From not at home.today Sat Apr 1 03:08:31 2006 From: not at home.today (Ant) Date: Fri Mar 31 21:10:04 2006 Subject: [SpamCop-List] Re: Another '419' scam ... References: Message-ID: "Jeff G." wrote: > A few other OT tidbits: > > "She didn't want to." "Jamaica?" I think it goes: "My wife went to the West Indies". "Jamaica"? "No, she went of her own accord". From jeffg at spamcop.net Sat Apr 1 01:52:15 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Apr 1 02:00:15 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: <442C05AD.E052F418@spamcop.net> <3rl6crp3928o@eisner.encompasserve.org> <442D5EA0.5AC937A0@spamcop.net> Message-ID: Kenneth Brody wrote: > Larry Kilgallen wrote: >> In article <442C05AD.E052F418@spamcop.net>, Kenneth Brody >> writes: >>> However, as I understand it, you can contact "deputies _at_ spamcop >>> _dot_ net" with specifics about the server that is listed (the most >>> important piece of information is its IP address). They can check >>> into it and give you general information about what hit the >>> spamtrap. (For example, "it looks like you are sending your >>> newsletter to the spamtrap address", or "it looks like you are >>> generating backscatter by bouncing rather than rejecting e-mail", >>> or "someone sent genuine spam from your server", and so on.) >> I don't like the word "genuine" in that context. Backscatter is >> still "genuine", in fact I believe I have heard of it intentionally >> being used by putting the target address in the "From:" field and >> sending to an address known to generate backscatter. >> >> His newsletter is still spam to me if I did not request it, >> regardless >> of the possibility that it might request it. > You are, of course, correct. While you probably knew what I meant, it > is a poor choce of words, as it implies the others aren't "geniune" > spam. > > Do you have a suggestion for a better term? I have a suggestion: "direct" spam purports to be from the person promoting the payload, while "indirect" spam comes from a server which is tricked into sending backscatter by the person promoting the payload. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From dws at dealing-with-spam.info Sat Apr 1 10:16:05 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:20:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Geoffrey Hyde wrote on Fri, 31 Mar 2006 09:56:37 +1000: > I "top post" mostly when I'm discussing a URL as the first point of > interest in a reply I'm making. Call it what you will, but it makes > perfect sense to me, and as long as my email client permits me to do > it that way I'll do it that way. Yet another "screw your logic and I'll post how I like even if it makes it difficult for others to find out what the hell I'm on about" message. *plonk* From dws at dealing-with-spam.info Sat Apr 1 10:24:09 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:25:05 2006 Subject: [SpamCop-List] Re: Redirects via TinyURL.com - how to handle? References: Message-ID: Skiwi wrote on Thu, 30 Mar 2006 08:11:57 -0800: > Let the reports got to abuse@tinyurl.com and let them (maybe) pull the > redirect off their system? Or is that report 'abusive' on my part? Not at all. TinyURL is very white-hat and *will* nuke spamvertized redirects. Each time I've received a spam with a TinyURL link, the ridirect had already been nuked. From dws at dealing-with-spam.info Sat Apr 1 10:25:25 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:30:02 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: RandallW wrote on Thu, 30 Mar 2006 10:54:11 -0800: > Is UU Net a black hat? Are pigs capable of self-powered flight? The day UUNet stops being black-hat will be the day pigs fly. http://www.spamhaus.org/statistics/networks.lasso From g.hyde at bigpond.net.au Sat Apr 1 18:40:11 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Apr 1 03:45:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "D-W-S" wrote in message news:slrne2sdm5.1urd.dws@dealing-with-spam.info... > Geoffrey Hyde wrote on Fri, 31 Mar 2006 09:56:37 +1000: > >> I "top post" mostly when I'm discussing a URL as the first point of >> interest in a reply I'm making. Call it what you will, but it makes >> perfect sense to me, and as long as my email client permits me to do >> it that way I'll do it that way. > > Yet another "screw your logic and I'll post how I like even if it makes > it difficult for others to find out what the hell I'm on about" message. Whatever. *plonk* BTW I thought you or someone else had already plonked me long ago? Sheesh the things you remember on the spur of the moment. Cheers ... Geoffrey Hyde From nobody at spamcop.net Sat Apr 1 00:51:48 2006 From: nobody at spamcop.net (RandallW) Date: Sat Apr 1 03:55:03 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: "D-W-S" wrote in message news:slrne2se7l.1urd.dws@dealing-with-spam.info... > > http://www.spamhaus.org/statistics/networks.lasso > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained about more often.....then again the Verizon chunk of spam is large. From nobody at spamcop.net Sat Apr 1 02:00:58 2006 From: nobody at spamcop.net (N. Miller) Date: Sat Apr 1 05:05:12 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: <1xnjd6za7gntt$.dlg@news.spamcop.net> On Sat, 1 Apr 2006 00:51:48 -0800, RandallW wrote: > "D-W-S" wrote in message > news:slrne2se7l.1urd.dws@dealing-with-spam.info... >> http://www.spamhaus.org/statistics/networks.lasso > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained > about more often.....then again the Verizon chunk of spam is large. WRT to proxy spam, Verizon is worse than Comcast. I see nearly the same number of residential IP addresses trying to connect from Verizon as from Comcast; yet Verizon only has about half as many HSI customers as Comcast. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Merlyn at Spamcop.net Sat Apr 1 08:33:21 2006 From: Merlyn at Spamcop.net (Merlyn) Date: Sat Apr 1 08:35:03 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: "RandallW" wrote in message news:e0lev0$9a5$1@news.spamcop.net... > > "D-W-S" wrote in message > news:slrne2se7l.1urd.dws@dealing-with-spam.info... >> >> http://www.spamhaus.org/statistics/networks.lasso >> > > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained > about more often.....then again the Verizon chunk of spam is large. UUNET Technologies, Inc. is now itself part of WorldCom Inc which means they are part of MCI. That makes the worst spam hoster in the world. I call that pretty black hat. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From abuse at whathostingshould.be Sat Apr 1 09:12:27 2006 From: abuse at whathostingshould.be (Galen) Date: Sat Apr 1 09:15:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: In news:UFT0YQgydErm@eisner.encompasserve.org, Larry Kilgallen had this to say: My reply is at the bottom of your sent message: > In article , Garen Erdoisa > writes: > >> Suggestion; > >> If >> after a years time you have received no abuse reports on an account, >> then maybe refund the security deposit because at that time they will >> have built up a good reputation with you, and at that time you can be >> pretty sure they really are who they say they are. > > But do not publish that aspect of your policy, because some spammers > are > happy to leave an account dormant for a long time to reduce suspicion. Those are excellent ideas but I'm not too certain that we can get away with the deposit. That would place us in an "outcast" section of the market and while the goal isn't riches or anything the idea of being profitable is nice. It is a great idea and well worth one that's able to be considered. Maybe getting our own merchant account and pre-authorization to bill them for verified complaints might be something we can do. The cost for that isn't too high really. Going into this we knew we'd have abuse issues. The percentage rate of signups that are fraud or end in abuse (we're now at three officially banned accounts) is about 1/4 for the low end accounts. I can see why the (what seems to me) majority of hosting companies just ignore it. In a few forums that I belong to there are folks who fairly openly claim (as if bragging) that they just dev-null all abuse reports. It even seems that an even higher percentage of them don't even bother doing anything until there are a lot of sources claiming the abuse. Evil rat-bass-turds the lot of 'em. I'm going to hunt a few down and beat 'em with a bat or something. Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From joegill at removethis Sat Apr 1 12:46:09 2006 From: joegill at removethis (Joe Gill) Date: Sat Apr 1 12:50:11 2006 Subject: [SpamCop-List] Format changed Spamcop Quick Reporting Data Emails Message-ID: This is an FYI for this that sort/filter emails based on Subject lines On 03/28, between 1:41PM US Eastern time and 5:27PM, the format of the subject lines changed from: SpamCop Quick reporting data to [SpamCop] Quick reporting data From MikeE at ster.invalid Sat Apr 1 10:31:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 1 13:35:04 2006 Subject: [SpamCop-List] Re: Format changed Spamcop Quick Reporting Data Emails References: Message-ID: Joe Gill wrote: > This is an FYI for this that sort/filter emails based on Subject lines > > On 03/28, between 1:41PM US Eastern time and 5:27PM, > the format of the subject lines changed > > from: > SpamCop Quick reporting data > to > [SpamCop] Quick reporting data Yes. I changed mine from SpamCop Quick, which stopped working, to Quick reporting. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Apr 1 12:31:14 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Apr 1 13:35:07 2006 Subject: [SpamCop-List] Re: Format changed Spamcop Quick Reporting Data Emails References: Message-ID: "Joe Gill" wrote in message news:e0mecq$r9o$1@news.spamcop.net... > This is an FYI for this that sort/filter emails based on Subject lines > > On 03/28, between 1:41PM US Eastern time and 5:27PM, > the format of the subject lines changed > > from: > SpamCop Quick reporting data > to > [SpamCop] Quick reporting data As was posted in the Forum, both standard and Quick- Reporting notification e-mails have had this Subject: line change made. From jzeitlin at spamcop.net Sat Apr 1 15:30:28 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Sat Apr 1 15:35:04 2006 Subject: [SpamCop-List] Apologies for OT Message-ID: Galen, would you please contact me via email at editor *at* freelancetraveller.com? I'm looking for new hosting, and I want to discuss some special needs I have, and whether WHSB can/is willing to meet those needs (and at what price). -- E?nw? (SpamCop subscriber, not staff/admin) From Kilgallen at SpamCop.net Sat Apr 1 16:13:22 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Apr 1 17:15:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: In article , "Galen" writes: > Going into this we knew we'd have abuse issues. The percentage rate of > signups that are fraud or end in abuse (we're now at three officially banned > accounts) is about 1/4 for the low end accounts. .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean ? From ppearson at nowhere.invalid Sat Apr 1 23:01:25 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Sat Apr 1 18:05:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: On Fri, 31 Mar 2006 10:11:40 -0600, Marc W. Mengel wrote: > > Actually, it turns out some of our moderated lists send a "your message > has been forwarded to the moderator" message, and that's what has > been tripping spamcop's spamtraps. Fascinating. So some spammer has gone to the trouble to forge a spamtrap return address onto a fake submission to one of your lists. I wonder whether . . . (a) the spammer was just sending an enlargement ad to an email address that happened to go to your list, and forged a don't-care return address that happened to be a spamtrap; or (b) the spammer knew he could use your list server to bounce enlargement ads into other target mailboxes, one of which happened to be a spamtrap. In case (a), you can stay out of trouble if you can distinguish between list submissions and spam before replying. If the case is (b), that distinction will help in the short run, but a spammer determined to sneak past your filter can eventually force you to choose between serving as a springboard for spam and curtailing your autoresponses. By the way, Marc: you have mentioned that fnal runs a large number of mailing lists, as if that excuses fnal from taking measures to prevent their abuse by spammers. I don't find that line of reasoning compelling, and I'd like to suggest a different way of looking at it: When fnal budgets manpower for running lists, fnal gets to decide whether or not to budget for the small (per list) additional effort that will keep your servers off blocklists. -- To email me, substitute nowhere->spamcop, invalid->net. From MikeE at ster.invalid Sat Apr 1 15:27:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 1 18:30:04 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: Peter Pearson wrote: > Marc W. Mengel >> Actually, it turns out some of our moderated lists send a "your >> message has been forwarded to the moderator" message, and that's >> what has been tripping spamcop's spamtraps. > > Fascinating. So some spammer has gone to the trouble to forge > a spamtrap return address onto a fake submission to one of your > lists. I wonder whether . . . Or, no, you might make it simpler and less fascinating. A spammer scrapes the submit to the list addy and also scrapes the spamtrap addy or buys scraped addies or millions CDs. The spammer uses the same lists for the bogus From as are used to mailto. Sometimes the mailto is the list submit and the From is a spamtrap. Then the submit address autoresponds with the 'forwarded to moderator' message to the spamtrap. If the listserv is going to send out misdirected or abusive autoresponds to bogus Froms, it is going to get itself into trouble. Autoresponding servers which address newmails to bogus Froms ought to not be facing the internet at large without some serious de-spamming and/or SPF or some combination thereof. -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Sat Apr 1 16:36:47 2006 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 1 19:40:03 2006 Subject: [SpamCop-List] Re: Redirects via TinyURL.com - how to handle? In-Reply-To: References: Message-ID: D-W-S wrote: > Skiwi wrote on Thu, 30 Mar 2006 08:11:57 -0800: > >> Let the reports got to abuse@tinyurl.com and let them (maybe) pull the >> redirect off their system? Or is that report 'abusive' on my part? > > Not at all. > > TinyURL is very white-hat and *will* nuke spamvertized redirects. Each > time I've received a spam with a TinyURL link, the ridirect had already > been nuked. cheers! From lujanero at gmail.com Sat Apr 1 21:41:03 2006 From: lujanero at gmail.com (master) Date: Sat Apr 1 19:45:05 2006 Subject: [SpamCop-List] JAPONESAS Message-ID: http://linkbux.com/go.php?link=513018 From abuse at whathostingshould.be Sat Apr 1 20:21:49 2006 From: abuse at whathostingshould.be (Galen) Date: Sat Apr 1 20:45:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: >> Going into this we knew we'd have abuse issues. The percentage rate >> of signups that are fraud or end in abuse (we're now at three >> officially banned accounts) is about 1/4 for the low end accounts. > > .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean > ? 1/4 of the lowest priced account (4 out of 12) have been fraud or SPAM. 2/12 SPAM and 2/12 credit card fraud. Galen From nobody at spamcop.net Sat Apr 1 18:10:07 2006 From: nobody at spamcop.net (RandallW) Date: Sat Apr 1 21:15:03 2006 Subject: [SpamCop-List] non-throwaway e-mail addy for spammy domains Message-ID: If I find the e-mail addy for the registrant of a spammy domain ( of the spamvertised website ), and the addy is a non-throwaway ( hotmail, yahoo, etc. ), what's the chance the e-mail is used for actual work? From bar_n0ne at hotmail.com Sat Apr 1 21:33:58 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 1 22:35:03 2006 Subject: [SpamCop-List] Re: non-throwaway e-mail addy for spammy domains References: Message-ID: "RandallW" wrote in message news:e0nbpp$bdd$1@news.spamcop.net... > If I find the e-mail addy for the registrant of a spammy domain ( of the > spamvertised website ), and the addy is a non-throwaway ( hotmail, yahoo, > etc. ), what's the chance the e-mail is used for actual work? > > Well, you may have an opportunity to land some asswipe in serious hot water, if, the "work" addy is not the outfit doing the spamming, It might need a nice piece of snail mail to the company but that would do it. From bar_n0ne at hotmail.com Sat Apr 1 21:35:38 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 1 22:40:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: "Galen" wrote in message news:e0na4v$agk$1@news.spamcop.net... > >> Going into this we knew we'd have abuse issues. The percentage rate > >> of signups that are fraud or end in abuse (we're now at three > >> officially banned accounts) is about 1/4 for the low end accounts. > > > > .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean > > ? > > 1/4 of the lowest priced account (4 out of 12) have been fraud or SPAM. 2/12 > SPAM and 2/12 credit card fraud. > > Galen > > UMMMM,,, actually the stats are worse than you think, 4/12 is a Third, (33.3%) not a Quarter. From MikeE at ster.invalid Sat Apr 1 21:57:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 01:00:05 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: master wrote: In case anyone is wondering about master's JAPONESA newsgroup spam operation. master started hir operation under the current persona a few days ago by webposting to googlegroups using a gmail addy account lujanero@gmail.com and to google groups only such as Sex talk pleasure totally nude.celebrity big.tit adult.sex amateur-porn true adult-pics Asian hotties which are all googlegroups, not usenet and for which the posts weren't necessarily spam or inappropriate. This is a baby .ar spammer who has decided to profit from the deals described at linkbux "Get paid for every user who is visiting your links to websites, downloads, images, etc etc.. " http://www.linkbux.com/main.php -- also similarly imagefap.com "We are a free image hosting provider that allow you to earn $$ with your images. -- You will earn cash for every visitor that views your galleries/images." http://www.imagefap.com/index.php But imagefap sez "We also do not condone promotion through spam, autosurf and bots. All users violating this policy will be banned and their earnings forfeited." -- whereas linkbux doesn't say that. Imagefap also claims to work with authorities over issues of copyright infringement or kiddy porn. .. and so presumably linkbux must be expecting to tolerate complaints about usenet and other spamruns. Both linkbux and imagefap are hosted on nforce.nl servers but their registration is handled differently. linkbux 'what is forbidden' clause confuses me "What is forbidden?: -- Following reasons will result in an direct account termination inclusive earnings generated: - Autosurf sites - Human beings have to manually click/visit the paid-redirects - Any auto click generating. - Using other paid-redirect services as destination urls." All that is forbidden is some kind of clicking and redirect issues, not spam, copyright infringement or kiddy porn. Then s/he expanded the operation to the usenet groups some of which were amusingly misdirected because of containing 'amateur' in the group name, like rec.radio.amateur.policy and alt.nl.radio.zendamateur.gelicentieerd -- this usenet expansion was also associated with branching into nntp posting instead of webposting googlegroups by using the free newsservers news.infoave.com and news.aioe.org -- continuing to post from the .ar IP 190.48.14.195 and using the gmail addy. I'm not really sure what caused the expansion into the SC ng/s -- maybe something became automated. At this point the number of entities which could be notified has expanded beyond telefonica.com.ar & gmail & googlegroups to infoave.net & aioe.org -- and most of those would take action against the account. Since the spammer is presumably inexperienced I suspect the gmail account was used at linkbux and imagefap for the account's payoff, so losing that could disrupt the communications. -- Mike Easter kibitzer, not SC admin From vanishingrabbit at ntlworld.com Sun Apr 2 11:46:17 2006 From: vanishingrabbit at ntlworld.com (Will Gray) Date: Sun Apr 2 05:50:14 2006 Subject: [SpamCop-List] please help Message-ID: I have sent a few emails out to a manually maintained list of users. It is not spam but now i can't even reply to emails because i am blocked !! What the hell is this spamcop thing all about, destroying peoples business? The help pages are meaningless and don't actually tell you what to do, does anyone know in plain English how to resolve this situation ?? From MikeE at ster.invalid Sun Apr 2 04:03:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:05:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Will Gray wrote: > I have sent a few emails out to a manually maintained list of users. > It is not spam but now i can't even reply to emails because i am > blocked !! What IP address are you trying to talk about? Perhaps you mean that you have recently found your outgoing mail rejected by your recipient's server, and that that rejection of your mail contains exact and specific information regarding which IP address [which would be a dotted quad like 82.7.16.222 ] that recipient is not accepting because of the recipient's choice of spamblocking methods. > What the hell is this spamcop thing all about, destroying peoples > business? What IP address are you trying to talk about? SpamCop does not block anything. SpamCop is a free and paid parsing and reporting service to help spam recipients notify the providers for spamsources and spamvertisers. SpamCop is the maintainer of the spamcop blocklist SCbl based on spamsources derived from reports by spamcop reporters and spamcop spamtraps receiving unwanted mail. SpamCop is also a subscribed mail service providing spamfilter tagging and facilitated reporting. > The help pages are meaningless and don't actually tell you > what to do, does anyone know in plain English how to resolve this > situation ?? What IP address are you trying to talk about? The specific and exact help pages which are linked by the information in a delivery status failure which is caused by a server using the SCbl to reject name the IP in question. We cannot talk about a mail delivery problem here unless we know the IP address. Then we can talk about what a SCbl listing means and why you might have been so listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 04:33:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:35:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Mike Easter wrote: > Will Gray wrote: > >> I have sent a few emails out to a manually maintained list of users. >> It is not spam but now i can't even reply to emails because i am >> blocked !! > > What IP address are you trying to talk about? I am trying to sleuth out what IP address you haven't named yet, but I'm being unsuccessful. You are posting here from an IP address provided by NTL which looks like it is a cable modem and which might be geographically located in Leicester or near there. That IP address you post here with is not blocklisted anywhere, including SC. You signed Will Gray. There is a Will Gray website http://www.willgray.co.uk/index.htm which Will Gray is of the east Midlands area which includes Leicester. That domainname address willgray.co.uk has its incoming mail handled by .ukservers.net MXes named mx1. and mx2. -- but the outgoing mail from ukservers.net is handled by a family of 11 servers listed in senderbase: 217.10.138.203 server26.ukservers.net 217.10.138.202 server25.ukservers.net 217.10.138.242 server42.ukservers.net 217.10.138.207 server30.ukservers.net 217.10.138.201 server24.ukservers.net 217.10.138.208 server31.ukservers.net 217.10.138.220 smtp-1.ukservers.net 217.10.138.198 server21.ukservers.net 217.10.138.209 server32.ukservers.net 217.10.138.199 server22.ukservers.net 217.10.138.204 server27.ukservers.net So far, I've determined 15 different IP addresses which *might* be associated with your mail, and none of them are SCbl listed. Now it is time for me to stop guessing and for you to name the IP address which you are trying to say is blocked. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 04:48:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:50:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Mike Easter wrote: >> Will Gray wrote: >> >>> I have sent a few emails out to a manually maintained list of users. >>> It is not spam but now i can't even reply to emails because i am >>> blocked !! >> >> What IP address are you trying to talk about? > > I am trying to sleuth out what IP address you haven't named yet, but > I'm being unsuccessful. I forgot about the ntlworld.com family that might be going out ntlworld.com or ntl.com or I don't know whatall. That guessing would be too far ranging and too many servers. No more guessing for me. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Apr 2 17:15:11 2006 From: nobody at devnull.spamcop.net (Peter) Date: Sun Apr 2 15:20:16 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: If we try to report it as spam...this is what SC finds: Re: 190.48.14.195 (Administrator of network where usenet posts originate) To: news@news.spamcop.net (Notes) Re: 190.48.14.195 (Third party interested in email source) To: Cyveillance spam collection (Notes) (Report cancelled) -- Peter Toronto, Canada 2 x XP Pro SP2 (1 everyday, 1 for testing) P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD "Mike Easter" wrote in message news:e0np35$i8r$1@news.spamcop.net... > master wrote: > > > In case anyone is wondering about master's JAPONESA newsgroup spam > operation. > > master started hir operation under the current persona a few days ago by > webposting to googlegroups using a gmail addy account lujanero@gmail.com > and to google groups only such as Sex talk pleasure totally > nude.celebrity big.tit adult.sex amateur-porn true adult-pics Asian > hotties which are all googlegroups, not usenet and for which the posts > weren't necessarily spam or inappropriate. > > This is a baby .ar spammer who has decided to profit from the deals > described at linkbux "Get paid for every user who is visiting your > links to websites, downloads, images, etc etc.. " > http://www.linkbux.com/main.php -- also similarly imagefap.com "We > are a free image hosting provider that allow you to earn $$ with your > images. -- You will earn cash for every visitor that views your > galleries/images." http://www.imagefap.com/index.php > > But imagefap sez "We also do not condone promotion through spam, > autosurf and bots. All users violating this policy will be banned and > their earnings forfeited." -- whereas linkbux doesn't say that. > Imagefap also claims to work with authorities over issues of copyright > infringement or kiddy porn. > > .. and so presumably linkbux must be expecting to tolerate complaints > about usenet and other spamruns. Both linkbux and imagefap are hosted > on nforce.nl servers but their registration is handled differently. > linkbux 'what is forbidden' clause confuses me "What is forbidden?: > -- Following reasons will result in an direct account termination > inclusive earnings generated: - Autosurf sites - Human beings have to > manually click/visit the paid-redirects - Any auto click generating. - > Using other paid-redirect services as destination urls." All that is > forbidden is some kind of clicking and redirect issues, not spam, > copyright infringement or kiddy porn. > > > Then s/he expanded the operation to the usenet groups some of which were > amusingly misdirected because of containing 'amateur' in the group name, > like rec.radio.amateur.policy and > alt.nl.radio.zendamateur.gelicentieerd -- this usenet expansion was > also associated with branching into nntp posting instead of webposting > googlegroups by using the free newsservers news.infoave.com and > news.aioe.org -- continuing to post from the .ar IP 190.48.14.195 and > using the gmail addy. I'm not really sure what caused the expansion > into the SC ng/s -- maybe something became automated. > > At this point the number of entities which could be notified has > expanded beyond telefonica.com.ar & gmail & googlegroups to infoave.net > & aioe.org -- and most of those would take action against the account. > Since the spammer is presumably inexperienced I suspect the gmail > account was used at linkbux and imagefap for the account's payoff, so > losing that could disrupt the communications. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Sun Apr 2 14:36:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 16:40:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Peter wrote: > If we try to report it as spam...this is what SC finds: > > Re: 190.48.14.195 (Administrator of network where usenet posts > originate) To: news@news.spamcop.net (Notes) I don't find SC to be a particularly useful tool for reporting usenet spam. In the first place, the algorithm isn't designed to determine source in the event of the absence of a nntp posting host line which often isn't available; and in the second place, it appears that the algorithm currently wants to report the source IP to the newsprovider instead of to the provider for the source IP. >> At this point the number of entities which could be notified has >> expanded beyond telefonica.com.ar & gmail & googlegroups to >> infoave.net & aioe.org If I were reporting it, I would be manually reporting it and including inline copies of several other representative examples recently found on usenet and googlegroups to abuse@speedy.com.ar postmaster@speedy.com.ar (for speedy.com.ar) [abuse.net on the rDNS of the source IP] abuse@telefonica.com.ar postmaster@telefonica.com.ar (for telefonica.com.ar) [abuse.net on the domainname of the lacnic contact for the source IP] gmail-abuse@google.com (for gmail.com) [using the gmail account to spam googlegroups] groups-abuse@google.com [for the posts which were made to googlegroups] abuse@infoave.net [for the posts which were made nntp via infoave.net] freedom@aioe.org abuse@aioe.org (for aioe.org) [for the posts made nntp via aioe] default postmaster@linkbux.com + default abuse@linkbux.com for presumed violation of linkbux rules info@nforce.nl + default postmaster@nforce.nl + default abuse@nforce.nl [provider for spamvertised linbux.com and also spamvertised which doesn't have an abuse address or a contact address abuse@leaseweb.com ripe contact for AS16265 routing for nforce for no abuse contact addies default postmaster@imagefap.com + default abuse@imagefap.com for violation of imagefap rules By attaching several items, to the manual notify each of the desks would have the big picture of a general pattern of spammish treatment of googlegroups, usenet groups and spamcop groups.. I wouldn't bother notifying spamcop, because spamcop doesn't require login to post to the newsgroups, whereas aioe does and can turn off the account. It turns out that infoave doesn't require login either, so that notify may also not be worthwhile. As a general rule, I don't notify about usenet spam. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sun Apr 2 21:47:36 2006 From: nobody at nowhere.not (Robert Blair) Date: Sun Apr 2 16:50:03 2006 Subject: [SpamCop-List] spam purporting to be from University of Phoenix Message-ID: http://www.spamcop.net/sc?id=z911735453z5a9d387d42002d8a07d0ef7829f1c3 65z At first I thought this was a Joe Job but closer inspection it looks like the spammer is pretending to be the University of Phoenix (using its logo). http://xy7b.com/z/26311/CD60/&dp=0&l=0&p=0 redirects to http://www.uopinternational.com/index.php?cid=es_mba -- Robert Blair From newsgroups.2006 at davetopping.com Sun Apr 2 23:27:47 2006 From: newsgroups.2006 at davetopping.com (Dave Topping) Date: Sun Apr 2 17:30:03 2006 Subject: [SpamCop-List] Complicated newbie question Message-ID: I am trying to work out if it's possible to do this: 1) Forward spamcop notifications to an email alias on my domain, which runs on cPanel Exim MTA. 2) Pipe, or save to file, emails sent to that alias. 3) Modify the subject to begin with [email]. 4) Forward the email to NANAS using my commercial usenet account. Any ideas, please? Thank you. From newsgroups.2006 at davetopping.com Sun Apr 2 23:28:56 2006 From: newsgroups.2006 at davetopping.com (Dave Topping) Date: Sun Apr 2 17:30:06 2006 Subject: [SpamCop-List] Redirecting spamcop complaints to submission address? Message-ID: Some of the email accounts I have are Horde based, which only appears to offer a REDIRECT instead of forward as attachement option. Is it possible to configure my spamcop account to accept any and all email sent to the submit address for prossessing? Regards From not at home.today Mon Apr 3 00:32:34 2006 From: not at home.today (Ant) Date: Sun Apr 2 18:35:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: "Mike Easter" wrote: > I wouldn't bother notifying spamcop, because spamcop doesn't require > login to post to the newsgroups, whereas aioe does and can turn off the > account. Just for the record, aioe doen't require any signup or login. However, it does have a limit of 25 posts per day. http://news.aioe.org/article.php3?id_article=3 From jeffg at spamcop.net Sun Apr 2 19:56:18 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sun Apr 2 19:00:03 2006 Subject: [SpamCop-List] Re: Redirecting spamcop complaints to submission address? References: Message-ID: Dave Topping wrote: > Some of the email accounts I have are Horde based, which only appears > to offer a REDIRECT instead of forward as attachement option. > > Is it possible to configure my spamcop account to accept any and all > email sent to the submit address for prossessing? Yes, you can use a Horde REDIRECT to redirect spam messages to your Spamcop Email System Account, and then Report as normal from there. You can also ask your other MSPs (Mail Service Providers) to provide a "forward as attachment" or "forward inline" capability that includes all of the Header Lines. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Sun Apr 2 18:31:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 20:35:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Ant wrote: > "Mike Easter" wrote: > >> I wouldn't bother notifying spamcop, because spamcop doesn't require >> login to post to the newsgroups, whereas aioe does and can turn off >> the account. > > Just for the record, aioe doen't require any signup or login. You are correct, sir. I must've been thinking of another. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 12:00:52 2006 From: nobody at devnull.spamcop.net (Patto) Date: Sun Apr 2 22:05:03 2006 Subject: [SpamCop-List] Re: JAPONESAS In-Reply-To: References: Message-ID: Mike Easter wrote: > Peter wrote: >> If we try to report it as spam...this is what SC finds: >> >> Re: 190.48.14.195 (Administrator of network where usenet posts >> originate) To: news@news.spamcop.net (Notes) > > I don't find SC to be a particularly useful tool for reporting usenet > spam. In the first place, the algorithm isn't designed to determine > source in the event of the absence of a nntp posting host line which > often isn't available; and in the second place, it appears that the > algorithm currently wants to report the source IP to the newsprovider > instead of to the provider for the source IP. I have no problems using SC to analyze and report usenet spam; I do it regularly with items spammed into Microsoft support newsgroups. However, the SC newsgroups somehow manage to hide the poster's originating IP address, and therefore is unable to report anything. From caroljean52 at yahoo.com Sun Apr 2 22:05:14 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Sun Apr 2 23:10:06 2006 Subject: [SpamCop-List] Re: spam purporting to be from University of Phoenix References: Message-ID: "Robert Blair" wrote: > At first I thought this was a Joe Job but closer inspection it looks > like the spammer is pretending to be the University of Phoenix (using > its logo). When the University of Phoenix first went online they were (cluelessly) spamming mercilessly (besides being responsible for at least half the pop-up ads out there) but they actually learned fast and modified their behavior! It's been years since they've actually done any spammer. Interesting that the evil spammers are now pretending to be them. Carol Pocatello, Idaho From notavalidemail at theabyss123.com Mon Apr 3 00:06:44 2006 From: notavalidemail at theabyss123.com (MrBill) Date: Sun Apr 2 23:10:10 2006 Subject: [SpamCop-List] SpamCop Not Identifying Spamvertised URLs Message-ID: I just started reporting SPAM (I'm relatively new so be gentle), and I am confused as to why SpamCop does not pick up the Spamvertised URL in most of my SPAMS. It says "Finding Links in Message Body" - "No Links Found." This is frustrating because I am getting at least 20 of the exact SPAMS daily, only with rotation of the Spamvertised URL. Here's a small sample list of Spamvertised URL's SpamCop did not detect... http://boei10.akintassle.com http://vyju35.secaliesin.com http://raju99.citreato.com http://tejy59.gointcor.com Is it that I am reporting these wrong? I log into SpamCop, pasted the headers, then a line break, then the body of the Spam. I feel as if my SPAM reports are not hurting the SPAMMER, because they can just use another Zombie to spew out their Trash. If SpamCop could detect their Spamvertised Websites, maybe then it would hit this SPAMMER in the wallet! Please help! Return-Path: < snd_pcm_hw_params_get_buffer_time@gonegambling.com > Received: from srv25.XXXXXX.com (root@localhost) by XXXXXX.com (8.12.11/8.12.11) with ESMTP id k332VcPD001737 for < XXX@XXXXXX.com >; Sun, 2 Apr 2006 21:31:38 -0500 X-ClientAddr: 201.215.85.36 Received: from -1210885720 (pc-36-85-215-201.cm.vtr.net [201.215.85.36]) by srv25.XXXXXX.com (8.12.11/8.12.11) with SMTP id k332U669000864 for < XXX@XXXXXX.com >; Sun, 2 Apr 2006 21:30:56 -0500 Received: from gonegambling.com (-1208301704 [-1210410432]) by pc-36-85-215-201.cm.vtr.net (Qmailv1) with ESMTP id 9F2930A710 for < XXX@XXXXXX.com >; Sun, 02 Apr 2006 21:22:03 -0500 Date: Sun, 02 Apr 2006 21:22:03 -0500 From: "Davis L. Defilement" < snd_pcm_hw_params_get_buffer_time@gonegambling.com > X-Mailer: The Bat! (v2.00.0) Personal X-Priority: 3 Message-ID: < 9923725931.20060402212203@gonegambling.com > To: XXX < XXX@XXXXXX.com > Subject: Premier MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------484BA784011A5A1" X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6 X-Spam-Status: No, hits=2.3 required=5.0 tests=HTML_10_20,HTML_MESSAGE,MIME_HTML_NO_CHARSET version=2.55 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Status: Tired of low-quality Chinese and Indian medications? Use only the branded one! Man's Health Anti-Depressants Antibiotics Cholesterol Diabetes Diuretic Pain Relief Sexual Health Sleep Aids Weight Loss and more on http://budashanik.com From MikeE at ster.invalid Sun Apr 2 22:10:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:15:04 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Patto wrote: > However, the SC newsgroups somehow manage to hide the poster's > originating IP address, and therefore is unable to report anything. I disagree with that characterization. One of the most reliable pieces of information in nntp headers which is rarely forged [notice I didn't say /never/] is that of the NNTP posting host, which the parser refers to as NPH. The SC newsserver dutifully records the NPH, and 'identifies' it as the source of the item. So, I wouldn't at all say that news.spamcop.net manages to 'hide the poster originating IP address' -- it is just that the parser is configured to report the originating IP to the news provider, not the source provider. This is a condition which I hadn't noticed before, since I haven't run a news message thru' the parser in quite some time. Personally I don't think it is a good configuration -- but then I don't think reporting usenet spam is a particularly useful function and I also don't think that reporting usenet spam with spamcop is a particularly useful activity. I have my own personal opinion about a number of SC configurations which I disagree with. In any case, news.spamcop.net doesn't hide the poster's originating IP. So your beef is misstated -- the originating IP is identified, it just isn't reported to the source provider in the same fashion as a /real/ spam, an email spam. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Apr 3 01:16:46 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 00:20:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), and > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. It says "Finding Links in Message Body" - "No > Links Found." This is frustrating because I am getting at least 20 > of the exact SPAMS daily, only with rotation of the Spamvertised URL. ... > Is it that I am reporting these wrong? I log into SpamCop, pasted the > headers, then a line break, then the body of the Spam. I feel as if > my SPAM reports are not hurting the SPAMMER, because they can just > use another Zombie to spew out their Trash. If SpamCop could detect > their Spamvertised Websites, maybe then it would hit this SPAMMER in > the wallet! Please help! ... > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----------484BA784011A5A1" ... > Tired of low-quality Chinese and Indian medications? As I wrote at http://forum.spamcop.net/forums/index.php?showtopic=3125&view=findpost&p=20658 (modified a tad for newsgroup posting): The SpamCop Parser is excessively (IMHO) pedantic about what URLs it is willing to report on your behalf (reporting "no links found" when certain rules are broken by the spammer that would be broken by OE/IE and other mailreaders/browsers in their attempts to be "helpful"), and you shouldn't go around willy-nilly changing the spam to make the URLs reportable. You can complain (to deputies admin.spamcop.net with a Tracking URL) about the excessive pedanticism, and you can file Manual Reports( http://forum.spamcop.net/forums/index.php?showtopic=2530#entry19972 ). Please see my reply at http://forum.spamcop.net/forums/index.php?showtopic=3035&view=findpost&p=20110 for more info on this issue. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Apr 3 01:22:12 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 00:25:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Mike Easter wrote: > the parser is > configured to report the originating IP to the news provider, not the > source provider. I think it should report to both. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at spamcop.net Sun Apr 2 22:30:55 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 00:35:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: On Sun, 2 Apr 2006 23:06:44 -0400, MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), and I am > confused as to why SpamCop does not pick up the Spamvertised URL in most of > my SPAMS. SpamCop is, primarily, about report "spam sources", where the spam source is the point where the spam was injected into the SMTP process. When the parser misses links, it is because it is not optimized to find them, for various, usually pretty good, reasons. You either did not read th FAQ, or failed to "lurk before you leap". Posting spam to this group is strongly discouraged. Either post the spam to the "spamcop.spam" group, and reference it in this group, or post a tracker; which looks like this: http://www.spamcop.net/sc?id=z911947198z2886e6db0747dc765fa6b06e6198e6f6z Be sure not to post a live tracker. Either submit the report, as I did with this one, or cancel it. The report cancel feature allows you to experiment by modifying the spam item in ways which should not be reported, but will help you understand what is happening. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Sun Apr 2 22:42:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:45:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), OK, I'll be gentle. This is not new information. > and > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. The 'why' isn't going to be answered. The observation will be addressed. SC has several different kinds of behaviors when it fails to notify for a spamvertised url. One behavior is that it will 'deobfuscate' the url, but it will decline to try to resolve it to an IP. Naturally that results in no notify. Another behavior is that after deobfuscation, it will try to resolve the url, but will fail. Of course, sometimes it will deobfuscate, choose to resolve, succeed in resolving, and then may or may not be able to derive a notify address. This can result in a devnull. The 'ultimate' is that the url is deobfuscated, resolved, and the notify address is derived and provided as available to be notified -- or, the derived address may have chosen to refuse munged reports, which presents the reporter with the option to unmunge or to not notify. The notify should be considered to be a courtesy of the parser and the reporter. > says "Finding Links in Message Body" - "No > Links Found." This is frustrating because I am getting at least 20 > of the exact SPAMS daily, only with rotation of the Spamvertised URL. > Here's a small sample list of Spamvertised URL's SpamCop did not > detect... > > http://boei10.akintassle.com > http://vyju35.secaliesin.com > http://raju99.citreato.com > http://tejy59.gointcor.com How you are presenting your 'case' isn't being performed correctly. What you want to do is to show us what spam was being parsed and how SC was parsing it with what result. This can be done by providing the tracking URL for the parsed spam itself. A tracking URL is referred to here as a 'tracker' and the tracker and its environment looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z911834124zacc768d760cf42bf1285c4ca1f751485z at the top of the parse of any particular spam. And which spam's parse sez what you said: // Finding links in message body no links found // > Is it that I am reporting these wrong? Perhaps, actually 'yes'. There can be a host of problems with the header condition which causes a failure to determine body url/s. Some of these are the fault of the spam, some the fault of the parser, some the fault of the submitter or the submitters mailuser agent. > I log into SpamCop, pasted the > headers, then a line break, then the body of the Spam. I'm not sure about why you are having to perform the operation in that fashion. I suspect that something is awry in how you are accessing the complete headers which ideally should be attached to the raw spam, not usually as two separate operations. > Return-Path: Eek! That is a definite no-no. Do not post spam and spam headers here. This is a discussion group. There is not supposed to be any spam or spam headers posted here. It is completely unnecessary with the system of being able to post a spam tracker as above. The parsing of that spam which you mistakenly posted in your news message indicates that you are handling your spam improperly. Your spam's header says this: > Content-Type: multipart/alternative; > boundary="----------484BA784011A5A1" ... but what you posted was not in the condition of multipart alternative with a boundary. What you pasted in here was a 'rendered' spam, which multiparts had been 'digested' by your mailuser agent's rendering engine. Since you are posting here with OE Outlook Express, it is likely that your mailuser agent is also OE. You are handling your spams improperly with OE. What you should be doing is following the instructions in the faq for how to obtain the message properties with OE, see http://www.spamcop.net/fom-serve/cache/119.html SpamCop FAQ : SpamCop Parsing and Reporting Service : How do I get my email program to reveal the full, unmodified email? : Microsoft products : Outlook Express 4, 5 and 6 - .. except disregard any instructions which involve control-F3 and instead use the instructions which involve File/ Properties or the instructions involving the keyboard using alt-enter. Just for the fun of it, I can 'forge' a spam report which provides a notification of the provider for the spamvertiser like this: http://www.spamcop.net/sc?id=z911955157z303d464f063f40df6c7c13604688bc7cz That tracker is for a different item than the first tracker. In this case, I have 'forged' a spam for experimental and demonstration purposes, not to be reported, but instead to be cancelled, in which I took the rendered spambody which you paste here, and married it to the headers which you pasted here, except that I removed the 'misleading' content type headerline, which doesn't match with the condition of the body. As a result, SC will offer to report the spamvertised link in plaintext. Report Spam to: Re: 201.215.85.36 (Administrator of network where email originates) To: gerencia@vtr.cl (Notes) To: postmaster#vtr.cl@devnull.spamcop.net (Notes) To: lsoto@vtr.cl (Notes) To: dominios@vtr.cl (Notes) Re: http://budashanik.com (Administrator of network hosting website referenced in spam) To: postmaster@xeex.com (Notes) To: info@nrsoftware.com (Notes) To: abuse@nrsoftware.com (Notes) To: noc@xeex.com (Notes) There's a lot of information in this post, so I'll tersely summarize it in another if useful. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 22:49:03 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:50:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: This is a shorter, more direct answer than the windy one. MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), You are not reporting your spam correctly. You are submitting it to the parser incorrectly, not according to instructions. > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. SC has some problems with spamvertised URLs, but your particular example is a problem which you are creating, not SC. > It says "Finding Links in Message Body" - "No > Links Found." That's because you are submitting mailheaders which do not match with the condition of the body, because you are submitting a rendered spambody instead of a raw spambody to match the condition of the headers. You didn't pay attention to the faq which instructed you how to submit spams with OE. http://www.spamcop.net/fom-serve/cache/119.html With the mouse: Click the "File" menu Click "Properties" Click the "Details" tab Click "Message Source" Highlight, copy and paste everything from this window (Ctrl-A, Ctrl-C) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 22:53:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:55:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Jeff G. wrote: > Mike Easter wrote: >> the parser is >> configured to report the originating IP to the news provider, not the >> source provider. > > I think it should report to both. Okey dokey -- that is fine with me, five by five. In case anyone is curious about the old 'five by five' term, it involves old radio transmissions which were rated in terms of signal strength and clarity of transmission, on a scale of 1-5. So five by five was strong and crystal clear. It's like saying "I'm reading you, loud and clear." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 23:24:38 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 01:25:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike Easter wrote: > This is a shorter, more direct answer than the windy one. BTW, for me, the windy answer is very very quick. The short direct terse or succinct answer takes me much more time than the long drawn out windy answer which flows freely and easily as I go along trying to figure out where I am going. It isn't until all of that is done that I can begin to 'analyze' that the answer to the original question wasn't what was expected when I started answering. If you think I should figure out where I'm going to end up before I start, you're crazy. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 3 00:02:59 2006 From: nobody at spamcop.net (RandallW) Date: Mon Apr 3 02:05:03 2006 Subject: [SpamCop-List] *sniff* another personal tragedy for a 419'er Message-ID: http://www.spamcop.net/sc?id=z911994022z4be8cef662b2005feb62684b86aa2ecbz Her mother died two hours after she gave 'bet' to her. From dtbteong at streamyx.com Mon Apr 3 15:23:51 2006 From: dtbteong at streamyx.com (Daniel) Date: Mon Apr 3 02:25:03 2006 Subject: [SpamCop-List] Blocked email access Message-ID: Recently my domain which was hosted in US was blocked due to report that spamming comes from my hosting server. The issue is only some user experience the blocking. How could this be ? Btw does every domain registered for spamcop ? Thanks Regards Daniel From l18hyuk02 at sneakemail.com Mon Apr 3 11:11:55 2006 From: l18hyuk02 at sneakemail.com (Roman) Date: Mon Apr 3 04:15:03 2006 Subject: [SpamCop-List] Tool to report phishing scam emails Message-ID: Hello Castlecops created a new tool to report phishing scam emails, they use it in trying to shutdown the phishing websites. http://castlecops.com/pirt I thought it might be useful for Spamcop reporters, altough I have not used it myself yet. Regards Roman From abuse at whathostingshould.be Mon Apr 3 06:27:43 2006 From: abuse at whathostingshould.be (Galen) Date: Mon Apr 3 05:30:13 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: > UMMMM,,, actually the stats are worse than you think, 4/12 is a Third, > (33.3%) not a Quarter. See? Now you can tell what they're doing to me. ;) You'd think I'd be able to do simple math but I'm pretty sure dealing with abuse has just about killed all of my brain cells. Actually we've started a new policy. Anyone who orders the inexpensive hosting package with a non-verified account we will call and confirm the order. It has come to our attention (thanks to the fraud team with PayPal) that the telephone numbers used aren't real and that's the most often faked information when the CC information is real. No answer, no service. No person there by that name, no service. No one there that speaks English, no refund. (The site is in English and not exactly easy to translate with an online translation service.) As for this guy we opted to not risk any problems and the subscription was canceled and refunded. I felt icky while doing that but it was for the best. Danged ethics. We provided no service for this payment (the other subscription is still in effect) and feel that it would be improper to keep the funds regardless of prior abuse. Ah well... On that note, I am finally *hopefully* going to get some sleep. Thanks for the catch. ;) Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From newandrew at rump.dk Mon Apr 3 12:15:46 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Mon Apr 3 07:20:03 2006 Subject: [SpamCop-List] Re: Spamcop Web Service? References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Neo Geshel mumbled in news:e0i7bq$dt2$1@news.spamcop.net: > Anonymous wrote: >> Neo Geshel wrote... >>> Is there a web service that I can connect to in terms of spam >>> reporti ng? What about spam submission? If there is nothing >>> now, will there be on e made available in the future? A XML-interface would be great! >>> I am looking to roll my own implementation of the ???report spa >>> m??? pages, to make them much more performance-orientated and cut >>> out features th at I have no need nor interest for. Additionally, >>> I would love to implem ent it as an AJAX app on my own server. >>> The problem is, the only way of reliably doing it without a web >>> servi ce is via screen-scraping, which breaks every time a >>> significant change to the reporting process is implemented. I >>> would rather not do it via screen scraping, so I am curious if >>> a web service is or will be available for members. It would be great - and it is great! I have build a system which does excactly what you describe - and yes it does break, when new features are introduced and changes made - but that actually doesn't happen that often! You need to use a module/system which is HTML "object" aware, which breaks the HTML up in pieces, e.g., the button: text, name, value, etc. I've made it as in inline browser in an application, i.e., it looks like a browser and acts like a browser, but does much more behind the scene! >> I am just a user, not an admin, but I would guess that Spamcop >> wishes to retain full control of what gets reported and what the >> reporter sees while doing it, and that avoiding false reports is >> a lot more important than "performance" (which I assume means >> "report many spams very quickly"). You are right. My system could easily be abused to report everything on sight but used correctly - which I think I do by running it in either Learn or Unattended mode. When in Learn mode I click on the checkboxes which need to be notified when the system doesn't recognize a spam and the system records the URL's, reporting addresses and my actions. When in Unattended more it just repeats my actions if the same spam reappears in my SpamCop reporting queue. Anything which does not look like something the system has been taught is discarded, i.e., cancelled. This of course will not report that many spammails because most of them differ in one way or another, e.g., a random change in the URL arguments, but I have implemented regular expression so I am able to catch any similar URL's. This just works wonders! >> I went through the same thinking at first, because I get a lot of >> spam and no (almost no?) ham on one address and would like to >> bulk-report it, but I came to realize that spamcop has spamtraps >> that do exactly that without the risk of a false report that I >> would be causing if I bu lk reported or even sped up my reporting >> and spent less time eying each spam. I decided that the best way >> for me to contribute my effort is to report the very freshest >> spam that I see, and to take the time to verif y that every >> report I send is a report of real spam. I think Spamcop needs >> quality a lot more than it needs quantity; they can get more >> spam any time they wish by setting up more spamtraps. The "problem" with the spamtraps is that only the abused mail gateway are reported but not the website URLs. When I have verified the first spam and tought the system I don't want to recheck the URLs again and again! I just want to report it! > The point is, I do all of my spam ???submission??? through a > program called MailWasher. That is the easy part. However, the > next step is to visit the site and click on the ???unreported > spam saved??? link. I catch spam through about 20 separate e-mail > accounts, which can amount to a rather large amount of spam per > day. Same here - several hundred a day - when I am lucky!!! When I am unlucky there may be several thousands!!! > What I *don???t* need, is all of the superfluous information and > extra text boxes that the on-site spam reporting methods provide > the end user with. All I really need is the two or three lines > showing the content of the spam (which also asks the user to make > sure it really is spam), the list of e-mail addys that it will > report to, and the ???submit report??? button. I don???t need the > (often) 200+ lines of detailed spam-parsing info (which still > comes up, even if you turn it off in the options), nor do I need > any of the form textareas that allow you to add additional > comments to the outgoing spam reports. And finally, I do not need > the summary page that shows me where reports were sent - I would > rather the page just default to the next piece of unreported spam > in the queue. A XML stream would allow you (and everybody else) to show whatever you want. > The only way I know around this is by customizing my own spam > reporting pages (which would be hosted on my own server), that > would screen scrape for any ???unreported spam saved??? links on > the submission page, and parse those pages for *only* the basic > information that I need. The easiest way would be via a web > service making use of SOAP or XMLHTTP. The other option would be > screen scraping, which would break whenever the layout of the > critical content that is being searched for changes. If only a XML interface was implemented all your (and my) prayers will be answered! But this will open up for abuse of the system, so I think this will be in our dreams! :-( Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From nobody at devnull.spamcop.net Mon Apr 3 08:48:45 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 3 08:50:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: "Mike Easter" wrote in message news:e0q94i$v6d$1@news.spamcop.net... > MrBill wrote: > > I just started reporting SPAM (I'm relatively new so be gentle), > > > I log into SpamCop, pasted the > > headers, then a line break, then the body of the Spam. > > I'm not sure about why you are having to perform the operation in that > fashion. I suspect that something is awry in how you are accessing the > complete headers which ideally should be attached to the raw spam, not > usually as two separate operations. > > The parsing of that spam which you mistakenly posted in your news > message indicates that you are handling your spam improperly. > > Your spam's header says this: > > > Content-Type: multipart/alternative; > > boundary="----------484BA784011A5A1" > > ... but what you posted was not in the condition of multipart > alternative with a boundary. What you pasted in here was a 'rendered' > spam, which multiparts had been 'digested' by your mailuser agent's > rendering engine. > > Since you are posting here with OE Outlook Express, it is likely that > your mailuser agent is also OE. I'm not sure why you jump to that conclusion. The missing boundary lines, the separate steps described, etc. seem to suggest to me that a version of Outlook is probably in uise.... noting that Outlook looks to Outlook Express as its default newsreader ... From MikeE at ster.invalid Mon Apr 3 07:28:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 09:30:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: WazoO wrote: > "Mike Easter" > I'm not sure why you jump to that conclusion. The missing boundary > lines, the separate steps described, etc. seem to suggest to me that > a version of Outlook is probably in uise.... noting that Outlook looks > to Outlook Express as its default newsreader ... You may be right, OL would give that result as well if not submitted to the OL/Eudora webparser. But there are a lot more OE users than OL users, so it comes down to which mistake is more likely; whether it is the much more prevalent OE user mistakenly rendering their spam and copying the rendered version in the manner which is described by my provider for submitting a spam to report^1 or an OL user submitting their rendered spam into the wrong webparser interface. I think I'm going to bet on OE instead of OL for my first guess, because of the proportions of OE users to OL users, and OL using the wrong parser interface for my second guess. ^1 In order to copy a link for illustrating EL's foolish instructions, I just went to EL's page which used to describe copying the headers separately from copying the rendered body for OE and then mailing it to junkmail, and that section now provides a web interface for the submission and describes proper copying from the source for OE. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 3 07:33:50 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 09:35:02 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: Roman wrote: > Castlecops created a new tool to report phishing scam emails, they use > it in trying to shutdown the phishing websites. > > http://castlecops.com/pirt Besides the webform, they also accept emailed phish http://wiki.castlecops.com/PIRT email to {pirt (AT) castlecops (DOT) com}. -- Mike Easter kibitzer, not SC admin From Contact at powermaster.cc Mon Apr 3 11:20:53 2006 From: Contact at powermaster.cc (Powermater) Date: Mon Apr 3 10:25:02 2006 Subject: [SpamCop-List] Spamcop thunderbird Message-ID: What is the best way to send reports to spamcop with thunderbird? As attachment or inline? From nobody at devnull.spamcop.net Mon Apr 3 10:52:24 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 3 10:55:03 2006 Subject: [SpamCop-List] Re: Spamcop thunderbird References: Message-ID: "Powermater" wrote in message news:e0rb0g$lbl$1@news.spamcop.net... > What is the best way to send reports to spamcop with thunderbird? As > attachment or inline? One answer; How to use Thunderbird to report multiple emails One users step by step example http://forum.spamcop.net/forums/index.php?showtopic=5307 From MikeE at ster.invalid Mon Apr 3 09:05:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 11:10:02 2006 Subject: [SpamCop-List] Re: Spamcop thunderbird References: Message-ID: Powermater wrote: > What is the best way to send reports to spamcop with thunderbird? As > attachment or inline? Forward as attachment -- R click on selected item or clump of items and select forward as attachment -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 09:45:49 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 11:50:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Geoffrey Hyde wrote... > > "D-W-S" wrote... > >>> I "top post" mostly when I'm discussing a URL as the first point of >>> interest in a reply I'm making. Call it what you will, but it makes >>> perfect sense to me, and as long as my email client permits me to do >>> it that way I'll do it that way. >> >> Yet another "screw your logic and I'll post how I like even if it makes >> it difficult for others to find out what the hell I'm on about" message. > > Whatever. *plonk* > > BTW I thought you or someone else had already plonked me long ago? Sheesh > the things you remember on the spur of the moment. I tend to killfile top-posters without telling them, and I know that I am not alone. May I gently suggest that you reconsider your policy of doing something that many people hate just because doing so makes sense to you? From nobody at devnull.spamcop.net Mon Apr 3 10:17:17 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 12:20:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: Marc W. Mengel wrote... > Anonymous wrote: >> >>>Who said we don't require confirmed opt-in, by the way? >> >> I direct your attention to >> http://www.cluelessmailers.org/info/listmanagement.html >> and http://www.mail-abuse.com/an_listmgntgdlines.html >> where you will see >> >> "If the confirmation is not returned to you from the submitted >> address, or the unique token is not present or does not match, >> then the subscription process should be aborted, and no further >> email should be sent to the submitted address" >> >> The spamtrap didn't return a confirmation, so it shouldn't be on >> your mailing list. You say that it is, so you cannot possibly be >> requiring confirmed opt-in. >> >> Either the spamtraps have suddenly became AIs that answer emails, >> or you send emails to addresses that failed to send a confirmation >> reply opting in. There are no other possibilities. > > Actually, it turns out some of our moderated lists send a "your message > has been forwarded to the moderator" message, and that's what has > been tripping spamcop's spamtraps. So you are saying that it's OK if your moderated lists send "your message has been forwarded to the moderator" messages to innocent victims who never sent a message to you? > Sure, it's worse odds than winning the lottery. But someone did win > the lottery yesterday. And a spamtrap address that looks random to an > english speaker may not look nearly as random to someone from Russia, or > China, or ... Now you are grasping at straws. You have a bunch of "subscribers" that were gathered by a spambot from webpages, and we both know it. You aren't fooling anyone. Unless those who hide spamtraps are idiots (and the lack of any of spamcop's many enemies subscribing the spamtraps to confirmed opt-in mailing lists tells me that they are not), the chances are a *lot* worse than the chances of winning the lottery. You are sending emails to large numbers of email addresses that somebody scraped off of the web, and we both know it. You (and everyone else) has utterly failed to describe a way to gather the addresses of the spamtraps without gathering many more addresses of humans, with no way to know which is which. Stop sending email to those who didn't ask for it. -- G.M. From nobody at devnull.spamcop.net Mon Apr 3 10:17:20 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 12:20:08 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote... > So apparently the issue is that some of our listserv lists are configured > as "moderated", which sends a response to the sender of the form "your > posting has been sent to a moderator..." If the above was true you would never be listed. The issue is that some of our listserv lists send responses to email addresses that are *not* senders of email to you, but are instead spamtraps that never subscribed in the first place and that never send any email of any kind. You seem supremely resistant to any suggestion that you stop sending email to addresses that never asked for your email, and as long as you refuse to do that, your email will be blocked by those who don't want your email. Actions have consequences. > Sure. But they shouldn't have to. I should be able to find out what > sort of crud is getting though our gateway so I can stop it. Yes. You should be able to do that. Alas, that isn't what you are asking for here. You are asking to be able to find that small subset of the crud you send that hits the spamtraps of one particular blocklist without doing anything about the crud you send that hits humans. > I was trying to point out that the automated system, as it stands, does > not provide the information that is needed to help discover the cause > of a problem, or to fix it, You have been told how to fix it again and again. Would you like me to give you the URLs for a fourth time? > and that simply listing someone without telling them why is not helpful. I find it to be very helpful indeed. It stops people like you (that is to say, people who send email to those who don't want it) from sending email to me, and it stops people like you from cleaning the spamtraps off of their mailing lists while keeping my email address on the lists. > However, I was also genuinely hoping someone here had a constructive > suggestion (other than "make your list confirmed opt-in" And I was genuinely hoping someone here had a constructive suggestion for losing weight (other than "eat less and exercise more"). I got over my disapointment and started hitting the gym three times a week. I suggest that yoou get over your disapointment and make your list confirmed opt-in. Or keep getting on blocklists. Those are your only choices. > Of course I realize people are skeptical of list-washing. The problem is > the assumption that "you must be a spammer or you wouldn't be here", > which is really downright offensive. You send email to email addresses that never asked for your email. Lots of it. You refuse to stop. You send email to email addresses that were harvested from webpages by a spambot. Lots of it. You refuse to stop. Explain in what way you differ from a spammer. -- G.M. From nobody at spamcop.net Mon Apr 3 10:41:05 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 12:45:03 2006 Subject: [SpamCop-List] Re: *sniff* another personal tragedy for a 419'er References: Message-ID: <14kzv2ym6dy1.dlg@news.spamcop.net> On Sun, 2 Apr 2006 23:02:59 -0700, RandallW wrote: > http://www.spamcop.net/sc?id=z911994022z4be8cef662b2005feb62684b86aa2ecbz > > Her mother died two hours after she gave 'bet' to her. Gosh! I thought it was well-known that 'bet' has some serious, even fatal side effects, and, thus, should only be given to someone under the close supervision of a licensed veterinarian! -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Mon Apr 3 10:45:47 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 12:50:03 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: On Mon, 3 Apr 2006 14:23:51 +0800, Daniel wrote: > Recently my domain which was hosted in US was blocked due to report that > spamming comes from my hosting server. The issue is only some user > experience the blocking. How could this be ? Btw does every domain > registered for spamcop ? Thanks SpamCop does not list domains. SpamCop lists IP addresses. It would help to know which IP address was blocked. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From dave.topping at spamcop.net Mon Apr 3 18:54:29 2006 From: dave.topping at spamcop.net (Dave Topping) Date: Mon Apr 3 12:55:04 2006 Subject: [SpamCop-List] Re: Redirecting spamcop complaints to submission address? References: Message-ID: "Jeff G." wrote in message news:e0pkql$kho$1@news.spamcop.net... > Dave Topping wrote: >> Some of the email accounts I have are Horde based, which only appears >> to offer a REDIRECT instead of forward as attachement option. >> >> Is it possible to configure my spamcop account to accept any and all >> email sent to the submit address for prossessing? > > Yes, you can use a Horde REDIRECT to redirect spam messages to your > Spamcop Email System Account, and then Report as normal from there. You > can also ask your other MSPs (Mail Service Providers) to provide a > "forward as attachment" or "forward inline" capability that includes all > of the Header Lines. > > -- > Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > Thank you! From wb8tyw at qsl.network Mon Apr 3 13:42:59 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Apr 3 13:45:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: In article , "Mike Easter" writes: > Jeff G. wrote: >> Mike Easter wrote: >>> the parser is >>> configured to report the originating IP to the news provider, not the >>> source provider. >> >> I think it should report to both. > > Okey dokey -- that is fine with me, five by five. Previous discussions on one of the spamcop newsgroups indicated that it was trivial for some spammers to fake or hide the originating IP, and that is why the spamcop.net parser ignores it. Someone who knows more about nntp than I do would have a better idea. -John wb8tyw@qsl.network Personal Opinion Only From DougThegarden at invalid.com Mon Apr 3 19:52:16 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon Apr 3 13:55:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails In-Reply-To: References: Message-ID: Roman wrote: > Hello > > Castlecops created a new tool to report phishing scam emails, they use > it in trying to shutdown the phishing websites. > > http://castlecops.com/pirt > > I thought it might be useful for Spamcop reporters, altough I have not > used it myself yet. > I've been using Netcraft for some time now and very well it works too. Comes with a very nice toolbar that gives you lots of useful information about the domain you are on such as host and hosting location, first registration date etc that is useful beyond phishing alone. http://toolbar.netcraft.com/ Doug From MikeE at ster.invalid Mon Apr 3 11:58:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 14:00:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: John E. Malmberg wrote: > Previous discussions on one of the spamcop newsgroups indicated that > it was trivial for some spammers to fake or hide the originating IP, and > that is why the spamcop.net parser ignores it. > > Someone who knows more about nntp than I do would have a better idea. No, it is difficult to 'forge' [fake or hide] the originating IP on a system like news.spamcop.net which puts an NNTP-Posting-Host line representing the IP which connected with the newsserver. The most common IP 'abuse' of the SC newsserver is the occasional troll spoofing other regulars' handles and abusing an open proxy for connecting to the newsserver. As a general rule, problem usenet newsgroup posters /are/ difficult to track, for one reason or another. The most common problem is that there isn't an NNTP posting host line information by configuration choice of the newsserver for the message's posting. The next most common problem is that there is often forgery in the Path line. The next most common problem is that the post can be made by anonymous remailers. Then next comes the anonymity of using or abusing an open proxy, or of using a 'paid' proxy service. -- Mike Easter kibitzer, not SC admin From brotherjonah at adelphia.net Mon Apr 3 12:50:30 2006 From: brotherjonah at adelphia.net (jonah) Date: Mon Apr 3 14:05:03 2006 Subject: [SpamCop-List] what a bunch of fascist crap Message-ID: i sent an email to a merchant asking for information about a specific bb gun. And got a bullshit answer that my email had been blocked even though i have never spammed anybody. ironically, the company to whom the mail was directed are blacklisted by other freedom limiting bullshit fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi mentality. To the maintainers of these pig organizations : fuck you in your storm trooper asses. on the other hand that is probably something you coward Nazi fucks enjoy. From DougThegarden at invalid.com Mon Apr 3 20:02:59 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon Apr 3 14:05:07 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Roman wrote: >> Hello >> >> Castlecops created a new tool to report phishing scam emails, they use >> it in trying to shutdown the phishing websites. >> >> http://castlecops.com/pirt >> >> I thought it might be useful for Spamcop reporters, altough I have not >> used it myself yet. >> > > I've been using Netcraft for some time now and very well it works too. > Interesting, the top reporter on the Netcraft leaderboard is user CastleCops. http://toolbar.netcraft.com/stats/reporters. Netcraft offers an iPod or equivalent for the top reporter. I do hope Castlecops are not misusing reports sent to them to generate a few freebies for themselves. That would be a bit naughty Doug From Merlyn at Spamcop.net Mon Apr 3 15:13:01 2006 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Apr 3 14:15:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote in message news:e0rnuj$tkf$1@news.spamcop.net... >i sent an email to a merchant asking for information about a specific bb >gun. And got a bullshit answer that my email had been blocked even though i >have never spammed anybody. Hahahahahaha Wait,,, I can't stop laughing....... > ironically, the company to whom the mail was directed are blacklisted by > other freedom limiting bullshit fascist pig sites as CyberPatrol, > CyberNanny and others of like Nazi mentality. Hahahahahaha Ok,,, I will stop laughing....... > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. Hahahahahaha Ok,,, give me a second, I will stop....... > on the other hand that is probably something you coward Nazi fucks enjoy. I lied! Hahahahahaha -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From tmcgraw at spamcop.net Mon Apr 3 12:41:12 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 3 14:45:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jonah wrote: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. Thank you for sharing, and we hope your visit to the Internet has been memorable. From MikeE at ster.invalid Mon Apr 3 13:14:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 15:15:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: jonah wrote: > my email had been blocked even > though i have never spammed anybody. If you would like to find out what caused that you should give the IP address which was blocked. An IP address looks like 68.168.78.104 At the present time, I don't know of any adelphia servers which are spamcop blocklisted. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 16:25:58 2006 From: nobody at devnull.spamcop.net (POP) Date: Mon Apr 3 15:30:02 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: OK, plonk me; I don't want your responses anyway and they'd use less real estate that way. "Anonymous" wrote in message news:e0rfve$o6l$1@news.spamcop.net... > > Geoffrey Hyde wrote... >> >> "D-W-S" wrote... >> >>>> I "top post" mostly when I'm discussing a URL as the first >>>> point of >>>> interest in a reply I'm making. Call it what you will, but >>>> it makes >>>> perfect sense to me, and as long as my email client permits >>>> me to do >>>> it that way I'll do it that way. >>> >>> Yet another "screw your logic and I'll post how I like even >>> if it makes >>> it difficult for others to find out what the hell I'm on >>> about" message. >> >> Whatever. *plonk* >> >> BTW I thought you or someone else had already plonked me long >> ago? Sheesh the things you remember on the spur of the >> moment. > > I tend to killfile top-posters without telling them, and I know > that I am > not alone. May I gently suggest that you reconsider your > policy of doing > something that many people hate just because doing so makes > sense to you? > > > From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 15:30:10 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 15:35:02 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: <443177C2.A4C7454D@SpamCop.devnull.diespammerdie.net> Doug Thegarden wrote: > > Roman wrote: > > Hello > > > > Castlecops created a new tool to report phishing scam emails, they use > > it in trying to shutdown the phishing websites. > > > > http://castlecops.com/pirt > > > > I thought it might be useful for Spamcop reporters, altough I have not > > used it myself yet. > > > > I've been using Netcraft for some time now and very well it works too. Doug, Roman, Thanks for the info. I use Netcraft, too, although just for phish reporting -- have a couple of hits on previously-unreporting phishing URL's to my credit, although their real champions have dozens, scores. Netcraft also has a current story, dated last Monday, about a new criminal phishing exploit against three banking websites belonging to banks in northern Florida. They actually got into the banks' websites and were able to redirect customers to a spoof page. A guy I know does Net security professionally, and he's been telling me for a couple of years to stay away from online banking/investing, to do it the old way, with letters and check redemptions and signature guarantees signed by my banker. He also warns against WAN's and LAN's, although I think he's okay with PAN's because of their small footprint (although a couple of Israeli security consultants did manage, a couple of years ago, to pull the first Bluetooth spoof ever, on a subway car, getting close enough to a Bluetooth-enabled PDA to do an interrupt and hijack the PDA session). Regards, Michael From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 15:42:59 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 15:45:03 2006 Subject: [SpamCop-List] Whiffenpoof Trojan Distributor Message-ID: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Could I get an opinion on this? I received a UCE spam with no sender last night. The attachment, a zipped file, contained a Trojan downloader app rated a "modest" threat by Trend Micro, called by Grisoft AVG "Trojan horse Downloader.Generic.UEQ". I thought about it and decided there was a possiblity that this wasn't just a virus e-mail spewed by an infected machine, because the Reply-to was another address at my ISP. What are the odds? I submitted the spam (w/o attachment) and got this report, which I cancelled after further thought: http://www.spamcop.net/sc?id=z912130175zf4e02f616bf705d9039da6a81bf6b1c9z The parser identified the sender as a computer in Burma, Re: 202.185.73.78 (Administrator of network where email originates) ng@cc.um.edu.my which lengthened the odds again in favor of a deliberate attempt by a spammer (Ruslan Ibragimov came to mind as a proliferator) to propagate Trojans to my ISP's subscribers for some reason. I decided on a manual LART to the owner of the Burmese computer and sent it off, and I got this: "Failed to deliver to 'ng@cc.um.edu.my' SMTP module(domain @206.180.145.133:cc.um.edu.my) reports: umcsd.um.edu.my: no DNS A-data returned" Now I'm very puzzled. What is going on here? How could SpamCop report a working address on an IP they just parsed, only to have a mail to that address rejected as (apparently) nonexistent? Just wondering, Michael From Contact at powermaster.cc Mon Apr 3 17:03:29 2006 From: Contact at powermaster.cc (Powermater) Date: Mon Apr 3 16:05:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jonah wrote: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. > sounds like a spammer to me. From MikeE at ster.invalid Mon Apr 3 14:12:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 16:15:04 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > I received a UCE spam with no sender last night. The attachment, a > zipped file, contained a Trojan downloader app rated a "modest" threat > by Trend Micro, called by Grisoft AVG "Trojan horse > Downloader.Generic.UEQ". Plain ol' vanilla run-of-the mill propagation. Nothing mysterious. > I thought about it and decided there was a possiblity that this wasn't > just a virus e-mail spewed by an infected machine, There you go, thinking again. I don't know why you would think of unicorns when you hear hoofbeats. > because the > Reply-to was another address at my ISP. That means nothing. > What are the odds? Excellent odds. 1 -- or 100% -- or something less than 1 or 100%. That is, there is nothing unusual about a propagation being so configured. The Reply-To can be derived any old way the gizmo is configured. > I > submitted the spam (w/o attachment) and got this report, which I > cancelled after further thought: And what was that thinking about ? > The parser identified the sender as a computer in Burma, > Re: 202.185.73.78 (Administrator of network where email originates) Correct. > ng@cc.um.edu.my Not correct. That is an old address for the notify for the provider. But the provider's notify is now something else inetnum: 202.184.0.0 - 202.185.255.255 netname: JARING-MY descr: Technology Park Malaysia trouble: send spam and abuse reports trouble: to abuse@jaring.my So, I refreshed the SC cache and now it sez something else for 202.185.73.78 Parsing input: 202.185.73.78 Reporting addresses: postmaster@jaring.my abuse@jaring.my > which lengthened the odds again in favor of a deliberate attempt by a > spammer (Ruslan Ibragimov came to mind as a proliferator) to propagate > Trojans to my ISP's subscribers for some reason. Balderdash. I don't know why some people are always thinking they are being selectively targetted by viral propagations. The way viruses work is that they are able to get addresses from all kinds of places. Don't sit around thinking they are 'normally' sent to people in the addressbook of the propagator. You don't have to have any connection to the propagator box at all. > I decided on a > manual LART to the owner of the Burmese computer and sent it off, and > I got this: The address SC gives you is the apnic contact derived provider notify addy, not the email addy of the IP's owner. > "Failed to deliver to 'ng@cc.um.edu.my' > SMTP module(domain @206.180.145.133:cc.um.edu.my) reports: > umcsd.um.edu.my: no DNS A-data returned" Mail for cc.um.edu.my is handled by umcsd.um.edu.my dns umcsd.um.edu.my No DNS for this address (host doesn't exist) So, the problem is that the hostname's MX went away, so that old addy is NG for ng :-) where the first NG means 'no good' > Now I'm very puzzled. What is going on here? How could SpamCop > report a working address on an IP they just parsed, only to have a > mail to that address rejected as (apparently) nonexistent? SC doesn't report a 'working address'. SC gives you the derived contact for the source provider. In this case, that contact was derived from a stale cache, which has now been refreshed and gives a different result. -- Mike Easter kibitzer, not SC admin From notavalidemail at theabyss123.com Mon Apr 3 17:17:12 2006 From: notavalidemail at theabyss123.com (MrBill) Date: Mon Apr 3 16:20:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike, I read your "windy answer," and quickly determined my problem was "operator error" in how The Bat v3 handles the headers. Saving the message in its original form then pasting the info into SC worked like a charm. Wind or no wind, I thank you very much for your time and assistance. Bill "Mike Easter" wrote in message news:e0qbil$13h$1@news.spamcop.net... > Mike Easter wrote: >> This is a shorter, more direct answer than the windy one. > > BTW, for me, the windy answer is very very quick. The short direct > terse or succinct answer takes me much more time than the long drawn out > windy answer which flows freely and easily as I go along trying to > figure out where I am going. It isn't until all of that is done that I > can begin to 'analyze' that the answer to the original question wasn't > what was expected when I started answering. > > If you think I should figure out where I'm going to end up before I > start, you're crazy. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Mon Apr 3 14:35:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 16:40:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I read your "windy answer," and quickly determined my problem was > "operator error" in how The Bat v3 handles the headers. Saving the > message in its original form then pasting the info into SC worked > like a charm. Good. SC has some faq info for using the Bat to submit, two older versions at http://www.spamcop.net/fom-serve/cache/228.html So, if neither of those is correct, you might want to mention it. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Apr 3 17:53:03 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Apr 3 16:55:03 2006 Subject: [SpamCop-List] SpamAssassin score of 68.6! Message-ID: <44318B2F.C8B07486@spamcop.net> So, has SpamAssassin gotten better at finding pump-and-dump spam, or have the pump-and-dumpers gotten "better" at hitting SpamAssassin traps? Typically, I get less than one apsm a week which rates higher than 50 on the SpamAssassin scale, and those are almost always in BIG5 text. But, this past weekend, I have about 10 spams -- all pump-and-dump stock scams -- which are over 50, and the highest (so far) scored 68.6 on the SA meter. (See "Stock Maven Newsletter -- SpamAssassin score of 68.6" in the .spam group.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From gezgin at spamcop.net Tue Apr 4 01:08:34 2006 From: gezgin at spamcop.net (gezgin) Date: Mon Apr 3 17:10:04 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote in message news:e0rnuj$tkf$1@news.spamcop.net... >i sent an email to a merchant asking for information about a specific bb Boy, you lost that argument the moment you opened your mouth. http://en.wikipedia.org/wiki/Godwin's_law -- Bob http://www.kanyak.com From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 17:18:52 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 17:20:02 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Message-ID: <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Michael Brennan wrote: > > > I received a UCE spam with no sender last night. > > > The parser identified the sender as a computer in Burma, > > > Re: 202.185.73.78 (Administrator of network where email originates) > > Correct. > > > ng@cc.um.edu.my > > Not correct. That is an old address for the notify for the provider. > But the provider's notify is now something else > > I don't know why some people are always thinking they are > being selectively targetted by viral propagations. If it's viral, of course not. Operative word, "if". I get a few viral propagations and don't bother about them if they look like normal viral sends. The question here was whether it was a viral propagation, or a spammer propagation, through a proxy, of a Trojanizing downloader, targeting a specific ISP's subscribers for some unknown reason. If the former, I don't bother with SpamCop. If the latter, it's fair game on a foul, metastasizing spammer. I split the difference and tried to see where it came from first, before deciding. I eventually decided it was viral, cancelled the report, and then had second thoughts, hence the question to the newsgroup. > Don't sit around thinking they are 'normally' sent to people in the > addressbook of the propagator. You don't have to have any connection to > the propagator box at all. If the propagator isn't a virm but a person, then they might have a purpose and a target in mind. The identity of the addee's and Reply-to's URL was suspicious, to me, of an intention beyond viral randomness. > > dns umcsd.um.edu.my > No DNS for this address > (host doesn't exist) > > So, the problem is that the hostname's MX went away, so that old addy is > NG for ng :-) where the first NG means 'no good' > > > Now I'm very puzzled. What is going on here? How could SpamCop > > report a working address on an IP they just parsed, only to have a > > mail to that address rejected as (apparently) nonexistent? > > SC doesn't report a 'working address'. SC gives you the derived contact > for the source provider. In this case, that contact was derived from a > stale cache, which has now been refreshed and gives a different result. > Thanks for the update, I'll try a manual lart to the refreshed contact address to see if they can do something about their compromised subscriber -- thanks for correcting Mr. ng's NG addy in the ng. Michael From bar_n0ne at hotmail.com Mon Apr 3 17:29:31 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 3 17:30:03 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net... > The question here was whether it was a viral propagation, or a spammer > propagation, through a proxy, of a Trojanizing downloader, targeting a > specific ISP's subscribers for some unknown reason. If the former, I > don't bother with SpamCop. If the latter, it's fair game on a foul, > metastasizing spammer. I split the difference and tried to see where it > came from first, before deciding. I eventually decided it was viral, > cancelled the report, and then had second thoughts, hence the question > to the newsgroup. Nowadays, Viral propagation is engineered exactly like spam propagation and often with the same purpose in mind. Do you think anyone actually sat down and thought about whether to send you (M. Brennan) the latest medz spam? well, no more, or less than those who propagate viruses. Occasionally someone spiteful might do this, but that happens with spam also. Personally I think penis enlargement spams are most often sent out of spite, since among my admittedly statistically meaningless sample, only spam reporters get them any more. If you don't want to LART Viruses, fine, but otherwise they deserve no more or less pondering than any other spam from the standpoint of LARTing. From nobody at devnull.spamcop.net Mon Apr 3 16:54:11 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 18:55:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote... >i sent an email to a merchant asking for information about a specific bb >gun. And got a bullshit answer that my email had been blocked even though i >have never spammed anybody. ironically, the company to whom the mail was >directed are blacklisted by other freedom limiting bullshit fascist pig >sites as CyberPatrol, CyberNanny and others of like Nazi mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. You swine. You vulgar little maggot. You worthless bag of filth. As we say in Texas, you couldn't pour water out of a boot with instructions printed on the heel. You are a canker, an open wound. I would rather kiss a lawyer than be seen with you. You took your last vacation in the Islets of Langerhans. You're a putrescent mass, a walking vomit. You are a spineless little worm deserving nothing but the profoundest contempt. You are a jerk, a cad, and a weasel. I take that back; you are a festering pustule on a weasel's rump. Your life is a monument to stupidity. You are a stench, a revulsion, a big suck on a sour lemon. I will never get over the embarrassment of belonging to the same species as you. You are a monster, an ogre, a malformity. I barf at the very thought of you. You have all the appeal of a paper cut. Lepers avoid you. You are vile, worthless, less than nothing. You are a weed, a fungus, the dregs of this earth. You are a technicolor yawn. And did I mention that you smell? You are a squeaking rat, a mistake of nature and a heavy-metal bagpipe player. You were not born. You were hatched into an unwilling world that rejects the likes of you. You didn't crawl out of a normal egg, either, but rather a mutant maggot egg rejected by an evil scientist as being below his low standards. Your alleged parents abandoned you at birth and then died of shame in recognition of what they had done to an unsuspecting world. They were a bit late. Try to edit your responses of unnecessary material before attempting to impress us with your insight. The evidence that you are a nincompoop will still be available to readers, but they will be able to access it ever so much more rapidly. If cluelessness were crude oil, your scalp would be crawling with caribou. You are a thick-headed trog. I have seen skeet with more sense than you have. You are a few bricks short of a full load, a few cards short of a full deck, a few bytes short of a full core dump, and a few chromosomes short of a full human. Worse than that, you top-post. God created houseflies, cockroaches, maggots, mosquitos, fleas, ticks, slugs, leeches, and intestinal parasites, then he lowered his standards and made you. I take it back; God didn't make you. You are Satan's spawn. You are Evil beyond comprehension, half-living in the slough of despair. You are the entropy which will claim us all. You are a green-nostriled, crossed eyed, hairy-livered inbred trout-defiler. You make Ebola look good. You are weary, stale, flat and unprofitable. You are grimy, squalid, nasty and profane. You are foul and disgusting. You're a fool, an ignoramus. Monkeys look down on you. Even sheep won't have sex with you. You are unreservedly pathetic, starved for attention, and lost in a land that reality forgot. You are not ANSI compliant and your markup doesn't validate. You have a couple of address lines shorted together. You should be promoted to Engineering Manager. Do you really expect your delusional and incoherent ramblings to be read? Everyone plonked you long ago. Do you fantasize that your tantrums and conniption fits could possibly be worth the $0.000000001 worth of electricity used to send them? Your life is one big W.O.M.B.A.T. and your future doesn't look promising either. We need to trace your bloodline and terminate all siblings and cousins in order to cleanse humanity of your polluted genes. The good news is that no normal human would ever mate with you, so we won't have to go into the sewers in search of your git. You are a waste of flesh. You have no rhythm. You are ridiculous and obnoxious. You are the moral equivalent of a leech. You are a living emptiness, a meaningless void. You are sour and senile. You are a loathsome disease, a drooling inbred cross-eyed toesucker. You make Quakers shout and strike Pentecostals silent. You have a version 1.0 mind in a version 6.12 world. Your mother had to tie a pork chop around your neck just to get your dog to play with you. You think that HTTP://WWW.GUYMACON.COM/FUN/INSULT/INDEX.HTM is the name of a rock band. You believe that P.D.Q. Bach is the greatest composer who ever lived. You prefer L. Ron Hubbard to Larry Niven and Jerry Pournelle. Hee-Haw is too deep for you. You would watch test patterns all day if the other inmates would let you. On a good day you're a half-wit. You remind me of drool. You are deficient in all that lends character. You have the personality of wallpaper. You are dank and filthy. You are asinine and benighted. Spammers look down on you. Phone sex operators hang up on you. Telemarketers refuse to be seen in public with you. You are the source of all unpleasantness. You spread misery and sorrow wherever you go. May you choke on your own foolish opinions. You are a Pusillanimous galactophage and you wear your sister's training bra. Don't bother opening the door when you leave - you should be able to slime your way out underneath. I hope that when you get home your mother runs out from under the porch and bites you. You smarmy lagerlout git. You bloody woofter sod. Bugger off, pillock. You grotty wanking oik artless base-court apple-john. You clouted boggish foot-licking half-twit. You dankish clack-dish plonker. You gormless crook-pated tosser. You bloody churlish boil-brained clotpole ponce. You craven dewberry pisshead cockup pratting naff. You cockered bum-bailey poofter. You gob-kissing gleeking flap-mouthed coxcomb. You dread-bolted fobbing beef-witted clapper-clawed flirt-gill. May your spouse be blessed with many bastards. You are so clueless that if you dressed in a clue skin, doused yourself in clue musk, and did the clue dance in the middle of a field of horny clues at the height of clue mating season, you still would not have a clue. If you were a movie you would be a double feature; _Battlefield_Earth_ and _Moron_Movies_II_. You would be out of focus. You are a fiend and a sniveling coward, and you have bad breath. You are the unholy spawn of a bandy-legged hobo and a syphilitic camel. You wear strangely mismatched clothing with oddly placed stains. You are degenerate, noxious and depraved. I feel debased just knowing that you exist. I despise everything about you, and I wish you would go away. You are jetsam who dreams of becoming flotsam. You won't make it. I beg for sweet death to come and remove me from a world which became unbearable when you crawled out of a harpy's lair. It is hard to believe how incredibly stupid you are. Stupid as a stone that the other stones make fun of. So stupid that you have traveled far beyond stupid as we know it and into a new dimension of stupid. Meta-stupid. Stupid cubed. Trans-stupid stupid. Stupid collapsed to a singularity where even the stupons have collapsed into stuponium. Stupid so dense that no intelligence can escape. Singularity stupid. Blazing hot summer day on Mercury stupid. You emit more stupid in one minute than our entire galaxy emits in a year. Quasar stupid. It cannot be possible that anything in our universe can really be this stupid. This is a primordial fragment from the original big stupid bang. A pure extract of stupid with absolute stupid purity. Stupid beyond the laws of nature. I must apologize. I can't go on. This is my epiphany of stupid. After this experience, you may not hear from me for a while. I don't think that I can summon the strength left to mock your moronic opinions and malformed comments about boring trivia or your other drivel. Duh. The only thing worse than your logic is your manners. I have snipped away most of your of what you wrote, because, well ... it didn't really say anything. Your attempt at constructing a creative flame was pitiful. I mean, really, stringing together a bunch of insults among a load of babbling was hardly effective... Maybe later in life, after you have learned to read, write, spell, and count, you will have more success. True, these are rudimentary skills that many of us "normal" people take for granted that everyone has an easy time of mastering. But we sometimes forget that there are "challenged" persons in this world who find these things to be difficult. If I had known that this was true in your case then I would have never have exposed myself to what you wrote. It just wouldn't have been "right." Sort of like parking in a handicap space. I wish you the best of luck in the emotional, and social struggles that seem to be placing such a demand on you. P.S.: You are hypocritical, greedy, violent, malevolent, vengeful, cowardly, deadly, mendacious, meretricious, loathsome, despicable, belligerent, opportunistic, barratrous, contemptible, criminal, fascistic, bigoted, racist, sexist, avaricious, tasteless, idiotic, brain-damaged, imbecilic, insane, arrogant, deceitful, demented, lame, self-righteous, byzantine, conspiratorial, satanic, fraudulent, libelous, bilious, splenetic, spastic, ignorant, clueless, EDLINoid, illegitimate, harmful, destructive, dumb, evasive, double-talking, devious, revisionist, narrow, manipulative, paternalistic, fundamentalist, dogmatic, idolatrous, unethical, cultic, diseased, suppressive, controlling, restrictive, malignant, deceptive, dim, crazy, weird, dyspeptic, stifling, uncaring, plantigrade, grim, unsympathetic, jargon-spouting, censorious, secretive, aggressive, mind-numbing, arassive, poisonous, flagrant, self-destructive, abusive, socially-retarded, puerile, and Generally Not Good. I hope this helps... -- G.M. From scamper at trisk.com Mon Apr 3 18:45:17 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Mon Apr 3 19:45:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: Anonymous wrote: > "jonah" wrote... > >> i sent an email to a merchant asking for information about a specific bb >> gun. And got a bullshit answer that my email had been blocked even though i >> have never spammed anybody. ironically, the company to whom the mail was >> directed are blacklisted by other freedom limiting bullshit fascist pig >> sites as CyberPatrol, CyberNanny and others of like Nazi mentality. >> To the maintainers of these pig organizations : fuck you in your storm >> trooper asses. on the other hand that is probably something you coward >> Nazi fucks enjoy. > > You swine. You vulgar little maggot. You worthless bag of filth. As we > say in Texas, you couldn't pour water out of a boot with instructions > printed on the heel. You are a canker, an open wound. I would rather > kiss a lawyer than be seen with you. You took your last vacation in > the Islets of Langerhans. > > You're a putrescent mass, a walking vomit. You are a spineless little > worm deserving nothing but the profoundest contempt. You are a jerk, a > cad, and a weasel. I take that back; you are a festering pustule on a > weasel's rump. Your life is a monument to stupidity. You are a stench, > a revulsion, a big suck on a sour lemon. > > I will never get over the embarrassment of belonging to the same > species as you. You are a monster, an ogre, a malformity. I barf at > the very thought of you. You have all the appeal of a paper cut. > Lepers avoid you. You are vile, worthless, less than nothing. You are > a weed, a fungus, the dregs of this earth. You are a technicolor yawn. > And did I mention that you smell? > > You are a squeaking rat, a mistake of nature and a heavy-metal bagpipe > player. You were not born. You were hatched into an unwilling world > that rejects the likes of you. You didn't crawl out of a normal egg, > either, but rather a mutant maggot egg rejected by an evil scientist > as being below his low standards. Your alleged parents abandoned you > at birth and then died of shame in recognition of what they had done > to an unsuspecting world. They were a bit late. > > Try to edit your responses of unnecessary material before attempting > to impress us with your insight. The evidence that you are a > nincompoop will still be available to readers, but they will be able > to access it ever so much more rapidly. If cluelessness were crude > oil, your scalp would be crawling with caribou. > > You are a thick-headed trog. I have seen skeet with more sense than > you have. You are a few bricks short of a full load, a few cards short > of a full deck, a few bytes