From not at home.today Sat Apr 1 03:08:31 2006 From: not at home.today (Ant) Date: Fri Mar 31 21:10:04 2006 Subject: [SpamCop-List] Re: Another '419' scam ... References: Message-ID: "Jeff G." wrote: > A few other OT tidbits: > > "She didn't want to." "Jamaica?" I think it goes: "My wife went to the West Indies". "Jamaica"? "No, she went of her own accord". From jeffg at spamcop.net Sat Apr 1 01:52:15 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sat Apr 1 02:00:15 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: <442C05AD.E052F418@spamcop.net> <3rl6crp3928o@eisner.encompasserve.org> <442D5EA0.5AC937A0@spamcop.net> Message-ID: Kenneth Brody wrote: > Larry Kilgallen wrote: >> In article <442C05AD.E052F418@spamcop.net>, Kenneth Brody >> writes: >>> However, as I understand it, you can contact "deputies _at_ spamcop >>> _dot_ net" with specifics about the server that is listed (the most >>> important piece of information is its IP address). They can check >>> into it and give you general information about what hit the >>> spamtrap. (For example, "it looks like you are sending your >>> newsletter to the spamtrap address", or "it looks like you are >>> generating backscatter by bouncing rather than rejecting e-mail", >>> or "someone sent genuine spam from your server", and so on.) >> I don't like the word "genuine" in that context. Backscatter is >> still "genuine", in fact I believe I have heard of it intentionally >> being used by putting the target address in the "From:" field and >> sending to an address known to generate backscatter. >> >> His newsletter is still spam to me if I did not request it, >> regardless >> of the possibility that it might request it. > You are, of course, correct. While you probably knew what I meant, it > is a poor choce of words, as it implies the others aren't "geniune" > spam. > > Do you have a suggestion for a better term? I have a suggestion: "direct" spam purports to be from the person promoting the payload, while "indirect" spam comes from a server which is tricked into sending backscatter by the person promoting the payload. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From dws at dealing-with-spam.info Sat Apr 1 10:16:05 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:20:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Geoffrey Hyde wrote on Fri, 31 Mar 2006 09:56:37 +1000: > I "top post" mostly when I'm discussing a URL as the first point of > interest in a reply I'm making. Call it what you will, but it makes > perfect sense to me, and as long as my email client permits me to do > it that way I'll do it that way. Yet another "screw your logic and I'll post how I like even if it makes it difficult for others to find out what the hell I'm on about" message. *plonk* From dws at dealing-with-spam.info Sat Apr 1 10:24:09 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:25:05 2006 Subject: [SpamCop-List] Re: Redirects via TinyURL.com - how to handle? References: Message-ID: Skiwi wrote on Thu, 30 Mar 2006 08:11:57 -0800: > Let the reports got to abuse@tinyurl.com and let them (maybe) pull the > redirect off their system? Or is that report 'abusive' on my part? Not at all. TinyURL is very white-hat and *will* nuke spamvertized redirects. Each time I've received a spam with a TinyURL link, the ridirect had already been nuked. From dws at dealing-with-spam.info Sat Apr 1 10:25:25 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Sat Apr 1 03:30:02 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: RandallW wrote on Thu, 30 Mar 2006 10:54:11 -0800: > Is UU Net a black hat? Are pigs capable of self-powered flight? The day UUNet stops being black-hat will be the day pigs fly. http://www.spamhaus.org/statistics/networks.lasso From g.hyde at bigpond.net.au Sat Apr 1 18:40:11 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Sat Apr 1 03:45:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: "D-W-S" wrote in message news:slrne2sdm5.1urd.dws@dealing-with-spam.info... > Geoffrey Hyde wrote on Fri, 31 Mar 2006 09:56:37 +1000: > >> I "top post" mostly when I'm discussing a URL as the first point of >> interest in a reply I'm making. Call it what you will, but it makes >> perfect sense to me, and as long as my email client permits me to do >> it that way I'll do it that way. > > Yet another "screw your logic and I'll post how I like even if it makes > it difficult for others to find out what the hell I'm on about" message. Whatever. *plonk* BTW I thought you or someone else had already plonked me long ago? Sheesh the things you remember on the spur of the moment. Cheers ... Geoffrey Hyde From nobody at spamcop.net Sat Apr 1 00:51:48 2006 From: nobody at spamcop.net (RandallW) Date: Sat Apr 1 03:55:03 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: "D-W-S" wrote in message news:slrne2se7l.1urd.dws@dealing-with-spam.info... > > http://www.spamhaus.org/statistics/networks.lasso > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained about more often.....then again the Verizon chunk of spam is large. From nobody at spamcop.net Sat Apr 1 02:00:58 2006 From: nobody at spamcop.net (N. Miller) Date: Sat Apr 1 05:05:12 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: <1xnjd6za7gntt$.dlg@news.spamcop.net> On Sat, 1 Apr 2006 00:51:48 -0800, RandallW wrote: > "D-W-S" wrote in message > news:slrne2se7l.1urd.dws@dealing-with-spam.info... >> http://www.spamhaus.org/statistics/networks.lasso > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained > about more often.....then again the Verizon chunk of spam is large. WRT to proxy spam, Verizon is worse than Comcast. I see nearly the same number of residential IP addresses trying to connect from Verizon as from Comcast; yet Verizon only has about half as many HSI customers as Comcast. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Merlyn at Spamcop.net Sat Apr 1 08:33:21 2006 From: Merlyn at Spamcop.net (Merlyn) Date: Sat Apr 1 08:35:03 2006 Subject: [SpamCop-List] Re: UU net References: Message-ID: "RandallW" wrote in message news:e0lev0$9a5$1@news.spamcop.net... > > "D-W-S" wrote in message > news:slrne2se7l.1urd.dws@dealing-with-spam.info... >> >> http://www.spamhaus.org/statistics/networks.lasso >> > > I didn't know MCI was so far 'ahead'; I perceive Comcast being complained > about more often.....then again the Verizon chunk of spam is large. UUNET Technologies, Inc. is now itself part of WorldCom Inc which means they are part of MCI. That makes the worst spam hoster in the world. I call that pretty black hat. -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From abuse at whathostingshould.be Sat Apr 1 09:12:27 2006 From: abuse at whathostingshould.be (Galen) Date: Sat Apr 1 09:15:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: In news:UFT0YQgydErm@eisner.encompasserve.org, Larry Kilgallen had this to say: My reply is at the bottom of your sent message: > In article , Garen Erdoisa > writes: > >> Suggestion; > >> If >> after a years time you have received no abuse reports on an account, >> then maybe refund the security deposit because at that time they will >> have built up a good reputation with you, and at that time you can be >> pretty sure they really are who they say they are. > > But do not publish that aspect of your policy, because some spammers > are > happy to leave an account dormant for a long time to reduce suspicion. Those are excellent ideas but I'm not too certain that we can get away with the deposit. That would place us in an "outcast" section of the market and while the goal isn't riches or anything the idea of being profitable is nice. It is a great idea and well worth one that's able to be considered. Maybe getting our own merchant account and pre-authorization to bill them for verified complaints might be something we can do. The cost for that isn't too high really. Going into this we knew we'd have abuse issues. The percentage rate of signups that are fraud or end in abuse (we're now at three officially banned accounts) is about 1/4 for the low end accounts. I can see why the (what seems to me) majority of hosting companies just ignore it. In a few forums that I belong to there are folks who fairly openly claim (as if bragging) that they just dev-null all abuse reports. It even seems that an even higher percentage of them don't even bother doing anything until there are a lot of sources claiming the abuse. Evil rat-bass-turds the lot of 'em. I'm going to hunt a few down and beat 'em with a bat or something. Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From joegill at removethis Sat Apr 1 12:46:09 2006 From: joegill at removethis (Joe Gill) Date: Sat Apr 1 12:50:11 2006 Subject: [SpamCop-List] Format changed Spamcop Quick Reporting Data Emails Message-ID: This is an FYI for this that sort/filter emails based on Subject lines On 03/28, between 1:41PM US Eastern time and 5:27PM, the format of the subject lines changed from: SpamCop Quick reporting data to [SpamCop] Quick reporting data From MikeE at ster.invalid Sat Apr 1 10:31:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 1 13:35:04 2006 Subject: [SpamCop-List] Re: Format changed Spamcop Quick Reporting Data Emails References: Message-ID: Joe Gill wrote: > This is an FYI for this that sort/filter emails based on Subject lines > > On 03/28, between 1:41PM US Eastern time and 5:27PM, > the format of the subject lines changed > > from: > SpamCop Quick reporting data > to > [SpamCop] Quick reporting data Yes. I changed mine from SpamCop Quick, which stopped working, to Quick reporting. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sat Apr 1 12:31:14 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sat Apr 1 13:35:07 2006 Subject: [SpamCop-List] Re: Format changed Spamcop Quick Reporting Data Emails References: Message-ID: "Joe Gill" wrote in message news:e0mecq$r9o$1@news.spamcop.net... > This is an FYI for this that sort/filter emails based on Subject lines > > On 03/28, between 1:41PM US Eastern time and 5:27PM, > the format of the subject lines changed > > from: > SpamCop Quick reporting data > to > [SpamCop] Quick reporting data As was posted in the Forum, both standard and Quick- Reporting notification e-mails have had this Subject: line change made. From jzeitlin at spamcop.net Sat Apr 1 15:30:28 2006 From: jzeitlin at spamcop.net (=?ISO-8859-1?Q?E=F6nw=EB?=) Date: Sat Apr 1 15:35:04 2006 Subject: [SpamCop-List] Apologies for OT Message-ID: Galen, would you please contact me via email at editor *at* freelancetraveller.com? I'm looking for new hosting, and I want to discuss some special needs I have, and whether WHSB can/is willing to meet those needs (and at what price). -- E?nw? (SpamCop subscriber, not staff/admin) From Kilgallen at SpamCop.net Sat Apr 1 16:13:22 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Sat Apr 1 17:15:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: In article , "Galen" writes: > Going into this we knew we'd have abuse issues. The percentage rate of > signups that are fraud or end in abuse (we're now at three officially banned > accounts) is about 1/4 for the low end accounts. .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean ? From ppearson at nowhere.invalid Sat Apr 1 23:01:25 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Sat Apr 1 18:05:03 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: On Fri, 31 Mar 2006 10:11:40 -0600, Marc W. Mengel wrote: > > Actually, it turns out some of our moderated lists send a "your message > has been forwarded to the moderator" message, and that's what has > been tripping spamcop's spamtraps. Fascinating. So some spammer has gone to the trouble to forge a spamtrap return address onto a fake submission to one of your lists. I wonder whether . . . (a) the spammer was just sending an enlargement ad to an email address that happened to go to your list, and forged a don't-care return address that happened to be a spamtrap; or (b) the spammer knew he could use your list server to bounce enlargement ads into other target mailboxes, one of which happened to be a spamtrap. In case (a), you can stay out of trouble if you can distinguish between list submissions and spam before replying. If the case is (b), that distinction will help in the short run, but a spammer determined to sneak past your filter can eventually force you to choose between serving as a springboard for spam and curtailing your autoresponses. By the way, Marc: you have mentioned that fnal runs a large number of mailing lists, as if that excuses fnal from taking measures to prevent their abuse by spammers. I don't find that line of reasoning compelling, and I'd like to suggest a different way of looking at it: When fnal budgets manpower for running lists, fnal gets to decide whether or not to budget for the small (per list) additional effort that will keep your servers off blocklists. -- To email me, substitute nowhere->spamcop, invalid->net. From MikeE at ster.invalid Sat Apr 1 15:27:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sat Apr 1 18:30:04 2006 Subject: [SpamCop-List] Re: Victim of Spam-Trap addresses... References: Message-ID: Peter Pearson wrote: > Marc W. Mengel >> Actually, it turns out some of our moderated lists send a "your >> message has been forwarded to the moderator" message, and that's >> what has been tripping spamcop's spamtraps. > > Fascinating. So some spammer has gone to the trouble to forge > a spamtrap return address onto a fake submission to one of your > lists. I wonder whether . . . Or, no, you might make it simpler and less fascinating. A spammer scrapes the submit to the list addy and also scrapes the spamtrap addy or buys scraped addies or millions CDs. The spammer uses the same lists for the bogus From as are used to mailto. Sometimes the mailto is the list submit and the From is a spamtrap. Then the submit address autoresponds with the 'forwarded to moderator' message to the spamtrap. If the listserv is going to send out misdirected or abusive autoresponds to bogus Froms, it is going to get itself into trouble. Autoresponding servers which address newmails to bogus Froms ought to not be facing the internet at large without some serious de-spamming and/or SPF or some combination thereof. -- Mike Easter kibitzer, not SC admin From skiwi at spamcop.net Sat Apr 1 16:36:47 2006 From: skiwi at spamcop.net (Skiwi) Date: Sat Apr 1 19:40:03 2006 Subject: [SpamCop-List] Re: Redirects via TinyURL.com - how to handle? In-Reply-To: References: Message-ID: D-W-S wrote: > Skiwi wrote on Thu, 30 Mar 2006 08:11:57 -0800: > >> Let the reports got to abuse@tinyurl.com and let them (maybe) pull the >> redirect off their system? Or is that report 'abusive' on my part? > > Not at all. > > TinyURL is very white-hat and *will* nuke spamvertized redirects. Each > time I've received a spam with a TinyURL link, the ridirect had already > been nuked. cheers! From lujanero at gmail.com Sat Apr 1 21:41:03 2006 From: lujanero at gmail.com (master) Date: Sat Apr 1 19:45:05 2006 Subject: [SpamCop-List] JAPONESAS Message-ID: http://linkbux.com/go.php?link=513018 From abuse at whathostingshould.be Sat Apr 1 20:21:49 2006 From: abuse at whathostingshould.be (Galen) Date: Sat Apr 1 20:45:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: >> Going into this we knew we'd have abuse issues. The percentage rate >> of signups that are fraud or end in abuse (we're now at three >> officially banned accounts) is about 1/4 for the low end accounts. > > .