From porpoise1954 at yahoo.co.uk Tue Mar 1 01:42:00 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Feb 28 20:55:07 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities References: Message-ID: "Ellen" wrote in message news:d00afb$rrf$1@news.spamcop.net... > > "David 1" wrote in message > news:d004c2$nn5$1@news.spamcop.net... >> Danny Goodman wrote: >> > on 2/27/05 8:30 PM, spamcop-list-request@news.spamcop.net wrote: >> > >> > >> >>Well, well, they're not so immune after all........ >> >> >> >>http://software.silicon.com/malware/0,3800003100,39127678,00.htm >> >> >> > >> > >> > The article is dated 8Feb2005. Hardly news. >> > > > Well it's interesting that on the firefox security page they don't mention > the problem nor do they say anything about updating to 1.01 :-( > > Ellen Probably because they didn't want to destroy the myth that anything but M$ is totally immune.... From nobody at devnull.spamcop.net Tue Mar 1 12:15:27 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Feb 28 22:20:05 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities In-Reply-To: References: Message-ID: Ellen wrote: > "David 1" wrote in message > news:d004c2$nn5$1@news.spamcop.net... > >>Danny Goodman wrote: >> >>>on 2/27/05 8:30 PM, spamcop-list-request@news.spamcop.net wrote: >>> >>> >>> >>>>Well, well, they're not so immune after all........ >>>> >>>>http://software.silicon.com/malware/0,3800003100,39127678,00.htm >>>> >>> >>> >>>The article is dated 8Feb2005. Hardly news. >>> > > > Well it's interesting that on the firefox security page they don't mention > the problem nor do they say anything about updating to 1.01 :-( > > Ellen If you follow the link (on http://www.mozilla.org/security/) "list of known vulnerablilities", it is right on top of the list. From David1 at suescornerweb.com Tue Mar 1 00:16:24 2005 From: David1 at suescornerweb.com (David 1) Date: Tue Mar 1 00:15:04 2005 Subject: [SpamCop-List] huhh, not important, just wondering Message-ID: here is the tracker http://www.spamcop.net/sc?id=z737419776zf5a2d4f80fb5d42c5450f8f2f2ce553bz this is the second one I got in the last hour, the first one I sent to admin, sure wish I hadn't done that now but oh well Question, does this mean anything or is it just a spammer having fun??? just wondering is all Ellen & Don & whom ever, sorry I wasted your time with the first one. -- David 1 bad addy spamtrap@suescornerweb.com From nobody at devnull.spamcop.net Tue Mar 1 01:10:40 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Tue Mar 1 01:15:03 2005 Subject: [SpamCop-List] If you were the head of an ISP with 4000 zombies... Message-ID: If you were the head of an ISP with 4000 zombies, how would you solve the problem? I am not defending the ISPs, but after some thought, I now realize that logistically this is a daunting task, especially if flat-out "blaming the customer" is not an option. Apparently Comcast has begun taking action last year in this regard, by yanking connectivity, redirecting users to a web page where they can get information on how to clean up their system, where to buy and AV & firewall, etc. It must take weeks before the user comes back on line, especially if the user isn't technical. There are billing issues, since you can't charge someone who's not getting connectivity. However, even that may not have a net positive effect. On a network as big as Comcast's, for every /one/ customer you take the time to clean up by contacting, educating, verifying AV and firewall installation, reconnecting, etc., possibly /two more/ have become zombies. From nobody at devnull.spamcop.net Tue Mar 1 01:19:24 2005 From: nobody at devnull.spamcop.net (Cat) Date: Tue Mar 1 02:20:04 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] In-Reply-To: References: Message-ID: George Langford, Sc.D. wrote: > I use *69 and find out that the caller's number is (200) 000-0000. Sounds like you need Caller ID. From nobody at devnull.spamcop.net Tue Mar 1 18:28:33 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 1 04:30:29 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities In-Reply-To: References: Message-ID: David 1 wrote: > Patto wrote: > >> Ellen wrote: >> >>> "David 1" wrote in message >>> news:d004c2$nn5$1@news.spamcop.net... >>> >>>> Danny Goodman wrote: >>>> >>>>> on 2/27/05 8:30 PM, spamcop-list-request@news.spamcop.net wrote: >>>>> >>>>> >>>>> >>>>>> Well, well, they're not so immune after all........ >>>>>> >>>>>> http://software.silicon.com/malware/0,3800003100,39127678,00.htm >>>>>> >>>>> >>>>> >>>>> The article is dated 8Feb2005. Hardly news. >>>>> >>> >>> >>> Well it's interesting that on the firefox security page they don't >>> mention >>> the problem nor do they say anything about updating to 1.01 :-( >>> >>> Ellen >> >> >> >> If you follow the link (on http://www.mozilla.org/security/) "list of >> known vulnerablilities", it is right on top of the list. > > > They turned the darn thing of so it's fixed Correct ???????? Yes, it's fixed in 1.0.1 From agent01413 at my-deja.com Tue Mar 1 09:28:37 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Tue Mar 1 04:30:39 2005 Subject: [SpamCop-List] reality check. Message-ID: I got a spam today through a listserv server. I didnt want to report the server as the source, because it wasnt the source and I didnt want to contribute to blocking it, so I deselected it from the reports. However, that server owner wants to know when spam is coming through his lists so that he can block the points of origin, so he is set up as a third party interested in spam reports from certain IPAs. Am I correct in my belief that if I deselect his IPA on the "origin of spam" line, but leave it selected on the "third party interest line", he'll get notice without getting a ding for the report? -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From nobody at devnull.spamcop.net Tue Mar 1 18:34:15 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 1 04:35:02 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities In-Reply-To: References: Message-ID: Patto wrote: > David 1 wrote: > >> Patto wrote: >> >>> Ellen wrote: >>> >>>> "David 1" wrote in message >>>> news:d004c2$nn5$1@news.spamcop.net... >>>> >>>>> Danny Goodman wrote: >>>>> >>>>>> on 2/27/05 8:30 PM, spamcop-list-request@news.spamcop.net wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Well, well, they're not so immune after all........ >>>>>>> >>>>>>> http://software.silicon.com/malware/0,3800003100,39127678,00.htm >>>>>>> >>>>>> >>>>>> >>>>>> The article is dated 8Feb2005. Hardly news. >>>>>> >>>> >>>> >>>> Well it's interesting that on the firefox security page they don't >>>> mention >>>> the problem nor do they say anything about updating to 1.01 :-( >>>> >>>> Ellen >>> >>> >>> >>> >>> If you follow the link (on http://www.mozilla.org/security/) "list of >>> known vulnerablilities", it is right on top of the list. >> >> >> >> They turned the darn thing of so it's fixed Correct ???????? > > > Yes, it's fixed in 1.0.1 But on IE6 with all security patches on, you can still get 100% fooled! From David1 at suescornerweb.com Tue Mar 1 05:27:39 2005 From: David1 at suescornerweb.com (David 1) Date: Tue Mar 1 05:25:28 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities In-Reply-To: References: Message-ID: Patto wrote: > Patto wrote: > >> David 1 wrote: >> >>> Patto wrote: >>> >>>> Ellen wrote: >>>> >>>>> "David 1" wrote in message >>>>> news:d004c2$nn5$1@news.spamcop.net... >>>>> >>>>>> Danny Goodman wrote: >>>>>> >>>>>>> on 2/27/05 8:30 PM, spamcop-list-request@news.spamcop.net wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Well, well, they're not so immune after all........ >>>>>>>> >>>>>>>> http://software.silicon.com/malware/0,3800003100,39127678,00.htm >>>>>>>> >>>>>>> >>>>>>> >>>>>>> The article is dated 8Feb2005. Hardly news. >>>>>>> >>>>> >>>>> >>>>> Well it's interesting that on the firefox security page they don't >>>>> mention >>>>> the problem nor do they say anything about updating to 1.01 :-( >>>>> >>>>> Ellen >>>> >>>> >>>> >>>> >>>> >>>> If you follow the link (on http://www.mozilla.org/security/) "list >>>> of known vulnerablilities", it is right on top of the list. >>> >>> >>> >>> >>> They turned the darn thing of so it's fixed Correct ???????? >> >> >> >> Yes, it's fixed in 1.0.1 > > > But on IE6 with all security patches on, you can still get 100% fooled! that not be a problem for me the ONLY place I haven't been able to use FX is msn Groups & GEEEE I wonder why that is. I had a problem at my Bank but they laughed & said go away we are on it you ain't the only one. -- David 1 bad addy spamtrap@suescornerweb.com From devnull at spamcop.net Tue Mar 1 08:31:26 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Mar 1 08:35:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Sofa King Tyred of Lar Ting" | If you were the head of an ISP with 4000 zombies, how would you solve | the problem? | | I am not defending the ISPs, but after some thought, I now realize that | logistically this is a daunting task, especially if flat-out "blaming | the customer" is not an option. | | Apparently Comcast has begun taking action last year in this regard, by | yanking connectivity, redirecting users to a web page where they can get | information on how to clean up their system, where to buy and AV & | firewall, etc. It must take weeks before the user comes back on line, | especially if the user isn't technical. There are billing issues, since | you can't charge someone who's not getting connectivity. | | However, even that may not have a net positive effect. On a network as | big as Comcast's, for every /one/ customer you take the time to clean up | by contacting, educating, verifying AV and firewall installation, | reconnecting, etc., possibly /two more/ have become zombies. Charter is a bit more proactive in that they provide a suite of free security software for all customers with an emphasis on the new customers. The only problem I have with their system is that will not provide any data on who/what it is they are installing on the customers' machines. When I've run into problems with their 'stuff' the only options provided a) complete reinstall b) remove and replace with other software. Reinstall sometimes works, removal is problematic as there is no real way to know you've gotten it all off the system short of reformatting. From nobody at devnull.spamcop.net Tue Mar 1 08:35:40 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Mar 1 08:40:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d0110t$d9b$1@news.spamcop.net... > If you were the head of an ISP with 4000 zombies, how would you solve the > problem? > > I am not defending the ISPs, but after some thought, I now realize that > logistically this is a daunting task, especially if flat-out "blaming the > customer" is not an option. > > Apparently Comcast has begun taking action last year in this regard, by > yanking connectivity, redirecting users to a web page where they can get > information on how to clean up their system, where to buy and AV & > firewall, etc. It must take weeks before the user comes back on line, > especially if the user isn't technical. There are billing issues, since > you can't charge someone who's not getting connectivity. > > However, even that may not have a net positive effect. On a network as big > as Comcast's, for every /one/ customer you take the time to clean up by > contacting, educating, verifying AV and firewall installation, > reconnecting, etc., possibly /two more/ have become zombies. I saw an interesting tidbit from Comast this morning that -might- indicate that they are at least trying to tell people they are working on it. A spam from them came in with a |spam ... trailer on the subject line. I still reported it; that's not good enough and doesn't excuse it. If they can tag it, they can stop it. I'll believe their progress when I see it, though I have seen a lot fewer comcast turdlets lately. At least in this one demographic. They're still spewing like crazy but they might be making progress. The biggest problems ISP face, IMO, is that they aren't pro-active. They wait to see if something's big enough to "bother with" before they'll even consider action. By that time, it's too late to save their reps. Pop From postmaster at aroundthecreek.com Tue Mar 1 09:29:28 2005 From: postmaster at aroundthecreek.com (Brent Pirolli) Date: Tue Mar 1 09:30:04 2005 Subject: [SpamCop-List] Pornographic Spam Assault Message-ID: Hey all, I'm new to the group and have been fighting one crazy mess lately... I'm curious if anyone else out there is fighting this same problem or if you have ways to fight it that I haven't thought of yet. I manage an Exchange 2000 mail server with about 60 accounts on it. We run Symantec Enterprise Edition which allows us to use RBL protection and I run about 5 RBLs on there, as well as use custom scanning rules to block unwanted junk. Lately we've been getting blasted by pornographic emails that are absolutely ridiculous. First off, only half of the accounts are getting the spam... half aren't. This immediately tells me that it is most likely an infected home computer of one of the office staff or volunteers that is infected and is spamming their address book at home. Unfortuneatly I have had zero luck in tracking down a source or completely blocking the emails... here's why: The emails come in with a spoofed random sender, spoofed random subject, and spoofed random text in the message (with purposely mis-spelled words). Generally only a word or two is in the message... such as "Have a good day." or "allow me... please :)" Then there are three image files that open from a randomly infected web server (usually apache or linux servers) that are in the message body next to each other to form one large image... Usually it is a scantilly clad female but some have been flat out pornographic material. The email then has a remove button at the bottom that is a link to the same page as the rest of the images are...If you click on an image or the remove button, you are taken to the infected server, which then redirects you to the source site they are promoting... This is 3 out of 4 times a "married housewives" dating site. Up until now I've been able to block the infected servers as we find them through filters (about 20 so far)... but obviously only more servers will be infected in the future... so this won't stop them permanently. I also block the mis-spelled words as they come in the subject lines... wmeon, wemon, wmoen.... all versions of women.... etc. There are about 30 of those so far... Heck... some of the subject lines were even dropping the f-bomb until I blocked that. But again, with the mis-spellings, they can make as many variations as they want.... hard to stop that! So has anyone heard of this? Does anyone else fight this? Suggestions, comments, advice? The emails don't contain any virus attachments or anything... so I don't even know what is causing them to be sent! Very frustrating. To top it off.... The mail server is for a church.... so obviously... porn at church isn't a great thing.... Any help you can offer is greatly appreciated. Thanks! -- Brent Pirolli From MikeE at ster.invalid Tue Mar 1 06:32:17 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 09:35:02 2005 Subject: [SpamCop-List] Re: ISP accountability, Internet software "inspections", licenses, etc. References: Message-ID: Larry Kilgallen wrote: > As it happens, today marked the final release of Special Publication > 800-53. > > http://csrc.nist.gov/sec-cert/ca-controls.html The FISMA Implementation Project is composed of three distinct phases: Phase I: Security Standards and Guidelines Development Phase II: Organizational Accreditation Program Project Status: Planned for FY 2006 but not funded at this time. Phase III: Security Tool Validation Program Project Status: Planned for FY 2006 but not funded at this time. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 1 06:53:36 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 09:55:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Sofa King Tyred of Lar Ting wrote: > If you were the head of an ISP with 4000 zombies, how would you solve > the problem? As a provider in a very competitive environment the provider cannot be spending a ton of money getting this problem straightened out. I've been watching EL cutting corners and watching their pennies in every aspect of their business model; such as outsourcing their tech support to the level of incompetence and dissatisfaction of their clients to the point that if people need tech support for their connectivity satisfaction they should find some other provider. Such as not adding any new newsgroups in well over a year, and then when they finally started adding newsgroups, they aren't adding any binary ones, so they aren't chasing the binary news monster that unfolds if you provide a lot of broadband news access. That 'background' being mentioned for purposes of keeping my costs way way down for straightening out this insecurity problem, I proceed.... I would start publishing a webpage telling about the problem and what I was going to do about it and what was going to start happening to my clients who were insecure and/or zombified and what my clients could do about it on their own to prevent such a shutdown. That webpage would assert that my clients have a responsibility to not inadvertently cause network insecurity problems. I would also start accepting 'applications' from those who were interested in being on my list of approved home visit technicians, and I would set up criteria which greatly limited my responsibilities for these technicians as well as the requirements for what it took to be able to fulfill homevisit tech requirements and some guidelines for homevisit charges by these independent homevisit contractors. Then I would accept a few homevisit techs in some major cities. A homevisit tech has to be competent to evaluate someone's security and to configure the computer with the necessary software and/or hardware to have reasonable expectation that the computer will continue to be secure. A blocked client can't get unblocked without a visitation and approval by a homevisit tech. Then I would start pulling some connectivity or blocking port 25 or somehow adversely affecting a few zombies in a major city or two and not restore the full connectivity until the client had been 'inspected' by a homevisit tech at their expense. I would be publicizing that activity and some feedback from my users who had used the information from the first par above on their own and achieved some security and better configuration, as well as some feedback from a client who had been blocked and also some feedback from a homevisit tech. I'll leave it to someone else about just how to 'shutdown' a zombie while leaving some access to that webpage and some other information. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Mar 1 09:55:12 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Tue Mar 1 10:00:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault In-Reply-To: References: Message-ID: Brent Pirolli wrote: > Unfortuneatly I have had zero luck in tracking > down a source or completely blocking the emails... here's why: > > The emails come in with a spoofed random sender, spoofed random subject, and > spoofed random text in the message (with purposely mis-spelled words). > Generally only a word or two is in the message... such as "Have a good day." > or "allow me... please :)" Then there are three image files that open from > a randomly infected web server (usually apache or linux servers) that are in > the message body next to each other to form one large image... Sounds like a zombie army problem (many links describing that are on this page: http://pages.infinit.net/filmore/educateYourISP.htm). What does SpamCop have to say about the emails? People in this group like to see trackers of sample emails you've put into the SpamCop parser, so you should post those here if you can. > So has anyone heard of this? Does anyone else fight this? Suggestions, > comments, advice? The emails don't contain any virus attachments or > anything... so I don't even know what is causing them to be sent! Very > frustrating. To top it off.... The mail server is for a church.... so > obviously... porn at church isn't a great thing.... Any help you can offer > is greatly appreciated. Thanks! It seems since you're on Exchange, you have limited options -- spamassassin works pretty well if you're on Linux. On the other hand, you could check out SpamPal.org -- even though it was initially designed to work on end-user (POP and IMAP clients) machines, I've read on the spampal.org web site that it's been used with windows email servers. SpamPal has a couple of nice features, at least while used on end-user PCs: 1) it has a plug-in (URLBody) that scans email content for URLs that are black-listed - probably the URLs for the compromised machines are already on a zombie-list, or, in many cases URLs pointing to IPs that are on dynamic IP addresses are considered to be bad news (a home-user isn't supposed to be running a web server). This is effective since you don't have to tweak any filters. The black-lists are dynamic and maintained by the community. In fact, reporting spams to spamcop helps in keeping those same lists up-to-date. 2) it can be configured easily to "white list" any email addresses. This is useful since occasionally a legitimate contact (who's on an ISP that has a bad reputation for spam, for example) get blocked as spam. It also has a regular expression plug-in that filters on content, although I don't use it. Good luck. From firewoman at default.domain.not.available Tue Mar 1 10:01:27 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Tue Mar 1 10:00:05 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: Message-ID: "Cat" wrote in message news:d0151i$ft9$1@news.spamcop.net... > George Langford, Sc.D. wrote: > > > >> I use *69 and find out that the caller's number is (200) 000-0000. > > > > Sounds like you need Caller ID. CallerID doesn't help when it shows the caller's phone number to be (200) 000-0000. Yes, I get the exact same thing, along with the k00ks from the benevolent society of the week. However, if I'm home and the machine doesn't catch it, I have a little fun with them. Last week the benevolent telemarketer thought that he called in the middle of some really heavy stuff (panting, moaning, screaming and the like). I told him to keep talking, that the sound of his voice was really doing it for me. He hung up at the, uh, climax of the phone call. :-) Who says telemarketers are boring? From postmaster at aroundthecreek.com Tue Mar 1 10:06:06 2005 From: postmaster at aroundthecreek.com (Brent Pirolli) Date: Tue Mar 1 10:05:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: What about http://xwall.us? Does anyone know if this works well or is worth using? -- Brent Pirolli "Sofa King Tyred of Lar Ting" wrote in message news:d01vod$6qd$1@news.spamcop.net... > Brent Pirolli wrote: >> Unfortuneatly I have had zero luck in tracking down a source or >> completely blocking the emails... here's why: >> >> The emails come in with a spoofed random sender, spoofed random subject, >> and spoofed random text in the message (with purposely mis-spelled >> words). Generally only a word or two is in the message... such as "Have a >> good day." or "allow me... please :)" Then there are three image files >> that open from a randomly infected web server (usually apache or linux >> servers) that are in the message body next to each other to form one >> large image... > > Sounds like a zombie army problem (many links describing that are on this > page: http://pages.infinit.net/filmore/educateYourISP.htm). > > What does SpamCop have to say about the emails? > > People in this group like to see trackers of sample emails you've put into > the SpamCop parser, so you should post those here if you can. > >> So has anyone heard of this? Does anyone else fight this? Suggestions, >> comments, advice? The emails don't contain any virus attachments or >> anything... so I don't even know what is causing them to be sent! Very >> frustrating. To top it off.... The mail server is for a church.... so >> obviously... porn at church isn't a great thing.... Any help you can >> offer is greatly appreciated. Thanks! > > It seems since you're on Exchange, you have limited options -- > spamassassin works pretty well if you're on Linux. > > On the other hand, you could check out SpamPal.org -- even though it was > initially designed to work on end-user (POP and IMAP clients) machines, > I've read on the spampal.org web site that it's been used with windows > email servers. > > SpamPal has a couple of nice features, at least while used on end-user > PCs: > > 1) it has a plug-in (URLBody) that scans email content for URLs that are > black-listed - probably the URLs for the compromised machines are already > on a zombie-list, or, in many cases URLs pointing to IPs that are on > dynamic IP addresses are considered to be bad news (a home-user isn't > supposed to be running a web server). This is effective since you don't > have to tweak any filters. The black-lists are dynamic and maintained by > the community. In fact, reporting spams to spamcop helps in keeping those > same lists up-to-date. > > 2) it can be configured easily to "white list" any email addresses. This > is useful since occasionally a legitimate contact (who's on an ISP that > has a bad reputation for spam, for example) get blocked as spam. > > It also has a regular expression plug-in that filters on content, although > I don't use it. > > Good luck. From MikeE at ster.invalid Tue Mar 1 07:09:41 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 10:10:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Mike Easter wrote: > Sofa King Tyred of Lar Ting wrote: >> If you were the head of an ISP with 4000 zombies, how would you solve >> the problem? > Then I would start pulling some connectivity or blocking port 25 or > somehow adversely affecting a few zombies in a major city or two and > not restore the full connectivity until the client had been > 'inspected' by a homevisit tech at their expense. > I'll leave it to someone else about just how to 'shutdown' a zombie > while leaving some access to that webpage and some other information. My primary target 'model', technically and network topology-wise is the cable modem user, which make very popular and prolific zombies. So, it is likely that my blockage is going to have to 'involve' the cable infrastructure provider; in the case of a provider like EL, that cable infrastructure might be from TimeWarner or Comcast or somesuch. I don't have a good enough understanding of the technical obstacles to be dealt with there to know if that would be a big problem or not. If this is going to cause time, trouble, and expense to the infrastructure provider, we are going to have to figure out how to cut a deal about those issues. The strategy for dsl would probably be different, as would that for dialup, which is not as popular a target to make a zombie army. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 1 07:13:07 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 10:15:03 2005 Subject: [SpamCop-List] Re: reality check. References: Message-ID: Socks the Whitehouse Cat wrote: > I got a spam today through a listserv server. I didnt want to report > the server as the source, because it wasnt the source and I didnt > want to contribute to blocking it, so I deselected it from the > reports. However, that server owner wants to know when spam is coming > through his lists so that he can block the points of origin, so he is > set up as a third party interested in spam reports from certain IPAs. > Am I correct in my belief that if I deselect his IPA on the "origin > of spam" line, but leave it selected on the "third party interest > line", he'll get notice without getting a ding for the report? I didn't think you were supposed to handle the problem of mailing list spam like that, ie with SC. http://www.spamcop.net/fom-serve/cache/14.html On what type of email should I (not) use SpamCop? -- Spam sent to mailing lists -- Spam sent to mail lists/groups must not be reported using SpamCop except by the list owner. Subscribers may send a note to the list owner who can block the source from sending to the list or take responsibility for reporting the spam themselves. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Mar 1 10:35:14 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Tue Mar 1 10:40:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault In-Reply-To: References: Message-ID: Brent Pirolli wrote: > What about http://xwall.us? Does anyone know if this works well or is worth > using? > Google loves you: Among other immediate answers to questions about xwall and spam and reviews, it provides http://www.windowsitpro.com/Windows/Article/ArticleID/44695/44695.html The review is dated January 2005, so it seems recent. Can't say much more. From dkona7b02 at sneakemail.com Tue Mar 1 11:51:36 2005 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Tue Mar 1 11:51:52 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: <3.0.5.32.20050301115136.00fe2320@loki.fstrf.org> I have a cable modem. I was leasing mine from Adelphia for $3 a month but got a new one for Xmas so I can avoid that extra charge. I decided to just hook up the new one to see what would happen. It seemed to sync right up and everything was a go. I fired up my browser to see if I could get out to the 'net. No matter what address I typed in, I would only get an Adelphia support page telling me that they saw the new modem and that I would have to register it before I could do anything else. Long story short, their online registration wouldn't work so I had to call them. During that conversation, I was told that as soon as their system realized that I had installed a new modem, I was automatically rerouted to their test network. I couldn't do anything other than access their support page or send email to them directly. So, in response to this thread, that is exactly what they could do to anyone that triggers their zombie detection alert. Cut them off the live net and shunt them to a test server that severely limits what they can do until they clean up their system. As long as it is spelled out in their TOS, they can certainly continue to charge their fee during this time. The user is still getting connectivity, they just aren't able to spew out to the rest of the world! At 07:09 AM 3/1/2005 -0800, Mike Easter typed: >Mike Easter wrote: >> Sofa King Tyred of Lar Ting wrote: >>> If you were the head of an ISP with 4000 zombies, how would you solve >>> the problem? > >> Then I would start pulling some connectivity or blocking port 25 or >> somehow adversely affecting a few zombies in a major city or two and >> not restore the full connectivity until the client had been >> 'inspected' by a homevisit tech at their expense. > >> I'll leave it to someone else about just how to 'shutdown' a zombie >> while leaving some access to that webpage and some other information. > >My primary target 'model', technically and network topology-wise is the >cable modem user, which make very popular and prolific zombies. > >So, it is likely that my blockage is going to have to 'involve' the >cable infrastructure provider; in the case of a provider like EL, that >cable infrastructure might be from TimeWarner or Comcast or somesuch. I >don't have a good enough understanding of the technical obstacles to be >dealt with there to know if that would be a big problem or not. If this >is going to cause time, trouble, and expense to the infrastructure >provider, we are going to have to figure out how to cut a deal about >those issues. > >The strategy for dsl would probably be different, as would that for >dialup, which is not as popular a target to make a zombie army. From MikeE at ster.invalid Tue Mar 1 09:16:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 12:15:06 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Spam Hater wrote: > No matter what address I typed in, I would > only get an Adelphia support page telling me that they saw the new > modem and that I would have to register it before I could do anything > else. I'm not sure I understand exactly what is going on there. I mean, I understand, but.... My current configuration is that I have a switch router between my LAN, the cable modem, and the cable modem's network 'connectivity' which is via TimeWarner. My provider is EL. The 'intermediate' hops in a traceroute next to me are RoadRunner IPs which are TimeWarners. Depending on where I'm going, ie 'across country' to Atlanta instead of Pasadena, the routing is different now that I'm an EL subscriber than it was when I was a RR subscriber. My news is EL's, my mail is EL's. But, if I have 'genuine' connectivity problems, such as my cable modem having blinking lights and not properly 'connected', I call TW for those problems. I try to avoid calling EL for anything, and TW is responsive to troubleshooting my connectivity. When the cable modem 'connects' it has obtained a 'lease' on an IP, and that lease lasts about a day, but then it gets a new lease, which is the same IP, and that IP sticks to me for many many months, even tho' ostensibly it is a dynamic IP. The 'system' at TW knows my cable modem's MAC address, and it also knows how many IPs it can give it; because once upon a time before my current configuration I actually subscribed to have 2 IPs instead of one, which, BTW, makes for great troubleshooting ability. I suppose that the cable modem also knows my switchrouter's MAC address, and the switchrouter is thus doing the address translation business for the various computers on the LAN. My point about all of that is that whatever was going on with you and Adelphia might be different for EL/TW and it might also be different for remedying this zombie problem. -- Mike Easter kibitzer, not SC admin From feldethom2165 at email2me.net Tue Mar 1 08:56:08 2005 From: feldethom2165 at email2me.net (Fred k) Date: Tue Mar 1 13:00:04 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Mike Easter" wrote in message news:d027ul$dj8$1@news.spamcop.net... > Spam Hater wrote: >> No matter what address I typed in, I would >> only get an Adelphia support page telling me that they saw the new >> modem and that I would have to register it before I could do anything >> else. > Maybe I am not up to snuff, but stopping zombies should be as simple as comparing the From: to the account subscribers addy, and if not matching reject back to client. What is wrong with that? Not a big ISP resource would be needed. Of course rogue ISP's would not comply, so then they would be cut off by the upstream provider. Fred k From nobody at nowhere.invalid Tue Mar 1 19:05:37 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Mar 1 13:10:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 1 Mar 2005 08:56:08 -0900, Fred k coughed into spamcop and left this in : > Maybe I am not up to snuff, but stopping zombies should be as simple as > comparing the From: to the account subscribers addy, and if not matching > reject back to client. What is wrong with that? You're preventing anyone from using any domain other than that of their ISP - including preventing people from using their spamcop.net address. -- Steve Microsoft Palladium: "Where the hell do you think YOU'RE going today?" From feldethom2165 at email2me.net Tue Mar 1 09:17:59 2005 From: feldethom2165 at email2me.net (Fred k) Date: Tue Mar 1 13:20:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Steven Maesslein" wrote in message news:slrnd29bnh.1vrc.nobody@127.0.0.1... > > You're preventing anyone from using any domain other than that of their > ISP - including preventing people from using their spamcop.net address. Well, I am not sure what you are saying. But if I log into my email from another domain via an internet connection, I have to log in with my password and my mail goes out with my email address in the from field. Fred k From porpoise1954 at yahoo.co.uk Tue Mar 1 18:11:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Mar 1 13:25:06 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Steven Maesslein" wrote in message news:slrnd29bnh.1vrc.nobody@127.0.0.1... > On Tue, 1 Mar 2005 08:56:08 -0900, Fred k coughed into spamcop and left > this in : > >> Maybe I am not up to snuff, but stopping zombies should be as simple as >> comparing the From: to the account subscribers addy, and if not matching >> reject back to client. What is wrong with that? > > You're preventing anyone from using any domain other than that of their > ISP - including preventing people from using their spamcop.net address. > Also, not sure how that would work where it is not the ISP which is providing the email facitlities.... From nobody at nowhere.invalid Tue Mar 1 19:31:43 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Tue Mar 1 13:35:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 1 Mar 2005 09:17:59 -0900, Fred k coughed into spamcop and left this in : > Well, I am not sure what you are saying. But if I log into my email from > another domain via an internet connection, I have to log in with my password > and my mail goes out with my email address in the from field. >From what I understood, you were basically saying that mail coming from an IP address unrelated to the domain in the From: e-mail address should be rejected. That won't work. The IP addresses from which mail I send comes will have nothing to do with spamcop.net or with any of the domains I use and would therefore be rejected according to your system. -- Steve There's no place like ~ From eddie at eddie.web Tue Mar 1 13:36:05 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 13:40:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 01 Mar 2005 01:10:40 -0500, Sofa King Tyred of Lar Ting scratched out the following: > If you were the head of an ISP with 4000 zombies, how would you solve the > problem? > > I am not defending the ISPs, but after some thought, I now realize that > logistically this is a daunting task, especially if flat-out "blaming the > customer" is not an option. snip "The customer is always right" was said by a customer. Honest dealers know that the customer is almost always wrong. I would put the zombies, as they were discovered, on a separate server which would require the user to let the server access his computer, clean it out, check it each time the user logs on, or once every few hours, and when he is a "good guy" for a month he could get back to the normal server. XP has a backdoor that could be used for this service and if the infected customer refuses, he cannot access the internet. -- Once movie theaters gave out steak knives Today they confiscate them From feldethom2165 at email2me.net Tue Mar 1 09:44:25 2005 From: feldethom2165 at email2me.net (Fred k) Date: Tue Mar 1 13:50:06 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Steven Maesslein" wrote in message news:slrnd29d8f.29vn.nobody@127.0.0.1... > The IP addresses from which mail I send comes will have nothing to do > with spamcop.net or with any of the domains I use and would therefore be > rejected according to your system. My understanding is that I have an email account at myname@mailprovider.net. In order to send email from any computer signed into that account, it gets to the ISP that provides that mailservice. It then examines the mail for what to do with it and what email account sent it and does that match the from field. In your example I presume you are at work at a WiFi hotspot etc and are logged into and are sending email through your home email account. Fred k From zypher at spamcop.net Tue Mar 1 13:02:00 2005 From: zypher at spamcop.net (Ron B.) Date: Tue Mar 1 14:05:04 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: eddie wrote: > On Tue, 01 Mar 2005 01:10:40 -0500, Sofa King Tyred of Lar Ting scratched > out the following: > > >>If you were the head of an ISP with 4000 zombies, how would you solve the >>problem? >> >>I am not defending the ISPs, but after some thought, I now realize that >>logistically this is a daunting task, especially if flat-out "blaming the >>customer" is not an option. > > > snip > "The customer is always right" was said by a customer. Honest dealers > know that the customer is almost always wrong. > I would put the zombies, as they were discovered, on a separate server > which would require the user to let the server access his computer, clean > it out, check it each time the user logs on, or once every few hours, and > when he is a "good guy" for a month he could get back to the > normal server. XP has a backdoor that could be used for this service and > if the infected customer refuses, he cannot access the internet. > Customer simply goes to another ISP _with_ his infected machine. From pxpearson at spamxcop.net Tue Mar 1 12:15:14 2005 From: pxpearson at spamxcop.net (Peter Pearson) Date: Tue Mar 1 15:15:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Fred k wrote: > "Steven Maesslein" wrote >> The IP addresses from which mail I send comes will have nothing to do >> with spamcop.net or with any of the domains I use and would therefore be >> rejected according to your system. > > My understanding is that I have an email account at > myname@mailprovider.net. In order to send email from any computer signed > into that account, it gets to the ISP that provides that mailservice. . . Is somebody here confusing the "From " field and the "From:" field? My ISP, Charter, seems to require that my "From " field match my Charter email address, but allows a Spamcop "From:" field. -- Remove the two x's to get a good email address. From eddie at eddie.web Tue Mar 1 15:14:38 2005 From: eddie at eddie.web (eddie) Date: Tue Mar 1 15:15:10 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 01 Mar 2005 13:02:00 -0600, Ron B. scratched out the following: snip > > Customer simply goes to another ISP _with_ his infected machine. Eventually he will give up. But that kind of customer would not listen to advice anyway. He's a "know-it-all" and that's why he's got a zombie. Most normal people would follow their ISP's instructions and be happy to be rid of the infection. But some people enjoy disease. -- Once movie theaters gave out steak knives Today they confiscate them From devnull at spamcop.net Tue Mar 1 15:16:41 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Mar 1 15:20:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Mike Easter" wrote in message news:d020h8$7sf$1@news.spamcop.net... | Mike Easter wrote: | > Sofa King Tyred of Lar Ting wrote: | >> If you were the head of an ISP with 4000 zombies, how would you solve | >> the problem? | | > Then I would start pulling some connectivity or blocking port 25 or | > somehow adversely affecting a few zombies in a major city or two and | > not restore the full connectivity until the client had been | > 'inspected' by a homevisit tech at their expense. | | > I'll leave it to someone else about just how to 'shutdown' a zombie | > while leaving some access to that webpage and some other information. | | My primary target 'model', technically and network topology-wise is the | cable modem user, which make very popular and prolific zombies. | | So, it is likely that my blockage is going to have to 'involve' the | cable infrastructure provider; in the case of a provider like EL, that | cable infrastructure might be from TimeWarner or Comcast or somesuch. I | don't have a good enough understanding of the technical obstacles to be | dealt with there to know if that would be a big problem or not. If this | is going to cause time, trouble, and expense to the infrastructure | provider, we are going to have to figure out how to cut a deal about | those issues. Technical problem can't be that great. Takes them only seconds to pull the plug if the payment is not made. From devnull at spamcop.net Tue Mar 1 15:20:33 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Mar 1 15:50:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "eddie" | | > If you were the head of an ISP with 4000 zombies, how would you solve the | > problem? | > | > I am not defending the ISPs, but after some thought, I now realize that | > logistically this is a daunting task, especially if flat-out "blaming the | > customer" is not an option. | | snip | "The customer is always right" was said by a customer. Honest dealers | know that the customer is almost always wrong. Not to change the topic but in many cases that approach equates to the customer being someone else's customer in short order and if carried to extreme the business is no more. From MikeE at ster.invalid Tue Mar 1 12:54:46 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 15:55:04 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Frog Prince wrote: > "Mike Easter" >> My primary target 'model', technically and network topology-wise is >> the cable modem user, which make very popular and prolific zombies. >> >> So, it is likely that my blockage is going to have to 'involve' the >> cable infrastructure provider; in the case of a provider like EL, >> that cable infrastructure might be from TimeWarner or Comcast or >> somesuch. I don't have a good enough understanding of the technical >> obstacles to be dealt with there to know if that would be a big >> problem or not. If this is going to cause time, trouble, and >> expense to the infrastructure provider, we are going to have to >> figure out how to cut a deal about those issues. > > Technical problem can't be that great. Takes them only seconds to > pull the plug if the payment is not made. Pulling the plug is one thing -- the refusal to grant or lease renew an IP to that cablemodem MAC = no connectivity. The problem is about this 'discriminatory' partial blockage we're discussing. EL sez they are going to be using some kind of 'targeted' port 25 blockage. Part of this discussion here has been about allowing the bad IP to be able to access a website and to have some other kind of partial connectivity but stopping the proxy/trojan smtp injection business. I can assure you that EL doesn't want to be talking on the telephone to much of anyone -- even their good customers, much less someone who has been disabled by this cleanup process. I don't think you are going to be able to get providers to adopt the attitude, "Just permanently kill 'em and be done with it." -- Mike Easter kibitzer, not SC admin From feldethom2165 at email2me.net Tue Mar 1 13:35:22 2005 From: feldethom2165 at email2me.net (Fred k) Date: Tue Mar 1 17:40:20 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Peter Pearson" wrote in message news:d02ieq$mtg$1@news.spamcop.net... > Fred k wrote: > Is somebody here confusing the "From " field and the "From:" field? > My ISP, Charter, seems to require that my "From " field match my > Charter email address, but allows a Spamcop "From:" field. I don't think so.In the case of spam through zombied clients the message FROM filed is a fictitious addy. What I am saying if the connected client machine and the spam's FROM addy don't match the ISP should not forward,but maybe bounce back to the zombied client. Fred k I could be wet behind my ears From nobody at nowhere.not Tue Mar 1 22:43:17 2005 From: nobody at nowhere.not (Robert Blair) Date: Tue Mar 1 17:45:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 1 Mar 2005 20:15:14 UTC, Peter Pearson wrote: > > "Steven Maesslein" wrote > >> The IP addresses from which mail I send comes will have nothing to do > >> with spamcop.net or with any of the domains I use and would therefore be > >> rejected according to your system. > > > > My understanding is that I have an email account at > > myname@mailprovider.net. In order to send email from any computer signed > > into that account, it gets to the ISP that provides that mailservice. . . > > Is somebody here confusing the "From " field and the "From:" field? > My ISP, Charter, seems to require that my "From " field match my > Charter email address, but allows a Spamcop "From:" field. Your ISP may require you to do that but mine does not. I have several domain names (only one hosted by my ISP) and I can send email with both "From " and "From:" being anything I want and I do use this when I send email for my other domains. Of course this also depends on the options allowed by your software. -- Robert Blair From porpoise1954 at yahoo.co.uk Wed Mar 2 00:06:42 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Mar 1 19:20:09 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Peter Pearson" wrote in message news:d02ieq$mtg$1@news.spamcop.net... > Fred k wrote: >> "Steven Maesslein" wrote >>> The IP addresses from which mail I send comes will have nothing to do >>> with spamcop.net or with any of the domains I use and would therefore be >>> rejected according to your system. >> >> My understanding is that I have an email account at >> myname@mailprovider.net. In order to send email from any computer signed >> into that account, it gets to the ISP that provides that mailservice. . . > > Is somebody here confusing the "From " field and the "From:" field? > My ISP, Charter, seems to require that my "From " field match my > Charter email address, but allows a Spamcop "From:" field. > My ISP only provides the DSL connection. All my email is handled by my hosting company's Mxes. In order to send email, you have to have the username and password correct for that email address before the server will accept it for onward transmission. So merely having My Name myname@mydomain.com would not be sufficient to send email from any of my addresses under the various domains. The account logins and passwords are required also (which are unique to each address). So far, it hasn't failed....... From nobody at devnull.spamcop.net Tue Mar 1 19:57:31 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Mar 1 19:55:04 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: Message-ID: "Firewoman" wrote in message news:d01vut$6u8$1@news.spamcop.net... > "Cat" wrote in message > news:d0151i$ft9$1@news.spamcop.net... > > George Langford, Sc.D. wrote: > > > > > > > >> I use *69 and find out that the caller's number is (200) 000-0000. > > > > > > > > Sounds like you need Caller ID. > > CallerID doesn't help when it shows the caller's phone number to be (200) > 000-0000. > > Yes, I get the exact same thing, along with the k00ks from the benevolent > society of the week. > > However, if I'm home and the machine doesn't catch it, I have a little fun > with them. Last week the benevolent telemarketer thought that he called in > the middle of some really heavy stuff (panting, moaning, screaming and the > like). I told him to keep talking, that the sound of his voice was really > doing it for me. He hung up at the, uh, climax of the phone call. > > :-) > > Who says telemarketers are boring? I read somewhere that what to do with obscene phone calls was to start talking gibberish. I only tried it once, but it turned out to be a legitimate call. Not boring, no. Miss Betsy From SCNews.5.myspamgobbler at spamgourmet.com Tue Mar 1 17:20:12 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Tue Mar 1 20:25:03 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] In-Reply-To: References: Message-ID: Miss Betsy wrote: > > I read somewhere that what to do with obscene phone calls was to > start talking gibberish. I only tried it once, but it turned out > to be a legitimate call. Not boring, no. > > Miss Betsy > > What's a legitimate obscene phone call? :) From devnull at spamcop.net Tue Mar 1 20:27:03 2005 From: devnull at spamcop.net (Frog Prince) Date: Tue Mar 1 20:30:04 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: Message-ID: "Brian (SnSR)" | > I read somewhere that what to do with obscene phone calls was to | > start talking gibberish. I only tried it once, but it turned out | > to be a legitimate call. Not boring, no. | > | > Miss Betsy | > | > | | What's a legitimate obscene phone call? Collect and you accept the charges. From nobody at devnull.spamcop.net Tue Mar 1 20:33:10 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Tue Mar 1 20:30:08 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: Message-ID: "Brian (SnSR)" wrote in message news:d034d7$3eh$1@news.spamcop.net... > Miss Betsy wrote: > > > > > I read somewhere that what to do with obscene phone calls was to > > start talking gibberish. I only tried it once, but it turned out > > to be a legitimate call. Not boring, no. > > > > Miss Betsy > > > > > > What's a legitimate obscene phone call? > > :) That's a good question! It's too long a story to recreate. I just never gave them a chance. On that subject, one time my husband got an obscene call from a woman. You should have seen the look on his face! It's just too bad that you can't deal with spammers by replying with gibberish. I wish I had the time to answer mortgage spammers the way one person did. Maybe one could quote scripture to the lonely housewives. Miss Betsy From nobody at devnull.spamcop.net Wed Mar 2 10:38:10 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 1 20:40:03 2005 Subject: [SpamCop-List] PayPal phishing scam reported to eBay Message-ID: http://www.spamcop.net/sc?id=z737702656zbda166a0a13c232b1a197bfaffd2ff5fz Contains several PayPal URLs, but SC attempts to report them to spoof#ebay.com@devnull.spamcop.net Had another one yesterday that correctly reported to spoof@paypal.com I wonder what this is...? From MikeE at ster.invalid Tue Mar 1 17:52:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 20:55:03 2005 Subject: [SpamCop-List] Re: PayPal phishing scam reported to eBay References: Message-ID: Patto wrote: www.spamcop.net/sc?id=z737702656zbda166a0a13c232b1a197bfaffd2ff5fz > > Contains several PayPal URLs, but SC attempts to report them to > spoof#ebay.com@devnull.spamcop.net Not now. Yes now. Not now. Yes now. Something is dynamic. It depends on which resolution paypal does. Canonical name: www.paypal.com Addresses: 216.113.188.66 64.4.241.32 => ebay 64.4.241.33 => ebay 216.113.188.33 216.113.188.34 216.113.188.35 216.113.188.64 216.113.188.65 Re: https://www.paypal.com/us (Administrator of network hosting website referenced in spam) spoof@paypal.com postmaster@paypal.com accessviolation@paypal.com when SC gets the 64. resolution.... Re: https://www.paypal.com/us (Administrator of network hosting website referenced in spam) spoof#ebay.com@devnull.spamcop.net spam@ebay.com postmaster@ebay.com -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 2 11:11:18 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 1 21:15:03 2005 Subject: [SpamCop-List] Re: PayPal phishing scam reported to eBay In-Reply-To: References: Message-ID: Mike Easter wrote: > Patto wrote: > www.spamcop.net/sc?id=z737702656zbda166a0a13c232b1a197bfaffd2ff5fz > >>Contains several PayPal URLs, but SC attempts to report them to >>spoof#ebay.com@devnull.spamcop.net > > > Not now. Yes now. Not now. Yes now. Something is dynamic. It > depends on which resolution paypal does. > > Canonical name: www.paypal.com > Addresses: > 216.113.188.66 > 64.4.241.32 => ebay > 64.4.241.33 => ebay > 216.113.188.33 > 216.113.188.34 > 216.113.188.35 > 216.113.188.64 > 216.113.188.65 > > Re: https://www.paypal.com/us (Administrator of network hosting website > referenced in spam) > spoof@paypal.com > postmaster@paypal.com > accessviolation@paypal.com > > when SC gets the 64. resolution.... > > Re: https://www.paypal.com/us (Administrator of network hosting website > referenced in spam) > spoof#ebay.com@devnull.spamcop.net > spam@ebay.com > postmaster@ebay.com Thank you, Mike, you always have good explanations for the mysteries of the Internet. From nobody at devnull.spamcop.net Wed Mar 2 11:19:59 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 1 21:20:02 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault In-Reply-To: References: Message-ID: Brent Pirolli wrote: > Hey all, > > I'm new to the group and have been fighting one crazy mess lately... I'm > curious if anyone else out there is fighting this same problem or if you > have ways to fight it that I haven't thought of yet. > > I manage an Exchange 2000 mail server with about 60 accounts on it. We run > Symantec Enterprise Edition which allows us to use RBL protection and I run > about 5 RBLs on there, as well as use custom scanning rules to block > unwanted junk. Lately we've been getting blasted by pornographic emails > that are absolutely ridiculous. > > First off, only half of the accounts are getting the spam... half aren't. > This immediately tells me that it is most likely an infected home computer > of one of the office staff or volunteers that is infected and is spamming > their address book at home. Unfortuneatly I have had zero luck in tracking > down a source or completely blocking the emails... here's why: > > The emails come in with a spoofed random sender, spoofed random subject, and > spoofed random text in the message (with purposely mis-spelled words). > Generally only a word or two is in the message... such as "Have a good day." > or "allow me... please :)" Then there are three image files that open from > a randomly infected web server (usually apache or linux servers) that are in > the message body next to each other to form one large image... Usually it is > a scantilly clad female but some have been flat out pornographic material. > The email then has a remove button at the bottom that is a link to the same > page as the rest of the images are...If you click on an image or the remove > button, you are taken to the infected server, which then redirects you to > the source site they are promoting... This is 3 out of 4 times a "married > housewives" dating site. > > Up until now I've been able to block the infected servers as we find them > through filters (about 20 so far)... but obviously only more servers will be > infected in the future... so this won't stop them permanently. I also block > the mis-spelled words as they come in the subject lines... wmeon, wemon, > wmoen.... all versions of women.... etc. There are about 30 of those so > far... Heck... some of the subject lines were even dropping the f-bomb until > I blocked that. But again, with the mis-spellings, they can make as many > variations as they want.... hard to stop that! > > So has anyone heard of this? Does anyone else fight this? Suggestions, > comments, advice? The emails don't contain any virus attachments or > anything... so I don't even know what is causing them to be sent! Very > frustrating. To top it off.... The mail server is for a church.... so > obviously... porn at church isn't a great thing.... Any help you can offer > is greatly appreciated. Thanks! The reasons why some accounts get spam, and others none, are various. Simple account names are prone to dictionary attacks, and therefore are spammed. Email addresses that have been exposed to the Internet get spammed. There may be a multitude of other reasons. So to avoid spam, avoid simple account names, and avoid exposing email addresses. Which may be hard if you need a sales@domain.name address on your website. So then you need filtering. I don't think manual filtering as you do it will get the job done. It will just drive you crazy! Our company has IMF (Exchange Intelligent Message Filter) on the Exchange Server, and I have Cloudmark's SafetyNet on my Outlook client. Together these two tools manage to keep my account 100% spam-free. From nobody at spamcop.net Wed Mar 2 03:15:49 2005 From: nobody at spamcop.net (me-no-no) Date: Tue Mar 1 22:20:03 2005 Subject: [SpamCop-List] FL = Safe Haven (No More) ? Message-ID: Possibly :-) [News] BellSouth Investigation Leads to Guilty Plea in Spamming Case. State of Florida Prosecutes and Convicts Spammer on Felony Charge... http://biz.yahoo.com/prnews/050301/cltu050_1.html Ciao Meno From nobody at devnull.spamcop.net Tue Mar 1 21:35:45 2005 From: nobody at devnull.spamcop.net (Cat) Date: Tue Mar 1 22:40:02 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] In-Reply-To: References: Message-ID: Firewoman wrote: > "Cat" wrote in message > news:d0151i$ft9$1@news.spamcop.net... >>Sounds like you need Caller ID. > > > CallerID doesn't help when it shows the caller's phone number to be (200) > 000-0000. How do they get it to show up like that? > Yes, I get the exact same thing, along with the k00ks from the benevolent > society of the week. I've never gotten that one, not that I'm complaining though. > However, if I'm home and the machine doesn't catch it, I have a little fun > with them. Last week the benevolent telemarketer thought that he called in > the middle of some really heavy stuff (panting, moaning, screaming and the > like). I told him to keep talking, that the sound of his voice was really > doing it for me. He hung up at the, uh, climax of the phone call. > > :-) > > Who says telemarketers are boring? LOL! It's been a while since I've had to deal with a telemarketer since I'm on the Do Not Call list. I've never tried that approach though, but it made me laugh. I have actually asked telemarketers if I could have their home numbers so that I could call and bug them while they're busy. From pete+usenet at heypete.com Tue Mar 1 20:02:37 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Tue Mar 1 23:05:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: In article , eddie wrote: > XP has a backdoor that could be used for this service and if the > infected customer refuses, he cannot access the internet. What if the customer doesn't have Windows XP? What if the network arrangements at the user's residence prevent such monitoring (i.e. the user was infected by email, but cannot accept incoming connections from the network due to a firewall)? What about the privacy concerns of this? ----- That said, here's my idea: 1) If reports (either from external sources, or through automated network monitoring tools) indicate that the user is zombied and sending malicious data (i.e. viruses, spam, etc.), my first step would be to immediately block all traffic to and from the connection. 