From porpoise1954 at yahoo.co.uk Thu Jun 1 00:32:15 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Wed May 31 18:35:11 2006 Subject: [SpamCop-List] Re: Help Needed with a blocked/filtered address References: Message-ID: "Luis Sandoval" wrote in message news:e5l4r4$c59$1@news.spamcop.net... > Hello, > > Any directions or explanations about how to solve the following issue > would be appreciated. > > I sent a mail to a contact with whom a regulary exchange messages. But > this time I got the message back with this error: > 5.1.0 - Unknown address error 550-'Rule imposed as luis.sandoval@ieee.org > is blacklisted on SpamCop (see www.spamcop.net)' > > How can I check in the spamcop website if my address is listed, and why or > who listed my address. Sure this is an error, as never use to send spam > mail. > > What can I do to remove my address from any blacklist if it's actually > listed? Well, first off, you have misinformation. Spamcop does not block anything, it compiles a blacklist of *bad* IP addresses that have been reported as being the source of spam. That is, IP addresses - not email addresses. So, whoever configured that 550 message is lying. From g.hyde at bigpond.net.au Thu Jun 1 10:37:18 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Wed May 31 19:40:03 2006 Subject: [SpamCop-List] Re: o References: Message-ID: "Luis Sandoval" wrote in message news:e5kim8$rb7$1@news.spamcop.net... >o If you wanted to test posting to SpamCop newsgroups, you should know that there's a spamcop.test newsgroup explicitly created for this kind of testing. FUT --> spamcop.test Cheers ... Geoffrey Hyde From dfmanno at mail.com Thu Jun 1 01:11:38 2006 From: dfmanno at mail.com (D.F. Manno) Date: Thu Jun 1 00:15:03 2006 Subject: [SpamCop-List] Re: Are X-(whatever) headers filtered in reports sent? References: Message-ID: In article , "Mike Easter" wrote: > The business of the Xlines is that SC is going to munge clear addresses > in there. You haven't defined some specific Xline which you are > imagining might contain unique information -- you have just vaguely > alluded to it. Since there is so much unknown in this Xline discussion > we can't go anywhere with it. Data point: I've received spam with headers containing my e-mail address, with the @ sign replaced by a hyphen. Spamcop didn't munge them. -- D.F. Manno | dfmanno@mail.com The second article of impeachment against Richard Nixon covered, among other things, warrantless wiretapping. From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 00:42:54 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 02:40:04 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt wrote: [snIP - Yahoo! is listed] > This is really disappointing, we are just going to have to stop using > Spamcop. [snIP] You're always free to resign from spam fighting (and should you change your mind, you'll always be welcome to join the fight again when it's convenient for you). You seem to be missing an important point about BLs though, which is to pressure internet providers to take the spam problem seriously by terminating all spammers. The only incentive that seems to work really well to encourage spammer account termination is to block their servers until they clean up their act. BLs such as SpamCop.Net have a well-defined set of criteria, and those who use SpamCop.Net for blocking have made it clear that they agree with this criteria. Unfortunately some providers have decided that it's more important to keep continue to support spammers, and so they eventually wind up getting blocked by so many servers that their non-spamming customers switch to different providers (through their wallets they express their dislike for non-functional eMail services). The end result is that the providers either clue in before losing too many customers, or they go bankrupt (either solution is good, but of course it's always better to avoid this whole mess in the first place by refusing to do business with spammers in the first place). As for me, I find such blocking very encouraging because it shows that SpamCop.Net is reliable -- they're not making exceptions to the criteria they so carefully laid out. It also sends a clear message to other internet providers that taking preventive measures to avoid getting listed in a BL is a worthwhile endeavor. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 00:58:06 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 02:55:03 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: On Tue, 30 May 2006 08:21:18 -0700, G|_|Y |\/|AC0|\| wrote: > Spaz > >> I'll stop forwarding spam to the FTC since they don't do anything. >> Everyone else here should stop as well. > > I strongly disagree. Various agencies use it to justify increased > funding for prosecuting spammers. It also provides the authorities with more data about the criminals that (intentionally not "who") send the spam, thus making it easier for them to build a larger stack of evidence against the spammers for prosecution purposes. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From William at noemail.com Thu Jun 1 01:37:50 2006 From: William at noemail.com (William) Date: Thu Jun 1 03:40:04 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again In-Reply-To: References: Message-ID: Mr. King of-my-forest Pin wrote: > On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt > wrote: > > [snIP - Yahoo! is listed] >> This is really disappointing, we are just going to have to stop using >> Spamcop. > [snIP] > > You're always free to resign from spam fighting (and should you > change your mind, you'll always be welcome to join the fight again when > it's convenient for you). > > You seem to be missing an important point about BLs though, which is > to pressure internet providers to take the spam problem seriously by > terminating all spammers. The only incentive that seems to work really > well to encourage spammer account termination is to block their servers > until they clean up their act. BLs such as SpamCop.Net have a > well-defined set of criteria, and those who use SpamCop.Net for blocking > have made it clear that they agree with this criteria. > > Unfortunately some providers have decided that it's more important > to keep continue to support spammers, and so they eventually wind up > getting blocked by so many servers that their non-spamming customers > switch to different providers (through their wallets they express their > dislike for non-functional eMail services). The end result is that the > providers either clue in before losing too many customers, or they go > bankrupt (either solution is good, but of course it's always better to > avoid this whole mess in the first place by refusing to do business with > spammers in the first place). > > As for me, I find such blocking very encouraging because it shows > that SpamCop.Net is reliable -- they're not making exceptions to the > criteria they so carefully laid out. It also sends a clear message to > other internet providers that taking preventive measures to avoid > getting listed in a BL is a worthwhile endeavor. > > --The Lumber Cartel, local 42 (Canadian Branch) > Vancouver, Beautiful British Columbia, Canada > http://www.lumbercartel.ca/ My thoughts on this are that SC should up the release of IP-addys for an additional day or two. Seems many of the zombie machines are taking the 3 days into accord. From MikeE at ster.invalid Thu Jun 1 02:02:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 04:05:04 2006 Subject: [SpamCop-List] Re: Are X-(whatever) headers filtered in reports sent? References: Message-ID: D.F. Manno wrote: > "Mike Easter" >> The business of the Xlines is that SC is going to munge clear >> addresses in there. > Data point: I've received spam with headers containing my e-mail > address, with the @ sign replaced by a hyphen. Spamcop didn't munge > them. That's a good point - and one covered by my operative word 'clear' as in unmunged/unobfuscated. SC doesn't anything about dealing with any kind of obfuscation. It must be just a simple search on the whole thing. People have also found examples of such as username in some string in the body. -- Mike Easter kibitzer, not SC admin From spam_hjp at yahoo.com Thu Jun 1 06:36:47 2006 From: spam_hjp at yahoo.com (Jim) Date: Thu Jun 1 05:40:09 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again In-Reply-To: References: Message-ID: William wrote: > Mr. King of-my-forest Pin wrote: >> On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt >> wrote: >> >> > My thoughts on this are that SC should up the release of IP-addys for an > additional day or two. Seems many of the zombie machines are taking the > 3 days into accord. 3 days would be great. I thought it had been reduced to 24 hours some time ago. Anything over 24 hours would be a nice improvement especially when spam traps have been hit and user reports have been reported. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 06:14:21 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 06:15:02 2006 Subject: [SpamCop-List] Looked Up mtu.ru in Spamhaus -- No Record? Message-ID: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Folks, Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month -- like in this spam, here: http://www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz I also see a lot of auna.es and nemesys.es, too. Comments on pointlessness/usefulness of LARTing to these ISP's, based on your experience? Regards, Michael From MikeE at ster.invalid Thu Jun 1 04:42:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 06:45:03 2006 Subject: [SpamCop-List] Re: Looked Up mtu.ru in Spamhaus -- No Record? References: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month > -- like in this spam, here: > www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz This is about the proxified spamsource 81.195.7.81 rDNS ppp7-81.pppoe.mtu-net.ru inetnum: 81.195.0.0 - 81.195.27.255 netname: MTU-PPPOE route: 81.195.0.0/16 descr: ZAO MTU-Intel's Moscow Region Network origin: AS8359 We/I often think of spamvertiser providers in terms of hat color and source in terms of cluelessness, but we can check at spamhaus for the reputation of .ru providers.in the SBL. There is only one spamhaus listed IP SBL41235 about a virus propagation source listed since May 1 No ROKSO issues. > I also see a lot of auna.es and nemesys.es, too. Comments on > pointlessness/usefulness of LARTing to these ISP's, based on your > experience? The way I would approach the reputation of a provider for an IP would be to find what spam db/s the IP is in, such as spews or spamhaus -- plus spamhaus has other ways of researching, such as their db of providers by country and the rokso information. -- Mike Easter kibitzer, not SC admin From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 08:43:13 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 08:45:03 2006 Subject: [SpamCop-List] Re: Blue Frog calls it quits? References: Message-ID: <447EE0E1.86BDAA7A@SpamCop.devnull.diespammerdie.net> steve auvache wrote: > > Michael Brennan wrote > >steve auvache wrote: > >> > > > >> > >> The one sobering conclusion that I draw from it is that it ended with > >> The Internet backing away from One Spammer. Which is sad. > > > > > > > >Who is One Spammer? > > I have not got a clue and frankly I am not interested in finding out. > The only thing I ever want to know about him is when he becomes one less > spammer. > > -- Steve, Found a reference at Spamhaus that says that "people aver" that One Spammer is indeed Leo Kuvayev: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932 Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:07:00 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:10:03 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: <447EE674.4820D92E@SpamCop.devnull.diespammerdie.net> Spaz wrote: > > I have my spam filtered into a spam folder in Outlook Express and then I forward it to the FTC > daily, or at least I used to when I was getting spam. I cc: to the FTC address every time I send spam off to SpamCop for parsing (viz., I send FTC the raw spams, not SpamCop's parses or completed reports -- I'm just a free reporter). Think I'm doing any good? I've been cc'ing to FTC for years, never saw a dramatic "spampause" such as you're reporting. Sounds like Spammy listwashed you. Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:10:47 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:15:04 2006 Subject: [SpamCop-List] Re: Blocking strategies are not enough References: Message-ID: <447EE757.7BB3EE62@SpamCop.devnull.diespammerdie.net> Frog Prince wrote: > > FTC goes through periods when (a presumption) their system is overloaded and > they bounce the excess for a week or so then back to collecting. > > Still have no idea what they do with the stuff. I'm getting that just in the last day or so from FDA again....they start sending nondelivery notices saying that ORA at FDA is "broken"....then the nondeliveries stop and they're back in business again. I cc: them with my "pharmacy/wunderpill/SPUR-M" UCE's I get from Leo and friends. Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 09:53:54 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 09:55:05 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EF172.14DF2266@SpamCop.devnull.diespammerdie.net> Blue Rock wrote: > > >>Where did you see it written that reporting spam via SpamCop would > >> reduce your spam load? > > Point taken - but I didn't expect it to INCREASE. > I notice in your posts that your e-mail address appears to be in-the-clear. That will get you bot-harvested in a heartbeat. Best regards, Michael From user at example.com Thu Jun 1 10:11:51 2006 From: user at example.com (cwg) Date: Thu Jun 1 10:15:03 2006 Subject: [SpamCop-List] Re: Received spam, and found "error: Couldn't parse head" in resulting parse. References: Message-ID: > http://www.spamcop.net/sc?id=z955316845z87db98256b0b53e500be3ecf888a2163z > > When SpamCop got to the body of the message, during the parse, it came up > with an error "couldn't parse head" - why does this happen? > > SpamCop never started doing this until just now. Can anyone point out what > is going on here and if it is something on my end or on SpamCop's end? > > > Cheers ... > > Geoffrey Hyde I've run across it occasionally, perhaps when you look at the headers in like notepad, the recieved line will look like this: Received: from localhost ([85.9.225.6 ]) by imta02ps.mx.bigpond.com with SMTP id <....> for ; Sat, 27 May 2006 06:19:59 +0000 With a nonprintable character breaking the headers. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 10:36:18 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 10:40:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > We should figure out if you are handling your spam insecurely in the > reporting process. Your newsagent is OE. You should not be opening or > previewing any of your spam in order to report it. For example, one set > of instructions for accessing the spam's Properties is to use the > control-F3 function, which function will not work without the spam being > either opened or previewed -- neither of which are secure ways to > spamhandle. > Mike, When I receive a spam, which lands in my OE inbox along with my goodmail, I visually inspect addressees and senders and drag-and-drop suspect mails (by hand) to a spam folder. I'm not using SpamPal or other filterware. I have a few rules on my account at my ISP's server, but I don't really understand filter rules or logic. I do know that I have a rule that says that anything with *.cn* anywhere in the "from" is promptly killfiled, but that doesn't stop any of that Knick-Knock mess from getting into my Inbox. That's because the spammers (Leo, mostly, as we've discussed) use my ISP's URL in the "From" and "Reply-to" lines every single time. I may have to filter on my own URL. Be that as it may, I have some spams in a folder that I've filled manually. Normally, I disconnect from my ISP (I have a dial-up account on a pair gain loop that limits bandwidth dramatically, which is SBC/AT&T's way of showing me the light, which I refuse to look at: I'm waiting for BPL and will give SBC the Finger when it gets here) before I look at any of it. I sort my spam by categories. The categories are driven by reporting: pill-spammers go to SpamCop, the FTC, and the FDA. 419's go to Secret Service FCD, SpamCop, and FTC. Solicitations offering "local girls/bored housewives looking for one-night stands" go to FBI Cybercrime, SpamCop, the FTC, and, before the City began filtering me, a vice cop whom I contacted at my large urban PD. And so on. The problem is, the stock-spammers especially, and some of the pill-spammers (I suspect Leo is doing this), wrap their payloads in Base-64 encoded .GIF images. I just can't tell what the material is without either opening the spam or previewing it. I do that offline, and I've reviewed the message sourcecode and have seldom seen a beacon, but if a suspicious IMG SRC line is present, it can't call the mothership if I'm offline and physically disconnected. I also check for possible attempts to ID me and munge them slightly if they wouldn't ordinarily be munged by SpamCop's standard header handling. (Someone has been burying usernames, sometimes encrypted, in message bodies and including them in subject lines.) I zip up the View/Layout prefs before going back online, to eliminate previewing, with the spam forwards to SpamCop et al. all loaded up and ready to go. I check for more incoming spam, and if any lands in my inbox when I check, I append it to whichever packet it belongs in, and off it all goes to be parsed by SpamCop and distributed among other interested or cognizant parties. What would be your critique of that procedure -- other than the obvious incubi you mentioned above, of time and effort spent doing manually what others accomplish (more or less -- w/o the collateral notifications, I suppose) by either quick reporting or fuller reporting via paid SpamCop accounts? Regards, and TIA, Michael From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 10:49:28 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 10:50:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: Message-ID: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Blue Rock wrote: > > > But the 'connection' I refer to is that this > > occurred within a week of my starting to report spam on SpamCop. > > That is the fact that I am reluctant to check off as mere coincidence. > > Well, for whatever it is worth, I don't recommend 'regular' spamcop > reporting to blackhat ie unresponsive spamvertiser providers. > Mike, Is there a handy list of these? Besides the usual, obvious suspects who get devnull'ed by SpamCop, like "Knick-Knock". Michael From user at example.com Thu Jun 1 10:55:19 2006 From: user at example.com (cwg) Date: Thu Jun 1 10:55:02 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: "Jim" wrote in message news:e5mcfh$b7b$1@news.spamcop.net... > William wrote: > > Mr. King of-my-forest Pin wrote: > >> On Wed, 31 May 2006 14:33:25 -0700, Ted Mittelstaedt > >> wrote: > >> > >> > > My thoughts on this are that SC should up the release of IP-addys for an > > additional day or two. Seems many of the zombie machines are taking the > > 3 days into accord. > > > 3 days would be great. I thought it had been reduced to 24 hours some time ago. Anything over > 24 hours would be a nice improvement especially when spam traps have been hit and user reports > have been reported. Personally, I would not mind seeing the blocklist action extended to DNS servers blocking access attempts by any IP and/or IP Range on the blocklist, hence, forcing the owner(s) of the zombie machine, "Hey, get a clue!" From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 11:41:13 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 11:45:04 2006 Subject: [SpamCop-List] Re: Looked Up mtu.ru in Spamhaus -- No Record? References: <447EBDFD.2645DE7F@SpamCop.devnull.diespammerdie.net> Message-ID: <447F0A99.1626129D@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Michael Brennan wrote: > > > Is mtu.ru a blackhat ISP? I see them a lot on spams in the last month > > -- like in this spam, here: > > > www.spamcop.net/sc?id=z960353122z74f6ffda65a2d3217730cd24b24a494bz > > This is about the proxified spamsource 81.195.7.81 rDNS > ppp7-81.pppoe.mtu-net.ru > > There is only one spamhaus listed IP SBL41235 about a virus propagation > source listed since May 1 > > No ROKSO issues. Yes, I checked ROKSO -- no entries, but I wasn't sure that was the last word on the subject and thought I'd better ask around before sending them a SpamCop report. I don't know how you can tell it's proxytrojaned, but it's a relief to know that mtu.ru isn't just a d/b/a for Leo et al. > > I also see a lot of auna.es and nemesys.es, too. Comments on > > pointlessness/usefulness of LARTing to these ISP's, based on your > > experience? > > The way I would approach the reputation of a provider for an IP would be > to find what spam db/s the IP is in, such as spews or spamhaus -- plus > spamhaus has other ways of researching, such as their db of providers by > country and the rokso information. Thanks for the suggestion about SPEWS -- haven't been to their site, will have to look them up. Searching ROKSO can be pretty frustrating sometimes, if only because most of these spammer URL's are fresh off the crepe machine, but also because of the way their site is laid out. I was reading earlier about some of the techniques Leo and others have pioneered -- or "slimeoneered" -- in Spamhaus, here: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932 and here: http://vaxcave.com/?p=345#comments [passim] and I'm pretty impressed by their inventiveness in screwing something up that so much bigger than their appetite for cars and money. Particularly the three-hour rotation among IP's to manage b/l's, which was a wrinkle I hadn't read about before. Tks, Michael From kingpin+nntp.spamcop.net at lumbercartel.ca Thu Jun 1 09:53:57 2006 From: kingpin+nntp.spamcop.net at lumbercartel.ca (Mr. King of-my-forest Pin) Date: Thu Jun 1 11:55:03 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: On Thu, 01 Jun 2006 00:37:50 -0700, William wrote: [snIP] > My thoughts on this are that SC should up the release of IP-addys for an > additional day or two. Seems many of the zombie machines are taking the > 3 days into accord. Great idea! That would be a very much welcomed improvement. Perhaps SpamCop.Net could create a second BL zone called LongBL.SpamCop.Net so that those who wish to block for longer time-frames can, easily, and then SpamCop.Net doesn't have to change the policy with the current BL.SpamCop.Net. -- The Lumber Cartel, local 42 (Canadian Branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From MikeE at ster.invalid Thu Jun 1 10:05:40 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 12:10:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Mike Easter wrote: >> We should figure out if you are handling your spam insecurely in the >> reporting process. > The problem is, the stock-spammers especially, and some of the > pill-spammers (I suspect Leo is doing this), wrap their payloads in > Base-64 encoded .GIF images. I just can't tell what the material is > without either opening the spam or previewing it. I would restate what you have said, to make a 'fine' point. You mean, you cannot 'see' what is the content of the .gif without 'rendering' it. That is, the spammer intended for you to open the item in a mailuser agent which uses a rendering engine which will render the graphic so that the spamreader can read the words in the graphic. You can 'dissect' a mail item so that you can view the graphic without ever opening the mail. You would access the unrendered complete headers and contiguous unrendered body. Then you would identify the MIME structure that shows you where the b64 encoded .gif part is. Then you would save that part and decode the b64 to get the .gif, then you would use a graphic viewer to visualize 'read' the .gif contents. That's a lot of trouble, but it /can/ be done. What is quicker to do if you know how to 'read' the raw unrendered body is to examine the mail by its Properties, to see what is going on inside -- whether or not there are any html tricks going on which would 'bother you' from a security point of view. Then, if there are not, you would open the spam in OE and render the graphic, because that is quicker than what I described above about dissection and decoding and graphic viewing. > I do that offline, > and I've reviewed the message sourcecode and have seldom seen a > beacon, but if a suspicious IMG SRC line is present, it can't call the > mothership if I'm offline and physically disconnected. I count what you are describing there as being secure about how you open a spam. > What would be your critique of that procedure -- It sounds like you are taking sufficient precautions to be secure in your spam opening. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 10:16:02 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 12:20:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Message-ID: Michael Brennan wrote: > Mike Easter wrote: >> Well, for whatever it is worth, I don't recommend 'regular' spamcop >> reporting to blackhat ie unresponsive spamvertiser providers. > Is there a handy list of these? No. If you are going to try to figure out the reputation of a spamvertised IP, IMO the quickest way to do it would be to look it up in a multiDNSbl tool like the one at dnsstuff or a similar multi -- mainly to find out if it is spewed or spamhaused -- to use a spews or spamhaus listing as 'evidence' of unresponsiveness. That unresponsiveness is not always pure dark blackhat - some unresponsives are clueless. But the actual spamhaus or spews 'evidence' can help better determine the nature of the hattedness. You may be surprised to discover that 'all' of your spamvertiser providers are unresponsive. In which case you might question whether or not you should even be /considering/ notifying spamvertisers. That is, if you 'dissect' a hundred or so spams and find that you wouldn't want to notify very many of the spamvertiser providers, you might start wondering why you should be spending all of that time poring over the SC tracking url to approve the report, if you are just unchecking all of the spamvertiser provider notifies. You might come to think that maybe you should be quick reporting and spend your time working on something else more fruitful than unchecking unresponsive spamvertiser providers from the notify. I think the parser notifier should be configured so that a reporter can choose a preference to have a different default so that the default is to not resolve the spamvertised links and to not notify the spamvertiser providers. -- Mike Easter kibitzer, not SC admin From info at bluerocksystems.com Thu Jun 1 13:40:51 2006 From: info at bluerocksystems.com (Blue Rock) Date: Thu Jun 1 12:45:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EF172.14DF2266@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote > I notice in your posts that your e-mail address appears to be > in-the-clear. That will get you bot-harvested in a heartbeat. I did realize that spam bots search newsgroups for addresses, so I used an address at my domain that is already publicly posted on a webpage, and thus, has already been "harvested" by spammers. (This was discussed in another branch of this post). However, the increase in spam I experienced was from BEFORE I posted anything in any newsgroup. From Nobody at SpamCop.devnull.diespammerdie.net Thu Jun 1 12:42:19 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Thu Jun 1 12:45:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> Message-ID: <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > If you are going to try to figure out the reputation of a spamvertised > IP, IMO the quickest way to do it would be to look it up in a multiDNSbl > tool like the one at dnsstuff or a similar multi -- mainly to find out > if it is spewed or spamhaused -- to use a spews or spamhaus listing as > 'evidence' of unresponsiveness. That unresponsiveness is not always > pure dark blackhat - some unresponsives are clueless. But the actual > spamhaus or spews 'evidence' can help better determine the nature of the > hattedness. > > I think the parser notifier should be configured so that a reporter can > choose a preference to have a different default so that the default is > to not resolve the spamvertised links and to not notify the spamvertiser > providers. Mike, thanks for the suggestions. Regards, Michael From kopfj at worldnet.att.net Thu Jun 1 11:43:22 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Thu Jun 1 13:45:03 2006 Subject: [SpamCop-List] ISP keeps SpamCop from working... Message-ID: <447F273A.2A01D7B9@worldnet.att.net> My ISP is MetroFI (provide free community-wide broadband wireless connections to the internet; "free" because they insert an advertisement at the top of each screen. Midday Tuesday they made a change to their service. Previously, when I brought up http://members.spamcop.net/, it worked fine and their advertisements disappeared (my Browser, Firefox, provided the ability to remove the ads as well, by right-clicking on the part of interest and then selecting "This Frame"=>"Show only this frame"). Apparently the ISP has disabled this capability - as soon as the command goes out to "Show only this frame", the server treats it as a full screen refresh. The result is that MetroFI and SpamCop are "battling" one another, and nothing BUT the advertisements gets displayed. Is there any way I can continue to use spamcop in this environment? Say, by using a version of SpamCop that doesn't try to hide the ads? John KOpf From MikeE at ster.invalid Thu Jun 1 12:15:27 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 14:20:02 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: John O. Kopf wrote: > My ISP is MetroFI (provide free community-wide broadband wireless > connections to the internet; "free" because they insert an > advertisement at the top of each screen. > > Midday Tuesday they made a change to their service. Previously, when > I brought up http://members.spamcop.net/, it worked fine and their > advertisements disappeared (my Browser, Firefox, provided the ability > to remove the ads as well, by right-clicking on the part of interest > and then selecting "This Frame"=>"Show only this frame"). > > Apparently the ISP has disabled this capability - as soon as the > command goes out to "Show only this frame", the server treats it as a > full screen refresh. > > The result is that MetroFI and SpamCop are "battling" one another, and > nothing BUT the advertisements gets displayed. > > Is there any way I can continue to use spamcop in this environment? > Say, by using a version of SpamCop that doesn't try to hide the ads? Presumably the member.spamcop page is like http://www.spamcop.net/ which requires a login to display a parser window. re "by using a version of SpamCop that doesn't try to hide the ads" The spamcop /page/ or 'version' doesn't try to hide any ads. You are the one trying to hide ads with your FF browser's plugin -- which I have no idea what that is. Why don't you disable the FF plugin which is trying to interfere with the ads and see what happens. Re "MetroFI and SpamCop are "battling" one another" -- what is battling is your FF plugin and the MetroFI modification of what your browser is receiving. According to the metrofi page, they describe it as an 'ad bar' - // Will I see a lot of advertisements? -- No, the Ad bar should not get in the way of your Internet experience. // http://www.metrofi.com/faq_free.html No one else here is going to be getting exactly what you are -- unless there is someone else here using the same metrofi and the same firefox plugin for ad blocking -- so you are on your own to use good sense to try to fix the conflict between two services which you have chosen to use. It is logical for metrofi to configure to defeat ad blocking -- even if it 'gets in the way of your internet experience'. Metrofi believes that you should experience the ads as well as your other internet experience -- not that you should block the ads. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Thu Jun 1 14:23:24 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Thu Jun 1 16:25:02 2006 Subject: [SpamCop-List] Re: Spamcop is *not* shooting itself References: Message-ID: Ted Mittelstaedt wrote: > It's probably some spammer has figured out where some of the Spamcop > spamtrap addresses are, For the above to be true, the people who are in charge of hiding spamtraps would have to be idiots. They aren't idiots, and the spammers have not figured out where any of the Spamcop spamtrap addresses are. From vxpy7do02 at sneakemail.com Thu Jun 1 14:26:45 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 16:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net... > Mike Easter wrote: >> > >> >> If you are going to try to figure out the reputation of a spamvertised >> IP, IMO the quickest way to do it would be to look it up in a multiDNSbl >> tool like the one at dnsstuff or a similar multi -- mainly to find out >> if it is spewed or spamhaused -- to use a spews or spamhaus listing as >> 'evidence' of unresponsiveness. That unresponsiveness is not always >> pure dark blackhat - some unresponsives are clueless. But the actual >> spamhaus or spews 'evidence' can help better determine the nature of the >> hattedness. > >> >> I think the parser notifier should be configured so that a reporter can >> choose a preference to have a different default so that the default is >> to not resolve the spamvertised links and to not notify the spamvertiser >> providers. > Quick reporting DOES that - notifies on IPs in the header and ignores the body of the spam. -- A SpamCop user and forum reader, Not Admin > > Mike, thanks for the suggestions. > > Regards, > Michael From vxpy7do02 at sneakemail.com Thu Jun 1 14:36:09 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 16:40:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5n391$t0o$1@news.spamcop.net... > Michael Brennan wrote: >> Mike Easter wrote: > >>> We should figure out if you are handling your spam insecurely in the >>> reporting process. > >> The problem is, the stock-spammers especially, and some of the >> pill-spammers (I suspect Leo is doing this), wrap their payloads in >> Base-64 encoded .GIF images. I just can't tell what the material is >> without either opening the spam or previewing it. > > I would restate what you have said, to make a 'fine' point. > > You mean, you cannot 'see' what is the content of the .gif without > 'rendering' it. That is, the spammer intended for you to open the item > in a mailuser agent which uses a rendering engine which will render the > graphic so that the spamreader can read the words in the graphic. > > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > OT question - exactly how do you DO that? I got an e-mail from a friend that contained a base64 which was a picture and for some reason neither the html in the body or the base64 gif rendered in my OE the only thing on the screen was the raw html code and the base64 code. I wanted to see the picture. -- A SpamCop user and forum reader, Not Admin From MikeE at ster.invalid Thu Jun 1 14:51:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 16:55:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: >> Mike Easter wrote: >>> I think the parser notifier should be configured so that a reporter >>> can choose a preference to have a different default so that the >>> default is to not resolve the spamvertised links and to not notify >>> the spamvertiser providers. >> > > Quick reporting DOES that - notifies on IPs in the header and ignores > the body of the spam. Quick reporting does that, but it doesn't feed the URLs to sc-surbl. My method would do that -- SC would find the URLs, deobfuscate them, not resolve them, 'manufacture' a bogus devnull notify on the basis of the domainname, and the reporter would approve/check the spamvertiser devnull notify and uncheck any IB devnull notify, and the spamvertiser URL would go to the sc-surbl. No spamvertiser provider would be notified or given any evidence. It would take the reporter more time, but it would not only feed the SCbl, like the quick, but also the sc-surbl which the quick does not. It would also save the parser from having to try to resolve spamvertised url/s and thus conserve parser resources. It would protect the reporter from giving spam evidence to blackhat providers just like quick does. -- Mike Easter kibitzer, not SC admin From dws at dealing-with-spam.info Thu Jun 1 23:56:05 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Thu Jun 1 17:00:03 2006 Subject: [SpamCop-List] Re: Saw this on NANAE - Automating SpamCop submissions References: <447DCA04.DF567F33@spamcop.net> <1a519c0gr08l0.dlg@news.spamcop.net> Message-ID: N. Miller wrote on Wed, 31 May 2006 11:03:39 -0700: > Not good. Without human oversight you will, ultimately, send reports to > the wrong places. If your mail service makes a change which breaks your > mail host configuration, that could include your own provider. OTOH, if *you* provide your own mail service and you don't rely on your ISP, then you're not subject to such problems. From MikeE at ster.invalid Thu Jun 1 15:03:33 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 17:05:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: >> You can 'dissect' a mail item so that you can view the graphic >> without ever opening the mail. You would access the unrendered >> complete headers and contiguous unrendered body. Then you would >> identify the MIME structure that shows you where the b64 encoded >> .gif part is. Then you would save that part and decode the b64 to >> get the .gif, then you would use a graphic viewer to visualize >> 'read' the .gif contents. >> > > OT question - exactly how do you DO that? The way I do it is to use my Iceows utility, which Iceows is the old ArjFolder, which is a very multifunctioned de/encoder, de/compressor, verifier, etc which can do a really really lot of things. Using the Properties, I select the part of the mail's MIME from Content-Type: image/gif; name="B2Av.G7M.wo5V.GIF" Content-Transfer-Encoding: base64 Content-ID: which follows all of the b64 encoding down to the end of that content-id delimitor. I paste that copied mime information + b64 into some editor like notepad and save it as a filename.b64, say B2Av.b64 Then I point my Iceows at that filename.b64 and it converts it into B2Av.G7M.wo5V.GIF which result I would view with IrfanView. > I got an e-mail from a friend that contained a base64 which was a > picture and for some reason neither the html in the body or the > base64 gif rendered in my OE the only thing on the screen was the raw > html code and the base64 code. I wanted to see the picture. Take the mail apart, save the encoded part [I do it with MIME header], decode the b64, and view the graphic. IrfanView can also overcome some graphics errors. -- Mike Easter kibitzer, not SC admin From vxpy7do02 at sneakemail.com Thu Jun 1 16:01:54 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 18:05:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nk0e$afh$1@news.spamcop.net... > anon wrote: >>> Mike Easter wrote: > >>>> I think the parser notifier should be configured so that a reporter >>>> can choose a preference to have a different default so that the >>>> default is to not resolve the spamvertised links and to not notify >>>> the spamvertiser providers. >>> >> >> Quick reporting DOES that - notifies on IPs in the header and ignores >> the body of the spam. > > Quick reporting does that, but it doesn't feed the URLs to sc-surbl. My > method would do that -- SC would find the URLs, deobfuscate them, not > resolve them, 'manufacture' a bogus devnull notify on the basis of the > domainname, and the reporter would approve/check the spamvertiser > devnull notify and uncheck any IB devnull notify, and the spamvertiser > URL would go to the sc-surbl. > > No spamvertiser provider would be notified or given any evidence. > > It would take the reporter more time, but it would not only feed the > SCbl, like the quick, but also the sc-surbl which the quick does not. > > It would also save the parser from having to try to resolve spamvertised > url/s and thus conserve parser resources. It would protect the reporter > from giving spam evidence to blackhat providers just like quick does. > > sc-surbl??? I thought that SC only had the IP blocklist, not URL blocklist. > -- > Mike Easter > kibitzer, not SC admin > From kopfj at worldnet.att.net Thu Jun 1 17:15:57 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Thu Jun 1 19:15:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: <447F752D.1C6BE303@worldnet.att.net> And how do I find this mysterious "FF" plugin to disable it in FireFox? I have NO idea where to look for it, nor how to access/control it. John Kopf Mike Easter wrote: > > SNIP > > Why don't you disable the FF plugin which is trying to interfere with > the ads and see what happens. > > Re "MetroFI and SpamCop are "battling" one another" -- what is battling > is your FF plugin and the MetroFI modification of what your browser is > receiving. > > According to the metrofi page, they describe it as an 'ad bar' - // > Will I see a lot of advertisements? -- No, the Ad bar should not get in > the way of your Internet experience. // > http://www.metrofi.com/faq_free.html > > No one else here is going to be getting exactly what you are -- unless > there is someone else here using the same metrofi and the same firefox > plugin for ad blocking -- so you are on your own to use good sense to > try to fix the conflict between two services which you have chosen to > use. It is logical for metrofi to configure to defeat ad blocking -- > even if it 'gets in the way of your internet experience'. Metrofi > believes that you should experience the ads as well as your other > internet experience -- not that you should block the ads. > > -- > Mike Easter > kibitzer, not SC admin From me at privacy.net Fri Jun 2 00:16:43 2006 From: me at privacy.net (Michael R N Dolbear) Date: Thu Jun 1 19:20:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: <01c68596$0005b340$LocalHost@default> Michael Brennan wrote > suspect mails (by hand) to a spam folder. I'm not using SpamPal or > other filterware. I have a few rules on my account at my ISP's server, > The problem is, the stock-spammers especially, and some of the > pill-spammers (I suspect Leo is doing this), wrap their payloads in > Base-64 encoded .GIF images. I just can't tell what the material is > without either opening the spam or previewing it. I do that offline, Just do a Judge Dredd on any emails that contain Base-64 anything ? My experience is that only spammers use it. Worth trying SpamPal. I use the SpamCop filteration service, which let though 31 'leakers' and held 2702 spams (no false positives) in May. -- Mike D From MikeE at ster.invalid Thu Jun 1 17:27:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > --picture follows-- Do not post 'binaries', either as useless misconfigured inline junk or as a proper binary attachment to these discussion groups. There is more liberty about what can be posted in spamcop.spam -- but I don't recommend doing stupid things like that post of yours in there either. People on dialups get these messages as part of a mailing list, and it is against the 'rules' [traditional lore] to post binaries in here.. In addition, you didn't handle the ascii-fied binary posting in a useful way, on top of the fact that it didn't belong here anyway. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 17:28:13 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:30:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFE78.9E362E01@SpamCop.devnull.diespammerdie.net> <447F18EB.F48CF8C5@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > "Mike Easter" >> the spamvertiser URL would go to the sc-surbl. > sc-surbl??? I thought that SC only had the IP blocklist, not URL > blocklist. sc-surbl isn't maintained by SC, it is only fed the same way as the statistics page is fed When a site makes it to this page http://www.spamcop.net/w3m?action=inprogress;type=www Abuse report sent to Age Reported web site which means that it has a /report/, then these guys get it http://www.surbl.org/lists.html SURBLs contain domains which occur in spam message body URIs. They can be used with programs that can check message body URI domains against an RBL such as SpamCopURI in SpamAssassin 2.63 and 2.64, and urirhsbl in SpamAssassin 3 and others mentioned elsewhere on this site. But, those guys don't currently get anything from quick reports or from all of the spamvertised url/s which SC fails to resolve or the spamvertised url/s which reporters don't want to report to the blackhat or unresponsive provider. If the parser were configured the way I'm talking about, some of the quick reporters might choose to become devnull spamvertiser reporters, and also a lot of the regular reporters who aren't reporting spamvertised url/s because SC doesn't resolve them 'properly' or because they get unchecked or whatever reasons would be 'fixed'. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Thu Jun 1 17:43:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 19:45:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: John O. Kopf wrote: > And how do I find this mysterious "FF" plugin to disable it in > FireFox? I have NO idea where to look for it, nor how to > access/control it. That doesn't make any sense stuck up there on top without any context or trimming. Here's the way a conversation is supposed to work in newsgroups - http://members.fortunecity.com/nnqweb/nquote.html Quoting Style in Newsgroup Postings Q7: Why shouldn't I put my comments above the quoted material? John O. Kopf wrote: > Mike Easter wrote: >> John O. Kopf wrote: >>> their advertisements disappeared (my Browser, Firefox, provided the ability to remove the ads as well, by right-clicking on the part of interest and then selecting "This Frame"=>"Show only this frame"). That is you describing yourself using a FF plugin or extension, where FF = Firefox and the ad removal = a FF plugin, presumably the "EditCSS extension" tool. So, then I said: >> Why don't you disable the FF plugin which is trying to interfere with >> the ads and see what happens. > And how do I find this mysterious "FF" plugin to disable it in > FireFox? I have NO idea where to look for it, nor how to > access/control it. It looks to me like you previously described how you use it to remove the ads in your first post. -- Mike Easter kibitzer, not SC admin From g.hyde at bigpond.net.au Fri Jun 2 10:52:01 2006 From: g.hyde at bigpond.net.au (Geoffrey Hyde) Date: Thu Jun 1 19:55:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: "John O. Kopf" wrote in message news:447F273A.2A01D7B9@worldnet.att.net... > My ISP is MetroFI (provide free community-wide broadband wireless > connections to the internet; "free" because they insert an advertisement > at the top of each screen. IMHO, you're paying $0 for what they said you would get. Ads with your internet experience. > Midday Tuesday they made a change to their service. Previously, when I > brought up http://members.spamcop.net/, it worked fine and their > advertisements disappeared (my Browser, Firefox, provided the ability to > remove the ads as well, by right-clicking on the part of interest and > then selecting "This Frame"=>"Show only this frame"). It sounded like they had not at that point realized how people were getting around the ads, and took actions (as you describe below) to remedy the error. > Apparently the ISP has disabled this capability - as soon as the command > goes out to "Show only this frame", the server treats it as a full > screen refresh. Well, that's what you get for signing up with a "free" ISP. IMHO I would much rather PAY money to an ISP to get zero ads without any weird internet page hijacking done on the ISP's end. Feel free to dump them and get someone you have to PAY money to in order to browse the internet. > The result is that MetroFI and SpamCop are "battling" one another, and > nothing BUT the advertisements gets displayed. That is a result of their correction for your mistakenly thinking you could get a free internet connection without ads for $0. > Is there any way I can continue to use spamcop in this environment? > Say, by using a version of SpamCop that doesn't try to hide the ads? Well, if you want to keep the free ISP, you can try to uninstall the FireFox plugin that is causing the conflict. Please browse the support tab located on the following webpage for information on how to add/remove plugins if you wish to try that: http://www.mozilla.com/firefox/ IMHO, I would much rather pay money for an ISP that doesn't try to serve me ads. I've never liked ads and will never revisit sites that serve popups the first time. Cheers ... Geoffrey Hyde From ppearson at nowhere.invalid Fri Jun 2 01:35:54 2006 From: ppearson at nowhere.invalid (Peter Pearson) Date: Thu Jun 1 20:40:09 2006 Subject: [SpamCop-List] SpamAssassin: updated from reports? Message-ID: Do spam submissions (either by email or by web page) contribute to Spamcop's SpamAssassin training? I'd think that after 5 subscribers reported spam touting Infinex Ventures or Mongolian uranium, Spamcop would be assigning all further such messages a pretty high spam rating; but more keep coming through with only modest spam ratings. -- To email me, substitute nowhere->spamcop, invalid->net. From vxpy7do02 at sneakemail.com Thu Jun 1 18:36:33 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 20:45:04 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nt5e$hat$1@news.spamcop.net... > anon wrote: >> --picture follows-- > > Do not post 'binaries', either as useless misconfigured inline junk or > as a proper binary attachment to these discussion groups. > OK - thanks for stripping out the binary. I forgot about the time for the dialup to download it. -- A SpamCop user and forum reader, Not Admin > There is more liberty about what can be posted in spamcop.spam -- but I > don't recommend doing stupid things like that post of yours in there > either. > > People on dialups get these messages as part of a mailing list, and it > is against the 'rules' [traditional lore] to post binaries in here.. > > In addition, you didn't handle the ascii-fied binary posting in a useful > way, on top of the fact that it didn't belong here anyway. > OK, OK, OK mea culpa. > > -- > Mike Easter > kibitzer, not SC admin > From vxpy7do02 at sneakemail.com Thu Jun 1 18:42:18 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Thu Jun 1 20:45:07 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5nt5e$hat$1@news.spamcop.net... > anon wrote: >> --picture follows-- > > Do not post 'binaries', either as useless misconfigured inline junk or > as a proper binary attachment to these discussion groups. > OK - thanks for stripping out the binary. I forgot about the time for the dialup to download it. -- A SpamCop user and forum reader, Not Admin > There is more liberty about what can be posted in spamcop.spam -- but I > don't recommend doing stupid things like that post of yours in there > either. > > People on dialups get these messages as part of a mailing list, and it > is against the 'rules' [traditional lore] to post binaries in here.. > > In addition, you didn't handle the ascii-fied binary posting in a useful > way, on top of the fact that it didn't belong here anyway. > OK, OK, OK mea culpa. > > -- > Mike Easter > kibitzer, not SC admin > From nobody at spamcop.net Thu Jun 1 18:58:03 2006 From: nobody at spamcop.net (N. Miller) Date: Thu Jun 1 21:00:06 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: <1lvw31w8o6yzc$.dlg@news.spamcop.net> On Thu, 01 Jun 2006 16:15:57 -0700, John O. Kopf from SpamCop wrote: > Mike Easter wrote: >> SNIP >> >> Why don't you disable the FF plugin which is trying to interfere with >> the ads and see what happens. > And how do I find this mysterious "FF" plugin to disable it in FireFox? > I have NO idea where to look for it, nor how to access/control it. Start Firefox in the "safe mode", and see if it works that way. If so, check your menu, Tools | Extensions, and see what extensions are active. If you see an obvious extension for pop-up control, remove that one. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From Willow at devnull.spamcop.invalid Thu Jun 1 22:09:54 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 21:10:05 2006 Subject: [SpamCop-List] What does this mean? Message-ID: I have a small business but I do not send any unsolicited email as advertisement. I only reply to clients that email me about my product after they get my email address from my website. I have emailed a customer in the past with no problem, but today my email is coming back with the following paragraph of explanation. What does it mean? Has my IP been banned by Spam Cop? If so, what do I do about it? My IP is through Verizon DSL which is my Internet connection, but my email account is with a local ISP. ------------------- Hi. This is the qmail-send program at yahoo.