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean > ? 1/4 of the lowest priced account (4 out of 12) have been fraud or SPAM. 2/12 SPAM and 2/12 credit card fraud. Galen From nobody at spamcop.net Sat Apr 1 18:10:07 2006 From: nobody at spamcop.net (RandallW) Date: Sat Apr 1 21:15:03 2006 Subject: [SpamCop-List] non-throwaway e-mail addy for spammy domains Message-ID: If I find the e-mail addy for the registrant of a spammy domain ( of the spamvertised website ), and the addy is a non-throwaway ( hotmail, yahoo, etc. ), what's the chance the e-mail is used for actual work? From bar_n0ne at hotmail.com Sat Apr 1 21:33:58 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 1 22:35:03 2006 Subject: [SpamCop-List] Re: non-throwaway e-mail addy for spammy domains References: Message-ID: "RandallW" wrote in message news:e0nbpp$bdd$1@news.spamcop.net... > If I find the e-mail addy for the registrant of a spammy domain ( of the > spamvertised website ), and the addy is a non-throwaway ( hotmail, yahoo, > etc. ), what's the chance the e-mail is used for actual work? > > Well, you may have an opportunity to land some asswipe in serious hot water, if, the "work" addy is not the outfit doing the spamming, It might need a nice piece of snail mail to the company but that would do it. From bar_n0ne at hotmail.com Sat Apr 1 21:35:38 2006 From: bar_n0ne at hotmail.com (Berny) Date: Sat Apr 1 22:40:03 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: "Galen" wrote in message news:e0na4v$agk$1@news.spamcop.net... > >> Going into this we knew we'd have abuse issues. The percentage rate > >> of signups that are fraud or end in abuse (we're now at three > >> officially banned accounts) is about 1/4 for the low end accounts. > > > > .0025 (1/4 of a percent) is not bad. .25 is bad. Which did you mean > > ? > > 1/4 of the lowest priced account (4 out of 12) have been fraud or SPAM. 2/12 > SPAM and 2/12 credit card fraud. > > Galen > > UMMMM,,, actually the stats are worse than you think, 4/12 is a Third, (33.3%) not a Quarter. From MikeE at ster.invalid Sat Apr 1 21:57:09 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 01:00:05 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: master wrote: In case anyone is wondering about master's JAPONESA newsgroup spam operation. master started hir operation under the current persona a few days ago by webposting to googlegroups using a gmail addy account lujanero@gmail.com and to google groups only such as Sex talk pleasure totally nude.celebrity big.tit adult.sex amateur-porn true adult-pics Asian hotties which are all googlegroups, not usenet and for which the posts weren't necessarily spam or inappropriate. This is a baby .ar spammer who has decided to profit from the deals described at linkbux "Get paid for every user who is visiting your links to websites, downloads, images, etc etc.. " http://www.linkbux.com/main.php -- also similarly imagefap.com "We are a free image hosting provider that allow you to earn $$ with your images. -- You will earn cash for every visitor that views your galleries/images." http://www.imagefap.com/index.php But imagefap sez "We also do not condone promotion through spam, autosurf and bots. All users violating this policy will be banned and their earnings forfeited." -- whereas linkbux doesn't say that. Imagefap also claims to work with authorities over issues of copyright infringement or kiddy porn. .. and so presumably linkbux must be expecting to tolerate complaints about usenet and other spamruns. Both linkbux and imagefap are hosted on nforce.nl servers but their registration is handled differently. linkbux 'what is forbidden' clause confuses me "What is forbidden?: -- Following reasons will result in an direct account termination inclusive earnings generated: - Autosurf sites - Human beings have to manually click/visit the paid-redirects - Any auto click generating. - Using other paid-redirect services as destination urls." All that is forbidden is some kind of clicking and redirect issues, not spam, copyright infringement or kiddy porn. Then s/he expanded the operation to the usenet groups some of which were amusingly misdirected because of containing 'amateur' in the group name, like rec.radio.amateur.policy and alt.nl.radio.zendamateur.gelicentieerd -- this usenet expansion was also associated with branching into nntp posting instead of webposting googlegroups by using the free newsservers news.infoave.com and news.aioe.org -- continuing to post from the .ar IP 190.48.14.195 and using the gmail addy. I'm not really sure what caused the expansion into the SC ng/s -- maybe something became automated. At this point the number of entities which could be notified has expanded beyond telefonica.com.ar & gmail & googlegroups to infoave.net & aioe.org -- and most of those would take action against the account. Since the spammer is presumably inexperienced I suspect the gmail account was used at linkbux and imagefap for the account's payoff, so losing that could disrupt the communications. -- Mike Easter kibitzer, not SC admin From vanishingrabbit at ntlworld.com Sun Apr 2 11:46:17 2006 From: vanishingrabbit at ntlworld.com (Will Gray) Date: Sun Apr 2 05:50:14 2006 Subject: [SpamCop-List] please help Message-ID: I have sent a few emails out to a manually maintained list of users. It is not spam but now i can't even reply to emails because i am blocked !! What the hell is this spamcop thing all about, destroying peoples business? The help pages are meaningless and don't actually tell you what to do, does anyone know in plain English how to resolve this situation ?? From MikeE at ster.invalid Sun Apr 2 04:03:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:05:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Will Gray wrote: > I have sent a few emails out to a manually maintained list of users. > It is not spam but now i can't even reply to emails because i am > blocked !! What IP address are you trying to talk about? Perhaps you mean that you have recently found your outgoing mail rejected by your recipient's server, and that that rejection of your mail contains exact and specific information regarding which IP address [which would be a dotted quad like 82.7.16.222 ] that recipient is not accepting because of the recipient's choice of spamblocking methods. > What the hell is this spamcop thing all about, destroying peoples > business? What IP address are you trying to talk about? SpamCop does not block anything. SpamCop is a free and paid parsing and reporting service to help spam recipients notify the providers for spamsources and spamvertisers. SpamCop is the maintainer of the spamcop blocklist SCbl based on spamsources derived from reports by spamcop reporters and spamcop spamtraps receiving unwanted mail. SpamCop is also a subscribed mail service providing spamfilter tagging and facilitated reporting. > The help pages are meaningless and don't actually tell you > what to do, does anyone know in plain English how to resolve this > situation ?? What IP address are you trying to talk about? The specific and exact help pages which are linked by the information in a delivery status failure which is caused by a server using the SCbl to reject name the IP in question. We cannot talk about a mail delivery problem here unless we know the IP address. Then we can talk about what a SCbl listing means and why you might have been so listed. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 04:33:22 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:35:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Mike Easter wrote: > Will Gray wrote: > >> I have sent a few emails out to a manually maintained list of users. >> It is not spam but now i can't even reply to emails because i am >> blocked !! > > What IP address are you trying to talk about? I am trying to sleuth out what IP address you haven't named yet, but I'm being unsuccessful. You are posting here from an IP address provided by NTL which looks like it is a cable modem and which might be geographically located in Leicester or near there. That IP address you post here with is not blocklisted anywhere, including SC. You signed Will Gray. There is a Will Gray website http://www.willgray.co.uk/index.htm which Will Gray is of the east Midlands area which includes Leicester. That domainname address willgray.co.uk has its incoming mail handled by .ukservers.net MXes named mx1. and mx2. -- but the outgoing mail from ukservers.net is handled by a family of 11 servers listed in senderbase: 217.10.138.203 server26.ukservers.net 217.10.138.202 server25.ukservers.net 217.10.138.242 server42.ukservers.net 217.10.138.207 server30.ukservers.net 217.10.138.201 server24.ukservers.net 217.10.138.208 server31.ukservers.net 217.10.138.220 smtp-1.ukservers.net 217.10.138.198 server21.ukservers.net 217.10.138.209 server32.ukservers.net 217.10.138.199 server22.ukservers.net 217.10.138.204 server27.ukservers.net So far, I've determined 15 different IP addresses which *might* be associated with your mail, and none of them are SCbl listed. Now it is time for me to stop guessing and for you to name the IP address which you are trying to say is blocked. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 04:48:14 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 06:50:03 2006 Subject: [SpamCop-List] Re: please help References: Message-ID: Mike Easter wrote: >> Will Gray wrote: >> >>> I have sent a few emails out to a manually maintained list of users. >>> It is not spam but now i can't even reply to emails because i am >>> blocked !! >> >> What IP address are you trying to talk about? > > I am trying to sleuth out what IP address you haven't named yet, but > I'm being unsuccessful. I forgot about the ntlworld.com family that might be going out ntlworld.com or ntl.com or I don't know whatall. That guessing would be too far ranging and too many servers. No more guessing for me. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Apr 2 17:15:11 2006 From: nobody at devnull.spamcop.net (Peter) Date: Sun Apr 2 15:20:16 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: If we try to report it as spam...this is what SC finds: Re: 190.48.14.195 (Administrator of network where usenet posts originate) To: news@news.spamcop.net (Notes) Re: 190.48.14.195 (Third party interested in email source) To: Cyveillance spam collection (Notes) (Report cancelled) -- Peter Toronto, Canada 2 x XP Pro SP2 (1 everyday, 1 for testing) P4 HT @ 3.0ghz, 2.0gb DDR, 360gb HD "Mike Easter" wrote in message news:e0np35$i8r$1@news.spamcop.net... > master wrote: > > > In case anyone is wondering about master's JAPONESA newsgroup spam > operation. > > master started hir operation under the current persona a few days ago by > webposting to googlegroups using a gmail addy account lujanero@gmail.com > and to google groups only such as Sex talk pleasure totally > nude.celebrity big.tit adult.sex amateur-porn true adult-pics Asian > hotties which are all googlegroups, not usenet and for which the posts > weren't necessarily spam or inappropriate. > > This is a baby .ar spammer who has decided to profit from the deals > described at linkbux "Get paid for every user who is visiting your > links to websites, downloads, images, etc etc.. " > http://www.linkbux.com/main.php -- also similarly imagefap.com "We > are a free image hosting provider that allow you to earn $$ with your > images. -- You will earn cash for every visitor that views your > galleries/images." http://www.imagefap.com/index.php > > But imagefap sez "We also do not condone promotion through spam, > autosurf and bots. All users violating this policy will be banned and > their earnings forfeited." -- whereas linkbux doesn't say that. > Imagefap also claims to work with authorities over issues of copyright > infringement or kiddy porn. > > .. and so presumably linkbux must be expecting to tolerate complaints > about usenet and other spamruns. Both linkbux and imagefap are hosted > on nforce.nl servers but their registration is handled differently. > linkbux 'what is forbidden' clause confuses me "What is forbidden?: > -- Following reasons will result in an direct account termination > inclusive earnings generated: - Autosurf sites - Human beings have to > manually click/visit the paid-redirects - Any auto click generating. - > Using other paid-redirect services as destination urls." All that is > forbidden is some kind of clicking and redirect issues, not spam, > copyright infringement or kiddy porn. > > > Then s/he expanded the operation to the usenet groups some of which were > amusingly misdirected because of containing 'amateur' in the group name, > like rec.radio.amateur.policy and > alt.nl.radio.zendamateur.gelicentieerd -- this usenet expansion was > also associated with branching into nntp posting instead of webposting > googlegroups by using the free newsservers news.infoave.com and > news.aioe.org -- continuing to post from the .ar IP 190.48.14.195 and > using the gmail addy. I'm not really sure what caused the expansion > into the SC ng/s -- maybe something became automated. > > At this point the number of entities which could be notified has > expanded beyond telefonica.com.ar & gmail & googlegroups to infoave.net > & aioe.org -- and most of those would take action against the account. > Since the spammer is presumably inexperienced I suspect the gmail > account was used at linkbux and imagefap for the account's payoff, so > losing that could disrupt the communications. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Sun Apr 2 14:36:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 16:40:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Peter wrote: > If we try to report it as spam...this is what SC finds: > > Re: 190.48.14.195 (Administrator of network where usenet posts > originate) To: news@news.spamcop.net (Notes) I don't find SC to be a particularly useful tool for reporting usenet spam. In the first place, the algorithm isn't designed to determine source in the event of the absence of a nntp posting host line which often isn't available; and in the second place, it appears that the algorithm currently wants to report the source IP to the newsprovider instead of to the provider for the source IP. >> At this point the number of entities which could be notified has >> expanded beyond telefonica.com.ar & gmail & googlegroups to >> infoave.net & aioe.org If I were reporting it, I would be manually reporting it and including inline copies of several other representative examples recently found on usenet and googlegroups to abuse@speedy.com.ar postmaster@speedy.com.ar (for speedy.com.ar) [abuse.net on the rDNS of the source IP] abuse@telefonica.com.ar postmaster@telefonica.com.ar (for telefonica.com.ar) [abuse.net on the domainname of the lacnic contact for the source IP] gmail-abuse@google.com (for gmail.com) [using the gmail account to spam googlegroups] groups-abuse@google.com [for the posts which were made to googlegroups] abuse@infoave.net [for the posts which were made nntp via infoave.net] freedom@aioe.org abuse@aioe.org (for aioe.org) [for the posts made nntp via aioe] default postmaster@linkbux.com + default abuse@linkbux.com for presumed violation of linkbux rules info@nforce.nl + default postmaster@nforce.nl + default abuse@nforce.nl [provider for spamvertised linbux.com and also spamvertised which doesn't have an abuse address or a contact address abuse@leaseweb.com ripe contact for AS16265 routing for nforce for no abuse contact addies default postmaster@imagefap.com + default abuse@imagefap.com for violation of imagefap rules By attaching several items, to the manual notify each of the desks would have the big picture of a general pattern of spammish treatment of googlegroups, usenet groups and spamcop groups.. I wouldn't bother notifying spamcop, because spamcop doesn't require login to post to the newsgroups, whereas aioe does and can turn off the account. It turns out that infoave doesn't require login either, so that notify may also not be worthwhile. As a general rule, I don't notify about usenet spam. -- Mike Easter kibitzer, not SC admin From nobody at nowhere.not Sun Apr 2 21:47:36 2006 From: nobody at nowhere.not (Robert Blair) Date: Sun Apr 2 16:50:03 2006 Subject: [SpamCop-List] spam purporting to be from University of Phoenix Message-ID: http://www.spamcop.net/sc?id=z911735453z5a9d387d42002d8a07d0ef7829f1c3 65z At first I thought this was a Joe Job but closer inspection it looks like the spammer is pretending to be the University of Phoenix (using its logo). http://xy7b.com/z/26311/CD60/&dp=0&l=0&p=0 redirects to http://www.uopinternational.com/index.php?cid=es_mba -- Robert Blair From newsgroups.2006 at davetopping.com Sun Apr 2 23:27:47 2006 From: newsgroups.2006 at davetopping.com (Dave Topping) Date: Sun Apr 2 17:30:03 2006 Subject: [SpamCop-List] Complicated newbie question Message-ID: I am trying to work out if it's possible to do this: 1) Forward spamcop notifications to an email alias on my domain, which runs on cPanel Exim MTA. 2) Pipe, or save to file, emails sent to that alias. 3) Modify the subject to begin with [email]. 4) Forward the email to NANAS using my commercial usenet account. Any ideas, please? Thank you. From newsgroups.2006 at davetopping.com Sun Apr 2 23:28:56 2006 From: newsgroups.2006 at davetopping.com (Dave Topping) Date: Sun Apr 2 17:30:06 2006 Subject: [SpamCop-List] Redirecting spamcop complaints to submission address? Message-ID: Some of the email accounts I have are Horde based, which only appears to offer a REDIRECT instead of forward as attachement option. Is it possible to configure my spamcop account to accept any and all email sent to the submit address for prossessing? Regards From not at home.today Mon Apr 3 00:32:34 2006 From: not at home.today (Ant) Date: Sun Apr 2 18:35:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: "Mike Easter" wrote: > I wouldn't bother notifying spamcop, because spamcop doesn't require > login to post to the newsgroups, whereas aioe does and can turn off the > account. Just for the record, aioe doen't require any signup or login. However, it does have a limit of 25 posts per day. http://news.aioe.org/article.php3?id_article=3 From jeffg at spamcop.net Sun Apr 2 19:56:18 2006 From: jeffg at spamcop.net (Jeff G.) Date: Sun Apr 2 19:00:03 2006 Subject: [SpamCop-List] Re: Redirecting spamcop complaints to submission address? References: Message-ID: Dave Topping wrote: > Some of the email accounts I have are Horde based, which only appears > to offer a REDIRECT instead of forward as attachement option. > > Is it possible to configure my spamcop account to accept any and all > email sent to the submit address for prossessing? Yes, you can use a Horde REDIRECT to redirect spam messages to your Spamcop Email System Account, and then Report as normal from there. You can also ask your other MSPs (Mail Service Providers) to provide a "forward as attachment" or "forward inline" capability that includes all of the Header Lines. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From MikeE at ster.invalid Sun Apr 2 18:31:16 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Apr 2 20:35:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Ant wrote: > "Mike Easter" wrote: > >> I wouldn't bother notifying spamcop, because spamcop doesn't require >> login to post to the newsgroups, whereas aioe does and can turn off >> the account. > > Just for the record, aioe doen't require any signup or login. You are correct, sir. I must've been thinking of another. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 12:00:52 2006 From: nobody at devnull.spamcop.net (Patto) Date: Sun Apr 2 22:05:03 2006 Subject: [SpamCop-List] Re: JAPONESAS In-Reply-To: References: Message-ID: Mike Easter wrote: > Peter wrote: >> If we try to report it as spam...this is what SC finds: >> >> Re: 190.48.14.195 (Administrator of network where usenet posts >> originate) To: news@news.spamcop.net (Notes) > > I don't find SC to be a particularly useful tool for reporting usenet > spam. In the first place, the algorithm isn't designed to determine > source in the event of the absence of a nntp posting host line which > often isn't available; and in the second place, it appears that the > algorithm currently wants to report the source IP to the newsprovider > instead of to the provider for the source IP. I have no problems using SC to analyze and report usenet spam; I do it regularly with items spammed into Microsoft support newsgroups. However, the SC newsgroups somehow manage to hide the poster's originating IP address, and therefore is unable to report anything. From caroljean52 at yahoo.com Sun Apr 2 22:05:14 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Sun Apr 2 23:10:06 2006 Subject: [SpamCop-List] Re: spam purporting to be from University of Phoenix References: Message-ID: "Robert Blair" wrote: > At first I thought this was a Joe Job but closer inspection it looks > like the spammer is pretending to be the University of Phoenix (using > its logo). When the University of Phoenix first went online they were (cluelessly) spamming mercilessly (besides being responsible for at least half the pop-up ads out there) but they actually learned fast and modified their behavior! It's been years since they've actually done any spammer. Interesting that the evil spammers are now pretending to be them. Carol Pocatello, Idaho From notavalidemail at theabyss123.com Mon Apr 3 00:06:44 2006 From: notavalidemail at theabyss123.com (MrBill) Date: Sun Apr 2 23:10:10 2006 Subject: [SpamCop-List] SpamCop Not Identifying Spamvertised URLs Message-ID: I just started reporting SPAM (I'm relatively new so be gentle), and I am confused as to why SpamCop does not pick up the Spamvertised URL in most of my SPAMS. It says "Finding Links in Message Body" - "No Links Found." This is frustrating because I am getting at least 20 of the exact SPAMS daily, only with rotation of the Spamvertised URL. Here's a small sample list of Spamvertised URL's SpamCop did not detect... http://boei10.akintassle.com http://vyju35.secaliesin.com http://raju99.citreato.com http://tejy59.gointcor.com Is it that I am reporting these wrong? I log into SpamCop, pasted the headers, then a line break, then the body of the Spam. I feel as if my SPAM reports are not hurting the SPAMMER, because they can just use another Zombie to spew out their Trash. If SpamCop could detect their Spamvertised Websites, maybe then it would hit this SPAMMER in the wallet! Please help! Return-Path: < snd_pcm_hw_params_get_buffer_time@gonegambling.com > Received: from srv25.XXXXXX.com (root@localhost) by XXXXXX.com (8.12.11/8.12.11) with ESMTP id k332VcPD001737 for < XXX@XXXXXX.com >; Sun, 2 Apr 2006 21:31:38 -0500 X-ClientAddr: 201.215.85.36 Received: from -1210885720 (pc-36-85-215-201.cm.vtr.net [201.215.85.36]) by srv25.XXXXXX.com (8.12.11/8.12.11) with SMTP id k332U669000864 for < XXX@XXXXXX.com >; Sun, 2 Apr 2006 21:30:56 -0500 Received: from gonegambling.com (-1208301704 [-1210410432]) by pc-36-85-215-201.cm.vtr.net (Qmailv1) with ESMTP id 9F2930A710 for < XXX@XXXXXX.com >; Sun, 02 Apr 2006 21:22:03 -0500 Date: Sun, 02 Apr 2006 21:22:03 -0500 From: "Davis L. Defilement" < snd_pcm_hw_params_get_buffer_time@gonegambling.com > X-Mailer: The Bat! (v2.00.0) Personal X-Priority: 3 Message-ID: < 9923725931.20060402212203@gonegambling.com > To: XXX < XXX@XXXXXX.com > Subject: Premier MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------484BA784011A5A1" X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6 X-Spam-Status: No, hits=2.3 required=5.0 tests=HTML_10_20,HTML_MESSAGE,MIME_HTML_NO_CHARSET version=2.55 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Status: Tired of low-quality Chinese and Indian medications? Use only the branded one! Man's Health Anti-Depressants Antibiotics Cholesterol Diabetes Diuretic Pain Relief Sexual Health Sleep Aids Weight Loss and more on http://budashanik.com From MikeE at ster.invalid Sun Apr 2 22:10:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:15:04 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Patto wrote: > However, the SC newsgroups somehow manage to hide the poster's > originating IP address, and therefore is unable to report anything. I disagree with that characterization. One of the most reliable pieces of information in nntp headers which is rarely forged [notice I didn't say /never/] is that of the NNTP posting host, which the parser refers to as NPH. The SC newsserver dutifully records the NPH, and 'identifies' it as the source of the item. So, I wouldn't at all say that news.spamcop.net manages to 'hide the poster originating IP address' -- it is just that the parser is configured to report the originating IP to the news provider, not the source provider. This is a condition which I hadn't noticed before, since I haven't run a news message thru' the parser in quite some time. Personally I don't think it is a good configuration -- but then I don't think reporting usenet spam is a particularly useful function and I also don't think that reporting usenet spam with spamcop is a particularly useful activity. I have my own personal opinion about a number of SC configurations which I disagree with. In any case, news.spamcop.net doesn't hide the poster's originating IP. So your beef is misstated -- the originating IP is identified, it just isn't reported to the source provider in the same fashion as a /real/ spam, an email spam. -- Mike Easter kibitzer, not SC admin From jeffg at spamcop.net Mon Apr 3 01:16:46 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 00:20:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), and > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. It says "Finding Links in Message Body" - "No > Links Found." This is frustrating because I am getting at least 20 > of the exact SPAMS daily, only with rotation of the Spamvertised URL. ... > Is it that I am reporting these wrong? I log into SpamCop, pasted the > headers, then a line break, then the body of the Spam. I feel as if > my SPAM reports are not hurting the SPAMMER, because they can just > use another Zombie to spew out their Trash. If SpamCop could detect > their Spamvertised Websites, maybe then it would hit this SPAMMER in > the wallet! Please help! ... > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----------484BA784011A5A1" ... > Tired of low-quality Chinese and Indian medications? As I wrote at http://forum.spamcop.net/forums/index.php?showtopic=3125&view=findpost&p=20658 (modified a tad for newsgroup posting): The SpamCop Parser is excessively (IMHO) pedantic about what URLs it is willing to report on your behalf (reporting "no links found" when certain rules are broken by the spammer that would be broken by OE/IE and other mailreaders/browsers in their attempts to be "helpful"), and you shouldn't go around willy-nilly changing the spam to make the URLs reportable. You can complain (to deputies admin.spamcop.net with a Tracking URL) about the excessive pedanticism, and you can file Manual Reports( http://forum.spamcop.net/forums/index.php?showtopic=2530#entry19972 ). Please see my reply at http://forum.spamcop.net/forums/index.php?showtopic=3035&view=findpost&p=20110 for more info on this issue. -- Thanks and Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From jeffg at spamcop.net Mon Apr 3 01:22:12 2006 From: jeffg at spamcop.net (Jeff G.) Date: Mon Apr 3 00:25:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Mike Easter wrote: > the parser is > configured to report the originating IP to the news provider, not the > source provider. I think it should report to both. -- Best Regards, Jeff G. http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 From nobody at spamcop.net Sun Apr 2 22:30:55 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 00:35:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: On Sun, 2 Apr 2006 23:06:44 -0400, MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), and I am > confused as to why SpamCop does not pick up the Spamvertised URL in most of > my SPAMS. SpamCop is, primarily, about report "spam sources", where the spam source is the point where the spam was injected into the SMTP process. When the parser misses links, it is because it is not optimized to find them, for various, usually pretty good, reasons. You either did not read th FAQ, or failed to "lurk before you leap". Posting spam to this group is strongly discouraged. Either post the spam to the "spamcop.spam" group, and reference it in this group, or post a tracker; which looks like this: http://www.spamcop.net/sc?id=z911947198z2886e6db0747dc765fa6b06e6198e6f6z Be sure not to post a live tracker. Either submit the report, as I did with this one, or cancel it. The report cancel feature allows you to experiment by modifying the spam item in ways which should not be reported, but will help you understand what is happening. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From MikeE at ster.invalid Sun Apr 2 22:42:58 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:45:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), OK, I'll be gentle. This is not new information. > and > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. The 'why' isn't going to be answered. The observation will be addressed. SC has several different kinds of behaviors when it fails to notify for a spamvertised url. One behavior is that it will 'deobfuscate' the url, but it will decline to try to resolve it to an IP. Naturally that results in no notify. Another behavior is that after deobfuscation, it will try to resolve the url, but will fail. Of course, sometimes it will deobfuscate, choose to resolve, succeed in resolving, and then may or may not be able to derive a notify address. This can result in a devnull. The 'ultimate' is that the url is deobfuscated, resolved, and the notify address is derived and provided as available to be notified -- or, the derived address may have chosen to refuse munged reports, which presents the reporter with the option to unmunge or to not notify. The notify should be considered to be a courtesy of the parser and the reporter. > says "Finding Links in Message Body" - "No > Links Found." This is frustrating because I am getting at least 20 > of the exact SPAMS daily, only with rotation of the Spamvertised URL. > Here's a small sample list of Spamvertised URL's SpamCop did not > detect... > > http://boei10.akintassle.com > http://vyju35.secaliesin.com > http://raju99.citreato.com > http://tejy59.gointcor.com How you are presenting your 'case' isn't being performed correctly. What you want to do is to show us what spam was being parsed and how SC was parsing it with what result. This can be done by providing the tracking URL for the parsed spam itself. A tracking URL is referred to here as a 'tracker' and the tracker and its environment looks like: Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z911834124zacc768d760cf42bf1285c4ca1f751485z at the top of the parse of any particular spam. And which spam's parse sez what you said: // Finding links in message body no links found // > Is it that I am reporting these wrong? Perhaps, actually 'yes'. There can be a host of problems with the header condition which causes a failure to determine body url/s. Some of these are the fault of the spam, some the fault of the parser, some the fault of the submitter or the submitters mailuser agent. > I log into SpamCop, pasted the > headers, then a line break, then the body of the Spam. I'm not sure about why you are having to perform the operation in that fashion. I suspect that something is awry in how you are accessing the complete headers which ideally should be attached to the raw spam, not usually as two separate operations. > Return-Path: Eek! That is a definite no-no. Do not post spam and spam headers here. This is a discussion group. There is not supposed to be any spam or spam headers posted here. It is completely unnecessary with the system of being able to post a spam tracker as above. The parsing of that spam which you mistakenly posted in your news message indicates that you are handling your spam improperly. Your spam's header says this: > Content-Type: multipart/alternative; > boundary="----------484BA784011A5A1" ... but what you posted was not in the condition of multipart alternative with a boundary. What you pasted in here was a 'rendered' spam, which multiparts had been 'digested' by your mailuser agent's rendering engine. Since you are posting here with OE Outlook Express, it is likely that your mailuser agent is also OE. You are handling your spams improperly with OE. What you should be doing is following the instructions in the faq for how to obtain the message properties with OE, see http://www.spamcop.net/fom-serve/cache/119.html SpamCop FAQ : SpamCop Parsing and Reporting Service : How do I get my email program to reveal the full, unmodified email? : Microsoft products : Outlook Express 4, 5 and 6 - .. except disregard any instructions which involve control-F3 and instead use the instructions which involve File/ Properties or the instructions involving the keyboard using alt-enter. Just for the fun of it, I can 'forge' a spam report which provides a notification of the provider for the spamvertiser like this: http://www.spamcop.net/sc?id=z911955157z303d464f063f40df6c7c13604688bc7cz That tracker is for a different item than the first tracker. In this case, I have 'forged' a spam for experimental and demonstration purposes, not to be reported, but instead to be cancelled, in which I took the rendered spambody which you paste here, and married it to the headers which you pasted here, except that I removed the 'misleading' content type headerline, which doesn't match with the condition of the body. As a result, SC will offer to report the spamvertised link in plaintext. Report Spam to: Re: 201.215.85.36 (Administrator of network where email originates) To: gerencia@vtr.cl (Notes) To: postmaster#vtr.cl@devnull.spamcop.net (Notes) To: lsoto@vtr.cl (Notes) To: dominios@vtr.cl (Notes) Re: http://budashanik.com (Administrator of network hosting website referenced in spam) To: postmaster@xeex.com (Notes) To: info@nrsoftware.com (Notes) To: abuse@nrsoftware.com (Notes) To: noc@xeex.com (Notes) There's a lot of information in this post, so I'll tersely summarize it in another if useful. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 22:49:03 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:50:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: This is a shorter, more direct answer than the windy one. MrBill wrote: > I just started reporting SPAM (I'm relatively new so be gentle), You are not reporting your spam correctly. You are submitting it to the parser incorrectly, not according to instructions. > I am confused as to why SpamCop does not pick up the Spamvertised URL > in most of my SPAMS. SC has some problems with spamvertised URLs, but your particular example is a problem which you are creating, not SC. > It says "Finding Links in Message Body" - "No > Links Found." That's because you are submitting mailheaders which do not match with the condition of the body, because you are submitting a rendered spambody instead of a raw spambody to match the condition of the headers. You didn't pay attention to the faq which instructed you how to submit spams with OE. http://www.spamcop.net/fom-serve/cache/119.html With the mouse: Click the "File" menu Click "Properties" Click the "Details" tab Click "Message Source" Highlight, copy and paste everything from this window (Ctrl-A, Ctrl-C) -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 22:53:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 00:55:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: Jeff G. wrote: > Mike Easter wrote: >> the parser is >> configured to report the originating IP to the news provider, not the >> source provider. > > I think it should report to both. Okey dokey -- that is fine with me, five by five. In case anyone is curious about the old 'five by five' term, it involves old radio transmissions which were rated in terms of signal strength and clarity of transmission, on a scale of 1-5. So five by five was strong and crystal clear. It's like saying "I'm reading you, loud and clear." -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Apr 2 23:24:38 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 01:25:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike Easter wrote: > This is a shorter, more direct answer than the windy one. BTW, for me, the windy answer is very very quick. The short direct terse or succinct answer takes me much more time than the long drawn out windy answer which flows freely and easily as I go along trying to figure out where I am going. It isn't until all of that is done that I can begin to 'analyze' that the answer to the original question wasn't what was expected when I started answering. If you think I should figure out where I'm going to end up before I start, you're crazy. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Mon Apr 3 00:02:59 2006 From: nobody at spamcop.net (RandallW) Date: Mon Apr 3 02:05:03 2006 Subject: [SpamCop-List] *sniff* another personal tragedy for a 419'er Message-ID: http://www.spamcop.net/sc?id=z911994022z4be8cef662b2005feb62684b86aa2ecbz Her mother died two hours after she gave 'bet' to her. From dtbteong at streamyx.com Mon Apr 3 15:23:51 2006 From: dtbteong at streamyx.com (Daniel) Date: Mon Apr 3 02:25:03 2006 Subject: [SpamCop-List] Blocked email access Message-ID: Recently my domain which was hosted in US was blocked due to report that spamming comes from my hosting server. The issue is only some user experience the blocking. How could this be ? Btw does every domain registered for spamcop ? Thanks Regards Daniel From l18hyuk02 at sneakemail.com Mon Apr 3 11:11:55 2006 From: l18hyuk02 at sneakemail.com (Roman) Date: Mon Apr 3 04:15:03 2006 Subject: [SpamCop-List] Tool to report phishing scam emails Message-ID: Hello Castlecops created a new tool to report phishing scam emails, they use it in trying to shutdown the phishing websites. http://castlecops.com/pirt I thought it might be useful for Spamcop reporters, altough I have not used it myself yet. Regards Roman From abuse at whathostingshould.be Mon Apr 3 06:27:43 2006 From: abuse at whathostingshould.be (Galen) Date: Mon Apr 3 05:30:13 2006 Subject: [SpamCop-List] Re: I'm not sure if you all remember the last post... References: Message-ID: > UMMMM,,, actually the stats are worse than you think, 4/12 is a Third, > (33.3%) not a Quarter. See? Now you can tell what they're doing to me. ;) You'd think I'd be able to do simple math but I'm pretty sure dealing with abuse has just about killed all of my brain cells. Actually we've started a new policy. Anyone who orders the inexpensive hosting package with a non-verified account we will call and confirm the order. It has come to our attention (thanks to the fraud team with PayPal) that the telephone numbers used aren't real and that's the most often faked information when the CC information is real. No answer, no service. No person there by that name, no service. No one there that speaks English, no refund. (The site is in English and not exactly easy to translate with an online translation service.) As for this guy we opted to not risk any problems and the subscription was canceled and refunded. I felt icky while doing that but it was for the best. Danged ethics. We provided no service for this payment (the other subscription is still in effect) and feel that it would be improper to keep the funds regardless of prior abuse. Ah well... On that note, I am finally *hopefully* going to get some sleep. Thanks for the catch. ;) Galen -- http://www.whathostingshould.be - We are what hosting SHOULD be. From newandrew at rump.dk Mon Apr 3 12:15:46 2006 From: newandrew at rump.dk (Andrew Engels Rump (formerly Leif Andrew Rump)) Date: Mon Apr 3 07:20:03 2006 Subject: [SpamCop-List] Re: Spamcop Web Service? References: Message-ID: After drinking 3 Pan Galactic Gargle Blasters, Neo Geshel mumbled in news:e0i7bq$dt2$1@news.spamcop.net: > Anonymous wrote: >> Neo Geshel wrote... >>> Is there a web service that I can connect to in terms of spam >>> reporti ng? What about spam submission? If there is nothing >>> now, will there be on e made available in the future? A XML-interface would be great! >>> I am looking to roll my own implementation of the ???report spa >>> m??? pages, to make them much more performance-orientated and cut >>> out features th at I have no need nor interest for. Additionally, >>> I would love to implem ent it as an AJAX app on my own server. >>> The problem is, the only way of reliably doing it without a web >>> servi ce is via screen-scraping, which breaks every time a >>> significant change to the reporting process is implemented. I >>> would rather not do it via screen scraping, so I am curious if >>> a web service is or will be available for members. It would be great - and it is great! I have build a