE QuoteFix - which is very powerful at fixing the problem and has some other features. It also has some disadvantages. -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Sun Jun 12 14:28:04 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Sun Jun 12 16:30:02 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup In-Reply-To: References: Message-ID: Mike Easter wrote: > Brian (SnSR) wrote: > >>Another thing that you may want to add is the preferable line length >>of posted messages. Actually, I'm not sure if the reason your OE is >>breaking quoted lines is from the composing side or the receiving >>side. I don't have time to start up OE right now to check what may be >>causing this. But, don't let me tell anyone else how it SHOULD be >>done ;) > > > MB's OE is 'notorious' for cited shortlines. OE's editor is inherently > seriously flawed in that area, so it is very intolerant of deviations > from 'optimal' linelengths; and then, even with optimizing, when line > lengths start 'growing' from the cite marks, things come unraveled. > > Hers comes from the composing/send side, she's configured on the 'shy' > side of optimal linelengths rather than the 'generous' side of optimal. > The advantage to her of being shy is that it prevents people's cites of > her posts from getting shortlined. The disadvantage is that it starts > the chopping of others' cites sooner or right away in the citing > business. > > The first 'step' in remedying is optimizing at say 72-74 instead of shy > or generous, but it actually won't get her very far because of OE's > inherent weakness, and also depends on how optimal someone else's lines > are. The real significant step would be to use the 3rd party addon OE > QuoteFix - which is very powerful at fixing the problem and has some > other features. It also has some disadvantages. > Thanks for clarifying Mike. When I first noticed this, I had to check to see if maybe I had set my line length too long, but it was set at 72. Another fix is to use another email client altogether. I'm happy that I have made the switch from Outlook and OE to Thunderbird. I install it and Firefox on almost all of my clients computers and they have been thankful. There have only been a few that are so adverse to change that I have chosen to let it go. Unfortunately, they are more likely to need the added protection than most. From nobody at nowhere.invalid Sun Jun 12 23:29:36 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Jun 12 16:30:13 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On Sun, 12 Jun 2005 13:18:57 -0400, Cherie coughed into spamcop and left this in : > OK..so if I change my "program" all your posts will be on the top??? No, but using a real newsreader rather than Microsoft's toy newsreader might knock some sense into you. Learning about signature delimiters might not be a bad thing either... -- Steve Let's call it an accidental feature. -- Larry Wall From porpoise1954 at yahoo.co.uk Sun Jun 12 23:28:13 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sun Jun 12 17:30:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: "Blammo" wrote in message news:Xns9673130B1FA81blammo@216.154.195.61... > On 12 Jun 2005 Porpoise entered spamcop and left > news:d8grpv$id0$1@news.spamcop.net: > >> Oh, and can you please stop taking and using my car without my >> permission? >> > > I'm gonna take it to England and drive it down the left side of the road, > I > understand that they really don't care. Just watch out for the speed cameras and sleeping policemen!! From nobody at spamcop.net Sun Jun 12 16:22:10 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Sun Jun 12 18:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On Sun, 12 Jun 2005 09:12:33 -0600, Steve Sybesma wrote: > By all means, kill file me you petty idiot. *PLONK!* - Lazlo From nobody at spamcop.net Sun Jun 12 16:28:33 2005 From: nobody at spamcop.net (Lazlo Toth) Date: Sun Jun 12 18:30:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On Sun, 12 Jun 2005 09:50:43 -0700, John Richards wrote: > Mike Easter wrote: >> >> In almost all newsgroups top posting simply doesn't work. Can't work. > > Mike, do you ever browse the groups under msnews.microsoft.com? Fully 80% > of the posts there are top-posted, including the ones by Microsoft > employees. It really works out well, as long as everyone follows the same > convention. Sounds like a nightmare, particularly considering how crappy OE is at quoting. Why on earth would I want to go there? > My motto is, when in Rome, do as the Romans do. But apparently there is no convention there. Is there a rule about top posting? Anyway, that's a place I'd imagine they wouldn't care much about standards, seeing as IE still hasn't adopted w3c standards to bring it up to five years ago, and as most MS software is proprietary and doesn't play nice with other software, and is almost never designed with netiquette or even mutual consideration in mind. - Lazlo From spamcop-list-at-news.spamcop.net at musaic.net Mon Jun 13 01:33:45 2005 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Sun Jun 12 18:33:59 2005 Subject: [SpamCop-List] OpenRBL Message-ID: <18510670010.20050613003345@musaic.net> The owner forgot to renew openrbl.org - and someone else hijacked it - great... http://www.openrbl.org/dnsbl?t=s&l=&i=openrbl.org&b=Submit&t=s -- St From MikeE at ster.invalid Sun Jun 12 16:54:03 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 12 18:55:03 2005 Subject: [SpamCop-List] Re: OpenRBL References: Message-ID: St - Musaic.Net wrote: > The owner forgot to renew openrbl.org - and someone else hijacked > it - great... > http://www.openrbl.org/dnsbl?t=s&l=&i=openrbl.org&b=Submit&t=s I think they renewed it belatedly, but they are currently caught up in nameserver hell; and I can't even get a dnsreport just now, it is 'stuck' trying to get the information. Domain Name:OPENRBL.ORG Created On:10-Jun-2001 20:24:21 UTC Last Updated On:12-Jun-2005 04:24:34 UTC Expiration Date:10-Jun-2006 20:24:21 UTC Name Server:DNS.PARKPAGE.FOUNDATIONAPI.COM = 67.15.35.16 Name Server:DNS2.PARKPAGE.FOUNDATIONAPI.COM = 67.15.35.52 There's no nameservice glue at the root nameservers, so you can't get to the site I think the new site is going to be at 67.15.35.183 & 182 whois -h whois.arin.net 67.15.35.183 ... Everyones Internet, Inc. 67.15.0.0 - 67.15.175.255 Optical Jungle 67.15.35.0 - 67.15.35.255 and that's where the nameservers are There's a webserver at 67.15.35.183 & 182 -- but that's all. -- Mike Easter kibitzer, not SC admin From 79ytka802 at sneakemail.com Mon Jun 13 01:13:44 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Jun 12 19:15:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: Steve Sybesma wrote: > I couldn't care LESS. > When in Rome do as the Romans. You are new to this community. Please respect OUR rules and conventions. Or go away. From nttp.sc.s at bigsleep.org Mon Jun 13 00:22:18 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 19:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: On 12 Jun 2005 John Richards entered spamcop and left news:d8hoi3$35r$1@news.spamcop.net: > What does driving on the left side of the road have to do with it? > You're confusing style and taste with laws. > What do laws have to do with it? Nothing, it's a metaphor, haven't you ever seen The Return of the Pink Panther? Or was it Son of the Pink Panther? -- | Ric | From 79ytka802 at sneakemail.com Mon Jun 13 01:22:49 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Sun Jun 12 19:25:20 2005 Subject: [SpamCop-List] Re: OpenRBL In-Reply-To: References: Message-ID: > St - Musaic.Net wrote: > >> The owner forgot to renew openrbl.org - and someone else hijacked >> it - great... >>http://www.openrbl.org/dnsbl?t=s&l=&i=openrbl.org&b=Submit&t=s > Mike Easter replied > I think they renewed it belatedly, but they are currently caught up in > nameserver hell; and I can't even get a dnsreport just now, it is > 'stuck' trying to get the information. From what I can tell neither of these assumptions are correct. The domain does not appear to have been renewed, but neither has it been snatched up by someone else. It looks like it has been pointed at the registrar's (or reseller's) parking place with a "click here to renew" link. From nobody at devnull.spamcop.net Sun Jun 12 19:24:13 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 12 19:25:27 2005 Subject: [SpamCop-List] Re: OpenRBL References: Message-ID: "St - Musaic.Net" wrote in message news:mailman.30.1118615641.169.spamcop-list@news.spamcop.net... > > The owner forgot to renew openrbl.org - and someone else hijacked it - great... > http://www.openrbl.org/dnsbl?t=s&l=&i=openrbl.org&b=Submit&t=s At present, it doesn't appear to be 'hijacked' to me .... Using data from Mike Easter's post; >Domain Name:OPENRBL.ORG >Created On:10-Jun-2001 20:24:21 UTC >Last Updated On:12-Jun-2005 04:24:34 UTC >Expiration Date:10-Jun-2006 20:24:21 UTC ^^^^^^^ - means not 'current' with patment >Name Server:DNS.PARKPAGE.FOUNDATIONAPI.COM >Name Server:DNS2.PARKPAGE.FOUNDATIONAPI.COM Which implies the same thing ... the domain is 'parked' ... still 'registered' but with no location assigned. I just went through this with/for a client .. death in the family had her on the road. Her web-site "went down" .. Talking to her, she did state that "yes, she had received an e-mail weekly for the last number of weeks, but just figured it was more spam as it wasn't coming from anyone she had ever heard of ..... Her ISP host touts Tucows as their 'agent' ... but checking via the "client control panel" shows OpenSRS all over those domain handling pages .... the e-mail had been coming from something/body like Registersapi ... when I followed those links, I ended up an a page jumping up and down, calling itself $15 domains ... spent some time trying to put all this stuff together, got myself convinced that everything in fact was associated ... she fed me numbers to fill in the money stuff, got those items caught up .... Sat back to let the DNS propagate .... Six hours later, a WHOIS is still showing "no name servers" ... hmmm, kind of hard to believe, and even if that propagated ...??? Turns out that I had to go to Dotster's web-site and manually update the records there to re-point the Domain to a set of name-servers. Web-site was back up in just a few minutes ... Phone calls suggest that perhaps things would have been 'handled' the following 'business' day ... in reality, this would have been like 4 days, due to timing and holidays .... From nttp.sc.s at bigsleep.org Mon Jun 13 00:24:30 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 19:25:33 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On 12 Jun 2005 Steven Maesslein entered spamcop and left news:slrndap6pg.5k0.nobody@127.0.0.1: > On Sun, 12 Jun 2005 13:18:57 -0400, Cherie coughed into spamcop and left > this in : > >> OK..so if I change my "program" all your posts will be on the top??? > > No, but using a real newsreader rather than Microsoft's toy newsreader > might knock some sense into you. > Yes, they can be at the top - of the window. -- | Ric | From nttp.sc.s at bigsleep.org Mon Jun 13 00:31:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Sun Jun 12 19:35:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On 12 Jun 2005 Lazlo Toth entered spamcop and left news:pan.2005.06.12.22.28.33.206190@spamcop.net: > On Sun, 12 Jun 2005 09:50:43 -0700, John Richards wrote: >> >> Mike, do you ever browse the groups under msnews.microsoft.com? Fully > ... > >> My motto is, when in Rome, do as the Romans do. > > But apparently there is no convention there. Is there a rule about top > posting? That's right, there isn't, so guess why it's a "standard". Why do only newsgroups and eMail have to be different than every other medium? Try reading a forum where the last posts are on top. -- | Ric | From steve at prolynx.com Sun Jun 12 18:48:03 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 19:50:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Same to you (I realize you may not see this, but JIC) PLONK! "D.F. Manno" wrote in message news:dfm2a3l0t2-FD3620.15231212062005@news.cesmail.net... > In article , > "Steve Sybesma" wrote: > > > STOP BEING SO SMALL-MINDED! > > TOP-POSTING IS ACCEPTABLE TO ALL BUT A FEW ANAL-RETENTIVE PEOPLE LIKE > > YOU > > > > BTW, POSTING TO NEWSGROUPS HAS BEEN ON A STEADY DECLINE FOR YEARS > > (PERCENTAGE-WISE), > > COMPARED TO POSTING TO OTHER FORUMS, BLOGS AND MESSAGE BOARDS. > > > > IT'S FRANKLY BECAUSE OF _SOME_ OF THIS 'NETIQUETTE' IDIOCY THAT THAT > > IS THE CASE. > > Top-posting _and_ shouting indicates to me that you do not and will > never have anything to say that I want to listen to. > > *plonk* > -- > D.F. Manno > dfm2a3l0t2@spymac.com > "The work goes on, the cause endures, the hope still lives and the dream > will never die." From steve at prolynx.com Sun Jun 12 18:49:12 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 19:50:15 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Get lost... PLONK! "Aviatrix" <79ytka802@sneakemail.com> wrote in message news:d8ifj1$gpt$1@news.spamcop.net... > > > Steve Sybesma wrote: > > > I couldn't care LESS. > > > > When in Rome do as the Romans. > > You are new to this community. Please respect OUR rules and conventions. > Or go away. From steve at prolynx.com Sun Jun 12 18:51:33 2005 From: steve at prolynx.com (Steve Sybesma) Date: Sun Jun 12 19:55:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: OE works just fine. I wouldn't waste my money for a bunch of snobs so you can get their approval. "Steven Maesslein" wrote in message news:slrndap6pg.5k0.nobody@127.0.0.1... > On Sun, 12 Jun 2005 13:18:57 -0400, Cherie coughed into spamcop and left > this in : > > > OK..so if I change my "program" all your posts will be on the top??? > > No, but using a real newsreader rather than Microsoft's toy newsreader > might knock some sense into you. > > Learning about signature delimiters might not be a bad thing either... > > -- > Steve > > Let's call it an accidental feature. > -- Larry Wall From baloo at ursine.ca Sun Jun 12 18:19:48 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:00:04 2005 Subject: [SpamCop-List] Re: OpenRBL References: Message-ID: <420vn2-i6b.ln1@ursine.ca> Mike Easter wrote: > There's no nameservice glue at the root nameservers, so you can't get to > the site No, that's not true. You'll never find glue at the root nameservers when the nameservers are in a different TLD than the domain their serving is in. It's Just The Way It Is(tm). See also: ursine.ca's DNS (which has no glue because all nameservers are .com and .org). That being said, openrbl.org started working again for me sometime last week. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:32:41 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:00:21 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: <9q0vn2-04c.ln1@ursine.ca> John Richards wrote: > That analogy is quite a stretch. Countries have laws dictating on which > side of the road one must drive. Not all countries. Most of central Africa, you drive on whichever side is more passable. Other countries don't always regulate what side you drive on. The US is a well-known example of this, particularly on roads maintained by the Department of Agriculture (United States Forest Service Roads, NFD roads, Bureau of Land Management roads) and Department of the Interior (Bureau of Indian Affairs roads), which do not usually maintain roads more than a lane or two wide and make only minimum improvements to the roadway (which is usually unpaved and rarely graded), though it's general courtesy to move to the right if possible when meeting another vehicle (this sometimes involves backing up as far as a mile for one of the vehicles). While there aren't laws about what side to drive on in such situations, violating standard convention usually results in messy results. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:36:27 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:00:43 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John Richards wrote: > Although it's not so much a problem in this newsgroup, the worst aspect > of bottom-posting occurs when the thread is long and there are several > levels of quoting. Bottom-posting also isn't the answer for exactly that reason. However, this does not validate top-posting as a user-friendly practice. Rather, it only highlights one of the chief problems with top-posting: Full quotation. http://ursine.ca/Top_Posting#Why_bottom-posting_also_isn.27t_the_answer > Few people nowadays will take the time to trim quotes judiciously. > Top-posting satisfies the need to save time, i.e., I can read the response > immediately without having to scroll through a screen or two of prior > quotes. Top posting does not satisfy the need to save time, because as the writer, you're supposed to be saving the reader time, not yourself. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:37:47 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:00:51 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Larry Kilgallen wrote: > In article , "John Richards" > writes: >> Mike Easter wrote: >>> >>> In almost all newsgroups top posting simply doesn't work. Can't work. >> >> Mike, do you ever browse the groups under msnews.microsoft.com? >> Fully 80% of the posts there are top-posted, including the ones by >> Microsoft employees. > > But certainly those are a small fraction of the total number of > newsgroups. As it isn't alt.* or the Big 8, it's not Usenet. Just some proprietary, backwater news heirarchy from some proprietary, backwater company that wouldn't know what standards were if it bit them in the ass. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:40:13 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:00:58 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Blammo wrote: > This problem is likely created by newsreaders that don't format threads in > a logical manner. Poorly designed programs create bad habits and imaginary > "standards". No, archives still are a problem. You have to remember who your audience is. Top posting very rarely serves your audience if you're corresponding with more than one person in a thread. It's extremely important to think about the maximum reach of your message. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:41:58 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:01:05 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Steve Sybesma wrote: > 1. Been on the internet longer than you, and that's almost certain > unless you were one of the few pre-1993 Yes, I am. Top posting being considered harmful is far from being anything new. Stop being ignorant. > 2. I DON'T GIVE A RAT'S BEHIND ABOUT ALL THE DETAILS OF 'NETIQUETTE' Then you don't belong online. I'd ask your provider for a refund. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:46:20 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:01:13 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Steve Sybesma wrote: > OE works just fine. I wouldn't waste my money > for a bunch of snobs so you can get their approval. There'x plenty of free or open source newsreaders for Windows. http://ursine.ca/Windows_Software#Mozilla.2C_Thunderbird_and_Firefox.C2.A0.28http%3A.2F.2Fwww.mozilla.org.2F.29 http://ursine.ca/Windows_Software#XNews.C2.A0.28http%3A.2F.2Fxnews.newsguy.com.2F.29 If you're paying to legally obtain crappier software, I've got a bridge in Brooklyn I'd like to sell you to help you complete your collection. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:46:55 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:01:20 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Steve Sybesma wrote: > I DON'T WANT IDIOTS LIKE YOU READING MY POSTS! PLEASE KILL FILE ME > ASAP! GEEZ! Why not unsubscribe from the group? We're your audience here whether you like it or not. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:54:04 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:01:27 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Steve Sybesma wrote: > STOP BEING SO SMALL-MINDED! > TOP-POSTING IS ACCEPTABLE TO ALL BUT A FEW ANAL-RETENTIVE PEOPLE LIKE > YOU http://ursine.ca/Steve_Sybesma Your moronics will be preserved for the ages. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Sun Jun 12 18:58:40 2005 From: baloo at ursine.ca (Paul Johnson) Date: Sun Jun 12 21:01:35 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: <0b2vn2-snc.ln1@ursine.ca> Steve Sybesma wrote: > Get lost... PLONK! Oh, come on. Can we get any more childish? You do realize killfiles work better when the target is unaware that they've been killfiled, right? -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From MikeE at ster.invalid Sun Jun 12 19:08:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 12 21:10:04 2005 Subject: [SpamCop-List] Re: OpenRBL References: <420vn2-i6b.ln1@ursine.ca> Message-ID: Paul Johnson wrote: > Mike Easter wrote: > >> There's no nameservice glue at the root nameservers, so you can't >> get to the site Well that part is wrong on a different principle, anyway. The current status is definitely parked, like WazoO sed. What I tho't was in the process of being changed is just the way the parking is done. I tho't it was being changed and 'shouldn't' be parked -- it may be being changed behind the scenes, but it is definitely and officially parked, in terms of the nameservice and 'parker'. > No, that's not true. You'll never find glue at the root nameservers > when the nameservers are in a different TLD than the domain their > serving is in. It's Just The Way It Is(tm). See also: ursine.ca's > DNS (which has no glue because all nameservers are .com and .org). > > That being said, openrbl.org started working again for me sometime > last week. It isn't working presently. Last week openrbl went thru a hiccup from which it recovered, but this parking seems to be more consistent. -- Mike Easter kibitzer, not SC admin From bounces at this.address Mon Jun 13 02:10:24 2005 From: bounces at this.address (e-mail to this address bounces) Date: Sun Jun 12 21:15:04 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Paul Johnson wrote: > http://ursine.ca/Steve_Sybesma > > Your moronics will be preserved for the ages. http://ursine.ca/Category:Online_lusers Bwahahahaha! Add your name to that list of lusers. You've really got *no life*, do you? Lol! From nobody at devnull.spamcop.net Sun Jun 12 21:44:27 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sun Jun 12 21:40:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "Brian (SnSR)" wrote in message news:d8i1i7$89b$1@news.spamcop.net... > Another thing that you may want to add is the preferable line length of > posted messages. Actually, I'm not sure if the reason your OE is > breaking quoted lines is from the composing side or the receiving side. > I don't have time to start up OE right now to check what may be causing > this. But, don't let me tell anyone else how it SHOULD be done ;) I have tried to correct it, but somehow never got it right. Maybe this time? Miss Betsy From nobody at devnull.spamcop.net Sun Jun 12 21:54:02 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Jun 12 21:55:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Paul Johnson wrote: > Steve Sybesma wrote: > > >>1. Been on the internet longer than you, and that's almost certain >>unless you were one of the few pre-1993 > > > Yes, I am. Top posting being considered harmful is far from being anything > new. Stop being ignorant. I've also been on the internet since before 1993. My dad had computers in the home since the 80s, and I got into BBS type stuff on his computers as a kid. Little Stevie seems so sure that he knows more than everyone else when he really knows very little. >>2. I DON'T GIVE A RAT'S BEHIND ABOUT ALL THE DETAILS OF 'NETIQUETTE' > > > Then you don't belong online. I'd ask your provider for a refund. LOL! For someone who whines a lot about how people shouldn't be rude in newsgroups, Little Stevie sure doesn't mind being rude to others. I wonder why he thinks it's ok for him to be rude to others while falsely accusing others of being rude to him. From nobody at devnull.spamcop.net Sun Jun 12 21:58:59 2005 From: nobody at devnull.spamcop.net (Cat) Date: Sun Jun 12 22:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: Blammo wrote: > Why do only newsgroups and eMail have to be different than every other > medium? > Try reading a forum where the last posts are on top. And if top posting is so bloody wonderful, then why aren't books written to read from the bottom of the page to the top of the page or with the last page being the beginning of the book with the first page being at the end of the book? From nobody at spamcop.net Sun Jun 12 20:33:00 2005 From: nobody at spamcop.net (N. Miller) Date: Sun Jun 12 22:35:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: <1tt0g8jwljahi.dlg@news.spamcop.net> On Sat, 11 Jun 2005 23:43:07 -0600, Steve Sybesma wrote: > That's only true if you live in China. > > This is America and personal taste is not anarchy. > > Thanks but no thanks. > > I stand by my opinion and respect you for standing > by yours, but the insinuation of yours is unwelcome. Two weeks ago I attended a convention as part of the staff. My department head went to his hotel room one night, and there were several people holding a vodka party in front of his room. Personal taste? While I was off duty, I sat in on one room showing a film. At the back, taking up four seats, was a couple; the guy lying flat on his back, his girl lying on top. Full body contact, face to face, engaging in activity other than watching the film. In a family friendly film room. Personal taste? This may be the U.S. of A., but it isn't a free-for-all culture. Your opinion is just that; and, in this place, it is out of place. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tfm3 at nospam.teleproc.com Sun Jun 12 23:16:54 2005 From: tfm3 at nospam.teleproc.com (Thomas Mooney) Date: Sun Jun 12 23:20:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "Cat" wrote in message news:d8ip8t$nd7$2@news.spamcop.net... > > And if top posting is so bloody wonderful, then why aren't books written > to read from the bottom of the page to the top of the page or with the > last page being the beginning of the book with the first page being at > the end of the book? Without taking sides in this argument I'd like to point out that there are languages that do just that. I'm not Jewish, but the last time I was at temple (for my son's friend's Bar Mizvah) the books were numbered from back to front. There are languages that are written on the page from bottom to top and from right to left. -- TFM3 Note: Spam-resistant e-mail address From jr70 at blackhole.invalid Sun Jun 12 21:25:10 2005 From: jr70 at blackhole.invalid (John Richards) Date: Sun Jun 12 23:30:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Cat wrote: > > And if top posting is so bloody wonderful, then why aren't books written > to read from the bottom of the page to the top of the page or with the > last page being the beginning of the book with the first page being at > the end of the book? Wrong paradigm. A newsgroup thread isn't anything like a one-author book. It is more like an email to which multiple correspondents have serially responded. The overwhelming majority of that type of email I've seen had the responses top-posted. -- John Richards From nobody at nowhere.not Mon Jun 13 05:00:15 2005 From: nobody at nowhere.not (Robert Blair) Date: Mon Jun 13 00:05:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: On Sun, 12 Jun 2005 21:28:13 UTC, "Porpoise" wrote: > Just watch out for the speed cameras and sleeping policemen!! When I lived there a lot of the speed cameras did not have any film in them but the sleeping policeman were hell if you did not notice them. Soon to be going to the UK for a visit. -- Robert Blair From edb2000 at spamcop.net Sun Jun 12 22:24:22 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Mon Jun 13 00:25:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: Robert Blair wrote: > On Sun, 12 Jun 2005 21:28:13 UTC, "Porpoise" > wrote: > > >>Just watch out for the speed cameras and sleeping policemen!! > > > When I lived there a lot of the speed cameras did not have any film in > them but the sleeping policeman were hell if you did not notice them. Can't help but laugh. In Panama, the local name for a speed bump on the road is "polic?a muerto" -- dead policeman. -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Mon Jun 13 14:35:49 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Jun 13 00:40:03 2005 Subject: [SpamCop-List] Re: Automation In-Reply-To: References: Message-ID: Steve Sybesma wrote: > Here we go again folks: > > (Browbeaters use your kill files please.) > > I use Win98SE and OE6. > (By preference, not necessity.) > > Looking for some way to automate > the sending of spam to the 'quick' > e-mail address I use for SpamCop. > > I would like to selectively highlight > mail that I consider spam (which is > why I don't want to use a program > like MailWasher, etc.), then be able > to right-click and have a context menu > item similar to "Forward As Attachment" > which takes it the next few steps so that > I don't have to select the group send that > I use (SpamCop, the FTC and my ISP) > and I don't have to hit 'Send'. > > I want to make it every bit as easy to > report spam as it is to delete it. This will > be an encouragement to anyone who > still uses Outlook Express 6 to do their > spam reports. > > Steve > Thornton, CO There is a tool called OlSpamcop that does exactly that. Unfortunately it works with Outlook only. Maybe they will develop an OE version some day? Details at http://olspamcop.org/ From nttp.sc.s at bigsleep.org Mon Jun 13 06:00:24 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 01:05:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On 12 Jun 2005 John Richards entered spamcop and left news:d8iuam$qc0$1@news.spamcop.net: > Wrong paradigm. > A newsgroup thread isn't anything like a one-author book. It is more > like an email to which multiple correspondents have serially responded. > The overwhelming majority of that type of email I've seen had the > responses top-posted. > Still Wrong paradigm. This is a semi-public newsgroup with a threaded context. I hate emails like that, they are impossible to follow. Mike started this thread pointing out why bottom posting is better. All you can offer is "sometimes people top post and it works fine". For no particular reason? So in other words some people are too lazy to make sense out of their conversation? This arguement goes nowhere because people claim they are under the control of their software and can't or just won't try to do something logical. Come up with a reason that you can't blame on your software. -- | Ric From bar_n0ne at hotmail.com Mon Jun 13 11:17:40 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 13 02:20:02 2005 Subject: [SpamCop-List] Mail bombing by Big Miks, and dusked .biz Message-ID: Anyone else getting daily dozens of "call some number in Sao Tome/Principe to chat with girls" from some Big Mike (Lindsey?) , or "enhancer" spam from dusked.biz? (No -master on that site) All from zombies, mostly in Korea From bar_n0ne at hotmail.com Mon Jun 13 11:20:29 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 13 02:25:03 2005 Subject: [SpamCop-List] What's with "No - Master" Message-ID: Seeiong more and more spam sources and spamvertized sites that, according to the parser, have "No Master" What does that mean? is that hijacked unallocated space? or another meaningless message for when SC prefers to decline to send reports? Curious minds would like to know. From bar_n0ne at hotmail.com Mon Jun 13 11:34:38 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 13 02:35:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> <1tt0g8jwljahi.dlg@news.spamcop.net> Message-ID: "Many people" posted on this topic > Sheesh, top/bottom posting must be way more interesting rhan anything else in this NG, shouldn't this f/up to social? From nttp.sc.s at bigsleep.org Mon Jun 13 07:36:09 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 02:40:03 2005 Subject: [SpamCop-List] Re: What's with "No - Master" References: Message-ID: On 12 Jun 2005 Berny entered spamcop and left news:d8j8je$vpd$1@news.spamcop.net: > Seeiong more and more spam sources and spamvertized sites that, > according to the parser, have "No Master" > > What does that mean? is that hijacked unallocated space? or another > meaningless message for when SC prefers to decline to send reports? > > Curious minds would like to know. > > whois.apnic.net 221.11.133.41 (nothing found) host 221.11.133.41 (getting name) no name No reporting addresses found for 221.11.133.41, using devnull for tracking. Though checking senderbase, it's apparently - CNC Group Hainan province network I guess I don't understand it either. -- | Ric From nobody at devnull.spamcop.net Mon Jun 13 16:55:16 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Jun 13 03:00:02 2005 Subject: [SpamCop-List] nomaster@devnull.spamcop.net Message-ID: http://www.spamcop.net/sc?id=z774369315z25b734e32edfc5c338d5afd108ac9b67z Last week I asked about bad_tracking; thanks for the replies on this. This week I am getting a website reported to 'nomaster@devnull.spamcop.net' - what is this? The website is http://vxrusoga4ssqk72o479o.cismontaneef.com/ which resolves to IP address 221.11.133.42 If I run this through Completewhois I get back "CNC Group Hainan province network" with a reporting address of 'abuse@cnc-noc.net'. So why 'nomaster@devnull.spamcop.net' - just curious. From bar_n0ne at hotmail.com Mon Jun 13 12:14:11 2005 From: bar_n0ne at hotmail.com (Berny) Date: Mon Jun 13 03:15:03 2005 Subject: [SpamCop-List] Re: nomaster@devnull.spamcop.net References: Message-ID: "Patto" wrote in message news:d8jakj$1b4$1@news.spamcop.net... > This week I am getting a website reported to > 'nomaster@devnull.spamcop.net' - what is this? The website is > http://vxrusoga4ssqk72o479o.cismontaneef.com/ which resolves to IP > address 221.11.133.42 > > If I run this through Completewhois I get back "CNC Group Hainan > province network" with a reporting address of 'abuse@cnc-noc.net'. So > why 'nomaster@devnull.spamcop.net' - just curious. It's not just that address, I get that for various IP's in 61.*, 69.* 212.*, 201.* (memory's not perfect) to name some that come to mind From nttp.sc.s at bigsleep.org Mon Jun 13 08:15:20 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 03:20:03 2005 Subject: [SpamCop-List] Good response from Telenor Message-ID: Shortly after sending an unmunged report to abuse at telenor.net I received a positive reply. Now this could be the standard Cockroach Letter, but time will tell, and it's a well formed response... -------------- At 19:52 CEST 2005-06-12 "Blammo" wrote: > [ SpamCop V1.460 ] [Short headers from spam here - they removed the spam!] We have added a block to this account, which we believe will stop further problems of this kind. The customer will also be notified. Please excuse the inconvenience. -- Abuse Response Team abuse at telenor dot net Telenor -------------- -- | Ric From nobody at devnull.spamcop.net Mon Jun 13 17:18:30 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Jun 13 03:20:14 2005 Subject: [SpamCop-List] Re: nomaster@devnull.spamcop.net In-Reply-To: References: Message-ID: Berny wrote: > "Patto" wrote in message > news:d8jakj$1b4$1@news.spamcop.net... > >>This week I am getting a website reported to >>'nomaster@devnull.spamcop.net' - what is this? The website is >>http://vxrusoga4ssqk72o479o.cismontaneef.com/ which resolves to IP >>address 221.11.133.42 >> >>If I run this through Completewhois I get back "CNC Group Hainan >>province network" with a reporting address of 'abuse@cnc-noc.net'. So >>why 'nomaster@devnull.spamcop.net' - just curious. > > > It's not just that address, I get that for various IP's in 61.*, 69.* 212.*, > 201.* (memory's not perfect) > > to name some that come to mind Sorry, I didn't see your post from half an hour before mine. I usually hate it when several people post the same question over and over again. Apologies... :) From nobody at spamcop.net Mon Jun 13 02:07:43 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Jun 13 04:10:03 2005 Subject: [SpamCop-List] Re: Good response from Telenor References: Message-ID: "Blammo" wrote in message news:Xns96742B168BD5blammo@216.154.195.61... > Shortly after sending an unmunged report to abuse at telenor.net I > received > a positive reply. Now this could be the standard Cockroach Letter, but > time > will tell, and it's a well formed response... > > -------------- > > At 19:52 CEST 2005-06-12 "Blammo" wrote: >> [ SpamCop V1.460 ] > [Short headers from spam here - they removed the spam!] > > > We have added a block to this account, which we believe will stop further > problems of this kind. The customer will also be notified. > > Please excuse the inconvenience. > Translation: Thank you for the email addy. You have been wash listed > > > -- > Abuse Response Team > abuse at telenor dot net > Telenor > > -------------- > > -- > | Ric From nttp.sc.s at bigsleep.org Mon Jun 13 09:16:30 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 04:20:03 2005 Subject: [SpamCop-List] Re: Good response from Telenor References: Message-ID: On 13 Jun 2005 NerdRevenge entered spamcop and left news:d8jerr$3u3$1@news.spamcop.net: > Translation: Thank you for the email addy. You have been wash listed > I could've figured that out myself. I have plenty of eMail addresses they don't have yet. What is your basis for that assumption? -- | Ric From nttp.sc.s at bigsleep.org Mon Jun 13 09:26:21 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 04:30:03 2005 Subject: [SpamCop-List] Re: Good response from Telenor References: Message-ID: On 13 Jun 2005 Blammo entered spamcop and left news:Xns96742B168BD5blammo@216.154.195.61: > Now this could be the standard Cockroach Letter, but time > will tell I should've thought to try this before posting... I tried an open proxy test on that IP and found nothing. -- | Ric From nobody at nowhere.invalid Mon Jun 13 11:31:08 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 13 04:35:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <0b2vn2-snc.ln1@ursine.ca> Message-ID: On Sun, 12 Jun 2005 17:58:40 -0700, Paul Johnson coughed into spamcop and left this in <0b2vn2-snc.ln1@ursine.ca>: > Steve Sybesma wrote: > >> Get lost... PLONK! > > Oh, come on. Can we get any more childish? You do realize killfiles work > better when the target is unaware that they've been killfiled, right? This trollette probably doesn't even know what a killfile is and thinks that "plonk" is some spamcop-specific expletive :) -- Steve "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it." -- Gene "spaf" Spafford (1992) From nobody at nowhere.invalid Mon Jun 13 11:32:54 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 13 04:35:15 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On Sun, 12 Jun 2005 17:37:47 -0700, Paul Johnson coughed into spamcop and left this in : > As it isn't alt.* or the Big 8, it's not Usenet. Just some proprietary, > backwater news heirarchy from some proprietary, backwater company that > wouldn't know what standards were if it bit them in the ass. Such as, erm.... SpamCop? -- Steve "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it." -- Gene "spaf" Spafford (1992) From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 13 09:35:03 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 13 04:40:02 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Berny" wrote in news:d8h42q$mbe$1@news.spamcop.net: > > ummm... I was talking about us, disruption in the west. > > Ah.. sorry about the misconception. Who knows, what would actually happen. They may cause a major disruption. However with all the script kiddies and spammers assaulting our networks over the past several years, we do have some defenses at the router level. From redford_stone at INVERSE_OF_COLDmail.com Mon Jun 13 09:42:40 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Mon Jun 13 04:45:32 2005 Subject: [SpamCop-List] Re: What's with "No - Master" - Ping Ellen References: Message-ID: Blammo wrote in news:Xns9673F03127398blammo@216.154.195.61: > > whois.apnic.net 221.11.133.41 (nothing found) > host 221.11.133.41 (getting name) no name > No reporting addresses found for 221.11.133.41, using devnull for > tracking. > > Though checking senderbase, it's apparently - CNC Group Hainan > province network > > I guess I don't understand it either. > I wonder if it is an issue with Spamcop's queries to APNIC's database. (i.e. too many queries per day, etc.) From nobody at devnull.spamcop.net Mon Jun 13 05:06:41 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Jun 13 05:05:11 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "John Richards" wrote in message news:d8iuam$qc0$1@news.spamcop.net... > A newsgroup thread isn't anything like a one-author book. It is more > like an email to which multiple correspondents have serially responded. > The overwhelming majority of that type of email I've seen had the > responses top-posted. It makes sense when you are using email like snail mail to keep your previous copies in the same file. Businesses generally keep correspondence in an ordered file. In that case you don't want to mess with the previous email because it is a 'record.' But for a conversation or discussion, top posting in an email doesn't make sense. It works much better to have comments inline. People who don't live inside the box (trying to make email work like snail mail) realize that and will comment inline. In individual emails, sometimes it isn't necessary; other times, it works much better and individuals can switch back and forth. However, when it is a ng, then most of the time, top posting doesn't work and consistency is more important. For those times when inline isn't necessary, then giant snips are in order. Miss Betsy From MikeE at ster.invalid Mon Jun 13 03:27:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 05:30:02 2005 Subject: [SpamCop-List] Re: nomaster@devnull.spamcop.net References: Message-ID: Patto wrote: www.spamcop.net/sc?id=z774369315z25b734e32edfc5c338d5afd108ac9b67z > > Last week I asked about bad_tracking; thanks for the replies on this. > > This week I am getting a website reported to > 'nomaster@devnull.spamcop.net' - what is this? The website is > http://vxrusoga4ssqk72o479o.cismontaneef.com/ which resolves to IP > address 221.11.133.42 > > If I run this through Completewhois I get back "CNC Group Hainan > province network" with a reporting address of 'abuse@cnc-noc.net'. So > why 'nomaster@devnull.spamcop.net' - just curious. ch455-ch444 discrepancy What SC sees in apnic can be seen here http://www.spamcop.net/sc?action=showwhois;cmd=221.11.133.42 That's not exactly what I see, but the important thing is that from that view, SC derives that the abuse contact is admin-c: CH455-AP tech-c: CH455-AP and so then its algorithm is to lookup that handle.in apnic, and what it wants to see is an email line, not a changed line. When it doesn't get an address on the email line but instead gets it on the changed line, its apnic gizmo comes up empty, see http://www.spamcop.net/sc?action=showwhois;cmd=ch455-ap This problem is what I call the 'ch455-ch444 discrepancy' As much as I hate to make full pastings of apnic, I'll put this one in here for demonstration purposes, making * denotations on the left.. whois -h whois.apnic.net ch455-ap ... role: CNCGroup Hostmaster e-mail: abuse@cnc-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China * nic-hdl: CH455-AP phone: +86-10-82993155 fax-no: +86-10-82993102 country: CN * admin-c: CH444-AP * tech-c: CH444-AP * changed: abuse@cnc-noc.net 20041119 mnt-by: MAINT-CNCGROUP source: APNIC person: CNCGroup Hostmaster * nic-hdl: CH444-AP * e-mail: abuse@cnc-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China phone: +86-10-82993155 fax-no: +86-10-82993144 country: CN changed: abuse@cnc-noc.net 20041220 mnt-by: MAINT-CNCGROUP source: APNIC -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 13 03:58:20 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 06:00:03 2005 Subject: [SpamCop-List] Re: nomaster@devnull.spamcop.net References: Message-ID: Mike Easter wrote: > > whois -h whois.apnic.net ch455-ap ... > > role: CNCGroup Hostmaster > e-mail: abuse@cnc-noc.net SC should be able to see that line. When I investigated this 455-444 problem before, there wasn't an email line for 455. > address: No.156,Fu-Xing-Men-Nei Street, > address: Beijing,100031,P.R.China > * nic-hdl: CH455-AP > phone: +86-10-82993155 > fax-no: +86-10-82993102 > country: CN > * admin-c: CH444-AP > * tech-c: CH444-AP > * changed: abuse@cnc-noc.net 20041119 > mnt-by: MAINT-CNCGROUP > source: APNIC > > person: CNCGroup Hostmaster > * nic-hdl: CH444-AP > * e-mail: abuse@cnc-noc.net > address: No.156,Fu-Xing-Men-Nei Street, > address: Beijing,100031,P.R.China > phone: +86-10-82993155 > fax-no: +86-10-82993144 > country: CN > changed: abuse@cnc-noc.net 20041220 > mnt-by: MAINT-CNCGROUP > source: APNIC > -- Mike Easter kibitzer, not SC admin From 79ytka802 at sneakemail.com Mon Jun 13 13:33:52 2005 From: 79ytka802 at sneakemail.com (Aviatrix) Date: Mon Jun 13 07:35:03 2005 Subject: [SpamCop-List] Re: Good response from Telenor In-Reply-To: References: Message-ID: Blammo wrote: > On 13 Jun 2005 NerdRevenge entered spamcop and left > news:d8jerr$3u3$1@news.spamcop.net: > > >>Translation: Thank you for the email addy. You have been wash listed >> Telenor is Norway's national telco. I doubt they'd engage in listwashing. From blacklist-me at davjam.org Mon Jun 13 14:19:30 2005 From: blacklist-me at davjam.org (David Bolt) Date: Mon Jun 13 08:25:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On Sun, 12 Jun 2005, Paul Johnson wrote:- >Larry Kilgallen wrote: > >> In article , "John Richards" >> writes: >>> Mike, do you ever browse the groups under msnews.microsoft.com? >>> Fully 80% of the posts there are top-posted, including the ones by >>> Microsoft employees. >> >> But certainly those are a small fraction of the total number of >> newsgroups. > >As it isn't alt.