2) All HTTP traffic would then be directed to an ISP-run site describing the issue in very simple terms (advanced information could be accessed by a link, but by default the information would be suitable for someone's grandmother). 3) As the ISP, I would have attempted to license various anti-virus software for my end-user's use (many anti-virus programs, such as Avast! or Grisoft AVG are freely available for end-users). This software would then be provided, free of charge, to the customer. Holes would be punched in the access-restriction for sites like http://housecall.trendmicro.com/, or to resources like Windows Update and anti-virus definition update sites that are connected to by the anti-virus software itself (i.e. Symantec's LiveUpdate, etc.) 4) The help-page described above would also indicate that access would be restricted indefinitely, until malicious traffic ceased for at least 6 hours (perhaps 12-24, depending on how the ISP feels, I'd prefer 6). 5) If the user follows the instructions, but still is unable to stem the flow of malicious traffic (say the user's machine is secure, but someone mooching off their WiFi network is the one who's zombied), they would be directed to call tech support for help limiting access over WiFi or more advanced malware removal. ----- Seems pretty simple and easy, at least to me. I'm sure there's plenty of flaws in the idea, and plenty of stupid people to fall for them. :) -- Pete Stephenson HeyPete.com From wb8tyw at qsl.network Tue Mar 1 23:10:27 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Tue Mar 1 23:15:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Fred k wrote: > > > I don't think so.In the case of spam through zombied clients the message > FROM filed is a fictitious addy. What I am saying if the connected client > machine and the spam's FROM addy don't match the ISP should not forward,but > maybe bounce back to the zombied client. What you do not understand is two things: 1. That legitimate users of a mail server routinely use different sending domains than the one of the mail server. Requiring the sending domain of the mail server to match the name of the sender's domain would cause a lot of real mail to be rejected. Far more mail than it would stop spam. 2. That the zombies do not usually send the spam through the ISP's mail server. They do not go though secure relays either. The defense against zombies on an ISP is simple, leave port 25 open only for registered mail servers. Other users can use port 587 to access external mail servers. All broadband ISPs should be warning their customers that access remote mail servers by port 25 now to make arrangements now to use port 587 instead and to prepare for port 25 to be cut off. There already is precedence for an ISP to block port 25 with out warning because some other ISP put a block all e-mail from that because of the zombies that were attacking it. There have been reports here of other residential ISPs putting a block on port 25 with out notice, and no reason has been given for this sudden action. Now in the meantime, the protection from zombies on the receiving end is through two means: 1. DNSBLS including a DHCP list like SORBS.NET offers. 2. rDNS checks. Real mail servers have an rDNS assigned. An I.P. address with no rDNS at all should not be sending mail. Also having DHCP,DIAL,DYNA,or pool and a few others in the rDNS means that it is probably a zombie. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Tue Mar 1 20:21:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Tue Mar 1 23:25:02 2005 Subject: [SpamCop-List] Re: PayPal phishing scam reported to eBay References: Message-ID: Patto wrote: > Thank you, Mike, you always have good explanations for the mysteries > of the Internet. My first answer was 'not now' and I was going to paste the paypal result I was seeing -- but then when I checked 'underneath' I got a different answer. Then I saw the 'back and forth' result, so I wanted to know why. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Mar 1 21:43:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 2 00:45:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: Brent Pirolli wrote: > We run Symantec Enterprise Edition which allows us to use RBL > protection and I run about 5 RBLs on there, Which RBLs? > Unfortuneatly I > have had zero luck in tracking down a source Why is that? Presumably they, the various sources, are abused proxies, most pr0n spams are. Perhaps you mean a /single/ or 'meaningful' source IP. > The emails come in with a spoofed random sender, spoofed random > subject, and spoofed random text in the message Neither of those - sender or subject - are useful screening elements. Trying to screen body content is tricky. I suspect you'd be better focusing on a better source blocklist strategy than a different body algorithm. However, some regex rules for the body are pretty classy. SpamAssassin's are -- but then you are mucking about with Exchange. -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Tue Mar 1 23:11:46 2005 From: skiwi at spamcop.net (Skiwi) Date: Wed Mar 2 02:15:03 2005 Subject: [SpamCop-List] "http://definitive.ofthedistancehighchance.com/" can't be resolved (?) Message-ID: "Parsing input: http://definitive.ofthedistancehighchance.com/ host definitive.ofthedistancehighchance.com (checking ip) ip not found ; definitive.ofthedistancehighchance.com discarded as fake. No recent reports, no history available Cannot resolve http://definitive.ofthedistancehighchance.com/ No valid email addresses found, sorry!" but Mozilla can get there! :-) From skiwi at spamcop.net Tue Mar 1 23:16:08 2005 From: skiwi at spamcop.net (Skiwi) Date: Wed Mar 2 02:20:04 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't beresolved (?) In-Reply-To: References: Message-ID: Skiwi wrote: > "Parsing input: http://definitive.ofthedistancehighchance.com/ > host definitive.ofthedistancehighchance.com (checking ip) ip not found ; > definitive.ofthedistancehighchance.com discarded as fake. > No recent reports, no history available > Cannot resolve http://definitive.ofthedistancehighchance.com/ > No valid email addresses found, sorry!" > > but Mozilla can get there! :-) SamSpade does OK though - and hey look, its Austria, the new Brazil! ---------- whois Whois: @whois. Server Used: [ whois.joker.com ] http://definitive.ofthedistancehighchance.com/ = [ 195.214.239.110 ] domain: ofthedistancehighchance.com status: lock owner: gordon bank email: gg200hf@hotmail.com address: 67 ruth st city: viena state: -- postal-code: 54323 country: AT admin-c: gg200hf@hotmail.com0 tech-c: gg200hf@hotmail.com0 billing-c: gg200hf@hotmail.com0 nserver: ns1.www1212.com nserver: ns2.www1212.com nserver: ns1.perfectons.com 213.159.120.98 nserver: ns2.perfectons.com 202.99.172.153 registrar: JORE-1 created: 2005-02-08 08: 23: 11 UTC JORE-1 modified: 2005-02-08 08: 35: 05 UTC JORE-1 expires: 2006-02-08 03: 23: 11 UTC source: joker.com db-updated: 2005-03-02 07: 13: 39 UTC From sache at grignon.inra.fr Wed Mar 2 08:56:39 2005 From: sache at grignon.inra.fr (Ivan Sache) Date: Wed Mar 2 03:00:03 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: Message-ID: <422571B7.5B932F1D@grignon.inra.fr> Hi, Skiwi wrote: > SamSpade does OK though - and hey look, its Austria, the new Brazil! > Server Used: [ whois.joker.com ] > > http://definitive.ofthedistancehighchance.com/ = [ 195.214.239.110 ] > domain: ofthedistancehighchance.com > status: lock > owner: gordon bank > email: gg200hf@hotmail.com > > address: 67 ruth st > city: viena > state: -- > postal-code: 54323 > country: AT > admin-c: gg200hf@hotmail.com0 Probably bogus registration data. And that does not seem to be Austria but Russia. SpamCop v 1.412 (C) Ironport Systems Inc., 1998-2005 , All rights reserved. Parsing input: 195.214.239.110 host 195.214.239.110 (getting name) no name host 195.214.239.110 = pci8n110.telpol.net.pl (old cache) Routing details for 195.214.239.110 [refresh/show] Cached whois for 195.214.239.110 : igor@hostelecom.ru.com Using last resort contacts igor@hostelecom.ru.com Bad guys, indeed: 195.214.236.0/22 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Jeffrey Peters - JTel / CPU Solutions. Hostelecom / iptransitonline.net (Feb 23, 2005) Peer1.net link terminated inetnum: 195.214.236.0 - 195.214.239.255 netname: Hostelecom-01 descr: Hostelecom, Russian Federation, Saint-Petersburg country: RU org: ORG-HR2-RIPE admin-c: IK900-RIPE tech-c: IK900-RIPE notify: igor@hostelecom.ru.com status: ASSIGNED PI ... Regards -- Ivan Sache From bar_n0ne at hotmail.com Wed Mar 2 12:19:26 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Mar 2 03:20:02 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: See interspersed comments: "Ivan Sache" wrote in message news:422571B7.5B932F1D@grignon.inra.fr... > Hi, > > Skiwi wrote: > > > SamSpade does OK though - and hey look, its Austria, the new Brazil! > > > Server Used: [ whois.joker.com ] > > > > http://definitive.ofthedistancehighchance.com/ = [ 195.214.239.110 ] > > domain: ofthedistancehighchance.com > > status: lock > > owner: gordon bank > > email: gg200hf@hotmail.com > > > > address: 67 ruth st Would be RuthStrasse in Austria, or Ruth Str > > city: viena would be Wien in Austria, (in English VieNNa) > > state: -- Yes they do have states in Austria and they are part of the postal address > > postal-code: 54323 > > country: AT > > admin-c: gg200hf@hotmail.com0 Violation of Hotmail TOS, which can get the address killed. The whole registration is bogus, Joker truly are jokers for not even doing the most basic and elementary due diligence. I'd be surprised if the registration would even look plausible to any German/Austrian without even checking postal codes, city, or street names. In my book Joker are not a reputable registrar. > > Probably bogus registration data. And that does not seem to be Austria > but Russia. > SNIPPED > Regards > > -- > Ivan Sache Cheers, Berny From nobody at xyzzy.claranet.de Wed Mar 2 11:39:51 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Mar 2 05:45:03 2005 Subject: [SpamCop-List] Re: reality check. References: Message-ID: <422597F7.3A8D@xyzzy.claranet.de> Socks the Whitehouse Cat wrote: > if I deselect his IPA on the "origin of spam" line, but leave > it selected on the "third party interest line", he'll get > notice without getting a ding for the report? Yes, you'd see it on the "reports sent" page. As Mike said it's not enough to deselect all other reports, it would be still counted for the SCBL. Bye, Frank From nobody at xyzzy.claranet.de Wed Mar 2 11:49:55 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Mar 2 05:55:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: <42259A53.2267@xyzzy.claranet.de> Sofa King Tyred of Lar Ting wrote: > If you were the head of an ISP with 4000 zombies, how would > you solve the problem? Get a proper abuse desk and let them tackle 40 cases per day. After four months you're almost clean. Process it as stack (last in first out), not as queue. > I am not defending the ISPs Yes, you are. Criminal organizations like spamcast just want excuses for not paying a proper abuse desk. But a zombie without port 25 is still a zombie, these criminals and their customers should be hunted as the scum they are. Bye, Frank _every_ _spamcast_ _customer_ _belongs_ _to_ _the_ _mob_ From philip at pch.home.cs.vu.nl Wed Mar 2 11:33:00 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Mar 2 06:05:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: <1j2uh5qdk0al652kggb6j61dn3@inews_id.stereo.hq.phicoh.net> In article , Sofa King Tyred of Lar Ting wrote: >If you were the head of an ISP with 4000 zombies, how would you solve >the problem? > >I am not defending the ISPs, but after some thought, I now realize that >logistically this is a daunting task, especially if flat-out "blaming >the customer" is not an option. 1) Prevention. Provide free virus/trojan scanning on the ISPs incoming mail servers. Provide free trojan scanning on web-proxies and encourage customers to use those proxies. This is expensive, but it can be done 2) Detection. Create monitoring systems that detect suspicious activity, and have enough staff to disconnect systems that abuse the net. This is also expensive. I don't think that billing issues should be a problem. That is a matter of carefully wording the contract. 3) Prevention. When it comes to spam, keep port 25 closet and let customers pay a monthly fee to have it openened (this makes it possible to make those customers pay for the extra abuse staff). For ddos attacks, make sure that egress filtering is in place. The basic problem is that the spam situation is not bad enough the spend a lot of extra money solving it. (The ddos problem is very serious, but it is very hard to put pressure on ISPs to make sure that egress filtering is in place). What is most likely going to happen is that DUL lists will get more and more complete and that more and more people will start using those lists. At some point spammers start sending large amounts of spam through smarthosts (the Spamhaus warning). At that point, people will slowly start blocking outgoing MTAs of major ISPs. At that point ISP will have to take action (and increase prices to cover the costs) or their customers won't have e-mail connectivity. An alternative is that customers of access ISPs will start buying services such as e-mail from other ISPs to make sure that their e-mail will get through. -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it bad been done by. It was allowed to keep its horse, since horses where so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From nobody at nowhere.invalid Wed Mar 2 12:45:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 2 06:50:25 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: On Wed, 2 Mar 2005 12:19:26 +0400, Berny coughed into spamcop and left this in : >> > address: 67 ruth st > > Would be RuthStrasse in Austria, or Ruth Str And the number would be after: Ruth Str. 67. >> > city: viena > > would be Wien in Austria, (in English VieNNa) Since when have you expected spammers to spell correctly? :) -- Steve Stupidity is NOT a handicap. Park elsewhere! From porpoise1954 at yahoo.co.uk Wed Mar 2 12:07:07 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 07:20:02 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: "Patto" wrote in message news:d037sg$6pn$1@news.spamcop.net... > Brent Pirolli wrote: >> >> First off, only half of the accounts are getting the spam... half aren't. >> This immediately tells me that it is most likely an infected home >> computer of one of the office staff or volunteers that is infected and is >> spamming their address book at home. Unfortuneatly I have had zero luck >> in tracking down a source or completely blocking the emails... here's >> why: >> >> >> So has anyone heard of this? Does anyone else fight this? Suggestions, >> comments, advice? The emails don't contain any virus attachments or >> anything... so I don't even know what is causing them to be sent! Very >> frustrating. To top it off.... The mail server is for a church.... so >> obviously... porn at church isn't a great thing.... Any help you can >> offer is greatly appreciated. Thanks! > > The reasons why some accounts get spam, and others none, are various. > Simple account names are prone to dictionary attacks, and therefore are > spammed. Email addresses that have been exposed to the Internet get > spammed. There may be a multitude of other reasons. Probably one of the main ones is being in the address books of other people who get the addresses scraped from them via trojans, phone-homes, whatever. With those, it doesn't matter how complicated you make your email address................ > > So to avoid spam, avoid simple account names, and avoid exposing email > addresses. Which may be hard if you need a sales@domain.name address on > your website. Obfuscating email addresses within webpages is child's play if you're using something like PHP because it only "appears" when the page is rendered within the browser window, so it can't be scraped from the file by robots like it can from a vanilla HTML file. From wb8tyw at qsl.network Wed Mar 2 07:41:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 2 07:45:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: <1j2uh5qdk0al652kggb6j61dn3@inews_id.stereo.hq.phicoh.net> References: <1j2uh5qdk0al652kggb6j61dn3@inews_id.stereo.hq.phicoh.net> Message-ID: Philip Homburg wrote: > 2) Detection. Create monitoring systems that detect suspicious activity, > and have enough staff to disconnect systems that abuse the net. > This is also expensive. I don't think that billing issues should be > a problem. That is a matter of carefully wording the contract. The capability is standard in professional monitoring equipment if the technicians are skilled enough to use it once it has been set up. Any major network that does not have this monitoring equipment is basically blind and unable to solve most of the common network problems that can be expected. There are significant costs in not doing this monitoring. The ISP buys bandwidth at a metered rate, and sizes their equipment for a predicted load. It does not take too many zombies to saturate a network segment, in some cases only one. In which case, not only is the ISP losing money on the bandwidth being stolen, they are also losing money as they are issuing refunds/credits to the affected customers until the zombie is shut down. And even with out the zombie issue, this monitoring is needed to find broken equipment. One of the failure modes of network equipment is to start flooding the network with bogus packets, and in some cases this can trigger a cascade failure where other pieces of equipment join in. So any ISP that is whining about the cost of doing that type of monitoring does not have a clue as to how much cash loss it would prevent and is trying to operate like the Hooterville phone company on Green Acres instead of a real business. > 3) Prevention. When it comes to spam, keep port 25 closet and let > customers pay a monthly fee to have it openened (this makes it possible > to make those customers pay for the extra abuse staff). > For ddos attacks, make sure that egress filtering is in place. No reason for charging extra to unblock the port, unless there already is multiple tiers of service. The port is only needed if the customer is authorized to run a mail server, and most of the TOS I have seen prohibit such servers on their DHCP pools. The unlocking can be done by request of a web page. > The basic problem is that the spam situation is not bad enough the spend > a lot of extra money solving it. (The ddos problem is very serious, but it > is very hard to put pressure on ISPs to make sure that egress filtering is > in place). I disagree, the problem is that ISPs are not looking at how much their inaction is costing them in profits and reputation. I think that if they did a true accounting, they would find out that they are wasting money by not keeping the zombies under control. > What is most likely going to happen is that DUL lists will get more and > more complete and that more and more people will start using those lists. > At some point spammers start sending large amounts of spam through > smarthosts (the Spamhaus warning). At that point, people will slowly start > blocking outgoing MTAs of major ISPs. At that point ISP will have to take > action (and increase prices to cover the costs) or their customers won't > have e-mail connectivity. Already happened in the past, the reasons that spammers avoid the smart hosting is that the ISPs usually react to that very quickly. And the better run ones have rate limiting and other anti-spam measures in place that will prevent the spammer from getting out more than a few spams before the zombie is blocked. Based on postings on an internal forum for my broadband ISP, at least two major U.S. ISPs block the I.P. or the subnet that any spam or viruses comes from as quickly as it is detected, and they do not care if they block all the mail servers of an ISP. It usually takes from 24 to 72 hours to get all the blocks removed by the requests from the blocked ISP. Right now, the ISPs are increasing prices to cover the costs lost from their lack of action. If they did things properly their costs would be lower. So they can not use the excuse that it would cost more money. That is bogus. It only costs more money to clean up a problem that has been allowed to grow to the point where there is thousands of active zombies. All it means is that the ISP has not learned from the lessons of the past. > An alternative is that customers of access ISPs will start buying services > such as e-mail from other ISPs to make sure that their e-mail will get > through. I already have had to do that. But not because of zombies, but because the mail servers for at least two broadband ISPs have been misconfigured on several occasions each to refuse all e-mail claiming that none of the e-mail addresses exist on them. You will not find a zombie problem on a network where the owner is paying attention to how much each zombie costs them in additional costs. You will not find much spam in your inbox if the cost of the additional bandwidth and equipment to handle spam is coming out of the mail server operators pocket. The case where AOL blocked a European ISP for 72 hours about the spam zombie issue proved how quickly that an ISP can bring their zombies under control if they are motivated enough. The costs of the zombies alone should motivate an ISP to get serious about preventing them. Waiting for someone else to block them indicates that they have no clue as to how to make money at their business. And blocking port 25 for non-registered mail servers, makes the primary use of the zombies useless for that network. The other step is to block I.P. ranges that are attempting to use viruses at the router, and to block I.P. addresses of spam web servers at the border until a local customer requests an opening. -John wb8tyw@qsl.network Personal Opinion Only From nobody at nowhere.invalid Wed Mar 2 14:04:43 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 2 08:05:04 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: On Wed, 2 Mar 2005 12:07:07 -0000, Porpoise coughed into spamcop and left this in : > Obfuscating email addresses within webpages is child's play if you're using > something like PHP because it only "appears" when the page is rendered > within the browser window, so it can't be scraped from the file by robots > like it can from a vanilla HTML file. Robots also call up pages using HTTP. If an e-mail address is sent to a browser by PHP, it can also be sent to a 'bot. Until spammer bots know how to interpret javascript (some might already), the arguably best way to have mailto: links on a page is to have them built by javascript. Yes, it breaks for people using browsers with javascript disabled, but those people are probably fully aware of the reasons behind not putting an e-mail address up in the clear in the first place. Alternatively, something like this works fine on a domain I administer (no spam attempts yet on the e-mail address whivh is UNfiltered): Otherwise, the script I use to obfuscate the address is this: -- Steve Why is it that people say they slept like a baby when babies wake up every two hours? From MikeE at ster.invalid Wed Mar 2 05:33:18 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 2 08:35:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: Steven Maesslein wrote: > Porpoise >> Obfuscating email addresses within webpages is child's play > the arguably best way to have mailto: links on a page is to > have them built by javascript. Yes, it breaks for people using > browsers with javascript disabled, There are a lot of ways to hide mailto/s http://spamlinks.net/spambots-hiding.htm Hiding from Spambots Generalised Hiders and Descriptions Javascript Email Encoders HTML Character Entities CSS Encoding Passive Web-based Scripts Web-based Contact Pages Other Methods Manual Address Munging Examples -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Mar 2 09:01:43 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Mar 2 09:05:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: ... > There are a lot of ways to hide mailto/s > > http://spamlinks.net/spambots-hiding.htm Hiding from Spambots > Generalised Hiders and Descriptions > Javascript Email Encoders > HTML Character Entities > CSS Encoding > Passive Web-based Scripts > Web-based Contact Pages > Other Methods > Manual Address Munging > Examples ... Excellent Resource - thanks. I've wished for an all-in-one page like that and been unable to find one. Makes it easy to check on various methods. Pop From nobody at devnull.spamcop.net Wed Mar 2 09:07:41 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Mar 2 09:10:06 2005 Subject: [SpamCop-List] OT to Steve: Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: Steve, ... > > Stupidity is NOT a handicap. Park elsewhere! I'm disabled; any problems with my thieving your sig? I'm gonna make up business cards with it to stick in the door slits or under the wipers where I shop. Pop From philip at pch.home.cs.vu.nl Wed Mar 2 15:16:31 2005 From: philip at pch.home.cs.vu.nl (Philip Homburg) Date: Wed Mar 2 09:35:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: <1j2uh5qdk0al652kggb6j61dn3@inews_id.stereo.hq.phicoh.net> Message-ID: In article , John E. Malmberg wrote: >Philip Homburg wrote: >> 2) Detection. Create monitoring systems that detect suspicious activity, >> and have enough staff to disconnect systems that abuse the net. >> This is also expensive. I don't think that billing issues should be >> a problem. That is a matter of carefully wording the contract. > >The capability is standard in professional monitoring equipment if the >technicians are skilled enough to use it once it has been set up. Any >major network that does not have this monitoring equipment is basically >blind and unable to solve most of the common network problems that can >be expected. I am not that worried about the network equipment. I think that when larger ISPs make a list of customers who generate a lot of SMTP connections and they compute the number of people needed to disconnect them and the hand holding required to reconnect them, then they will ignore those statistics, because it is too expensive to do anything about it. >There are significant costs in not doing this monitoring. The ISP buys >bandwidth at a metered rate, and sizes their equipment for a predicted >load. It does not take too many zombies to saturate a network segment, >in some cases only one. In which case, not only is the ISP losing money >on the bandwidth being stolen, they are also losing money as they are >issuing refunds/credits to the affected customers until the zombie is >shut down. I don't know. My ISP just went from a fair use policy to completely unrestricted bandwidth usage. Now, my ISP does have a relavely clean network, so it may not be an issue. But my guess is that they have plenty of unused upstream bandwidth available anyhow. Most customers generate a lot of downstream traffic, leaving the upstream on symmetrical connections mostly idle. (I have ADSL, for cable the situation may be different). >And even with out the zombie issue, this monitoring is needed to find >broken equipment. One of the failure modes of network equipment is to >start flooding the network with bogus packets, and in some cases this >can trigger a cascade failure where other pieces of equipment join in. I can imagine that extremely sloppy ISP simply wait for complaints to come in before they investigate anything. >> 3) Prevention. When it comes to spam, keep port 25 closet and let >> customers pay a monthly fee to have it openened (this makes it possible >> to make those customers pay for the extra abuse staff). >> For ddos attacks, make sure that egress filtering is in place. > >No reason for charging extra to unblock the port, unless there already >is multiple tiers of service. The port is only needed if the customer >is authorized to run a mail server, and most of the TOS I have seen >prohibit such servers on their DHCP pools. The unlocking can be done by >request of a web page. This may be the case in the US. In .nl, most ADSL providers allowed servers and home networks from day one. Running servers is popular enough that the better cable providers are also changing their AUPs to allow this kind of use. The main thing is: most customers do not use direct-to-MX, so by default port 25 should be closed. >> The basic problem is that the spam situation is not bad enough the spend >> a lot of extra money solving it. (The ddos problem is very serious, but it >> is very hard to put pressure on ISPs to make sure that egress filtering is >> in place). > >I disagree, the problem is that ISPs are not looking at how much their >inaction is costing them in profits and reputation. I think that if >they did a true accounting, they would find out that they are wasting >money by not keeping the zombies under control. I don't know about the US. I think that in .nl reputation is mostly a non-issue when it comes to zombies. Customers care about the spam in their mailboxes, they have no clue where the spam comes from (and most spam comes from other countries anyhow). I guess that upstream traffic is mostly free, except when a cable segment is overloaded. >> What is most likely going to happen is that DUL lists will get more and >> more complete and that more and more people will start using those lists. >> At some point spammers start sending large amounts of spam through >> smarthosts (the Spamhaus warning). At that point, people will slowly start >> blocking outgoing MTAs of major ISPs. At that point ISP will have to take >> action (and increase prices to cover the costs) or their customers won't >> have e-mail connectivity. > >Already happened in the past, the reasons that spammers avoid the smart >hosting is that the ISPs usually react to that very quickly. And the >better run ones have rate limiting and other anti-spam measures in place >that will prevent the spammer from getting out more than a few spams >before the zombie is blocked. Most ISPs didn't have rate limiting when Swen first broke out. 419 spammers often use smarthosts, and they don't seem to have any problems sending lots of spams. At the moment, using zombies and direct-to-MX is probably the best choice for spammers. >Based on postings on an internal forum for my broadband ISP, at least >two major U.S. ISPs block the I.P. or the subnet that any spam or >viruses comes from as quickly as it is detected, and they do not care if >they block all the mail servers of an ISP. It usually takes from 24 to >72 hours to get all the blocks removed by the requests from the blocked ISP. That is probably the kind of pressure that will convince ISPs to cleanup their act. >Right now, the ISPs are increasing prices to cover the costs lost from >their lack of action. If they did things properly their costs would be >lower. I don't know. My ISP is doing thing properly, and they are one of the most expensive ISPs around (in .nl). -- That was it. Done. The faulty Monk was turned out into the desert where it could believe what it liked, including the idea that it bad been done by. It was allowed to keep its horse, since horses where so cheap to make. -- Douglas Adams in Dirk Gently's Holistic Detective Agency From AHaumer_gmxnet at nospam.invalid Wed Mar 2 15:36:51 2005 From: AHaumer_gmxnet at nospam.invalid (Anton Haumer) Date: Wed Mar 2 09:40:03 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: <4225CF83.A9CA5ED0@nospam.invalid> Berny wrote: > > See interspersed comments: > > "Ivan Sache" wrote in message > news:422571B7.5B932F1D@grignon.inra.fr... > > Hi, > > > > Skiwi wrote: > > > > > SamSpade does OK though - and hey look, its Austria, the new Brazil! > > > > > Server Used: [ whois.joker.com ] > > > > > > http://definitive.ofthedistancehighchance.com/ = [ 195.214.239.110 ] > > > domain: ofthedistancehighchance.com > > > status: lock > > > owner: gordon bank > > > email: gg200hf@hotmail.com > > > > > > address: 67 ruth st > > Would be RuthStrasse in Austria, or Ruth Str > > > > city: viena > > would be Wien in Austria, (in English VieNNa) > > > > state: -- > > Yes they do have states in Austria and they are part of the postal address No, they aren't part of the ostal address > > > > postal-code: 54323 > > > country: AT > > > admin-c: gg200hf@hotmail.com0 postal codes in Austria consist of 4 numbers, not 5. > > Violation of Hotmail TOS, which can get the address killed. > > The whole registration is bogus, Joker truly are jokers for not even doing > the most basic and elementary due diligence. > I'd be surprised if the registration would even look plausible to any > German/Austrian without even checking postal codes, city, or street names. > In my book Joker are not a reputable registrar. > > > > > Probably bogus registration data. And that does not seem to be Austria > > but Russia. > > > SNIPPED > > Regards > > > > -- > > Ivan Sache > > Cheers, Berny Greetings from Austria, Toni From nobody at nowhere.invalid Wed Mar 2 15:51:40 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 2 09:55:03 2005 Subject: [SpamCop-List] Re: OT to Steve: Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: On Wed, 2 Mar 2005 09:07:41 -0500, Pop coughed into spamcop and left this in : >> Stupidity is NOT a handicap. Park elsewhere! > > I'm disabled; any problems with my thieving your sig? I'm gonna make up > business cards with it to stick in the door slits or under the wipers where > I shop. Be my guest! Now, if I could only remember where *I* found it... -- Steve There are only 10 kinds of people in the world: Those who understand binary, and those who don't. From nobody at devnull.spamcop.net Wed Mar 2 10:00:05 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Mar 2 10:05:02 2005 Subject: [SpamCop-List] Honeypot Message-ID: Is anyone familiar with honeypots.org? If so, has your experience been positive? The hype looks good, I see a possibility for abuse, but, I might be overly paranoid. I don't run a server, but do have web pages and cgi access, on the two sites, shortly 3 that I manage - this looks useful if it's on the up and up. TIA Pop -- Perfection is not only elusive, it is also limited with unexpected and dangerous results for the idealist. From nobody at devnull.spamcop.net Wed Mar 2 10:02:54 2005 From: nobody at devnull.spamcop.net (Pop) Date: Wed Mar 2 10:05:08 2005 Subject: [SpamCop-List] Re: http://www.projecthoneypot.org/ References: Message-ID: OOPS! Got my tongue in front of my eye teeth and couldn't see what I was typing: That URL is http://www.projecthoneypot.org/, NOT honeypot.org!! Sorry 'bout that! Pop -- Perfection is not only elusive, it is also limited with unexpected and dangerous results for the idealist. "Pop" wrote in message news:d04kdi$9pc$1@news.spamcop.net... > Is anyone familiar with honeypots.org? > > If so, has your experience been positive? > > The hype looks good, I see a possibility for abuse, but, I might be overly > paranoid. I don't run a server, but do have web pages and cgi access, on > the two sites, shortly 3 that I manage - this looks useful if it's on the > up and up. > > TIA > Pop > -- > Perfection is not only elusive, > it is also limited with unexpected and > dangerous results for the idealist. > From Merlyn at Spamcop.net Wed Mar 2 10:11:38 2005 From: Merlyn at Spamcop.net (Merlyn) Date: Wed Mar 2 10:15:02 2005 Subject: [SpamCop-List] Re: http://www.projecthoneypot.org/ References: Message-ID: "Pop" wrote in message news:d04kiq$a0t$1@news.spamcop.net... > OOPS! Got my tongue in front of my eye teeth and couldn't see what I was > typing: That URL is > http://www.projecthoneypot.org/, > > NOT honeypot.org!! > > Sorry 'bout that! > > Pop > They worked with me to complete a new setup that wasn't on their list. They were very helpful and I give em a two thumbs up. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From wb8tyw at qsl.network Wed Mar 2 10:36:27 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 2 11:40:47 2005 Subject: [SpamCop-List] Re: OT to Steve: Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: In article , Steven Maesslein writes: > On Wed, 2 Mar 2005 09:07:41 -0500, Pop coughed into spamcop and left > this in : > >>> Stupidity is NOT a handicap. Park elsewhere! Being Lazy is also NOT a handicap. >> I'm disabled; any problems with my thieving your sig? I'm gonna make up >> business cards with it to stick in the door slits or under the wipers where >> I shop. I think that the lazyness comment should be added to the signs. What I would like to see on some tv show is for them to rig up what looks like a wheelchair lift on a van so that it can flip over cars that park in the no parking zones next to the handicap stalls, blocking the door to the van. -John wb8tyw@qsl.network Personal Opinon Only. From eddie at eddie.web Wed Mar 2 11:54:10 2005 From: eddie at eddie.web (eddie) Date: Wed Mar 2 11:55:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: On Tue, 01 Mar 2005 20:02:37 -0800, Pete Stephenson scratched out the following: > In article , > eddie wrote: > >> XP has a backdoor that could be used for this service and if the >> infected customer refuses, he cannot access the internet. > > What if the customer doesn't have Windows XP? What trojans are out there that are not XP? How many? > What about the privacy concerns of this? Privacy on the internet?? If you want privacy, use a phone. If your computer is trojanized, you have no privacy - somebody is using it Having it fixed increases privacy. > ----- -- Once movie theaters gave out steak knives Today they confiscate them From porpoise1954 at yahoo.co.uk Wed Mar 2 17:54:56 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 13:10:07 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "eddie" wrote in message news:pan.2005.03.02.16.54.09.462000@eddie.web... > On Tue, 01 Mar 2005 20:02:37 -0800, Pete Stephenson scratched out the > following: > >> In article , >> eddie wrote: >> >>> XP has a backdoor that could be used for this service and if the >>> infected customer refuses, he cannot access the internet. >> >> What if the customer doesn't have Windows XP? > What trojans are out there that are not XP? How many? > Do you seriously think most machines out there are running XP? The ones in US/EU maybe, but I bet there are more running other flavours round the planet. 95, 98, ME, DOS, etc. > >> What about the privacy concerns of this? > Privacy on the internet?? If you want privacy, use a phone. > If your computer is trojanized, you have no privacy - somebody is using it > Having it fixed increases privacy. I concur! From porpoise1954 at yahoo.co.uk Wed Mar 2 18:06:22 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 13:20:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Kenneth Loafman" wrote in message news:metb215744sl5j16c476psji47oij1ap0o@4ax.com... > On Tue, 1 Mar 2005 08:56:08 -0900, "Fred k" > wrote: > >> >>"Mike Easter" wrote in message >>news:d027ul$dj8$1@news.spamcop.net... >>> Spam Hater wrote: >>>> No matter what address I typed in, I would >>>> only get an Adelphia support page telling me that they saw the new >>>> modem and that I would have to register it before I could do anything >>>> else. >>> >> >> >>Maybe I am not up to snuff, but stopping zombies should be as simple as >>comparing the From: to the account subscribers addy, and if not matching >>reject back to client. What is wrong with that? Not a big ISP resource >>would >>be needed. Of course rogue ISP's would not comply, so then they would be >>cut >>off by the upstream provider. > > That's the very reason I dropped my previous providers. I have my own > domain and I *will* use that address in the email, or the service is not > adequate to my needs. > I still don't follow what everyone is harping on about here. My ISP has absolutely nothing to do with where my mailservers are hosted and my mailserver host doesn't know what IP I might be connecting from at any given time. So how does it make sure that I have authorisation to use the mailservers? Simple! It requires a login and password before it will accept mail from anyone. So while I'm travelling round with my laptop, or using other PCs or whatever, in different locations, I can send and download mail from anywhere I can get an internet connection - as long as I know the valid login/password. No login/password? No sendee email! Same as is required to D/L mail. So, whether I use my home ADSL, my work ADSL, a dialin from wherever, or whatever - it's irrelevant. So if my hosting company can manage it, whatsall wrong with the others? From porpoise1954 at yahoo.co.uk Wed Mar 2 18:10:45 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 13:25:03 2005 Subject: [SpamCop-List] Re: "http://definitive.ofthedistancehighchance.com/" can't be resolved(?) References: <422571B7.5B932F1D@grignon.inra.fr> Message-ID: "Ivan Sache" wrote in message news:422571B7.5B932F1D@grignon.inra.fr... > Hi, > > Skiwi wrote: > >> SamSpade does OK though - and hey look, its Austria, the new Brazil! > >> Server Used: [ whois.joker.com ] >> >> http://definitive.ofthedistancehighchance.com/ = [ 195.214.239.110 ] >> domain: ofthedistancehighchance.com >> status: lock >> owner: gordon bank >> email: gg200hf@hotmail.com >> >> address: 67 ruth st >> city: viena >> state: -- >> postal-code: 54323 >> country: AT >> admin-c: gg200hf@hotmail.com0 > > Probably bogus registration data. And that does not seem to be Austria > but Russia. > That's funny, I was just about to say that: (From www.DNSstuff.com) Country: UKRAINE (high) Looking up 195.214.239.110 at whois.ripe.net. % This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 195.214.236.0 - 195.214.239.255 netname: Hostelecom-01 descr: Hostelecom, Russian Federation, Saint-Petersburg country: RU org: ORG-HR2-RIPE admin-c: IK900-RIPE tech-c: IK900-RIPE notify: ****@hostelecom.ru.com status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: AS15497-MNT mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: AS15497-MNT mnt-domains: AS15497-MNT changed: **********@ripe.net 20050204 source: RIPE route: 195.214.236.0/22 descr: Hostelecom origin: AS34542 mnt-by: MNT-HOSTELECOM changed: ********@colocall.net 20050214 source: RIPE organisation: ORG-HR2-RIPE org-name: Hostelecom Russia org-type: NON-REGISTRY address: Russian Federation, Saint-Petersburg, address: Milionaya Prospect, 2-3-196 e-mail: ****@hostelecom.ru.com admin-c: IK900-RIPE tech-c: IK900-RIPE mnt-ref: AS15497-MNT mnt-by: AS15497-MNT changed: ********@colocall.net 20050126 source: RIPE person: Igor Kazakov address: Russian Federation, Saint-Petersburg, address: Milionaya Prospect, 2-3-196 phone: +7 921 8725096 e-mail: ****@hostelecom.ru.com nic-hdl: IK900-RIPE notify: ****@hostelecom.ru.com changed: ********@colocall.net 20050126 source: RIPE From spamcop at oitc.com Wed Mar 2 13:24:52 2005 From: spamcop at oitc.com (spamcop) Date: Wed Mar 2 13:25:08 2005 Subject: [SpamCop-List] Missed url in phish Message-ID: http://www.spamcop.net/sc?id=z737953367z716bd014d5f55f52b3e41d93bad116a6z From porpoise1954 at yahoo.co.uk Wed Mar 2 18:24:11 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 13:40:02 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2befb.7oo.nobody@127.0.0.1... > On Wed, 2 Mar 2005 12:07:07 -0000, Porpoise coughed into spamcop and > left this in : > >> Obfuscating email addresses within webpages is child's play if you're >> using >> something like PHP because it only "appears" when the page is rendered >> within the browser window, so it can't be scraped from the file by robots >> like it can from a vanilla HTML file. > > Robots also call up pages using HTTP. If an e-mail address is sent to a > browser by PHP, it can also be sent to a 'bot. > > Until spammer bots know how to interpret javascript (some might > already), the arguably best way to have mailto: links on a page is to > have them built by javascript. Yes, it breaks for people using browsers > with javascript disabled, but those people are probably fully aware of > the reasons behind not putting an e-mail address up in the clear in the > first place. Alternatively, something like this works fine on a domain I > administer (no spam attempts yet on the e-mail address whivh is > UNfiltered): > > Otherwise, the script I use to obfuscate the address is this: > > > Well that doesn't look terribly different to my PHP script so I'm not sure why a robot would find any difference between them...........?? (Mind you, I'm not as "up" on javascript - I've not gone that route due to more and more people blocking their browsers from accepting it). The PHP script that constructs the email addresses is not in the same file as the one calling the function - it's called from within other scripts in other files that build the pages somewhat dynamically, so the robot would need to know how all the bits go together in order to make sense of it. I think! :-) From porpoise1954 at yahoo.co.uk Wed Mar 2 18:29:43 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 13:45:03 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: "Mike Easter" wrote in message news:d04f8p$5r2$1@news.spamcop.net... > Steven Maesslein wrote: >> Porpoise > >>> Obfuscating email addresses within webpages is child's play > >> the arguably best way to have mailto: links on a page is to >> have them built by javascript. Yes, it breaks for people using >> browsers with javascript disabled, > > There are a lot of ways to hide mailto/s > > http://spamlinks.net/spambots-hiding.htm Hiding from Spambots > Generalised Hiders and Descriptions > Javascript Email Encoders > HTML Character Entities > CSS Encoding > Passive Web-based Scripts > Web-based Contact Pages > Other Methods > Manual Address Munging > Examples > As ever, Mike knows the places........!! From nobody at nowhere.invalid Wed Mar 2 21:24:32 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 2 15:25:04 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: On Wed, 2 Mar 2005 18:24:11 -0000, Porpoise coughed into spamcop and left this in : > The PHP script that constructs the email addresses is not in the same file > as the one calling the function - it's called from within other scripts in > other files that build the pages somewhat dynamically, so the robot would > need to know how all the bits go together in order to make sense of it. I > think! :-) No, it wouldn't. PHP itself can't tell the difference between a bot and a browser. All it knows is that has to stream data out to be sent over the network connection by the webserver. If all the parts of the script are sent to a browser then they'll also be sent to the 'bot. The difference between PHP and the javascript approach is that the *browser* interprets the javascript and converts the function call to an tag. A bot *won't* parse the javascript, or at least is less likely to. With PHP it's the *server* that parses the code and outputs the results to the browser/bot. Javascript is interpreted client-side. PHP is interpreted server-side. -- Steve Windows is.... A 32-bit extension to a 16-bit graphical interface, sitting on an 8-bit operating system, originally written for a 4-bit processor by a 2-bit company without ONE BIT of common sense. From Nobody at Spamcop.net Wed Mar 2 14:30:28 2005 From: Nobody at Spamcop.net (Nobody) Date: Wed Mar 2 15:35:03 2005 Subject: [SpamCop-List] What Am I Looking At? Message-ID: <42262264.A5F21544@Spamcop.net> Posted in SpamCop.spam: http://www.spamcop.net/sc?id=z737957254zdd842dab4a07907f31ad16a92777098az I have been receiving tightly targeted spams to my ISP's username list from a spammer who apparently compromised the ISP's database somehow last June. The spammer has gradually worked around all my filters and is now using fake names appended to my e-mail address to beat my address filters. Initially, he was sending to the user d/b with strings of user addresses in the TO line of the form "grannysmith@myISP.com" . I filtered the groups of names he usually used. He responded by using other usernames in the TO line and blind-copying my address. As I filtered these by addressee name, he deduced which usernames weren't filtered and isolated my username, and began spamming directly to my e-mail address using addresses of the form "PHONY NAME" . Of more immediate interest here, spammy is also protecting internal links from discovery by SpamCop's parser in the last few spams. I've been reporting his spew since the first one, and apparently this is a counter to losing his hosts every few days. How do I get to the internal links so SpamCop can lart the proxy owners? Regards, Michael From usenet2 at DE.LETE.THISljvideo.com Thu Mar 3 00:10:54 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Wed Mar 2 19:15:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Waiving the right to remain silent, Sofa King Tyred of Lar Ting wrote: > It must take weeks before the user comes back on line, > especially if the user isn't technical. There are billing issues, since > you can't charge someone who's not getting connectivity. They should be billed extra for the help and cleanup. If a jerk who doesn't know how to drive, plows a car into yours, do you let him off with a "stern warning." -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "If you take out the killings, Washington actually has a very low crime rate." - Marion Barry, mayor of Washington, D.C. From usenet2 at DE.LETE.THISljvideo.com Thu Mar 3 00:15:19 2005 From: usenet2 at DE.LETE.THISljvideo.com (Larry J.) Date: Wed Mar 2 19:20:08 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: Waiving the right to remain silent, "Mike Easter" wrote: > I can assure you that EL doesn't want to be talking on the telephone to > much of anyone -- even their good customers, much less someone who has > been disabled by this cleanup process. They can send a short series of warning emails to the zombified user. When user fails to respond, they yank the plug, then send him some snail mail. That should be the extent of their upfront responsibility. -- Larry J. - Remove spamtrap in ALLCAPS to e-mail "If you take out the killings, Washington actually has a very low crime rate." - Marion Barry, mayor of Washington, D.C. From porpoise1954 at yahoo.co.uk Thu Mar 3 00:20:49 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 2 19:35:07 2005 Subject: [SpamCop-List] Address obfuscation - was: Re: Pornographic Spam Assault References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2c880.1v04.nobody@127.0.0.1... > On Wed, 2 Mar 2005 18:24:11 -0000, Porpoise coughed into spamcop and > left this in : > >> The PHP script that constructs the email addresses is not in the same >> file >> as the one calling the function - it's called from within other scripts >> in >> other files that build the pages somewhat dynamically, so the robot would >> need to know how all the bits go together in order to make sense of it. I >> think! :-) > > No, it wouldn't. > > PHP itself can't tell the difference between a bot and a browser. All it > knows is that has to stream data out to be sent over the network > connection by the webserver. > > If all the parts of the script are sent to a browser then they'll also > be sent to the 'bot. > > The difference between PHP and the javascript approach is that the > *browser* interprets the javascript and converts the function call to an > tag. A bot *won't* parse the javascript, or at least is less likely > to. With PHP it's the *server* that parses the code and outputs the > results to the browser/bot. > > Javascript is interpreted client-side. PHP is interpreted server-side. > Good point. See, I knew you'd come back with a reason...... :-) So what you're saying is that the bot will "browse" the pages - as opposed to "reading" the files? Such that an "include" or "function" call to a different php file that constructs the address according to which address was requested, would be decipherable by the bot. e.g. If the construction of the elements of the addresses are in one file that "selects" the various elements of the address name@domain.tld like . . . if..............