short of a full core dump, and a few > chromosomes short of a full human. Worse than that, you top-post. God > created houseflies, cockroaches, maggots, mosquitos, fleas, ticks, > slugs, leeches, and intestinal parasites, then he lowered his > standards and made you. I take it back; God didn't make you. You are > Satan's spawn. You are Evil beyond comprehension, half-living in the > slough of despair. You are the entropy which will claim us all. You > are a green-nostriled, crossed eyed, hairy-livered inbred > trout-defiler. You make Ebola look good. > > You are weary, stale, flat and unprofitable. You are grimy, squalid, > nasty and profane. You are foul and disgusting. You're a fool, an > ignoramus. Monkeys look down on you. Even sheep won't have sex with > you. You are unreservedly pathetic, starved for attention, and lost in > a land that reality forgot. You are not ANSI compliant and your markup > doesn't validate. You have a couple of address lines shorted together. > You should be promoted to Engineering Manager. > > Do you really expect your delusional and incoherent ramblings to be > read? Everyone plonked you long ago. Do you fantasize that your > tantrums and conniption fits could possibly be worth the $0.000000001 > worth of electricity used to send them? Your life is one big > W.O.M.B.A.T. and your future doesn't look promising either. We need to > trace your bloodline and terminate all siblings and cousins in order > to cleanse humanity of your polluted genes. The good news is that no > normal human would ever mate with you, so we won't have to go into the > sewers in search of your git. > > You are a waste of flesh. You have no rhythm. You are ridiculous and > obnoxious. You are the moral equivalent of a leech. You are a living > emptiness, a meaningless void. You are sour and senile. You are a > loathsome disease, a drooling inbred cross-eyed toesucker. You make > Quakers shout and strike Pentecostals silent. You have a version 1.0 > mind in a version 6.12 world. Your mother had to tie a pork chop > around your neck just to get your dog to play with you. You think > that HTTP://WWW.GUYMACON.COM/FUN/INSULT/INDEX.HTM is the name of a > rock band. You believe that P.D.Q. Bach is the greatest composer who > ever lived. You prefer L. Ron Hubbard to Larry Niven and Jerry > Pournelle. Hee-Haw is too deep for you. You would watch test patterns > all day if the other inmates would let you. > > On a good day you're a half-wit. You remind me of drool. You are > deficient in all that lends character. You have the personality of > wallpaper. You are dank and filthy. You are asinine and benighted. > Spammers look down on you. Phone sex operators hang up on you. > Telemarketers refuse to be seen in public with you. You are the source > of all unpleasantness. You spread misery and sorrow wherever you go. > May you choke on your own foolish opinions. You are a Pusillanimous > galactophage and you wear your sister's training bra. Don't bother > opening the door when you leave - you should be able to slime your > way out underneath. I hope that when you get home your mother runs > out from under the porch and bites you. > > You smarmy lagerlout git. You bloody woofter sod. Bugger off, pillock. > You grotty wanking oik artless base-court apple-john. You clouted > boggish foot-licking half-twit. You dankish clack-dish plonker. You > gormless crook-pated tosser. You bloody churlish boil-brained clotpole > ponce. You craven dewberry pisshead cockup pratting naff. You cockered > bum-bailey poofter. You gob-kissing gleeking flap-mouthed coxcomb. You > dread-bolted fobbing beef-witted clapper-clawed flirt-gill. May your > spouse be blessed with many bastards. > > You are so clueless that if you dressed in a clue skin, doused yourself > in clue musk, and did the clue dance in the middle of a field of horny > clues at the height of clue mating season, you still would not have a > clue. If you were a movie you would be a double feature; > _Battlefield_Earth_ and _Moron_Movies_II_. You would be out of focus. > > You are a fiend and a sniveling coward, and you have bad breath. You > are the unholy spawn of a bandy-legged hobo and a syphilitic camel. > You wear strangely mismatched clothing with oddly placed stains. You > are degenerate, noxious and depraved. I feel debased just knowing that > you exist. I despise everything about you, and I wish you would go > away. You are jetsam who dreams of becoming flotsam. You won't make > it. I beg for sweet death to come and remove me from a world which > became unbearable when you crawled out of a harpy's lair. > > It is hard to believe how incredibly stupid you are. Stupid as a stone > that the other stones make fun of. So stupid that you have traveled > far beyond stupid as we know it and into a new dimension of stupid. > Meta-stupid. Stupid cubed. Trans-stupid stupid. Stupid collapsed to > a singularity where even the stupons have collapsed into stuponium. > Stupid so dense that no intelligence can escape. Singularity stupid. > Blazing hot summer day on Mercury stupid. You emit more stupid in one > minute than our entire galaxy emits in a year. Quasar stupid. It cannot > be possible that anything in our universe can really be this stupid. > This is a primordial fragment from the original big stupid bang. A pure > extract of stupid with absolute stupid purity. Stupid beyond the laws > of nature. I must apologize. I can't go on. This is my epiphany of > stupid. After this experience, you may not hear from me for a while. > I don't think that I can summon the strength left to mock your moronic > opinions and malformed comments about boring trivia or your other > drivel. Duh. > > The only thing worse than your logic is your manners. I have snipped > away most of your of what you wrote, because, well ... it didn't > really say anything. Your attempt at constructing a creative flame was > pitiful. I mean, really, stringing together a bunch of insults among a > load of babbling was hardly effective... Maybe later in life, after > you have learned to read, write, spell, and count, you will have more > success. True, these are rudimentary skills that many of us "normal" > people take for granted that everyone has an easy time of mastering. > But we sometimes forget that there are "challenged" persons in this > world who find these things to be difficult. If I had known that this > was true in your case then I would have never have exposed myself to > what you wrote. It just wouldn't have been "right." Sort of like > parking in a handicap space. I wish you the best of luck in the > emotional, and social struggles that seem to be placing such a > demand on you. > > P.S.: You are hypocritical, greedy, violent, malevolent, vengeful, > cowardly, deadly, mendacious, meretricious, loathsome, despicable, > belligerent, opportunistic, barratrous, contemptible, criminal, > fascistic, bigoted, racist, sexist, avaricious, tasteless, idiotic, > brain-damaged, imbecilic, insane, arrogant, deceitful, demented, lame, > self-righteous, byzantine, conspiratorial, satanic, fraudulent, > libelous, bilious, splenetic, spastic, ignorant, clueless, EDLINoid, > illegitimate, harmful, destructive, dumb, evasive, double-talking, > devious, revisionist, narrow, manipulative, paternalistic, > fundamentalist, dogmatic, idolatrous, unethical, cultic, diseased, > suppressive, controlling, restrictive, malignant, deceptive, dim, > crazy, weird, dyspeptic, stifling, uncaring, plantigrade, grim, > unsympathetic, jargon-spouting, censorious, secretive, aggressive, > mind-numbing, arassive, poisonous, flagrant, self-destructive, > abusive, socially-retarded, puerile, and Generally Not Good. > > I hope this helps... > I think you give him too much credit. From jg at coks.net Mon Apr 3 19:08:09 2006 From: jg at coks.net (jg) Date: Mon Apr 3 21:05:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: On 4/3/2006 2:08 PM gezgin scribbled: > "jonah" wrote in message > news:e0rnuj$tkf$1@news.spamcop.net... >> i sent an email to a merchant asking for information about a specific bb > > Boy, you lost that argument the moment you opened your mouth. > > http://en.wikipedia.org/wiki/Godwin's_law > I /was/ wondering if the word fascist would be enough to involt the law - my feeling was yes, it should be, which leads me to concur with you, that this EDLINoid (thanks for that term, anonymous, hadn't heard that one before) did indeed doom his own thread with the subject line. chuckle - no wonder Merlyn fell off his chair... From nobody at devnull.spamcop.net Tue Apr 4 11:12:05 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 3 21:15:02 2006 Subject: [SpamCop-List] Re: What means (Third party interested in email source) In-Reply-To: References: Message-ID: Ellen wrote: > "Patto" wrote in message > news:e0i21i$b0n$1@news.spamcop.net... >> I don't understand - I have no problems sending unmunged reports to >> anyone, including Savvis. My preferences are set to "Leave spam copies >> intact", yet I still get "abuse#savvis.net@devnull.spamcop.net (Third >> party interested in email source)". >> >> http://www.spamcop.net/sc?id=z909827575zf196bffab35f1ce27969d7983b168661z >> Running with tech details on I can see >> >> Tracking message source: 198.143.197.148: >> ... >> Routing details for 198.143.197.148 >> abuse@savvis.net refuses SpamCop reports >> Using abuse#savvis.net@devnull.spamcop.net for statistical tracking. >> abuse#savvis.net@devnull.spamcop.net has expressed an interest in >> 198.143.197.148 > > > Yes, yes, yes you are correct. I turned off reports for savvis because of a > listwashing incident. Would be nice if I actually read my own notes -- sigh. > > Ellen > SpamCop Sorry to come back to this one more time. I think the message is wrong. It is not "abuse@savvis.net refuses SpamCop reports", but it is actually SpamCop who refuses to send reports to savvis.net. Is there a way to express this more clearly to SC users? From bar_n0ne at hotmail.com Mon Apr 3 21:16:50 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 3 21:20:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jg" wrote in message news:e0sgnj$dd7$1@news.spamcop.net... > On 4/3/2006 2:08 PM gezgin scribbled: > > > "jonah" wrote in message > > news:e0rnuj$tkf$1@news.spamcop.net... > >> i sent an email to a merchant asking for information about a specific bb > > > > Boy, you lost that argument the moment you opened your mouth. > > > > http://en.wikipedia.org/wiki/Godwin's_law > > > I /was/ wondering if the word fascist would be enough to involt the law > - my feeling was yes, it should be, which leads me to concur with you, > that this EDLINoid (thanks for that term, anonymous, hadn't heard that > one before) did indeed doom his own thread with the subject line. > chuckle - no wonder Merlyn fell off his chair... And... so, now I know where the expression "Godwin is a net Nazi" comes from From nobody at devnull.spamcop.net Tue Apr 4 11:18:34 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 3 21:20:07 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs In-Reply-To: References: Message-ID: MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), and I am... SPAM is a registered trademark of Hormel Foods (http://www.spam.com/). The issue in this newsgroup we usually call spam, in order to not confuse the two :) From nobody at devnull.spamcop.net Tue Apr 4 11:21:35 2006 From: nobody at devnull.spamcop.net (Patto) Date: Mon Apr 3 21:25:02 2006 Subject: [SpamCop-List] Re: *sniff* another personal tragedy for a 419'er In-Reply-To: References: Message-ID: RandallW wrote: > http://www.spamcop.net/sc?id=z911994022z4be8cef662b2005feb62684b86aa2ecbz > > Her mother died two hours after she gave 'bet' to her. Thanks for sharing this touching story with us :) From jeffg at spamcop.net Tue Apr 4 00:16:56 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 23:20:07 2006 Subject: [SpamCop-List] Re: What means (Third party interested in email source) References: Message-ID: Patto wrote: > Ellen wrote: >> I turned off reports for savvis >> because of a listwashing incident. Would be nice if I actually read >> my own notes -- sigh. > Sorry to come back to this one more time. I think the message is > wrong. It is not "abuse@savvis.net refuses SpamCop reports", but it > is actually SpamCop who refuses to send reports to savvis.net. > > Is there a way to express this more clearly to SC users? That would certainly be helpful! -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 23:19:26 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 23:20:14 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> Message-ID: <4431E5BE.FA8930F1@SpamCop.devnull.diespammerdie.net> Berny wrote: > > > If you don't want to LART Viruses, fine, but otherwise they deserve no more > or less pondering than any other spam from the standpoint of LARTing. Thanks for the response, but I thought LARTing on virus messages was outside TOS. If that has changed, I stand corrected. But that was why I resorted to the manual notification. For which I just received, at length, a dispositive reply from the ISP: "Dear Sir, Thank you for reporting this incident. Following your information about virus distribution from one of our customers, we would like to inform you that JARING has already took necessary action for this customer. Should you find the same problem, please do not hesitate to inform us. Once again, thank you for your information. Regards, abuse/..ninie Abuse & Dispute Team JARING Communications Sdn. Bhd. MIMOS Berhad, Taman Teknologi Malaysia 57000 Kuala Lumpur Tel: +60-3-8996 5000 Fax: +60-3-8996 1898 Web: www.jaring.my So, a plug for the white hats at Jaring Communications in Kuala Lumpur. (And here I thought they were in Myanmar/Burma). Best regards, Michael From jeffg at spamcop.net Tue Apr 4 00:21:33 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 23:25:04 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: POP wrote: > OK, plonk me; I don't want your responses anyway and they'd use > less real estate that way. A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From tmcgraw at spamcop.net Mon Apr 3 21:39:03 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 3 23:40:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: Berny wrote: > "jg" wrote in message news:e0sgnj$dd7$1@news.spamcop.net... >> On 4/3/2006 2:08 PM gezgin scribbled: >> >>> "jonah" wrote in message >>> news:e0rnuj$tkf$1@news.spamcop.net... >>>> i sent an email to a merchant asking for information about a specific > bb >>> Boy, you lost that argument the moment you opened your mouth. >>> >>> http://en.wikipedia.org/wiki/Godwin's_law >>> >> I /was/ wondering if the word fascist would be enough to involt the law >> - my feeling was yes, it should be, which leads me to concur with you, >> that this EDLINoid (thanks for that term, anonymous, hadn't heard that >> one before) did indeed doom his own thread with the subject line. >> chuckle - no wonder Merlyn fell off his chair... > > And... so, now I know where the expression "Godwin is a net Nazi" comes from "brotherjonah" posted what is known as "a Godwin in one." From MikeE at ster.invalid Mon Apr 3 21:42:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 23:45:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Jeff G. wrote: > Q: Why is top-posting such a bad thing? Choosing those words to address directly for the purpose of my anti-top-poster argument. If you 'study' the effect of top posting, you make some important discoveries. Top posters generally or typically [meaning usually but not always] "don't know what they are talking about". It is actually a very serious affliction. They don't read carefully what they are replying to, as if they are in some kind of peculiar fog. It is as if they are 'glancing at' the post which they have decided to respond to -- and having glanced, they develop a 'notion' about something that has some kind of distant relationship to the post they are replying. But, they don't actually reply to the post they are replying -- that's why they 'choose' to top post -- because in the 'back of their mind' they know that they don't actually know what [where 'what' means what the other person said that they are pretending to talk about] they are talking about and that they actually /aren't/ really talking about what they are pretending to talk about. They are talking about something else kin to what they are claiming to talk about by hiding what they claim to be talking about way down underneath there. Further -- the top poster is full of ego-centricity. There is a subliminal reason that they are putting their post up there on top and there is a subliminal reason they are choosing to disregard the actual words of the post they are responding. That is because they subliminally have no respect for anyone else who is communicating in the thread compared to their own sense of self-importance. The top poster is saying "Some other things have been said before, but now * I * have spoken. And now that I have spoken, nothing else is really important any more." -- Mike Easter kibitzer, not SC admin From jg at coks.net Mon Apr 3 21:46:26 2006 From: jg at coks.net (jg) Date: Mon Apr 3 23:45:10 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: On 4/3/2006 8:39 PM Tim McGraw scribbled: > Berny wrote: >> "jg" wrote in message news:e0sgnj$dd7$1@news.spamcop.net... >>> On 4/3/2006 2:08 PM gezgin scribbled: >>> >>>> "jonah" wrote in message >>>> news:e0rnuj$tkf$1@news.spamcop.net... >>>>> i sent an email to a merchant asking for information about a specific >> bb >>>> Boy, you lost that argument the moment you opened your mouth. >>>> >>>> http://en.wikipedia.org/wiki/Godwin's_law >>>> >>> I /was/ wondering if the word fascist would be enough to involt the law >>> - my feeling was yes, it should be, which leads me to concur with you, >>> that this EDLINoid (thanks for that term, anonymous, hadn't heard that >>> one before) did indeed doom his own thread with the subject line. >>> chuckle - no wonder Merlyn fell off his chair... >> And... so, now I know where the expression "Godwin is a net Nazi" comes from > > "brotherjonah" posted what is known as "a Godwin in one." you just made that up, right? From tmcgraw at spamcop.net Mon Apr 3 21:45:57 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 3 23:50:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jg wrote: > On 4/3/2006 8:39 PM Tim McGraw scribbled: > >> Berny wrote: >>> "jg" wrote in message news:e0sgnj$dd7$1@news.spamcop.net... >>>> On 4/3/2006 2:08 PM gezgin scribbled: >>>> >>>>> "jonah" wrote in message >>>>> news:e0rnuj$tkf$1@news.spamcop.net... >>>>>> i sent an email to a merchant asking for information about a specific >>> bb >>>>> Boy, you lost that argument the moment you opened your mouth. >>>>> >>>>> http://en.wikipedia.org/wiki/Godwin's_law >>>>> >>>> I /was/ wondering if the word fascist would be enough to involt the law >>>> - my feeling was yes, it should be, which leads me to concur with you, >>>> that this EDLINoid (thanks for that term, anonymous, hadn't heard that >>>> one before) did indeed doom his own thread with the subject line. >>>> chuckle - no wonder Merlyn fell off his chair... >>> And... so, now I know where the expression "Godwin is a net Nazi" comes from >> "brotherjonah" posted what is known as "a Godwin in one." > > you just made that up, right? Nope. Saw it in nanae more than once. http://tinyurl.com/njper From gezgin at spamcop.net Tue Apr 4 08:32:39 2006 From: gezgin at spamcop.net (gezgin) Date: Tue Apr 4 00:35:04 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "Tim McGraw" wrote >>>>> i sent an email to a merchant asking for information about a specific >>>> Boy, you lost that argument the moment you opened your mouth. >>>> http://en.wikipedia.org/wiki/Godwin's_law > "brotherjonah" posted what is known as "a Godwin in one." Snag... Great expression. -- Bob http://www.kanyak.com From jg at coks.net Mon Apr 3 22:57:22 2006 From: jg at coks.net (jg) Date: Tue Apr 4 00:55:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: On 4/3/2006 8:45 PM Tim McGraw scribbled: >>>> And... so, now I know where the expression "Godwin is a net Nazi" comes from >>> "brotherjonah" posted what is known as "a Godwin in one." >> you just made that up, right? > > Nope. > > Saw it in nanae more than once. > > http://tinyurl.com/njper yes, indeedy - gotta love it... From jg at coks.net Mon Apr 3 23:03:35 2006 From: jg at coks.net (jg) Date: Tue Apr 4 01:05:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... In-Reply-To: References: Message-ID: On 4/3/2006 8:42 PM Mike Easter scribbled: > Jeff G. wrote: > > >> Q: Why is top-posting such a bad thing? > > Choosing those words to address directly for the purpose of my > anti-top-poster argument. > > > If you 'study' the effect of top posting, you make some important > discoveries. > > Top posters generally or typically [meaning usually but not always] > "don't know what they are talking about". > > It is actually a very serious affliction. They don't read carefully > what they are replying to, as if they are in some kind of peculiar fog. > > It is as if they are 'glancing at' the post which they have decided to > respond to -- and having glanced, they develop a 'notion' about > something that has some kind of distant relationship to the post they > are replying. > > But, they don't actually reply to the post they are replying -- that's > why they 'choose' to top post -- because in the 'back of their mind' > they know that they don't actually know what [where 'what' means what > the other person said that they are pretending to talk about] they are > talking about and that they actually /aren't/ really talking about what > they are pretending to talk about. They are talking about something > else kin to what they are claiming to talk about by hiding what they > claim to be talking about way down underneath there. > > Further -- the top poster is full of ego-centricity. There is a > subliminal reason that they are putting their post up there on top and > there is a subliminal reason they are choosing to disregard the actual > words of the post they are responding. That is because they > subliminally have no respect for anyone else who is communicating in the > thread compared to their own sense of self-importance. > > The top poster is saying "Some other things have been said before, but > now * I * have spoken. And now that I have spoken, nothing else is > really important any more." > > nuff said - may I quote you? From dtbteong at streamyx.com Tue Apr 4 15:04:23 2006 From: dtbteong at streamyx.com (Daniel) Date: Tue Apr 4 02:05:02 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: The IP address of my mail server hosted in US. Now already delisted.Whats the differences if list by IP and domain ? if 1 domain has 1 IP then doesn't it the same ? "N. Miller" wrote in message news:z5okbnqezm86.dlg@news.spamcop.net... > On Mon, 3 Apr 2006 14:23:51 +0800, Daniel wrote: > >> Recently my domain which was hosted in US was blocked due to report that >> spamming comes from my hosting server. The issue is only some user >> experience the blocking. How could this be ? Btw does every domain >> registered for spamcop ? Thanks > > SpamCop does not list domains. SpamCop lists IP addresses. It would help > to > know which IP address was blocked. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum From vanguard.news at yahooNIX.com Tue Apr 4 02:18:53 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Tue Apr 4 02:20:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote in message news:e0rnuj$tkf$1@news.spamcop.net... >i sent an email to a merchant asking for information about a specific >bb gun. And got a bullshit answer that my email had been blocked even >though i have never spammed anybody. ironically, the company to whom >the mail was directed are blacklisted by other freedom limiting >bullshit fascist pig sites as CyberPatrol, CyberNanny and others of >like Nazi mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. > Glad to be of help ... to others so they won't receive your peurile e-mails should they also use the same spam filter that the merchant used. Thanks for letting us know that you won't be afflicting anyone else, either. From vanguard.news at yahooNIX.com Tue Apr 4 02:24:00 2006 From: vanguard.news at yahooNIX.com (Vanguard) Date: Tue Apr 4 02:25:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: "Roman" wrote in message news:pan.2006.04.03.08.11.54.318942@sneakemail.com... > Hello > > Castlecops created a new tool to report phishing scam emails, they use > it in trying to shutdown the phishing websites. > > http://castlecops.com/pirt > > I thought it might be useful for Spamcop reporters, altough I have not > used it myself yet. I report phish mails (I rarely get them anymore) to: reportphishing@antiphishing.org Be sure to forward as an attachment so they get all the headers (unless you want to copy/paste the raw message into your report). Do *not* forward inline as this eliminates all the headers from the original phish mail. The Anti-Phishing Workgroup is operated by Microsoft, Visa, eTrust, eBay, and several other large vendors and banks. They have the processes in place to report phishing to the authorities, plus together they have a huge army of lawyers ready to pounce when ample evidence is provided. -- __________________________________________________ Post replies to the newsgroup. Share with others. For e-mail: Remove "NIX" and add "#VN" to Subject. __________________________________________________ From porpoise1954 at yahoo.co.uk Tue Apr 4 09:03:15 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 4 03:05:03 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> <4431E5BE.FA8930F1@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:4431E5BE.FA8930F1@SpamCop.devnull.diespammerdie.net... > > > So, a plug for the white hats at Jaring Communications in Kuala Lumpur. > (And here I thought they were in Myanmar/Burma). .mm From porpoise1954 at yahoo.co.uk Tue Apr 4 09:06:37 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 4 03:10:03 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: "Daniel" wrote in message news:e0t299$nim$1@news.spamcop.net... > The IP address of my mail server hosted in US. Now already delisted.Whats > the differences if list by IP and domain ? if 1 domain has 1 IP then > doesn't > it the same ? > No From DougThegarden at invalid.com Tue Apr 4 09:49:36 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Tue Apr 4 03:50:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: Tim McGraw wrote: > > "brotherjonah" posted what is known as "a Godwin in one." Its certainly the fastest Godwination I have seen ;-) Doug From gezgin at spamcop.net Tue Apr 4 13:45:24 2006 From: gezgin at spamcop.net (gezgin) Date: Tue Apr 4 05:50:16 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "Doug Thegarden" wrote in message news:e0t8eg$rl0$1@news.spamcop.net... > Tim McGraw wrote: >> >> "brotherjonah" posted what is known as "a Godwin in one." > > Its certainly the fastest Godwination I have seen ;-) http://tinyurl.com/qtg32 91 hits. It'll be interesting to watch the progress of this word, I should think. -- Bob http://www.kanyak.com From CBXXX at webtv.net Tue Apr 4 07:59:56 2006 From: CBXXX at webtv.net (CBXXX@webtv.net) Date: Tue Apr 4 07:05:02 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <11783-442C81A2-376@storefull-3254.bay.webtv.net> Message-ID: <11762-443251AC-1101@storefull-3252.bay.webtv.net> Does anyone know what I'm asking? From kenbrody at spamcop.net Tue Apr 4 10:31:55 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Tue Apr 4 09:40:04 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: <4432754B.A6097DAF@spamcop.net> (Top-posting corrected.) Daniel wrote: > > "N. Miller" wrote in message > news:z5okbnqezm86.dlg@news.spamcop.net... > > On Mon, 3 Apr 2006 14:23:51 +0800, Daniel wrote: > > > >> Recently my domain which was hosted in US was blocked due to report that > >> spamming comes from my hosting server. The issue is only some user > >> experience the blocking. How could this be ? Btw does every domain > >> registered for spamcop ? Thanks > > > > SpamCop does not list domains. SpamCop lists IP addresses. It would help > > to know which IP address was blocked. > > > The IP address of my mail server hosted in US. Now already delisted.Whats > the differences if list by IP and domain ? if 1 domain has 1 IP then doesn't > it the same ? No, it's not. First, even if "1 domain has 1 IP", that IP may be shared with other "domains". Second, by "domain", it sounds more like you mean "the IP address of the server that hosts my website", which is not related to e-mail at all. (Unless you happen to use that same server for e-mail.) My LAN here has one IP address exposed to the outside world. My ISP requires that I use their SMTP servers for outgoing e-mail, which are all different IPs than my LAN. My "domain" (that is, the system that hosts "www.mydomain.tld") is not only a different IP address, it's several states away. A traceroute from here to there takes 14 hops. That same IP address hosts other "domains" (actually, "websites"). Sometimes I send e-mail via SpamCop's webmail interface, which will be yet another IP address. E-mail that I send from any of these would have the same "from" address with my domain in it, yet would all take widely different paths to the recipient's inbox, and none of them would pass through my "domain", unless I was sending it to someone at my domain. And even then, it's only because my website and incoming e-mail are hosted on the same system, which is not a requirement. (Some of my domains have their websites on one IP, and incoming e-mail on another, sometimes in a different state.) So, to summarize and reiterate what others have said: SpamCop does not block "domains". SpamCop does not "block" at all. SpamCop lists IP addresses of reported spam sources. Without knowing the actual IP address that's listed, we can't help determine why it's listed. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at spamcop.net Tue Apr 4 08:20:33 2006 From: nobody at spamcop.net (Ellen) Date: Tue Apr 4 10:05:04 2006 Subject: [SpamCop-List] Re: What means (Third party interested in email source) References: Message-ID: "Patto" wrote in message news:e0sh51$dh2$1@news.spamcop.net... > Sorry to come back to this one more time. I think the message is wrong. > It is not "abuse@savvis.net refuses SpamCop reports", but it is actually > SpamCop who refuses to send reports to savvis.net. > > Is there a way to express this more clearly to SC users? Not really -- the switch that turns off reports can be set by the ISP as well as by the deputies so the system actually cannot differentiate who or why. Maybe we can come up with more generalized wording ... Ellen SpamCop From nobody at devnull.spamcop.net Tue Apr 4 10:02:37 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Tue Apr 4 10:05:10 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <11783-442C81A2-376@storefull-3254.bay.webtv.net> <11762-443251AC-1101@storefull-3252.bay.webtv.net> Message-ID: wrote in message news:11762-443251AC-1101@storefull-3252.bay.webtv.net... > Does anyone know what I'm asking? If anyone did, they chose not to answer. >> I have 4 different reporting #s for reporting to SC What do you mean by #s ????? >> from each of my 4 users. ??? You are reporting their spam, reporting spam as them, reporting spam in their name, ...????? >> On 3 of them, if I have more than one report ?? The submittal of the spam, the "notification" that the spam was received, the "notification" that the spam was processed ...???? The word "report" is not clear here. >> it allows me to report extra's from the first return email, Again, ???/ "extra's" ????? >> but on one user it doesn't do this? It makes me open each >> email seperately to report each one. Why is this? If I had to guess, it would be because "3 users (?)" made their e-mail submittals with several spam e-mails attached, where the "1 user (?)" submits one spam at a time .... but ... I really don't know what you are actually doing ... From MikeE at ster.invalid Tue Apr 4 09:07:49 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 11:10:03 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <11783-442C81A2-376@storefull-3254.bay.webtv.net> Message-ID: CBXXX@webtv.net wrote: > I have 4 different reporting #s for reporting to SC from each of my 4 > users. I'm going to guess that 'reporting #s' means submit addresses of the format submit:16charANcodeNMBR@spam.spamcop.net where 16charANcodeNMBR is a unique 16 character alphnumeric code number for each account. > On 3 of them, if I have more than one report it allows me to > report extra's from the first return email,but on one user it doesn't > do this? I'm going to guess that you are saying that when you submit multiple spam attachments, that you are accustomed to getting back one email response from spamcop per account/submit submission which one SC reply to the submission contains multiple links for reporting each of the spams -- but on one of the account/submit submissions something is different. > It makes me open each email seperately to report each one. I don't know what that means. Can that mean that if you report several spams attached to one submit, that SC replies with a separate mail for each spam which was submitted? I don't think so. Not unless each submission was submitted separately. > Why is this? I think you are going to have to use a lot more words and you are going to have to define each word so that people will understand what you are talking about. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 4 09:08:06 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 11:10:08 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <11783-442C81A2-376@storefull-3254.bay.webtv.net> <11762-443251AC-1101@storefull-3252.bay.webtv.net> Message-ID: CBXXX@webtv.net wrote: > Does anyone know what I'm asking? I don't. -- Mike Easter kibitzer, not SC admin From jzeitlin at spamcop.net Tue Apr 4 12:08:17 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Tue Apr 4 11:10:13 2006 Subject: [SpamCop-List] Re: What means (Third party interested in email source) References: Message-ID: On Tue, 4 Apr 2006 07:20:33 -0400, "Ellen" wrote: >"Patto" wrote in message >news:e0sh51$dh2$1@news.spamcop.net... >> Sorry to come back to this one more time. I think the message is wrong. >> It is not "abuse@savvis.net refuses SpamCop reports", but it is actually >> SpamCop who refuses to send reports to savvis.net. >> Is there a way to express this more clearly to SC users? >Not really -- the switch that turns off reports can be set by the ISP as >well as by the deputies so the system actually cannot differentiate who or >why. Maybe we can come up with more generalized wording ... "Spamcop has been set not to send reports to abuse@listwasher.invalid. abuse#listwasher.invalid@devnull.spamcop.net will be used for statistical compilations." -- E?nw? (SpamCop subscriber, not staff/admin) From MikeE at ster.invalid Tue Apr 4 09:18:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 11:20:03 2006 Subject: [SpamCop-List] Re: What means (Third party interested in email source) References: Message-ID: Ellen wrote: > "Patto" >> Sorry to come back to this one more time. I think the message is >> wrong. It is not "abuse@savvis.net refuses SpamCop reports", but it >> is actually SpamCop who refuses to send reports to savvis.net. >> >> Is there a way to express this more clearly to SC users? > > Not really -- the switch that turns off reports can be set by the ISP > as well as by the deputies so the system actually cannot > differentiate who or why. Maybe we can come up with more generalized > wording ... Depending upon how one accesses the information, the 'ambivalent' condition can be seen. Using best contacts abuse@savvis.net abuse@savvis.net refuses SpamCop reports Using abuse#savvis.net@devnull.spamcop.net for statistical tracking. No valid email addresses found, sorry! There are several possible reasons for this: The site involved may not want reports from SpamCop. SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing. SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address. There may be no working email address to receive reports. Routing details for 216.91.182.78 Reports routes for 216.91.182.78: routeid:4115826 216.91.0.0 - 216.91.255.255 to:abuse@savvis.net Third party interested in all reports Wednesday, December 31, 1969 4:03:35 PM -0800 (adsl-156-19-215.asm.bellsouth.net)] Sunday, June 01, 2003 2:26:44 PM -0700 -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Tue Apr 4 09:45:42 2006 From: nobody at spamcop.net (N. Miller) Date: Tue Apr 4 11:50:03 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: On Tue, 4 Apr 2006 14:04:23 +0800, Daniel wrote: > "N. Miller" wrote in message > news:z5okbnqezm86.dlg@news.spamcop.net... >> On Mon, 3 Apr 2006 14:23:51 +0800, Daniel wrote: >>> Recently my domain which was hosted in US was blocked due to report that >>> spamming comes from my hosting server. The issue is only some user >>> experience the blocking. How could this be ? Btw does every domain >>> registered for spamcop ? Thanks >> SpamCop does not list domains. SpamCop lists IP addresses. It would help >> to >> know which IP address was blocked. > The IP address of my mail server hosted in US. Now already delisted.Whats > the differences if list by IP and domain ? if 1 domain has 1 IP then doesn't > it the same ? Well darn it! I see that I was "half right"; I tripped at the end, where I wrote, "blocked", instead of, "listed". Not all domains have one IP address. By way of example, GMail servers get listed by SpamCop from time to time. Some of them, but not all of them at once; not that I ever heard of. So a GMail user could send two different email messages within seconds of one another; one of which would get through, the other would hit an MX blocking listed GMail servers. Assuming both cases involved the same "gmail.com" domain. Also, because GMail can be configured to allow a different sender email address to be used, it is possible for an "example.com" message to be blocked because it went through a listed "gmail.com" server. That doesn't mean that the "example.com" domain is listed, only that one of the "gmail.com" server IP addresses is listed. Not all IP addresses host one domain. From time to time somebody whose email was refused because it was sent through a SpamCop listed IP address demands that SC _not_ list that IP address _ever_ because it hosts multiple domains, not all of which are responsible for spam. Finally, as you have found out, SpamCop listings have a shelf-life. Nominally, 24 hours after the last reported spam from the listed IP address. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Tue Apr 4 10:02:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 12:05:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Technomage Hawke wrote: > also, some clients are configured for top posting by default. That is not a correct statement. Having a news agent configured to have the cursor positioned at the top is not configuring for top posting. My agent allows me a choice for locating my cursor, and I choose to have my reply open with the cursor at the top because that is where I start trimming from. It is not the client or newsagent which fails to trim and contextualize, it is the entity behind the keyboard. > lastly, I happen to be blind and would rather NOT have to burn out my > ears listening to line after line of quoted material or having to > sift through line after line of text on my braille tty device simply > because someone decided they were going to quote a 3k line message > with a single sentence at the end. Whether one is visually impaired or not, inadequate trimming or so-called 'bottom posting' is undesirable. The opposite of top posting isn't bottom posting. The opposite of top posting is trimmed and contextualized. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 4 10:13:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 12:15:02 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Technomage Hawke wrote: > Mike Easter wrote: >> Jeff G. wrote: >> >> >>> Q: Why is top-posting such a bad thing? >> >> Choosing those words to address directly for the purpose of my >> anti-top-poster argument. > > it was not an argument. it was an observation. your assertion > otherwise made it an over generalization on your part. The term 'argument' in this context means "a stated point of view". Argument does not have to mean or start with a debate. Whether a generalization is 'over' or not depends on who is gauging. >> Top posters generally or typically [meaning usually but not always] >> "don't know what they are talking about". > > really? care to cite the sources for this "information"? That is my observation about some or many top posters. It is not necessary to provide /citations/ for expressing a point of view or opinion. I notice that you aren't providing any citations for any of your points of view. It isn't necessary for either of us to show cited reference sources for discussing our opinions and observations. When remarks are placed in context by a sighted poster, the exact words to which s/he is responding are sitting right there on the screen in front of them. This facilitates great precision or accuracy in responding to the exact words. That accuracy of response is typically not seen in the top poster, who tends to respond 'conceptually' to the previous post -- which concept often loses something very important in the translation from reality to vague idea poorly recalled -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Tue Apr 4 10:44:52 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Tue Apr 4 12:45:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Technomage Hawke" wrote in message news:e0tvsi$9v5$1@news.spamcop.net... > thants a really good way to miss important points. > > also, some clients are configured for top posting by default. > > lastly, I happen to be blind and would rather NOT have to burn out my ears > listening to line after line of quoted material *** THIS is an excellent reason for trimming as much extraneous material as possible. This is the first time that I have heard a good reason for top posting. -- A SpamCop user and forum reader, Not Admin *** From porpoise1954 at yahoo.co.uk Tue Apr 4 18:47:27 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 4 12:50:02 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <11783-442C81A2-376@storefull-3254.bay.webtv.net> <11762-443251AC-1101@storefull-3252.bay.webtv.net> Message-ID: wrote in message news:11762-443251AC-1101@storefull-3252.bay.webtv.net... > Does anyone know what I'm asking? > No. I can't see the question. From nobody at devnull.spamcop.net Tue Apr 4 10:48:58 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 12:50:07 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: jg wrote... > ..this EDLINoid (thanks for that term, anonymous, hadn't heard that > one before) Some Usenet posters manage to capture the spirit of EDLIN perfectly; annoying, unforgiving, inflexible, hard to understand, and best ignored. :) -- G.M. From nobody at devnull.spamcop.net Tue Apr 4 10:55:10 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 13:00:02 2006 Subject: [SpamCop-List] [META] Ego and top-posting References: Message-ID: Mike Easter wrote... > If you 'study' the effect of top posting, you make some important > discoveries. > > Top posters generally or typically [meaning usually but not always] > "don't know what they are talking about". > > It is actually a very serious affliction. They don't read carefully > what they are replying to, as if they are in some kind of peculiar fog. > > It is as if they are 'glancing at' the post which they have decided to > respond to -- and having glanced, they develop a 'notion' about > something that has some kind of distant relationship to the post they > are replying. > > But, they don't actually reply to the post they are replying -- that's > why they 'choose' to top post -- because in the 'back of their mind' > they know that they don't actually know what [where 'what' means what > the other person said that they are pretending to talk about] they are > talking about and that they actually /aren't/ really talking about what > they are pretending to talk about. They are talking about something > else kin to what they are claiming to talk about by hiding what they > claim to be talking about way down underneath there. > > Further -- the top poster is full of ego-centricity. There is a > subliminal reason that they are putting their post up there on top and > there is a subliminal reason they are choosing to disregard the actual > words of the post they are responding. That is because they > subliminally have no respect for anyone else who is communicating in the > thread compared to their own sense of self-importance. > > The top poster is saying "Some other things have been said before, but > now * I * have spoken. And now that I have spoken, nothing else is > really important any more." I am reasonably certain that this is the same class of person who "converses" by spending the time when the other person is talking composing what he is going to say next. I have also found that those posters who are most likely to have correct answers to technical questions are also most likely to have killfiled those who insist on top-posting. The bit about egotism is spot on. Look at how often the typical top-poster declares that meeting his own needs is far more important than meeting the needs of his readers. -- G.M. From nobody at devnull.spamcop.net Tue Apr 4 11:01:25 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 13:05:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Technomage Hawke wrote... > also, some clients are configured for top posting by default. No they aren't. The cursor is placed at the top so that you can easily trim the quoted material and properly intersperse your comments. Top-posting because that's where your cursor happens to be at the time is like shitting in your pants because that's where your asshole happens to be at the time. -- G.M. From porpoise1954 at yahoo.co.uk Tue Apr 4 19:03:48 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 4 13:10:02 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Technomage Hawke" wrote in message news:e0u06h$9v5$2@news.spamcop.net... > ok, I do need to respond inside this message (even though this is a lot > harder for me than most) > > Mike Easter wrote: > >> Jeff G. wrote: >> >> >>> Q: Why is top-posting such a bad thing? >> >> Choosing those words to address directly for the purpose of my >> anti-top-poster argument. > > it was not an argument. it was an observation. your assertion otherwise > made > it an over generalization on your part. > >> >> >> If you 'study' the effect of top posting, you make some important >> discoveries. >> >> Top posters generally or typically [meaning usually but not always] >> "don't know what they are talking about". > > really? care to cite the sources for this "information"? Look through the posts in this (or others) group and you'll see it happens quite often because they often end up replying to a different person to what they thought they were replying to. (Because they're actually replying to a quoted portion of someone's previous post - which loses the sense of the thread completely). > >> >> It is actually a very serious affliction. They don't read carefully >> what they are replying to, as if they are in some kind of peculiar fog. > > assumtion based on no discernable facts Read the posts in this group thus afflicted. > >> >> It is as if they are 'glancing at' the post which they have decided to >> respond to -- and having glanced, they develop a 'notion' about >> something that has some kind of distant relationship to the post they >> are replying. > > assumption. As above (the proof is in previous posts within this group [and others]). > >> >> But, they don't actually reply to the post they are replying -- that's >> why they 'choose' to top post -- because in the 'back of their mind' >> they know that they don't actually know what [where 'what' means what >> the other person said that they are pretending to talk about] they are >> talking about and that they actually /aren't/ really talking about what >> they are pretending to talk about. They are talking about something >> else kin to what they are claiming to talk about by hiding what they >> claim to be talking about way down underneath there. > > over generalization and another assumption based on a fallicy. Based on the facts contained within the relevant posts. From tmcgraw at spamcop.net Tue Apr 4 11:36:09 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Apr 4 13:40:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: gezgin wrote: > > http://tinyurl.com/qtg32 > 91 hits. > > It'll be interesting to watch the progress of this word, I should think. Wouldn't Godwinate be the root of Godwination? http://groups.google.com/groups?q=Godwinate&hl=en& From porpoise1954 at yahoo.co.uk Tue Apr 4 20:21:32 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Tue Apr 4 14:25:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Anonymous" wrote in message news:e0u8pi$gas$1@news.spamcop.net... > > Technomage Hawke wrote... > >> also, some clients are configured for top posting by default. > > No they aren't. > > The cursor is placed at the top so that you can easily trim the > quoted material and properly intersperse your comments. > > Top-posting because that's where your cursor happens to be at > the time is like shitting in your pants because that's where > your asshole happens to be at the time. Splorf! Did you get from somewhere, or did you just make it up? Brilliant analogy. From jeffg at spamcop.net Tue Apr 4 15:46:57 2006 From: jeffg at spamcop.net (Jeff G.) Date: Tue Apr 4 14:50:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: POP wrote: > OK, plonk me; I don't want your responses anyway and they'd use > less real estate that way. Please stop top posting, as it is considered bad netiquette and gets the conversation out of order. Please snip out any unnecessary quoting in your replies and post your own comments below each quoted point that you are addressing. Please see http://spamcop.net/forum.shtml for SpamCop's newsgroup/mailing list posting rules and guidelines and http://linux.sgms-centre.com/misc/netiquette.php (see #6 for comments on proper inline quoting), http://www.river.com/users/share/etiquette/ (see #1 and #2 for snipping/inline quoting comments), http://www.onlinenetiquette.com/courtesy6.html (see the 4th paragraph), and http://www.computerworld.co.nz/webhome.nsf/0/CC256A87000C5F2FCC256A84001A0AAF AKA http://tinyurl.com/yqw87 for more general posting netiquette. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From bar_n0ne at hotmail.com Tue Apr 4 15:11:59 2006 From: bar_n0ne at hotmail.com (Berny) Date: Tue Apr 4 15:15:03 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> <4431E5BE.FA8930F1@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:4431E5BE.FA8930F1@SpamCop.devnull.diespammerdie.net... > Thanks for the response, but I thought LARTing on virus messages was > outside TOS. If that has changed, I stand corrected. But that was why > I resorted to the manual notification. For which I just received, at > length, a dispositive reply from the ISP: > Well within TOS for quite some time now. LARTS away. But probably your manual LART was more effective. From nobody at devnull.spamcop.net Tue Apr 4 13:15:54 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 15:20:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Porpoise wrote... > > G.M. wrote... >> >> Technomage Hawke wrote... >> >>> also, some clients are configured for top posting by default. >> >> No they aren't. >> >> The cursor is placed at the top so that you can easily trim the >> quoted material and properly intersperse your comments. >> >> Top-posting because that's where your cursor happens to be at >> the time is like shitting in your pants because that's where >> your asshole happens to be at the time. > > Splorf! Did you get from somewhere, or did you just make it up? Brilliant > analogy. Unless I read it somewhere and it stuck in my unconscious, I derived it independently from the old saying "working on a task because it happens to be in front of you is like pooping in your pants because they happen to be on you", but it appears from a Google search that I wasn't the first to come up with the idea. I think I would have remembered such a memorable saying, but the human memory is a fallible thing. -- G.M. From mengel at fnal.gov Tue Apr 4 15:28:49 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Tue Apr 4 15:30:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... In-Reply-To: References: <2XxzlgXM+Ua5@eisner.encompasserve.org> Message-ID: Larry Kilgallen wrote: > Why is it _our_ problem to settle the exact way in which your highly > vulnerable network is spamming ? Spamcop has, in a public forum, declared us to be "spammers", if only for 5 apparently random days. If I were posting notices in public forums, declaring *you* to be a {rapist,thief,minion of Goser} but refusing to give any actual evidence of same, you would be similarly peeved, and rightfully so. You, personally, have accusing us of running a "higly vulnerable network", and of "sending unsolicited bulk email". And in your case, you don't even have whatever evidence spamcop claims to have. And I think you owe me, and my coworkers, an apology for such claims. > You seem to indicate you have not prevented backscatter, viruses, etc. I most assuredly have not indicated any such thing. I said we have not yet removed *all* backscatter from our site; but the same is true of *everyone* here. After all, if you are, as you claim, running only confirmed-opt-in mailing lists, then sending a subscription request to your mailing list server yeilds an opt-in message in reply, yes? Guess what -- that opt-in confirmation message is *backscatter*. And I bet if we poked around for a while, we could come up with dozens of other situations under which your site would still send email to an unconfirmed email address. In fact, I bet you have *printers* that will send email to an unconfirmed address everytime they run out of paper, or even every time they print a print job, if so configured. If someone managed to get one of your printers configured to email a spamtrap, how would *you* find it? You would probably have to ask the folks who run the spamtrap. And if they don't reply, you've got nothing. >>Secondly, I have yet to see *any* evidence that we actually are sending >>spam. And of course having such evidence would be useful, as it is >>literally a Federal offense to use our systems for such a purpose. > > Spam has to do with the unsolicited bulk email coming out of your facility, > not with the exact details of how you created it. So in this case, our listserv was sending "your message has been forwarded to a list moderator for approval" (not the text of the message, just the two-line note) to the apparent sender of messages which were flagged by spamassasin (it isn't any more, by the way). So this had *nothing* to do with who was subscribed to lists, whether they were confirmed, whether our gateways were validating addresses, etc. etc. etc., it was simply a listserv admin not noticing a sentence in a manual about the conditions under which an auto-reply message got sent. But you happily labeled our site as "vulnerable" and me and my associates as spammers, with no evidence to back it up, just the blatant assumption that any site that sent anything to a spamtrap address was clearly a spammer. >>But the thing to remember is, the more you blacklist sites who are doing >>their darndest to squelch spam with the resources they have, the more >>you make yourselves a bad source of blacklist data. > > > It is precisely the rigor of the SpamCop methodology that makes the > list so valuable. It is *more* valuable when it helps provide information to those who turn up on the lists about *why* they turn up on the list, so they can do something about it. Actually stopping sources of unwanted mail is more useful than simply blacklisting them. And in this particular, grantedly isolated, case, all the FAQ's and configuration hints that you folks repeated so heavily were *not* useful. Only the actual information about the origin and content of the messages being sent was useful to discovering and correcting the problem, and that was what took over a month to obtain, despite a polite, concise request on the first appearance of our site on the spamcop blacklist. Marc From mengel at fnal.gov Tue Apr 4 15:38:39 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Tue Apr 4 15:40:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... In-Reply-To: References: Message-ID: Peter Pearson wrote: > By the way, Marc: you have mentioned that fnal runs a large > number of mailing lists, as if that excuses fnal from taking > measures to prevent their abuse by spammers. Wow you guys jump to conclusions here. I mention that we run lots of mailing lists, and you conclude from that that we do not take measures to prevent their abuse. From mengel at fnal.gov Tue Apr 4 15:51:18 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Tue Apr 4 15:55:04 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: Anonymous wrote: > Marc W. Mengel wrote... > So you are saying that it's OK if your moderated lists send "your message > has been forwarded to the moderator" messages to innocent victims who never > sent a message to you? Nope. I think it is a configuration error that should have (and would have) been fixed over a month ago, if someone had had the decency to tell us what the text of the messages was when we first asked for more information. >>Sure, it's worse odds than winning the lottery. But someone did win >>the lottery yesterday. And a spamtrap address that looks random to an >>english speaker may not look nearly as random to someone from Russia, or >>China, or ... > > > Now you are grasping at straws. You betcha. With no information to go on, it's what you do. > You have a bunch of "subscribers" that were > gathered by a spambot from webpages, and we both know it. You aren't > fooling > anyone. No, I don't. And your assertion is obnoxious and libelous -- no wonder you're posting as "Anonymous". > Unless those who hide spamtraps are idiots (and the lack of any of > spamcop's many enemies subscribing the spamtraps to confirmed opt-in mailing > lists tells me that they are not), the chances are a *lot* worse than the > chances of winning the lottery. You are sending emails to large numbers of > email addresses that somebody scraped off of the web, and we both know it. > You (and everyone else) has utterly failed to describe a way to gather the > addresses of the spamtraps without gathering many more addresses of humans, > with no way to know which is which. I repeat my prior assertion, that I never asked, nor do I want to know, the address of any spamtraps. > > Stop sending email to those who didn't ask for it. > That's actually what I'm trying to do. You, however, are not helping in the least. Go forth, get some manners, and in future, post things you're willling to back up with your real name. Marc From gar at askgar.com Tue Apr 4 16:05:57 2006 From: gar at askgar.com (Gary Warner) Date: Tue Apr 4 16:06:09 2006 Subject: [SpamCop-List] List usefulness Message-ID: <4432D1A5.7080304@askgar.com> Just curious, Is there a different spamcop mailing list that talks about issues of interest to people who are trying to work together to reduce the amount of spam in the world? I seem to have only found the mailing list for people to tell SpamCop that they suck for blocking their emails, and for SpamCop to tell those people that in their god-like wisdom they will continue to behave in their accustomed manner regardless of how much collateral damage they cause. I find that mailing lists where there is no clear purpose tend to devolve into BigEndian vs LittleEndian feuds, like shall one post replies at the beginning of an email, where readers might actually read it? or at the end of an email, where readers are forced to re-read all of the crap that one probably should have deleted before spewing forth oneself. So, if someone has a USEFUL SpamCop mailing list, please send me the address. Hope to see some of you at the Email Authentication Summit in Chicago April 19th! _-_ gar From tmcgraw at spamcop.net Tue Apr 4 14:18:28 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Tue Apr 4 16:20:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: Marc W. Mengel wrote: > > Go forth, get some manners, and in future, post things you're willling > to back up with your real name. Go forth, learn how to secure your systems and how to say "thank you." From nobody at devnull.spamcop.net Tue Apr 4 14:24:06 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 16:25:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap addresses References: <2XxzlgXM+Ua5@eisner.encompasserve.org> Message-ID: Marc W. Mengel wrote... > Larry Kilgallen wrote: > >> Why is it _our_ problem to settle the exact way in which your highly >> vulnerable network is spamming ? > > Spamcop has, in a public forum, declared us to be "spammers", if only for > 5 apparently random days. Free clue: they aren't random. They are triggered by your spam. > If I were posting notices in public forums, declaring *you* to be a > {rapist,thief,minion of Goser} I declare you to be a Drama Queen. > but refusing to give any actual evidence of same, you would be similarly > peeved, and rightfully so. You don't need evidence. You have freely admitted that you sending email to people who never asked for it. Stop it. > You, personally, have accusing us of running a "higly vulnerable network", If it isn't higly vulnerable, why are you sending email to people who never asked for it, and why do you claim that you are unable/unwilling to stop? > and of "sending unsolicited bulk email". And in your case, > you don't even have whatever evidence spamcop claims to have. I don't need it. The fact that you are whining about spamtraps and trying to weasel the identity of spamtraps out of SC tells me that you are hitting spamtraps. And we both know that it is impossible for you to be hitting spamtraps without hitting large numbers of humans. Or, as we call it, "spamming." > > You seem to indicate you have not prevented backscatter, viruses, etc. > > I most assuredly have not indicated any such thing. I said we have not > yet removed *all* backscatter from our site; but the same is true of > *everyone* here. After all, if you are, as you claim, running only > confirmed-opt-in mailing lists, then sending a subscription request > to your mailing list server yeilds an opt-in message in reply, yes? The chance of such a opt-in message hitting a spamtrap is less that the chance of getting hit by lightning and winning the lottery on the same day. This has been explained to you many times. > Guess what -- that opt-in confirmation message is *backscatter*. And I > bet if we poked around for a while, we could come up with dozens of other > situations under which your site would still send email to an unconfirmed > email address. The chance of those emails hitting a spamtrap is less that the chance of getting hit by lightning and winning the lottery on the same day. This has been explained to you many times. > In fact, I bet you have *printers* that will send email to an unconfirmed > address everytime they run out of paper, or even every time they print a > print job, if so configured. The chance of those printers hitting a spamtrap is less that the chance of getting hit by lightning and winning the lottery on the same day. This has been explained to you many times. > If someone managed to get one of your printers configured to email > a spamtrap, Explain - in detail - how they could manage such a thing. The only way is to harvest many, many email addresses from web pages and to email them all. Or, as we call it, "spamming." > how would *you* find it? I would stop spamming. Why won't you? > You would probably have to ask the folks who run the spamtrap. Who, if they gave in to your demands, could only tell you how to stop sending spam to the spamtraps when what you need to do is to stop sending spam to *everyone* you are spamming -- humans and spamtraps alike. > And if they don't reply, you've got nothing. You have a simple, solutuion, Drama Queen. Stop spamming. > So in this case, our listserv was sending "your message has been forwarded > to a list moderator for approval" (not the text of the message, just the > two-line note) to the apparent sender of messages > which were flagged by spamassasin (it isn't any more, by the way). Stop sending emails to the apparent senders of messages. Most of them are forgeries. > So this had *nothing* to do with who was subscribed to lists, Yes it does. Spamtraps don't subscribe to lists. > whether they were confirmed, Yes it does. Spamtraps don't confirm subscriptions. > whether our gateways were validating addresses, Yes it does. Valid addresses don't lead to Spamtraps. > it was simply a listserv admin not noticing a sentence in a manual about > the conditions under which an auto-reply message got sent. I don't care why you spam. I just want you to stop. > But you happily labeled our site as "vulnerable" and me and my associates > as spammers, with no evidence to back it up, just the > blatant assumption that any site that sent anything to a spamtrap > address was clearly a spammer. Yup. Any site that sends anything to a spamtrap address is clearly a spammer. You can't hit spamtraps without hitting much larger numbers of humans. Or, as we like to call it, spamming. >>>But the thing to remember is, the more you blacklist sites who are doing >>>their darndest to squelch spam with the resources they have, the more you >>>make yourselves a bad source of blacklist data. >> >> It is precisely the rigor of the SpamCop methodology that makes the >> list so valuable. > > It is *more* valuable when it helps provide information to those who turn > up on the lists about *why* they turn up on the list, so they can > do something about it. Don't claim that you can't do anything about it. You can stop spamming. > Actually stopping sources of unwanted mail is more useful than simply > blacklisting them. And in this particular, grantedly isolated, case, all > the FAQ's and configuration hints that you folks repeated so heavily were > *not* useful. Bullshit. Just because you refuse to use confirmed opt-in as an effective method for stopping the spam you are sending doesn't mean that the advice to do so is not useful. > And I think you owe me, and my coworkers, an apology for such claims. Eat shit and die, spammer. I am tired of you hitting your talking points again and again, conveniently forgetting that they have been refuted. I am tired of you wanting to stop sending spam to spamtraps without wanting to stop sending spam to humans. You don't want to stop spamming? Fine! Enjoy having your email servers blocked by those of us who don't want your spam. Actions have consequences. From nobody at devnull.spamcop.net Tue Apr 4 14:27:10 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 16:30:02 2006 Subject: [SpamCop-List] Re: List usefulness References: Message-ID: Gary Warner wrote... > Just curious, > > Is there a different spamcop mailing list that talks about issues of > interest to people who are trying to work together to reduce the amount of > spam in the world? > > I seem to have only found the mailing list for people to tell SpamCop that > they suck for blocking their emails, and for SpamCop to tell those people > that in their god-like wisdom they will continue to behave in their > accustomed manner regardless of how much collateral damage they cause. > > I find that mailing lists where there is no clear purpose tend to devolve > into BigEndian vs LittleEndian feuds, like shall one post replies at the > beginning of an email, where readers might actually read it? or at the end > of an email, where readers are forced to re-read all of the crap that one > probably should have deleted before spewing forth oneself. Your's is a very valid concern. Other than moderation, do you have a suggestion for keeping angry spammers off of any such list? Failing that, can you suggest someone to take on the thankless job of moderator? From MikeE at ster.invalid Tue Apr 4 14:30:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 16:35:03 2006 Subject: [SpamCop-List] Re: List usefulness References: Message-ID: Gary Warner wrote: > Is there a different spamcop mailing list Most of the people who are conversing here are doing so via nntp newsreaders with news.spamcop.net, not the news.spamcop.net Mailing Lists or spamcop-list@news.spamcop.net. > I seem to have only found the mailing list for people to tell SpamCop > that they suck for blocking their emails, Which spamcop doesn't block anyone's mails. > and for SpamCop to tell > those people that in their god-like wisdom they will continue to > behave in their accustomed manner regardless of how much collateral damage they cause. Which spamcop is the maintainer of the spamcop blocklist, which temporarily lists IP addresses reported by spamcop reporters and spamcop spamtraps as spamcop reportable spamsources. Those reportable sources include conventional spam as well as other abusive mail such as viral propagations and various abusive misdirecteds. > I find that mailing lists where there is no clear purpose You are posting into a group which is almost completely newsgroup posts, not a mailing list. In fact, the emailed contributions to this newsgroup often don't thread well as a newsgroup message. > So, if someone has a USEFUL SpamCop mailing list, please send me the > address. For those who are not inclined to use a newsreader, there are the spamcop web based forums at http://forum.spamcop.net/forums/ Maybe you would be happier in the web forum. Not very many people find the access to the mailing list, as it is not published on the main accesses to help and the faq and the site map at http://www.spamcop.net/help.shtml Help Options: FAQ | Search | Forums and http://www.spamcop.net/sitemap.shtml Site Map: -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Tue Apr 4 14:45:15 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 16:50:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: Marc W. Mengel wrote... > Anonymous wrote: > >> So you are saying that it's OK if your moderated lists send "your message >> has been forwarded to the moderator" messages to innocent victims who >> never >> sent a message to you? > > Nope. Good! so stop doing it - to *all* of the innocent victims who never sent a message to you - and you will have stopped sending it to spamtraps. > I think it is a configuration error that should have (and would have) been > fixed over a month ago, if someone had had the decency to tell us what the > text of the messages was when we first asked for more information. Spammers use that information to figure out which of their victims is a spamtrap. Given your desperate attempts to keep hitting innocent human victims without hitting spamtraps, it would be unwise to give you that info. Why don't you just stop spamming? Run a confirmed opt-in mailing list and you won't be spamming anyone. >>>Sure, it's worse odds than winning the lottery. But someone did win >>>the lottery yesterday. And a spamtrap address that looks random to an >>>english speaker may not look nearly as random to someone from Russia, or >>>China, or ... >> >> Now you are grasping at straws. > > You betcha. Glad you admit it. >> You have a bunch of "subscribers" that were gathered by a spambot from >> webpages, and we both know it. You aren't fooling anyone. > > No, I don't. Yes. You do. You have yet to come up with any other plausible way that your system got the email addresses of spamtraps. You yourself admit that the odds of hitting one by chance are (in your words) "worse odds than winning the lottery." Actually, its worse odds than winning the lottery and being hit by lightning on the same day. > And your assertion is obnoxious Your spamming is obnoxious. > and libelous -- no wonder you're posting as "Anonymous". Give me the name of your attorney and I will send him a signed letter with full contact info repeating my assertions and I will be glad to see you in court. >> Stop sending email to those who didn't ask for it. > > That's actually what I'm trying to do. You, however, are not helping in > the least. Confirmed opt-in. There's your help, spammer. From MikeE at ster.invalid Tue Apr 4 14:56:51 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 17:00:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: <2XxzlgXM+Ua5@eisner.encompasserve.org> Message-ID: Marc W. Mengel wrote: > Guess what -- that opt-in confirmation message is *backscatter*. There is backscatter and then there is *BACKSCATTER*. If an active and busy verifiably confirmed mailing list sends out confirmations to addresses which are subscribing and sends out those confirmations in a healthy fashion, the occasional forged subscribe will not cause any problems for the following reasons: - spamcop reporters are not supposed to report confirmatories, but I can't find that in the faq - a forge subscribed spamtrap might report a confirmatory which would count as a numerator to the blocklist, but the denominator of a mailing list should be large - the concepts of the formula for using the numerator of hits against the denominator of reputation or traffic points is described here http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- The system currently operates based on these rules: > So in this case, our listserv was sending "your message has been > forwarded to a list moderator for approval" That is a completely different and unhealthy kind of backscatter which is quite different from subscribe confirmations. Subscribe confirmations would be very small numbers of forged subscriptions. Sending newmails to forged Froms on spam mailed to your listserv address would be very large numbers. There is a world of difference between large numbers and small numbers when they are spamcop reports about a mailing list server. Small numbers are harmless and insignificant, because they have no effect. Large numbers overwhelm the reputation or traffic points denominator with a heavy spamtrap numerator. This causes a mailing list server to become blocklisted and interferes with people getting their legitimate mailing list mail. This is bad for everyone. It is the duty of the mailing list management process to prevent those kinds of problems for everyone by preventing abusive misdirected mail. > It is *more* valuable when it helps provide information to those who > turn up on the lists about *why* they turn up on the list, so they can > do something about it. The problem is, that mailing lists shouldn't be hitting spamtraps in great numbers. The other problem is that spamcop reports are sent to an appropriate notify address, but spamtrap hits are not. If you are hitting reporters, the notified will be getting the evidence. If you are hitting spamtraps, there is no notification. If you aren't getting the evidence of the notification which is sent to the appropriate notification address, that is a different problem from not getting notified about spamtrap hits. Healthy mailing lists do not hit spamtraps in sufficient numbers to get blocklisted because they have traffic or reputation points to prevent that. Healthy mailing lists do not hit anything, reporters or traps, to get blocklisted. Unhealthy or dirty lists hit all kinds of reporters and traps in sufficient numbers to get blocklisted, and then they start crying about insignificant causes of minor and non-problems for the healthy list being 'unfair' to the unhealthy list -- when in reality it is the unhealthiness of the list management and server management process which is the problem -- not the unfairness of confirmatories hitting a spamtrap occasionally. > Actually stopping sources of unwanted mail is > more useful than simply blacklisting them. And everyone with a dirty list wishes it would be cleaner instead of being listed. So what? -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Tue Apr 4 15:23:49 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Tue Apr 4 17:25:02 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: "Marc W. Mengel" wrote in message news:e0jkbt$73s$1@news.spamcop.net... > Anonymous wrote: >> Marc W. Mengel wrote... >> >> >>>Who said we don't require confirmed opt-in, by the way? >> >> >> I direct your attention to >> http://www.cluelessmailers.org/info/listmanagement.html >> and http://www.mail-abuse.com/an_listmgntgdlines.html >> where you will see >> >> "If the confirmation is not returned to you from the submitted >> address, or the unique token is not present or does not match, >> then the subscription process should be aborted, and no further >> email should be sent to the submitted address" >> >> The spamtrap didn't return a confirmation, so it shouldn't be on >> your mailing list. You say that it is, so you cannot possibly be >> requiring confirmed opt-in. >> >> Either the spamtraps have suddenly became AIs that answer emails, >> or you send emails to addresses that failed to send a confirmation >> reply opting in. There are no other possibilities. > > Actually, it turns out some of our moderated lists send a "your message > has been forwarded to the moderator" message, and that's what has > been tripping spamcop's spamtraps. > > So yes, technically that's 'sending a message'. But that doesn't mean I > have anyone subscribed to a list that ought not be. And of course, even a > full, confirmed opt-in system will send mail to a forged from-address, > too -- a "please reply to this to confirm your subscription" message. > ** In order to clean up your mailing list you must send a confirmation letter to all the names on your list (possibly at least once a year to weed out the 'no longer interested' names. When you have sent the confirmation letter to each of the names on your mailing list, it is possible that some are forged and even some spamtraps. the spamtraps 'should' inspect all mail to see if that mail is legitimate (such as your confirmation mail.) Once you have 'cleaned' your list, you should not have any more problems with spam being reported or hitting spam traps. Spam traps will usually accept a certain small number of hits prior to listing you because of the possibility of forged names being submitted to you. As said in numerous posts - CLEAN UP YOU MAILING LISTS NOW and most of your problems will go away!!! -- A SpamCop user and forum reader, Not Admin *** From nobody at devnull.spamcop.net Tue Apr 4 19:51:28 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue Apr 4 18:55:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: "Marc W. Mengel" wrote in message news:e0ui00$mf7$1@news.spamcop.net... > Peter Pearson wrote: > >> By the way, Marc: you have mentioned that fnal runs a large >> number of mailing lists, as if that excuses fnal from taking >> measures to prevent their abuse by spammers. > > Wow you guys jump to conclusions here. I mention that we run > lots of mailing lists, and you conclude from that that we do > not > take measures to prevent their abuse. Because you presented the information leading to such a perception. From eddie at eddie.web Tue Apr 4 19:56:26 2006 From: eddie at eddie.web (eddie) Date: Tue Apr 4 19:00:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jonah wrote: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. > Fascists are right-wingers, but Nazis are left-wingers as in National Socialist Party. One or the other, but not both, please. Your use of scatological terms tells us a lot about the area from which your thoghts arise. You need to take up deep breathing exercises before you expire from apoplexy. BTW: There is no global law that says your email has to go through. It's really a courtesy, not a legal requirement. You can always telephone or write. Most normal, reasonable humans ignore people who use fuck, bullshit and such. Save that language for your boyfriend. From n4jwyfo02 at sneakemail.com Wed Apr 5 01:11:57 2006 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Tue Apr 4 19:15:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: eddie wrote: > Fascists are right-wingers, but Nazis are left-wingers as in National > Socialist Party. This is factually incorrect. Suggest you find yourself a good book on 20th century history. This should tell you which side of the political spectrum the Nazis were on. From nobody at devnull.spamcop.net Tue Apr 4 17:22:03 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Tue Apr 4 19:25:03 2006 Subject: [SpamCop-List] Re: "Victim of Spam-Trap addresses References: <2XxzlgXM+Ua5@eisner.encompasserve.org> Message-ID: Mike Easter wrote... > Marc W. Mengel wrote: > >> Guess what -- that opt-in confirmation message is *backscatter*. > > There is backscatter and then there is *BACKSCATTER*. > > If an active and busy verifiably confirmed mailing list sends out > confirmations to addresses which are subscribing and sends out those > confirmations in a healthy fashion, the occasional forged subscribe will > not cause any problems for the following reasons: > > - spamcop reporters are not supposed to report confirmatories, but I > can't find that in the faq > > - a forge subscribed spamtrap might report a confirmatory which would > count as a numerator to the blocklist, but the denominator of a mailing > list should be large ...and that is assuming that the forger can figure out the email address of the spamtrap. If this was easy, those spammers who attack spamcop in all sorts of creative and varied ways would do the following: [1] Listwash their spam lists so as to be able to spam without hitting any spamtraps. [2] every couple of days, forge-subscribe another spamtrap to a well-known confirmed opt-in mailing list, thus hurting spamcop's reputation. We might not notice [1] right away, but if [2] was happening, it would be a major topic of discussion here. My conclusion is that finding and spamtraps is hard to do without gathering a much larger number of human email addresses. And even if I am wrong, your argument above is valid, and the large denominator should limit damage. > - the concepts of the formula for using the numerator of hits against > the denominator of reputation or traffic points is described here > http://www.spamcop.net/fom-serve/cache/297.html How the SCBL Works -- The > system currently operates based on these rules: > >> So in this case, our listserv was sending "your message has been >> forwarded to a list moderator for approval" > > That is a completely different and unhealthy kind of backscatter which > is quite different from subscribe confirmations. Indeed it is. One huge difference is that a well run mailing list will send me a single confirmation request even if there are thousands of attempts to forge-subscribe me in a short period of time. I doubt that this is true of the messages described above. > Healthy mailing lists do not hit spamtraps in sufficient numbers to get > blocklisted because they have traffic or reputation points to prevent > that. Healthy mailing lists do not hit anything, reporters or traps, to > get blocklisted. > > Unhealthy or dirty lists hit all kinds of reporters and traps in > sufficient numbers to get blocklisted, and then they start crying about > insignificant causes of minor and non-problems for the healthy list > being 'unfair' to the unhealthy list -- when in reality it is the > unhealthiness of the list management and server management process which > is the problem -- not the unfairness of confirmatories hitting a > spamtrap occasionally. AKA "My drinking isn't the problem; it's your complaining about my drinking that's the problem..." From nobody at devnull.spamcop.net Tue Apr 4 20:24:43 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue Apr 4 19:25:10 2006 Subject: [SpamCop-List] Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Technomage Hawke" wrote in message news:e0tvsi$9v5$1@news.spamcop.net... > thants a really good way to miss important points. ====> It's always easy to miss important point; regardless. > > also, some clients are configured for top posting by default. ====> But gee, it only takes two keys to get to either extreme. Plus, as someone else mentioned, the top is where trimming begins anyway if one is going to properly trim, but that's assuming you recall it all and do not have to re-read it to be sure you have the context/s straight. > > lastly, I happen to be blind and would rather NOT have to burn > out my ears > listening to line after line of quoted material or having to > sift through > line after line of text on my braille tty device simply because > someone > decided they were going to quote a 3k line message with a > single sentence > at the end. ====> I always tend to snicker my way through these top/bottom/trimming exercies in debate-futility. I had never given being blind any thought before, but ... I guess it must present a unique set of problems. Are you actually blind, or was that a rhetorical analogy? -- Is top posting REALLY better for the sight impaired? Without the abilty to glance down a few lines for a mental refresher as to the content, it would seem like a bottom post would be better, in particular one which was properly trimmed and "contextualized" as I think Mike E calls it. No? Else, you may be responding to a different arm of the thread. No? Especially in a long thread, how do you know which of the many arms of a thread you may be adding a response to? -- I can see where the lack of trimming could be a problem, sometimes a big problem, and I would pass on the post rather than suffer thru it, but a properly trimmed post seems like by far the opportune setup for a bottom posting. No? It just happens that I'm a product of the "old boys days" where posting in my culture at that time required top posting. But I do try to adhere to the "When in Rome..." addage, and I dont' really find it any big deal, really. Two keys and I'm at the bottom; two more and I'm back at the top. So, when in Rome and all that, it's fine with me. Well, except for the times I still forget and get reamed out for it ;-0. But that's life, as they say. I've come to believe that trimming and inline reponses are the most convenient, actually. Mostly I just try to follow whatever sequence has already been started or is in use. > > so why not be a good sport and put that tar brush away before > you do > something stupid with it? ====> It's just a discussion; important to some, meaningless to others, and often just plain interesting to me. I would be interested in your clarified thoughts on posting positions if you actually are sight impaired. But, since it's off topic, it probably deserves either its own thread or a clearly delineated subject line. ... Pop -- Few women admit their age even fewer men act theirs * Stolen from another; source unknown From nobody at devnull.spamcop.net Tue Apr 4 20:38:19 2006 From: nobody at devnull.spamcop.net (POP) Date: Tue Apr 4 19:40:04 2006 Subject: [SpamCop-List] Drifting OT: Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Jeff G." wrote in message news:e0uevg$ke2$1@news.spamcop.net... > POP wrote: >> OK, plonk me; I don't want your responses anyway and they'd >> use >> less real estate that way. > > Please stop top posting, as it is considered bad > netiquette and > gets the conversation out of order. Please snip out any > unnecessary ... I concur. Perhaps the "contextualization" ruined a point I was making. The post that was in response to, was one of those rude/crudes and directionless posts threatening to plonk the next person who top posted or something akin to that. So, I purposely made a glaring top post for the person. I thought it would be pretty clear what I was doing, but I guess that wasn't so. FWIW, other than when I forget, as I was weaned on top posting, I always do bottom post. More often than not though, unless I'm the first to respond, I'll do what the poster/s before me did in other groups. I find that most people in the groups I frequent seem to do it that way and often top posting is actually preferred. Yeah, I know all the arguements both ways; no need to edumicate me. Personally I find the top/bottom/trimming debates and discussions to be interesting and even comedic at times and I'll usually follow them for at least a few levels. Actually, I find it particularly interesting when I come across some folk who will actually take mixed posts and re-organize it to be homogeneous with bottom posting. I've never seen anyone do it for top posting, though. Especially when a debate begins to go off topic, and again especially when it's totally off topic to the OP's post, it gets even more comedic the lengths people will go to in order to defend one methodology over another. I'm using "comedy" here in the Webster sense, not meaning comical, BTW. Oh well; on to more productive efforts now. Regards, Pop From CBXXX at webtv.net Tue Apr 4 21:38:46 2006 From: CBXXX at webtv.net (CBXXX@webtv.net) Date: Tue Apr 4 20:50:02 2006 Subject: [SpamCop-List] Re: Different reports from SC References: Message-ID: <3358-44331196-60@storefull-3258.bay.webtv.net> Ok,i'll try to be more specific.When I report to SC from address 1,2 and 4 each has it's own reporting address to SC.If i report say 5 different spam seperately from an address (1,2 or 4 ) I get 5 seperate emails back.If I click on the fiirst one and hit submit,it brings me to another page that has a 'do you want to report another spam" REPORT! When I hit report it brings me to a page that allows me to hit submit the new spam.This can be done for ALL the spam I've reported from that address.If i then open the next email From SC the submit address is not highlighted any more (meaning the spam has been reported by doing it from the first email.Now I have user #3 in which this does NOT happen.No matter how many emails I report,when I get the return emails,it never has the "do you want to report another spam" REPORT part on the page after submit so I have to go to each seperate email.Just wondering why this is on just one of 4 user reporting address's? From MikeE at ster.invalid Tue Apr 4 18:58:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 21:00:02 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: POP wrote: > ====> But gee, it only takes two keys to get to either extreme. But the really important thing is that two keys doesn't get the trimming done. We aren't talking about top vs bottom posting on untrimmed cites. We are talking about the immense importance of contextualization for enchancing the quality of communication, to say nothing of its egalitarianism. Trying to communicate effectively in newsgroups is very different from communicating in interpersonal conversations without some kind of physical intermediary intervening such as a computer and keyboard and screen or a telephone. In unimpeded interpersonal communications, there are all kinds of subtle enhancements to the communication -- a quizzical expression meaning to enahance the words and gestures -- a brief interruption of 'but...' -- a 'what?' query -- interlaced. When words are carefully contextualized into a well trimmed response, the very words which precede the response enhance the quality of what is being said in reply. Everyone always thinks that everyone else knows exactly what they are thinking about when they say something -- but a huge barrier to effective communication is that what one person is thinking isn't the same as what another is. Not only is there the Mars vs Venus issue, if you want to focus on John Gray's well written stereotype of men and women and how they think differently, but different women think differently from their sisters, and different men think differently than their brothers, and different races and ethnic groups think differently than some other. And even when brother and sister think the same, their words don't always communicate perfectly what they are thinking. There aren't gestures and body language or quizzical expressions or many other communication modalities in newsgroup conversation. If you think a few emoticons thrown in here or there are going to do very much, you are sadly mistaken. When someone is reading someone else's post and decides to respond and some some particular words 'ringing in their mind' -- they begin to type as if those words were ringing in the mind of the reader. That is a huge mistake. There is no ringing. The reader is temporarily deaf until the words of the new writer begin to soak in. If the new words are assuming a 'thinking wave' which is ringing for the reader the way it is ringing for the writer, there is going to be a huge gap. Top posters seem to be oblivious to the communication gap that exists in newsgroups. They think that the world is a disagreement about top vs bottom posting, like which is prettier, blue or green. They just don't understand what kind of problem they are not addressing. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Tue Apr 4 19:43:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 21:45:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: Aviatrix wrote: > eddie wrote: >> Fascists are right-wingers, but Nazis are left-wingers as in National >> Socialist Party. > > This is factually incorrect. Suggest you find yourself a good book on > 20th century history. This should tell you which side of the political > spectrum the Nazis were on. If we are going to compare and contrast WW II Mussolini's Italian Fascism with the ideology of Hitler's National Socialistic German Workers Party and some Nazism or another of that time -- or perhaps a broader concept of fascism of that era and others with a broader concept of nazism of that era and others -- we are going to be into a long conversation. Things will be a lot simpler if we just compare and contrast WWII German nazism with the Italian fascism of the time. Which will most assuredly be sufficiently complicated. -- Mike Easter kibitzer, not SC admin From not at home.today Wed Apr 5 03:49:06 2006 From: not at home.today (Ant) Date: Tue Apr 4 21:55:03 2006 Subject: [SpamCop-List] Re: List usefulness References: Message-ID: "Gary Warner" wrote: > Is there a different spamcop mailing list that talks about issues of > interest to people who are trying to work together to reduce the amount > of spam in the world? I'm reading this on a news (nntp) server (news.spamcop.net). It has a handful of newsgroups, and I don't know which ones are propagated to the mailing list. Probably only the main "spamcop" group. The topics for discussion are supposed to be about the services provided by SpamCop and the workings thereof. If you want to talk about general spam prevention, perhaps the Spam-L mailing list is what you're looking for. The FAQ is here: http://www.claws-and-paws.com/spam-l/spam-l.html Alternatively, if you'd like to use newsgroups, there is "alt.spam" and "news.admin.net-abuse.email". They should be on any news server which carries groups that are normally considered part of Usenet. > [...] shall one post replies at the beginning of an email, where > readers might actually read it? or at the end of an email [...] Newsgroup discussions are different from email correspondence. Full- quoting below or above what you write is neither appropriate nor appreciated. Quote only what you are responding to, and respond below it. Actually, I would say the same behaviour applies to mailing list discussions. From jg at coks.net Tue Apr 4 20:13:02 2006 From: jg at coks.net (jg) Date: Tue Apr 4 22:10:02 2006 Subject: [SpamCop-List] Whats a hijacked block? Message-ID: http://www.spamcop.net/sc?id=z913415659z012abd9638670cb3487061ba94759015z This was sent to the wife - we share same addys - and she swears she hasn't given out the addy to anyone untoward. Source is Spews2 listed, which goes back to 2003 or so. Source is deru.net, which hosts allmusicmix.info, which could be a legit marketer, but I don't know how to tell exactly. SC shows source as 140.99.186.2, which resolves to lpnfz.allmusicmix.info. This is part of a deru.net block which Spews has listed as S1023. The Spews data lists this (and 3 other deru.net blocks) as possible hijacked blocks. I get the feeling this is old news and IPs have been recycled. That a fair guess? IOW, a straight up job? Tnx, jg From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 5 03:19:07 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Apr 4 22:20:03 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: "POP" wrote in news:e0heas$uu6$1 @news.spamcop.net: > > > Old habits die hard ;-) don't they? I remember when... > > > .. they used to actually remove their abusers that same day. MCI/UU/Alter.net used to be more diligent in the beginning. From MikeE at ster.invalid Tue Apr 4 20:36:20 2006 From: MikeE at ster.invalid (Mike Easter) Date: Tue Apr 4 22:40:03 2006 Subject: [SpamCop-List] Re: Whats a hijacked block? References: Message-ID: jg wrote: www.spamcop.net/sc?id=z913415659z012abd9638670cb3487061ba94759015z That is a straightup spam, where the From = the source = the spamvertised site, no abuse [other than the question of its being unsolicited], no forgery. Some would recommend using the remove or unsub -- others would never do that. > This was sent to the wife - we share same addys - and she swears she > hasn't given out the addy to anyone untoward. whatever > Source is Spews2 listed, which goes back to 2003 or so. I would ignore that. > Source is > deru.net, which hosts allmusicmix.info, which could be a legit > marketer, but I don't know how to tell exactly. The website is in the IP block of deru. Not important. > SC shows source as 140.99.186.2, which resolves to > lpnfz.allmusicmix.info. This is part of a deru.net block which Spews > has listed as S1023. The Spews data lists this (and 3 other deru.net > blocks) as possible hijacked blocks. Ignore that old info. > I get the feeling this is old news and IPs have been recycled. > That a fair guess? Yes -- the info is too old and too unimportant to think about. > IOW, a straight up job? I consider straightup spam to be different, more honest. That doesn't mean that it isn't spam or reportable or that you might not exert the full influence of all the notifying you can do upon it -- just that it is different from spam which is sourced from abused proxies and has all kinds of bogus information in the headers. The headers are honest From/source/spamvertiser. Whether or not the spam is spam or the body dishonest or whatever is another subject. -- Mike Easter kibitzer, not SC admin From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 5 03:48:59 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Apr 4 22:50:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: jonah wrote in news:e0rnuj$tkf$1 @news.spamcop.net: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. > Nazi fucks. How hysterical. And how Godwin invoked. You got an IP address to prove your assertions? How about a copy/paste of the bounced message? From redford_stone at INVERSE_OF_COLDmail.com Wed Apr 5 04:01:21 2006 From: redford_stone at INVERSE_OF_COLDmail.com (Redstone) Date: Tue Apr 4 23:05:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "Anonymous" wrote in news:e0s92j$8on$1@news.spamcop.net: > [snip of dizzying verbage] > > I hope this helps... > Okay... no more coffee and candy for Anon here. :-) From edb2000 at spamcop.net Tue Apr 4 21:43:06 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Tue Apr 4 23:45:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: Anonymous wrote: > Marc W. Mengel wrote... > > >>Anonymous wrote: >> >>>You have a bunch of "subscribers" that were gathered by a spambot from >>>webpages, and we both know it. You aren't fooling anyone. >> >>No, I don't. > > > Yes. You do. You have yet to come up with any other plausible way that > your system got the email addresses of spamtraps. You yourself admit that > the odds of hitting one by chance are (in your words) "worse odds than > winning the lottery." Actually, its worse odds than winning the lottery > and being hit by lightning on the same day. You seem to have misread a post, although you quote other parts of it so the article did get through to your newsreader. The email to a spamtrap was NOT email from the list to a subscriber. It was a reply to the purported sender of a message *to* the list. The OP did not indicate whether there is any kind rate-limiting on submissions to the mailing list in question. There may have been many false submissions to the list, a well-known attempt by the real spammer to get the payload delivered to the target in a bounce, or to hit paydirt if the spam is distributed to the entire list. The logical conclusion is that you consider any moderated list which accepts submissions from non-subscribers to be a spammer, prima facie. Or at least must silently divert messages *from* non-subscribers without notification. Yes, it is backscatter, but it is not by any means evidence of any kind that there are spamtrap addresses subscribed to any mailing list. You are out of line with your assumption. -- Don Wannit A paid SpamCop user since 1999 From jg at coks.net Tue Apr 4 21:51:30 2006 From: jg at coks.net (jg) Date: Tue Apr 4 23:50:03 2006 Subject: [SpamCop-List] Re: Whats a hijacked block? In-Reply-To: References: Message-ID: On 4/4/2006 7:36 PM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z913415659z012abd9638670cb3487061ba94759015z > > That is a straightup spam, where the From = the source = the > spamvertised site, no abuse [other than the question of its being > unsolicited], no forgery. Some would recommend using the remove or > unsub -- others would never do that. Think I'll pass on that, this once anyway. > I consider straightup spam to be different, more honest. That doesn't > mean that it isn't spam or reportable or that you might not exert the > full influence of all the notifying you can do upon it -- just that it > is different from spam which is sourced from abused proxies and has all > kinds of bogus information in the headers. The headers are honest > From/source/spamvertiser. Whether or not the spam is spam or the body > dishonest or whatever is another subject. > Thanks, Mike. Dove soap is harmless enough no matter who its in bed with, errr, never mind. From vxpy7do02 at sneakemail.com Tue Apr 4 22:12:20 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Wed Apr 5 00:15:02 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "POP" wrote in message news:e0uv7d$uol$1@news.spamcop.net... > "Technomage Hawke" wrote in message > news:e0tvsi$9v5$1@news.spamcop.net... >> thants a really good way to miss important points. > > ====> It's always easy to miss important point; regardless. >> >> also, some clients are configured for top posting by default. > > ====> But gee, it only takes two keys to get to either extreme. Plus, as > someone else mentioned, the top is where trimming begins anyway if one is > going to properly trim, but that's assuming you recall it all and do not > have to re-read it to be sure you have the context/s straight. >> >> lastly, I happen to be blind and would rather NOT have to burn out my >> ears >> listening to line after line of quoted material or having to sift through >> line after line of text on my braille tty device simply because someone >> decided they were going to quote a 3k line message with a single sentence >> at the end. > > ====> I always tend to snicker my way through these top/bottom/trimming > exercies in debate-futility. > I had never given being blind any thought before, but ... I guess it > must present a unique set of problems. Are you actually blind, or was > that a rhetorical analogy? > > -- Is top posting REALLY better for the sight impaired? Without the > abilty to glance down a few lines for a mental refresher as to the > content, it would seem like a bottom post would be better, in particular > one which was properly trimmed and "contextualized" as I think Mike E > calls it. No? > Else, you may be responding to a different arm of the thread. No? > Especially in a long thread, how do you know which of the many arms of a > thread you may be adding a response to? > ** Remember the poster said he was BLIND, not visually impaired - he has to *listen* to all the thread. I think that would really be a crock, especially when so many do not trim. -- A SpamCop user and forum reader, Not Admin *** From jeffg at spamcop.net Wed Apr 5 02:39:25 2006 From: jeffg at spamcop.net (Jeff G.) Date: Wed Apr 5 02:00:13 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <3358-44331196-60@storefull-3258.bay.webtv.net> Message-ID: CBXXX@webtv.net wrote: > Ok,i'll try to be more specific.When I report to SC from address 1,2 > and 4 each has it's own reporting address to SC.If i report say 5 > different spam seperately from an address (1,2 or 4 ) I get 5 > seperate emails back.If I click on the fiirst one and hit submit,it > brings me to another page that has a 'do you want to report another > spam" REPORT! When I hit report it brings me to a page that allows > me to hit submit the new spam.This can be done for ALL the spam I've > reported from that address.If i then open the next email From SC the > submit address is not highlighted any more (meaning the spam has been > reported by doing it from the first email.Now I have user #3 in which > this does NOT happen.No matter how many emails I report,when I get > the return emails,it never has the "do you want to report another > spam" REPORT part on the page after submit so I have to go to each > seperate email.Just wondering why this is on just one of 4 user > reporting address's? This sounds like a job for a SpamCop Admin. Please email the details to service@admin.spamcop.net. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From caroljean52 at yahoo.com Wed Apr 5 01:48:02 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Wed Apr 5 02:50:05 2006 Subject: [SpamCop-List] Vietnamese spammer has moved! Message-ID: Well, I guess this counts as some sort of success. I've been getting spammed regularly for several months by somebody in Vietnam--in Vietnamese. (As far as I can tell, just one person, but an ambitious one.) For about a week or so I hadn't gotten any spam from him. Sorry to say he's back, but I guess it's progress on our end that he's had to switch to a new ISP. Kudos to vnn.vn for dumping him, even if it did take a while. Now let's see if viettel.com.vn are on their toes... Carol Pocatello, Idaho From caroljean52 at yahoo.com Wed Apr 5 01:52:40 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Wed Apr 5 02:55:02 2006 Subject: [SpamCop-List] Re: List usefulness References: Message-ID: "Gary Warner" wrote: > BigEndian vs LittleEndian feuds, like shall one post > replies at the beginning of an email, where readers might actually read > it? or at the end of an email, where readers are forced to re-read all > of the crap that one probably should have deleted before spewing forth > oneself. Well, he's got us on *that* one! Carol From n4jwyfo02 at sneakemail.com Wed Apr 5 09:54:47 2006 From: n4jwyfo02 at sneakemail.com (Aviatrix) Date: Wed Apr 5 03:55:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: Mike Easter wrote: eddie wrote: >> >>>Fascists are right-wingers, but Nazis are left-wingers as in National >>>Socialist Party. I replied >>This is factually incorrect. Suggest you find yourself a good book on >>20th century history. This should tell you which side of the political >>spectrum the Nazis were on. Mike Easter commented > If we are going to compare and contrast WW II Mussolini's Italian > Fascism with the ideology of Hitler's National Socialistic German > Workers Party and some Nazism or another of that time -- or perhaps a > broader concept of fascism of that era and others with a broader concept > of nazism of that era and others -- we are going to be into a long > conversation. My point was actually a lot simpler than that... namely, that despite the "socialist" bit in the name of Hitler's party Nazis are right-wingers, not left-wingers. Socialists (without the "National") were banned and persecuted in the Third Reich. From MikeE at ster.invalid Wed Apr 5 02:25:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 04:30:04 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: Aviatrix wrote: > Mike Easter wrote: >> eddie wrote: >>> >>>> Nazis are left-wingers as in >>>> National Socialist Party. >>> This is factually incorrect. I don't disagree, eddie is wrong to call Nazis left. >> the ideology of Hitler's National Socialistic German >> Workers Party > My point was actually a lot simpler than that... namely, that despite > the "socialist" bit in the name of Hitler's party Nazis are > right-wingers, not left-wingers. Socialists (without the "National") > were banned and persecuted in the Third Reich. Left vs right terminology runs into definitional problems. I don't really think that it simplifies complicated issues. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Wed Apr 5 11:54:39 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Wed Apr 5 04:55:36 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike Easter wrote on Sun, 2 Apr 2006 21:49:03 -0700: > With the mouse: > > Click the "File" menu > Click "Properties" > Click the "Details" tab > Click "Message Source" Or with the keyboard: Ctrl+F3 > Highlight, copy and paste everything from this window (Ctrl-A, Ctrl-C) Or alternatively, right-click on the message, select "Forward as attachment" and send to your secret submit.xxxxxxx@spam.spamcop.net address. From dws at dealing-with-spam.info Wed Apr 5 12:03:16 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Wed Apr 5 05:05:40 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: Doug Thegarden wrote on Mon, 03 Apr 2006 19:02:59 +0100: > Netcraft offers an iPod or equivalent for the top reporter. I do hope > Castlecops are not misusing reports sent to them to generate a few > freebies for themselves. That would be a bit naughty Dunno about them but I wouldn't want an iPod even if I was paid to have it (unless the payment was large enough for me to buy something I could use). AFAIK, the file transfer protocol between the iPod and the host computer is proprietary (ie: not straightforward usb-storage as supported by every present-day O/S I know of), and the device doesn't support the OGG/Vorbis audio format. From MikeE at ster.invalid Wed Apr 5 03:05:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 05:10:13 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: D-W-S wrote: > Mike Easter wrote on Sun, 2 Apr 2006 21:49:03 -0700: > >> With the mouse: >> >> Click the "File" menu >> Click "Properties" >> Click the "Details" tab >> Click "Message Source" > > Or with the keyboard: > > Ctrl+F3 I don't like the ctrl-F3 instructions for OE. If keyboarding it, I recommend alt-enter, ctrl-tab, alt-m to get ready to ctrl-a, ctrl-c >> Highlight, copy and paste everything from this window (Ctrl-A, >> Ctrl-C) ctrl-F3 only works if the message is open or being previewed. I don't recommend either of those conditions for handling spam. The faq describes all 3 of the methods we are discussing here http://www.spamcop.net/fom-serve/cache/119.html How do I get my email program to reveal the full, unmodified email? : Microsoft products : Outlook Express 4, 5 and 6 > Or alternatively, right-click on the message, select "Forward as > attachment" and send to your secret submit.xxxxxxx@spam.spamcop.net > address. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Wed Apr 5 12:08:15 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Wed Apr 5 05:10:21 2006 Subject: [SpamCop-List] Re: Drifting OT: Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: POP wrote on Tue, 4 Apr 2006 19:38:19 -0400: > I thought it would be pretty clear what I was doing, but I guess that > wasn't so. It was to me. Maybe some people need replacement batteries in their irony detectors. From MikeE at ster.invalid Wed Apr 5 03:08:35 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 05:10:31 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike Easter wrote: > D-W-S wrote: >> Ctrl+F3 > > I don't like the ctrl-F3 instructions for OE. Besides, the OP MrBill was using The Bat v3. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Wed Apr 5 12:10:01 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Wed Apr 5 05:10:35 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: anon wrote on Tue, 4 Apr 2006 09:44:52 -0700: > THIS is an excellent reason for trimming as much extraneous material as > possible. > > This is the first time that I have heard a good reason for top posting. It isn't a good reason for top-posting, it's a good reason for trimming. From gezgin at spamcop.net Wed Apr 5 13:16:01 2006 From: gezgin at spamcop.net (gezgin) Date: Wed Apr 5 05:20:24 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "Mike Easter" wrote > Left vs right terminology runs into definitional problems. I don't > really think that it simplifies complicated issues. Definitely. This does however: http://en.wikipedia.org/wiki/The_True_Believer A book that had a profound influence on me as a kid. -- Bob http://www.kanyak.com From nobody at devnull.spamcop.net Wed Apr 5 05:16:15 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Wed Apr 5 05:20:39 2006 Subject: [SpamCop-List] Re: List usefulness References: Message-ID: "Ant" wrote in message news:e0v7pa$4ca$1@news.spamcop.net... > > I'm reading this on a news (nntp) server (news.spamcop.net). It has a > handful of newsgroups, and I don't know which ones are propagated to > the mailing list. Probably only the main "spamcop" group. The topics > for discussion are supposed to be about the services provided by > SpamCop and the workings thereof. http://news.spamcop.net/mailman/listinfo several separate lists From dws at dealing-with-spam.info Wed Apr 5 12:17:32 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Wed Apr 5 05:20:42 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: eddie wrote on Tue, 04 Apr 2006 18:56:26 -0400: > You need to take up deep breathing exercises before you expire from > apoplexy. On second thoughts.... :) From blacklist-me at davjam.org Wed Apr 5 11:41:57 2006 From: blacklist-me at davjam.org (David Bolt) Date: Wed Apr 5 06:05:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: On Wed, 5 Apr 2006, Redstone wrote:- >jonah wrote in news:e0rnuj$tkf$1 >@news.spamcop.net: > >> i sent an email to a merchant asking for information about a specific bb >> gun. And got a bullshit answer that my email had been blocked even >> though i have never spammed anybody. ironically, the company to whom the >> mail was directed are blacklisted by other freedom limiting bullshit >> fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi >> mentality. >> To the maintainers of these pig organizations : fuck you in your storm >> trooper asses. on the other hand that is probably something you coward >> Nazi fucks enjoy. >> > >Nazi fucks. How hysterical. And how Godwin invoked. > >You got an IP address to prove your assertions? How about a copy/paste of >the bounced message? Trolling 101, Trolling for beginners: Post an inflammatory article into a newsgroup, using lots of hot-button phrases, and then sit back and watch the resultant mayhem. Trolling 201, Trolling for intermediate to advanced trolls: Once the mayhem caused starts to dwindle, post extra articles in an attempt to continue the mayhem. Given the contents of their first post, and the fact that they haven't been back to make any subsequent posts, I think this is a definite troll. And my guess is this troll has still to pass their Trolling 101 course since they didn't pick one of the newsgroups on Usenet, instead picking a group where only a few dozen are going to respond. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11 AMD2400(32) 768Mb SUSE 10.0 | Falcon 14Mb TOS 4.02 | A4000 4Mb RISCOS 3.11 AMD2600(64) 512Mb SUSE 10.0 | | RPC600 129Mb RISCOS 3.6 From Kilgallen at SpamCop.net Wed Apr 5 07:30:15 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 5 07:35:08 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: In article , Don Wannit writes: > The logical conclusion is that you consider any moderated list > which accepts submissions from non-subscribers to be a spammer, > prima facie. Or at least must silently divert messages *from* > non-subscribers without notification. No, it could do an SMTP Reject _before_ accepting the message. Just as some people Reject mail from people not on their whitelist. From DougThegarden at invalid.com Wed Apr 5 13:56:49 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Wed Apr 5 08:00:06 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: David Bolt wrote: > > Given the contents of their first post, and the fact that they haven't > been back to make any subsequent posts, I think this is a definite > troll. I've concluded that virtually all of the "Spamcop blocked my e-mails" posts are Trolls although folks dutifully reply to them as if they were genuine, even going to lengths to try to extract domain and IP information the OP never provides. I suspect most of it is a few spammers jerking the strings to have some fun but ICWBW Doug From DougThegarden at invalid.com Wed Apr 5 13:56:49 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Wed Apr 5 08:05:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: David Bolt wrote: > > Given the contents of their first post, and the fact that they haven't > been back to make any subsequent posts, I think this is a definite > troll. I've concluded that virtually all of the "Spamcop blocked my e-mails" posts are Trolls although folks dutifully reply to them as if they were genuine, even going to lengths to try to extract domain and IP information the OP never provides. I suspect most of it is a few spammers jerking the strings to have some fun but ICWBW Doug From porpoise1954 at yahoo.co.uk Wed Apr 5 14:20:07 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 08:25:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: "D-W-S" wrote in message news:slrne371uk.fli.dws@dealing-with-spam.info... > Doug Thegarden wrote on Mon, 03 Apr 2006 19:02:59 +0100: > >> Netcraft offers an iPod or equivalent for the top reporter. I do hope >> Castlecops are not misusing reports sent to them to generate a few >> freebies for themselves. That would be a bit naughty > > Dunno about them but I wouldn't want an iPod even if I was paid to have > it (unless the payment was large enough for me to buy something I could > use). Ditto > > AFAIK, the file transfer protocol between the iPod and the host computer > is proprietary (ie: not straightforward usb-storage as supported by > every present-day O/S I know of), and the device doesn't support the > OGG/Vorbis audio format. Or the .WAV or .CDA formats - which would enable them to be played on virtually anything. From porpoise1954 at yahoo.co.uk Wed Apr 5 14:34:02 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 08:35:03 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Just for TH's benefit, I've trimmed and contextualised my comments but brought them all up the top here to make easier for him to find: ********************************* Or even more so if they are floating in space with no context Configuration menu? What's a configuration menu got to do with it? The procedure under discussion is contextualising by use of the correct trim and attribute procedure so as to put comments into a context that makes sense to someone reading it who maybe wasn't party to the thread. How so? Even more difficult to make sense of replies with no context I would have thought. True, but it's readability and context we're discussing. Sorry to hear that. Of course. I understand that but is this really easier to make sense of? *********************************** Now that I've read my responses floating up here, they don't even make sense to me any more........ "Technomage Hawke" wrote in message news:e10151$ilf$1@news.spamcop.net... > well, having a "====>" makes it easier to find things. so lets see what I > can find. :) > > POP wrote: > >> >> ====> It's always easy to miss important point; regardless. > > more so if they are BURIED in massive amounts of text, don't you think? >> >> ====> But gee, it only takes two keys to get to either extreme. >> Plus, as someone else mentioned, the top is where trimming begins >> anyway if one is going to properly trim, but that's assuming you >> recall it all and do not have to re-read it to be sure you have >> the context/s straight. > > in some clients, its a lot more than 2 keys (in the case of kmail, its 10 > keys and a half dozen additional combination key-sets just to get to the > right configuration menu. > >> >> -- Is top posting REALLY better for the sight impaired? Without >> the abilty to glance down a few lines for a mental refresher as >> to the content, it would seem like a bottom post would be better, >> in particular one which was properly trimmed and "contextualized" >> as I think Mike E calls it. No? >> Else, you may be responding to a different arm of the thread. >> No? >> Especially in a long thread, how do you know which of the many >> arms of a thread you may be adding a response to? > > in this case, the differing arms of the thread are usually split off prior > to this point.... so, then tend to be easier to follow (and this break > point was a bitch to find). > >> >> -- I can see where the lack of trimming could be a problem, >> sometimes a big problem, and I would pass on the post rather than >> suffer thru it, but a properly trimmed post seems like by far the >> opportune setup for a bottom posting. No? > > I usually do just that. of its too much of a problem trying to locate the > unquoted text, I kill it off in the ignore pile (I have missed some real > gems that way and lost much useful info in the process). > >> >> It just happens that I'm a product of the "old boys days" where >> posting in my culture at that time required top posting. But I >> do try to adhere to the "When in Rome..." addage, and I dont' >> really find it any big deal, really. Two keys and I'm at the >> bottom; two more and I'm back at the top. So, when in Rome and >> all that, it's fine with me. >> Well, except for the times I still forget and get reamed out >> for it ;-0. But that's life, as they say. I've come to believe >> that trimming and inline reponses are the most convenient, >> actually. Mostly I just try to follow whatever sequence has >> already been started or is in use. > > well, the RFC's governing newsgroup "nettiquette" are strictly guidelines. > they are not carved in stone laws that must be adhered to without > exception > (and such laws generally are repealed when they become overburdensome to > the people). > > >> >> ====> It's just a discussion; important to some, meaningless to >> others, and often just plain interesting to me. >> >> I would be interested in your clarified thoughts on posting >> positions if you actually are sight impaired. But, since it's >> off topic, it probably deserves either its own thread or a >> clearly delineated subject line. >> ... > there is no "IF" about it. I am totally blind since an incident with a > drunk > driver in 1989 caused problems that later resulted in both eyes being > removed and socket implants being installed. if you want to read up on > sich > things, I suggest a google search with the following terms: > blindness+artificial+eyes+implants > > as for clarity, what works for me may not always be the case for anyone > else. > > btw, it took me 6 minutes to read this in braille and another 15 trying to > figure out where to put all the responses. that give you any idea? > From porpoise1954 at yahoo.co.uk Wed Apr 5 14:35:24 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 08:40:02 2006 Subject: [SpamCop-List] Re: Drifting OT: Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "D-W-S" wrote in message news:slrne3727v.fli.dws@dealing-with-spam.info... > POP wrote on Tue, 4 Apr 2006 19:38:19 -0400: > >> I thought it would be pretty clear what I was doing, but I guess that >> wasn't so. > > It was to me. Maybe some people need replacement batteries in their > irony detectors. > Must be Yanks - they don't understand irony....... ;-) From porpoise1954 at yahoo.co.uk Wed Apr 5 14:43:09 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 08:45:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Correct. but window opening with cursor positioned at the top does not = configured for top-posting by default. Nowhere in the configuration does it say you have to start typing at the position the cursor appears, or that you can't move it before typing. From nobody at devnull.spamcop.net Wed Apr 5 11:14:50 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed Apr 5 10:15:02 2006 Subject: [SpamCop-List] OT: Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: I said, That's interesting. You said, "having a "====>" makes it easier to find things". I said, I promise not to drive you nuts with questions, but I am curious. I try to write my web pages with color blindiness in mind and I use that ADA recommendations the best I can, but I never considered having to have the page read to the viewer. Can you recommend a web site, probably ADA, that covers writing for the blind, done by the sighted? I'm not adept at it, but I do try to cover the bases where I can. One of my sites is the local SPCA web site. This gives a new meaning to the importance of ALT tags on a site along with how the descriptions are placed. What happens with the "indent" characters that news readwers place into email quotes? For instance, every line here that you wrote has a greater-then sign in front of it. Do you have to listen to that greater-than being read all over the text? Or is it interpreted somehow? I'll continue inline now. snip You said, > more so if they are BURIED in massive amounts of text, don't > you think? I said, Definitely. I have enough trouble with that in some threads, I can only imagine what it's like trying to ear-ball my way through it! snip > in some clients, its a lot more than 2 keys (in the case of > kmail, its 10 > keys and a half dozen additional combination key-sets just to > get to the > right configuration menu. I said, kmail; interesting, again. This might sound arrogant, but have you considered speech recognition software? I've used it and am getting ready to use it again, in fact, probably within the next year. Once it's properly trained you can use voice commands to get around. I recall using go end, go top, go middle, start mark, stop mark, cut, paste, copy, things like that, along with it interpreting speech to the written text. The learning curve might be a little steep for someone who is blind, but I suspect it's not impossible with the right software. snip > > I *WISH* it were "a rhetorical analogy". care to see a picture > of my scleral > shells that i wear on a daily basis? I said, no thanks, I don't need that. I have enough problems of my own right now, thank you. snip > there is no "IF" about it. I am totally blind since an incident > with a drunk > driver in 1989 caused problems that later resulted in both eyes > being > removed and socket implants being installed. if you want to > read up on sich > things, I suggest a google search with the following terms: > blindness+artificial+eyes+implants I said, I may just do that, but I have to admit my interests run more toward the technology assistance routes. I'm disabled and retired because of it, so my interests these days and my life goals are all along the lines of giving back what I still can while I can. Thus my interest the last several years in problems such as yours and others. When I can function well I'm big on the volunteer end of things as long as I can do them sitting on my butt! > > as for clarity, what works for me may not always be the case > for anyone > else. > > btw, it took me 6 minutes to read this in braille and another > 15 trying to > figure out where to put all the responses. that give you any > idea? I said, Oh, I thought it was being read to you. I'd be interested in hearing more of a description of your process in reading and resonding to an email, along with reading a web page too. I wondered earlier why you typed "of" when you meant "or". Just curious: Did I come any closer to making this an understandable post? Or what? Regards, Pop From mengel at fnal.gov Wed Apr 5 10:36:02 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Wed Apr 5 10:40:04 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Tim McGraw wrote: > Marc W. Mengel wrote: > I have worked at two major US institutions of learning, and it really > sounds like Fermi is an "old school" academic environment where the "big > names" can "demand it now." > > You can bet that they don't browbeat HR that way, and by gum if they > want the heat on in their building on cold weekends, they better not > browbeat physical plant. The last two paragraphs don't agree. The head of a Fermilab experiment has no problem browbeating *anyone*. HR, landscaping, you name it. But they aren't the issue. It's management who are deathly afraid that a directive from the DOE might get flagged as spam and deleted, causing the lab to fail to adhere to some new bit of administrivia and get shut down. Thus we have policies like that we can only tag spam, not discard it. This means you need to teach everything upstream to handle things tagged as spam apropriately, etc. (and when you get it configured wrong, you show up on spamcop :-)) Marc From mengel at fnal.gov Wed Apr 5 10:44:05 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Wed Apr 5 10:45:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Robert Blair wrote: > On Fri, 31 Mar 2006 16:31:13 UTC, "Marc W. Mengel" > wrote: > > >>I'm sorry if my irritation came through as "attitude". This is the >>fifth or sixth time spamcop has listed us, but the first time we >>were able to receive any useful information. So apparently >>the issue is that some of our listserv lists are configured as >>"moderated", which sends a response to the sender of the form "your >>posting has been sent to a moderator..." > > > So why are you sending those "moderated" messages to an email address > that is not subscribed to the list? Seems to me someone needs to > change the procedures for the list. It's already been changed, now that we know what the issue was. It was a misunderstanding of the listserv documentation on our part. We did not know, nor expect, that it was sending such messages, until one of the spamcop deputies told us what sort of message was getting to their spam traps. The *problem* is that it took a *month* to find out what the problem *was*. If our first request for info (via the "dispute the listing" form on the website) had resulted in similar information, this would have been cleared up over a month ago. But the website simiply says that they won't tell you anything about spamtrap hits, which was followed by them in fact not telling us anything... Why would we think it would do us any good to pursue it further? Marc From mengel at fnal.gov Wed Apr 5 10:56:29 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Wed Apr 5 11:00:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Anonymous wrote: > Marc W. Mengel wrote... > > >>So apparently the issue is that some of our listserv lists are configured >>as "moderated", which sends a response to the sender of the form "your >>posting has been sent to a moderator..." > > > If the above was true you would never be listed. The issue is that > some of our listserv lists send responses to email addresses that > are *not* senders of email to you, but are instead spamtraps that > never subscribed in the first place and that never send any email > of any kind. You seem supremely resistant to any suggestion that > you stop sending email to addresses that never asked for your email, > and as long as you refuse to do that, your email will be blocked > by those who don't want your email. Actions have consequences. I'm not resistant at all. It's already fixed. My only concern was to finding out where the messages were coming from. > >>Sure. But they shouldn't have to. I should be able to find out what >>sort of crud is getting though our gateway so I can stop it. > > Yes. You should be able to do that. Alas, that isn't what you are > asking for here. You are asking to be able to find that small subset > of the crud you send that hits the spamtraps of one particular blocklist > without doing anything about the crud you send that hits humans. You misunderstand me then. >>I was trying to point out that the automated system, as it stands, does >>not provide the information that is needed to help discover the cause >>of a problem, or to fix it, > > > You have been told how to fix it again and again. Would you like me to > give you the URLs for a fourth time? The URL's you provided, aside from being things we already do, would not have fixed this problem. If you were paying attention, you would have seen that. > >>and that simply listing someone without telling them why is not helpful. > > > I find it to be very helpful indeed. It stops people like you (that is to > say, people who send email to those who don't want it) from sending email > to me, and it stops people like you from cleaning the spamtraps off of > their mailing lists while keeping my email address on the lists. > > >>However, I was also genuinely hoping someone here had a constructive >>suggestion (other than "make your list confirmed opt-in" > > > And I was genuinely hoping someone here had a constructive suggestion > for losing weight (other than "eat less and exercise more"). I got over > my disapointment and started hitting the gym three times a week. > I suggest that yoou get over your disapointment and make your list > confirmed opt-in. Or keep getting on blocklists. Those are your only > choices. My point is that the lists we have *are already* confirmed opt-in (those that allow subscription at all, that is). So telling me to configure them that way is #$)(* useless. >>Of course I realize people are skeptical of list-washing. The problem is >>the assumption that "you must be a spammer or you wouldn't be here", >>which is really downright offensive. > > > You send email to email addresses that never asked for your email. > Lots of it. You refuse to stop. You send email to email addresses that > were harvested from webpages by a spambot. Lots of it. You refuse to stop. > Explain in what way you differ from a spammer. We *have* stopped the messages that were reaching the spamtraps. How exactly does that constitute refusal? Marc From edb2000 at spamcop.net Wed Apr 5 08:57:08 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Wed Apr 5 11:00:13 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: Larry Kilgallen wrote: > In article , Don Wannit writes: > > >>The logical conclusion is that you consider any moderated list >>which accepts submissions from non-subscribers to be a spammer, >>prima facie. Or at least must silently divert messages *from* >>non-subscribers without notification. > > > No, it could do an SMTP Reject _before_ accepting the message. > Just as some people Reject mail from people not on their whitelist. An SMTP reject usually means that the message is not accepted, not that it has been redirected awaiting moderator approval. I'm not sure how the SMTP protocol fits what you are suggesting. -- Don Wannit A paid SpamCop user since 1999 From DougThegarden at invalid.com Wed Apr 5 17:06:48 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Wed Apr 5 11:10:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails In-Reply-To: References: Message-ID: Porpoise wrote: > >> >> AFAIK, the file transfer protocol between the iPod and the host computer >> is proprietary (ie: not straightforward usb-storage as supported by >> every present-day O/S I know of), and the device doesn't support the >> OGG/Vorbis audio format. > > Or the .WAV or .CDA formats - which would enable them to be played on > virtually anything. Or FLAC or Monkey's Audio or WavPack or Shorten or TTA...... Whatever you cater for there will always be somebody with a format that was missed out. Meanwhile a grand total of 812 people worldwide have signed the OGG/VOrbis petition to Apple but forty million iPod lemmings must be wrong eh? http://www.petitiononline.com/appl1435/petition.html Doug From porpoise1954 at yahoo.co.uk Wed Apr 5 17:12:20 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 11:15:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: "Marc W. Mengel" wrote in message news:e10kkj$u6u$1@news.spamcop.net... > > But they aren't the issue. It's management who are deathly afraid that a > directive from the DOE might get flagged as spam and deleted, causing the > lab to fail to adhere to some new bit of administrivia and get shut down. > Thus we have policies like that we can only tag spam, not discard it. > This means you need to teach everything upstream to handle things tagged > as spam apropriately, etc. (and when you get it configured wrong, > you show up on spamcop :-)) I can't quite visualise how tagging an email can get you on a blocklist....... You would need to be sending it somewhere (that it shouldn't be getting sent), not just tagging it. From MikeE at ster.invalid Wed Apr 5 09:15:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 11:20:04 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote: > It's management who are deathly afraid > that a directive from the DOE might get flagged as spam and deleted, Flagging something as spam and deleting it is not a good spam strategy -- that will/can cause wanted goodmail to be lost or 'dropped on the floor'. Those subscribers of spamcop's mail service don't have any flagged spam deleted. My provider EL doesn't delete any known spam without providing the mailbox owner a chance to see it. Gmail doesn't delete any known spam without providing the mailbox owner a chance to see it. My personal client side spamfilter doesn't delete any tagged spam. > Thus we have policies like that we can only tag > spam, not discard it. Fine, as above. The other thing which can be done with some incoming unwanted mail is to server reject it during the smtp transaction so that the legitimate sender knows that the mail failed. Naturally that rejection isn't performed after the mail has been accepted for delivery. > This means you need to teach everything > upstream to handle things tagged as spam apropriately, etc. (and when > you get it configured wrong, you show up on spamcop :-)) Which turns out to be a healthy sequence of events. When some server is backscattering, becoming listed brings it to the attention of those who are in charge of the server's configuration. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 5 09:35:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 11:40:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote: > The *problem* is that it took a *month* to find out what the problem > *was*. question -- Do you have access to the spamcop reports about 131.225.111.12 & .11 rDNS mailgw2.fnal.gov and mailgw1 which are sent to Reporting addresses: abuse@fnal.gov demar@fnal.gov I find it hard to believe that only spamtraps and no reporters were hit in the course of a busy server getting itself blocklisted. Senderbase considers the average daily output magnitude of those servers to be 4.2 each, which estimation is very rough according to some, but which translates to about 16000 mails a day -- with say an order of magnitude inexactitude. All of that mail causes quite a lot of reputation or traffic points for those servers, which makes for them being less likely to become listed by 'light weight' numbers of reports, whether it be by reporters, spamtraps, or both. > If our first request for info (via the "dispute the listing" > form on the website) had resulted in similar information, this would > have been cleared up over a month ago. A deputy could address the 'protocol' for handling that process - but what 'dispute the listing' is likely to trigger is for a deputy to see if the listing has occurred 'in errror'. Where in error means a reporter is reporting something wrong, such as hir own server, or the parser is performing the parse wrong, such as misparsing by breaking the parse chain of Received tracelines prematurely. If there isn't an error, the listing is correct, that is, not in error. Backscatter listings aren't in error. Dispute the listing doesn't mean that the listed is provided 'copies' of spamtrap hit evidence. The business of a server having a backscatter problem is thoroughly addressed in the faq. > But the website simiply says > that they won't tell you anything about spamtrap hits, which was > followed by them in fact not telling us anything... Why would we think > it would do us any good to pursue it further? The problem of servers getting themselves listed by spamtraps which don't generate reports is a problem which gets discussed here frequently. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 5 10:05:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 12:10:02 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Technomage Hawke wrote: > Mike Easter wrote: >> Whether one is visually impaired or not, inadequate trimming or >> so-called 'bottom posting' is undesirable. The opposite of top >> posting isn't bottom posting. The opposite of top posting is >> trimmed and contextualized. > > yet in one of your previous postings, you stated that without making > it clear (thus forcing the assumption). you never mentioned > "contextualized" editing at all. you made it a blanket statement with > no other recourse allowed than bottom posting. perhaps you should > have been a bit more clear on this point? I thought everyone here knew what 'top posting' means. Top posting means untrimmed uncontextualized posting on top. Or so-called 'TOFU' -- text over full quote under -- which is a required corporate email 'requirement' in some companies. Where the top poster is failing to trim and contextualize by pushing down everything, including citation attributions, total accumulated remarks to date, and signatures of all that has previously been accumulated by other top posters, below hir replying post. A total disaster from a conversational point of view. If top posting means untrimmed and uncontextualized, its opposite is trimmed and contextualized. Only top posters think there is any such thing or alternative as 'bottom posting' -- which they frequently bring up when they are debating the issue, as if it were a discussion of 'everyone' failing to perform trimming and contextualizing and then comparing untrimmed non-contextualized bottom posts vs untrimmed non-contextualized top posts. That is not the discussion. That I failed to characterize what top posting means, what untrimmed bottom posting means, and what trimmed and contextualized means doesn't mean that my meaning wasn't clear. My meaning is clarified by every post I make, which is typically aggressively trimmed prior to my contextualized remarks.. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Wed Apr 5 13:16:20 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed Apr 5 12:20:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: ... > > We *have* stopped the messages that were reaching the > spamtraps. > > How exactly does that constitute refusal? > > Marc > And how did you do that? It took a minute to find the post, but earlier you said it wasn't going to happen. Pop From nobody at devnull.spamcop.net Wed Apr 5 13:17:51 2006 From: nobody at devnull.spamcop.net (POP) Date: Wed Apr 5 12:20:11 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: "Porpoise" wrote in message news:e10mq5$vvt$1@news.spamcop.net... > > "Marc W. Mengel" wrote in message > news:e10kkj$u6u$1@news.spamcop.net... >> >> But they aren't the issue. It's management who are deathly >> afraid that a directive from the DOE might get flagged as spam >> and deleted, causing the lab to fail to adhere to some new bit >> of administrivia and get shut down. Thus we have policies like >> that we can only tag spam, not discard it. This means you need >> to teach everything upstream to handle things tagged as spam >> apropriately, etc. (and when you get it configured wrong, >> you show up on spamcop :-)) > > I can't quite visualise how tagging an email can get you on a > blocklist....... You would need to be sending it somewhere > (that it shouldn't be getting sent), not just tagging it. Besides, tagging email is -exactly- what -should- be done to spam, so it can be filed away separately for later reporting, decision making, whatever. Pop From MikeE at ster.invalid Wed Apr 5 10:38:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 12:40:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Mike Easter wrote: > Only top posters think there is any such > thing or alternative as 'bottom posting' -- which they frequently > bring up when they are debating the issue, I should rephrase that. There is such a recognized 'thing' as bottom posting and untrimmed non-contextualized bottom posts are highly undesirable for various reasons, especially since those posts are as non-contextualized and therefore typically just as less accurately responsive as top posting. But, if a multiparty conversational discussion is going on between properly trimming contextualizers and some additional bottom poster in which several citations and attributions are being accumulated, it is easier to fix. It is easier for a trimming contextualizing conversation 'repairer' to restore the conversation which has been 'junked up' by the bottom poster than it is to make such a repair when a top poster has stuck hir destructive remarks in there, because those topposter remarks destroy the sequence of attributions and the order of the dialogue. The only repair that can easily be done when the top poster has intervened with misplaced and non-contextualized remarks is to slash out and remove /everything/ chronologically preceding except what the top poster has said. Maybe that is the subliminal intention of the top poster in the first place -- since I assert that many top post egocentrically and without an appreciation for conversational egalitarianism. They top post without appreciating that a series of conversational elements need to be in the correct order, not ordered with the top poster's remarks on top of everyone else's. >From that perspective, top posting is even worse than bottom posting -- which is definitely much much worse and severly inferior to properly trimmed contextualization -- which is the only thing I am advocating. The top poster likes to argue that top posting is better than bottom posting because it saves all of that scrolling if two non-trimming non-contextualizers are trying to have an upside down conversation with each other. That argument is moot here -- because no one here is advocating such untrimmed non-contextualized bottom posting -- strawman argument. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Wed Apr 5 17:59:21 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed Apr 5 13:00:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: <2XxzlgXM+Ua5@eisner.encompasserve.org> Message-ID: On Tue, 4 Apr 2006 20:56:51 UTC, "Mike Easter" wrote: > > So in this case, our listserv was sending "your message has been > > forwarded to a list moderator for approval" > > That is a completely different and unhealthy kind of backscatter which > is quite different from subscribe confirmations. What mailing list software would send those messages to someone that is not subscribed to the list? Maybe they need to notify the company selling the mailing list software that they have a serious bug in their program. -- Robert Blair From nobody at nowhere.not Wed Apr 5 18:07:32 2006 From: nobody at nowhere.not (Robert Blair) Date: Wed Apr 5 13:10:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: On Wed, 5 Apr 2006 03:43:06 UTC, Don Wannit wrote: > The logical conclusion is that you consider any moderated list > which accepts submissions from non-subscribers to be a spammer, > prima facie. Or at least must silently divert messages *from* > non-subscribers without notification. Why is any message, other than a subscribe confirmation, sent to anyone not currently subscribed to any mailing list? It should be dropped on the floor. My question is why anyone writing mailing list software these days allowing a problem like that to exist? -- Robert Blair From tmcgraw at spamcop.net Wed Apr 5 11:27:22 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 5 13:30:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote: > > It's already been changed, now that we know what the issue was. It was > a misunderstanding of the listserv documentation on our part. We did > not know, nor expect, that it was sending such messages, until one of > the spamcop deputies told us what sort of message was getting to their > spam traps. If you are hosting these lists http://www.fnal.gov/pub/publications/index.html and more, which apparently you are, and you did not know you were sending to spamtraps and people who never heard of Fermi, then I find it hard to muster sympathy. But let's look at the bright side. http://www.senderbase.org/search?searchBy=ipaddress&searchString=131.225.111.11 Mag Vol Change vs. Average Last day 4.3 -67% Last 30 days 3.7 -90% http://www.senderbase.org/search?searchBy=ipaddress&searchString=131.225.111.12 Mag Vol Change vs. Average Last day 4.3 -66% Last 30 days 3.7 -90% You've reduced exposure and dramatically reduced the processing time required from your servers for your multitudinous mailing lists. You're welcome. From tmcgraw at spamcop.net Wed Apr 5 11:48:03 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 5 13:50:03 2006 Subject: [SpamCop-List] ...in the news... Message-ID: Hey y'all, did you know that "Most experts agree that the [blacklists] to be most concerned with are Spamhaus and SpamCop"? http://www.informationweek.com/industries/showArticle.jhtml?articleID=184419792 From wb8tyw at qsl.network Wed Apr 5 15:01:49 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Wed Apr 5 15:05:05 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: In article , "Mike Easter" writes: > Marc W. Mengel wrote: > >> It's management who are deathly afraid >> that a directive from the DOE might get flagged as spam and deleted, The system that you describe is more likely to cause such a directive to be accidently deleted by a user with out either the sender or the receiver realizing it. Currently with the system that you describe, most users will be getting about 7 spam messages for each real message on average, and more when a virus hits. Which means that they are used to deleting a lot of e-mail messages. I have also noticed that on what appears to be a very populer e-mail client for PCs because it is bundled with them, that clicking on the delete icon in the tool bar occasionally deletes more than one message. It is extremely unlikely that a DOE mail server would be an open relay, open proxy or listed as a DHCP server, or listed as a spam source by the sbl.spamhaus.org. If it was, then with your system, the DOE would be getting ZERO feedback about a critical security or configuration problem with their mail server. If you SMTP reject the over 90% of spam that can be reliably detected by the use of conservative blocking lists that are well know to have 0 false positives, Since DOE directives should be coming from the .gov or .mil domains of which I have not yet seen spam spoofing, white listing those domains should be sufficient. > Flagging something as spam and deleting it is not a good spam > strategy -- that will/can cause wanted goodmail to be lost or 'dropped > on the floor'. Of course, but that is what the end-users will do with spam on a mail server that is not pre-screening out from knwon spam services. > >> Thus we have policies like that we can only tag >> spam, not discard it. You should still SMTP reject it if the source I.P. is on an open proxy, or open relay list like sbl-xbl.spamhaus.org, so that if a legitimate server is compromised, at least the sender will know that there is a problem on their side. >> This means you need to teach everything >> upstream to handle things tagged as spam apropriately, etc. (and when >> you get it configured wrong, you show up on spamcop :-)) And other places. From the reports I saw on News.admin.net-abuse.email, the very conservative sbl.spamhaus.org started listing hosts for backscatter at least a few months before spamcop.org did. The sbl.spamhaus.org seems to have started this when an anti-spam/anti-virus turnkey product was introduced that by default sent virus and spam detected notifications as new mail to the known forged addresses that they used. > Which turns out to be a healthy sequence of events. When some server is > backscattering, becoming listed brings it to the attention of those who > are in charge of the server's configuration. Usually the process works a lot faster than it did in this case. Posting the blocked I.P. address in the title of the message also tends to greatly speed up identifying what is happening. History has shown that when only spamcop.net is listing a real mail server, that the causes are usually: 1. SMTP Auth exploit. For some reason that spamware like spamcop.net spamtraps more than others. This has been the most common one that I have seen reported here. 2. Clueless user with an automatic spamfiltering system that feeds and confirms everything it detects as spam to spamcop.net automatically. This happens from one to two times per year. It is one of the side effects of letting end users of a network receive spam that could have easily and reliably been rejected at the mail server. 3. Backscatter from virus scanners, spamfilters and mail servers that generate NDRs instead of SMTP rejects for non-existant users, or users that are over quota. This is the first report that I recall of a mailing list auto-responder hitting enough spamtraps to cause a listing. I have seen them spam other open mailing lists because of them auto-responding to viruses. My guess is that if you use the conservative spam blocking lists and the other items I posted earlier on the input to the auto-responder, it will be unlikely to auto-respond to enough viruses or spam to get listed. It is not pretty to get a report from a mailing list robot about all the syntax errors it found while trying to find a valid command in the binary of a Klez virus that forged my e-mail address. -John wb8tyw@qsl.network Personal Opinion Only From tmcgraw at spamcop.net Wed Apr 5 13:05:52 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Wed Apr 5 15:10:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Tim McGraw wrote: > > If you are hosting these lists http://www.fnal.gov/pub/publications/index.html This gives a better idea: http://tinyurl.com/ksw3p From vxpy7do02 at sneakemail.com Wed Apr 5 13:11:10 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Wed Apr 5 15:15:02 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Technomage Hawke" wrote in message news:e10151$ilf$1@news.spamcop.net... > well, having a "====>" makes it easier to find things. so lets see what I > can find. :) > > POP wrote: > >>> thants a really good way to miss important points. >> >> ====> It's always easy to miss important point; regardless. > > more so if they are BURIED in massive amounts of text, don't you think? > > ** Except when someone else posts a reply to your post - now your "====>" is buried within a lot of unrelated text. -- A SpamCop user and forum reader, Not Admin *** From Kilgallen at SpamCop.net Wed Apr 5 15:50:39 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Wed Apr 5 15:55:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: In article , Don Wannit writes: > Larry Kilgallen wrote: > >> In article , Don Wannit writes: >> >> >>>The logical conclusion is that you consider any moderated list >>>which accepts submissions from non-subscribers to be a spammer, >>>prima facie. Or at least must silently divert messages *from* >>>non-subscribers without notification. >> >> >> No, it could do an SMTP Reject _before_ accepting the message. >> Just as some people Reject mail from people not on their whitelist. > > An SMTP reject usually means that the message is not accepted, not > that it has been redirected awaiting moderator approval. I'm not > sure how the SMTP protocol fits what you are suggesting. Sorry, I was not considering the case that it was actually going to be held for consideration. From amenex at amenex.com Wed Apr 5 22:17:52 2006 From: amenex at amenex.com (George Langford,Sc.D.) Date: Wed Apr 5 16:05:52 2006 Subject: [SpamCop-List] How can I persuade my ISP to reject random-character email addresses ? Message-ID: <44346C40.8070503@amenex.com> When I first signed up with my ISP, I was assigned a username that included my first name and a single-digit number. When I called to ask for technical help, they recognized me as soon as I spoke my username. Then, several years later, my disk space became saturated ... I knew I hadn't uploaded anything much for quite some time, so I inquired. Then they told me my real username ... and that my email account had 15,000 unread messages in it. So I downloaded them over the next couple of days, finding at most ten real emails, including the one explaining that my real username was in fact a catchall for all emails addressed to my domain. Wow, is that ever a bad idea. So my question is: If I can list and perhaps even use in one sentence all the legitimate email addresses that I use or answer to (such as webmaster, hostmaster, abuse, A or B) why can't my ISP simply configure my account to reject all mail that doesn't have one of those names as the addressee ? Would that not eliminate my having (!) to report the 500 bogus emails through SpamCop that come into that box each day ? It certainly isn't reducing the volume of email that I receive to report all of them ... and it doesn't kill them any deader for me to report one or 100 identical ones. amenex in SE PA, searching for a way (or an ISP willing) to reject stupid, randomly generated, illegitimate emails received in the hundreds every day From porpoise1954 at yahoo.co.uk Wed Apr 5 23:03:29 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed Apr 5 17:05:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: "Tim McGraw" wrote in message news:e114ee$83l$1@news.spamcop.net... > Tim McGraw wrote: >> >> If you are hosting these lists >> http://www.fnal.gov/pub/publications/index.html > > This gives a better idea: http://tinyurl.com/ksw3p Ah.. Yes... I see.... No human required! No wonder they've been having problems.. From nobody at devnull.spamcop.net Wed Apr 5 15:52:12 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 17:55:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: Redstone wrote... > Anonymous wrote: > >> [snip of dizzying verbage] >> >> I hope this helps... > > Okay... no more coffee and candy for Anon here. :-) http://www.thinkgeek.com/caffeine/ G.M. ( G u y M a c o n ) From nobody at devnull.spamcop.net Wed Apr 5 15:56:33 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 18:00:03 2006 Subject: [SpamCop-List] [OT] Re: what a bunch of fascist crap References: Message-ID: "Aviatrix" wrote... > Mike Easter wrote: > > eddie wrote: >>> >>>>Fascists are right-wingers, but Nazis are left-wingers as in National >>>>Socialist Party. > > I replied > >>>This is factually incorrect. Suggest you find yourself a good book on >>>20th century history. This should tell you which side of the political >>>spectrum the Nazis were on. > > Mike Easter commented > >> If we are going to compare and contrast WW II Mussolini's Italian >> Fascism with the ideology of Hitler's National Socialistic German >> Workers Party and some Nazism or another of that time -- or perhaps a >> broader concept of fascism of that era and others with a broader concept >> of nazism of that era and others -- we are going to be into a long >> conversation. > > > My point was actually a lot simpler than that... namely, that despite > the "socialist" bit in the name of Hitler's party Nazis are > right-wingers, not left-wingers. Socialists (without the "National") > were banned and persecuted in the Third Reich. I hereby declare "Left|Right Wing" to be a depreciated term. It means different things in different nations with different seating patterns in various national governing bodies. "Conservative/Liberal" has much the same problem. From nobody at devnull.spamcop.net Wed Apr 5 16:01:17 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 18:05:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Porpoise wrote... > Correct. but window opening with cursor positioned at the top does not = > configured for top-posting by default. Nowhere in the configuration does > it say you have to start typing at the position the cursor appears, or > that you can't move it before typing. Or that your "typing" can't start with the delete key or with selecting a block of text for deleting. From nobody at devnull.spamcop.net Wed Apr 5 16:30:58 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 18:35:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: Don Wannit wrote... > Anonymous wrote: >> Marc W. Mengel wrote... >> >>>Anonymous wrote: >>> >>>>You have a bunch of "subscribers" that were gathered by a spambot from >>>>webpages, and we both know it. You aren't fooling anyone. >>> >>>No, I don't. >> >> Yes. You do. You have yet to come up with any other plausible way that >> your system got the email addresses of spamtraps. You yourself admit >> that >> the odds of hitting one by chance are (in your words) "worse odds than >> winning the lottery." Actually, its worse odds than winning the lottery >> and being hit by lightning on the same day. > > You seem to have misread a post, although you quote other parts > of it so the article did get through to your newsreader. > > The email to a spamtrap was NOT email from the list to a subscriber. > It was a reply to the purported sender of a message *to* the list. It is you who seems to have misread a post. You have a theory that there is an email address that is a purported sender of a message to the list and which is also the email address of a spamtrap. Do you have a theory as to how the actual sender (program or human) managed to guess the email address of the spamtrap? > The OP did not indicate whether there is any kind rate-limiting > on submissions to the mailing list in question. There may have > been many false submissions to the list, a well-known attempt > by the real spammer to get the payload delivered to the target > in a bounce, or to hit paydirt if the spam is distributed to the > entire list. Yes, taking an entire "millions of email addresses" CD and sending a forged email in the name of each and thus generating millions of autoreplies would result in some of those autoreplies hitting spamtraps. In that case, the spamtraps will have correctly identified the email list autoresponder as a major spammer that should be listed. If there is any sort of rate-limiting or filtering that reduces those millions of bounces to a few hundred, the odds are pretty low that there will be any spamtraps among the remaining victims. > The logical conclusion is that you consider any moderated list > which accepts submissions from non-subscribers to be a spammer, > prima facie. Or at least must silently divert messages *from* > non-subscribers without notification. If the mailing list operator decides to send an autoresponse to every non-subscriber, it is his responsibility to make sure that he isn't sending the autoresponses to forged addresses. This is not negotiable, and the rest of the world will not accomodate him if he decides that it is OK to send large numbers of autoresponses to forged addresses. > Yes, it is backscatter, but it is not by any means evidence of > any kind that there are spamtrap addresses subscribed to any > mailing list. You are out of line with your assumption. Forged subscription requests, forged submissions from not-members, or any other kind of forgery you might think up -- you haven't come up with a plausible way other than running a spambot and scraping websites (or autoresponding to every email from someone who has done that and is forging those email-addresses) that the mailing list got the email addresses of spamtraps. From nobody at devnull.spamcop.net Wed Apr 5 17:02:12 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 19:05:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote... > Anonymous wrote: > >> You have been told how to fix it again and again. Would you like me to >> give you the URLs for a fourth time? > > The URL's you provided, aside from being things we already do, So now you expect me to believe that you, the person who keeps bleating about "use confirmed opt-in" advice being non-helpful are now claiming that the URLs I provided -- URLs that advise using confirmed opt-in - are now suddenly "things you already do." So, would it be OK with you if I sent a subscription to each of these forms; http://www.fnal.gov/pub/today/subscription.html http://www.fnal.gov/culture/subscription_form.shtml http://www.fnal.gov/pub/presspass/sign_up.html http://www.fnal.gov/orgs/gsa/gsacontacts/fnalgrad.html http://www.google.com/search?