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : Connected to 208.31.142.21 but sender was rejected. Remote host said: 550 5.7.1 ... IP listed at bl.spamcop.net, click here for further information: http://www.spamcop.net/w3m?action=checkblock&ip=209.73.179.141 -- Willow From MikeE at ster.invalid Thu Jun 1 20:00:54 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 22:05:03 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: > today my email is > coming back with the following paragraph of explanation. What does > it mean? It means that the intended recipient of your mail was using one or more blocklists to reject mail from spamsources and other abusive mailers. One of the lists the recipient's server used was the SCbl - the SpamCop blocklist - which is listing an IP address which your mail is using toward the recipient's server which blocked it. The IP address which is listed in the SCbl which the recipient server was using to reject your mail is that of your mail's provider -- the IP is 209.73.179.141 and its name is smtp103.vzn.mail.dcn.yahoo.com That IP/server is a 'yahoo' output server, one of hundreds of such output servers for yahoo. That IP address is listed in the SCbl because of some abusive behavior of the server which has caused it to hit spamcop spamtraps. Spamtraps are addresses which have never been used in correspondence and which should never receive any mail of any kind. For the yahoo server to be mailing sufficient quantities of mail to a 'non-existent' address is 'prima facie' evidence, even if we haven't seen it, that the yahoo server is acting abusively. Only a deputy has access to the actual evidence of what mail hit the spamcop spamtraps which caused the listing. Spamtrap addresses are a 'secret' to prevent their abuse. The server your mail used has done this: - has sent mail to SpamCop spam traps in the past week - past 15.9 days, it has been listed 2 times for a total of 2.2 days So, yahoo servers act badly and send abusive mail. People and servers besieged by spam and other abuse use spamfilters which use blocklists to defend themselves against various types of abusive mail. You then use the abusive yahoo servers to send your non-spam mail and your recipient's mail provider's filters reject your mail because it came from an abusive yahoo server. > Has my IP been banned by Spam Cop? No. Not exactly. Your mail provider's IP has been temporarily listed by SC for abusive behavior. It will be automatically delisted in time. If you don't want your mail delivery disturbed, you should not use the mail servers of providers whose servers act abusively. "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours." > If so, what do I do > about it? If one mail provider for you has problems delivering its mail, you should obtain an alternative or another mail provider/s so as to not be using an abusive server to send your mail for you. > My IP is through Verizon DSL which is my Internet > connection, but my email account is with a local ISP. The mail server you used for that mail has a yahoo name and lives in this netblock OrgName: AltaVista Company NetRange: 209.73.160.0 - 209.73.191.255 and its contacts email addresses are all named yahoo. -- Mike Easter kibitzer, not SC admin From Willow at devnull.spamcop.invalid Thu Jun 1 23:14:28 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 22:15:04 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Mike Easter" wrote in message news:e5o64j$3tg$1@news.spamcop.net... > Willow wrote: >> today my email is >> coming back with the following paragraph of explanation. What does >> it mean? > > It means that the intended recipient of your mail was using one or more > blocklists to reject mail from spamsources and other abusive mailers. > Oh I see. I do understand most of your explanation. My Verizon DSL is associated with Yahoo. My setup is that I receive email from my ISP email server which is located in my town. But I SMTP email through the verizon/yahoo servers because my connection is Verizon. I will complain to Verizon that their Yahoo servers have cause my legit. email to be blocked. [It really is no surprise that Yahoo has a spammer.] Would it help to change the IP number by turning off the DSL modem overnight? I am guessing it won't because it will be the same yahoo server. At one time I could send and receive email through my email account ISP setup. But something happened at their server which made it necessary for me to send through the DSL server. Oh well, if life [and the Internet] was easy there would be no need to learn new ways of doing things. :-) Thank you for your help. -- Willow From MikeE at ster.invalid Thu Jun 1 20:24:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Thu Jun 1 22:25:06 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: > Would it help to change the IP number by turning off the DSL modem > overnight? I am guessing it won't because it will be the same yahoo > server. No [try to get a different IP] and correct [same smtp]. You don't have any control over what yahoo output server your mail uses. You use some smtp or smtpauth server of some name or another and your mail provider puts it out with the output server 'in the rotation' which you can't control. You can only control if you use some other smtp server for your mail out. > At one time I could send and receive email through my email account > ISP setup. But something happened at their server which made it > necessary for me to send through the DSL server. I'm not at all clear on what we are talking about there in that par. I don't understand what would keep you from being able to use some smtp server of an ISP with which you have an account. If you choose to remove your cloak of invisibility we might talk about it. I can only see the IP of your news nntp access which is your verizon dsl connectivity. I can't guess at any thing about what smtp servers you are allowed to use for your mail. Personally I only have my EL earthlink provider whose infrastructure is TimeWarner/RR, a gmail account, and access to a mchsi MediaCom sub-account which a friend loaned me to mess with to experiment with. > Thank you for your help. YW. -- Mike Easter kibitzer, not SC admin From Willow at devnull.spamcop.invalid Thu Jun 1 23:51:46 2006 From: Willow at devnull.spamcop.invalid (Willow) Date: Thu Jun 1 22:55:08 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Mike Easter" wrote in message news:e5o7hd$6sj$1@news.spamcop.net... > Willow wrote: > > I'm not at all clear on what we are talking about there in that par. I > don't understand what would keep you from being able to use some smtp > server of an ISP with which you have an account. If you choose to > remove your cloak of invisibility we might talk about it. I can only > see the IP of your news nntp access which is your verizon dsl > connectivity. I can't guess at any thing about what smtp servers you > are allowed to use for your mail. Personally I only have my EL > earthlink provider whose infrastructure is TimeWarner/RR, a gmail > account, and access to a mchsi MediaCom sub-account which a friend > loaned me to mess with to experiment with. > Thanks for the offer to help. I would not mind revealing my identity, however, I was able to setup the SMTP to go through the mail server that belongs to my email account instead of through Verizon/Yahoo. I don't know what the problem was that made it necessary to do that odd setup. I know some of the techs that work for the local ISP. They are good but lets just say, sometimes there is an unexplained glitch that suddenly gets fixed without explanation. The reason I have such a complicated connection/email situation is I kept my dialup ISP, email accounts amd web hosting that I have had for 10 years, even after subscribing to Verizon DSL. Verizon and the email account people said there could find no reason why I could not send email while connected via Verizon. But mail just would not go. So verizon suggested I send through their server and receive through the email account server. Go figure. Willow From / at /.cn Fri Jun 2 16:07:06 2006 From: / at /.cn (Petzl) Date: Fri Jun 2 01:10:07 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: "Willow" wrote in message news:e5o940$ah4$1@news.spamcop.net... [S] > Thanks for the offer to help. I would not mind revealing my identity, > however, I was able to setup the SMTP to go through the mail server that > belongs to my email account instead of through Verizon/Yahoo. I don't > know what the problem was that made it necessary to do that odd setup. I > know some of the techs that work for the local ISP. They are good but > lets just say, sometimes there is an unexplained glitch that suddenly gets > fixed without explanation. > > The reason I have such a complicated connection/email situation is I kept > my dialup ISP, email accounts amd web hosting that I have had for 10 > years, even after subscribing to Verizon DSL. Verizon and the email > account people said there could find no reason why I could not send email > while connected via Verizon. But mail just would not go. So verizon > suggested I send through their server and receive through the email > account server. Go figure. SpamCop only tries to block the actual computer sending the spam http://www.geobytes.com/IpLocator.htm Because some email servers are misconfigured they hide the IP source the spam comes from causing (after many abuse reports being sent) SpamCop to list the offending email server -- Petzl -- Check your computers security (free) From nobody at spamcop.net Fri Jun 2 21:52:18 2006 From: nobody at spamcop.net (Anony Mouse) Date: Fri Jun 2 04:55:17 2006 Subject: [SpamCop-List] Re: investment spam References: Message-ID: <447FFC42.4080804@spamcop.net> RandallW wrote: > I receive little floods of investment spam, for HYIP programs. Many of the > spamvertised sites don't seem to selling anything, as if the spam is just a > joe job. > > The spam comes in little surges; one arrives, then another about 3 min. > later, then another 3 min. for the next. Is it more likely, or less, the > spam is sent from infected machines? > > Example of this spam: > > http://www.spamcop.net/sc?id=z919835977z05598ec0f94abc1c736a216c01fcd68az > > Sent by a Russian trojan army... Anony Mouse Who killed the frog? From nobody at spamcop.net Fri Jun 2 22:10:11 2006 From: nobody at spamcop.net (Anony Mouse) Date: Fri Jun 2 05:15:09 2006 Subject: [SpamCop-List] Re: slow day? References: Message-ID: <44800073.9010002@spamcop.net> jg wrote: > On 4/25/2006 7:33 AM Maggie's Mom scribbled: > > >>Every now and then it does happen on Comcast.net too: no spam for couple of >>days. Don't worry, they usually make up for it with vengeance. >> > > Trust me, I wasn't /worried/. > 2 finally showed up last night and 1 overnight, still way below average. > Fine with me - but hope springs eternal in the wasteland (and its April, > too)... You can have some of the 250 odd I get a day. Anony Mouse Do not anger the gods. From nobody at devnull.spamcop.net Fri Jun 2 10:40:26 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 09:45:03 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: Willow wrote: ... > > Thanks for the offer to help. I would not mind revealing > my identity, however, I was able to setup the SMTP to go > through the mail server that belongs to my email account > instead of through Verizon/Yahoo. I don't know what the > problem was that made it necessary to do that odd setup. I > know some of the techs that work for the local ISP. They > are good but lets just say, sometimes there is an > unexplained glitch that suddenly gets fixed without > explanation. ... > Willow I'm not sure I have a good handle on your exact problem, but I can tell you a little about VZ's (with Yahoo) email ops. This is separate and different from anything spamcop related: VZ appear to be blocking port 25 smtp for any non-Verizon source. In other words, if you're using me @ NotVerizon . com to send an email, especially to another VZ customer (varying things happen) but to any other address, using VZ for transport, it will not go through. There are other variabilities too, and they won't tell you about them, and as far as I can find, have not documented them except to say they do some special things to prevent spam. You can learn more by going to the Verizon newsgroups and looking in verizon.mail and .email, I think they are. One way or another they've been mucking emails up since early April or before. Don't panic about ALL of the problems you'll see mentioned; some have been silently fixed. Ymmv, but I"ve never gotten anything but marketing hype responses to my requests/complaints to them. There's a workaround but I forget how to do it right now - they talk about it on the newsgroups. (news.verizon.net). Start with O.verizon.spam, I think it is. Near as I can tell, the ONLY VZ person ever touches the groups is whoever it is that takes care of adding/deleting newsgroups. HTH, Pop From kopfj at worldnet.att.net Fri Jun 2 07:56:06 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Jun 2 09:55:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> <1lvw31w8o6yzc$.dlg@news.spamcop.net> Message-ID: <44804376.A471C75C@worldnet.att.net> I tried that - here's what it showed (attachment): John Kopf "N. Miller" wrote: > > On Thu, 01 Jun 2006 16:15:57 -0700, John O. Kopf from SpamCop wrote: > > > Mike Easter wrote: > > >> SNIP > >> > >> Why don't you disable the FF plugin which is trying to interfere with > >> the ads and see what happens. > > > And how do I find this mysterious "FF" plugin to disable it in FireFox? > > I have NO idea where to look for it, nor how to access/control it. > > Start Firefox in the "safe mode", and see if it works that way. If so, > check your menu, Tools | Extensions, and see what extensions are active. > If you see an obvious extension for pop-up control, remove that one. > > -- > Norman > ~Oh Lord, why have you come > ~To Konnyu, with the Lion and the Drum From kopfj at worldnet.att.net Fri Jun 2 08:09:59 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Jun 2 10:10:02 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: <448046B7.F23C63FC@worldnet.att.net> Unfortunately, MetroFi now provides this broadband service to my town and to 2 more bordering cities (total population >100000), and will be putting it into other major cities ASAP. SO, many people on a limited budget (I'm retired) will be using this service, and won't have access to SpamCop. (SpamCop is definitely the site that's trying to turn off the ads!) The ads don't aflict Email, Usenet and FTP, which are what I use mostly - my predominant browser activity is to Spamcop (I complain about the Nigerian Scams, lottery scams, and phishing; I get 5-10 of these a day!!) John Kopf Geoffrey Hyde wrote: > > "John O. Kopf" wrote in message > news:447F273A.2A01D7B9@worldnet.att.net... > > My ISP is MetroFI (provide free community-wide broadband wireless > > connections to the internet; "free" because they insert an advertisement > > at the top of each screen. > > IMHO, you're paying $0 for what they said you would get. Ads with your > internet experience. > > > Midday Tuesday they made a change to their service. Previously, when I > > brought up http://members.spamcop.net/, it worked fine and their > > advertisements disappeared (my Browser, Firefox, provided the ability to > > remove the ads as well, by right-clicking on the part of interest and > > then selecting "This Frame"=>"Show only this frame"). > > It sounded like they had not at that point realized how people were getting > around the ads, and took actions (as you describe below) to remedy the > error. > > > Apparently the ISP has disabled this capability - as soon as the command > > goes out to "Show only this frame", the server treats it as a full > > screen refresh. > > Well, that's what you get for signing up with a "free" ISP. IMHO I would > much rather PAY money to an ISP to get zero ads without any weird internet > page hijacking done on the ISP's end. Feel free to dump them and get > someone you have to PAY money to in order to browse the internet. > > > The result is that MetroFI and SpamCop are "battling" one another, and > > nothing BUT the advertisements gets displayed. > > That is a result of their correction for your mistakenly thinking you could > get a free internet connection without ads for $0. > > > Is there any way I can continue to use spamcop in this environment? > > Say, by using a version of SpamCop that doesn't try to hide the ads? > > Well, if you want to keep the free ISP, you can try to uninstall the FireFox > plugin that is causing the conflict. Please browse the support tab located > on the following webpage for information on how to add/remove plugins if you > wish to try that: http://www.mozilla.com/firefox/ > > IMHO, I would much rather pay money for an ISP that doesn't try to serve me > ads. I've never liked ads and will never revisit sites that serve popups > the first time. > > Cheers ... > > Geoffrey Hyde From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 10:49:55 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 10:50:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > > That's a lot of trouble, but it /can/ be done. I thought there might be a way to do it, but I intuited that it would in fact be as complicated as you say, and at that time (perhaps even now) a little beyond my ability to render Base 64 properly. I tried a few times using an online Base 64 decoder but never (going by results) did it properly, so I dropped the attempt. > What is quicker to do if you know how to 'read' the raw unrendered body > is to examine the mail by its Properties, to see what is going on > inside -- whether or not there are any html tricks going on which would > 'bother you' from a security point of view. > > Then, if there are not, you would open the spam in OE and render the > graphic, because that is quicker than what I described above about > dissection and decoding and graphic viewing. > I generally look at the subject line and, if that is hashed (sometimes misleading, too), resort to viewing the source to look for clues as to content, for purposes of forwarding properly. If I can do that, I never render the .GIF. If I can't, I go offline and have a look. I think we are on about the same wavelength here -- as John McLaughlin would say, I've "lurched uncontrollably into the truth." Parting comment -- it seems to me that these .GIF images we're talking about are Leo's products mostly, and that he's using them to "force" even reporters to look at his turds. Taken together with the BlueFrog/BlueSecurity episode (ROKSO cites commenters who attribute the "PharmaMaster" exploit to Leo), it bespeaks more than a little power-madness in our Russian nuisance, and high (and frustrated) ego needs. Perhaps he has performance issues in the sack; he certainly seems to recommend Cialis and Viagra to everyone, for just about everything. Never mind that his stuff is counterfeit, whomped up in a laundry-room somewhere from soap powder and floorsweeps, dyed and pressed into counterfeit tablets. Maybe he's a good prospect for real Paxil, or just maybe some St. John's Wort. Thanks for the comments, Michael From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 11:14:28 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 11:15:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <01c68596$0005b340$LocalHost@default> Message-ID: <448055D4.9985F941@SpamCop.devnull.diespammerdie.net> Michael R N Dolbear wrote: > > Michael Brennan wrote > > > > The problem is, the stock-spammers especially, and some of the > > pill-spammers (I suspect Leo is doing this), wrap their payloads in > > Base-64 encoded .GIF images. I just can't tell what the material is > > without either opening the spam or previewing it. I do that offline, > > Just do a Judge Dredd on any emails that contain Base-64 anything ? > My experience is that only spammers use it. Right, but the problem is to get them in the right cubbyhole, as I described above, for different addee lists. > Worth trying SpamPal. I'm rapidly coming to the same conclusion. I don't have time to dance with Leo and pals 26 times a day. I'm pretty diligent about reporting (timeliness is another matter); I can't stand not reporting these guys, when they just drop by every 30 minutes or so to take a whiz in my Wheaties. I want them all to die ugly, but pending that lyrical outcome, I'm pretty insistent on reporting them as many ways and to as many agencies and NGO's as may prove likely to hurt them. At least Leo is now on the run; he was stupid enough to pass some of his spams around from a location in Massachusetts, which means the Massachusetts attorney general now owns his scrawny little butt. Eventually some people in clunky army shoes will catch up to him and ship him to Boston in a packing crate with little air holes in it, whereupon he will become the most computer-literate laundress and cellblock party-girl in America and the world. > I use the SpamCop filteration service, which let though 31 'leakers' > and held 2702 spams (no false positives) in May. > That would be a really good outcome. I don't have a paid SpamCop account, though, and so am still consigned to conventional full reporting. I'm thinking of just bit-bucketing the trapped UCE's, if I do install SpamPal or SpamBuddy. Or, as you say, doing a "Judge Dredd" on them, and denying their motion. Thanks for the comments, Michael From Nobody at SpamCop.devnull.diespammerdie.net Fri Jun 2 11:20:06 2006 From: Nobody at SpamCop.devnull.diespammerdie.net (Michael Brennan) Date: Fri Jun 2 11:25:03 2006 Subject: [SpamCop-List] Re: Automatic reporting and Slashdot References: Message-ID: <44805726.99B6B4C7@SpamCop.devnull.diespammerdie.net> Mike Easter wrote: > > Stephan Jau made a linux php script for auto-reporting to SC > > http://www.howtoforge.com/automate_spamcop_submissions How To Automate > Spamcop Submissions > Thanks, Mike, for the link. Very timely. Michael From nobody at devnull.spamcop.net Fri Jun 2 12:58:43 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 12:00:02 2006 Subject: [SpamCop-List] SpamCop could not find your spam message in this email: Message-ID: OK, I'm stumped and need your thoughts: All of a sudden I'm getting the dreaded "SpamCop could not find your spam message in this email:" error message returned when I submit spams via email (one at a time; only get one or two every other day or so). Searching messages didn't help; some entries found, but nothing applicable - stuff I've already done even though I rechecked. If I report them manually by pasting the source into the spamcop parse window, they report fine. So it's only when I submit by email. I've been able to smugly bypass most of the "can't find" threads for a few years now; until about Tuesday of this week when this started. Personally I've changed nothing but I've had a couple of updates install; windows, Corel, and WGA. Here's what I think: -- For whatever reason I'm not getting a cookie -from- spamcop. I've searched for files with "spamcop" in them and found nothing. Winpatrol shows no spamcop cookies arrived. Is there any way I could have caused that? I don't -think- I did! Here's what I've done: -- Specifically allowed spamcop in my firewall -- specifically allowed spamcop in Internet Options and set Manual cookie control to always accept first party and always allow session cookies. -- Checked that Winpatrol isn't seeing them; it's not. Here's what I need: HELP! Relevant Comments would be much appreciated. I've probably done something pretty stupid but it eludes me at the moment what it might have been. Intentionally I've done NADA. Oh yeah, updated av and spyware arsenal found nothing either. TIA Pop -- Today! When? Why? How? WHERE??? From MikeE at ster.invalid Fri Jun 2 10:24:18 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 12:25:03 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: POP wrote: > All of a sudden I'm getting the dreaded "SpamCop could not > find your spam message in this email:" error message returned > when I submit spams via email (one at a time; only get one or two > every other day or so). SC sends you the headers it gets, and I think sometimes it even sends a tracker for a failed parse, but I'm not sure about the tracker for all failures. In any case, the headers you see in that failure message would be useful. You could save the complete headers and body from the spamcop mail into spamcop.spam by saving the SC mail as an .eml or .txt file and then attach it to a news message so that it doesn't get mangled by linewraps caused by your newsreader. You could also send yourself a copy of the item you are sending to submit so that you would see what the parser is receiving. > If I report them manually by pasting the source into the spamcop > parse window, they report fine. So it's only when I submit by > email. Submitting by mail has a lot more ways to go wrong than pasting into the webparser. > Here's what I think: > -- For whatever reason I'm not getting a cookie -from- spamcop. A cookie has nothing to do with submitting by mail problems. The parser is not getting a 'proper' spam submission via the mail. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 10:34:21 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 12:35:03 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: Mike Easter wrote: > POP wrote: > >> All of a sudden I'm getting the dreaded "SpamCop could not >> find your spam message in this email:" error message returned >> when I submit spams via email (one at a time; only get one or two >> every other day or so). > > SC sends you the headers it gets, and I think sometimes it even sends > a tracker for a failed parse, but I'm not sure about the tracker for > all failures. Another way to display what you get back from SC is to put the SC 'could not find' mail [as an item with complete headers from the message properties of the mail] into the webparser as if it were a spam, get a tracker for it, cancel the report, and post the tracker in here. You also didn't say what mailuser agent you were using to email submit your spam-- and exactly what steps you were using to do that. -- Mike Easter kibitzer, not SC admin From discard at nirocomputers.co.uk Fri Jun 2 19:00:03 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:05:03 2006 Subject: [SpamCop-List] Automated reporting Message-ID: So I use Fastmail.fm for my email, and I have 47 domains where every single email sent to those domains goes into my inbox. I then use Sieve scripts to weed out the worst part of the SPAM, very sucessfully I may add and most 95% of all my Spam ends up in a folder I call "NastySpam" a further 4% ends up in my junk mail folder, but I check those emails out closely to see if they are something Im interested in and a small amount (the reamainder ends up in my Inbox. But several times a day I put it all into one folder and I forward to spamcop. I send perhaps 150 emails a day to Spamcop. But the most annoying part of this is then have check and submit each of those emails before they are actually reported. Why? Whats the point except to annoy me? Why am I forced to do this? If the answer is its so I can review the emails, well I've already reviewed them in my Fastmail account to the maximum amount I ever want to review them, all I want is have the emails I know are spam used to combat the menace of Spam, so why am I forced to sit there for nearly an hour each day pressing buttons and clicking on links when the whole thing could be automated? Jason From MikeE at ster.invalid Fri Jun 2 11:02:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 13:05:05 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> <1lvw31w8o6yzc$.dlg@news.spamcop.net> <44804376.A471C75C@worldnet.att.net> Message-ID: John O. Kopf wrote: > I tried that - here's what it showed (attachment): Don't post binary attachments in the discussion newsgroups, please.. Don't top post untrimmed non-contextualized replies, please.. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 11:11:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 13:15:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > But the most annoying part of this is then have check and submit each > of those emails before they are actually reported. > > Why? Whats the point except to annoy me? Why am I forced to do this? Normal or regular reporting performs an 'oversight' process by which the human reporter is overseeing not only the accuracy of the parse for source [assuming some competence of the human to oversee a spamcop parse for source] as well as overseeing the veracity of the body parse for what is a spamvertiser vs what is something else like an innocent bystander instead of a spamvertiser. There are some things I don't like about the regular parsing algorithm myself, but that is the way it is. > If the answer is its so I can review the emails, I wouldn't say reviewing the mails is very important -- because the same reporter which calls something spam which isn't spam is still going to make a mistake calling it spam during the parser reporting oversight proces. > so why am I forced to sit there > for nearly an hour each day pressing buttons and clicking on links > when the whole thing could be automated? You are choosing to do that so that you can toothlessly notify the blackhat nonresponsive spamvertiser providers and give that cohort to the spamvertiser a copy of your spam's evidence. If you don't want to do it that way, configure for mailhosts and quickreport -- which quick report will report only the spamsourcefor SCbl counting, not the spamvertiser, and which does not require the oversight. An important disadvantage to quick reporting is that if something changes about your mailhost configuration, you may be reporting great quantities of reports against your own provider, which can get your mail provider listed and which can cause you to lose your mail account/s as well as your spamcop account for 'false' reporting. -- Mike Easter kibitzer, not SC admin From nobody at spamcop.net Fri Jun 2 11:11:19 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Jun 2 13:15:06 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: On Thu, 1 Jun 2006 22:14:28 -0400, Willow from SpamCop wrote: > Would it help to change the IP number by turning off the DSL modem > overnight? I am guessing it won't because it will be the same yahoo server. No. It is the Yahoo! server that is listed, not your public IP address. It might help to switch from Verizon Yahoo! (uses 'smtp.yahoo.verizon.net' for outgoing email) to pure VOL (Verizon On-Line; uses 'outgoing.verizon.net' for outgoing email). Unless 'outgoing.verizon.net' is also prone to abusive behavior. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at spamcop.net Fri Jun 2 11:14:46 2006 From: nobody at spamcop.net (N. Miller) Date: Fri Jun 2 13:15:07 2006 Subject: [SpamCop-List] Re: What does this mean? References: Message-ID: <4mw04k18ijh6.dlg@news.spamcop.net> On Thu, 1 Jun 2006 22:51:46 -0400, Willow from SpamCop wrote: > The reason I have such a complicated connection/email situation is I kept my > dialup ISP, email accounts amd web hosting that I have had for 10 years, > even after subscribing to Verizon DSL. Verizon and the email account people > said there could find no reason why I could not send email while connected > via Verizon. But mail just would not go. So verizon suggested I send > through their server and receive through the email account server. Go > figure. Check with your dial-up provider. See if they offer SMTP AUTH access. If they don't, suggest that they add that kind of support. Better, mention RFC 2476 to them. Adding SMTP AUTH support with port 587 will bring their SMTP service into the 21st Century. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum From nobody at devnull.spamcop.net Fri Jun 2 14:22:49 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 13:25:02 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: >> POP wrote: >> >>> All of a sudden I'm getting the dreaded "SpamCop >>> could not find your spam message in this email:" error >>> message returned when I submit spams via email (one at a >>> time; only get one or two every other day or so). >> >> SC sends you the headers it gets, and I think sometimes it >> even sends a tracker for a failed parse, but I'm not sure >> about the tracker for all failures. > > Another way to display what you get back from SC is to put > the SC 'could not find' mail [as an item with complete > headers from the message properties of the mail] into the > webparser as if it were a spam, get a tracker for it, > cancel the report, and post the tracker in here. > > You also didn't say what mailuser agent you were using to > email submit your spam-- and exactly what steps you were > using to do that. > > > > -- > Mike Easter > kibitzer, not SC admin Hmm, Thanks, Mike; I'll get that together. I kept one spam just for fiddling with this since I don't get many lately. Yeah, I know; famous last words! I'm using OE6, something with OE quotefix, sometimes not, at the moment. I forget which I have going right now. XP XP2 + , av, spyware arsenal, etc etc. all updated yesterday or this am. Thanks for noticing my post; will be back as soon as I can. Also gonna do a power-off instead of a Reset before I come back; just in case it changes something, which I know it won't, but ... more skidmarks in the sky. Pop From nobody at nowhere.not Fri Jun 2 18:28:06 2006 From: nobody at nowhere.not (Robert Blair) Date: Fri Jun 2 13:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> Message-ID: On Thu, 1 Jun 2006 16:05:40 UTC, "Mike Easter" wrote: > You can 'dissect' a mail item so that you can view the graphic without > ever opening the mail. You would access the unrendered complete headers > and contiguous unrendered body. Then you would identify the MIME > structure that shows you where the b64 encoded .gif part is. Then you > would save that part and decode the b64 to get the .gif, then you would > use a graphic viewer to visualize 'read' the .gif contents. > > That's a lot of trouble, but it /can/ be done. With a good email client you do not have to go through all that. I use Polarbar and do not have any problem with opening my email. I set it to text only which displays the text part if included and the html (first stripping the html tags) content if no text part. Any images have an icon to click if I want to look at them. None of the problems of running scripts and a bayesian filter to catch spam along with user written filters. I recently had a spam with the subject "We smash bayesian" which went to the spam folder which gave my a smile. -- Robert Blair From Kilgallen at SpamCop.net Fri Jun 2 13:30:35 2006 From: Kilgallen at SpamCop.net (Larry Kilgallen) Date: Fri Jun 2 13:35:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: In article , "Jason Ward" writes: > So I use Fastmail.fm for my email, and I have 47 domains where every single > email sent to those domains goes into my inbox. Even for non-existent mailboxes ? That would be a mistake. From discard at nirocomputers.co.uk Fri Jun 2 19:32:17 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:35:05 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Mike Easter" wrote in message news:e5prf4$ifp$1@news.spamcop.net... > I wouldn't say reviewing the mails is very important -- because the same > reporter which calls something spam which isn't spam is still going to > make a mistake calling it spam during the parser reporting oversight > proces. Can you explain to me in somewhat simple terms what I'm checking for? To tell the truth right now I'm checking nothing, it already takes too long just pressing the buttons and link, but it would be good to know what it is I am supposed to be doing. > If you don't want to do it that way, configure for mailhosts and > quickreport -- which quick report will report only the spamsourcefor > SCbl counting, not the spamvertiser, and which does not require the > oversight. > > An important disadvantage to quick reporting is that if something > changes about your mailhost configuration, you may be reporting great > quantities of reports against your own provider, which can get your mail > provider listed and which can cause you to lose your mail account/s as > well as your spamcop account for 'false' reporting. Can you explain what you mean by "if something changes about your mailhost configuration"? I have absolutly no desire to report Fastmail.fm for some infraction, but I would like to automate the process. I havent regestered in the "mailhost configurtation" I saw on the website because I thought with 47 domains the process would take me hours and I could easily get it wrong. But appart from a few small cases where I have my gmail account forward emails to Fastmail.fm and where I have Fastmail.fm POP emails from Hotmail and Yahoo I think my setup is very simple, all of my 47 domains have MX records that point directly to Fastmails servers. But I will register them if it reduces the chace of a false positive against Fastmail.fm. Jason From discard at nirocomputers.co.uk Fri Jun 2 19:40:56 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:45:02 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Larry Kilgallen" wrote in message news:p+HCcDkRzP5N@eisner.encompasserve.org... >> So I use Fastmail.fm for my email, and I have 47 domains where every >> single >> email sent to those domains goes into my inbox. > > Even for non-existent mailboxes ? That would be a mistake. Works extremly well for me, allows me to use discardable email addresses without thinking about it, and if the email address ends up being used by a spammer I just add it to my Sieve script. I only get 3 or 4 spam emails a day that I look at, most are very accuratly identified by my Sieve script (using things like discardable email addrresses and Spamasasin) Jason From nospam at nospam.org Fri Jun 2 20:41:38 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 13:45:05 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > So I use Fastmail.fm for my email, and I have 47 domains where every single > email sent to those domains goes into my inbox. > > I then use Sieve scripts to weed out the worst part of the SPAM, very > sucessfully I may add and most 95% of all my Spam ends up in a folder I call > "NastySpam" a further 4% ends up in my junk mail folder, but I check those > emails out closely to see if they are something Im interested in and a small > amount (the reamainder ends up in my Inbox. > > But several times a day I put it all into one folder and I forward to > spamcop. > > I send perhaps 150 emails a day to Spamcop. > > But the most annoying part of this is then have check and submit each of > those emails before they are actually reported. > > Why? Whats the point except to annoy me? Why am I forced to do this? > > If the answer is its so I can review the emails, well I've already reviewed > them in my Fastmail account to the maximum amount I ever want to review > them, all I want is have the emails I know are spam used to combat the > menace of Spam, so why am I forced to sit there for nearly an hour each day > pressing buttons and clicking on links when the whole thing could be > automated? > > Jason > > Why don't you do it the other way around? Take a spamcop mail account and a fastmail account. The spamcop mail account does all the popping, and creates the held mail, and fastmail is the forwarding address after spamcop. Once per day you check your spamcop account, and you do a quick report on all held mail. Ejo From discard at nirocomputers.co.uk Fri Jun 2 19:45:44 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 13:50:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5pt8f$jdu$1@news.spamcop.net... > > Why don't you do it the other way around? Take a spamcop mail account and > a fastmail account. The spamcop mail account does all the popping, and > creates the held mail, and fastmail is the forwarding address after > spamcop. Once per day you check your spamcop account, and you do a quick > report on all held mail. I didnt know SpamCop offered that service, but those 47 domains have MX records that point direct to Fastmail.fm servers, Fastmail.fm dont POP appart from my Hotmail and Yahoo accounts. Also my Sieve script is an important part of what allows me to work out what is spam and what isnt, do you get those features with SpamCop? Jason From vxpy7do02 at sneakemail.com Fri Jun 2 12:02:29 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Fri Jun 2 14:05:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote in message news:44805013.25B4EE56@SpamCop.devnull.diespammerdie.net... > Mike Easter wrote: >> > >> >> You can 'dissect' a mail item so that you can view the graphic without >> ever opening the mail. You would access the unrendered complete headers >> and contiguous unrendered body. Then you would identify the MIME >> structure that shows you where the b64 encoded .gif part is. Then you >> would save that part and decode the b64 to get the .gif, then you would >> use a graphic viewer to visualize 'read' the .gif contents. >> >> That's a lot of trouble, but it /can/ be done. > > > > I thought there might be a way to do it, but I intuited that it would in > fact be as complicated as you say, and at that time (perhaps even now) a > little beyond my ability to render Base 64 properly. I tried a few > times using an online Base 64 decoder but never (going by results) did > it properly, so I dropped the attempt. > I tried the ICEOWS program that Mike Easter suggested in a very recent post and the process consisted of pasting the base64 into a word processor (notepad), saving and then sending that file to ICEOWS - opening the translated file in a viewer to se the picture. Not really too cumbersome. -- A SpamCop user and forum reader, Not Admin From nobody at spamcop.net Fri Jun 2 15:20:30 2006 From: nobody at spamcop.net (indigo) Date: Fri Jun 2 14:25:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <447F752D.1C6BE303@worldnet.att.net> Message-ID: Mike Easter wrote: > > >>> their advertisements disappeared (my Browser, Firefox, provided > >>> the > ability to remove the ads as well, by right-clicking on the part of > interest and then selecting "This Frame"=>"Show only this frame"). > > That is you describing yourself using a FF plugin or extension, where > FF = Firefox and the ad removal = a FF plugin, presumably the "EditCSS > extension" tool. More likely the "adblock" plugin, I'd think. From MikeE at ster.invalid Fri Jun 2 12:24:04 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 14:25:07 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > "Mike Easter" >> I wouldn't say reviewing the mails is very important -- because the >> same reporter which calls something spam which isn't spam is still >> going to make a mistake calling it spam during the parser reporting >> oversight proces. > > Can you explain to me in somewhat simple terms what I'm checking for? During the oversight process you should be making sure that you aren't reporting your own mail provider as a source -- in addition, as your skills as a human parser improve, you can actually 'doublecheck' the parser by looking at the headers to see if it looks to you like the parser is getting the right answer about the source. The oversight is also supposed to be a chance for you as a human to know the difference between what URLs found in the spambody are actually spamvertised, and which ones are simply IBs innocent bystanders which were site/s mentioned in the spam, but which are not the actual spamvertiser. In addition, you could use information obtained during the parse to check various spam databases to help yourself judge whether or not SC is going to be notifying a blackhat provider instead of some provider which is likely to be responsive in a useful way. In addition, by 'reading' the verbose of the parse, you can train your self to be a better parser -- in fact, the human parser with some tools can parse spams and notify for spams better than the algorithm does. > To tell the truth right now I'm checking nothing, it already takes > too long just pressing the buttons and link, but it would be good to > know what it is I am supposed to be doing. Yes -- you are definitely supposed to be doing something responsible rather than wasting your time. > Can you explain what you mean by "if something changes about your > mailhost configuration"? A 'default' configuration reporter isn't mailhost configured. A default reporter has a higher chance of the parser making an error about the parse than a reporter which has mailhost configured. But, even a mailhost configured reporter can get a bad parse if the mailhost configuration of the provider changes. > I havent regestered in the "mailhost configurtation" I saw on the > website because I thought with 47 domains the process would take me > hours and I could easily get it wrong. Some people have a great deal of trouble mailhost configuring. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Fri Jun 2 12:28:15 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 14:30:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > I tried the ICEOWS program Tinker around with it -- it has a lot of capabilities. //from the iceows help// // ICEOWS supports long filenames, file protection and multi-volumes for ICE, ARJ, RAR and ACE files. ICEOWS also uncompress GZip, TGZ, TAR, CAB, RAR, ACE, PK3, Java Archive (JAR,EAR,WAR), Internet Mail (.mime, uue, xxe, b64, hqx) LHA, LZH, LZS and IMP files. With ICEOWS you can also create and test SFV (Simple File Validator) files .// -- Mike Easter kibitzer, not SC admin From pbarwich at barorny.com Fri Jun 2 20:48:48 2006 From: pbarwich at barorny.com (Peter) Date: Fri Jun 2 14:50:03 2006 Subject: [SpamCop-List] Re: Saw this on NANAE - Automating SpamCop submissions In-Reply-To: References: <447DCA04.DF567F33@spamcop.net> <1a519c0gr08l0.dlg@news.spamcop.net> Message-ID: D-W-S wrote: > N. Miller wrote on Wed, 31 May 2006 11:03:39 -0700: > > >>Not good. Without human oversight you will, ultimately, send reports to >>the wrong places. If your mail service makes a change which breaks your >>mail host configuration, that could include your own provider. > > > OTOH, if *you* provide your own mail service and you don't rely on your > ISP, then you're not subject to such problems. Use the 'quick' address instead of the 'submit' address, having got permission of course. That takes away half the issue of having to automatically confirm. And, oh, I thought *nix produced simple scripts. My Windows batch file for learning and submitting looks like this. FOR /R C:\spam %%X IN (*.eml) DO blat "%%X" -to quick.secretcode@spam.spamcop.net @echo off echo This will make spamassassin learn spam and ham, and then archive the messages. cd\ call sa-learn --spam --progress c:\spam\*.* call sa-learn --ham --progress c:\legit\*.* if exist c:\spam\*.eml goto spamexists echo No spam in directory to archive... goto endspam :spamexists move c:\spam\*.* "C:\Copy of Annies old Junk\" :endspam if exist c:\legit\*.eml goto hamexists echo No ham in directory to archive... goto endham :hamexists move "c:\legit\*.*" "C:\Copy of Annies old Legit\" :endham If you schedule it to run as another windows administrative user you don't even get the dos box pop up when it runs. From nospam at nospam.org Fri Jun 2 21:52:05 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 14:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote in message > news:e5pt8f$jdu$1@news.spamcop.net... >> Why don't you do it the other way around? Take a spamcop mail account and >> a fastmail account. The spamcop mail account does all the popping, and >> creates the held mail, and fastmail is the forwarding address after >> spamcop. Once per day you check your spamcop account, and you do a quick >> report on all held mail. > > I didnt know SpamCop offered that service, but those 47 domains have MX > records that point direct to Fastmail.fm servers, Fastmail.fm dont POP > appart from my Hotmail and Yahoo accounts. So, change the MX records so that they forward to your new spamcop mail account, and then let spamcop forward it to your existing fastmail account. > Also my Sieve script is an important part of what allows me to work out what > is spam and what isnt, do you get those features with SpamCop? You will see that spamcop is a bit more efficient than fastmail filtering the spam (at least, this is my experience). I guess you could do the filtering you did before in fastmail. Spamcop does allow you to write filters, but is there still a need to do so in the new situation? My 2 cents, Ejo From discard at nirocomputers.co.uk Fri Jun 2 20:54:31 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 14:55:04 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5q1cj$mov$1@news.spamcop.net... > So, change the MX records so that they forward to your new spamcop mail > account, and then let spamcop forward it to your existing fastmail > account. > Where is the documentation on this? How flexible is it? From nospam at nospam.org Fri Jun 2 22:33:48 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 15:35:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote in message > news:e5q1cj$mov$1@news.spamcop.net... >> So, change the MX records so that they forward to your new spamcop mail >> account, and then let spamcop forward it to your existing fastmail >> account. >> > > Where is the documentation on this? How flexible is it? > > This is a good starting point: http://mailsc.spamcop.net/fom-serve/cache/289.html Ejo From discard at nirocomputers.co.uk Fri Jun 2 21:51:40 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 15:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Ejo" wrote in message news:e5q3qq$of1$1@news.spamcop.net... > This is a good starting point: > > http://mailsc.spamcop.net/fom-serve/cache/289.html > > Ejo Huh? Trying to visit that page just gets me username / password dialouge that doesnt accept my Spamcop username and password, cancelling the dialouge takes me here http://www.spamcop.net/denied.shtml and in the top right hand corner of that page shows me as loged in and offers to let me log out! Huh? Jason From tmcgraw at spamcop.net Fri Jun 2 13:52:10 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 15:55:06 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Ejo wrote: > Jason Ward wrote: >> "Ejo" wrote: >>> So, change the MX records so that they forward to your new spamcop >>> mail account, and then let spamcop forward it to your existing >>> fastmail account. >> Where is the documentation on this? How flexible is it? > This is a good starting point: > > http://mailsc.spamcop.net/fom-serve/cache/289.html > > Ejo With all due respect, you could search there until the cows come home and you won't find anything about the quick submit function. And I believe that is by design. It's probably tough enough to keep the lid on regular VER. From tmcgraw at spamcop.net Fri Jun 2 13:53:22 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 15:55:07 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Ejo" wrote: >> This is a good starting point: >> >> http://mailsc.spamcop.net/fom-serve/cache/289.html >> >> Ejo > Huh? Trying to visit that page just gets me username / password dialouge > that doesnt accept my Spamcop username and password, cancelling the dialouge > takes me here http://www.spamcop.net/denied.shtml and in the top right hand > corner of that page shows me as loged in and offers to let me log out! Replace "mailsc" w "www" From MikeE at ster.invalid Fri Jun 2 14:00:57 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 16:05:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Jason Ward wrote: > "Ejo" >> http://mailsc.spamcop.net/fom-serve/cache/289.html Ejo was trying to send you to this page http://www.spamcop.net/fom-serve/cache/289.html SpamCop Mail Service for some reason, but I don't know why. > Huh? Trying to visit that page just gets me username / password Yes. Ejo was giving you a link which is only good for people with mail accounts. There are 3 kinds of links around here, those for free spamcop users www.spamcop.net - those for paid spamcop members members.spamcop.net - and those for mail account clients mailsc.spamcop.net So, when a member or mail account person tries to show someone a page, they should convert the link to a generic one for free spamcop users, because everyone can use that type. > dialouge that doesnt accept my Spamcop username and password, > cancelling the dialouge takes me here > http://www.spamcop.net/denied.shtml and in the top right hand corner > of that page shows me as loged in and offers to let me log out! > > Huh? Yep. That's what happens when the link is given with that 3rd level domainname. Thanks for trimming and contextualizing, Jason. It works much much better that way. -- Mike Easter kibitzer, not SC admin From discard at nirocomputers.co.uk Fri Jun 2 22:01:46 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 16:05:06 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Tim McGraw" wrote in message news:e5q4ta$p2h$1@news.spamcop.net... > > With all due respect, you could search there until the cows come home and > you won't find anything about the quick submit function. > > And I believe that is by design. It's probably tough enough to keep the > lid on regular VER. Also there is nothing there about MX records and using your own domains with SpamCop mail service. Have looked at most of the documents there I would say SpamCop do not support people point their domain MX records at their mailservers and if they do support that they really don't want people to know. Without MX support I just could not use SpamCops mail service, for me it would be like a chocolate fire guard. Jason From discard at nirocomputers.co.uk Fri Jun 2 22:13:08 2006 From: discard at nirocomputers.co.uk (Jason Ward) Date: Fri Jun 2 16:15:02 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Mike Easter" wrote in message news:e5q5dm$pdh$1@news.spamcop.net... > Thanks for trimming and contextualizing, Jason. It works much much > better that way. Not a problem, whilst Im a newbie here I am well practiced in newsgroups/mailing list/web groups and in some of them at least I even appear as one of the long standing expert gandees, not sure I'll ever achieve that status in my own mind though! Jason From user at example.com Fri Jun 2 16:16:11 2006 From: user at example.com (cwg) Date: Fri Jun 2 16:20:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: "John O. Kopf" <> wrote in message news:447F273A.2A01D7B9@worldnet.att.net... > My ISP is MetroFI (provide free community-wide broadband wireless > connections to the internet; "free" because they insert an advertisement > at the top of each screen. > > Midday Tuesday they made a change to their service. Previously, when I > brought up http://members.spamcop.net/, it worked fine and their > advertisements disappeared (my Browser, Firefox, provided the ability to > remove the ads as well, by right-clicking on the part of interest and > then selecting "This Frame"=>"Show only this frame"). > > Apparently the ISP has disabled this capability - as soon as the command > goes out to "Show only this frame", the server treats it as a full > screen refresh. > > The result is that MetroFI and SpamCop are "battling" one another, and > nothing BUT the advertisements gets displayed. > > Is there any way I can continue to use spamcop in this environment? > Say, by using a version of SpamCop that doesn't try to hide the ads? > > John KOpf [BigBoldLetters](my Browser, Firefox, provided the ability to > remove the ads as well, by right-clicking on the part of interest and > then selecting "This Frame"=>"Show only this frame").[/BigBoldLetters] Ladies and Gentlemen, this is a User Action the person is doing, Firefox NATIVELY provides a means to bust out of a frame webpage and focus only on one frame of the page. Apparently the network is wrapping the incoming page with a frame, loading the top of the frame with the AD page, and the content of the page he is visiting is wrapped in the bottom of the frames page. Hence: [frameset rows="64,*"] [frame name="header" scrolling="no" noresize src="bannerad.htm"] [frame name="main" src="website"] [/frameset] And the bannerad.htm page has a javascript action unload() where it reloads the frameset it lives in, hence, sites which check whether they're the top most window in the browser, upon finding that they're not, will cause the window.location to be reset for their site, triggering the unload() action of the bannerad page, loop, loop, loop. And the unload() action is also triggered when you right click on the lower frame and tell the browser, "Show only this frame." From nospam at nospam.org Fri Jun 2 23:16:18 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 16:20:07 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Jason Ward wrote: > "Tim McGraw" wrote in message > news:e5q4ta$p2h$1@news.spamcop.net... >> With all due respect, you could search there until the cows come home and >> you won't find anything about the quick submit function. >> >> And I believe that is by design. It's probably tough enough to keep the >> lid on regular VER. > > Also there is nothing there about MX records and using your own domains with > SpamCop mail service. > > Have looked at most of the documents there I would say SpamCop do not > support people point their domain MX records at their mailservers and if > they do support that they really don't want people to know. > > Without MX support I just could not use SpamCops mail service, for me it > would be like a chocolate fire guard. > > Jason Sorry about the link, should have realized that you need a mail account at spamcop to read those. Spamcop mail can pop for you, or you forward mail to your spamcop mail account. If you need to redesign your mx records, then perhaps set up somewhere a unix host to which you can point your mx records, and where you have postfix and sendmail, then forward it from there to your spamcop mail account, and from there you forward it to fastmail. Ejo From MikeE at ster.invalid Fri Jun 2 14:16:44 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 16:20:09 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: Mike Easter wrote: >> "Ejo" > >>> http://mailsc.spamcop.net/fom-serve/cache/289.html > > Ejo was trying to send you to this page > http://www.spamcop.net/fom-serve/cache/289.html SpamCop Mail Service > > for some reason, but I don't know why. Doh. I get it. Ejo was trying to show a page with features about SC mail accounts, as opposed to fastmail's. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Fri Jun 2 23:17:52 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 16:20:10 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: >>> "Ejo" >>>> http://mailsc.spamcop.net/fom-serve/cache/289.html >> Ejo was trying to send you to this page >> http://www.spamcop.net/fom-serve/cache/289.html SpamCop Mail Service >> >> for some reason, but I don't know why. > > Doh. I get it. Ejo was trying to show a page with features about SC > mail accounts, as opposed to fastmail's. > > Yep. From tmcgraw at spamcop.net Fri Jun 2 14:43:37 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 16:45:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Ejo wrote: > Jason Ward wrote: >> >> Without MX support I just could not use SpamCops mail service, for me >> it would be like a chocolate fire guard. > Sorry about the link, should have realized that you need a mail account > at spamcop to read those. > > Spamcop mail can pop for you, or you forward mail to your spamcop mail > account. > > If you need to redesign your mx records, then perhaps set up somewhere a > unix host to which you can point your mx records, and where you have > postfix and sendmail, then forward it from there to your spamcop mail > account, and from there you forward it to fastmail. If one had a unix host with postfix and sendmail one could use the scbl (or any other bl), yes? From nospam at nospam.org Fri Jun 2 23:51:38 2006 From: nospam at nospam.org (Ejo) Date: Fri Jun 2 16:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: Tim McGraw wrote: > Ejo wrote: >> Jason Ward wrote: >>> >>> Without MX support I just could not use SpamCops mail service, for me >>> it would be like a chocolate fire guard. >> Sorry about the link, should have realized that you need a mail >> account at spamcop to read those. >> >> Spamcop mail can pop for you, or you forward mail to your spamcop mail >> account. >> >> If you need to redesign your mx records, then perhaps set up somewhere >> a unix host to which you can point your mx records, and where you have >> postfix and sendmail, then forward it from there to your spamcop mail >> account, and from there you forward it to fastmail. > > If one had a unix host with postfix and sendmail one could use the scbl > (or any other bl), yes? In that case you install for instance spamassassin, and that allows you to check many different blocking lists, occams razor, bayesian junk filtering etc etc. But still you would have to do something to report received spam if that is your intention. Ejo From vxpy7do02 at sneakemail.com Fri Jun 2 14:54:07 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Fri Jun 2 16:55:05 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: "Mike Easter" wrote in message news:e5pvvs$lhr$1@news.spamcop.net... > anon wrote: > >> I tried the ICEOWS program > > Tinker around with it -- it has a lot of capabilities. > > //from the iceows help// > > // ICEOWS supports long filenames, file protection and multi-volumes for > ICE, ARJ, RAR and ACE files. ICEOWS also uncompress GZip, TGZ, TAR, > CAB, RAR, ACE, PK3, Java Archive (JAR,EAR,WAR), Internet Mail (.mime, > uue, xxe, b64, hqx) LHA, LZH, LZS and IMP files. > With ICEOWS you can also create and test SFV (Simple File Validator) > files .// > > Yes I noticed that paragraph - reads almost like Infanview capabilities. Will translate almost anything. How does SFV work and how/why is it used? -- A SpamCop user and forum reader, Not Admin > -- > Mike Easter > kibitzer, not SC admin > From nobody at devnull.spamcop.net Fri Jun 2 17:01:12 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 2 17:05:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Jason Ward" wrote in message news:e5q5fa$pf1$1@news.spamcop.net... > "Tim McGraw" wrote in message > news:e5q4ta$p2h$1@news.spamcop.net... > > > > With all due respect, you could search there until the cows come home and > > you won't find anything about the quick submit function. > > > > And I believe that is by design. It's probably tough enough to keep the > > lid on regular VER. Damn this gets old. The SpamCop.net "e-mail" stuff is handled by JT out in Georgia .. as compared to IronPort systems in California. JT's desire is to handle SpamCop.net e-mail account stuff via the Forum. http://forum.spamcop.net/ The single-page access to another much expanded version of the SpamCop FAQ exists there. (albeit admitting that the Forum has just had a major revamping of software and things aren't all back to where they were a month ago ...) If you want to visit the old/original pages for a SpamCop.net e-mail account that actually ties into JT's data, http://mail.spamcop.net/ is the place ... but noting that the single-page form incorporates both the www.spamcop.net and http://mail.spamcop.net/ stuff ... plus all the extra added in by other users .... > Also there is nothing there about MX records and using your own domains with > SpamCop mail service. MX Records are specifically mentioned on http://mail.spamcop.net/smallbiz.php > Have looked at most of the documents there I would say SpamCop do not > support people point their domain MX records at their mailservers and if > they do support that they really don't want people to know. The "official / original" FAQ has been complained about for years. Those doing the complaining seem not to want to actually get their hands dirty working on an / the alternative. I'm on my sixth or seventh alternative "access to data" but ..... I still get attacked for "trying to destroy the newsgroups" ...???? > Without MX support I just could not use SpamCops mail service, for me it > would be like a chocolate fire guard. Technically, said without seeing the data that does exist .... but that's up to you ... From nobody at devnull.spamcop.net Fri Jun 2 18:05:17 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 17:10:03 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: Mike Easter wrote: > Mike Easter wrote: >> POP wrote: >> >>> All of a sudden I'm getting the dreaded "SpamCop >>> could not find your spam message in this email:" error >>> message returned when I submit spams via email (one at a >>> time; only get one or two every other day or so). >> >> SC sends you the headers it gets, and I think sometimes it >> even sends a tracker for a failed parse, but I'm not sure >> about the tracker for all failures. > > Another way to display what you get back from SC is to put > the SC 'could not find' mail [as an item with complete > headers from the message properties of the mail] into the > webparser as if it were a spam, get a tracker for it, > cancel the report, and post the tracker in here. ... I tried your advice, but ... think I'll use the .spamcop route instead. Two things, one a question which possibly you could can answer: 1. What the deuce does the following, found in the parsed report, mean: " begin 666 0EM Software.eml M4F5T=7)N+5!A=&@Z(#QT Message-ID: On Fri, 02 Jun 2006 13:43:37 -0700, Tim McGraw wrote: [snIP] > If one had a unix host with postfix and sendmail one could use the scbl > (or any other bl), yes? Yes, indeed. In addition, nearly all SMTP servers (on many different operating systems; both Unix and non-Unix) support BLs these days, including BL.SpamCop.Net. -- The Lumber Cartel, local 42 (Canadian branch) Vancouver, Beautiful British Columbia, Canada http://www.lumbercartel.ca/ From MikeE at ster.invalid Fri Jun 2 15:20:24 2006 From: MikeE at ster.invalid (Mike Easter) Date: Fri Jun 2 17:25:02 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: anon wrote: > How does SFV work and how/why is it used? As far as I know it is just a little CRC checker -- I haven't found it useful for anything 'externally'. I think it uses crc for some of its own internal validation. What I need is an md5 checker for ISOs -- so I got HashCalc for that, which has way yonder more hash/calc/ing features than I ever need. // Support of 12 well-known and documented hash and checksum algorithms: MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD160, PANAMA, TIGER, ADLER32, CRC32; Support of the MD4-based hash algorithm used in many P2P applications (eDonkey, eMule, etc. ); Support of 2 modes of calculations: HASH/CHECKSUM and HMAC; Support of 3 input data formats: files, text strings and hex strings; // -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Fri Jun 2 18:20:58 2006 From: nobody at devnull.spamcop.net (POP) Date: Fri Jun 2 17:25:07 2006 Subject: [SpamCop-List] Re: SpamCop could not find your spam message in this email: References: Message-ID: I'll tell ya what; Mike Easter wrote: > POP wrote: > ... > > SC sends you the headers it gets, and I think sometimes it > even sends a tracker for a failed parse, but I'm not sure > about the tracker for all failures. No tracker in the one I saved, and it looks identical to the rest best as I can recall, so I don't think I've seen any trackers from spamcop in these. I might go back and look at past reports to see if I can get anything useful there; forgot I could do that. In any case, the > headers you see in that failure message would be useful. > You could save the complete headers and body from the > spamcop mail into spamcop.spam by saving the SC mail as an > .eml or .txt file and then attach it to a news message so > that it doesn't get mangled by linewraps caused by your > newsreader. I started to do that, and then noticed there seems to be identifying code all over the foolish thing. Some of it's in the clear and some of it appears to be in codes, so I can't tell what the hell is there for sure. Not being sure what I'm doing, I'd probably munge out the useful bits, so ... hell, I don't know! I guess I'll wait for some new spam so I know exactly what I have and what I've done, and try all over again. I'm confused! ... > > A cookie has nothing to do with submitting by mail > problems. The parser is not getting a 'proper' spam > submission via the mail. Good point; thank you. I'll come back in another day or so and I'll make it a new thread, too. I've NO idea how I did it because I can distinctly recall clicking New to post with, but I see now my posts's been tacked onto someone else's question about the very same subject, as a response to it, which I would swear I did NOT do. Like I said, I'm cornfussed! Later, gator! Pop From tmcgraw at spamcop.net Fri Jun 2 15:50:37 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 17:55:03 2006 Subject: [SpamCop-List] Re: Automated reporting In-Reply-To: References: Message-ID: WazoO wrote: > Tim McGraw wrote: >>> With all due respect, you could search there until the cows come home and >>> you won't find anything about the quick submit function. >>> >>> And I believe that is by design. It's probably tough enough to keep the >>> lid on regular VER. > > Damn this gets old. The SpamCop.net "e-mail" stuff is handled by JT out in > Georgia .. as compared to IronPort systems in California. JT's desire is to > handle SpamCop.net e-mail account stuff via the Forum. What does VER and quick submissions have to do with the email system, other than they will traverse through JT's wire? Those ARE spamcop issues. From nobody at devnull.spamcop.net Fri Jun 2 18:39:35 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 2 18:40:03 2006 Subject: [SpamCop-List] Re: Automated reporting References: Message-ID: "Tim McGraw" wrote in message news:e5qbre$trb$1@news.spamcop.net... > WazoO wrote: > > > > Damn this gets old. The SpamCop.net "e-mail" stuff is handled by JT out in > > Georgia .. as compared to IronPort systems in California. JT's desire is to > > handle SpamCop.net e-mail account stuff via the Forum. > > What does VER and quick submissions have to do with the email system, > other than they will traverse through JT's wire? > > Those ARE spamcop issues. The only existing place to find "any" FAQ data on that stuff is on the Forum server, owned and maintained by JT .... and I'm the guy he turned loose on that server, and that's the reason that the data "does" exist there .... I did the single-page thing on a Saturday morning whim .. I started a Glossary, added in a Dictionary tool for another view on that, I've installed 4 separate FAQ software tools that didn't fly, added in a FAQ modification to the 2.0.4 version of the Forum software that worked very well (but that tool didn't make the transition to the new Forum version) ... I've got a Wiki in place (just not ready to go public .. in fact, I'm running a Beta of that software as another install, just released a few days ago, according to the e-mail that asked if I'd volunteer, "we" are one of three places doing the Beta test.) As I've stated many times over the last couple of years, the tools are there .... what the problem in using them, referring to them is, I can't figure it out. Yeah, there's the HTML argument, but geeze ....data is data ... I use newsgroups, mailing lists, forums, Wikis, whatever it takes if that's where the answers are. My attempts at getting the "official" FAQ updated / corrected have had success in some places, rejections in others, totally ignored in some cases ... but the version(s) I'm taking responsibility for are updated constantly, stuff added continuously, and input is accepted from whereever it comes from .... From not at home.today Sat Jun 3 00:53:01 2006 From: not at home.today (Ant) Date: Fri Jun 2 18:55:03 2006 Subject: [SpamCop-List] Re: SPAMCOP Reporting is Making SPAM Worse References: <447EFB62.28B0542E@SpamCop.devnull.diespammerdie.net> <44805013.25B4EE56@SpamCop.devnull.diespammerdie.net> Message-ID: "Michael Brennan" wrote: > Mike Easter wrote: >> You can 'dissect' a mail item so that you can view the graphic without >> ever opening the mail. You would access the unrendered complete headers >> and contiguous unrendered body. Then you would identify the MIME >> structure that shows you where the b64 encoded .gif part is. Then you >> would save that part and decode the b64 to get the .gif, then you would >> use a graphic viewer to visualize 'read' the .gif contents. >> >> That's a lot of trouble, but it /can/ be done. > > I thought there might be a way to do it, but I intuited that it would in > fact be as complicated as you say, and at that time (perhaps even now) a > little beyond my ability to render Base 64 properly. I tried a few > times using an online Base 64 decoder but never (going by results) did > it properly, so I dropped the attempt. Online decoders will usually display the decoded text in a textarea in your browser. That's no good for images where the translated b64 will become non-ASCII binary data (i.e., it's not handled properly by a textarea once decoded). If you have Winzip it's easily decoded. Copy only the base64 text into notepad, save the file with a .b64 extension, and open with Winzip. Then extract the file (unknown.001, or whatever Winzip calls it) and rename it with the correct image extension (jpg, gif, whatever). Now open that file with the image viewer of your choice. From kopfj at worldnet.att.net Fri Jun 2 17:12:13 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Fri Jun 2 19:15:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> Message-ID: <4480C5CD.2FE47F83@worldnet.att.net> And, curiously, SpamCop works FINE using Microsoft's Internet Explorer (which doesn't support focusing on a single frame!!!! Guess I'll be using Explorer to access SpamCop in the future. Thanks for the help.. John Kopf cwg wrote: > > SNIP From tmcgraw at spamcop.net Fri Jun 2 17:38:46 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Fri Jun 2 19:40:03 2006 Subject: [SpamCop-List] phpBB vs NNTP Message-ID: WazoO wrote: > The only existing place to find "any" FAQ data on that stuff is on > the Forum server, owned and maintained by JT .... and I'm the > guy he turned loose on that server, and that's the reason that the > data "does" exist there .... > > I did the single-page thing on a Saturday morning whim .. I started a > Glossary, added in a Dictionary tool for another view on that, I've > installed 4 separate FAQ software tools that didn't fly, added in a > FAQ modification to the 2.0.4 version of the Forum software that > worked very well (but that tool didn't make the transition to the > new Forum version) ... I've got a Wiki in place (just not ready to > go public .. in fact, I'm running a Beta of that software as another > install, just released a few days ago, according to the e-mail that > asked if I'd volunteer, "we" are one of three places doing the Beta test.) > > As I've stated many times over the last couple of years, the tools are > there .... what the problem in using them, referring to them is, I can't > figure it out. Yeah, there's the HTML argument, but geeze ....data is > data ... I use newsgroups, mailing lists, forums, Wikis, whatever it takes > if that's where the answers are. My attempts at getting the "official" FAQ > updated / corrected have had success in some places, rejections in others, > totally ignored in some cases ... but the version(s) I'm taking > responsibility for are updated constantly, stuff added continuously, and > input is accepted from whereever it comes from .... It's not that I don't appreciate all you and others have done... I guess I'm just an old-fashioned plain text guy. Too many goo-ga's and doo-dad's... grumble grumble... HTML... why, when I was you're age we didn't have no wikis, and we LIKED it! Here's some real-world flava. I've been trying to get JT's attention for six weeks because the optional BCCs under identities just don't work. To contact him I've tried filling out the form at http://www.cesmail.net/contact.php. I've tried sending email. He doesn't respond. If I have to go to the forums and create a user account to get JT's attention when I'm already a customer (and have been a customer of spamcop since '98) that will NOT be a happy post. From nobody at devnull.spamcop.net Fri Jun 2 21:17:31 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Fri Jun 2 21:20:03 2006 Subject: [SpamCop-List] Re: phpBB vs NNTP References: Message-ID: "Tim McGraw" wrote in message news:e5qi66$1cj$1@news.spamcop.net... > Re: Subject Line: .. the Forum application used is not PhpBB ... JT spent the bucks on a commercial application. And I'll also add that he offered to "buy" some FAQ software a long while back ... he response was totally uderwhelming .. yet the complaints about "the FAQ" have continued .... > It's not that I don't appreciate all you and others have done... I guess > I'm just an old-fashioned plain text guy. Too many goo-ga's and > doo-dad's... grumble grumble... HTML... why, when I was you're age we > didn't have no wikis, and we LIKED it! Again, I took advatage of the opportunity and ran with it. I'm the one that took the risk and installed these other tools. The history was that I didn't volunteer when when his request went out, as I didn't want to spend time in yet another gorum. However, no one else was in there answering questions. Jeff G. stood up first and he gave it a mighty shot ...but was eventually overwhelmed. I was asked to help Moderate .. did that ... Complaints started, complaints mounted, issues came up ... JT moved me into the Admin slot so I could twiddle some bits amd make some (turning out to be massive) changes. Then to make even more changes, server access was granted. Then even sudo powers arrived so I could make more changes. Thus began my adding of other tools to the mix .... some left me in the position that only I could enter data, make changes, other things have been picked up and extended by other volunteer folks, and the changes just keep coming. Once upon a time, the FAQ-o-Matic was useable by just about anyone, but ... so few took advantage of the opportunity. Then it was closed off for acess but to the team of Deputies and Julian himself .. maybe six or seven people back then ... then the maintenance dropped to basically just RW ... and now that IronPort is involved, the "legal team" is involved in any change there. Whereas, the Forum is not owned, run, or maintained by any of the paid staff. Thus far, I've been allowed to run with what I haven't screwed up ... I've got some great folks helping out where they can, some openly, some in the background, but again, things can happen there quickly .... > Here's some real-world flava. I've been trying to get JT's attention for > six weeks because the optional BCCs under identities just don't work. > > To contact him I've tried filling out the form at > http://www.cesmail.net/contact.php. I've tried sending email. He doesn't > respond. Don't feel like the lone ranger ..... part of the background on my installing other tools "without permission" is baed on the same scenario .... He is a busy guy, travels a bit, and in all fairness, also gets an alarming amount of e-mail from folks that dinf his address and bitch about BL issues, reporting issues, etc. ... which he has no control over (that all being the IronPort side) I've probably made 50 phone calls to notify of an issue, server down and such ... and have actually only caught him at the phine once ....usually just manage to leave a message for him ... > If I have to go to the forums and create a user account to get JT's > attention when I'm already a customer (and have been a customer of > spamcop since '98) that will NOT be a happy post. In all honesty, JT spends about as much time (maybe less) in the Forum as the Deputies do here .....on the other hand, if I can feed him enough data (in a short e-mail) I'll usually get a turn-around in a day or two on that specific item ....but like this post, my e-mails aren't usually "short" .. so he admits that they get backburnered till he can get around to digesting it, and eventually, it falls off the backburner Bottom line, it it's any help ... short e-mail, all facts needed in that e-mail, and cross your fingers .... the actual applications are commercial software, some requested things aren't available in those packages ... the support Forums for those packages are in the (Forum) version of the SpamCop FAQ such that those requests, issues, etc. can be taken to those developers directly ... A year or so back, he installed a Beta thing to look at another application ... if you don't know anything about the Forum contents, I'll assume that you don't know about that event .... The whole issue isn't about "the Forum" or the newsgroups .... it's about "the FAQ" .... the one at www.spamcop.net has been an issue for years. I've tried to offer alternative after alternative, but folks keep getting wrapped around the spokes over the word "Forum" ... and apparently that all the links include "forum" in the URL .... once again, that's the server I have access to .. end of that tune ... From edb2000 at spamcop.net Fri Jun 2 23:12:05 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Jun 3 01:15:08 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... In-Reply-To: <4480C5CD.2FE47F83@worldnet.att.net> References: <447F273A.2A01D7B9@worldnet.att.net> <4480C5CD.2FE47F83@worldnet.att.net> Message-ID: John O. Kopf wrote: > And, curiously, SpamCop works FINE using Microsoft's Internet Explorer > (which doesn't support focusing on a single frame!!!! > > Guess I'll be using Explorer to access SpamCop in the future. Since the unwanted behavior is implemented using Javascript, you might also try using SpamCop with Javascript disabled. It's kind of tedious to turn it on and off, though -- as far as I know, FireFox does not have a way to enable Javascript for some sites and not for others. That kind of thing would be handy, and FF as well as other browsers already have per-site permissions/restrictions vis. cookies and forms. Maybe eventually it will be possible to click on a widget to specify that Javascript is to be disabled on all web pages from the current web site. I guess it's time to trundle off to another browser window and see if that's already in the works, and submit it as a feature request if it's not. -- Don Wannit A paid SpamCop user since 1999 From edb2000 at spamcop.net Fri Jun 2 23:19:12 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Jun 3 01:20:02 2006 Subject: [SpamCop-List] Filter busting humor Message-ID: All right, lots of spams have random text intended to get past Bayesian filtering/tagging. But I gotta wonder about a spam containing a GIF image for HTML-aware email readers that has these exact words in the text alternative part for those who don't read email with such a reader: Jason theft approved smashes visa scam Yea, verily. As if that's going to make me render the GIF and laboriously type in the URL visible in the graphic image. -- Don Wannit A paid SpamCop user since 1999 From tmcgraw at spamcop.net Sat Jun 3 00:18:24 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Jun 3 02:20:02 2006 Subject: [SpamCop-List] Re: phpBB vs NNTP In-Reply-To: References: Message-ID: WazoO wrote: > > Again, I took advatage of the opportunity and ran with it. I get it, I get it... it's about the FAQ. There is some good stuff there. Too bad the spamcop.net help link doesn't just point there. You can learn more about sc at the castlecops wiki than you can at the actual sc site. > Bottom line, it it's any help ... short e-mail, all facts needed in > that e-mail, and cross your fingers .... Welcome to my world... From nobody at spamcop.net Sat Jun 3 00:23:16 2006 From: nobody at spamcop.net (RandallW) Date: Sat Jun 3 02:25:03 2006 Subject: [SpamCop-List] spammer grammar Message-ID: http://www.spamcop.net/sc?id=z961964841zdb49a97a8c3ebb532a3de779845b9a63z Apparently they don't believe nouns begin a sentence. From tmcgraw at spamcop.net Sat Jun 3 00:35:44 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Jun 3 02:40:02 2006 Subject: [SpamCop-List] Re: spammer grammar In-Reply-To: References: Message-ID: RandallW wrote: > http://www.spamcop.net/sc?id=z961964841zdb49a97a8c3ebb532a3de779845b9a63z > > Apparently they don't believe nouns begin a sentence. Looks like someone misconfigured the hashbuster generator in their spamware. >

> %PREPOSITIONS %ADVERBS %VERBS. %PREPOSITIONS %ADJECTIVES %NOUNS.
> %PREPOSITIONS %ADVERBS %VERBS. %PREPOSITIONS %ADJECTIVES %NOUNS.
> %PREPOSITIONS %ADVERBS %VERBS. %PREPOSITIONS %ADJECTIVES %NOUNS.
> %PREPOSITIONS %ADVERBS %VERBS. %PREPOSITIONS %ADJECTIVES %NOUNS.