(conditional_1) $ename = "enquiries"; . else if................. $ename = "sales"; . else..................... $ename = "fred"; $at = "@"; if..................... $dmain = "domain_1"; . else ................ $dmain = ""domain_2"; . . if.............. $tdmain = ".tld_1"; . else ............... $tdmain = ".tld_2"; . which in turn is called from somewhere in another file and constructed into the address . . $enqaddr = $ename; $enqaddr .= $at; $enqaddr .= $dmain; $enqaddr .= $tdmain; . . which is then output from the original page that started the whole thing: . . print("$enqaddr"); . . that the bot would actually "see" the addresses from all that? From driehuis.fcnzpbc2005 at playbeing.com Thu Mar 3 04:32:14 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Wed Mar 2 22:35:03 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: <20050227042120.36c54962@wednesday.playbeing.org> Message-ID: <20050303043214.6c45787b@wednesday.playbeing.org> On Sun, 27 Feb 2005 18:49:29 +0000 Dorian Gray wrote: > In article <20050227042120.36c54962@wednesday.playbeing.org>, > Bert Driehuis wrote: > > > I'd be happy to quiz anyone on > > the differences between ETSI standards and the equivalent CCITT > > standards, but I don't make enough money to be able to afford the > > documents so I can't say for sure who got the answer right. > > Wow Bert, you're showing how out-of-date you are. CCITT hasn't > existed since 1992, it's all run by the ITU now. So you're 13 years > out-of-date. > > > I vididly recall the calls for the destruction of the Internet > > by CCITT afficionados because it didn't follow "established" > > standards like X.400. > > Correction - 20 years out-of-date. And your point being...? That Internet standards should be "brought up" to the level of that of the telephone system? Or that VoIP rendered the phone system obsolete? Or that the average person can go to a bookstore, buy the bloody documents off all the factions and compare them? Or that X.400 was a practical joke and all the acrimony at the time was just in jest? Please, I know this is Usenet and that one will reap what one sows, but at least be _specific_ when attempting to flame someone to a crisp. And no, Pop, I'm not retired -- but I gave up on CCITT before they got their new fangled protectorate :-) From wb8tyw at qsl.network Wed Mar 2 22:53:11 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 2 22:55:04 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Larry J. wrote: > Waiving the right to remain silent, "Mike Easter" > wrote: > > >>I can assure you that EL doesn't want to be talking on the telephone to >>much of anyone -- even their good customers, much less someone who has >>been disabled by this cleanup process. > > > They can send a short series of warning emails to the zombified user. When > user fails to respond, they yank the plug, then send him some snail mail. No, it is important for the zombie to be isolated from spewing immediately for the health of the network and to contain operating cash. In the time that the ISP would be waiting for a response, the zombie can do a lot of damage and in once case in my area one zombie almost wiped out internet access for at least 3 towns. What the messages should be to explain why the access was removed and what the user must do to get their "full" connection back to the internet. They should be allowed access to download patches from the internet and access to a web form that will run tests to verify that their machine appears clean, which can also remove the blocks. By using an automated process users can choose to fix it themselves or pay a consultant to do it for them. The ISP can choose to provide such a service at a competitive rate. -John wb8tyw@qsl.network Personal Opinion Only From postmaster at aroundthecreek.com Wed Mar 2 23:06:26 2005 From: postmaster at aroundthecreek.com (Brent Pirolli) Date: Wed Mar 2 23:05:04 2005 Subject: [SpamCop-List] Re: Pornographic Spam Assault References: Message-ID: I'm 99% sure they are abused proxy servers... They are all odd dns names too... something like xmbjanbmx.info or some crazy stuff like that. I just made that one up, but they are all similiar to that. The RBLs I'm using aren't in front of me at the moment, but I know we use xbl-sblspamhaus.com, spamcop.net, dnsbl.com, and two others I think... I'm most likely going to download the fully functional 30 day trial of xwall and see where that can get me. Until we find a great body content blocker or something of that sort... the sources of these emails will just continue to change and I can't block all the infected proxies... too much work. I've never seen a targeted attack like this from spam though... Usually a single account will get bombarded if they give out their address or something... but we've got 15 accounts all being hit constantly over a period of weeks now.. If it were an automated farming attempt at getting names... You'd think we'd get hit by more.... it picked up names like "SharonF" or "DonnaE" but missed "JasonD" and "SarahP." Seems odd. But I don't know how those all work or how well. Bah. Either way, it sure is frustrating! -- Brent Pirolli > Brent Pirolli wrote: >> We run Symantec Enterprise Edition which allows us to use RBL >> protection and I run about 5 RBLs on there, > > Which RBLs? > >> Unfortuneatly I >> have had zero luck in tracking down a source > > Why is that? Presumably they, the various sources, are abused proxies, > most pr0n spams are. > > Perhaps you mean a /single/ or 'meaningful' source IP. > >> The emails come in with a spoofed random sender, spoofed random >> subject, and spoofed random text in the message > > Neither of those - sender or subject - are useful screening elements. > Trying to screen body content is tricky. I suspect you'd be better > focusing on a better source blocklist strategy than a different body > algorithm. However, some regex rules for the body are pretty classy. > SpamAssassin's are -- but then you are mucking about with Exchange. > > > -- > Mike Easter > kibitzer, not SC admin From driehuis.fcnzpbc2005 at playbeing.com Thu Mar 3 05:43:28 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Wed Mar 2 23:45:04 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: <20050227042120.36c54962@wednesday.playbeing.org> Message-ID: <20050303054328.1fc22edb@wednesday.playbeing.org> On Sun, 27 Feb 2005 08:03:03 -0500 "Miss Betsy" wrote: > IMHO, the King has a point. The only difference is that the phone > companies don't (unless you take a lot of effort or pay for extra > features) filter your phone calls for you - incoming or outgoing. The King most definitely has a point. I'd go along with it if the telco's actually made the fascist control that is possible with the telephone system available to the general public. As things stand, trying to screen phone calls with the tools that are available is a losing proposition. As long as the telcos are tolerating every abuse that's thrown at the consumer, the fact that they could (if they wanted to) prevent abuse remains entirely academic, because they don't care. And unlike the Internet, we're not dealing with a playing field that's even remotely level. From nobody at devnull.spamcop.net Wed Mar 2 23:50:11 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Wed Mar 2 23:55:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Larry J. wrote: > If a jerk who doesn't know how to drive, plows a car into yours, do you let > him off with a "stern warning." I posted about this issue in the thread about "ISP accountability, Internet software "inspections", licenses, etc." To quote this article: http://www.sapinfo.net/index.php4?ACTION=noframe&url=http://www.sapinfo.net/public/en/index.php4/article/Article-1024041fa101e58ab3/en/articleStatistic or http://tinyurl.com/5o8dy "Having the vendors and ISPs blame the end users is akin to blaming drivers for having faulty brakes in their cars, or for auto thefts at the rest stops on the highway." I'll go a step further and say that ISPs don't require your PC to pass inspection, or that you have a license. If they did both of these, then, yes, I'd agree with your comment above. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From driehuis.fcnzpbc2005 at playbeing.com Thu Mar 3 06:01:08 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Thu Mar 3 00:05:02 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities References: Message-ID: <20050303060108.43ab274c@wednesday.playbeing.org> On Mon, 28 Feb 2005 11:39:26 +0100 Steven Maesslein wrote: > Punycode issue resolved in firefox-1.0.1. For a dissenting view, see http://www.theregister.co.uk/2005/02/25/mozilla_nixes_idns/ Me? I'd enable IDN as soon as the majority of the ISPs that clamored for it start deploying reverse DNS. I'd expect that to happen sometime after the 2036 Y2^22K rollover event. From driehuis.fcnzpbc2005 at playbeing.com Thu Mar 3 06:05:10 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Thu Mar 3 00:10:04 2005 Subject: [SpamCop-List] Re: soonish.net - NOT References: Message-ID: <20050303060510.1d75dcc4@wednesday.playbeing.org> On 28 Feb 2005 10:57:19 -0600 wb8tyw@qsl.network (John E. Malmberg) wrote: [....] > > soonish.net (checking ip) = 218.30.123.56 - Sticking that into > > > > Domain servers in listed order: > > NS1.DAN479LOP.COM 218.30.123.56 > > NS2.DAN479LOP.COM 219.153.14.34 > > Look up these and see if they have valid contact information. If not, > and that domain name gets revoked, then none of spammy's URLs will > resolve. Except spammy has more domain names where DAN479LOP.COM came from... Today it seems to be lambir726.com. And something tells me he has a few more lined up to take the fall... Domain names are too cheap these days. From nobody at devnull.spamcop.net Thu Mar 3 00:18:42 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 3 00:20:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Porpoise wrote: > I still don't follow what everyone is harping on about here. My ISP has > absolutely nothing to do with where my mailservers are hosted and my > mailserver host doesn't know what IP I might be connecting from at any given > time. So how does it make sure that I have authorisation to use the > mailservers? Simple! It requires a login and password before it will accept > mail from anyone. So while I'm travelling round with my laptop, or using > other PCs or whatever, in different locations, I can send and download mail > from anywhere I can get an internet connection - as long as I know the valid > login/password. No login/password? No sendee email! Same as is required to > D/L mail. > > So, whether I use my home ADSL, my work ADSL, a dialin from wherever, or > whatever - it's irrelevant. > > So if my hosting company can manage it, whatsall wrong with the others? Normal email clients (e.g., outlook exchange, eudora, thunderbird, etc.) send mail to the local server on port 25 via SMTP. That server figures out how to relay the mail to the proper mail server of the recipient(s). What you're describing is authentication at the level of email clients. A zombie PC can be explained by Item 4 on the following page: http://www.rickconner.net/spamweb/tricks.html They often act as direct-to-MX senders (see Item 5 on that same page). Using password authentication at this level is not realistic -- it makes sense for one ISP's mail server to know its clients who generate emails (and give them access control). It would be impractical for every MX to know every other MX, and require that they authenticate themselves before transfering messages. Furthermore, DNS is used to identify which MX is responsible for a destination address, since it would be difficult otherwise, for an MX to know all other MXs. Zombie PCs actually are smart enough to do the DNS lookups to find the recipient's MX, as would your local MX in the traditional way of sending email. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From bar_n0ne at hotmail.com Thu Mar 3 09:24:15 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Mar 3 00:25:03 2005 Subject: [SpamCop-List] Re: soonish.net - NOT-exactly how does this work? References: <20050303060510.1d75dcc4@wednesday.playbeing.org> Message-ID: "Bert Driehuis" wrote in message news:20050303060510.1d75dcc4@wednesday.playbeing.org... > On 28 Feb 2005 10:57:19 -0600 > wb8tyw@qsl.network (John E. Malmberg) wrote: > > [....] > > > soonish.net (checking ip) = 218.30.123.56 - Sticking that into > > > > > > Domain servers in listed order: > > > NS1.DAN479LOP.COM 218.30.123.56 > > > NS2.DAN479LOP.COM 219.153.14.34 > > > > Look up these and see if they have valid contact information. If not, > > and that domain name gets revoked, then none of spammy's URLs will > > resolve. > > Except spammy has more domain names where DAN479LOP.COM came from... > Today it seems to be lambir726.com. And something tells me he has a few > more lined up to take the fall... > > Domain names are too cheap these days. something I don't quite get here, can any registered domain become a DNS server/referrer? Aren't there some ICANN rules dealing with that? What exactly is the difference between registering a domain, getting an IP for it, and finding or making a DNS server willing to dish out the IP to someone looking for the domain? I thought. I find a machine to host a web site, it's got an IP. maybe it's mine or maybe I'm paying a colo host. I register a domain name and supply the above info ie site=xxx.xxx.xxx.xxx:/path/to/html and money to a registrar. Now I have a website, No? Is there a concise site summarizing the answers to the above? Excuse my ignorance please From wb8tyw at qsl.network Thu Mar 3 00:40:38 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 3 00:45:03 2005 Subject: [SpamCop-List] Re: soonish.net - NOT In-Reply-To: <20050303060510.1d75dcc4@wednesday.playbeing.org> References: <20050303060510.1d75dcc4@wednesday.playbeing.org> Message-ID: Bert Driehuis wrote: > On 28 Feb 2005 10:57:19 -0600 > wb8tyw@qsl.network (John E. Malmberg) wrote: > > [....] > >>>soonish.net (checking ip) = 218.30.123.56 - Sticking that into >>> >>> Domain servers in listed order: >>> NS1.DAN479LOP.COM 218.30.123.56 >>> NS2.DAN479LOP.COM 219.153.14.34 >> >>Look up these and see if they have valid contact information. If not, >>and that domain name gets revoked, then none of spammy's URLs will >>resolve. > > Except spammy has more domain names where DAN479LOP.COM came from... > Today it seems to be lambir726.com. And something tells me he has a few > more lined up to take the fall... > > Domain names are too cheap these days. Spammy is learning? The last time that I saw spammy was playing this game it was taking them 72 hours to notice that they lost the DNS server for their spew, and then another 72 hours to get a replacement DNS server running. Since then there is evidence that some spammys where running their second level DNS server on zombies so that when the LARTs shut down one domain server, or it suffered some other problem like a DDOS attack, that they could just switch to another zombie on a different network. So lets look at this one. > DAN479LOP.COM = [ 81.100.100.200 ] > ----------------------------------------------- > Queried Domain Information as follows > ----------------------------------------------- > Domain Name : dan479lop.com > : :Registrant: : > Name : Daniela Lopez > Email : dan479lop@hotmail.com That sure looks like a Hotmail TOS violation. : :Name Servers: : ns1.dan479lop.com ns2.dan479lop.com : :Dates & Status: : Created Date 2005-02-08 19: 08: 00 EST Updated Date 2005-02-08 19: 08: 00 EST Valid Date 2006-02-08 19: 08: 00 EST But it also indicates that it is not set up for rapid replacement if the domain name it is operating under gets revoked. > $ nslookup ns1.dan479lop.com > Name: NS1.DAN479LOP.COM > Addresses: 218.30.123.56, 221.11.133.32 > > $ nslookup ns2.dan479lop.com > Name: NS2.DAN479LOP.COM > Addresses: 219.153.14.34, 221.11.133.31 Look, backup I.P. addresses just in case a lart is successful in getting a DNS host shutdown, but not effective if the domain gets canceled. That will require a bit more work for spammy to recover from. Step 1. Verify that the Hotmail address is valid. If not, file a complaint which should cause the domain name to be rejected. If so, file a report with hotmail abuse about the TOS violation, and if that bounces, refer it to Microsoft abuse. Bonus points for HOTMAIL/Microsoft larts if you can tie the domain to any pirate Microsoft software offers and point this out in the larts. Step 2. Once the hotmail account is dead, file the complaint to get the domain for the DNS server removed because of invalid contact information. If you can find a way to automate this procedure or get enough motivated volunteers, it can make things very difficult for spammy. Throw away domains are cheap, but it takes time to recover from losing the domain used for the DNS server. It may not totally stop them, but concentrating on getting any domain that is providing the DNS server exclusively for spammy suspended will cause them a lot of problems. Good Hunting, -John wb8tyw@qsl.network Personal Opinion Only -- This plain text message was scanned for viruses by my eyeballs, which are the only virus scanner used on this machine. From wb8tyw at qsl.network Thu Mar 3 01:05:27 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 3 01:10:04 2005 Subject: [SpamCop-List] Re: soonish.net - NOT-exactly how does this work? In-Reply-To: References: <20050303060510.1d75dcc4@wednesday.playbeing.org> Message-ID: Berny wrote: > > something I don't quite get here, > > can any registered domain become a DNS server/referrer? Aren't there some > ICANN rules dealing with that? If there are, I do not know them. For a domain name to work, there has to be at least one DNS server announcing it's IP address that is known to one of the root DNS servers. Cancel the domain, and it does not matter how many DNS servers that are being used for it. AOL reportably will not accept e-mail that has URLs in it with that reference I.P. addresses instead of domain names, so if spammy wants to reach AOL users, they need a domain name. And a domain name needs a DNS server. > What exactly is the difference between registering a domain, getting an IP > for it, and finding or making a DNS server willing to dish out the IP to > someone looking for the domain? Good question. I do not know the details. You have to find an ISP willing to host or sell you connectivity for the DNS server before you can use a domain that you have registered. > I thought. > > I find a machine to host a web site, it's got an IP. maybe it's mine or > maybe I'm paying a colo host. > > I register a domain name and supply the above info ie > site=xxx.xxx.xxx.xxx:/path/to/html and money to a registrar. > > Now I have a website, No? Yes, but to reach it by name, there has to be a DNS server that is authorative for that domain, and it has to be known to the root domain servers. It looks like when you register a domain, you have to provide the names of the authorative DNS servers. > Is there a concise site summarizing the answers to the above? It might be nice to know that too. > Excuse my ignorance please I do not know the precise answers either. But this does show that when spammy sets up their own DNS server it makes them more immune to if one of their web hosts or throwaway domains gets shutdown by a LART. The weakness is that if the domain for the DNS server gets suspended, it locks out access to all of spammys domains until they notice it and get another DNS server set up, and all their domains modified to use it. The way to cause them the most damage is to find out as many of their domains as possible. Then prove that the contact information for the domain used for the DNS server is invalid, and get that suspended. Wait one or two days after that, and then repeat with the other domains. If you get lucky, you will get one of the domains that spammy was trying to get the DNS moved to just about the time that spammy thought it could go live, and spammy has to start over again. -John wb8tyw@qsl.network Personal Opinion Only From nobody at spamcop.net Thu Mar 3 00:25:50 2005 From: nobody at spamcop.net (Don Wannit) Date: Thu Mar 3 03:30:30 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] In-Reply-To: References: Message-ID: Cat wrote: > Firewoman wrote: > >> CallerID doesn't help when it shows the caller's phone number to be >> (200) 000-0000. > > > How do they get it to show up like that? > With the correct telco service. If you have ISDN or a T1 trunk, you can configure your service to report whatever you want for the CallerID. It's usually used by real businesses with multiple outgoing lines so that the CallerID shows the main (published) number to call back, instead of the random line seized from the pool when the call was made. But sleazy telemarketers of course use that feature to obscure their number, just like spammers abuse the otherwise benign and useful ability to set the From: address. From nobody at spamcop.net Thu Mar 3 00:44:01 2005 From: nobody at spamcop.net (Don Wannit) Date: Thu Mar 3 03:45:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Frog Prince wrote: > "eddie" seems to have been quoting someone below: > > | "The customer is always right" was said by a customer. Honest dealers > | know that the customer is almost always wrong. > > Not to change the topic but in many cases that approach equates to the > customer being someone else's customer in short order and if carried to > extreme the business is no more. Actually, in my experience founding 7 companies, the customer is *not* always right. However, the customer is always the customer. As you point out, you don't stay in business very long with the attitude that the customer is always wrong. Conversely, very few can stay in business for long with the opposite attitude that the customer is always right. You can afford to do that only if you have very high prices and/or a niche hold (c.f. Nieman Marcus stores, where legend has it that they took back a set of auto tires a customer returned, but they don't sell tires). The trick to being successful in keeping customers happy and also staying in business is to make sure the customer gets what is fair, and a bit more, and knows it. Sure would be nice if ISPs and cell phone companies learned that trick. From feldethom2165 at email2me.net Thu Mar 3 00:03:47 2005 From: feldethom2165 at email2me.net (Fred k) Date: Thu Mar 3 04:05:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d066nh$94r$1@news.spamcop.net... > A zombie PC can be explained by Item 4 on the following page: > > http://www.rickconner.net/spamweb/tricks.html > I knew I was wet behind the ears. Thanks for throwing me a towel. That is a very educational article. Fred k From nobody at nowhere.invalid Thu Mar 3 10:30:02 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 3 04:35:04 2005 Subject: [SpamCop-List] Re: Address obfuscation - was: Re: Pornographic Spam Assault References: Message-ID: On Thu, 3 Mar 2005 00:20:49 -0000, Porpoise coughed into spamcop and left this in : > So what you're saying is that the bot will "browse" the pages - as opposed > to "reading" the files? Exactly. The bot doesn't have any more access to the server's filesystem than a browser. In fact it is just another HTTP client in exactly the same way as a browser and gets the stuff off the server using exactly the same HTTP "GET" requests as a browser. As far as the web server is concerned, it *is* a browser. {snip} > that the bot would actually "see" the addresses from all that? If a browser can "see" the addresses from all that then a bot will. The bot *is* an automated browser. -- Steve A grammarian's life is always intense. From MikeE at ster.invalid Thu Mar 3 02:41:49 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 3 05:45:23 2005 Subject: [SpamCop-List] Re: soonish.net - NOT-exactly how does this work? References: <20050303060510.1d75dcc4@wednesday.playbeing.org> Message-ID: Berny wrote: > can any registered domain become a DNS server/referrer? Aren't there > some ICANN rules dealing with that? Yes. No. > What exactly is the difference between registering a domain, getting > an IP for it, and finding or making a DNS server willing to dish out > the IP to someone looking for the domain? I like Dan's info for easy reading http://domains.dan.info/ Dan's Domain Site In the Tips section he has a link to an article about doing it - the DNS - yourself. http://www.garykessler.net/library/dns.html SETTING UP YOUR OWN DNS -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Thu Mar 3 08:31:32 2005 From: nobody at spamcop.net (Anti-Spam) Date: Thu Mar 3 08:35:07 2005 Subject: [SpamCop-List] Links not found Message-ID: Another case of problems identifying links formatted as . (No its not my browser or mail server, since the vast majority of messages (spam) are handled correctly. Tracker: -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: webmasterm@oxgwqwjbscbx.com (generated by Webpoison) From porpoise1954 at yahoo.co.uk Thu Mar 3 15:13:52 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Mar 3 10:30:32 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d066nh$94r$1@news.spamcop.net... > Porpoise wrote: >> >> So, whether I use my home ADSL, my work ADSL, a dialin from wherever, or >> whatever - it's irrelevant. >> >> So if my hosting company can manage it, whatsall wrong with the others? > > Normal email clients (e.g., outlook exchange, eudora, thunderbird, etc.) > send mail to the local server on port 25 via SMTP. That server figures out > how to relay the mail to the proper mail server of the recipient(s). > > What you're describing is authentication at the level of email clients. > > A zombie PC can be explained by Item 4 on the following page: > > http://www.rickconner.net/spamweb/tricks.html > > They often act as direct-to-MX senders (see Item 5 on that same page). > > Using password authentication at this level is not realistic -- it makes > sense for one ISP's mail server to know its clients who generate emails > (and give them access control). Yes but like I said, my ISP doesn't run mailservers......... so the access control is at the Mx for my domain host. It has nothing to do with where/who I connect to the internet with. My hosts Mxes are trusted mailhosts but for my mail to be accepted by them, I need a valid login/pwd. > It would be impractical for every MX to know every other MX, and require > that they authenticate themselves before transfering messages. > Furthermore, DNS is used to identify which MX is responsible for a > destination address, since it would be difficult otherwise, for an MX to > know all other MXs. But that's kind of the case with Mxes that there is this element of trust. That's what blocklists are about - "untrusting" Mxes that start spewing crap. But if the originating MX didn't accept the crap in the first place, it wouldn't get itself listed. But I suspect Mike is more knowledgeable about the various trusts/relationships and might be able to interject here. > > Zombie PCs actually are smart enough to do the DNS lookups to find the > recipient's MX, as would your local MX in the traditional way of sending > email. > > -- > Help fight spam by "educating" the lax, zombie-hosting ISPs: > http://pages.infinit.net/filmore/educateYourISP.htm From kenbrody at spamcop.net Thu Mar 3 09:49:25 2005 From: kenbrody at spamcop.net (Kenneth Brody) Date: Thu Mar 3 11:30:03 2005 Subject: [SpamCop-List] Re: FL = Safe Haven (No More) ? References: Message-ID: <422723F5.7B77B5ED@spamcop.net> me-no-no wrote: > > Possibly :-) > [News] > BellSouth Investigation Leads to Guilty Plea in Spamming Case. > State of Florida Prosecutes and Convicts Spammer on Felony Charge... > http://biz.yahoo.com/prnews/050301/cltu050_1.html Unfortunately, once again it's not "spamming" that he was convicted of. Rather, it was for "cracking user pass codes and hijacking BellSouth subscriber Internet accounts to send large amounts of spam". -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From tdy at blackhole.invalid Thu Mar 3 10:08:48 2005 From: tdy at blackhole.invalid (N. Miller) Date: Thu Mar 3 13:10:09 2005 Subject: [SpamCop-List] Re: What Am I Looking At? References: <42262264.A5F21544@Spamcop.net> Message-ID: In article <42262264.A5F21544@Spamcop.net>, Nobody says... > I have been receiving tightly targeted spams to my ISP's username list > from a spammer who apparently compromised the ISP's database somehow > last June. The spammer has gradually worked around all my filters and > is now using fake names appended to my e-mail address to beat my address > filters. If you mean you have see spam with , , etc., that may not be a compromised database, but the consequence of a "dictionary attack". It is also doubtful that a single spammer is at work. And spammers do rotate domains, subject lines, etc. knowing full well that users try to filter on those. I promise you, they are not targeting you, but just doing what they do best; morphing on a regular basis. > Initially, he was sending to the user d/b with strings of user addresses > in the TO line of the form "grannysmith@myISP.com" > . I filtered the groups of names he usually > used. He responded by using other usernames in the TO line and > blind-copying my address. As I filtered these by addressee name, he > deduced which usernames weren't filtered and isolated my username, and > began spamming directly to my e-mail address using addresses of the form > "PHONY NAME" . It is very unlikely that he is responding to anything you do. If you are thinking in that mode, you need to take a break from reporting. Spammers aren't out to get you specifically, just to trying to keep one step ahead of the filters, in general. > Of more immediate interest here, spammy is also protecting internal > links from discovery by SpamCop's parser in the last few spams. I've > been reporting his spew since the first one, and apparently this is a > counter to losing his hosts every few days. > How do I get to the internal links so SpamCop can lart the proxy owners? The proxy owners who should get the notifies are in the headers. Anything in the body is a hosting service. While it would be nice to notify them, if you are encountering the "too many links" foil, all that you can do is a manual notify. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at devnull.spamcop.net Thu Mar 3 10:19:56 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Thu Mar 3 13:20:02 2005 Subject: [SpamCop-List] Re: Firefox and Opera Vulnerabilities In-Reply-To: <20050303060108.43ab274c@wednesday.playbeing.org> References: <20050303060108.43ab274c@wednesday.playbeing.org> Message-ID: Bert Driehuis wrote: > I'd enable IDN as soon as the majority of the ISPs that > clamored for it start deploying reverse DNS. I'd expect > that to happen sometime after the 2036 Y2^22K rollover event. TAI64 may postpone that until the Y2^63 event. -- "Everything that can be invented has been invented." -- Charles H. Duell, Commissioner, US Office of Patents (1899) From eddie at eddie.web Thu Mar 3 14:18:04 2005 From: eddie at eddie.web (eddie) Date: Thu Mar 3 14:20:03 2005 Subject: [SpamCop-List] what's up with mhz.com? Message-ID: They just started showing up on my radar screen. I see that netsol has their contacts hidden. Have they just started bulletproof spamming or was I just lucky until recently? -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Thu Mar 3 14:19:03 2005 From: eddie at eddie.web (eddie) Date: Thu Mar 3 14:20:09 2005 Subject: [SpamCop-List] Re: FL = Safe Haven (No More) ? References: <422723F5.7B77B5ED@spamcop.net> Message-ID: On Thu, 03 Mar 2005 09:49:25 -0500, Kenneth Brody scratched out the following: snip > > Unfortunately, once again it's not "spamming" that he was convicted of. > Rather, it was for "cracking user pass codes and hijacking BellSouth > subscriber Internet accounts to send large amounts of spam". Tha's OK. They got Capone on tax evasion. Whatever it takes. -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Thu Mar 3 16:55:43 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 3 17:00:02 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... In-Reply-To: References: Message-ID: Don Wannit wrote: > The trick to being successful in keeping customers happy and also > staying in business is to make sure the customer gets what is fair, > and a bit more, and knows it. It's all about the contract -- when you fly on plane, you, as a customer, are responsible for certain things. The airline is responsible for other things. This is implicit/explicit in the contract. The problem with zombie networks is that everyone has been caught with their pants down. Nobody expected the scale of the problem. > Sure would be nice if ISPs and cell phone companies learned that trick. My ISP says that I'm forbidden from running any kind of server on my machine, as a residential customer. In theory, as soon as a zombie is running on my machine, I'm running a server (proxy, mail relay, whatever), capable of accepting incoming connections (the back-door of via the Trojan). If ISPs wanted to, they could yank the connection on that basis alone. The problem is, there are TOO many people with zombies (e.g., the hypothetical 4000 for one ISP, for example). Bottom line -- applying their no-server policy consistently would be too costly, even if it reduced the spam problem for everyone. It's the same reason why airlines don't enforce the rules about carry-on bags that obviously don't fit in that metal-framed box thingy displayed at the check-in counter. (Well, I've only seen it enforced once, when a customer was being a real jerk.) One could argue that if all passengers respected that rule, airline tickets would be cheaper for everyone since less fuel would be required for a trip. What head of an airline would have the guts to try that? -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at devnull.spamcop.net Thu Mar 3 18:41:59 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 3 18:45:04 2005 Subject: [SpamCop-List] 4000 zombies create a nice chunk of bandwidth Message-ID: Thinking more about the 4000-zombie-ISP problem, I did some rough calculations on how much bandwidth they would generate. I think there's another possible reason why ISPs don't react quickly, which nobody has mentioned yet - they make money off of the additional traffic! Here are some numbers, the first set assumes 4000 zombies on a network, an average of 25,000 messages per day (less than a magnitude 5 senderbase entry), with the basic cable package. The dollar amounts are based on my (Canadian) ISP's rates, which allows a mere 1G upload. I only assume "message sent" (upload) traffic. In theory, proxies would accept incoming (download) traffic as well, but it would be possibly less, since you can send a message through a zombie with many TO, CC, BCC, addresses, thus multiplexing. Spam size (K) 4 Spam/day 25,000 K/day 100,000 K/month 3,000,000 G/month 2.86 Upload limit (G/month) 1 Excess upload 1.86 Cost/additional G $7.95 Additional revenue/zombie $14.80 Zombies present on ISP's network 4000 Additional revenue per month for all zombies $59,180.53 Here are the same numbers, but with zombies that average 50,000 messages/day (again, less than senderbase's magnitude 5): Spam size (K) 4 Spam/day 50,000 K/day 200,000 K/month 6,000,000 G/month 5.72 Upload limit (G/month) 1 Excess upload 4.72 Cost/additional G $7.95 Additional revenue/zombie $37.54 Zombies present on ISP's network 4000 Additional revenue per month for all zombies $150,161.06 I did this quickly in excel, and I /think/ my math is correct... What strikes me is the following: Why don't the users realize that their cable bill is too high, because of excess traffic? Ignorance about installing firewalls, antivirus, etc. does not mean ignorance about reading your cable bill. Then again, perhaps we're talking about darwinism with respect to zombies. We don't see the pennywise-user's zombies because they figured out what happened and cleaned up their system! Let's assume I had a magnitude 5 zombie on my PC (much higher than the estimates above, but there are many such cases according to senderbase) -- that translates to 100,000 messages/day. Using my spreadsheet, this means an ADDITIONAL cost of $83.00 per month on my cable bill. My guess is that zombies that pass under this radar are those on PCs with higher-bandwidth forfeits, or people that don't read their cable bills. Gives us some more to think about regarding how to fight the problem. Has anyone every validated the senderbase magnitude system? That could also be a chink in these calculations. I read on the senderbase FAQ that it's based on a Nielsen-ratings type scheme, which I suppose is scientific. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From me at email.net Thu Mar 3 18:32:08 2005 From: me at email.net (LS) Date: Thu Mar 3 19:35:03 2005 Subject: [SpamCop-List] No headers with Exchange Server account Message-ID: I currently report Spam to Spamcop using Outlook Express 6 for my Mediacom email and my hotmail email. It works perfectly. When I load the messages I get from my personal Exchange 2003 server I get a email back saying no headers found. I'm using the same method with OE to send it. It has to be something my server is doing to mess up the headers. None of the faq's or newsgroups on spamcop.net help with the server. I am using ORFilter on the server. Does it do something to the headers? Is there a setting on the server to leave the headers alone? Any ideas? I sent money to Spamcop and would like to use it. :) hehe I am with the others, just not the most important one, my personal server. Thanks in advance! LS From nobody at devnull.spamcop.net Thu Mar 3 20:46:33 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Mar 3 20:50:03 2005 Subject: [SpamCop-List] Re: FL = Safe Haven (No More) ? References: <422723F5.7B77B5ED@spamcop.net> Message-ID: "eddie" wrote in message news:pan.2005.03.03.19.19.03.307000@eddie.web... > On Thu, 03 Mar 2005 09:49:25 -0500, Kenneth Brody scratched out the > following: > > snip >> >> Unfortunately, once again it's not "spamming" that he was convicted of. >> Rather, it was for "cracking user pass codes and hijacking BellSouth >> subscriber Internet accounts to send large amounts of spam". > > Tha's OK. They got Capone on tax evasion. Whatever it takes. I don't care if they get them for pissing on a fire hydrant, as long as they get them. Any port in a storm etc. Pop From wb8tyw at qsl.network Thu Mar 3 20:58:07 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 3 21:00:04 2005 Subject: [SpamCop-List] Make money from Spam in Texas! In-Reply-To: References: <422723F5.7B77B5ED@spamcop.net> Message-ID: $4000.00 U.S so far! http://www.austinchronicle.com/issues/dispatch/2005-03-04/pols_naked6.html -John wb8tyw@qsl.network Personal Opinion Only From agent01413 at my-deja.com Fri Mar 4 02:36:13 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Thu Mar 3 21:40:25 2005 Subject: [SpamCop-List] Re: reality check. References: Message-ID: "Mike Easter" wrote in news:d020nm$868$1 @news.spamcop.net: > Socks the Whitehouse Cat wrote: >> I got a spam today through a listserv server. I didnt want to report >> the server as the source, because it wasnt the source and I didnt >> want to contribute to blocking it, so I deselected it from the >> reports. However, that server owner wants to know when spam is coming >> through his lists so that he can block the points of origin, so he is >> set up as a third party interested in spam reports from certain IPAs. >> Am I correct in my belief that if I deselect his IPA on the "origin >> of spam" line, but leave it selected on the "third party interest >> line", he'll get notice without getting a ding for the report? > > I didn't think you were supposed to handle the problem of mailing list > spam like that, ie with SC. > > http://www.spamcop.net/fom-serve/cache/14.html On what type of email > should I (not) use SpamCop? -- Spam sent to mailing lists -- Spam sent > to mail lists/groups must not be reported using SpamCop except by the > list owner. Subscribers may send a note to the list owner who can block > the source from sending to the list or take responsibility for reporting > the spam themselves. > > 1) My question was misunderstood. I didnt ask whether I was allowed to report it or not. I asked what the impact on the specific IPA was of the specific step I took. 2) Where in my post did I state that I was not the listowner? listowner != server owner under l-soft's listserv, most of the time. Spam, since it usually comes from a non subscriber, will end up in the listowner's mailbox waiting for approval or rejection, or in this case reporting to spamcop, per the instructions that spam can be reported by the list owner. -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From agent01413 at my-deja.com Fri Mar 4 02:36:49 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Thu Mar 3 21:40:49 2005 Subject: [SpamCop-List] Re: reality check. References: <422597F7.3A8D@xyzzy.claranet.de> Message-ID: Frank Ellermann wrote in news:422597F7.3A8D@xyzzy.claranet.de: > Socks the Whitehouse Cat wrote: > >> if I deselect his IPA on the "origin of spam" line, but leave >> it selected on the "third party interest line", he'll get >> notice without getting a ding for the report? > > Yes, you'd see it on the "reports sent" page. As Mike said > it's not enough to deselect all other reports, it would be > still counted for the SCBL. > thanks. -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From panoptes at iquest.net Thu Mar 3 21:50:09 2005 From: panoptes at iquest.net (Daniel W. Johnson) Date: Thu Mar 3 21:55:03 2005 Subject: [SpamCop-List] Re: AFRINIC problem References: Message-ID: <1gsvb7l.gzvh731gif2pqN%panoptes@iquest.net> Looks like I should have gotten caught up on this newsgroup before posting to spamcop.routing. -- Daniel W. Johnson From nobody at xyzzy.claranet.de Fri Mar 4 04:12:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Mar 3 22:15:37 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: <4227D212.2AAE@xyzzy.claranet.de> LS wrote: > None of the faq's or newsgroups on spamcop.net help That issue was discussed not only here very often: MicroSoft Exchange strips the headers to a minimum required for its own purposes. The stripped info includes the trace headers needed to analyze SMTP mail. Or at least that's an effect if Outlook talks to Exchange, but if your OE has the same problem it must be a Exchange "feature". > Any ideas? Uninstall Exchange and get a decent free / open source server. Bye, Frank From nobody at xyzzy.claranet.de Fri Mar 4 04:44:15 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Thu Mar 3 22:50:03 2005 Subject: [SpamCop-List] Re: Links not found References: Message-ID: <4227D98F.4BB7@xyzzy.claranet.de> Anti-Spam wrote: > Another case of problems identifying links > formatted as . (No its not > my browser or mail server It could be still a problem on the side of the spammer, but in your case it's something else. Of course SpamCop supports a quoted printable HREF=3D, And it also has no problem with any QP HTML within a multipart/related within another multipart. > Tracker: Yes, I followed it and SC found the 6a-URLs in the HTML. Wild guess, some days ago I reported 80 "AveYou" spams hosted by rackspace.com. In about 5 cases SC ignored the spamvertized URL. Maybe a new feature depending on the system load (?) Bye, Frank From spam at euclidian.com Thu Mar 3 23:15:24 2005 From: spam at euclidian.com (I Love Spam) Date: Thu Mar 3 23:20:06 2005 Subject: [SpamCop-List] Everyone is so Anti Spam... and Why... its crazy Message-ID: This is just so crazy, why does everyone hate spam? Spam adds a lot to the economy. Think how many people would lose their jobs if it wasn't for spam! From mrichter at cpl.net Thu Mar 3 22:02:37 2005 From: mrichter at cpl.net (Mike Richter) Date: Fri Mar 4 01:05:05 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth In-Reply-To: References: Message-ID: Sofa King Tyred of Lar Ting wrote: > Why don't the users realize that their cable bill is too high, because > of excess traffic? > My guess is that zombies that pass under this radar are those on PCs > with higher-bandwidth forfeits, or people that don't read their cable > bills. Gives us some more to think about regarding how to fight the > problem. Fascinating data; nicely done. I don't know about cable, but my ADSL is only limited by speed: no volume constraint, no premium for excess. In such a configuration, the customer doesn't pay but the ISP does, so the ISP wants no zombies wandering loose. Mike -- mrichter@cpl.net http://www.mrichter.com/ From mrichter at cpl.net Thu Mar 3 22:04:22 2005 From: mrichter at cpl.net (Mike Richter) Date: Fri Mar 4 01:05:11 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: I Love Spam wrote: > This is just so crazy, why does everyone hate spam? Spam adds a lot to > the economy. Think how many people would lose their jobs if it wasn't > for spam! Think how unwelcome you are with HTML in a text-only newsgroup; even so, you are not as unwelcome as spam. Your argument for spam also applies to theft - without it, what would the cops do? All those judges out of work - tragedy! Mike -- mrichter@cpl.net http://www.mrichter.com/ From nobody at devnull.spamcop.net Fri Mar 4 16:53:53 2005 From: nobody at devnull.spamcop.net (Patto) Date: Fri Mar 4 02:55:07 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account In-Reply-To: References: Message-ID: LS wrote: > I currently report Spam to Spamcop using Outlook Express 6 for my Mediacom > email and my hotmail email. It works perfectly. > > When I load the messages I get from my personal Exchange 2003 server I get a > email back saying no headers found. I'm using the same method with OE to > send it. It has to be something my server is doing to mess up the headers. > > None of the faq's or newsgroups on spamcop.net help with the server. I am > using ORFilter on the server. Does it do something to the headers? Is there > a setting on the server to leave the headers alone? > > Any ideas? I sent money to Spamcop and would like to use it. :) hehe I am > with the others, just not the most important one, my personal server. > > Thanks in advance! > > LS As Frank explained in his post, Exchange Server messes with the headers. You write that you use Outlook Express with the Exchange Server? Does that work at all? I use the Outlook 2003 client with Exchange Server. On that I have a little plug-in called OLSpamCop (http://olspamcop.org/) that can "fix" the headers for SpamCop, and forward the corrected messages to SC. From m at remove.this.part.rtij.nl Fri Mar 4 12:33:54 2005 From: m at remove.this.part.rtij.nl (Martijn Lievaart) Date: Fri Mar 4 06:35:17 2005 Subject: [SpamCop-List] Re: http://www.projecthoneypot.org/ References: Message-ID: On Wed, 02 Mar 2005 10:11:38 -0500, Merlyn wrote: [ http://www.projecthoneypot.org/ ] > They worked with me to complete a new setup that wasn't on their list. > > They were very helpful and I give em a two thumbs up. That's M2 and M3! M4 -- Ah, the beauty of OSS. Hundreds of volunteers worldwide volunteering their time inventing and implementing new, exciting ways for software to suck. -- Toni Lassila in the Monastry From TMHRVMFWREVN at spammotel.com Fri Mar 4 12:23:36 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Fri Mar 4 07:30:29 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: >"I Love Spam" wrote in message news:d08ncv$2qu$1@news.spamcop.net... >This is just so crazy, why does everyone hate spam? Spam adds a lot to the economy. Think how many people would >lose their jobs if it wasn't for spam! Perhaps you would like to give us your email so that we could all forward our spam on to you as well as reporting it...that is if you promiss not to report us as spamming you. Perhaps someone here web savy could produce a contract form so that we are imune from being reported for forwarding it to you. Rob From me at email.net Fri Mar 4 06:52:31 2005 From: me at email.net (LS) Date: Fri Mar 4 07:55:03 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: I was using OE to forward as attachment. I tried Outlook 2003 with olspamcop and it always came back with no headers found. I tried their tech support for a couple months and never got anywhere. If it's working for you, there must be a setting I'm missing somewhere. LS "Patto" wrote in message news:d0946i$c93$1@news.spamcop.net... > LS wrote: >> I currently report Spam to Spamcop using Outlook Express 6 for my >> Mediacom email and my hotmail email. It works perfectly. >> >> When I load the messages I get from my personal Exchange 2003 server I >> get a email back saying no headers found. I'm using the same method with >> OE to send it. It has to be something my server is doing to mess up the >> headers. >> >> None of the faq's or newsgroups on spamcop.net help with the server. I >> am using ORFilter on the server. Does it do something to the headers? Is >> there a setting on the server to leave the headers alone? >> >> Any ideas? I sent money to Spamcop and would like to use it. :) hehe I am >> with the others, just not the most important one, my personal server. >> >> Thanks in advance! >> >> LS > > As Frank explained in his post, Exchange Server messes with the headers. > > You write that you use Outlook Express with the Exchange Server? Does > that work at all? > > I use the Outlook 2003 client with Exchange Server. On that I have a > little plug-in called OLSpamCop (http://olspamcop.org/) that can "fix" the > headers for SpamCop, and forward the corrected messages to SC. From noone at nowhere.com Fri Mar 4 07:54:15 2005 From: noone at nowhere.com (Bob Itguy) Date: Fri Mar 4 07:55:15 2005 Subject: [SpamCop-List] Re: Spamcop error reading URLS References: Message-ID: Here are a few of them: 1370254781 1369582740 1369193819 1369193300 "Fred k" wrote in message news:cvvjoq$bro$1@news.spamcop.net... > > "Bob Itguy" wrote in message > news:cvve5t$7nq$1@news.spamcop.net... > >> So looks like Spamcop needs to connect the dots better :) > > Please post a tracker URL. > > Fred k > From Kilgallen at SpamCop.net Fri Mar 4 07:07:11 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Mar 4 08:10:03 2005 Subject: [SpamCop-List] Judge dismisses Virginia spam conviction of Jaynes' sister Message-ID: http://www.cnn.com/2005/LAW/03/02/spam.trial.ap/index.html says in part: LEESBURG, Virginia (AP) -- A judge dismissed a felony spamming conviction that had been called one of the first of its kind, saying he found no "rational basis" for the verdict and wondering if jurors were confused by technical evidence. Ruling Tuesday, Judge Thomas D. Horne also said jurors may have gotten "lost" when navigating Virginia's new anti-spam law in the case of Jessica DeGroot. But Horne upheld the conviction of her brother, Jeremy Jaynes, who prosecutors said led the operation from his Raleigh, North Carolina, area home. From porpoise1954 at yahoo.co.uk Fri Mar 4 13:23:29 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 4 08:40:06 2005 Subject: [SpamCop-List] Re: Spamcop error reading URLS References: Message-ID: "Bob Itguy" wrote in message news:d09lps$qg0$1@news.spamcop.net... > Here are a few of them: > > 1370254781 > 1369582740 > 1369193819 > 1369193300 > Here are a few of them what? Relating to what? Where's the thread? From nobody at spamcop.net Fri Mar 4 09:19:31 2005 From: nobody at spamcop.net (Anti-Spam) Date: Fri Mar 4 09:25:03 2005 Subject: [SpamCop-List] Re: Links not found References: <4227D98F.4BB7@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:4227D98F.4BB7@xyzzy.claranet.de... > > Wild guess, some days ago I reported 80 "AveYou" spams > hosted by rackspace.com. In about 5 cases SC ignored > the spamvertized URL. Maybe a new feature depending on > the system load (?) > Bye, Frank > Now that you mention it, I've also noticed how sometimes refreshing a report with no links found will find some. Vague impressions of this being discussed in this NG in the distant past. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: salesz24@nlptnwgmt.com (generated by Webpoison) From nobody at xyzzy.claranet.de Fri Mar 4 16:01:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Mar 4 10:05:06 2005 Subject: [SpamCop-List] Re: Links not found References: <4227D98F.4BB7@xyzzy.claranet.de> Message-ID: <42287865.7091@xyzzy.claranet.de> Anti-Spam wrote: > I've also noticed how sometimes refreshing a report with no > links found will find some. Yes, and so far "we" /tinw) thought that this has something to do with slow DNS servers or intentional manipulations on the side of the spammer. But SC probably caches DNS answers. That won't explain why about 5 of 80 identical "aveyou" spam reports failed to report the spamvertized site. Today the same spammer sent me hundreds of "hollywoodrx" spams, and so far SC always found both spamvertized sites. Bye, Frank From nobody at spamcop.net Fri Mar 4 19:02:55 2005 From: nobody at spamcop.net (nospam) Date: Fri Mar 4 10:05:17 2005 Subject: [SpamCop-List] Re: Links not found References: <4227D98F.4BB7@xyzzy.claranet.de> Message-ID: in article d09r3s$u5p$1@news.spamcop.net, Anti-Spam at nobody@spamcop.net wrote on 3/4/05 6:19 PM: > > "Frank Ellermann" wrote in message > news:4227D98F.4BB7@xyzzy.claranet.de... >> >> Wild guess, some days ago I reported 80 "AveYou" spams >> hosted by rackspace.com. In about 5 cases SC ignored >> the spamvertized URL. Maybe a new feature depending on >> the system load (?) >> Bye, Frank >> > > Now that you mention it, I've also noticed how sometimes > refreshing a report with no links found will find some. > Vague impressions of this being discussed in this NG in > the distant past. > > -- > Bring in the death penalty for repeat spammers. > Non-functional spambait addr: salesz24@nlptnwgmt.com > (generated by Webpoison) happens often, unless its a pimp and dump spam (they almost never have links), I now routinely reparse when no links found. more often than not they turn up 2nd time around. From PossumTrot at dont.spam.me Fri Mar 4 07:52:59 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Mar 4 11:00:34 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: Maybe it's time to LART His Honor. "Larry Kilgallen" wrote in message news:Ay0cFYD86Ihs@eisner.encompasserve.org... > http://www.cnn.com/2005/LAW/03/02/spam.trial.ap/index.html says in part: > > LEESBURG, Virginia (AP) -- A judge dismissed a felony spamming > conviction that had been called one of the first of its kind, > saying he found no "rational basis" for the verdict and wondering > if jurors were confused by technical evidence. > > Ruling Tuesday, Judge Thomas D. Horne also said jurors may have > gotten "lost" when navigating Virginia's new anti-spam law in > the case of Jessica DeGroot. But Horne upheld the conviction > of her brother, Jeremy Jaynes, who prosecutors said led the > operation from his Raleigh, North Carolina, area home. From PossumTrot at dont.spam.me Fri Mar 4 08:01:04 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Mar 4 11:05:03 2005 Subject: [SpamCop-List] Re: Make money from Spam in Texas! References: <422723F5.7B77B5ED@spamcop.net> Message-ID: "John E. Malmberg" wrote in message news:d08fbg$s5c$1@news.spamcop.net... > $4000.00 U.S so far! > > http://www.austinchronicle.com/issues/dispatch/2005-03-04/pols_naked6.html > > -John > wb8tyw@qsl.network > Personal Opinion Only For once I applaud a lawyer ! From PossumTrot at dont.spam.me Fri Mar 4 08:06:25 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Mar 4 11:10:02 2005 Subject: [SpamCop-List] Large spam increasing? Message-ID: Have I been asleep, or has Spammy recently begun sending many more large spam? I note today 29 spam over 10K with 6 at 50K and 2 at 92 K. That's 20% of the 148 spam received. Or maybe Spammy loves only me? From ftabor at direcway.com Fri Mar 4 12:36:12 2005 From: ftabor at direcway.com (Frank Tabor) Date: Fri Mar 4 12:35:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: <717h21pgcjvsf15qtpu0mq96s7bjg68hu3@4ax.com> On 4 Mar 2005 07:07:11 -0600, Kilgallen@SpamCop.net (Larry Kilgallen) wrote: >http://www.cnn.com/2005/LAW/03/02/spam.trial.ap/index.html says in part: > >LEESBURG, Virginia (AP) -- A judge dismissed a felony spamming >conviction that had been called one of the first of its kind, >saying he found no "rational basis" for the verdict and wondering >if jurors were confused by technical evidence. > >Ruling Tuesday, Judge Thomas D. Horne also said jurors may have >gotten "lost" when navigating Virginia's new anti-spam law in >the case of Jessica DeGroot. But Horne upheld the conviction >of her brother, Jeremy Jaynes, who prosecutors said led the >operation from his Raleigh, North Carolina, area home. Her conviction was overturned because, while the credit card was in her name that was used to register the domains, it could not be proved that she was the one that used it to register. Reasonable doubt. From nobody at devnull.spamcop.net Fri Mar 4 12:39:18 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Mar 4 12:40:03 2005 Subject: [SpamCop-List] Deputies? Report History Prob? Message-ID: Hi, I don't know what it means, but as I scanned down to the Report Now button on the details page, something that might be of interest to the deputies (or not) was found. Tracker: http://www.spamcop.net/sc?id=z738562689z34197b1eb420d6d072771012f63a07d8z I noticed the following lines in the Tech Details: "Tracking link: http://aboutus.htm [report history] Cannot resolve http://aboutus.htm" It looks like it's trying to treat .htm as a legit TLD? Don't think it can be? Clicking on that Report History link, resulted in: "Authorization failure, no username provided by server; action = showhistory" Maybe because I'm a free user? Dunno. Think I've looked at them before but not sure. Sooooo, I thought maybe someone would like to know about it. If not, then forgive me for wasting your time. Regards, Pop -- Perfection is not only elusive, it is also limited with unexpected and dangerous results for the idealist. From nobody at devnull.spamcop.net Fri Mar 4 12:43:58 2005 From: nobody at devnull.spamcop.net (Pop) Date: Fri Mar 4 12:45:05 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "Rob" wrote in message news:d09k5c$p9s$1@news.spamcop.net... > >>"I Love Spam" wrote in message > news:d08ncv$2qu$1@news.spamcop.net... >>This is just so crazy, why does everyone hate spam? Spam adds a lot to >>the > economy. Think how many people would >lose their jobs if it wasn't for > spam! > > Perhaps you would like to give us your email so that we could all forward > our spam on to you as well as reporting it...that is if you promiss not to > report us as spamming you. Perhaps someone here web savy could produce a > contract form so that we are imune from being reported for forwarding it > to > you. > > Rob I have 2 or 20,000 he could read through. All's I need's dat kontrakt! It's probably a troll of course, but it if isn't, just give him time and he'll understand. Time solves all ills. . But let's not feed it anymore. Pop From mrichter at cpl.net Fri Mar 4 09:49:27 2005 From: mrichter at cpl.net (Mike Richter) Date: Fri Mar 4 12:50:04 2005 Subject: [SpamCop-List] Vanishing 419s? Message-ID: My first 419 arrived more than a year after I began on the Internet; my second, perhaps six months later. Over the years, they and lottery scams had grown to over twenty per day - until the last few weeks when suddenly they are down to perhaps one a day. What happened? Is someone getting after the crooks? The content has not changed to suggest that my ISPs are filtering. All I see is that the deluge has (blessedly) abated. Mike -- mrichter@cpl.net http://www.mrichter.com/ From dkona7b02 at sneakemail.com Fri Mar 4 12:56:40 2005 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Fri Mar 4 12:56:43 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister In-Reply-To: <717h21pgcjvsf15qtpu0mq96s7bjg68hu3@4ax.com> References: Message-ID: <3.0.5.32.20050304125640.014094a8@loki.fstrf.org> BUT... It *was* proved to the satisfaction of the original jury! They, all twelve of them, had no reasonable doubts as to her guilt and that was the verdict they came up with. I don't understand why a judge would just set aside a verdict like this! It is very disturbing... The defendants asked for a jury trial and they received it. To then disregard the jury's decision is a miscarriage of justice! I certainly hope the state appeals this decision just like the scum SPAMmer's lawyer is going to appeal his conviction which was upheld. At 12:36 PM 3/4/2005 -0500, Frank Tabor typed: >Her conviction was overturned because, while the credit card was in >her name that was used to register the domains, it could not be proved >that she was the one that used it to register. Reasonable doubt. From dannyg at dannyg.com Fri Mar 4 10:17:14 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Fri Mar 4 13:17:24 2005 Subject: [SpamCop-List] Re: Large spam increasing? In-Reply-To: <200503041750.j24HoGh0030806@dannyg.com> Message-ID: > Have I been asleep, or has Spammy recently begun sending many more large > spam? I note today 29 spam over 10K with 6 at 50K and 2 at 92 K. That's > 20% of the 148 spam received. Or maybe Spammy loves only me? History at my domain shows that South American spammers tend to have the longest messages, especially those in HTML. Unfortunately I get a lot of Spanish and Portuguese spam (thank goodness I don't know the languages), so over the years I've seen a lot of it. I've also noticed in the last week or so (on the small percentage of spam messages that aren't summarily rejected/deleted at my server) several spammers signficantly overloading their messages with hashbusting text. Maybe that's what you're seeing. And, of course, Spammy _does_ love you. Danny http://www.dannyg.com http://www.spamwars.com From nobody at nowhere.invalid Fri Mar 4 19:35:19 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 4 13:40:11 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth References: Message-ID: On Thu, 03 Mar 2005 22:02:37 -0800, Mike Richter coughed into spamcop and left this in : > I don't know about cable, but my ADSL is only limited by speed: no > volume constraint, no premium for excess. In such a configuration, the > customer doesn't pay but the ISP does, so the ISP wants no zombies > wandering loose. There are areas where ADSL bandwidth is capped and/or paid for at a premium. I believe that BT Internet, for example, is putting a 1GB/mo cap on people's connections, and it is far from uncommon for subscribers to pay by the MB in Oz and New Zealand. As spam becomes more and more rampant, such policy is going to become more and more common since it's the only way to get some end users to pay attantion to what their machines do online: hit them in the pocket. -- Steve Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats. -- Howard Aiken From nobody at nowhere.invalid Fri Mar 4 19:37:45 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 4 13:40:33 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: On Thu, 3 Mar 2005 23:15:24 -0500, I Love Spam coughed into spamcop and left this in : > > > charset=3Diso-8859-1"> > > > > >
This is just so crazy, why does everyone hate = > spam?  Spam=20 > adds a lot to the economy.  Think how many people would lose their = > jobs if=20 > it wasn't for spam!
Could you post something readable next time? -- Steve The three "R"s of Microsoft support: Retry, Reboot, Reinstall. From firewoman at default.domain.not.available Fri Mar 4 14:03:36 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Fri Mar 4 14:05:04 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Mike Richter" wrote in message news:d0a72r$7d8$1@news.spamcop.net... > My first 419 arrived more than a year after I began on the Internet; my > second, perhaps six months later. Over the years, they and lottery scams > had grown to over twenty per day - until the last few weeks when suddenly > they are down to perhaps one a day. > > What happened? Is someone getting after the crooks? The content has not > changed to suggest that my ISPs are filtering. All I see is that the > deluge has (blessedly) abated. They are in the process of moving Nigeria to Iraq and Russia. This will take some time. Please stand by. From ivan at gmail.com Fri Mar 4 20:25:09 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Fri Mar 4 14:30:07 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth In-Reply-To: References: Message-ID: Steven Maesslein wrote: > There are areas where ADSL bandwidth is capped and/or paid for at a > premium. I believe that BT Internet, for example, is putting a 1GB/mo > cap on people's connections, and it is far from uncommon for subscribers > to pay by the MB in Oz and New Zealand. But in the UK at least AOL offers unlimited traffic. In Italy all ISPs give unlimited traffic. Ivan. From ivan at gmail.com Fri Mar 4 20:26:33 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Fri Mar 4 14:30:24 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: I Love Spam wrote: > This is just so crazy, why does everyone hate spam? Spam adds a lot to > the economy. Think how many people would lose their jobs if it wasn't > for spam! Think how much money/time is wasted because of spam! Ivan. From me at privacy.net Fri Mar 4 19:49:09 2005 From: me at privacy.net (Michael R N Dolbear) Date: Fri Mar 4 14:50:04 2005 Subject: [SpamCop-List] Re: Chris Rock Spam Solution [the telephone system ain't that geat] References: <20050227042120.36c54962@wednesday.playbeing.org> <20050303054328.1fc22edb@wednesday.playbeing.org> Message-ID: <01c52047$7168fd40$LocalHost@default> Bert Driehuis wrote [...] > As long as the telcos are tolerating every abuse that's thrown at > the consumer, the fact that they could (if they wanted to) prevent abuse > remains entirely academic, because they don't care. And unlike the > Internet, we're not dealing with a playing field that's even remotely > level. Of course the FCC and other regulators should require Telcos to police the use of fake CallerID like (200) 000-0000. There was a guy who had ISDN and his own PABX who did the sort of things people with their own email server can do. Call he didn't want to receive were connected to dead lines, modems or answering machines. Today he could add an auto-robot (key '1' to xxx) which would send the callers in circles. Anyone who is prepared to invest in Asterisk ? and pay for ISDN can do all this today. Most telcos offer ACR (reject if withheld CallerID), how many offer Choose To Refuse (list of phone number to refuse, even if CallerID is withheld) ? -- Mike D From eddie at eddie.web Fri Mar 4 16:43:38 2005 From: eddie at eddie.web (eddie) Date: Fri Mar 4 16:45:04 2005 Subject: [SpamCop-List] Re: Deputies? Report History Prob? References: Message-ID: On Fri, 04 Mar 2005 12:39:18 -0500, Pop scratched out the following: snip > > I noticed the following lines in the Tech Details: > > "Tracking link: http://aboutus.htm > [report history] > > Cannot resolve http://aboutus.htm" > > It looks like it's trying to treat .htm as a legit TLD? Don't think it > can be? snip Yup, the parser seems to look for http:// and then attempts to resolve anything after that as a URL. It's probably too much programming to only look for legit suffixes, especially since they are no longer limited to a few as they once were. There might even be an htm domain now, or someday, who knows anymore?? -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Fri Mar 4 16:46:31 2005 From: eddie at eddie.web (eddie) Date: Fri Mar 4 16:50:08 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: On Fri, 04 Mar 2005 12:56:40 -0500, Spam Hater scratched out the following: > BUT... It *was* proved to the satisfaction of the original jury! They, > all twelve of them, had no reasonable doubts as to her guilt and that was > the verdict they came up with. I don't understand why a judge would just > set aside a verdict like this! It is very disturbing... > > The defendants asked for a jury trial and they received it. To then > disregard the jury's decision is a miscarriage of justice! I certainly > hope the state appeals this decision just like the scum SPAMmer's lawyer > is going to appeal his conviction which was upheld. snip We live in a country ruled by the unelected elite - the judiciary. Five people on the Supreme Court make all the laws in the USA and they have lifetime tenure. Not to mention the Ninth Circuit Court out West. I don't think the founders ever thought it would come to this. There are no individual or State's rights any more. Only what rights nine aging idiots tell us we can have. -- Once movie theaters gave out steak knives Today they confiscate them From pete+usenet at heypete.com Fri Mar 4 13:48:56 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Fri Mar 4 16:50:25 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: In article , Mike Richter wrote: > What happened? Is someone getting after the crooks? The content has not > changed to suggest that my ISPs are filtering. All I see is that the > deluge has (blessedly) abated. No, it would seem that all your 419s are being moved over to me. :) Before implementing return-path validation on my incoming email combined with greylisting, I was getting several dozen 419s per day. Now I'm down to about 6-8. Other than the asian-language spam, 419s are probably the most common spam I receive. :/ -- Pete Stephenson HeyPete.com From spamcop at 1bigthink.com Fri Mar 4 16:56:39 2005 From: spamcop at 1bigthink.com (spamcop) Date: Fri Mar 4 16:56:57 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: <6.1.2.0.0.20050304165604.0523fa48@mx.1bigthink.com> At 04:46 PM 3/4/2005, you wrote: >On Fri, 04 Mar 2005 12:56:40 -0500, Spam Hater scratched out the >following: > > > BUT... It *was* proved to the satisfaction of the original jury! They, > > all twelve of them, had no reasonable doubts as to her guilt and that was > > the verdict they came up with. I don't understand why a judge would just > > set aside a verdict like this! It is very disturbing... > > > > The defendants asked for a jury trial and they received it. To then > > disregard the jury's decision is a miscarriage of justice! I certainly > > hope the state appeals this decision just like the scum SPAMmer's lawyer > > is going to appeal his conviction which was upheld. >snip >We live in a country ruled by the unelected elite - the judiciary. Five >people on the Supreme Court make all the laws in the USA and they have >lifetime tenure. Not to mention the Ninth Circuit Court out West. >I don't think the founders ever thought it would come to this. >There are no individual or State's rights any more. Only what rights nine >aging idiots tell us we can have. Don't know if this is the correct one.. Jeremy Jaynes 6404 Pleasant Creek Ct Raleigh, NC 27613-3104 (map) Tel.: (919) 783-0619 (call this number) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From nobody at xyzzy.claranet.de Fri Mar 4 23:22:45 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Mar 4 17:25:03 2005 Subject: [SpamCop-List] Re: Deputies? Report History Prob? References: Message-ID: <4228DFB5.7370@xyzzy.claranet.de> Pop wrote: > Cannot resolve http://aboutus.htm" LOL. It's hollywoodrx.com, isn't it ? Got about 500 today. If "we" all get hundreds that's an indirect DDoS attack :-( hollywoodrx is dow, but hollywoodprescription still lives. Ignore the bogus http://aboutus.htm and http://faq.htm Bye. From nobody at xyzzy.claranet.de Fri Mar 4 23:44:18 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Mar 4 17:45:05 2005 Subject: [SpamCop-List] Re: Large spam increasing? References: Message-ID: <4228E4C2.226C@xyzzy.claranet.de> Possum Trot wrote: > has Spammy recently begun sending many more large spam? The re:29 (or other numbers) spam is often quite large, but that's not exactly new. Some JP newsletters are also large. Bye, Frank From DougThegarden at hotmail.com Fri Mar 4 23:27:21 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Fri Mar 4 18:30:32 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister In-Reply-To: References: Message-ID: Spam Hater wrote: > BUT... It *was* proved to the satisfaction of the original jury! They, > all twelve of them, had no reasonable doubts as to her guilt and that > was the verdict they came up with. I don't understand why a judge > would just set aside a verdict like this! It is very disturbing... > > The defendants asked for a jury trial and they received it. To then > disregard the jury's decision is a miscarriage of justice! I certainly hope > the state appeals this decision just like the scum SPAMmer's lawyer is > going to appeal his conviction which was upheld. > > The judges have that power if they believe that the decision the jury reached was not a reasonable one. Doug From DougThegarden at hotmail.com Fri Mar 4 23:28:59 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Fri Mar 4 18:30:58 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: spamcop wrote: > > Don't know if this is the correct one.. > > Jeremy Jaynes > 6404 Pleasant Creek Ct > Raleigh, NC 27613-3104 (map) > Tel.: (919) 783-0619 (call this number) > I would be very very wary of trying anything that you might be thinking of. You may not like the consequences. Doug From eddie at eddie.web Fri Mar 4 18:55:31 2005 From: eddie at eddie.web (eddie) Date: Fri Mar 4 19:00:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: On Fri, 04 Mar 2005 23:27:21 +0000, Doug Thegarden scratched out the following: snip >> > The judges have that power if they believe that the decision the jury > reached was not a reasonable one. > > Doug So then, since the judge "knows" the correct decision, why not eliminate the jury system and let the judges rule right away, saving us all a lot of time. -- Once movie theaters gave out steak knives Today they confiscate them From devnull at spamcop.net Fri Mar 4 19:00:41 2005 From: devnull at spamcop.net (Frog Prince) Date: Fri Mar 4 19:10:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: "eddie" wrote in message news:pan.2005.03.04.23.55.30.533000@eddie.web... | On Fri, 04 Mar 2005 23:27:21 +0000, Doug Thegarden scratched out the | following: | | snip | >> | > The judges have that power if they believe that the decision the jury | > reached was not a reasonable one. | > | > Doug | | So then, since the judge "knows" the correct decision, why not eliminate | the jury system and let the judges rule right away, saving us all a lot of | time. It's part of the checks and balance system From eddie at eddie.web Fri Mar 4 20:28:40 2005 From: eddie at eddie.web (eddie) Date: Fri Mar 4 20:30:09 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: On Fri, 04 Mar 2005 19:00:41 -0500, Frog Prince scratched out the following: > It's part of the checks and balance system And who checks the judges? They are not elected and are tenuredf for life. -- Once movie theaters gave out steak knives Today they confiscate them From TMHRVMFWREVN at spammotel.com Sat Mar 5 01:38:00 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Fri Mar 4 20:40:02 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Pete Stephenson" wrote in message news:pete+usenet-30DCFC.13485604032005@news.cesmail.net... S > > Other than the asian-language spam, 419s are probably the most common > spam I receive. :/ > > -- > Pete Stephenson > HeyPete.com Do you by any chance have lots of money and advertise yourself as a philanthropist? I get about one per month if that. Rob From devnull at spamcop.net Fri Mar 4 21:02:22 2005 From: devnull at spamcop.net (Frog Prince) Date: Fri Mar 4 21:05:02 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: "eddie" | On Fri, 04 Mar 2005 19:00:41 -0500, Frog Prince scratched out the | following: | | > It's part of the checks and balance system | | And who checks the judges? They are not elected and are tenured for life. There is, presumable, judicial oversight as one judge in the Carolinas has found out recently. From pete+usenet at heypete.com Fri Mar 4 18:33:43 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Fri Mar 4 21:35:16 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: In article , "Rob" wrote: > Do you by any chance have lots of money and advertise yourself as a > philanthropist? I get about one per month if that. I'm an ex-military college student who is beginning to collect curio and relic firearms. I think the three put together would lead most people to understand that I have no money. They'd be right. :) -- Pete Stephenson HeyPete.com From eddie at eddie.web Fri Mar 4 23:47:58 2005 From: eddie at eddie.web (eddie) Date: Fri Mar 4 23:50:08 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: On Fri, 04 Mar 2005 21:02:22 -0500, Frog Prince scratched out the following: > > | And who checks the judges? They are not elected and are tenured for > | life. > > There is, presumable, judicial oversight as one judge in the Carolinas > has found out recently. Yeah, but for the Supreme Court there is zero oversight and the Constitution never set it up that way - the Court did it on their own. Check out Marbury v. Madison. The proclaimed themselves god and nobody even noticed. -- Once movie theaters gave out steak knives Today they confiscate them From mrichter at cpl.net Fri Mar 4 22:47:53 2005 From: mrichter at cpl.net (Mike Richter) Date: Sat Mar 5 01:50:05 2005 Subject: [SpamCop-List] Re: Vanishing 419s? In-Reply-To: References: Message-ID: Firewoman wrote: > They are in the process of moving Nigeria to Iraq and Russia. This will > take some time. Please stand by. I haven't received any from Iraq yet, but Dubai, UAE, Russia (of course), Romania - and I forget how many others. Mike -- mrichter@cpl.net http://www.mrichter.com/ From rcarlton at spamcop.net Fri Mar 4 23:37:28 2005 From: rcarlton at spamcop.net (Rick Carlton) Date: Sat Mar 5 02:40:04 2005 Subject: [SpamCop-List] Re: what's up with mhz.com? In-Reply-To: References: Message-ID: eddie wrote: > They just started showing up on my radar screen. > I see that netsol has their contacts hidden. > Have they just started bulletproof spamming or was I just lucky until > recently? > I dunno, but the physical mailing address that is quoted for some of the IP space - kmiller@mhz.com - of Silicon Compiler Systems (recently re-registered to Ronnie Scelson in Louisiana) is really that of stsn.com, the hotel broadband company. From http://www.sec.state.la.us/cgibin?rqstyp=crpdtl&rqsdta=35845278D Charter/Organization ID: 35845278D Name: SILICON COMPILER SYSTEMS CORPORATION Type Entity: Business Corporation Status: Active Annual Report Status: In Good Standing Domicile Address: 1922B CORPORATE SQUARE, SLIDELL, LA 70458 Incorporated: 12/28/2004 Registered Agent (Appointed 12/28/2004): CHRISTOPHER E. BENNETT 1922B CORPORATE SQUARE SLIDELL, LA 70458 Director: CHRISTOPHER E. BENNETT Mr. Bennett doesn't seem to be an officer of any other Louisiana business entities. And from http://www.sec.state.la.us/cgibin?rqstyp=crpdtl&rqsdta=35860843K Charter/Organization ID: 35860843K Name: SCELSON LLC Type Entity: Limited Liability Company Status: Active Annual Report Status: In Good Standing Domicile Address: 1922-B CORPORATE SQUARE, SLIDELL, LA 70458 Organized: 01/20/2005 Registered Agent (Appointed 1/20/2005): RONALD R. SCELSON 1922-B CORPORATE SQUARE SLIDELL, LA 70458 Member or Manager: RONALD R. SCELSON 1922 Corporate Square is an office park in Slidell. 1922B is - amazingly - NOT a UPS Store/MBE. A call to STSN today confirmed that no Kevin Miller works there. Yukio:~ rcarlton$ whois 134.86.254.40 OrgName: Silicon Compiler Systems OrgID: SCS-1 Address: 7090 South Union Park Avenue Address: Suite 200 City: Midvale StateProv: UT PostalCode: 84047 Country: US NetRange: 134.86.0.0 - 134.86.255.255 CIDR: 134.86.0.0/16 NetName: SCS NetHandle: NET-134-86-0-0-1 Parent: NET-134-0-0-0-0 NetType: Direct Assignment Comment: RegDate: 1989-04-19 Updated: 1991-01-03 TechHandle: KM131-ARIN TechName: Miller, Kevin TechPhone: +1-801-320-8032 TechEmail: kmiller@mhz.com Registrant: STSN (STSN-DOM) 7090 Union Park Ave. Midvale, UT 84047 US Yukio:~ rcarlton$ whois stsn.com Domain Name: STSN.COM Administrative Contact, Technical Contact: Administrator, Enterprise Network Services (15630253I) LANAdmin@STSN.COM 7090 UNION PARK CTR MIDVALE, UT 84047-4156 US 800-848-8168 fax: 801-265-2212 Record expires on 27-Apr-2010. Record created on 27-Apr-1998. Database last updated on 5-Mar-2005 02:27:16 EST. Domain servers in listed order: NS1.STSN.COM 12.168.103.30 NS2.STSN.COM 12.129.240.3 From the STSN website: Headquarters: STSN 7090 S. Union Park Ave. Suite 200 Salt Lake City, UT 84047 P: 801-563-2000 F: 801-563-2351 From bar_n0ne at hotmail.com Sat Mar 5 12:07:49 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sat Mar 5 03:10:40 2005 Subject: [SpamCop-List] Re: what's up with mhz.com? References: Message-ID: "Rick Carlton" wrote in message news:d0bnjp$52g$1@news.spamcop.net... > eddie wrote: > > They just started showing up on my radar screen. > > I see that netsol has their contacts hidden. > > Have they just started bulletproof spamming or was I just lucky until > > recently? > > > > > I dunno, but the physical mailing address that is quoted for some of the > IP space - kmiller@mhz.com - of Silicon Compiler Systems (recently > re-registered to Ronnie Scelson in Louisiana) is really that of > stsn.com, the hotel broadband company. Ronnie Scelson is an inFamous spammer, Google him up. Any Ip's of his need to be blocked at the router, both incoming and outgoing, all ports. He must have recovered from his bankruptcy a couple of years back, where he left one of the Baby Bells holding the bag for "connection" fees (Pink Contract). From spamcop at bucks.f9.co.uk Sat Mar 5 08:48:24 2005 From: spamcop at bucks.f9.co.uk (Bucky) Date: Sat Mar 5 03:50:03 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "I Love Spam" wrote in message news:d08ncv$2qu$1@news.spamcop.net... > This is just so crazy, why does everyone hate spam? > Spam adds a lot to the economy. > Think how many people would lose their jobs if it wasn't for spam! "I Love Spam" does have a point - think how many workers there are packing spam every day so that all those meat lovers can get their fix. I'm sure as it costs so little to produce, Hormel add milllions to the economy and employ an excellent workforce. I guess the problem is like with Marmite - you either love it or hate it. From spamcop at bucks.f9.co.uk Sat Mar 5 08:53:49 2005 From: spamcop at bucks.f9.co.uk (Bucky) Date: Sat Mar 5 03:55:02 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "Pop" wrote in message news:d0a6on$75c$1@news.spamcop.net... > It's probably a troll of course, ... > And there's Pop using his lovely "troll" word again cos he doesn't like the thread. Lighten up a bit! Not everyone that has a different view to you is a troll Pop. From ivan at gmail.com Sat Mar 5 10:20:09 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Mar 5 04:25:08 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: Bucky wrote: > "I Love Spam" does have a point - think how many workers there are packing > spam every day so that all those meat lovers can get their fix. I'm sure as > it costs so little to produce, Hormel add milllions to the economy and > employ an excellent workforce. I guess the problem is like with Marmite - > you either love it or hate it. One of the dew things worse than spam is Marmite. Ivan. From ivan at gmail.com Sat Mar 5 10:20:38 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Sat Mar 5 04:25:28 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: I Love Spam wrote: > This is just so crazy, why does everyone hate spam? Spam adds a lot to > the economy. Think how many people would lose their jobs if it wasn't > for spam! I take this as an invite to be spammed. Ivan. From Kilgallen at SpamCop.net Sat Mar 5 07:40:18 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Mar 5 08:45:23 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: In article , eddie writes: > On Fri, 04 Mar 2005 21:02:22 -0500, Frog Prince scratched out the > following: > >> >> | And who checks the judges? They are not elected and are tenured for >> | life. >> >> There is, presumable, judicial oversight as one judge in the Carolinas >> has found out recently. > > Yeah, but for the Supreme Court there is zero oversight and the > Constitution never set it up that way - the Court did it on their own. > Check out Marbury v. Madison. The proclaimed themselves god and nobody > even noticed. Are you saying that Marbury v. Madison prevents the impeachment of Supreme Court justices ? From nobody at devnull.spamcop.net Sat Mar 5 09:03:31 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Mar 5 09:00:06 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Rob" wrote in message news:d0b2ig$pkk$1@news.spamcop.net... > > "Pete Stephenson" wrote in message > news:pete+usenet-30DCFC.13485604032005@news.cesmail.net... > > S > > > > Other than the asian-language spam, 419s are probably the most common > > spam I receive. :/ I noticed that most 419s go to addresses that can be scraped from web sites. I /told/ my bosses that there was a way to put the contact address on the web site so that the spiders couldn't find it, but they didn't listen to me. For a while, all I got were 419s. It happened on another email address also which I finally got removed from the web and haven't had a 419 lately. On the work email address, they came sporadically - as though the 419er stopped to spend his money and then when it ran low, sent a few more out. Miss Betsy From nobody at devnull.spamcop.net Sat Mar 5 09:07:59 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Sat Mar 5 09:05:03 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: > "I Love Spam" does have a point - think how many workers there are packing > spam every day so that all those meat lovers can get their fix. I'm sure as > it costs so little to produce, Hormel add milllions to the economy and > employ an excellent workforce. I guess the problem is like with Marmite - > you either love it or hate it. Actually Hormel workers pack SPAM while the email that is unsolicited is spam. Hormel really insists that SPAM (in caps) not be used in describing email. I would expect that they would want the opposite so that when you are describing their meat product, you use all caps. Miss Betsy > > From nobody at devnull.spamcop.net Sat Mar 5 09:51:57 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Sat Mar 5 09:55:04 2005 Subject: [SpamCop-List] no links found Message-ID: http://www.spamcop.net/sc?id=z738907251z544c848d2ea40ac25cc64c9a6486eb36z#report -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at devnull.spamcop.net Sat Mar 5 11:18:06 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Mar 5 11:20:11 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "Bucky" wrote in message news:d0bs30$7mn$1@news.spamcop.net... > "Pop" wrote in message > news:d0a6on$75c$1@news.spamcop.net... >> It's probably a troll of course, ... >> > > And there's Pop using his lovely "troll" word again cos he doesn't like > the thread. Lighten up a bit! Not everyone that has a different view to > you is a troll Pop. > True. Very true. But you; you appear to be a wannabe troll (and were pronounced a troll by many) from some of your past posts and missives and outright crap. The only disagreement I have with you is your history of "troll-like" exhibitions on this and many other groups. Would you like me to look you up and post your exploits again? You're very easy to find. Maybe you're cleaning up your act, I don't know. If so, great; stick with it. Until then, quit looking like you're trolling with silly gibberish. I will admit I've seen much less of a trollish attitude from you since our original encounter. But I also haven't and won't bother to look to see if you're trolling other places; no future in it. Pop From nobody at devnull.spamcop.net Sat Mar 5 11:19:40 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Mar 5 11:20:33 2005 Subject: [SpamCop-List] Re: Deputies? Report History Prob? References: <4228DFB5.7370@xyzzy.claranet.de> Message-ID: "Frank Ellermann" wrote in message news:4228DFB5.7370@xyzzy.claranet.de... > Pop wrote: > >> Cannot resolve http://aboutus.htm" > > LOL. It's hollywoodrx.com, isn't it ? Got about 500 today. > If "we" all get hundreds that's an indirect DDoS attack :-( > > hollywoodrx is dow, but hollywoodprescription still lives. > Ignore the bogus http://aboutus.htm and http://faq.htm Bye. > Yup, think I figured that out but it's always nice to get confirmation. Thanks! Pop From nobody at devnull.spamcop.net Sat Mar 5 11:22:58 2005 From: nobody at devnull.spamcop.net (Pop) Date: Sat Mar 5 11:25:02 2005 Subject: [SpamCop-List] Re: Deputies? Report History Prob? References: Message-ID: "eddie" wrote in message news:pan.2005.03.04.21.43.38.93000@eddie.web... > On Fri, 04 Mar 2005 12:39:18 -0500, Pop scratched out the following: > > snip >> >> I noticed the following lines in the Tech Details: >> >> "Tracking link: http://aboutus.htm >> [report history] >> >> Cannot resolve http://aboutus.htm" >> >> It looks like it's trying to treat .htm as a legit TLD? Don't think it >> can be? > snip > Yup, the parser seems to look for http:// and then attempts to resolve > anything after that as a URL. It's probably too much programming to only > look for legit suffixes, especially since they are no longer limited to a > few as they once were. There might even be an htm domain now, or someday, > who knows anymore?? Great points, that's for sure. I have no specific problem with it; just wanted to point it out in case it meant anything to anyone. I agree with your points; thinking about it, I don't think I've ever seen anything saying there were any specific TLDs that would never be used. I don't keep close track of the RFC's etc. though. Regards, Pop From nobody at spamcop.net Sat Mar 5 12:30:39 2005 From: nobody at spamcop.net (indigo) Date: Sat Mar 5 12:30:04 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth References: Message-ID: Mike Richter wrote: > Sofa King Tyred of Lar Ting wrote: > >> Why don't the users realize that their cable bill is too high, >> because of excess traffic? > Fascinating data; nicely done. > > I don't know about cable, but my ADSL is only limited by speed: no > volume constraint, no premium for excess. Exactly. Comcast has no up/download constraints on internet usage AFAIK, only the GigaNews news server accounts are rate limited (by month). From nobody at spamcop.net Sat Mar 5 12:51:11 2005 From: nobody at spamcop.net (indigo) Date: Sat Mar 5 12:50:02 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: Bucky wrote: > "Pop" wrote in message > news:d0a6on$75c$1@news.spamcop.net... >> It's probably a troll of course, ... >> > > And there's Pop using his lovely "troll" word again cos he doesn't > like the thread. Lighten up a bit! Not everyone that has a different > view to you is a troll Pop. Posting an "I love spam, it's great for the economy" mssage into an anti-spam group is just about the definition of trollish behavior. It has nothing to do with "having another point of view". Furrfu.... From nobody at spamcop.net Sat Mar 5 12:55:47 2005 From: nobody at spamcop.net (indigo) Date: Sat Mar 5 12:55:03 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: Pete Stephenson wrote: > > I'm an ex-military college student You attended West Point, the Naval Academy, or what? And without telling us? ;-) From TMHRVMFWREVN at spammotel.com Sat Mar 5 19:09:39 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sat Mar 5 14:25:34 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Pete Stephenson" wrote in message news:pete+usenet-BF3FD5.18334304032005@news.cesmail.net... > In article , > "Rob" wrote: > > > Do you by any chance have lots of money and advertise yourself as a > > philanthropist? I get about one per month if that. > > I'm an ex-military college student who is beginning to collect curio and > relic firearms. > > I think the three put together would lead most people to understand that > I have no money. They'd be right. :) > > -- > Pete Stephenson > HeyPete.com LOL...not only that, but, from what you say they may find the A Team on top of them :-) Rob From TMHRVMFWREVN at spammotel.com Sat Mar 5 19:11:46 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sat Mar 5 14:26:05 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "Bucky" wrote in message news:d0bs30$7mn$1@news.spamcop.net... > "Pop" wrote in message > news:d0a6on$75c$1@news.spamcop.net... > > It's probably a troll of course, ... > > > > And there's Pop using his lovely "troll" word again cos he doesn't like the > thread. Lighten up a bit! Not everyone that has a different view to you is a > troll Pop. > > If he is a Troll he's a hit-and-run one and a bit silly if not amusing. Rob From TMHRVMFWREVN at spammotel.com Sat Mar 5 19:18:57 2005 From: TMHRVMFWREVN at spammotel.com (Rob) Date: Sat Mar 5 14:26:08 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: "Ivan Leo Puoti" wrote in message news:d0btl6$8l7$3@news.spamcop.net... > I Love Spam wrote: > > This is just so crazy, why does everyone hate spam? Spam adds a lot to > > the economy. Think how many people would lose their jobs if it wasn't > > for spam! > I take this as an invite to be spammed. > > Ivan. Jokes aside, believe it or not there actually are people out there that like spam just like there are people who love loads of junk mail coming through their letter-box. I suppose it makes these sad people feel as if they are wanted in some perverse way. Then physical junk mail is another kettle of fish, I used to encourage it in one place I lived, not only were some of the scams so outrageous as to be funny, but, I always had lots of paper to light my open coal fire :-) Rob From bert at iphouse.com Sat Mar 5 22:04:27 2005 From: bert at iphouse.com (Bert Hyman) Date: Sat Mar 5 17:05:23 2005 Subject: [SpamCop-List] Tried to change my reporting address, failed. Message-ID: I'm changing ISPs, so I changed my reporting address. A confirmation email was sent to my new address with a link to enter. When I enter it, the Web site says: Authorization failure, no username provided by server; action = -- Bert Hyman St. Paul, MN bert@iphouse.com From feldethom2165 at email2me.net Sat Mar 5 13:18:35 2005 From: feldethom2165 at email2me.net (Fred k) Date: Sat Mar 5 17:20:04 2005 Subject: [SpamCop-List] Re: Tried to change my reporting address, failed. References: Message-ID: "Bert Hyman" wrote in message news:Xns9610A3876777AVeebleFetzer@216.154.195.61... > Authorization failure, no username provided by server; action = I assume you are talking about the login at spamcop.net. Is so you have to continue to use the original user id. From devnull at devnull.spamcop.net Sat Mar 5 09:23:42 2005 From: devnull at devnull.spamcop.net (Heidz) Date: Sat Mar 5 18:05:03 2005 Subject: [SpamCop-List] Hello! Message-ID: My name is Heidi (aka spamvireslayer), and I want to extend a personal invitation to the hottest new way to meet new people. Personal ads are a thing of the past, how would you like to actually video-chat with women and men you see online? This technology is brand new, and available ONLY here. No more waiting send pictures, or wasting money on people who are semi attractive, you can now browse hundreds of singles by their video screenshots and view online videos and share live webcam chats with them! What are you waiting for? Live chat with your future lover now! Hope to chat with you soon, Heidi (spamvireslayer) From bert at visi.com Sat Mar 5 23:44:53 2005 From: bert at visi.com (Bert Hyman) Date: Sat Mar 5 18:45:05 2005 Subject: [SpamCop-List] Re: Tried to change my reporting address, failed. References: Message-ID: In news:d0db7o$111$1@news.spamcop.net "Fred k" wrote: > "Bert Hyman" wrote in message > news:Xns9610A3876777AVeebleFetzer@216.154.195.61... > >> Authorization failure, no username provided by server; action = > > I assume you are talking about the login at spamcop.net. Is so you have > to continue to use the original user id. No, I'm talking about the address which spamcop uses to mail stuff to me. I log in, go to "Preferences", select "Change Email address or name" and enter my new address under "Where would you like to receive email responses from your reports?". Spamcop sends a challenge URL to my new address which I enter in my browser (IE6 or Firefox) and get the response I posted above. When I examine my preferences now, I see that my old address is still there. My old address will continue to work for a while, but not forever. -- Bert Hyman St. Paul, MN bert@visi.com From bert at iphouse.com Sun Mar 6 00:48:57 2005 From: bert at iphouse.com (Bert Hyman) Date: Sat Mar 5 19:50:05 2005 Subject: [SpamCop-List] Re: Tried to change my reporting address, failed. References: Message-ID: In news:Xns9610B4BACB8ADVeebleFetzer@news.cesmail.net Bert Hyman wrote: > In news:d0db7o$111$1@news.spamcop.net "Fred k" > wrote: >> "Bert Hyman" wrote in message >> news:Xns9610A3876777AVeebleFetzer@216.154.195.61... >> >>> Authorization failure, no username provided by server; action = >> >> I assume you are talking about the login at spamcop.net. Is so you have >> to continue to use the original user id. > > No, I'm talking about the address which spamcop uses to mail stuff to > me. > > I log in, go to "Preferences", select "Change Email address or name" and > enter my new address under "Where would you like to receive email > responses from your reports?". Spamcop sends a challenge URL to my new > address which I enter in my browser (IE6 or Firefox) and get the > response I posted above. > > When I examine my preferences now, I see that my old address is still > there. My old address will continue to work for a while, but not > forever. > PS: Sending an email to the address included in the same challenge message did change my reporting address, so my personal issue is solved. I'm still curious about the error from the supplied URL. -- Bert Hyman St. Paul, MN bert@iphouse.com From wb8tyw at qsl.network Sat Mar 5 23:39:10 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Sat Mar 5 23:40:14 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: Rob wrote: > > If he is a Troll he's a hit-and-run one and a bit silly if not amusing. It is probably that the people who sold him the affiliate "kit" are blaming the spam reporters for why there are no commission for him this month for the spam runs that he did. Those trolls disappear when they finally figure out that people running the affiliate program never had any intention of paying commissions approaching even a fraction of what the initial payment was to become an affiliate. There have been several posts of news.admin.net-abuse.email where the posters have found there way into the "private" discussion groups of the spammers. Common threads in them is new affiliates whining that they have not been paid the promise riches with the people selling the the affiliate programs coming up with all types of excuses of why they are not paying them. So while the spammer originally feels that the spam reporters burned them, eventually most of them realize that the person that sold them the affiliate kit actually is the one that burned them. -John wb8tyw@qsl.network Personal Opinion Only From bar_n0ne at hotmail.com Sun Mar 6 12:27:57 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Mar 6 03:30:26 2005 Subject: [SpamCop-List] Now who's going to sign up here? Message-ID: Who's gonna sign up for a mortgage and leave their banking details at this site (in plain text) in a turdlet (literally in this case) addressed to someone else? http: // easy-finances.net/2/index/mal/defecate spaces added to protect the stupid. From pete+usenet at heypete.com Sun Mar 6 00:48:46 2005 From: pete+usenet at heypete.com (Pete Stephenson) Date: Sun Mar 6 03:50:03 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: In article , "indigo" wrote: > You attended West Point, the Naval Academy, or what? And without telling us? > ;-) *snerk* Perhaps, "ex-military, college student, etc..." Pedantic people these days... -- Pete Stephenson HeyPete.com From nanarex001 at webtv.net Sun Mar 6 05:02:27 2005 From: nanarex001 at webtv.net (nanarex 001) Date: Sun Mar 6 05:20:28 2005 Subject: [SpamCop-List] CALLING ALL ELECTRICAL GEEKS Message-ID: <15898-422AD533-2@storefull-3235.bay.webtv.net> WILL IT WORK FOR ME , IF I REPAIR A BROKEN PIN ON CIRCUIT BOARD OF MICROWAVE(AMANA 1988) WITH "LOCTITE WELD" PLEASE EXCUSE MY IGNORANCE, FIRST TIME LOOK INTO A MICRO CB' *****PLEAS HELP, BEEN TRYING ALL NIGHT!! ....................THANK YOU...................NAN From notgiven at nodomain.net Sun Mar 6 07:42:49 2005 From: notgiven at nodomain.net (C. S.) Date: Sun Mar 6 07:45:30 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: <1ful21l1r8memf0d32sf53iogrh4ariad3@4ax.com> Sometime around Sun, 6 Mar 2005 05:02:27 -0500, nanarex001@webtv.net (nanarex 001) deemed it necessary to offer: > WILL IT WORK FOR ME , IF I REPAIR A BROKEN PIN ON CIRCUIT BOARD OF > MICROWAVE(AMANA 1988) WITH "LOCTITE WELD" PLEASE EXCUSE MY IGNORANCE, > FIRST TIME LOOK INTO A MICRO CB' > *****PLEAS HELP, BEEN TRYING ALL NIGHT!! > ....................THANK YOU...................NAN Ignoring the fact that the OP appears to have absolutely zero clue as to the inappropriateness of the subject matter posted into this newsgroup, against my common sensibilities I propose this: 1) STOP SHOUTING! 