&q=site%3Awww.fnal.gov+to-subscribe-to-the http://www.google.com/search?num=100&q=%22send+mail+to+listserv%40fnal.gov%22 ignored the confirmation, and stealth-reported all further email from you to spamcop? After all, if using confirmed opt-in is indeed a "thing you already do", then there won't be any email to report. If the above is *not* OK with you, then I repeat; You have been told how to fix your problem again and again. >>>However, I was also genuinely hoping someone here had a constructive >>>suggestion (other than "make your list confirmed opt-in" >> >> And I was genuinely hoping someone here had a constructive suggestion >> for losing weight (other than "eat less and exercise more"). I got over >> my disapointment and started hitting the gym three times a week. >> I suggest that yoou get over your disapointment and make your list >> confirmed opt-in. Or keep getting on blocklists. Those are your only >> choices. > > My point is that the lists we have *are already* confirmed opt-in (those > that allow subscription at all, that is). I eagerly await your permission to put the above assertion to the test. From nobody at devnull.spamcop.net Wed Apr 5 17:05:32 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 19:10:02 2006 Subject: [SpamCop-List] Re: [META] Ego and top-posting References: Message-ID: Technomage Hawke wrote... > Anonymous wrote: > > >> >> I am reasonably certain that this is the same class of person who >> "converses" by spending the time when the other person is talking >> composing what he is going to say next. > > ok mr. anonymous (or whoever you say you are). why is it that your writing > style is so similar to the poster you replied to? You think that my style is similar to that of Mike Easter? High praise indeed, but I really don't deserve it. G.M. From scamper at trisk.com Wed Apr 5 18:25:29 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Wed Apr 5 19:30:02 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character emailaddresses ? In-Reply-To: References: Message-ID: George Langford,Sc.D. wrote: > When I first signed up with my ISP, I was assigned a username that included > my first name and a single-digit number. When I called to ask for technical > help, they recognized me as soon as I spoke my username. Then, several > years later, my disk space became saturated ... I knew I hadn't uploaded > anything much for quite some time, so I inquired. Then they told me my > real > username ... and that my email account had 15,000 unread messages in it. > So I downloaded them over the next couple of days, finding at most ten real > emails, including the one explaining that my real username was in fact a > catchall for all emails addressed to my domain. Wow, is that ever a bad > idea. Yes it is a very bad idea, however this is not all that uncommon for web-hosting sites to do. > > So my question is: If I can list and perhaps even use in one sentence > all the > legitimate email addresses that I use or answer to (such as webmaster, > hostmaster, abuse, A or B) why can't my ISP simply configure my account to > reject all mail that doesn't have one of those names as the addressee ? They can, if they have half a clue. You might need to visit them with a clue bat to get them to actually do this however. Also, you might look around your hosting provider's website to see if there is any sort of administration tool already provided which will allow you to customize your account regarding what usernames you will accept email for, and which usernames to simply reject or /dev/null > > Would that not eliminate my having (!) to report the 500 bogus emails > through > SpamCop that come into that box each day ? It certainly isn't reducing the > volume of email that I receive to report all of them ... and it doesn't > kill them > any deader for me to report one or 100 identical ones. Suggestion here, as you download your email, have procmail or some other appropriate mail filter create a string which is then save the last 500 of those strings to a cache file. In my procmail recipes I call this the "digestcache". It's impossible for a spammer to manipulate this as they do message id strings, so is more effective at detecting duplicate messages than looking at just the message id. As new messages arrive, calculate the digestcache string, then check to see if the string is already cached. If so, just discard the message, or divert it to a duplicate message folder since you've already have a copy. If it isn't in the file, then add it to the the cache file. When you think about it, there really isn't much point in reporting through spamcop multiple copies of the same message from the same IP number received by the same person. Just one report is enough. Even if the spammer manipulates other header lines, the only one that is really important is the first external IP number. > > amenex in SE PA, searching for a way (or an ISP willing) to reject > stupid, randomly > generated, illegitimate emails received in the hundreds every day > A few years ago, a friend of mine had his web site hosted by a hosting company that did exactly the same thing to him as what is happening to you. They had a wild card username being routed to his admin account. When spammers send email to such a website, and are doing a dictionary attack, what happens is the bots they use add every single bogus username to their lists as a valid recipient address. I remember one day where he woke up to a full mailbox (10meg) that arrived overnight. He was rather upset over that. After about two to three months of this, the hosting company actually had the nerve to suspend his account due to "excessive bandwidth usage" because of the volume of email he was receiving. Needless to say, he got that decision reversed. A few months later, I convinced him to move off that hosting site and begin doing his own management of his domain. By this I mean, everything, including running his own DNS. Once we did that and were able to see all of the activity in his logs, we found that his mail volume was staggering. The logs showed that his site was rejecting about 10,000 to 15,000 email attempts per day, most of the attempts to user names that did not exist. He was the only active user on his domain, so this volume was completely ridiculous. So, apparently his former hosting company unnecessarily created for him a huge problem using this wild card username accept. It's several years later now, and his mail logs show the rejects have dropped to around 1000 per day now, which we figure is left over from that former bad management of his former hosting provider. All that said, what I would recommend is that if your hosting company doesn't comply with your wishes, then it may be time to move to a more competent provider, or start doing the management of your servers yourself if that is feasible. This is so that you have complete control of what your servers are doing and so you can see what is really going on with the spam, firewall logs etc. If this sort of thing gets bad enough it can make a domain completely unusable given enough time, especially if you have limited resources to provide more servers and bandwidth. Just my opinion :) Garen From nobody at devnull.spamcop.net Wed Apr 5 17:32:39 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Wed Apr 5 19:35:03 2006 Subject: [SpamCop-List] Re: [OT] blindness References: Message-ID: POP wrote... > Can you recommend a web site, probably ADA, that covers writing for the > blind, done by the sighted? I would like to test my webpages by turning off my monitor and navigating with the tools used by the blind. The last time I looked, the available tools were all DOS-based or very expensive. Does anyone know of a good tool that runs under Linux or Windows? -- G.M. From MikeE at ster.invalid Wed Apr 5 17:45:31 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 19:50:04 2006 Subject: [SpamCop-List] Re: [META] Ego and top-posting References: Message-ID: Anonymous wrote: > Technomage Hawke wrote... >> ok mr. anonymous (or whoever you say you are). why is it that your >> writing style is so similar to the poster you replied to? > > You think that my style is similar to that of Mike Easter? > High praise indeed, but I really don't deserve it. Huh? I must've been asleep somewhere in there. I didn't realize that I/we was/were being accused of being sock puppeteer. Hey, Technomage. The way I recommend to research that 'thought' or accusation is to look back at posting history and IP address of the alleged sockpuppet posting entities. By reading Anonymous posts and the associated IP source and then comparing and contrasting with my posts and IP source, you will find a very consistent pattern of Anonymus routinely posting from an IP address which is quite different from mine, which is also consistent. In addition, I think what I call 'handwriting' -- which you refer to as 'writing style' -- is also significantly different. The handwriting is often more valuable than the technical elements if you suspect someone of morphing. I tend to be windy and verbose and make typos and 'mis-statements' because I'm a fast but somewhat inaccurate typist and I don't enjoy proofreading -- whereas Anonymous isn't nearly as windy, but windier than some and not nearly as likely to make typos and errors. Maybe there's either some proofreading there or more care with the first 'draft'. There are plenty of posts from both of those two different handles around here to research to figure it out. And, it would be much better to figure it out before accusing it. That's kinda rude. -- Mike Easter kibitzer, not SC admin From invalid-mail at mail298378263788.com Thu Apr 6 02:46:59 2006 From: invalid-mail at mail298378263788.com (Walter B. Rasmann) Date: Wed Apr 5 19:50:15 2006 Subject: [SpamCop-List] SpamCop Name Resolution Problem Message-ID: Hello, I was recently trying to report some spam and encountered the following problem: > Resolving link obfuscation > http://bqlvcd.vitalwag.net/ > Host bqlvcd.vitalwag.net (checking ip) IP not found ; bqlvcd.vitalwag.net discarded as fake. > Tracking link: http://bqlvcd.vitalwag.net/ > No recent reports, no history available > Cannot resolve http://bqlvcd.vitalwag.net/ However, I can resolve the advertised address (bqlvcd.vitalwag.net, 218.24.148.105) and also view it. Is there some DNS problem? From me at privacy.net Thu Apr 6 00:52:19 2006 From: me at privacy.net (Michael R N Dolbear) Date: Wed Apr 5 19:55:04 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: <01c65905$475ca400$LocalHost@default> John E. Malmberg wrote [...] > Since DOE directives should be coming from the .gov or .mil domains of which > I have not yet seen spam spoofing, white listing those domains should > be sufficient. Hee ! I have seen such (it was a phish) and that is why irs.gov, like ebay.com is now on my blacklist. -- Mike D From me at privacy.net Thu Apr 6 00:52:21 2006 From: me at privacy.net (Michael R N Dolbear) Date: Wed Apr 5 19:55:09 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: <01c65907$9b97d560$LocalHost@default> Mike Easter wrote [...] > easier to fix. It is easier for a trimming contextualizing conversation > 'repairer' to restore the conversation which has been 'junked up' by the > bottom poster than it is to make such a repair when a top poster has > stuck hir destructive remarks in there, because those topposter remarks > destroy the sequence of attributions and the order of the dialogue. If I consider a top poster's remarks worth attention and reply I usually also find it easy to trim and edit those remarks into the position they should have occupied. Am I unusual ? I am also a poster to a list/board/private news server where the owner's rule is "new text on the first page" where this may be a top post and trim, "interspersed", or "see bottom". Works well enough and avoids wasting time on empty posts. -- Mike D From not at home.today Thu Apr 6 03:06:31 2006 From: not at home.today (Ant) Date: Wed Apr 5 21:20:03 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "anon" wrote: > Remember the poster said he was BLIND, not visually impaired - he has to > *listen* to all the thread. > > I think that would really be a crock, especially when so many do not trim. Yet you still quoted approx 40 lines. From not at home.today Thu Apr 6 03:08:10 2006 From: not at home.today (Ant) Date: Wed Apr 5 21:20:16 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Porpoise" wrote: > Just for TH's benefit, I've trimmed and contextualised my comments but > brought them all up the top here to make easier for him to find: And I've put them (marked with a vertical bar) back into context, and trimmed the previous quoted material properly. > "Technomage Hawke" wrote: >> POP wrote: >>> ====> It's always easy to miss important point; regardless. >> >> more so if they are BURIED in massive amounts of text, don't you think? | Or even more so if they are floating in space with no context >> [...] half dozen additional combination key-sets just to get to the >> right configuration menu. | Configuration menu? What's a configuration menu got to do with it? The | procedure under discussion is contextualising by use of the correct trim and | attribute procedure so as to put comments into a context that makes sense to | someone reading it who maybe wasn't party to the thread. >> in this case, the differing arms of the thread are usually split off prior >> to this point.... so, then tend to be easier to follow (and this break >> point was a bitch to find). | How so? >> if its too much of a problem trying to locate the >> unquoted text, I kill it off in the ignore pile (I have missed some real >> gems that way and lost much useful info in the process). | Even more difficult to make sense of replies with no context I would have | thought. [nettiquette guidelines] >> (and such laws generally are repealed when they become overburdensome to >> the people). | True, but it's readability and context we're discussing. >> I am totally blind since an incident with a drunk driver | Sorry to hear that. >> as for clarity, what works for me may not always be the case for anyone >> else. | Of course. >> btw, it took me 6 minutes to read this in braille and another 15 trying to >> figure out where to put all the responses. that give you any idea? | I understand that but is this really easier to make sense of? Hopefully, now it is. From MikeE at ster.invalid Wed Apr 5 20:56:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 23:00:03 2006 Subject: [SpamCop-List] Re: SpamCop Name Resolution Problem References: Message-ID: Walter B. Rasmann wrote: > I was recently trying to report some spam and encountered the > following problem: This always takes a fair amount of time to talk about >> Resolving link obfuscation >> http://bqlvcd.vitalwag.net/ Sometimes SC decides to stop at that point and not try to resolve the URL, but in this case it tried. >> Host bqlvcd.vitalwag.net (checking ip) IP not found ; >> bqlvcd.vitalwag.net discarded as fake. Sometimes a URL doesn't resolve because it doesn't resolve for anyone, sometimes it doesn't resolve because it has shabby nameservice, and sometimes a URL doesn't resolve because it specifically doesn't resolve for SC. It is not possible to tell the difference between not resolving specifically for SC and other possibilities, except for the ability to use fancy resolvers to tell when something has shabby nameservice. >> Cannot resolve http://bqlvcd.vitalwag.net/ > > However, I can resolve the advertised address (bqlvcd.vitalwag.net, > 218.24.148.105) and also view it. > > Is there some DNS problem? The link has a nameservice problem rated as F. The easiest way to show you is to paste the entire operation from dnsstuff right here. Time to look up bqlvcd.vitalwag.net A record Generated by www.DNSstuff.com at 02:22:54 GMT on 06 Apr 2006. Searching for bqlvcd.vitalwag.net A record at d.root-servers.net Got referral to K.GTLD-SERVERS.net. [took 15 ms] Searching for bqlvcd.vitalwag.net A record at K.GTLD-SERVERS.net. Got referral to ns2.comradbrick.info. [took 88 ms] [Had to look up A record for ns2.comradbrick.info.; assume 200ms] Searching for bqlvcd.vitalwag.net A record at ns2.comradbrick.info. Timed out. Trying again. Searching for bqlvcd.vitalwag.net A record at ns1.spotmoss.info. Timed out. Trying again. Searching for bqlvcd.vitalwag.net A record at ns2.comradbrick.info. Timed out. Trying again. Searching for bqlvcd.vitalwag.net A record at ns2.spotmoss.info. Reports an answer. Record is: Domain Type Class TTL Answer bqlvcd.vitalwag.net. A IN 600 218.24.148.105 vitalwag.net. NS IN 600 ns2.vitalwag.net. vitalwag.net. NS IN 600 ns1.vitalwag.net. ns1.vitalwag.net. A IN 600 218.24.148.105 ns2.vitalwag.net. A IN 600 218.24.148.105 Looking up at ns1.comradbrick.info.... [Had to look up A record for ns1.comradbrick.info; assume +200ms]...Timed out. Looking up at ns1.spotmoss.info.... [Had to look up A record for ns1.spotmoss.info; assume +200ms]...Timed out. Looking up at ns2.comradbrick.info.... [Had to look up A record for ns2.comradbrick.info; assume +200ms]...Timed out. Looking up at ns2.spotmoss.info.... [Had to look up A record for ns2.spotmoss.info; assume +200ms]...Reports 1 A record(s). 893ms. Average of all 4 nameservers: 1276ms (plus 4547ms overhead). Score: F Took off 3 points for ".net" TLD (extra lookups may be required to find the parent servers). Took off 8 points for having no glue at a parent server [adds 2 extra packets to lookup]. Took off 6 points for having no glue for ns1.comradbrick.info [adds 2 extra packets to lookup]. Took off 15 points for a nameserver timeout at ns1.comradbrick.info (causes lengthy delays and extra packets). Took off 6 points for having no glue for ns1.spotmoss.info [adds 2 extra packets to lookup]. Took off 15 points for a nameserver timeout at ns1.spotmoss.info (causes lengthy delays and extra packets). Took off 6 points for having no glue for ns2.comradbrick.info [adds 2 extra packets to lookup]. Took off 15 points for a nameserver timeout at ns2.comradbrick.info (causes lengthy delays and extra packets). Took off 6 points for having no glue for ns2.spotmoss.info [adds 2 extra packets to lookup]. Took off 2 points since ns2.spotmoss.info allows recursive lookups (if lots of people are using the server, it can slow down). Took off 25 points for >700ms average response time. So, what is going on there is that the URL/name has terrible nameservice, with 3 of the nameservers timing out. You can't tell the difference if SC is specifically blocked from a problem nameservice or if SC just got tired of waiting. But, it doesn't really matter anyway. The IP 218.24.148.105 no rDNS of CNC group Liaoning province is spamhaus listed anyway, which means that said notify abuse@cnc-noc.net is a total waste of time. The spamhaus listing SBL39878 is for Yambo Financials -- which is a ROKSO [register of known spam operations] listed at spamhaus. So, the .cn provider is providing webspace to a known professional spam operator which has been terminated by a minimum of 3 Internet Service Providers for spam offenses. That means that the spam friendly blackhat .cn provider isn't going to be responsive to the notify that SC had trouble resolving. The resolution is a waste of time. The notification would be a waste of time. There is no consequence to being notified by SC of a spamvertiser -- unlike the spamcop blocklist for spamsources. You shouldn't be spending time fretting over the non-notification of spamvertiser providers [I say 'spamveriders'] who are non-responsive -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Wed Apr 5 20:58:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Wed Apr 5 23:00:14 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: <01c65907$9b97d560$LocalHost@default> Message-ID: Michael R N Dolbear wrote: > Mike Easter wrote >> because those topposter remarks destroy the sequence of attributions >> and the order of the dialogue. > > If I consider a top poster's remarks worth attention and reply I > usually also find it easy to trim and edit those remarks into the > position they should have occupied. > > Am I unusual ? I have done that as well, but nowadays I just 'slash' everything out below except the top poster. It is more efficient. If someone wants to know what 'we' are talking about besides my trimmed contextualization of the top poster's remarks followed by my own, they can go look it up from the references line or the threading. -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Wed Apr 5 21:15:37 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Wed Apr 5 23:20:03 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: > Yet you still quoted approx 40 lines. ** Yea, I trimmed below and forgot to drastically trim above, thanks. -- A SpamCop user and forum reader, Not Admin *** From g.hyde at bigpond.net.au Thu Apr 6 16:53:53 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Apr 6 01:55:03 2006 Subject: [SpamCop-List] How do I handle the problem of rereported spam? Message-ID: What happened was that I'd copied/pasted the spam, and there was a link which didn't parse the first time around, but which parsed afterwards, as SpamCop said I had unreported spam to report. Until just now, I had no idea that SC treats multiple identical pastes of spam as individuals, instead of as the same spam item. The second report for the spam: http://www.spamcop.net/sc?id=z914179564zd54cc5d2ad6b0b7c5451c3404d732762z The first report, which I'd reported after not having spotted that it was in fact the original spam I'd just pasted in! Oops! http://www.spamcop.net/sc?id=z914180365zb7bd0e2e3dd309ce697a7a3dc116fed7z How do I fix this or is there anything to fix? The first report contains an additional notify address that SC picks up, but I don't know if this is how it's supposed to work, I'd have thought SC would have some kind of identification in place to prevent rereporting of the same spam email twice. Cheers ... Geoffrey Hyde From dws at dealing-with-spam.info Thu Apr 6 11:35:28 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu Apr 6 04:40:40 2006 Subject: [SpamCop-List] Re: [OT] blindness In-Reply-To: References: Message-ID: In spamcop, you wrote: > I would like to test my webpages by turning off my monitor and > navigating with the tools used by the blind. The last time I > looked, the available tools were all DOS-based or very expensive. > Does anyone know of a good tool that runs under Linux or Windows? Run a search for "SpeakEasy". It's a set of tools that patch the Linux kernel for speech synthesis. If you don't want to bother searching then try Slackware Linux - SpeakEasy is supplied with it (but not activated by default). From MikeE at ster.invalid Thu Apr 6 02:36:35 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 6 04:41:23 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: Geoffrey Hyde wrote: > What happened was > SC treats multiple identical > pastes of spam as individuals Yes. > How do I fix this or is there anything to fix? What is wrong is that the source IP 209.200.225.54 rDNS ds00273.lunarpages.com reverse no DNS of Add2Net AKA LunarPages was reported and counted toward the SCbl twice for the same spam instead of once. That IP is currently CBL listed as an open proxy and also SC blocklisted for hitting spamtraps and spamcop reporters about 20 times in the past week. It is scheduled for delisting in about 22 hours and has been listed for less than 24 hours. The proper thing to do for any 'false' report which you can't 'unsend' is to email notify the deputy and the reporting address of the report id of the errant report. Theoretically, if the false report were the 'straw that broke the camel's back' causing the current SCbl listing, a deputy might delist it. In reality I imagine and it appears that without your false report there would be plenty of spamtrap and other reporter reports to cause the IP to be SCbl listed anyway, so the deputy wouldn't be delisting. So, I'm sure someone might say "Forget about it." and someone else might say that you should do the proper thing, if for no other reason to atone or perform 'penance' for your misdeed and because it is the right thing to do according to the rules. In real life and in fact, if in fact your false report hadn't been sent, the situation would be exactly the same as it currently is. > The first report > contains an additional notify address that SC picks up, Everytime SC parses a spam, the same spam twice or thrice or however many times, SC might or might not resolve a spamvertised link. Everytime SC parses a spam which is stored with a tracker, and the spam is reparsed, SC might or might not resolve its spamvertised link. This condition has been discussed here very many times. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Thu Apr 6 20:01:05 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Apr 6 05:05:37 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: Okay, now what was the preferred deputies address again?? "Mike Easter" wrote in message news:e12jui$7jv$1@news.spamcop.net... > Yes. Cheers ... Geoffrey Hyde From MikeE at ster.invalid Thu Apr 6 03:25:02 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 6 05:25:18 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: Geoffrey Hyde wrote: > Okay, now what was the preferred deputies address again?? deputies spamcop.net. -- Mike Easter kibitzer, not SC admin From porpoise1954 at yahoo.co.uk Thu Apr 6 11:39:30 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Apr 6 05:40:02 2006 Subject: [SpamCop-List] Re: Drifitng OT re blindness Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Ant" wrote in message news:e11q49$pa9$2@news.spamcop.net... > "Porpoise" wrote: > > | I understand that but is this really easier to make sense of? > > Hopefully, now it is. Yes, indeed.... That's the point I was making... :-) From dws at dealing-with-spam.info Thu Apr 6 14:50:22 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu Apr 6 07:55:03 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: Mike Easter wrote on Thu, 6 Apr 2006 02:25:02 -0700: > deputies spamcop.net. deputies at admin dot spamcop dot net From g.hyde at bigpond.net.au Thu Apr 6 23:01:22 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Apr 6 08:05:03 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: "D-W-S" wrote in message news:slrne3a03u.sk.dws@dealing-with-spam.info... > Mike Easter wrote on Thu, 6 Apr 2006 02:25:02 -0700: > >> deputies spamcop.net. > > deputies at admin dot spamcop dot net /me wonders if my email is going to get through or not ... Cheers ... Geoffrey Hyde From nobody at devnull.spamcop.net Thu Apr 6 08:03:48 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Thu Apr 6 08:05:09 2006 Subject: [SpamCop-List] Re: How do I handle the problem of rereported spam? References: Message-ID: "D-W-S" wrote in message news:slrne3a03u.sk.dws@dealing-with-spam.info... > Mike Easter wrote on Thu, 6 Apr 2006 02:25:02 -0700: > > > deputies spamcop.net. > > deputies at admin dot spamcop dot net Both map to the same InBox ... see also How can I contact a SpamCop representative? http://www.spamcop.net/fom-serve/cache/401.html or Where to get Help http://forum.spamcop.net/forums/index.php?act=faq&article=78 From mengel at fnal.gov Thu Apr 6 11:23:16 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Thu Apr 6 11:25:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: <44353264.5000408@fnal.gov> Anonymous wrote: > Yes. You do. You have yet to come up with any other plausible way that > your system got the email addresses of spamtraps. You yourself admit that > the odds of hitting one by chance are (in your words) "worse odds than > winning the lottery." Actually, its worse odds than winning the lottery > and being hit by lightning on the same day. Our listserv system was misconfigured, and was replying to spam messages with a "your message has been forwarded to a moderator" reply. That's how it was hitting spam trap addresses. That misconfiguration has been corrected. > Give me the name of your attorney and I will send him a signed letter > with full contact info repeating my assertions and I will be glad to > see you in court. The Fermilab attorney is: Gary M. Leonard Fermilab Legal Department P.O Box 500, Mail Stop 213 Batavia IL, 60510 If you would like to send him a copy of your statements about the Laboratory, please do so. >>>Stop sending email to those who didn't ask for it. >> >>That's actually what I'm trying to do. You, however, are not helping in >>the least. > > Confirmed opt-in. There's your help, spammer. > Any lists we have that allow subscription *are* confirmed opt-in. That has nothing to do with the problem at hand. But I've told you that already, you simply refuse to comprehend. From nousenetspam at zootal.nospam.com Thu Apr 6 09:23:06 2006 From: nousenetspam at zootal.nospam.com (Matthew L Reed) Date: Thu Apr 6 11:25:20 2006 Subject: [SpamCop-List] Why does SC miss this link? Message-ID: Spam posted in spamcop.spam. The body of the email is: Vilma, http://br.geocities.com/thunderbird39427/ Giovanny Haas Why does SC miss the link? It is a valid, active website. From mengel at fnal.gov Thu Apr 6 11:28:51 2006 From: mengel at fnal.gov (Marc W. Mengel) Date: Thu Apr 6 11:30:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses In-Reply-To: References: Message-ID: Robert Blair wrote: > On Wed, 5 Apr 2006 03:43:06 UTC, Don Wannit > wrote: > > >>The logical conclusion is that you consider any moderated list >>which accepts submissions from non-subscribers to be a spammer, >>prima facie. Or at least must silently divert messages *from* >>non-subscribers without notification. > > > Why is any message, other than a subscribe confirmation, sent to > anyone not currently subscribed to any mailing list? It should be > dropped on the floor. My question is why anyone writing mailing list > software these days allowing a problem like that to exist? There are lots of "public-send" mailing lists -- e.g. support lists for software packages, support lists for central login servers that send to the sysadmins, etc. People on those lissts have their mail filters setup to suitably file stuff that SpamAssasin has flagged... Marc From porpoise1954 at yahoo.co.uk Thu Apr 6 17:41:45 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Thu Apr 6 11:45:02 2006 Subject: [SpamCop-List] sales pitch spam Message-ID: http://www.spamcop.net/sc?id=z914474057zea5f08e550eda98e7a455852e4469a02z Must have decided to just send to "sales" AT All of the To: address on the original were to sales@ various domains (all as To: not BCC:) Clueless........ Another one with funky rDNS........ From tmcgraw at spamcop.net Thu Apr 6 10:00:19 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Thu Apr 6 12:05:03 2006 Subject: [SpamCop-List] Odd subject spam Message-ID: Hardly a day goes by that one doesn't make me chuckle, but this one caught my eye: Subject: Done dreamy backscatter From MikeE at ster.invalid Thu Apr 6 10:00:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 6 12:05:11 2006 Subject: [SpamCop-List] Re: Why does SC miss this link? References: Message-ID: Matthew L Reed wrote: > Spam posted in spamcop.spam. That's not the best way to discuss the parsing of a spam. The best way to discuss is to paste the tracking URL in here, like this: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z914476471z058b02df462f5346e11d25258d5bb129z That tracker I made from submitting your spam and cancelling the report, and on one parsing it shows SC finding the link but not resolving it. Resolving link obfuscation http://br.geocities.com/thunderbird39427/ Report Spam to: Re: 209.160.46.168 (Administrator of network where email originates) To: abuse@hopone.net (Notes) SC can resolve the naked URL Parsing input: Routing details for 66.218.77.68 Reporting addresses: network-abuse@cc.yahoo-inc.com > Why does SC miss the link? The parser arbitrarily frequently chooses to not resolve spamvertised links. It also sometimes tries and fails to resolve links. That's the way the algorithm is. Outsiders make guesses at why, but only the algorithm's creator knows the answerx. > It is a valid, active website. Where, exactly? If you are going to use your browser to investigate spamsites, you should be configured very securely and not be allowing scripts to be running. You should also carefully determine the actual website from which the payload is delivered as opposed to whatever was spamvertised. The link deliveries you to a javascripted page which tries to access http://cross-market.biz which doesn't currently resolve for my resolver or for dnsstuff's because both of the nameservers repeatedly time out. So, presently I cannot access the payload site with IE configured with scripting turned off or with Opera 9. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Apr 6 11:02:48 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Thu Apr 6 13:05:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <44353264.5000408@fnal.gov> Message-ID: Marc W. Mengel wrote... > Anonymous wrote: > >> Yes. You do. You have yet to come up with any other plausible way that >> your system got the email addresses of spamtraps. You yourself admit >> that >> the odds of hitting one by chance are (in your words) "worse odds than >> winning the lottery." Actually, its worse odds than winning the lottery >> and being hit by lightning on the same day. > > Our listserv system was misconfigured, and was replying to spam messages > with a "your message has been forwarded to a moderator" reply. That's > how it was hitting spam trap addresses. That misconfiguration has been > corrected. I can interpret the above in one of two ways. To save time, I will reply assuming each, and you can let me know which one applies. Interpretation #1: you are saying that your listserv was replying to every spam and was thus sending out hundreds of thousands of those "your message as been forwarded to a moderator" replies, hitting every forged address. Or, as we like to call it, "spamming." Wow! You Fermilab people have managed to alter the laws of probability! Somehow, against all odds (and I do mean against *all* odds), you managed to get spam forged to appear to be from spamtraps and not a single spam forged to be from any human spamtrap reporter. (If you had, that report would have given you the info you complain that the spamtraps won't give you). Those are unbelievable odds. Unbelievable. Totally unbelievable. Impossible to believe. Did I mention that those odds are unbelievable? Interpretation #2: you are saying that your listserv was only or mostly replying to spam forged to appear to be from spamtraps. Wow! You Fermilab people have the most advanced technology I have ever heard of!! You have a listserv system that replies to spam from spammers who don't know the addresses of the spamtraps (we know this because they spam other mailing lists, many of which send an opt-in confirmation request to the purported sender, and yet none of those other mailing lists gets listed for hitting spamtraps -- only yours does) and yet somehow through some sort of psychic AI manages to guess the unguessable email addresses of the spamtraps! What an extraordinary thing to be able to do! Ask the AI where Bin Laden in hiding, OK? >> Confirmed opt-in. There's your help > >Any lists we have that allow subscription *are* confirmed opt-in. Again I ask, do I have your permission to subscribe a few times, send a few submissions, etc. ignore the first opt-in confirmation, and then to stealth report any further email that you send? If, as you claim, your lists are all confirmed opt-in, there won't be anything to report. > The Fermilab attorney is:[snip] Check with him in about a week, if he doesn't contact you first. Oh, and feel free to explain, in detail, how your system got the email addresses of spamtraps. If your claim is that they were contained in spam, feel free to explain, in detail, how the spammers got the email addresses of spamtraps. Enquiring minds want to know! From nobody at devnull.spamcop.net Thu Apr 6 11:05:19 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Thu Apr 6 13:10:04 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: Marc W. Mengel wrote... > Robert Blair wrote: > >>Don Wannit wrote: >> >>>The logical conclusion is that you consider any moderated list >>>which accepts submissions from non-subscribers to be a spammer, >>>prima facie. Or at least must silently divert messages *from* >>>non-subscribers without notification. >> >> Why is any message, other than a subscribe confirmation, sent to anyone >> not currently subscribed to any mailing list? It should be dropped on >> the floor. My question is why anyone writing mailing list software these >> days allowing a problem like that to exist? > > There are lots of "public-send" mailing lists -- e.g. support lists for > software packages, support lists for central login servers that > send to the sysadmins, etc. People on those lissts have their > mail filters setup to suitably file stuff that SpamAssasin has flagged... Unresponsive. Please answer the question that Robert Blair asked. From MikeE at ster.invalid Thu Apr 6 11:07:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Apr 6 13:10:14 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Mike Easter wrote: > Marc W. Mengel wrote: > >> The *problem* is that it took a *month* to find out what the problem >> *was*. > > question -- Do you have access to the spamcop reports about > 131.225.111.12 & .11 rDNS mailgw2.fnal.gov and mailgw1 which are sent > to > > Reporting addresses: > abuse@fnal.gov > demar@fnal.gov Somehow I never saw an answer to that question. news://news.spamcop.net/e10o3s$120$1@news.spamcop.net -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Thu Apr 6 14:58:33 2006 From: jeffg at spamcop.net (Jeff G.) Date: Thu Apr 6 14:00:03 2006 Subject: [SpamCop-List] Re: HTML Error References: <20060402160015.691.qmail@blade3.cesmail.net> Message-ID: Paul Hunt wrote: > When I am reporting spam, using the form at http:// > mailsc.spamcop.net, and one or more of the addresses gets devnulled > by SC, the next page that is displayed shows up as raw HTML, because > it is formatted incorrectly by SC. > > Example: > >
Using abuse#chase.com@devnull.spamcop.net for > statistical tracking.
> Content-type: text/html; charset=iso-8859-1 > > "http://www.w3.org/TR/html4/loose.dtd"> > > > (etc.) > > Clearly the line: > >
Using abuse#chase.com@devnull.spamcop.net for > statistical tracking.
> > is not in the correct place. I can confirm that the problem exists, but: this appears to be a Reporting issue with all three variations of www, members, and mailsc (so I am redirecting followups); and it only occurs for paying customers if they put devnull'd addresses in the "User Notification ... To:" Textbox and check the Checkbox to its left. Fortunately, the other Reports you asked the Parser to send do actually get sent - you can use the "Back" function of your browser to confirm that and get another "Paste entire spam ..." Textbox. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From vxpy7do02 at sneakemail.com Thu Apr 6 11:59:12 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Apr 6 14:00:10 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <44353264.5000408@fnal.gov> Message-ID: "Marc W. Mengel" wrote in message news:44353264.5000408@fnal.gov... > Anonymous wrote: >> Yes. You do. You have yet to come up with any other plausible way that >> your system got the email addresses of spamtraps. You yourself admit >> that >> the odds of hitting one by chance are (in your words) "worse odds than >> winning the lottery." Actually, its worse odds than winning the lottery >> and being hit by lightning on the same day. > > Our listserv system was misconfigured, and was replying to spam messages > with a "your message has been forwarded to a moderator" reply. That's > how it was hitting spam trap addresses. That misconfiguration has been > corrected. > *** If that is correct, you will not be hitting spam traps - but you WILL STILL BE SENDING TO PEOPLE WHO DO NOT WANT YOUR MAIL . Reports from them will keep you on the SCBL. -- A SpamCop user and forum reader, Not Admin *** From vxpy7do02 at sneakemail.com Thu Apr 6 12:06:22 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Apr 6 14:10:05 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "Technomage Hawke" wrote in message news:e0tvsi$9v5$1@news.spamcop.net... > thants a really good way to miss important points. > > also, some clients are configured for top posting by default. > > lastly, I happen to be blind and would rather NOT have to burn out my ears > listening to line after line of quoted material or having to sift through > line after line of text on my braille tty device simply because someone > decided they were going to quote a 3k line message with a single sentence > at the end. > *** "Reading" the newsgroups by listening - how do you 'scroll' though the list of subjects, etc. to find the new ones that you want to read/listen to and ignore the others? This question is from a sighted person so am completely ignorant of your methods. -- A SpamCop user and forum reader, Not Admin *** From Kilgallen at SpamCop.net Thu Apr 6 14:09:08 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Thu Apr 6 14:10:21 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: In article , "Marc W. Mengel" writes: > There are lots of "public-send" mailing lists -- e.g. support lists for > software packages, support lists for central login servers that > send to the sysadmins, etc. People on those lissts have their > mail filters setup to suitably file stuff that SpamAssasin has flagged... It heartens me to know that the square dance community is so far ahead of software developers on matters of spamfighting. Most of them run Windows! From wb8tyw at qsl.network Thu Apr 6 14:41:27 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 6 14:45:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <44353264.5000408@fnal.gov> Message-ID: In article , "Anonymous" writes: > > Wow! You Fermilab people have managed to alter the laws of probability! > Somehow, against all odds (and I do mean against *all* odds), you managed > to get spam forged to appear to be from spamtraps and not a single spam > forged to be from any human spamtrap reporter. (If you had, that report > would have given you the info you complain that the spamtraps won't give > you). Those are unbelievable odds. Unbelievable. Totally unbelievable. > Impossible to believe. Did I mention that those odds are unbelievable? Not unbelievable. That is the behavior of several viruses that will harvest one or more spamtrap addresses and use them as alleged senders. This type of backscatter listing has happened many times in the past without a human reporter or having the server show up on any other anti-spam list. The spammers using the SMTP-AUTH exploit also tend to get the servers mostly listed by spamcop.net only. I have seen this pattern on this and the spamcop.help forum, and also the web forum for a couple of years. The last sober worm attack that I saw was that apparenly each infected system dictionary attacked only a few mail servers with a forged from address, almost like a coordinated attack to determine how quickly each forged from address resulted in a blocking list entry so that it could be avoided. That sober worm was also targetting mailing lists that allow posts from non-subscribers. The behavior of that sober worm was that it could have easily caused this type of listing. Keep in mind that if a mail server is using the spamcop.net blocking list to reject e-mail, the human reporters using that mail server will not see the spam or backscatter to report. That increases the odds of a spam-trap only listing. There has been some rumors circulating about how spamcop.net spam-trap e-mail addresses are constructed, that are not backed up by any official or un-official postings by deputies. My guess is that there are three types of spamtrap addresses. A. Never seeded anywhere, but ones commonly used in a dictionary attack. B. Obvious and seeded spamtraps, basically something to quicly catch the dumbest of spammers. C. Seeded addresses that are not distinguishable from real ones. And apparently there are countermeasures in place to prevent a spammer doing a binary search to isolate a spamtrap on their list, based on past postings by deputies. -John wb8tyw@qsl.network Personal Opinion Only From nobody at devnull.spamcop.net Thu Apr 6 13:31:04 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Thu Apr 6 15:35:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <44353264.5000408@fnal.gov> Message-ID: John E. Malmberg wrote >Anonymous writes: > >> Wow! You Fermilab people have managed to alter the laws of probability! >> Somehow, against all odds (and I do mean against *all* odds), you managed >> to get spam forged to appear to be from spamtraps and not a single spam >> forged to be from any human spamtrap reporter. (If you had, that report >> would have given you the info you complain that the spamtraps won't give >> you). Those are unbelievable odds. Unbelievable. Totally unbelievable. >> Impossible to believe. Did I mention that those odds are unbelievable? > > Not unbelievable. That is the behavior of several viruses that will > harvest > one or more spamtrap addresses and use them as alleged senders. Please describe -- in detail -- how the viruses managed to harvest spamtrap addresses without harvesting human spam reporter addresses. > This type of backscatter listing has happened many times in the past > without > a human reporter or having the server show up on any other anti-spam list. Do you have any sort of reference so that I can verify this claim? It implies that the folks who are in charge of hiding spamtraps aren't very good at it, and I would like to see some evidence before coming to that conclusion. > The spammers using the SMTP-AUTH exploit also tend to get the servers > mostly listed by spamcop.net only. I don't understand what "also tend to get the servers mostly listed by spamcop.net only" means. Could you rephrase/elaborate? > The last sober worm attack that I saw was that apparently each infected > system dictionary attacked only a few mail servers with a forged from > address, almost like a coordinated attack to determine how quickly each > forged from address resulted in a blocking list entry so that it could > be avoided. I can think of several countermeasures to that scheme. One easy one: the folks who are in charge of hiding spamtraps can create many of them on many servers at a very low cost, so it would be simple to add a bunch of spamtraps that do not result in an instant listing. Only a foolish spamtrap-hider would allow all his spamtraps to be identifiable by them sharing the attribute of causing an instant listing. If the spamtrap- hider is smart, some will and some will not (without reducing the number of instant-listing ones from whatever the optimum number is). Another, somewhat harder to do one: set up some traps that don't report but instead look for a pattern that is likely to signify a binary search, and adapt the listing speeds accordingly. Another: Make some of the spamtraps live on a web page that constantly morphs the spamtrap email address in some difficult-to-predict fashion such as running it through an RC4 encryptor. > Keep in mind that if a mail server is using the spamcop.net blocking list > to reject e-mail, the human reporters using that mail server will not see > the spam or backscatter to report. That increases the odds of a spam-trap > only listing. Good point. I wonder what the percentage is? A possible counterargument would be that the mailing list in question is high traffic and thus should have to hit multiple spamtraps to be listed. > There has been some rumors circulating about how spamcop.net spam-trap > e-mail addresses are constructed, that are not backed up by any official > or un-official postings by deputies. > > My guess is that there are three types of spamtrap addresses. > > A. Never seeded anywhere, but ones commonly used in a dictionary attack. > B. Obvious and seeded spamtraps, basically something to quickly catch > the dumbest of spammers. > C. Seeded addresses that are not distinguishable from real ones. > > And apparently there are countermeasures in place to prevent a spammer > doing a binary search to isolate a spamtrap on their list, based on > past postings by deputies. I can think of several other ways to do that, but I only posted a couple above that would work even if the spammer was aware of them. From dws at dealing-with-spam.info Thu Apr 6 23:39:29 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu Apr 6 16:40:03 2006 Subject: [SpamCop-List] Re: Odd subject spam References: Message-ID: Tim McGraw wrote on Thu, 06 Apr 2006 09:00:19 -0700: > Hardly a day goes by that one doesn't make me chuckle, but this one > caught my eye: > > Subject: Done dreamy backscatter One that made me chuckle the other day was Subject: feces stampede From wb8tyw at qsl.network Thu Apr 6 17:11:12 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Thu Apr 6 17:15:03 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <44353264.5000408@fnal.gov> In article , "Anonymous" writes: > > John E. Malmberg wrote > >>Anonymous writes: >> >> Not unbelievable. That is the behavior of several viruses that will >> harvest one or more spamtrap addresses and use them as alleged senders. > > Please