system which does excactly what you describe - and yes it does break, when new features are introduced and changes made - but that actually doesn't happen that often! You need to use a module/system which is HTML "object" aware, which breaks the HTML up in pieces, e.g., the button: text, name, value, etc. I've made it as in inline browser in an application, i.e., it looks like a browser and acts like a browser, but does much more behind the scene! >> I am just a user, not an admin, but I would guess that Spamcop >> wishes to retain full control of what gets reported and what the >> reporter sees while doing it, and that avoiding false reports is >> a lot more important than "performance" (which I assume means >> "report many spams very quickly"). You are right. My system could easily be abused to report everything on sight but used correctly - which I think I do by running it in either Learn or Unattended mode. When in Learn mode I click on the checkboxes which need to be notified when the system doesn't recognize a spam and the system records the URL's, reporting addresses and my actions. When in Unattended more it just repeats my actions if the same spam reappears in my SpamCop reporting queue. Anything which does not look like something the system has been taught is discarded, i.e., cancelled. This of course will not report that many spammails because most of them differ in one way or another, e.g., a random change in the URL arguments, but I have implemented regular expression so I am able to catch any similar URL's. This just works wonders! >> I went through the same thinking at first, because I get a lot of >> spam and no (almost no?) ham on one address and would like to >> bulk-report it, but I came to realize that spamcop has spamtraps >> that do exactly that without the risk of a false report that I >> would be causing if I bu lk reported or even sped up my reporting >> and spent less time eying each spam. I decided that the best way >> for me to contribute my effort is to report the very freshest >> spam that I see, and to take the time to verif y that every >> report I send is a report of real spam. I think Spamcop needs >> quality a lot more than it needs quantity; they can get more >> spam any time they wish by setting up more spamtraps. The "problem" with the spamtraps is that only the abused mail gateway are reported but not the website URLs. When I have verified the first spam and tought the system I don't want to recheck the URLs again and again! I just want to report it! > The point is, I do all of my spam ???submission??? through a > program called MailWasher. That is the easy part. However, the > next step is to visit the site and click on the ???unreported > spam saved??? link. I catch spam through about 20 separate e-mail > accounts, which can amount to a rather large amount of spam per > day. Same here - several hundred a day - when I am lucky!!! When I am unlucky there may be several thousands!!! > What I *don???t* need, is all of the superfluous information and > extra text boxes that the on-site spam reporting methods provide > the end user with. All I really need is the two or three lines > showing the content of the spam (which also asks the user to make > sure it really is spam), the list of e-mail addys that it will > report to, and the ???submit report??? button. I don???t need the > (often) 200+ lines of detailed spam-parsing info (which still > comes up, even if you turn it off in the options), nor do I need > any of the form textareas that allow you to add additional > comments to the outgoing spam reports. And finally, I do not need > the summary page that shows me where reports were sent - I would > rather the page just default to the next piece of unreported spam > in the queue. A XML stream would allow you (and everybody else) to show whatever you want. > The only way I know around this is by customizing my own spam > reporting pages (which would be hosted on my own server), that > would screen scrape for any ???unreported spam saved??? links on > the submission page, and parse those pages for *only* the basic > information that I need. The easiest way would be via a web > service making use of SOAP or XMLHTTP. The other option would be > screen scraping, which would break whenever the layout of the > critical content that is being searched for changes. If only a XML interface was implemented all your (and my) prayers will be answered! But this will open up for abuse of the system, so I think this will be in our dreams! :-( Andrew -- *** The opinions expressed are not necessarily those of my employer. *** * Software Engineer Andrew Engels Rump * BLIK og ROERarbejderforbundet * * Immerkaer 42, 2650 Hvidovre * Tlf: +45 3638 3638, Fax: +45 3638 3639 * Home: N55?41'38.9" E12?29'08.6" (WGS 84) Work: N55?39'50.9" E12?27'47.4" E-mail: mailto:newandrew@rump.dk WWW http://www.rump.dk/homepage/andrew/ From nobody at devnull.spamcop.net Mon Apr 3 08:48:45 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 3 08:50:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: "Mike Easter" wrote in message news:e0q94i$v6d$1@news.spamcop.net... > MrBill wrote: > > I just started reporting SPAM (I'm relatively new so be gentle), > > > I log into SpamCop, pasted the > > headers, then a line break, then the body of the Spam. > > I'm not sure about why you are having to perform the operation in that > fashion. I suspect that something is awry in how you are accessing the > complete headers which ideally should be attached to the raw spam, not > usually as two separate operations. > > The parsing of that spam which you mistakenly posted in your news > message indicates that you are handling your spam improperly. > > Your spam's header says this: > > > Content-Type: multipart/alternative; > > boundary="----------484BA784011A5A1" > > ... but what you posted was not in the condition of multipart > alternative with a boundary. What you pasted in here was a 'rendered' > spam, which multiparts had been 'digested' by your mailuser agent's > rendering engine. > > Since you are posting here with OE Outlook Express, it is likely that > your mailuser agent is also OE. I'm not sure why you jump to that conclusion. The missing boundary lines, the separate steps described, etc. seem to suggest to me that a version of Outlook is probably in uise.... noting that Outlook looks to Outlook Express as its default newsreader ... From MikeE at ster.invalid Mon Apr 3 07:28:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 09:30:02 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: WazoO wrote: > "Mike Easter" > I'm not sure why you jump to that conclusion. The missing boundary > lines, the separate steps described, etc. seem to suggest to me that > a version of Outlook is probably in uise.... noting that Outlook looks > to Outlook Express as its default newsreader ... You may be right, OL would give that result as well if not submitted to the OL/Eudora webparser. But there are a lot more OE users than OL users, so it comes down to which mistake is more likely; whether it is the much more prevalent OE user mistakenly rendering their spam and copying the rendered version in the manner which is described by my provider for submitting a spam to report^1 or an OL user submitting their rendered spam into the wrong webparser interface. I think I'm going to bet on OE instead of OL for my first guess, because of the proportions of OE users to OL users, and OL using the wrong parser interface for my second guess. ^1 In order to copy a link for illustrating EL's foolish instructions, I just went to EL's page which used to describe copying the headers separately from copying the rendered body for OE and then mailing it to junkmail, and that section now provides a web interface for the submission and describes proper copying from the source for OE. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Mon Apr 3 07:33:50 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 09:35:02 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: Roman wrote: > Castlecops created a new tool to report phishing scam emails, they use > it in trying to shutdown the phishing websites. > > http://castlecops.com/pirt Besides the webform, they also accept emailed phish http://wiki.castlecops.com/PIRT email to {pirt (AT) castlecops (DOT) com}. -- Mike Easter kibitzer, not SC admin From Contact at powermaster.cc Mon Apr 3 11:20:53 2006 From: Contact at powermaster.cc (Powermater) Date: Mon Apr 3 10:25:02 2006 Subject: [SpamCop-List] Spamcop thunderbird Message-ID: What is the best way to send reports to spamcop with thunderbird? As attachment or inline? From nobody at devnull.spamcop.net Mon Apr 3 10:52:24 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Apr 3 10:55:03 2006 Subject: [SpamCop-List] Re: Spamcop thunderbird References: Message-ID: "Powermater" wrote in message news:e0rb0g$lbl$1@news.spamcop.net... > What is the best way to send reports to spamcop with thunderbird? As > attachment or inline? One answer; How to use Thunderbird to report multiple emails One users step by step example http://forum.spamcop.net/forums/index.php?showtopic=5307 From MikeE at ster.invalid Mon Apr 3 09:05:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 11:10:02 2006 Subject: [SpamCop-List] Re: Spamcop thunderbird References: Message-ID: Powermater wrote: > What is the best way to send reports to spamcop with thunderbird? As > attachment or inline? Forward as attachment -- R click on selected item or clump of items and select forward as attachment -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 09:45:49 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 11:50:03 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: Geoffrey Hyde wrote... > > "D-W-S" wrote... > >>> I "top post" mostly when I'm discussing a URL as the first point of >>> interest in a reply I'm making. Call it what you will, but it makes >>> perfect sense to me, and as long as my email client permits me to do >>> it that way I'll do it that way. >> >> Yet another "screw your logic and I'll post how I like even if it makes >> it difficult for others to find out what the hell I'm on about" message. > > Whatever. *plonk* > > BTW I thought you or someone else had already plonked me long ago? Sheesh > the things you remember on the spur of the moment. I tend to killfile top-posters without telling them, and I know that I am not alone. May I gently suggest that you reconsider your policy of doing something that many people hate just because doing so makes sense to you? From nobody at devnull.spamcop.net Mon Apr 3 10:17:17 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 12:20:02 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: Message-ID: Marc W. Mengel wrote... > Anonymous wrote: >> >>>Who said we don't require confirmed opt-in, by the way? >> >> I direct your attention to >> http://www.cluelessmailers.org/info/listmanagement.html >> and http://www.mail-abuse.com/an_listmgntgdlines.html >> where you will see >> >> "If the confirmation is not returned to you from the submitted >> address, or the unique token is not present or does not match, >> then the subscription process should be aborted, and no further >> email should be sent to the submitted address" >> >> The spamtrap didn't return a confirmation, so it shouldn't be on >> your mailing list. You say that it is, so you cannot possibly be >> requiring confirmed opt-in. >> >> Either the spamtraps have suddenly became AIs that answer emails, >> or you send emails to addresses that failed to send a confirmation >> reply opting in. There are no other possibilities. > > Actually, it turns out some of our moderated lists send a "your message > has been forwarded to the moderator" message, and that's what has > been tripping spamcop's spamtraps. So you are saying that it's OK if your moderated lists send "your message has been forwarded to the moderator" messages to innocent victims who never sent a message to you? > Sure, it's worse odds than winning the lottery. But someone did win > the lottery yesterday. And a spamtrap address that looks random to an > english speaker may not look nearly as random to someone from Russia, or > China, or ... Now you are grasping at straws. You have a bunch of "subscribers" that were gathered by a spambot from webpages, and we both know it. You aren't fooling anyone. Unless those who hide spamtraps are idiots (and the lack of any of spamcop's many enemies subscribing the spamtraps to confirmed opt-in mailing lists tells me that they are not), the chances are a *lot* worse than the chances of winning the lottery. You are sending emails to large numbers of email addresses that somebody scraped off of the web, and we both know it. You (and everyone else) has utterly failed to describe a way to gather the addresses of the spamtraps without gathering many more addresses of humans, with no way to know which is which. Stop sending email to those who didn't ask for it. -- G.M. From nobody at devnull.spamcop.net Mon Apr 3 10:17:20 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 12:20:08 2006 Subject: [SpamCop-List] Re: "Victim" of Spam-Trap Addresses References: <200603291345.1foFFE5lR3Nl3pM1@kendall.mail.mindspring.net> Message-ID: Marc W. Mengel wrote... > So apparently the issue is that some of our listserv lists are configured > as "moderated", which sends a response to the sender of the form "your > posting has been sent to a moderator..." If the above was true you would never be listed. The issue is that some of our listserv lists send responses to email addresses that are *not* senders of email to you, but are instead spamtraps that never subscribed in the first place and that never send any email of any kind. You seem supremely resistant to any suggestion that you stop sending email to addresses that never asked for your email, and as long as you refuse to do that, your email will be blocked by those who don't want your email. Actions have consequences. > Sure. But they shouldn't have to. I should be able to find out what > sort of crud is getting though our gateway so I can stop it. Yes. You should be able to