2) Cease and desist posting binary/HTML sig attachments 2) The right tool for the job: have ya tried a soldering iron/gun? Duh! From angel+news at spamcop.net Sun Mar 6 13:03:37 2005 From: angel+news at spamcop.net (Angel) Date: Sun Mar 6 08:05:40 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy References: Message-ID: On 2005-03-04, I Love Spam wrote: > > This is just so crazy, why does everyone hate spam? Spam adds a lot to = > the economy. Think how many people would lose their jobs if it wasn't = > for spam! - Spam takes up my bandwidth and my disc space without any compensation to me. - Spam frequently advertizes stuff I am not even remotely interested in and often offends me. - Spammers deliberately try to break any means to keep their unwanted crap out of my mailbox. - Spam forces my ISP to charge me more, again without any compensation to me. In short, spam only costs me money without benefitting me at all, while trying to force stuff I don't want to see in my face. What's not to hate? Add to that the fact that many known spammers have a shady and sometimes outright criminal past, and I am left wondering why anyone would not want to rout spammers like the vermin they are. By the way, you forgot to mention that spam saves the trees. Which spanked spammer are you? -- We [tinw] are NANAE. CAN-SPAM is irrelevant. Spamming is futile. You will be larted. From devnull at spamcop.net Sun Mar 6 08:45:43 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Mar 6 08:55:03 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: "nanarex 001" wrote in message news:15898-422AD533-2@storefull-3235.bay.webtv.net... | WILL IT WORK FOR ME , IF I REPAIR A BROKEN PIN ON CIRCUIT BOARD OF | MICROWAVE(AMANA 1988) WITH "LOCTITE WELD" PLEASE EXCUSE MY IGNORANCE, | FIRST TIME LOOK INTO A MICRO CB' | *****PLEAS HELP, BEEN TRYING ALL NIGHT!! | ....................THANK YOU...................NAN Loctite weld is a glue and not a conductor. You need to use standard rosin solder, not low temp and *definitely* not acid core solder. Size the soldering iron for the job as too much heat will cause more problems. I'd also recommend you get an old circuit board to practice how. (Based on your quesiton you will need to practice a lot before you try the real thing) From bar_n0ne at hotmail.com Sun Mar 6 18:01:36 2005 From: bar_n0ne at hotmail.com (Berny) Date: Sun Mar 6 09:05:07 2005 Subject: [SpamCop-List] who are ifxnetworks.com? Message-ID: along with mhz.net theyr growing on the radar screen From eddie at eddie.web Sun Mar 6 11:45:25 2005 From: eddie at eddie.web (eddie) Date: Sun Mar 6 11:50:26 2005 Subject: [SpamCop-List] Re: who are ifxnetworks.com? References: Message-ID: On Sun, 06 Mar 2005 18:01:36 +0400, Berny scratched out the following: > along with mhz.net theyr growing on the radar screen They seem to be a big South American network There is a Miami, USA contact on their webpage: MIAMI 1930 Harrison St. #404 Hollywood, FL 33020 Tel.: +305.512.1100 Fax: +305.512.4220 e-mail: sales@ifxcorp.com Website: http://www.ifxnetworks.com/Contact_Us/ -- Once movie theaters gave out steak knives Today they confiscate them From eddie at eddie.web Sun Mar 6 11:46:42 2005 From: eddie at eddie.web (eddie) Date: Sun Mar 6 11:50:49 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> <1ful21l1r8memf0d32sf53iogrh4ariad3@4ax.com> Message-ID: On Sun, 06 Mar 2005 07:42:49 -0500, C.S scratched out the following: > 1) STOP SHOUTING! > > 2) Cease and desist posting binary/HTML sig attachments > > 2) The right tool for the job: have ya tried a soldering iron/gun? Duh! > > The correct tool, in this case is a big PLONK! -- Once movie theaters gave out steak knives Today they confiscate them From feldethom2165 at email2me.net Sun Mar 6 08:15:03 2005 From: feldethom2165 at email2me.net (Fred k) Date: Sun Mar 6 12:20:06 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Mike Richter" wrote in message news:d0a72r$7d8$1@news.spamcop.net... > What happened? Is someone getting after the crooks? The content has not > changed to suggest that my ISPs are filtering. All I see is that the > deluge has (blessedly) abated. I used to get 2 to 6 per day. Since 3/3 I haven't gotten any. I am researching what I did to deserve that. Fred k From dfm2a3l0t2 at spymac.com Sun Mar 6 15:45:41 2005 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sun Mar 6 15:50:08 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: In article , eddie wrote: > Yeah, but for the Supreme Court there is zero oversight and the > Constitution never set it up that way Wrong on both counts. Article III, Section 2 of the Constitution provides that "In all the other cases before mentioned, the Supreme Court shall have appellate jurisdiction, both as to law and fact, with such exceptions, and under such regulations as the Congress shall make." And SCOTUS justices can be (and have been) impeached. -- D.F. Manno dfm2a3l0t2@spymac.com "The work goes on, the cause endures, the hope still lives and the dream will never die." From dmichalek at cox.net Sun Mar 6 16:21:34 2005 From: dmichalek at cox.net (Don M) Date: Sun Mar 6 17:15:25 2005 Subject: [SpamCop-List] Reporting Spam not working Message-ID: I have noticed lately that when I submit to SpamCop that I do not get any response email with a link to finish reporting the Spam. Why is this? Has there been any changes to SpamCop.net that prevents me from submitting my inbox Spam? Don From completelyfalse at harrykiri.com Mon Mar 7 09:22:50 2005 From: completelyfalse at harrykiri.com (Harry Kiri) Date: Sun Mar 6 17:25:03 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: "nanarex 001" wrote in message news:15898-422AD533-2@storefull-3235.bay.webtv.net... WILL IT WORK FOR ME , IF I REPAIR A BROKEN PIN ON CIRCUIT BOARD OF MICROWAVE(AMANA 1988) WITH "LOCTITE WELD" PLEASE EXCUSE MY IGNORANCE, FIRST TIME LOOK INTO A MICRO CB' *****PLEAS HELP, BEEN TRYING ALL NIGHT!! ....................THANK YOU...................NAN "Have ~a~Wonderful~Day/Night !!! !".................................... ~~nanarex~~........................ You are in the wrong newsgroup. If you visit an electronics newsgroup - and type in lower case - you may get a knowledgeable reply (which will probably be similar to the following): The very wording of your question suggests you should not try repairing appliances yourself. Devices with EHT ("Extra High Tension" voltages) can, under some circumstances, store massive and lethal charges. Such devices are even more dangerous when they're not turned on - because many/most untrained people think they can safely touch any part of the device. This is untrue. Capacitors within these such devices can easily have you knocking on the pearly gates. Live longer. Pay someone else to fix it. Regards, Hughy From nobody at spamcop.net Sun Mar 6 14:21:02 2005 From: nobody at spamcop.net (JM) Date: Sun Mar 6 17:25:10 2005 Subject: [SpamCop-List] Re: who are ifxnetworks.com? References: Message-ID: "eddie" wrote in message news:pan.2005.03.06.16.45.24.369000@eddie.web... > On Sun, 06 Mar 2005 18:01:36 +0400, Berny scratched out the following: > >> along with mhz.net theyr growing on the radar screen > > They seem to be a big South American network > There is a Miami, USA contact on their webpage: > > MIAMI > 1930 Harrison St. #404 > Hollywood, FL 33020 > Tel.: +305.512.1100 > Fax: +305.512.4220 > e-mail: sales@ifxcorp.com > > Website: http://www.ifxnetworks.com/Contact_Us/ > > -- > Once movie theaters gave out steak knives > Today they confiscate them The address is bogus per www.usps.com. ifxnetworks.com was previously registered to telcom.net, whose pricipal is/was Gustard Pospischel, who has a colorful past (epagos.com, docdrugs.com and overnightrx.com). See http://groups-beta.google.com/group/news.admin.net-abuse.email/browse_thread/thread/b761652567a4543e/f2f76dde67590d34?q=ifxnetworks.com+group:news.admin.net-abuse.email#f2f76dde67590d34 Unable to report the bogus registration right now, as http://wdprs.internic.net/ generates server errors(reported to webmaster@internic.com). From DougThegarden at hotmail.com Sun Mar 6 22:29:50 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Sun Mar 6 17:30:03 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS In-Reply-To: References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: Harry Kiri wrote: > > The very wording of your question suggests you should not try > repairing appliances yourself. Devices with EHT ("Extra High Tension" > voltages) can, under some circumstances, store massive and lethal > charges. Such devices are even more dangerous when they're not turned > on - because many/most untrained people think they can safely touch > any part of the device. This is untrue. Capacitors within these such > devices can easily have you knocking on the pearly gates. > Brings back memories of fixing tube TV sets. Stick you head inside cabinet. HT capacitor discharges onto your nose, hit head hard on inside of cabinet. Doug From nobody at nowhere.invalid Sun Mar 6 23:42:18 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Sun Mar 6 17:45:02 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: On Mon, 7 Mar 2005 09:22:50 +1100, Harry Kiri coughed into spamcop and left this in : > The very wording of your question suggests you should not try > repairing appliances yourself. Yeah, but don't tell him. Chlorinating the gene pool etc... -- Steve Linux: the choice of a GNU generation -- ksh @ cis . ufl . edu put this on Tshirts in '93 From crappy.trappy at ntlworld.com Mon Mar 7 00:08:10 2005 From: crappy.trappy at ntlworld.com (Tim) Date: Sun Mar 6 19:10:20 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS In-Reply-To: References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: Doug Thegarden wrote: > Brings back memories of fixing tube TV sets. Stick you head inside > cabinet. HT capacitor discharges onto your nose, hit head hard on > inside of cabinet. LOL, sorry just had to laugh! Just like fixing the horn on my car. You know it's gonna go off any second now, you just know, but it still makes you jump enough to bang your head on the under side on the bonnet. From devnull at spamcop.net Sun Mar 6 20:24:07 2005 From: devnull at spamcop.net (Frog Prince) Date: Sun Mar 6 20:25:05 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: "Doug Thegarden" | > The very wording of your question suggests you should not try | > repairing appliances yourself. Devices with EHT ("Extra High Tension" | > voltages) can, under some circumstances, store massive and lethal | > charges. Such devices are even more dangerous when they're not turned | > on - because many/most untrained people think they can safely touch | > any part of the device. This is untrue. Capacitors within these such | > devices can easily have you knocking on the pearly gates. | > | | Brings back memories of fixing tube TV sets. Stick you head inside | cabinet. HT capacitor discharges onto your nose, hit head hard on | inside of cabinet. Might try the same thing with a 100Kw marine radar. Espically if you have long hair as the static charge will pull in the loss hair with a direct line to the brain. From nobody at xyzzy.claranet.de Mon Mar 7 02:45:57 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Sun Mar 6 20:50:33 2005 Subject: [SpamCop-List] Re: Reporting Spam not working References: Message-ID: <422BB255.267B@xyzzy.claranet.de> Don M wrote: > Has there been any changes to SpamCop.net that prevents me > from submitting my inbox Spam? No. Test it with the Web form. If that works as expected your mail submissions don't make it to SC. Or SC's replies don't make it to you, in that case you'd still see a "pending reports - report now" link on SC's welcome page. Bye, Frank From agent01413 at my-deja.com Mon Mar 7 03:27:57 2005 From: agent01413 at my-deja.com (Socks the Whitehouse Cat) Date: Sun Mar 6 22:30:14 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: "D.F. Manno" wrote in news:dfm2a3l0t2- 703AA3.15454006032005@news.cesmail.net: > And SCOTUS justices can be (and have been) impeached. One SCOTUS justice has been impeached. Turned out that was for a speech, not for any of his actions on the court. None have been convicted. -- "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna, date unknown From driehuis.fcnzpbc2005 at playbeing.com Mon Mar 7 04:40:35 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Sun Mar 6 22:45:04 2005 Subject: [SpamCop-List] Re: soonish.net - NOT References: <20050303060510.1d75dcc4@wednesday.playbeing.org> Message-ID: <20050307044035.300086f1@wednesday.playbeing.org> On Thu, 03 Mar 2005 00:40:38 -0500 "John E. Malmberg" wrote: > Look, backup I.P. addresses just in case a lart is successful in > getting a DNS host shutdown, but not effective if the domain gets > canceled. That will require a bit more work for spammy to recover > from. Don't forget to take the TTL into account. For most users, cancellation of the domain is irrelevant as long as their ISP's DNS server still has an answer in its cache. And given that the average life expectancy for a spammers domain appears to be less than the TTL, spammy may still hold the better cards. If you run an ISP, make sure your SpamAssassin uses a different DNS cache than your users, to avoid SpamAssassin doing the dirty work for spammy! From driehuis.fcnzpbc2005 at playbeing.com Mon Mar 7 04:42:52 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Sun Mar 6 22:45:24 2005 Subject: [SpamCop-List] Re: Large spam increasing? References: Message-ID: <20050307044252.32d80abb@wednesday.playbeing.org> On Fri, 4 Mar 2005 08:06:25 -0800 "Possum Trot" wrote: > Have I been asleep, or has Spammy recently begun sending many more > large spam? I note today 29 spam over 10K with 6 at 50K and 2 at 92 > K. That's 20% of the 148 spam received. Or maybe Spammy loves only > me? I just got the mother of all 419ers: a single scanned page at a resolution of something like 10,000 by 2,000 -- 4MB worth of JPEG. Delivered from Hotmail no less. From driehuis.fcnzpbc2005 at playbeing.com Mon Mar 7 05:05:33 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Sun Mar 6 23:10:03 2005 Subject: [SpamCop-List] Re: If you were the head of an ISP with 4000 zombies... References: Message-ID: <20050307050533.7ed291fd@wednesday.playbeing.org> On Thu, 03 Mar 2005 16:55:43 -0500 Sofa King Tyred of Lar Ting wrote: > It's the same reason why airlines don't enforce the rules about > carry-on bags that obviously don't fit in that metal-framed box > thingy displayed at the check-in counter. (Well, I've only seen it > enforced once, when a customer was being a real jerk.) > > One could argue that if all passengers respected that rule, airline > tickets would be cheaper for everyone since less fuel would be > required for a trip. What head of an airline would have the guts to > try that? Errrmmm, the same kind of airline manager that would be a successful ISP manager. ISP's that are strict in enforcing rules have less Trojans and more happy customers. Even the customers that get shut off for running an abused insecure system tend to appreciate that if handled properly. Airlines that do not enforce the carry-on limits are the same ones that suffer push-back delays. I was on a flight outbound of Detroit when NorthWest management decided to tackle the issue. Before me in line was the kind of customer we all love: around half a cubic meter of carry-on luggage, obviously too late to check in, and it transpired this was his personal policy because he was too damn important to bother with check-in times. The ground staff refused him access unless he checked his bags, but he threw his weight around and got whisked on board by a senior KLM flight attendant. At which point the ground staffer resigned, literally. When the flight finally became airborne the captain announced that the delay was due to a late passenger who hadn't checked his bags. I wouldn't have minded if he had called out the seat number of the jerk. So, to answer your question: NorthWest had the guts to implement it, and KLM had the guts to ruin the effort. Guess which side I'm rooting for :-) From driehuis.fcnzpbc2005 at playbeing.com Mon Mar 7 05:23:05 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Sun Mar 6 23:25:04 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth References: Message-ID: <20050307052305.037b55df@wednesday.playbeing.org> On Fri, 04 Mar 2005 20:25:09 +0100 Ivan Leo Puoti wrote: > Steven Maesslein wrote: > > There are areas where ADSL bandwidth is capped and/or paid for at a > > premium. I believe that BT Internet, for example, is putting a > > 1GB/mo cap on people's connections, and it is far from uncommon for > > subscribers to pay by the MB in Oz and New Zealand. > But in the UK at least AOL offers unlimited traffic. In Italy all ISPs > give unlimited traffic. For suitable values of "unlimited". :-) All ISPs "overcommit" their bandwidth. E.g., for every thousand ADSL users with 1024kbps download each, they may buy 100mbps of bandwidth (overcommitting 10/1). With ADSL, 10/1 used to be a high-end ISP, with tier-two ISPs overcommitting 20/1 or even 100/1. At 10/1, the end user will get his 1024kbps download rate 99 out of 100 times. At 20/1, that may be 97 out of a hundred times. In other words, most end users don't notice that they're undersold, even if they knew where to look. Unlimited access is easy to offer if you don't mind increasing the overcommitment, which is precisely what I see with el-cheapo ISPs. BT was mentioned earlier in this thread, and while they suck when it comes to dealing with spam from their network, they do seem to remain on the level when it comes to overcommitment. If that amounts to charging the customers who do the spamming through their trojans, I can only describe that as collateral benefit! From Kilgallen at SpamCop.net Sun Mar 6 22:38:18 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sun Mar 6 23:40:07 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: <1K7NpTNwoBi0@eisner.encompasserve.org> In article , Socks the Whitehouse Cat writes: > "D.F. Manno" wrote in news:dfm2a3l0t2- > 703AA3.15454006032005@news.cesmail.net: > >> And SCOTUS justices can be (and have been) impeached. > > One SCOTUS justice has been impeached. Turned out that was for a speech, > not for any of his actions on the court. > > None have been convicted. So the court has a pretty good record, and the mechanisms are in place. From postmaster at aroundthecreek.com Mon Mar 7 08:29:54 2005 From: postmaster at aroundthecreek.com (Brent Pirolli) Date: Mon Mar 7 08:30:03 2005 Subject: [SpamCop-List] Re: Hello! References: Message-ID: Umm... did she just spam an anti-spam newsgroup? -- Brent Pirolli "Heidz" wrote in message news:d0ddll$279$1@news.spamcop.net... > My name is Heidi (aka spamvireslayer), and I want to extend a personal > invitation to the hottest new way to meet new people. > > Personal ads are a thing of the past, how would you like to actually > video-chat with women and men you see online? > > This technology is brand new, and available ONLY here. No more waiting > send pictures, or wasting money on people who are semi attractive, you > can now browse hundreds of singles by their video screenshots and view > online videos and share live webcam chats with them! > > What are you waiting for? Live chat with your future lover now! > > Hope to chat with you soon, > Heidi (spamvireslayer) From firewoman at default.domain.not.available Mon Mar 7 08:55:26 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Mon Mar 7 08:55:04 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: "Mike Richter" wrote in message news:d0bkma$3ip$1@news.spamcop.net... > > I haven't received any from Iraq yet, but Dubai, UAE, Russia (of course), > Romania - and I forget how many others. > The ones I get for Iraq resemble that goofy movie with George Clooney in it a while back, can't remember the name of it. (He and a few other "soldiers" were hunting for some hidden treasure in some country made up of nothing but desert.) "Help me get Saddam's money out of Iraq!" From mikeyhsd at sport.rr.com Mon Mar 7 08:03:34 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Mon Mar 7 09:05:03 2005 Subject: [SpamCop-List] Gmail Message-ID: looks like gmail is now trying to be the BIG spammer haven. lots of new spam from gmail addresses. mikeyhsd@sport.rr.com From devnull at spamcop.net Mon Mar 7 10:15:02 2005 From: devnull at spamcop.net (Frog Prince) Date: Mon Mar 7 10:20:03 2005 Subject: [SpamCop-List] Re: 4000 zombies create a nice chunk of bandwidth References: <20050307052305.037b55df@wednesday.playbeing.org> Message-ID: "Bert Driehuis" | | > Steven Maesslein wrote: | > > There are areas where ADSL bandwidth is capped and/or paid for at a | > > premium. I believe that BT Internet, for example, is putting a | > > 1GB/mo cap on people's connections, and it is far from uncommon for | > > subscribers to pay by the MB in Oz and New Zealand. | > But in the UK at least AOL offers unlimited traffic. In Italy all ISPs | > give unlimited traffic. | | For suitable values of "unlimited". :-) | | All ISPs "overcommit" their bandwidth. E.g., for every thousand ADSL | users with 1024kbps download each, they may buy 100mbps of bandwidth | (overcommitting 10/1). With ADSL, 10/1 used to be a high-end ISP, with | tier-two ISPs overcommitting 20/1 or even 100/1. | | At 10/1, the end user will get his 1024kbps download rate 99 out of 100 | times. At 20/1, that may be 97 out of a hundred times. In other words, | most end users don't notice that they're undersold, even if they knew | where to look. | | Unlimited access is easy to offer if you don't mind increasing the | overcommitment, which is precisely what I see with el-cheapo ISPs. The processed is called 'trunking' and has substantial mathematical theory to support the process. (phone companies have use the procees for years). The problem comes when the ISP's business plan is faulty for example assuming they will have a large number low volume email clients when in fact their markeing is tarketed to heavy duty game players. From nobody at devnull.spamcop.net Mon Mar 7 10:19:04 2005 From: nobody at devnull.spamcop.net (Pop) Date: Mon Mar 7 10:20:20 2005 Subject: [SpamCop-List] Re: Hello! References: Message-ID: "Brent Pirolli" wrote in message news:d0hktp$ahu$1@news.spamcop.net... > Umm... did she just spam an anti-spam newsgroup? Please don't feed the trolls. Pop From ivan at gmail.com Mon Mar 7 17:13:12 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Mon Mar 7 11:15:05 2005 Subject: [SpamCop-List] bringing down spamvertised web sites Message-ID: Latest version of my spamvampire http://www003.portalis.it/115/spam.html I'm now sucking 1.3 MB/s off them, convinced a "stop cam cops" site to move host in 6 hours :-) Currently targeting stop-spyware-now.info (BTW that you to the spammers for making it all very easy by using wildcats in the DNS), everyone is welcome to join the effort. Ivan. From nobody at spamcop.net Mon Mar 7 13:09:24 2005 From: nobody at spamcop.net (indigo) Date: Mon Mar 7 13:10:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: D.F. Manno wrote: > In article , > eddie wrote: > >> Yeah, but for the Supreme Court there is zero oversight and the >> Constitution never set it up that way > > Wrong on both counts. Article III, Section 2 of the Constitution > provides that "In all the other cases before mentioned, the Supreme > Court shall have appellate jurisdiction, both as to law and fact, with > such exceptions, and under such regulations as the Congress shall > make." Seems there's quite a bit of dissatisfaction with SCOTUS and their "lack of oversight" these days...... The Nine Divines - and the Constitution Gregory Kane Originally published Mar 5, 2005 Actually, only about five or six justices on our Supreme Court are in full-blown divine mode at any given moment. Of the high court's nine members, only three can be counted on to consistently rule as if they have any sense: Chief Justice William Rehnquist and Associate Justices Antonin Scalia and Clarence Thomas. The others - some of whom have distinguished themselves as eager "penumbra raiders" - need full-immersion civics lessons about how and why the Constitution limits the powers of all three branches of the federal government. In the latest foray into the Constitution's "penumbra," five justices concluded Tuesday that the death penalty for juveniles is "cruel and unusual punishment" and, hence, unconstitutional. Mind you, the Eighth Amendment, which forbids cruel and unusual punishment (you'll notice framers of the Constitution wisely avoided using the conjunction "or") says nothing specifically about either the death penalty or executing juveniles. That's because the Founding Fathers left the matter of capital punishment - who gets it, for what crimes and at what age - to the states. Scroll down two sections from the Eighth Amendment in the Bill of Rights and it'll be right there: the 10th Amendment. "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." Many state legislatures, before March 1, 2005, had exercised that power by passing laws either abolishing capital punishment or forbidding the execution of murderers who are younger than 18. Maryland is one of the states that doesn't execute juveniles. I don't agree with the Maryland law, but I respect the legislators who passed it. They went by the book. The death penalty is a matter for state legislatures. More consistent on the powers of the states and limiting the powers of the federal government are Scalia, Thomas and Rehnquist. In a dissent from the 5-4 opinion that outlawed the death penalty for juveniles, Scalia wrote, perhaps too kindly, that the majority's logic was based on "the flimsiest of grounds." Then Scalia dredged up that nettlesome "s" word - as in states - when he reiterated that the matter of capital punishment is within their purview, not the Supreme Court's. Scalia also focused on what was really happening on March 1, 2005, hinting that the high court's justices are fast becoming the Nine Divines, even if he didn't use the term. "The court says in so many words that what our people's laws say about the issue [execution of juveniles] does not, in the last analysis, matter. The court thus proclaims itself sole arbiter of our nation's moral standards." In other words, we're fast moving into rule by nine black coats who tell us that someone who murders a day before his 18th birthday is significantly different psychologically and emotionally from one who murders a day after his 18th birthday. They tell us as well that they - and only they - are better suited than thousands of state legislators to determine that executing juveniles is cruel and unusual punishment. From ivan at gmail.com Mon Mar 7 19:23:45 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Mon Mar 7 13:25:11 2005 Subject: [SpamCop-List] Re: Vanishing 419s? In-Reply-To: References: Message-ID: Firewoman wrote: > "Mike Richter" wrote in message > news:d0bkma$3ip$1@news.spamcop.net... > >>I haven't received any from Iraq yet, but Dubai, UAE, Russia (of course), >>Romania - and I forget how many others. >> > > > The ones I get for Iraq resemble that goofy movie with George Clooney in it > a while back, can't remember the name of it. (He and a few other "soldiers" > were hunting for some hidden treasure in some country made up of nothing but > desert.) "Help me get Saddam's money out of Iraq!" > > That was a fun movie. From spamcop at bucks.f9.co.uk Mon Mar 7 19:18:25 2005 From: spamcop at bucks.f9.co.uk (Bucky) Date: Mon Mar 7 14:20:04 2005 Subject: [SpamCop-List] Re: Everyone is so ... To "Pop" References: Message-ID: "Pop" wrote ... > "Bucky" wrote ... >> "Pop" ... >>> It's probably a troll of course, ... >> >> And there's Pop using his lovely "troll" word again cos he doesn't like >> the thread. Lighten up a bit! Not everyone that has a different view to >> you is a troll Pop. >> > True. Very true. But you; you appear to be a wannabe troll (and were > pronounced a troll by many) > from some of your past posts and missives and outright crap. Pronounced a troll by one - you - and I just take great offence to it when all I was trying to do was have a discussion and get people thinking about the issues. > Would you like me to look you up and post your exploits again? If you want to waste everyone's time, go ahead, but I'm getting the impression from this post you think I'm someone else. > You're very easy to find. Yep, I always post as "Bucky" , I've started one thread that got a lot of discussion going, and replied to a couple of other topics with on-topic queries, ooh and terror of terrors, a light hearted reply to this thread. > I will admit I've seen much less of a trollish attitude from you since our > original encounter. Which was when exactly? The first time I was aware of your existence was 4:52 on 23-Feb when Pop wrote in message news:cviccu$fql$1@news.spamcop.net.... > Just to inject a tiny comment here, he does have a point in that SC isn't > "easily" contactable. From firewoman at default.domain.not.available Mon Mar 7 15:33:26 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Mon Mar 7 15:35:03 2005 Subject: [SpamCop-List] C&C: Everyone is so ... References: Message-ID: "Bucky" wrote in message news:d0i9e4$m2f$1@news.spamcop.net... > all I was trying to do was have a discussion and get people thinking about > the issues. > LOL!! Thank you for the great laugh! A discussion and getting people thinking.... by telling someone to lighten up after they called a troll a troll? The "different view" you refer to in your first post in this thread was posted by a troll. Why do I think it's a troll? Who else would come into a SpamCop group and say "spam is great!" (other than Monty Python)? And thanks for posting your plonking info... From Slootsky at SpamCop.Net Mon Mar 7 16:02:12 2005 From: Slootsky at SpamCop.Net (Justin Slootsky) Date: Mon Mar 7 15:44:07 2005 Subject: [SpamCop-List] Gmail In-Reply-To: References: Message-ID: <1110229332.422cc1540720b@webmail.slootsky.org> from gmail email addresses, or from gmail IP addresses? Quoting mikeyhsd : > looks like gmail is now trying to be the BIG spammer haven. > lots of new spam from gmail addresses. -- Justin Slootsky Slootsky@SpamCop.Net From nobody at devnull.spamcop.net Tue Mar 8 07:53:37 2005 From: nobody at devnull.spamcop.net (J. Franklin) Date: Mon Mar 7 15:55:02 2005 Subject: [SpamCop-List] SpamCop's free webparser cannot pars Message-ID: Hi, http://www.spamcop.net/sc?id=z739713139z3a1bfb20999c81136fb7a771721a30faz I have been getting quite a lot of spam that SpamCop's free webparser cannot pars. All it gives to report to is my own administrator richard@melbpc.org.au and Cyveillance spam collection. Could someone more savvy please enlighten me, why this is so and how I can report this f***** spammers? Thanking you in advance for any help, John From nobody at spamcop.net Mon Mar 7 21:06:04 2005 From: nobody at spamcop.net (me-no-no) Date: Mon Mar 7 16:10:05 2005 Subject: [SpamCop-List] In Desperation... Message-ID: ...spammy tried a new filter bypass technique - Wonder what CTR this achieved:-) from usen-221x247x237x172.ap-US01.usen.ad.jp (usen-221x247x237x172.ap-US01.usen.ad.jp [221.247.237.172]) Subject: been trying to contact you the past few days Read downwards please :) V - V - C - C I - I - I - O C - A - A - D O - G - L - E D - R - I - I I - A - S - N N - - - - - E All are FDA approved Up to 80%off No ship charges spuries.com/air1/?kpgc (copy/paste url in your browser)" Ciao Meno From nospam at dev.null Mon Mar 7 23:17:17 2005 From: nospam at dev.null (Anty Spam) Date: Mon Mar 7 16:20:02 2005 Subject: [SpamCop-List] Gmail References: Message-ID: "Justin Slootsky" wrote in message news:mailman.108.1110228248.4572.spamcop-list@news.spamcop.net... > from gmail email addresses, or from gmail IP addresses? > > Quoting mikeyhsd : > > > looks like gmail is now trying to be the BIG spammer haven. > > lots of new spam from gmail addresses. > > -- > Justin Slootsky > Slootsky@SpamCop.Net I think Mike is referring to WHOIS details. I have also noticed this. Unfortunately mail to mail-abuse@gmail.com yields not results ..... However: http://gmail.google.com/gmail/help/program_policies.html ???? Many violations here per spam. From: http://gmail.google.com/gmail/help/terms_of_use.html : "Personal Use. The Service is made available to you for your personal use only." SPam is a multi million dollar business!!! Hmmm, maybe time for a whois.spamcop? E From spamcop at bucks.f9.co.uk Mon Mar 7 21:35:55 2005 From: spamcop at bucks.f9.co.uk (Bucky) Date: Mon Mar 7 16:40:05 2005 Subject: [SpamCop-List] Re: Everyone is so ... References: Message-ID: Firewoman, this post was for Pop and was about a previous thread. I am not "I Love Spam". I am Bucky. There is a big difference. "Firewoman" wrote in message news:d0idl4$of2$1@news.spamcop.net... > And thanks for posting your plonking info... From Kilgallen at SpamCop.net Mon Mar 7 15:42:27 2005 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Mon Mar 7 16:45:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: In article , "indigo" writes: > D.F. Manno wrote: >> In article , >> eddie wrote: >> >>> Yeah, but for the Supreme Court there is zero oversight and the >>> Constitution never set it up that way >> >> Wrong on both counts. Article III, Section 2 of the Constitution >> provides that "In all the other cases before mentioned, the Supreme >> Court shall have appellate jurisdiction, both as to law and fact, with >> such exceptions, and under such regulations as the Congress shall >> make." > > Seems there's quite a bit of dissatisfaction with SCOTUS and their "lack of > oversight" these days...... But not enough for even a start at impeachment. In the last election there was "quite a bit of dissatisfaction" with Bush. There was also "quite a bit of dissatisfaction" with Kerry. From nospam at dev.null Mon Mar 7 23:55:36 2005 From: nospam at dev.null (Anty Spam) Date: Mon Mar 7 16:55:04 2005 Subject: [SpamCop-List] Re: Now who's going to sign up here? References: Message-ID: "Berny" wrote in message news:d0eeue$jbi$1@news.spamcop.net... > Who's gonna sign up for a mortgage and leave their banking details at this > site (in plain text) in a turdlet (literally in this case) addressed to > someone else? > > http: // easy-finances.net/2/index/mal/defecate > > spaces added to protect the stupid. > > Not me! But thx for the info - bad whois. 000domains are EXTREMELY good at beating me to bad whois. They pick up on it an by the time I report it, domain is on hold. Great team ! Their contact: support@000domains.com. Thx From nospam at dev.null Tue Mar 8 00:38:44 2005 From: nospam at dev.null (Anty Spam) Date: Mon Mar 7 17:40:28 2005 Subject: [SpamCop-List] New WHOIS Forum? Message-ID: Hi All I have picked up an interest in whois in quite a few posting , so here goes... I think a whois.spamcop forum is appropriate. My reasons for saying this is as follows: - We all have a common goal here, fighting spam. - False whois is prevalent in most spamverstised domains' details. - Registrars are forced to examine whois complaints as per their registrar accreditation agreements. (http://www.icann.org/registrars/agreements.html) - We have the tools to report bad whois details. (http://wdprs.internic.net/, direct mails to registrars etc) - We do not always have the tools to verify whois details and questionable whois details may be left, allow domains to be used for future spamming. (A saving to a spammer). We want the opposite. - The more domains a spammer uses, the higher his input cost = less profit. A hold on a domain requires him to register a new one = $$ - The longer a spammer can run with a domain, the more spam from it. However a short lived domain = more work for him + costs for a new one. - More participating members on a newsgroup = more geographical knowledge = better likelihood of spotting bad whois. - Ability to identify rogue registrars (report via http://reports.internic.net/cgi/registrars/problem-report.cgi ) in a publicized place, instead of my private mailbox. The important thing is that when we submit a bad whois complaint, it should be accurate and if possible, show intent to submit bad whois on the part of the spammer. This enables the registrar to immediately put a domain on hold, (No 15 day grace period) as per http://www.icann.org/announcements/advisory-03apr03.htm item 1, the wifull submission of inaccurate whois data. A concerted whois reporting effort from a responsible group will most definitely make more work for spammers and increase their costs. Spamcop may just be the place to share info to accomplish this. This may well evolve into a registry of bad addresses or similar. Your thoughts? Cheers From mikeyhsd at sport.rr.com Mon Mar 7 18:06:01 2005 From: mikeyhsd at sport.rr.com (mikeyhsd) Date: Mon Mar 7 19:10:07 2005 Subject: [SpamCop-List] Gmail References: Message-ID: gmail.com mikeyhsd@sport.rr.com "Justin Slootsky" wrote in message news:mailman.108.1110228248.4572.spamcop-list@news.spamcop.net... > from gmail email addresses, or from gmail IP addresses? > > Quoting mikeyhsd : > >> looks like gmail is now trying to be the BIG spammer haven. >> lots of new spam from gmail addresses. > > -- > Justin Slootsky > Slootsky@SpamCop.Net From nobody at spamcop.net Mon Mar 7 19:12:35 2005 From: nobody at spamcop.net (indigo) Date: Mon Mar 7 19:10:16 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: Ivan Leo Puoti wrote: >> The ones I get for Iraq resemble that goofy movie with George >> Clooney in it a while back, can't remember the name of it. (He and >> a few other "soldiers" were hunting for some hidden treasure in some >> country made up of nothing but desert.) "Help me get Saddam's money >> out of Iraq!" >> >> > That was a fun movie. "Three Kings" was the title. Loved the scene with Ice Cube making a bomb out of a nerf football and C-4 ;-) From nobody at spamcop.net Mon Mar 7 19:19:56 2005 From: nobody at spamcop.net (indigo) Date: Mon Mar 7 19:20:03 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: Larry Kilgallen wrote: > In article , "indigo" > writes: >> D.F. Manno wrote: >>> In article , >>> eddie wrote: >>> >>>> Yeah, but for the Supreme Court there is zero oversight and the >>>> Constitution never set it up that way >>> >>> Wrong on both counts. Article III, Section 2 of the Constitution >>> provides that "In all the other cases before mentioned, the Supreme >>> Court shall have appellate jurisdiction, both as to law and fact, >>> with such exceptions, and under such regulations as the Congress >>> shall make." >> >> Seems there's quite a bit of dissatisfaction with SCOTUS and their >> "lack of oversight" these days...... > > But not enough for even a start at impeachment. When SCOTUS starts trampling on the rights given to the states by the Constituion and the Bill of Rights impeachment _shouldn't_ be far behind, but of course with the Rep's in charge of all 3 branches of the Union.......things ain't going to be getting better anytime soon. From driehuis.fcnzpbc2005 at playbeing.com Tue Mar 8 02:23:05 2005 From: driehuis.fcnzpbc2005 at playbeing.com (Bert Driehuis) Date: Mon Mar 7 20:25:12 2005 Subject: [SpamCop-List] Re: SpamCop's free webparser cannot pars References: Message-ID: <20050308022305.179567fc@wednesday.playbeing.org> On Tue, 8 Mar 2005 07:53:37 +1100 "J. Franklin" wrote: > http://www.spamcop.net/sc?id=z739713139z3a1bfb20999c81136fb7a771721a30faz > > I have been getting quite a lot of spam that SpamCop's free webparser > cannot pars. > > All it gives to report to is my own administrator > richard@melbpc.org.au and Cyveillance spam collection. Looks like you have not set up your mailhosts. Click on the "mailhosts" tab. An educated guess, apologies if it's off base... From wayne at schlitt.net Mon Mar 7 20:04:23 2005 From: wayne at schlitt.net (wayne) Date: Mon Mar 7 21:05:03 2005 Subject: [SpamCop-List] Re: Has anyone been able to get their "Average reporting time" below their universal time zone? References: Message-ID: In "RW" writes: > Bringing your count down is not magic, but isn't going to occur overnight. > The stat works by added the age of each spam as you report it (in seconds) > and dividing it by the total number of spams reported: age + age + age / > #spam: 10000 + 15000 + 20000 / 3 = 15000 average (4.1 hours). > > For your account, it shows a total filed age of 680012093 seconds with 52668 > spam reported. That works out to an average age of 12911 seconds or 215 > minutes or 3.586 hours. With these numbers, even if you were to file the > next 10,000 spams in zero seconds (680012093/62668) to bring the average > down to 3.014 hours. Sorry for the late reply. I think this points out the problem with the way the average is calculated. Instead of the "average" being an overall mean from the very beginning, I think it would be *MUCH* better to have a weighted average. Instead of: total_seconds = total_seconds + reporting_delay_for_this_spam total_reports = total_reports + 1 average = total_seconds / total_reports; have: average = average * 0.95 + reporting_delay_for_this_spam * 0.05 This gives more weight to recent reports, with very old reports being almost irrelevant. I happened to do the calcuations for this particular weighting a couple of days ago for another program I'm working on. The results are: # The most recent counts for 5% of the average, the 10th oldest # counts for 2.9%, the 50th counts for 0.38%, the 100th for 0.03% # This tries to allow for quick detection of clients changing their # polling rate while ignoring the effects dropped packets. If you want to have the 100th report have more weight than just 0.03%, then you need to increase the 0.95 and decrease the 0.05. (The sum of these two numbers must equal 1.00, or you won't get an average.) -wayne From nobody at devnull.spamcop.net Tue Mar 8 13:39:01 2005 From: nobody at devnull.spamcop.net (Patto) Date: Mon Mar 7 23:40:18 2005 Subject: [SpamCop-List] Re: Reporting Spam not working In-Reply-To: References: Message-ID: Don M wrote: > I have noticed lately that when I submit to SpamCop that I do not get any > response email with a link to finish reporting the Spam. Why is this? I also thought that for a while. I originally received my responses and confirmations at the email address I registered with, then some day all reports went to my spamcop.net address. Check it - they may be there, filling up your account. P.S. anybody knows if there is a limit to the spamcop.net email accounts? From nobody at devnull.spamcop.net Mon Mar 7 22:12:26 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Tue Mar 8 01:15:03 2005 Subject: [SpamCop-List] latency, 7 March In-Reply-To: References: Message-ID: today's latency: report received: 09:27:06 -0800 (PST) response sent: 18:03:27 GMT elapsed time: 36 minutes -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Mon Mar 7 22:22:00 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Tue Mar 8 01:25:02 2005 Subject: [SpamCop-List] Re: Everyone is so Anti Spam... and Why... its crazy In-Reply-To: References: Message-ID: I Love Spam asked: > why does everyone hate spam? Ask your sysadmin at comcast.net, he'll be happy to tell you. > Spam adds a lot to the economy. Yes, it adds a lot of drain to the economy. > Think how many people would lose their jobs if it wasn't for spam! Okay: there's you, and a bunch of other spammers. Boo-hoo. -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Mon Mar 7 22:27:15 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Tue Mar 8 01:30:02 2005 Subject: [SpamCop-List] Re: CALLING ALL ELECTRICAL GEEKS In-Reply-To: <15898-422AD533-2@storefull-3235.bay.webtv.net> References: <15898-422AD533-2@storefull-3235.bay.webtv.net> Message-ID: <422D45C3.9000006@devnull.spamcop.net> nanarex_001 shrieked: > WILL IT WORK FOR ME , IF I REPAIR A BROKEN PIN ON CIRCUIT > BOARD OF MICROWAVE (AMANA 1988) WITH "LOCTITE WELD" (1) why are you asking this question on the SpamCop newsgroup?? (2) why are you repairing a 1988 microwave?? -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at devnull.spamcop.net Mon Mar 7 22:35:01 2005 From: nobody at devnull.spamcop.net (LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m) Date: Tue Mar 8 01:40:02 2005 Subject: [SpamCop-List] Re: Gmail In-Reply-To: References: Message-ID: I followed an invitation link from Google to try their Gmail, but its browser-sniffer script balked, even though *claiming* to support Mozilla -- most likely it responds to a Mozilla browser only if installed on a Wintel machine, which I ain't got. I figure if it's that picky, then beware. -- "[Spammers] are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class Mail industry." -- Dave Barry From nobody at spamcop.net Mon Mar 7 23:14:56 2005 From: nobody at spamcop.net (RandallW) Date: Tue Mar 8 02:15:05 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: Message-ID: "Kenneth Loafman" wrote in message news:nnmp21l1sumjg8ce53l4o50g0ij0cjtvnp@4ax.com... > > It's been 30+ years since I've voted FOR someone as opposed to voting for > the lesser of two evils. Kerry would have been less evil because he would > be able to get less done and might have gotten us out of this illegal war. > Bush seems to be intent on destroying anything non-Republican, including > world peace and Social Security. Wonder if the next set of candidates > will be any better. Wonder if we can get out of the Muddled East before > it all backfires on our respective asses. > World peace? How do you destroy something that doesn't exist to begin with? From pantheus at suespammers.org Mon Mar 7 23:44:35 2005 From: pantheus at suespammers.org (Ken Knull) Date: Tue Mar 8 02:45:06 2005 Subject: [SpamCop-List] Re: Gmail References: Message-ID: On Mon, 07 Mar 2005 22:35:01 -0800, LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: > I followed an invitation link from Google to try their Gmail, but its > browser-sniffer script balked, even though *claiming* to support Mozilla > -- most likely it responds to a Mozilla browser only if installed on a > Wintel machine, which I ain't got. I figure if it's that picky, then > beware. Nope, I have two GMail accounts, and addcess them both, and always have using Debian and FireFox and have had zero issues. Ken From nobody at devnull.spamcop.net Tue Mar 8 02:35:57 2005 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Mar 8 03:40:04 2005 Subject: [SpamCop-List] Re: Reporting Spam not working References: Message-ID: "Patto" wrote in message news:d0ja95$8os$1@news.spamcop.net... > > P.S. anybody knows if there is a limit to the spamcop.net email accounts? Frequently Asked Question - best answer available is found at http://forum.spamcop.net/forums/index.php?showtopic=2238 From kjz at despammed.com Tue Mar 8 10:42:22 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Mar 8 04:46:35 2005 Subject: [SpamCop-List] Re: what's up with mhz.com? In-Reply-To: References: Message-ID: eddie wrote: > They just started showing up on my radar screen. > I see that netsol has their contacts hidden. > Have they just started bulletproof spamming or was I just lucky until > recently? zombified IP block, see: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL24358 - kjz From kjz at despammed.com Tue Mar 8 10:50:06 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Mar 8 04:55:24 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? In-Reply-To: References: Message-ID: Anty Spam wrote: [faked whois info] > Your thoughts? - Did you ever seen a spammer domain with valid whois info? (maybe, the address is valid, but then it's e.g. from a customer who bought from spammy) - There are enough rogue registrars around (for which Mickey Mouse @ Disneyland is a totally valid whois contact.....) and spammy exactly knows where he has to register with faked whois info and where not. - As long as ICANN is not forcing their own rules (Has ICANN ever revoked the license of a regsitrar because of too much faked whois data?) nothing will change. With spammers ISPs and registrars can made too much big bucks.... - kjz From spamcop at 1bigthink.com Tue Mar 8 11:44:56 2005 From: spamcop at 1bigthink.com (spamcop) Date: Tue Mar 8 11:45:05 2005 Subject: [SpamCop-List] In-Reply-To: References: Message-ID: <6.1.2.0.0.20050308114115.04f29140@mx.1bigthink.com> At 04:42 PM 3/7/2005, you wrote: >In article , "indigo" >writes: > > D.F. Manno wrote: > >> In article , > >> eddie wrote: > >> > >>> Yeah, but for the Supreme Court there is zero oversight and the > >>> Constitution never set it up that way > >> > >> Wrong on both counts. Article III, Section 2 of the Constitution > >> provides that "In all the other cases before mentioned, the Supreme > >> Court shall have appellate jurisdiction, both as to law and fact, with > >> such exceptions, and under such regulations as the Congress shall > >> make." But don't you have eyes? That last line says it all: it's the Congress lack of oversight, too much busy-ness with rubbing elbows and chasing bags of cash that forces judges to make decisions. And it is the legalese that these Congressmen (and women) insist upon writing our laws in that creates the huge loopholes that people drive trucks through. It is the Congress' fault that judges have to legislate; they are too busy doing other things. But they also keep getting re-elected. So vote your Congressman/woman/Senator out or SHUT UP! > > > > Seems there's quite a bit of dissatisfaction with SCOTUS and their "lack of > > oversight" these days...... > >But not enough for even a start at impeachment. > >In the last election there was "quite a bit of dissatisfaction" with Bush. > >There was also "quite a bit of dissatisfaction" with Kerry. >_______________________________________________ >SpamCop-List mailing list >SpamCop-List@news.spamcop.net >http://news.spamcop.net/mailman/listinfo/spamcop-list > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >http://www.sng.ecs.soton.ac.uk/mailscanner/ >Configuration by Glenn Parsons dnsadmin-at-1bigthink.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com From nospam at dev.null Tue Mar 8 19:29:30 2005 From: nospam at dev.null (Anty Spam) Date: Tue Mar 8 12:30:32 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Karl-Josef Ziegler" wrote in message news:d0jsge$i5b$1@news.spamcop.net... > Anty Spam wrote: > > [faked whois info] > > > Your thoughts? > > - Did you ever seen a spammer domain with valid whois info? > (maybe, the address is valid, but then it's e.g. from a customer > who bought from spammy) Exactly. > - There are enough rogue registrars around (for which Mickey Mouse @ Disneyland > is a totally valid whois contact.....) and spammy exactly knows where he has > to register with faked whois info and where not. > > - As long as ICANN is not forcing their own rules (Has ICANN ever revoked the > license of a regsitrar because of too much faked whois data?) nothing will > change. With spammers ISPs and registrars can made too much big bucks.... > > - kjz But then, is this not a fatalistic approach, if I understand you correctly? Spammers and ISPs - you mention them in one breath, but SpamCop does send mails to ISP's, but not to spammers (intentionally at least) I have found that using a combination of tactics, with the exception of a few, all registrars are evetually forced to toe the line and do what is right. Funny, they hate bad publicity. (A web site with details of ignoring complaints etc etc became redundant 48 hrs after the site was publisized. The registrar relented and did what he was supposed to in the first place :-) Currently our "infamous mortgage spammer" is running a streak of 000domains. 