>

From jamie_usenet at yahoo.ca Sat Jun 3 05:49:19 2006 From: jamie_usenet at yahoo.ca (Jamie) Date: Sat Jun 3 04:50:22 2006 Subject: [SpamCop-List] Level3 says we are not responsible for spam on the internet Message-ID: Ok here is a good phone call from Level3 Communications an email was sent to them in regards to thier 31 Spamhaus listings and why they continue to house these known spammers on thier networks. Then a couple days latter I gave them a phone call at Level3 Communications 1-877-4LEVEL3 (1-877-453-8353) I was put though to one of the Network Security people by the name of Richard. Richard clearly identified himself as being with the network security department. The question was raised as to why Level3 Communications continues to take money from known spam operations and they were emailed a list of thier current spamhaus records. The abuse droid by the name of Richard was not of much help so I asked if I could speak to his manager. I was hoping to make the point that taking dirty money from known spam operations and continue to provide conectivity to those spammers. http://www.spamhaus.org/sbl/listings.lasso?isp=level3.net SBL42758 63.208.227.128/25 level3.net SBL42730 69.44.131.0/27 SBL42541 216.117.203.0/28 level3.net SBL42429 65.77.223.80/29 level3.net SBL42426 64.192.140.128/28 level3.net SBL42024 67.72.99.69/32 level3.net SBL41250 69.45.16.0/26 level3.net SBL41212 4.79.43.128/25 level3.net SBL41146 69.45.7.155/32 level3.net SBL41117 213.19.140.128/25 level3.net SBL40355 63.209.156.0/23 level3.net SBL39699 217.17.155.128/25 level3.net SBL39278 64.192.28.0/22 level3.net SBL38703 8.10.58.64/27 level3.net SBL38694 217.17.156.0/24 level3.net SBL38409 64.156.160.0/22 level3.net SBL38407 209.0.80.0/23 level3.net SBL37621 4.78.160.192/27 level3.net SBL34002 64.192.24.0/22 level3.net SBL32025 8.2.96.0/24 level3.net SBL30743 69.44.140.0/23 level3.net SBL29064 67.29.139.0/25 level3.net SBL27988 4.38.112.0/24 level3.net SBL26183 64.152.128.0/24 level3.net SBL25341 69.44.117.248/29 level3.net SBL24566 64.156.191.32/28 level3.net SBL24244 63.209.70.192/27 level3.net SBL22990 65.77.106.0/26 level3.net SBL21475 209.247.220.128/25 level3.net SBL20806 63.209.69.128/27 level3.net SBL14920 63.215.71.128/25 level3.net Out of all of Level3's listings 3 of them are ROKSO listings which means the spammer has been booted from at least 3 previous before connecting up with Level3 Communications The ROKSO listings are SBL42730 SBL41250 SBL41212 So I had to step out for a while and when I came home I had a message it was from Mario who is the manager at Level3. This message was left on my answering machine on June 1 2006 at approximately 6:37 PM Eastern Daylight Time (EDT). This is a transcript of the mesasge left on my answering machine. Hi Jamie my name is Mario and I am calling from Level3 Commnuications I am Richard's manager a technician you spoke to today. I am not sure what you are trying to accomplish or gain by having a manager you back regarding ah an abuse issue ah but ah I just wanted to explain that umm ah that per your email or per your conversation with Richard that um we should be practicing network ect better. Um we are a backbone provider so we are not responsible for the spam that happens on the internet. Its either a downstream customer or thier downstream customers ect. Um the onlything I can compare it to the post office sending you those applications for ummm Visas or Mastercards, So you know its like blaming the post office for sending that information. So I am not sure what you are trying to accomplish or you know I am not going to be able to stop the spam from happening it happens on a daily basis and its constantly there. Uh and its avoidable. The only thing I can tell you to do is contact your ISP use spam filters, spam blockers ect. If you have any further questions feel free to contact us 720-888-0012 and ask to speak directly to me. Thank you have a good day. END OF MESSAGE -------------------------------------------------------------------------------------------------------------- Well what I was trying to accomplish is the fact that Level3 Communications harbours known spammers on thier network and they provide connectivity to these spammers. But level3 is clueless and doesn't seem to get it. Oh and before you say oh this is just a hoax and that no ISP could possibly be this braindead I have posted a copy of the message in MP3 format at http://www.filelodge.com/files/room28/767561/Level3/Level3%20Messsage%20June%201%202006.mp3 I found filelodge is a bit slow at times but just keep trying if it gets really bad I can put a copy of the MP3 elsewere as well. The file is named Level3 Message June 1 2006.mp3 and is 1,524 KB in size Level3 has to be the most CLUELESS ISP around. They are taking money from known spammers and continue to do so to this day. Level3 seems to think that it is ok to continue to allow thier spammy customers continue to spam everyone while they take the spammers dirty money. Spamhaus.org or any other block lists if you want to use this recording as evidence on your block websites as to why Level3 Commnuications should be totally null routed then by my guest. Just contact me please and let me know where the recording is going to be. I would be very intrested to know as to how many places put up mirrors of this recording. The only thing that should be done with all of Level3 Communications IP blocks is see that they are black listed and let them enjoy thier intranet. They are obviously a very very black ISP who continues to support spammers. Jamie From porpoise1954 at yahoo.co.uk Sat Jun 3 16:21:06 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Sat Jun 3 10:25:11 2006 Subject: [SpamCop-List] Re: spammer grammar References: Message-ID: "RandallW" wrote in message news:e5r9si$dg7$1@news.spamcop.net... > http://www.spamcop.net/sc?id=z961964841zdb49a97a8c3ebb532a3de779845b9a63z > > Apparently they don't believe nouns begin a sentence. Beginning a sentence with a noun is not a thing carved in stone. (See, I just began one with a verb!). Ooh! Two, actually. From tmcgraw at spamcop.net Sat Jun 3 08:47:22 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Sat Jun 3 10:50:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... In-Reply-To: References: <447F273A.2A01D7B9@worldnet.att.net> <4480C5CD.2FE47F83@worldnet.att.net> Message-ID: Don Wannit wrote: > > Since the unwanted behavior is implemented using Javascript, > you might also try using SpamCop with Javascript disabled. > It's kind of tedious to turn it on and off, though -- as far > as I know, FireFox does not have a way to enable Javascript > for some sites and not for others. Just posted on nanae, some recommended FF plug-ins, including: > NoScript (enable javascript only for preconfigured sites) From joegill at removethis Sat Jun 3 12:28:39 2006 From: joegill at removethis (Joe Gill) Date: Sat Jun 3 11:30:03 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: Message-ID: "Jamie" wrote in message news:e5rieg$iiq$1@news.spamcop.net... > Ok here is a good phone call from Level3 Communications an email was sent > to > them in regards to thier 31 Spamhaus listings and why they continue to > house > these known spammers on thier networks. > > Then a couple days latter I gave them a phone call at Level3 > Communications > 1-877-4LEVEL3 (1-877-453-8353) I was put though to one of the > Network Security people by the name of Richard. Richard clearly identified > himself as being with the network security department. > > The question was raised as to why Level3 Communications continues to > take money from known spam operations and they were emailed a > list of thier current spamhaus records. The abuse droid by the name > of Richard was not of much help so I asked if I could speak to > his manager. I was hoping to make the point that taking dirty money > from known spam operations and continue to provide conectivity to > those spammers. > > http://www.spamhaus.org/sbl/listings.lasso?isp=level3.net > > > SBL42758 63.208.227.128/25 level3.net > SBL42730 69.44.131.0/27 > SBL42541 216.117.203.0/28 level3.net > SBL42429 65.77.223.80/29 level3.net > SBL42426 64.192.140.128/28 level3.net > SBL42024 67.72.99.69/32 level3.net > SBL41250 69.45.16.0/26 level3.net > SBL41212 4.79.43.128/25 level3.net > SBL41146 69.45.7.155/32 level3.net > SBL41117 213.19.140.128/25 level3.net > SBL40355 63.209.156.0/23 level3.net > SBL39699 217.17.155.128/25 level3.net > SBL39278 64.192.28.0/22 level3.net > SBL38703 8.10.58.64/27 level3.net > SBL38694 217.17.156.0/24 level3.net > SBL38409 64.156.160.0/22 level3.net > SBL38407 209.0.80.0/23 level3.net > SBL37621 4.78.160.192/27 level3.net > SBL34002 64.192.24.0/22 level3.net > SBL32025 8.2.96.0/24 level3.net > SBL30743 69.44.140.0/23 level3.net > SBL29064 67.29.139.0/25 level3.net > SBL27988 4.38.112.0/24 level3.net > SBL26183 64.152.128.0/24 level3.net > SBL25341 69.44.117.248/29 level3.net > SBL24566 64.156.191.32/28 level3.net > SBL24244 63.209.70.192/27 level3.net > SBL22990 65.77.106.0/26 level3.net > SBL21475 209.247.220.128/25 level3.net > SBL20806 63.209.69.128/27 level3.net > SBL14920 63.215.71.128/25 level3.net > > > Out of all of Level3's listings 3 of them are ROKSO listings > which means the spammer has been booted from at least > 3 previous before connecting up with Level3 Communications > > The ROKSO listings are > > SBL42730 > SBL41250 > SBL41212 > > So I had to step out for a while and when I came home I had a message it > was > from Mario who is the manager at Level3. This message was left on my > answering machine on June 1 2006 at approximately 6:37 PM > Eastern Daylight Time (EDT). > > This is a transcript of the mesasge left on my answering machine. > > Hi Jamie my name is Mario and I am calling from Level3 Commnuications > I am Richard's manager a technician you spoke to today. > > I am not sure what you are trying to accomplish or gain by having a > manager > you back regarding ah an abuse issue ah but ah I just wanted to explain > that umm ah that per your email or per your conversation with Richard > that um we should be practicing network ect better. Um we are a > backbone provider so we are not responsible for the spam that happens on > the internet. > > Its either a downstream customer or thier downstream customers ect. Um the > onlything I can compare it to the post office sending you those > applications > for ummm Visas or Mastercards, So you know its like blaming the post > office for sending that information. > > So I am not sure what you are trying to accomplish or you know I am not > going to be able to stop the spam from happening it happens on a > daily basis and its constantly there. Uh and its avoidable. > The only thing I can tell you to do is contact > your ISP use spam filters, spam blockers ect. > > If you have any further questions feel free to contact us 720-888-0012 > and ask to speak directly to me. Thank you have a good day. > > END OF MESSAGE > > -------------------------------------------------------------------------------------------------------------- > > Well what I was trying to accomplish is the fact that Level3 > Communications > harbours known spammers on thier network and they provide > connectivity to these spammers. But level3 is clueless and > doesn't seem to get it. > > Oh and before you say oh this is just a hoax and that no ISP could > possibly > be this braindead I have posted a copy of the message in MP3 format at > > http://www.filelodge.com/files/room28/767561/Level3/Level3%20Messsage%20June%201%202006.mp3 > > I found filelodge is a bit slow at times but just keep trying if it gets > really bad I can put a copy of the MP3 elsewere as well. > > > The file is named Level3 Message June 1 2006.mp3 and is 1,524 KB in size > > Level3 has to be the most CLUELESS ISP around. They are taking money from > known spammers and continue to do so to this day. Level3 seems to > think that it is ok to continue to allow thier spammy customers continue > to spam everyone while they take the spammers dirty money. > > Spamhaus.org or any other block lists if you want to use this recording as > evidence on your block websites as to why Level3 Commnuications > should be totally null routed then by my guest. Just contact me please > and let me know where the recording is going to be. I would be very > intrested to know as to how many places put up mirrors of this recording. > > The only thing that should be done with all of Level3 Communications IP > blocks is see that they are black listed and let them enjoy thier > intranet. > They are obviously a very very black ISP who continues to support > spammers. > > Jamie > > > /TIC ON No is it you, that is CLUELESS... Why Level3 is just is the business of providing network access to many of their great customers and making their shareholders happy. Their money is not dirty, it is GREEN, and shareholders love it! /TIC OFF Seriously, people could try SHAREHOLDER resolutions to: 1) Cause Level3 to spend much money trying to avoid them ending up on the ballot. 2) Cause Level3 to try to 'get rid of the problem'. at a higher corporate level... From dfmanno at mail.com Sat Jun 3 13:05:36 2006 From: dfmanno at mail.com (D.F. Manno) Date: Sat Jun 3 12:10:02 2006 Subject: [SpamCop-List] Re: spammer grammar References: Message-ID: In article , "RandallW" wrote: > http://www.spamcop.net/sc?id=z961964841zdb49a97a8c3ebb532a3de779845b9a63z > > Apparently they don't believe nouns begin a sentence. Apparently, neither do you. -- D.F. Manno | dfmanno@mail.com The second article of impeachment against Richard Nixon covered, among other things, warrantless wiretapping. From edb2000 at spamcop.net Sat Jun 3 10:40:40 2006 From: edb2000 at spamcop.net (Don Wannit) Date: Sat Jun 3 12:45:04 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... In-Reply-To: References: <447F273A.2A01D7B9@worldnet.att.net> <4480C5CD.2FE47F83@worldnet.att.net> Message-ID: Tim McGraw wrote: > Just posted on nanae, some recommended FF plug-ins, including: > >> NoScript (enable javascript only for preconfigured sites) Thanks! -- Don Wannit A paid SpamCop user since 1999 From nobody at devnull.spamcop.net Sat Jun 3 17:44:08 2006 From: nobody at devnull.spamcop.net (POP) Date: Sat Jun 3 16:45:09 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: Message-ID: Your http://www.filelodge.com... link seems to be dead; taken down already? Or banned? Too bad; I actually wanted to listen to it. Just a word of caution, FWIW: You could be in a pretty gray area of the law w/r to placing a message you recorded onto an answering machine into public spaces. A place like L3 wouldn't be afraid to start screaming libel and threaten all kinds of cartooney stuff. I've no idea whether they could make anything stick in a court room, IANAL, but they could cost you and whoever/whatever company, that carries it, plenty of defense money. Many places with reputations and people like L3 have will do things like that in order to make points and get some PR out of it about how "unfair" people are to them. They've been around way too long to be called clueless: Actually they must be well clued in, and know pretty much exactly what they're doing. I'd be very careful. Before any do-gooder steps in and starts crying about recording and federal law, etc., this is NOT a wiretapping issue, which is all most are going to know anything about, and which in turn is usually inaccurate anwyay, so to those folks I say; shut up. I DO like seeing them taken to task though, and I wish they all could be. But it'll take a lot more than talking to their phoney non-coms to shake anything up with a place like that. L3 almost appears white, well, maybe a little gray these days, but they're black as the kitchen stove burners; they've only managed to successfully get themselves out of the limelight. They're as black hat as the middle of a moonless, cloudy night, IMO. Only bulldozing mgmt can fix anything. Luck, Pop Jamie wrote: > Ok here is a good phone call from Level3 Communications an > email was sent to them in regards to thier 31 Spamhaus > listings and why they continue to house these known > spammers on thier networks. > Then a couple days latter I gave them a phone call at > Level3 Communications 1-877-4LEVEL3 (1-877-453-8353) I was > put though to one of the Network Security people by the name of > Richard. Richard > clearly identified himself as being with the network > security department. > The question was raised as to why Level3 Communications > continues to take money from known spam operations and they > were emailed > a list of thier current spamhaus records. The abuse droid by > the name of Richard was not of much help so I asked if I could > speak > to his manager. I was hoping to make the point that taking > dirty money from known spam operations and continue to provide > conectivity to those spammers. > > http://www.spamhaus.org/sbl/listings.lasso?isp=level3.net > > > SBL42758 63.208.227.128/25 level3.net > SBL42730 69.44.131.0/27 > SBL42541 216.117.203.0/28 level3.net > SBL42429 65.77.223.80/29 level3.net > SBL42426 64.192.140.128/28 level3.net > SBL42024 67.72.99.69/32 level3.net > SBL41250 69.45.16.0/26 level3.net > SBL41212 4.79.43.128/25 level3.net > SBL41146 69.45.7.155/32 level3.net > SBL41117 213.19.140.128/25 level3.net > SBL40355 63.209.156.0/23 level3.net > SBL39699 217.17.155.128/25 level3.net > SBL39278 64.192.28.0/22 level3.net > SBL38703 8.10.58.64/27 level3.net > SBL38694 217.17.156.0/24 level3.net > SBL38409 64.156.160.0/22 level3.net > SBL38407 209.0.80.0/23 level3.net > SBL37621 4.78.160.192/27 level3.net > SBL34002 64.192.24.0/22 level3.net > SBL32025 8.2.96.0/24 level3.net > SBL30743 69.44.140.0/23 level3.net > SBL29064 67.29.139.0/25 level3.net > SBL27988 4.38.112.0/24 level3.net > SBL26183 64.152.128.0/24 level3.net > SBL25341 69.44.117.248/29 level3.net > SBL24566 64.156.191.32/28 level3.net > SBL24244 63.209.70.192/27 level3.net > SBL22990 65.77.106.0/26 level3.net > SBL21475 209.247.220.128/25 level3.net > SBL20806 63.209.69.128/27 level3.net > SBL14920 63.215.71.128/25 level3.net > > > Out of all of Level3's listings 3 of them are ROKSO listings > which means the spammer has been booted from at least > 3 previous before connecting up with Level3 Communications > > The ROKSO listings are > > SBL42730 > SBL41250 > SBL41212 > > So I had to step out for a while and when I came home I had > a message it was from Mario who is the manager at Level3. > This message was left on my answering machine on June 1 > 2006 at approximately 6:37 PM Eastern Daylight Time (EDT). > > This is a transcript of the mesasge left on my answering > machine. > Hi Jamie my name is Mario and I am calling from Level3 > Commnuications I am Richard's manager a technician you spoke to > today. > > I am not sure what you are trying to accomplish or gain by > having a manager you back regarding ah an abuse issue ah > but ah I just wanted to explain that umm ah that per your > email or per your conversation with Richard that um we should > be practicing network ect better. Um we > are a backbone provider so we are not responsible for the spam > that happens on the internet. > > Its either a downstream customer or thier downstream > customers ect. Um the onlything I can compare it to the > post office sending you those applications for ummm Visas > or Mastercards, So you know its like blaming the post > office for sending that information. > So I am not sure what you are trying to accomplish or you > know I am not going to be able to stop the spam from > happening it happens on a daily basis and its constantly > there. Uh and its avoidable. > The only thing I can tell you to do is contact > your ISP use spam filters, spam blockers ect. > > If you have any further questions feel free to contact us > 720-888-0012 and ask to speak directly to me. Thank you have > a good > day. > END OF MESSAGE > > -------------------------------------------------------------------------------------------------------------- > > Well what I was trying to accomplish is the fact that > Level3 Communications harbours known spammers on thier > network and they provide connectivity to these spammers. But > level3 is clueless and > doesn't seem to get it. > > Oh and before you say oh this is just a hoax and that no > ISP could possibly be this braindead I have posted a copy > of the message in MP3 format at > http://www.filelodge.com/files/room28/767561/Level3/Level3%20Messsage%20June%201%202006.mp3 > > I found filelodge is a bit slow at times but just keep > trying if it gets really bad I can put a copy of the MP3 > elsewere as well. > > The file is named Level3 Message June 1 2006.mp3 and is > 1,524 KB in size > Level3 has to be the most CLUELESS ISP around. They are > taking money from known spammers and continue to do so to > this day. Level3 seems to think that it is ok to continue to > allow thier spammy > customers continue to spam everyone while they take the > spammers dirty money. > > Spamhaus.org or any other block lists if you want to use > this recording as evidence on your block websites as to why > Level3 Commnuications should be totally null routed then by my > guest. Just > contact me please and let me know where the recording is going > to be. I would > be very intrested to know as to how many places put up > mirrors of this recording. > The only thing that should be done with all of Level3 > Communications IP blocks is see that they are black listed > and let them enjoy thier intranet. They are obviously a > very very black ISP who continues to support spammers. > > Jamie From vxpy7do02 at sneakemail.com Sat Jun 3 18:59:18 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sat Jun 3 21:00:02 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: "Technomage Hawke" wrote in message news:6684857.b2JXtBYTJW@rawgames.org... > POP wrote: > >> Your http://www.filelodge.com... link seems to be dead; taken >> down already? Or banned? Too bad; I actually wanted to listen >> to it. >> >> Just a word of caution, FWIW: You could be in a pretty gray area >> of the law w/r to placing a message you recorded onto an >> answering machine into public spaces. A place like L3 wouldn't >> be afraid to start screaming libel and threaten all kinds of >> cartooney stuff. > > a question here: is it really libel when one of their representatives > stated > it on a recording? also, once said recording has been made, it > automatically becomes the property of the recipient (to do with what they > may). However, L3 Communications does have a rather large "slick" of > lawyers. they could make life difficult. > IMNAL But if I recall correctly, only a few states allow 'legal' recordings to be made with only ONE person's permission - most states require the permission of both parties (and that permission is stated at the beginning of the tape.) Did L3 person actually give you permission to tape the conversation? If so then you are probably ok with the tape. If no permissions is stated on the tape, then the intermittent beep must be audible during the taping. Bottom line - maybe you should find a lawyer who can tell you whether you are skating on thin ice or not by even possessing that tape. -- A SpamCop user and forum reader, Not Admin From not at home.today Sun Jun 4 04:14:04 2006 From: not at home.today (Ant) Date: Sat Jun 3 22:15:02 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: Message-ID: "POP" wrote: > Your http://www.filelodge.com... link seems to be dead; taken > down already? Or banned? It works -- just a bit flaky. > Too bad; I actually wanted to listen to it. Here's a slightly more accurate transcription. I heard the phone number as '730...', not '720...' "Hi Jamie, my name is Mario and I'm calling from Level3 Communications. I am Richard's manager, um, a technician you spoke to today. Erm, I am not sure what you are trying to accomplish or gain by having a manager call you back regarding, ah, an abuse issue, ah, but, I just wanted to explain to you that, erm, ah, per your email, or per your conversation with Richard that, um, we should be practicing network, etc, better. Um, we're only a backbone provider so we are not responsible for the spam that actually happens on the Internet. It's either our downstream customers or their downstream customers, etc. Um, the only thing I can compare it to is the post office sending you those applications for, um, the, er, Visas or Mastercards. So, you know, that's like blaming the post office for sending that information. So I am not sure what you are trying to accomplish or, you know, I am not going to be able to stop the spam from happening; it happens on a daily basis, it's constantly there, and it's avoidable. The only thing I can tell you to do is contact your ISP, use spam filters, spam blockers, etc. If you have any further questions feel free to contact us, 730-888-0012 and ask to speak directly to me. Thank you, have a good day. Bu-bye". The tone was professional, and the 'ums' and 'ers' are what you would normally get in a conversation, but probably not notice, as the speaker pauses or gathers his thoughts. > I DO like seeing them taken to task though, and I wish they all > could be. But it'll take a lot more than talking to their phoney > non-coms to shake anything up with a place like that. I suppose backbone providers are unconcerned about their IP address allocations being in blocklists. After all, it's the ISPs and other companies sub-leasing from them whose mail servers will be affected. Jamie posted this same article in NANAE, where he is (in)famous for his LARTs and other shenanigans. See http://www.chickenboner.com/ From jg at coks.net Sat Jun 3 20:40:11 2006 From: jg at coks.net (jg) Date: Sat Jun 3 22:40:03 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet In-Reply-To: References: Message-ID: On 6/3/2006 7:14 PM Ant scribbled: > Jamie posted this same article in NANAE, where he is (in)famous for > his LARTs and other shenanigans. See http://www.chickenboner.com/ > > Couldn't believe he showed up here - 1st killfile for the SC group... From avoozl at spamcop.net Sat Jun 3 23:03:17 2006 From: avoozl at spamcop.net (Chris F. Willoughby) Date: Sun Jun 4 01:00:06 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: "anon" wrote in message news:e5tb9n$o36$1@news.spamcop.net... > IMNAL But if I recall correctly, only a few states allow 'legal' > recordings to be made