do that. Alas, that isn't what you are asking for here. You are asking to be able to find that small subset of the crud you send that hits the spamtraps of one particular blocklist without doing anything about the crud you send that hits humans. > I was trying to point out that the automated system, as it stands, does > not provide the information that is needed to help discover the cause > of a problem, or to fix it, You have been told how to fix it again and again. Would you like me to give you the URLs for a fourth time? > and that simply listing someone without telling them why is not helpful. I find it to be very helpful indeed. It stops people like you (that is to say, people who send email to those who don't want it) from sending email to me, and it stops people like you from cleaning the spamtraps off of their mailing lists while keeping my email address on the lists. > However, I was also genuinely hoping someone here had a constructive > suggestion (other than "make your list confirmed opt-in" And I was genuinely hoping someone here had a constructive suggestion for losing weight (other than "eat less and exercise more"). I got over my disapointment and started hitting the gym three times a week. I suggest that yoou get over your disapointment and make your list confirmed opt-in. Or keep getting on blocklists. Those are your only choices. > Of course I realize people are skeptical of list-washing. The problem is > the assumption that "you must be a spammer or you wouldn't be here", > which is really downright offensive. You send email to email addresses that never asked for your email. Lots of it. You refuse to stop. You send email to email addresses that were harvested from webpages by a spambot. Lots of it. You refuse to stop. Explain in what way you differ from a spammer. -- G.M. From nobody at spamcop.net Mon Apr 3 10:41:05 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 12:45:03 2006 Subject: [SpamCop-List] Re: *sniff* another personal tragedy for a 419'er References: Message-ID: <14kzv2ym6dy1.dlg@news.spamcop.net> On Sun, 2 Apr 2006 23:02:59 -0700, RandallW wrote: > http://www.spamcop.net/sc?id=z911994022z4be8cef662b2005feb62684b86aa2ecbz > > Her mother died two hours after she gave 'bet' to her. Gosh! I thought it was well-known that 'bet' has some serious, even fatal side effects, and, thus, should only be given to someone under the close supervision of a licensed veterinarian! -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Mon Apr 3 10:45:47 2006 From: nobody at spamcop.net (N. Miller) Date: Mon Apr 3 12:50:03 2006 Subject: [SpamCop-List] Re: Blocked email access References: Message-ID: On Mon, 3 Apr 2006 14:23:51 +0800, Daniel wrote: > Recently my domain which was hosted in US was blocked due to report that > spamming comes from my hosting server. The issue is only some user > experience the blocking. How could this be ? Btw does every domain > registered for spamcop ? Thanks SpamCop does not list domains. SpamCop lists IP addresses. It would help to know which IP address was blocked. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From dave.topping at spamcop.net Mon Apr 3 18:54:29 2006 From: dave.topping at spamcop.net (Dave Topping) Date: Mon Apr 3 12:55:04 2006 Subject: [SpamCop-List] Re: Redirecting spamcop complaints to submission address? References: Message-ID: "Jeff G." wrote in message news:e0pkql$kho$1@news.spamcop.net... > Dave Topping wrote: >> Some of the email accounts I have are Horde based, which only appears >> to offer a REDIRECT instead of forward as attachement option. >> >> Is it possible to configure my spamcop account to accept any and all >> email sent to the submit address for prossessing? > > Yes, you can use a Horde REDIRECT to redirect spam messages to your > Spamcop Email System Account, and then Report as normal from there. You > can also ask your other MSPs (Mail Service Providers) to provide a > "forward as attachment" or "forward inline" capability that includes all > of the Header Lines. > > -- > Best Regards, Jeff G. > http://forum.spamcop.net/forums/index.php?act=findpost&pid=37585 > Thank you! From wb8tyw at qsl.network Mon Apr 3 13:42:59 2006 From: wb8tyw at qsl.network (John E. Malmberg) Date: Mon Apr 3 13:45:03 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: In article , "Mike Easter" writes: > Jeff G. wrote: >> Mike Easter wrote: >>> the parser is >>> configured to report the originating IP to the news provider, not the >>> source provider. >> >> I think it should report to both. > > Okey dokey -- that is fine with me, five by five. Previous discussions on one of the spamcop newsgroups indicated that it was trivial for some spammers to fake or hide the originating IP, and that is why the spamcop.net parser ignores it. Someone who knows more about nntp than I do would have a better idea. -John wb8tyw@qsl.network Personal Opinion Only From DougThegarden at invalid.com Mon Apr 3 19:52:16 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon Apr 3 13:55:03 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails In-Reply-To: References: Message-ID: Roman wrote: > Hello > > Castlecops created a new tool to report phishing scam emails, they use > it in trying to shutdown the phishing websites. > > http://castlecops.com/pirt > > I thought it might be useful for Spamcop reporters, altough I have not > used it myself yet. > I've been using Netcraft for some time now and very well it works too. Comes with a very nice toolbar that gives you lots of useful information about the domain you are on such as host and hosting location, first registration date etc that is useful beyond phishing alone. http://toolbar.netcraft.com/ Doug From MikeE at ster.invalid Mon Apr 3 11:58:05 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 14:00:02 2006 Subject: [SpamCop-List] Re: JAPONESAS References: Message-ID: John E. Malmberg wrote: > Previous discussions on one of the spamcop newsgroups indicated that > it was trivial for some spammers to fake or hide the originating IP, and > that is why the spamcop.net parser ignores it. > > Someone who knows more about nntp than I do would have a better idea. No, it is difficult to 'forge' [fake or hide] the originating IP on a system like news.spamcop.net which puts an NNTP-Posting-Host line representing the IP which connected with the newsserver. The most common IP 'abuse' of the SC newsserver is the occasional troll spoofing other regulars' handles and abusing an open proxy for connecting to the newsserver. As a general rule, problem usenet newsgroup posters /are/ difficult to track, for one reason or another. The most common problem is that there isn't an NNTP posting host line information by configuration choice of the newsserver for the message's posting. The next most common problem is that there is often forgery in the Path line. The next most common problem is that the post can be made by anonymous remailers. Then next comes the anonymity of using or abusing an open proxy, or of using a 'paid' proxy service. -- Mike Easter kibitzer, not SC admin From brotherjonah at adelphia.net Mon Apr 3 12:50:30 2006 From: brotherjonah at adelphia.net (jonah) Date: Mon Apr 3 14:05:03 2006 Subject: [SpamCop-List] what a bunch of fascist crap Message-ID: i sent an email to a merchant asking for information about a specific bb gun. And got a bullshit answer that my email had been blocked even though i have never spammed anybody. ironically, the company to whom the mail was directed are blacklisted by other freedom limiting bullshit fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi mentality. To the maintainers of these pig organizations : fuck you in your storm trooper asses. on the other hand that is probably something you coward Nazi fucks enjoy. From DougThegarden at invalid.com Mon Apr 3 20:02:59 2006 From: DougThegarden at invalid.com (Doug Thegarden) Date: Mon Apr 3 14:05:07 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails In-Reply-To: References: Message-ID: Doug Thegarden wrote: > Roman wrote: >> Hello >> >> Castlecops created a new tool to report phishing scam emails, they use >> it in trying to shutdown the phishing websites. >> >> http://castlecops.com/pirt >> >> I thought it might be useful for Spamcop reporters, altough I have not >> used it myself yet. >> > > I've been using Netcraft for some time now and very well it works too. > Interesting, the top reporter on the Netcraft leaderboard is user CastleCops. http://toolbar.netcraft.com/stats/reporters. Netcraft offers an iPod or equivalent for the top reporter. I do hope Castlecops are not misusing reports sent to them to generate a few freebies for themselves. That would be a bit naughty Doug From Merlyn at Spamcop.net Mon Apr 3 15:13:01 2006 From: Merlyn at Spamcop.net (Merlyn) Date: Mon Apr 3 14:15:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote in message news:e0rnuj$tkf$1@news.spamcop.net... >i sent an email to a merchant asking for information about a specific bb >gun. And got a bullshit answer that my email had been blocked even though i >have never spammed anybody. Hahahahahaha Wait,,, I can't stop laughing....... > ironically, the company to whom the mail was directed are blacklisted by > other freedom limiting bullshit fascist pig sites as CyberPatrol, > CyberNanny and others of like Nazi mentality. Hahahahahaha Ok,,, I will stop laughing....... > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. Hahahahahaha Ok,,, give me a second, I will stop....... > on the other hand that is probably something you coward Nazi fucks enjoy. I lied! Hahahahahaha -- Regards, Merlyn A Spamcop advocate No emails this account is for newsgroups only People demand freedom of speech to make up for the freedom of thought which they avoided From tmcgraw at spamcop.net Mon Apr 3 12:41:12 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Apr 3 14:45:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jonah wrote: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. Thank you for sharing, and we hope your visit to the Internet has been memorable. From MikeE at ster.invalid Mon Apr 3 13:14:28 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 15:15:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: jonah wrote: > my email had been blocked even > though i have never spammed anybody. If you would like to find out what caused that you should give the IP address which was blocked. An IP address looks like 68.168.78.104 At the present time, I don't know of any adelphia servers which are spamcop blocklisted. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Apr 3 16:25:58 2006 From: nobody at devnull.spamcop.net (POP) Date: Mon Apr 3 15:30:02 2006 Subject: [SpamCop-List] Re: Joe jobs - was Re: Victim of Spam-Trap addresses... References: Message-ID: OK, plonk me; I don't want your responses anyway and they'd use less real estate that way. "Anonymous" wrote in message news:e0rfve$o6l$1@news.spamcop.net... > > Geoffrey Hyde wrote... >> >> "D-W-S" wrote... >> >>>> I "top post" mostly when I'm discussing a URL as the first >>>> point of >>>> interest in a reply I'm making. Call it what you will, but >>>> it makes >>>> perfect sense to me, and as long as my email client permits >>>> me to do >>>> it that way I'll do it that way. >>> >>> Yet another "screw your logic and I'll post how I like even >>> if it makes >>> it difficult for others to find out what the hell I'm on >>> about" message. >> >> Whatever. *plonk* >> >> BTW I thought you or someone else had already plonked me long >> ago? Sheesh the things you remember on the spur of the >> moment. > > I tend to killfile top-posters without telling them, and I know > that I am > not alone. May I gently suggest that you reconsider your > policy of doing > something that many people hate just because doing so makes > sense to you? > > > From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 15:30:10 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 15:35:02 2006 Subject: [SpamCop-List] Re: Tool to report phishing scam emails References: Message-ID: <443177C2.A4C7454D@SpamCop.devnull.diespammerdie.net> Doug Thegarden wrote: > > Roman wrote: > > Hello > > > > Castlecops created a new tool to report phishing scam emails, they use > > it in trying to shutdown the phishing websites. > > > > http://castlecops.com/pirt > > > > I thought it might be useful for Spamcop reporters, altough I have not > > used it myself yet. > > > > I've been using Netcraft for some time now and very well it works too. Doug, Roman, Thanks for the info. I use Netcraft, too, although just for phish reporting -- have a couple of hits on previously-unreporting phishing URL's to my credit, although their real champions have dozens, scores. Netcraft also has a current story, dated last Monday, about a new criminal phishing exploit against three banking websites belonging to banks in northern Florida. They actually got into the banks' websites and were able to redirect customers to a spoof page. A guy I know does Net security professionally, and he's been telling me for a couple of years to stay away from online banking/investing, to do it the old way, with letters and check redemptions and signature guarantees signed by my banker. He also warns against WAN's and LAN's, although I think he's okay with PAN's because of their small footprint (although a couple of Israeli security consultants did manage, a couple of years ago, to pull the first Bluetooth spoof ever, on a subway car, getting close enough to a Bluetooth-enabled PDA to do an interrupt and hijack the PDA session). Regards, Michael From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 15:42:59 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 15:45:03 2006 Subject: [SpamCop-List] Whiffenpoof Trojan Distributor Message-ID: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Could I get an opinion on this? I received a UCE spam with no sender last night. The attachment, a zipped file, contained a Trojan downloader app rated a "modest" threat by Trend Micro, called by Grisoft AVG "Trojan horse Downloader.Generic.UEQ". I thought about it and decided there was a possiblity that this