000dpmaisn has been excellent in immediately putting them on hold as soon as they are identified. In fact they beat me to it with two of his domains, informing me they had already been id'ed as bad whois when I tried notifying them. The next day they were on hold. Ditto RGNames. They have been excellent. etc etc So, before we cut too wide in condemning registrars, let us ID the good ones, mention them, ID the bad and most definitely mention them too. Let us use the whois system and tools given to us in a forum such as this. Where a bad track record is identified and the registrar is involved, so be it. We can highlight this issue. Rogue registrars can only hide so long. With the global interests in the WHOIS mechanism, not to mention big money, the system can not stray too far before something gives. ES From nobody at devnull.spamcop.net Tue Mar 8 12:35:06 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Mar 8 12:40:04 2005 Subject: [SpamCop-List] Re: latency, 7 March References: Message-ID: My spamcop latency: Zero. Spamcop actual latency: Unnoticed. I pop the spam off in the am, then go about other details and forget about it. About noon, I click the returned links, report the spam, go to lunch, and then resume my normal day. If I get a couple minutes to spare, I'll sometimes check to see if there's more yet, but there seldom is. Most of mine comes in at night. I do get a "yum" now and then though. I'll occasionally pull out the most onerous ones for a manual lart if I have the time. Try it, it works well. And a lot more productive than sitting and waiting for a response. So you're not first on the blocklist: you still contribute a count for it within 4 hours of your workday start. Regards, Pop -- Perfection is not only elusive, it is also limited with unexpected and dangerous results for the idealist. "LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m" wrote in message news:d0jfoa$ber$1@news.spamcop.net... > today's latency: > > report received: 09:27:06 -0800 (PST) > response sent: 18:03:27 GMT > elapsed time: 36 minutes > > -- > "[Spammers] are the mutant spawn of a bizarre reproductive act > involving a telemarketer, Larry Flynt, a tapeworm, and > an executive of the Third Class Mail industry." -- Dave Barry > From nobody at devnull.spamcop.net Tue Mar 8 12:42:08 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Mar 8 12:45:05 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Anty Spam" wrote in message news:d0kna5$v5q$1@news.spamcop.net... > > "Karl-Josef Ziegler" wrote in message > news:d0jsge$i5b$1@news.spamcop.net... >> Anty Spam wrote: >> >> [faked whois info] >> >> > Your thoughts? ... > > But then, is this not a fatalistic approach, if I understand you > correctly? > Spammers and ISPs - you mention them in one breath, but SpamCop does send > mails to ISP's, but not to spammers (intentionally at least) > > I have found that using a combination of tactics, with the exception of a > few, all registrars are evetually forced to toe the line and do what is > right. Funny, they hate bad publicity. (A web site with details of > ignoring > complaints etc etc became redundant 48 hrs after the site was publisized. > The registrar relented and did what he was supposed to in the first place > :-) > > Currently our "infamous mortgage spammer" is running a streak of > 000domains. > 000dpmaisn has been excellent in immediately putting them on hold as soon > as > they are identified. In fact they beat me to it with two of his domains, > informing me they had already been id'ed as bad whois when I tried > notifying > them. The next day they were on hold. > > Ditto RGNames. They have been excellent. > etc etc > > So, before we cut too wide in condemning registrars, let us ID the good > ones, mention them, ID the bad and most definitely mention them too. > > Let us use the whois system and tools given to us in a forum such as this. > Where a bad track record is identified and the registrar is involved, so > be > it. We can highlight this issue. Rogue registrars can only hide so long. > With the global interests in the WHOIS mechanism, not to mention big > money, > the system can not stray too far before something gives. > > ES I like the way you've thought about this. I don't know if it's anything SC would get into or not, but from my view, it sounds good, and does seem like a logical step to take. Here's hoping a deputy might chime in, Pop From nobody at spamcop.net Tue Mar 8 13:01:12 2005 From: nobody at spamcop.net (indigo) Date: Tue Mar 8 13:00:05 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: <12br219gc3orptgsfa55b67h1ccqrtu1fc@4ax.com> Message-ID: Kenneth Loafman wrote: "The ends > justifies the means." does not cut it when it means that an idiot > president and his warmongering staff lie to the people, knowingly, > just so we can secure oil fields for Republican corporations to > garner another year of record profits. Its not the function of the > government to execute war for corporate well being. > No, silly. Haven't you heard? The war was to bring democracy to the poor Iraqi people! Sheesh.....Tim Robbins had a great quote on the Bill Maher show last week: "It's hard to start a Democracy using the end of a gun barrel". From nobody at devnull.spamcop.net Tue Mar 8 13:12:56 2005 From: nobody at devnull.spamcop.net (Pop) Date: Tue Mar 8 13:15:05 2005 Subject: [SpamCop-List] OT: Re: Everyone is so ... To "Pop" References: Message-ID: Bucky said something like: There goes Pop again So, you admit we've met in another place and do recall it? I never said this was our first encounter: Only that I knew what you were and still seemed to be. If you're clean now, that's great; NBD. But ... . >> Would you like me to look you up and post your exploits again? > If you want to waste everyone's time, go ahead, but I'm getting the > impression from this post you think I'm someone else. ===> OK, I won't repost it then. I checked, for grins, and your info is still there in a folder; usually I blow those things away but must have forgotten this one. Actually, the reason I don't repost it is because you appear to have cleaned up for the most part, as I think I mentioned. It's not worth it to me to go charging into the quagmire again to see if you've been up to anything lately and there's really no future in it. The id is correct though; and I also have there, which I didn't notice before, at least two other names you've posted under, but that's nothing unusual either. > topics with on-topic queries, ooh and terror of terrors, a light hearted > reply to this thread. ===> ?? Not sure what that's supposed to mean. ?? Read 'em all and don't recall anything "light hearted". The first time I was aware of your existence was > 4:52 on 23-Feb when Pop wrote in message > news:cviccu$fql$1@news.spamcop.net.... >> Just to inject a tiny comment here, he does have a point in that SC isn't >> "easily" contactable. ===> Meaning? Are you trying to point out that I favored your stance or something? Not at all if that's what you thought; I simply had a comment to make, which I did. You did have that one valid point, and I wanted to take the opportunity to point it out to someone in particular. It's not necessary for you to respond to this, but it's your right if you wish. I think we've established our positions here and if you're clean now, I've absolutely no objections at all. There is no "future" in yesterdays if the today's seem reliable. I suppose it's possible I'm a closet-troll in some eyes, because I DO sometimes jump into an already trolled, troll-feeding, just to confuse things a little. I do it less in SC than a couple of other places, but there are circumstances where I like to see trolls get a good meal just before they begin to starve to death. I abhor trolling in useful newgroups, and this one is one of the best, IMO. Many agree with that, but please, no one pipe up with a "me too"; that's not what I want. Let's just get back to our lives, so to speak. Regards, Pop From tdy at blackhole.invalid Tue Mar 8 10:24:29 2005 From: tdy at blackhole.invalid (N. Miller) Date: Tue Mar 8 13:25:04 2005 Subject: [SpamCop-List] Gmail References: Message-ID: In article , mikeyhsd says... > mikeyhsd@sport.rr.com > "Justin Slootsky" wrote in message > news:mailman.108.1110228248.4572.spamcop-list@news.spamcop.net... > > Quoting mikeyhsd : > >> looks like gmail is now trying to be the BIG spammer haven. > >> lots of new spam from gmail addresses. > > from gmail email addresses, or from gmail IP addresses? > gmail.com I have seen little spam purporting to be from "gmail.com"; none actually from GMail IP addresses. The most common domains I have seen used for the putative sender email address are still "hotmail.com" and "yahoo.com"; but it has been nearly a year since I actually received email from a Yahoo! IP address, and nearly as long since I received spam from an MSN Hotmail IP address. Why not post a tracker for an example of your "gmail.com" spam? -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From ivan at gmail.com Tue Mar 8 19:58:54 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Tue Mar 8 14:00:03 2005 Subject: [SpamCop-List] Help stop spam from stop-spyware-now.info Message-ID: This spamvampire is attempting to bring the web site down http://www003.portalis.it/115/spam.html if spamvertising of stop-spyware-now.info is pissing you off, strike back. Ivan. From nobody at spamcop.net Tue Mar 8 14:31:57 2005 From: nobody at spamcop.net (indigo) Date: Tue Mar 8 14:30:06 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: <12br219gc3orptgsfa55b67h1ccqrtu1fc@4ax.com> <9aqr21pbtmqc5k636ac251f9d1un9piugo@4ax.com> Message-ID: Kenneth Loafman wrote: > > I hope you meant to put a sarcasm smiley on that, 'cause that's the > way I read it. I thought the sarcasm was blatant enough not to warrant a smiley ;-) > > You can't change the reason for starting a war once the first bit of > ammo has been fired. It is now, and forever will be, that Saddam > was, or was going to be, a nuclear or biological threat. Once that > was proven bogus, the entire war became bogus. Certainly not arguing that point, I was trying to reinforce it. Try asking Bush why he started his pet war (and is now threatening Iran) and see what answer you get though.... From kjz at despammed.com Tue Mar 8 21:30:22 2005 From: kjz at despammed.com (Karl-Josef Ziegler) Date: Tue Mar 8 15:35:04 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? In-Reply-To: References: Message-ID: Pop wrote: >> Ditto RGNames. They have been excellent. >> etc etc Yes, RGNames set all these throw-away domains of the Rolex spammer on hold. But that's no real solution because these domains are only redirects to spammies main domain which has a 'bulletproof' domain registration at Joker. Spammers (especially the ROKSO 'members') aren't so foolish to register their main domains (webshop) at a cheap registrar which may have a high risc of cancellation. There is too much money in this 'game' and spammy has very deep pockets (And here I'm not thinking of all the chickenboners...). Maybe, more money than anyone in this group will see in his whole lifetime. And a lot of criminal energy too (and contacts to organized crime also). This may be a fatalistic approach but I think it's not too far from reality. And of course I'm still complaining any spam I get... - kjz From devnull at devnull.spamcop.net Tue Mar 8 15:47:33 2005 From: devnull at devnull.spamcop.net (Heidz) Date: Tue Mar 8 15:50:03 2005 Subject: [SpamCop-List] Hey people Message-ID: Hey ppl. Just wanted to post around at some of the places I know because I need to find a new man in my life. My last boyfriend just admited that he cheated on me so I've had enough with him and his sort. Looking for a good honest guy to show me a good time. Check me out and send me a message From nospam at dev.null Tue Mar 8 23:03:53 2005 From: nospam at dev.null (Anty Spam) Date: Tue Mar 8 16:05:04 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Karl-Josef Ziegler" wrote in message news:d0l20s$5nv$1@news.spamcop.net... > Pop wrote: snip Spammers (especially the ROKSO 'members') aren't > so foolish to register their main domains (webshop) at a cheap registrar > which may have a high risc of cancellation. Snip As such the requirement and origin for my idea. Think about all those cheating housewives sites, all leading back to one to two whois details. That is the prize, with their name servers. The rest of the forwarding domains are "colatteral damage" if we take them out (But great fun, keeps us awake and gives me a sense of satisfaction :-) > This may be a fatalistic approach but I think it's not too far from reality. And of course I'm > still complaining any spam I get... > Good, no GREAT! ;-) Fact is, I have been at this now for more than a year now. I have personally closed down a stack of bad domains. The target is to do it quick, target name servers, main domains as above. Sometimes it is easy, sometimes not, but research does take time. With organised effort, it does not add, it multiplies ...! (Sounds like spammer math, but it does compute) Any takers in Cyprus? :-) Cheers From ivan at gmail.com Wed Mar 9 00:05:36 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Tue Mar 8 18:10:05 2005 Subject: [SpamCop-List] Re: Hey people In-Reply-To: References: Message-ID: Heidz wrote: > Hey ppl. if you expect me to email devnull@devnull.spamcop.net you can phone me on the number listed here www.bbc.co.uk/radio1/scottmills/features/flirt_divert.shtml ;-) Ivan. From nobody at spamcop.net Tue Mar 8 18:27:13 2005 From: nobody at spamcop.net (indigo) Date: Tue Mar 8 18:25:05 2005 Subject: [SpamCop-List] Re: Hey people References: Message-ID: Ivan Leo Puoti wrote: > Heidz wrote: >> Hey ppl. > > if you expect me to email devnull@devnull.spamcop.net you can phone > me on > the number listed here > www.bbc.co.uk/radio1/scottmills/features/flirt_divert.shtml ;-) > Please, don't play with the troll. H/S/it is getting desperate for attention now that most of us over in .social have deployed Nfilter or Xnews. From nobody at spamcop.net Tue Mar 8 19:12:40 2005 From: nobody at spamcop.net (Anti-Spam) Date: Tue Mar 8 19:15:03 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Anty Spam" wrote in message news:d0l3s7$6r1$1@news.spamcop.net... > snip > > Any takers in Cyprus? :-) Why Cyprus, in particular? Other than that, getting more people involved in shutting down sites sounds interesting. Whether it has any significant impact is hard to tell without trying it, but then, one could say the same about SC LARTs. So how do you go about checking WHOIS data? -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: forq@qeurdy.com (generated by Webpoison) From nobody at devnull.spamcop.net Wed Mar 9 11:02:38 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 8 21:05:08 2005 Subject: [SpamCop-List] Re: Reporting Spam not working In-Reply-To: References: Message-ID: WazoO wrote: > "Patto" wrote in message > news:d0ja95$8os$1@news.spamcop.net... > >>P.S. anybody knows if there is a limit to the spamcop.net email accounts? > > > Frequently Asked Question - best answer available is found at > http://forum.spamcop.net/forums/index.php?showtopic=2238 Thanks; all clear now. From nobody at devnull.spamcop.net Wed Mar 9 11:10:21 2005 From: nobody at devnull.spamcop.net (Patto) Date: Tue Mar 8 21:15:05 2005 Subject: [SpamCop-List] Re: Gmail In-Reply-To: References: Message-ID: LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: > I followed an invitation link from Google to try their Gmail, but its > browser-sniffer script balked, even though *claiming* to support Mozilla > -- most likely it responds to a Mozilla browser only if installed on a > Wintel machine, which I ain't got. I figure if it's that picky, then > beware. I used Mozilla Firefox to set up and access my Gmail account; I never had any problem with it. Don't know what Wintel is. From abuse at hanaro.com Wed Mar 9 13:59:37 2005 From: abuse at hanaro.com (abuse@hanaro.com) Date: Wed Mar 9 00:00:04 2005 Subject: [SpamCop-List] SPEWS: A removal request of 222.233.52.0/24 (S3145) Message-ID: This is Hanaro anti spam center. Our customer's network 222.233.52.0/24 is currently listed in spews.org. We fixed the spam problem in 222.233.52.0/24. 222.233.52.0/24 was listed in SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem in this network. We would like to ask spews administrator to remove 222.233.52.0/24 from their list. Thank you. Abuse Staff abuse@hanaro.com From skiwi at spamcop.net Tue Mar 8 21:07:02 2005 From: skiwi at spamcop.net (Skiwi) Date: Wed Mar 9 00:10:03 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 222.233.52.0/24 (S3145) In-Reply-To: References: Message-ID: <422E8476.5030908@spamcop.net> abuse@hanaro.com wrote: > This is Hanaro anti spam center. > > Our customer's network 222.233.52.0/24 is currently listed in spews.org. We > fixed the spam problem in 222.233.52.0/24. 222.233.52.0/24 was listed in > SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem > in this network. > > We would like to ask spews administrator to remove 222.233.52.0/24 from > their list. [snip] To paraphrase the original witty comment: This is SpamCop SPEWS is down the hall, 2nd door on the left [skiwi - not an admin, just a user] From skiwi at spamcop.net Tue Mar 8 21:08:49 2005 From: skiwi at spamcop.net (Skiwi) Date: Wed Mar 9 00:10:12 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 222.233.52.0/24 (S3145) [trollboy... sorry...] In-Reply-To: <422E8476.5030908@spamcop.net> References: <422E8476.5030908@spamcop.net> Message-ID: Skiwi wrote: > abuse@hanaro.com wrote: > >> This is Hanaro anti spam center. >> >> Our customer's network 222.233.52.0/24 is currently listed in >> spews.org. We fixed the spam problem in 222.233.52.0/24. >> 222.233.52.0/24 was listed in SBL(Spamhaus.org), but was already >> delisted as soon as we fixed the problem in this network. >> >> We would like to ask spews administrator to remove 222.233.52.0/24 >> from their list. > > > [snip] > > To paraphrase the original witty comment: > > This is SpamCop > > SPEWS is down the hall, 2nd door on the left ahhhhh.... P.Of.Sh*t troll boy.... sorry everyone... From nobody at spamcop.net Tue Mar 8 23:39:41 2005 From: nobody at spamcop.net (RandallW) Date: Wed Mar 9 02:40:02 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: <12br219gc3orptgsfa55b67h1ccqrtu1fc@4ax.com> Message-ID: "Kenneth Loafman" wrote in message news:12br219gc3orptgsfa55b67h1ccqrtu1fc@4ax.com... > On Mon, 7 Mar 2005 23:14:56 -0800, "RandallW" wrote: > > > We were at peace, had no wars going, now we have 2, Afghanistan and Iraq, > with a 3rd on the way, Iran, plus few police actions just to fill in the > blanks. We're stretched too thin and the bogus reasons given for each war > are jokes to anyone with half a brain. "The ends justifies the means." > does not cut it when it means that an idiot president and his warmongering > staff lie to the people, knowingly, just so we can secure oil fields for > Republican corporations to garner another year of record profits. Its not > the function of the government to execute war for corporate well being. > > ...Ken So when America isn't at war then WHOLE world is at peace? That's what i'm asking. From nobody at spamcop.net Tue Mar 8 23:41:34 2005 From: nobody at spamcop.net (RandallW) Date: Wed Mar 9 02:45:04 2005 Subject: [SpamCop-List] Re: Judge dismisses Virginia spam conviction of Jaynes' sister References: <12br219gc3orptgsfa55b67h1ccqrtu1fc@4ax.com> <9aqr21pbtmqc5k636ac251f9d1un9piugo@4ax.com> <1o3s21hksi6fs59bfod5kc7e0dtd1p5lq9@4ax.com> Message-ID: "Kenneth Loafman" wrote in message news:1o3s21hksi6fs59bfod5kc7e0dtd1p5lq9@4ax.com... > On Tue, 8 Mar 2005 14:31:57 -0500, "indigo" wrote: > > > I am so sick of being lied to by the critters we elect. I'd prefer an > honest charlatan to the crop of politicians we have. I really pity the > general population that gets all its news from the networks and then > believes it completely. Thank goodness for the internet and foreign news > services. Without them we might never know the truth. > Oh yes, the internet....the backbone of truth. From abuse at hanaro.com Wed Mar 9 17:08:14 2005 From: abuse at hanaro.com (abuse@hanaro.com) Date: Wed Mar 9 03:10:03 2005 Subject: [SpamCop-List] SPEWS: A removal request of 221.143.42.0/24 (S2717) Message-ID: This is Hanaro anti spam center. Our customer's network 221.143.42.0/24 is currently listed in spews.org. We fixed the spam problem in 221.143.42.0/24. 221.143.42.0/24 was listed in SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem in this network. We would like to ask spews administrator to remove 221.143.42.0/24 from their list. Thank you. Abuse Staff abuse@hanaro.com From me at privacy.net Wed Mar 9 02:29:24 2005 From: me at privacy.net (justin) Date: Wed Mar 9 03:30:07 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) In-Reply-To: References: Message-ID: <422EB3E4.1050706@privacy.net> abuse@hanaro.com wrote: > This is Hanaro anti spam center. > > Our customer's network 221.143.42.0/24 is currently listed in spews.org. We > fixed the spam problem in 221.143.42.0/24. 221.143.42.0/24 was listed in > SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem > in this network. > > We would like to ask spews administrator to remove 221.143.42.0/24 from > their list. > > Thank you. > > Abuse Staff > abuse@hanaro.com > > > > > Ok we will get right on it. You promised all spam has been eliminated from this network......... right ;) . Are you serious ? Spamhaus and spamcop have nothing to do with each other. Spamcop is not affliated with spamhause or spews. If you have made a concerted effort to get rid of spam then you will be delisted on both those websites until then all email from your network goes to dev null . From porpoise1954 at yahoo.co.uk Wed Mar 9 09:03:46 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 9 04:05:04 2005 Subject: [SpamCop-List] Re: Gmail References: Message-ID: "Patto" wrote in message news:d0llud$j26$1@news.spamcop.net... > LioNiNoiL_a t_Y a h 0 0_d 0 t_c 0 m wrote: >> I followed an invitation link from Google to try their Gmail, but its >> browser-sniffer script balked, even though *claiming* to support >> Mozilla -- most likely it responds to a Mozilla browser only if installed >> on a Wintel machine, which I ain't got. I figure if it's that picky, then >> beware. > > I used Mozilla Firefox to set up and access my Gmail account; I never had > any problem with it. > > Don't know what Wintel is. Windows/Intel (as opposed to; Mac, AMD, Linux, Unix...... whatever). From bar_n0ne at hotmail.com Wed Mar 9 14:00:29 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Mar 9 05:06:32 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 222.233.52.0/24 (S3145) References: Message-ID: wrote in message news:d0lvrq$nt7$1@news.spamcop.net... > > > This is Hanaro anti spam center. > > Our customer's network 222.233.52.0/24 is currently listed in spews.org. We > fixed the spam problem in 222.233.52.0/24. 222.233.52.0/24 was listed in > SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem > in this network. > > We would like to ask spews administrator to remove 222.233.52.0/24 from > their list. > > Thank you. > > Abuse Staff > abuse@hanaro.com Always wondered what the Hanaro abuse staff (part time person?) does. Now I know. They/he/she/it write(s) letters asking to be unblocked or unlisted. From the at the.com Wed Mar 9 13:01:12 2005 From: the at the.com (The Shetainhe) Date: Wed Mar 9 06:00:16 2005 Subject: [SpamCop-List] about blacklist Message-ID: how can i learn cause my server ip in the blacklist? Please you can tell step by step me. because i have free mail server. i will deleting to cause free mail server users. i am sorry bad for my english :( thank you. From bar_n0ne at hotmail.com Wed Mar 9 15:20:03 2005 From: bar_n0ne at hotmail.com (Berny) Date: Wed Mar 9 06:25:04 2005 Subject: [SpamCop-List] how does 222.122.47.170 move around so much? Message-ID: I'm pretty sure I've seen this IP a lot, and it seems to move around between kornet, sina, cnc-noc and probably others that I've either missed or forgotten. How do they do that? I thought IP allocations were "relatively" static. I guess I wouldn't be surprised if there was a wide conspiracy between the hanas, kornet, elim and the chinese ISP's to shuffle spammers around, and help keep their pill sites up. From nobody at devnull.spamcop.net Wed Mar 9 06:30:51 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 06:30:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: wrote in message news:d0mate$tsj$1@news.spamcop.net... > This is Hanaro anti spam center. > > Our customer's network 221.143.42.0/24 is currently listed in spews.org. We > fixed the spam problem in 221.143.42.0/24. 221.143.42.0/24 was listed in > SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem > in this network. > > We would like to ask spews administrator to remove 221.143.42.0/24 from > their list. > > Thank you. > > Abuse Staff > abuse@hanaro.com > The spamcop blocklist and the SPEWS blocklist are two different blocklists. SpamCop blocklist is entirely automatic. When the spam stops, the IP address is delisted. Miss Betsy From nobody at devnull.spamcop.net Wed Mar 9 06:36:29 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 06:35:08 2005 Subject: [SpamCop-List] Blocked? Read this. Message-ID: Why Am I Blocked? Probable Causes If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who: * is using auto-responses that are replying to spam with forged spamtrap email addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'created email' bounces); * has a computer with a virus that sends spam without the owner's knowledge; * has a computer that has been compromised and spammers are remotely controlling it to transmit their spew; * is sending unsolicited emails and your internet service provider is allowing it; * or because, as in all systems, there may have been a mistake. (very rare) The SpamCop BL listing will expire automatically within a specific period of time based primarily on when the last spam came from that IP address. http://www.spamcop.net/fom-serve/cache/297.html for more information on the SpamCop BL listing. For people who are operating servers: (followed by FAQ for people who do not operate servers; if you don’t operate a server, scroll down until you find it.) Am I really listed in the SpamCop Blocklist?: You can check the status of any server by entering its address at http://www.spamcop.net/bl.shtml The reason an IP address is listed can also be obtained from that page. If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces (that is, bounce emails sent after acceptance of the email instead of being rejected by the server during the SMTP phase, which would include emails such as "no such user", "non-existent mailbox", and/or "quota exceeded"). If the blocklist only lists reports, you have a spammer at work. If the blocklist lists spam traps and reports, * You have your firewall configured to allow a compromised machine on your network to spew to the world (you do have a firewall in place, don't you?) * the SMTP/Auth exploit of an Exchange server is in progress, see these links: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html *A link for your references: http://dsbl.org/relay-methods It describes many of the security problems that spammers already scan for and will exploit to send spam. How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP Queues To prevent SMTP relaying with Microsoft Exchange Server see http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958#4 # (NOTE: While commonly seen on Exchange servers, this condition is possible on all platforms) * Your PHP mailer program has been taken over by criminals. (You did not know that your PHP bulletin board had a very vulnerable mailer program on it? You did not know that you had PHP installed and running?) Please also see: * How can I get removed from SpamCop's blocking system? http://www.spamcop.net/fom-serve/cache/76.html * John's explanation at John's revised post, for Why Am I Blocked FAQ http://forum.spamcop.net/forums/index.php?showtopic=673 * Merlyn's explanation at FAQ Entry: Why is my email blocked? http://forum.spamcop.net/forums/index.php?showtopic=35 Post the IP address that is blocked in the Spamcop web forum or newsgroup. There are many knowledgeable people in the SpamCop groups who will help you figure out why and offer solutions. If you need to know what triggered the report from a spamtrap, email deputies spamcop.net. Only they can see. However, a post will generally get you faster replies and more specific help on what is the problem. The rest of this FAQ is for people who do not run servers. For people whose email was returned Q: What does SpamCop do with my email? A: Nothing The Internet Service Provider (ISP) of the person, or business, you are sending email "To" is blocking email from your ISP's computers (servers), using a list provided by SpamCop. Your email doesn't pass through SpamCop's mail servers and SpamCop has no way of blocking or bouncing your email. In addition, the SpamCop email service uses the blocklist to "tag" incoming mail so that suspected spam is placed in a particular folder and that is the way the blocklist is intended to be used. Q: What is a blocklist? A: A blocklist helps ISP’s to prevent spam coming to their customers. An ISP can use a blocklist (a list of IP addresses),to block (bounce back) all email coming from a particular IP address. The blocking is based not on your email address (which looks like username@example.com), but on the IP address (which looks like 198.162.250.196). This IP address is assigned to the mail server you use, which is probably run by your ISP. You may share this same server with hundreds or thousands of other customers. If one of the other customers is sending spam through that shared mail server, it will cause the IP address of that mail server to be put on the blocklist. And when you send email through that server, ISP’s who use blocklists to avoid receiving spam, will also block your email. SpamCop is one of many blocklists. DNS Blackhole Lists (DNSBLs) is a link to page that lists and categorizes a number of blocklists. Trying to describe the difference between spamcop & other lists (particularly the time it takes to get off the list) and how SpamCop can be an early warning system for ISP's is a bit difficult, as each is different in concept, targets, results ranges, and oversight. If more specific data is desired on other DNSBLs, please visit that listing site. Q: What is SpamCop? A: Unique, automated blocklist and spam filtering SpamCop has a program that will find the correct address to send a complaint because the email address you see that says who it is from is often forged by spammers. SpamCop finds the correct IP address and forwards complaints for its members. If a lot of reports are made, the IP address goes on the SpamCop blocklist that is used by many ISP’s. for more detailed information on how Spamcop works see: http://www.spamcop.net/fom-serve/cache/3.html Q: How do ISP’s use SpamCop A: As 1) a warning that spammers have slipped by their defenses and 2) to block spam. * Responsible ISP's welcome SpamCop reports and will remove spammers quickly from their systems. *When they block emails, they send a message that looks like this: 451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx: or email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net Q: Why me? A: It Happens to the best of us It is annoying to have your email blocked. It is also annoying to have a backhoe interrupt email service. However, until the blocking problem is resolved, you can email people through a web based email service (the most familiar web based email services are hotmail and yahoo). After you have taken care of the immediate problem of being able to communicate with someone by email, the next step is to see what can be done so this inconvenience does not happen to you again. The one thing you do not want to do is to complain to those correspondents who are using an email service that uses the SpamCop blocklist. They probably really like the reduction in spam! You have the responsibility to see that your ISP provides you with reliable email service. See this link for a longer explanation of costs http://forum.spamcop.net/forums/index.php?showtopic=660 Q: Who do I contact to correct this problem? A: Your ISP (email service provider) first Usually the ISP with the blocked IP address has also been notified with the evidence of spam reports. Your ISP may have already acted on the Spamcop report they have received by the time you call. It may just have been a mistake on their part or, possibly, the reporter's part. Reporters can be fined or banned for mistakes. As soon as your ISP stops the spam from being sent, or uses the procedures at SpamCop to point out the reporter's mistake, the IP address is taken off the blocklist (usually within 48 hours for spam; immediately for reporter error). It may be that your call is the first time your ISP has heard that SpamCop has listed your IP address. Listings are made, in addition to member reporting, automatically from spamtraps (an eMail address that is not used, nor published anywhere, so only gets eMail if someone is sending spam!). Your ISP can find out about SpamCop at http://www.spamcop.net/fom-serve/cache/76.html if they don’t already know about SpamCop. SpamCop deputies have access to the full evidence for a listing. Deputies can delist IP addresses which are listed in error. Q: My ISP says it’s not their fault. A: People in this forum will help with information to give your ISP You will need to know your IP address for people to understand what has happened (it should be in the message you received telling you your mail was blocked). It is also helpful to know the reasons why it was blocked. (To do this, go to http://www.spamcop.net/bl.shtml . Make a note of the reason for the listing. For example "Been reported as a source of spam about 30 times" "Been detected sending mail to spam traps" as this is important) There are many people who will explain to you what has happened and what you can do. If you are interested in finding out more about blocklists and exactly why your email was blocked, you may post in the web forum http://forum.spamcop.net/forums/index.php?showforum=11 or in the SpamCop NNTP newsgroup news://news.spamcop.net/spamcop.help with the above information. Please remember that this block is not aimed at you personally. There are a limited number of IP addresses on the Internet, so you, and the spammer, may get a different one each time you log-on. Your Internet Service Provider is the only one who can investigate and take action to stop spam from coming from that IP address. In the meantime, the email service at the other end does not have to accept your email until spam has stopped coming from that particular IP address just as postal and package services can refuse certain types of mail and packages. Revised 22 February 2005 Added link from John Revised 17 Feb 2005 - Clarification of non-SMTP-reject e-mail generation Revised 2 February 2005 Revised the time period of listing and added comment that there are two sections Miss Betsy Revised 26 Jan 2005 - Wazoo added some of WB8TYW's input - more to come Revised 18 Nov 2004 - Wazoo added DNSBL List URL Revised 16 Nov 2004 - Wazoo - Ouch! newsgroup link fixed! Revised 2 Sep 2004 - Wazoo Revised August 7, 2004 - Miss Betsy, Wazoo, dbiel Edited per Wazoo comments March 6, 2004 rev March 7 rev Mar 8 for format (agsteele) Rev Mar11 with more links Rev Mar 12 with new John link rev 13 listized "Probable Causes" rev 14 consolidated some links Contributors: Michaell, Mike Easter, Wazoo, Greenlady, John, JT, JeffG (Last Revised 26 January 2005) (URL = http://forum.spamcop.net/forums/lofiversion/index.php/t972.html ) -- From nospam at dev.null Wed Mar 9 14:12:39 2005 From: nospam at dev.null (Anty Spam) Date: Wed Mar 9 07:15:02 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Anti-Spam" wrote in message news:d0lf14$dmr$1@news.spamcop.net... > "Anty Spam" wrote in message news:d0l3s7$6r1$1@news.spamcop.net... > > > snip > > > > Any takers in Cyprus? :-) > > Why Cyprus, in particular? > Trying to verify an address in Cyprus I suspect is fake. A mail to the local municipality their drew a non-response. This address is a particularly difficult one to verify, has been in use for a long time by a few different parties and will give me GREAT pleasure in confirming as bad. This will allow me to report numerous cheating/online dating sites as bad - with credibility. This is the site that site behind auto-forwarders :-). SO I need to know what proof I can get.... > > So how do you go about checking WHOIS data? > Many tricks and tips are gained from expreience. Due to the loss of effect if the methods were to be given in a recipe book format, I will not divulge all in one go, but they are common sense and many tips and trick abound on the web. However, my golden rule - do not stoop to the levels as spammy Keep your side clean. You will just compromise your credibility in a complaint if dubious methods were used. But in general: The first thing to do is get to know registrar agreements and ICANN memos. Get spammy whois details. Some are just plain duff and needs no further examination, eg Bill Gates, 1 Microsoft way, Redmond ...who does not do RX :-) Verify email address - numerous methods. Spammy needs a valid one to have a domain. Verify street addresses. Eg PHARMZOD.COM has same address as NYC.COM. Stolen identity details. Likewise a bakery in New York NOT spamming, but was their whois is used for a spam domain, just so a skydiving club's web page etc. You learn a lot about spammy's logic. Local knowledge helps - another good reason to get this going. Zip codes and postal codes. Country Codes (New York in Shanghai - spammy using his own medz ? ;-) Duhhh... Telephone numbers Does it gel out, for example +1 123-4565 is problematic: +1 = USA, but then we need a 3-digit area code, plus 7 digits normally. There are exceptions. Does it match the address? The fact is, anybody wishing to put in fraulent whois, opens himself up for an immediate HOLD. The thing is to proove it beyond doubt, be unbiased (sureeee..) and get the registrar to apply ICANN guidelines for ""willful provision of inaccurate or unreliable information" as per http://www.icann.org/announcements/advisory-03apr03.htm. A mail directly to the registrar with rock solid proof of this puts them in a position where they can get into a heap of trouble if they at least do not investigate, as they are obliged to a per their registrar agreement. They accepted the money, they must do the cleanup. However, we are helpfull (Sureeee again) Of course we try and do this as fast as possible after a new domain opens up and try and get the registrar to do the same on receiving the "bad whois" notice. I would like to point out, in the 15-day waiting period which does not apply to "willfully" bad whois, a certain self admitted spammer says he can send up to a billion spams per day. Over 15 days = 15 billion. The references to this are all available online. This helps in that ICANN makes provision for "harm" etc in their wording. Hope this makes sense. Cheers From wb8tyw at qsl.network Wed Mar 9 07:14:48 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 9 07:15:25 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) In-Reply-To: References: Message-ID: Miss Betsy wrote: > wrote in message > news:d0mate$tsj$1@news.spamcop.net... > > The spamcop blocklist and the SPEWS blocklist are two different > blocklists. SpamCop blocklist is entirely automatic. When the > spam stops, the IP address is delisted. As Skiwi pointed out on the first post, this is probably a spoof. 210.94.1.21 listed in cbl.abuseat.org ( 127.0.0.2 ) While it is coming from Hanaro IP space, it is coming from a currently listed compromised computer, which makes it unlikely that it is actually coming from anyone with authority at hanaro.com. -John wb8tyw@qsl.network Personal Opinion Only From nospam at dev.null Wed Mar 9 14:39:52 2005 From: nospam at dev.null (Anty Spam) Date: Wed Mar 9 07:40:13 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: wrote in message news:d0mate$tsj$1@news.spamcop.net... > This is Hanaro anti spam center. > > Our customer's network 221.143.42.0/24 is currently listed in spews.org. We - SNIP - X-Trace: news.spamcop.net 1110355695 30611 210.94.1.21 (9 Mar 2005 08:08:15 GMT) ???? http://cbl.abuseat.org/lookup.cgi?ip=210.94.1.21 http://www.dnsstuff.com:80/tools/ptr.ch?ip=210.94.1.21 "ins1.hananet.net. (an authoritative nameserver for 1.94.210.in-addr.arpa., which is in charge of the reverse DNS for 210.94.1.21) says that there are no PTR records for 210.94.1.21." Hmmm, maybe a send letter of apology for not reacting to complaints about the extremely graphic porn spam sites you hosted, spam sent to my minor daughter, for not doing anything when complaints were lodged to you either and the situation continued for two months till your net range was blocked by MY ISP. I guess since you do not have my mail address, you will be sending out a lot of apologies, or a lot of digging ...Now how about compensation for time and money spent? Now on to the other ignored spamming issues .... Sorry - you do not have a warm reception here, but can you blame us. From nobody at nowhere.invalid Wed Mar 9 15:52:04 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 09:55:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 222.233.52.0/24 (S3145) References: Message-ID: On Wed, 9 Mar 2005 13:59:37 +0900, coughed into spamcop and left this in : > This is Hanaro anti spam center. > > We would like to ask spews administrator to remove 222.233.52.0/24 from > their list. No. -- Steve Don't be irreplaceable. If you can't be replaced, you can't be promoted. From nobody at nowhere.invalid Wed Mar 9 15:55:03 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 10:00:03 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: On Wed, 09 Mar 2005 07:14:48 -0500, John E. Malmberg coughed into spamcop and left this in : > While it is coming from Hanaro IP space, it is coming from a currently > listed compromised computer, which makes it unlikely that it is actually > coming from anyone with authority at hanaro.com. "Compromised computer" and "someone with authority at spamaro" are not mutually exclusive... :) -- Steve Reporter (to Mahatma Gandhi): "Mr. Gandhi, what do you think of Western civilisation?" Gandhi: "I think it would be a good idea." From noah.boddie at newsgroup.nospam Wed Mar 9 10:41:46 2005 From: noah.boddie at newsgroup.nospam (Dwayne Conyers) Date: Wed Mar 9 10:45:05 2005 Subject: [SpamCop-List] Using Spamcop DNS Message-ID: I have iMail as my corporate mail server and under host black lists have a number of choices: fiveten spamhaus ybl v6net SpamCop I have the option of adding as few or as many choices and can auto-delete any mail that matches 2 or more lists. I had SpamCop selected as my only choice. The option is to flag any suspect e-mail with an X-HEADER and route it to the SPAM folder on my mail root. After noticing no e-mail coming thru I found EVERYTHING sitting in the spam folder. I moved the legit items to main inbox and checked the headers. I didn't bother checking the obvious spam, but the legit e-mails all had the same X-HEADER: X-IMail-Rule: H~(X-IMAIL-SPAM-DNSBL|X-IMAIL-SPAM-VALFROM):SPAM Data- X-IMAIL-SPAM-DNSBL: (v6net,424 Note that the numbe after "v6net" differs. Since v6net is not selected, I am wondering if this is a problem with SpamCop or if iMail is screwing up? My hunch is that it is iMail but just thought I would check here to be safe. Thanks. -- I Shave With Occams Razor http://www.dwacon.com From ivan at gmail.com Wed Mar 9 16:58:51 2005 From: ivan at gmail.com (Ivan Leo Puoti) Date: Wed Mar 9 11:00:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) In-Reply-To: References: Message-ID: abuse@hanaro.com wrote: > This is Hanaro anti spam center. > > Our customer's network 221.143.42.0/24 is currently listed in spews.org. We > fixed the spam problem in 221.143.42.0/24. 221.143.42.0/24 was listed in > SBL(Spamhaus.org), but was already delisted as soon as we fixed the problem > in this network. > > We would like to ask spews administrator to remove 221.143.42.0/24 from > their list. > > Thank you. > > Abuse Staff > abuse@hanaro.com I hope the whole world blacklists you. Ivan. From MikeE at ster.invalid Wed Mar 9 09:18:57 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 9 12:20:10 2005 Subject: [SpamCop-List] Re: Using Spamcop DNS References: Message-ID: Dwayne Conyers wrote: > I have iMail as my corporate mail server and under host black lists > have a number of choices: > > fiveten > spamhaus > ybl > v6net > SpamCop Where did that list come from? In my choices of blocklists, of the above, I would only choose spamhaus and spamcop -- and my filter tags mail, it doesn't delete it. The SCbl is very frisky and dynamic, and can list an IP you might not want to block/lose. Spamhaus has an xbl and an sbl and I use the combined, which includes the cbl & blitzed. cbl is generally openproxies & blitzed open smtp relays. I don't think I would use fiveten; I've never 'seen' ybl and v6net show up in the databases I use, dnsstuff & openrbl, so the popularity may be low. Here's a note^1 from someone about v6net. And here's^2 what's ybl ^1 One of the spam blacklists that are built in to IMail has been compromised by spammers (spammers.v6net.org). They've changed the blacklist to report positive for all addresses. Judging by the WHOIS data, the domain expired on 21/1/2005 and was taken over by Bealo Group (known domain squatters / spammers) shortly thereafter. The website at http://www.v6net.org has links to a whole lot of sites that look very likely to be sources of spam. It's pretty important that you disable this list from your IMail configuration, otherwise you'll be getting about 100% false positives. posted on Tuesday, January 25, 2005 8:32 AM ^2 ybl.megacity.org YBL 127.0.0.2 Netblocks known to be used by Yahoo > X-IMail-Rule: H~(X-IMAIL-SPAM-DNSBL|X-IMAIL-SPAM-VALFROM):SPAM Data- > X-IMAIL-SPAM-DNSBL: (v6net,424 > > Note that the numbe after "v6net" differs. > > Since v6net is not selected, I am wondering if this is a problem with > SpamCop or if iMail is screwing up? My hunch is that it is iMail but > just thought I would check here to be safe. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Mar 9 18:23:04 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 12:25:05 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: On Wed, 09 Mar 2005 16:58:51 +0100, Ivan Leo Puoti coughed into spamcop and left this in : > I hope the whole world blacklists you. The whole world (except Korea) already has, probably. -- Steve We could certainly slow the aging process down if it had to work its way through Congress. From firewoman at default.domain.not.available Wed Mar 9 12:44:28 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Wed Mar 9 12:45:04 2005 Subject: [SpamCop-List] Re: Everyone is so ... References: Message-ID: "Bucky" wrote in message news:d0ihft$quf$1@news.spamcop.net... > Firewoman, this post was for Pop and was about a previous thread. I am not > "I Love Spam". I am Bucky. There is a big difference. The big difference being that you replied to a post in THIS thread, not a previous one. Have a nice day :-) From nobody at nowhere.invalid Wed Mar 9 19:05:53 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 13:10:04 2005 Subject: [SpamCop-List] Classifying spam - arguments for and against Message-ID: I forget whether it was here or elsewhere, but recently there was a short debate about the usefulness of classifying spam into various categories such as "419", "pills", "mortgages" etc. I do happen to do that here just out of interest for changes in trends. Nothing more. Note that a good deal of it is in languages I don't understand, so it goes straight into the "unknown" mbox. Now, I came across one particular spam the other day that I really don't know *how* to classify. It consisted of a single .gif image with this text in it (all in caps of course): ----- _We offer for you:_ Best quality watches (list of brands) $199/item Viagra, Cialis, Zyban & many others from $0.95/dose Brand software (Example MS WIndows XP $50) The lowest mortgage rates for you - don't lose your own money! A genuine college degree in 2 weeks! ----- Where the hell do I store this one?!?!? -- Steve guru, n: A computer owner who can read the manual. From dannyg at dannyg.com Wed Mar 9 10:11:47 2005 From: dannyg at dannyg.com (Danny Goodman) Date: Wed Mar 9 13:11:58 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? In-Reply-To: <200503091725.j29HPFls031309@dannyg.com> Message-ID: > The fact is, anybody wishing to put in fraulent whois, opens himself up for > an immediate HOLD. Don't expect miracles. For example, I filed a formal Whois Data Problem Report on 5January2005 claiming a couple of incorrect contact fields for a spamvertised domain (and I didn't even mention the contact email address of test@test.com, so good luck to the registrar in ever hearing back from the dude). Received a f/up from InterNIC on 21February2005 (I think that's a tad more than 15 days, isn't it?) asking me to advise whether the problem had been corrected. I reported back that it had not. As of today (9March2005), the record is unchanged and active, and the DNS resolves. In case you're wondering... Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM Also, I rant at Danny http://www.dannyg.com http://www.spamwars.com From porpoise1954 at yahoo.co.uk Wed Mar 9 18:15:15 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Mar 9 13:20:02 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2ueo1.2od.nobody@127.0.0.1... > ----- > _We offer for you:_ > Best quality watches (list of brands) $199/item > Viagra, Cialis, Zyban & many others from $0.95/dose > Brand software (Example MS WIndows XP $50) > The lowest mortgage rates for you - don't lose your own money! > A genuine college degree in 2 weeks! > ----- > > > Where the hell do I store this one?!?!? Store it? What the hell would you want to store it for? ;-) From devnull at spamcop.net Wed Mar 9 13:38:04 2005 From: devnull at spamcop.net (Spamvireslayer) Date: Wed Mar 9 13:40:06 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2uc7o.2mr.nobody@127.0.0.1... > On Wed, 09 Mar 2005 16:58:51 +0100, Ivan Leo Puoti coughed into spamcop > and left this in : > > > I hope the whole world blacklists you. > > The whole world (except Korea) already has, probably. OI!!! Please stop crossposting this stuff.... From nobody at spamcop.net Wed Mar 9 13:51:46 2005 From: nobody at spamcop.net (Anti-Spam) Date: Wed Mar 9 13:55:02 2005 Subject: [SpamCop-List] Adjacencies Message-ID: Someone (Mike Easter?) has probably explained this before, but what are adjacencies (or whatever the exact term is), how do you figure out who they are, and what do you say to then to get them to pressure spam sources? Do you go after the zombie SMTP servers, or the web sites? Thanks. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: aj@bupgctzwr.net (generated by Webpoison) From firewoman at default.domain.not.available Wed Mar 9 14:38:18 2005 From: firewoman at default.domain.not.available (Firewoman) Date: Wed Mar 9 14:40:04 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2ueo1.2od.nobody@127.0.0.1... > > Now, I came across one particular spam the other day that I really don't > know *how* to classify. It consisted of a single .gif image with this > text in it (all in caps of course): > > ----- > _We offer for you:_ > Best quality watches (list of brands) $199/item > Viagra, Cialis, Zyban & many others from $0.95/dose > Brand software (Example MS WIndows XP $50) > The lowest mortgage rates for you - don't lose your own money! > A genuine college degree in 2 weeks! *All of the above* The only thing it's missing is a plea from a dethroned royal from somewhere in Asia or Africa. I've gotten several of these, hopefully you don't have your HTML on in e-mail! From wb8tyw at qsl.network Wed Mar 9 13:54:53 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Mar 9 14:55:04 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: In article , > Danny Goodman writes: > > For example, I filed a formal Whois Data Problem Report on 5January2005 > claiming a couple of incorrect contact fields for a spamvertised domain (and > I didn't even mention the contact email address of test@test.com, so good > luck to the registrar in ever hearing back from the dude). Received a f/up > from InterNIC on 21February2005 (I think that's a tad more than 15 days, > isn't it?) asking me to advise whether the problem had been corrected. I > reported back that it had not. As of today (9March2005), the record is > unchanged and active, and the DNS resolves. As test.com is a valid domain, and has been very much abused by spammers forging it. the owner of test.com may be interested in knowing that one of their possible e-mail addresses is the official e-mail address for that domain. They may be able to change some things, or motivate the registrar to. -John wb8tyw@qsl.network Personal Opinion Only From mrichter at cpl.net Wed Mar 9 11:58:20 2005 From: mrichter at cpl.net (Mike Richter) Date: Wed Mar 9 15:00:02 2005 Subject: [SpamCop-List] Re: about blacklist In-Reply-To: References: Message-ID: The Shetainhe wrote: > how can i learn cause my server ip in the blacklist? Please you can tell > step by step me. > because i have free mail server. i will deleting to cause free mail server > users. > i am sorry bad for my english :( > > thank you. > > Your English is not as great a problem as your failure to identify the IP address in question. Mike -- mrichter@cpl.net http://www.mrichter.com/ From MikeE at ster.invalid Wed Mar 9 12:12:14 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 9 15:15:03 2005 Subject: [SpamCop-List] Re: Adjacencies References: Message-ID: Anti-Spam wrote: > Someone (Mike Easter?) has probably explained > this before, but what are adjacencies (or whatever > the exact term is), how do you figure out who they > are, and what do you say to then to get them to > pressure spam sources? The 'concept' of upstream adjacencies is based on the wishful thinking that by determining the relationship of a target to its connectivity might be similar to the determination of a child to its parent. That wishful thinking shouldn't be overdone just because of the lack of something useful to do might be frustrating. Instead, I think that sometimes the notification about a target should just be dropped for lack of anything at all useful to do. If you are doing manual notifies, you can examine the entire issue of how to notify about spamsource and spamvertisers, or about domainname registration, or about some other third party which wouldn't be a part of the algorithmically derived notfies that the spamcop parse provides. > Do you go after the > zombie SMTP servers, or the web sites? My feeling is that upstreams of zombies aren't worth notifying. If the provider for the zombie doesn't want to do anything about their own customer being spam abused, it isn't likely anything source provider is connecting to is going to be interested either. Typically the business of upstream adjacencies comes about because of an opinion that a spavertiser is refractory to notifications. That is, the spamvertiser has demonstrated that refractoriness by managing to get itself listed in places like spews or spamhaus, often as a significant netblock. Then, you are sharing with the connectors to your target that that webspace provider is not responsive to notifications about its spamvertising webspace providing business as is evidenced by such listings. But, we are speaking too much in generalities now. You should propose a specific spam item which you demonstrate by posting its tracker; that specific item would have spamcop notifies, and then we could critique the spamcop notifies and address some alternative and/or additional notifies which might be done and then we can 'argue about' or discuss why one might or might not notify some upstream adjacency of a target IP. The upstream adjacency information can be dervived from functions accessible at places like bgp.potaroo or the Robban tool at netlantis - the latter of which has been down forever. Those tools will be quick to tell you to not assume very much about the relationship The target IP's ASN relationships are derived somehow, such as radb or cymru, and then that information is used to determine the upstream adjacencies of the ASN. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Mar 9 12:34:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Wed Mar 9 15:35:03 2005 Subject: [SpamCop-List] Re: Adjacencies References: Message-ID: Mike Easter wrote: > The 'concept' of upstream adjacencies is based on the wishful thinking > that by determining the relationship of a target to its connectivity > might be similar to the determination of a child to its parent. That > wishful thinking shouldn't be overdone just because of the lack of > something useful to do might be frustrating. Instead, I think that > sometimes the notification about a target should just be dropped for > lack of anything at all useful to do. The concept of upstream adjacencies is based on the wishful thinking that determining the relationship of a target to its connectivity might be similar to the determination of a child to its parent. That wishful thinking shouldn't be misused just because of the frustration of there not being anyone responsive or responsible to notify. Some nonresponsive issues should just be dropped because the notification of upstream adjacency would either be inappropriate or similarly useless. Upstream adjacencies shouldn't be notified 'willy-nilly'. Here's an IP to play with, the one the OP posted from. You might wonder how to handle the notify if it were a zombie spamsource. It isn't listed in any meaningful db/s. SC would notify abuse@ca.mci.com for some complex reasons described at http://www.spamcop.net/sc?action=showroute;ip=216.95.192.131;typecodes=21,16 216.95.192.131 no rDNS has this parent child relationship whois -h whois.arin.net 216.95.192.131 ... UUNET Technologies, Inc. 216.94.0.0 - 216.95.255.255 abuse-mail@mci.com Cal Corporation 216.95.192.0 - 216.95.192.255 mcmullen@emstechnologies.ca [no reg'd abuse addy] So, you wouldn't mess with 'upstream adjacencies' -- you would notify the SC notify and you would notify the parent and you would be notifying them that Cal Corp and emstechnologies doesn't have a reg'd abuse addy. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.invalid Wed Mar 9 22:02:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 16:05:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: On Wed, 9 Mar 2005 13:38:04 -0500, Spamvireslayer coughed into spamcop and left this in : > OI!!! Please stop crossposting this stuff.... Oops... My bad. Sorry :( -- Steve If a deaf person has to go to court, is it still called a hearing? From nobody at nowhere.invalid Wed Mar 9 22:09:04 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Wed Mar 9 16:10:05 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: On Wed, 9 Mar 2005 14:38:18 -0500, Firewoman coughed into spamcop and left this in : > The only thing it's missing is a plea from a dethroned royal from somewhere > in Asia or Africa. :) > I've gotten several of these, hopefully you don't have your HTML on in > e-mail! My mailer is incapable of rendering HTML, let alone fetching images that are web-bugs. I wouldn't have it any other way! -- Steve "I once had a rose named after me and I was very flattered. But I was not pleased to read the description in the catalogue: No good in a bed, but fine up against a wall." -- Eleanor Roosevelt From nospam at dev.null Wed Mar 9 23:50:30 2005 From: nospam at dev.null (Anty Spam) Date: Wed Mar 9 16:50:04 2005 Subject: [SpamCop-List] Re: New WHOIS Forum? References: Message-ID: "Danny Goodman" wrote in message news:mailman.110.1110391921.4572.spamcop-list@news.spamcop.net... SNIP - > For example, I filed a formal Whois Data Problem Report on 5January2005 > claiming a couple of incorrect contact fields for a spamvertised domain (and > I didn't even mention the contact email address of test@test.com, so good > luck to the registrar in ever hearing back from the dude). Received a f/up > from InterNIC on 21February2005 (I think that's a tad more than 15 days, > isn't it?) asking me to advise whether the problem had been corrected. I > reported back that it had not. As of today (9March2005), the record is > unchanged and active, and the DNS resolves. > > In case you're wondering... > Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM Quite honestly I have had a good run with them at 100% hold rate. But then I do believe the formal http://wdprs.internic.net/ is too slow. I have verified the status of reports a week later and they are still not sent. You can verify this by clicking on the link you get to confirm. Eg: http://wdprs.internic.net/cgi/rpt.cgi?a=3&sid=XXXXXXXXX (Obfuscated) It should say "Current status is 'sent'", then it know it has gone through. I use this procedure for the Yesnic's of the world. Thirty days later I use http://reports.internic.net/cgi/registrars/problem-report.cgi. Always keep a copy. Submit the registrar complaint complete with previos submissions. At the moment opensrs/tucows are undergoing the treatment :-) It does work. although sometimes slowly. (Before I did this, typical yesnic domains would stay open for more than 7 months with Lionel Ritchie etc in the whois) I have been contacting ITSYOURDOMAIN.COM direct ( support at itsyourdomain dot com ), maybe that's the difference. I normally do a polite, though firm letter. I point out : "The customer's willful provision of inaccurate or unreliable information" as defined by ICANN. Their registrar agreement requires them to respond to all whois complaints from whoever, and as such this is a formal complaint. I point out ALL the discrepencies in the whois, any track record etc etc. Any pertinent transgression releveant to a particular namespace. ( Don't you just luv the reknown wally in S/America using .USdomains - it's gone in 48 hrs. Maybe he should register with Darwin-at-award.com. Duhhh....;-) I guess it's he who laughs last. Cheers From nospam at dev.null Thu Mar 10 00:06:06 2005 From: nospam at dev.null (Anty Spam) Date: Wed Mar 9 17:05:04 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: "Steven Maesslein" wrote in message news:slrnd2ueo1.2od.nobody@127.0.0.1... > I forget whether it was here or elsewhere, but recently there was a > short debate about the usefulness of classifying spam into various > categories such as "419", "pills", "mortgages" etc. > > I do happen to do that here just out of interest for changes in trends. > Nothing more. Note that a good deal of it is in languages I don't > understand, so it goes straight into the "unknown" mbox. > > Now, I came across one particular spam the other day that I really don't > know *how* to classify. It consisted of a single .gif image with this > text in it (all in caps of course): > > ----- > _We offer for you:_ > Best quality watches (list of brands) $199/item > Viagra, Cialis, Zyban & many others from $0.95/dose > Brand software (Example MS WIndows XP $50) > The lowest mortgage rates for you - don't lose your own money! > A genuine college degree in 2 weeks! > ----- > > > Where the hell do I store this one?!?!? > > -- > Steve > > guru, n: > A computer owner who can read the manual. Easy: Create the category AR_6747_Minnow_Pond_Dr_West_Bloomfield_MI_48322 File EVRYTHING that you may suspect there. In case of doubt, copy the mail to this category as well. If you are unsure if you did copy it, just do it again to be sure ... Then once a month, print ALL the mails to date out using refurb el-ceapo ink cartrides filled with any toxic/nuclear fallout, wrap it in brown paper to a non-standrd size, address it to this address with "postage to be paid addressee" Oh, please don't put a stamp on it! Want to keep mine as well ? From nospam at dev.null Thu Mar 10 00:08:33 2005 From: nospam at dev.null (Anty Spam) Date: Wed Mar 9 17:10:04 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: "Porpoise" wrote in message news:d0negc$jae$1@news.spamcop.net... ... > Store it? What the hell would you want to store it for? ;-) Why, as proof of bad whois. I have spam for the past two years. Identical spams with tracking codes works a charm when requiring proof with certain registrars. From nobody at devnull.spamcop.net Wed Mar 9 20:36:55 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Wed Mar 9 20:40:33 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against In-Reply-To: References: Message-ID: Steven Maesslein wrote: > My mailer is incapable of rendering HTML, let alone fetching images > that are web-bugs. I wouldn't have it any other way! Many spams I get have an embedded image that displays with Thunderbird, because it's not a web bug. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at xyzzy.claranet.de Thu Mar 10 02:44:52 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Mar 9 20:50:03 2005 Subject: [SpamCop-List] Re: about blacklist References: Message-ID: <422FA694.30C4@xyzzy.claranet.de> The Shetainhe wrote: > Please you can tell step by step me. Miss Betsy posted a nice FAQ some minutes after you: Message-ID If you don't find what you're looking for in this FAQ ask again, and mention the IP. Bye, Frank From nobody at xyzzy.claranet.de Thu Mar 10 02:55:39 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Wed Mar 9 21:00:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: <422FA91B.21@xyzzy.claranet.de> abuse@hanaro.com wrote: > This is Hanaro anti spam center. X-Posts in 3 out of 10 NGs without fup2 are far beyond rude, they are spam. > We would like to ask spews administrator to remove > 221.143.42.0/24 from their list. I hope that they add 210.94.1.21 to their list, but here's not the place to discuss this, go to nan-abl and ask for a listing of 210.94.1.21 > Thank you. No problem, HAND and FOAD. From nobody at devnull.spamcop.net Wed Mar 9 21:09:50 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 21:10:04 2005 Subject: [SpamCop-List] Re: how does 222.122.47.170 move around so much? References: Message-ID: "Berny" wrote in message news:d0mm54$3tt$1@news.spamcop.net... > I'm pretty sure I've seen this IP a lot, and it seems to move around between > kornet, sina, cnc-noc and probably others that I've either missed or > forgotten. How do they do that? I thought IP allocations were "relatively" > static. > > I guess I wouldn't be surprised if there was a wide conspiracy between the > hanas, kornet, elim and the chinese ISP's to shuffle spammers around, and > help keep their pill sites up. I thought that somebody would answer you by now. I am not sure whether you are talking about a website address or where the spam came from. However, I think that there was a discussion about how spammers are using false MX (?) - it was way above my head, but I vaguely remember that it looked as though the web site had moved. Miss Betsy From nobody at devnull.spamcop.net Wed Mar 9 21:13:22 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Wed Mar 9 21:10:17 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: "John E. Malmberg" wrote in message news:d0mpbp$61a$1@news.spamcop.net... > Miss Betsy wrote: > > wrote in message > > news:d0mate$tsj$1@news.spamcop.net... > > > > The spamcop blocklist and the SPEWS blocklist are two different > > blocklists. SpamCop blocklist is entirely automatic. When the > > spam stops, the IP address is delisted. > > As Skiwi pointed out on the first post, this is probably a spoof. > > 210.94.1.21 listed in cbl.abuseat.org ( 127.0.0.2 ) > > While it is coming from Hanaro IP space, it is coming from a currently > listed compromised computer, which makes it unlikely that it is actually > coming from anyone with authority at hanaro.com. I thought it was a little unlikely that abuse at hanaro would not know the difference between spamcop and spews or that they would attempt to get removed from spews. However, you never know - unless you read the headers! Miss Betsy From nobody at spamcop.net Thu Mar 10 07:56:07 2005 From: nobody at spamcop.net (nospam) Date: Wed Mar 9 23:00:12 2005 Subject: [SpamCop-List] Re: how does 222.122.47.170 move around so much? References: Message-ID: in article d0oa1l$3b4$1@news.spamcop.net, Miss Betsy at nobody@devnull.spamcop.net wrote on 3/10/05 6:09 AM: > > "Berny" wrote in message > news:d0mm54$3tt$1@news.spamcop.net... >> I'm pretty sure I've seen this IP a lot, and it seems to move > around between >> kornet, sina, cnc-noc and probably others that I've either > missed or >> forgotten. How do they do that? I thought IP allocations were > "relatively" >> static. >> >> I guess I wouldn't be surprised if there was a wide conspiracy > between the >> hanas, kornet, elim and the chinese ISP's to shuffle spammers > around, and >> help keep their pill sites up. > > I thought that somebody would answer you by now. I am not sure > whether you are talking about a website address or where the spam > came from. However, I think that there was a discussion about how > spammers are using false MX (?) - it was way above my head, but I > vaguely remember that it looked as though the web site had moved. > > Miss Betsy Spamvertizer (Pillz) in that noock of the internet that SC has trouble resolving. From nobody at spamcop.net Thu Mar 10 07:59:09 2005 From: nobody at spamcop.net (nospam) Date: Wed Mar 9 23:05:04 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: in article d0oa8a$3c5$1@news.spamcop.net, Miss Betsy at nobody@devnull.spamcop.net wrote on 3/10/05 6:13 AM: > "John E. Malmberg" wrote in message > news:d0mpbp$61a$1@news.spamcop.net... >> Miss Betsy wrote: >>> wrote in message >>> news:d0mate$tsj$1@news.spamcop.net... >>> >>> The spamcop blocklist and the SPEWS blocklist are two different >>> blocklists. SpamCop blocklist is entirely automatic. When the >>> spam stops, the IP address is delisted. >> >> As Skiwi pointed out on the first post, this is probably a spoof. >> >> 210.94.1.21 listed in cbl.abuseat.org ( 127.0.0.2 ) >> >> While it is coming from Hanaro IP space, it is coming from a > currently >> listed compromised computer, which makes it unlikely that it is > actually >> coming from anyone with authority at hanaro.com. > > I thought it was a little unlikely that abuse at hanaro would not > know the difference between spamcop and spews or that they would > attempt to get removed from spews. > > However, you never know - unless you read the headers! > > Miss Betsy It's not unlikely at all, in my opinion, that part timer probably only has a vague notion of what abuse and internet are. S/he is probably normally on the pubic relations staff. From SCNews.5.myspamgobbler at spamgourmet.com Wed Mar 9 23:19:42 2005 From: SCNews.5.myspamgobbler at spamgourmet.com (Brian (SnSR)) Date: Thu Mar 10 02:25:08 2005 Subject: [SpamCop-List] Help needed on connecting Ralsky to Pump'n Dump spam Message-ID: I'm thinking that spammy messed up, but the possibility of a joe-job is also there. Or is this actually legal? I doubt it because all of my pump'n dump spam uses forged headers and open proxies. Unfortunately, I am in the middle of a major project that needs my attention more than this does. I'm also extremely tired, so I may not be thinking clearly. It would be great if someone(s) has the time and gumption to look into this further. I've larted enforcement at sec dot gov, but who knows if human eyes ever see it. Here's what I see. www.spamcop.net/sc?id=z740531242za69846a29b493fe732132e54b2eef4e1z Received: from deltacup.info ([207.244.55.233]) 207.244.0.0/18 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Andrew Westmoreland. Address lookup lookup failed 207.244.55.233 Could not find a domain name corresponding to this IP address. Network Whois record Queried whois.arin.net with "!NET-207-244-52-0-1"... OrgName: Web Presence, Inc. OrgID: WEBPR-2 Address: 7065 West ann road Address: Suite 130-125 City: Las Vegas Web Presence Ralsky or Westmorland? Message body shows (other than invisible font)an image only, http://www.deltacup.info/grant/tomb.gif - The pump and dump spam. canonical name deltacup.info. aliases addresses 207.244.57.120 Domain ID:D9832894-LRMS Domain Name:DELTACUP.INFO Created On:08-Mar-2005 18:39:21 UTC Last Updated On:08-Mar-2005 21:44:58 UTC Expiration Date:08-Mar-2006 18:39:21 UTC Sponsoring Registrar:R126-LRMS Status:ACTIVE Status:OK Registrant ID:C9160459-LRMS Registrant Name:Raymond Sebastian Registrant Organization:creative marketing zone inc Registrant Street1:2484 A11 East Ave. Registrant City:Quezon City Registrant State/Province:QC Registrant Postal Code:10235 Registrant Country:PH Registrant Email:rsebastian2004@yahoo.com Name Server:NS1.WEBPLACEDNS.INFO Name Server:NS2.WEBPLACEDNS.INFO Network Whois record Queried whois.arin.net with "!NET-207-244-52-0-1"... OrgName: Web Presence, Inc. OrgID: WEBPR-2 Address: 7065 West ann road Address: Suite 130-125 City: Las Vegas StateProv: NV PostalCode: 89130 Country: US NetRange: 207.244.52.0 - 207.244.59.255 CIDR: 207.244.52.0/22, 207.244.56.0/22 NetName: WEB4PR-2-NET NetHandle: NET-207-244-52-0-1 Parent: NET-207-244-0-0-1 NetType: Reassigned NameServer: NS1.WEBPLACEDNS.INFO NameServer: NS2.WEBPLACEDNS.INFO Comment: RegDate: 2004-12-17 Updated: 2005-01-28 OrgTechHandle: VAL-ARIN OrgTechName: Allan, Victor OrgTechPhone: +1-877-935-1974 OrgTechEmail: victorallan@web4presence.com ------------------------------------- Address lookup canonical name NS1.WEBPLACEDNS.INFO. aliases addresses 207.244.52.254 Domain ID:D9494002-LRMS Domain Name:WEBPLACEDNS.INFO Created On:28-Jan-2005 01:36:05 UTC Last Updated On:28-Jan-2005 06:02:59 UTC Expiration Date:28-Jan-2006 01:36:05 UTC Sponsoring Registrar:R126-LRMS Status:ACTIVE Status:OK Registrant ID:C8707784-LRMS Registrant Name:Raymond Sebastian Registrant Organization:creative marketing zone inc Registrant Street1:2484 A11 East Ave. Registrant City:Quezon City Registrant State/Province:QC Registrant Postal Code:10235 Registrant Country:PH Registrant Email:rsebastian2004@yahoo.com ----------------- So the WEBPLACEDNS.INFO had the same domain registration data as DELTACUP.INFO, the pump'n dump spammers, which is being used by Web Presence, Inc. which controls a block of about 1800 with a physical address in Las Vegas. Did I miss something or did he screw up? Any suggestions? Brian From bar_n0ne at hotmail.com Thu Mar 10 11:34:44 2005 From: bar_n0ne at hotmail.com (Berny) Date: Thu Mar 10 02:35:06 2005 Subject: [SpamCop-List] mortgage spammer: where do I go from here? Message-ID: I peeled this (below) off of DNS stuff: tu summarize we have DNS servers and broken web site4 hosted by the same people, and registrants email is not valid (no MX record for yahoo.af) so where can I go from here with larts? It's be nice to shut down the dns. Looking up 2005-mort-gages.com at whois.000domains.com. Using 0 day old cached answer (or, you can get fresh results). Displaying E-mail address (use sparingly -- this will make it more likely that you will trigger our rate limiting system). Domain: 2005-MORT-GAGES.COM Registrant/Owner: 000-01356 NONE 39 Valley Rd. na Capetown, 93jjh ZA Administrative Contact: 000-01356 Ray Mcorbison 39 Valley Rd. na Capetown, 93jjh ZA +1.378827756 r.mcorbison2982@yahoo.af Technical Contact: 000-01356 Ray Mcorbison 39 Valley Rd. na Capetown, 93jjh ZA +1.378827756 r.mcorbison2982@yahoo.af Created on 2005-03-04 Updated on 2005-03-04 Expires on 2006-03-04 Nameservers: NS1.EASY-FINANCES.NET NS2.EASY-FINANCES.NET ns1.easy-finances.net. A IN 172800 134.86.254.10 ns2.easy-finances.net. A IN 172800 65.223.42.2 I was referred to whois.000domains.com; I'm looking it up there. Using 2 day old cached answer (or, you can get fresh results). Hiding E-mail address (you can get results with the E-mail address). Domain: EASY-FINANCES.NET Registrant/Owner: 000-01356 NONE 39 Valley Rd. na Capetown, 93jjh ZA Administrative Contact: 000-01356 Ray Mcorbison 39 Valley Rd. na Capetown, 93jjh ZA +1.378827756 ***************@yahoo.af Technical Contact: 000-01356 Ray Mcorbison 39 Valley Rd. na Capetown, 93jjh ZA +1.378827756 ***************@yahoo.af Created on 2005-03-04 Updated on 2005-03-04 Expires on 2006-03-04 Nameservers: NS1.EASY-FINANCES.NET NS2.EASY-FINANCES.NET Getting MX record for yahoo.af... Received an NXDOMAIN response. This means that the yahoo.af domain does not exist! No mail can be sent to it. From nobody at nowhere.invalid Thu Mar 10 11:05:13 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 10 05:11:31 2005 Subject: [SpamCop-List] Re: Classifying spam - arguments for and against References: Message-ID: On Wed, 09 Mar 2005 20:36:55 -0500, Sofa King Tyred of Lar Ting coughed into spamcop and left this in : > Steven Maesslein wrote: >> My mailer is incapable of rendering HTML, let alone fetching images >> that are web-bugs. I wouldn't have it any other way! > > Many spams I get have an embedded image that displays with Thunderbird, > because it's not a web bug. It would just show up as an attachment here. -- Steve The only person to get all of his work done by Friday was Robinson Crusoe From nobody at nowhere.invalid Thu Mar 10 11:06:33 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 10 05:12:51 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: <422FA91B.21@xyzzy.claranet.de> Message-ID: On Thu, 10 Mar 2005 02:55:39 +0100, Frank Ellermann coughed into spamcop and left this in <422FA91B.21@xyzzy.claranet.de>: > X-Posts in 3 out of 10 NGs without fup2 are far beyond rude, > they are spam. What else do you expect from Hanaro? Isn't it a well-established fact that Hanaro is nothing but spam, 100% of the time? :) -- Steve The only person to get all of his work done by Friday was Robinson Crusoe From nobody at nowhere.invalid Thu Mar 10 11:07:17 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 10 05:12:58 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) References: Message-ID: On Thu, 10 Mar 2005 07:59:09 +0400, nospam coughed into spamcop and left this in : > It's not unlikely at all, in my opinion, that part timer probably only has a > vague notion of what abuse and internet are. S/he is probably normally on > the pubic relations staff. ~~~~~ Please tell me that was a typo... -- Steve Doctors can be frustrating. You wait six weeks for an appointment and he says, "I wish you'd come to me sooner." From me at email.net Thu Mar 10 06:54:04 2005 From: me at email.net (LS) Date: Thu Mar 10 07:55:05 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: Any ideas? "LS" wrote in message news:d09lmb$qak$1@news.spamcop.net... >I was using OE to forward as attachment. I tried Outlook 2003 with >olspamcop and it always came back with no headers found. I tried their >tech support for a couple months and never got anywhere. > > If it's working for you, there must be a setting I'm missing somewhere. > > LS > > "Patto" wrote in message > news:d0946i$c93$1@news.spamcop.net... >> LS wrote: >>> I currently report Spam to Spamcop using Outlook Express 6 for my >>> Mediacom email and my hotmail email. It works perfectly. >>> >>> When I load the messages I get from my personal Exchange 2003 server I >>> get a email back saying no headers found. I'm using the same method >>> with OE to send it. It has to be something my server is doing to mess >>> up the headers. >>> >>> None of the faq's or newsgroups on spamcop.net help with the server. I >>> am using ORFilter on the server. Does it do something to the headers? >>> Is there a setting on the server to leave the headers alone? >>> >>> Any ideas? I sent money to Spamcop and would like to use it. :) hehe I >>> am with the others, just not the most important one, my personal server. >>> >>> Thanks in advance! >>> >>> LS >> >> As Frank explained in his post, Exchange Server messes with the headers. >> >> You write that you use Outlook Express with the Exchange Server? Does >> that work at all? >> >> I use the Outlook 2003 client with Exchange Server. On that I have a >> little plug-in called OLSpamCop (http://olspamcop.org/) that can "fix" >> the headers for SpamCop, and forward the corrected messages to SC. > > From turan.fe at web.de Thu Mar 10 13:59:07 2005 From: turan.fe at web.de (Turan Fettahoglu) Date: Thu Mar 10 08:00:06 2005 Subject: [SpamCop-List] Re: Vanishing 419s? References: Message-ID: > I used to get 2 to 6 per day. Since 3/3 I haven't gotten any. I am > researching what I did to deserve that. In the past weeks I got lots and lots of them. I always warn their provider and send rubbish answers to the senders, but they do not delete me from their address lists. Could it be that the 419 mugus prefer European victims at the moment? Turan From devnull at spamcop.net Thu Mar 10 08:33:30 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Mar 10 08:35:04 2005 Subject: [SpamCop-List] internap.com and abuse processing. Message-ID: Just got off the phone with internap.com corp.HQ about one very insistent spammer. One of their higher ups let slip that they basically ignore all abuse complaints and are only (mildly) concerned when their system is listed in SPEWS Most telling comment 'even Apple gets accused of spam' as if that somehow excuses their system from any culpability for not addressing clear TOS/AUP violations on the part of their clients. And the ultimate solution to my problem? The head of the abuse department will *personally* contact the offender and *make* him remove my addy. From nobody at nowhere.invalid Thu Mar 10 15:17:05 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 10 09:20:04 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: On Thu, 10 Mar 2005 06:54:04 -0600, LS coughed into spamcop and left this in : > Any ideas? clue what you're on about. There was no context above your question so I don't have the faintest About what? -- Steve "Here, Outlook Express, run this program!" "Okay, stranger." From nobody at nowhere.invalid Thu Mar 10 15:19:17 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Thu Mar 10 09:20:26 2005 Subject: [SpamCop-List] Re: internap.com and abuse processing. References: Message-ID: On Thu, 10 Mar 2005 08:33:30 -0500, Frog Prince coughed into spamcop and left this in : > And the ultimate solution to my problem? The head of the abuse department > will *personally* contact the offender and *make* him remove my addy. Ah. Intercrap. Prepare yourself for an onslaught of abuse. Intercrap customers like using revenge tactics. If you're lucky they might just listwash you but don't bank on it. -- Steve "Here, Outlook Express, run this program!" "Okay, stranger." From nobody at spamcop.net Thu Mar 10 09:24:06 2005 From: nobody at spamcop.net (Anti-Spam) Date: Thu Mar 10 09:25:05 2005 Subject: [SpamCop-List] Re: Adjacencies References: Message-ID: "Mike Easter" wrote in message news:d0nmio$nr2$1@news.spamcop.net... > snip > Thanks. Very informative. -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: much@tnnbhy.net (generated by Webpoison) From devnull at spamcop.net Thu Mar 10 09:28:17 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Mar 10 09:50:05 2005 Subject: [SpamCop-List] Re: internap.com and abuse processing. References: Message-ID: Thanks, Is OK. I know where they live (literally) and I know a goodly number of the offender's clients (perhaps soon to be former clients) personally. A real old country boy I know once told me he 'does get even, he plans to gets ahead'. "Steven Maesslein" wrote in message news:slrnd30lr5.21g.nobody@127.0.0.1... | On Thu, 10 Mar 2005 08:33:30 -0500, Frog Prince coughed into spamcop and | left this in : | | > And the ultimate solution to my problem? The head of the abuse department | > will *personally* contact the offender and *make* him remove my addy. | | Ah. Intercrap. | | Prepare yourself for an onslaught of abuse. Intercrap customers like | using revenge tactics. If you're lucky they might just listwash you but | don't bank on it. | | -- | Steve | | "Here, Outlook Express, run this program!" "Okay, stranger." From MikeE at ster.invalid Thu Mar 10 07:12:29 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 10:15:05 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: Berny wrote: > tu summarize we have DNS servers and broken web site4 hosted by the > same people, and registrants email is not valid (no MX record for > yahoo.af) so where can I go from here with larts? It's be nice to > shut down the dns. The best way to notify about bad domain registration information is with the webform at internic http://wdprs.internic.net/ - Whois Data Problem Report System When you use that form, ostensibly the registrar 000domains is notified and supposedly internic follows up, according to the following: All accredited registrars have agreed with ICANN to obtain contact information from registrants, to provide it publicly by a Whois service, and to investigate and correct any reported inaccuracies in contact information for domain names registered through them. Reports submitted through this facility will be forwarded to the appropriate registrar for handling, and the progress of your report will be tracked. > r.mcorbison2982@yahoo.af However, it is likely that the registrar may be 'sensitive' to the fact that some registrants don't like their addy being harvested from the whois process. It is also possible that the 'presumed' addy of r.mcorbison2982@yahoo.com may be a legitimate address. You can't tell by testing it for acceptance without mailing to it, as the mailserver at yahoo agrees to accept mail to the address and it also agrees to accept mailto a bogus addy. 220 YSmtp mta168.mail.mud.yahoo.com ESMTP service ready RCPT TO: 250 recipient ok RCPT TO: 250 recipient ok > Technical Contact: 000-01356 > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > r.mcorbison2982@yahoo.af > > Created on 2005-03-04 That is a brandnew creation. > Nameservers: > NS1.EASY-FINANCES.NET > NS2.EASY-FINANCES.NET > Domain: EASY-FINANCES.NET > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > Created on 2005-03-04 > Nameservers: > NS1.EASY-FINANCES.NET > NS2.EASY-FINANCES.NET Nameservice serves itself. Also brandnew registration > Getting MX record for yahoo.af... Received an NXDOMAIN response. > > This means that the yahoo.af domain does not exist! No mail can be > sent to it. That is correct. However, there is [also] a yahoo.com.af which has a reg'd mailserver called nomail, but that mailserver doesn't answer, as you might expect from its name. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Thu Mar 10 09:46:51 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 10:50:03 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: In article , "Mike Easter" writes: > > However, it is likely that the registrar may be 'sensitive' to the fact > that some registrants don't like their addy being harvested from the > whois process. It is also possible that the 'presumed' addy of > r.mcorbison2982@yahoo.com may be a legitimate address. You can't tell > by testing it for acceptance without mailing to it, as the mailserver at > yahoo agrees to accept mail to the address and it also agrees to accept > mailto a bogus addy. Try to create a new YAHOO account with that e-mail address and see if you get it. -John wb8tyw@qsl.network Personal Opinion Only From DougThegarden at hotmail.com Thu Mar 10 16:42:14 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Thu Mar 10 11:45:05 2005 Subject: [SpamCop-List] Re: SPEWS: A removal request of 221.143.42.0/24 (S2717) In-Reply-To: References: Message-ID: Steven Maesslein wrote: > On Thu, 10 Mar 2005 07:59:09 +0400, nospam coughed into spamcop and left > this in : > > >>It's not unlikely at all, in my opinion, that part timer probably only has a >>vague notion of what abuse and internet are. S/he is probably normally on >>the pubic relations staff. > > ~~~~~ > Please tell me that was a typo... > No, its correct. In Spam organisations they have people whose job is to screw everybody instead of the normal public relations ;-) Doug From feldethom2165 at email2me.net Thu Mar 10 07:51:23 2005 From: feldethom2165 at email2me.net (Fred k) Date: Thu Mar 10 11:55:10 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: "Mike Easter" wrote in message news:d0po2b$qev$1@news.spamcop.net... > However, it is likely that the registrar may be 'sensitive' to the fact > that some registrants don't like their addy being harvested from the > whois process. It is also possible that the 'presumed' addy of > r.mcorbison2982@yahoo.com may be a legitimate address. You can't tell > by testing it for acceptance without mailing to it, as the mailserver at > yahoo agrees to accept mail to the address and it also agrees to accept > mailto a bogus addy. Unless I am not getting what you mean, or what the reply I got from sending an email to Yahoo. I think Yahoo has changed their system. Recipient address: r.mcorbison2982@yahoo.com Reason: SMTP transmission failure has occurred Diagnostic code: smtp;554 delivery error: dd This user doesn't have a yahoo.com account (r.mcorbison2982@yahoo.com) [0] - mta217.mail.dcn.yahoo.com Remote system: dns;mx2.mail.yahoo.com (TCP|208.138.130.80|42698|67.28.114.36|25) (YSmtp mta217.mail.dcn.yahoo.com ESMTP service ready) Fred k From nobody at devnull.spamcop.net Thu Mar 10 13:02:30 2005 From: nobody at devnull.spamcop.net (Pop) Date: Thu Mar 10 13:05:11 2005 Subject: [SpamCop-List] OT: Re: internap.com and abuse processing. References: Message-ID: ... > A real old country boy I know once told me he 'does get even, he plans to > gets ahead'. ... Small world: Not ten minutes before I read your post, I added my now current new signature to my e-mails. I'm old, but not real old, and I doubt I ever had the opportunity to tell you that, but it's good to know there's at least one other person in the world that believes in it! ;-] Regards, Pop -- I never bother to get even. But, I try hard to get AHEAD of the little bass turds! From DougThegarden at hotmail.com Thu Mar 10 18:26:40 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Thu Mar 10 13:30:04 2005 Subject: [SpamCop-List] Amusing spammer text Message-ID: The random text, just below the click on URL, on a just received spam seems oh so appropriate ;-) > And don't do it... Sometimes I lie awake at night, and I ask, "Where have I gone wrong?" Doug From devnull at spamcop.net Thu Mar 10 14:04:30 2005 From: devnull at spamcop.net (Frog Prince) Date: Thu Mar 10 14:05:25 2005 Subject: [SpamCop-List] Re: Re: internap.com and abuse processing. References: Message-ID: "Pop" wrote in message news:d0q23j$t2$1@news.spamcop.net... | ... | > A real old country boy I know once told me he 'does gets even, he plans to | > gets ahead'. | ... | Small world: Not ten minutes before I read your post, I added my now | current new signature to my e-mails. | I'm old, but not real old, and I doubt I ever had the opportunity to tell | you that, but it's good to know there's at least one other person in the | world that believes in it! ;-] | | Regards, | | Pop | -- | I never bother to get even. | But, I try hard to get AHEAD | of the little bass turds! By get ahead he means to pay back in spades. From MikeE at ster.invalid Thu Mar 10 11:43:35 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 14:45:04 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: Fred k wrote: > "Mike Easter" >> addy of r.mcorbison2982@yahoo.com may be a legitimate address. You >> can't tell by testing it for acceptance without mailing to it, as >> the mailserver at yahoo agrees to accept mail to the address and it >> also agrees to accept mailto a bogus addy. > > Unless I am not getting what you mean, or what the reply I got from > sending an email to Yahoo. I think Yahoo has changed their system. You aren't getting what I mean. Your test is different from what I did. Your test is informative; mine wasn't in this case. Your test will always be informative, ie mean more than what I did. Sometimes mine will be. > Recipient address: r.mcorbison2982@yahoo.com > Reason: SMTP transmission failure has occurred > Diagnostic code: smtp;554 delivery error: dd This user doesn't have > a yahoo.com account (r.mcorbison2982@yahoo.com) [0] - > mta217.mail.dcn.yahoo.com > Remote system: dns;mx2.mail.yahoo.com > (TCP|208.138.130.80|42698|67.28.114.36|25) (YSmtp > mta217.mail.dcn.yahoo.com ESMTP service ready) What you are seeing there is a failed attempt to 'actually' mail to the addy. That is, what failed above was a mail. This... Mike Easter wrote: > 220 YSmtp mta168.mail.mud.yahoo.com ESMTP service ready > > RCPT TO: > 250 recipient ok > > RCPT TO: > 250 recipient ok ... is a test for whether the 'rcpt to' command will fail or succeed with the MX. When it is informative, it allows the evaluation of an addy/username without actually mailing. When it isn't informative, you don't learn anything -- which I didn't. Some mail servers will fail at the rcpt to when the username will fail to deliver; others say 'ok' but then can't deliver. As you can see in the item to bogus66367 [assuming there isn't one of those] -- in both cases yahoo sed 'ok' -- indicating the rcpt to is non-informative in the case of the yahoo server. Some people don't like to 'actually' email an address to determine its veracity. -- Mike Easter kibitzer, not SC admin From nospam at dev.null Thu Mar 10 22:52:35 2005 From: nospam at dev.null (Anty Spam) Date: Thu Mar 10 15:55:32 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: "Berny" wrote in message news:d0otan$cit$1@news.spamcop.net... > I peeled this (below) off of DNS stuff: > > tu summarize we have DNS servers and broken web site4 hosted by the same > people, and registrants email is not valid (no MX record for yahoo.af) so > where can I go from here with larts? It's be nice to shut down the dns. > > Looking up 2005-mort-gages.com at whois.000domains.com. > > > Using 0 day old cached answer (or, you can get fresh results). > Displaying E-mail address (use sparingly -- this will make it more likely > that you will trigger our rate limiting system). > > Domain: 2005-MORT-GAGES.COM > > Registrant/Owner: 000-01356 > NONE > 39 Valley Rd. > na Capetown, 93jjh > ZA > > Administrative Contact: 000-01356 > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > r.mcorbison2982@yahoo.af > > Technical Contact: 000-01356 > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > r.mcorbison2982@yahoo.af > > Created on 2005-03-04 > Updated on 2005-03-04 > Expires on 2006-03-04 > > Nameservers: > NS1.EASY-FINANCES.NET > NS2.EASY-FINANCES.NET > ns1.easy-finances.net. A IN 172800 134.86.254.10 > ns2.easy-finances.net. A IN 172800 65.223.42.2 > > I was referred to whois.000domains.com; I'm looking it up there. > > > > Using 2 day old cached answer (or, you can get fresh results). > Hiding E-mail address (you can get results with the E-mail address). > > Domain: EASY-FINANCES.NET > > Registrant/Owner: 000-01356 > NONE > 39 Valley Rd. > na Capetown, 93jjh > ZA > > Administrative Contact: 000-01356 > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > ***************@yahoo.af > > Technical Contact: 000-01356 > Ray Mcorbison > 39 Valley Rd. > na Capetown, 93jjh > ZA > +1.378827756 > ***************@yahoo.af > > Created on 2005-03-04 > Updated on 2005-03-04 > Expires on 2006-03-04 > > Nameservers: > NS1.EASY-FINANCES.NET > NS2.EASY-FINANCES.NET > > Getting MX record for yahoo.af... Received an NXDOMAIN response. > > This means that the yahoo.af domain does not exist! No mail can be sent to > it. > Too late. 000domains has already put them on hold, together with easy-finances.net.! As I mentioned in another thread, 000domains are quite jacked. Turnaround for this party's (Al..Ra...) HOLD as soon as reported is less than 24hrs. Then the caches all over just needs to expire.:-( In my mail to 000domains: "Tel Nr is NOT for ZA. ZA starts with +27 then 21 (if Telkom for Cape Town ), or: 82 or 72 (If Vodacom mobile), 83 (If MTN Mobile) , 84 (if CEll-C mobile), then 7 more digits. These are the only possibilities +1.378827756 would appear to be USA, except it is one digit short. Also the Postal code, 93jjh, is bad. Cape Town is a 4 digit numeric, starting with either 7..., or 8... This is controlled via the "South African Post Office". Can be verified, codes at http://www.sapo.co.za/cms/templates/postcodes.asp " The support at 000domains actually does work. Just make sure you have the bullet-proof evidence. I have submitted about 10 of this spammers domains to 000domains. They beat me to it themselves on 2 ...;-) Cheers From me at here.com Thu Mar 10 18:17:09 2005 From: me at here.com (Me) Date: Thu Mar 10 18:20:13 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Miss Betsy" wrote in message news:d0mms5$4i7$1@news.spamcop.net... > Why Am I Blocked? That's what I'd like to now... > Probable Causes > > If your email has suddenly been blocked by the SpamCop blocklist, > it is probably because you share an IP address with other email > users and there is someone who: My single IP address hosts six different MX records, all of them are related to the corporation and its sub-division, neither of them send spams. > > * is using auto-responses that are replying to spam with forged > spamtrap email addresses (such as Out-of-Office/Vacation notices, > virus notifications, and 'created email' bounces); Nope.. > * has a computer with a virus that sends spam without the > owner's knowledge; The internal network does not have outbound port 25 Internet access, only the server IP blocked by SpamCop can send outbound emails. There's no viruses on this system. > * has a computer that has been compromised and spammers are > remotely controlling it to transmit their spew; Nope... > * is sending unsolicited emails and your internet service > provider is allowing it; My ISP does not control our emails, nor do we send unsolicited emails. > * or because, as in all systems, there may have been a mistake. > (very rare) It seems mine could be one of such "rare case", which raises some questions. Why can't I contact someone directly at SpamCop? My email system is critical to my company and we can easily loose business because of SpamCop's action. I've already reported the error through they web site, but there's been no response whatsoever. I'd expect at least an aknowledgement of receiving my request. Additionally to your suggestion my email server does not allow: 1. mail-relay 2. SMTP/AUTH So, what gives? PS: This is not my real email address. From MikeE at ster.invalid Thu Mar 10 15:39:44 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 18:40:19 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: Me wrote: > "Miss Betsy" >> Why Am I Blocked? > > That's what I'd like to now... Start by giving the IP address which is blocked -- else we aren't talking about anything yet. > So, what gives? Or, if you like, you can stick it in here http://www.spamcop.net/bl.shtml -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 18:48:58 2005 From: me at here.com (Me) Date: Thu Mar 10 18:50:08 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: >> That's what I'd like to now... > > Start by giving the IP address which is blocked -- else we aren't > talking about anything yet. That would be useful, I know, but I am also hesitant to give out the IP. There's enough problems already, you could say it is a matter of trust... > >> So, what gives? > > Or, if you like, you can stick it in here > http://www.spamcop.net/bl.shtml I've done that earlier today, but there was no response to the de-listing request. > Mike Easter > kibitzer, not SC admin Kibitzer or not, thanks for trying... From nobody at spamcop.net Thu Mar 10 16:28:45 2005 From: nobody at spamcop.net (Yours Truly) Date: Thu Mar 10 19:30:03 2005 Subject: [SpamCop-List] 419: Briefly from the Vancouver Sun, March 10 Message-ID: Employee lost $4.6 million to Nigerian scam, company says. Richmond-based Acrohelipro Global Services was defrauded of $4.6 million by an employee who claims to have lost the money in a Nigerian mail scam, Acrohelipro's parent company, Vector Aerospace alleges. ------------------ Interestingly, the article goes on to say that the company [thought it had] made $3 million profit last year. They will have to re-work their financial statement, probably :-) From Nobody at Spamcop.net Thu Mar 10 19:45:24 2005 From: Nobody at Spamcop.net (Nobody) Date: Thu Mar 10 20:50:03 2005 Subject: [SpamCop-List] Protected Internal Link Message-ID: <4230F834.6B0D622@Spamcop.net> Please see SpamCop report (with link to original spam) posted over in Spamcop.spam. http://www.spamcop.net/sc?id=z740827621z57579dd66962de11dc8fa4c9b7faf3f2z Looking for help with protected internal link: SpamCop cannot parse, Whois cannot find site. Best regards, Michael From eddie at eddie.web Thu Mar 10 21:02:50 2005 From: eddie at eddie.web (eddie) Date: Thu Mar 10 21:05:03 2005 Subject: [SpamCop-List] Re: 419: Briefly from the Vancouver Sun, March 10 References: Message-ID: On Thu, 10 Mar 2005 16:28:45 -0800, Yours Truly scratched out the following: > Employee lost $4.6 million to Nigerian scam, company says. In the year 2005, anyone who loses money to the Nigerian scam probably didn't deserve to have it anyway :) -- Once movie theaters gave out steak knives Today they confiscate them From nobody at devnull.spamcop.net Thu Mar 10 21:24:00 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Thu Mar 10 21:30:18 2005 Subject: [SpamCop-List] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Miss Betsy" wrote in message > news:d0mms5$4i7$1@news.spamcop.net... >> * has a computer with a virus that sends spam without the >>owner's knowledge; > > > The internal network does not have outbound port 25 Internet access, only > the server IP blocked by SpamCop can send outbound emails. There's no > viruses on this system. There are ways to confirm that objectively, as it could be true -- you didn't mention the IP address, however. I can see that you're apparently posting news via NNTP from this address: > NNTP-Posting-Host: ool-4357014f.dyn.optonline.net optonline.net has more than a few IP addresses that are spewing emails, very likely as zombied PCs infected with trojans. Perhaps your request to spamcop has no relation to optonline.net. In any case, you may be interested to see more about a typical IP address that's problematic on their network: http://www.senderbase.org/search?searchBy=ipaddress&searchString=24.46.29.127 My own ISP has its fair share of zombied PCs, and I've had to deal with "collateral" damage occasionally, although not directly related to spamcop. Spamfighting is a veritable war; war is hell. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From nobody at spamcop.net Fri Mar 11 06:57:42 2005 From: nobody at spamcop.net (nospam) Date: Thu Mar 10 22:00:07 2005 Subject: [SpamCop-List] Re: mortgage spammer: where do I go from here? References: Message-ID: in article d0qbuo$693$1@news.spamcop.net, Anty Spam at nospam@dev.null wrote on 3/11/05 12:52 AM: > > "Berny" wrote in message > news:d0otan$cit$1@news.spamcop.net... >> I peeled this (below) off of DNS stuff: >> >> tu summarize we have DNS servers and broken web site4 hosted by the same >> people, and registrants email is not valid (no MX record for yahoo.af) so >> where can I go from here with larts? It's be nice to shut down the dns. >>SNIP > > Too late. 000domains has already put them on hold, together with > easy-finances.net.! > >SNipped Cool, Thank you very much! From wb8tyw at qsl.network Thu Mar 10 22:24:31 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 22:25:16 2005 Subject: [SpamCop-List] Re: Blocked? Read this. In-Reply-To: References: Message-ID: [followups set to spamcop.help] Me wrote: >>>That's what I'd like to now... >> >>Start by giving the IP address which is blocked -- else we aren't >>talking about anything yet. > > That would be useful, I know, but I am also hesitant to give out the IP. > There's enough problems already, you could say it is a matter of trust... With out the IP address, it is impossible to provide much more than the FAQ section draft that you quoted. With an IP address, there are several posters here that can check the public internet archives to see what shows up. The people who would cause your mail server problems are already scanning all the I.P. addresses for known vulnerabilities. Mentioning your I.P. address should not increase that exposure. >>>So, what gives? >> >>Or, if you like, you can stick it in here >>http://www.spamcop.net/bl.shtml > > I've done that earlier today, but there was no response to the de-listing > request. As the de-listing request through the form is a one-shot, and you do not know what caused the listing, that may not have been that useful, as the original problem would likely cause a relisting, and then you will have to wait up to the 48 hours after the last report. Unless it can be shown that it was a spamcop.net error that caused the listing. -John wb8tyw@qsl.network Personal Opinion Only From MikeE at ster.invalid Thu Mar 10 19:56:19 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 22:55:10 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: Me wrote: >> Start by giving the IP address which is blocked -- else we aren't >> talking about anything yet. > > That would be useful, I know, but I am also hesitant to give out the > IP. There's enough problems already, you could say it is a matter of > trust... You're hesitant to give an IP address? Here, let me break some ice for you/us. Your current IP is 67.87.1.79 rDNS ool-4357014f.dyn.optonline.net which is probably/presumably geographically somewhere around Stamford CT My current IP is 64.203.51.197 rDNS user-10cmcu5.cable.mindspring.com which is presumably somewhere around San Diego, CA. So what? Is your or my identity somehow outed now that we're talking about IPs which are a lot closer to your meatspace self than some silly output IP of some mailserver we can't talk about yet? What is the big deal about giving the IP of the output IP for some mail server, for goodness sake? How can that be a useful identity secret when compared to your own IP which isn't concealed by some kind of anonymous remailer to a newsserver? You have your security priorities all screwed up. If you want to be secure in your identity, you are going to have to go about it somehow besides not talking about the IP you want to talk about but you don't want to name. furrfu >> Or, if you like, you can stick it in here >> http://www.spamcop.net/bl.shtml > > I've done that earlier today, but there was no response to the > de-listing request. I didn't give you that link for you to use to delist. I gave you that link to stick in the IP in question so that you could begin to get a clue about why it was SCbl listed, if it fact it was. Most likely, if you would 'bravely' expose the stupid thing, someone here might tell you a lot more about what kind of problems it has. -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 23:06:21 2005 From: me at here.com (Me) Date: Thu Mar 10 23:10:14 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d0qvjq$ha0$1@news.spamcop.net... >> The internal network does not have outbound port 25 Internet access, only >> the server IP blocked by SpamCop can send outbound emails. There's no >> viruses on this system. > > There are ways to confirm that objectively, as it could be true -- you > didn't mention the IP address, however. My statement has been confirmed objectively and I am also aware as to how to do. I didn't not post the IP since there should be no "other independent" confirmation or additional spam report to SpamCop. > > I can see that you're apparently posting news via NNTP from this address: > > > NNTP-Posting-Host: ool-4357014f.dyn.optonline.net So? > > optonline.net has more than a few IP addresses that are spewing emails, > very likely as zombied PCs infected with trojans. > > Perhaps your request to spamcop has no relation to optonline.net. Bingo... > > In any case, you may be interested to see more about a typical IP address > that's problematic on their network: > > http://www.senderbase.org/search?searchBy=ipaddress&searchString=24.46.29.127 So, what is that got to do with my issue with SpamCop, or even with my actual Optonline IP? Just for your knowledge most, if not all cable service provider issues DHCP IPs for their subscribers. Should I shut down my cable modem, then the next time I'll have a different IP address. That IP might already be on the SpamCop BL despite the fact, that I have nothing to do with the previous history of the IP address currently assigned to me. That's not fair and this where SpamCop is dead wrong for listing cable providers' dynamically assigned IP addresses. They are not blocking spemmers IPs all the time, they BL also blocks legitimate email traffic. > My own ISP has its fair share of zombied PCs, and I've had to deal with > "collateral" damage occasionally, although not directly related to > spamcop. Spamfighting is a veritable war; war is hell. If spam fighting is a war, then we are loosing judging by the percentage of spam increase on my spam filtering server at work since lart year. You might of had to deal with collateral damage related to the zombie home PCs, but I have to addresses lost businesses because SpamCop's action. Our business relies heavily on the email systems and we most certainly would not do anything to hurt our own business by sending out spam. We do require from our email server to auto-reply to undeliverable emails due to the business requiremnents. Our clients and partners do require notification should email not reach the intended recipient. My company can loose money, if our email servers aren't doing this. This is RFC822 compliant and SpamCop should not arbitrary change the RFC. > Help fight spam by "educating" the lax, zombie-hosting ISPs: How? By implementing non-RFC compliant arbitrary rule and punishing people for the previous sins of their current IP address? The worst is that in the US anyone is considered innocent until proven guilty. The exception is SpamCop where they pronounce you guilty and then you have jump through loops to prove that your are not guilty. And for what? Marginal effect at best to the Spam emails. SpamCop's action does hurt legitimate businesses and does nothing to the spammers. The spammers can switch email servers on a dime, but I cannot. My only options are to change the server IP address, or hope that there will be no other self rightious people who forgot that they did actually subscribe to your email notification. From MikeE at ster.invalid Thu Mar 10 20:10:53 2005 From: MikeE at ster.invalid (Mike Easter) Date: Thu Mar 10 23:10:34 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: Me wrote: <60 lines of palaver without naming the IP yet> I think it's time to stop reading this thread. -- Mike Easter kibitzer, not SC admin From me at here.com Thu Mar 10 23:15:38 2005 From: me at here.com (Me) Date: Thu Mar 10 23:20:12 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r5lq$kjo$1@news.spamcop.net... > Me wrote: > > <60 lines of palaver without naming the IP yet> > > I think it's time to stop reading this thread. Do I need other self-rightious people to report my server's IP address as a source of spam? No thank you, I've already experienced the affect of that. You guys are a bunch of idiots who seems to think that you are doing something useful, which you are not. From me at here.com Thu Mar 10 23:17:14 2005 From: me at here.com (Me) Date: Thu Mar 10 23:20:27 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r4qf$k2r$1@news.spamcop.net... > You're hesitant to give an IP address? Here, let me break some ice for > you/us. Ooh, you are so smart!! You didn't think that I am aware this, did you? From wb8tyw at qsl.network Thu Mar 10 23:24:20 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 23:25:08 2005 Subject: [SpamCop-List] Re: Blocked? Read this. In-Reply-To: References: Message-ID: [followups set to spamcop.help] Me wrote: > "Miss Betsy" wrote in message > news:d0mms5$4i7$1@news.spamcop.net... > >>Probable Causes >> >>If your email has suddenly been blocked by the SpamCop blocklist, >>it is probably because you share an IP address with other email >>users and there is someone who: > > My single IP address hosts six different MX records, all of them are related > to the corporation and its sub-division, neither of them send spams. That you are aware of. We [tinw] have basically heard that story before. Usually the inhabitants of this newsgroup can find what the problem is from the I.P. address. So far there was only one case that stumped us [tinu], but we got feedback about what the real cause was, and it was a security problem with the mail server. >> * is using auto-responses that are replying to spam with forged >>spamtrap email addresses (such as Out-of-Office/Vacation notices, >>virus notifications, and 'created email' bounces); > > Nope.. Good. Does any of your users have an anti-spam product that claims it can bounce spam back to the source? Users of those can get your mail server listed in many places, many of them much harder to get out of than the spamcop.net service. >> * has a computer with a virus that sends spam without the >>owner's knowledge; > > The internal network does not have outbound port 25 Internet access, only > the server IP blocked by SpamCop can send outbound emails. There's no > viruses on this system. We have also heard that before... >> * has a computer that has been compromised and spammers are >>remotely controlling it to transmit their spew; > > Nope... Are you using a packet analyzer to monitor, or are just relying on virus scanners and mail server logs? >> * is sending unsolicited emails and your internet service >>provider is allowing it; > > My ISP does not control our emails, nor do we send unsolicited emails. > > >> * or because, as in all systems, there may have been a mistake. >>(very rare) > > It seems mine could be one of such "rare case", which raises some questions. > Why can't I contact someone directly at SpamCop? Because all the obvious easily reachable addresses are being continually attacked by spammers to the point where they are unusable. > My email system is critical to my company and we can easily loose business > because of SpamCop's action. SMTP e-mail is not a reliable communication method in spite of illusions otherwise. It can take over 4 days to get a message delivered with out any required notifications of delays or notices of non-delivery. As such it can not be used for business communications. I would recommend having a backup plan, such as a smart host on a different network, that can be reached through dialup if needed. If you have more than 1 I.P. address, it is easy to get around the temporary block, but if you do not know what caused the block, it could get blocked again. > I've already reported the error through they web site, but there's been > no response whatsoever. I'd expect at least an aknowledgement of receiving > my request. The usual turn around for non-emergency requests seems to be around 72 hours maximum. For fastest response, post your I.P. address here. The deputies do monitor these forums. But they are probably not paying much attention to this thread. A new thread with your I.P. address on the subject would be most likely to get their attention. > Additionally to your suggestion my email server does not allow: > > 1. mail-relay > 2. SMTP/AUTH > > So, what gives? With out the I.P. address who knows. If there was a statistics keeper on this forum, they might be able to tell you how many times people have claimed their servers were secure and it was proven otherwise from simple lookups on the many public databases about that I.P. address. The spamcop.net database on this use to be open to the public, but now it is restricted to paying members. A free member like me can not look up much in it. I do know where several other databases are though, and so do the others here. One of the common things seems to be an proxy server that instead of being a one-way conduit from the internal network through a firewall, it is instead providing unlimited access to that network to every criminal on the internet. While the most common cause of this is a virus, there are a large number of proxy servers that are not secure by default, and some of them are installed in web servers with out the owner's knowlege. In many cases, the remote access password was either set to something easily guessed, or never changed from the default. One item left out of the FAQ is if you have a user receiving mail on your system that is a spamcop.net member, and they do not notice that the parser is offering to report their own mail server before they confirm the spam reports. On a small volume mail server this can cause a listing. The one case that stumped us, was a bunch of UNIX systems that were relaying spam, yet scans showed no vulnerabilities, and neither did the logs. They were not vulnerable to viruses, yet the spammer clearly had control of them. It turned out that there was a security hole in the web server and the spammer was able to upload a mail relay written in perl script, run a spam run, and then delete the perl script. The spammer would run for only a little bit at a time on each server they were exploiting. The owner of the server who was convinced that this was a spamcop.net error finally found the problem because they had a packet analyzer on the network, and caught the spammer in the act. I have been monitoring this forum for years. In that time, I have only seen one case where the spammers managed to fool the spamcop.net parser into reporting the wrong source, and that issue was fixed. The self reporting of mail servers seems to occur as much as 4 times a year. The most common cause of a listing is a security problem with the mail server, or a system on it's network. The next most common cause is the server sending out auto-responses to spam and viruses. > PS: This is not my real email address. here.com belongs to: WORLD PUBLICATIONS LLC (HERE4-DOM) 460 N. Orlando Ave STE. 200 Winter Park, FL 32893 US Record expires on 10-Jun-2006. Record created on 11-Jun-1995. Database last updated on 10-Mar-2005 22:36:47 EST. Do you have permission to use it? If not, are they who you are worried about taking action against you for posting? If they choose, they can get your information from the ISP you are posting from. If you are going to post with a false address, do not use one that can be assigned, or use one of the e-mail addresses specially designated for such use. For the spamcop.net newsgroup nobody@devnull.spamcop.net is set up for this. -John wb8tyw@qsl.network Personal Opinion Only From wb8tyw at qsl.network Thu Mar 10 23:39:36 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Mar 10 23:40:10 2005 Subject: [SpamCop-List] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Mike Easter" wrote in message > > Do I need other self-rightious people to report my server's IP address as a > source of spam? Actually that is what usually happens when people do not give out the I.P. address. A spamcop.net listing is usually an early warning. If the problem was not an issue of someone reporting their own server, usually the IP address ends up on more and more blocking lists as time goes on. Many of the lists are more commonly used than spamcop.net and much harder to get off of. And many spam filters silently delete suspected spam, so the amount of places the I.P. gets listed may not be apparent for some time. And the longer the problem is left untreated, the more the cleanup. And the spamcop.net parser needs an actual spam sample to parse, you can not just report an I.P. address because you happen to feel like it. > No thank you, I've already experienced the affect of that. > You guys are a bunch of idiots who seems to think that you are doing > something useful, which you are not. As long as you withhold the I.P. address there is nothing useful that the people here can do. The goal here is to get systems off of the blocking list, and keep them off, not to get as many systems on the blocking list as possible. The only reason that you can really have for not giving the affected IP address is if you are trolling. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Fri Mar 11 01:10:23 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Mar 11 01:15:08 2005 Subject: [SpamCop-List] Re: Blocked? Read this. In-Reply-To: References: Message-ID: Me wrote: > "Sofa King Tyred of Lar Ting" wrote in message > news:d0qvjq$ha0$1@news.spamcop.net... [much angry blathering deleted] The senderbase.org site is a good place to start to make sure your IP isn't listed for other reasons. Believe it or not, people in this group do want to help. Being agressive (and calling people idiots) is not winning you points. > If spam fighting is a war, then we are loosing judging by the percentage of > spam increase on my spam filtering server at work since lart year. Spammers are crafty guys -- they have teamed up with virus-writers since about a year now and zombie armies are now used in the war. Some of your own ISP's zombied machines are probably sending close to 100,000 messages/day, and likely your ISP isn't doing anything about it. They could even be making money off the added bandwidth consumption. Vent some anger at your congress person, your ISP, telecoms software producers, etc. It's better spent there than in the SpamCop groups. > You might > of had to deal with collateral damage related to the zombie home PCs, but I > have to addresses lost businesses because SpamCop's action. Our business > relies heavily on the email systems and we most certainly would not do > anything to hurt our own business by sending out spam. We do require from > our email server to auto-reply to undeliverable emails due to the business > requiremnents. Hmm... Looks like we may be getting somewhere with the reasons for being listed! Spammers have (relatively recently) begun exploiting auto-reply to undeliverable emails (NDRs). If this is the reason you're listed, then sorry to hear you are caught up in this! At my own day job, we ran into this same problem -- the sysadmins didn't understand why they got black-listed, and griped a lot at first. They finally configured the mail server to REJECT instead of generating NDRs. > Our clients and partners do require notification should email > not reach the intended recipient. With proper SMTP server software, this is possible, without allowing spammers to exploit it. Here is a good source of information, which requires some understanding of how to configure a mail exchanger: http://www.spamcop.net/fom-serve/cache/329.html > My company can loose money, if our email > servers aren't doing this. This is RFC822 compliant and SpamCop should not > arbitrary change the RFC. I'm not sure that spamcop is alone in black-listing backscattering MXs. It's not arbitrary -- spammers exploit this! It's not a change, as far as I know, in any RFC. There is ambiguity in many text-based RFCs, and there are degrees of freedom. Just because Microsoft's implementation of an RFC is one way, and other systems do it another, doesn't mean it's a change in the RFC. >>Help fight spam by "educating" the lax, zombie-hosting ISPs: > > How? By implementing non-RFC compliant arbitrary rule and punishing people > for the previous sins of their current IP address? The worst is that in the > US anyone is considered innocent until proven guilty. The exception is > SpamCop where they pronounce you guilty and then you have jump through loops > to prove that your are not guilty. And for what? Marginal effect at best to > the Spam emails. SpamCop's action does hurt legitimate businesses and does > nothing to the spammers. The spammers can switch email servers on a dime, > but I cannot. My only options are to change the server IP address, or hope > that there will be no other self rightious people who forgot that they did > actually subscribe to your email notification. Please read the links about mis-directed bounces. I think listing non-compliant mail servers for NDRs is a reasonable thing to do, given the spam situation. Before the times when spammers were exploiting open or mis-configured mail relays/proxies, many sysadmins were unaware of the potential problem. You could argue that leaving a relay open was RFC-compliant, right? Nobody imagined the problem at the time the RFC was written. Today, nobody comes onto spamcop to complain about being listed because their MX is an open relay (at least that I've ever seen). If your mail server is capable of REJECTING during SMTP connection any mis-addressed messages, legitimately mis-addressed email will cause the sender to be informed (by his connecting client or mail server, and not yours). On the other hand, vacation auto-replies are likely to cause everyone problems -- this is a hard pill to swallow. If your mail server has a good spam-blocking strategy, then you can hope that such replies won't go to spam traps -- but I think you run the risk of winding up on a block-list again. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From tdy at blackhole.invalid Thu Mar 10 22:29:01 2005 From: tdy at blackhole.invalid (N. Miller) Date: Fri Mar 11 01:30:04 2005 Subject: [SpamCop-List] Re: 419: Briefly from the Vancouver Sun, March 10 References: Message-ID: In article , eddie says... > On Thu, 10 Mar 2005 16:28:45 -0800, Yours Truly scratched out the > following: > > Employee lost $4.6 million to Nigerian scam, company says. > In the year 2005, anyone who loses money to the Nigerian scam probably > didn't deserve to have it anyway :) Except that I wonder if the employee "defrauded" the employer, or just embezzled the funds. Anybody who is paid to handle other people's money, and abuses that trust, deserves criminal punishment. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From tdy at blackhole.invalid Thu Mar 10 22:36:11 2005 From: tdy at blackhole.invalid (N. Miller) Date: Fri Mar 11 01:40:04 2005 Subject: [SpamCop-List] Re: Protected Internal Link References: <4230F834.6B0D622@Spamcop.net> Message-ID: In article <4230F834.6B0D622@Spamcop.net>, Nobody says... > Please see SpamCop report (with link to original spam) posted over in > Spamcop.spam. > http://www.spamcop.net/sc?id=z740827621z57579dd66962de11dc8fa4c9b7faf3f2z > Looking for help with protected internal link: SpamCop cannot parse, > Whois cannot find site. Probably a delayed activation of DNS for the site? If you are speaking of "www.blazinwebtraffic.com" in the tracker, Sam Spade found the hosting site, and the domain registration. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint From nobody at devnull.spamcop.net Fri Mar 11 01:34:12 2005 From: nobody at devnull.spamcop.net (Sofa King Tyred of Lar Ting) Date: Fri Mar 11 01:40:16 2005 Subject: [SpamCop-List] phish report network (PRN) Message-ID: Caught an e-Bay phish today. Figured there must be someone besides spamcop interested in it, similar to enforcement@sec.gov for pump-and-dump. Googling leads me to this gem: http://www.phishreport.net/contact.html CONSUMERS REPORTING PHISHING SITES: If you would like to report a phishing attack, please send the URL of the phish site(s) to phishsubmit@wholesecurity.com, along with the name of the company that is being attacked for each URL. We will attempt to route your message to representatives of that company as soon as possible. The URL in question will be treated as a phish URL when the company is a Phish Report Network Sender and confirms the URL is a phish site. The last sentence is a kicker -- i.e., if the phish attackee is not a paying member of the PRN, then all they do is possibly redirect the email. -- Help fight spam by "educating" the lax, zombie-hosting ISPs: http://pages.infinit.net/filmore/educateYourISP.htm From steinherr at ferien.li Fri Mar 11 10:13:26 2005 From: steinherr at ferien.li (Martin Steinherr) Date: Fri Mar 11 04:15:04 2005 Subject: [SpamCop-List] why is my ip listed?!? Message-ID: why?!? http://mailsc.spamcop.net/w3m?action=checkblock&ip=213.198.55.73 tells me, that my (shared) mailserver is listed. The second time within the last 5 days. damned, but okay. When I klick on TRACE IP http://mailsc.spamcop.net/sc?track=213.198.55.73 I can find a link called [report history] http://mailsc.spamcop.net/mcgi?action=showhistory;slice=issueid;val=23723526 On this page the latest spams should be listed (why the ip-adress is listed...) BUT: the "newest" is dated Submitted: 11.01.2005 15:24:08 +0100: SO: WHY IS MY IP listed?!? From porpoise1954 at yahoo.co.uk Fri Mar 11 09:22:03 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 11 04:25:18 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Me" wrote in message news:d0r64b$l5t$1@news.spamcop.net... > > "Mike Easter" wrote in message > news:d0r4qf$k2r$1@news.spamcop.net... > >> You're hesitant to give an IP address? Here, let me break some ice for >> you/us. > > Ooh, you are so smart!! You didn't think that I am aware this, did you? > Looks more and more like a troll with each post Mike......... Maybe we should just ignore him?? From porpoise1954 at yahoo.co.uk Fri Mar 11 09:25:20 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 11 04:30:07 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "Mike Easter" wrote in message news:d0r5lq$kjo$1@news.spamcop.net... > Me wrote: > > <60 lines of palaver without naming the IP yet> > > I think it's time to stop reading this thread. > Like I just commented in another part of the thread Mike - it looks more and more like a troll with each post. If he really wanted to solve a real problem, he'd be more forthcoming with the information necessary to start looking at the "actual" problem......... From nobody at nowhere.invalid Fri Mar 11 11:24:22 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 05:25:10 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: On Thu, 10 Mar 2005 23:15:38 -0500, Me coughed into spamcop and left this in : > Do I need other self-rightious people to report my server's IP address > as a source of spam? No thank you, I've already experienced the affect > of that. You guys are a bunch of idiots who seems to think that you > are doing something useful, which you are not. What a tactful way to ask for help in resolving an issue! *PLONK* -- Steve Don't be irreplaceable. If you can't be replaced, you can't be promoted. From nobody at nowhere.invalid Fri Mar 11 11:29:27 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 05:30:04 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: Message-ID: On Fri, 11 Mar 2005 10:13:26 +0100, Martin Steinherr coughed into spamcop and left this in : > BUT: the "newest" is dated Submitted: 11.01.2005 15:24:08 +0100: > > SO: WHY IS MY IP listed?!? Perhaps because it's been hitting spam traps? Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) * It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it. That FAQ is http://www.spamcop.net/fom-serve/cache/329.html -- Steve Exposing M$ sExchange directly to the Internet is a lot like painting a bulls-eye on your backside and bending over, naked, in a Greenwich Village steam room (except M$ is not nearly as safe). -- Morely 'spam is theft' Dotes in NANAE, 08-JUL-2003. From nobody at spamcop.net Fri Mar 11 11:50:17 2005 From: nobody at spamcop.net (Martin Steinherr) Date: Fri Mar 11 05:55:13 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: Message-ID: <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com> On Fri, 11 Mar 2005 11:29:27 +0100, Steven Maesslein wrote: >On Fri, 11 Mar 2005 10:13:26 +0100, Martin Steinherr coughed into >spamcop and left this in : > >> BUT: the "newest" is dated Submitted: 11.01.2005 15:24:08 +0100: >> >> SO: WHY IS MY IP listed?!? > ... >That FAQ is http://www.spamcop.net/fom-serve/cache/329.html Oh THANK YOU!!! why didn't you write RTFM?!? Of course I know that, FAQ. I wanted to know why there is a report with just some old messages... -- bye by ma Email: martin @ steinherr.de From DougThegarden at hotmail.com Fri Mar 11 11:02:58 2005 From: DougThegarden at hotmail.com (Doug Thegarden) Date: Fri Mar 11 06:05:04 2005 Subject: [SpamCop-List] Re: 419: Briefly from the Vancouver Sun, March 10 In-Reply-To: References: Message-ID: Yours Truly wrote: > Employee lost $4.6 million to Nigerian scam, company says. > > Richmond-based Acrohelipro Global Services was defrauded of $4.6 million > by an employee who claims to have lost the money in a Nigerian mail > scam, Acrohelipro's parent company, Vector Aerospace alleges. > Not as bad as the employee of the Brazilian bank Banco Noroeste who cleaned their coffers of $242m responding to a 419 scam. Banco Noroeste went bust as a result of the scam. Doug From porpoise1954 at yahoo.co.uk Fri Mar 11 11:07:44 2005 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Mar 11 06:10:05 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com> Message-ID: "Martin Steinherr" wrote in message news:9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com... > On Fri, 11 Mar 2005 11:29:27 +0100, Steven Maesslein > wrote: > >>On Fri, 11 Mar 2005 10:13:26 +0100, Martin Steinherr coughed into >>spamcop and left this in : >> >>> BUT: the "newest" is dated Submitted: 11.01.2005 15:24:08 +0100: >>> >>> SO: WHY IS MY IP listed?!? >> > ... >>That FAQ is http://www.spamcop.net/fom-serve/cache/329.html > > > Oh THANK YOU!!! why didn't you write RTFM?!? > > Of course I know that, FAQ. > I wanted to know why there is a report with just some old messages... > I don't know what you mean by "a report with just some old messages" but as the information that Stephen gave you was basically that the IP has been spewing misdirected bounces which have, as a result, been hitting spamtraps, he directed you to the relevant FAQ in order that you could "fix" the problem before it starts hitting some of the other lists (which are not as dynamic as the early-warning system of Spamcop and are much harder to get de-listed from). From nobody at nowhere.invalid Fri Mar 11 12:19:28 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 06:20:30 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com> Message-ID: On Fri, 11 Mar 2005 11:50:17 +0100, Martin Steinherr coughed into spamcop and left this in <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com>: > Of course I know that, FAQ. > I wanted to know why there is a report with just some old messages... Hey, Slick, did you read what I posted or are you coming here just to troll? I quoted material saying that your IP address has been hitting spam traps and that such material IS NOT DIVULGED. As in, you DON'T GET TO SEE IT. Nor do I. Nor does anyone here except SpamCop deputies, and they're not going to give you more information. Now go away and secure your server so that it no longer sends bounces to spam traps. -- Steve It takes only one drink to get me drunk. The trouble is, I can't remember if it's the thirteenth or the fourteenth. -- George Burns From nobody at spamcop.net Fri Mar 11 08:30:21 2005 From: nobody at spamcop.net (Claudio Valderrama C.) Date: Fri Mar 11 06:35:02 2005 Subject: [SpamCop-List] Why isn't hotmail included? Message-ID: Hello. Posted in sc.spam with subject UK NATIONAL LOTTREY NOTIFICATION Reference is http://www.spamcop.net/sc?id=z740961893z1de9793da73c485a8ed9130cdf3a3d70z While parsing, it discovered abuse at hotmail.com and i.oyeleke at moneynett.com However, when sending the reports, the hotmail address wasn't included. Maybe it's obvious, but can anyone tell me which rule is SC using here to exclude hotmail's abuse account? Thanks. C. -- Claudio Valderrama C. www.cvalde.net - www.firebirdSql.org From nobody at spamcop.net Fri Mar 11 13:46:26 2005 From: nobody at spamcop.net (Martin Steinherr) Date: Fri Mar 11 07:50:15 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com> Message-ID: On Fri, 11 Mar 2005 12:19:28 +0100, Steven Maesslein wrote: >On Fri, 11 Mar 2005 11:50:17 +0100, Martin Steinherr coughed into >spamcop and left this in <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com>: > >> Of course I know that, FAQ. >> I wanted to know why there is a report with just some old messages... > >Hey, Slick, did you read what I posted or are you coming here just to >troll? yess, I read it. But I think I misunderstood - or understood not enough. > >I quoted material saying that your IP address has been hitting spam >traps Okay. >and that such material IS NOT DIVULGED. As in, you DON'T GET TO >SEE IT. Nor do I. Nor does anyone here except SpamCop deputies, and >they're not going to give you more information. THAT'S WHAT I DIDN'T KNOW And now I understand. > >Now go away and secure your server so that it no longer sends bounces to >spam traps. That is the problem: it's a share server - but I gave the information to my provider. Sorry for my mail, I didn't want to troll! (But I am angry because the server is listed the second time within 5 days. And that is not good for me and my clients. -- bye by ma Email: martin @ steinherr.de From nobody at devnull.spamcop.net Fri Mar 11 07:52:21 2005 From: nobody at devnull.spamcop.net (Miss Betsy) Date: Fri Mar 11 07:50:28 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: > So, what is that got to do with my issue with SpamCop, or even with my > actual Optonline IP? Just for your knowledge most, if not all cable service > provider issues DHCP IPs for their subscribers. Should I shut down my cable > modem, then the next time I'll have a different IP address. That IP might > already be on the SpamCop BL despite the fact, that I have nothing to do > with the previous history of the IP address currently assigned to me. That's > not fair and this where SpamCop is dead wrong for listing cable providers' > dynamically assigned IP addresses. They are not blocking spemmers IPs all > the time, they BL also blocks legitimate email traffic. Life isn't fair. There are all kinds of hoops that we go through every day because a few people are crooks or incredibly inconsiderate of others or incredibly stupid or incredibly selfish. We pay more at the checkout because of shoplifters, etc., etc. I have never in my life written a check for more than I had in the bank, yet I have to show photo ID. and there are lots more. > If spam fighting is a war, then we are loosing judging by the percentage of > spam increase on my spam filtering server at work since lart year. You might > of had to deal with collateral damage related to the zombie home PCs, but I > have to addresses lost businesses because SpamCop's action. Our business > relies heavily on the email systems and we most certainly would not do > anything to hurt our own business by sending out spam. We do require from > our email server to auto-reply to undeliverable emails due to the business > requiremnents. Our clients and partners do require notification should email > not reach the intended recipient. My company can loose money, if our email > servers aren't doing this. This is RFC822 compliant and SpamCop should not > arbitrary change the RFC. It is very simple to reject email at the server level instead of after acceptance and accomplish your goal of not losing any email. You can also filter through to weed out the legitimate ones and dev null the rest. This is a case of who is being inconvenienced more - your company or the thousands of people who are inconvenienced by receiving your back scatter. The worst is that in the > US anyone is considered innocent until proven guilty. The exception is > SpamCop where they pronounce you guilty and then you have jump through loops > to prove that your are not guilty. Ignorance of the law is no excuse. And for what? Marginal effect at best to > the Spam emails. SpamCop's action does hurt legitimate businesses and does > nothing to the spammers. The spammers can switch email servers on a dime, > but I cannot. My only options are to change the server IP address, or hope > that there will be no other self rightious people who forgot that they did > actually subscribe to your email notification. I doubt that it will be a marginal effect to the spammers. That's what people said when open proxies were first reported - I am innocent; don't pick on me. Miss Betsy From me at email.net Fri Mar 11 06:50:09 2005 From: me at email.net (LS) Date: Fri Mar 11 07:55:06 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: Read themessage before it. I've encluded it again. "LS" wrote in message news:d09lmb$qak$1@news.spamcop.net... >I was using OE to forward as attachment. I tried Outlook 2003 with >olspamcop and it always came back with no headers found. I tried their >tech support for a couple months and never got anywhere. > > If it's working for you, there must be a setting I'm missing somewhere. > > LS > > "Patto" wrote in message > news:d0946i$c93$1@news.spamcop.net... >> LS wrote: >>> I currently report Spam to Spamcop using Outlook Express 6 for my >>> Mediacom email and my hotmail email. It works perfectly. >>> >>> When I load the messages I get from my personal Exchange 2003 server I >>> get a email back saying no headers found. I'm using the same method >>> with OE to send it. It has to be something my server is doing to mess >>> up the headers. >>> >>> None of the faq's or newsgroups on spamcop.net help with the server. I >>> am using ORFilter on the server. Does it do something to the headers? >>> Is there a setting on the server to leave the headers alone? >>> >>> Any ideas? I sent money to Spamcop and would like to use it. :) hehe I >>> am with the others, just not the most important one, my personal server. >>> >>> Thanks in advance! >>> >>> LS >> >> As Frank explained in his post, Exchange Server messes with the headers. >> >> You write that you use Outlook Express with the Exchange Server? Does >> that work at all? >> >> I use the Outlook 2003 client with Exchange Server. On that I have a >> little plug-in called OLSpamCop (http://olspamcop.org/) that can "fix" >> the headers for SpamCop, and forward the corrected messages to SC. > > "Steven Maesslein" wrote in message news:slrnd30ln1.21g.nobody@127.0.0.1... > On Thu, 10 Mar 2005 06:54:04 -0600, LS coughed into spamcop and left > this in : > >> Any ideas? > > clue what you're on about. > There was no context above your question so I don't have the faintest > > About what? > > -- > Steve > > "Here, Outlook Express, run this program!" "Okay, stranger." From nobody at nowhere.invalid Fri Mar 11 14:00:24 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 08:05:06 2005 Subject: [SpamCop-List] Re: why is my ip listed?!? References: <9jt231h7a7gmei0clib36kqgesj4c0vaad@4ax.com> Message-ID: On Fri, 11 Mar 2005 13:46:26 +0100, Martin Steinherr coughed into spamcop and left this in : >>and that such material IS NOT DIVULGED. As in, you DON'T GET TO >>SEE IT. Nor do I. Nor does anyone here except SpamCop deputies, and >>they're not going to give you more information. > > THAT'S WHAT I DIDN'T KNOW And yet, I quote my last posting but one in this thread: Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) What parts of "spam traps are secret, no reports or evidence are provided by SpamCop" did you miss? -- Steve In the 60's people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal. From nobody at nowhere.invalid Fri Mar 11 14:02:10 2005 From: nobody at nowhere.invalid (Steven Maesslein) Date: Fri Mar 11 08:05:18 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: On Fri, 11 Mar 2005 06:50:09 -0600, LS coughed into spamcop and left this in : > Read themessage before it. Before what? If you don't provide some kind of context before what you're saying, people aren't going to know what the hell you're on about. Hint: stop top-posting and start using trimmed, inline posting like anyone with a brain. -- Steve Mary had a little lamb which walked into a pylon Ten thousand volts went up its @$$ and turned its fleece to nylon From nobody at xyzzy.claranet.de Fri Mar 11 14:17:05 2005 From: nobody at xyzzy.claranet.de (Frank Ellermann) Date: Fri Mar 11 08:30:06 2005 Subject: [SpamCop-List] Re: Why isn't hotmail included? References: Message-ID: <42319A51.54B4@xyzzy.claranet.de> Claudio Valderrama C. wrote: > Maybe it's obvious, but can anyone tell me which rule is SC > using here to exclude hotmail's abuse account? Do you have "show technical details" in your cookie ? You can get this cookie with any manual report using the Web form. When I look at your tracker I see the following: | Trusted site hotmail.com received mail from 213.181.83.82 | | Sender relay: 65.54.233.110 If you think that this is an open relay you could submit for a test at Bye, Frank From MikeE at ster.invalid Fri Mar 11 05:27:50 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 11 08:30:31 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: LS wrote: > I currently report Spam to Spamcop using Outlook Express 6 for my > Mediacom email and my hotmail email. It works perfectly. Correct > When I load the messages I get from my personal Exchange 2003 server > I get a email back saying no headers found. I'm using the same > method with OE to send it. You can't do that. > It has to be something my server is doing > to mess up the headers. Correct. > None of the faq's or newsgroups on spamcop.net help with the server. Incorrect. This^1 is the instruction for submitting into the /webparser/ from Exchange. ^1 http://www.spamcop.net/fom-serve/cache/279.html To get the complete headers and message source using Microsoft Exchange for pasting in the SpamCop parsing box: -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Mar 11 05:32:06 2005 From: MikeE at ster.invalid (Mike Easter) Date: Fri Mar 11 08:35:05 2005 Subject: [SpamCop-List] Re: No headers with Exchange Server account References: Message-ID: LS wrote: > Read themessage before it. > I've encluded it again. TOFU ie 'top posting' in the email style of 'text over, full message under' which is required and desirable for some corporate email exchanges doesn't work at all for conversational, back and forth, egalitarian, newsgroup dialogs here which need to be trimmed and contextualized. Here's some useful information from a ng for newusers, including a link to more information at the n.n.q faq site. Newsgroups: news.newusers.questions Subject: [TIP] How to format responses to postings When you post a response to another posting, you should normally "quote" (include) some of the text from that posting, to give readers some context for your own words. Most newsreading software can automatically quote the entire text of that posting for you, prefixing each line with a ">" symbol to indicate that it is quoted material. To save network resources, server disk space and readers' time, you should use this complete quoted copy only as a starting point, as follows: 1. You should delete material that is not directly relevant to your own response. Keep only enough to establish some context for your words. Often a sentence or two will be all you need. You do not need to quote people's "signatures;" see point 4 below. 2. You should place your own comments *after* the words that you are responding to, so that others can easily read things in sequence. 3. If you are responding to several points in the original posting, so that you have to quote a fair amount of it, intersperse your comments in point/counterpoint style. 4. Make sure you attribute quoted comments correctly, especially when there are "nested quotes." Most newsreading software puts something like "Joe Blow wrote:" at the beginning of quoted material; don't delete it. For a more detailed discussion of the rationale behind these "rules," and responses to some common objections, see http://members.fortunecity.com/nnqweb/nquote.html -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Mar 11 09:19:41 2005 From: nobody at spamcop.net (Anti-Spam) Date: Fri Mar 11 09:20:03 2005 Subject: [SpamCop-List] Re: phish report network (PRN) References: Message-ID: "Sofa King Tyred of Lar Ting" wrote in message news:d0re8u$q3f$1@news.spamcop.net... > Caught an e-Bay phish today. Figured there must be someone besides > spamcop interested in it, similar to enforcement@sec.gov for > pump-and-dump. Googling leads me to this gem: > > http://www.phishreport.net/contact.html > I wonder whether they share data with http://www.antiphishing.org/ particularly since antiphishing.org lists MS, Visa and WholeSecurity as sponsors. (According to the phishreport.net web site, these are three of the four founding members.) -- Bring in the death penalty for repeat spammers. Non-functional spambait addr: ford@cmjmnid.com (generated by Webpoison) From PossumTrot at dont.spam.me Fri Mar 11 07:42:17 2005 From: PossumTrot at dont.spam.me (Possum Trot) Date: Fri Mar 11 10:50:19 2005 Subject: [SpamCop-List] Re: 419: Briefly from the Vancouver Sun, March 10 References: Message-ID: "eddie" wrote in message news:pan.2005.03.11.02.02.49.893000@eddie.web... > On Thu, 10 Mar 2005 16:28:45 -0800, Yours Truly scratched out the > following: > >> Employee lost $4.6 million to Nigerian scam, company says. > > > In the year 2005, anyone who loses money to the Nigerian scam probably > didn't deserve to have it anyway :) In the year 2005, anyone who loses money to the Nigerian scam doesn't deserve to remain in the gene pool! From wb8tyw at qsl.network Fri Mar 11 11:14:42 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Mar 11 12:15:32 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: In article , "Miss Betsy" writes: > An unkown poster with an admitted forged address wrote: > >> So, what is that got to do with my issue with SpamCop, or even >> with my actual Optonline IP? Possibly nothing at all since the affected IP was not given. >> Just for your knowledge most, if not all cable service provider >> issues DHCP IPs for their subscribers. Should I shut down my cable >> modem, then the next time I'll have a different IP address. That >> IP might already be on the SpamCop BL despite the fact, that I have >> nothing to do with the previous history of the IP address currently >> assigned to me. Spamcop.net listings expire at most 48 hours after the last received timestamp of spam from that I.P. address. If your brand new DHCP address was already listed with spamcop.net, or any DHCP addresses on your subnet are listed with spamcop.net, it likely means that there is a computer on your cable modem leg that is compromised and controlled by a zombie. Since the spammmers will be periodically pushing as much spam through it as your ISP's network capacity can handle, the compromised computer is likely causing noticable slowdowns if not complete outages for you and your neighbors. I did an experiment last year on a forum where people were complaining about outages and severe slow downs on their cable modems. In every case a search using google revealed the IP address of one or more compromized system in their area, and since the people that post such evidence publically also ususally send notifications to the abuse or postmaster addresses, the ISP should have been aware of what it took to fix the problem for days before they started issuing refunds or credits to the affected users. The problem was is that the ISP was giving the owners of the infected machines 5 business days to fix their machine before cutting them off, with out realizing all the damage and costs those infected machines were causing them. >> That's >> not fair and this where SpamCop is dead wrong for listing cable >> providers' dynamically assigned IP addresses. They are not blocking >> spemmers IPs all the time, they BL also blocks legitimate email traffic. Almost all mail server operators now use blocking lists that list DHCP addresses. A spamcop.net listing of a DHCP address would probably not be noticed as the DHCP blocking lists are in far more common use than spamcop.net. > > >> If spam fighting is a war, then we are loosing judging by the >> percentage of spam increase on my spam filtering server at work >> since lart year. It is only the people whose mail server operators do not know how to keep spam out that are losing the battle. >> You might of had to deal with collateral damage related to the zombie home >> PCs, but I have to addresses lost businesses because SpamCop's action. >> Our business relies heavily on the email systems and we most certainly would >> not do anything to hurt our own business by sending out spam. There are so many ways that e-mail systems can fail. All you have done is pointed out that you do not have a backup system should a problem occur with your primary ISP. >> We do require from our email server to auto-reply to undeliverable >> emails due to the business requiremnents. Our clients and partners do >> require notification should email not reach the intended recipient. The SMTP protocol does not guarantee notifications will be made of delivery success or failure. If you mail server does not respond or issues an SMTP reject for undeliverable e-mail, then if the sender's mail server is set up correctly they will get notified by their mail server that it could not deliver the message. Your auto-replies to spam or viruses are effectively a denial of service attack on the owners of domains that the spammers are forging. >> My company can loose money, if our email servers aren't doing this. >> This is RFC822 compliant and SpamCop should not arbitrary change the RFC. > > It is very simple to reject email at the server level instead of > after acceptance and accomplish your goal of not losing any email. > You can also filter through to weed out the legitimate ones and dev > null the rest. This is a case of who is being inconvenienced > more - your company or the thousands of people who are > inconvenienced by receiving your back scatter. The RFCs may permit such bouncing, but that method is no longer acceptable to much of the internet. Even the very conservative spamhaus.org is now starting to list mail servers that are so abusive when they do not stop it after receiving complaints. And the spamhaus.org service is far more widely used than spamcop.net. I know of at least two large U.S. ISPs that will quicly put a local block on your IP address if any of their users complain about backscatter from it. It seems to take a lot more hoops to get off of those ISP's local blocking lists than spamcop.net and it seems that it is extremely easy to get on them, and no way to tell until your e-mail is rejected that you are even on their local list. The RFCs are guidelines. The bounce part of the protocol was when most e-mail when through one or more unknown third-party relays before it reached the destination mail server. The end system would issue a reject, and the intermediate relays systems would generate the bounce message. As the internet facing mail server of a company is the destination, and not an independent third party relay, it should be able to check if the e-mail is deliverable or not before accepting it, and issue the SMTP rejection. Even independent third party relays are now probing the destination server for delivery before they accept a mail for relay, and will reject it if they can not get an assurance that the destination will accept the mail. > >> The worst is that in the US anyone is considered innocent until proven >> guilty. The exception is SpamCop where they pronounce you guilty and >> then you have jump through loops to prove that your are not guilty. While your operation may pay a fixed rate for your e-mail systems, for large operations, they have to pay a metered rate. Accepting your backscatter to forged addresses greatly increase the costs of operating a mail server that is on a metered rate connection. The faster that a source of spam, virus or backscatter can be identified, the less money is needlessly spent on bandwidth. Why should my mail server operators pay two to three times as much per month so that your mail server can auto reply to forged addresses instead of using SMTP rejections? > Ignorance of the law is no excuse. > >> And for what? Marginal effect at best to >> the Spam emails. SpamCop's action does hurt legitimate businesses and does >> nothing to the spammers. Spamcop.net makes them switch more often, and network operators with a clue use the spamcop.net reports to quickly remove zombies from their networks because they know that every second that the zombie is on their network it is needlessly costing them operating cash. >> The spammers can switch email servers on a dime, but I cannot. My only >> options are to change the server IP address, or hope that there will be >> no other self rightious people who forgot that they did actually subscribe >> to your email notification. A now you are claiming something else entirely. The story is morphing. If someone has made a false report, spamcop.net takes action against them and will remove the block if present. It does happen from time to time, usually such reports are not enough to cause a listing, unless the mailing list is small. You are the one being self rightious as you want the receiver to pay for the added costs of dealing with spam or abusively configured mail servers. There are people and companies that have lost the use of their e-mail addresses because of the volume of abusive bounces was so high that either their individual mail quota was used up, or either their bandwidth or mail server was not up to the capacity. It is particularly a problem for some domains that people think do not exist, so use them for posting to avoid spam themselves. The best known example of that is TEST.COM, they made the national news about the bounces from abusive mails servers effectively wiped out their mail server. HERE.COM does not seem to have an I.P. address allocated assigned to it at the moment, but google shows over 100,000 hits the e-mail address you used for posting, which means that if the owner of that domain actually were to try to use it for e-mail, the backscatter from the viruses and spam would likely overload their connection or server. Is that fair to the legitimate owner of a domain? A domain that otherwise would have great marketing value? -Jonn wb8tyw@qsl.network Personal Opinion Only From feldethom2165 at email2me.net Fri Mar 11 08:15:13 2005 From: feldethom2165 at email2me.net (Fred k) Date: Fri Mar 11 12:15:50 2005 Subject: [SpamCop-List] To Bounce or Not Message-ID: There seems to be two lines of thought about bounces. This is what I got from my ISP when I complained about a bounce I received because of an undeliverable spam with my from address. This seems to be in conflict with the policy expoused in FAQ http://www.spamcop.net/fom-serve/cache/329.html. Am I mixing apples and orages here? Fred k "Thanks for your question about our mail system. It is rare to find a customer who takes the time to understand how email works. In answer to your question about our accept-all policy, please allow me to explain. We accept all messages because spammers have learned how to harvest email addresses from mail servers by looking for the reject code that you are speaking about. This is sometimes referred to as a harvest attack (or DHA) against the mail server. The spammer tries many possible email addresses and then keeps the ones that the server responds to as being valid. As a large ISP we are the target of a number of these attacks at any given time, so we changed to the accept-all policy which reduces the effectiveness of these attacks and prevents our customers email addresses from being exposed to spammers. This policy doesn't impact valid email, just delays the response to the sender about the status of their email. If you are curious I found an interesting article on DHAs on the internet. It can be found at http://www.gwsae.org/executiveupdate/2004/December/spam.htm" From dkona7b02 at sneakemail.com Fri Mar 11 12:37:25 2005 From: dkona7b02 at sneakemail.com (Spam Hater) Date: Fri Mar 11 12:37:38 2005 Subject: [SpamCop-List] Re: To Bounce or Not In-Reply-To: Message-ID: <3.0.5.32.20050311123725.0133ce70@loki.fstrf.org> Wow, you should turn that around and tell them it is rare to find an ISP who takes the time to understand how email works! :) Ok, so basically, they are protecting their customer addresses at the expense of all the innocent users on the other end of their bounces... :( I can understand their motives, but the outcome is still unacceptable. If they can't reject the mail outright, then they should just dump it to /dev/null and be done with it! Accepting it all and then bouncing it back to bogus from addresses is just plain lunacy! Aside from the collateral damage, they are effectively doubling their bandwidth needs because first they have to read in the entire SPAM and then process it and forward it out again! There are other tools and techniques that they can utilize to block the DHA attacks! They can simply watch how many rejects go to a single source in a limited period of time and drop the connection once a threshold limit is reached! If the SPAMmers are doing a dictionary attack, they will get many rejects before they hit a live address. Odds are good they would be disconnected before they even hit one! So, kudos to your ISP for caring, but low marks for their solution to the problem! At 08:15 AM 3/11/2005 -0900, Fred k typed: >There seems to be two lines of thought about bounces. This is what I got >from my ISP when I complained about a bounce I received because of an >undeliverable spam with my from address. This seems to be in conflict with >the policy expoused in FAQ http://www.spamcop.net/fom-serve/cache/329.html. >Am I mixing apples and orages here? > >Fred k > > >"Thanks for your question about our mail system. It is rare to find a >customer who takes the time to understand how email works. In answer to >your question about our accept-all policy, please allow me to explain. We >accept all messages because spammers have learned how to harvest email >addresses from mail servers by looking for the reject code that you are >speaking about. This is sometimes referred to as a harvest attack (or DHA) >against the mail server. The spammer tries many possible email addresses >and then keeps the ones that the server responds to as being valid. As a >large ISP we are the target of a number of these attacks at any given time, >so we changed to the accept-all policy which reduces the effectiveness of >these attacks and prevents our customers email addresses from being exposed >to spammers. This policy doesn't impact valid email, just delays the >response to the sender about the status of their email. > >If you are curious I found an interesting article on DHAs on the internet. >It can be found at >http://www.gwsae.org/executiveupdate/2004/December/spam.htm" From wb8tyw at qsl.network Fri Mar 11 12:25:33 2005 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Mar 11 13:30:10 2005 Subject: [SpamCop-List] Re: To Bounce or Not References: Message-ID: In article , "Fred k" writes: > There seems to be two lines of thought about bounces. This is what I got > from my ISP when I complained about a bounce I received because of an > undeliverable spam with my from address. This seems to be in conflict with > the policy expoused in FAQ http://www.spamcop.net/fom-serve/cache/329.html. > Am I mixing apples and orages here? > > Fred k > "Thanks for your question about our mail system. It is rare to find a > customer who takes the time to understand how email works. In answer to > your question about our accept-all policy, please allow me to explain. We > accept all messages because spammers have learned how to harvest email > addresses from mail servers by looking for the reject code that you are > speaking about. This is mainly a problem if the mail server is accepting connections from known compromised computers and known DHCP pools, which only serves to increase the operating costs of it. As over 85% of the spam sources are reliably identified from conservative DNSbls, that means that these sources should be useless for harvest attack. If a source IP is generating a lot of SMTP rejects, then you can probably a good idea to block the /25 surrounding it. Chances are that no one will ever ask for any of that block to be removed. > This is sometimes referred to as a harvest attack (or DHA) > against the mail server. The spammer tries many possible email addresses > and then keeps the ones that the server responds to as being valid. According to mail server operators posts here and on news.admin.net-abuse.email, there is little evidence that spammers remove invalid addresses from their lists. The evidence is that they spam to every address in the dictionary and do not pay any attention to the rejects. It is far more likely that they are using hits on the spamvertised web site to verify that they are getting through the spam defenses. > As a > large ISP we are the target of a number of these attacks at any given time, > so we changed to the accept-all policy which reduces the effectiveness of > these attacks and prevents our customers email addresses from being exposed > to spammers. This policy doesn't impact valid email, just delays the > response to the sender about the status of their email. No, all it really does is allowing their mail server to be used in a denial of service attack against the forged addresses used by spam and viruses. The spammers know which addresses are valid and reading the spam by seeing the hits on their web server from I.P. addresses on your network. As long as they are seeing the hits, they know they are getting through. If they want to stop the spammers from harvesting e-mail addresses, then they should block at the border routers the I.P. addresses of everything in the sbl.spamhaus.org. Chances are if that is done, the only thing that their paying users will see is that the pictures in some of the spam will no longer display. Even the conservative spamhaus.org is now listing mail servers that are accepting and bouncing everything. If the ISP does not change it policy, it is likely to find the rest of the internet refusing e-mail from it in self defense. Especially when the next new virus outbreak hits. > If you are curious I found an interesting article on DHAs on the internet. > It can be found at > http://www.gwsae.org/executiveupdate/2004/December/spam.htm" This is just a sales pitch for the writer to sell consulting services for expensive anit-spam solutions to people who do not realize what can be done for free or nearly free. It is not even close to an accurate or useful discussion of preventing spam or preventing address harvesting. It totally ignores the use of DNSbls or other proven methods of blocking spam. If your ISP is really falling for this sales pitch, then they really need to hire someone competent to run their mail server and probably their network, and not hire anyone that advocates letting known spam sources into any mail server, if even the network it self. Instead of outsourcing their spam filter, they should just outsource the entire mail operation. I see the most complaints about outages, spam leakage and lost e-mail on servers that try to filter spam after the SMTP dialog is over. I see far more complaints about lost e-mail on these systems than on ones where even an aggressive blocking list like spamcop.net is used. It appears that most of these commercial "filtering" solutions are intended only to be placebos to convince the users that they care about stopping spam. The bottom line is that AOL.COM is one of the largest ISPs and they used to accept and then bounce. Reports here by other posters is that AOL.COM has acknowledged on the SPAM-L mailing list that this practice is extremely bad and that AOL was back then converting their systems to only use SMTP rejects. If an ISP as large as AOL can be convinced that it is a bad thing to accept and bounce, it indicates that at least some other network or networks were able to convince them. Is your ISP as large as AOL? -John wb8tyw@qsl.network Personal Opinion Only From mswift at computerassistance.com Fri Mar 11 11:43:07 2005 From: mswift at computerassistance.com (mjj) Date: Fri Mar 11 14:45:11 2005 Subject: [SpamCop-List] Re: Blocked? Read this. References: Message-ID: "John E. Malmberg" wrote in message news:NbFjNJWAXGhq@eisner.encompasserve.org... > In article , > "Miss Betsy" writes: >> An unkown poster with an admitted forged address wrote: >> >>> So, what is that got to do with my issue with SpamCop, or even >>> with my actual Optonline IP? > > Possibly nothing at all since the affected IP was not given. > > >>> Just for your knowledge most, if not all cable service provider >>> issues DHCP IPs for their subscribers. Should I shut down my cable >>> modem, then the next time I'll have a different IP address. That >>> IP might already be on the SpamCop BL d