with only ONE person's permission - most states > require the permission of both parties (and that permission is stated at > the beginning of the tape.) Did L3 person actually give you permission to > tape the conversation? If so then you are probably ok with the tape. > > If no permissions is stated on the tape, then the intermittent beep must > be audible during the taping. > > Bottom line - maybe you should find a lawyer who can tell you whether you > are skating on thin ice or not by even possessing that tape. > > -- > A SpamCop user and forum reader, > Not Admin > Considering this was from his own answering machine I fail to see the problem. Chris From nobody at spamcop.net Sun Jun 4 01:02:40 2006 From: nobody at spamcop.net (RandallW) Date: Sun Jun 4 03:05:07 2006 Subject: [SpamCop-List] Yipes, Forona, and Swiftco Message-ID: I receive a small daily splurge of spam from an affiliate of Consumerpromotioncenter.com; the SC parser determines that Yipes.com, Forona.com, and Swiftco.net host both the e-mail server and webspace where the spamvertised url is hosted. Any opinions on these companies' spam policies? ( One SC report I recently sent ): http://www.spamcop.net/sc?id=z962880152zdb49d2168b8d19ae53246f5044d29c95z From MikeE at ster.invalid Sun Jun 4 03:57:12 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 06:00:07 2006 Subject: [SpamCop-List] Re: Yipes, Forona, and Swiftco References: Message-ID: RandallW wrote: > I receive a small daily splurge of spam from an affiliate of > Consumerpromotioncenter.com; the SC parser determines that Yipes.com, > Forona.com, and Swiftco.net host both the e-mail server and webspace > where the spamvertised url is hosted. > Any opinions on these companies' spam policies? spammer -- spamsource spamvertiser unresponsive spamhaused /22 > ( One SC report I recently sent ): > www.spamcop.net/sc?id=z962880152zdb49d2168b8d19ae53246f5044d29c95z source 204.15.231.227 no rDNS From: airline-surplus-online.com = MX 204.15.231.225 spamvertiser airline-surplus-online.com straightup unresponsive spammer/spamvertiser provider spamhaused all over the place whois -h whois.arin.net 204.15.231.227 ... SWIFT VENTURES Inc 204.15.224.0 - 204.15.231.255 OrgTechEmail: abuse@swiftco.net Forona Technologies, 204.15.230.0 - 204.15.231.255 OrgTechEmail: domains@forona.com Forona spamhaused as the /22 204.15.228.0/22 is listed on the Spamhaus Block List Ref: SBL41952 Spamhaus shows much evidence including spamcop's and also shows the forona/swift structure for this block and others, and shows that the AS36263 for forona has the upstream AS6517 YIPESCOM Spamhaus has numerous other listings for the swiftco/forona, 9 SBLs, including a ROKSO -- blocks of numerous sizes /22s, /23, /24s etc The abuse.net reg'd contacts are forona, swiftco, & yipes, which is how spamcop notifies for source and spamvertiser, so yipes is being informed of the unresponsiveness of their downstream -- Mike Easter kibitzer, not SC admin From caroljean52 at yahoo.com Sun Jun 4 05:34:12 2006 From: caroljean52 at yahoo.com (caroljean52) Date: Sun Jun 4 06:35:03 2006 Subject: [SpamCop-List] Re: Spamcop is shooting tself yet again References: Message-ID: "Ted Mittelstaedt" wrote: > It's probably some spammer has figured out where some of the Spamcop > spamtrap addresses are, and is attacking Spamcop by submitting single > items through Yahoo Mail. There's been a whole lot of spam recently sent using Yahoo's new address notification system. (That's one feature they really didn't think through before going live!) I suspect that those spams alone would be enough to blacklist Yahoo servers on a fairly regular basis. I know I'm reporting all of them that I get. Carol Pocatello, Idaho From asterix at no_where.net Sun Jun 4 16:23:28 2006 From: asterix at no_where.net (Asterix) Date: Sun Jun 4 09:25:02 2006 Subject: [SpamCop-List] Average reporting time Message-ID: <1hgeyeh.9ay5cmvem069N%asterix@no_where.net> As I understand the average reporting time for my account is calculated from the time I joined SpamCop. Which is now several years ago. That makes it less and less relevant to the current situation. Why not (at least as a configurable option in preferences) offer to display the average reporting time for the last 3 or 12 months? That would feel a little more up-to-date. -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From not at home.today Sun Jun 4 15:54:14 2006 From: not at home.today (Ant) Date: Sun Jun 4 09:55:03 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: Message-ID: "jg" wrote: > On 6/3/2006 7:14 PM Ant scribbled: >> Jamie posted this same article in NANAE, where he is (in)famous for >> his LARTs and other shenanigans. See http://www.chickenboner.com/ > > Couldn't believe he showed up here - 1st killfile for the SC group... He's been here a few times before. This is all to do with his current campaign against Geoff Brozny of Glorb Internet Services for hosting jamiebaillie.com, and who gets his connectivity from Level3. He's currently trying to make it look like Brozny is spamming him. From john-no-spam at no-spam.co Sun Jun 4 10:28:35 2006 From: john-no-spam at no-spam.co (John Loaf) Date: Sun Jun 4 10:30:06 2006 Subject: [SpamCop-List] Re: Yipes, Forona, and Swiftco References: Message-ID: >> "small daily splurge" I wish I could say that. I get 20 to 30 every day. From nobody at devnull.spamcop.net Sun Jun 4 13:22:05 2006 From: nobody at devnull.spamcop.net (POP) Date: Sun Jun 4 12:25:06 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: Technomage Hawke wrote: > POP wrote: > >> Your http://www.filelodge.com... link seems to be dead; >> taken down already? Or banned? Too bad; I actually >> wanted to listen to it. >> >> Just a word of caution, FWIW: You could be in a pretty >> gray area of the law w/r to placing a message you recorded >> onto an answering machine into public spaces. A place >> like L3 wouldn't be afraid to start screaming libel and >> threaten all kinds of cartooney stuff. > > a question here: is it really libel when one of their > representatives stated it on a recording? also, once said > recording has been made, it automatically becomes the > property of the recipient (to do with what they may). > However, L3 Communications does have a rather large "slick" > of lawyers. they could make life difficult. Like I said, IANAL. I think your last sentence asnwers the issue, though. > >> I've no idea whether they could make anything stick >> in a court room, IANAL, but they could cost you and >> whoever/whatever company, that carries it, plenty of >> defense money. Many places with reputations and people >> like L3 have will do things like that in order to make >> points and get some PR out of it about how "unfair" people >> are to them. > > that would be their purpose, to make life hard. even if > they can't win in court, they can create a situation > whereby you would cease your activities out of attrition. > >> They've been around way too long to be called clueless: >> Actually they must be well clued in, and know pretty much >> exactly what they're doing. I'd be very careful. > > management changes. what may have been "the old pros" years > ago is now clueless (due to changes in corporate > leadership). think of a corporation as a person who suffers > from MPS (Multiple Personality Syndrome) and you'll have it > almost dead on. No, I don't think that's completely accurate ... they do in fact know exactly what they're doing and are doing things intentionally. Any new management knows their past, their present, and are working hard to figure out exactly what/how much they can afford to push. It's all in the interpretation, and they know that. Don't forget, they already have a sort of "installed base", if you will, looking up to them for support. Regards, Pop From nobody at devnull.spamcop.net Sun Jun 4 13:25:52 2006 From: nobody at devnull.spamcop.net (POP) Date: Sun Jun 4 12:30:03 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: anon wrote: > "Technomage Hawke" wrote in > message news:6684857.b2JXtBYTJW@rawgames.org... >> POP wrote: >> >>> Your http://www.filelodge.com... link seems to be dead; >>> taken down already? Or banned? Too bad; I actually >>> wanted to listen to it. >>> >>> Just a word of caution, FWIW: You could be in a pretty >>> gray area of the law w/r to placing a message you >>> recorded onto an answering machine into public spaces. A >>> place like L3 wouldn't be afraid to start screaming libel >>> and threaten all kinds of cartooney stuff. >> >> a question here: is it really libel when one of their >> representatives stated >> it on a recording? also, once said recording has been >> made, it automatically becomes the property of the >> recipient (to do with what they may). However, L3 >> Communications does have a rather large "slick" of >> lawyers. they could make life difficult. > > IMNAL But if I recall correctly, only a few states allow > 'legal' recordings to be made with only ONE person's > permission - most states require the permission of both > parties (and that permission is stated at the beginning of > the tape.) Did L3 person actually give you permission to > tape the conversation? If so then you are probably ok with > the tape. > If no permissions is stated on the tape, then the > intermittent beep must be audible during the taping. > > Bottom line - maybe you should find a lawyer who can tell > you whether you are skating on thin ice or not by even > possessing that tape. > -- > A SpamCop user and forum reader, > Not Admin > You have it mixed up: Both parties knew there was a recording going on because it was an answering machine; you didn't read closely enough. But that's irrelevant anyhway; the issue isn't whether/how there was a recording; it's the display of that recording here that might/could be an issue. What you're referring to is directed to the how of the recording and that was perfectly legal in any state. It's the presentation the tape that's at issue whcih is an entirely different area. Pop From MikeE at ster.invalid Sun Jun 4 10:42:35 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 12:45:02 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: POP wrote: > it's the display of that > recording here that might/could be an issue. IANAL either, but I don't think we are talking about any legal issues here, depending, see below.. Pushing aside the fact that I don't 'agree with' the sequence Jamie tel abuse desk > supervisor > ans mach msg and just isolating the msg here which sez Mario called my machine and said this this and this vs Mario called my machine and said this this and this vs Mario called my machine and said Are we arguing about if there is any potential legal tort for example 1, 2, or 3? -- Mike Easter kibitzer, not SC admin From usenet.200606.david.topping at gnuemail.com Sun Jun 4 18:57:44 2006 From: usenet.200606.david.topping at gnuemail.com (David Topping) Date: Sun Jun 4 13:00:03 2006 Subject: [SpamCop-List] Quick reporting set on, not working Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My spamcop account, dave.toppingspamcop.net, has quick reporting turned ON. However, for the last two days, all quick reports sent to the quick reporting email address are being 'held' and treated as regular spam complaints, IE - I am having to complete the report process manually each time. - -- David Topping david.toppinggnuemail.com PGP Key: 0xB171F108 GnuPG Key: 0xC1550505 Available from: http://www.gnuemail.com/david.topping/ - --- -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ Comment: KeyID: 0xB171F108 Comment: Fingerprint: 82F1 30F1 A361 940E EE42 B12F D0E3 6DA7 B171 F108 iQA/AwUBRIMRANDjbaexcfEIEQIntwCeKMrQONIg2KRNQiAxZ77esMtSloQAoNEr N/EigVrCfUCMTNFxbQW+CqFI =VjOo -----END PGP SIGNATURE----- From ben.de+SCnews at spamcop.net Sun Jun 4 14:13:30 2006 From: ben.de+SCnews at spamcop.net (Ben) Date: Sun Jun 4 16:15:08 2006 Subject: [SpamCop-List] OCR enabled spam filters are going to be needed. Message-ID: Due to certian trends in spam. OCR enabled spam filters are going to be needed. With the rise of spam that is *only* an image like a .gif or .jpg becoming more and more common; I foresee that a new filter (plug-in or system) will have to be added to our current stack of filters. Lately, I have seen a significant rise of spam that contains little more than a picture, or screen shot. Many of those in the latest batch are of the stock pump and dump scam ilk. Some of those are also pills or pirated software. Overview: What is being received? A picture of a text only message with little or no text. What is perceived? The filters, either being REx, Bayes, or Bool don?t see any textual content to filter. Just the images. What is required? An OCR scan of images that is included in email (depending on other rules.) The OCR resultant text output is then sent to the contextual filters for tag or bag. Problem: Considering the amount of computing time required to OCR a large number of images this may not be directly possible. What is a viable workaround? The image is checked and compared for a hash, if there is no hash on record, then the image is scanned, filtered and a hash is added. From vxpy7do02 at sneakemail.com Sun Jun 4 14:15:32 2006 From: vxpy7do02 at sneakemail.com (anon) Date: Sun Jun 4 16:20:03 2006 Subject: [SpamCop-List] Re: Quick reporting set on, not working References: Message-ID: "David Topping" wrote in message news:e5v3e9$o8u$1@news.spamcop.net... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My spamcop account, dave.toppingspamcop.net, has quick reporting > turned > ON. > > However, for the last two days, all quick reports sent to the quick > reporting email address are being 'held' and treated as regular spam > complaints, IE - I am having to complete the report process manually each > time. > - -- My quick reporting has been continuously working fine since prior to 6-1-06 and just received a quick response a few minutes ago for a submittal of 15 min prior to the response. -- A SpamCop user and forum reader, Not Admin From nobody at devnull.spamcop.net Sun Jun 4 16:27:05 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 4 16:30:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: "Ben" wrote in message news:e5veno$v32$1@news.spamcop.net... > Due to certian trends in spam. OCR enabled spam filters are going to be needed. > > With the rise of spam that is *only* an image like a .gif or .jpg becoming more and more common; I foresee that a new filter (plug-in or system) will have to be added to our current stack of filters. It's not like this is a "new" idea ... using the Google search tool at the top of a Forum page, similar tool found under the Help button at www.spamcop.net ... I just tossed in "OCR +spam" and pointed to the newsgroup archives .... http://www.google.com/custom?cof=S%3Ahttp%3A%2F%2Fwww.spamcop.net%2F%3BAH%3Acenter%3BLH%3A38%3BL%3Ahttp%3A%2F%2Fwww.spamcop.net%2Fimages%2Fnewlogo.jpg%3BLW%3A395%3BAWFID%3A064dbe0670065b7d%3B&sa=Search+for+--%3E&q=OCR+%2Bspam&domains=news.spamcop.net%3B+www.spamcop.net%3B+forum.spamcop.net&sitesearch=news.spamcop.net From nospam at nospam.org Mon Jun 5 02:48:26 2006 From: nospam at nospam.org (Ejo) Date: Sun Jun 4 19:50:03 2006 Subject: [SpamCop-List] Is this right? Message-ID: http://www.spamcop.net/sc?id=z963506067zdad8f02120e7ae508911cb8067bf73f0z Shouldn't the quick report point to 212.216.176.222 rather than 86.62.6.162? Why is a X-Originating-IP preferred in this case? Ejo From MikeE at ster.invalid Sun Jun 4 17:53:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 19:55:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Ben wrote: > Due to certian trends in spam. OCR enabled spam filters are going to > be needed. Here are two examples of why I don't think the OCR idea is worth persuing for purposes of spam reporting. Example 1 http://www.spamcop.net/sc?id=z963503439z5ebae378edb38b2de68241d02c701c44z A pharm spam which advertises with a .jpg graphic in html so that you can click the graphic to access the html spamvertised site. SC finds the only things worth finding, the spamvertised site and the source. I would not predict the graphic to be OCRable. Example 2 http://www.spamcop.net/sc?id=z963515048zebc471533c7c64ccb207efa927050597z A stock spam which advertises with a .gif graphic in html. There is no clickable link and no spamvertised site. SC finds the only thing worth finding, the source. I am very doubtful the graphic to be OCR-able, and even if it were, it would be a waste of resources to 'automate' spamreading. If anyone wants I'll post the two graphics as attachments in .spam to facilitate seeing them for discussion. They aren't very big. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 18:01:23 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 20:05:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Mike Easter wrote: > Ben wrote: >> Due to certian trends in spam. OCR enabled spam filters are going to >> be needed. > > Here are two examples of why I don't think the OCR idea is worth > persuing for purposes of spam reporting. > If anyone wants I'll post the two graphics as attachments in .spam to > facilitate seeing them for discussion. They aren't very big. Done: news://news.spamcop.net/e5vs4u$6lv$1@news.spamcop.ne -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 18:28:37 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 20:30:03 2006 Subject: [SpamCop-List] Re: Is this right? References: Message-ID: Ejo wrote: www.spamcop.net/sc?id=z963506067zdad8f02120e7ae508911cb8067bf73f0z > > Shouldn't the quick report point to 212.216.176.222 rather than > 86.62.6.162? Yes, I think so -- even if the algorithm tuner believes s/he is familiar with the .it server's lines. It is a very fault ridden process to perform the way it is. > Why is a X-Originating-IP preferred in this case? There cannot possibly be a good enough reason to do it. If the .it parser is going to relay promiscuously and not stamp its lines properly - which would be the assumption of the parser programmer - that parse is a very bad result. It fails to name the server, which otherwise would be on its way to getting itself blocklisted, and instead it names an IP which might very well be a totally bogus line. That parse result is a severe deviation from healthy parsing. Someone is doing some strange messing around with the parsing and whoever they are - they are doing a bad job. As far as I'm concerned, this is strike 3 in not very many days and the current parser tuner should be taken off the job until further training is done.. Whoever they are, since their presence hasn't been officially announced -- we should accuse Julian Haight of being a bad parser configurer until someone else steps forward and takes credit for messing around with it. Abbreviated Received tracelines *comment from dutlru2.lr.tudelft.nl [130.161.164.58] by mailgate.cesmail.net from (mailservice.tudelft.nl [130.161.131.5]) by dutlru2.lr.tudelft.nl from (localhost [127.0.0.1]) by rav.antivirus from (vsmtp2.tin.it [212.216.176.222]) by mx1.tudelft.nl *output sever from pswm3.cp.tin.it (192.168.70.17) by vsmtp2.tin.it *badline, ignored Message-ID: <10ba____________________ams2@virgilio.it> X-Originating-IP: 86.62.6.162 That particular IP is .ae - Arab Emirates. Here's another spam example from sightings http://snipurl.com/ which is similarly configured and only shows the output server and similarly has a promiscuous X-O-IP of 80.56.142.22 rDNS f142022.upc-f.chello.nl The business of ever using an XOIP line should be done very very cautiously and for good reason. The only possible reason there could be for configuring the parser in this way would be to protect the .it server from being listed. That is not a good enough reason. The current philosophy allows many servers to become listed for a lot less reason than being spamsources. That .it server IP is listed in all kinds of spam db/s. The configurer of the parser should untrust it as a server, and the configurer should also remove all XOIP source naming processes until they have been vetted by someone familiar with header parsing. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 18:31:48 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 20:35:03 2006 Subject: [SpamCop-List] Re: Is this right? Message-ID: Mike Easter wrote: > If the .it > parser is going to relay promiscuously and not stamp its lines > properly - That line should be saying, If the .it _server_ is going to relay promiscuously.... -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 18:36:29 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 20:40:02 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Oops. Mike Easter wrote: > If anyone wants I'll post the two graphics as attachments in .spam to > facilitate seeing them for discussion. They aren't very big. Improved link news://news.spamcop.net/e5vs4u$6lv$1@news.spamcop.net -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Sun Jun 4 20:36:55 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Sun Jun 4 20:40:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: "Mike Easter" wrote in message news:e5vs8c$6no$1@news.spamcop.net... > > > If anyone wants I'll post the two graphics as attachments in .spam to > > facilitate seeing them for discussion. They aren't very big. > > Done: news://news.spamcop.net/e5vs4u$6lv$1@news.spamcop.ne Yet, the Wiki that you say you think is a great plan sits and waits for input ... very strange ... From MikeE at ster.invalid Sun Jun 4 18:50:59 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 20:55:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: WazoO wrote: > "Mike Easter" >> Done: news://news.spamcop.net/e5vs4u$6lv$1@news.spamcop.ne > Yet, the Wiki that you say you think is a great plan sits and waits > for input ... very strange ... I don't know how we should characterize my 'statements' about anything 'over there' from forum to wiki -- but I'm pretty sure it isn't anything as simple as 'that's a great plan'. My original position, before there was a webforum, was that the newsgroups should be an important venue for support and 'conversation' related to support and other things. My secondary position was that the mail2news system was seriously flawed and should be eliminated, perhaps in favor of some kind of webforum -- and which webforum's purpose should include training the people who didn't know how to news to news instead of webforuming and that there shouldn't be an email2news interface. A person would have to choose between webforum until they knew how to news, or if they preferred to webforum to continue to do that instead of news. My other position was that the webfaq needed to be a lot more dynamic, perhaps in the form of some kind of wiki with limited access, such as is the current condition of the web 'devices' we are talking about now. My position was never that the webforum should be trying to replace the newsgroups or that the webforum should be a faq or even a wiki -- altho' something like that might do OK. Here is a recent experience of mine as a person seeking some help. My problem was with a bad grub/ubuntu 6 configuration. My sources of support, besides the huge amount of ubuntu documentation and ubuntu wiki, were a ubuntu forum and an ubuntu newsgroup. The ubuntu forum was *hugely* busy -- posts poring in continuously - and all kinds of admin people around there. The ubuntu newsgroup was 'weak' in terms of activity or posts per day. I posted both places. It was a helluva lot easier to post to the newsgroup. I never got any answers in the forum, but there was helpful conversation to me - even tho' it didn't solve my problem exactly, it was definitely helpful. So, my point about that is that I would rather get my help and give my help in newsgroups, not web forums. Much less try to work with 'constructing' or contributing something 'wiki-ish' myself. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 18:56:47 2006 From: MikeE at ster.invalid (Mike Easter) Date: Sun Jun 4 21:00:02 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Mike Easter wrote: > I posted both places. It was a helluva lot easier to post to the > newsgroup. I never got any answers in the forum, but there was > helpful conversation to me - even tho' it didn't solve my problem > exactly, it was definitely helpful. That was supposed to say that there was a helpful input to me in the /newsgroup/ -- which there wasn't in the forum. In fact, two different people posted useful information -- and I might have gotten more if I had remembered to put an email address in the Reply-To. Not only that, but when I was in the newsgroup, someone else asked a question that I knew the answer to, so I also posted something useful to someone else -- which I did *not* do anywhere in the forum while I was seeking help there. -- Mike Easter kibitzer, not SC admin From not at home.today Mon Jun 5 03:44:42 2006 From: not at home.today (Ant) Date: Mon Jun 5 04:45:08 2006 Subject: [SpamCop-List] Re: Is this right? References: Message-ID: "Mike Easter" wrote: > Ejo wrote: >> Why is a X-Originating-IP preferred in this case? > > There cannot possibly be a good enough reason to do it. If the .it > parser is going to relay promiscuously and not stamp its lines > properly - which would be the assumption of the parser programmer - that > parse is a very bad result. It fails to name the server, which > otherwise would be on its way to getting itself blocklisted, and instead > it names an IP which might very well be a totally bogus line. That > parse result is a severe deviation from healthy parsing. Do you remember the nanae discussion in February this year concerning the virgilio.it and tin.it mail servers? The XOIP line was considered reliable by yourself and others for those servers. However, ISTR the .it setup is some kind of free webmail system like Yahoo or Hotmail, and the XOIP is the user's PC (which not running an SMTP service). In other words, I'm thinking tin.it is not behaving as a relay and deserves to be listed. From nospam at nospam.org Mon Jun 5 04:50:31 2006 From: nospam at nospam.org (Ejo) Date: Mon Jun 5 04:45:10 2006 Subject: [SpamCop-List] Probably another parser error Message-ID: The tracking URL is: http://www.spamcop.net/sc?id=z963581158zd16fe05016108e4e8b891902f4ee77bdz The parser does find 213.140.6.116, but it fails to locate the http links within the message. According to me it should have found: http://i55.photobucket.com/albums/g146/kinzkinz/kinztrading_banner_01.png http://i55.photobucket.com/albums/g146/kinzkinz/NEW_OFFER__31666.gif http://i55.photobucket.com/albums/g146/kinzkinz/button133814on.gif and probably, but this depends on whether you think href's to mailto's should be reported: stock_eyewear_info@yahoo.com This is also link within the spam, and it says that the spammer is using that e-mail address to receive orders from anyone clicking this part in the html. If that is the case, yahoo should be informed that a spammer is active in their domain. You can verify that the parser reported: > Finding links in message body > Recurse multipart: > Parsing text part > Parsing HTML part > No html links found, trying text parse > no links found and this is simply not true. What is going on guys? From nospam at nospam.org Mon Jun 5 05:43:36 2006 From: nospam at nospam.org (Ejo) Date: Mon Jun 5 04:45:11 2006 Subject: [SpamCop-List] Yet another parser problem Message-ID: http://www.spamcop.net/sc?id=z963615666z8d745b8ddd03d0187bedcc87872cf56cz And the parser sez: > Resolving link obfuscation > http://hchata.ragepace.com/?kqwjktejscop > Host hchata.ragepace.com (checking ip) IP not found ; hchata.ragepace.com discarded as fake. which isn't true because: http://hchata.ragepace.com is known as IP 201.6.155.6 > Tracking link: http://hchata.ragepace.com/?kqwjktejscop > No recent reports, no history available > Cannot resolve http://hchata.ragepace.com/?kqwjktejscop the parser will never come to this point because it never detected the web site. A friendly word of advise: please check the parser, it doesn't seem to work as advertised. Abuse reports should have been sent to whoever takes them for domain virtua.com.br Ejo From MikeE at ster.invalid Sun Jun 4 20:59:39 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 04:45:12 2006 Subject: [SpamCop-List] Re: Probably another parser error References: Message-ID: Ejo wrote: > The tracking URL is: > www.spamcop.net/sc?id=z963581158zd16fe05016108e4e8b891902f4ee77bdz That is a spam with 3 graphics and an email payload. > The parser does find 213.140.6.116, but it fails to locate the http > links within the message. According to me it should have found: > > http://i55.photobucket.com/albums/g146/kinzkinz/kinztrading_banner_01.png > http://i55.photobucket.com/albums/g146/kinzkinz/NEW_OFFER__31666.gif > http://i55.photobucket.com/albums/g146/kinzkinz/button133814on.gif SC doesn't notify providers for spambody graphic links. > and probably, but this depends on whether you think href's to mailto's > should be reported: > > stock_eyewear_info@yahoo.com SC doesn't notify providers for email payloads or removes. Not for a very very long time. Nothing unusual here. >> Finding links in message body >> Recurse multipart: >> Parsing text part >> Parsing HTML part >> No html links found, trying text parse >> no links found > > and this is simply not true. What is going on guys? Since graphic links aren't counted, there are no 'real' link links. -- Mike Easter kibitzer, not SC admin From MikeE at ster.invalid Sun Jun 4 21:04:19 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 04:45:13 2006 Subject: [SpamCop-List] Re: Yet another parser problem References: Message-ID: Ejo wrote: www.spamcop.net/sc?id=z963615666z8d745b8ddd03d0187bedcc87872cf56cz > > And the parser sez: > >> Resolving link obfuscation >> http://hchata.ragepace.com/?kqwjktejscop >> Host hchata.ragepace.com (checking ip) IP not found ; >> hchata.ragepace.com discarded as fake. It is very common for the parser to fail to resolve a spamvertised link. Nothing unusual there either. > http://hchata.ragepace.com is known as IP 201.6.155.6 Correct, but it has very poor nameservice according to dnsstuff dns timing. grade F This is a 'normal' condition for SC -- nothing different or abnormal is going on here. -- Mike Easter kibitzer, not SC admin From nospam at nospam.org Mon Jun 5 06:09:47 2006 From: nospam at nospam.org (Ejo) Date: Mon Jun 5 04:45:14 2006 Subject: [SpamCop-List] Re: Is this right? In-Reply-To: References: Message-ID: Ant wrote: > "Mike Easter" wrote: > >> Ejo wrote: >>> Why is a X-Originating-IP preferred in this case? >> There cannot possibly be a good enough reason to do it. If the .it >> parser is going to relay promiscuously and not stamp its lines >> properly - which would be the assumption of the parser programmer - that >> parse is a very bad result. It fails to name the server, which >> otherwise would be on its way to getting itself blocklisted, and instead >> it names an IP which might very well be a totally bogus line. That >> parse result is a severe deviation from healthy parsing. > > Do you remember the nanae discussion in February this year concerning > the virgilio.it and tin.it mail servers? The XOIP line was considered > reliable by yourself and others for those servers. This theory is hereby shown to be false, so it must be changed. Probably the tin.it servers are badly configured, XOIP's that don't exist should directly raise a red flag at the server that receives the message, and apparently that doesn't happen at tin.it. In this way a spammer could avoid being listed, a spammer simply locates a hole in the tin.it domain and inserts a fake XOIP so that spamcop wouldn't list the correct IP. > However, ISTR the .it setup is some kind of free webmail system like > Yahoo or Hotmail, and the XOIP is the user's PC (which not running an > SMTP service). In other words, I'm thinking tin.it is not behaving as > a relay and deserves to be listed. see also news.admin.net-abuse.sightings, you'll find a lot of stuff from tin.it. It is a poorly operated domain and they don't seem to be responsive to complaints about spam. Ejo From MikeE at ster.invalid Sun Jun 4 21:14:41 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 04:45:15 2006 Subject: [SpamCop-List] Re: Is this right? References: Message-ID: Ant wrote: > "Mike Easter" wrote: > >> Ejo wrote: >>> Why is a X-Originating-IP preferred in this case? >> >> There cannot possibly be a good enough reason to do it. If the .it >> parser is going to relay promiscuously and not stamp its lines >> properly - which would be the assumption of the parser programmer - >> that parse is a very bad result. It fails to name the server, which >> otherwise would be on its way to getting itself blocklisted, and >> instead it names an IP which might very well be a totally bogus >> line. That parse result is a severe deviation from healthy parsing. > > Do you remember the nanae discussion in February this year concerning > the virgilio.it and tin.it mail servers? The XOIP line was considered > reliable by yourself and others for those servers. I didn't like the 'practice' or configuration then, but it looked like it was giving a satisfactory result in spite of the 'insecurity' of the idea. Here is where that Feb thread starts: http://news.spamcop.net/pipermail/spamcop-list/2006-February/108866.html // [SpamCop-List] X-Originating-IP source Mike Easter Fri Feb 17 19:34:52 EST 2006 When did SC start naming X-Originating-IP which does not appear in the Received tracelines as source? http://www.spamcop.net/sc?id=z877256980zb09f068e8f60c3afad0b6a0f104c7601z // > However, ISTR the .it setup is some kind of free webmail system like > Yahoo or Hotmail, and the XOIP is the user's PC (which not running an > SMTP service). In other words, I'm thinking tin.it is not behaving as > a relay and deserves to be listed. Yes. It should be reported as source rather than called such a trusted server for which SC has chosen to name its XOIP line as source. -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Jun 5 02:39:40 2006 From: nobody at devnull.spamcop.net (WazoO) Date: Mon Jun 5 04:45:16 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: "Mike Easter" wrote in message news:e5vv5c$8d6$1@news.spamcop.net... > WazoO wrote: > > > Yet, the Wiki that you say you think is a great plan sits and waits > > for input ... very strange ... > > I don't know how we should characterize my 'statements' about anything > 'over there' from forum to wiki -- but I'm pretty sure it isn't anything > as simple as 'that's a great plan'. >From the view of a FAQ .... question asked .. data provided with a clue > person would have to choose between webforum until they knew how to > news, or if they preferred to webforum to continue to do that instead of > news. Yes, yes, yes, been down that road way too many times already > My other position was that the webfaq needed to be a lot more dynamic, > perhaps in the form of some kind of wiki with limited access, such as is > the current condition of the web 'devices' we are talking about now. My > position was never that the webforum should be trying to replace the > newsgroups or that the webforum should be a faq or even a wiki -- altho' > something like that might do OK. And I can't quite figure out where you are coming from on most of that. The Forum is "the Forum" end of the part of the discussion. The FAQ is the issue ..... The Official / Original has been bitched about for years ... I did a Saturday morning hack and put together the single-page monster, that still carries the opening remarks that it was never meant to be anything but an alternative for those that couldn't seem to wade around and find what they needed in the "Official" FAQ. .. to be replace when "something better" came along .... As far as being dynamic .. well, that fits, as it's been updated and added to (and reorganized) ever since .... As far as those other attempts at "something better" .... back to JT offering to buy some additional software for "something better" ... that got squat for a response .... I've installed and tried out a passle of FAQ tools, most didn't survive my initial impressions .... a few were left in place, some invitations to beat on them went out, and .....basically, a lot of nothing .....here's one I thought I'd deleted a long time ago, but saw it was still installed while I was doing something else on that server ... a real piece oif crap ... http://forum.spamcop.net/kbase/ Sometime after that, I tossed up http://forum.spamcop.net/scfaq/ and as you see, not a lot of help offered on that tool .... Then I added in a modification to the Forum app that added a FAQ function within the Forum ...I came pretty much to a hal on that while getting wrapped around the spokes in trying to get the "Official" FAQ contents changed, updated, fixed, whatever .....unfortunately, that autho has not made the attempt at updating that bynch of code to run under the current Forum code version, and due to some recent very significant hacking activity, I had to upgrade the Forum app .... I tossed up the Wiki, have spent a couple of months modifying the heck out that code .. on 29 May, I was one of three folks asked to volunteer to test the Alpha of the next release ... installed that day, made a post that would have been seen by approximatly 40 people ... of the 5 that logged in, no one but myself and one other have actually "done anything" to work on that Alpha .... I just installed the Beta, and posted where approximatly 100 people should see it, yet I don't have any high hopes that there's going to be a flood of folks "helping" in the testing of the Beta version .... The fact that all these tools have the word "forum" in the URL is because that's the server I have access to .... not everything there is "the Forum" I started the "SpamCop Glossary" as a post in "the Forum" ... but have since added in a "Dictionary" as an alternate view .. seen at; http://forum.spamcop.net/dict/ As stated in yet another thread here, I'm just beyond tired of the Forum versus the newsgroup crap ... the issue has always been trying to come up with an alternative to the only thing provided "officially" .. which again, continues to be complained about ... dead, out of date, hard to navigate for some, incomplete, yada, yada, yada ... Bottom line, if one believes the implied $$$$ that IronPort handed over, one would think that there'd be someone available to do some of this same stuff from the "Official" side of the house ....???? All that's known to have been seen was one girl assigned an additional task a long time back to "update" the FAQ .. and that basically ended up being making a number of entries more "corporate speak" rather than some of Julian's commentary ... > I posted both places. It was a helluva lot easier to post to the > newsgroup. I never got any answers in the forum, but there was helpful > conversation to me - even tho' it didn't solve my problem exactly, it > was definitely helpful. If you're trying to convince me of something, I have no idea what it might be .... I've said before that when JT was asking for volunteers to help out in the First and second Forum app he threw up, I wasn't one ... I had no plans on spending much time there. But the issue was that no one was answering the folks posting there .... So I took it upon myself to try to help those folks out. One thing led to another, .... I've tried to handle even "your" complaints .... www.spamcop.net "Help" and the newsgroups listings for instance ... the links may not be there, but I added them to the Forum link sets, both the Archives and the server ... I tossed up one of your descriptions and analysis of a DNSReport result page so that you wouldn't have to explain all that again ... on and on ....but to me, that's the whole point .. provide that data once, write it up well, and then point to it as the demonstration from then on .... the folks that don't know how to search, where to search, or are just too lazy to search ... geeze, they're legion ... I guess unlike you, I got tired of the "answering the 'same' question for the hundredth time in a day" years ago ..... > So, my point about that is that I would rather get my help and give my > help in newsgroups, not web forums. Much less try to work with > 'constructing' or contributing something 'wiki-ish' myself. And again, my focus is not on "the Forum" .... it's the FAQ and data that folks can't seem to find on their own. From dws at dealing-with-spam.info Mon Jun 5 11:40:57 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon Jun 5 04:45:17 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: Message-ID: Ant wrote on Sun, 4 Jun 2006 14:54:14 +0100: >>> Jamie posted this same article in NANAE, where he is (in)famous for >>> his LARTs and other shenanigans. See http://www.chickenboner.com/ >> >> Couldn't believe he showed up here - 1st killfile for the SC group... > > He's been here a few times before. > > This is all to do with his current campaign against Geoff Brozny of > Glorb Internet Services for hosting jamiebaillie.com, and who gets his > connectivity from Level3. He's currently trying to make it look like > Brozny is spamming him. And in order to do so it looks for all the world like he is spamming *himself* through open proxies. From dws at dealing-with-spam.info Mon Jun 5 11:44:38 2006 From: dws at dealing-with-spam.info (D-W-S) Date: Mon Jun 5 04:45:18 2006 Subject: [SpamCop-List] Re: Average reporting time References: <1hgeyeh.9ay5cmvem069N%asterix@no_where.net> Message-ID: Asterix wrote on Sun, 4 Jun 2006 15:23:28 +0200: > Why not (at least as a configurable option in preferences) offer to > display the average reporting time for the last 3 or 12 months? > That would feel a little more up-to-date. Alternatively, you could just ignore it because it is wholly inaccurate. Most of my spam is reported within *seconds* of it arriving - it hits spamtraps of mine and gets forwarded automatically to NANAS and to my "quick" submit address at SpamCop. And yet my average reporting time is (and has been for a looooong time) 2 hours. From nobody at devnull.spamcop.net Mon Jun 5 10:45:24 2006 From: nobody at devnull.spamcop.net (POP) Date: Mon Jun 5 09:50:02 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: Mike Easter wrote: > POP wrote: > >> it's the display of that >> recording here that might/could be an issue. > > IANAL either, but I don't think we are talking about any > legal issues here, depending, see below.. > > Pushing aside the fact that I don't 'agree with' the > sequence Jamie tel abuse desk > supervisor > ans mach msg > > and just isolating the msg here which sez > > > Mario called my machine and said this this and this > > vs > > Mario called my machine and said this this and this > the existence of the below> > > vs > > Mario called my machine and said > > > Are we arguing about if there is any potential legal tort > for example 1, 2, or 3? > Well, I don't know about others, but I don't feel I'm arguing anything specific. I simply wanted to mention that I thought it could be a bad situation if a company were to take issue with one having made public some (perceived) damaging information public. I think it's an interesting question to pose, but I've petered out of any further reasonable interpretations. Regards, Pop From kenbrody at spamcop.net Mon Jun 5 10:51:41 2006 From: kenbrody at spamcop.net (Kenneth Brody) Date: Mon Jun 5 10:00:03 2006 Subject: [SpamCop-List] Won't get much traffic this way... Message-ID: <448436ED.A72D94C4@spamcop.net> We've all seen the newbie spammer wannabes that can't configure their spamware, and you get subjects with things like "%RAND_SUBJECT". Well this weekend, one arrived with not only such junk in the subject and the plain-text part, but with the following in the HTML body: I hope they don't expect much traffic. -- +-------------------------+--------------------+-----------------------------+ | Kenneth J. Brody | www.hvcomputer.com | | | kenbrody/at\spamcop.net | www.fptech.com | #include | +-------------------------+--------------------+-----------------------------+ Don't e-mail me at: From Michael.Fratini at nbtbci.com Mon Jun 5 11:20:20 2006 From: Michael.Fratini at nbtbci.com (Michael Fratini) Date: Mon Jun 5 10:25:03 2006 Subject: [SpamCop-List] Test if RBL Blocking is working Message-ID: What is a good way to test the spamcop rbl to see if it's working or not? Thanks! From MikeE at ster.invalid Mon Jun 5 09:28:30 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 11:30:02 2006 Subject: [SpamCop-List] Re: Test if RBL Blocking is working References: Message-ID: Michael Fratini wrote: > What is a good way to test the spamcop rbl to see if it's working or > not? Depending upon what you mean, if you mean 'How do I query the SCbl to see what would happen if I queried it for an IP which was positive?' then the answer is to put the positive response 127.0.0.2 into the correct 4.3.2.1.bl.spamcop.net configuration and do the dns dns 2.0.0.127.bl.spamcop.net Addresses: 127.0.0.2 For some systems the command might be nslookup. If you use that query syntax for an IP which is listed, you get the 127.0.0.2 response; if unlisted you get no result. There is some scanty information here http://www.spamcop.net/fom-serve/cache/351.html Your bancorp ip 12.33.64.101 isn't listed. On my system that looks like this dns 101.64.33.12.bl.spamcop.net No DNS for this address (host doesn't exist) A spam I got while typing this which was tagged by my spamfilter as being spamcop blocklisted was sourced from 217.91.127.253 dns 253.127.91.217.bl.spamcop.net Canonical name: 253.127.91.217.bl.spamcop.net Addresses: 127.0.0.2 -- Mike Easter kibitzer, not SC admin From nobody at devnull.spamcop.net Mon Jun 5 09:30:06 2006 From: nobody at devnull.spamcop.net (G|_|Y |\/|AC0|\|) Date: Mon Jun 5 11:35:02 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Ben wrote... > Due to certian trends in spam. OCR enabled spam filters are going to be > needed. > > With the rise of spam that is *only* an image like a .gif or .jpg becoming > more and more common; I foresee that a new filter (plug-in or system) will > have to be added to our current stack of filters. ... > What is required? An OCR scan of images that is included in email > (depending on other rules.) The OCR resultant text output is then sent to > the contextual filters for tag or bag. Just reject anything with any images in it. If any of your legitimate mail is from users who haven't tumbled on to the fact that email is supposed to be text, never getting a reply might provide a much-needed clue. At the very least, reject all 100%-image email. No legitimate email is 100% image. From MikeE at ster.invalid Mon Jun 5 10:44:34 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 12:45:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Posted to spamcop and .spam; f/ups to spamcop. spamcop is for discussion where we are discussing this topic; .spam is only for posting 'junk' - not discussing. Chris Wright wrote: > Mike Easter wrote: >>> If anyone wants I'll post the two graphics as attachments in .spam >>> to facilitate seeing them for discussion. They aren't very big. >> >> Example 1 >> >> Example 2 > Mike, > > Might sound like a daft question, but what would be the point of using > OCR on this type of SPAM? None, that's the point I'm making here. > (Maybe I am in the middle of a dumb moment, don't mean to be > contentious). (I see what you would use OCR to extract, it is the > benefit of doing > such I not seeing). > > 9/10 its only the sender of the SPAM that we can go after. > Most SPAM references legitimate sites (and I mean that very loosely) > that claim to know nothing about the sender of the SPAM, nor do they > ever claim to endorse them (like I believe that..ever) > Occasionally, a 'pictospam' will reference a temporary hosted spam > site, and action could be taken against them I suppose. > > But whereas I can see the reason for going after those that sent the > message, the effort involved in extracting any useful information from > within graphical attachments doesn't hit me as worth it.. It wouldn't > take too long for them to catch on and adjust the image enough to > confuse even the best of OCR out there but still leave it readable > enough for the average reader. > > What am I missing? The OP of the thread in spamcop thought these kinds of graphics should be OCRed for purposes of some antispam mission or another. I'm arguing against investing huge amounts of resources unsuccessfully for no good purpose. -- Mike Easter kibitzer, not SC admin From tmcgraw at spamcop.net Mon Jun 5 10:46:31 2006 From: tmcgraw at spamcop.net (Tim McGraw) Date: Mon Jun 5 12:50:03 2006 Subject: [SpamCop-List] Re: Level3 says we are not responsible for spam on the internet In-Reply-To: References: <6684857.b2JXtBYTJW@rawgames.org> Message-ID: anon wrote: > > IMNAL But if I recall correctly, only a few states allow 'legal' > recordings to be made with only ONE person's permission - most states > require the permission of both parties (and that permission is stated at > the beginning of the tape.) Most states require only one party's permission: http://www.callcorder.com/phone-recording-law-america.htm#State%20Laws%20(Table) From porpoise1954 at yahoo.co.uk Mon Jun 5 18:58:04 2006 From: porpoise1954 at yahoo.co.uk (Porpoise) Date: Mon Jun 5 13:00:02 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: "G|_|Y |\/|AC0|\|" wrote in message news:e61ilu$qg2$1@news.spamcop.net... > > At the very least, reject all 100%-image email. No legitimate email is > 100% image. Unless, of course, it's pictures of aunt Bessie's newly born puppies........ ;-) From kopfj at worldnet.att.net Mon Jun 5 11:47:20 2006 From: kopfj at worldnet.att.net (John O. Kopf) Date: Mon Jun 5 13:50:03 2006 Subject: [SpamCop-List] Re: ISP keeps SpamCop from working... References: <447F273A.2A01D7B9@worldnet.att.net> <4480C5CD.2FE47F83@worldnet.att.net> Message-ID: <44846E28.50E5B889@worldnet.att.net> That worked; a better way than to have to use Microsoft's Internet Explorer!!! :>} John Kopf Don Wannit wrote: > > John O. Kopf wrote: > > And, curiously, SpamCop works FINE using Microsoft's Internet Explorer > > (which doesn't support focusing on a single frame!!!! > > > > Guess I'll be using Explorer to access SpamCop in the future. > > Since the unwanted behavior is implemented using Javascript, > you might also try using SpamCop with Javascript disabled. > It's kind of tedious to turn it on and off, though -- as far > as I know, FireFox does not have a way to enable Javascript > for some sites and not for others. > > That kind of thing would be handy, and FF as well as other > browsers already have per-site permissions/restrictions > vis. cookies and forms. Maybe eventually it will be possible > to click on a widget to specify that Javascript is to be > disabled on all web pages from the current web site. I > guess it's time to trundle off to another browser window > and see if that's already in the works, and submit it as > a feature request if it's not. > > -- > Don Wannit > A paid SpamCop user since 1999 From chris.a.wright at gmail.com Mon Jun 5 20:07:01 2006 From: chris.a.wright at gmail.com (Chris Wright) Date: Mon Jun 5 14:10:03 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. In-Reply-To: References: Message-ID: Porpoise wrote: > > "G|_|Y |\/|AC0|\|" wrote in message > news:e61ilu$qg2$1@news.spamcop.net... > >> >> At the very least, reject all 100%-image email. No legitimate email is >> 100% image. > > Unless, of course, it's pictures of aunt Bessie's newly born > puppies........ ;-) with a message from Aunt Bessie saying "here are my puppies..." rather than just a subject and attachment. Actually, with body text like that, my filters would probably throw that as well. From asterix at no_where.net Mon Jun 5 21:31:50 2006 From: asterix at no_where.net (Asterix) Date: Mon Jun 5 14:35:03 2006 Subject: [SpamCop-List] http://kisscom.com.tw/ busted ? Message-ID: <1hgh7nd.unzuhx183i9uN%asterix@no_where.net> Or will they be back tomorrow ? -- I recommend Macs to my friends, and Windows machines to those whom I don't mind billing by the hour From MikeE at ster.invalid Mon Jun 5 12:34:53 2006 From: MikeE at ster.invalid (Mike Easter) Date: Mon Jun 5 14:35:05 2006 Subject: [SpamCop-List] Re: OCR enabled spam filters are going to be needed. References: Message-ID: Chris Wright wrote: > with a message from Aunt Bessie saying "here are my puppies..." > rather than just a subject and attachment. If Aunt Bessie were adept with her graphix ware, she would/could say 'here are my puppies' by annotating the graphic when she was cropping, resizing, and color and gamma adjusting ;-) No text in the email body necessary. -- Mike Easter kibitzer, not SC admin