wasn't just a virus e-mail spewed by an infected machine, because the Reply-to was another address at my ISP. What are the odds? I submitted the spam (w/o attachment) and got this report, which I cancelled after further thought: http://www.spamcop.net/sc?id=z912130175zf4e02f616bf705d9039da6a81bf6b1c9z The parser identified the sender as a computer in Burma, Re: 202.185.73.78 (Administrator of network where email originates) ng@cc.um.edu.my which lengthened the odds again in favor of a deliberate attempt by a spammer (Ruslan Ibragimov came to mind as a proliferator) to propagate Trojans to my ISP's subscribers for some reason. I decided on a manual LART to the owner of the Burmese computer and sent it off, and I got this: "Failed to deliver to 'ng@cc.um.edu.my' SMTP module(domain @206.180.145.133:cc.um.edu.my) reports: umcsd.um.edu.my: no DNS A-data returned" Now I'm very puzzled. What is going on here? How could SpamCop report a working address on an IP they just parsed, only to have a mail to that address rejected as (apparently) nonexistent? Just wondering, Michael From Contact at powermaster.cc Mon Apr 3 17:03:29 2006 From: Contact at powermaster.cc (Powermater) Date: Mon Apr 3 16:05:02 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: jonah wrote: > i sent an email to a merchant asking for information about a specific bb > gun. And got a bullshit answer that my email had been blocked even > though i have never spammed anybody. ironically, the company to whom the > mail was directed are blacklisted by other freedom limiting bullshit > fascist pig sites as CyberPatrol, CyberNanny and others of like Nazi > mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. > sounds like a spammer to me. From MikeE at ster.invalid Mon Apr 3 14:12:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 16:15:04 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > I received a UCE spam with no sender last night. The attachment, a > zipped file, contained a Trojan downloader app rated a "modest" threat > by Trend Micro, called by Grisoft AVG "Trojan horse > Downloader.Generic.UEQ". Plain ol' vanilla run-of-the mill propagation. Nothing mysterious. > I thought about it and decided there was a possiblity that this wasn't > just a virus e-mail spewed by an infected machine, There you go, thinking again. I don't know why you would think of unicorns when you hear hoofbeats. > because the > Reply-to was another address at my ISP. That means nothing. > What are the odds? Excellent odds. 1 -- or 100% -- or something less than 1 or 100%. That is, there is nothing unusual about a propagation being so configured. The Reply-To can be derived any old way the gizmo is configured. > I > submitted the spam (w/o attachment) and got this report, which I > cancelled after further thought: And what was that thinking about ? > The parser identified the sender as a computer in Burma, > Re: 202.185.73.78 (Administrator of network where email originates) Correct. > ng@cc.um.edu.my Not correct. That is an old address for the notify for the provider. But the provider's notify is now something else inetnum: 202.184.0.0 - 202.185.255.255 netname: JARING-MY descr: Technology Park Malaysia trouble: send spam and abuse reports trouble: to abuse@jaring.my So, I refreshed the SC cache and now it sez something else for 202.185.73.78 Parsing input: 202.185.73.78 Reporting addresses: postmaster@jaring.my abuse@jaring.my > which lengthened the odds again in favor of a deliberate attempt by a > spammer (Ruslan Ibragimov came to mind as a proliferator) to propagate > Trojans to my ISP's subscribers for some reason. Balderdash. I don't know why some people are always thinking they are being selectively targetted by viral propagations. The way viruses work is that they are able to get addresses from all kinds of places. Don't sit around thinking they are 'normally' sent to people in the addressbook of the propagator. You don't have to have any connection to the propagator box at all. > I decided on a > manual LART to the owner of the Burmese computer and sent it off, and > I got this: The address SC gives you is the apnic contact derived provider notify addy, not the email addy of the IP's owner. > "Failed to deliver to 'ng@cc.um.edu.my' > SMTP module(domain @206.180.145.133:cc.um.edu.my) reports: > umcsd.um.edu.my: no DNS A-data returned" Mail for cc.um.edu.my is handled by umcsd.um.edu.my dns umcsd.um.edu.my No DNS for this address (host doesn't exist) So, the problem is that the hostname's MX went away, so that old addy is NG for ng :-) where the first NG means 'no good' > Now I'm very puzzled. What is going on here? How could SpamCop > report a working address on an IP they just parsed, only to have a > mail to that address rejected as (apparently) nonexistent? SC doesn't report a 'working address'. SC gives you the derived contact for the source provider. In this case, that contact was derived from a stale cache, which has now been refreshed and gives a different result. -- Mike Easter kibitzer, not SC admin From notavalidemail at theabyss123.com Mon Apr 3 17:17:12 2006 From: notavalidemail at theabyss123.com (MrBill) Date: Mon Apr 3 16:20:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: Mike, I read your "windy answer," and quickly determined my problem was "operator error" in how The Bat v3 handles the headers. Saving the message in its original form then pasting the info into SC worked like a charm. Wind or no wind, I thank you very much for your time and assistance. Bill "Mike Easter" wrote in message news:e0qbil$13h$1@news.spamcop.net... > Mike Easter wrote: >> This is a shorter, more direct answer than the windy one. > > BTW, for me, the windy answer is very very quick. The short direct > terse or succinct answer takes me much more time than the long drawn out > windy answer which flows freely and easily as I go along trying to > figure out where I am going. It isn't until all of that is done that I > can begin to 'analyze' that the answer to the original question wasn't > what was expected when I started answering. > > If you think I should figure out where I'm going to end up before I > start, you're crazy. > > > -- > Mike Easter > kibitzer, not SC admin > From MikeE at ster.invalid Mon Apr 3 14:35:10 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Apr 3 16:40:03 2006 Subject: [SpamCop-List] Re: SpamCop Not Identifying Spamvertised URLs References: Message-ID: MrBill wrote: > I read your "windy answer," and quickly determined my problem was > "operator error" in how The Bat v3 handles the headers. Saving the > message in its original form then pasting the info into SC worked > like a charm. Good. SC has some faq info for using the Bat to submit, two older versions at http://www.spamcop.net/fom-serve/cache/228.html So, if neither of those is correct, you might want to mention it. -- Mike Easter kibitzer, not SC admin From kenbrody at spamcop.net Mon Apr 3 17:53:03 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Apr 3 16:55:03 2006 Subject: [SpamCop-List] SpamAssassin score of 68.6! Message-ID: <44318B2F.C8B07486@spamcop.net> So, has SpamAssassin gotten better at finding pump-and-dump spam, or have the pump-and-dumpers gotten "better" at hitting SpamAssassin traps? Typically, I get less than one apsm a week which rates higher than 50 on the SpamAssassin scale, and those are almost always in BIG5 text. But, this past weekend, I have about 10 spams -- all pump-and-dump stock scams -- which are over 50, and the highest (so far) scored 68.6 on the SA meter. (See "Stock Maven Newsletter -- SpamAssassin score of 68.6" in the .spam group.) -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From gezgin at spamcop.net Tue Apr 4 01:08:34 2006 From: gezgin at spamcop.net (gezgin) Date: Mon Apr 3 17:10:04 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote in message news:e0rnuj$tkf$1@news.spamcop.net... >i sent an email to a merchant asking for information about a specific bb Boy, you lost that argument the moment you opened your mouth. http://en.wikipedia.org/wiki/Godwin's_law -- Bob http://www.kanyak.com From Nobody at SpamCop.devnull.diespammerdie.net Mon Apr 3 17:18:52 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Mon Apr 3 17:20:02 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> Message-ID: <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Michael Brennan wrote: > > > I received a UCE spam with no sender last night. > > > The parser identified the sender as a computer in Burma, > > > Re: 202.185.73.78 (Administrator of network where email originates) > > Correct. > > > ng@cc.um.edu.my > > Not correct. That is an old address for the notify for the provider. > But the provider's notify is now something else > > I don't know why some people are always thinking they are > being selectively targetted by viral propagations. If it's viral, of course not. Operative word, "if". I get a few viral propagations and don't bother about them if they look like normal viral sends. The question here was whether it was a viral propagation, or a spammer propagation, through a proxy, of a Trojanizing downloader, targeting a specific ISP's subscribers for some unknown reason. If the former, I don't bother with SpamCop. If the latter, it's fair game on a foul, metastasizing spammer. I split the difference and tried to see where it came from first, before deciding. I eventually decided it was viral, cancelled the report, and then had second thoughts, hence the question to the newsgroup. > Don't sit around thinking they are 'normally' sent to people in the > addressbook of the propagator. You don't have to have any connection to > the propagator box at all. If the propagator isn't a virm but a person, then they might have a purpose and a target in mind. The identity of the addee's and Reply-to's URL was suspicious, to me, of an intention beyond viral randomness. > > dns umcsd.um.edu.my > No DNS for this address > (host doesn't exist) > > So, the problem is that the hostname's MX went away, so that old addy is > NG for ng :-) where the first NG means 'no good' > > > Now I'm very puzzled. What is going on here? How could SpamCop > > report a working address on an IP they just parsed, only to have a > > mail to that address rejected as (apparently) nonexistent? > > SC doesn't report a 'working address'. SC gives you the derived contact > for the source provider. In this case, that contact was derived from a > stale cache, which has now been refreshed and gives a different result. > Thanks for the update, I'll try a manual lart to the refreshed contact address to see if they can do something about their compromised subscriber -- thanks for correcting Mr. ng's NG addy in the ng. Michael From bar_n0ne at hotmail.com Mon Apr 3 17:29:31 2006 From: bar_n0ne at hotmail.com (Berny) Date: Mon Apr 3 17:30:03 2006 Subject: [SpamCop-List] Re: Whiffenpoof Trojan Distributor References: <44317AC3.1565160@SpamCop.devnull.diespammerdie.net> <4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:4431913C.F65C09C3@SpamCop.devnull.diespammerdie.net... > The question here was whether it was a viral propagation, or a spammer > propagation, through a proxy, of a Trojanizing downloader, targeting a > specific ISP's subscribers for some unknown reason. If the former, I > don't bother with SpamCop. If the latter, it's fair game on a foul, > metastasizing spammer. I split the difference and tried to see where it > came from first, before deciding. I eventually decided it was viral, > cancelled the report, and then had second thoughts, hence the question > to the newsgroup. Nowadays, Viral propagation is engineered exactly like spam propagation and often with the same purpose in mind. Do you think anyone actually sat down and thought about whether to send you (M. Brennan) the latest medz spam? well, no more, or less than those who propagate viruses. Occasionally someone spiteful might do this, but that happens with spam also. Personally I think penis enlargement spams are most often sent out of spite, since among my admittedly statistically meaningless sample, only spam reporters get them any more. If you don't want to LART Viruses, fine, but otherwise they deserve no more or less pondering than any other spam from the standpoint of LARTing. From nobody at devnull.spamcop.net Mon Apr 3 16:54:11 2006 From: nobody at devnull.spamcop.net (Anonymous) Date: Mon Apr 3 18:55:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap References: Message-ID: "jonah" wrote... >i sent an email to a merchant asking for information about a specific bb >gun. And got a bullshit answer that my email had been blocked even though i >have never spammed anybody. ironically, the company to whom the mail was >directed are blacklisted by other freedom limiting bullshit fascist pig >sites as CyberPatrol, CyberNanny and others of like Nazi mentality. > To the maintainers of these pig organizations : fuck you in your storm > trooper asses. on the other hand that is probably something you coward > Nazi fucks enjoy. You swine. You vulgar little maggot. You worthless bag of filth. As we say in Texas, you couldn't pour water out of a boot with instructions printed on the heel. You are a canker, an open wound. I would rather kiss a lawyer than be seen with you. You took your last vacation in the Islets of Langerhans. You're a putrescent mass, a walking vomit. You are a spineless little worm deserving nothing but the profoundest contempt. You are a jerk, a cad, and a weasel. I take that back; you are a festering pustule on a weasel's rump. Your life is a monument to stupidity. You are a stench, a revulsion, a big suck on a sour lemon. I will never get over the embarrassment of belonging to the same species as you. You are a monster, an ogre, a malformity. I barf at the very thought of you. You have all the appeal of a paper cut. Lepers avoid you. You are vile, worthless, less than nothing. You are a weed, a fungus, the dregs of this earth. You are a technicolor yawn. And did I mention that you smell? You are a squeaking rat, a mistake of nature and a heavy-metal bagpipe player. You were not born. You were hatched into an unwilling