* or the Big 8, it's not Usenet. Just some proprietary, >backwater news heirarchy from some proprietary, backwater company that >wouldn't know what standards were if it bit them in the ass. They did at least recognise Usenet standards, or some of them. Way back in 2000, they published a FAQ for posting to the microsoft.public.* newsgroups[0]. This FAQ included the following under the section General Posting Guidelines: When including text from a previous message in the thread, trim it down to include only text pertinent to your response. Your response should appear below the quoted information. In follow-ups, whether News or Mail, CUT headers & signatures, PRUNE quotations, and preserve order. That is to say, quote above each part of your reply as much of the earlier stuff as is needed to put the new material in context, but no more; most readers will be able to refer to the earlier article itself, if need be. Never write on the same line as a quotation, except in lists and notes; generally leave a wholly blank line between. Do not quote the header or the signature, unless it is relevant to do so. Unfortunately, it appears that these guidelines weren't enforced, the newbies didn't know any better and weren't corrected. Since then, they've spread out onto Usenet as a whole, and the other private news servers, top-posting and gaining a "sod your conventions, I'm doing it my way and if you don't like it, well tough" type of attitude in the process. [0] or Regards, David Bolt -- Member of Team Acorn checking nodes at 63 Mnodes/s: http://www.distributed.net/ AMD 1800 1Gb WinXP/SuSE 9.3 | AMD 2400 160Mb SuSE 8.1 | AMD 2400 256Mb SuSE 9.0 AMD 1300 512Mb SuSE 9.0 | Falcon 14Mb TOS 4.02 | STE 4Mb TOS 1.62 RPC600 129Mb RISCOS 3.6 | A3010 4Mb RISCOS 3.11 | A4000 4Mb RISCOS 3.11 From TheBurgerMan at gmail.com Mon Jun 13 11:40:47 2005 From: TheBurgerMan at gmail.com (TheBurgerMan) Date: Mon Jun 13 09:45:03 2005 Subject: [SpamCop-List] Looking for free Spam filters for our gateway ... Message-ID: Hi all. We currently use Symantec AntiVirus for SMTP Gateways DNSBL and bl.spamcop.net to detect spam, but it is still letting a lot through (about 10-15%) Can anyone suggest another (complemtory) blocking list service to use with bl.spamcop.net -- and/or -- Another product to filter the spam (for use with the DNSBL)? -- Thanks, TheBurgerMan at gmail.com -- From Vangu at rd.invalid Mon Jun 13 09:59:30 2005 From: Vangu at rd.invalid (Vanguard) Date: Mon Jun 13 10:00:02 2005 Subject: [SpamCop-List] Re: Looking for free Spam filters for our gateway ... References: Message-ID: "TheBurgerMan" wrote in message news:d8k2d0$e9q$1@news.spamcop.net... > Hi all. We currently use Symantec AntiVirus for SMTP Gateways DNSBL > and bl.spamcop.net to detect spam, but it is still letting a lot > through (about 10-15%) > > Can anyone suggest another (complemtory) blocking list service to use > with bl.spamcop.net SpamHaus SBL+XBL (www.spamhaus.org) NJABL (www.njabl.org) CBL (cbl.abuseat.org, although SpamHaus might include this in one of their lists) blitzed.org (might also be included in a SpamHaus list) ordb.org sorbs.org You need to read what those sources actually list to know if how they detect and what they list is appropriate for your needs. > -- and/or -- > Another product to filter the spam (for use with the DNSBL)? And your number of users would be? I use SpamPal but that is for personal use on one host. It can be setup as a shared server but it probably doesn't scale well in a production environment with over 20 employees (check over at www.spampalforums.org to see how others may have used it as a server rather than just as a local and personal proxy). From TheBurgerMan at gmail.com Mon Jun 13 12:19:57 2005 From: TheBurgerMan at gmail.com (TheBurgerMan) Date: Mon Jun 13 10:20:04 2005 Subject: [SpamCop-List] Re: Looking for free Spam filters for our gateway ... References: Message-ID: Thanks Vanguard. We used to have 70+ users (mostly developers) and they subscribed to all manner of forums so I get about 25K spam a week, mostly for these inactive accounts. We currently have less than 10 employees. I will check this information. -- Thanks, TheBurgerMan at gmail.com -- "Vanguard" wrote in message news:d8k3g2$f2c$1@news.spamcop.net... > "TheBurgerMan" wrote in message > news:d8k2d0$e9q$1@news.spamcop.net... >> Hi all. We currently use Symantec AntiVirus for SMTP Gateways DNSBL and >> bl.spamcop.net to detect spam, but it is still letting a lot through >> (about 10-15%) >> >> Can anyone suggest another (complemtory) blocking list service to use >> with bl.spamcop.net > > SpamHaus SBL+XBL (www.spamhaus.org) > NJABL (www.njabl.org) > CBL (cbl.abuseat.org, although SpamHaus might include this in one of their > lists) > blitzed.org (might also be included in a SpamHaus list) > ordb.org > sorbs.org > > You need to read what those sources actually list to know if how they > detect and what they list is appropriate for your needs. > >> -- and/or -- >> Another product to filter the spam (for use with the DNSBL)? > > And your number of users would be? I use SpamPal but that is for personal > use on one host. It can be setup as a shared server but it probably > doesn't scale well in a production environment with over 20 employees > (check over at www.spampalforums.org to see how others may have used it as > a server rather than just as a local and personal proxy). > From jr70 at blackhole.invalid Mon Jun 13 08:48:52 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Jun 13 10:50:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Blammo wrote: > Mike started this thread pointing out why bottom posting is better. All you > can offer is "sometimes people top post and it works fine". For no > particular reason? So in other words some people are too lazy to make sense > out of their conversation? I don't recognize my "offer" as rephrased by you. I responded to Mike's statement that "In almost all newsgroups top posting simply doesn't work. Can't work." My response was that in Microsoft newsgroups (and there are hundreds of them) better than 80% of posts are top-posted, and it works out quite well. Top-posting and bottom-posting both have advantages and disadvantages. My primary objection is to those who treat posting style like it is some sort of holy religious grail, and any deviation from dogma is met with a fusilage of heavy caliber fire and threats of excommunication. -- John Richards From jr70 at blackhole.invalid Mon Jun 13 08:56:38 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Jun 13 11:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Miss Betsy wrote: > "John Richards" wrote in message > news:d8iuam$qc0$1@news.spamcop.net... > >> A newsgroup thread isn't anything like a one-author book. It is more >> like an email to which multiple correspondents have serially responded. >> The overwhelming majority of that type of email I've seen had the >> responses top-posted. > > It makes sense when you are using email like snail mail to keep > your previous copies in the same file. Businesses generally keep > correspondence in an ordered file. In that case you don't want to > mess with the previous email because it is a 'record.' I was talking about informal emails addressed to a whole bunch of friends and acquaintances. > But for a conversation or discussion, top posting in an email > doesn't make sense. It works much better to have comments inline. I agree, *if* the responder is making separate comments to separate points in the original. But if he is just making a quick single issue comment, top-posting works fine. -- John Richards From jr70 at blackhole.invalid Mon Jun 13 09:05:40 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Jun 13 11:10:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Kenneth Loafman wrote: > On Sun, 12 Jun 2005 07:56:57 -0400, "Cherie" > wrote: > >> ya know..when I am reading a long thread..going through each post..one by >> one..I HATE when I start reading the same dern sentence..over and over..I >> know what the thread says..I'm looking for the responses...and it makes it >> easy for me if they are on the top..see..ya'll didn't have to read all the >> crap below..probably didn't even have to scroll..to each his own > > I agree with you, but will follow convention in the newsgroups. I read > quickly, understand fully, and find extraneous quoting just slows down the > reading of the newsgroup. > > Bottom posting, or contextual posting, will not cause you much grief if > you get a newsreader that will colorize the quotes and allow you to set > the colors to something you can learn to ignore. In my case, I've learned > to read just the black on white parts and leave the blue stuff alone. > > ...Ken Good policy, which I also follow. My OE has used OE-QuoteFix for many years, colorizing the various quote levels. Still, it's a bother to have to scroll several screens of quotes before seeing a one-line reply. Sometimes I just don't bother and go on to the next post. Mind you, people in this NG are pretty good about trimming un- necessary quotes. -- John Richards From baloo at ursine.ca Mon Jun 13 08:37:25 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 11:10:18 2005 Subject: [SpamCop-List] Re: Looking for free Spam filters for our gateway ... References: Message-ID: <5ai0o2-8tr.ln1@ursine.ca> TheBurgerMan wrote: > Hi all. We currently use Symantec AntiVirus for SMTP Gateways DNSBL and > bl.spamcop.net to detect spam, but it is still letting a lot through > (about 10-15%) > > Can anyone suggest another (complemtory) blocking list service to use with > bl.spamcop.net bl.ursine.ca > -- and/or -- > Another product to filter the spam (for use with the DNSBL)? SpamAssassin -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Mon Jun 13 08:40:12 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 11:10:26 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Miss Betsy wrote: > It makes sense when you are using email like snail mail to keep > your previous copies in the same file. Businesses generally keep > correspondence in an ordered file. In that case you don't want to > mess with the previous email because it is a 'record.' No, it means you should be keeping a local mail archive, not breaking readability. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From Ilgaz at spamcop.net Mon Jun 13 19:27:59 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Jun 13 11:30:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: On 2005-06-13 11:35:03 +0300, Redstone said: > "Berny" wrote in news:d8h42q$mbe$1@news.spamcop.net: > > >> >> ummm... I was talking about us, disruption in the west. >> >> > > Ah.. sorry about the misconception. Who knows, what would actually > happen. They may cause a major disruption. However with all the script > kiddies and spammers assaulting our networks over the past several > years, we do have some defenses at the router level. > This China thing could be political too. After reporting the same spam from very same IP like 10th time (different kinds of crap), I started to believe they kind of support it. Oh whatever, its China, let their companies think about it since everyone blocking them. Ilgaz From Ilgaz at spamcop.net Mon Jun 13 19:31:55 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Jun 13 11:35:03 2005 Subject: [SpamCop-List] Re: OpenRBL References: Message-ID: On 2005-06-13 01:33:45 +0300, "St - Musaic.Net" said: > > The owner forgot to renew openrbl.org - and someone else hijacked it > - great... > http://www.openrbl.org/dnsbl?t=s&l=&i=openrbl.org&b=Submit&t=s I don't understand how it happens, e.g. I got iCal, Yahoo Alert, Phone Alert (by sync with iCal) and a written alert for a simpler thing: Cancel yahoo plus account I would burn in hell if I called myself anyway organized. :) You know, I am a Spamcop customer now and if I don't cancel, it will self pay. Nobody to blame, Yahoo works that way. Ilgaz From MikeE at ster.invalid Mon Jun 13 09:47:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 11:50:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John Richards wrote: > My response was that in Microsoft newsgroups (and there are hundreds > of them) better than 80% of posts are top-posted, and it works out > quite well. Actually it doesn't work out 'quite well' at all -- except for the popular situation in which someone asks a question and the MVP answers the question and the conversation is over. Anytime anything results in an ongoing dialog which needs to be conversational and in trimmed context, it is shot, a disaster. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Jun 13 12:47:59 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Jun 13 12:00:08 2005 Subject: [SpamCop-List] Spam subject of the week Message-ID: <42ADAAAF.E6A09A41@spamcop.net> I hereby nominate this for "Spam Subject of the Week": how to grow 3" of hard cock My first thought was "cut off the other 4?" :-) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From borgholio at storymind.com Mon Jun 13 11:00:03 2005 From: borgholio at storymind.com (Borgholio) Date: Mon Jun 13 13:05:04 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: WindsorFox[SS] wrote: > Borgholio wrote: > >> Here's a response I got after sending a Spamcop report on a "fake" >> bounce message: >> >> >> >> Hello SpamCop user, >> >> Please, look carefully for letters to report. >> >> >> >> What am I supposed to say to this? > > > > Reply with an Amazon link to a book teaching proper usage of English? Next time I just mind. :) From nobody at spamcop.net Mon Jun 13 14:10:08 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 13 13:15:02 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Doug Thegarden wrote: > Spaz wrote: > > > > FUCK YOU, ASSHOLE! > > > > > > You are cyclotouriste and ICMFP > http://makeashorterlink.com/?B52012E3B (one of the funniest forum > threads I've read in a long while) > Just a few choice quotes from that hilarious thread: "I am the guy who found out in detail about the plans to attack the WTC, the pentagon, and the US Capitol on or around 9-11-01. I have a book in the making right now, and part of it is on the internet." "I told them that I had written my novel and ended it with the airplane attack because I had been thoroughly screwed over in Florida, and that in the early seventies I was putting together exactly such an attack myself, and was considering doing it myself. I was looking into getting flight lessons. I had located a site where explosives could be stolen. I was putting together plans to load a cargo plane with fifty-five-gallon-drums of gasoline and the explosives. But initial planning was as far as I got with the plan because I could not stay motivated enough to follow through with it. I had been provoked, attacked, severely injured, almost murdered with the aiding and abetting of the government here, and I intended to make them pay in a way that history could not ignore or assign to a footnote." P.S. Hey Spaz/psychotouriste: I AM FED UP TO HERE WITH NO GOOD BASTARDS LIKE YOU ALL. FUCK OFF. ERASE MY POST. YOU HAD BETTER DO IT OR ELSE YOU HAD BETTER STEER CLEAR OF ME FOR THE REST OF YOUR LIFE TOO. From nobody at spamcop.net Mon Jun 13 14:14:38 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 13 13:15:14 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: Anyone besides me think Spaz and Steve Sybesma are a match made in heaven? ;-) Spaz wrote: > > I want to nail this asshole, plain and simple. "e-mail to this address bounces" wrote in message news:d8g9i4$6q2$1@news.spamcop.net... > Steve Sybesma wrote: >I'll accept DICK, but not PUSSY! From sam at logan1.loganet.net Mon Jun 13 13:05:16 2005 From: sam at logan1.loganet.net (Sam) Date: Mon Jun 13 13:24:58 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: Message-ID: On Sun, 12 Jun 2005, Cherie wrote: > OK..so if I change my "program" all your posts will be on the top??? Dunno what you are talking about. What program? What change? -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 From sam at logan1.loganet.net Mon Jun 13 13:07:38 2005 From: sam at logan1.loganet.net (Sam) Date: Mon Jun 13 13:27:20 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: Message-ID: On Sun, 12 Jun 2005, Steve Sybesma wrote: > Get lost... PLONK! Keep plonking. Soon you can top-post to yourself. :) -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 From nttp.sc.s at bigsleep.org Mon Jun 13 18:32:03 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Mon Jun 13 13:35:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: On 13 Jun 2005 John Richards entered spamcop and left news:d8k6r7$h27$1@news.spamcop.net: > But if he is just making a quick > single issue comment, top-posting works fine. I do agree with you there. If I get a list of tasks to do I'll just reply with "Done" at the top. And sometimes I don't even feel the need to include the original message. That isn't often though. -- | Ric From nobody at spamcop.net Mon Jun 13 14:54:10 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 13 13:55:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> <1tt0g8jwljahi.dlg@news.spamcop.net> Message-ID: indigo wrote: > Berny wrote: > > "Many people" posted on this topic > > > > > > > > > Sheesh, top/bottom posting must be way more interesting rhan > > anything else in this NG, shouldn't this f/up to social? > > Don't you dare....... From smcgarrett at hawaii.com Mon Jun 13 14:54:11 2005 From: smcgarrett at hawaii.com (Steve McGarrett) Date: Mon Jun 13 14:55:03 2005 Subject: [SpamCop-List] Re: What to say to this? In-Reply-To: References: Message-ID: Redstone wrote: > Borgholio wrote in > news:d8779q$k5$1@news.spamcop.net: . . . >>What am I supposed to say to this? > > > > "All your base belong to us." :-) > That's "All your base ARE belong to us." Better yet, how about "You are on the way to destruction. You have no chance to survive make your time." Aloha, McGarrett "LART 'em, Danno!" From eponym at I.hate.spam.com Mon Jun 13 16:10:11 2005 From: eponym at I.hate.spam.com (Eponym) Date: Mon Jun 13 15:15:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "Brian (SnSR)" wrote in message news:d8hql2$4o8$1@news.spamcop.net... > > If it bothers you that much to have to read a top posted message, > plonk-em. This is much less disruptive to this newsgroup and to your blood > pressure. Let other's that don't get so bothered by it deal with them. Or > let them go unanswered, which is often what happens anyway because the > discussion changes to 'correctness.' For me, it isn't important how someone posts...as long as the conversation is somewhat easy to follow. Despite some people's perceptions of bottom posting having some advantage, trying to read through the bottom posts in spamcop NGs is enough to give one a headache. I skip over a lot of posts here because it is just a waste of time to read through so much crap. I'll bottom post to make the pinheads happy, but it is really pretty stupid to get worked up over how someone posts. If I don't like it or it wastes too much time to read, I don't bother....however it is posted. My preference would be to top post...and if more detailed comments on an early post are called for, just write 'see comments in-line". Easier for everyone that way. From wb8tyw at qsl.network Mon Jun 13 15:49:13 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Jun 13 15:50:03 2005 Subject: [SpamCop-List] Re: Looking for free Spam filters for our gateway ... References: Message-ID: In article , "Vanguard" writes: > "TheBurgerMan" wrote in message > news:d8k2d0$e9q$1@news.spamcop.net... >> Hi all. We currently use Symantec AntiVirus for SMTP Gateways DNSBL >> and bl.spamcop.net to detect spam, but it is still letting a lot >> through (about 10-15%) >> >> Can anyone suggest another (complemtory) blocking list service to use >> with bl.spamcop.net > > SpamHaus SBL+XBL (www.spamhaus.org) > NJABL (www.njabl.org) Open Proxy database included in SBL+XBL. > CBL (cbl.abuseat.org, although SpamHaus might include this in one of > their lists) > blitzed.org (might also be included in a SpamHaus list) Both of these are in SBL+XBL > ordb.org > sorbs.org Actually it is sorbs.net Watch out for this one, ZONE 6 is an aggressive spamtrap zone that is usually listing multi-hop output from large ISPs. Using zone 6 may cause a lot of mail to be rejected. Use of dul.dnsbl.sorbs.net will get what appears to be the most up to date DHCP zones. So the summary of the above is: dul.dnsbl.sorbs.net sbl-xbl.spamhaus.org what ever ordb.org is, bl.spamcop.net Of course you are aware that bl.spamcop.net is aggressive and will occasionally list real mail servers that either are allowing multihop spam, bouncing spam/viruses to forged addresses, or had one of their own users manage to report their own mail server. There are also country specific and ISP specific DNSbls. > You need to read what those sources actually list to know if how they > detect and what they list is appropriate for your needs. > >> -- and/or -- >> Another product to filter the spam (for use with the DNSBL)? It really depends on that the capabilities of your mail server server is. SMTP protocol has two ways of indicating non-delivery, one is to issue a error or reject code while the message is being received, and the other way is to send a NDR to what is likely to be a forged address. Because such an NDR is abusive, it should never be sent for detected spam or viruses, which means that the only way to notify a real sender that their message was not delivered because it tripped your spam filter is to issue an SMTP reject before the SMTP transaction is over. Any spam filter that can not cause the SMTP dialog to be terminated with a reject is not suitable for a commercial mail server. Because with out the reject or the abusive NDR option, you either have to silently delete detected spam/worms or have a human inspect everything that the spam filter catches. I know of one site that is using SpamAssassin as a filter on their mail server to issue SMTP rejects for detected spam, so that is a Open Source offering. As far as a commercial offering, I was recently made aware of in another newsgroup that process software at www.process.com has a product that can also do this. The process software product acts as a gateway between your mail server and the internet. I am not affiliated with them and have not directly used either the SpamAssasin or Process Software offerings. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Mon Jun 13 16:57:22 2005 From: nobody at spamcop.net (indigo) Date: Mon Jun 13 16:00:02 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: Eponym wrote: > > For me, it isn't important how someone posts...as long as the > conversation is somewhat easy to follow. Despite some people's > perceptions of bottom posting having some advantage, trying to read > through the bottom posts in spamcop NGs is enough to give one a > headache. I skip over a lot of posts here because it is just a waste > of time to read through so much crap. That's called "insufficient trimming" and has nothing to do with bottom posting. Those people are lazy morons in a different way..... From nobody at nowhere.invalid Mon Jun 13 23:00:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Mon Jun 13 16:05:02 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: On Mon, 13 Jun 2005 15:10:11 -0400, Eponym coughed into spamcop and left this in : > trying to read through the bottom posts in spamcop NGs is enough to > give one a headache. Only if the posts aren't trimmed correctly. Furthermore, "bottom" posting isn't the way to post. "Inline" posting is. -- Steve Health nuts are going to feel stupid someday, lying in hospitals dying of nothing. From MikeE at ster.invalid Mon Jun 13 14:10:15 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 16:15:02 2005 Subject: [SpamCop-List] Re: Looking for free Spam filters for our gateway ... References: Message-ID: John E. Malmberg wrote: > "Vanguard" >> "TheBurgerMan" >>> Can anyone suggest another (complemtory) blocking list service to >>> use with bl.spamcop.net > So the summary of the above is: > > dul.dnsbl.sorbs.net > sbl-xbl.spamhaus.org > what ever ordb.org is, relays.ordb.org -- Mike Easter kibitzer, not SC admin From eponym at I.hate.spam.com Mon Jun 13 17:27:58 2005 From: eponym at I.hate.spam.com (Eponym) Date: Mon Jun 13 16:30:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "indigo" wrote in message news:d8kof2$ukc$1@news.spamcop.net... > > That's called "insufficient trimming" and has nothing to do with bottom > posting. Those people are lazy morons in a different way..... > Whatever it is...it is more offensive than top posting...to me anyway. And the pinheads that harp about top posting seem to be the worst offenders! From nospam at dev.null Tue Jun 14 00:03:56 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jun 13 17:05:03 2005 Subject: [SpamCop-List] Re: Mail bombing by Big Miks, and dusked .biz References: Message-ID: "Berny" wrote in message news:d8j8e9$vlq$1@news.spamcop.net... > Anyone else getting daily dozens of "call some number in Sao Tome/Principe > to chat with girls" from some Big Mike (Lindsey?) , or "enhancer" spam from > dusked.biz? (No -master on that site) > > All from zombies, mostly in Korea > Not bombing me - BUT some trashy looking whois. Meets first pass scrutiny, second pass though ...:-( If you live in US, maybe quick call to +1.9499738223 to check. Then whois report I am sure (http://wdprs.internic.net/ :-) Else domain will proably get new NS domain(s) when NS'es on UNBOSOMED.NET die and problem continues a while longer. Also, your friend is Google: http://forum.icann.org/alac-forum/msg00055.html , http://www.nux.at/newsportal-usenet/article.php/news.admin.net-abuse.email/2277525.html Cheers and best of luck. Kill em dead! Anty Spam ========================= Domain Name: DUSKED.BIZ Domain ID: D9795787-BIZ Sponsoring Registrar: PRIMUS TELECOMMUNICATIONS PTY LTD. ( Anty's Note: http://www.internic.net/registrars/registrar-240.html) Sponsoring Registrar IANA ID: 240 Domain Status: ok Registrant ID: ID00185606-PR Registrant Name: jioris rivera Registrant Address1: 2212482 alma aldea Registrant City: rancho santa magarit Registrant State/Province: ca Registrant Postal Code: 92688 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.9499738223 Registrant Email: jjasask@hotmail.com Administrative Contact ID: ID00185606-PR Administrative Contact Name: jioris rivera Administrative Contact Address1: 2212482 alma aldea Administrative Contact City: rancho santa magarit Administrative Contact State/Province: ca Administrative Contact Postal Code: 92688 Administrative Contact Country: United States Administrative Contact Country Code: US Administrative Contact Phone Number: +1.9499738223 Administrative Contact Email: jjasask@hotmail.com Billing Contact ID: ID00185606-PR Billing Contact Name: jioris rivera Billing Contact Address1: 2212482 alma aldea Billing Contact City: rancho santa magarit Billing Contact State/Province: ca Billing Contact Postal Code: 92688 Billing Contact Country: United States Billing Contact Country Code: US Billing Contact Phone Number: +1.9499738223 Billing Contact Email: jjasask@hotmail.com Technical Contact ID: ID00185606-PR Technical Contact Name: jioris rivera Technical Contact Address1: 2212482 alma aldea Technical Contact City: rancho santa magarit Technical Contact State/Province: ca Technical Contact Postal Code: 92688 Technical Contact Country: United States Technical Contact Country Code: US Technical Contact Phone Number: +1.9499738223 Technical Contact Email: jjasask@hotmail.com Name Server: NS1.UNBOSOMED.NET Name Server: NS2.UNBOSOMED.NET Created by Registrar: PRIMUS TELECOMMUNICATIONS PTY LTD. Last Updated by Registrar: PRIMUS TELECOMMUNICATIONS PTY LTD. Domain Registration Date: Sun May 22 04:25:21 GMT 2005 Domain Expiration Date: Mon May 21 23:59:59 GMT 2007 Domain Last Updated Date: Fri Jun 10 14:41:30 GMT 2005 >>>> Whois database was last updated on: Mon Jun 13 20:28:34 GMT 2005 <<<< Domain Name: UNBOSOMED.NET Registrar: TUCOWS INC. Whois Server: whois.opensrs.net Referral URL: http://domainhelp.tucows.com Name Server: NS1.UNBOSOMED.NET Name Server: NS2.UNBOSOMED.NET Status: REGISTRAR-LOCK Status: REGISTRAR-HOLD <<<<<<<<<<<<<<<<<<<< Message-ID: Neither do I. I agree with him on that point, where it applies to in-depth replies to technical points which wouldn't make sense otherwise. Perhaps it does in that arena. In those circumstances, the easiest thing is to just ignore them. I hope you can follow this reply, as it's top-posted with no context relating to any of the points. But of course you can find them in the text which is quoted in it's entirety below. Unfortunately though, that means scrolling up and down in order to try and link the relevant items together. If this were a reply to a technical question with much more critical detail to disseminate, or would be even more difficult to make sense of without proper sequential quote and trim and contextualising. That would also make it far less disjointed. "John Richards" wrote in message news:d8k6cl$glt$1@news.spamcop.net... > Blammo wrote: >> Mike started this thread pointing out why bottom posting is better. All >> you >> can offer is "sometimes people top post and it works fine". For no >> particular reason? So in other words some people are too lazy to make >> sense >> out of their conversation? > > I don't recognize my "offer" as rephrased by you. > I responded to Mike's statement that "In almost all newsgroups top posting > simply doesn't work. Can't work." > My response was that in Microsoft newsgroups (and there are hundreds > of them) better than 80% of posts are top-posted, and it works out > quite well. > Top-posting and bottom-posting both have advantages and disadvantages. > My primary objection is to those who treat posting style like it is some > sort of holy religious grail, and any deviation from dogma is met with a > fusilage of heavy caliber fire and threats of excommunication. > > -- > John Richards > > > From jr70 at blackhole.invalid Mon Jun 13 15:33:43 2005 From: jr70 at blackhole.invalid (John Richards) Date: Mon Jun 13 17:35:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: indigo wrote: > Eponym wrote: >> >> For me, it isn't important how someone posts...as long as the >> conversation is somewhat easy to follow. Despite some people's >> perceptions of bottom posting having some advantage, trying to read >> through the bottom posts in spamcop NGs is enough to give one a >> headache. I skip over a lot of posts here because it is just a waste >> of time to read through so much crap. > > That's called "insufficient trimming" and has nothing to do with bottom > posting. Au contraire! The difference is that *when* there is insufficient trimming, it affects a bottom-posted reply adversely, while a top-posted reply is not so penalized. Unless I'm extremely interested in the topic, I will not bother scrolling past a screenful of quoted text. -- John Richards From jamie66000 at hotmail.com Mon Jun 13 18:35:25 2005 From: jamie66000 at hotmail.com (Jamie) Date: Mon Jun 13 17:40:03 2005 Subject: [SpamCop-List] [chinatietong.com] no reporting address 61.232.205.187 Message-ID: Can one of the spamcop admins look into this for me. Says there is no valid reporting address for 61.232.205.187 http://www.spamcop.net/sc?id=z774569116zd171a99a5edcf1188709757c01aae16ez http://www.spamcop.net/sc?id=z774569089zfb7a7673392f7841ecc27440f2628a43z Tracking link: http://www.rutrohraggy.com/ju13/ [report history] Resolves to 61.232.205.187 Display data: "whois 61.232.205.187@whois.arin.net" (Getting contact from whois.arin.net ) Redirect to apnic: "whois 61.232.205.187@whois.apnic.net" (Getting contact from whois.apnic.net mirror) Display data: Lookup lq112-ap@whois.apnic.net "whois lq112-ap@whois.apnic.net" (Getting contact from whois.apnic.net mirror) Display data: lq112-ap = Lookup lm273-ap@whois.apnic.net "whois lm273-ap@whois.apnic.net" (Getting contact from whois.apnic.net mirror) Display data: lm273-ap = whois.apnic.net 61.232.205.187 (nothing found) host 61.232.205.187 (getting name) no name No reporting addresses found for 61.232.205.187, using devnull for tracking. 06/13/05 16:51:35 whois 61.232.205.187@whois.apnic.net whois -h whois.apnic.net 61.232.205.187 ... % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 61.232.0.0 - 61.237.255.255 netname: CRTC country: CN descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER admin-c: LQ112-AP tech-c: LM273-AP status: ALLOCATED PORTABLE changed: ipas@cnnic.net.cn 20030121 mnt-by: MAINT-CNNIC-AP source: APNIC person: LV QIANG nic-hdl: LQ112-AP e-mail: crnet_mgr@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China phone: +86-10-51890499 fax-no: +86-10-51890674 country: CN changed: ipas@cnnic.net.cn 20041208 mnt-by: MAINT-CNNIC-AP source: APNIC person: liu min nic-hdl: LM273-AP e-mail: crnet_tec@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China phone: +86-10-51848796 fax-no: +86-10-51842426 country: CN changed: ipas@cnnic.net.cn 20041208 mnt-by: MAINT-CNNIC-AP source: APNIC Can some one please look into this for me, chinatietong.com has a LONG history of spamming and something needs to be done to shut them down!. http://groups.google.ca/groups?as_q=&num=100&scoring=d&hl=en&as_epq=61.232.205.187&as_oq=&as_eq=&as_ugroup=news.admin.net-abuse.*&as_usubject=&as_uauthors=&lr=&as_drrb=q&as_qdr=&as_mind=1&as_minm=1&as_miny=1981&as_maxd=13&as_maxm=6&as_maxy=2005&safe=off http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27833 http://www.nl.sorbs.net/lookup.shtml?61.232.205.187 http://www.rfc-ignorant.org/tools/lookup.php?domain=chinatietong.com These guys at chinetietong.com are real scumbags! They are definately rogue and need to be shut down. I don't think sending the complaints to , crnet_mgr@chinatietong.com, crnet_tec@chinatietong.com is going to do any good. Abuse complaints need to be sent higher to thier upstream. Can some one please look into this for me. Thanks, Jamie From nobody at spamcop.net Mon Jun 13 15:42:26 2005 From: nobody at spamcop.net (N. Miller) Date: Mon Jun 13 17:45:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: <14gqeng8etywe.dlg@news.spamcop.net> Message-ID: <7abr9vpuc230$.dlg@news.spamcop.net> On Sun, 12 Jun 2005 09:38:36 -0700, John Richards wrote: > N. Miller wrote: >> On Sat, 11 Jun 2005 21:52:44 -0600, Steve Sybesma wrote: >> >>> Top-posting is a personal taste issue... >> >> In any given culture, personal taste does not trump public taste; not >> unless you advocate anarchy. > > By definition, "taste" is personal. Anarchy pertains to laws, a totally > different thing. Anarchy need not apply to laws. You can have social anarchy if custom and courtesy are ignored. Do you wear your shoes in the house? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nospam at dev.null Tue Jun 14 00:43:09 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jun 13 17:45:18 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: "Jamie" wrote in message news:d8ku8o$2m8$1@news.spamcop.net... > Can one of the spamcop admins look into this for me. Says there is no valid > reporting address > for 61.232.205.187 > SNIP Pls look at Ellen's note under "routing" I have same, but Ellen has posted on this. Thx Cheers Anty From nobody at devnull.spamcop.net Mon Jun 13 17:49:31 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Jun 13 17:45:26 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "Paul Johnson" wrote in message news:cfi0o2-8tr.ln1@ursine.ca... > Miss Betsy wrote: > > > It makes sense when you are using email like snail mail to keep > > your previous copies in the same file. > > No, it means you should be keeping a local mail archive, not breaking > readability. But then you are using email /exactly/ like snail mail. Generally, one has to look up a snail mail letter to see what you said if the letter you get in return doesn't seem to match what you thought you said. To top post means that you only have to scroll down. Usually, however, there is no need to refer back. In discussions, however, it is better to answer inline instead of copying hir point and then writing your response to it (which is what is done in snail mail). Miss Betsy Miss Betsy From nobody at devnull.spamcop.net Mon Jun 13 17:56:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Jun 13 17:55:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "John Richards" wrote in message news:d8k6r7$h27$1@news.spamcop.net... > > I agree, *if* the responder is making separate comments to > separate points in the original. But if he is just making a quick > single issue comment, top-posting works fine. Actually, there is no need for top posting, a large works just as well. And even a total snip, though you pointed out that is not according to usenet etiquette. Top posting is never good as long as people are paying for downloads. When no one is, then perhaps, people will not care as long as they are able to follow the thread. I have gotten used to inline posting and find top posting comments baffling and now rarely have the time to scroll down and find out what has prompted that remark. I can usually enter a discussion when posters are using inline posts and get the gist of what has been going on. The bottom line is that inline posting is better for discussion and that's what newsgroups are all about. Miss Betsy From jamie66000 at hotmail.com Mon Jun 13 18:51:12 2005 From: jamie66000 at hotmail.com (Jamie) Date: Mon Jun 13 17:55:17 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: "Anty Spam" wrote in message news:d8kulk$2sc$1@news.spamcop.net... > > "Jamie" wrote in message > news:d8ku8o$2m8$1@news.spamcop.net... >> Can one of the spamcop admins look into this for me. Says there is no > valid >> reporting address >> for 61.232.205.187 >> > SNIP > > Pls look at Ellen's note under "routing" > > I have same, but Ellen has posted on this. > > Thx > > Cheers > > Anty > I see no post from Ellen in this group about that. Sorry. Jamie From nobody at devnull.spamcop.net Mon Jun 13 17:58:37 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Mon Jun 13 17:55:24 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "John Richards" wrote in message news:d8k7c4$hk0$1@news.spamcop.net... > Mind you, people in this NG are pretty good about trimming un- > necessary quotes. That's because people remind you when you are lazy. We(tinw) are self moderated. Miss Betsy From MikeE at ster.invalid Mon Jun 13 16:26:11 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 18:30:02 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: Jamie wrote: > I see no post from Ellen in this group about that. Sorry. In spamcop.routing ng. One problem with the devnulls is that SC's apnic mirror is shot. The chinatong is a different issue. The ASN is AS9929 which really isn't any good/ responsive. I don't even bother with the upstreams, I just uncheck them. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 13 16:37:39 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 18:40:03 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: Mike Easter wrote: > The chinatong is a different issue. The ASN is AS9929 which really > isn't any good/ responsive. I don't even bother with the upstreams, I > just uncheck them. If you want to do as9929 & its upstream it is chinanetcom and reach. AS4637 whois -h whois.abuse.net china-netcom.com ... tech-group@china-netcom.com daihy@china-netcom.com postmaster@china-netcom.com cncsummary@special.abuse.net (for china-netcom.com) whois -h whois.abuse.net reach.com ... abuse@pccw.com eckung@PCG-GROUP.COM carmen.m.chow@reach.com abuse@telstra.net abuse@reach.com postmaster@reach.com (for reach.com) The basis for chinanetcom would be because chinatong is unresponsive; the basis for reach would be because chinanetcom is unresponsive. Neither of them are going to be responsive about chinatong's spamvertisers. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Jun 13 16:40:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 13 18:45:03 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: Mike Easter wrote: s/chinatong/chinatietong/ -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Jun 13 18:45:11 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 13 18:50:07 2005 Subject: [SpamCop-List] Re: APNIC issues References: Message-ID: "Ellen" wrote in message news:d8kcb0$ldn$1@news.spamcop.net... > I have opened a ticket on the APNIC issues. Until that is resolved, there is > no point in sending any more of these to routing. I am not inclined to > manual route the whole of apnic one block at a time :-) > > Thanks > > Ellen Complaint was that no one saw this post in other newsgroups. Replied to cross-post into spamcop and spamcop.help, follow-ups remain to spamcop.routing. From amenex at amenex.com Mon Jun 13 20:05:22 2005 From: amenex at amenex.com (George Langford, Sc.D.) Date: Mon Jun 13 19:05:28 2005 Subject: [SpamCop-List] Demise of OpenRBL.org Message-ID: <200506132305.j5DN5Mw10786@email1.voicenet.com> Help me get over my withdrawal. Can anyone from this group get up a fund to keep OpenRBL.org up and running ? Its registration expired on June 10th. From rcarlton at spamcop.net Mon Jun 13 17:33:53 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Mon Jun 13 19:35:04 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org In-Reply-To: References: Message-ID: George Langford, Sc.D. wrote: > Help me get over my withdrawal. > > Can anyone from this group get up a > fund to keep OpenRBL.org up and running ? > > Its registration expired on June 10th. Don't they have some sort of grace period before they lose their name? I'll pay for the registration - but it looks as if it's already been snapped up. From nospam at dev.null Tue Jun 14 02:46:37 2005 From: nospam at dev.null (Anty Spam) Date: Mon Jun 13 19:50:03 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: "Mike Easter" wrote in message news:d8l20r$5al$1@news.spamcop.net... > Mike Easter wrote: > > s/chinatong/chinatietong/ > > -- > Mike Easter > kibitzer, not SC admin > > Hi Mike Thx for clarifying - was away for a while, else I would have picked up. As for > s/chinatong/chinatietong/ More like : sed -e 's/chinatong/bl.for-ever/g' | sed -e 's/chinatietong/bl.for-ever/g' Some entrepeneur will figure out that he can have all "bl.for-ever"'s upstanding clients when the w0r!d rejects V1@g@Ra etc (Now what will the harvesters make of the above line? :-) Cheers E From nobody at devnull.spamcop.net Mon Jun 13 20:07:42 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 13 20:10:04 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: "Rick Carlton" wrote in message news:d8l551$768$1@news.spamcop.net... > George Langford, Sc.D. wrote: > > Help me get over my withdrawal. > > > > Can anyone from this group get up a > > fund to keep OpenRBL.org up and running ? > > > > Its registration expired on June 10th. > > Don't they have some sort of grace period before they lose their name? > > I'll pay for the registration - but it looks as if it's already been > snapped up. If you attempt to go to http://openrbl.org/ you end on up a page that is acting as a 'placeholder' for that Domain .... you'll note that at the top of that page are the words: This domain name expired on Jun 10, 2005. Click here to renew it. One could follow that link, which goes to an expanded link at http://myorderbox.com ... or you could go directly to http://www.directi.com/ and try the "renew" from there. However, even if they accept your money, all this does is renew the Domain registration. This does nothing for hosting services, never mind actually running the code and keeping up the database.I've not been to NANAE in a while, but somehow I'm thinking that the $8.49 USD for the Domain name renewal is not the only the reason for the disappearance of the resource. The Domain has not yet been hijacked, it is only 'parked' I tried following links to see what directi's handling times and procedures are, but their garbage simply blew my browser away (Apache Tomcat ..????) For a recent client, there was a 30 day window for simply reinstating the registration, then there was a 60 day window that carried a $99 fee for the privilege of keeping the Domain name ... after that it was a free-for-all, and if it was a 'popular' site, expect it then to be hijacked and squatted upon for some 'negotiable' fee. From nobody at spamcop.net Mon Jun 13 18:41:45 2005 From: nobody at spamcop.net (NerdRevenge) Date: Mon Jun 13 20:45:02 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: "George Langford, Sc.D." wrote in message news:mailman.33.1118703929.169.spamcop-list@news.spamcop.net... > Help me get over my withdrawal. > > Can anyone from this group get up a > fund to keep OpenRBL.org up and running ? > > Its registration expired on June 10th. Someone can't pay a little $10 fee? From Ilgaz at spamcop.net Tue Jun 14 04:42:59 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Mon Jun 13 20:45:14 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: On 2005-06-14 03:07:42 +0300, "WazoO" said: > "Rick Carlton" wrote in message > news:d8l551$768$1@news.spamcop.net... >> George Langford, Sc.D. wrote: >>> Help me get over my withdrawal. >>> >>> Can anyone from this group get up a >>> fund to keep OpenRBL.org up and running ? >>> >>> Its registration expired on June 10th. >> >> Don't they have some sort of grace period before they lose their name? >> >> I'll pay for the registration - but it looks as if it's already been >> snapped up. > > If you attempt to go to http://openrbl.org/ you end > on up a page that is acting as a 'placeholder' for > that Domain .... you'll note that at the top of that > page are the words: > > This domain name expired on Jun 10, 2005. > Click here to renew it. > > One could follow that link, which goes to an expanded > link at http://myorderbox.com ... or you could go > directly to http://www.directi.com/ and try the "renew" > from there. However, even if they accept your money, > all this does is renew the Domain registration. This does > nothing for hosting services, never mind actually running > the code and keeping up the database.I've not been to > NANAE in a while, but somehow I'm thinking that the > $8.49 USD for the Domain name renewal is not the > only the reason for the disappearance of the resource. > The Domain has not yet been hijacked, it is only 'parked' > I tried following links to see what directi's handling times > and procedures are, but their garbage simply blew my > browser away (Apache Tomcat ..????) > > For a recent client, there was a 30 day window for > simply reinstating the registration, then there was a > 60 day window that carried a $99 fee for the > privilege of keeping the Domain name ... after > that it was a free-for-all, and if it was a 'popular' > site, expect it then to be hijacked and squatted upon > for some 'negotiable' fee. Wazoo, can we be "sure" that domain renew is actually "real"? Just asking. Ilgaz From baloo at ursine.ca Mon Jun 13 20:22:18 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 22:50:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: John Richards wrote: > Au contraire! > The difference is that *when* there is insufficient trimming, it > affects a bottom-posted reply adversely, while a top-posted reply > is not so penalized. I take it you do not pay for news resources like disk space and bandwidth. It must be so nice to live a life of privilege where things like money are of no object at all. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Mon Jun 13 20:39:59 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 22:50:17 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: John Richards wrote: > Miss Betsy wrote: >> "John Richards" wrote in message >> news:d8iuam$qc0$1@news.spamcop.net... >> >>> A newsgroup thread isn't anything like a one-author book. It is more >>> like an email to which multiple correspondents have serially responded. >>> The overwhelming majority of that type of email I've seen had the >>> responses top-posted. >> >> It makes sense when you are using email like snail mail to keep >> your previous copies in the same file. Businesses generally keep >> correspondence in an ordered file. In that case you don't want to >> mess with the previous email because it is a 'record.' > > I was talking about informal emails addressed to a whole bunch > of friends and acquaintances. Which really falls under the same group as "Any email or newsgroup recipients." Using just one set of rules when it comes to communications is a Good Thing(tm) as it allows you to make yourself infinitely clear because the form of communication still has precision while being brief and easy to skim. Top posting breaks the flow of the message, you end up getting the end first and have to think backwards in the conversation (when most conversations flow forwards). By top posting, you have immediately broken your audience's immediate expectation of written, conversational language and force your audience to jump through mental hoops to put your message together. At least with syntax highlighting, it's easy to set quotes (or even different levels of quoting) to different colors, making it easy to skim over prior posts to build context for the speaker's next remark. Even if messages came out of order, failed to deliver (false-positive on a spam filter, filtered because author/subject/whatever being replied to was killfiled, routed to New Jersey, relaying server with only copy of message bombed seconds after arrival, etc), isn't read in a client that knows about threads, or whatever the reason a message might not be read in conversational, threaded order, the message will still make sense to the audience if it isn't top posted. The goal is to make your message as easy and clear as possible to receive and understand for your audience as possible. The goal is *not* to be lazy for the sake of being lazy, "because delivery is guaranteed." No, delivery not guaranteed. Delivery is never guaranteed. >> But for a conversation or discussion, top posting in an email >> doesn't make sense. It works much better to have comments inline. > > I agree, *if* the responder is making separate comments to > separate points in the original. But if he is just making a quick > single issue comment, top-posting works fine. Until it's time to reply by the points, in which you've now just destroyed a potentially vital level of quoting by top posting. Never assume you've had the last word, you never know what pops up. Top posting handicaps the next person to frame their addition to the thread, no matter how many people are involved. It's rather self-centered and fairly trollish to make it harder for the next person to follow you. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Mon Jun 13 20:42:31 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 22:50:25 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Blammo wrote: > On 13 Jun 2005 John Richards entered spamcop and left > news:d8k6r7$h27$1@news.spamcop.net: > >> But if he is just making a quick >> single issue comment, top-posting works fine. > > I do agree with you there. If I get a list of tasks to do I'll just reply > with "Done" at the top. Even then, you can just trim it down to the task you've completed, and say Done after it. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Mon Jun 13 20:50:22 2005 From: baloo at ursine.ca (Paul Johnson) Date: Mon Jun 13 22:55:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Miss Betsy wrote: > Generally, > one has to look up a snail mail letter to see what you said if the > letter you get in return doesn't seem to match what you thought you > said. To top post means that you only have to scroll down. Thanks for explaining exactly why conversational quoting is better than top-posting. Generally one has to look down to the end of the message to see what you said if the letter you get in return doesn't seem to match what you thought was said. To conversationally quote means you only have to scroll down to catch up. Please see message as it also essentially applies to your post. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From nobody at spamcop.net Tue Jun 14 05:34:34 2005 From: nobody at spamcop.net (StampOutSpam) Date: Tue Jun 14 00:35:02 2005 Subject: [SpamCop-List] oc3 and fake logos Message-ID: The oc3 phishing sites are using fake BBB and TRUSTe logos. Can anything be done to shut down the oc3 sites with this misuse? http://www.tosyb.com/bbb.gif http://www.tosyb.com/trust.gif From zypher at spamcop.net Tue Jun 14 00:42:14 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Jun 14 00:45:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos In-Reply-To: References: Message-ID: StampOutSpam wrote: > The oc3 phishing sites are using fake BBB and TRUSTe logos. Can > anything be done to shut down the oc3 sites with this misuse? > > http://www.tosyb.com/bbb.gif > http://www.tosyb.com/trust.gif If you can find anyone in China to prosecute them for copyright violations: City From IP Generated by www.DNSstuff.com IP: 61.232.205.187 Country: China City: Unknown Country Code: CN Currency: CNY [China Yuan Renminbi] Private IP? No Known Proxy? No From nobody at nowhere.invalid Tue Jun 14 11:00:43 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Jun 14 04:05:08 2005 Subject: [SpamCop-List] Re: Mail bombing by Big Miks, and dusked .biz References: Message-ID: On Mon, 13 Jun 2005 23:03:56 +0200, Anty Spam coughed into spamcop and left this in : > Status: REGISTRAR-LOCK > Status: REGISTRAR-HOLD <<<<<<<<<<<<<<<<<<<< Updated Date: 07-jun-2005 <<<< Will be dying soon :-) Why? > Creation Date: 11-may-2005 > Expiration Date: 11-may-2006 <<<<<<<<<<<<<<<< -- Steve The box said: "Requires Windows 98/2000/XP/NT, or better." So, I installed LINUX! From Ilgaz at spamcop.net Tue Jun 14 12:50:31 2005 From: Ilgaz at spamcop.net (Ilgaz Ocal) Date: Tue Jun 14 04:55:25 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: On 2005-06-14 03:41:45 +0300, "NerdRevenge" said: > > "George Langford, Sc.D." wrote in message > news:mailman.33.1118703929.169.spamcop-list@news.spamcop.net... >> Help me get over my withdrawal. >> >> Can anyone from this group get up a >> fund to keep OpenRBL.org up and running ? >> >> Its registration expired on June 10th. > > Someone can't pay a little $10 fee? I can pay right now but I am confused about that too. Ilgaz From pete+usenet at heypete.com Tue Jun 14 03:06:05 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Tue Jun 14 05:10:29 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: In article , StampOutSpam wrote: > The oc3 phishing sites are using fake BBB and TRUSTe logos. Can anything > be done to shut down the oc3 sites with this misuse? Sure, both the BBB and TRUSTe have online reporting forms where one could submit a report of a site falsely using their seals. I'm not sure if they actually take action, but it's worth a shot. Cheers! -- Pete Stephenson HeyPete.com From redford_stone at INVERSE_OF_COLDmail.com Tue Jun 14 10:31:19 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Jun 14 05:35:04 2005 Subject: [SpamCop-List] Re: Spam subject of the week References: <42ADAAAF.E6A09A41@spamcop.net> Message-ID: Kenneth Brody wrote in news:42ADAAAF.E6A09A41 @spamcop.net: > I hereby nominate this for "Spam Subject of the Week": > > how to grow 3" of hard cock > > My first thought was "cut off the other 4?" :-) > Attach with duct-tape? :-) From redford_stone at INVERSE_OF_COLDmail.com Tue Jun 14 10:36:28 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Jun 14 05:40:03 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: "WazoO" wrote in news:d8l74e$ad6$1 @news.spamcop.net: > > For a recent client, there was a 30 day window for > simply reinstating the registration, then there was a > 60 day window that carried a $99 fee for the > privilege of keeping the Domain name ... after > that it was a free-for-all, and if it was a 'popular' > site, expect it then to be hijacked and squatted upon > for some 'negotiable' fee. > Certainly since that it is parked, the domain will not be available for a while. Any clue on who might own the domain name? (I'm definitely guessing a NANAE regular.) From nobody at devnull.spamcop.net Tue Jun 14 06:31:12 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Jun 14 06:30:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Comments top posted inline Miss Betsy "John Richards" wrote in message news:d8k6r7$h27$1@news.spamcop.net... > Miss Betsy wrote: > > "John Richards" wrote in message > > news:d8iuam$qc0$1@news.spamcop.net... > > It all depends on whether you are just reading the answers or intending to get involved in the discussion, ISTM > >> A newsgroup thread isn't anything like a one-author book. It is more > >> like an email to which multiple correspondents have serially responded. > >> The overwhelming majority of that type of email I've seen had the > >> responses top-posted. > > > > It makes sense when you are using email like snail mail to keep > > your previous copies in the same file. Businesses generally keep > > correspondence in an ordered file. In that case you don't want to > > mess with the previous email because it is a 'record.' But I don't think we are talking about monologues here. > I was talking about informal emails addressed to a whole bunch > of friends and acquaintances. > > > But for a conversation or discussion, top posting in an email > > doesn't make sense. It works much better to have comments inline. A quick single issue comment does not need the entire email to be quoted - top posted or bottom posted. > I agree, *if* the responder is making separate comments to > separate points in the original. But if he is just making a quick > single issue comment, top-posting works fine. From bar_n0ne at hotmail.com Tue Jun 14 16:08:46 2005 From: bar_n0ne at hotmail.com (Berny) Date: Tue Jun 14 07:10:02 2005 Subject: [SpamCop-List] tieting "solved" it's spam priblem Message-ID: Curious coincidence, the APNIC troubles and absence of tietiong from the spamvertized stats page. I think not. I also noticed that I don't see "no-master" sites in the spamvertized stats. (Hey Julian...) I really wish we could forget about resolving URLS and simply elect (or not) to have them posted in the stats, where they should be consolidated by domain.tld one each, say the most recent or frequent 100.something the durbl or other similar lists could gather data from. Overnight tietong has gone from overwelmingly dominating the list to disappearing altogether, and I don't think they've cleaned up their act. Even if CNC, kornet, and the hanas are struggling hard to get their business. Actually as far as I'm concerned I wouldn't miss a thing if all of APNIC controlled space dropped off the net. From MikeE at ster.invalid Tue Jun 14 06:09:30 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 14 08:10:03 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: Berny wrote: > (Hey Julian...) I really wish we could forget about resolving URLS and > simply elect (or not) to have them posted in the stats, Bravo that idea. -- Mike Easter kibitzer, not SC admin From SCNews.5.myspamgobbler at spamgourmet.com Tue Jun 14 08:06:52 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Jun 14 10:10:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos In-Reply-To: References: Message-ID: Pete Stephenson wrote: > In article , > StampOutSpam wrote: > > >>The oc3 phishing sites are using fake BBB and TRUSTe logos. Can anything >>be done to shut down the oc3 sites with this misuse? > > > Sure, both the BBB and TRUSTe have online reporting forms where one > could submit a report of a site falsely using their seals. > > I'm not sure if they actually take action, but it's worth a shot. > > Cheers! > I tried this with TRUSTe months ago and this was their response: Thank you for bringing your concern about http://61.109.250.97 to our attention. While we would like to help you in this matter, http://61.109.250.97 is not a member of the TRUSTe program. Therefore, we are unable to address your complaint. Under the terms of our program, TRUSTe can only resolve complaints concerning Web sites that are part of the TRUSTe program. Other resources that may be of assistance to you are the Federal Trade Commission at www.ftc.gov or your state Attorney General?s office. If you have a complaint about an online merchant, please visit our partner, BizRate.com, to provide feedback to the internet community. Although we cannot help you with this particular issue, we thank you very much for participating in this process. Participation from Internet users like you makes it possible for us to continue to provide an effective privacy program for the Internet community. TR! USTe hopes you will continue to take an active role in making the internet a more responsible place. If you have further questions, please do not alter the subject line of this email in any way when responding. If you alter the subject line, there may be a delay in handling your complaint. Sincerely, TRUSTe Compliance Team Waivers: From nobody at spamcop.net Tue Jun 14 11:21:05 2005 From: nobody at spamcop.net (Dave Lerner) Date: Tue Jun 14 10:25:02 2005 Subject: [SpamCop-List] Re: Your basic blank msg... In-Reply-To: References: Message-ID: Jeff G. wrote on 06/14/2005 09:44 AM: > SC didn't/won't send this report > http://www.spamcop.net/sc?id=z774772624zb4931e491be41bb0a6008a3eadd2213bz > due to lack of body - "No body provided, check format of submission". > There was no body. > How does one report this? I would add this to the body: [no body] And in the notes area of the report I would add: Added "[no body]" so that Spamcop could parse the spam. P.S. The spamcop.spam newsgroup is for posting spam. The main newsgroup is more appropriate for questions or other discussion. From spamcop at 1bigthink.com Tue Jun 14 11:42:59 2005 From: spamcop at 1bigthink.com (spamcop) Date: Tue Jun 14 10:43:07 2005 Subject: [SpamCop-List] Re: Spam subject of the week -- How about sender of the week? In-Reply-To: References: <42ADAAAF.E6A09A41@spamcop.net> Message-ID: <6.1.2.0.0.20050614104113.0467daf8@mx.1bigthink.com> At 05:31 AM 6/14/2005, you wrote: >Kenneth Brody wrote in news:42ADAAAF.E6A09A41 >@spamcop.net: > > > I hereby nominate this for "Spam Subject of the Week": > > > > how to grow 3" of hard cock > > > > My first thought was "cut off the other 4?" :-) > > > > >Attach with duct-tape? :-) From: ""Jason %LAST NAME"" Dumb-*ss Spammer! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From anon at coks.net Tue Jun 14 08:46:29 2005 From: anon at coks.net (Jeff G.) Date: Tue Jun 14 10:50:02 2005 Subject: [SpamCop-List] Re: Your basic blank msg... In-Reply-To: References: Message-ID: On 6/14/2005 7:21 AM Dave Lerner scribbled: > Jeff G. wrote on 06/14/2005 09:44 AM: > >>SC didn't/won't send this report >>http://www.spamcop.net/sc?id=z774772624zb4931e491be41bb0a6008a3eadd2213bz >>due to lack of body - "No body provided, check format of submission". >>There was no body. >>How does one report this? > > > I would add this to the body: > > [no body] > > And in the notes area of the report I would add: > > Added "[no body]" so that Spamcop could parse the spam. > > P.S. The spamcop.spam newsgroup is for posting spam. The main newsgroup > is more appropriate for questions or other discussion. The mechanics of adding to the body which isn't there I'll try to figure out - never saw a notes section, but never looked. which group should I be going to - mail or help? Thanks, jg From MikeE at ster.invalid Tue Jun 14 09:15:13 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 14 11:20:03 2005 Subject: [SpamCop-List] Re: Your basic blank msg... References: Message-ID: Jeff G. wrote: > The mechanics of adding to the body which isn't there I'll try to > figure out - never saw a notes section, but never looked. > which group should I be going to - mail or help? This is about reporting; it could be in .help or spamcop. The business of modifying the body to say 'no body text' or some such to enable source reporting of an empty spambody is not spelled out or sanctioned in the faq -- and typically no deputy will 'bless' making a change to a faq before submitting it which isn't authorized in the faq. Deputies will only say 'don't do that' to things which aren't approved or won't say anything. The faq on material changes sez to not make any changes to cause SC to find a link which it doesn't. This isn't exactly that. The faq describes certain types of approved changes and how to handle them. This is sort of like that, but not exactly. This problem is not described in the faq on "Parsing and reporting spam with SpamCop - decisions, problems" nor in the "Material changes to spam" faq http://www.spamcop.net/fom-serve/cache/283.html It is addressed in the forum at http://forum.spamcop.net/forums/index.php?showtopic=122 which sez "3. Forwarded spam consisting of just headers and no body text (No body provided, check format of submission). To report, add some text like "No body included." before forwarding. [..]" from that forum Jeff G. Moderator. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Jun 14 09:34:03 2005 From: nobody at spamcop.net (Dar) Date: Tue Jun 14 11:35:03 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: > If you attempt to go to http://openrbl.org/ you end > on up a page that is acting as a 'placeholder' for > that Domain .... you'll note that at the top of that > page are the words: If you go to: http://www.openrbl.org/ you end up with the openrbl site. Dar From MikeE at ster.invalid Tue Jun 14 09:50:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Jun 14 11:55:05 2005 Subject: [SpamCop-List] Re: Demise of OpenRBL.org References: Message-ID: Dar wrote: > If you go to: http://www.openrbl.org/ you end up with > the openrbl site. Openrbl is operational again. Its IPs are 06/14/05 08:44:53 dns www.openrbl.org Canonical name: openrbl.org Aliases: www.openrbl.org Addresses: 216.221.161.5 66.17.159.213 216.126.86.21 Its nameservers are a bunch of orbl.net/s which need some tuning up with glue and its reg is uptodate at directi Created On:10-Jun-2001 20:24:21 UTC Last Updated On:14-Jun-2005 14:33:05 UTC Expiration Date:10-Jun-2006 20:24:21 UTC -- Mike Easter kibitzer, not SC admin From jamie66000 at hotmail.com Tue Jun 14 17:00:52 2005 From: jamie66000 at hotmail.com (Jamie) Date: Tue Jun 14 16:05:02 2005 Subject: [SpamCop-List] Re: [chinatietong.com] no reporting address 61.232.205.187 References: Message-ID: "Mike Easter" wrote in message news:d8l1ri$571$1@news.spamcop.net... > Mike Easter wrote: >> The chinatong is a different issue. The ASN is AS9929 which really >> isn't any good/ responsive. I don't even bother with the upstreams, I >> just uncheck them. > > If you want to do as9929 & its upstream it is chinanetcom and reach. > AS4637 > > whois -h whois.abuse.net china-netcom.com ... > tech-group@china-netcom.com daihy@china-netcom.com > postmaster@china-netcom.com cncsummary@special.abuse.net (for > china-netcom.com) > > whois -h whois.abuse.net reach.com ... > abuse@pccw.com eckung@PCG-GROUP.COM carmen.m.chow@reach.com > abuse@telstra.net abuse@reach.com postmaster@reach.com (for > reach.com) > > The basis for chinanetcom would be because chinatong is unresponsive; > the basis for reach would be because chinanetcom is unresponsive. > > Neither of them are going to be responsive about chinatong's > spamvertisers. > > -- > Mike Easter > kibitzer, not SC admin > > The question is then would Reach be responsive to its spamming downstream or are they as bad as china-netcom.com and chinetietong.com? I have not had any dealing with reach.com directly yet. Have you had any dealings with them yet? Has anyone else even tried this yet going to reach.com about their downstream spamming customers. If not I wonder if it isn't time to give it a try and see if they will wake up and maybe boot china-netcom.com and all of their spamming downstream. Wouldn't you think it would be worth a shot? Nothing else has worked so far with china-netcom.com they have had downstream customers who have been spewing spamvertised websites out for years now. Should spamcop.net send the abuse complaints for china-netcom.com and all of their downstream to reach.com? What does everyone else think? May also want to send it to this list too. do a whois lookup and found a couple more contacts to send the complaints to. abuse@pccw.com eckung@PCG-GROUP.COM carmen.m.chow@reach.com abuse@telstra.net abuse@reach.com postmaster@reach.com, Sean.Brennan@reach.com, ipnoc@reach.com Interesting thing is that when you do a whois lookup on whois.apnic.net for 134.159.96.249 it says right in their remarks that they want all abuse complaints to be sent to ipnoc@reach.com and not abuse@reach.com? I find that kind of strange. remarks: ----- remarks: All reports regarding SPAM or security breaches remarks: should be addressed to ipnoc@reach.com Then if you look further down in the whois record they say to send abuse complaints to abuse@reach.com I think some one at this company is very confused. trouble: Send spam & abuse reports trouble: include detailed information & times in UTC trouble: to abuse@reach.com. One thing I did notice though was that they are already sending abuse complaints to abuse@telstra.net for reach.com so does that mean that reach.com has been unresponsive in the past and it has already been esclated to thier upstream? Jamie From jamie66000 at