describe -- in detail -- how the viruses managed to harvest > spamtrap addresses without harvesting human spam reporter addresses. How this happens is unknown. What is known is that certain e-mail addresses on the left side of the @ are more commonly used by spammers and viruses than others. It is highly possible that there are domains where there are no valid e-mail addresses because no actual server exists for them. And the domains hosting the spamtraps may not be aware that they are doing so. I know of many places where I can get a free e-mail address or redirector. It is quite possible that there are hundreds of hotmail.com and yahoo.com, and gmail.com addresses that are spamtraps, and these addresses are commonly forged by spammers thinking that hotmail.com and such will be whitelisted. >> This type of backscatter listing has happened many times in the past >> without a human reporter or having the server show up on any other >> anti-spam list. > > Do you have any sort of reference so that I can verify this claim? Just my monitoring the various spamcop.net forums. I do not keep bookmarks of past events. Others here seem to be able to find things like that if they care to comment. I have measured a sober worm generating 40 backscatter messages per second in bursts to a single address. This went on for well over 24 hours. I do not know if my mail server operator blocked the backscatter source or if something else fixed the problem. > It implies that the folks who are in charge of hiding spamtraps aren't > very good at it, and I would like to see some evidence before coming > to that conclusion. Some spamtraps are not designed to be hidden very well. They are designed to be found or guessed by spamware in a dictionary attack. Posters on News.admin.net-abuse.email have stated they have found delivery attempts to message ids by spammers. >> The spammers using the SMTP-AUTH exploit also tend to get the servers >> mostly listed by spamcop.net only. > > I don't understand what "also tend to get the servers mostly listed by > spamcop.net only" means. Could you rephrase/elaborate? What I mean is that the person shows up complaining about the block, and I can not find any other sighting of spam for that mail server than the spamcop.net listing. Normally when a real mail server is blocked, I can usually find recent evidence of spam from it posted on the internet somewhere else, if not more blocking lists listing it. In the cases where I can not, most of the times I used to see a Deputy post that the evidence in the spamtraps showed an SMTP AUTH exploit from weak passwords. Privileged accounts of "TEST" and "BACKUP" with either no passwords or obvious passwords seem to be common choices. Now that backscatter and worm-poop is reportable, it is taking over in what I see the deputies post is the cause when I can not find other evidence. One other factor that is probably contributing to spamtrap only listings is that MAPS seems to have started a similar "QIL" type spamtrap driven list which is quick on/quick off, and that would also prevent spam reporters from seeing some spam sources. Most spam and viruses are also direct to MX from an infected computer on a DHCP zone. Almost all the mail server operators that I know will no longer accept any e-mail from such machines. Spamtraps of course will. >From the original poster's description, apparently someone up high thinks that an important message will come from a machine direct to MX from known DHCP pool even though almost all ISPs in the U.S. providing such service prohibit mail servers on those addresses. As a result, they are probably more likely to accidently delete an important good e-mail lost in the 99.99999% spam and worms that come from those DHCP pools. Or a good mail will be lost because a user could not delete the tagged spam fast enough to stay under quota. As mail server operators learn how to use DNSbls to remove the bulk of the spam and reduce their costs, the spamtrap only driven listings are going to increase. Remember that our objective should be to help mail server operators get off and stay off of anti-spam lists. -John wb8tyw@qsl.network Personal Opinion Only From caroljean52 at yahoo.com Fri Apr 7 04:02:53 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Fri Apr 7 05:05:24 2006 Subject: [SpamCop-List] Diploma mill spam Message-ID: Sigh... For a while there these seemed to be gone after all those Eastern European crooks got busted but just got a new one. The spam was sent from a server in Germany--hey, wasn't Europe supposed to have cracked down on these? (Yeah, right...) But the phone number to call to get your degree is in Tampa. (Gee, Florida. What a surprise.) Can't remember. Was there a government agency that wanted these spams? Or should it go to the local police in Florida? Suggestions? Carol Pocatello, Idaho From porpoise1954 at yahoo.co.uk Fri Apr 7 12:20:09 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Apr 7 06:25:02 2006 Subject: [SpamCop-List] Re: Diploma mill spam References: Message-ID: "caroljean52" wrote in message news:e159ru$nt1$1@news.spamcop.net... > Sigh... For a while there these seemed to be gone after all those Eastern > European crooks got busted but just got a new one. The spam was sent from > a > server in Germany--hey, wasn't Europe supposed to have cracked down on > these? (Yeah, right...) But the phone number to call to get your degree is > in Tampa. (Gee, Florida. What a surprise.) > > Can't remember. Was there a government agency that wanted these spams? Or > should it go to the local police in Florida? Hang on while we get our crystal balls, to get a clue what you're talking about...... Better still, post a tracker so we can *see* what you're talking about. From caroljean52 at yahoo.com Fri Apr 7 05:39:47 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Fri Apr 7 06:40:03 2006 Subject: [SpamCop-List] Re: Diploma mill spam References: Message-ID: "Porpoise" wrote: > Better still, post a tracker so we can *see* what you're talking about. Well, it's just the usual get-a-degree-without-going-to-school scam. I've reported the spam as spam already. But this is something that law enforcement should know about too--just not sure who should get that. But here's the tracker, if you think it will help: http://www.spamcop.net/sc?id=z914938457z91477410d44c7a5636d0a9752cc2b3aez Carol Pocatello, Idaho From porpoise1954 at yahoo.co.uk Fri Apr 7 13:10:33 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Fri Apr 7 07:15:03 2006 Subject: [SpamCop-List] Re: Diploma mill spam References: Message-ID: "caroljean52" wrote in message news:e15fhj$qug$1@news.spamcop.net... > > "Porpoise" wrote: >> Better still, post a tracker so we can *see* what you're talking about. > > Well, it's just the usual get-a-degree-without-going-to-school scam. I've > reported the spam as spam already. But this is something that law > enforcement should know about too--just not sure who should get that. > > But here's the tracker, if you think it will help: > http://www.spamcop.net/sc?id=z914938457z91477410d44c7a5636d0a9752cc2b3aez Well, if you ask a question about something, people need to see the something in order to answer the question about that something. Otherwise, they don't know what the something is that they're being asked about. I'm sure Mike will jump in at some point and analyse it to death for you..... ;-) so I won't bother everyone with my pitiful attempt. From MikeE at ster.invalid Fri Apr 7 05:17:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 7 07:20:05 2006 Subject: [SpamCop-List] Re: Diploma mill spam References: Message-ID: caroljean52 wrote: > I've reported the spam as spam already. But this is something that law > enforcement should know about too--just not sure who should get that. My observations have been that LE is not even interested in something when a genuine crime, such as advance fee fraud, is 'very much afoot'. A foolish acquaintance of mine who also has some connections to LE and security people, got 'involved' with an advance fee fraud scam to the point that he was mailed a check. The check was drawn on the account of someone else who was being scammed in a complex daisy chain operation. In his interactions with the banks involved and LE, there was no interest in working up the case. In this case, the spam's "promotion" or gig takes the form of some unknown person hyping some unnnamed degree entity at some unnamed location and the source isn't traceable since it is a proxy abuse. The payload, as it were, is simply a Tampa FL telno. Even if LE obtained the identity of the telno's account with subpoena power, what would the crime be? Breaking the canspam law? You can't nail that entity for any kind of illegal degree operation because there isn't a degree operation in sight -- all you have is a piece of spam source unknown allegedly promoting some unknown degree entity -- or maybe there isn't really any degree entity -- it is just a wannabe scam -- send me some money and I'll send you a degree, ha ha, fooled you. In order to manufacture a crime out of it, there would have to be a whole sting operation, and it seems to me that LE thinks they have better fish to fry. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Apr 7 05:45:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 7 07:50:02 2006 Subject: [SpamCop-List] Re: Diploma mill spam References: Message-ID: Mike Easter wrote: > A foolish acquaintance of mine who also has some connections to LE and > security people, got 'involved' with an advance fee fraud scam to the > point that he was mailed a check. The check was drawn on the account > of someone else who was being scammed in a complex daisy chain > operation. I misspoke. That operation isn't an advance fee fraud. That is called a 'money laundering mule' scam or something akin to it. But back to diploma mill issues. In the case of 'real' diploma mills, there have been some actions. US http://www.ftc.gov/opa/2003/11/mountainview.htm Court Order Puts Brakes on International License Marketers - FTC v. Mountain View Systems, Ltd., et al. UK http://news.bbc.co.uk/1/hi/education/2829237.stm Bogus degree sites shut down -- Several websites offering fake British degrees for up to ?1,000 each have been closed down following a joint operation in the UK and US. But in those kinds of cases, the diploma mill process was very much evident. In this spam, there isn't evidence of a diploma mill. If anything, there is only an 'opportunity' to expose one's self to being scammed. The US advice about such email scams is to not get involved to the point of getting scammed. There is a higher level of interest if you have actually been scammed and lost money. One place to follow some guidelines is at http://www.ic3.gov/ IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime .. but the main energies of those kinds of operations are for the issues which have victims, not really those who have seen a potential scam. -- Mike Easter kibitzer, not SC admin From amenex at amenex.com Fri Apr 7 16:07:55 2006 From: amenex at amenex.com (George Langford,Sc.D.) Date: Fri Apr 7 09:55:45 2006 Subject: [SpamCop-List] re: How can I persuade my ISP to reject random-character email addresses ? Message-ID: <4436B88B.5010106@amenex.com> When I initiated SpamCop's popping of (99% spammy) emails from my domain's catchall account the other day, I started receiving 500 or so spams a day into my SpamCop Held Mail folder. PIA fer sher. So I asked here how to put an end to that waste of bandwidth. Garen Erdoisa made a helpful reply. My ISP (VoiceNet.com) admin's kindly set up a filter for the catchall email account, and now those oh, so many spams are shifted to the Filtered folder (269 ovvem the first night) where I can delete them wholesale. If only they would simply reject them in the first place ... but my SpamCop account is no longer overwhelmed. I had been under the impression that VoiceNet would be charging me extra to filter my domain's email, but for some inexplicable reason, the filtering of my catchall email is done at no extra charge ... whew. The other day I took the trouble to report about a dozen CitiBank phishes whose source domain included the primary canonical name CitiBank-Group.com or various derivatives. I was amazed that the registrar would accept those names without question (with bogus registration information) and I was worried that I'd found a new career, but happily the sites were shut down that night and the flood of CitiBank phishes stopped ... for now. amenex From jg at coks.net Fri Apr 7 09:39:46 2006 From: jg at coks.net (jg) Date: Fri Apr 7 11:40:06 2006 Subject: [SpamCop-List] google - redirect? Message-ID: http://www.spamcop.net/sc?id=z914823163zc5d2b369c53a151791a152f1259f11e9z Whats up with the google URL involved here? From MikeE at ster.invalid Fri Apr 7 11:01:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 7 13:05:04 2006 Subject: [SpamCop-List] Re: google - redirect? References: Message-ID: jg wrote: www.spamcop.net/sc?id=z914823163zc5d2b369c53a151791a152f1259f11e9z > > Whats up with the google URL involved here? It is a redirect that goes to rand_lc_chr310f63blb3i3il80xx82fxqkffx.pastryia.com which fetches a frame from the path /uzzoo/?cmpid=548&affid=5842 which is at 221.4.247.36 no rDNS at cnc group guangdong which for some reason isn't spewed or spamhaused, but is on the sorbs spam list. SC doesn't interpret the redirect and IDs google which declines SC notifies about that. -- Mike Easter kibitzer, not SC admin From wb8tyw at qsl.network Fri Apr 7 15:54:19 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Fri Apr 7 14:55:03 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character email addresses ? In-Reply-To: References: Message-ID: George Langford,Sc.D. wrote: > I had been under the impression that VoiceNet would be charging me extra to > filter my domain's email, but for some inexplicable reason, the > filtering of my catchall email is done at no extra charge ... whew. They are charging you extra to let the spam in, one way or another. The extra bandwidth, server capacity to let all that spam into their system costs them operational cash that they do not need to spend. So either they are making far less money than they could be on your and other accounts, or they are charging all their accounts more to make up for having their systems set up to be more expensive than they need to be. Either way, I would recommend keeping an eye out for a hosting company that has more of a clue. -John wb8tyw@qsl.network Personal Opinion Only From kenbrody at spamcop.net Fri Apr 7 16:55:32 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Apr 7 16:10:03 2006 Subject: [SpamCop-List] "Fermilab Today" (was Re: "Victim" of Spam-Trap Addresses) References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: <4436C3B4.109C7462@spamcop.net> Anonymous wrote: > > Marc W. Mengel wrote... > > > Anonymous wrote: > > > >> You have been told how to fix it again and again. Would you like me to > >> give you the URLs for a fourth time? > > > > The URL's you provided, aside from being things we already do, > > So now you expect me to believe that you, the person who keeps bleating > about "use confirmed opt-in" advice being non-helpful are now claiming > that the URLs I provided -- URLs that advise using confirmed opt-in - > are now suddenly "things you already do." Check out "Fermilab Today" at: http://www.fnal.gov/pub/today/subscription.html No confirmation is needed to subscribe. The first e-mail I received has the subject "You are now subscribed to the FERMILABTODAY list" and begins: Your subscription to the FERMILABTODAY list (Fermilab Today) has been accepted. And, "unsubscribing" an address that's not subscribed results in _two_ e-mails to the "from" address. One saying you're not subscribed, and the other giving 5 paragraphs full of "Here are a number of possible reasons why you might still be getting mail from the list". > So, would it be OK with you if I sent a subscription to each of these > forms; > > http://www.fnal.gov/pub/today/subscription.html [...] > ignored the confirmation, and stealth-reported all further email from > you to spamcop? After all, if using confirmed opt-in is indeed a > "thing you already do", then there won't be any email to report. I don't know about the others you listed, but this one has no confirmation message, but rather two "welcome" messages. > If the above is *not* OK with you, then I repeat; You have been told how > to fix your problem again and again. [...] > > My point is that the lists we have *are already* confirmed opt-in (those > > that allow subscription at all, that is). > > I eagerly await your permission to put the above assertion to the test. I have just demonstrated otherwise, at least with "Fermilab Today". -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From kenbrody at spamcop.net Fri Apr 7 17:02:01 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Fri Apr 7 16:10:16 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character email addresses? References: Message-ID: <4436C539.EAC3EEF6@spamcop.net> "George Langford,Sc.D." wrote: [...] > So I downloaded them over the next couple of days, finding at most ten real > emails, including the one explaining that my real username was in fact a > catchall for all emails addressed to my domain. Wow, is that ever a bad > idea. > > So my question is: If I can list and perhaps even use in one sentence > all the > legitimate email addresses that I use or answer to (such as webmaster, > hostmaster, abuse, A or B) why can't my ISP simply configure my account to > reject all mail that doesn't have one of those names as the addressee ? They can't "reject random-character email addresses" (as your subject says), but they can remove any "catchall" address, and reject any e-mail sent to a non-existent address. The company that hosts my domains gives me the option of having a catchall address (and choosing which one is that catchall), or not having one at all. [...] -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From MikeE at ster.invalid Fri Apr 7 14:54:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Apr 7 16:55:03 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: posted to spamcop & spamcop.mail, f/ups to spamcop Micheal Espinola Jr wrote: > I perform substantial checks before my own automated system send out > spam reports. I would like to contribute to the spamcop RBL system, > but report spam to it is extremely cumbersome. I'm interpreting your post as being one about reporting spam, not about being a subscriber to the spamcop mail system, which is described here http://www.spamcop.net/ces/individuals.shtml SpamCop Email System for Individuals This newsgroup is about problems with that SC mail system, not about reporting issues, so I'm posting f/ups to my post to spamcop. That group and spamcop.help are for general spam discussion issues, including reporting. Re cumbersome. Do you mean you are pasting the spams into the webparser one at a time and finding that cumbersome, or do you mean you are email submitting many spams at a time and are finding it cumbersome to have to click up each link for the reporting process? > I am trying to report 100+ confirmed spams a day - many of which are > not yet RBL'd. If you are submitting to the webparser one at a time, you can improve efficiency by submitting many spams at a time by email -- but that still requires individually approving the reports by following each parser approval link for regular reporting. Another option is quick reporting, but it has some disadvantages. Regular reporting is a safeguard against spamsource mistakes made by the parser, because each report notify is reporter approved prior to being sent and counted. Regular reporting also provides an opportunity for the spamvertised links to be reported. Another alternative is quick reporting, which has requirements and disadvantages. The requirements for quick reporting are that your request to quick report has to be approved, and you also have to be configured for a mailhosted account, which is described here http://www.spamcop.net/fom-serve/cache/397.html How do I configure Mailhosts for SpamCop? The advantage of the mailhosted account is that the parser is much less likely to make a mistake in indentifying the source, because the parser is configured to recognize your mailhost. However, the condition or configuration of your mailhost can change unexpectedly, so even having a mailhosted account is not perfect assurance that some parsing error cannot occur. If a reporter is both mailhosted and approved to be a quick reporter, then many spams can be submitted by email at one time, and all of the spams are parsed for spamsource and reported without any approval process by the reporter. That lack of oversight can cause a reporter to report their own mailhost many times if the parser makes an error, which could result in the reporter's own provider becoming blocklisted and causing significant grief to the reporter -- including loss of email account. Another disadvantage to quick reporting depending upon one's point of view is that only spamsource is counted, and there is no parsing for the spamvertiser, and no notification of the spamvertiser's provider. The principle advantage is that it is very fast compared to the regular report approval process. Another advantage, depending on the point of view, is that the spamvertiser provider is not notified. There are many blackhat providers which some reporters would rather not be providing with spam evidence which evidence is only superficially munged with standard SC mungeing. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Sat Apr 8 00:00:20 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri Apr 7 17:05:04 2006 Subject: [SpamCop-List] Re: google - redirect? References: Message-ID: Mike Easter wrote on Fri, 7 Apr 2006 10:01:58 -0700: >> Whats up with the google URL involved here? > > It is a redirect I've been "speaking" with Ellen about this and they're aware of the issue of google redirects not being parsed. Something's in the pipeline but I don't have an ETA. From dws at dealing-with-spam.info Sat Apr 8 00:01:20 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Fri Apr 7 17:05:10 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character email addresses ? References: Message-ID: George Langford,Sc.D. wrote on Fri, 07 Apr 2006 15:07:55 -0400: > When I initiated SpamCop's popping of (99% spammy) emails from my domain's > catchall account the other day Stop right there. A catchall e-mail address is a surefire way of collecting spam. Deactivate it. From tmcgraw at spamcop.net Fri Apr 7 16:11:30 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Apr 7 18:15:04 2006 Subject: [SpamCop-List] Re: "Fermilab Today" (was Re: "Victim" of Spam-Trap Addresses) In-Reply-To: <4436C3B4.109C7462@spamcop.net> References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> <4436C3B4.109C7462@spamcop.net> Message-ID: Kenneth Brody wrote: > > I don't know about the others you listed, but this one has no > confirmation message, but rather two "welcome" messages. Why am I not surprised? From amenex at amenex.com Sat Apr 8 01:56:01 2006 From: amenex at amenex.com (George Langford,Sc.D.) Date: Fri Apr 7 19:43:43 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character email addresses ? Message-ID: <44374261.3040904@amenex.com> Ken Brody said: >The company that hosts my domains gives me the option of having a catchall >address (and choosing which one is that catchall), or not having one at all. Then D.W.S. piped in: >A catchall e-mail address is a surefire way of collecting spam. >Deactivate it. Alas, my catchall email address is also the one I need to administrate my domain. However, all is not lost. In the single day since VoiceNet set up a filter on my catchall account, my SpamCop Held Mail volume is now down about 95% from yesterday, and I still get a reasonable number of spams to report. The rampant volumes of identical spams are going into VoiceNet's bit bucket. I hope they're using 'em to feed their heat pump. I use a JPG image of my email address as the contact - that has had a positive effect on reducing the traffic as well. I use another IP for my personal domain, and I get little or no junkmail through that account. Tellingly, there isn't any catchall email address there. And that account gets about 100 times the number of hits as the "corporate" webspace. amenex From nobody at spamcop.net Fri Apr 7 21:30:36 2006 From: nobody at spamcop.net (RandallW) Date: Fri Apr 7 23:35:03 2006 Subject: [SpamCop-List] Spamcop down? Message-ID: Not loading for me. From bar_n0ne at hotmail.com Fri Apr 7 23:49:54 2006 From: bar_n0ne at hotmail.com (Berny) Date: Fri Apr 7 23:50:03 2006 Subject: [SpamCop-List] Re: Spamcop down? References: Message-ID: Yup, it was "RandallW" wrote in message news:e17aoo$uhm$1@news.spamcop.net... > Not loading for me. > > But it's back again as of 10:45CDT From jg at coks.net Fri Apr 7 22:17:48 2006 From: jg at coks.net (jg) Date: Sat Apr 8 00:15:03 2006 Subject: [SpamCop-List] Re: google - redirect? In-Reply-To: References: Message-ID: On 4/7/2006 2:00 PM D-W-S scribbled: > Mike Easter wrote on Fri, 7 Apr 2006 10:01:58 -0700: > >>> Whats up with the google URL involved here? >> It is a redirect > > I've been "speaking" with Ellen about this and they're aware of the > issue of google redirects not being parsed. Something's in the pipeline > but I don't have an ETA. it appears to have been parsed - report said ISP refused reports. is this worth discussing here? From jg at coks.net Fri Apr 7 22:22:11 2006 From: jg at coks.net (jg) Date: Sat Apr 8 00:20:04 2006 Subject: [SpamCop-List] Re: google - redirect? In-Reply-To: References: Message-ID: On 4/7/2006 10:01 AM Mike Easter scribbled: > jg wrote: > www.spamcop.net/sc?id=z914823163zc5d2b369c53a151791a152f1259f11e9z >> Whats up with the google URL involved here? > > It is a redirect that goes to > rand_lc_chr310f63blb3i3il80xx82fxqkffx.pastryia.com which fetches a > frame from the path /uzzoo/?cmpid=548&affid=5842 > > which is at 221.4.247.36 no rDNS at cnc group guangdong which for some > reason isn't spewed or spamhaused, but is on the sorbs spam list. > > SC doesn't interpret the redirect thats what DWS is referring to as not parsing? sorta like a parsing lite... and IDs google which declines SC > notifies about that. is it worth wondering why google would do so? From skiwi at spamcop.net Fri Apr 7 23:54:09 2006 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 8 01:55:09 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having toverify it online? In-Reply-To: References: Message-ID: Mike Easter wrote: > posted to spamcop & spamcop.mail, f/ups to spamcop > > Micheal Espinola Jr wrote: >> I perform substantial checks before my own automated system send out >> spam reports. I would like to contribute to the spamcop RBL system, >> but report spam to it is extremely cumbersome. [snip] > > Another alternative is quick reporting, which has requirements and > disadvantages. The requirements for quick reporting are that your > request to quick report has to be approved, and you also have to be > configured for a mailhosted account, which is described here > http://www.spamcop.net/fom-serve/cache/397.html How do I configure > Mailhosts for SpamCop? [snip] > If a reporter is both mailhosted and approved to be a quick reporter, > then many spams can be submitted by email at one time, and all of the > spams are parsed for spamsource and reported without any approval > process by the reporter. That lack of oversight can cause a reporter to > report their own mailhost many times if the parser makes an error, which > could result in the reporter's own provider becoming blocklisted and > causing significant grief to the reporter -- including loss of email > account. [snip] To help avoid this, I personally 'fully report' 4 to 5 spams a days (i.e., "Queue for reporting and send to trash") to try and make sure that the mailhost config. has not been changed - and then report the rest (majority) by "Quick reporting" From nobody at spamcop.net Sat Apr 8 08:30:20 2006 From: nobody at spamcop.net (I Hate Spam) Date: Sat Apr 8 02:35:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: > Interesting, the top reporter on the Netcraft leaderboard is user CastleCops. > http://toolbar.netcraft.com/stats/reporters. They are no longer top; From dws at dealing-with-spam.info Sat Apr 8 11:46:22 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 8 04:50:53 2006 Subject: [SpamCop-List] Re: google - redirect? References: Message-ID: jg wrote on Fri, 07 Apr 2006 21:17:48 -0700: > it appears to have been parsed - report said ISP refused reports. No it wasn't. Google was identified, not the target URL of the redirect. It's Google refusing SC reports about redirects, not the ISP responsible for the target URL (which wasn't identified). From dws at dealing-with-spam.info Sat Apr 8 11:48:26 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 8 04:51:22 2006 Subject: [SpamCop-List] Re: How can I persuade my ISP to reject random-character email addresses ? References: Message-ID: George Langford,Sc.D. wrote on Sat, 08 Apr 2006 00:56:01 -0400: > Alas, my catchall email address is also the one I need to administrate my > domain. That doesn't mean you have to have mail sent to non-existent addresses delivered to it. If your ISP is worth its salt then you can still deactivate the catchall feature of your domain and keep that specific account. From MikeE at ster.invalid Sat Apr 8 05:13:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 8 07:15:03 2006 Subject: [SpamCop-List] Re: google - redirect? References: Message-ID: jg wrote: > Mike Easter scribbled: >> jg wrote: >>> Whats up with the google URL involved here? >> >> It is a redirect that goes to >> SC doesn't interpret the redirect >> and IDs google which declines SC >> notifies about that. > > is it worth wondering why google would do so? Well, you can talk about philosophy if you want to. Central to the philosophical discussions is the concept of 'spam support' and what kind of 'hammer' any collection or efforts of antispammers can have on various elements of spam support. As a general rule, antispammers are against all kinds of spam support. They are against domainname registrars providing domainnames to spammers. They are against website providers providing webspace. They are against nameservers providing nameservice. They are against redirectors providing redirects. They are against ISPs providing insecure user IPs for proxy abuse. They are against open smtp servers providing open relays. Naturally they are also against old-fashioned user generated spam from a regular ISP provided account, and in the old days ISPs shut down the accounts of users who were spamming.. So, then the various antispammers do whatever they do. Spamcop reporters report spamsources and spamvertisers to their providers, but SC only lists spamsource IPs in the SCbl. Spamhaus compilers list all kinds of IPs, blocks of spamvertisers and compile databases of known spam operations. Spews does what spews does, which includes purposely listing progressively larger blocks of IPs which includes non-spamming IPs which makes for collateral damage -- because spews considers innocent non-spammers who buy service from providers who provide support to spammers to be supporting the supporter. Your enemies and my friends and your friends and my enemies business. So, you can make the discussion as broad as you like or as narrow as you like. To bring it back down to narrower, spamcop only has clout in one little area, listing spamsources. Whatever happens about spamvertisers and redirects is out of the 'fallout' effect of anything going on at spamcop. Spamvertiser providers or spamvertiser redirect providers shouldn't care anything about what SC has to say. That would include google saying, 'we just redirect -- that isn't spamming.' Then the anti sez, 'It's support.' And google sez, 'Whatever. Yahoo does it too.' Similarly with domainname registrars. For the most part they don't care anything about anything that antispammers have to say, because the anti-/s are relatively powerless to have any influence on who they sell domainnames to. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Sat Apr 8 17:33:00 2006 From: eddie at eddie.web (eddie) Date: Sat Apr 8 16:35:03 2006 Subject: [SpamCop-List] Re: Diploma mill spam In-Reply-To: References: Message-ID: Mike Easter wrote: > caroljean52 wrote: > > >>I've reported the spam as spam already. But this is something that law >>enforcement should know about too--just not sure who should get that. > > > My observations have been that LE is not even interested in something > when a genuine crime, such as advance fee fraud, is 'very much afoot'. > A foolish acquaintance of mine who also has some connections to LE and > security people, got 'involved' with an advance fee fraud scam to the > point that he was mailed a check. The check was drawn on the account of > someone else who was being scammed in a complex daisy chain operation. > > In his interactions with the banks involved and LE, there was no > interest in working up the case. > > In this case, the spam's "promotion" or gig takes the form of some > unknown person hyping some unnnamed degree entity at some unnamed > location and the source isn't traceable since it is a proxy abuse. > > The payload, as it were, is simply a Tampa FL telno. Even if LE > obtained the identity of the telno's account with subpoena power, what > would the crime be? Breaking the canspam law? You can't nail that > entity for any kind of illegal degree operation because there isn't a > degree operation in sight -- all you have is a piece of spam source > unknown allegedly promoting some unknown degree entity -- or maybe there > isn't really any degree entity -- it is just a wannabe scam -- send me > some money and I'll send you a degree, ha ha, fooled you. > > In order to manufacture a crime out of it, there would have to be a > whole sting operation, and it seems to me that LE thinks they have > better fish to fry. > What I have done in the past is the rather time-consuming process of determining who the telephone company is and sending them an email and copy of the spam, letting them know that that phone number is probably being abused, and that it certainly is a commerical phone number. But now, with the transerablity of phone numbers, and the number of phone companies coming into and going out of existence, I gave up. It is probably best to consider scribbling the phone number on the walls of all the toilets and wherever, etc etc. It's too bad that they don't use toll-free numbers, but then, I wonder how many people actually call a toll number in a spam anyway? I get fewer and fewer of these spams these days, so I think that scam has all but died out. If you know people to whom the number is a local call, they can demon dial it overnight and eventually the owner of the number will quit the scam. From eddie at eddie.web Sat Apr 8 17:39:11 2006 From: eddie at eddie.web (eddie) Date: Sat Apr 8 16:40:03 2006 Subject: [SpamCop-List] Re: Why does SC miss this link? In-Reply-To: References: Message-ID: Mike Easter wrote: > Matthew L Reed wrote: > >>Spam posted in spamcop.spam. > > > That's not the best way to discuss the parsing of a spam. The best way > to discuss is to paste the tracking URL in here, like this: > > Here is your TRACKING URL - it may be saved for future reference: > http://www.spamcop.net/sc?id=z914476471z058b02df462f5346e11d25258d5bb129z > > That tracker I made from submitting your spam and cancelling the report, > and on one parsing it shows SC finding the link but not resolving it. > > Resolving link obfuscation > http://br.geocities.com/thunderbird39427/ > > Report Spam to: > Re: 209.160.46.168 (Administrator of network where email originates) > To: abuse@hopone.net (Notes) > > > > SC can resolve the naked URL > > Parsing input: > > Routing details for 66.218.77.68 > Reporting addresses: > network-abuse@cc.yahoo-inc.com > > >>Why does SC miss the link? > > > The parser arbitrarily frequently chooses to not resolve spamvertised > links. It also sometimes tries and fails to resolve links. That's the > way the algorithm is. Outsiders make guesses at why, but only the > algorithm's creator knows the answerx. > > >>It is a valid, active website. > > > Where, exactly? > > If you are going to use your browser to investigate spamsites, you > should be configured very securely and not be allowing scripts to be > running. You should also carefully determine the actual website from > which the payload is delivered as opposed to whatever was spamvertised. > > The link deliveries you to a javascripted page which tries to access > http://cross-market.biz which doesn't currently resolve for my resolver > or for dnsstuff's because both of the nameservers repeatedly time out. > > So, presently I cannot access the payload site with IE configured with > scripting turned off or with Opera 9. > No need to post a tracker. Earlier, I posted this same problem. It is a well-known SC bug. SC identifies the website but since there is no cache data, it simply goes on to the next line of the program. If you do enough refreshes, you might get SC to finally recognize the URL, but sometimes it never does. This problem was discussed a few years ago and never resolved. It's a known bug. Deja Vu all over again. For all those geocities sites, use the following website to report the scam: http://geocities.yahoo.com/v/alert.html Just paste in the offending geocities site URL. From my experience, this works and only takes a few seconds to post. The site is usually down in a few hours or less. For the non-geocities sites that SC still cannot resolve, just give up. It's a bug that is several years old, which usually means a permanent one. If you take the website URL and paste it in the reporting window directly, you get the reporting yahoo address immediately, which is why it is such a peculiar bug. From dfm2a3l0t2 at spymac.com Sat Apr 8 17:46:44 2006 From: dfm2a3l0t2 at spymac.com (D.F. Manno) Date: Sat Apr 8 16:50:03 2006 Subject: [SpamCop-List] Re: Spamcop down? References: <0lce32hdg5li0nb653i7qctrm8o0sao64l@4ax.com> Message-ID: In article <0lce32hdg5li0nb653i7qctrm8o0sao64l@4ax.com>, SpamCop Admin wrote: > As always, when you experience a failure with SpamCop, the immediate > action drill is to shut down your browser and go lie on the couch. :-) I don't have a couch. Is there a workaround? -- D.F. Manno dfm2a3l0t2@spymac.com In the republic of mediocrity genius is dangerous. (Robert G. Ingersoll) From spam-privateemail at sneakemail.com Sat Apr 8 18:36:01 2006 From: spam-privateemail at sneakemail.com (JA) Date: Sat Apr 8 18:40:03 2006 Subject: [SpamCop-List] Configure External Carriers Message-ID: I have a number of hotmail accounts, and some of them keep getting invalid password and others are OK. Yahoo works fine. The pop server ae the same, the user name and password are all correct, but some do not work Any suggestions? From MikeE at ster.invalid Sat Apr 8 17:30:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 8 19:35:03 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: JA wrote: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060127 SeaMonkey/1.0 > I have a number of hotmail accounts, and some of them keep getting > invalid password and others are OK. What exactly do you mean? You are a Mac OS X and presumably you are getting an alert when you try to pop some hotmail accounts. I'm not familiar with Mac or OS X alerts; nor with alternative network tools to poke at the server with. With Win, I would be using something like telnet or better and engaging the server and giving it the authinfo or whatever smtp/pop transaction 'by hand' or by script and watching how the server behaves in the transaction. Then, after my little telnet session, I would see if enabling and accessing the logs from my mailuser agent's transacting would be useful. Sometimes you can see what is going wrong in the logs. I don't know Mac mailuser agents or how well they log. > the user name and password are all correct, but some do > not work Any suggestions? I always suspect user error rather than magic in these kinds of issues. The trick is for the user to figger out where s/he isn't doing what s/he thinks s/he is doing. That is one of the discoveries you make when you do it all by hand with Win's telnet or its equivalent, and then look at the config of the mailuser agent. Sometimes the process forces you to see something errant you didn't see before. -- Mike Easter kibitzer, not SC admin From spam-privateemail at sneakemail.com Sat Apr 8 20:09:15 2006 From: spam-privateemail at sneakemail.com (JA) Date: Sat Apr 8 20:10:03 2006 Subject: [SpamCop-List] Re: Configure External Carriers In-Reply-To: References: Message-ID: Mike Easter wrote: > JA wrote: > User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; > rv:1.8.0.1) Gecko/20060127 SeaMonkey/1.0 > >> I have a number of hotmail accounts, and some of them keep getting >> invalid password and others are OK. > > What exactly do you mean? You are a Mac OS X and presumably you are > getting an alert when you try to pop some hotmail accounts. > > I'm not familiar with Mac or OS X alerts; nor with alternative network > tools to poke at the server with. With Win, I would be using something > like telnet or better and engaging the server and giving it the authinfo > or whatever smtp/pop transaction 'by hand' or by script and watching how > the server behaves in the transaction. > > Then, after my little telnet session, I would see if enabling and > accessing the logs from my mailuser agent's transacting would be useful. > Sometimes you can see what is going wrong in the logs. I don't know Mac > mailuser agents or how well they log. > >> the user name and password are all correct, but some do >> not work Any suggestions? > > I always suspect user error rather than magic in these kinds of issues. > The trick is for the user to figger out where s/he isn't doing what s/he > thinks s/he is doing. That is one of the discoveries you make when you > do it all by hand with Win's telnet or its equivalent, and then look at > the config of the mailuser agent. Sometimes the process forces you to > see something errant you didn't see before. > Mac 10.4.3. When go spamcop mailbox and click on options and then click on spamcop tools and then configure external pop servers so thst spamcop will get the mail from those servers, for some of the hotmail accounts get error message pf invalid password even though everything is correct - it is only with some of the hotmail accounts - even deleted them and re-entered and still the same - that is why it is confusing. From MikeE at ster.invalid Sat Apr 8 20:20:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 8 22:25:03 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: JA wrote: > Mike Easter wrote: >>> I have a number of hotmail accounts, and some of them keep getting >>> invalid password and others are OK. > When go spamcop mailbox and click on options and then > click on spamcop tools and then configure external pop servers so > thst spamcop will get the mail from those servers, for some of the > hotmail accounts get error message pf invalid password even though > everything is correct - it is only with some of the hotmail accounts > - even deleted them and re-entered and still the same - that is why > it is confusing. Oh, this is a spamcop mail subscriber question. You are posting into the wrong ng, whereas spamcop and spamcop.help are for general non-spamcopmail questions. The support area preferred by those SC admins who are supporting spamcop mail is the webforum http://forum.spamcop.net/forums/index.php?showforum=4 SpamCop Email System & Accounts If you don't like webforums, which I don't, then the secondary area of support for mail is the spamcop ng spamcop.mail -- which is stealthed and hidden from exposure on the appropriate faq page at http://www.spamcop.net/help.shtml Help Options but which can be reached with news://spamcop.news.net/spamcop.mail Too bad that is missing from the appropriate page. Too bad nobody wants to fix it. The powers that be still don't understand properly how to balance support between a webbased wiki faq and newsgroups. They could learn a lot from other who do a much better job of integrating a website with a specialty newsserver such as grc.com and news.grc.com or from the big8 management board website's wiki for enhancing the functions of numerous newsgroups such as news.groups and the moderated news.announce.newsgroups. There are tons of examples of support which have a good wiki instead of a php board doing a bad job trying to take the place of a perfectly good newsserver and its groups and also performing poorly as a wiki. The webforum is inferior to the nntp news, and the webforum is also inferior to a proper wiki for stickies or dynamic faq enhancement. There are those who put a lot of time and trouble into the webforum, which sucks, and which should be replaced by a wiki so that the time and trouble isn't so difficult and so wasted. If there are 3 functions to be derived, providing a posting interface for those who can't nntp, providing a wiki kind of faq, and providing a robust dialog exchange -- that should be provided by a web based input to the nntp, such as grc.com and a wiki which are numerous -- not a crude and clumsy php board which was designed for some other purpose and whose popularity is based strictly on those who are incompetent to nntp. -- Mike Easter kibitzer, not SC admin From kt-usenet at squeakydolphin.com Sat Apr 8 22:43:03 2006 From: kt-usenet at squeakydolphin.com (Kenneth P. Turvey) Date: Sat Apr 8 22:40:04 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: >> Another alternative is quick reporting, which has requirements and >> disadvantages. The requirements for quick reporting are that your >> request to quick report has to be approved, and you also have to be >> configured for a mailhosted account, which is described here >> http://www.spamcop.net/fom-serve/cache/397.html How do I configure >> Mailhosts for SpamCop? I'm also interested in this. I've taken care of the Mailhosts issue, but I can't seem to find anywhere to request the ability to do quick reporting. How do I submit this request? Thanks. - -- Kenneth P. Turvey XMPP IM: kpturvey@jabber.org Yahoo IM: kpturvey2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOHSvi2ZgbrTULjoRApRdAJ99ybz5fb76pUoJGbBOZQUHnJW5lACgj5YT QRgk6iKLCOhcLVT2RmaKY4M= =2dHe -----END PGP SIGNATURE----- From dws at dealing-with-spam.info Sun Apr 9 14:40:25 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sun Apr 9 07:45:15 2006 Subject: [SpamCop-List] Re: Spamcop down? References: <0lce32hdg5li0nb653i7qctrm8o0sao64l@4ax.com> Message-ID: D.F. Manno wrote on Sat, 08 Apr 2006 16:46:44 -0400: >> As always, when you experience a failure with SpamCop, the immediate >> action drill is to shut down your browser and go lie on the couch. :-) > > I don't have a couch. Is there a workaround? s/couch/bed with a beer in hand/ HTH :) From nobody at devnull.spamcop.net Sun Apr 9 12:00:52 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 9 12:05:03 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: "Mike Easter" wrote in message news:e19r0p$au3$1@news.spamcop.net... > > There are tons of examples of support which have a good wiki instead of > a php board doing a bad job trying to take the place of a perfectly good > newsserver and its groups and also performing poorly as a wiki. The > webforum is inferior to the nntp news, and the webforum is also inferior > to a proper wiki for stickies or dynamic faq enhancement. I have to challenge the "dynamic FAQ enhancement" phrase. The alternative view I created in the Forum (and the additional attempts at providing other interfaces) is set up in a Forum titled FAQ Development ... Input has always been requested, allowed, and encouraged. In addition, I created the "How to ...." Forum section for tutorials, even another section such that folks could also add in those 'use of research tools' that even you keep pulling up here. I'm sorry that so few choose to participate in the development of that data. As far as a Wiki goes, let me remind you that I asked you directly to hop in and help with the one I installed. I don't yet see your name in the user list on that tool. > There are > those who put a lot of time and trouble into the webforum, which sucks, > and which should be replaced by a wiki so that the time and trouble > isn't so difficult and so wasted. The same folks that help hold the Forum together are the ones involved in the other tools I've put in place. There's a Glossary, a Dictionary, a number of alternative FAQ type tools I've attempted to put in place, to include a Wiki. Once again, it's too bad that so few others want to get involved with that development. > If there are 3 functions to be derived, providing a posting interface > for those who can't nntp, providing a wiki kind of faq, and providing a > robust dialog exchange -- that should be provided by a web based input > to the nntp, such as grc.com and a wiki which are numerous -- not a > crude and clumsy php board which was designed for some other purpose and > whose popularity is based strictly on those who are incompetent to nntp. Some folks point out that the office blocks NNTP access. The original point that JT made was that support for the web-based e-mail tool was moving to a web-based vehicle. That web-based support tool has been blown out to allow for the support of the rest of the SpamCop.net tool-set for any that care to make their way there. Some of the other issues 'handled' by the Forum is that (thus far) the total history of traffic is there, as compared to the aging off in the newsgroups, with not all posts captured in the archives die to some using the X:No-archive flag in their newsgroup posts. Note also that there are Forum users that refuse to use the newsgroups for just the same reasons, for other reasons, and they are just as vocal about their views. The continued bitching about the powers that be and the lack of updates, changes, etc. in portions of the support arena seems to be a waste of time .... yet stuff goes on elsewhere on a daily basis. The "official" stand these days is that IronPort doesn't fully sanction the user-to-user support venue, which includes both the newsgroups and the Forum. That the 'official' staff is only Ellen, Don, and RW kind of indicates that without the user-to-user thing going on, there'd be yet more serious issues involved. There's a hardware maintenance crew at the IronPort site, but it's obvious that they don't talk to the Deputies on a routine basis. There's a programming staff, but ... as when Julian was doing it alone, there's no feedback or public disclosure vehicle on what's actually going on. From bert at iphouse.com Sun Apr 9 17:28:44 2006 From: bert at iphouse.com (Bert Hyman) Date: Sun Apr 9 12:30:04 2006 Subject: [SpamCop-List] Spamcop misses HEX obfuscated link Message-ID: Tracking URL: http://www.spamcop.net/sc?id=z916570189z7c7227cc09e99aa48a1c5b473988e9dbz Spamcop said: Tracking link: http://0xd8daf761/modules/pnphpbb2/cache/deny.php No recent reports, no history available 0xd8daf761 is not a hostname Cannot resolve http://0xd8daf761/modules/pnphpbb2/cache/deny.php Plugging http://0xd8daf761 into FireFox takes me to someplace called "nfb.hippo.ws". -- Bert Hyman St. Paul, MN bert@iphouse.com From nobody at devnull.spamcop.net Sun Apr 9 12:33:30 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 9 12:35:03 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Kenneth P. Turvey" wrote in message news:pan.2006.04.09.02.43.03.343122@squeakydolphin.com... > On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: > > >> Another alternative is quick reporting, which has requirements and > >> disadvantages. The requirements for quick reporting are that your > >> request to quick report has to be approved, and you also have to be > >> configured for a mailhosted account, which is described here > >> http://www.spamcop.net/fom-serve/cache/397.html How do I configure > >> Mailhosts for SpamCop? > > I'm also interested in this. I've taken care of the Mailhosts issue, but > I can't seem to find anywhere to request the ability to do quick > reporting. How do I submit this request? Posted by Ellen; Mailhosts and Quick Reporting, from Julian http://forum.spamcop.net/forums/index.php?showtopic=793 From CBXXX at webtv.net Sun Apr 9 15:39:47 2006 From: CBXXX at webtv.net (CBXXX@webtv.net) Date: Sun Apr 9 14:50:17 2006 Subject: [SpamCop-List] Re: Different reports from SC References: Message-ID: <17929-443954F3-498@storefull-3255.bay.webtv.net> Jeffg,Sent the question to them right after you posted,never got a reply from SC? From nobody at devnull.spamcop.net Sun Apr 9 15:10:47 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 9 15:15:02 2006 Subject: [SpamCop-List] Re: Different reports from SC References: <17929-443954F3-498@storefull-3255.bay.webtv.net> Message-ID: wrote in message news:17929-443954F3-498@storefull-3255.bay.webtv.net... > Jeffg,Sent the question to them right after you posted,never got a reply > from SC? > 3 people, 800-1200 e-mails a day ... add in research, based on your e-mail containing all needed details to begin with .... at the time of your last post, a week-end in North America ... hard to say when your issue might hit the top of their list ... From MikeE at ster.invalid Sun Apr 9 13:15:26 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 9 15:20:02 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: WazoO wrote: > "Mike Easter" >> If there are 3 functions to be derived, providing a posting interface >> for those who can't nntp, providing a wiki kind of faq, and >> providing a robust dialog exchange -- that should be provided by a >> web based input to the nntp, such as grc.com and a wiki which are >> numerous -- not a crude and clumsy php board which was designed for >> some other purpose and whose popularity is based strictly on those >> who are incompetent to nntp. > > Some folks point out that the office blocks NNTP access. The grc nntp contributors who are at the office breaking their office's news access rules would do so at http://www.grc.com/discussions.htm <21 newsgroups accessible by web> Pandering to office users whose policies are against nntp/ing seems a bit loony to me. > The original > point that JT made was that support for the web-based e-mail tool was > moving to a web-based vehicle. I don't care much about email support and I'm not interested in having an email to news in its current spamcop mailman iteration. If JT wants to let people email into the webforum, let him do that and keep it out of the nntp. I don't think the mailman is a good interface for mail to news. There are other ways to handle that as well. Someone could use cotse's mail to news or gmane's access to the spamcop newsgroup. > Note also that there are Forum > users that refuse to use the newsgroups for just the same reasons, > for other reasons, and they are just as vocal about their views. It isn't necessary that forum users use the newsgroups or a newsserver. They can use a webbased interface just like grc non-nntp/ers do. > The "official" stand these days is that IronPort doesn't fully sanction the user-to-user support venue, which includes both the newsgroups and the Forum. That's a pretty ridiculous point of view which isn't stated publicly anywhere -- nor does it make any sense -- you can't have public user input such as questions without having public user input such as answers or questions of the questions -- claiming that there is an official stand somewhere which is a secret position so that the secret position can't be discussed and clarified and debated or ridiculed is about as good as 'making up' that there is an official stand not sanctioning user to user. It is just as 'real' to say "Bullsh*t" as it is to claim there is a secret official stand which would be so stupid and unworkable. I don't see anyone closing down or hiding the webforum or any of its parts because there is an alleged so-called official stand about usertouser. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 9 13:17:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 9 15:20:10 2006 Subject: [SpamCop-List] Re: Spamcop misses HEX obfuscated link References: Message-ID: Bert Hyman wrote: spamcop.net/sc?id=z916570189z7c7227cc09e99aa48a1c5b473988e9dbz > > Spamcop said: > > Tracking link: http://0xd8daf761/modules/pnphpbb2/cache/deny.php > No recent reports, no history available > 0xd8daf761 is not a hostname > Cannot resolve http://0xd8daf761/modules/pnphpbb2/cache/deny.php SC's algorithm doesn't handle the hex code in the front properly. You can actually decode/dehex it with a pinger: ping 0xd8daf761 Pinging 216.218.247.97 Reply from 216.218.247.97: > Plugging http://0xd8daf761 into FireFox takes me to someplace called > "nfb.hippo.ws". Correct 216.218.247.97 rDNS nfb.hippo.ws Using a GET on http://216.218.247.97/modules/PNphpBB2/cache/deny.php shows location http://www.djteamvienna.at/modules/Forums/admin/cmd-run=/login.htm as does http://nfb.hippo.ws/modules/PNphpBB2/cache/deny.php -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 9 14:14:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 9 16:15:04 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: Mike Easter wrote: > http://www.grc.com/discussions.htm vs SC's decision to divide webforum discussions and nntp discussions with a bloody axe.. IMO it is a bad idea to split the nntp newsgroup and webforum dialogues into two parts. More activity and questions and answers merged together is better than less -- both would be stronger if they were integrated and there are many healthy ways to integrate them. It is true that nntp has problems and needs management, and it is also true that input to news via a web gizmo has problems and needs management. For the management to say "I don't like to manage nntp." wouldn't make any more sense than saying "I don't like to manage a webforum" /or/ "I don't like to manage a web gizmo's input to nntp." Saying that some webforum people don't like to interact with nntp people doesn't make any sense. I don't go to the webforum because I don't like the interface not because I don't like the people. Having the dialog under one roof which is both web based and nntp based such as grc would be better than not having it that integrated way which is the way SC does it. The business about what to do with people who want to participate by email is problematic. I think that if there is a web input and an nntp input to the same area that it doesn't need email. But that's because I have never seen a perfect marriage between a mailing list and an nntp or a web to nntp gizmo. Grc doesn't provide email into their combined web and nntp. Regarding making a wiki vs making a stickied webforum vs managing a normal web based faq. I don't think a wiki should be wide open to contributions. I think it should have a main authority figure who is the most respected at managing the wiki whether the authority figure is an official admin or not. That wiki authority figure should be in charge of who to let mess with the wiki, which includes not necessarily letting some important admin mess with it, if the important admin makes a mess of things. I think the central authority should allow a small cadre of contributors and just 'steal' and edit and paste from those contributors whose remarks appear in the conjoined web/nntp dialogue section -- where that conjoined system would be like grc's, because SC doesn't have such.. So, the wiki should be the dynamic faq under construction, not the webforum stickies. Once the dynamics of a particular part of the wiki die down and become less dynamic, that part should be used to replace some parts of the web faq - which is considered more static - but the web faq shouldn't stagnant. That is, there should be an uptodate webfaq which is separate,even if it is repetitive, of the wiki. The webfaq would be the stable version, the wiki faq would be the unstable developing version. The idea that "We are going to have a webforum, and that webforum is a separate operation from the nntp groups." is a bad idea IMO, regardless of who came up with the idea or who was put in charge of implementing it, or who is official or who isn't. I also think that answers to questions which are given in the conjoined web/nntp which I think is a better way to handle the dialogues -- or even either place, nntp or webforum as it currently stands, should *not* just be a link to someplace like a wiki with a long answer, but the answer should be the link plus about a line or so which actually answers the question or at least demonstrates that there is truly an answer located at the link. The business about posting links to the newsgroups *instead of* saying any words to answer a question isn't the right way to do it IMO, any more than the way some people in social put a link to a news article somewhere and don't say what is contained in that article or give a cite from some of it. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Apr 9 16:30:04 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Apr 9 16:35:02 2006 Subject: [SpamCop-List] Re: Configure External Carriers References: Message-ID: "Mike Easter" wrote in message news:e1bmg8$ao4$1@news.spamcop.net... > WazoO wrote: > > "Mike Easter" > > > Some folks point out that the office blocks NNTP access. > > The grc nntp contributors who are at the office breaking their office's > news access rules would do so at http://www.grc.com/discussions.htm <21 > newsgroups accessible by web> > > Pandering to office users whose policies are against nntp/ing seems a > bit loony to me. "Pandering" ...??? I was just offering one point to your "based strictly on those who are incompetent to nntp" statement. > > The original > > point that JT made was that support for the web-based e-mail tool was > > moving to a web-based vehicle. > > I don't care much about email support and I'm not interested in having > an email to news in its current spamcop mailman iteration. If JT wants > to let people email into the webforum, let him do that and keep it out > of the nntp. I don't think the mailman is a good interface for mail to > news. No need to confuse the issue with yet something else. The mailing-list interface to the newsgroups is something else entirely. Not really connected to what you started out with, or what I responded with. . > There are other ways to handle that as well. Someone could use cotse's > mail to news or gmane's access to the spamcop newsgroup. "Someone" maybe ... but that's for discussion with someone else. The gmane thing had a bunch of issues, some of which were folks complaining of privacy, etc. As I recollect, Julian asked that they stop, but that's ancient history. You've also noted the current issue with GoogleGroup listings of some of the contents. > > Note also that there are Forum > > users that refuse to use the newsgroups for just the same reasons, > > for other reasons, and they are just as vocal about their views. > > It isn't necessary that forum users use the newsgroups or a newsserver. > They can use a webbased interface just like grc non-nntp/ers do. For instance, I looked at doing an RSS feed from the Forum ... then hit Leo's comments about the $137,000 ISP bill for his moving hosting of some content to one of his personal sites ... and this was placed on all the "let's see if there's an update there yet" calls ... just a few kbits of data, but repeated millions of times a day ... I decided not to add the function. > > The "official" stand these days is that IronPort doesn't fully > sanction the user-to-user support venue, which includes both the > newsgroups and the Forum. > > That's a pretty ridiculous point of view which isn't stated publicly > anywhere -- nor does it make any sense -- you can't have public user > input such as questions without having public user input such as answers > or questions of the questions -- claiming that there is an official > stand somewhere which is a secret position so that the secret position > can't be discussed and clarified and debated or ridiculed is about as > good as 'making up' that there is an official stand not sanctioning user > to user. It is just as 'real' to say "Bullsh*t" as it is to claim there > is a secret official stand which would be so stupid and unworkable. > > I don't see anyone closing down or hiding the webforum or any of its > parts because there is an alleged so-called official stand about > usertouser. OK, most of the "official" dialog does exist in e-mail and Forum sections not available to all, so yes, I can't point to or post that specific data. On the other hand, I invite you to 'read between the lines' in a massive discussion found at http://forum.spamcop.net/forums/index.php?showtopic=5475 which is 'public' .... Much more discussion occurred 'behind the curtain' .... One significant point made was that IronPort does not "control" the Forum or newsgroups (once again noting that these are hosted on JT's hardware) .... and as alluded to in my last, the lack of them hiring/placing addition resources/staff to exert that 'control' hasn't happened. So once again, let me make the repeated comment ... I'm doing what I can with the tools and access given to me by JT to one of JT's servers. The fact that most of the attempted tools I have put into place are found on a server that is named "forum.spamcop.net" does not mean that all tools are in fact "part" of the Forum ... yet, the response to my "help queries" seem to stumble on this simple factoid. I resent my ancient Wiki e-mail to you, if we are to make the assumption that the original was lost. One of the major issues of a Wiki I pointed out in http://forum.spamcop.net/forums/index.php?showtopic=3486&view=findpost&p=23316 and this is still quite an issue seen on other Wikis, Blogs, and such these days. The "wonder" of the openness of it all has been hammered on by the same ilk that are hosing up e-mail. From bert at iphouse.com Sun Apr 9 21:47:36 2006 From: bert at iphouse.com (Bert Hyman) Date: Sun Apr 9 16:50:03 2006 Subject: [SpamCop-List] Re: Spamcop misses HEX obfuscated link References: Message-ID: In news:e1bmk8$arf$1@news.spamcop.net "Mike Easter" wrote: > You can actually decode/dehex it with a pinger: > > ping 0xd8daf761 > Pinging 216.218.247.97 Ping and traceroute/tracert can do it, but nslookup (either on Windoze or FreeBSD) can't. -- Bert Hyman St. Paul, MN bert@iphouse.com From kt-usenet at squeakydolphin.com Sun Apr 9 17:50:59 2006 From: kt-usenet at squeakydolphin.com (Kenneth P. Turvey) Date: Sun Apr 9 17:50:04 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 09 Apr 2006 11:33:30 -0500, WazoO wrote: > Posted by Ellen; > Mailhosts and Quick Reporting, from Julian > http://forum.spamcop.net/forums/index.php?showtopic=793 I've read this. It indicates that I can set it up under the mailhosts tab. I don't see any option to do so. It also mentions a mailhosts reporting address, but I can't seem to find any address other than the one I'm using. Any help would be appreciated. In particular, a link directly to the configuration would be greatly appreciated. Thanks. - -- Kenneth P. Turvey XMPP IM: kpturvey@jabber.org Yahoo IM: kpturvey2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOYG9i2ZgbrTULjoRAi/fAKCLwnr2FMv0xLzsKAUNyRM6luf4UwCgyu4k 9jFKwTPY2dFNs4vWq0I6L30= =gDac -----END PGP SIGNATURE----- From not at here.invalid Sun Apr 9 08:41:02 2006 From: not at here.invalid (Ellen) Date: Sun Apr 9 17:55:02 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Kenneth P. Turvey" wrote in message news:pan.2006.04.09.02.43.03.343122@squeakydolphin.com... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: > >>> Another alternative is quick reporting, which has requirements and >>> disadvantages. The requirements for quick reporting are that your >>> request to quick report has to be approved, and you also have to be >>> configured for a mailhosted account, which is described here >>> http://www.spamcop.net/fom-serve/cache/397.html How do I configure >>> Mailhosts for SpamCop? > > I'm also interested in this. I've taken care of the Mailhosts issue, but > I can't seem to find anywhere to request the ability to do quick > reporting. How do I submit this request? > > Thanks. > Write to service admin.spamcop.net and include the email address you have registered with SpamCop. Ellen SpamCop From scamper at trisk.com Sun Apr 9 17:08:45 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Sun Apr 9 18:15:02 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having toverify it online? In-Reply-To: References: Message-ID: WazoO wrote: > "Kenneth P. Turvey" wrote in message > news:pan.2006.04.09.02.43.03.343122@squeakydolphin.com... >> On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: >> >>>> Another alternative is quick reporting, which has requirements and >>>> disadvantages. The requirements for quick reporting are that your >>>> request to quick report has to be approved, and you also have to be >>>> configured for a mailhosted account, which is described here >>>> http://www.spamcop.net/fom-serve/cache/397.html How do I configure >>>> Mailhosts for SpamCop? >> I'm also interested in this. I've taken care of the Mailhosts issue, but >> I can't seem to find anywhere to request the ability to do quick >> reporting. How do I submit this request? > > Posted by Ellen; > Mailhosts and Quick Reporting, from Julian > http://forum.spamcop.net/forums/index.php?showtopic=793 This article refers to spamcop users that have a spamcop email account with the unlimited free reporting. If you only have a paid or free spamcop reporter address this option to enable quick reporting is not present on the web page for mailhosts. I've seen mentioned on these boards in the past that paid reporter accounts can request this feature be enabled for their accounts by mailing the request to deputies [at] spamcop [dot] net. I don't know if spamcop still does this or not. I think they still do. I haven't seen any posts saying that this feature has been discontinued. I don't think they allow it for unpaid reporter accounts, since that is a perk that paid accounts receive. Garen From CBXXX at webtv.net Sun Apr 9 19:16:13 2006 From: CBXXX at webtv.net (CBXXX@webtv.net) Date: Sun Apr 9 18:30:03 2006 Subject: [SpamCop-List] Well,they fiigured a way to beat SC Message-ID: <20545-443987AD-94@storefull-3253.bay.webtv.net> I have been reporting spam today from several users that I just recieved and have todays date on them.When I go to report SC tells me thay are to old to report,so I guess the spammers are beating SC. From eddie at eddie.web Sun Apr 9 19:45:05 2006 From: eddie at eddie.web (eddie) Date: Sun Apr 9 18:50:03 2006 Subject: [SpamCop-List] Re: Well,they fiigured a way to beat SC In-Reply-To: <20545-443987AD-94@storefull-3253.bay.webtv.net> References: <20545-443987AD-94@storefull-3253.bay.webtv.net> Message-ID: CBXXX@webtv.net wrote: > I have been reporting spam today from several users that I just recieved > and have todays date on them.When I go to report SC tells me thay are to > old to report,so I guess the spammers are beating SC. > Please post the tracker, without which your comments have little meaning. From MikeE at ster.invalid Sun Apr 9 17:08:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 9 19:10:04 2006 Subject: [SpamCop-List] Re: Well,they fiigured a way to beat SC References: <20545-443987AD-94@storefull-3253.bay.webtv.net> Message-ID: CBXXX@webtv.net wrote: > I have been reporting spam today from several users that I just > recieved and have todays date on them.When I go to report SC tells me > thay are to old to report,so I guess the spammers are beating SC. The method by which SC determines the date can be best discussed by discussing any one of the /actual/ items for which there was a problem. You can show it to us by providing the tracking URL from the top of the parse which looks like this: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z916690052ze050409f2a2b55b70f1645c5b0d18df2z -- Mike Easter kibitzer, not SC admin From micheal.espinola at gmail.com Mon Apr 10 01:37:18 2006 From: micheal.espinola at gmail.com (Micheal Espinola Jr) Date: Mon Apr 10 01:00:07 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Mike Easter" wrote in message news:e16jif$hkh$1@news.spamcop.net... > posted to spamcop & spamcop.mail, f/ups to spamcop > > I'm interpreting your post as being one about reporting spam, not about > being a subscriber to the spamcop mail system, which is described here > http://www.spamcop.net/ces/individuals.shtml SpamCop Email System for > Individuals My appoligies if the was the improper group to post to. I am registered for the reporting service, but I now I see that isnt the same as what is being discussed here. I guess I misenterpreted what I initially read on the website. > This newsgroup is about problems with that SC mail system, not about > reporting issues, so I'm posting f/ups to my post to spamcop. That > group and spamcop.help are for general spam discussion issues, including > reporting. > > Re cumbersome. Do you mean you are pasting the spams into the webparser > one at a time and finding that cumbersome, or do you mean you are email > submitting many spams at a time and are finding it cumbersome to have to > click up each link for the reporting process? I am currently forwarding them via email, but I find the need to then interact with the website to complete the reporting process cumbersome. I understand the need for checks and balances to make certain an automated system isnt fowarding out of control - but trying to report spam in this manner (and for this ammount) is very tedious. I am beginning to understand the underlying intent for signing up for spamcop service. I unfortunately cannot allow my mail to flow through your servers for legal reasons. > If you are submitting to the webparser one at a time, you can improve > efficiency by submitting many spams at a time by email -- but that still > requires individually approving the reports by following each parser > approval link for regular reporting. Another option is quick reporting, > but it has some disadvantages. > > Regular reporting is a safeguard against spamsource mistakes made by the > parser, because each report notify is reporter approved prior to being > sent and counted. Regular reporting also provides an opportunity for > the spamvertised links to be reported. Logical and understood. My 'problem' is that I have already taken this step prior to attempting to report it to spamcop (or any other source that can make use of the information I am trying to pass along) - so this is cumbersome for someone in my position. Granted, everything isnt for everyone. > Another alternative is quick reporting, which has requirements and > disadvantages. The requirements for quick reporting are that your > request to quick report has to be approved, and you also have to be > configured for a mailhosted account, which is described here > http://www.spamcop.net/fom-serve/cache/397.html How do I configure > Mailhosts for SpamCop? Thanks for the info. I am understanding the process now. I dont know how I missed that in the faq inititally. > The advantage of the mailhosted account is that the parser is much less > likely to make a mistake in indentifying the source, because the parser > is configured to recognize your mailhost. However, the condition or > configuration of your mailhost can change unexpectedly, so even having a > mailhosted account is not perfect assurance that some parsing error > cannot occur. > > If a reporter is both mailhosted and approved to be a quick reporter, > then many spams can be submitted by email at one time, and all of the > spams are parsed for spamsource and reported without any approval > process by the reporter. That lack of oversight can cause a reporter to > report their own mailhost many times if the parser makes an error, which > could result in the reporter's own provider becoming blocklisted and > causing significant grief to the reporter -- including loss of email > account. > > Another disadvantage to quick reporting depending upon one's point of > view is that only spamsource is counted, and there is no parsing for the > spamvertiser, and no notification of the spamvertiser's provider. > > The principle advantage is that it is very fast compared to the regular > report approval process. Another advantage, depending on the point of > view, is that the spamvertiser provider is not notified. There are many > blackhat providers which some reporters would rather not be providing > with spam evidence which evidence is only superficially munged with > standard SC mungeing. I appreciate your time and effort to post such a well written reply. I'm sorry that I may have wasted your time. From micheal.espinola at gmail.com Mon Apr 10 01:57:52 2006 From: micheal.espinola at gmail.com (Micheal Espinola Jr) Date: Mon Apr 10 01:00:22 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: That's a shame, as I [fortunately] don't need spamcop as a filtering service. I perform all my own automated reporting as well - so the reporting doesn't actually do me any good either. I am only trying to be a good netizen, and provide very relevant spam back to whomever can use it in the function as an RBL, etc. I cannot see myself paying only to helping spamcop stay up-to-date. I just forwarded 44 spams to spamcop for the past 12 hours, of which the majority are frauds coming from residential dialups - all worthy of RBL blocking (charter, cox, comcast, foreign, etc). I really don't feel like having to visit the spamcop website and have to individually "send a spam report" for each of these. I guess in this regard I am out of luck - or perhaps everyone else is, as I cannot share my data with you. "Garen Erdoisa" wrote in message news:e1c0pr$ion$1@news.spamcop.net... > WazoO wrote: >> "Kenneth P. Turvey" wrote in message >> news:pan.2006.04.09.02.43.03.343122@squeakydolphin.com... >>> On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: >>> >>>>> Another alternative is quick reporting, which has requirements and >>>>> disadvantages. The requirements for quick reporting are that your >>>>> request to quick report has to be approved, and you also have to be >>>>> configured for a mailhosted account, which is described here >>>>> http://www.spamcop.net/fom-serve/cache/397.html How do I configure >>>>> Mailhosts for SpamCop? >>> I'm also interested in this. I've taken care of the Mailhosts issue, >>> but >>> I can't seem to find anywhere to request the ability to do quick >>> reporting. How do I submit this request? >> >> Posted by Ellen; >> Mailhosts and Quick Reporting, from Julian >> http://forum.spamcop.net/forums/index.php?showtopic=793 > > This article refers to spamcop users that have a spamcop email account > with the unlimited free reporting. > > If you only have a paid or free spamcop reporter address this option to > enable quick reporting is not present on the web page for mailhosts. > > I've seen mentioned on these boards in the past that paid reporter > accounts can request this feature be enabled for their accounts by mailing > the request to > > deputies [at] spamcop [dot] net. > > I don't know if spamcop still does this or not. I think they still do. I > haven't seen any posts saying that this feature has been discontinued. > > I don't think they allow it for unpaid reporter accounts, since that is a > perk that paid accounts receive. > > Garen From MikeE at ster.invalid Mon Apr 10 06:07:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 08:10:06 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: Micheal Espinola Jr wrote: > I am only trying to be a > good netizen, and provide very relevant spam back to whomever can use > it in the function as an RBL, etc. I don't think there are any restrictions that keep free reporters from being quick reporters. The webfaq doesn't have much to say about quick reporting, and the forumfaq sez quick is approved on a 'case by case' basis^1^2 -- so maybe the cases could exclude free reporters as a motivational tool to become paid reporters or 'members'. I wouldn't know about that. The free reporter can become mailhosted, and the mailhosted free reporter can become a quick reporter. The quick reporter would spend only a few seconds feeding all of their spams to the email submit address and all of those spams would contribute to the SCbl, which is a very worthwhile list to contribute to. ^1 http://forum.spamcop.net/forums/index.php?showtopic=163 "Email-based Quick Reporting is a feature of the SpamCop Parsing and Reporting System which may be allowed on a case-by-case basis by a SpamCop Admin." ^2 http://forum.spamcop.net/forums/index.php?showtopic=163&st=0&p=32909&#entry32909 "To Quick Report via email (if you are authorized to do so), forward to your confidential quick.16charANcodeNMBR@spam.spamcop.net address (your Confidential Quick Address, where "quick" is substituted for "submit"). If you have never used that address, you will get authorization instructions the first time you email Confidential Quick Address. Those instructions currently read as follows for a test message that doesn't contain another message (munged for the web):" -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 10 11:56:04 2006 From: nobody at devnull.spamcop.net (Eponym) Date: Mon Apr 10 11:00:04 2006 Subject: [SpamCop-List] No From Munge Message-ID: When parsing and munging reports, SpamCop misses occurences of the recipient's domain that are in the reported spam, especially in the From line. Obviously, this provides blackhats and spammers a means to identify "live" addresses and either listwash or increase the amount of spam sent. It seems to me that SpamCop should munge all occurences of the recipient's domain found in the message. From MikeE at ster.invalid Mon Apr 10 09:04:32 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 11:05:03 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: Eponym wrote: > When parsing and munging reports, SpamCop misses occurences of the > recipient's domain that are in the reported spam, especially in the > From line. Obviously, this provides blackhats and spammers a means > to identify "live" addresses and either listwash or increase the > amount of spam sent. It seems to me that SpamCop should munge all > occurences of the recipient's domain found in the message. On the subject of no mungeing, standard SC mungeing, and mild vs severe ubermungeing -- where ubermungeing is the endeavor to explore all content of the spam headers and body for any occurrence of unique identifiers however encrypted or concealed they might be. It is not possible to recognize or eliminate all possible identifications. SC does a simplistic approach or no mungeing depending upon the choice of the reporter. You have examined and found one simple example of identification. You have not examined and found all examples however obscure of identification. You have 3 choices and 3 choices only. No mungeing. Standard SC mungeing with all its inadequacies. Mole reporting -- which provides no spam evidence, nor does the mole report really count. The dilemma of inadequate mungeing is described in the mole reporting section http://www.spamcop.net/fom-serve/cache/373.html "the only way to really sanitize the reports is to not send them at all" -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 10 09:15:51 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 11:20:02 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: Eponym wrote: > From line. Obviously, this provides blackhats and spammers a means > to identify "live" addresses and either listwash or increase the > amount of spam sent. You have another choice, and that is to not submit reports to blackhat providers, but not mole report. The most efficient current option for avoiding blackhats is to not submit reports to the spamvertiser providers. At the present time, one way to do that is to uncheck them from the standard report. An alternative is to quick report which only notifies the source provider and not the spamvertiser provider; because the report to the spamsource provider is much less likely to be to a blackhat. I continue to harp that SC should provide another option to the reporter besides quick reporting and mole reporting regarding the spamvertiser provider. I argue that the reporter should be able to choose whether or not to notify the spamvertiser provider, while still providing the spamvertiser to the sc-surbl system. A reporter should be able to configure hirself to devnull all spamvertiser notifies or to have the devnull one of the options for the spamvertiser. Then the regular reporter is reporting and notifying spamsource, and also the regular reporter is not requiring spamcop to try to resolve the spamvertised url, whIch SC doesn't do particularly well anyway, but the spamvertised link still goes to a database which helps those who use it in filtering. At the present time, SC's algorithm is wasting a great deal of spam reporting and a great deal of spamcop resources by not feeding spamvertised sites to sc-surbl. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 10 09:22:27 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 10 11:25:02 2006 Subject: [SpamCop-List] Re: "Fermilab Today" (was Re: "Victim" of Spam-Trap Addresses) References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> <4436C3B4.109C7462@spamcop.net> Message-ID: Tim McGraw wrote... > Kenneth Brody wrote: >> >> I don't know about the others you listed, but this one has no >> confirmation message, but rather two "welcome" messages. > > Why am I not surprised? How can this be? We were assured that they were using confirmed opt-in! Could it possibly be -- and I know that this is a stretch -- that spammers tell fibs? I mean, if you can't trust a spammer, who can you trust? I predict no further posts from the fermilab spammer now that his lies have been exposed, but there is always the outside chance that he will try to bluff his way through with more obfuscation and further mock outrage. From nobody at devnull.spamcop.net Mon Apr 10 12:22:33 2006 From: nobody at devnull.spamcop.net (Eponym) Date: Mon Apr 10 11:25:17 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: "Mike Easter" wrote in message news:e1ds61$hv9$1@news.spamcop.net... > Eponym wrote: >> When parsing and munging reports, SpamCop misses occurences of the >> recipient's domain that are in the reported spam, especially in the >> From line. Obviously, this provides blackhats and spammers a means >> to identify "live" addresses and either listwash or increase the >> amount of spam sent. It seems to me that SpamCop should munge all >> occurences of the recipient's domain found in the message. > > On the subject of no mungeing, standard SC mungeing, and mild vs severe > ubermungeing -- where ubermungeing is the endeavor to explore all > content of the spam headers and body for any occurrence of unique > identifiers however encrypted or concealed they might be. > > It is not possible to recognize or eliminate all possible > identifications. SC does a simplistic approach or no mungeing depending > upon the choice of the reporter. You have examined and found one simple > example of identification. You have not examined and found all examples > however obscure of identification. > > You have 3 choices and 3 choices only. No mungeing. Standard SC > mungeing with all its inadequacies. Mole reporting -- which provides no > spam evidence, nor does the mole report really count. The dilemma of > inadequate mungeing is described in the mole reporting section > > http://www.spamcop.net/fom-serve/cache/373.html "the only way to really > sanitize the reports is to not send them at all" > Granted, there could be any number of other potential identifiers placed within the email to identify the reporting recipient. However, in this particular spam, there is no obvious identifier...just the recipient's domain, which looking back at this example is found in various places within the header, not just the From line. http://www.spamcop.net/sc?id=z917206714z531dee431845edebb21a5ab875f05564z I'm just saying, why not munge the obvious? From nobody at devnull.spamcop.net Mon Apr 10 09:25:16 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 10 11:30:04 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: Skiwi wrote... > Mike Easter wrote: > >> If a reporter is both mailhosted and approved to be a quick reporter, >> then many spams can be submitted by email at one time, and all of the >> spams are parsed for spamsource and reported without any approval >> process by the reporter. That lack of oversight can cause a reporter to >> report their own mailhost many times if the parser makes an error, which >> could result in the reporter's own provider becoming blocklisted and >> causing significant grief to the reporter -- including loss of email >> account. > > To help avoid this, I personally 'fully report' 4 to 5 spams a days (i.e., > "Queue for reporting and send to trash") to try and make sure that the > mailhost config. has not been changed - and then report the rest > (majority) by "Quick reporting" Excellent idea! This should be in the FAQ. From MikeE at ster.invalid Mon Apr 10 09:56:17 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 12:00:03 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: Eponym wrote: > Granted, there could be any number of other potential identifiers > placed within the email to identify the reporting recipient. That is a very important point because it becomes more elaborate. > However, in this particular spam, there is no obvious > identifier...just the recipient's domain, which looking back at this > example is found in various places within the header, not just the > From line. You seem to be focusing on one particular spam's domain identifier rather than all of the other ramifications. > http://www.spamcop.net/sc?id=z917206714z531dee431845edebb21a5ab875f05564z > > I'm just saying, why not munge the obvious? And 'why not' is because - presently SC doesn't munge the From - if you would have the algorithm changed to suit this particular spam, then you have started the first step of a cat and mouse game between the spammer and spamcop's parser, in which everytime you find a spam with a different location for some identification, SC changes the algorithm and the spammer changes the method of locating or obfuscating the identification - that catandmouse is described where I pointed earlier in the mole faq -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Apr 10 13:04:32 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Apr 10 12:10:02 2006 Subject: [SpamCop-List] Re: "Fermilab Today" (was Re: "Victim" of Spam-Trap Addresses) References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> <4436C3B4.109C7462@spamcop.net> Message-ID: <443A8210.D3E415B1@spamcop.net> Kenneth Brody wrote: > [... Marc W. Mengel's claims that Fermilab (fnal.gov) uses ...] [... confirmed opt-in subscriptions for their mailing lists. ...] [...] > > Check out "Fermilab Today" at: > > http://www.fnal.gov/pub/today/subscription.html > > No confirmation is needed to subscribe. The first e-mail I received > has the subject "You are now subscribed to the FERMILABTODAY list" and > begins: > > Your subscription to the FERMILABTODAY list (Fermilab Today) has been > accepted. [...] > > > My point is that the lists we have *are already* confirmed opt-in (those > > > that allow subscription at all, that is). > > > > I eagerly await your permission to put the above assertion to the test. > > I have just demonstrated otherwise, at least with "Fermilab Today". And today, an issue of "Fermilab Today" arrived in my inbox, without my ever having received a request to confirm my subscription request. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From nobody at devnull.spamcop.net Mon Apr 10 12:26:07 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 10 12:30:02 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Anonymous" wrote in message news:e1dtct$ivi$1@news.spamcop.net... > Skiwi wrote... > > > > To help avoid this, I personally 'fully report' 4 to 5 spams a days (i.e., > > "Queue for reporting and send to trash") to try and make sure that the > > mailhost config. has not been changed - and then report the rest > > (majority) by "Quick reporting" > > Excellent idea! This should be in the FAQ. What is Quick Reporting? http://forum.spamcop.net/forums/index.php?showtopic=163 From nobody at devnull.spamcop.net Mon Apr 10 14:00:32 2006 From: nobody at devnull.spamcop.net (Eponym) Date: Mon Apr 10 13:05:03 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: "Mike Easter" wrote in message news:e1dv72$le0$1@news.spamcop.net... > Eponym wrote: > >> However, in this particular spam, there is no obvious >> identifier...just the recipient's domain, which looking back at this >> example is found in various places within the header, not just the >> From line. > > You seem to be focusing on one particular spam's domain identifier > rather than all of the other ramifications. > I can see other reasons to munge occurences of the recipient's domain within the message, i.e., to prevent URLs containing the recipient's domain from being reported....which I've seen in other messages. Sorry, I'm not seeing other ramifications. Does it really add that much overhead to the parsing algorithm? Or just that SC has no interest in saving anyone the potential hassles? Guess I'll have come up with a way to munge them myself before the report is sent then....or not even bother. :o/ From MikeE at ster.invalid Mon Apr 10 11:29:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 13:30:03 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: WazoO wrote: > "Anonymous" >> Skiwi wrote... >>> >>> To help avoid this, I personally 'fully report' 4 to 5 spams a days >>> (i.e., "Queue for reporting and send to trash") to try and make >>> sure that the mailhost config. has not been changed - and then >>> report the rest (majority) by "Quick reporting" >> >> Excellent idea! This should be in the FAQ. > > What is Quick Reporting? > http://forum.spamcop.net/forums/index.php?showtopic=163 Where a person could spend 5-10 minutes looking and searching and re-reading thru' nearly 2000 words on 370 lines in 144 paragraphs looking for these two little tidbits which aren't even the same as what Skiwi actually said. Edit: 2005/09/28 10:06 EDT -0400 Jeff G. added the WARNING (thanks to Steve T for bringing it up). and WARNING: Like its counterpart of normal Reporting, Quick Reporting also allows the reporting of you to your ISP or of your ISP to your ISP's ISP (both Very Bad Things), but in a more dangerous manner because it is faster and there is no verification step. Your ISP probably has various "solutions" in its arsenal to stop you from Quick Reporting yourself or it, including friendly advice, warning, suspension, deactivation, termination, fines, and even lawsuits for breach of contract, defamation, and/or interference with a contractual relationship. PLEASE make sure that your normal Reporting is working well for an extended period (never offering to report you to your ISP or your ISP to your ISP's ISP) before venturing into Quick Reporting. PLEASE also review your "SpamCop Quick reporting data" email messages to ensure that your Reports are not going to the wrong places. Skiwi's commentary is different and 'better' because of its difference than what was in the forum. Citing a forum link about quick reporting which didn't actually address what Skiwi said doesn't add anything to the conversation which hadn't already been said or linked to, and causes the reader to go read in the forum to find out that the link doesn't say what the news message said at all. The forum link is non-specific about being careful. Skiwi's post specifically describes a method for being careful. That is what Anonymous was talking about. If the suggestion had been placed in the forum page, then the link would have been appropriate. But it wasn't and it wasnt'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 10 11:36:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 10 13:40:03 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: Eponym wrote: > Guess I'll have > come up with a way to munge them myself before the report is sent > then....or not even bother. :o/ Ad lib mungeing isn't specifically approved in the rules; which is what I was referring to when I alluded to 'ubermungeing'. There is only a minor degree of additonally mungeing specifically approved http://www.spamcop.net/fom-serve/cache/283.html Material changes to spam // It is okay to munge your personal email address contained within links in the body of the spam, if SpamCop does not find and munge them, with one exception. If a report is going to an abuse desk that does not accept munged reports, you must not make even these minor changes to the spam. // But you aren't talking about mungeing your personal email address, you are talking about mungeing something which isn't your personal email address because it contains the domainname. To use an extreme example which is absurd to make a point, you could munge out all of the letters of your username which appear in the headers or body in case they have been put there in a specific order to identify you to the provider who is notified because you believe the notified provider to be in cahoots with the spammer. If you believe the notified provider to be in cahoots with the spammer, why give them the evidence at all. In fact, if it is a spamvertiser, why notify them at all? Notification of a spamvertiser provider or 'spamverider' who is in cahoots with a spammer is a waste of time or counterproductive, take your pick. -- Mike Easter kibitzer, not SC admin From eddie at eddie.web Mon Apr 10 15:23:49 2006 From: eddie at eddie.web (eddie) Date: Mon Apr 10 14:25:04 2006 Subject: [SpamCop-List] Re: No From Munge In-Reply-To: References: Message-ID: Eponym wrote: > When parsing and munging reports, SpamCop misses occurences of the > recipient's domain that are in the reported spam, especially in the From > line. Obviously, this provides blackhats and spammers a means to identify > "live" addresses and either listwash or increase the amount of spam sent. > It seems to me that SpamCop should munge all occurences of the recipient's > domain found in the message. > > A side issue which was talked about some time ago is when one abuse address accepts only un-munged reports, whether of not all the other reports that are simultaneously sent are still munged normally. I think the answer was "yes" but it was some time ago. From kenbrody at spamcop.net Mon Apr 10 15:36:00 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Apr 10 15:20:02 2006 Subject: [SpamCop-List] When I read this spam subject... Message-ID: <443AA590.4BAE8707@spamcop.net> Why is it that when I read this spam subject: Download and immediately detect what is slowing down your PC my first thought was an image of a computer screen with the message: _I_ am slowing down your system! Bwahahaha! Installing spyware and trojans... [*********........25%..............] -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From scamper at trisk.com Mon Apr 10 14:40:53 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Mon Apr 10 15:45:03 2006 Subject: [SpamCop-List] Re: When I read this spam subject... In-Reply-To: <443AA590.4BAE8707@spamcop.net> References: <443AA590.4BAE8707@spamcop.net> Message-ID: Kenneth Brody wrote: > Why is it that when I read this spam subject: > > Download and immediately detect what is slowing down your PC > > my first thought was an image of a computer screen with the message: > > _I_ am slowing down your system! Bwahahaha! > > Installing spyware and trojans... > > [*********........25%..............] > I'm sorry to have to say this but it means that you are justifiably paranoid. As the old saying goes, "Just because you are paranoid, doesn't mean that they aren't out to get you!" :) Garen From vxpy7do02 at sneakemail.com Mon Apr 10 13:48:18 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Mon Apr 10 15:50:04 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Micheal Espinola Jr" wrote in message news:e1coki$ujb$2@news.spamcop.net... > That's a shame, as I [fortunately] don't need spamcop as a filtering > service. > > I perform all my own automated reporting as well - so the reporting > doesn't actually do me any good either. I am only trying to be a good > netizen, and provide very relevant spam back to whomever can use it in the > function as an RBL, etc. > > I cannot see myself paying only to helping spamcop stay up-to-date. > > I just forwarded 44 spams to spamcop for the past 12 hours, of which the > majority are frauds coming from residential dialups - all worthy of RBL > blocking (charter, cox, comcast, foreign, etc). I really don't feel like > having to visit the spamcop website and have to individually "send a spam > report" for each of these. > ** See post below regarding 'quick' reporting. I use it and it is great - my settings and my ISP's settings haven't allowed my reporting my ISP so everyone is happy. -- A SpamCop user and forum reader, Not Admin *** > I guess in this regard I am out of luck - or perhaps everyone else is, as > I cannot share my data with you. > > > > "Garen Erdoisa" wrote in message > news:e1c0pr$ion$1@news.spamcop.net... >> WazoO wrote: >>> "Kenneth P. Turvey" wrote in message >>> news:pan.2006.04.09.02.43.03.343122@squeakydolphin.com... >>>> On Fri, 07 Apr 2006 22:54:09 -0700, Skiwi wrote: >>>> >>>>>> Another alternative is quick reporting, which has requirements and >>>>>> disadvantages. The requirements for quick reporting are that your >>>>>> request to quick report has to be approved, and you also have to be >>>>>> configured for a mailhosted account, which is described here >>>>>> http://www.spamcop.net/fom-serve/cache/397.html How do I configure >>>>>> Mailhosts for SpamCop? >>>> I'm also interested in this. I've taken care of the Mailhosts issue, >>>> but >>>> I can't seem to find anywhere to request the ability to do quick >>>> reporting. How do I submit this request? >>> >>> Posted by Ellen; >>> Mailhosts and Quick Reporting, from Julian >>> http://forum.spamcop.net/forums/index.php?showtopic=793 >> >> This article refers to spamcop users that have a spamcop email account >> with the unlimited free reporting. >> >> If you only have a paid or free spamcop reporter address this option to >> enable quick reporting is not present on the web page for mailhosts. >> >> I've seen mentioned on these boards in the past that paid reporter >> accounts can request this feature be enabled for their accounts by >> mailing the request to >> >> deputies [at] spamcop [dot] net. >> >> I don't know if spamcop still does this or not. I think they still do. I >> haven't seen any posts saying that this feature has been discontinued. >> >> I don't think they allow it for unpaid reporter accounts, since that is a >> perk that paid accounts receive. >> >> Garen > > From nobody at devnull.spamcop.net Mon Apr 10 16:17:41 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 10 16:20:03 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: "eddie" wrote in message news:e1e7rp$qkh$1@news.spamcop.net... > > A side issue which was talked about some time ago is when one abuse > address accepts only un-munged reports, whether of not all the other > reports that are simultaneously sent are still munged normally. > I think the answer was "yes" but it was some time ago. Another one of those gotcha's .... There is the discussion in the newsgroup archived, but the "answer" isn't there due to Don's use of the X-NoArchive flag ..... so, back to the Forum, which actually starts with me carting the newsgroup posting over there .... [Resolved] Munged/Unmunged 3rd party reports http://forum.spamcop.net/forums/index.php?showtopic=4673 This bit references the newsgroup archive (missing data) http://news.spamcop.net/pipermail/spamcop-list/2005-August/thread.html#103719 Subject Line: [SpamCop-List] Re: tekcom & dtag Further discussion found at; My IP address revealed in web reports? http://forum.spamcop.net/forums/index.php?showtopic=887&view=findpost&p=5516 Munging "User Notification" Reports, Starting Soon http://forum.spamcop.net/forums/index.php?showtopic=5250 Does unmunging e-mail address unmunge it to all?, Do all recipients get unmunged e-mail? http://forum.spamcop.net/forums/index.php?showtopic=4137 From nobody at devnull.spamcop.net Mon Apr 10 14:36:59 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 10 16:40:02 2006 Subject: [SpamCop-List] Re: No From Munge References: Message-ID: Mike Easter wrote > You have 3 choices and 3 choices only. No mungeing. Standard SC > mungeing with all its inadequacies. Mole reporting -- which provides no > spam evidence, nor does the mole report really count. The dilemma of > inadequate mungeing is described in the mole reporting section What do you mean by "nor does the mole report really count"? From nobody at devnull.spamcop.net Mon Apr 10 16:39:26 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 10 16:40:11 2006 Subject: [SpamCop-List] Re: Is it possible to submit spam via email without having to verify it online? References: Message-ID: "Mike Easter" wrote in message news:e1e4la$oj0$1@news.spamcop.net... > > The forum link is non-specific about being careful. Skiwi's post > specifically describes a method for being careful. That is what > Anonymous was talking about. If the suggestion had been placed in the > forum page, then the link would have been appropriate. But it wasn't > and it wasnt'. Yet again, the user-to-user thing appears to have been overlooked / ignored. That the Forum version of the SpamCop FAQ is listed as being "Under Development" ... gets changed / updated pretty regularly .... hasn't been included in your diatribe. This version of the SpamCop FAQ isn't limited to "me" making changes to it. As it is, I've been banging code on the Wiki all morning .. and a bit amazed that you have yet to set foot there to get involved and help "fix" the FAQ problem .... yet make this complaint yet again .... I just replied to another posting which also included the fact that the "official" answer was not archived due to Don's newsreader configuration. My thing isn't the newsgroup versus the Forum, it's the data that folks are looking for. I've gone through 5 different FAQ software packages, hacked that single-page access monster together, tossed together that portal page, added in a mod to the Forum app to throw in yet another FAQ interface, and have been working on a Wiki. Once again, why is the problem with FAQ data "mine" ...???? A gazillion SpamCop.net users but I'm a prick because no one else wants to take on the task of helping out? Stated many times, if the FAQ isn't "good" .... offer up something that will work .... I'm pretty tired of going round and round with Don/Deputies over the 'official' FAQ seemingly all by myself. And you'll notice that the alternative versions I've offered were not "written by me" .... it's been a collaborative effort. From nobody at devnull.spamcop.net Mon Apr 10 14:40:34 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 10 16:45:03 2006 Subject: [SpamCop-List] Re: N