world that rejects the likes of you. You didn't crawl out of a normal egg, either, but rather a mutant maggot egg rejected by an evil scientist as being below his low standards. Your alleged parents abandoned you at birth and then died of shame in recognition of what they had done to an unsuspecting world. They were a bit late. Try to edit your responses of unnecessary material before attempting to impress us with your insight. The evidence that you are a nincompoop will still be available to readers, but they will be able to access it ever so much more rapidly. If cluelessness were crude oil, your scalp would be crawling with caribou. You are a thick-headed trog. I have seen skeet with more sense than you have. You are a few bricks short of a full load, a few cards short of a full deck, a few bytes short of a full core dump, and a few chromosomes short of a full human. Worse than that, you top-post. God created houseflies, cockroaches, maggots, mosquitos, fleas, ticks, slugs, leeches, and intestinal parasites, then he lowered his standards and made you. I take it back; God didn't make you. You are Satan's spawn. You are Evil beyond comprehension, half-living in the slough of despair. You are the entropy which will claim us all. You are a green-nostriled, crossed eyed, hairy-livered inbred trout-defiler. You make Ebola look good. You are weary, stale, flat and unprofitable. You are grimy, squalid, nasty and profane. You are foul and disgusting. You're a fool, an ignoramus. Monkeys look down on you. Even sheep won't have sex with you. You are unreservedly pathetic, starved for attention, and lost in a land that reality forgot. You are not ANSI compliant and your markup doesn't validate. You have a couple of address lines shorted together. You should be promoted to Engineering Manager. Do you really expect your delusional and incoherent ramblings to be read? Everyone plonked you long ago. Do you fantasize that your tantrums and conniption fits could possibly be worth the $0.000000001 worth of electricity used to send them? Your life is one big W.O.M.B.A.T. and your future doesn't look promising either. We need to trace your bloodline and terminate all siblings and cousins in order to cleanse humanity of your polluted genes. The good news is that no normal human would ever mate with you, so we won't have to go into the sewers in search of your git. You are a waste of flesh. You have no rhythm. You are ridiculous and obnoxious. You are the moral equivalent of a leech. You are a living emptiness, a meaningless void. You are sour and senile. You are a loathsome disease, a drooling inbred cross-eyed toesucker. You make Quakers shout and strike Pentecostals silent. You have a version 1.0 mind in a version 6.12 world. Your mother had to tie a pork chop around your neck just to get your dog to play with you. You think that HTTP://WWW.GUYMACON.COM/FUN/INSULT/INDEX.HTM is the name of a rock band. You believe that P.D.Q. Bach is the greatest composer who ever lived. You prefer L. Ron Hubbard to Larry Niven and Jerry Pournelle. Hee-Haw is too deep for you. You would watch test patterns all day if the other inmates would let you. On a good day you're a half-wit. You remind me of drool. You are deficient in all that lends character. You have the personality of wallpaper. You are dank and filthy. You are asinine and benighted. Spammers look down on you. Phone sex operators hang up on you. Telemarketers refuse to be seen in public with you. You are the source of all unpleasantness. You spread misery and sorrow wherever you go. May you choke on your own foolish opinions. You are a Pusillanimous galactophage and you wear your sister's training bra. Don't bother opening the door when you leave - you should be able to slime your way out underneath. I hope that when you get home your mother runs out from under the porch and bites you. You smarmy lagerlout git. You bloody woofter sod. Bugger off, pillock. You grotty wanking oik artless base-court apple-john. You clouted boggish foot-licking half-twit. You dankish clack-dish plonker. You gormless crook-pated tosser. You bloody churlish boil-brained clotpole ponce. You craven dewberry pisshead cockup pratting naff. You cockered bum-bailey poofter. You gob-kissing gleeking flap-mouthed coxcomb. You dread-bolted fobbing beef-witted clapper-clawed flirt-gill. May your spouse be blessed with many bastards. You are so clueless that if you dressed in a clue skin, doused yourself in clue musk, and did the clue dance in the middle of a field of horny clues at the height of clue mating season, you still would not have a clue. If you were a movie you would be a double feature; _Battlefield_Earth_ and _Moron_Movies_II_. You would be out of focus. You are a fiend and a sniveling coward, and you have bad breath. You are the unholy spawn of a bandy-legged hobo and a syphilitic camel. You wear strangely mismatched clothing with oddly placed stains. You are degenerate, noxious and depraved. I feel debased just knowing that you exist. I despise everything about you, and I wish you would go away. You are jetsam who dreams of becoming flotsam. You won't make it. I beg for sweet death to come and remove me from a world which became unbearable when you crawled out of a harpy's lair. It is hard to believe how incredibly stupid you are. Stupid as a stone that the other stones make fun of. So stupid that you have traveled far beyond stupid as we know it and into a new dimension of stupid. Meta-stupid. Stupid cubed. Trans-stupid stupid. Stupid collapsed to a singularity where even the stupons have collapsed into stuponium. Stupid so dense that no intelligence can escape. Singularity stupid. Blazing hot summer day on Mercury stupid. You emit more stupid in one minute than our entire galaxy emits in a year. Quasar stupid. It cannot be possible that anything in our universe can really be this stupid. This is a primordial fragment from the original big stupid bang. A pure extract of stupid with absolute stupid purity. Stupid beyond the laws of nature. I must apologize. I can't go on. This is my epiphany of stupid. After this experience, you may not hear from me for a while. I don't think that I can summon the strength left to mock your moronic opinions and malformed comments about boring trivia or your other drivel. Duh. The only thing worse than your logic is your manners. I have snipped away most of your of what you wrote, because, well ... it didn't really say anything. Your attempt at constructing a creative flame was pitiful. I mean, really, stringing together a bunch of insults among a load of babbling was hardly effective... Maybe later in life, after you have learned to read, write, spell, and count, you will have more success. True, these are rudimentary skills that many of us "normal" people take for granted that everyone has an easy time of mastering. But we sometimes forget that there are "challenged" persons in this world who find these things to be difficult. If I had known that this was true in your case then I would have never have exposed myself to what you wrote. It just wouldn't have been "right." Sort of like parking in a handicap space. I wish you the best of luck in the emotional, and social struggles that seem to be placing such a demand on you. P.S.: You are hypocritical, greedy, violent, malevolent, vengeful, cowardly, deadly, mendacious, meretricious, loathsome, despicable, belligerent, opportunistic, barratrous, contemptible, criminal, fascistic, bigoted, racist, sexist, avaricious, tasteless, idiotic, brain-damaged, imbecilic, insane, arrogant, deceitful, demented, lame, self-righteous, byzantine, conspiratorial, satanic, fraudulent, libelous, bilious, splenetic, spastic, ignorant, clueless, EDLINoid, illegitimate, harmful, destructive, dumb, evasive, double-talking, devious, revisionist, narrow, manipulative, paternalistic, fundamentalist, dogmatic, idolatrous, unethical, cultic, diseased, suppressive, controlling, restrictive, malignant, deceptive, dim, crazy, weird, dyspeptic, stifling, uncaring, plantigrade, grim, unsympathetic, jargon-spouting, censorious, secretive, aggressive, mind-numbing, arassive, poisonous, flagrant, self-destructive, abusive, socially-retarded, puerile, and Generally Not Good. I hope this helps... -- G.M. From scamper at trisk.com Mon Apr 3 18:45:17 2006 From: scamper at trisk.com (Garen Erdoisa) Date: Mon Apr 3 19:45:03 2006 Subject: [SpamCop-List] Re: what a bunch of fascist crap In-Reply-To: References: Message-ID: Anonymous wrote: > "jonah" wrote... > >> i sent an email to a merchant asking for information about a specific bb >> gun. And got a bullshit answer that my email had been blocked even though i >> have never spammed anybody. ironically, the company to whom the mail was >> directed are blacklisted by other freedom limiting bullshit fascist pig >> sites as CyberPatrol, CyberNanny and others of like Nazi mentality. >> To the maintainers of these pig organizations : fuck you in your storm >> trooper asses. on the other hand that is probably something you coward >> Nazi fucks enjoy. > > You swine. You vulgar little maggot. You worthless bag of filth. As we > say in Texas, you couldn't pour water out of a boot with instructions > printed on the heel. You are a canker, an open wound. I would rather > kiss a lawyer than be seen with you. You took your last vacation in > the Islets of Langerhans. > > You're a putrescent mass, a walking vomit. You are a spineless little > worm deserving nothing but the profoundest contempt. You are a jerk, a > cad, and a weasel. I take that back; you are a festering pustule on a > weasel's rump. Your life is a monument to stupidity. You are a stench, > a revulsion, a big suck on a sour lemon. > > I will never get over the embarrassment of belonging to the same > species as you. You are a monster, an ogre, a malformity. I barf at > the very thought of you. You have all the appeal of a paper cut. > Lepers avoid you. You are vile, worthless, less than nothing. You are > a weed, a fungus, the dregs of this earth. You are a technicolor yawn. > And did I mention that you smell? > > You are a squeaking rat, a mistake of nature and a heavy-metal bagpipe > player. You were not born. You were hatched into an unwilling world > that rejects the likes of you. You didn't crawl out of a normal egg, > either, but rather a mutant maggot egg rejected by an evil scientist > as being below his low standards. Your alleged parents abandoned you > at birth and then died of shame in recognition of what they had done > to an unsuspecting world. They were a bit late. > > Try to edit your responses of unnecessary material before attempting > to impress us with your insight. The evidence that you are a > nincompoop will still be available to readers, but they will be able > to access it ever so much more rapidly. If cluelessness were crude > oil, your scalp would be crawling with caribou. > > You are a thick-headed trog. I have seen skeet with more sense than > you have. You are a few bricks short of a full load, a few cards short > of a full deck, a few bytes short of a full core dump, and a few > chromosomes short of a full human. Worse than that, you top-post. God > created houseflies, cockroaches, maggots, mosquitos, fleas, ticks, > slugs, leeches, and intestinal parasites, then he lowered his > standards and made you. I take it back; God didn't make you. You are > Satan's spawn. You are Evil beyond comprehension, half-living in the > slough of despair. You are the entropy which will claim us all. You > are a green-nostriled, crossed eyed, hairy-livered inbred > trout-defiler. You make Ebola look good. > > You are weary, stale, flat and unprofitable. You are grimy, squalid, > nasty and profane. You are foul and disgusting. You're a fool, an > ignoramus. Monkeys look down on you. Even sheep won't have sex with > you. You are unreservedly pathetic, starved for attention, and lost in > a land that reality forgot. You are not ANSI compliant and your markup > doesn't validate. You have a couple of address lines shorted together. > You should be promoted to Engineering Manager. > > Do you really expect your delusional and incoherent ramblings to be > read? Everyone plonked you long ago. Do you fantasize that your > tantrums and conniption fits could possibly be worth the $0.000000001 > worth of electricity used to send them? Your life is one big > W.O.M.B.A.T. and your future doesn't look promising either. We need to > trace your bloodline and terminate all siblings and cousins in order > to cleanse humanity of your polluted genes. The good news is that no > normal human would ever mate with you, so we won't have to go into the > sewers in search of your git. > > You are a waste of flesh. You have no rhythm. You are ridiculous and > obnoxious. You are the moral equivalent of a leech. You are a living > emptiness, a meaningless void. You are sour and senile. You are a > loathsome disease, a drooling inbred cross-eyed toesucker. You make > Quakers shout and strike Pentecostals silent. You have a version 1.0 > mind in a version 6.12 world. Your mother had to tie a pork chop > around your neck just to get your dog to play with you. You think > that HTTP://WWW.GUYMACON.COM/FUN/INSULT/INDEX.HTM is the name of a > rock band. You believe that P.D.Q. Bach is the greatest composer who > ever lived. You prefer L. Ron Hubbard to Larry Niven and Jerry > Pournelle. Hee-Haw is too deep for you. You would watch test patterns > all day if the other inmates would let you. > > On a good day you're a half-wit. You remind me of drool. You are > deficient in all that lends character. You have the personality of > wallpaper. You are dank and filthy. You are asinine and benighted. > Spammers look down on you. Phone sex operators hang up on you. > Telemarketers refuse to be seen in public with you. You are the source > of all unpleasantness. You spread misery and sorrow wherever you go. > May you choke on your own foolish opinions. You are a Pusillanimous > galactophage and you wear your sister's training bra. Don't bother > opening the door when you leave - you should be able to slime your > way ou