hotmail.com Tue Jun 14 17:07:45 2005 From: jamie66000 at hotmail.com (Jamie) Date: Tue Jun 14 16:10:03 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: "Berny" wrote in message news:d8mds2$vi2$1@news.spamcop.net... > Curious coincidence, the APNIC troubles and absence of tietiong from the > spamvertized stats page. I think not. > > I also noticed that I don't see "no-master" sites in the spamvertized > stats. > > (Hey Julian...) I really wish we could forget about resolving URLS and > simply elect (or not) to have them posted in the stats, where they should > be consolidated by domain.tld one each, say the most recent or frequent > 100.something the durbl or other similar lists could gather data from. > > Overnight tietong has gone from overwelmingly dominating the list to > disappearing altogether, and I don't think they've cleaned up their act. > Even if CNC, kornet, and the hanas are struggling hard to get their > business. > > > Actually as far as I'm concerned I wouldn't miss a thing if all of APNIC > controlled space dropped off the net. > > Ya the day pigs fly will chinatietong.com solve their spam problem. They have been hosting spamvertised websites for quite a long time now. I am still getting spam from chinatietong as of yesterday. They are still hosting spamvertised websites don't let them fool you they are still around and still hosting spamvertised websites. http://www.spamcop.net/sc?id=z774569116zd171a99a5edcf1188709757c01aae16ez http://www.spamcop.net/sc?id=z774569089zfb7a7673392f7841ecc27440f2628a43z There are a couple of Reporting links for chinatietong.com for yesterday. That is a good idea about the whole APNIC controlled and if it did drop off the net. The net would be a lot better place you are definitely right about that. Jamie From anon at coks.net Tue Jun 14 18:33:09 2005 From: anon at coks.net (Jeff G.) Date: Tue Jun 14 20:35:03 2005 Subject: [SpamCop-List] Re: Your basic blank msg...PS In-Reply-To: References: Message-ID: On 6/14/2005 7:21 AM Dave Lerner scribbled: > Jeff G. wrote on 06/14/2005 09:44 AM: > >>SC didn't/won't send this report >>http://www.spamcop.net/sc?id=z774772624zb4931e491be41bb0a6008a3eadd2213bz >>due to lack of body - "No body provided, check format of submission". >>There was no body. >>How does one report this? > > > I would add this to the body: > > [no body] > > And in the notes area of the report I would add: > > Added "[no body]" so that Spamcop could parse the spam. > > P.S. The spamcop.spam newsgroup is for posting spam. The main newsgroup > is more appropriate for questions or other discussion. Found it (main ng)!! you did a cross post -1... I see, said the blindman, and picked up his hammer and saw... From anon at coks.net Tue Jun 14 18:38:43 2005 From: anon at coks.net (Jeff G.) Date: Tue Jun 14 20:40:03 2005 Subject: [SpamCop-List] Re: Response from Kornet In-Reply-To: References: Message-ID: On 6/13/2005 8:27 AM Ilgaz Ocal scribbled: > On 2005-06-13 11:35:03 +0300, Redstone > said: > > >>"Berny" wrote in news:d8h42q$mbe$1@news.spamcop.net: >> >> >> >>>ummm... I was talking about us, disruption in the west. >>> >>> >> >>Ah.. sorry about the misconception. Who knows, what would actually >>happen. They may cause a major disruption. However with all the script >>kiddies and spammers assaulting our networks over the past several >>years, we do have some defenses at the router level. >> > > This China thing could be political too. After reporting the same spam > from very same IP like 10th time (different kinds of crap), I started > to believe they kind of support it. > > Oh whatever, its China, let their companies think about it since > everyone blocking them. > > Ilgaz > Wish that were true, but judging by this response alone, it ain't being blocked by a long shot... From anon at coks.net Tue Jun 14 18:44:04 2005 From: anon at coks.net (Jeff G.) Date: Tue Jun 14 20:45:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: On 6/11/2005 8:37 PM Mike Easter scribbled: > Top posting works in a few places. Some corporate email systems require > a top posting compliance which maintains whatever was written before in > 'unblemished' and intact fashion under a corresponding post -- the so > called corporate TOFU - text over fullquote under. > > That corporate environment's enforcement for its email causes some > emailers to habitually email correspond with top posting. The > resemblance between email and news and the 'rigidification' of habits > leads to some very small number of newsgroups where top posting is > actually preferred. However, top posting doesn't fit at all into a > trimmed contextualized conversation which is the standard for newgroup > posts, which are conversational, not corporate tofu. > > In almost all newsgroups top posting simply doesn't work. Can't work. > In those groups it is necessary to both trim and contextualize for the > flow and sequence of the conversation about very specific and precise > line entities, such as Received lines or other precise elements of a > spam header. > > amazing the thread you wrought, eh? From jr70 at blackhole.invalid Tue Jun 14 19:48:34 2005 From: jr70 at blackhole.invalid (John Richards) Date: Tue Jun 14 21:50:02 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: Jeff G. wrote: > amazing the thread you wrought, eh? No point in beating a dead horse, Jeff. Let it rest. -- John Richards From anon at coks.net Tue Jun 14 19:53:14 2005 From: anon at coks.net (Jeff G.) Date: Tue Jun 14 21:55:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. In-Reply-To: References: Message-ID: On 6/14/2005 6:48 PM John Richards scribbled: > Jeff G. wrote: > >>amazing the thread you wrought, eh? > > > No point in beating a dead horse, Jeff. Let it rest. > wasn't beating it... amen From nobody at spamcop.net Wed Jun 15 07:49:49 2005 From: nobody at spamcop.net (StampOutSpam) Date: Wed Jun 15 02:50:02 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: I might give up and try the oc3 unsubscribe page. This oc3 phishing has been going on since April. Hundreds of spams have been reported and yet it doesn't stop. I've spent the last two hours manually reporting the spam flood, reports which are likely going nowhere except to devnull and the trash cans at teleglobe.net and linkline.com. I can't keep doing this every day until China goes down and that spammer's server can be disabled. The oc3 spams are obvious phishing attempts. I tried entering information on their forms and don't get any replies. They're collecting information and all the mortgages, loans, and other junk offers are fake. Why doesn't China use some of its police abuses on spammers instead of poor villagers and protesters? From nobody at nowhere.invalid Wed Jun 15 11:13:18 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Jun 15 04:15:03 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: On Tue, 14 Jun 2005 16:07:45 -0400, Jamie coughed into spamcop and left this in : > Ya the day pigs fly will chinatietong.com solve their spam problem. > They have been hosting spamvertised websites for quite a long time > now. I am still getting spam from chinatietong as of yesterday. They > are still hosting spamvertised websites don't let them fool you they > are still around and still hosting spamvertised websites. I'm sure they're pissing themselves with laughter at your 40-page LARTs to every man, his upstream and his dog, and to IANA for having assigned the IP addresses to someone. -- Steve The original point and click interface was a Smith & Wesson. From nttp.sc.s at bigsleep.org Wed Jun 15 10:32:21 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 15 05:35:02 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: On 14 Jun 2005 StampOutSpam entered spamcop and left news:opssefxbblyhmg4h@powermac.local: > I might give up and try the oc3 unsubscribe page. This oc3 phishing > has been going on since April. Hundreds of spams have been reported > and yet it doesn't stop. Blocking all their networks works pretty good. 66.63.160.0 - 66.63.191.255 72.11.128.0 - 72.11.159.255 (teleglobe) I'm sure there's plenty more. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 15 11:06:53 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 15 06:10:03 2005 Subject: [SpamCop-List] Re: Response from Kornet References: Message-ID: "Jeff G." wrote in news:d8nt85$t97$2@news.spamcop.net: > > Wish that were true, but judging by this response alone, it ain't > being blocked by a long shot... > It would depend on who is blocking. There was a few Chinese sysadmin's that complained a while ago about email being blocked. (Their only statement was "take block off".) I think these Chinese ISPs would do something if Beijing was being completely blackholed. From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 15 11:08:43 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 15 06:10:23 2005 Subject: [SpamCop-List] Re: What to say to this? References: Message-ID: Steve McGarrett wrote in news:d8kkok$s3i$1 @news.spamcop.net: > > That's "All your base ARE belong to us." > > Better yet, how about "You are on the way to destruction. You have no > chance to survive make your time." > > Aloha, > McGarrett > "LART 'em, Danno!" > Even better.. just give them a link. http://www.subgenius.com/ :-) From redford_stone at INVERSE_OF_COLDmail.com Wed Jun 15 13:17:55 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Wed Jun 15 08:20:02 2005 Subject: [SpamCop-List] [MEDIA] Trend Micro buys MAPS. Message-ID: http://www.cbronline.com/article_news.asp?guid=E919E697-04CF-484A-B077- 356B24EE58E8 http://tinyurl.com/cpym8 "Antivirus company Trend Micro has acquired IP reputation services provider Kelkea, best known for its MAPS blacklist services, to bolster its ability to combat spam, phishing, and pharming." From bjtexas at hotmale.com Wed Jun 15 14:24:43 2005 From: bjtexas at hotmale.com (BJ) Date: Wed Jun 15 14:25:02 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: Brian (SnSR) wrote: || Pete Stephenson wrote: ||| In article , ||| StampOutSpam wrote: ||| ||| |||| The oc3 phishing sites are using fake BBB and TRUSTe logos. |||| Can anything be done to shut down the oc3 sites with this |||| misuse? ||| ||| ||| Sure, both the BBB and TRUSTe have online reporting forms ||| where one could submit a report of a site falsely using ||| their seals. ||| ||| I'm not sure if they actually take action, but it's worth a ||| shot. ||| ||| Cheers! ||| || || I tried this with TRUSTe months ago and this was their || response: || || Thank you for bringing your concern about || http://61.109.250.97 to our attention. While we would like to || help you in this matter, http://61.109.250.97 is not a member || of the TRUSTe program. Therefore, || we are unable to address your complaint. Under the terms of || our program, TRUSTe can only resolve complaints concerning || Web sites that are part of the TRUSTe program. || || Other resources that may be of assistance to you are the || Federal || Trade Commission at www.ftc.gov or your state Attorney || General’s || office. If you have a complaint about an online merchant, || please || visit our partner, BizRate.com, to provide feedback to the || internet community. || || Although we cannot help you with this particular issue, we || thank you || very much for participating in this process. Participation || from Internet users like you makes it possible for us to || continue to provide an effective privacy program for the || Internet community. TR! USTe hopes you will continue to take || an active role in making the internet a more responsible || place. || || If you have further questions, please do not alter the || subject line || of this email in any way when responding. If you alter the || subject line, there may be a delay in handling your complaint. || || Sincerely, || TRUSTe Compliance Team || Waivers: Basically saying the TRUSTe logo is worthless. BJ From MikeE at ster.invalid Wed Jun 15 12:54:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 15 14:55:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: Brian (SnSR) wrote: > I tried this with TRUSTe months ago and this was their response: > Thank you for bringing your concern about http://61.109.250.97 to our > attention. While we would like to help you in this matter, > http://61.109.250.97 is not a member of the TRUSTe program. Therefore, > we are unable to address your complaint. Under the terms of our > program, TRUSTe can only resolve complaints concerning Web sites that > are part of the TRUSTe program. That's an interesting thing to say, considering this other TRUSTe statement: Trademark Enforcement To ensure recognition for the effort invested by our licensees to meet our standards and by TRUSTe to ensure ongoing compliance we vigorously enforce the TRUSTe trademarks. The value of the trustemarks lies in consumer trust. To ensure that substandard organizations are not pirating the TRUSTe seals, compliance analysts keep a close watch on all displays of logos and seals for proper implementation and - in the case of deactivated licensees - prompt removal of the seals. We rely on vigilant individuals to report suspicious use, and we independently proactively review sites linking to the TRUSTe Web site. http://www.truste.org/about/compliance_monitoring.php "We rely on vigilant individuals to report suspicious use" Liar liar, pants on fire. However, if the complaint submitted to TRUSTe was via the Watchdog Dispute Resolution process at http://www.truste.org/consumers/compliance.php -- that watchdog business is all about 'watching' the TRUSTe clients, not motivating truste to 'vigorously enforce the TRUSTe trademarks'. All of the compliance forms and the watchdog program are about truste clients, not trademark piracy. It is not even clear to me whether they fair to enforce blatant piracy any differently than they would ex-clients. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Wed Jun 15 15:54:54 2005 From: nobody at spamcop.net (indigo) Date: Wed Jun 15 14:55:16 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: Steven Maesslein wrote: > On Tue, 14 Jun 2005 16:07:45 -0400, Jamie coughed into spamcop and > left this in : > > > Ya the day pigs fly will chinatietong.com solve their spam problem. > > They have been hosting spamvertised websites for quite a long time > > now. I am still getting spam from chinatietong as of yesterday. > > They are still hosting spamvertised websites don't let them fool > > you they are still around and still hosting spamvertised websites. > > I'm sure they're pissing themselves with laughter at your 40-page > LARTs to every man, his upstream and his dog, and to IANA for having > assigned the IP addresses to someone. I was just about to tell Lamie to go back to NANAE to if he wants to keep playing "spamhunter".....ya kinda beat me to the punch ;-) From nobody at spamcop.net Wed Jun 15 15:56:47 2005 From: nobody at spamcop.net (indigo) Date: Wed Jun 15 15:00:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: Redstone wrote: > http://www.cbronline.com/article_news.asp?guid=E919E697-04CF-484A-B077- > 356B24EE58E8 > > http://tinyurl.com/cpym8 > > "Antivirus company Trend Micro has acquired IP reputation services > provider Kelkea, best known for its MAPS blacklist services, to > bolster its ability to combat spam, phishing, and pharming." Pharming? They're going to plant crops on MAPS property? From nobody at spamcop.net Wed Jun 15 13:02:32 2005 From: nobody at spamcop.net (GregR) Date: Wed Jun 15 15:05:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. In-Reply-To: References: Message-ID: indigo wrote: > Pharming? They're going to plant crops on MAPS property? Get with the program, dude: http://en.wikipedia.org/wiki/Pharming -- GregR - Another Beemer Biker ...o&o> From MikeE at ster.invalid Wed Jun 15 13:11:24 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Jun 15 15:15:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: indigo wrote: >> "Antivirus company Trend Micro has acquired IP reputation services >> provider Kelkea, best known for its MAPS blacklist services, to >> bolster its ability to combat spam, phishing, and pharming." > > Pharming? They're going to plant crops on MAPS property? pharming.org's site has some stuff about the dns cache poisoning/hacking for pharming purposes including a number of news articles https://www.pharming.org/news.jsp -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Jun 15 22:14:25 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Jun 15 15:15:13 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: On Wed, 15 Jun 2005 14:54:54 -0400, indigo coughed into spamcop and left this in : > I was just about to tell Lamie to go back to NANAE to if he wants to keep > playing "spamhunter".....ya kinda beat me to the punch ;-) I don't think Spamtard is really wanted in NANAE either, really. -- Steve "Politics is supposed to be the second oldest profession. I have come to realize that it bears a very close resemblance to the first." From nobody at spamcop.net Wed Jun 15 17:56:49 2005 From: nobody at spamcop.net (indigo) Date: Wed Jun 15 17:00:04 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: Steven Maesslein wrote: > On Wed, 15 Jun 2005 14:54:54 -0400, indigo coughed into spamcop and > left this in : > > > I was just about to tell Lamie to go back to NANAE to if he wants > > to keep playing "spamhunter".....ya kinda beat me to the punch ;-) > > I don't think Spamtard is really wanted in NANAE either, really. I don't particularly care if he is or not......and I know he's not ;-) Anyway, after a few glances at NANAE in the last month it seems like the place is a ghost town now.....internal squabbling killed it off? From nobody at spamcop.net Wed Jun 15 17:59:02 2005 From: nobody at spamcop.net (indigo) Date: Wed Jun 15 17:00:18 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: Mike Easter wrote: > indigo wrote: > > > > >> "Antivirus company Trend Micro has acquired IP reputation services > >> provider Kelkea, best known for its MAPS blacklist services, to > >> bolster its ability to combat spam, phishing, and pharming." > > > > Pharming? They're going to plant crops on MAPS property? > > pharming.org's site has some stuff about the dns cache > poisoning/hacking for pharming purposes including a number of news > articles https://www.pharming.org/news.jsp Oh. Never heard that term used before. It's not a nice word either. From nobody at spamcop.net Thu Jun 16 01:02:32 2005 From: nobody at spamcop.net (me-no-no) Date: Wed Jun 15 19:05:03 2005 Subject: [SpamCop-List] "Honest" Disclaimer Message-ID: Just received yet another bunch of these TW junks using harvested addresses and forging our ms details in the From field - as per :- Don't@ourmailserver.ourhost.com etc. ! Received: from js-0mmjlcugudbu (219-71-162-8.cable.dynamic.giga.net.tw [219.71.162.8]) http://www.spamcop.net/w3m?action=blcheck&ip=219.71.162.8 http://openrbl.org/ip/219/71/162/8.htm Duly larted and noted accordingly - For what good it will do :-( However, you gotta "admire" their "honesty" :-) ****************** Dear Sir/Madam, FIRST OF ALL,PLEASE KINDLY NOTE THIS E-MAIL IS SENT BY OUR "ADVERTISING COMPANY" AND THE E-MAIL ADDRESS THEY USE IS NOT "REAL" ,THEREFORE,PLEASE CONTACT US VIA "FAX" OR "POST". DON'T DIRECTLY RESPONSE VIA " E-MAIL" BECAUSE WE CAN'T RECEIVE YOUR E-MAIL. IF YOU WANT TO BE REMOVED FROM THE LIST, PLEASE ADVISE YOUR E-MAIL ADDRESS VIA "FAX" OR "POST". base64 encoded - trash ..... Taiwan Manufacturing junk etc ..... Best Regards J.S.Fu/President & CEO No.107,Kuan-Fu Rd.,Bei-Dou(521),Chan ghwa Hsien,Taiwan. Fax:886-4-8873056 (886 is the country code) ****************** However a quick Google reveals they DO have a REAL e-mail address :-) Ciao Meno Tina Textile Enterprise Co.,Ltd. professionally manufactures panty hoses, socks, body stocking, lingerie, underwear, apparel, stockings, tights, woven / knitted fabrics, garments, yarns (all kinds) and gloves. Address: No.107,Kuan-Fu Rd.,Bei-Dou(521),Changhwa Hisen,Taiwan. Phone:886-4-8882451 Fax:886-4-8873056 E-mail: sales@socks-stockings.com.tw Contact: Dennis J.S.Fu / President Registrar: TWNIC Whois:- Tina Textile Enterprise Co., Ltd. No.107, Kuan-Fu. Rd., Bei-Dou, Changhua Hsien, Taiwan. Domain Name: socks-stockings.com.tw Contact: F.S.Fu tina9824@ms24.hinet.net TEL: (04)8882451 FAX: (04)8873056 Record expires on 2007-01-05 (YYYY-MM-DD) Record created on 1998-10-28 (YYYY-MM-DD) Domain servers in listed order: dns.manufacture.com.tw 210.61.114.10 mail.manufacture.com.tw 210.61.114.2 From dfm2a3l0t2 at spymac.com Wed Jun 15 20:22:49 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Wed Jun 15 19:25:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: In article , "indigo" wrote: > Redstone wrote: > > http://www.cbronline.com/article_news.asp?guid=E919E697-04CF-484A-B077- > > 356B24EE58E8 > > > > http://tinyurl.com/cpym8 > > > > "Antivirus company Trend Micro has acquired IP reputation services > > provider Kelkea, best known for its MAPS blacklist services, to > > bolster its ability to combat spam, phishing, and pharming." > > Pharming? They're going to plant crops on MAPS property? Although it's not the meaning intended here, "pharming" also describes the practice of growing genetically engineered crops to produce pharmaceutical materials. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From nobody at devnull.spamcop.net Wed Jun 15 20:51:20 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Jun 15 19:55:05 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: Just wanted to say that (inline) ... >> trying to read through the bottom posts in spamcop >> NGs is enough to >> give one a headache. > > Only if the posts aren't trimmed correctly. > > Furthermore, "bottom" posting isn't the way to post. > "Inline" posting > is. This thread has a slightly more rational rationale (?) than most in the past. But my opinion is slightly different I think than anyone else's here: Bottom: OK if short post; say two screens max depending on the size you set your text to. Trimmed: Too subjective, too many differing opinions on what's right and what's not. One person's trim is another person's meat. ... > Health nuts are going to feel stupid someday, lying > in hospitals dying of nothing. Top: Best, quickest to read, quickest to determine relevancy, but tough IF a person starts late into the thead, like in the middle, and doesn't know what it's about. But to that I say, heck, get 'em all and start at the beginning anyway if you're interested. I get the largest kicks out of people that actually "fix" a top post. I could see that possibly on some earth-shaking item, but in general, it's seems like a silly thing to bother doing. There, I've top/inlined/bottom posted. Hope that's acceptable |;-] And now, what I -really- came here for: I love that sig! Can't quit giggling! Gak! Absolutely -no- offense meant to anyone - simply the musings of a lurker and very casual poster. Like someone said a few hundred posts back, let's just agree to disagree and get on with the spam control. K? Cheers, Pop From nobody at devnull.spamcop.net Wed Jun 15 20:55:04 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Jun 15 20:00:03 2005 Subject: [SpamCop-List] Re: Top posting works in a few places. Not here. References: Message-ID: "Jeff G." wrote in message news:d8o1jr$vt9$1@news.spamcop.net... > On 6/14/2005 6:48 PM John Richards scribbled: > >> Jeff G. wrote: >> >>>amazing the thread you wrought, eh? >> >> >> No point in beating a dead horse, Jeff. Let it rest. >> > wasn't beating it... > amen I'm so sorry, I thought I'd make it thru without saying this, but: Anyone remember Tymnet? THERE's where top posting came from in my case! There was no choice. And yes, it was a corporat environ. Pop You simply will not believe the immense will power it took to not top-post this! From nttp.sc.s at bigsleep.org Thu Jun 16 01:02:31 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Wed Jun 15 20:05:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: On 15 Jun 2005 Mike Easter entered spamcop and left news:d8pthr$11o$1@news.spamcop.net: > All of the compliance forms and the watchdog program are about truste > clients, not trademark piracy. It is not even clear to me whether they > fair to enforce blatant piracy any differently than they would > ex-clients. > What can they do other than a civil suit for trademark infringment? They can enforce their policies with their own clients, which is true for any trademark use elsewhere, anyway. If they had loads of money, like Lucas Entertainment, they could afford to go around shutting down sites. Actually there must be a way to check that a site is authorized to use the logo. I remember seeing one myself, which was either on an OC3 or thePlanet. If OC3 won't shut down spammers, I don't see why they would consider shutting down theives either. -- | Ric | From reader at reader.invalid Thu Jun 16 00:04:46 2005 From: reader at reader.invalid (Reader) Date: Wed Jun 15 22:05:02 2005 Subject: [SpamCop-List] Re: Your basic blank msg... References: Message-ID: On Tue, 14 Jun 2005 08:15:13 -0700, Mike Easter wrote: > The faq on material changes sez to not make any changes to cause SC to > find a link which it doesn't. This isn't exactly that. The faq > describes certain types of approved changes and how to handle them. This > is sort of like that, but not exactly. The ideal solution for no-body spam is for Julian to disable the parser reject for frequent users and instead auto-add "spam has no body" in Additional Notes. From baloo at ursine.ca Wed Jun 15 19:56:29 2005 From: baloo at ursine.ca (Paul Johnson) Date: Wed Jun 15 22:10:03 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: Redstone wrote: > "Antivirus company Trend Micro has acquired IP reputation services > provider Kelkea, best known for its MAPS blacklist services, to bolster > its ability to combat spam, phishing, and pharming." "Ineffective antivirus software vendor buys irrationally maintained blacklist...film at 11!" -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From baloo at ursine.ca Wed Jun 15 20:39:59 2005 From: baloo at ursine.ca (Paul Johnson) Date: Wed Jun 15 23:10:13 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: Pop wrote: > This thread has a slightly more rational rationale (?) > than most in the past. But my opinion is slightly > different I think than anyone else's here: Rational. Rationale is a different word spelled correctly. > Bottom: OK if short post; say two screens max > depending on the size you set your text to. 20 lines or less is a better target. 20 lines is a screenfull on a dumb terminal, the lowest common denominator. Everything can understand mail from programs capable of being displayed on a dumb terminal (pine, mutt, elm, mail, gnus, etc) and everything should emulate their output (because everybody can read it properly). Even though two screens works out great for you when you have 90 lines doesn't mean it's bloody annoying for the guy stuck with 24 lines. > Trimmed: Too subjective, too many differing opinions > on what's right and what's not. One person's trim is > another person's meat. All that matters in a quote is what you're responding to from the last person's message. > Top: Best, quickest to read, quickest to determine > relevancy, but tough IF a person starts late into the > thead, like in the middle, and doesn't know what it's > about. But to that I say, heck, get 'em all and start > at the beginning anyway if you're interested. That's not always viable for the same reasons people dont get all messages. -- Paul Johnson Email and Instant Messenger (Jabber): baloo@ursine.ca http://ursine.ca/~baloo/ From anon at coks.net Wed Jun 15 21:27:16 2005 From: anon at coks.net (J G) Date: Wed Jun 15 23:30:03 2005 Subject: [SpamCop-List] Re: Your basic blank msg... In-Reply-To: References: Message-ID: On 6/15/2005 7:04 PM Reader scribbled: > On Tue, 14 Jun 2005 08:15:13 -0700, Mike Easter wrote: > > >>The faq on material changes sez to not make any changes to cause SC to >>find a link which it doesn't. This isn't exactly that. The faq >>describes certain types of approved changes and how to handle them. This >>is sort of like that, but not exactly. > > > The ideal solution for no-body spam is for Julian to disable the parser > reject for frequent users and instead auto-add "spam has no body" in > Additional Notes. poor Julian, with all that time on his hands... From yeah at right.com Wed Jun 15 22:03:08 2005 From: yeah at right.com (Spaz) Date: Thu Jun 16 00:05:08 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "indigo" wrote in message news:d8ketu$mum$1@news.spamcop.net... > Anyone besides me think Spaz and Steve Sybesma are a match made in heaven? > ;-) anybody besides me think indigo and a porcupine suppository are a match made in heaven? From edb2000 at spamcop.net Wed Jun 15 23:24:10 2005 From: edb2000 at spamcop.net (Don Wannit) Date: Thu Jun 16 01:25:03 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup In-Reply-To: References: Message-ID: Paul Johnson wrote: > Pop wrote: >>This thread has a slightly more rational rationale (?) >>than most in the past. But my opinion is slightly >>different I think than anyone else's here: > > > Rational. Rationale is a different word spelled correctly. Pop is correct. The rationale is more rational than other rationale in the past. The two words are used correctly. Some rationale are highly irrational. (n.b.: preferred plural form of rationale is "rationale". So what's the rationale for that?) -- Don Wannit A paid SpamCop user since 1999 From SCN3ws.5.mysp4mg0bbl3r at sp4mg0vrm3t.c0m Thu Jun 16 12:39:56 2005 From: SCN3ws.5.mysp4mg0bbl3r at sp4mg0vrm3t.c0m (Brian (SnSR)) Date: Thu Jun 16 01:55:03 2005 Subject: [SpamCop-List] Re: dyke out cold & violated! References: Message-ID: Brian (SnSR), , the hobnailed, hygienically challenged mouse, and eater of quiches, hacked: > Fat-assed ambisexual thirsts for bulky gaycat for twinkie creaming. > Must have stiff meat puppet. Mail me at > SCNews.5.myspamgobbler@spamgourmet.com -- Dirty Dictionary: goo gun : n. Your pocket paste dispenser; jizz stick. From porpoise1954 at yahoo.co.uk Thu Jun 16 10:48:10 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Jun 16 05:10:24 2005 Subject: [SpamCop-List] Re: Netiquette vs. Spamcop newsgroup References: Message-ID: "Paul Johnson" wrote in message news:vc57o2-qbi.ln1@ursine.ca... > Pop wrote: > >> This thread has a slightly more rational rationale (?) >> than most in the past. But my opinion is slightly >> different I think than anyone else's here: > > Rational. Rationale is a different word spelled correctly. He wasn't asking if one or other of them was correct. He was using them both; as in "........has a slightly more rational rationale". (As opposed to an irrational rationale). [I think]. > > All that matters in a quote is what you're responding to from the last > person's message. > That about sums it up. It enables those that come after to make sense of it too. From porpoise1954 at yahoo.co.uk Thu Jun 16 10:50:19 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Jun 16 05:10:51 2005 Subject: [SpamCop-List] Re: spam an ASSHOLE! References: Message-ID: "Spaz" wrote in message news:d8qtlr$kou$1@news.spamcop.net... > "indigo" wrote in message > news:d8ketu$mum$1@news.spamcop.net... >> Anyone besides me think Spaz and Steve Sybesma are a match made in >> heaven? >> ;-) > > anybody besides me think indigo and a porcupine suppository are a match > made in heaven? > No From cnewton at akaMail.com Thu Jun 16 09:51:58 2005 From: cnewton at akaMail.com (Curtis Newton) Date: Thu Jun 16 10:55:02 2005 Subject: [SpamCop-List] whitelist not working? Message-ID: I need some help. I am trying to figure out why this message went to my held mail queue when I have ".mil" whitelisted. Can anyone help me on this one??? Return-Path: Delivered-To: spamcop-net-cnewton@spamcop.net Received: (qmail 17032 invoked from network); 16 Jun 2005 10:26:19 -0000 Received: from unknown (192.168.1.103) by blade6.cesmail.net with QMQP; 16 Jun 2005 10:26:19 -0000 Received: from mta8.adelphia.net (68.168.78.196) by mailgate2.cesmail.net with SMTP; 16 Jun 2005 10:26:19 -0000 Received: from akamail.com ([204.202.3.15]) by mta8.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with ESMTP id <20050616102616.LJYY18761.mta8.adelphia.net@akamail.com> for ; Thu, 16 Jun 2005 06:26:16 -0400 Received: from marshal.jwac.local (mail-relay.jwac.mil [199.211.169.5]) by akamail.com (8.13.1/8.13.1) with ESMTP id j5GAQEH3055793 for ; Thu, 16 Jun 2005 10:26:15 GMT Received: from exchangemil.jwac.local (Not Verified[10.40.32.3]) by marshal.jwac.local with NetIQ MailMarshal (v6,0,3,8) id ; Thu, 16 Jun 2005 06:26:58 -0400 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C5725D.E9EC8DB0" X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Subject: RE: AF Transformation Date: Thu, 16 Jun 2005 06:26:53 -0400 Message-ID: <5D0E3E1DB49ECE4B9D2796471562ECD7DB46AC@exchangemil.jwac.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AF Transformation Thread-Index: AcVxw9ZB3T2GWOJARnaBaSHTgYXuBAAB8UaAAABlDEAAADoVAAAARBTQAAGQDvAAAAUiMAAAD1lAAAARlMAAABVq0AAALpLgAAAIbaAAIacooA== From: To: "Curtis Newton" , X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade6 X-Spam-Level: X-Spam-Status: hits=0.1 tests=FORGED_RCVD_HELO,HTML_MESSAGE, HTML_NONELEMENT_20_30,SPF_HELO_PASS version=3.0.2 X-SpamCop-Checked: 192.168.1.103 68.168.78.196 204.202.3.15 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net From Kilgallen at SpamCop.net Thu Jun 16 10:56:51 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Jun 16 11:00:03 2005 Subject: [SpamCop-List] Re: whitelist not working? References: Message-ID: In article , "Curtis Newton" writes: > I need some help. > > I am trying to figure out why this message went to my held mail queue when I > have ".mil" whitelisted. > > Can anyone help me on this one??? Remove the dot. From cnewton at akaMail.com Thu Jun 16 09:57:28 2005 From: cnewton at akaMail.com (Curtis Newton) Date: Thu Jun 16 11:00:16 2005 Subject: [SpamCop-List] Re: whitelist not working? References: Message-ID: Will do, thank you! "Larry Kilgallen" wrote in message news:GPsJdn98Ip8f@eisner.encompasserve.org... > In article , "Curtis Newton" > writes: >> I need some help. >> >> I am trying to figure out why this message went to my held mail queue >> when I >> have ".mil" whitelisted. >> >> Can anyone help me on this one??? > > Remove the dot. From nobody at spamcop.net Thu Jun 16 09:21:24 2005 From: nobody at spamcop.net (Yours Truly) Date: Thu Jun 16 11:25:03 2005 Subject: [SpamCop-List] Polexic Zombie Report Message-ID: We all knew AOL was bad, right? http://www.prolexic.com/zr/ From anon at coks.net Thu Jun 16 09:33:44 2005 From: anon at coks.net (J G) Date: Thu Jun 16 11:35:03 2005 Subject: [SpamCop-List] SC speed... Message-ID: Since you hear my whining, maybe a little positive input should be added as well - today, copying,parsing, and sending went much more rapidly - parsing 5-10 secs., sending almost instantly. Somebody tweak somethig or just a good day? From spamcram at spymac.com Thu Jun 16 09:38:49 2005 From: spamcram at spymac.com (Vernon Hardapple) Date: Thu Jun 16 11:40:07 2005 Subject: [SpamCop-List] Is Spamhaus' SBL-XBL too aggressive? Message-ID: I'm toying with the idea of blacklisting on Exchange 2003 some of the various "evil" domains that SpamHaus has identified. http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html http://www.spamhaus.org/xbl/index.lasso Has anyone done this? And if so, did you find the blacklist(s) too aggressive? From nospam at dev.null Thu Jun 16 19:31:24 2005 From: nospam at dev.null (Anty Spam) Date: Thu Jun 16 12:35:03 2005 Subject: [SpamCop-List] Useless addresses Message-ID: Interesting one! Does this indicate that the goverment does in fact silently condones spamming? Anyway, this will determine the future of all blocklists to and from Brazil under my control. After 5 months unread, then deleted!!! No wonder Brazil have become one of the biggest spammer havens (Fouth biggest). All I can say is: PATHETIC! Note that Operação GVT is operacao@gvt.com.br For the record, this was after one of the upstanding spammers decided to use my details in his spam, forging domain details under my control, sending mails suuposedly from me with viruses attached etc etc. -----Original Message----- Return-Path: Received: from [200.139.127.15] (HELO sv2kowa1.gvt.net.br) by X with ESMTP id 794840050 for X ; Thu, 16 Jun 2005 13:11:58 +0200 Received: from SVCLEXC1.gvt.net.br ([10.41.25.172]) by sv2kowa1.gvt.net.br with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Jun 2005 08:11:50 -0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:mdn MIME-Version: 1.0 Content-Type: multipart/report; report-type=disposition-notification; boundary="----_=_NextPart_001_01C57262.A72C5112" Subject: =?iso-8859-1?Q?N=E3o_lida=3A_BAD_WHOIS_=2C_SPAMMING=2C_FRAUD=2C_etc?= Date: Thu, 16 Jun 2005 08:00:48 -0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: BAD WHOIS , SPAMMING, FRAUD, etc Thread-Index: AcT2qifDY9Q/oaLLSruQtmDtGK/CrR7t4Bfl From: "Daniel Puka" Bcc: Return-Path: daniel.puka@gvt.com.br Your message To: blkadm@NIC.BR; mail-abuse@nic.br; Operação GVT Cc: Subject: RE: BAD WHOIS , SPAMMING, FRAUD, etc Sent: Sun, 9 Jan 2005 20:18:58 -0300 was deleted without being read on Thu, 16 Jun 2005 07:53:40 -0300 -----Original Message----- Return-Path: Received: from [200.139.127.15] (HELO sv2kowa1.gvt.net.br) by X with ESMTP id 794839991 for X ; Thu, 16 Jun 2005 13:11:55 +0200 Received: from SVCLEXC1.gvt.net.br ([10.41.25.172]) by sv2kowa1.gvt.net.br with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Jun 2005 08:11:48 -0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:mdn MIME-Version: 1.0 Content-Type: multipart/report; report-type=disposition-notification; boundary="----_=_NextPart_001_01C57262.7FDA48C6" Subject: =?iso-8859-1?Q?N=E3o_lida=3A_BAD_WHOIS_=2C_SPAMMING=2C_FRAUD=2C_etc?= Date: Thu, 16 Jun 2005 07:59:42 -0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: BAD WHOIS , SPAMMING, FRAUD, etc Thread-Index: AcT2qifDY9Q/oaLLSruQtmDtGK/CrR7t02LD From: =?iso-8859-1?Q?Opera=E7=E3o_GVT?= Bcc: Return-Path: operacao@gvt.com.br X-OriginalArrivalTime: 16 Jun 2005 11:11:48.0654 (UTC) FILETIME=[30897CE0:01C57264] X-Antivirus: AVG for E-mail 7.0.323 [267.7.1] Your message To: blkadm@NIC.BR; mail-abuse@nic.br; Operação GVT Cc: Subject: RE: BAD WHOIS , SPAMMING, FRAUD, etc Sent: Sun, 9 Jan 2005 20:18:58 -0300 was deleted without being read on Thu, 16 Jun 2005 07:52:15 -0300 From nobody at spamcop.net Thu Jun 16 10:32:10 2005 From: nobody at spamcop.net (GregR) Date: Thu Jun 16 12:35:17 2005 Subject: [SpamCop-List] Re: Is Spamhaus' SBL-XBL too aggressive? In-Reply-To: References: Message-ID: Vernon Hardapple wrote: > I'm toying with the idea of blacklisting on Exchange 2003 some of the > various "evil" domains that SpamHaus has identified. > > http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html > http://www.spamhaus.org/xbl/index.lasso > > Has anyone done this? And if so, did you find the blacklist(s) too > aggressive? I've been using their SBL-XBL blocklist with Mailwasher Pro for about a year now, and never had a false positive (unlike the SpamCop BL, which I understand is much more aggressive and "experimental"). -- GregR - Another Beemer Biker ...o&o> From nobody at spamcop.net Thu Jun 16 12:36:56 2005 From: nobody at spamcop.net (Ellen) Date: Thu Jun 16 12:45:03 2005 Subject: [SpamCop-List] Re: SC speed... References: Message-ID: "J G" wrote in message news:d8s62a$fun$1@news.spamcop.net... > Since you hear my whining, maybe a little positive input should be added > as well - today, copying,parsing, and sending went much more rapidly - > parsing 5-10 secs., sending almost instantly. Somebody tweak somethig > or just a good day? Someone tweaked something :-) Ellen SpamCop From Vangu at rd.invalid Thu Jun 16 13:13:56 2005 From: Vangu at rd.invalid (Vanguard) Date: Thu Jun 16 13:15:03 2005 Subject: [SpamCop-List] Re: Is Spamhaus' SBL-XBL too aggressive? References: Message-ID: "Vernon Hardapple" wrote in message news:d8s6ea$g51$1@news.spamcop.net... > I'm toying with the idea of blacklisting on Exchange 2003 some of the > various "evil" domains that SpamHaus has identified. > > http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html > http://www.spamhaus.org/xbl/index.lasso > > Has anyone done this? And if so, did you find the blacklist(s) too > aggressive? Some folks don't like using their 127.0.0.6 list (http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20XBL#136) which is for BOPM (Blitzed Open Proxy Monitor). I don't have any stats from past spam detections from SBL to know how many were due to being found in their BOPM list. If you are trying to stay away from overly aggressive blacklists, don't use SPEWS. That blacklist does not actually target spammers. It targets spam-friendly or spam-lazy ISPs in order to punish them by coercing SPEWS users to complain to their ISPs. Although SpamPal lists SPEWS in their "Medium" scheme regarding agressiveness, that is because they only use the level 1 blacklist; the lists go 0 (history), 2 (watch), 1 (block) in order of aggressiveness (or surity). From other mail admins that have watched how much spam was detected by various blacklists, SPEWS marked only 3% to 18% of the incoming spam volume but much of which was also detected by the other blacklists. For example, at http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html for the last report, SPEWS caught only 2807 from a sample size of 35927, SpamCop found 4126 in that sample, and SpamHaus found 14136 (this only reflects how many would be tagged as spam by the blacklists, and does not reflect the count of false positives since the admin wouldn't have the time to interrogate all those e-mails). I use SpamPal and the following blacklists are listed as aggressive: SpamCop SpamBag SORBS So SpamPal considers SpamCop an aggressive list. I don't recall any false positives due to SpamCop but have had some false positives with SORBS (like SPEWS, they can have some really old and inaccurate records, listing a spam "source" that was last recorded some 3 months ago, or more). I don't use SpamBag because their list is not just for spamming: per their own declaration, they block based on anything considered abusive or antisocial. Like SPEWS, SpamBag doesn't differentiate between the spammer and the service used by the spammer. Of the agressive blacklists, SpamCop seems a more responsible and responsive blacklist. I can't recall having a false positive with SpamHaus SBL+XBL but that's a personal experience, and SpamPal considers SpamHaus as a medium blacklist. From nobody at spamcop.net Thu Jun 16 17:23:54 2005 From: nobody at spamcop.net (indigo) Date: Thu Jun 16 16:25:03 2005 Subject: [SpamCop-List] Re: SC speed... References: Message-ID: Ellen wrote: > "J G" wrote in message > news:d8s62a$fun$1@news.spamcop.net... > > Since you hear my whining, maybe a little positive input should be > > added as well - today, copying,parsing, and sending went much more > > rapidly - parsing 5-10 secs., sending almost instantly. Somebody > > tweak somethig or just a good day? > > Someone tweaked something :-) > You threw apnic off the lookup list? ;-) From nobody at spamcop.net Thu Jun 16 17:29:08 2005 From: nobody at spamcop.net (indigo) Date: Thu Jun 16 16:30:02 2005 Subject: [SpamCop-List] Re: Is Spamhaus' SBL-XBL too aggressive? References: Message-ID: Vernon Hardapple wrote: > I'm toying with the idea of blacklisting on Exchange 2003 some of the > various "evil" domains that SpamHaus has identified. > > http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html > http://www.spamhaus.org/xbl/index.lasso > > Has anyone done this? And if so, did you find the blacklist(s) too > aggressive? That's one of the best ones you'll find available. Won't catch everything by itself, but you shouldn't have many, if at all, false positives. SORBS is a good one too (open relays). From ahab at hiwaay.net Thu Jun 16 16:54:41 2005 From: ahab at hiwaay.net (Hoyt Weathers) Date: Thu Jun 16 16:55:03 2005 Subject: [SpamCop-List] Need SpamCop contact info Message-ID: I have had no smail contact from SpamCop in over a year. I did, and may still do have an account. I need to contact someone who can tell me if my account is still valid. I tried to send my question on SpamCop's site, but there is no Send button to push. Strange that. Regards, Hoyt Weathers From nobody at spamcop.net Thu Jun 16 21:56:04 2005 From: nobody at spamcop.net (StampOutSpam) Date: Thu Jun 16 17:00:02 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: The unsubscribe page (http://dl189167.lipolt.com/unsubscribe.pl) doesn't seem to do anything, and they're not trying to listwash me. Getting a random mortgage rate between 3 and 5 percent looks good, but it's fake. Can't the government do anything to shut down these fraudsters? They leave an address as: Western Data Service 5348 Vegas Dr Las Vegas, NV. 89108 Does it exist there? Can it be targeted? From MikeE at ster.invalid Thu Jun 16 15:16:23 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 16 17:20:03 2005 Subject: [SpamCop-List] Re: Need SpamCop contact info References: Message-ID: Hoyt Weathers wrote: > I have had no smail contact from SpamCop in over a year. I did, and > may still do have an account. I need to contact someone who can > tell me if my account is still valid. I tried to send my question on > SpamCop's site, but there is no Send button to push. Strange that. There are free reporting accounts, there are paid reporting accounts, and there are paid mail accounts. Ostensibly you are talking about a paid reporting account which would have or not have the condition of current 'fuel' available and paid for. If you are not, then nothing below applies. If there is a functional cookie for your log in at http://www.spamcop.net/ then it should say something about fuel if you are logged in or will prompt you to log in. Else you try to login at http://members.spamcop.net/ -- if you can't do that because you don't know who you are [user + pw] then you get this place http://www.spamcop.net/denied.shtml Forgot your password? -- Just fill out this form, and we'll reset your password and email it to you. Note, the address already on file is the one used to mail the fresh password. If you do not have access to that email address, or if it's bouncing our mail, this will not work. If you can't handle that page, write here -- "If you still cannot access your account, email service@admin.spamcop.net for assistance. Please provide some proof that the account you want access to belongs to you. " It's generally better if you can use the webpages rather than waiting for someone to hold your hand and email you. At least that's what I would think. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 16 15:20:26 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 16 17:25:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: StampOutSpam wrote: > The unsubscribe page (http://dl189167.lipolt.com/unsubscribe.pl) > doesn't seem to do anything, and they're not trying to listwash me. I strongly discourage acting like a naive spammee and opening your spam and shopping in your spam and supporting the spamvertisers and reading your spam and believing your spam and clicking on your spamvertiser's links. > Getting a random mortgage rate between 3 and 5 percent looks good, > but it's fake. Can't the government do anything to shut down these > fraudsters? It seems to me that you are a spam reader and a spam believer and a spam buyer. I don't know why you would complain about spam when you believe it and use it for your shopping and purchases. Are you complaining because your spam isn't good enough? Maybe you aren't reading enough of it. Maybe you should try to get more. > They leave an address as: > > Western Data Service > 5348 Vegas Dr > Las Vegas, NV. 89108 > > Does it exist there? Can it be targeted? Targeted for what? -- Mike Easter kibitzer, not SC admin From zypher at spamcop.net Thu Jun 16 18:58:28 2005 From: zypher at spamcop.net (Ron B.) Date: Thu Jun 16 19:00:09 2005 Subject: [SpamCop-List] The Destiny of Blacklists Message-ID: Reactions? http://paulgraham.com/spamhausblacklist.html From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 00:24:17 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 16 19:25:03 2005 Subject: [SpamCop-List] URL fails to parse. Message-ID: http://www.spamcop.net/sc? id=z775577017zd947afa7af97d35ddcb4be2996881f45z Parse excerpt: Finding links in message body Parsing HTML part Resolving link obfuscation http://bulwarking.com/spur/?nice123 http://visagraph.net/rm.php?nice123 host visagraph.net (checking ip) ip not found ; visagraph.net discarded as fake. ---- http://bulwarking.com/spur/?nice123 This spammer link always fails to parse for some odd reason. (Spam posted in spamcop.spam under the same subject heading.) I've tried removing the phoney removal link, remove the "?nice123", removing all the HTML tags and parsing it as a text/plain spam, all with the same results. Spamcop finds the URL fine, but it is not trying to resolve that IP address. Spamcop does find the IP address with just the URL alone, but not as part of this spam. This even happens when I do receive this spam in a text/plain format. I'm at a loss as to what is going on. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 00:25:49 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 16 19:30:02 2005 Subject: [SpamCop-List] Re: [MEDIA] Trend Micro buys MAPS. References: Message-ID: GregR wrote in news:d8pu08$1du$2@news.spamcop.net: > indigo wrote: > >> Pharming? They're going to plant crops on MAPS property? > > Get with the program, dude: > > http://en.wikipedia.org/wiki/Pharming > This makes it even easier than trying to actually trick the registrar with phoney documents. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 00:28:40 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Thu Jun 16 19:30:16 2005 Subject: [SpamCop-List] Re: Useless addresses References: Message-ID: "Anty Spam" wrote in news:d8s9gq$ill$1@news.spamcop.net: > Interesting one! > > Does this indicate that the goverment does in fact silently condones > spamming? > > [snip] Think China. :-) From MikeE at ster.invalid Thu Jun 16 17:39:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 16 19:40:02 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: Ron B. wrote: > Reactions? > > http://paulgraham.com/spamhausblacklist.html Paul seems to have his panties in a wad and is overreacting in his badmouthing of dnsbl/s in general and sbl in specific. He sounds a little bit like moronis over in nanae - a bit hysterical. And moronis is hysterical about spews, which might be more justifiable; Paul is acting hysterically about spamhaus, a generally conservative operation. Interesting that when people get blocked about something, they kinda go nuts. Especially spamfighters. The last time some of my mail to someone was getting lost [not bounced, lost, dropped on the floor] -- I was intensely interested in figuring out why/how. The result of the investigation was that I was most displeased about how my recipient's provider was performing its spamfiltering. I would've been much 'happier' if I had found that EL's servers were blocked for their stupidity and my mail got bounced because of that, not lost for no good reason. -- Mike Easter kibitzer, not SC admin From spamcop-list-at-news.spamcop.net at musaic.net Fri Jun 17 02:43:25 2005 From: spamcop-list-at-news.spamcop.net at musaic.net (St - Musaic.Net) Date: Thu Jun 16 19:43:37 2005 Subject: [SpamCop-List] The Destiny of Blacklists In-Reply-To: References: Message-ID: <1304054221.20050617014325@musaic.net> > Reactions? http://paulgraham.com/spamhausblacklist.html I think it's an old horse... As far as the "illustrates an important failing of blacklists" claim goes: I have used a number of "external" anti-spam services lately, and I have used these together with my own proprietary system here. My experience is that the combination I have put together is working VERY satisfactory! The blacklists he is dissing and my system is a relief to me! Practically NO SPAM is getting thru - and I don't lose real mail. This S/N-level could be a result of me knowing how to make the blacklists/whitelists work well for me and my users...but even so... Claim: "Spammer friendly hosts will also try load up with as many non- spammers as they can to try and show legitimacy." Why would a non-spammer want to do business with a spammer friendly shit host that is bound to cause problems for them?!? Rather than taking the risk, they should just look for some other host! So, I don't think they are too far off when blocking sites that are buying from hosts that show no respect to our mailboxes! paulgraham.com - so what? I couldn't care less about a site that actually put money into a spammer friendly host and thus he is contributing to the spam problem. Besides - I choose to use the blacklists - I accept they are blocking his site - it's okay with me that they block him. Let him rant! U-ha! -- St From MikeE at ster.invalid Thu Jun 16 17:44:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 16 19:45:02 2005 Subject: [SpamCop-List] Re: URL fails to parse. References: Message-ID: Redstone wrote: > I've tried removing the phoney removal link, remove the "?nice123", > removing all the HTML tags and parsing it as a text/plain spam, all > with the same results. Spamcop finds the URL fine, but it is not > trying to resolve that IP address. > > Spamcop does find the IP address with just the URL alone, but not as > part of this spam. This even happens when I do receive this spam in a > text/plain format. > > I'm at a loss as to what is going on. Your diligence in trying to figure that out is much greater than mine would be. The problem of SC's parser not resolving links is way too inconsistent for me to mess with. The fact that some resolution problems change from moment to moment makes my interest in figuring it out go down the drain. I just accept that some of them aren't going to be resolved, regardless of whether they resolve quickly for me or not. Some get resolved sometimes but not other times, some never get resolved even if the parser will resolve them nakedly, some of the ones which don't get resolved will resolve quickly and normally elsewhere, some of the ones which don't resolve resolve poorly or slowly elsewhere. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Thu Jun 16 23:07:07 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Jun 16 22:10:02 2005 Subject: [SpamCop-List] Re: Is Spamhaus' SBL-XBL too aggressive? In-Reply-To: References: Message-ID: indigo wrote: > Vernon Hardapple wrote: > >>I'm toying with the idea of blacklisting on Exchange 2003 some of the >>various "evil" domains that SpamHaus has identified. >> >>http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html >>http://www.spamhaus.org/xbl/index.lasso >> >>Has anyone done this? And if so, did you find the blacklist(s) too >>aggressive? > > > That's one of the best ones you'll find available. Won't catch everything by > itself, but you shouldn't have many, if at all, false positives. SORBS is a > good one too (open relays). It is the SORBS spamtrap zone that is very aggressive, it returns 127.0.0.6. The dul.dnsbl.sorbs.net list along with the sbl-xbl.spamhaus.org will block a lot of spam. The ordb.org open relay list appears to be used a lot also. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Fri Jun 17 04:56:26 2005 From: nobody at spamcop.net (StampOutSpam) Date: Fri Jun 17 00:00:06 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: >> Western Data Service >> 5348 Vegas Dr >> Las Vegas, NV. 89108 >> >> Can it be targeted? > > Targeted for what? Government action, something that would permanently disable their operations. Spam reporting doesn't work because these spammers can move their virtual addresses around the block and they expect to be blacklisted. I have several examples of spam reporting that goes on for months, and usually doesn't stop until I give up or get listwashed. The spammers change addresses after one or two reports, until they find an ISP in Elbonia that can't be touched without government action. Then they don't bother changing addresses - spammers like ttnet, mach90, and sfimg are unreportable. They only need a small percentage of suckers to make money. It costs them little to spew, and they assume that nobody is going to find them. It's frustrating to see reports going nowhere - chinanet.cn.net, oc3@devnull.spamcop.net, nomaster@devnull.spamcop.net, wpzhang#sxty.com.cn@devnull.spamcop.net, and abuse@teleglobe.com (bouncing). It's frustrating because these ISPs continue supporting the spammers and I'm wasting hours of time trying to send reports that will never be read. Blacklisting doesn't work because it doesn't stop them from sending and getting the few suckers they need. Ending that rant, I have noticed an overall decrease in the amount of spam I get compared to two years ago. This could be caused by listwashing, blacklisting, or some effective reporting against smaller spam operations. But how do you get to these big spammers like the ones at oc3 without the government? From pete+usenet at heypete.com Thu Jun 16 21:58:59 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Fri Jun 17 00:00:20 2005 Subject: [SpamCop-List] Re: Is Spamhaus' SBL-XBL too aggressive? References: Message-ID: In article , Vernon Hardapple wrote: > Has anyone done this? And if so, did you find the blacklist(s) too > aggressive? The Spamhaus lists are famous for being very "conservative" in their listings. Any listings are clearly documented with ample evidence indicating why they're listed. Listings are generally kept as small as possible to prevent the spam -- unlike SPEWS, they don't try to push the "collateral damage" aspect, though it occasionally is unavoidable. Using the XBL by Spamhaus would be an excellent basis for any spam-filtering measure. -- Pete Stephenson HeyPete.com From news at REMOVECAPSalanharper.com Thu Jun 16 22:14:24 2005 From: news at REMOVECAPSalanharper.com (Alan Harper) Date: Fri Jun 17 00:15:03 2005 Subject: [SpamCop-List] Simple change requested in X-SpamCop-Disposition header Message-ID: <160620052114244380%news@REMOVECAPSalanharper.com> I recently had a legitimate email blocked as spam > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on blade5 > X-Spam-Level: > X-Spam-Status: hits=0.1 tests=FORGED_RCVD_HELO version=3.0.2 > X-SpamCop-Checked: 192.168.1.103 69.93.35.100 66.163.168.165 > 207.115.63.31 > X-SpamCop-Disposition: Blocked bl.spamcop.net I checked the four (well, really, 3) IPs in the spamcop blacklist, but by the time I had found this email in my held email, whichever host was on the SCbl was now "clean." If the X-SpamCop-Disposition header mentioned which IP(s) had triggered the blocking, then it would be easier to communicate with the appropriate party to resolve the situation. (Thanks to Mike Keaster who helped me figure out which IP was responsible). Alan From MikeE at ster.invalid Thu Jun 16 22:28:02 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 17 00:30:03 2005 Subject: [SpamCop-List] Re: Simple change requested in X-SpamCop-Disposition header References: <160620052114244380%news@REMOVECAPSalanharper.com> Message-ID: Alan Harper wrote: > I recently had a legitimate email blocked as spam > >> X-SpamCop-Checked: 192.168.1.103 69.93.35.100 66.163.168.165 >> 207.115.63.31 >> X-SpamCop-Disposition: Blocked bl.spamcop.net > > I checked the four (well, really, 3) IPs in the spamcop blacklist, but > by the time I had found this email in my held email, whichever host > was on the SCbl was now "clean." The expected finding would be the last IP in the X-SC-Checked line ie in this case 207.115.63.31 > If the X-SpamCop-Disposition header mentioned which IP(s) had > triggered the blocking, then it would be easier to communicate with > the appropriate party to resolve the situation. It generally does, but the automatic delisting process can take it off quickly > (Thanks to Mike Keaster who helped me figure out which IP was > responsible). s/Keaster/Easter/. so that it sounds like 'my keister' Mike Keaster would sound like 'my k-keister' We can't be stuttering if we're talking about my keister. ;-) -- Mike Easter kibitzer, not SC admin From nttp.sc.s at bigsleep.org Fri Jun 17 05:54:21 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 17 00:55:03 2005 Subject: [SpamCop-List] Re: oc3 and fake logos References: Message-ID: On 16 Jun 2005 StampOutSpam entered spamcop and left news:opsshw8c1pyhmg4h@powermac.local: > Government action, something that would permanently disable their > operations. I prefer the Government didn't stick their nose into my email. But if they are doing something illegal, they should be shut down. I just report to the FTC, and try not to worry about it. I suspect they are smart enough not to break any laws, probably clever scammers (I'm very careful when I mix "spam" and "clever" in the same sentence). > Spam reporting doesn't work because these spammers can > move their virtual addresses around the block and they expect to be > blacklisted. I have several examples of spam reporting that goes on > for months, and usually doesn't stop until I give up or get > listwashed. The spammers change addresses after one or two reports, > until they find an ISP in Elbonia that can't be touched without > government action. That's why they are ROSKO. Well, we can block those networks, then no respectable company will use that provider. Firewalling seems to screw some of them up. Suppose if we feed them to each other they will produce baby braindead spammers? -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 05:55:29 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Jun 17 01:00:03 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: "Ron B." wrote in news:d8t06h$1t9$1@news.spamcop.net: > Reactions? > > http://paulgraham.com/spamhausblacklist.html > "This is, strictly speaking, terrorism: harming innnocent people as a way to pressure some central authority into doing what you want." He appears to be ranting on the SBL. If I had a nickle for every spammer that brought up the term "terrorism" in conjunction with blocking their spew.. Here is the definition on "terrorism" from dictionary.com "The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons." + The RBLs is not chopping people's heads off nor using suicide bombers. + The RBLs is not trying to coerce a society or a government for an ideology or some other political mumbojumbo. + ISPs use the RBLs voluntarily. + ISPs end up in the RBLs after repeated requests to get their customers to stop. + It is not unlawful to want to protect our own inboxes from the massive amounts of spew that comes from various /24s or /16s. I'm willing to bet that this guy does not use confirmed opt-in for his newsletters. From nttp.sc.s at bigsleep.org Fri Jun 17 06:01:39 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 17 01:05:03 2005 Subject: [SpamCop-List] The Destiny of Blacklists References: Message-ID: On 16 Jun 2005 St - Musaic.Net entered spamcop and left news:mailman.35.1118965418.169.spamcop-list@news.spamcop.net: > This S/N-level could be a result of me knowing how to make the > blacklists/whitelists work well for me and my users...but even so... Yes, that's why they work for you, and that's why they work for me. -- | Ric | From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 06:03:12 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Jun 17 01:05:15 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: "Mike Easter" wrote in news:d8t2k7$3us$1 @news.spamcop.net: > > He sounds a little bit like moronis over in nanae - a bit hysterical. > And moronis is hysterical about spews, which might be more justifiable; > > [snip] Seems like he literally shits his drawers when someone so as mention the word SPEWS. Just wondering if he (or his ISP) is listed under SPEWS. From redford_stone at INVERSE_OF_COLDmail.com Fri Jun 17 06:05:45 2005 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Fri Jun 17 01:10:03 2005 Subject: [SpamCop-List] Re: URL fails to parse. References: Message-ID: "Mike Easter" wrote in news:d8t2t7$47p$1@news.spamcop.net: > > Your diligence in trying to figure that out is much greater than mine > would be. The problem of SC's parser not resolving links is way too > inconsistent for me to mess with. The fact that some resolution > problems change from moment to moment makes my interest in figuring it > out go down the drain. > > I just accept that some of them aren't going to be resolved, > regardless of whether they resolve quickly for me or not. Some get > resolved sometimes but not other times, some never get resolved even > if the parser will resolve them nakedly, some of the ones which don't > get resolved will resolve quickly and normally elsewhere, some of the > ones which don't resolve resolve poorly or slowly elsewhere. > But it just kills me when it finds the link, knows it is THE spammer link and doesn't even go any further than that to find the URL. Saying that it couldn't find the IP address is fine, but just passing it by is just a bit much. From nttp.sc.s at bigsleep.org Fri Jun 17 06:17:33 2005 From: nttp.sc.s at bigsleep.org (Blammo) Date: Fri Jun 17 01:20:02 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: On 16 Jun 2005 Ron B. entered spamcop and left news:d8t06h$1t9$1@news.spamcop.net: > Reactions? > > http://paulgraham.com/spamhausblacklist.html "Blacklists have a structural flaw: there is no one to watch the watchers." An idiot. I always watch blocklists before I actually use them. There are many ways to watch a blocklist. In fact I'd much rather block everyone but those I (or my users) want eMail from. -- | Ric | From tut at rezona.net Fri Jun 17 11:42:43 2005 From: tut at rezona.net (Gene S) Date: Fri Jun 17 02:45:03 2005 Subject: [SpamCop-List] Bad tracking and forged headers Message-ID: The number of cases of bad tracking seems to be increasing lately. Here is an example: http://www.spamcop.net/sc?id=z775679258z164fadf058285d70cf80a74f9214f178z The be9.masterhost.ru is the real source of spam. Its owners should receive some kind of message and probably should be listed for maintenance of an anonymizing spam relay. The "inpwh (178.105.123.82)" is a clear forgery and SC correctly identifies it as such (by sending a report to bad_tracking@). If a forged line is found in the header, then obviously the one above it is the last identifiable relay responsible for the spam. Why is it completely ignored in the reports? Looks like an omission or a bug. If the problem cannot be fixed, it would be helpful if SC could add a feature permitting users to manually mark in the headers what they believe to be the source of spam. Gene From porpoise1954 at yahoo.co.uk Fri Jun 17 09:15:27 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Jun 17 03:20:02 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: "Ron B." wrote in message news:d8t06h$1t9$1@news.spamcop.net... > Reactions? > > http://paulgraham.com/spamhausblacklist.html Hmm.... I was under the impression that the lists were made up of IP addresses, not URLs....... Another case of an end user blaming the messenger?? Rather than the original perpetrator. From nobody at nowhere.invalid Fri Jun 17 11:14:11 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Jun 17 04:15:03 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: On Thu, 16 Jun 2005 17:58:28 -0500, Ron B. coughed into spamcop and left this in : > Reactions? > > http://paulgraham.com/spamhausblacklist.html Bollocks. Pure bollocks. -- Steve Just remember, if the world didn't suck, we'd all fall off. From Kilgallen at SpamCop.net Fri Jun 17 05:55:31 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jun 17 06:00:12 2005 Subject: [SpamCop-List] Re: The Destiny of Blacklists References: Message-ID: <8pZUPXgyLocM@eisner.encompasserve.org> In article , "Ron B." writes: > Reactions? > > http://paulgraham.com/spamhausblacklist.html Obviously DNSbl operators should be truthful about their listing criteria. I would expect the free market in DNSbls to favor those that were truthful. Vigilantes take action against their target. Boycotters refuse to do business with their target. (In fact, that seems to be the action Mr. Graham proposes against DNSbl operators.) Opponents of aggressive DNSbls might argue that they constitute "secondary boycotts"*, but so far as I can tell the only laws against secondary boycotts are in regard to labor relations (not that laws against something are the only reason it should be avoided). ==== * http://dictionary.law.com/default2.asp?selected=1896&bold=%7C%7C%7C%7C From jamie66000 at hotmail.com Fri Jun 17 07:50:53 2005 From: jamie66000 at hotmail.com (Jamie) Date: Fri Jun 17 06:55:02 2005 Subject: [SpamCop-List] Re: tieting "solved" it's spam priblem References: Message-ID: "Steven Maesslein" wrote in message news:slrndavoou.2rh.nobody@127.0.0.1... > On Tue, 14 Jun 2005 16:07:45 -0400, Jamie coughed into spamcop and left > this in : > >> Ya the day pigs fly will chinatietong.com solve their spam problem. >> They have been hosting spamvertised websites for quite a long time >> now. I am still getting spam from chinatietong as of yesterday. They >> are still hosting spamvertised websites don't let t